Once the password is successfully retrieved, we build the email message that we want to send to the user. Because we are going to use PHP’s mail() function, we need to define to whom the message is going, the subject of the email message, from whom it is coming and the body of the mail message:

$pass=$row['pw'];

$to="$emrn";

$from="From: admin@mysite.comrn";

$msg="Password:$passrn";

$msg .="Username:$namern";

$msg .="Please change your password as soon as you logonrn";

$subject="From Admin re:Your Login Passwordrn";

}

We also deal with what happens when the SQL query fails to match the given username to a name in the database:

}else{

print "Your username is either spelled incorrect or does not exist, please try again";

exit;

}

If everything has gone well and no errors were encountered, we send the message containing the password to the given email address:

//4. Send password to user

if(mail($to,$subject,$msg,$from)){

print "Your password has been sent to <b>$em</b>" ;

}else{

print "could not send email";

}

}

}

?>

The user enters the information that is used by the script in an HTML form. The form itself is contained in a table and has the following code:

<form name="form1" method="post" action="../forgotten.php">

Please fill in the following:

<br>

<table width="445" border="0">

<tr>

<td width="187"><div align="left">Username</div></td>

The first element takes the username:

<td width="242"><input name="name" type="text" size="40"></td>

</tr>

<tr>

The second element takes the email address:

<td><div align="left">Email <font color="#FF0000" size="2">(password will be sent to this email address)</font> </div> </td>

<td><input name="mail" type="text" size="40">

And finally, the hidden element with the name value of “key” is also present:

<input type="hidden" name="key" /></td>

</tr>

<tr>

<td> <input name="submit" type="submit"> </td>

<td></td>

</tr>

</table>

In the next article we will look at some of the most common attacks on databases.