Bonjours, j’aurais aimer savoir si ce script est sécurisé selon vous (script d’envoi de mdp) :
$host="localhost"; // Host name
$username="xxxxx"; // Mysql username
$password="xxxx"; // Mysql password
$db_name="xxxxxx"; // Database name
//Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect to server");
mysql_select_db("$db_name")or die("cannot select DB");
// value sent from form
$email_to=$_POST['email_to'];
// table name
$tbl_name=_users;
// retrieve password from table where e-mail = $email_to(eeeeee@******.com)
$sql="SELECT password FROM $tbl_name WHERE email='$email_to'";
$result=mysql_query($sql);
// if found this e-mail address, row must be 1 row
// keep value in variable name "$count"
$count=mysql_num_rows($result);
// compare if $count =1 row
if($count==1){
$rows=mysql_fetch_array($result);
// keep password in $your_password
$your_password=$rows['user_password'];
// ---------------- SEND MAIL FORM ----------------
// send e-mail to ...
$to=$email_to;
// Your subject
$subject="Your password here";
// From
$header="from: zzzzz <serv@xxxxx.com>";
// Your message
$messages= "Your password for login to our website \r\n";
$messages.="Your password is $your_password \r\n";
$messages.="more message... \r\n";
// send email
$sentmail = mail($to,$subject,$messages,$header);
}
// else if $count not equal 1
else {
echo "Not found your email in our database";
}
// if your email succesfully sent
if($sentmail){
echo "Your Password Has Been Sent To Your Email Address.";
}
else {
echo "Cannot send password to your e-mail address";
}
