How to retrieve any value like email id, name from email sent by php mailer in a php page?

Question

I send email using php mailer successfully to reset password. In the content of the email I provide with a link to click on to reset password. That link will actually take to reset_password.php page in my server. I also want to pass email id only for now, in the link so that can be retrieved by reset_password.php page..

<?php
session_start();
$email2=$_SESSION['emailto'];
?>
 <p>Click on the following link to reset your password.<a href="http://sample-site.com/reset_password.php?email=<?php echo $email2;?>">Login</a>.</p>

The above line resides in reset_password.php page and I include it like below in the page that I send email:

$mail->msgHTML(file_get_contents('email-content.php'), dirname(__FILE__));

How do I get the valie of variable $email2 value reflected in the link sent through the email, please?

Can $mail->msgHTMLcontain php variables?

I tried something like this, but doesn't help.

$mail -> msgHTML(str_replace($email3, $email2, file_get_contents('email-content.php')), dirname(__FILE__));

AND HTML

<p>Click on the following link to reset your password.<a href="http://localhost/reset_password.php?email=<?php echo $email3;?>">Reset Password</a>.</p>

This si what I see in the browser URL when the link is clicked.

http://sample-site.com/reset_password.php?email=%3C?php%20echo%20$email3;?%3E

Answer 1

file_get_contents() is the raw file reading so the php tag won't execute. what you should do is change your email-content.php to

<p>Click on the following link to reset your password.<a href="http://localhost/reset_password.php?email={EMAIL}">Reset Password</a>.</p>

then change the mailer to

$mail -> msgHTML(str_replace('{EMAIL}', $email2, file_get_contents('email-content.php')), dirname(__FILE__));

===============================================

you better to add some validation as well for authorization ie.

<p>Click on the following link to reset your password.<a href="http://localhost/reset_password.php?email={EMAIL}&token={TOKEN}">Reset Password</a>.</p>

and in mailer

$mail -> msgHTML(str_replace(
    array('{EMAIL}','{TOKEN}'), 
    array($email2,md5($email2.'salt')), 
    file_get_contents('email-content.php')), dirname(__FILE__));

the validate in reset_password.php

if($_GET['token']!=md5($_GET['email'].'salt'))exit('Token invalid');

Answer 2

$mail ->msgHTML actually passes PHP variables as string. Therefore must use str_replace to pass the PHP variable to reflect on the link like this.

$mail ->msgHTML(str_replace('[email_here]', $email2, file_get_contents('email-content.php')), dirname(__FILE__));

And in the HTML page,

<p>Click on the following link to reset your password.<a href="http://localhost/reset_password.php?email=[email_here]">Reset Password</a>.</p>

It works!

Answer 3

Instead of passing email in url, You should use token (a random unique token for each forgot password request).

For that you need to create an addition field in your user's table named token and whenever a user does forgot password, create a token and update that user row with the generated token.

and You can simply pass that token in url, like below: http://sample-site.com/reset_password.php?token=yourtoken

when user come to target page by clicking this url, you can get token like $_GET['token'], and you query your Users table to check the token is valid or not, and do the respective task as needed.

Note: Make sure to sanatize $_GET['token'] or use prepared statement.

However, if you like to get email from url, you can get it like, $_GET['email']