The password reconfiguration link cannot be clickable in the user’s email

Question

The password reconfiguration link cannot be clickable in the user’s email

Asked 4 years, 9 months ago

Viewed 37 times

-1

Problem: email sent to reset password, arrives with NOT CLICKABLE link. I believe there is something wrong in the URL variable.

<?php
if (isset($_POST['reset-request-submit'])) {

  $selector = bin2hex(random_bytes(8));
  $token = random_bytes(32);
  $url = "www.wonline.com.br/create-new-password.php?selector=" . $selector . "&validator=" . bin2hex($token);
  $expires = date("U") + 1800;
 
  $to = $userEmail;
  $subject = 'Redefina a sua senha';
  $message = '<p>Nós recebemos sua solicitação de Reconfigurar a senha. Use o link de reconfiguraçao abaixo. ';
  $message .= 'Se não foi você quem solicitou, ignore este email</p>';
  $message .= '<p>Aqui está o seu link de redefiniçao de senha:</p></br>';
  $message .= '<a href="' . $url . '">' . $url . '</a>';
  $headers = "From: <[email protected]>\r\n";
  $headers .= "Reply-To: [email protected]\r\n";
  $headers .= "Content-type: text/html\r\n";
  mail($to, $subject, $message, $headers);
  header("Location: ../reset-password.php?reset=success");
} else {
  header("Location: ../signup.php");
  exit();
}
?>

1 answer

Browser other questions tagged php

You are not signed in. Login or sign up in order to post.

by Guilherme Nascimento • **98,651** points · Answer 1 · 2020-02-07T16:55:16+00:00

If your message is actually coming in "HTML" it is likely that the email client will not accept the link without HTTP, because it thinks it is an attempt to redirect to something internal from the email client, then add the "HTTP" link protocol, something like:

$url = "http://www.quae.com.br/create-new-password.php?selector=" . $selector . "&validator=" . bin2hex($token);

Or (from that "OR" and not "E") then on the link directly:

$message .= '<a href="http://' . $url . '">' . $url . '</a>';

But there is no guarantee that it works because it depends on email client, gmail, outlook, Thunderbird, etc, if it is locked to links it will only depend on the person copy and paste then.