I'm currently using tokens and a bit of code that expires $expires = date("U") + 1800; So roughly 30 mins after the user requests the link. The PHP send function gets an email to any address in my domain in a few seconds, however, any other domains, such as a Gmail account, can take up to 40 mins or so. Is there a way to increase the priority of the reset link email in my PHP script? Or do I have to simply increase the token expiration and lower my security slightly?
Thank you!
I've tried changing the $from and $header info with no positive results. I've also done a ton of googling and searching on overstack. I'm mostly finding info on how to set up a basic send function, which I've already got.
...
$expires = date("U") + 1800;
require 'config.php';
$userEmail = $_POST["email"];
$sql = "DELETE FROM pwdReset WHERE pwdResetEmail=?";
$stmt = mysqli_stmt_init($link);
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "There was an error!";
exit();
} else {
mysqli_stmt_bind_param($stmt, "s", $userEmail);
mysqli_stmt_execute($stmt);
}
$sql = "INSERT INTO pwdReset (pwdResetEmail, pwdResetSelector, pwdResetToken, pwdResetExpires) VALUES (?, ?, ?, ?)";
$stmt = mysqli_stmt_init($link);
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "There was an error!";
exit();
} else {
$hashedToken = password_hash($token, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "ssss", $userEmail, $selector, $hashedToken, $expires);
mysqli_stmt_execute($stmt);
}
mysqli_stmt_close($stmt);
mysqli_close($link);
$to = $userEmail;
// Subject
$subject = 'Reset your mydomainhere password';
// Message
$message = 'We recieved a password reset request for your account. If you did not make this request, please disregard this email. Your password reset link is:';
$message .= '<a href="' . $url . '">' . $url . '</a></p>';
// Headers
$headers = "From: The mydomainhere Team <[email protected]>\r\n";
$headers .= "Reply-To: [email protected]\r\n";
$headers .= "Content-type: text/html\r\n";
// Send e-mail
mail($to, $subject, $message, $headers);
header("Location: https://www.mydomainhere.org/login/forgotPass.php?reset=success");
} else {
header("Location: https://www.mydomainhere.org/login/forgotPass.php?reset=error");
exit();
}
The PHP mail function is working, it's just taking longer than expected to send. I'm hoping to add some kind of urgent tag to the message so outside servers will accept it faster.
Can I add an urgent status to PHP mail send function so the password reset is not expired when the user receives it?
No, there is no "expedited delivery" for emails. The "Urgency" header exists, but has no effect on delivery. (Its only effect is to display a flag on the message in some clients.)
If it's taking "up to 40 mins or so" for some of your messages to be delivered to GMail, something is wrong with your mail servers, and that needs to be addressed. This isn't a problem with your code.