1

我遇到了 PHP mail() 函数的一个主要问题。我有一个用户注册页面,它会生成一封电子邮件以验证他们的电子邮件地址。不幸的是,该功能向同一用户发送了 6 或 7 至 90 多封电子邮件。我不明白这是如何发生或为什么会发生的,即使在查看了其他人的帖子后也是如此。

有人可以帮我调试吗?

这是代码:

$first_name = mysql_real_escape_string($_POST['first_name']);
$last_name = mysql_real_escape_string($_POST['last_name']);
$email = mysql_real_escape_string($_POST['email']);
$username = strtoupper(mysql_real_escape_string($_POST['username']));
$password1 = mysql_real_escape_string($_POST['password1']);
$password2 = mysql_real_escape_string($_POST['password2']);
$termsofuse = mysql_real_escape_string($_POST['termsofuse']);
$status = mysql_real_escape_string($_POST['status']);
$approved = mysql_real_escape_string($_POST['approved']);
$acctype = mysql_real_escape_string($_POST['acctype']);
$industry = mysql_real_escape_string($_POST['industry']);
$newsletter = mysql_real_escape_string($_POST['newsletter']);
$contactname = mysql_real_escape_string($_POST['contactname']);
$contactnumber = mysql_real_escape_string($_POST['contactnumber']);

// Hashing of $password1
$password1 = sha256($password1);
$password2 = sha256($password2);

$hash = hash('sha256', $username);

// Check for existing username
$sql = "SELECT * FROM `members`";
$result2=mysql_query($sql);
while($row=mysql_fetch_array($result2)){
  $username2 = $row['username'];

  // If $username doesn't equal $username2 (meaning there isn't an existing username, and both passwords match, write to database
  if($username <> $username2 && $password1 === $password2){
    $sql = "INSERT INTO `members` (`id`, `first_name`, `last_name`, `email`, `username`, `password`, `termsofuse`, `status`, `approved`, `acctype`, `industry`, `newsletter`, `contactnumber`, `hash`, `since`) VALUES (NULL, '$first_name' , '$last_name' , '$email' , '$username' , '$password1' , '$termsofuse', 'Reg', '$approved', '$acctype', '$industry', '$newsletter', '$contactnumber', '$hash', NOW())";
    $result = mysql_query($sql) or die ("Can't insert".mysql_error());
    $to = $email; // Send email to user
    $subject = 'Signup Verification'; //Subject line in email
    $message = 'Welcome ' . $first_name . ','
    . "\r\n\r\n"
    . 'Thanks for signing up!'
    . "\r\n\r\n"
    . 'Your account has been created. To activate your account, click on the link below to get started!'
    . "\r\n\r\n"
    . 'http://www.radioman911.com/pages/CAD/verify.php?email=' . $email . '&hash=' . $hash . '';
    $headers = 'From: xxxx' . "\r\n" .
    'Reply-To: same xxxx as above' . "\r\n" .
    'X-Mailer: PHP/' . phpversion();
    mail($to, $subject, $message, $headers, '-fxxxx same as above'); //Send the email
    header("location:new_member_sucess.php"); //yes, i know i spelled success wrong, but i also spelled it wrong in the page filename lol

  } else {
    echo "<style type='text/css'>A{text-decoration:none}</style>";
    echo "<body bgcolor='black'><font color='white' style='font-family:trebuchet ms;'>";
    echo "Passwords do not match or that username is already taken, please try again!<br>";
    echo "<a href='javascript: history.go(-1)'><font color='red'>Go back</a></font>";
  }
}
?>

谢谢!

4

5 回答 5

1

您的 while 循环没有任何意义。
您实际上循环遍历所有用户(数据库中的所有行),并且每次新用户与您的 while 循环中的当前行不匹配时,您都将新用户添加到数据库并每次发送电子邮件。

这是你应该做的:
你的查询

$sql = "SELECT * FROM members";

是通用的方式。
将 MySql 用于它的好处,并通过遍历结果集让数据库找到匹配而不是您的 php 脚本。
使用这样的查询:

$sql = "SELECT count(*) as count FROM members WHERE username LIKE '$username'";
$result = mysql_query($sql);

然后检查是否$result['count']等于 0。如果是这种情况,新用户还不存在,您可以创建新用户并发送您的电子邮件。

于 2013-06-05T20:53:39.683 回答
1

您的问题在于检查重复用户名的 SQL。

// Check for existing username
$sql = "SELECT * FROM `members`";
$result2=mysql_query($sql);
while($row=mysql_fetch_array($result2)){
    $username2 = $row['username'];

...

}}

我已经采用了您的代码,并进行了一些小改动。我已更改您的 SQL 查询以检索具有相同用户名的用户计数,而不是返回每个用户名单独检查。

我还将mail()函数周围的代码从循环中取出。如果没有找到重复的用户名,则该$duplicateUsername变量设置为 false,否则设置为 true。

如果$duplicateUsername为假,则调用邮件函数...一次,否则显示错误。

// Check for existing username使用以下所有内容:

// Check for existing username
$username = mysql_real_escape_string($username);
$duplicateUsername = false;


$sql = "SELECT COUNT(username) AS usernameCount FROM members WHERE username = '{$username}'";
$result2=mysql_query($sql);
while($row=mysql_fetch_array($result2)){
    $duplicateUsername = $row['usernameCount']>0 ? true : false;
}

if(!$duplicateUsername){
    $sql = "INSERT INTO `members` (`id`, `first_name`, `last_name`, `email`, `username`, `password`, `termsofuse`, `status`, `approved`, `acctype`, `industry`, `newsletter`, `contactnumber`, `hash`, `since`) VALUES (NULL, '$first_name' , '$last_name' , '$email' , '$username' , '$password1' , '$termsofuse', 'Reg', '$approved', '$acctype', '$industry', '$newsletter', '$contactnumber', '$hash', NOW())";

    $result = mysql_query($sql) or die ("Can't insert".mysql_error());

    $to = $email; // Send email to user
    $subject = 'Signup Verification'; //Subject line in email
    $message = 'Welcome ' . $first_name . ','
       . "\r\n\r\n"
       . 'Thanks for signing up!'
       . "\r\n\r\n"
       . 'Your account has been created. To activate your account, click on the link below to get started!'
       . "\r\n\r\n"
       . 'http://www.radioman911.com/pages/CAD/verify.php?email=' . $email . '&hash=' . $hash . '';
    $headers = 'From: xxxx' . "\r\n" .
         'Reply-To: same xxxx as above' . "\r\n" .
         'X-Mailer: PHP/' . phpversion();

    mail($to, $subject, $message, $headers, '-fxxxx same as above');

    header("location:new_member_sucess.php");
} else {
    echo "<style type='text/css'>A{text-decoration:none}</style>";
    echo "<body bgcolor='black'><font color='white' style='font-family:trebuchet ms;'>";
    echo "Passwords do not match or that username is already taken, please try again!<br>";
    echo "<a href='javascript: history.go(-1)'><font color='red'>Go back</a></font>";
}
于 2013-06-05T20:59:45.870 回答
0

您正在一个包含数据库中所有用户mail()while()循环中执行。

根据该if条件下的语句,每次用户提供的用户名与当前行不匹配且密码匹配时,您都在执行插入并发送电子邮件。据推测,您的几个用户有很多相同的密码。

您将需要更新您的查询以包含从结果集中排除不匹配用户的条件。

于 2013-06-05T20:55:02.830 回答
0

如果用户名不匹配但密码匹配,则您正在循环所有成员,您添加一个用户并发送电子邮件。用户名几乎永远不会相同,密码可能...

您应该将查询更改为仅查询该特定用户的数据库,例如

$sql = "SELECT * FROM会员WHERE username LIKE \"" . $username . \"";

不是您问题的答案,但您可以将代码的第一行缩短为:

foreach($_POST AS $k => $v){
  $$k = mysql_real_escape_string($v);
}
$username = strtoupper($username);

短了很多。

于 2013-06-05T20:55:14.740 回答
0

您的邮件功能在 while 循环中,因此它发送了很多电子邮件。请剪切该代码并将其放在循环的上方或下方。二、查询错误,$sql = "SELECT * FROM members"; 将选择所有成员,使用 $sql = "SELECT * FROM memberswhere ....."; 我不知道列名。阅读,http://www.w3schools.com/php/php_mysql_where.asp

于 2013-06-05T20:56:30.143 回答