php - 如何正确使用 PHPMailer

问题描述

我已经有一个用 php 编写的用户帐户系统，它在梦想的主机服务器上运行。我也创建了一个忘记密码的系统，但是当我激活使用 PHPMailer 发送实际电子邮件的 php 代码时，我得到一个 HTTP ERROR 500。我不知道这是我的代码还是因为我使用的是过时版本的 apache或我的服务器上的mysql。我不知道如何在我的服务器上更新 apache 或 mysql。我也不确定如何将 $to 变量正确输入到 $mail->addressAddress 中。任何帮助将不胜感激。

我使用了最新版本的PHPMailer，切换到最新版本的php，使用域设置电子邮件地址，使用smtp端口465。

<?php
use PHPMailer\PHPMailer\PHPMailer;

// First we check if the form was submitted.
if (isset($_POST['reset-request-submit'])) {

  /* The first thing you should know about reset password scripts, is that we need to make it as secure as possible. To help do this we will be creating "tokens" to ensure that it is the correct user who tries to reset their password.

  Tokens are used to make sure it is the correct user that is trying to reset their password. I will explain more on this later.

  When we create the two tokens, we use random_bytes() and bin2hex(), which are build-in functions in PHP. random_bytes() generates cryptographically secure pseudo-random bytes, which we then convert to hexadecimal values so we can actually use it. Right now we are only going to use the bin2hex() on the "selector" because later we need to insert the "token" into the database in binary.

  // Later we will also include these tokens into a link which we then send the user by mail so they can reset their password. */

  $selector = bin2hex(random_bytes(8));
  $token = random_bytes(32);

  // The reason we need to have a "selector" and a "token" is to prevent timing attacks, which is when we limit the speed at which a hacker can attempt to hack our script. I will get more into this later in the next script.

  // Then we create the URL link which we will send the user by mail so they can reset their password.
  // Notice that we convert the "token" to hexadecimals here as well, to make the URL usable.

  $url = "www.tnaddyxomputerrepair.com/forgottenpwd/create-new-password.php?selector=" . $selector . "&validator=" . bin2hex($token);

  // Then we need to define when the tokens should expire. We do this for security reasons to make sure the same token can't be used for more than an hour.

  // Then we set the timestamp and add another hour to the current time, and then pass it into the format we defined.
  $expires = date("U") + 1800;

  // Next we delete any existing tokens that might be in the database. We don't want to fill up our database with unnecessary data we don't need anymore.

  // First we need to get our database connection.
  require 'dbh.inc.php';

  // Then we grab the e-mail the user submitted from the form.
  $userEmail = $_POST["email"];

  // Finally we delete any existing entries.
  $sql = "DELETE FROM pwdReset WHERE pwdResetEmail=?";
  $stmt = mysqli_stmt_init($conn);
  if (!mysqli_stmt_prepare($stmt, $sql)) {
    echo "There was an error!";
    exit();
  } else {
    mysqli_stmt_bind_param($stmt, "s", $userEmail);
    mysqli_stmt_execute($stmt);
  }

  // Here we then insert the info we have regarding the token into the database. This means that we have something we can use to check if it is the correct user that tries to change their password.
  $sql = "INSERT INTO pwdReset (pwdResetEmail, pwdResetSelector, pwdResetToken, pwdResetExpires) VALUES (?, ?, ?, ?)";
  $stmt = mysqli_stmt_init($conn);
  if (!mysqli_stmt_prepare($stmt, $sql)) {
    echo "There was an error!";
    exit();
  } else {
    // Here we also hash the token to make it unreadable, in case a hacker accessess our database.
    $hashedToken = password_hash($token, PASSWORD_DEFAULT);
    mysqli_stmt_bind_param($stmt, "ssss", $userEmail, $selector, $hashedToken, $expires);
    mysqli_stmt_execute($stmt);
  }

  // Here we close the statement and connection.
  mysqli_stmt_close($stmt);
  mysqli_close($conn);

  // The last thing we need to do is to format an e-mail and send it to the user, so they can click a link that allow them to reset their password.

  // Who are we sending it to.
  $to = $userEmail;

require 'PHPMailer/src/PHPMailer.php';
require 'PHPMailer/src/SMTP.php';
require 'PHPMailer/src/Exception.php';

$mail = new PHPMailer();

//SMTP Settings
$mail->isSMTP();
$mail->Host = 'smtp.dreamhost.com';
$mail->SMTPAuth = true;
$mail->Username = 'tylernaddy@tnaddycomputerrepair.com';
$mail->Password = 'password';
$mail->Port = '465';
$mail->SMTPSecure = 'ssl';

//Email Settings
$mail->isHTML();
$mail->SetFrom('no-reply@tnaddycomputerrepair.com');
$mail->Subject = 'Reset your password for www.tnaddyomputerrepair.com';
$mail->Body = '<p>We recieved a password reset request. The link to reset your password is below. If you did not make this request, you can ignore this email</p><p>Here is your password reset link: </br><a href="' . $url . '">' . $url . '</a></p>';
$mail->addAddress('$to');
$mail->Send();

  // Finally we send them back to a page telling them to check their e-mail.
  header("Location: ../reset-password.php?reset=success");
} else {
  header("Location: ../signup.php");
  exit();
}

当我在字段中单击带有电子邮件的忘记密码按钮时，它应该发送一封电子邮件，而不是当我激活使用 PHPMailer 发送实际电子邮件的 php 代码时，我收到 HTTP ERROR 500。

标签： phpphpmailerhttp-status-code-500