CODEWITHSUNDEEP
phpmysqlphpmailer
icecub
icecub

Reputation: 8773

PHPMailer started spam mailing unexpectedly

I was working on a form to mass email all my members. For some unknown reason to me, the server started spamming emails like crazy! Litterly sending hundreds of emails to everyone. This is the script I've used:

<?php
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\SMTP;
use PHPMailer\PHPMailer\Exception;

require_once '../../config.php';
require_once '../../src/Pdo.php';
require 'Exception.php';
require 'PHPMailer.php';
require 'SMTP.php';

if(!empty($_POST['message'])){
    $mail = new PHPMailer(true);
    $db = new MyChat\Database;

    $db->query("SELECT
                    users.email AS email,
                    users.username AS username
                FROM
                    users
                WHERE
                    users.getmail = 1
                AND
                    users.id
                NOT IN
                    (SELECT bans.userid FROM bans)
                AND
                    users.email
                NOT IN
                    (SELECT blocked.email FROM blocked)
               ");

    try {
        $results = $db->resultset();
    }
    catch(PDOException $e){
        echo "PDO Error: ". $e->getMessage();
    }

    foreach($results as $result){
        if(filter_var($result['email'], FILTER_VALIDATE_EMAIL)){
            try {
                $mail->setFrom('[email protected]', 'Example');
                $mail->addAddress($result['email']);
                $mail->isHTML(true);
                $mail->Subject = $_POST['subject'];
                $mail->Body = str_replace("%username%",$result['username'],$_POST['message']);
                $mail->AltBody = str_replace("%username%",$result['username'],$_POST['altmessage']);

                $mail->send();
            } catch (Exception $e) {
                echo 'Message could not be sent. Mailer Error: ', $mail->ErrorInfo;
            }
        }
    }

    echo 'succes';
} else {
    echo 'empty';
}

I've tried returning the mysql result to myself and it only returns the data once. Checking out Postfix's log var/log/mail.log it looks like instead of mailing each user their own message, it mailed all messages to each user.

So user A got mail ment for user A, B, C, D.. and the same again for user B etc.

I don't understand how this could have happened? I can't seem to find any error in my code that would cause this loop? Especially because $mail->Body = str_replace("%username%",$result['username'],$_POST['message']); is correctly replacing the username in each message.

Upvotes: 0

Views: 47

Answers (1)

Andrew Magill
Andrew Magill

Reputation: 2510

$mail->addAddress($result['email']);

That line of code is adding each member to the audience on each loop iteration. You never clear that object/property, so it just accumulates your full audience as it goes through $results.

Create $mail inside the loop, or specify the email address a differnt way.

Upvotes: 2

Related Questions