I am going to use PHP for sending emails. My PHP is supposed to be on a shared host. I have found codes to send email via PHP but I'm worried about writing direct password into the PHP code. Does PHP or GMail SMTP server provide any way to avoid using direct password? maybe something similar to API authentication?
Asked
Active
Viewed 2,440 times
2 Answers
2
I never have actually tried to just send emails true a SMTP server such google, since all this services need authentication. There is some great projects in Github such this, this allow to send emails via SMTP using secure ports, authentication, SSL, etc.. (remember that php files are server side, so users cant access to this information. so your pass it is secure.)
and if you visit their repo you will find their sample:
<?php
require 'class.phpmailer.php';
$mail = new PHPMailer;
$mail->IsSMTP(); // Set mailer to use SMTP
$mail->Host = 'smtp1.example.com;smtp2.example.com'; // Specify main and backup server
$mail->SMTPAuth = true; // Enable SMTP authentication
$mail->Username = 'jswan'; // SMTP username
$mail->Password = 'secret'; // SMTP password
$mail->SMTPSecure = 'tls'; // Enable encryption, 'ssl' also accepted
$mail->From = 'from@example.com';
$mail->FromName = 'Mailer';
$mail->AddAddress('josh@example.net', 'Josh Adams'); // Add a recipient
$mail->AddAddress('ellen@example.com'); // Name is optional
$mail->AddReplyTo('info@example.com', 'Information');
$mail->AddCC('cc@example.com');
$mail->AddBCC('bcc@example.com');
$mail->WordWrap = 50; // Set word wrap to 50 characters
$mail->AddAttachment('/var/tmp/file.tar.gz'); // Add attachments
$mail->AddAttachment('/tmp/image.jpg', 'new.jpg'); // Optional name
$mail->IsHTML(true); // Set email format to HTML
$mail->Subject = 'Here is the subject';
$mail->Body = 'This is the HTML message body <b>in bold!</b>';
$mail->AltBody = 'This is the body in plain text for non-HTML mail clients';
if(!$mail->Send()) {
echo 'Message could not be sent.';
echo 'Mailer Error: ' . $mail->ErrorInfo;
exit;
}
echo 'Message has been sent';
But if you dont want to go and hard code the passwords on the php controller or what ever you gotta use to process the emails, you can always use the mail() function on php to send emails.
easy sample find on the documentation:
<?php
$to = 'nobody@example.com';
$subject = 'the subject';
$message = 'hello';
$headers = 'From: webmaster@example.com' . "\r\n" .
'Reply-To: webmaster@example.com' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers);
?>
This function is a SMTP way to send emails, but the authentication it is always required but in this case it is made with the server, so all headers has to be set to be able send a proper email.
Note some server providers don't aloud sending emails true this function, so in the end you will need to create or use a php SMTP email class to process the emails, and this file have to have the password for authentication reason.
Jorge Y. C. Rodriguez
- 3,394
- 5
- 38
- 61
-
it seems there is no better way than making a fake email! – gerrnar Jun 21 '13 at 11:07
-1
PHP is excuted server side so your password should not be exposed to the public. If by what you mean by shared hosting is you are literally sharing a server with someone, then your password could be stolen for your Gmail account as Gmail smtp requires a password. However, if your server host provides you with a outgoing smtp server, then you most certainly don't need to worry about your passwords as you would not need one.
user2067005
- 859
- 7
- 15
-
You may suggest any possible workaround for the problem. The long paragraph does give some insight on the problem, but does require further clarification. – sjsam Jan 23 '18 at 16:01