Junitar Posted June 24, 2017 Share Posted June 24, 2017 (edited) Hi, I'm using PHPMailer to send email from a contact form using gmail SMTP which requires to include the SMTP password directly in the PHP script like so $mail->Password = 'mypassword'; According to what I've found on the net, it seems that it's not recommended since the password can be easily hacked. Thus, I'm wondering how to do to protect my password. I've found people recommending to put the password in an INI file outside the webroot and then to retrieve it using parse_ini_file() function. My problem is that I'm not sure I understand the "outside the webroot" part… if anyone could explain this to me and how to do it, it would be much appreciated. Also, should I protect the INI file with a .htaccess? Thanks. Edited June 24, 2017 by Junitar Link to comment Share on other sites More sharing options...
Ingolme Posted June 24, 2017 Share Posted June 24, 2017 The web root is the folder on the server which contains your website. It could be called "www", "htdocs", "html" or a variety of other names. Anything inside that folder can be accessed through HTTP with a URL. If the file is outside the web root, you won't need htaccess to protect it because it's already inaccessible. Link to comment Share on other sites More sharing options...
Junitar Posted June 24, 2017 Author Share Posted June 24, 2017 (edited) Thanks for your reply. If I understand correctly, all I've to do to protect my gmail password and username once my site is ready to go online, is to organize my folders on the server that hosts my website like so: :SERVER: myMainFolder _________|_________ | | iniFilesFolder websiteFilesFolder | ______|___________________ | | | | file.ini index.php contact.php ….php and then retrieve my password by adding the following lines in my PHP script: $ini = parse_ini_file('/myMainFolder/iniFilesFolder/file.ini', true); $mail->Username = $ini['email']['username']; $mail->Password = $ini['email']['password']; With the file.ini being something like: [email] username = myUsername password = myPassword Is that correct? Edited June 24, 2017 by Junitar Link to comment Share on other sites More sharing options...
justsomeguy Posted June 26, 2017 Share Posted June 26, 2017 The only way that password would be compromised is if you're on a shared server with poor security, where other accounts on the same server can read your files. If the server is configured correctly then that wouldn't be possible, but if it's not configured correctly then using a .ini file probably isn't going to fix anything. But yeah, the structure you show is what you're trying to describe. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now