Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trial
Matthew Barnes
Courses Plus Student 16,550 PointsPHPMailer to GMAIL - Could Somebody Access my Password?
Hi all,
I have a personal portfolio page and I'm using PHPMailer to allow users to email me if they would like to get in touch. I've used the "Build a Basic PHP website" course to achieve this. I have the following code on my index.php:
$mail = new PHPMailer;
$mail->isSMTP();
//Enable SMTP debugging
// 0 = off (for production use)
// 1 = client messages
// 2 = client and server messages
$mail->SMTPDebug = 2;
//Ask for HTML-friendly debug output
$mail->Debugoutput = 'html';
//Set the hostname of the mail server
$mail->Host = 'smtp.gmail.com';
// use
// $mail->Host = gethostbyname('smtp.gmail.com');
// if your network does not support SMTP over IPv6
//Set the SMTP port number - 587 for authenticated TLS, a.k.a. RFC4409 SMTP submission
$mail->Port = 587;
//Set the encryption system to use - ssl (deprecated) or tls
$mail->SMTPSecure = 'tls';
//Whether to use SMTP authentication
$mail->SMTPAuth = true;
//Username to use for SMTP authentication - use full email address for gmail
$mail->Username = "my-email@gmail.com";
//Password to use for SMTP authentication
$mail->Password = "mypassword";
This is working perfectly, however I'm concerned about my email password. Is there any way a potential hacker could access this password? And if so what can I do to prevent this?
Thanks in advance!
Matt
1 Answer
Jacob Mishkin
23,117 Pointsyes, you should keep your credentials in a separate JSON file. Please take a look at the blog below:
Matthew Barnes
Courses Plus Student 16,550 PointsMatthew Barnes
Courses Plus Student 16,550 PointsThank you Jacob,
I'm researching this now. Can you just explain what the poster means by setting the file outside my web root.
I assume my web root is the folder that my index.php is on the web hosting server. Is it as simple as placing the .ini or JSON file a folder back from this? If so would I Include this file simple by using ../?
Appreciate it!
Jacob Mishkin
23,117 PointsJacob Mishkin
23,117 Pointsyou can use the include function, but I would also look at the docs for this:
phpmailer
what outside of the root folder means is that you are importing one file into another.
Matthew Barnes
Courses Plus Student 16,550 PointsMatthew Barnes
Courses Plus Student 16,550 PointsPerfect! Thank you!
Jacob Mishkin
23,117 PointsJacob Mishkin
23,117 Pointsnot a problem. I hope this helps.