PHP Build a Basic PHP Website (2018) Adding a Basic Form Using A Third-Party Library

Andrew Bennett
PRO
Andrew Bennett
Pro Student 3,836 Points

SMTP Security Credentials

What is the best way to protect the contact form process.php file if you are using the PHPMailer SMTP with your Gmail credentials? I imagine it's not safe to keep this file in a public directory.

Benjamin Payne
Benjamin Payne
8,139 Points

I would use vlucas/phpdontenv composer package and store the .env file in a non public directory. Usually one directory up from your public directory. Also, do not commit the .env file to source control. Create a .env.example file that has the fields, but not the values.

You can access your gmail credentials using the $_ENV global. For example:

.env file:

gmail_username=test
gmail_password=test

php script:

$_ENV['gmail_username'];
$_ENV['gmail_password'];