Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP Build a Basic PHP Website (2018) Adding a Basic Form Using A Third-Party Library

Andrew Bennett
PLUS
Andrew Bennett
Courses Plus Student 3,836 Points
Posted by Andrew Bennett
Andrew Bennett
Courses Plus Student 3,836 Points

SMTP Security Credentials

What is the best way to protect the contact form process.php file if you are using the PHPMailer SMTP with your Gmail credentials? I imagine it's not safe to keep this file in a public directory.

Benjamin Payne
Benjamin Payne
8,142 Points
Benjamin Payne
Benjamin Payne
8,142 Points

I would use vlucas/phpdontenv composer package and store the .env file in a non public directory. Usually one directory up from your public directory. Also, do not commit the .env file to source control. Create a .env.example file that has the fields, but not the values.

You can access your gmail credentials using the $_ENV global. For example:

.env file:

gmail_username=test
gmail_password=test

php script:

$_ENV['gmail_username'];
$_ENV['gmail_password'];