Email with Phpmailer without authentication?

Asked

Viewed 1,408 times

2

I am using the following code to send email:

<?php
require 'libs/PHPMailerAutoload.php';

$mailer = new PHPMailer();

$mailer ->isSMTP();
$mailer ->isHTML(true);
$mailer->CharSet = "UTF-8";

$mailer->SMTPAuth = true;
$mailer->SMTPSecure = "tls";
$mailer->Host = "smtp.live.com";
$mailer->Port = 587;
$mailer->Username = "[email protected]";
$mailer->Password = "*********";

$mailer->From = "[email protected]";
$mailer->FromName = "leonardo vialrinho";

$mailer->Subject = "TESTE DE EMAIL";
$mailer->Body = "body HTML";
$mailer->AltBody = "body texto";

$mailer->addAddress("[email protected]");

if($mailer -> send()) {
    echo "Enviado";
} else {
    echo "Erro: ".$mailer->ErrorInfo;
}
?>

So far no problem, but how would it be in a contact form? Where the user will not enter the password of email of him. And I don’t even think it’s cool for me to put my password email in the code (in case it was to send a registration confirmation, etc)

1 answer

5


Contact form is you sending a message to yourself, not the person sending the message to you. You don’t need to contact her server to do this, you need your password.

That’s the way it works, either you put it in the code or you put it in a configuration file, which you still get. What you can do is encrypt the information, almost nobody does it in PHP.

It has solutions to avoid putting the password in the application, but it is complex and does not usually compensate for the work, so everyone does so. Either way I’d have some protection somewhere.

Confirmation form is something else, but the process is the same. It’s you sending the message to someone else, need your password.

Whenever you open a form on the web you are opening up the possibility of attacks and there are sophisticated techniques to prevent this. As these attacks do not usually bring advantages it is rare for someone to make the attack. And so it is even more rare for someone to prevent this.

Just be careful not to give a chance to a form while allowing the person to choose the message that will be sent and to whom the message will be sent. This allows sending of spam by your account. This is an attack that brings advantages.

What you cannot do under any circumstances is to use an e-mail server that does not need authentication for sending messages.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.