As of May 30, 2022, Google disabled less secure app access options. I understand that setting a Google Account to allow less secure app access was the key for PHPMailer to send emails via Gmail. I took over the maintenance of a few websites where this PHPMailer/Gmail functionality was used for the 'Contact us' pages.
https://support.google.com/accounts/answer/6010255?hl=en#zippy=%2Cuse-an-app-password
Now that this option is gone - what are the alternative solutions that do not require re-engineering the core functionality for the existing Contact Us pages?
You first port of call should be to read the docs. You've not needed to to use less secure apps for the last 5 years, but lots of people didn't realise that so now there's a frantic rush. In short, App Passwords are the easiest way to go as they don't require you to change your code at all, just update a password.
The quickest solution is to use use an apps password. This will require that you have 2fa enabled on your google account to create the apps password.
The second option is to use Xoauth2 to request authorization of the owner of the account. Then you can send an access token instead of the password.
There is a very good guide to how to set this up here Using Gmail with XOAUTH2
$mail->oauthUserEmail = "<your gmail address>#gmail.com";
$mail->oauthClientId = "237644427849-g8d0pnkd1jh3idcjdbopvkse2hvj0tdp.apps.googleusercontent.com";
$mail->oauthClientSecret = "mklHhrns6eF-qjwuiLpSB4DL";
$mail->oauthRefreshToken = "1/7Jt8_RHX86Pk09VTfQd4O_ZqKbmuV7HpMNz-rqJ4KdQMEudVrK5jSpoR30zcRFq6";
As long as this is a single user app you will not need to apply for verification.
Related
I have a free hosting account at 000webhost. I have configured PHPMailer to send a message to me in the mail as soon as someone fills out the feedback form. Messages do not come if the gmail function allow less secure apps is disabled.
How to accept gmail emails without enabling allow less secure apps. This is my main mail, and I would not like to disable protection on it. It's not here for beauty, is it?) After searching the Internet, I could not find a similar solution. Seems disabling allow less secure apps suits many. So maybe there is a way to make my hosting account trusted?
Ignore the naysayers, this is entirely possible, and it doesn't involve IMAP.
To be clear, the "allow less secure apps" option only applies to sending email from your gmail account. It has nothing to do with you receiving messages from other people, or how they receive messages sent from you.
Gmail (and others) offers an SMTP authentication mechanism called XOAUTH2, which is, as you might expect, based on OAuth 2.0. If you use this mechanism, you do not need to enable "less secure apps". PHPMailer supports this mechanism, and provides code example showing you how to use it](https://github.com/PHPMailer/PHPMailer/blob/master/examples/gmail_xoauth.phps). However, that only shows how to use the auth credentials, not how to get them, which, being OAuth, is a confusing and unpleasant experience. Fortunately there is documentation (which should always be the first place you look before asking questions anyway) and an example script that helps you get the tokens you need. I'm not going to reproduce them here because it just makes more work for me as a maintainer.
The approach is broadly:
Define an OAuth app within your Google account
Use the supplied script to perform an authentication procedure (requires that you have a functioning HTTP server)
Take the credentials from that process and drop them into the PHPMailer sending example.
Send email as usual.
I've been using a PHP script to access Google's SMTP and IMAP so that emails sent from the script page are copied to the client's Gmail sent items. However Google has now locked down and locked out "insecure apps" which also seems to lock out my script, no matter which settings I change in Gsuite or the gmail account. How would I make it a "secure app" given that the usual app password approach seems inapplicable, since the device is a web server?
Securing your App would consist on using the more secure OAuth2 protocol to make requests to the Gmail API or authenticate to the SMTP or IMAP.
Using the Gmail API is more user friendly and for your use case I think it's more indicated. You can start building a Gmail App using these tutorials.
Read these articles to know more about OAuth on Gmail Apps:
IMAP/SMTP
Google APIs
I am using IMAP to get inbox data of my Gmail in PHP. It shows the error:
Too many login failures
I Enabled Allow less secure App access also, but I'm still getting the same error. Please Some one help me.
Try following these steps:
Use an App Password: If you use 2-Step Verification, try signing in with an App Password.
Allow less secure apps: If you don't use 2-Step Verification, you might need to allow less secure apps to access your account.
If you recently changed your Gmail password, you might need to re-enter your Gmail account information or completely repeat your Gmail account setup on your other email client.
please unlock captcha(since you have too many failed attempts) n by visiting this link
I succeeded in sending a mail using PHPMailer, but I had to TURN OFF 2-Step Verification (google account in my case).
Is it possible to use PHPMailer without TURNING OFF 2-Step Verification?
Thank you
You don't need to go through that mess with PHPMailer's XOAUTH2 installation. Sign into your Google Account, then go to "Sign-in & security" > "App Passwords". There you generate a unique token for your app (name app however you want) and use that token instead of password. All other (smtp) settings remain the same.
That's it.
Yes, by using XOAUTH2 authentication. This will require your second factor to get a token during initial setup, but should then operate repeatedly without asking again. This also means you don't need to enable the "allow less secure apps" setting. See the PHPMailer docs on Gmail with XOAUTH2 and the Gmail XOAUTH2 example. It's easier if you use the as-yet unreleased version 6.0 branch. There's really too much code involved to include it all here meaningfully.
I'm using the PHP imap extension to read emails from a gmail account but when I tried it the first time I got an email from google telling me that it had blocked the sign-in because it was "from an app that may put your account at risk" and that "Google will continue to block sign-in attempts from the app you're using because it has known security problems or is out of date" . I had to go to the settings on gmail and manually "allow access to less secure apps". So my question is how do I make my sign-in attempts more secure so that I don't have to "allow access to less secure apps"?