Hi i am currently implementing an email system for a customer in php. I'm having a bit of trouble in figuring out something. Here's a sample code:
$mail = new PHPMailer(); // create a new object
$mail->IsSMTP(); // enable SMTP
$mail->SMTPDebug = 0; // debugging: 1 = errors and messages, 2 = messages only
$mail->SMTPAuth = true; // authentication enabled
$mail->SMTPSecure = 'ssl'; // secure transfer enabled REQUIRED for Gmail
$mail->Host = 'smtp.gmail.com';
$mail->Port = 465;
$mail->Username = "***missing part***";
$mail->Password = "***missing part***";
$mail->SetFrom($from, $from_name);
$mail->Subject = $subject;
$mail->Body = $body;
$mail->AddAddress($to);
My customer already created a business email account on gmail for this website. My question is should i put this business email and password in these missing parts? Anyone could help me please? Thanks.
whose username and password should i put there?
If you want to use GMail, you need to put in the username and password that belong to the GMail account you want to send the message from.
.... which is why sending E-Mail through GMail is a bit of an imperfect solution IMO - you put your personal Google login data, with which you can access everything you do on Google, into a script on a server. It's not great practice security-wise.
It might be more feasible to create a SMTP account on the client's web site, and use that. That has the additional advantage that you can use a email#clients-domain-name.com sender address.
you must post the username and password so we can help you.. LOL, just kidding. You should put there the username and password of the account that would be sending the email. In this case, probably your webpage's gmail account.
Often web hosts don't use authentication for their web servers to send email using their smtp servers, i would suggest contacting the people who host the website and ask them about using their smtp servers.
Using gmail (if you can from a script) might end up with the rather annoying reply thing that you get from gmail where the reply address is a gmail account.
e.g. from mrKoz#gmail.com on behalf of mr#koz.com which doesn't look awesome :)
Related
Currently I am using phpMailer for sending emails to my Gmail account in a form submition. the code that I used for sending email is similar to the below code:
###################
/* sendeng email */
###################
use phpMailer\PHPMailer\PHPMailer;
if ($sehat === true) {
require_once "../phpMailer/PHPMailer.php";
require_once "../phpMailer/SMTP.php";
require_once "../phpMailer/Exception.php";
$mail = new PHPMailer();
//smtp settings
$mail->isSMTP();
$mail->Host = "smtp.gmail.com";
$mail->SMTPAuth = true;
$mail->Username = "myGmail#gmail.com";
$mail->Password = 'myPassword';
$mail->Port = 465;
$mail->SMTPSecure = "ssl";
//email settings
$mail->isHTML(true);
$mail->setFrom($commEmail, $commName);
$mail->addAddress("myGmail#gmail.com");
$mail->Subject = ("$commEmail ($commTopic)");
$mail->Body = "<div style='text-align:right; direction:rtl;'>" . nl2br(strip_tags($commMess)) . "</div>";
// $mail->Body = nl2br(strip_tags($commMess));
// $mail->AltBody = nl2br(strip_tags($commMess));
// $mail->Body = $commMess;
/* for other language messages */
$mail->CharSet = 'UTF-8';
if($mail->send()){
$status = "success";
$response = "Email is sent!";
}
else
{
$status = "failed";
$response = "Something is wrong: <br>" . $mail->ErrorInfo;
}
exit(json_encode(array("status" => $status, "response" => $response)));
}
I don't have any problem with sending email. But my first question is where I am using $mail->Password = 'myPassword'; in my code. Actually I am writing and debugging the code on a localhost (WAMPSERVER), and I used my real password instead of myPassword in the code. But after finishing the app I am going to host it to a real server (deploy my app). My question is that with this code, could host provider access to my Gmail password? And if so what is the solution to that? Is it a bug in phpMailer or I am wrong?
The second question is that when I want to send form data to my Gmail account, I must change the setting of my Gmail to "lower security" in this localhost version. If I deploy my app and it becomes available online, again I must do that (lower security of Gmail) or there are better ways? Because now when I return Gmail security setting to normal state the phpMailer does not send data.
My question is that with this code, could host provider access to my Gmail password?
Yes.
And if so what is the solution to that?
Don't use a host you don't trust.
In general you need to be able to trust your host, but there is one step that can help avoid all that this implies: using XOAUTH2 for authentication.
With this mechanism you do not have to store a real ID and password on your server; you need to use them in a one-off operation to obtain a token that can be limited to gmail operations. There are code examples provided with PHPMailer for this, along with a utility script you can use to obtain your auth token, and a wiki article to help you configure it (though it could use updating; contributions welcome). However, be aware that using OAuth is generally a complicated and unpleasant experience that contains many potential ways to mess things up. In this use case, it does provide a security enhancement as it means you don't have to leave your real google credentials lying around.
A scrupulous hosting provider will allow you to encrypt your VM's disk images in a way that means they can't read your data from the hypervisor, and if they don't also have SSH access to your instance, your data should be fairly well protected from them.
Hi I've been struggling with how to setup the SMTP-relay that comes with gsuite. I have asked google support but not even they know. What is happening is when i run this code to send emails no emails show up in my gsuite not even in spam either. I have used this exact same code successfully changing the SMTP host to premium64.web-hosting.com and it works great for every email address other than sending to gsuite. I have tried sending it to a different gsuite as well and it still does not work for both the smtp-relay and for the premium64. Thinking it has to be a setting with google admin because google is really strict on security. I have enabled less secure apps. Here below is my code and the current setting. Please show me what needs to be changed so that it works. I've had a tough enough time working on this for the last 4 days. Any help is appreciated and thank you in advance. Thank you.
Phpmailer code:
$sentfromemail = "sam#email.com";
$mail = new PHPMailer();
//
$mail->isSMTP();
$mail->SMTPAuth = true;
$mail->SMTPSecure = 'ssl';
$mail->Host = 'smtp-relay.gmail.com';
$mail->Port = '465';
$mail->isHTML(true);
$mail->Username = $sentfromemail;
$mail->Password = 'correctpassword';
$mail->SetFrom('sam#email.com' , 'Email Name');
$mail->Subject = "test";
$mail-> Body = 'test';
Google Admin Console Settings:
I'm using PHPMailer (Version 5) for user registration. (When user registers to my site the Profile activation code is sent to user to activate it).
PHPMailer works, I tested it many times (I registered Myself with other mails and with gmail too for testing purposes, I always got the activation code), but many users complain that they not getting the activation codes and then I have to send them manually...
I can't understand what is the problem (When I checked my users database there are many users that got activation codes, but also that couldn't received).. I debug PHPMailer, but there is not any error or problem...
I'm Using PHPMailer With Gmail SMTP:
$mail = new PHPMailer();
$mail->CharSet = 'UTF-8';
$mail->Host = "smtp.gmail.com";
$mail->Port = 587;
$mail->SMTPSecure = "tls";
$mail->SMTPAuth = true;
$mail->Username = "mymail#gmail.com";
$mail->Password = "MyPassword";
$mail->From = "mymail#gmail.com";
$mail->FromName = 'www.mysite.com';
$mail->AddAddress($email);
$mail->WordWrap = 80;
$mail->IsHTML(true);
$mail->Subject = 'Registration';
$mail->Body = $message;
$mail->AltBody = $message;
$mail->Send();
I also tried to use SSL-465, but the result is the same..
Please Help!
Thank you very much in advanced...
I Solved this problem from server (host). I checked mail functions / configs and found "MAX_EMAIL_PER_HOUR" was set to 30 (Really strange, by default It is 100) So I changed it to 500 and It fixed all PHPMailer Issues...
In addition:
Enabling "Allow less secure apps" will usually solve many problem for PHPMailer, and it does not really make your app significantly less secure. (When enabling Google warns you that the App is insecure).
If you Need More security, PHPMailer added support for XOAUTH2 for google, you can use it...
I haven't used this technology before, but I'll play with it as soon as possible ;)
With Best Wishes!
$mail->Host = "smtp-mail.outlook.com";
$mail->Port = 25;
$mail->SMTPSecure = "tls";
$mail->SMTPAuth = true;
$mail->Username = "h*****#outlook.com";
$mail->Password = "********";
$mail->setFrom("h****#gmail.com", "Z***** Hao");
$mail->addReplyTo("a********#yahoo.com", "Z****** Hao");
$mail->addAddress("h******#qq.com", "Z**** Hao");
Above is my code try to use PHPMailer sending email through the outlook smtp server,and my qq mailbox received an email from my outlook account,but I thought it would be sent from my gmail account since I used the setFrom() method,and also how can the $mail->addReplyTo statement play a part in it?
And as a beginner I write it down by referencing an example on github page of PHPMailer project,it's the Link.
As currently configured, you're doing this:
Host, Port, SMTPSecure, SMTPAuth: Configure the mail server you want to use to send out the e-mail. In this case it's the Outlook SMTP server.
Username and Password: Credentials you're using to login to the Outlook SMTP server.
setFrom sets the From header in the email message. You're currently setting this to your Gmail address, so most of the time, the receiving party sees this address in his/her email client in the from field. But: this header isn't always respected by the sending SMTP server. It could be replaced by the email address belonging to your credentials to prevent spam.
addReplyTo allows you to set a different reply-to address. If not set, the client will suggest to sent an email to the address as specified in the From field. This allows you to overwrite it.
I do not know if what I want to do is possible (but finding out that it isn't would be useful in itself).
I cannot use my company's gmail account "real.business#gmail.com" directly with PHPMailer. I can, however, use an intermediary gmail account "fake.12345.account#gmail.com" which can have "less secure apps" enabled, which permits SMTP verification.
However I do not want to have the emails be sent from this fake.12345.account#gmail.com account (wouldn't look particularly professional) - but rather the company's gmail account.
I can send the emails from the intermediary account to real.business#gmail.com; either through the editing of the PHPMailer parameters, or by automatically forwarding emails from fake.12345.account#gmail.com to the company account.
The problem lies in how real.business#gmail.com can then successfully email the email (or at least appear to be the sender), as originally intended.
The code so far
$Mail = new PHPMailer();
$Mail->IsSMTP(); // Use SMTP
$Mail->Host = "smtp.gmail.com"; // Sets SMTP server for gmail
$Mail->SMTPDebug = 0; // 2 to enable SMTP debug information
$Mail->SMTPAuth = TRUE; // enable SMTP authentication
$Mail->SMTPSecure = "tls"; //Secure conection
$Mail->Port = 587; // set the SMTP port to gmail's port
$Mail->Username = 'fake.12345.account#gmail.com'; // gmail account username
$Mail->Password = 'a_password'; // gmail account password
$Mail->Priority = 1; // Highest priority - Email priority (1 = High, 3 = Normal, 5 = low)
$Mail->CharSet = 'UTF-8';
$Mail->Encoding = '8bit';
$Mail->Subject = 'Mail test';
$Mail->ContentType = 'text/html; charset=utf-8\r\n';
$Mail->From = 'testing.num.101#gmail.com'; //Your email adress (Gmail overwrites it anyway)
$Mail->FromName = 'Testing Again';
$Mail->WordWrap = 900; // RFC 2822 Compliant for Max 998 characters per line
$Mail->addAddress($personEmail); // To: the PERSON WE WANT TO EMAIL
$Mail->isHTML( TRUE );
$Mail->Body = ' Good news '.$personName.'! The email sent correctly!';
$Mail->AltBody = 'This is a test mail';
$Mail->Send();
$Mail->SmtpClose();
if(!$Mail->send()) {
echo 'Message could not be sent.';
echo 'Mailer Error: ' . $Mail->ErrorInfo;
exit;
}
So the issue is: not having the email sent to $personEmail from fake.12345.account#gmail.com (that's trivial) but rather how to send the email from fake.12345.account#gmail.com to real.business#gmail.com such that real.business#gmail.com forwards the message to $personEmail
What you're describing is really relaying, which is usually configured in the mail server config (not the messages), but you don't have access to anything like that in gmail.
You can set allowed aliases in gmail, but I would guess that these are not allowed to overlap with existing gmail account names as that would be a major security hole. Why not enable "less secure apps" on the main account? It's not as if it is actually any less secure - if anything it's better, because the setup to use OAuth2 is so deeply complex and unpleasant...
That said, rather than trying to do all this forgery, you may be interested in this PR and associated docs. It's fairly likely the xoauth branch will get merged into master and released without any further changes as PHPMailer 5.2.11, and it would very helpful if you could give it a try.
PHPMailer is made for sending.
What you want to do is forward an email. This implies receiving the email and then sending it through.
What you need is some kind of IMAP client in php, that will allow you to read the emails on fake.12345.account#gmail.com (and maybe real.business#gmail.com). Then save their body and title and pass it to PHPMailer. You can then use PHPMailer to send the emails with real.business#gmail.com.