This forum is no longer open and is for reading/searching only.
Please use our new MachForm Community Forum instead.
MachForm Community Forums » MachForm 2
Secure form settings? config.php
Started 16 years ago by danthemanjones | 6 posts |
-
Hi
I am setting up this form for the first time. I am totally naive to coding so I need as much help as possible please.
I need my form to be as secure as possible because I am having credit card info sent with it. I am having the info sent to a gmail account. I see a bunch of settings in the config.php.
Can someone please let me know what setting to change so it is secure with gmail. Please give an example if you can (thanks).
Also, I assume since the data in the MySQL database could potentially get hacked. Is there a way to stop machform from storing the data there? Even better, it is possible to have it not store one field in particular?
If this is not possible, can someone recommend a hosting service that can do a good job at securing my database. My current hosting environment does not seem to be the most secure.
thanks so much
Posted 16 years ago # -
yuniar
To use Gmail secure SMTP, your config.php should have settings like this:
define('USE_SMTP',true); define('SMTP_HOST','smtp.gmail.com'); define('SMTP_PORT',465); define('SMTP_AUTH',true); define('SMTP_USERNAME','username@example.com'); define('SMTP_PASSWORD','yourpassword');adjust the username and password with your own.
The most secure setup would be using a VPS or dedicated server, instead of shared hosting.
It is possible to set MachForm to not store one field in particular.
Let say you have a form with id = 7 and your credit card number field is having id = 'element_3' (view the HTML source of your form to see it).Modify includes/post-functions.php file, search around line 929 for this code:
$is_inserted = false;right under that code, insert this code:
if($form_id == 7){ $table_data['element_3'] = ''; }that would set your credit card field to an empty string.
MachForm Founder
Posted 16 years ago # -
Thanks for the super fast response.
Sure enough the code you suggested prevented the one field from being stored but it also prevented it from being sent to my email.
Is there a way to just prevent it from being stored in the database but still allow that field to be sent to my email?
Also, how important is setting up the SMTP in the config.php? I worry that this may actually be less secure in the long run because my email username and password will be there as directed.
Thanks for your help again.
Posted 16 years ago # -
yuniar
oh..right, sorry for that. Try this, edit the same file, search around line 1187 for this code:
return $process_result;right ABOVE that line, add this code:
if($form_id == 7){ do_query("update ap_form_{$form_id} set element_3=''"); }regarding the secure SMTP setting. That is the only way to send email securely, using secure SMTP server.
Otherwise, your mail is being sent through the internet using a plain text and unencrypted.
Your email username and password will be stored in config.php indeed, as well as your database username and password. To make it secure, make sure to periodically change your FTP password.
MachForm Founder
Posted 16 years ago # -
Hello,
Q1:
I have also maybe very naive question, can actually anyone download my config.php file if the know that I use this software and know its structure (architecture)?Q2: Can I give different level access to different forms to different users? How?
Regards,
Posted 16 years ago # -
yuniar
Hi mikve,
Q1) No, nobody should be able to download a PHP file. Otherwise, you can downlod our entire site PHP files :-)
If anybody trying to access your config.php file, they will get a blank screen. Try it.
Q2) No, I'm afraid this is not possible yet. We've been working with multi-user version of MachForm which support this, but not ready for release yet.
MachForm Founder
Posted 16 years ago #
Reply
You must log in to post.