Appnitro Software Forums » MachForm

Secure form settings? config.php

(6 posts)
  • Started 2 years ago by danthemanjones
  • Latest reply from yuniar

  1. danthemanjones
    Member

    Hi

    I am setting up this form for the first time. I am totally naive to coding so I need as much help as possible please.

    I need my form to be as secure as possible because I am having credit card info sent with it. I am having the info sent to a gmail account. I see a bunch of settings in the config.php.

    Can someone please let me know what setting to change so it is secure with gmail. Please give an example if you can (thanks).

    Also, I assume since the data in the MySQL database could potentially get hacked. Is there a way to stop machform from storing the data there? Even better, it is possible to have it not store one field in particular?

    If this is not possible, can someone recommend a hosting service that can do a good job at securing my database. My current hosting environment does not seem to be the most secure.

    thanks so much

    Posted 2 years ago #

  2. yuniar
    MachForm Founder

    To use Gmail secure SMTP, your config.php should have settings like this:

    define('USE_SMTP',true); 

define('SMTP_HOST','smtp.gmail.com');
define('SMTP_PORT',465);
define('SMTP_AUTH',true); 

define('SMTP_USERNAME','username@example.com');
define('SMTP_PASSWORD','yourpassword');

    adjust the username and password with your own.

    The most secure setup would be using a VPS or dedicated server, instead of shared hosting.

    It is possible to set MachForm to not store one field in particular.
    Let say you have a form with id = 7 and your credit card number field is having id = 'element_3' (view the HTML source of your form to see it).

    Modify includes/post-functions.php file, search around line 929 for this code:

    $is_inserted = false;

    right under that code, insert this code:

    if($form_id == 7){
	$table_data['element_3'] = '';
}

    that would set your credit card field to an empty string.

    Posted 2 years ago #

  3. danthemanjones
    Member

    Thanks for the super fast response.

    Sure enough the code you suggested prevented the one field from being stored but it also prevented it from being sent to my email.

    Is there a way to just prevent it from being stored in the database but still allow that field to be sent to my email?

    Also, how important is setting up the SMTP in the config.php? I worry that this may actually be less secure in the long run because my email username and password will be there as directed.

    Thanks for your help again.

    Posted 2 years ago #

  4. yuniar
    MachForm Founder

    oh..right, sorry for that. Try this, edit the same file, search around line 1187 for this code:

    return $process_result;

    right ABOVE that line, add this code:

    if($form_id == 7){
	do_query("update ap_form_{$form_id} set element_3=''");
}

    regarding the secure SMTP setting. That is the only way to send email securely, using secure SMTP server.

    Otherwise, your mail is being sent through the internet using a plain text and unencrypted.

    Your email username and password will be stored in config.php indeed, as well as your database username and password. To make it secure, make sure to periodically change your FTP password.

    Posted 2 years ago #

  5. mikve
    Member

    Hello,
    Q1:
    I have also maybe very naive question, can actually anyone download my config.php file if the know that I use this software and know its structure (architecture)?

    Q2: Can I give different level access to different forms to different users? How?

    Regards,

    Posted 2 years ago #

  6. yuniar
    MachForm Founder

    Hi mikve,

    Q1) No, nobody should be able to download a PHP file. Otherwise, you can downlod our entire site PHP files :-)

    If anybody trying to access your config.php file, they will get a blank screen. Try it.

    Q2) No, I'm afraid this is not possible yet. We've been working with multi-user version of MachForm which support this, but not ready for release yet.

    Posted 2 years ago #

RSS feed for this topic

Reply

You must log in to post.