md5 password with phpMailer

Question

I use the following code...

      $mail = new PHPMailer();  
      $mail->IsSMTP(); // send via SMTP
      $mail->SMTPAuth = true; // turn on SMTP auth         


        

Answer 1

Unfortunately it isn't a question of support in phpMailer, but of your SMTP setup. In most cases your SMTP server won't know what to do with a password hash -- it needs the unhashed password so that it can check against its own password tables, which are unlikely to be stored in unsalted MD5 anyway.

You can (if your SMTP server supports it) send the password through a secure connection (see PHPMailer: SMTP Error: Could not connect to SMTP host for a discussion about this). However, you'll still need to keep the password stored without encryption. One alternative to this, depending on your hosting package, is to set up SMTP such that it does not authenticate you by username and password -- for example, by using a properly configured local sendmail instance.

Answer 2

You have to send plain password to SMTP. Hash functions are one-way, they just "obfuscates" the input, so SMTP can not authenticate you with it.

You could encrypt the password, probably AES, and you store the ciphertext, and the secret (maybe as env. variable), and pass the decoded pass to mailer.

Example:

<?php
$secret_key = 'supersecret key';
$password = 'somepass';

// encrypt
// calculate cipher, and store somewhere
$cipher = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $secret_key, $password, MCRYPT_MODE_ECB);

// use the cipher
$mail->Username = $USR_EMAIL; // SMTP username
$mail->Password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $secret_key, $cipher, MCRYPT_MODE_ECB); // SMTP password
?>