Rapidweaver Contact Page SMTP Authentication
March 05, 2010 09:32 PM | Category: Mac OS
This post is admittedly pretty deep in technical details. But, if you use Rapidweaver for web site design, this may help you out a lot.
One of the great features of Rapidweaver, hereafter referred to as RW, is the built in functionality for a Contact page where you can get people to email you, without revealing your email address. This works great, if you have an SMTP server available where you host your web site. However, some System Administrators are more strict with security and require a username and password (SMTP Authentication) in order to send mail. This is a good thing, as it helps prevent more spam. But it is a pain for those trying to get RW to support their contact page. Real Mac Software, should definitely fix this problem, and add CAPTCHA to their default Contact page interface to prevent spamming. There are third party RW plugins that add some of this functionality, but I believe these features are so integral to web site design that they should be built in by default. In the mean time, I’ve written some brief code here that solves this problem.
Here is what you need to do:
1. This was setup for RW 4.3.1, but will probably work for other versions of RW with some tweaks.
2. Make sure your hosting server supports PHP and has the Pear PHP mail library installed. See more info on PHP here.
3. Download this new version of the RW mailer.php file. Mailer PHP source
4. Just in case, make a copy of the original mailer.php file which is located in your RW application bundle here: /Applications/RapidWeaver.app/Contents/PlugIns/Contact Form.rwplugin/Contents/Resources
5. Replace that with the file contained in the ZIP archive in step 3. Modify this line to call out the path to your file:
require_once ('PATH NAME TO YOUR SMTP AUTH DEFS FILE HERE, DON'T FORGET .php EXTENSION'); It will probably be something like ../mypage_assets/mydefs.php
6. IMPORTANT: Make sure this file is named xxxxxxx.php where xxxxxxx is what you want to name the file, and it has the .php extension. Apache and other web servers will not allow the listing of PHP files, so this will hide your server login information. If you name it with another extension, .htm, .html, .txt, etc. then your SMTP login credentials will be visible to anyone!!!
7. Edit your Contact page within RW. Use the Page Info button within RW to bring up the inspector for that page. Make sure that you enter the email address where those browsing your site will send to you via the contact form.
8. In the Page Info inspector, click the “Header” pane, and then click the “Assets” tab. Click the Add Files button and browse to the file that contains your SMTP Auth info. It should have the same name as the file name you choose in steps 5 and 6. Add it to your page’s assets folder. Also see IMPORTANT from Step 6, this file must be named with a .php extension to prevent others from seeing its contents. The file should have content that looks something like this, make sure you have everything in between, and the tags in your file:
//This is your Auth info that you don’t want others to see, so name your file with a .PHP extension and set the permissions
//so only your web server process can read this file.
//SMTP Mail defines to allow per site SMTP Auth
//Use Port 465 for SSL and 25, or 2500, or 587 for unencrypted
//make sure SMTP_AUTH value is not quoted, true for AUTH, false for NON AUTH SMTP
define( SMTP_HOST, 'ssl://mail.yourmailserver.com' );
define( SMTP_USER, 'myemail@yourdomain.com' );
define( SMTP_PASS, 'your password for SMTP auth here' );
define( SMTP_PORT, 465 ); // This is your mail server’s port for SMTP auth. Some servers use 25, or 587.
define( SMTP_AUTH, true ); //make sure to set this to true if you want authentication.
?>
9. Once you publish your site, test to make sure it works. Now you should be able to send to any SMTP authenticated server.
10. IMPORTANT: Lastly, lock down the permissions on the file named in Steps 5, 6 and 7 so that Apache, or your web server process can see the file, but nobody else on the server can. In UNIX, you can do this from a command line with the command chmod 600 mydefsfilename.php But, test to make sure that Apache can still read the file for your auth info. Your mileage may vary depending on your web server.
11. One final note. If you publish multiple RW websites to multiple hosting providers, you might be wondering what happens to the sites that worked just fine with the original mailer.php file. This new script still contains the old code for those sites, but the catch is that you must at least have a stub mail definitions.php file as in step 6. with the define(SMTP_AUTH, false) line as the only line in the file. This will satisfy the require_once line in the mailer.php script, while also assuring that the if/then logic picks the unauthenticated original version of the mailer.php code. This solves the problem of maintaining multiple RW sites, while only requiring the addition of one small file to any given site.
This is not an ideal solution, but it does add SMTP Auth for those who need it until Rapidweaver includes this by default.
One of the great features of Rapidweaver, hereafter referred to as RW, is the built in functionality for a Contact page where you can get people to email you, without revealing your email address. This works great, if you have an SMTP server available where you host your web site. However, some System Administrators are more strict with security and require a username and password (SMTP Authentication) in order to send mail. This is a good thing, as it helps prevent more spam. But it is a pain for those trying to get RW to support their contact page. Real Mac Software, should definitely fix this problem, and add CAPTCHA to their default Contact page interface to prevent spamming. There are third party RW plugins that add some of this functionality, but I believe these features are so integral to web site design that they should be built in by default. In the mean time, I’ve written some brief code here that solves this problem.
Here is what you need to do:
1. This was setup for RW 4.3.1, but will probably work for other versions of RW with some tweaks.
2. Make sure your hosting server supports PHP and has the Pear PHP mail library installed. See more info on PHP here.
3. Download this new version of the RW mailer.php file. Mailer PHP source
4. Just in case, make a copy of the original mailer.php file which is located in your RW application bundle here: /Applications/RapidWeaver.app/Contents/PlugIns/Contact Form.rwplugin/Contents/Resources
5. Replace that with the file contained in the ZIP archive in step 3. Modify this line to call out the path to your file:
require_once ('PATH NAME TO YOUR SMTP AUTH DEFS FILE HERE, DON'T FORGET .php EXTENSION'); It will probably be something like ../mypage_assets/mydefs.php
6. IMPORTANT: Make sure this file is named xxxxxxx.php where xxxxxxx is what you want to name the file, and it has the .php extension. Apache and other web servers will not allow the listing of PHP files, so this will hide your server login information. If you name it with another extension, .htm, .html, .txt, etc. then your SMTP login credentials will be visible to anyone!!!
7. Edit your Contact page within RW. Use the Page Info button within RW to bring up the inspector for that page. Make sure that you enter the email address where those browsing your site will send to you via the contact form.
8. In the Page Info inspector, click the “Header” pane, and then click the “Assets” tab. Click the Add Files button and browse to the file that contains your SMTP Auth info. It should have the same name as the file name you choose in steps 5 and 6. Add it to your page’s assets folder. Also see IMPORTANT from Step 6, this file must be named with a .php extension to prevent others from seeing its contents. The file should have content that looks something like this, make sure you have everything in between, and the tags in your file:
//This is your Auth info that you don’t want others to see, so name your file with a .PHP extension and set the permissions
//so only your web server process can read this file.
//SMTP Mail defines to allow per site SMTP Auth
//Use Port 465 for SSL and 25, or 2500, or 587 for unencrypted
//make sure SMTP_AUTH value is not quoted, true for AUTH, false for NON AUTH SMTP
define( SMTP_HOST, 'ssl://mail.yourmailserver.com' );
define( SMTP_USER, 'myemail@yourdomain.com' );
define( SMTP_PASS, 'your password for SMTP auth here' );
define( SMTP_PORT, 465 ); // This is your mail server’s port for SMTP auth. Some servers use 25, or 587.
define( SMTP_AUTH, true ); //make sure to set this to true if you want authentication.
?>
9. Once you publish your site, test to make sure it works. Now you should be able to send to any SMTP authenticated server.
10. IMPORTANT: Lastly, lock down the permissions on the file named in Steps 5, 6 and 7 so that Apache, or your web server process can see the file, but nobody else on the server can. In UNIX, you can do this from a command line with the command chmod 600 mydefsfilename.php But, test to make sure that Apache can still read the file for your auth info. Your mileage may vary depending on your web server.
11. One final note. If you publish multiple RW websites to multiple hosting providers, you might be wondering what happens to the sites that worked just fine with the original mailer.php file. This new script still contains the old code for those sites, but the catch is that you must at least have a stub mail definitions.php file as in step 6. with the define(SMTP_AUTH, false) line as the only line in the file. This will satisfy the require_once line in the mailer.php script, while also assuring that the if/then logic picks the unauthenticated original version of the mailer.php code. This solves the problem of maintaining multiple RW sites, while only requiring the addition of one small file to any given site.
This is not an ideal solution, but it does add SMTP Auth for those who need it until Rapidweaver includes this by default.