How do you use authentication with gmail for a PHP contact form?

Question

This is the code that i have working; however i want to incorporate a way to have an smtp authentication using my gmail account but I can't figure it out...help?

<?php

if(isset($_POST['email'])) {

    $email_to = "jfk003@lvc.edu";
    $email_subject = "Website Inquire";


    function died($error) {
        echo "We are very sorry, but there were error(s) found with the form you submitted. ";
        echo "These errors appear below.<br /><br />";
        echo $error."<br /><br />";
        echo "Please go back and fix these errors.<br /><br />";
        die();
    }

    // validation expected data exists
    if(!isset($_POST['first_name']) ||
        !isset($_POST['last_name']) ||
        !isset($_POST['email']) ||
        !isset($_POST['telephone']) ||
        !isset($_POST['comments'])) {
        died('We are sorry, but there appears to be a problem with the form you submitted.');       
    }

    $first_name = $_POST['first_name']; // required
    $last_name = $_POST['last_name']; // required
    $email_from = $_POST['email']; // required
    $telephone = $_POST['telephone']; // not required
    $comments = $_POST['comments']; // required

    $error_message = "";
    $email_exp = "/^[^0-9][A-z0-9_]+([.][A-z0-9_]+)*[@][A-z0-9_]+([.][A-z0-9_]+)*[.][A-z]{2,4}$/";
  if (preg_match($email_exp, $email_from)) {
    echo "Email address is valid.";
  }
  else 

    {
        echo "Email address is <u>not</u> valid.";
  }
    $string_exp = "/^[a-zA-Z .'-]+$/";
  if(!preg_match($string_exp,$first_name)) {
    $error_message .= 'The First Name you entered does not appear to be valid.<br />';
  }
  if(!preg_match($string_exp,$last_name)) {
    $error_message .= 'The Last Name you entered does not appear to be valid.<br />';
  }
  if(strlen($comments) < 2) {
    $error_message .= 'The Comments you entered do not appear to be valid.<br />';
  }
  if(strlen($error_message) > 0) {
    died($error_message);
  }
    $email_message = "Form details below.

";

    function clean_string($string) {
      $bad = array("content-type","bcc:","to:","cc:","href");
      return str_replace($bad,"",$string);
    }

    $email_message .= "First Name: ".clean_string($first_name)."
";
    $email_message .= "Last Name: ".clean_string($last_name)."
";
    $email_message .= "Email: ".clean_string($email_from)."
";
    $email_message .= "Telephone: ".clean_string($telephone)."
";
    $email_message .= "Comments: ".clean_string($comments)."
";



$headers = 'From: '.$email_from."
".
'Reply-To: '.$email_from."
".
'X-Mailer: PHP/'.phpversion();

@mail($email_to, $email_subject, $email_message, $headers);

} 

?>

Answer 1

You want to use a modern PHP mailing library, like SwiftMailer that supports SMTP authentication.

Check out Google's instructions on which servers to use and SwiftMailer's docs on sending mail to a SSL/TLS SMTP server and sending mail with a username/password combo.

While updating your code to use SwiftMailer, you should ditch that abomination of an email validation regex, it excludes numerous completely valid local parts and domains. The sanity straight-jacket imposed by building the message using method calls is going to take care of most of the other potential problems in your code, like that bizarre clean_string function -- you won't need it (and I'm not sure what you think it does here, but it doesn't really, uh, make the string any safer).