Where to store Admin E-mail

doubledee · 11-12-2012, 05:06 PM

I'm in the process of streamlining my Error-Handling code, and I would like to put things like the Admin's E-mail in one location, so that I don't have to track it down in multiple places/scripts.

If I place it in a PHP Constant, would that cause any security issues?

Furthermore, where would be the best place to store things like E-mail Headers and so on?

For example...

PHP Code:


			
    $headers  = "From: Admin <admin@MySite.com>\r\n";

    $headers .= "MIME-Version: 1.0\r\n";

    $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";

Thanks,

Debbie

Fou-Lu · 11-12-2012, 06:25 PM

It depends on what you are referring to as security. Using a defined constant will potentially create a privacy leak between scripts as it will be globally readable in any scope. That's only a problem if you say its a problem; given constant's readonly nature, I'd say there's no problem with that. You wouldn't want to create a defined constant for authentication information if you allow third party addons, but I don't see an issue with an email address (unless you're concerned about spam).

Email headers should be dynamically and conditionally created within the script handling all the emails. These aren't configuration based data, they are manipulation based on data, so creating a global location for them doesn't make any sense.

doubledee · 11-12-2012, 07:04 PM

Quote:

Originally Posted by Fou-Lu

It depends on what you are referring to as security. Using a defined constant will potentially create a privacy leak between scripts as it will be globally readable in any scope. That's only a problem if you say its a problem; given constant's readonly nature, I'd say there's no problem with that. You wouldn't want to create a defined constant for authentication information if you allow third party addons, but I don't see an issue with an email address (unless you're concerned about spam).

Email headers should be dynamically and conditionally created within the script handling all the emails. These aren't configuration based data, they are manipulation based on data, so creating a global location for them doesn't make any sense.

Right now I have a script called "results.php" which is where I display my Error-Messages and where I log and send out e-mail notifications to the Admin.

I tweaked my code a bit and added these variables to my script to make it slightly easier to modify...

PHP Code:


			
    // ************************

    // Initialize Variables.    *

    // ************************

    $emailTo = 'JoeTheAdmin@mail.com';



    $headers  = "From: Admin <admin@MySite.com>\r\n";

    $headers .= "MIME-Version: 1.0\r\n";

    $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";

I guess I was wondering if those should be assigned to Constants, and maybe go into a global "config" file instead?!

Or are they okay like they are? (Of course, if I need to refer to the Admin E-mail in other scripts, then I'd have a maintenance issue...)

Debbie

Fou-Lu · 11-12-2012, 11:25 PM

If its configurable data, put it into a configuration file. An email that can change IMO warrants placing into configuration data.
Whether its a constant or a variable is up to you.

alemcherry · 11-13-2012, 11:55 AM

Global config file is a good place. If you believe this is something that need to be editable and chnagable by the user, a config table and an option to edit the same from admin interface would be better. However, that is not needed in most custom made scripts. If this is a product that would installed by many people, making it editable would be good.

minder · 11-13-2012, 12:04 PM

I store all config. parameters (email address, compnay name, home page url etc etc etc) in a database table and in the Admin account's menu somewhere I will have a "Configure Site" menu option which presents all the config params in a html form from which the admin user can edit them.