phpmailer secure approach by placing credentials out of the web root in INI file

Question

first of all thank you for your time and helping me on this. I have a simple contact form and i'm using phpmailer.

I want to store credentials in an INI file out of webroot and then include it in my mail.php file which is the mail sending script.

How to write the INI content and how to call them on mail.php file?

This is my HTML file which is contact us form:

<h3><font style="line-height:170%" size="4"> <a id="contactus">Contact us form</a>  </font></h3>
            <form method="post" action="email.php" accept-charset="UTF-8">          
            <p>         
            <label>your name</label>
            <input name="dname" type="text" size="30" />
            <label>your email</label>
            <input name="demail" type="text" size="30" />


            <label>your domain name</label>
            <input name="ddomain" type="text" size="30" />


            <label>Message</label>
            <textarea name="dmessage" id="dmessage" rows="5" cols="5"></textarea>
            <br />  
            <input class="button" type="submit" value="submit"/>        
            </p>        
            </form>             
            <br />  

and this is the email.php file:

   <?php
header('Content-type: text/plain; charset=utf-8');
$email = $_REQUEST['demail'] ;
$message = $_REQUEST['dmessage'] ;
$ddomain = $_REQUEST['ddomain'] ;
require("PHPMailer_v5.1/class.phpmailer.php");

$mail = new PHPMailer();
$mail->CharSet = 'UTF-8';
$mail->IsSMTP();


$mail->Host = "localhost";

$mail->SMTPAuth = true; 

$mail->Username = "info@example.com"; // SMTP username
$mail->Password = "this is the password"; // SMTP password


$mail->From = $email;

$mail->AddAddress("info@example.com");

$mail->WordWrap = 50;

$mail->IsHTML(true);

$mail->Subject = $ddomain;

$mail->Body    = $message;
$mail->AltBody = $ddomain;

if(!$mail->Send())
{
   echo "Error <p>";
   echo "Mailer Error: " . $mail->ErrorInfo;
   exit;
}

echo "we have received your email";
?>

I want to store credentials in a safe place.

Another problem is that whenever someone open email.php file in browser ( example.com/email.php) an empty email will be sent to me, how to prevent it? I want the email.php file to be executed only a result of a customer's contact via filling the form and not by directly opening the email.php file

Thank you all

Answer 1

<?php

if (empty($_REQUEST['demail']) || empty($_REQUEST['dmessage'])) {
    die();
}

$constants = parse_ini_file("/outside/web/sample.ini");

header('Content-type: text/plain; charset=utf-8');
$email = $_REQUEST['demail'] ;
$message = $_REQUEST['dmessage'] ;
$ddomain = $_REQUEST['ddomain'] ;
require("PHPMailer_v5.1/class.phpmailer.php");

$mail = new PHPMailer();
$mail->CharSet = 'UTF-8';
$mail->IsSMTP();


$mail->Host = "localhost";

$mail->SMTPAuth = true; 

$mail->Username = $constants['username']; // SMTP username
$mail->Password = $constants['password']; // SMTP password


$mail->From = $email;

$mail->AddAddress("info@example.com");

$mail->WordWrap = 50;

$mail->IsHTML(true);

$mail->Subject = $ddomain;

$mail->Body    = $message;
$mail->AltBody = $ddomain;

if(!$mail->Send())
{
echo "Error <p>";
echo "Mailer Error: " . $mail->ErrorInfo;
exit;
}

echo "we have received your email";
?>

INI file (sample.ini) looks like:

username = "info@example.com"
password = "PASSW0RD"

Answer 2

Thank you for your helps. I did some change on your code and it is excatly what is want. instead of saying:

if (empty($_REQUEST['demail']) || empty($_REQUEST['dmessage'])) {
    die();
}

i used this one:

    if (empty($_REQUEST['demail']) || empty($_REQUEST['dmessage'])) {
   echo "Please fill-in Email and Message sections completely!";
   exit;
}

Thank you for your help