Hiding php codes from file_get_contents method-CodePudding

I am sending email with PHPMailer. My email design is available in the template.php file. I am pulling the contents of the template.php file with the file_get_contents method in my mail.php file. But I have such a problem, all my php codes in the template.php file are also visible. How can I hide them?

Mail.php

<?php
// Import PHPMailer classes into the global namespace
// These must be at the top of your script, not inside a function
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;

require 'PHPMailer/src/Exception.php';
require 'PHPMailer/src/PHPMailer.php';
require 'PHPMailer/src/SMTP.php';

require_once 'assets/standart/db.php';
require 'assets/class/all.php';

$connect = new baglan();
$settings = new ayarlar();


// SMTP settings connect
$connect->connect('settings_smtp', '', '', 0);
$smtp_settings = $connect->connect->fetch(PDO::FETCH_ASSOC);

$smtp_mail = $smtp_settings['mail'];
// /SMTP settings connect

$template_file = 'PHPMailer/template.php';

if(file_exists($template_file)){
$mail_template = htmlspecialchars(file_get_contents($template_file));
}else{
    die("Unable to locate the template file");
}

//Load Composer's autoloader

// require 'vendor/autoload.php';

//Create an instance; passing `true` enables exceptions
$mail = new PHPMailer(true);

try {
    //Server settings
    $mail->SMTPDebug = 0;
    $mail->isSMTP();
    $mail->Host       = $smtp_settings['host'];
    $mail->SMTPAuth   = true;
    $mail->Username   = $smtp_settings['mail'];
    $mail->Password   = $smtp_settings['password'];
    $mail->SMTPSecure = PHPMailer::ENCRYPTION_SMTPS;
    $mail->Port       = $smtp_settings['port'];

    //Recipients
    $mail->setFrom("$smtp_mail", 'Mailer');
    $mail->addAddress('[email protected]', 'Joe User');     //Add a recipient
    // $mail->addAddress('[email protected]');               //Name is optional
    // $mail->addReplyTo('[email protected]', 'Information');
    // $mail->addCC('[email protected]');
    // $mail->addBCC('[email protected]');

    //Attachments
    // $mail->addAttachment('/var/tmp/file.tar.gz');         //Add attachments
    // $mail->addAttachment('/tmp/image.jpg', 'new.jpg');    //Optional name

    //Content
    $mail->isHTML(true);
    $mail->CharSet = 'UTF-8';
    
    $mail->Subject = 'Here is the subject';
    $mail->Body    = $mail_template;
    $mail->AltBody = 'This is the body in plain text for non-HTML mail clients';

    $mail->send();
    echo 'Message has been sent';
} catch (Exception $e) {
    echo "Message could not be sent. Mailer Error: {$mail->ErrorInfo}";
}

Template.php

<?php
echo $forexample = 'Some words here';
?>

CodePudding user response：

Don’t use file_get_contents for that, use include with output buffering. That way it will run the PHP code and you’ll see the results of its execution instead of the code itself.

CodePudding user response：

You have to run the template file, not simply read it.

You can do that like this:

ob_start();
include ( $template_file );
$mail_template = ob_get_clean();

ob_start() (output-buffer start) causes all php script output (from echo etc) to go into an output buffer. output_get_clean() retrieves that output.

CodePudding user response：

With

$mail_template = htmlspecialchars(file_get_contents($template_file));

you will just get the contents of the file into the variable $mail_template

You could use the eval() function as described here: https://www.php.net/manual/en/function.eval.php But be very careful using it!

Caution: The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.

You could use it like this:

$mail_template_php = htmlspecialchars(file_get_contents($template_file));
$mail_template = eval($mail_template_php);