Form to email

[wmrobwl]

I use Frontpage to design some web sites. I need to get form data sent to an email address. I know that with Frontpage extensions, this feature is built in. However I do not want to run FP ext's on this server for security purposes (FP exts is a whole can of security flaw worms).

I know that you can use php or cgi scripts to email form data, but I always get alot of spam sent to me through the form. I never had this problem with my sites that use FP exts and the built-in FP form handler.

I would like to know more information on how FP's form handler works. Is there anything that works similar to FP's built-in form handler? How can I reverse engineer this to figure how how MS and FP handles this?

Thanks!

[impactx]

I don't know if I can offer much help about how Front page Form handler works, besides saying "it's magical bots" :) kidding. but seriously I think the difference between a php script, and fp ext form handling is that fact that a php script can be called and run from most anywhere, which the fp ext script isn't so much just a script, but pieces of code written in different places on the page, that then have to call on a bot somewhere, to process. Maybe if someone sat down and wrote a spider to look for frontpage forms, and then it pieced the pieces together, they'd be as many exploits as there are with some php forms. I'd recommend adding captcha to your php script. That would stop the spammer from automatically spamming through your site. At least until visually goes to your site, fills out the spam, then reads and inputs the captcha code in. :)

[wmrobwl]

Ok I think I'm going to give up on trying to figure out how the magic FP bots work. Let's say I want to use a php script (as opposed to CGI).

I want to create a php script using the MAIL() function, but I need to connect to a "remote" mail server (which resides on the same network as the front end html server). The "remote" smtp server requires authentication.

I think I have the following options:
1. Use PHP pear
2. Input the smtp user name and login in the php script (using proper permissions on the file)
3. Install a mail server on the front end html server to either send the mail or to relay the mail to the "remote" smtp server.

Which of these methods would be the best (and most secure)? How do I implement PHP pear to do this?

Thanks!

[craigmn3]

Okay I'm speaking out of my .....hat, again

If your worried about security issues...why are you using an form mailer? That's like taking withdrawal from something as secure as fort knox and then driving it away in volkswagen.


If your trying to hide your identity I guess that makes sense, but any cgi script form-mail handler should be able to do that.

THE Bad News....I tried to build a CGI Program for just this purpose, and for a reason not fully understood by me, the Front Page Extensions that were installed on my server interfered with it.

Craig Web Geek
Edited by mod Webnauts. You may have links to your web site only in your signature.

[wwwizzard]

Hi
I too used to use FP for my forms but have now implemented PHP forms.
I used http://www.thesitewizard.com/archive/feedbackphp.shtml as a starting point, and this is pretty good.

Another resource I used was http://www.simfatic.com/: it is a little program that helps you design all sorts of forms. The program is available on a 30 day trial.

I also have problems with spammers sending me emails through my forms, so I would be interested to hear more about the "captcha"??

Cheers

John

[wmrobwl]

Okay I'm speaking out of my .....hat, again

If your worried about security issues...why are you using an form mailer? That's like taking withdrawal from something as secure as fort knox and then driving it away in volkswagen.


If your trying to hide your identity I guess that makes sense, but any cgi script form-mail handler should be able to do that.

THE Bad News....I tried to build a CGI Program for just this purpose, and for a reason not fully understood by me, the Front Page Extensions that were installed on my server interfered with it.

Craig Web Geek
http://www.arthurspools.com
http://www.sjvwd.com

I decided to use php over cgi because you can locate a php script anywhere in the directory (as opposed to being in the cgi bin) which will help avoid scanners looking for scripts to manipulate.

Hi
I too used to use FP for my forms but have now implemented PHP forms.
I used http://www.thesitewizard.com/archive/feedbackphp.shtml as a starting point, and this is pretty good.

Another resource I used was http://www.simfatic.com/: it is a little program that helps you design all sorts of forms. The program is available on a 30 day trial.

I also have problems with spammers sending me emails through my forms, so I would be interested to hear more about the "captcha"??

Cheers

John

Thanks for the links, but I think I might modify the php script that I found here: http://formtoemail.com/.

The only problem is that my mail server does not reside on the machine that serves the html (and php scripts). I need to know how to have php communicate with a remote mail server (that requires smtp authentication).

[goxford]

Put in html

<table cellpadding="0" cellspacing="5" border="0" align="center" bgcolor="#FFFFFF">
<tr>

<td align="center">
<form method="POST" action="sendeail.php">

<?php
$ipi = getenv("REMOTE_ADDR");
$httprefi = getenv ("HTTP_REFERER");
$httpagenti = getenv ("HTTP_USER_AGENT");
?>

<input type=hidden name="ip" value="<?php echo $ipi ?>">
<input type=hidden name="httpref" value="<?php echo $httprefi ?>">
<input type=hidden name="httpagent" value="<?php echo $httpagenti ?>">

<TABLE align="center" border="0" cellpadding="1">
<TR>
<TD colspan="2" valign="bottom">

<font size="2">Fill in any part of the form below</font></td>
</tr>
<tr>
<td><font size="2">Name</font></td>
<td><INPUT name="visitor" TYPE="text" SIZE="25"></td>
</tr>
<tr>
<td><font size="2">Phone</font></td>
<td><input NAME="phone" type="text" size="25" maxlength="12"></td>

</tr>
<tr>
<td><font size="2">Fax #</font></td>
<td><input NAME="fax" type="text" size="25" maxlength="12"></td>
</tr>
<tr>
<td><font size="2">E-mail</font></td>
<td><INPUT name="visitormail" TYPE="text" SIZE="25"></td>

</tr>
<tr>
<td colspan="2">
<p class="miscm">Feedback - Questions?
<textarea cols="60" name=notes rows="13"></textarea>




<CENTER><INPUT VALUE="Send Mail" type=image border=0 src="images/submit.gif" VALUE="Submit"></CENTER></FORM>



</P>
</td>
</tr>
</table>









Make php file


<table cellpadding="0" cellspacing="5" border="0" align="center" bgcolor="#FFFFFF">
<tr>

<td align="center">

<!-- You must enter YOUR email address ($myemail shown below).
Then you should check (or modify) the link for the 'next page' (at the bottom) -->

<?php
$myemail = "cs@bakerstools.com";

if (!isset($visitormail))
echo "Somebody Goofed $ip" ;

$todayis = date("l, F j, Y, g:i a") ;

$subject = "Feedback @ Bakers Tools" ;

$message = " $todayis [EST] \n
From: $visitor ($visitormail)\n
Phone: $phone \n
Fax: $fax \n
Message: $notes \n
Additional Info : IP = $ip \n
Browser Info: $httpagent \n
Referral : $httpref \n
";

$from = "From: $visitormail\r\n";

if ($myemail != "")
mail($myemail, $subject, $message, $from);

?>

[b]<p align=center>
Date: <?php echo $todayis ?>


Thank You : <?php echo $visitor ?> ( <?php echo $visitormail ?> )


<?php echo $ip ?>
</td>


</tr>
</table>

[DrTandem1]

Sorry, if this was already mentioned. Why not just add a CAPTCHA feature to the form? Also, by stripping certain tags and killing the script with a few simple checks, virtually eliminates spam from the results of a form.

[wmrobwl]

Thanks, but I still dont think that addresses the fact that I am trying to connect to a remote mail server (using smtp authentication).

[wwwizzard]

You can use any email address in the PHP script, can't you?
No need to have the mail server at the same place as the website, you could even use a hotmail address if you wanted to ...
(Or am I missing something?)

John