form to email scripts
Question 1:
Most form to mail scripts have the recipient's email address in a hidden input. This makes it so that the recipient's email address isn't displayed on the webpage, but anybody can just look at the source code to see who the mail is being sent to. If the info is right there in the source code then shouldn't it be just as easy for a spam-bot to grab your email address from there too? This method isn't secure against a human looking at the source code, but is it a security issue for spam-bots too?
Setup for the rest of my questions
I want to set it up so that people can fill out a form on a webpage and that submitted content will be emailed to me. Easy - lots and lots of good scripts out there. I've tried several new ones but I just can't find exactly what I'm looking for:
a) Basic/Easy - I don't need the script to make the form for me, I have a form already and all I need is for it to send me the email.
b) Recipient's email address is truly hidden, even from looking in the source code. (see question #1) This is usually accomplished by having the recipient's email address stored in another file location such as a config file
c) One script can be used multiple times. Not a deal breaker, but I have several different websites on my server, set up as subdomains (within my main domain but visitor's would never know it). It would be great if different forms on 4 different websites could all function and send emails to different recipients by sharing the heart of the script without having to install it over and over again for each domain (all within my main website anyway).
After trying many free scripts out there, I realized that none fit the bill as well as an OLD script I was using on one of my websites for the past 10 years. This script was very simple yet allowed for up to 20 different recipients email addresses to be stored in a separate config file (and each form could signify which recipient simply by a number). Old as the script is, it still works mostly-fine. There's just one issue I have with it... the sender's email address (filled out inthe form) doesn't become the reply-to address in the email. I'd really like for clients to be able to hit the reply button to answer a question rather than have to copy and paste it from the form data in the body of the message.
Question 2
Does anybody have any suggestions for a free form-to-mail script that meets my 3 requirements above PLUS can have the email address automatically become the reply-to address? If not, read on to the next questions...
Question 3
The old script I'm using was last in active development in 2002. The website in the Read Me file doesn't exist anymore and neither does the author's email address. Ethically speaking, since the script isn't even available anymore, would you think it would be okay for me to hack the script to make it work the way I want it to, especially since I'm not planning on selling it or distributing it beyond my own personal use?
Question 4: The big question
Can anybody please help me figure out how to make this script take the email input from the form and make it become the Reply-To address in the sent email?
I'll try not to post the entire script but here are the parts that I think may be relevant:
The form part seems normal enough. The part where the visitor would fill in their email address would be something like this
Your email address: <input type="text" name="sender_email">
I'm no expert but I would think the relevant part of the real script is this section (I can post more code if needed)
IF ($errorcount == 0)
{
$message = "The following message was submitted via your website:\n";
$message .= "\n";
IF (isset($formtitle))
{
$message .= "$formtitle\n\n";
}
while (list ($var, $val) = each ($HTTP_POST_VARS))
{
IF ($var != "required" and $var != "subject" and $var != "errorpage" and $var != "successpage" and $var != "formtitle" and $var != "sendto")
{
$message .= "$var: $val\n";
}
}
$array2 = split(",", "$sendto");
while (list ($arrayid, $emailselections) = each($array2))
{
$email = $emailaddresses[$emailselections];
$mail = mail($email, $subject, $message, "From: Website Form\r\n");
When I add an email address where it says "Website Form" it works, and the recipient is then able to hit the reply button on their email client and it works properly. The problem of course is that I need that email address to come form the input of the form and not be pre-typed by me. Can this be done? Please help. Thanks a ton.
webwiz posted this at 03:14 — 25th February 2010.
He has: 629 posts
Joined: May 2007
Processing a form on a shared host is not safe. I suggest you check out Wufoo - you get up to 3 forms for free, and there are lots of nice-looking templates. Play with it for a bit. I think you'll find it useful.
Cordially, David
--
delete from internet where user_agent="MSIE" and version < 8;
fifeclub posted this at 03:26 — 25th February 2010.
He has: 688 posts
Joined: Feb 2001
That looks nice but that seems to make forms, where as I've already got my forms integrated into my design and I just need to process the info. But I'm intrigued about form processing not being safe on a shared host. I mean, I've heard of form mail scripts being abused but I thought the problems were only with bad/unprotected scripts. The script I want to use (but fix up) does limit it's use to only requests coming from certain domain names in the config file. Would that still be risky?
webwiz posted this at 20:54 — 25th February 2010.
He has: 629 posts
Joined: May 2007
Sorry. I'm no expert in PHP security, even though I studied some of the issues. But I'm the lazy type, and like to use existing quality solutions if I can find them. Especially free ones.
I wish I could be of more help.
Cordially, David
--
delete from internet where user_agent="MSIE" and version < 8;
sequencehosting posted this at 22:27 — 25th February 2010.
They have: 24 posts
Joined: Feb 2010
Thanks for sharing with the community. I agree security can be an issue but no matter what any PHP script is better than displaying an email in plain text
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.