need to create simple html comment form

World_Eater · March 1, 2004, 10:40pm

I would like a multiline textbox and a button that sends the comment to my email.

I’ve been trying to dig up some simple code to do this, but everything I see uses, mailto, which is giving me some prompt saying it’s insecure. I would like to avoid pulling up the person’s email client, instead just let them type, click the button, and be done with it.

Any advice?

CurtC · March 1, 2004, 11:12pm

If you want your visitor to fill out a web page and click the Submit button to launch an email to you, then you’ll need some scripting permissions on your web host. Assuming you have that, many make available a formmail.pl Perl script which does this exact thing. Or you can write your own. I did. Here’s mine:



#!/usr/bin/perl
use strict;

my ($buffer,@pairs,$pair,$contents);
my (%FORM,$name,$value,$result,$pw,$i);

# Get the input
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
# ---- Split the name-value pairs
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) {
  ($name, $value) = split(/=/, $pair);
  $value =~ tr/+/ /;
  $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
  $value =~ tr/\|/ /;
  $FORM{$name} = $value;
  $contents .= "$name: $value

";
}

# send the e-mail
open(MAIL, "|/usr/sbin/sendmail -t -fjoe\@joeblow.com") || print $!;
print MAIL "To: joe\@joeblow.com
";
print MAIL "From: joe\@joeblow.com
";
print MAIL "Subject: report

";
print MAIL "$contents";
close MAIL;

# start printing out results page
print "Content-type:text/html

";
print "
<\!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">
<HTML><HEAD><TITLE>Report submitted</TITLE><link rel=\"StyleSheet\" href=\"../style.css\" type=\"text/css\"></HEAD><BODY>
";
print "<H2>Thank you for your report submission.</H2>
";
print "<P>The following email has been sent to Mr. Blow:<BR>
";
$contents =~ s/
/<BR>/g;
print "$contents
";
print "</BODY></HTML>";

World_Eater · March 1, 2004, 11:44pm

Ok, unfortunately that doesn’t make much sense to me

I have full control over my website, so I assume I will need to dump something in the CGI-Bin folder.

The code you just showed me goes in the HTML file?

Perhaps we could go through the basic steps.

User types “you are the best, I love you!!!” into the textbox.
User clicks submit button.
Clicking button calls script from my cgi-bin folder
Script parses text and forwards it to email address specified in script.

Is this right so far?

So I need an html page using the FORM tag in some fashion, and a script to place in my cgi-bin folder?

viking · March 2, 2004, 2:26am

http://nms-cgi.sourceforge.net/

Well written and documented. Read the whole site before you go ahead, though, as you are doing stuff that if done wrong could turn your site into a spam relay…

CurtC · March 2, 2004, 3:05am

Viking, isn’t it true that if I hard-coded the To: address in the program, that I’m pretty safe from having my script abused by hackers? I think that’s true, so my advice to World Eater is to be sure to hard-code that address, so that someone won’t be able to use your program to send mail to anyone they want to.

World Eater, what you’re looking for now is how to do what’s called “CGI.” Learn that and you’re there.

viking · March 2, 2004, 3:09am

most probably, as long as you check everything else passed in to the code for malicious code, etc. For instance, could someone put an ``end this email, start another one to foobar@wherever.com’’ snippet into the body of the email and have everything go pear-shaped?

Which takes a bit of doing, and which is why I would recommend a) using code written by people better than I at it, and b) understanding exactly what’s going on and what security warnings the authors have in the readmes.

elfkin477 · March 2, 2004, 3:21am

CurtC, Does that form actually send the information people type into the form? I tried programing a varation of this http://www.w3schools.com/html/tryit.asp?filename=tryhtml_form_mail for my website a couple of weeks ago, and it looks very nice. Except when you push send it opens a blank e-mail to me. I don’t see the point of this, since nothing you imput into the form actually appears in the e-mail…

CurtC · March 2, 2004, 4:11am

elfkin, yes, it works. That’s the program I have on my web site for people to send me some info. There are several fields on that HTML page, and this form sends the name of the field, then its contents, to me. I changed only the email address in this example.

That email link that you provided is supposed to open up a new email to you in your regular email client, and fill in certain fields. Except that different email clients have varying degrees of support for the extra stuff beyond the recipient address. Looks like yours doesn’t.

World_Eater · March 2, 2004, 11:24pm

I actually found a utility offered by my web hosts.

They provided a generic .FormMail.conf to stick in my home directory, and then provided some form HTML that just needed the email addy plugged in.

Thanks all for the help. BTW it’s a nms script