homepage Welcome to WebmasterWorld Guest from 54.242.126.126
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / HTML
Forum Library, Charter, Moderators: incrediBILL

HTML Forum

    
Basic HTML form mail with multiple recipients
Dead_London

5+ Year Member



 
Msg#: 11626 posted 2:50 pm on Jan 19, 2006 (gmt 0)

Hello all, this is my first post. I'm a graphic designer for a web developer and I don't have a lot of experience with wirting strait code AND my programmer is on vacation and maybe you all can help.

I'm adding a basic email form to a clents site and they want a drop down box with a list of employee names that customers can choose to contact through the form. Based on what name a customer chooses, the form will be sent to the appropriate persons email address. Here's the form I'm using. It's just about as basic as you can get but I need to know how to add this multiple recipients drop down list.

<form action="http://www.example.com/cgi-bin/public_mail.pl" method="post">
<input type="hidden" name="recipient" value="youremail@example.com" >
<input type="hidden" name="subject" value="Customer Feedback Form">
What kind of comment would you like to send?</strong><br>
<input type="radio" name="MessageType" value="Problem">Problem
<input type="radio" checked name="MessageType" value="Suggestion">Suggestion
<input type="radio" name="MessageType" value="Praise">Praise<P>
What about us do you want to comment on?<br>
<select name="Subject" size="1">
<option selected>Web Site</option>
<option>Company</option>
<option value="Services">Services</option>
<option>Employee</option>
<option>(Other)</option></select>
Other: <input type="text" size="26" maxlength="256" name="SubjectOther"><P>
Enter your comments in the space provided below:<br>
<textarea name="Comments" rows="5" cols="42"></textarea><P>
Tell us how to get in touch with you:<br>
Name<input type="text" size="35" maxlength="256" name="realname"><br>
E-mail<input type="text" size="35" maxlength="256" name="UserEmail"><br>
Telephone<input type="text" size="35" maxlength="256" name="UserTel"><br>
FAX<input type="text" size="35" maxlength="256" name="UserFAX"><P>
<input type="checkbox" name="ContactRequested" value="ContactRequested">
Please contact me as soon as possible regarding this matter.<P>
<input type="submit" value="Submit Comments">
<input type="reset" value="Clear Form"></p>

Can anyone please help?

Thanks - Dead London

[edited by: encyclo at 7:52 pm (utc) on Jan. 19, 2006]
[edit reason] switched to example.com [/edit]

 

BetterSEO

5+ Year Member



 
Msg#: 11626 posted 3:26 pm on Jan 19, 2006 (gmt 0)

Try taking out the

<input type="hidden" name="recipient" value="youremail@example.com">

and replacing it with:

<select name="recipient" size="1">
<option value="bill@example.com" selected>Bill</option>
<option value="sally@example.com">Sally</option>
<option value="john@example.com">John</option>
<option value="sue@example.com">Sue</option>
<option value="andy@example.com">Andy</option>
</select>

Note that this does still leave your e-mail addresses exposed to spam bots. See if your mail script will let you hide the addresses on the page and only have them in the code. The page would then look something like:

<select name="recipient" size="1">
<option value="1" selected>Bill</option>
<option value="2">Sue</option>
<option value="3">Sally</option>
<option value="4">John</option>
<option value="5">Andy</option>
</select>

Then if someone sent mail to Bill, the script would know that option 1 was really bill@example.com

Dead_London

5+ Year Member



 
Msg#: 11626 posted 3:31 pm on Jan 19, 2006 (gmt 0)

Excellent, I understand what you mean. I will give this a try and then post back with me results. Thanks for you help. DL

monkeythumpa

10+ Year Member



 
Msg#: 11626 posted 6:18 pm on Jan 19, 2006 (gmt 0)

If you have any control over the mail addresses, try setting up an address that will forward to the multiple recipients. This can be done with fowarders to filters. I have a filter that says "Whenever mail comes to ExecutiveBoard@myclub.com send this email to bill@myclub.com, tom@myclub.com, and james@myclub.com". That way you can still send to one email address from the form but it will be delivered into three (or more) boxes.

kaled

WebmasterWorld Senior Member kaled us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 11626 posted 6:48 pm on Jan 19, 2006 (gmt 0)

WARNING
If your mail script allows you to specify recipients in the form, it may be open to abuse by spammers (unless recipients are restricted to a single domain).

Kaled.

Dead_London

5+ Year Member



 
Msg#: 11626 posted 4:30 pm on Jan 23, 2006 (gmt 0)

Thanks again, everyone! It worked like a charm.

Now, the customer just through me a curve ball and asked for custom made buttons on the mail form. So, I came up with some buttons in PhotoShop that they would like to use. The only problem is that how in the world do I add them to the form and make them work correctly? I'm sure it has some to do with adding an image source to the submit button tag but everything I've tried hasn't worked. Any ideas? I can't wait for my programmer to get back from vacation! DL

Jon_King

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 11626 posted 5:36 pm on Jan 23, 2006 (gmt 0)

Replace
<input type="submit" value="Submit Comments">
with
<input type="image" src="yourimage url" width="yourimagewidth" height="yourimageheight">

Dead_London

5+ Year Member



 
Msg#: 11626 posted 5:58 pm on Jan 23, 2006 (gmt 0)

Again, it worked like a charm. Many many thanks to you all! Great forums:) DL

gkornbluth

5+ Year Member



 
Msg#: 11626 posted 2:47 am on Jan 29, 2006 (gmt 0)

Thanks to you all, I found this post extremely helpful.

I'm kind of a newbie at this.

How would I modify the above code to allow the identical form generated e-mail to be sent to multiple recipients selected by checkboxes. Could you also touch on this implementation with spambot protection?

Thanks,

Jerry Kornbluth

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 11626 posted 9:36 am on Jan 29, 2006 (gmt 0)

Short answer: Per kaled's comment - there is no way to avoid spam bots from picking up the addresses, really, not without editing the backend script. (You can do some things with Javascript, but it's still not solid for the truly motivated.)

Longer answer: This form is posted to

<form action="http://www.example.com/cgi-bin/public_mail.pl" method="post">

So in public_mail.pl you would have to make some changes. The exact details are beyond the scope of this thread (because we don't have the code,) but it would be something like this:

1. Instead of having email addresses on the page, you would establish a key-value, beginning at the form, and REMOVE THE EMAIL ADDRESSES:

<input type="checkbox" name="mailto1" value="1"> John Doe
<input type="checkbox" name="mailto2" value="2"> Mary Doe

2. Then in the .pl script you would have an association wih those values: ie., 1=johnnyd@example.com, 2=maryd@example.com, etc. This could easily be done by having an array list - since arrays are zero-based (first item in list is in position 0, second item position 1, etc.,) the first index is the perfect place for the DEFAULT email.

@valid_emails=('generalinfo@example.com','johnnyd@example.com','maryd@example.com');

3. In the perl script, cycle through this list and send the mails only if the form data for that email is defined. If the box is NOT checked, in perl for the web it's not DEFINED:

for $i (0..$#valid_emails) {
# this creates "mailto1, "mailto2", etc. - our named checkboxes
$form_object = 'mailto' . $i;
if (($i == 0) ($form_data{$form_object})) {
&send_email($valid_emails[$i]);
}
}

Don't want an address that all emails go to? Begin at 1:
for $i (1..$#valid_emails) { ....

Additionally, this method could be applied to the original example with a drop-down list or even a multiple-select box.

That is one small step toward security that removes the email addresses from the page. But it would require a working knowledge of perl to tweak the server-side script.

This also does a much larger and more significant improvement to security. If the recipient is in a hidden field, this tells a spammer that the backend script is accepting form input for the email address. You may think, "well they can only select it from the form, they can't change the adress," but this is not true. If I enter the following from the command line:

curl 'http://www.example.com/cgi-bin/public_mail.pl?recipient=spam@example.com,bulkemail@example.com'

I can send my spam list to this script without ever visiting the form. this is a simplified version of the problem, for it's really much worse than that.

The above method is one of the many ways to insure your programs only send to specified addresses, but you must also screen the input data as well - spammers can abuse **ANY** form field to hack a mailer script.

I'd better stop there. :-)

gkornbluth

5+ Year Member



 
Msg#: 11626 posted 12:09 pm on Jan 29, 2006 (gmt 0)

Wow...

Thanks for the time and effort that you spent on this. I really appreciate it and will try to implement your suggestions.

This forum is a "find"

Thank you all!

milanmk

5+ Year Member



 
Msg#: 11626 posted 4:35 am on Feb 18, 2006 (gmt 0)

http://www.example.com/cgi-bin/public_mail.pl?recipient=spam@example.com,bulkemail@example.com

One more safeguard you can add in server side script to minimize this type of attatcks, although as rocknbil said, its not 100% hack proof.

First add method="POST" to your form and then add following sub to your formmail.cgi script.

&checkspam;
sub checkspam {
my $hostpage = 'http://www.example.com/contact.htm';
if ($ENV{'REQUEST_METHOD'} eq 'GET') { print "Location: $hostpage\n\n"; exit; }
}

Everytime it checks for a GET request and redirect it to the HTML page, hence blocking such type of direct requests.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / HTML
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved