Question about Forms...

Forum Moderators: mack

Message Too Old, No Replies

Question about Forms...

davewray

5:53 am on Jul 6, 2003 (gmt 0)

Hi all. On my site I am trying to set up a classified ads section. I have limited knowledge in scripts, but have found a Matt's Archive script that allows me to show various fields and then at the end it has a "submit" button. When the user presses the "submit" button the form gets emailed to an email account I have set up in Outlook. Now, my question is, how can I make it so that when the user presses the "submit" button that I get the form emailed to me AND take the user to a different page to pay for the classified? :) The way I see it I can only do one or the other...any suggestions? Remember, I'm pretty "dumb" when it comes to scripts, so please go easy! :) Thanks in advance :)

Dave.

le_gber

7:47 am on Jul 6, 2003 (gmt 0)

Hello davewray,

In Matt's script you have a different set of variables that you can set. You define them like that in your form:

The most used are: email, subject, recipient, required and redirect. And I think that they are case sensitive so don't use uppercase.

If in the form you had a filed called email, this will fill the email of the sender in the email sent. Sometimes the email software discart any mail without sender email so it's good practice to have an email filed.

The subject put the text you put in ther in the subject line of your email.
<input type="hidden" name="subject" value="enquiry from the website">

The recipient is the email address of the person that should recive the form. You can specify 2 recipient by separating the email by a coma (,)
<input type="hidden" name="recipient" value="myemail@mysite.com,mysecondemail@mysite.com">

The required field will stop the form to be sent if the field you specify as required are not filled in. It will display a error page asking to go back to the form. You separate each field name by a coma (,). These must be the same name and case as in the form itself.
<input type="hidden" name="required" value="formfield1,formfield2">

And finally the redirect bit wich is the url of the page you want your visitor to be redirected once he submitted the form. Usually you doi a ../ to get out of the cgi-bin folder and then type the name of the page. That is if Matt's script is located on the same site otherwise type the full URL.
<input type="hidden" name="redirect" value="../myredirectionpage.htm">

lukasz

3:01 pm on Jul 6, 2003 (gmt 0)

It is not a good idea to use Matt's script because it is vulnerable to spammers. Thay can use it to send spam from your site. There are other scripts avaliable which would be a better way to go. One of them is NMS script archive which is written to be a drop replacement to Matts script, meaning you only need to upload the script in place of matts script and it will work.
Although I am not good at scripts I decided to go with PHP script and I am very happy with that. If you are interested try Phorm.
PS both of the scripts I mentioned are for free.

davewray

5:48 pm on Jul 6, 2003 (gmt 0)

Thanks le_gber and lukasz!

So le_gber, if I just add that code to my page it'll work? Or do I need to save this as a cgi file? I'm only interested in sending the information to one email, so that'll be fine. If I use PayPal as a payment option and add the "pay buttons" to my site, are there any security issues I need to take into consideration? Also, lukasz, Matt's scripts are targets for spammers? What if you obfuscate your email address within the form? Doesn't that eliminate most of the spam? Thanks guys! :)

Dave.

le_gber

6:39 pm on Jul 6, 2003 (gmt 0)

if I just add that code to my page it'll work

yes

Or do I need to save this as a cgi file

no simple html is sufficient

are there any security issues I need to take into consideration

not sure about that is there a transfer of personal info? if yes - there is a security issue.

Also, lukasz, Matt's scripts are targets for spammers? What if you obfuscate your email address within the form? Doesn't that eliminate most of the spam

I think the way spammers use Matt's script is as a relay to their spammy emails. What's good with the NMS script is that you specify the domain authorised to receive the email as well as the number of authorised recipient addresses.
It also uses number in the html form instead of actual email address which save you the hassle to have some email harvester program to use your email to send you spam. You specify what number = what email in the cgi script.

Leo

davewray

3:00 am on Jul 7, 2003 (gmt 0)

Ugh, it didn't work :( I placed the cgi "hidden" code between my form tags and it's not working. Not only can I send my form without typing anything in (it doesn't prompt me to complete the fields), but after I submit it will NOT redirect me either :( Not only that, I can't get the damn form to be emailed to my address...Anyone, help?

davewray

5:17 am on Jul 7, 2003 (gmt 0)

Nevermine, I figured it out! phew...Apparently, in my complete ignorance, I forgot to upload formmail.pl to my cig-bin folder...duh! Thanks for your help guys! :)

lukasz

6:14 am on Jul 7, 2003 (gmt 0)

If you are still going with Matt script at least change the name of the script. Of course you need to change the action field in your html as well. I get daily suspitios requests from spammers to my non existing scripts. They try variation of names like:
formmail.pl formmail.cgi Formmail.pl formMail.pl FormMail.pl and so on, with various paths as well.

davewray

12:27 pm on Jul 7, 2003 (gmt 0)

Hi lukasz...I took your advice and am using the NMS script instead...thanks for the heads up! :)

ritch_b

12:43 pm on Jul 7, 2003 (gmt 0)

As an aside - the latest versions of Matt's script are pretty well patched & if you take advantage of the allowed recipients field in the script itself, the problem of spammers abusing your script isn't a problem.

Renaming the script is still a damned good idea though.