Forum Moderators: coopster
Older versions of the script (1998 and 2000) had had a security hole, which was plugged in the 2002 version. I'd been using this 2002 version. In addition, I had increased the security by having the recipient e-mail addresses hard-coded into the script, rather than being held in "hidden" fields in the HTML code.
My server host has recently (and without warning) decided that this script is insecure, and says that I should replace it with a Matt Wright (emulator) script which, according to the documentation, can be set to be at least as insecure as the original Matt Wright script. I would rather not use this script.
Does anybody know of some other script that is generally regarded as "secure"? (I've never used PHP, but am willing to learn; I'm not wedded to CGI.) I would prefer something free, and would like the script to allow for variable recipients (so the visitor can designate the person or department to which the message should be routed).
Thank you.
Eliz.
look at the MAIL() function of PHP. You can make it as simple or as complicated as you want. I'm just now starting to work on a simple one myself.
John
Php is well worth spending your time learning. Took me 3 months to learn some really good basic programming.
I have all my email addresses in a Mysql Database and use php to pull out the correct email address based on an ID.
Select email from table where id = '1'
However you don't have to be dependent on a Mysql Database but it does give that little extra :)
Using POST and Mail function in Php certainly makes it more secure and easier to use.
Imagine that I have 200 advertisers now each advertiser has to have a personal contact form only php, asp and any email address instantly.
Go for it, learn php and mysql you be glad you did.
Both have advantages and disadvantages, I prefer PHP now by a nose, some will disagree. Both have "Power" in particular situations, PHP is a tad more friendly when debugging though :) For mail, PHP free scripts offer better "canned" facilities.
Longhaired Genius: PHPFormMail includes the recipient's e-mail address in the HTML code, and thus, to my understanding, is not secure.
Thank you for your time.
Eliz.
notonebit.com/projects/killbot/
In order to submit the form to the script, the user has to enter the alphanumeric characters in a graphical password. The above page says that there are "sixty million" different possible passwords, which seems like a lot for a spam-bot to have to guess each time it wants to send spam through.
Thank you.
Eliz.
[edited by: jatar_k at 5:00 pm (utc) on Mar. 2, 2004]
[edit reason] delinked [/edit]
So I would appreciate the opinions of the experienced with regard to the "Phorm" script, available at www.phorm.com/ and the "Ultimate Form Mail" script, available at surefirewebdesign.com/scripts/
Thank you.
Eliz.
