I just thought I would post a simple form mail script that will give people a basic idea of how PHP mail works, and along with that basic examples of if/else statements and passing query string.



<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Feedback Form</title>
</head>
<body>
<?php
if($action=="submit")
{
$tomail="you@yourdomain.com";
$subject="Subject of Email";
if (($Name == "") || ($Email == "") || ($Comments == ""))
{
echo "<form name="form" method="post" action="$PHP_SELF?action=submit">";
echo "<p>Error - Missing Fields</p>";
echo "<p>All three fields of this form are required, I really don't think that's too much to ask...</p>";
echo "<p>Fill in the ones you missed, they are listed below.</p>";
}
if ($Name == "")
{
echo "<p>Your Name<br><input type="text" name="Name"></p>";
}
else
{
echo "<input type="hidden" name="Name" value="$Name">";
}
if ($Email == "")
{
echo "<p>Your Email<br><input type="text" name="Email"></p>";
}
else
{
echo "<input type="hidden" name="Email" value="$Email">";
}
if ($Comments == "")
{
echo "<p class=bodymd>Comments or Questions<br><textarea name="Comments" rows="5" cols="40"></textarea></p>";
}
else
{
echo "<input type="hidden" name="Comments" value="$Comments">";
}
if (($Name == "") || ($Email == "") || ($Comments == ""))
{
echo "<input type="submit" name="Submit" value="Submit">";
echo "<input type="reset" name="Reset" value="Clear Form">";
echo "</form>";
}
if (($Name != "") && ($Email != "") && ($Comments != ""))
{
$message = "Name: $NamenEmail: $EmailnComments: $Commentsn";
$extra = "From: $EmailrnReply-To: $Emailrn";
mail ("$tomail", "$subject", "$message", "$extra");
echo "<p>Message Sent</p>";
echo "<p>Thank you for your inquiry, $Name.</p>";
echo "<p>A response will be sent to you at <b>$Email</b> as soon as possible.</p>";
}
}
else
{
?>
<p>Feedback Form</p>
<form name="form" method="post" action="<?php echo $PHP_SELF; ?>?action=submit">
<p>Your Name<br>
<input type="text" name="Name">
</p>
<p>Your Email<br>
<input type="text" name="Email">
</p>
<p>Comments and/or Questions<br>
<textarea name="Comments" rows="5" cols="40"></textarea>
</p>
<p>
<input type="submit" name="Submit" value="Submit">
<input type="reset" name="Reset" value="Clear Form">
</p>
</form>
<?php } ?>
</body>
</html>


Hope this helps a few folks. This forum doesn't necessarily hold all the best formatting (tabs and spaces) but it will give an idea of how PHPmail works...hopefully.

Hi Dan, I'll try that out when I have a chance.

http://www.dbmasters.net/support/news.php?...iew_story&id=26 (http://www.dbmasters.net/support/news.php?action=view_story&id=26)

thereis a much upgraded one. I guess I haven't kept this post current. The updated script has layout and format options, domain validation to prevent hijacking, validation for text fields and email fields and all kinds of other fun stuff.

What about
(1)putting the email address in a separate file so spambots can't get it,
(2)sending an auto responder to the sender

1- The email address is parsed on the server, and invisible to a bot. Unless I am mistaken, I believe 99% of the bots see the same thing a browser sees, as the files are requested and processed the same way, which is why I don't put the recipient address in a hidden field or anything cheesy like that, to protect the email address. It is a server-side variable that is invisible to the browser and bots.

2- Good idea, consider that on the "to-do" list.

Any other good ideas welcome, I am also trying to add the option of file attachments, but that is proving to be a better theory than a reality. :? I will figure it out tho.

Look for the next version in the next week or two...hopefully.

Interesting if you ever get a php script to send attachments..


Ever get automail to work??


http://www.datatrendsoftware.com/automail_lite.html


I think it needs MIME::Entity


I think some say these 'mail' things have a high degree of abuse but if they are not abused and private?

I have not had time to work on this script, but I was looking into email attachments the other day, hopefully I will get around to it soon. I have been working a lot with PHP and file handling/mime types/content-dispositions and such, so I am sure I can get it working...just not sure when...I will post it here whenever I do tho.

Until then, then link in an above post will always get you the most recent version of the script.

In reference to my post earlier, I didn't look closely enough -- or know PHP enough -- to see that the email address is indeed safely hidden from robots/spiders. I do see that now.

I didn't realize everything is on one page like that. I was still thinking in terms of CGI/Perl in which the form is on one page and the script is in another file. Looks like you put everything on the one page though. Neato!

I hear you updated it, by the way.

Another thing I've been thinking I'd like: when someone sends me an email via the form, I'd like it to go to 2 of my addresses. But when I respond to them I want the headers and such to only show the address I'm replying from and to keep my 2nd address hidden. It's probably a lot simpler than I'm making it sound.

This script has been updated again, version 3.1 of FormM@iler is now available at http://scripts.dbmasters.net/ and has SUBSTANTIAL upgrades over the simple version quoted above...

The only disturbing thing is that people can use formmailers to spam other accounts from your server. :(

Not always, it depends how the formmailer is written. I have had mine tested pretty well, and the recipients are hidden from any access other than the person that can edit the file, no hidden fields or silly stuff like that, not even spambots can get at the recipient addresses.

if anyone CAN hack mine, tell me how so I can fix it, my goal is to make this a secure formmailer, not just "another" one...

Sorry, Dan. No offense intended. I didn't mean to imply that your webmailer was exploitable.
However, someone might be able to use a XSS (cross-site-scripting)-attack exploiting the copy_tomail_field (see http://scripts.dbmasters.net/files/dbmastersviewform.php).

the copy_tomail_fields simply the form field name which gets the email by limiting the size of that field with a maxlength or other methods, it is pretty safe (thought that relies on the user. None the less, that is a good point, I am going to investigate that.

I am in no way claiming that my script (or any) are 100% fail safe, cuz the only 100% safe script is the one that is never deployed, however, I do believe mine is the safest of any I have ever used because nothing but the script itself has access to any actual email addresses, everything else is just pointers or non-critical variables.

However, like I said, I woudl LOVE for someone to break it and tell me how so I can try to make it better.

To date, this script has existed for about two years (through various versions) and Ihave not yet recieved one single report of an exploit.

Originally posted by dbmasters@Nov 10 2003, 08:08 AM
This script has been updated again, version 3.1 of FormM@iler is now available at http://scripts.dbmasters.net/ and has SUBSTANTIAL upgrades over the simple version quoted above...
Hey Dan,

Thanks for making this available.

I've not set up a PHP form mailer yet; I assume it's easy and will have to try it. And maybe by studying it I'll learn some PHP tricks from you. (still just a programming dabbler - using PHP for site template, navigation menu with 'you are here' link effects, etc.)

One of these days I'm going to install this thing and try it out.

Assuming the script is still all on one page, I'd like to alter it slightly so that I can have one page (or multiple pages) for the form(s), and then another file that contains the mailer part. That way I can have code for page layout on the main web page (separating structure from logic), and the code for the mailer in another file.

Maybe that's asking too much. If I'm only working with a couple of forms it's probably easier to customize the script for each form and include the script on the webpage like you do in the above example.

FormM@iler has been updated several times since posting this orignal topic. It now handles header and footer includes to help template to your site, file attachment(s) and more cool stuff...try it out, lots of peeps at HostPC use it I am told...

Will it do yard work and cook and clean?

And delivers a cold beer on a hot summer night :)

Alright then! I'll take one.

heck, it'll even put the beer bottle in the recycle bin for ya...

Is it OK to take one of my webpage templates (as in the example below), and stick your formmailer in the middle of it (using includes)? That way the error messages and success messages would be on my site's standard layout. I tried it and it seems to work fine, but I was wondering if this is considered an acceptable approach or poor application design. (In your example, the form submits directly to the formmailer script. What I'm asking about is, the form would submit to a webpage and the webpage would have the script included into the middle of it.)



<?php
$pagename = "/orderform/sendrequest";
$maincat = "/orderform/";
$subcat = "";
require("includes/template.part1.php");
?>
<title>Site Name - Send Request</title>
<meta name="keywords" content="" />
<meta name="description" content="" />
<?php require("includes/template.part2.php"); ?>
<!-- Page specific css and scripts start here -->


<style type="text/css">
</style>
<script type="text/JavaScript">
</script>


<!-- Page specific css and scripts end here -->
<?php require("includes/template.part3.php"); ?>
<!-- Content Begins Here -->


<div id="messages">
<?php include("formmailer.php"); ?>
</div><!-- end messages -->


<!-- Content Ends Here -->
<?php require("includes/template.part4.php"); ?>

A Buggy that you may or may not be aware of:

When an apostrophe is used in the 'Comments' field, the comments sent back in the copy email don't display the apostrophe correctly.

The copy email looks like this:

Comments: Testing to see if there\'s an introductory message.

But the primary email sent looks as it should:

Comments: Testing to see if there's an introductory message.

I can probably fix it with some experimenting, but if you give hints I won't turn them down. ;)
(nice formmailer, by the way - you did a good job making it generic.)