Re: [cobalt-users] Fix for spammers and forms

[Carrie Bartkowiak <ravencarrie@xxxxxxxx>]

When one of my clients wants formmail, I drop a custom-made PHP 
script into their directory and tell them to make their form however 
they wish and direct it to this script with the form action.

<?
$mailheaders="From: $textfield \n";
$mailheaders.="Reply-To: $textfield\n\n";
mail("username@xxxxxxxxxxxxxxxx", "$subject", 
"$visitor_input",$mailheaders);
header("Location: $redirect");
exit;
?>

In the form, the visitor's email address is defined with the field 
"textfield". The content of their email is a textarea with the field 
name "visitor_input". The page the client wants the visitor to be 
redirected to is named "redirect", the visitor can specify the 
subject with an input line of "subject". The $redirect field allows 
the client to specify where the visitor is redirected after filling 
out this form.

The receiver's address is hard-coded into the script, so it cannot be 
overridden. The client can specify other fields himself by using 
hidden input fields AFTER the input fields in the form (in case 
anyone tries to override them with a URL). Or you can hard-code any 
of the fields by simply taking out the variable and replacing with 
what you want. For example, replace "$subject" with "Form Submission 
>From Your Site".

If this makes no sense to you, you have no business using forms on 
your website.

Name the script .mail.php and use
form method=post action=.mail.php
(or .mail.php3)
I've put a dot in front of the name so that FrontPage doesn't mess 
with it, and the clients can't go in through ftp and mess with it 
either (unless they're advanced and know how to see all files in an 
ftp client).

It's simple to add error-checking to this script with some simple php 
snippets, such as if a field does not exist, return an error, or if 
the email address is not valid. 
Of course, PHP must be enabled on the site for this to work.
-- 
Carrie Bartkowiak, ravencarrie@xxxxxxxx on 07/19/2001