[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AW: [cobalt-users] [RaQ3]Formmail widely server security
- Subject: AW: [cobalt-users] [RaQ3]Formmail widely server security
- From: "CMO - Thorsten Mitschele" <mitschele@xxxxxx>
- Date: Sat Jan 26 04:37:19 2002
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
We have wrote a formmail.phpfor our customers to have only one script
running for all. it works fine:
Filename: formmail.php or formmail.phtml or what ever you want .)
<?php
/* $Id$
*
* 11.12.2001 - CMO Internet Dienstleistungen GmbH <info@xxxxxx>
*
*/
foreach($HTTP_POST_VARS as $k => $v) {
$VARS[$k] = strip_tags($v);
}
if(! $text = @file($mailaction, 1)) {
if($fail_url) {
Header("HTTP/1.1 302 Moved Temporarily");
Header("Location: " . $fail_url);
}
echo "Cannot find Mail-Template '$mailaction'<BR>\n";
return;
}
$t2 = '';
foreach($text as $tv => $t) {
foreach($VARS as $k => $v) {
if(is_array(${$k})) {
$v = implode("\n", ${$k});
}
$t = ereg_replace("\[$k\]", $v, $t);
}
$t = preg_replace("/\[.*?\]/", "", $t);
$t2 .= $t;
}
$ERROR = true;
if($mp = popen("sendmail -t", "w")) {
if(fputs($mp, $t2)) {
$ERROR = false;
}
pclose($mp);
}
if(!$ERROR) {
if($success_url) {
Header("HTTP/1.1 302 Moved Temporarily");
Header("Location: " . $success_url);
}
echo "Go to: <A HREF=\"$success_url\">$success_url</A><BR>\n";
} else {
if($fail_url) {
Header("HTTP/1.1 302 Moved Temporarily");
Header("Location: " . $fail_url);
}
echo "Go to: <A HREF=\"$fail_url\">$fail_url</A><BR>\n";
}
?>
The Form-Tag in your HTML-Form must be the following: If you have Checkboxes
the VARs must be named "something[]"
-- SNIP --
<FORM ACTION="http://host.yourserver.com/path_to_/formmail.php"; METHOD=POST>
<input type="hidden" name="mailaction"
value="http://host.ofcustomer.com/path_to/template.txt";>
<input type="hidden" name="success_url"
value="http://host.ofcustomer.com/path_to/success-page.html";>
<input type="hidden" name="fail_url"
value="host.ofcustomer.com/path_to/error-page.html">
<input type="hidden" name="subject" value="my Subject of the generated
eMail">
Your eMail: <input type="text" name="email">
Your Name: <input type="text" name="surname">
Choose Your Product:
<input type="checkbox" name="product[]" value="Product1">
<input type="checkbox" name="product[]" value="Product2">
<input type="checkbox" name="product[]" value="Product3">
<input type="submit">
</FORM>
-- SNAP --
The Template-File (template.txt in our example above) is a normal Text-File
where the names of your form is parsed and sent by email. Every VAR is set
in [ ] and will be filled with the entries the user made in the form.
Example:
-- SNIP --
From: [email]
To: me@xxxxxxxxxxxxx
Subject: [subject]
A user with its eMail-Address [email] has ordered the following Products:
[product]
His name is [surname]
-- SNAP --
Any questions? Just ask :-)
Mit freundlichen Grüßen,
Thorsten Norman Mitschele
Geschäftsführer
----------------------------------------------
CMO Internet Dienstleistungen GmbH
Postfach 13 35 72577 Dettingen / Erms
Tel: 07123 / 72 67-0 Fax: 07123 / 72 67-150
e-Mail: info@xxxxxx Web: http://www.cmo.de
> -----Ursprüngliche Nachricht-----
> Von: cobalt-users-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]Im Auftrag von Ramón Batalla
> Gesendet: Samstag, 26. Januar 2002 01:27
> An: cobalt-users LIST
> Betreff: [cobalt-users] [RaQ3]Formmail widely server security
>
>
> Is there any way of use only one formmail script for all
> users of the server without compromise the server?
>
> How-to make one general cgi-pub dir in RaQ3?
>
> TIA
> R.Batalla
> >
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
>