mailform question

Printable View

09-17-2008, 11:05 AM
dangrace

mailform question

Hey All,

I believe, and apologize if incorrect, it was Chris Seahorn that created this mailform example I've implemented here. I wanted a basic "email add" for fans to join my music's mailing list: see it in action

It works great, but a couple things have surfaced. I occasionally get an email saying there was an "injection attempt" using this mailform. I also get some obviously fake email adds like, [email protected] etc. Maybe it's some wisecrackers, or possibly a bug out there just searching for form inputs to screw with? I remember the mailform having a pretty solid defense implemented into it...

Any thought?

I already have a "Thanks for joining" auto response that goes out after they have added their email address. I was thinking I should turn that into a "confirm your email" response instead. Good idea?

Thanks for your help, this forum is invaluable!

-Dan
09-18-2008, 12:04 AM
blanius

If it reports Injection attempts it's most likely my code...

In either case you can form you response anyway you like, are you looking for a way to automatically require a confirmation email? How are you processing the emails now?

You will mostly need to do some PHP code. And you would be best off asking in a PHP forum.

The basic steps I would imagine would be that they enter an email addess, the main PHP code would add them to a database of emails but have the database include a field that indicates if verified... It would also send them a link to click that calls more PHP code that would then update the DB record to change the verified filed to TRUE.
09-18-2008, 11:08 AM
dangrace

Hey Bret,

I thought it was your example, I just got mixed up. Anyway, like I said it works great. The way I collect the email adds is very grass roots at the moment :). I have the script send their email add to my email address for www.danceuponnothing.com and I just put them in a folder. No php automation going on. I think I will set up the auto response they get from your code to ask that they reply so as to confirm their email. Maybe down the road I'll research your php suggestion.

As long as the "injection attempts" are not malicious software that eventually could find a way into my server to set up some email hijacking I'm fine with it.

Thanks for the clarification and help, Bret!

-Dan
09-18-2008, 12:14 PM
blanius

The injecton attempt message is just a warning that a spammer "tried" to use your form to send spam via your mail server. It should indicate that they put what are called "headers" in the mail form to try to send out other email commands, but the PHP code caught it and didn't process the email AT ALL.... SO it really is a good message, Just be concerned it you see this ALOT that might indicate that someone is really trying hard to hack the mail form...
09-19-2008, 09:57 AM
Stoke Laurie

http://www.thewebshopfactory.co.uk/blog/?p=37 here is a free example of an e-mail form which generates an auto-response.