...

View Full Version : Send copy of forms content to a seperate email



vanito
12-10-2009, 12:31 PM
Hi,

I want to send a copy of a forms content to my own email address, preferably not by mailto:.

How can I achieve this?

The beginning and the end of my form is as follows:

<form action="%self%" method="post">
<input type="hidden" name="a" value="modify2">
<input type="hidden" name="input_username" value="%input_username%">
<input type="hidden" name="input_login_password" value="%input_login_password%">

......................................
Various form html etc......
.....................................

<input type="submit" name="update_account" value="Update Account">
</form>

Can anyone help?

Many thanks,

Gary

FishMonger
12-10-2009, 01:05 PM
Is this form on a tightly controlled/secured private network that is not accessible from the internet?

If not, then I'd remove these lines.

<input type="hidden" name="input_username" value="%input_username%">
<input type="hidden" name="input_login_password" value="%input_login_password%">

Never put usernames and passwords in "hidden" form fields.

Is your Perl script currently sending an email?
Can you show us you Perl script so we can see how you're handling the form submission?

Depending on your requirements, you could use the FormMail script from the NMS project.
http://nms-cgi.sourceforge.net/scripts.shtml

vanito
12-10-2009, 04:44 PM
Hi Fishmonger,

Many thanks for responding so quickly.

Basically the script is from locked-area.com.
I bought the pro version and I am ok to modify it.
I am the admin for the programme.
When somebody updates any of their info, I need to see the changes.
At present it does not notify me, but just updates their info in
their member area, like most seem to do.
The way it works is that the password or username is never seen in the form, just with the expression %password% etc..

The manage.cgi part of the script is attached as a zipped text file since it is slightly bigger than the allowede 50K file size.

(let me know if you need to see other parts. You can also get the free version at locked-area.com)

Regards

Gary

FishMonger
12-10-2009, 06:17 PM
The way it works is that the password or username is never seen in the form
Do a "View Source" and surprise, there's your username and password!

Quote from their web site:

It has been designed to be as secure as possible
In light of the fact that they put the username an password in the html source, I'd say they have a funny view of what is secure means.

Is that how you received the code? No indentation on the code blocks. Not using the strict or warnings pragmas, which should be in EVERY Perl script.

This implies that they will be using the CGI functional interface.

use CGI qw(:standard);

However, they then go ahead and declare and use the OO interface.

$query = new CGI;And they are using the indirect object, which can lead to issues. It's better to do this:

my $query = CGI->new;

They rolled their own template parser and built it into the main script. That's very poor design.

I could go on, but reading it gave me a headache.

Overall the script is very unimpressive.

vanito
12-11-2009, 04:56 PM
Hi Fishmonger,

Sorry you lost me a few lines ago.
My coding knowledge as you can tell is not good.

The manage.cgi script is only used by the member whilst they modify their details. Only they will ever see the page.

So it looks like there is no way that I can get the updated member details sent to me as an email?

Regards,

Gary

FishMonger
12-11-2009, 06:22 PM
The manage.cgi script is only used by the member whilst they modify their details. Only they will ever see the page.
The security issue comes into play when the user submits the form. The data is sent in plain text and can be seen by others. The details on how they do that are not important at this point. If you're ok with that security hole, then ok, but I wouldn't. There's a common phrase that relates to this: "Security by obscurity is no security at all".


So it looks like there is no way that I can get the updated member details sent to me as an email?
You certainly can get all of the form submission details emailed to you. You just need to add the required logic to the script. Because the script is so poorly written, I chose to not try to analyze it to determine where you'd need to add the required code. My first recommendation would be to see if you can get support from the people that wrote and sold that package to you. If that doesn't work, then you probably should hire someone to extend the script with your email requirment.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum