Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    New to the CF scene
    Join Date
    Dec 2009
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Send copy of forms content to a seperate email

    Hi,

    I want to send a copy of a forms content to my own email address, preferably not by mailto:.

    How can I achieve this?

    The beginning and the end of my form is as follows:

    <form action="%self%" method="post">
    <input type="hidden" name="a" value="modify2">
    <input type="hidden" name="input_username" value="%input_username%">
    <input type="hidden" name="input_login_password" value="%input_login_password%">

    ......................................
    Various form html etc......
    .....................................

    <input type="submit" name="update_account" value="Update Account">
    </form>

    Can anyone help?

    Many thanks,

    Gary

  • #2
    Super Moderator
    Join Date
    May 2005
    Location
    Southern tip of Silicon Valley
    Posts
    2,838
    Thanks
    2
    Thanked 160 Times in 155 Posts
    Is this form on a tightly controlled/secured private network that is not accessible from the internet?

    If not, then I'd remove these lines.
    Code:
    <input type="hidden" name="input_username" value="%input_username%">
    <input type="hidden" name="input_login_password" value="%input_login_password%">
    Never put usernames and passwords in "hidden" form fields.

    Is your Perl script currently sending an email?
    Can you show us you Perl script so we can see how you're handling the form submission?

    Depending on your requirements, you could use the FormMail script from the NMS project.
    http://nms-cgi.sourceforge.net/scripts.shtml

  • #3
    New to the CF scene
    Join Date
    Dec 2009
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi Fishmonger,

    Many thanks for responding so quickly.

    Basically the script is from locked-area.com.
    I bought the pro version and I am ok to modify it.
    I am the admin for the programme.
    When somebody updates any of their info, I need to see the changes.
    At present it does not notify me, but just updates their info in
    their member area, like most seem to do.
    The way it works is that the password or username is never seen in the form, just with the expression %password% etc..

    The manage.cgi part of the script is attached as a zipped text file since it is slightly bigger than the allowede 50K file size.

    (let me know if you need to see other parts. You can also get the free version at locked-area.com)

    Regards

    Gary
    Attached Files Attached Files

  • #4
    Super Moderator
    Join Date
    May 2005
    Location
    Southern tip of Silicon Valley
    Posts
    2,838
    Thanks
    2
    Thanked 160 Times in 155 Posts
    The way it works is that the password or username is never seen in the form
    Do a "View Source" and surprise, there's your username and password!

    Quote from their web site:
    It has been designed to be as secure as possible
    In light of the fact that they put the username an password in the html source, I'd say they have a funny view of what is secure means.

    Is that how you received the code? No indentation on the code blocks. Not using the strict or warnings pragmas, which should be in EVERY Perl script.

    This implies that they will be using the CGI functional interface.
    Code:
    use CGI qw(:standard);
    However, they then go ahead and declare and use the OO interface.
    Code:
    $query = new CGI;
    And they are using the indirect object, which can lead to issues. It's better to do this:
    Code:
    my $query = CGI->new;
    They rolled their own template parser and built it into the main script. That's very poor design.

    I could go on, but reading it gave me a headache.

    Overall the script is very unimpressive.

  • #5
    New to the CF scene
    Join Date
    Dec 2009
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi Fishmonger,

    Sorry you lost me a few lines ago.
    My coding knowledge as you can tell is not good.

    The manage.cgi script is only used by the member whilst they modify their details. Only they will ever see the page.

    So it looks like there is no way that I can get the updated member details sent to me as an email?

    Regards,

    Gary

  • #6
    Super Moderator
    Join Date
    May 2005
    Location
    Southern tip of Silicon Valley
    Posts
    2,838
    Thanks
    2
    Thanked 160 Times in 155 Posts
    The manage.cgi script is only used by the member whilst they modify their details. Only they will ever see the page.
    The security issue comes into play when the user submits the form. The data is sent in plain text and can be seen by others. The details on how they do that are not important at this point. If you're ok with that security hole, then ok, but I wouldn't. There's a common phrase that relates to this: "Security by obscurity is no security at all".

    So it looks like there is no way that I can get the updated member details sent to me as an email?
    You certainly can get all of the form submission details emailed to you. You just need to add the required logic to the script. Because the script is so poorly written, I chose to not try to analyze it to determine where you'd need to add the required code. My first recommendation would be to see if you can get support from the people that wrote and sold that package to you. If that doesn't work, then you probably should hire someone to extend the script with your email requirment.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •