Mailform3

Summary: A single wiki page mail form with feedback
Version: 05 Aug 2007
Prerequisites: PmWiki 2.1.15+
Status: Stable
Maintainer: TonyColley
Categories: Forms
Discussion: Mailform3-Talk

Questions answered by this recipe

Is there a way to have a wiki page process a mail form (e.g. a Contact Me form) and report status / errors back on the same wiki page?
Is there a simple way to have a mail form that blocks certain IP addresses (people who have spammed me in the past)?
Can you think of another way to do a mail form than the two previous ones in this Cookbook? (EMailForm, Mailform2)

Description

A single page mail form with feedback

This "Contact Me" form uses a per-page configuration file (in pmwiki/local) and the conditional markup and form markup built into PmWiki.

First, to create a "Contact Me" form in Main, use something like this example Main.ContactMe.phpΔ script, and put it in the appropriate local directory (e.g. for a standard installation of PmWiki, it goes in pmwiki/local). In this script, you will need to change the email address to receive the email, and you may wish to modify the feedback messages. If you are going to put the form on a page other than Main/ContactMe, then change the name of the script file accordingly.

This script has the capability to block users from specific IP addresses from sending you emails. Defaultly, no IP addresses are blocked, you have to maintain that list within the script. To assist you, the IP address of the user is appended to the message they entered before the script sends the email to you.

Next, create a Main/ContactMe wiki page containing something like this example Main.ContactMe.txtΔ source. Customize the introductory/explanatory text on that wiki page and you're done! You should now have a ContactMe page on your site that allows visitors to send an email to the address you specified in the local/Main.ContactMe.php script.

Notes

You will probably want to make sure this page is password-protected or otherwise not freely available for the world to edit. Not that there is any security risk (since all the real work is done in the local script), just that someone could easily break your form.

The script allows the user to use standard HTML tags to format the message. However, the script disables several tags (e.g. <script>, <img>) that could be security threats before sending the email by replacing the tags with non-HTML (so you can see what the user tried to do to you). You can easily disable HTML entirely by changing the "Content Type" setting appropriately, and then you could eliminate the lines in the script where the "dangerous" tags are disabled.

Clarification about the Subject line

The subject line for the mail message is the text assigned to the $re variable in the PHP script. The information from the "subject" checkboxes on the input form is appended to the end of the body of the email (just after the sender's IP address), via the $lsubject variable.

If you wish to add a Subject text input to your form (in place of the checkboxes), I would strongly advise making sure the contents of that input undergo the same HTML processing that the body of the email is given (to prevent attempts by the user of the form to put "bad" or "evil" HTML content in the subject line).

Personally, I would also suggest that you use the $lsubject variable to receive the contents of that HTML-sanitized text -- i.e. so that what the user types in as the subject only shows up at the bottom of the email message; and not among the subject lines displayed in your inbox. Other than the obvious aversion to offensive subject lines, I prefer the canned subject line so I can automatically filter the incoming "ContactMe" email into it's own special folder in Thunderbird/Outlook/etc.

Release Notes

03 Sep 2006 --- updated Main.ContactMe.php to enable specification of partial IP addresses to block. If the IP address in the BlackListIP array is "192.168.1." then any IP address beginning with 192.168.1. will be blocked.

See Also

Contributors

TonyColley August 31, 2006, at 03:57 PM (created)

Comments

See discussion at Mailform3-Talk

User notes? : If you use, used or reviewed this recipe, you can add your name. These statistics appear in the Cookbook listings and will help newcomers browsing through the wiki.