Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.php > #1120 > unrolled thread

My contact form is not emailed to me

Back to article view | Back to comp.lang.php

Contents

  My contact form is not emailed to me nathanir <rajeshn923@gmail.com> - 2011-04-16 00:36 -0700
    Re: My contact form is not emailed to me Jerry Stuckle <jstucklex@attglobal.net> - 2011-04-16 10:04 -0400
      Re: My contact form is not emailed to me nathanir <rajeshn923@gmail.com> - 2011-04-16 07:36 -0700
        Re: My contact form is not emailed to me Jerry Stuckle <jstucklex@attglobal.net> - 2011-04-16 16:11 -0400
        Re: My contact form is not emailed to me "P E Schoen" <paul@pstech-inc.com> - 2011-04-16 16:25 -0400
          Re: My contact form is not emailed to me Jerry Stuckle <jstucklex@attglobal.net> - 2011-04-16 17:40 -0400
            Re: My contact form is not emailed to me nathanir <rajeshn923@gmail.com> - 2011-04-17 10:27 -0700
              Re: My contact form is not emailed to me "MG" <nospam@nospam.com> - 2011-04-17 21:58 +0200
                Re: My contact form is not emailed to me Jerry Stuckle <jstucklex@attglobal.net> - 2011-04-17 16:39 -0400
                  Re: My contact form is not emailed to me "P E Schoen" <paul@pstech-inc.com> - 2011-04-18 22:30 -0400
                    Re: My contact form is not emailed to me Jerry Stuckle <jstucklex@attglobal.net> - 2011-04-18 22:58 -0400
                      Re: My contact form is not emailed to me "P E Schoen" <paul@pstech-inc.com> - 2011-04-19 00:33 -0400
                        Re: My contact form is not emailed to me Jerry Stuckle <jstucklex@attglobal.net> - 2011-04-19 06:29 -0400
                          Re: My contact form is not emailed to me "P E Schoen" <paul@pstech-inc.com> - 2011-04-20 13:46 -0400
                            Re: My contact form is not emailed to me The Natural Philosopher <tnp@invalid.invalid> - 2011-04-20 18:51 +0100
                              Re: My contact form is not emailed to me "P E Schoen" <paul@pstech-inc.com> - 2011-04-20 16:41 -0400
                                Re: My contact form is not emailed to me Jerry Stuckle <jstucklex@attglobal.net> - 2011-04-20 16:59 -0400
                            Re: My contact form is not emailed to me Jerry Stuckle <jstucklex@attglobal.net> - 2011-04-20 16:55 -0400
                              Re: My contact form is not emailed to me "P E Schoen" <paul@pstech-inc.com> - 2011-04-20 19:58 -0400
                                Re: My contact form is not emailed to me Jerry Stuckle <jstucklex@attglobal.net> - 2011-04-20 23:44 -0400
                                  Re: My contact form is not emailed to me "P E Schoen" <paul@pstech-inc.com> - 2011-04-21 04:04 -0400
                                    Re: My contact form is not emailed to me Jerry Stuckle <jstucklex@attglobal.net> - 2011-04-21 06:29 -0400
                                  Re: My contact form is not emailed to me "P E Schoen" <paul@pstech-inc.com> - 2011-04-21 04:31 -0400
                                    Re: My contact form is not emailed to me Jerry Stuckle <jstucklex@attglobal.net> - 2011-04-21 06:32 -0400
                                Re: My contact form is not emailed to me crankypuss <no@email.thanks> - 2011-04-21 04:37 -0600
                                  Re: My contact form is not emailed to me "P E Schoen" <paul@pstech-inc.com> - 2011-04-21 13:42 -0400
                                    Re: My contact form is not emailed to me "Mr. B-o-B" <mr.chew.baka@gmail.com> - 2011-04-21 15:21 -0500
                                    Re: My contact form is not emailed to me Jerry Stuckle <jstucklex@attglobal.net> - 2011-04-21 20:04 -0400
                                      Re: My contact form is not emailed to me "P E Schoen" <paul@pstech-inc.com> - 2011-04-22 00:45 -0400
                                        Re: My contact form is not emailed to me The Natural Philosopher <tnp@invalid.invalid> - 2011-04-22 11:07 +0100
                                        Re: My contact form is not emailed to me Jerry Stuckle <jstucklex@attglobal.net> - 2011-04-22 07:07 -0400
                                          Re: My contact form is not emailed to me "P E Schoen" <paul@pstech-inc.com> - 2011-04-22 15:28 -0400
                                            Re: My contact form is not emailed to me "P E Schoen" <paul@pstech-inc.com> - 2011-04-23 04:32 -0400
                                      Re: My contact form is not emailed to me "Peter H. Coffin" <hellsop@ninehells.com> - 2011-04-22 08:23 -0500

Page 2 of 2 — ← Prev page 1 [2]

#1252

"Jerry Stuckle"  wrote in message news:ioo965$qfj$1@dont-email.me...

> Subject does not require an "authorized name".  It an easily be
> used for injection.

Here is how I perform the authentication of the name and email, and the 
password:

if ( !array_key_exists( strtolower( $in['Full_Name'] ), $Passcodes ) )
    { HTMLdie("Incorrect Full Name " . htmlspecialchars($in['Full_Name']), 
"Authentication failed\n"); }
if ( !($Passcodes[ strtolower( $in['Full_Name'] ) ] == 
(strtolower($in['Email']) ) ) )
    { HTMLdie("Incorrect Email " . $in['Email'], "Authentication 
failed\n");}
if ( !($in['Reference'] == "My Secret Password") ){
    HTMLdie("Incorrect Entry", "Authentication failed\n"); }

> Hackers often look for sites like yours they can use to spread their
> spam - because they are typically the least secure due to attitudes
> like yours.

What attitude? I'm just asking specifically how my site is not (at least 
reasonably) secure.

> As I said - your subject line is still open to hacking.

I understand that may be the case if the user is permitted to enter anything 
for the subject line. But that is not the case. My subject line is formed as 
follows:

$subject = "Form data from {$in['Full_Name']}";

I really don't see how anything malicious can be added to that. The 
$in['Full_Name'] variable has been authenticated, and it cannot be anything 
other than the hard coded keys of the $Passcodes array.  I'm trying to 
understand this, and if you could explain how this can be hacked it will be 
very helpful to me and possibly others. Otherwise I think you are just 
making some general assumptions or trying to scare me and other beginners 
away from writing PHP scripts, and possibly paying for your services or 
those of other professionals.

> Others have tried to point you in the right direction, but you seem
> to be uninterested in learning the necessary skills to create a
> secure website.

I am trying to learn those techniques, but without an explanation for how my 
script can be hacked, I don't know how to proceed.

> And it really isn't that hard for hackers to guess userids and
> passwords - even easier if they can intercept your non-secure
> logins.

That may be, but in that case the hacker would only be able to send emails 
to me with garbage or malicious content in the body, and that will have been 
"purified" to acceptable HTML, so I doubt that it will contain anything 
truly dangerous. However, I suppose I should enforce a limit to the size of 
the content.

Paul 

[toc] | [prev] | [next] | [standalone]

#1254

On 4/21/2011 4:04 AM, P E Schoen wrote:
> "Jerry Stuckle" wrote in message news:ioo965$qfj$1@dont-email.me...
>
>> Subject does not require an "authorized name". It an easily be
>> used for injection.
>
> Here is how I perform the authentication of the name and email, and the
> password:
>
> if ( !array_key_exists( strtolower( $in['Full_Name'] ), $Passcodes ) )
> { HTMLdie("Incorrect Full Name " . htmlspecialchars($in['Full_Name']),
> "Authentication failed\n"); }
> if ( !($Passcodes[ strtolower( $in['Full_Name'] ) ] ==
> (strtolower($in['Email']) ) ) )
> { HTMLdie("Incorrect Email " . $in['Email'], "Authentication failed\n");}
> if ( !($in['Reference'] == "My Secret Password") ){
> HTMLdie("Incorrect Entry", "Authentication failed\n"); }
>
>> Hackers often look for sites like yours they can use to spread their
>> spam - because they are typically the least secure due to attitudes
>> like yours.
>
> What attitude? I'm just asking specifically how my site is not (at least
> reasonably) secure.
>
>> As I said - your subject line is still open to hacking.
>
> I understand that may be the case if the user is permitted to enter
> anything for the subject line. But that is not the case. My subject line
> is formed as follows:
>
> $subject = "Form data from {$in['Full_Name']}";
>

So you're saying your subject can only be one of a few names from a 
list?  What if I want to send an email with the subject "Party for Jean 
on Friday"?  So they can't easily find the email in their list of saved 
emails?

It would mean your subject line can't be hacked - but how 
user-unfriendly can you get?

> I really don't see how anything malicious can be added to that. The
> $in['Full_Name'] variable has been authenticated, and it cannot be
> anything other than the hard coded keys of the $Passcodes array. I'm
> trying to understand this, and if you could explain how this can be
> hacked it will be very helpful to me and possibly others. Otherwise I
> think you are just making some general assumptions or trying to scare me
> and other beginners away from writing PHP scripts, and possibly paying
> for your services or those of other professionals.
>
>> Others have tried to point you in the right direction, but you seem
>> to be uninterested in learning the necessary skills to create a
>> secure website.
>
> I am trying to learn those techniques, but without an explanation for
> how my script can be hacked, I don't know how to proceed.
>

I and others have tried to steer you the right direction, but rather 
than try to learn and understand, you just argue and make excuses ("it's 
a small site", "only a few people will use it", etc.).

>> And it really isn't that hard for hackers to guess userids and
>> passwords - even easier if they can intercept your non-secure
>> logins.
>
> That may be, but in that case the hacker would only be able to send
> emails to me with garbage or malicious content in the body, and that
> will have been "purified" to acceptable HTML, so I doubt that it will
> contain anything truly dangerous. However, I suppose I should enforce a
> limit to the size of the content.
>
> Paul

Whatever.



-- 
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[toc] | [prev] | [next] | [standalone]

#1253

"Jerry Stuckle"  wrote in message news:ioo965$qfj$1@dont-email.me...

> Others have tried to point you in the right direction, but you seem
> to be uninterested in learning the necessary skills to create a
> secure website.

OK, I searched for a secure PHP mailer and this appears to be one, but 
there's no way I can evaluate a script with almost 2000 lines of code and 
comments, and I don't know enough to do so anyway. This is a general purpose 
script with many customization options, and I think the security part is 
only a couple hundred lines. Perhaps it would be useful to analyze this 
script to see if it is truly secure, and if not, where the vulnerabilities 
are:

http://www.dagondesign.com/articles/secure-php-form-mailer-script/

Thanks,

Paul 

[toc] | [prev] | [next] | [standalone]

#1256

On 4/21/2011 4:31 AM, P E Schoen wrote:
> "Jerry Stuckle" wrote in message news:ioo965$qfj$1@dont-email.me...
>
>> Others have tried to point you in the right direction, but you seem
>> to be uninterested in learning the necessary skills to create a
>> secure website.
>
> OK, I searched for a secure PHP mailer and this appears to be one, but
> there's no way I can evaluate a script with almost 2000 lines of code
> and comments, and I don't know enough to do so anyway. This is a general
> purpose script with many customization options, and I think the security
> part is only a couple hundred lines. Perhaps it would be useful to
> analyze this script to see if it is truly secure, and if not, where the
> vulnerabilities are:
>
> http://www.dagondesign.com/articles/secure-php-form-mailer-script/
>
> Thanks,
>
> Paul

If you want someone to analyze a script and tell you if it's really 
secure, I would suggest you get out your checkbook.  People aren't going 
to do it for you for free.

I and others have tried to help you here, but it's a waste of time. 
I've got better things to so.  Good luck.

-- 
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[toc] | [prev] | [next] | [standalone]

#1257

"P E Schoen" <paul@pstech-inc.com> wrote:

>I still don't think anyone would be that much 
>interested in hacking this site.

There are people out there who will swerve to run over a cat just
because they can, why spend any more time in the middle of the road
than you have to?

-- 
no aluminum siding offers today

[toc] | [prev] | [next] | [standalone]

#1261

"crankypuss"  wrote in message 
news:p810r6d6kaa5b6mhqo98f8d53qgno7neh9@4ax.com...

> "P E Schoen" <paul@pstech-inc.com> wrote:

>> I still don't think anyone would be that much
>> interested in hacking this site.

> There are people out there who will swerve to run over a cat just
> because they can, why spend any more time in the middle of the
> road than you have to?

I agree, but most of this thread became an argument with Jerry based on his 
false assumptions, and now he agrees that the site does not have the 
vulnerability he asserted. This is a special purpose script, functioning 
only to allow a few people to add content to a database, and the email is 
only a notification to me that someone has done so. As such, the subject 
line consists only of hard coded text and a fully authenticated name. Jerry 
may say that it is user-unfriendly, but not for the purpose intended.

Certainly I have a lot to learn about security and hacking, but given the 
knowledge of what kinds of attacks are possible, I still believe my site to 
be just about as secure as is reasonable. If the data were sensitive, or if 
hacking could allow someone to use it as a spam portal, then I would 
certainly use more elaborate means to assure security.

Along with the general purpose free PHP script for a secure form mailer 
http://www.dagondesign.com/articles/secure-php-form-mailer-script/, I also 
found this form mail script which uses encryption and has a seven year 
history of security, for $99. http://www.tectite.com/formmailpage.php

There is also the issue of what is "reasonable" security. If I wanted to 
feel totally safe, I could lock myself in my house, and when I went out I 
could wear full body armor, lead shielding, and a gas mask, or I could hire 
a bodyguard. But unless the environment were far more dangerous than it is, 
taking all these precautions would be overkill and diminish my ability to 
enjoy life. The internet is a dangerous place, but for the most part there 
are safe and inexpensive ways to protect against threats without extreme 
limitation of its use and enjoyment.

I have learned a lot from this discussion, and I appreciate the helpful 
responses.

Paul 

[toc] | [prev] | [next] | [standalone]

#1262

P E Schoen cried from the depths of the abyss...

> I agree, but most of this thread became an argument with Jerry based on his 
> false assumptions

*SHOCKING* indeed.

[toc] | [prev] | [next] | [standalone]

#1264

On 4/21/2011 1:42 PM, P E Schoen wrote:
> "crankypuss" wrote in message
> news:p810r6d6kaa5b6mhqo98f8d53qgno7neh9@4ax.com...
>
>> "P E Schoen" <paul@pstech-inc.com> wrote:
>
>>> I still don't think anyone would be that much
>>> interested in hacking this site.
>
>> There are people out there who will swerve to run over a cat just
>> because they can, why spend any more time in the middle of the
>> road than you have to?
>
> I agree, but most of this thread became an argument with Jerry based on
> his false assumptions, and now he agrees that the site does not have the
> vulnerability he asserted. This is a special purpose script, functioning
> only to allow a few people to add content to a database, and the email
> is only a notification to me that someone has done so. As such, the
> subject line consists only of hard coded text and a fully authenticated
> name. Jerry may say that it is user-unfriendly, but not for the purpose
> intended.
>
> Certainly I have a lot to learn about security and hacking, but given
> the knowledge of what kinds of attacks are possible, I still believe my
> site to be just about as secure as is reasonable. If the data were
> sensitive, or if hacking could allow someone to use it as a spam portal,
> then I would certainly use more elaborate means to assure security.
>
> Along with the general purpose free PHP script for a secure form mailer
> http://www.dagondesign.com/articles/secure-php-form-mailer-script/, I
> also found this form mail script which uses encryption and has a seven
> year history of security, for $99. http://www.tectite.com/formmailpage.php
>
> There is also the issue of what is "reasonable" security. If I wanted to
> feel totally safe, I could lock myself in my house, and when I went out
> I could wear full body armor, lead shielding, and a gas mask, or I could
> hire a bodyguard. But unless the environment were far more dangerous
> than it is, taking all these precautions would be overkill and diminish
> my ability to enjoy life. The internet is a dangerous place, but for the
> most part there are safe and inexpensive ways to protect against threats
> without extreme limitation of its use and enjoyment.
>
> I have learned a lot from this discussion, and I appreciate the helpful
> responses.
>
> Paul

No, it's all about using fields *properly*.  There is a field made for 
who the message comes from - it is the From: field.

The Subject: field is for just that - the subject of the message.

Seeing someone use it as a From: field shows the person has no idea what 
he is doing - which is the case here.

Fortunately, most clients can recognize an incompetent programmer, and 
find someone who can do the job *right*.  It takes longer for some then 
others, but most figure it out, eventually.

-- 
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[toc] | [prev] | [next] | [standalone]

#1266

"Jerry Stuckle"  wrote in message news:ioqgme$js$3@dont-email.me...

> No, it's all about using fields *properly*.  There is a field made
> for who the message comes from - it is the From: field.

> The Subject: field is for just that - the subject of the message.

> Seeing someone use it as a From: field shows the person has no
> idea what he is doing - which is the case here.

Well, "thinking outside the box", I would assert that this email is actually 
being sent "from" my EventProcessor script, since it is only a confirmation 
to me that someone has used the application and entered specific information 
as outlined in the HTML form. I would also suggest that, in this case, the 
subject is appropriate, telling me that a specific person has submitted the 
form data which is detailed and formatted in the email body.

> Fortunately, most clients can recognize an incompetent programmer,
> and find someone who can do the job *right*.  It takes longer for
> some then others, but most figure it out, eventually.

If they have any complaints they are more than welcome to hire someone else 
and unload this additional work. I volunteered to be the webmaster when the 
previous one was unable to continue, and there had been some complaints 
about his inability to update the content in a timely manner. Also, the 
website was not visually appealing and the home page had a lot of outdated 
and superfluous material. From June 2010:
http://maryland.sierraclub.org/baltimore/indexold.html

I have kept the same format for now, and I added a hit counter and links to 
the event submission form and other things I have been trying:
http://maryland.sierraclub.org/baltimore/

Many of our members said they liked the form and function of this site:
http://maryland.sierraclub.org/montgomery/

However, it is rather complex and difficult for me to maintain, and some of 
the material is copyrighted, so I may have to create a simplified version. 
This was an early attempt to clone a previous version of their website:
http://www.pauleschoen.com/SCGBG/

Actually, I preferred the website design of some other MD groups, such as 
http://maryland.sierraclub.org/catoctin/. It is also similar to others, and 
seems to be derived from the MD chapter site: 
http://maryland.sierraclub.org/

The reason for the event submission form and all my efforts to implement it 
(first in Perl and then PHP) was to allow event leaders to submit material 
without my involvement. But people seemed to be unable or unwilling to use 
this, so we are still having people email content to me and I just convert 
it to HTML. And sometimes it takes a while for me to get "a round tuit", 
which means that some events have already passed by the time I update the 
site. Now some of the event leaders are using 
http://www.meetup.com/baltimoresierraclub/, and also facebook. Maybe that's 
the way to go. Our website has been getting only 10 hits a day and most of 
them are bots or other indirect accesses rather than actual people.

Maybe a better option is to do as we have done for another group: 
www.baltimoregreenforum.org. The login information has been shared with the 
dozen or so members of the planning committee so each of us can modify the 
content. I think that is a high security risk, but it was done by the 
forum's founder, so as webmaster I don't have any special privileges.

And as Paul Harvey might say, "and that is the rest of the story."

Paul 

[toc] | [prev] | [next] | [standalone]

#1270

P E Schoen wrote:
> "Jerry Stuckle"  wrote in message news:ioqgme$js$3@dont-email.me...
> 

>> Fortunately, most clients can recognize an incompetent programmer,
>> and find someone who can do the job *right*.  It takes longer for
>> some then others, but most figure it out, eventually.
>
Guess why Jerry has so much time on his hands....he has actually made a 
true statement there..

[toc] | [prev] | [next] | [standalone]

#1272

On 4/22/2011 12:45 AM, P E Schoen wrote:
> "Jerry Stuckle" wrote in message news:ioqgme$js$3@dont-email.me...
>
>> No, it's all about using fields *properly*. There is a field made
>> for who the message comes from - it is the From: field.
>
>> The Subject: field is for just that - the subject of the message.
>
>> Seeing someone use it as a From: field shows the person has no
>> idea what he is doing - which is the case here.
>
> Well, "thinking outside the box", I would assert that this email is
> actually being sent "from" my EventProcessor script, since it is only a
> confirmation to me that someone has used the application and entered
> specific information as outlined in the HTML form. I would also suggest
> that, in this case, the subject is appropriate, telling me that a
> specific person has submitted the form data which is detailed and
> formatted in the email body.
>

The appropriate field for whom it is from is the From: field.  THAT 
PERSON is the one send it - not your event processor script.  It really 
makes no difference whether they 're doing it from your script or their 
own system.

And I can just the poor person on the other end trying to find the 
"Party for Jean on Friday" message in a few hundred saved messages, all 
of them with the subject 'From: Tom Smith".

>> Fortunately, most clients can recognize an incompetent programmer,
>> and find someone who can do the job *right*. It takes longer for
>> some then others, but most figure it out, eventually.
>
> If they have any complaints they are more than welcome to hire someone
> else and unload this additional work. I volunteered to be the webmaster
> when the previous one was unable to continue, and there had been some
> complaints about his inability to update the content in a timely manner.
> Also, the website was not visually appealing and the home page had a lot
> of outdated and superfluous material. From June 2010:
> http://maryland.sierraclub.org/baltimore/indexold.html
>

It's OK- not great, but OK.

> I have kept the same format for now, and I added a hit counter and links
> to the event submission form and other things I have been trying:
> http://maryland.sierraclub.org/baltimore/
>

Hit counter - another sign of a hack "webmaster".  You can tell them 
every time.

<snip>

> Now some of the event leaders are using
> http://www.meetup.com/baltimoresierraclub/, and also facebook. Maybe
> that's the way to go. Our website has been getting only 10 hits a day
> and most of them are bots or other indirect accesses rather than actual
> people.
>
<snip>

A competent webmaster can solve a lot of problems.

> Paul


-- 
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[toc] | [prev] | [next] | [standalone]

#1274

"Jerry Stuckle"  wrote in message news:iornhj$uhi$1@dont-email.me...

> The appropriate field for whom it is from is the From: field.  THAT PERSON 
> is the one send it - not your event processor script.  It
> really makes no difference whether they 're doing it from your
> script or their own system.

> And I can just the poor person on the other end trying to find the "Party 
> for Jean on Friday" message in a few hundred saved messages,
> all of them with the subject 'From: Tom Smith".

Well, that would be me, and I would rather have the automated replies 
grouped together by subject so I can just sort in that criterion. I just did 
so and it shows all of them. And since January 1 there is a grand total of 
32 messages, of which by far most were sent by me for testing. In fact, I 
think only one was actually entered by an event sponsor, and that was 
January 15.

As I've tried to explain, the purpose of this script is not an emailer for 
others to use, but rather only a notification to me that someone has 
accessed the script and posted information to the website. I want this to be 
totally separate from regular emails from those who may use it. I get many 
more such emails than those produced by the script.

>> http://maryland.sierraclub.org/baltimore/indexold.html

> It's OK- not great, but OK.

That website was an example of what other members had complained about. 
Actually, there were older versions that had, on the main page, a long list 
of previous meetings and summaries of the minutes, which was essentially 
only useful as an archive. I think the only reason you said this was "OK", 
was that it was at that time maintained by someone other than myself. I am 
sure he is more skilled than I am, but people would rather deal with someone 
of my skill level who can usually update content in a few days, rather than 
two months as was previously the norm.

>> http://maryland.sierraclub.org/baltimore/

> Hit counter - another sign of a hack "webmaster".  You can tell
> them every time.

Before I added the hit counter, we had no idea how much traffic the website 
was getting. There are more accurate and detailed methods, but the simple 
hit counter at least gave us some information, and it mostly showed that the 
website was very rarely used. AFAIK the hit counter gives an inflated number 
(10/day), and upon examination of the logs, I could see that the actual 
human hits numbered only a handful per day.

I found the logs for the MD chapter on the Sierra Club server, but they are 
over 100 MB per month. I know there are ways to extract the pertinent 
information, but I don't think it is really worth the effort.

> A competent webmaster can solve a lot of problems.

Except encouraging our members, and the appropriate segment of the public, 
to actually use the website. We have a few thousand members in the Greater 
Baltimore Group, but we typically only see or hear from perhaps 1% of that 
number. Many of our members, even those on the executive committee and event 
leaders, do not have or do not use the internet or email, and many of those 
who do are computer-phobic. So we could hire the greatest webmaster in the 
world, or even you, and the website could be beautifully constructed, but I 
doubt that would increase legitimate use.

I don't want to keep arguing, especially when your replies still seem to be 
based on erroneous assumptions and perhaps an ad hominem attitude toward me 
(and other newbies). I'm here to learn, and not to reject helpful advice. 
But when I determine that the advice being given is not really correct in my 
specific case, then I feel that I must clarify my intentions and reasons for 
doing things in a certain way. I hope this clears up the misconceptions and 
we can move on to other topics. I am satisfied that what I am doing is 
secure enough and fulfills the needs of our group's website.

Thanks,

Paul

[toc] | [prev] | [next] | [standalone]

#1277

I just tried a couple of things with my notification script, with 
interesting results. First, I changed the "From" header to "Event Processor 
used by $Sender", where $sender was guest@example.com, and the email I 
received showed in the "From" field:

Event Processor used by guest@example.com

Then I tried using just "Event Processor" as the "From" header, and I used 
for the Subject line: "Form Data from {$in['Full_Name]} ({$in['Email'])}", 
and the email I received showed  in the "From" field:

paul_@_peschoen.com    (underscores added)

Finally I used $in['Email'] for "From", and the email I received showed  in 
the "From" field:

guest@example.com

Apparently the mailer checks for a somewhat valid email address and uses a 
default if it rejects it.

Paul 

[toc] | [prev] | [next] | [standalone]

#1273

On Thu, 21 Apr 2011 20:04:29 -0400, Jerry Stuckle wrote:
> Fortunately, most clients can recognize an incompetent programmer, and 
> find someone who can do the job *right*.  It takes longer for some then 
> others, but most figure it out, eventually.

*chuckle* It'd be nice if it didn't take so long. We'd have a lot less
time for USENET.

-- 
10. I will not interrogate my enemies in the inner sanctum -- a small 
   hotel well outside my borders will work just as well.
        --Peter Anspach's list of things to do as an Evil Overlord

[toc] | [prev] | [standalone]

Page 2 of 2 — ← Prev page 1 [2]

Back to top | Article view | comp.lang.php

csiph-web