Questions answered by this recipe
Is there a way to have a wiki page process a mail form (e.g. a Contact Me form) and report status / errors back on the same wiki page?
Is there a simple way to have a mail form that blocks certain IP addresses (people who have spammed me in the past)?
Can you think of another way to do a mail form than the two previous ones in this Cookbook? (EMailForm, Mailform2)
A single page mail form with feedback
This "Contact Me" form uses a per-page configuration file (in
pmwiki/local) and the conditional markup and form markup built into PmWiki.
First, to create a "Contact Me" form in Main, use something like this example Main.ContactMe.phpΔ script, and put it in the appropriate
local directory (e.g. for a standard installation of PmWiki, it goes in
pmwiki/local). In this script, you will need to change the email address to receive the email, and you may wish to modify the feedback messages. If you are going to put the form on a page other than
Main/ContactMe, then change the name of the script file accordingly.
This script has the capability to block users from specific IP addresses from sending you emails. Defaultly, no IP addresses are blocked, you have to maintain that list within the script. To assist you, the IP address of the user is appended to the message they entered before the script sends the email to you.
Next, create a
Main/ContactMe wiki page containing something like this example Main.ContactMe.txtΔ source. Customize the introductory/explanatory text on that wiki page and you're done! You should now have a ContactMe page on your site that allows visitors to send an email to the address you specified in the
You will probably want to make sure this page is password-protected or otherwise not freely available for the world to edit. Not that there is any security risk (since all the real work is done in the
local script), just that someone could easily break your form.
The script allows the user to use standard HTML tags to format the message. However, the script disables several tags (e.g.
<img>) that could be security threats before sending the email by replacing the tags with non-HTML (so you can see what the user tried to do to you). You can easily disable HTML entirely by changing the "Content Type" setting appropriately, and then you could eliminate the lines in the script where the "dangerous" tags are disabled.
Clarification about the Subject line
The subject line for the mail message is the text assigned to the
$re variable in the PHP script. The information from the "subject" checkboxes on the input form is appended to the end of the body of the email (just after the sender's IP address), via the
If you wish to add a Subject text input to your form (in place of the checkboxes), I would strongly advise making sure the contents of that input undergo the same HTML processing that the body of the email is given (to prevent attempts by the user of the form to put "bad" or "evil" HTML content in the subject line).
Personally, I would also suggest that you use the
$lsubject variable to receive the contents of that HTML-sanitized text -- i.e. so that what the user types in as the subject only shows up at the bottom of the email message; and not among the subject lines displayed in your inbox. Other than the obvious aversion to offensive subject lines, I prefer the canned subject line so I can automatically filter the incoming "ContactMe" email into it's own special folder in Thunderbird/Outlook/etc.
03 Sep 2006 --- updated Main.ContactMe.php to enable specification of partial IP addresses to block. If the IP address in the BlackListIP array is "192.168.1." then any IP address beginning with 192.168.1. will be blocked.
TonyColley August 31, 2006, at 03:57 PM (created)
See discussion at Mailform3-Talk