Formmail
We offer a form-to-mail solution with a program called "Formmail."
You can set up a form like this:
and have the results sent to your DreamHost email account like this:
To do this, you just need to know a bit of HTML coding and build your form. There are a few restrictions which are:
- The receiving email must be setup on our system. Sorry but no Gmail, Hotmail, AOL, etc. emails can be used.
- The domain on which Formmail is set up must be hosted on our system.
- No file uploads are available.
Our original Formmail page can be found Here.
To start off off you will need the .cgi script that your form will use to make all of this work, The action of your form needs to point towards this script, and the method must be POST or GET in capital letters. Therefore you must have this exact HTML in your form, here is the code you will need to use
<form action="http://formmail.dreamhost.com/cgi-bin/formmail.cgi" method="POST">
NOTE: This is only for making your own HTML form that you want the contents of sent to you via e-mail, not for any other type of CGI script.
Example
Here is a very simple formmail code setup to give you an idea of how you piece this together, you can use this and modify it to what you need.
<form action="http://formmail.dreamhost.com/cgi-bin/formmail.cgi" method="POST"> <input type="hidden" name="recipient" value="email address"> <input type="hidden" name="subject" value="Your Subject line goes here"> Full Name: <input type="text" name="name" size="60" style="width: 300px"><br /> Email: <input type="text" name="email" size="60" style="width: 300px"><br /> phone: <input type="text" name="name" size="60" style="width: 300px"><br /> Comments: <textarea name="Comments" rows="8" wrap="wrap" style="width: 300px"></textarea><br /> <input type="submit" value="Send"> </form>
Important: Use "name" instead of "id" to reference form objects.
Below is a list of form fields that you can use to customize your forms and the code needed to implement them. Any other form fields that appear in your script will be mailed back to you. If you do not have the redirect field set, they will also be displayed on the resulting page. There is no limit as to how many other form fields you can use with this form.
Protecting the recipient email
The original example has several problems. Most significantly, the recipient's email address is exposed and will be assaulted by spam. There is also no way to prevent someone from attacking the form by setting up a "bot" to repeatedly send email. Someone can also modify the form and abuse it as a sort of open mail relay to send anonymous email.
Virtual private server users can probably set up a Postfix server and send their mail. For shared hosting users, this might help.
Dreamhost does allow sites to make server to server connections while processing a user's request. To hide the recipient email, set up a form that receives the HTTP POST containing all of the form elements above, except for the recipient field. The form should post to a PHP script or better yet, a real language (snark...). On recipient the post data, verify that it matches any data you want, verify the Captcha, insert the recipient field into the POSTDATA and then open a server side connection to http://formmail.dreamhost.com/cgi-bin/formmail.cgi.
Of course, people can still find ways to abuse the Dreamhost formmail script by attacking it directly, but this does add a layer of defense.
Here is an implementation sketch using Python. What you actually need to do depends on your web framework. You might also be able to have another language's framework invoke this as a script.
#!/usr/bin/env python
import urllib
import urllib2
def send_mail(postdata):
'''This function is called after receiving an HTTP POST. postdata is a dict() containing the form keys and values.'''
# What you have to do here depends on your framework, but you probably want to filter unexpected fields
ensure_postdata_is_safe(postdata)
postdata['recipient'] = 'YOUR@EMAIL.ADDRESS.COM'
# urlencode it to the expected format
urlenc = urllib.urlencode(postdata)
try:
# Have the server open a connection to formmail and send it on the client's behalf
response = urllib2.urlopen('http://formmail.dreamhost.com/cgi-bin/formmail.cgi', urlenc, timeout=250)
# If the server to server connection succeeds, let the client know
if response.code != 200: # 200 is HTTP OK
return redirect('failed to send message')
except urllib2.URLError, e:
abort(500) # That is, send an HTTP 500 to the client
return redirect('success page')
| Field: | recipient |
| Description: | RECIPIENT IS THE ONLY REQUIRED FORM FIELD This form field allows you to specify to whom you wish for your form results to be mailed. Most likely you will want to configure this option as a hidden form field with a value equal to that of your e-mail address.New: You can also set your email address to use a "#"
instead of an "@" in this field, in an attempt to foil evil spam-spiders
crawling your web page! So for example, if your email recipient is
john@doe.com, you can set the value of the recipient field to be
john#doe.com and it'll work!
|
| Syntax:</td> | <input type="hidden" name="recipient" value="email@your.host.com"> |
| Field: | subject |
| Description: | The subject field will allow you to specify the subject that you
wish to appear in the e-mail that is sent to you after this form has been filled out. If you do not have this option turned on, then the script will default to a message subject: WWW Form Submission |
| Syntax: | If you wish to choose what the subject is:
<input type="hidden" name="subject" value="Your Subject"> |
| Field: | |
| Description: | This form field will allow the user to specify their return e-mail
address. If you want to be able to return e-mail to your user, I strongly suggest that you include this form field and allow them to fill it in. This will be put into the From: field of the message you receive. If you want to require an email address with valid syntax, add this field name to the 'required' field. |
| Syntax: | <input type="text" name="email"> |
| Field: | realname |
| Description: | The realname form field will allow the user to input their real
name. This field is useful for identification purposes and will also be put into the From: line of your message header. |
| Syntax: | <input type="text" name="realname"> |
| Field: | redirect |
| Description: | If you wish to redirect the user to a different URL, rather than
having them see the default response to the fill-out form, you can use this hidden variable to send them to a pre-made HTML page. |
| Syntax: | To choose the URL they will end up at:
<input type="hidden" name="redirect" value="http://your.host.com/to/file.html"> |
| Field: | required |
| Description: | You can require for certain fields in your form to be filled in
before the user can successfully submit the form. Simply place all field
names that you want to be mandatory into this field. If the required
fields are not filled in, the user will be notified of what they need to
fill in, and a link back to the form they just submitted will be
provided. |
| Syntax: | If you want to require that they fill in the email and phone fields
in your form, so that you can reach them once you have received the mail
for example, use a syntax like: |
| Field: | env_report |
| Description: | Allows you to have Environment variables included in the e-mail
message you receive after a user has filled out your form. Useful if you
wish to know what browser they were using, what domain they were coming
from or any other attributes associated with environment variables. The
following is a list of all valid environment variables you can use with
formmail: |
| Syntax: | If you wanted to find the IP address and browser sending the
request, you would put the following into your form: |
| Field: | sort |
| Description: | This field allows you to choose the order in which you wish for your
variables to appear in the e-mail that FormMail generates. You can choose to have the field sorted alphabetically or specify a set order in which you want the fields to appear in your mail message. By leaving this field out, the order will simply default to the order in which the browsers sends the information to the script (which is usually the exact same order as they appeared in the form.) When sorting by a set order of fields, you should include the phrase "order:" as the first part of your value for the sort field, and then follow that with the field names you want to be listed in the e-mail message, separated by commas (spaces and newlines are okay). |
| Syntax: | To sort alphabetically:
<input type="hidden" name="sort" value="alphabetic"> |
| Field: | print_config |
| Description: | print_config allows you to specify which of the config variables you
would like to have printed in your e-mail message. By default, no config fields are printed to your e-mail. This is because the important form fields, like email, subject, etc. are included in the header of the message. However some users have asked for this option so they can have these fields printed in the body of the message. The config fields that you wish to have printed should be in the value attribute of your input tag separated by commas. |
| Syntax: | If you want to print the email and subject fields in the body of
your message, you would place the following form tag: |
| Field: | print_blank_fields |
| Description: | print_blank_fields allows you to request that all form fields are
printed in the return HTML, regardless of whether or not they were filled in. FormMail defaults to turning this off, so that unused form fields aren't e-mailed. |
| Syntax: | If you want to print all blank fields: <input type="hidden" name="print_blank_fields" value="1"> |
| Field: | date_offset |
| Description: | Use this field to override the local server time (Pacific) in the
emails you get from formmail. Use an offset from GMT in hours, like "4" or "-5". |
| Syntax: | If you wanted to use Eastern Standard Time: <input type="hidden" name="date_offset" value="-5"> |
| Field: | title |
| Description: | This form field allows you to specify the title and header that will appear on the resulting page if you do not specify a redirect URL. |
| Syntax: | If you wanted a title of 'Feedback Form Results': <input type="hidden" name="title" value="Feedback Form Results"> |
| Field: | return_link_url |
| Description: | This field allows you to specify a URL that will appear, as
return_link_title, on the following report page. This field will not be used if you have the redirect field set, but it is useful if you allow the user to receive the report on the following page, but want to offer them a way to get back to your main page. You must have return_link_title to go along with this! |
| Syntax: | <input type="hidden" name="return_link_url" value="http://your.host.com/main.html"> |
| Field: | return_link_title |
| Description: | This is the title that will be used to link the user back to the
page you specify with return_link_url. You must have return_link_url specified! The two fields will be shown on the resulting form page as:
|
| Syntax: | <input type="hidden" name="return_link_title" value="Back to my site."> |
| Field: | missing_fields_redirect |
| Description: | This form field allows you to specify a URL that users will be
redirected to if there are fields listed in the required form field that are not filled in. This is so you can customize an error page instead of displaying the default. |
| Syntax: | <input type="hidden" name="missing_fields_redirect" value="http://your.host.com/error.html"> |
| Field: | background |
| Description: | This form field allow you to specify a background image that will
appear if you do not have the redirect field set. This image will appear as the background to the form results page. |
| Syntax: | <input type="hidden" name="background" value="http://your.host.xxx/image.gif"> |
| Field: | bgcolor |
| Description: | This form field allow you to specify a background image that will
appear if you do not have the redirect field set. This image will appear as the background to the form results page. |
| Syntax: | For a background color of White: <input type="hidden" name="bgcolor" value="#FFFFFF"> |
| Field: | text_color |
| Description: | This field works in the same way as bgcolor, except that it will change the color of your text. |
| Syntax: | For a text color of Black: <input type="hidden" name="text_color" value="#000000"> |
| Field: | link_color |
| Description: | Changes the color of links on the resulting page. Works in the same way as text_color. Should not be defined if redirect is. |
| Syntax: | For a link color of Red: <input type="hidden" name="link_color" value="#FF0000"> |
| Field: | vlink_color |
| Description: | Changes the color of visited links on the resulting page. Works exactly the same as link_color. Should not be set if redirect is. |
| Syntax: | For a visited link color of Blue: <input type="hidden" name="vlink_color" value="#0000FF"> |
| Field: | alink_color |
| Description: | Changes the color of active links on the resulting page. Works exactly the same as link_color. Should not be set if redirect is. |
| Syntax: | For a active link color of Blue: <input type="hidden" name="alink_color" value="#0000FF"> |
