28 Jan
2011
28 Jan
'11
5:55 p.m.
Formmail, may not be a formal term, takes the inputs in the html form and email
the contents to some people.
Here is a quick sample I found on the Web....
<?php
/* PHP Form Mailer - easy, secure form mail:
phpFormMailer v2.6
last updated 2nd Dec 2009 - check back often for updates!
(easy to use and more secure than many cgi form mailers) FREE from:
www.TheDemoSite.co.uk
Should work fine on most Unix/Linux platforms
for a Windows version see: asp.thedemosite.co.uk
*/
// ------- three variables you MUST change below
-------------------------------------------------------
$replyemail="you@your--domain"; //change to your email address
$valid_ref1="http://thedemosite.co.uk/contact.html"; //chamge to your domain
name
$valid_ref2="http://www.thedemosite.co.uk/contact.html"; //chamge to your domain
name
// -------- No changes required below here
-------------------------------------------------------------
//
// email variable not set - load $valid_ref1 page
if (!isset($_POST['email']))
{
echo "<script language=\"JavaScript\"><!--\n ";
echo "top.location.href = \"$valid_ref1\"; \n//
--></script>";
exit;
}
$ref_page=$_SERVER["HTTP_REFERER"];
$valid_referrer=0;
if($ref_page==$valid_ref1) $valid_referrer=1;
elseif($ref_page==$valid_ref2) $valid_referrer=1;
if((!$valid_referrer) OR ($_POST["block_spam_bots"]!=12))//you can change this
but remember to change it in the contact form too
{
echo '<h2>ERROR - not sent.';
if (file_exists("debug.flag")) echo '<hr>"$valid_ref1" and
"$valid_ref2" are incorrect within the file:<br>
contact_process.php <br><br>On your
system these should be set to: <blockquote>
$valid_ref1="'.str_replace("www.","",$ref_page).'";
<br>
$valid_ref2="'.$ref_page.'";
</blockquote></h2>Copy and paste the two lines above
into the file:
contact_process.php <br> (replacing the existing variables and settings)';
exit;
}
//check user input for possible header injection attempts!
function is_forbidden($str,$check_all_patterns = true)
{
$patterns[0] = '/content-type:/';
$patterns[1] = '/mime-version/';
$patterns[2] = '/multipart/';
$patterns[3] = '/Content-Transfer-Encoding/';
$patterns[4] = '/to:/';
$patterns[5] = '/cc:/';
$patterns[6] = '/bcc:/';
$forbidden = 0;
for ($i=0; $i<count($patterns); $i++)
{
$forbidden = preg_match($patterns[$i], strtolower($str));
if ($forbidden) break;
}
//check for line breaks if checking all patterns
if ($check_all_patterns AND !$forbidden) $forbidden =
preg_match("/(%0a|%0d|\\n+|\\r+)/i", $str);
if ($forbidden)
{
echo "<font color=red><center><h3>STOP! Message not
sent.</font></h3><br><b>
The text you entered is forbidden, it includes one or more of the following:
<br><textarea rows=9 cols=25>";
foreach ($patterns as $key => $value) echo
trim($value,"/")."\n";
echo "\\n\n\\r</textarea><br>Click back on your browser, remove the
above characters and try again.
</b><br><br><br><br>Thankfully protected by
phpFormMailer freely available from:
http://thedemosite.co.uk/phpformmailer/\">http://thedemosite.co.uk/…mailer/";
exit();
}
}
foreach ($_REQUEST as $key => $value) //check all input
{
if ($key == "themessage") is_forbidden($value, false); //check input except for
line breaks
else is_forbidden($value);//check all
}
$name = $_POST["name"];
$email = $_POST["email"];
$thesubject = $_POST["thesubject"];
$themessage = $_POST["themessage"];
$success_sent_msg='<p
align="center"><strong> </strong></p>
<p align="center"><strong>Your message has been
successfully sent to us<br>
</strong> and we will reply as soon as possible.</p>
<p align="center">A copy of your query has been sent to
you.</p>
<p align="center">Thank you for contacting
us.</p>';
$replymessage = "Hi $name
Thank you for your email.
We will endeavour to reply to you shortly.
Please DO NOT reply to this email.
Below is a copy of the message you submitted:
--------------------------------------------------
Subject: $thesubject
Query:
$themessage
--------------------------------------------------
Thank you";
$themessage = "name: $name \nQuery: $themessage";
mail("$replyemail",
"$thesubject",
"$themessage",
"From: $email\nReply-To: $email");
mail("$email",
"Receipt: $thesubject",
"$replymessage",
"From: $replyemail\nReply-To: $replyemail");
echo $success_sent_msg;
/*
PHP Form Mailer - phpFormMailer (easy to use and more secure than many cgi form
mailers)
FREE from:
www.TheDemoSite.co.uk */
?>
________________________________
From: Vincent Massol <vincent(a)massol.net>
To: XWiki Users <users(a)xwiki.org>
Sent: Fri, January 28, 2011 11:06:56 AM
Subject: Re: [xwiki-users] using PHP on Xwiki farm?
On Jan 28, 2011, at 12:57 PM, Weihsing Wang wrote:
Hi, Vincent,
Thanks for the answer.
I am interested in formmail function using PHP, is there a proper and safe
solution on XWiki already?
No idea what formmail does.
Thanks
-Vincent
________________________________
From: Vincent Massol <vincent(a)massol.net>
To: XWiki Users <users(a)xwiki.org>
Sent: Fri, January 28, 2011 1:33:44 AM
Subject: Re: [xwiki-users] using PHP on Xwiki farm?
Hi Weihsing,
On Jan 28, 2011, at 2:00 AM, Weihsing Wang wrote:
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
Hi, Vincent,
How to set up PHP on XWiki farm? Not my own server. Is it possible?
Wei-hsing Wang
Since you asked for a wiki on myxwiki.org I guess the question is whether you
can use it on that farm. The answer is no. The reason is that we're not
allowing
users to use script macros such as PHP, jython, ruby and groovy. Only the
Velocity macro is made available. The reason is that those script macros are
very powerful and anyone could easily break the security of the farm or do
dangerous things (like wipe all data on the server's hard disk for example).
Thus we've not giving programming rights to users on the myxwiki farm.
In the future we'll be working on defining a way to be able to restrict what
you
can with programming languages so that only edit rights would be necessary to
use them in a "sandbox mode" but we're not there yet.
Right now the only way for you to use the PHP macro is by installing XWiki
Enterprise or XWiki Enterprise Manager on your own machines (and thus have
programming rights).
Sorry about that.
Thanks
-Vincent
> _______________________________
> From: Vincent Massol <vincent(a)massol.net>
> To: XWiki Users <users(a)xwiki.org>
> Sent: Mon, January 24, 2011 1:26:51 PM
> Subject: Re: [xwiki-users] using PHP on Xwiki farm?
>
> Hi,
>
> On Jan 24, 2011, at 5:34 PM, Weihsing Wang wrote:
>
>> The "php" macro is not in the list of registered macros.
>> Verify the spelling or contact your administrator.
>> How to use PHP on XWiki farm site?
>
> The PHP macro is not bundled by default.
>
> To use it see:
> http://extensions.xwiki.org/xwiki/bin/view/Extension/PHP+Macro
>
> Thanks
> -Vincent