HOWTO Create a form on www.unl.edu that sends an email

A place to ask questions and get help. Be the first on your block to post ...

HOWTO Create a form on www.unl.edu that sends an email

Postby saltybeagle » Mon Aug 01, 2005 9:08 am

If you are on frontier (www.unl.edu) you can easily set up a form that will send an email to a given address by adding the following code to your form:
Code: Select all
<form name="myForm" method="post" action="http://www.unl.edu/cgi-bin/formparse">
   <input type="hidden" name="whither" value="goestothis@unl.edu">
   <input type="hidden" name="whence" value="sentfromthis@wherever.etc">
   <input type="hidden" name="subjectline" value="Subject of the email">
   <input type="hidden" name="thanksfile" value="/cwis/data/finearts/test/filetoredirectuserto.html">

/** ADD YOUR FORM FIELDS HERE **/

</form>


The formparse script on frontier will then send an email with all of the form data to the address you specify.

Be sure to replace all of the hidden form field values with the correct email addresses and other details.
Brett Bieber
Image
saltybeagle
 
Posts: 376
Joined: Fri Jan 16, 2004 3:10 pm
Location: 321 Admin

Security of forms on frontier

Postby Erin Paseka » Mon Aug 29, 2005 3:45 pm

How much can we take for granted the security of data submitted via a form on frontier and the formparse script?

I've created a "join our mailing list" form for prospective graduate students. It's relatively short but still collects a significant amount of personal information. It's on frontier, not yet linked from anywhere.

The form content doesn't demand credit-card-safe levels of security (unlike our Application for Admission on frontier-s) and the expected level of use doesn't warrant PHP to feed it into a database (unlike our Visa Data Form on avalanche1). But we've all seen alerts like "This form is not secure and information you send may be viewed by a third party" in newly-installed browsers--until we turn off those alerts--and I'm wondering whether that matters. I don't know much about security and would hate to ignorantly leave something too open.

Erin
Erin Paseka
 
Posts: 147
Joined: Tue Jul 13, 2004 3:02 pm
Location: Graduate Studies

FORM Security on Frontier

Postby MarkHiatt » Tue Aug 30, 2005 7:53 am

I was IM'ing Mary Lohse about this, this morning, Erin:

peefour (7:45:51 AM): No security on frontier
peefour (7:46:04 AM): Bad idea!
NebWriter (7:46:09 AM): So... someone could be sneaking a look?
peefour (7:46:20 AM): Duh!
peefour (7:47:34 AM): Mark there is no security certificate on frontier, it was never meant to be anything other than a web server.
=MH=
MarkHiatt
 
Posts: 36
Joined: Mon Jul 26, 2004 3:09 pm
Location: '501' Building - Room 123.1

Postby saltybeagle » Tue Aug 30, 2005 8:51 am

I don't think it would be detrimental to have a ssl certificate on the server for simple cases like this.... although once it's put over email it's insecure anyways. So, is there any point encrypting it 95% the way there --- and then walk it the last 5% on a billboard everyone can see? I don't know... every account on frontier uses insecure ftp as well - so it may be best to think of everything done on frontier as insecure (with the server configured as it is).

The thing that's funny is that a self-signed certificate doesn't cost anything - and is simple to install. The only 'cost' is added overhead on the server to encrypt and decrypt the data (which is minimal)... and if everyone had their accounts set up for it we could all be using secure ftp.

The potential of the information getting seen is low (imo), but if anyone is within 1 hop (for the most part) or less of the data passing by - it's in plain sight (if someone is tech savvy enough and watching/capturing data at that moment).
If it's just name and address, I wouldn't worry too much - but any more info, making it secure might be a good idea. I guess I would consider the data you're sending, and the risk of that information getting out...
Brett Bieber
Image
saltybeagle
 
Posts: 376
Joined: Fri Jan 16, 2004 3:10 pm
Location: 321 Admin

Form/subscription legal issues

Postby dsockrider » Mon Dec 19, 2005 11:30 am

When collecting email address through a form, are there any legal issues that need to be considered? Like requiring an unsubscribe option too?

Also, after a form is submitted is there a way to forward the user to another page other than the simple message displayed at http://www.unl.edu/cgi-bin/formparse?
dsockrider
 
Posts: 189
Joined: Fri Dec 16, 2005 10:37 am
Location: Engineering

Postby saltybeagle » Mon Dec 19, 2005 3:22 pm

after a form is submitted is there a way to forward the user to another page other than the simple message displayed


I think it's configured by the 'thanksfile' parameter. The value of that hidden input field should be the path of the confirmation page to send the user to.

Code: Select all
<input type="hidden" name="thanksfile" value="/cwis/data/finearts/test/filetoredirectuserto.html">
Brett Bieber
Image
saltybeagle
 
Posts: 376
Joined: Fri Jan 16, 2004 3:10 pm
Location: 321 Admin

Direct to another 'thanksfile'

Postby rcrisler1 » Mon Dec 19, 2005 3:59 pm

David -

It looks like a direct to a custom "thank you" is already accounted for ...

Code: Select all
<input type="hidden" name="thanksfile" value="/cwis/data/finearts/test/filetoredirectuserto.html">


Just change the value of the thanksfile parameter to your response page.
____


Robert J Crisler
Manager, Internet and Interactive Media
University Communications
321 Canfield Administration Building
University of Nebraska-Lincoln
402-472-9878
rcrisler1
Site Admin
 
Posts: 153
Joined: Wed May 12, 2004 12:20 pm
Location: Lincoln


Return to Help & Assistance

Who is online

Users browsing this forum: No registered users and 2 guests

cron