31 May, 2009, Hades_Kane wrote in the 21st comment:
Votes: 0
Rather than just glancing, I went ahead and decided to tinker with it and I have everything working right. I went with setting up an .ini file above my directory that web users have access to, and that contains any of the sensitive information (such as what address my eotapp alias directs to). It really was pretty simple, especially after the trouble I had last night, but I think getting the mailer to work in the first place was really the bulk of any of the work.

And yeah, since it works with the sendmail stuff, I ended up not wasting my time figuring out how to get all of that working last night, but this seems to be a better option than the perl script I was messing with last night.

I appreciate the help!
31 May, 2009, Banner wrote in the 22nd comment:
Votes: 0
Hm, I think the putting the .ini file above the web directory makes more sense that where I put mine, but I prefer to keep all web related stuff inside the web folder, more orderly that way. Glad to see you got it working, though, could've saved you a Friday if you'd have tried it first. :)
31 May, 2009, Davion wrote in the 23rd comment:
Votes: 0
Hades_Kane said:
elanthis said:
DO NOT PUT THE EMAIL ADDRESS ANYWHERE IN THE FUCKING HTML.


Can you seriously not fucking read, or are you just too stupid to understand the English language?


Uhm… a little offside here, HK. He's just stating that trying to hide the e-mail in the HTML in any form (hidden or not) is a bad idea, because spam bots could still read it. So, try to take some things with a grain of salt before flaming people. Thanks.
31 May, 2009, David Haley wrote in the 24th comment:
Votes: 0
And in fairness, first we see:
Quote
Basically, I'm trying to hide my email address within the HTML part of the code

followed by:
Quote
The entire point of my post is asking how to avoid putting my email address in the HTML

which is not saying the same thing at all. So it really did seem at first like you wanted the email address to be "hidden" in the HTML.
31 May, 2009, Hades_Kane wrote in the 25th comment:
Votes: 0
David Haley said:
And in fairness, first we see:
Quote
Basically, I'm trying to hide my email address within the HTML part of the code

followed by:
Quote
The entire point of my post is asking how to avoid putting my email address in the HTML

which is not saying the same thing at all. So it really did seem at first like you wanted the email address to be "hidden" in the HTML.


Hades_Kane said:
<input type="hidden" name="recipient" value="myemail@mydomain.com">


I'd like to be able to use an alias as the 'value' something like "eotapp" or something, and then have the script be able to take "eotapp" or whatever alias I use and read that as the email address I would otherwise put in there.


That seems pretty clear to me. Within the form part there, the "value" currently is "myemail@mydomain.com" and I just said there I'd like to have an alias there instead, like eotapp, and then have the script take "eotapp" and know that is the email address I would otherwise put in there.

Davion said:
Uhm… a little offside here, HK. He's just stating that trying to hide the e-mail in the HTML in any form (hidden or not) is a bad idea, because spam bots could still read it.


elanthis said:
DO NOT PUT THE EMAIL ADDRESS ANYWHERE IN THE FUCKING HTML.

elanthis said:
and makes you an idiot responsible for a large portion of the spam people receive

elanthis said:
Breaking either of those rules should be grounds for having your Internet License revoked and/or being shot in the face.


Let's see, he starts out basically screaming profanity at me, calls me an idiot, and says I should be shot in the face. He said a lot more than "don't put your email address in the html", which is what I was asking for help on in the first place.

It'd be like someone replying to that guy in the other thread asking help on how to follow the licenses with "YOU BETTER FUCKING FOLLOW THE LICENSES OR I'LL GET YOUR SERVER SHUT DOWN." then following with a string of insults.

Davion said:
So, try to take some things with a grain of salt before flaming people. Thanks.


Elanthis came at me with a very high and unnecessary level of hostility. If its fine for him to flame me for asking a question, then why should I not be able to defend myself? I would think the censure should extend to the source of the hostilities as well.
31 May, 2009, Cratylus wrote in the 26th comment:
Votes: 0
Davion said:
Uhm… a little offside here, HK. He's just stating that trying to hide the e-mail in the HTML in any form (hidden or not) is a bad idea, because spam bots could still read it. So, try to take some things with a grain of salt before flaming people. Thanks.


I also interpreted the post by Elanthis as being fairly hostile toward HK. If it's
ok for Elanthis to do that, I'm not sure I see why HK gets a yellow card.

-Crat
http://lpmuds.net
31 May, 2009, Banner wrote in the 27th comment:
Votes: 0
It was quite clear that Hades was asking for help for hiding the email addresses. I don't see why this necessitated such a hostile response from Elanthis when it was obvious to me that Hades was aware of the problems in storing emails in the html, which is why he sought to alias them to a hidden file like he has done so.
31 May, 2009, elanthis wrote in the 28th comment:
Votes: 0
It's totally OK to flame me back. ;)

HK, you should be careful making insults regarding English skills. If you meant putting the value in the script, you should have said putting it in the script instead of asking about hiding it in the HTML. Your eotap value comment, in context of you asking about hiding it in HTML, sounds an awful lot like you wanted the script to take the eotap form value, which is similar to techniques a lot of people use to use for anti-spam years ago (spam bots would only try to submit forms that looks like they were about mail, so renaming form fields to random-ass names would hide the email form from the bots… that no longer works).
31 May, 2009, David Haley wrote in the 29th comment:
Votes: 0
Sorry, I didn't mean to imply that Elanthis's post wasn't a bit over the top. I just meant that it wasn't clear to me initially what you were asking, and that it was a fairly easy misinterpretation to make.
31 May, 2009, Davion wrote in the 30th comment:
Votes: 0
Cratylus said:
I also interpreted the post by Elanthis as being fairly hostile toward HK. If it's
ok for Elanthis to do that, I'm not sure I see why HK gets a yellow card.


HK said:
Can you seriously not fucking read, or are you just too stupid to understand the English language?


Blatant personal attack. Mildly hostile statements don't warrant me posting publicly about it.
31 May, 2009, Hades_Kane wrote in the 31st comment:
Votes: 0
elanthis said:
It's totally OK to flame me back. ;)


Woot!

Oh, and also to clarify, I have server side checks against both where the mailer can send from and where it can send to, along with the checks I had in the script itself, so I felt it pretty secure from being used to spam other people.
01 Jun, 2009, elanthis wrote in the 32nd comment:
Votes: 0
Good. You're next going to want to figure out how to make it unusable to spam you yourself, otherwise your server is going to get hammered hard as soon as a spam bot determines its a tasty enough target. That's the hard part, unfortunately. Replacing the submit button with a pure-JS technique (e.g., so that the form cannot be submitted successfully without JS on) will stop 98% of bots… for now. They're starting to get JS capabilities though, so that easy technique is on its last legs. You can plug in Recaptcha if you don't mind those things (I hate them, personally) or go for a home-grown route, such as asking a simple math question – but you want to obfuscate the question and the answer input field as best you can, since those are common enough that bots are learning how to parse them. I have had the best luck by integrating Akismet, but note that it's only free for non-commercial use. It has caught all but a tiny handful of spam posts to my sites and it's totally transparent to the user. My forums and bug report tools don't require a login at all (a mandatory feature for bug report tools IMO – I don't bother reporting bugs in software if it takes me 15 minutes to freaking register an account) and spam isn't a real problem thanks to Akismet.
01 Jun, 2009, Guest wrote in the 33rd comment:
Votes: 0
I'll second the endorsement for Akismet. That thing is a life saver as far as spam goes. The non-commercial clause is somewhat of a drag if you want to make money from the site using it, though the last time I checked their licensing that only kicks in once the site generates more than $500/month.
17 Jun, 2009, Jamdog wrote in the 34th comment:
Votes: 0
I've always done this kind of thing in PHP, where a MySQL database holds the names of people who can be contacted, and their email addresses. The PHP outputs the email form with a drop-down list where the sender can select the intended recipient. The sender must also provide a valid email address, a subject and a message text.

When the user clicks send, the intended recipients' email address is looked up in the database, the mail is constructed as a HTML mail string, and then sent using the PHP 'mail' function. Here is a handy PHP function that you pass 4 strings to - the sender email address, recipient email address, the email subject and the email body text. This creates a HTML email - for plain text, just remove the Content-Type tag. Feel free to change the X-Mailer tag to advertise your own site.
// mail the content to the recipient, send the mail in HTML format
function mail_html($content, $subject, $sender, $recipient) {
$ret = mail($recipient, $subject, $content, "From: ".$sender."\r\nReply-To: ".$sender."\r\nX-Mailer: My_Cool_Mailer\r\nContent-Type: text/html;");
return $ret;
}
20.0/34