When creating a form which will return user input to an email account we recommend that web authors use the script FormMail. This type of form can be attacked by email spammers and by using this centrally provided script we can quickly repair any security problems that may arise. This script has been modified to only permit local email addresses of the form email@example.com as recipients.
The following information includes details of how to configure your form, help pages, a sample form and the source of this form in an easy to read format.
Local Copy of FormMail Help
The security of the mail system is constantly being upgraded and as this happens some features of FormMail need to be adjusted. Following the last upgrade of the mail-hubs the use of the variable email became a problem and a workaround described below was implemented. An example form is available which we will endeavour to keep up to date with the increasing security of the mail system. You should inspect the html source of this file as well to check the actual implementation of certain features - it may be useful to simply cut and paste sections of the form.
The heading of the form should include the following:
<FORM action="http://www.qub.ac.uk/cgi-bin/FormMail.pl" method="POST">
There is only one mandatory field recipient, this should have the email address to which the completed form is sent. For example
<INPUT TYPE="hidden" NAME="recipient"
The following fields are recommended and should be used as described:
email - this should be defined as firstname.lastname@example.org and tagged as a hidden field. Do not use email for a field which users can fill in as it will cause the "From" field in the resulting email to be set and the mailhub will reject the message. For example:
<INPUT TYPE="hidden" NAME="email"
subject - this is useful as it will be set as the subject line on the generated mail message and will simplfy sorting these messages - note subject is in lowercase. For example:
<INPUT TYPE="hidden" NAME="subject" VALUE="Information Request Form">
The following formmail fields are optional but are commonly used:
- required - this is used to flag which fields must be completed by the user
- sort - used to specify the order in which the user-supplied fields are give in the email
- print_config - include a nominated list of configuration variables in the generated email - subject can be useful
- title - the title which appears on the confirmation web page
There are other FormMail fields, these and a further description of the above are described in the Local FormMail Help page.
A form should always include a submit button and a reset button
<INPUT type="submit" value="Submit">
<INPUT type="reset" value="Clear">
User Defined Fields
A web page which implements a form using FormMail may include the usual form entites such as:
- input text fields
- select list
- radio buttons
These are described in Forms - Creating Forms Using Word, any good web authoring book and covered in the Web Authoring - Fundamentals Course.
If you want the user of the form to supply their email address, use a text box and give it a name such as user-email. Never name this box email. For example
<input name="User-EMAIL" value="" size=20,1>