problem setting up a feedback form on Web page

Web hosting discussion, programming, and shared and dedicated servers.
21 posts Page 1 of 3
by ronbo124 » Fri Feb 03, 2012 5:36 pm
We would like to have users fill in a brief form with user email, body of email, and click a submit button to have it sent directly to our sonic.net mailbox. Two things were tried: 1) the first iteration would call up the user's email program, and put our email address in the To field. The subject and body of the message were left on the web page, so the user would have to re-type the msg. 2) We learned about formhandler script, which is supposed to send the form contents directly to our email address, but now we get a message that the email address is not recognized by the FormMail.pl, even though it is a valid sonic.net address in the body of the form html.

Anyone have experience in this area?
by thulsa_doom » Fri Feb 10, 2012 4:25 pm
There are as many ways to do a form mail script as there are reasons to have form mail, so I'm not sure I can help much with your script option.

As for just making a link that called up the visitor's extisting mail client, there are more options you can use. After specifying the recipient address, you can explicitly set the subject and even body that is pre-filled in the message composition window. For example:

Code: Select all

<a href="mailto:support@sonic.net?subject=Web Feedback&body=Please write your feedback here">Send us some feedback</a>
would provide a link named "Send us some feedback," which when clicked on would open the end-user's mail client with a new message addressed to "support@sonic.net" with a subject of "Web Feedback" and a body already containing "Please write your feedback here."
John Fitzgerald
Sonic Technical Support
by ronbo124 » Sat Feb 11, 2012 10:19 am
I solved my problem by using a php script (feedback.php) in the same directory as the html page, then added this code to the form:
<form action="feedback.php" method="post">......
Works great as long as the php is configured properly.
by kbenson » Mon Feb 13, 2012 11:35 am
Please ensure that you've configured whatever security mechanisms the script has to prevent unauthorized third parties from using it to send mail. For example, since you want it sent only to your sonic.net mailbox, if you want hard-code the address in the PHP script, that's a good first step.

If you are planning on also having a copy of the email (or some other version) sent to the user filling the form, please make sure it sanitizes all variables so arbitrary HTML/text can't be passed through from the post to the email.
by dja » Sun Feb 19, 2012 11:06 pm
Using a captcha would probably be a good idea as well, it'll cut down on the amount of spam that your own inbox receives.
by ronbo124 » Mon Feb 20, 2012 9:18 am
Thanks for all the good advice!
by jnurthen » Tue Feb 21, 2012 3:57 pm
dja wrote:Using a captcha would probably be a good idea as well, it'll cut down on the amount of spam that your own inbox receives.
It also makes the form inaccessible to people with disabilities (even reCATCHA as used here can't be used by the deaf/blind for example) as well as not being a particularly effective method of security (the cost for human-powered CAPTCHA cracking is currently about $0.80 / 1000 )
by kbenson » Tue Feb 21, 2012 4:46 pm
jnurthen wrote: It also makes the form inaccessible to people with disabilities (even reCATCHA as used here can't be used by the deaf/blind for example)
I won't dispute this beyond stating there are non-visual fallbacks for reCAPTCHA, but you may already be accounting for that.

Unfortunately, most security comes through some small disadvantage to most, and what's a small disadvantage for most of the population usually ends up being a large problem for a small percentage of the same population. This is something that should be weighed when looking at any security mechanism.
as well as not being a particularly effective method of security (the cost for human-powered CAPTCHA cracking is currently about $0.80 / 1000 )
The effectiveness is directly proportional to the prize for thwarting it. I'm under the assumption that it's still easier to find an alternate way to spam than to pay someone to manually enter CAPTCHA text for you (even at the rates you posted).

Note: I'm not advocating using a CAPTCHA in particular, just stating what I see to be generalities to ALL security mechanisms.
by jnurthen » Tue Feb 21, 2012 6:25 pm
kbenson wrote:
I won't dispute this beyond stating there are non-visual fallbacks for reCAPTCHA, but you may already be accounting for that.

Unfortunately, most security comes through some small disadvantage to most, and what's a small disadvantage for most of the population usually ends up being a large problem for a small percentage of the same population. This is something that should be weighed when looking at any security mechanism.
I am accounting for this. reCAPTCHA is perhaps the best of the CAPTCHAs out there - but even this is problematic for many, especially those with a combination of disabilities (I challenge you to listen to the audio alternative and actually succeed in passing it reliably)

The effectiveness is directly proportional to the prize for thwarting it. I'm under the assumption that it's still easier to find an alternate way to spam than to pay someone to manually enter CAPTCHA text for you (even at the rates you posted).

Note: I'm not advocating using a CAPTCHA in particular, just stating what I see to be generalities to ALL security mechanisms.
I disagree. Those sites for which CAPTCHA is an effective method of preventing abuse would be equally as well served by a combination of other techniques such as those listed (at amongst other places) http://webaim.org/blog/spam_free_accessible_forms/
Many of these techniques have no adverse effect for the user.

For those sites where these techniques aren't effective - neither would (generally) a CAPTCHA.

The only thing CAPTCHAs really do is alienate users.
by kbenson » Wed Feb 22, 2012 12:15 am
jnurthen wrote:
kbenson wrote: The effectiveness is directly proportional to the prize for thwarting it. I'm under the assumption that it's still easier to find an alternate way to spam than to pay someone to manually enter CAPTCHA text for you (even at the rates you posted).

Note: I'm not advocating using a CAPTCHA in particular, just stating what I see to be generalities to ALL security mechanisms.
I disagree.
With which part? About effectiveness being proportional to reward?

Take this as an example, a picket fence on a corner lot doesn't protect the yard from intrusion, it dissuades random passerby from cutting through the lot and trampling the lawn because it's not worth their trouble to jump the fence when they can just walk an extra 20 feet and not have to go over the fence. As soon as there is another reason to want in your yard, the fence is wholly inadequate.

The same can be said of EVERY security mechanism.
Those sites for which CAPTCHA is an effective method of preventing abuse would be equally as well served by a combination of other techniques such as those listed (at amongst other places) http://webaim.org/blog/spam_free_accessible_forms/
Many of these techniques have no adverse effect for the user.
Indeed some don't adversely affect the USER, but that just means the adverse effect is shunted somewhere else, either to the admin, or the the server which has to do extra work, or missed email because of a false positives.
For those sites where these techniques aren't effective - neither would (generally) a CAPTCHA.

The only thing CAPTCHAs really do is alienate users.
I disagree.

First, CAPTCHAs don't protect against spam, they validate human interaction (to varying degrees, but quite well when done right). Unfortunately, they are quite bad at verifying the opposite - no human interaction. This means there can be quite a lot of false positives. It's this property they can confirm which is used for spam detection, since most spam is automated, due to the high volumes needed to make it profitable.

Second, there are other domains where CAPTCHAs provide an invaluable barrier against automation. Take ticketmaster for example.
21 posts Page 1 of 3

Who is online

In total there are 27 users online :: 1 registered, 0 hidden and 26 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: Google [Bot] and 26 guests