While our cPanel hosting control panel offers a basic Form Mail program, we prefer you use a different form mail program called "NMS FormMail". There are some nice advantages to the NMS program, including:
- It can send a confirmation e-mail to the person filling out the form, to thank them for their submission.
- It has some nice security features (regular form mail programs are known for being hacked).
- Normal form mail programs list your e-mail address as a hidden field in your form. Anyone looking at the source code of your web page (including spammers) can see your e-mail address, and it may cause you to get more spam. NMS FormMail hides your e-mail address in the form... the e-mail address is safely stored in the script itself, which nobody can see.
NMS FORMMAIL INSTALLATION INSTRUCTIONS:
- Download the NMS FormMail script (.zip file) HERE. This .zip file contains the script itself, plus some documentation.
- Unzip the files onto your PC. You will notice 4 text files (documentation) and one file called securemail.pl (the script). The original name of the script was FormMail.pl, but QTH.com has renamed the file to securemail.pl. This will help stop hackers from searching for FormMail.pl, in case an exploit becomes available for this script. NOTE: You can name this file anything you want, as long as it ends with .pl.
- Using Notepad or some other text editing software, open securemail.pl and make the following changes:
- @referers = qw(example.com www.example.com localhost);
Change both references of example.com to your domain name. Referers is a list of domain names and subdomains that will be hosting your form. If you have multiple domain names for your web site, list them all here.
- @allow_mail_to = qw(email@example.com firstname.lastname@example.org localhost);
As a security feature, the form mail program will only send form submissions to the addresses you list here. Change email@example.com and firstname.lastname@example.org to one or more valid e-mail addresses that will be getting your form submissions.
- %recipient_alias = (
'1' => 'email@example.com',
'2' => 'firstname.lastname@example.org',
'3' => 'email@example.com,firstname.lastname@example.org',
In your web form, you will specify the recipient of the form submissions to be either '1', '2' or '3'. For now, just change email@example.com to your e-mail address. In your web form, we will point the recipient to 1, so whatever address you put next to 1 will get the form submissions.
- $send_confirmation_mail = 0;
If you want people that submit a form to get a confirmation e-mail (i.e. a Thank You), then change the 0 to 1.
If you enabled the confirmation e-mail (see above), then you will want to change our sample confirmation e-mail to something that better suits your needs.
- Save your changes.
- @referers = qw(example.com www.example.com localhost);
- Using your FTP software, upload the file securemail.pl in ASCII (text mode) to your cgi-bin directory on our server. This is located in /public_html/cgi-bin/.
- Using your FTP software, change the permissions on securemail.pl to 755.
YOUR HTML WEB FORM:
This is not an HTML nor a FORM tutorial. The instructions below assume you know how to create a web page and the basics of creating a web form. There are many tutorials on the Internet to help with creating web pages and web forms.
- Set the Form Action in your web form to:
<form method="post" action="http://www.example.com/cgi-bin/securemail.pl">
(change example.com to your domain name).
- The field where you want your visitors to enter their email address must have the field name set to 'email'. This will allow you to have the sender's email addy in the "From:" section of the email that gets sent to you, and if you have e-mail confirmations enabled, the visitor will get a confirmation sent to the address in this field. If you name your e-mail address field any other way (ex: Email, e-mail, e_mail, etc.) the script will put something like "firstname.lastname@example.org" in the "From:" header of the email. So, your e-mail address form field should look like this:
<input type="text" name="email">
- The field where you want your visitors to enter their Name must have the field name set to 'FullName'. This will allow you to have the sender's name in the "From:" section of the email that gets sent to you. So, your e-mail address form field should look like this:
<input type="text" name="FullName">
- Add the following hidden form fields into your form (descriptions follow each one):
- <input type="hidden" name="recipient" value="1">
- The 1 corresponds to the recipient alias list in the securemail.pl script.
- <input type="hidden" name="subject" value="Web Form Submission">
- change this to whatever you want the subject line of your e-mail to have, when you get the form contents e-mailed to you.
- <input type="hidden" name="redirect" value="http://www.example.com/thankyou.html">
- this is optional... after someone submits the form, if you want them to be taken to a special page, put that address here.
- <input type="hidden" name="required" value="FullName,email">
- list every field that is REQUIRED to be entered. It is a good idea to have at least one field required, to avoid people submitting blank forms to you.
- <input type="hidden" name="missing_fields_redirect" value="http://www.example.com/error.html">
- if you have required fields (see above) then this is the page that people are taken to, if they do not fill in all the required fields. If you do not specify an error page, then the script will create one for you (although I think it is pretty ugly
- <input type="hidden" name="env_report" value="REMOTE_HOST,REMOTE_ADDR,REMOTE_USER,HTTP_USER_AGENT,HTTP_REFERER"> - not all of these fields work all of them time, but they can give you clues to the user's IP address and browser that they are using. Sometimes it comes in handy. This is optional.
Upload your form to your web site and test it out.
NOTE: Optionally, you can add an 'Anti-Spam' question to curtail spammers from submitting your form. See the Formmailer Anti-Spam Instructions for details.