Where's The Formail?

[noeffort]

Hi,

 

In Cpanel, clicked on formail clone and was connected to a page that stated "The actual script is here" and then a link which forwarded me to a page that stated:

 

This is FormMail-clone, a clone of FormMail.cgi. It is a clean room version for legal purposes (a less restrictive liscense),

but should behave the exact same way as Matt Wright's Original, but contain none of his code.

 

****No code on the page?****

[TCH-Andy]

noeffort,

 

Have a look at This Thread which explains some of the issues with these scripts and why they have been removed. It also provides a php script alternative which is a safer bet, and several people here have used it so can help with installation and use.

 

Andy

[TCH-Don]

And a few other choices used by others here

Dodos Mail

phormjr

 

The main advantage to using a php form is that you can format the email you receive any way you wish,

and even display the vistors email address and comments on your thank you page.

[noeffort]

Hi,

 

I have a backup secure transaction form. I would like the customer to fill out and be able to access at my TCH website. I have the transaction form from my previous host.

Modified the way I believe it should be at TCH.

*************Question if this is correct************

<FORM METHOD="POST" ACTION="https://server27.totalchoicehosting.com/~aquariu/cgi-bin/formmail.cgi">

****************

<INPUT TYPE=HIDDEN NAME="redirect" VALUE ="*****/cgi-bin/formmail.cgi? recipient=a@****&subject=CreditCardTransactionForm&redirect=*****/thankyou.htm">

[TCH-Don]

From thread

There has been a security hole found that allows formail to be used by unauthorized persons. In effect allowing spam to be sent from your domain. This hole is found in the following scripts.

 

formmail.cgi FormMail.cgi FormMail-clone.cgi formmail.pl FormMail.pl

 

We are disabling the following built in cPanel Scripts on all our servers effective the time of this email.

 

formmail.cgi FormMail.cgi FormMail-clone.cgi formmail.pl FormMail.pl

 

If your site is using any of the above, you will need to make changes to your web space and utilize a different email script. You may use the built in cgiemail, as this has not been identified as a problem.

 

This action is being done to prevent the unauthorized use of our servers.

This was the same secure formail script.

There is yet another security hole in the latest version, and should not be used.

You should be able to use the form you have.

Just install any php form script, like the ones suggested.

Then change the action part to point to your php form script.

if you need help, just ask

[noeffort]

Hi,

I do need help. Not that familiar with scripts.

1)What script do I use?

2)Where do I place it?

3)Wouild like the filled out form to go a folder only accessible by me.

4) Will only look at form at site and delete.

[TCH-Don]

Hi,

I do need help.  Not that familiar with scripts.

1)What script do I use?

2)Where do I place it?

3)Wouild like the filled out form to go a folder only accessible by me.

4) Will only look at form at site and delete.

My fav is Phormjr, but any will do.

If you promise not to laugh, I have a simple demo

Phormjr Demo

the files can go in a subfolder just below your site or in the same folder.

I would use a sub folder, you can create it in cpanels file manager or with an ftp program.

Normally the results would be emailed to the address you put in the config file.

You could create a new email account and use that, to check online.

Also you can now use Squrrel Mail to check on that accopunt

www.mysite.com/sqmail

 

You can ask any questions about the form by using my demo form above.

Hope this helps

[noeffort]

Great demo,

Honest, I didn't laugh....

 

Created files and uploaded to folder public_html/Phormjr

 

Do I have to change paths to:

You can use any form, just change the action part like this

<FORM NAME="aisecuretrans" METHOD=POST ACTION="public_html/phormjr.php">

<INPUT TYPE=HIDDEN NAME="PHORM_NAME" VALUE="public_html/aisecuretrans.html">

 

Form I'm using is a scure form, do I have to place https: in front of form name?

[noeffort]

Sorry about the spelling and cut and paste misplaced, been up since 4 am and it shows..

Great demo,

Honest, I didn't laugh....

 

Created files and uploaded to folder public_html/Phormjr

 

Do I have to change paths to:

 

<FORM NAME="aisecuretrans" METHOD=POST ACTION="public_html/phormjr.php">

<INPUT TYPE=HIDDEN NAME="PHORM_NAME" VALUE="public_html/aisecuretrans.html">

 

Form I'm using is a secure form, do I have to place https: in front of form name?

[TCH-Don]

Great demo,

Do I have to change paths to:

You can use any form,  just change the action part like this

<FORM NAME="aisecuretrans" METHOD=POST ACTION="public_html/phormjr.php">

<INPUT TYPE=HIDDEN NAME="PHORM_NAME" VALUE="public_html/aisecuretrans.html">

 

Form I'm using is a scure form, do I have to place https: in front of form name?

 

You do not use public_html in the path,

you could use /phormjr/phormjr.php

or http://mysite.com/phormjr/phormjr.php

store the config files in the same /phormjr folder,

that where it will look for them.

 

<INPUT TYPE=HIDDEN NAME="PHORM_NAME" VALUE="public_html/aisecuretrans.html">

should be

<INPUT TYPE=HIDDEN NAME="PHORM_NAME" VALUE="aisecuretrans">

the name, aisecuretrans

is also the name of the .txt file that is used to format the email

i.e. aisecuretrans.txt

 

Let me know how it works

 

oops, forgot about the https:

not sure, have not used it. I would try it ?

Edited June 23, 2003 by turtle

[TCH-Don]

I should add, the reason this is secure is that

phormjr.php reads the config file with the address to send to,

from the same folder that it is in,

and no one but you can change it.

 

Also you can call it with a different config name located in the same folder for another form.

 

You may want to visit their site and read the docs for phorm,

it will help.

 

Good luck, I'm off to bed

[noeffort]

tried https://www.aquariuminstruments.com/aisecuretrans.html

get:unable to locate the file

 

also tried https://64.246.56.60/aisecuretrans.html

[noeffort]

enough for today,

thanks

goodnight..

[TCH-Don]

Try just using the original files as is,

using the form.html to get it working.

 

First edit contact.phm

to change the $PHORM_TO

to your email address.

 

Then change it a little at a time.

 

And later if you do not want the logging

delete the line with

$PHORM_LOG = "contactlog.txt";

[TCH-JimE]

Hi,

 

You will need to make sure that you have acces to our shared SSL certificate. Users will be warned that the SSL does not match the URL which is correct as its shared.

 

You will need to start a help tickect in order for SSL to work

 

Thanks

 

Jim

[noeffort]

Hi,

 

Get the following message when hit enter on form...

ERROR

 

020 - Unable to open configuration file .phm.

 

 

 

 

 

Phorm Jr. v2.0

[TCH-Don]

Did you put all the original files in a new folder to just get it working?

and then run www.mysite .com/form/form.html

or where ever the new folder is.

 

 

what does the action line look like?

<FORM NAME="contact" METHOD=POST ACTION="phormjr.php">

Edited June 24, 2003 by turtle

[TCH-Don]

Ok, I changed the zip file, download it again

my demo form site

it now contains an index, form and thank you page

 

extract it to a folder on your computer called testform

 

and then edit the contact.phm file to change the email address.

 

upload to your site to a folder called testform, here is (mine)

 

then goto that folder on your site and you will see a page with a link to the form,

and after you fill out the form you will see a thank you page.

Try this, to get it working, then modify.

 

hope this helps.

[noeffort]

Hi,

Thanks, its working. Now comes the hard part.... sending to non public access folder.

Will let you know how I'm doing....

[TCH-Don]

You are welcome,

and do let me know.

[noeffort]

Hi,

To hard to convert my form. Giving up.

I'll wait till someone else with more knowledge gets a form up and running.

Thanks for all your help.