PDA

View Full Version : FormMail w/ Captcha



JosephB
05-30-2010, 02:47 PM
Is the "FormMail 1.92 w/ Captcha," available in the Install and Manage section, hardened against injection attacks from spammers? Some scripts have the ability to set up the recipient email address explicitly as one of the global variables in the script source. I am wondering if this is one of them? Has anyone used this in the past?

wildjokerdesign
05-30-2010, 04:04 PM
The script is intended to get the recipient from a hidden from field but you could set it in the FormMail.pl file itself if you wanted to. Line 140 in the Config array, simply change the default from an empty field to the email address you want to send to. Even with this hard coded in you should be able to override the default via a hidden form field if you wanted to on per form basis.

I have also used the NMS versions of the script but you have do download and set them up yourself. http://nms-cgi.sourceforge.net/ I actually like the TFmail variation of the script and the auto installer they have for download well work or at least has in the past on a WH 3.0 account. The only thing is that the NMS versions do not have Captcha but you could integrate one if you wanted to. I've actually used the WH Captcha with their scripts before. Since things may have changed some I can't say for sure the exacts but if you look at the Check-captcha.cgi file you can kind of see the subs you need to integrate in. The captcha.cgi can stay as it is since that is called via an image tag.