Results 1 to 2 of 2
  1. #1
    Junior Member
    Join Date
    May 2010
    BC Canada

    Default FormMail w/ Captcha

    Is the "FormMail 1.92 w/ Captcha," available in the Install and Manage section, hardened against injection attacks from spammers? Some scripts have the ability to set up the recipient email address explicitly as one of the global variables in the script source. I am wondering if this is one of them? Has anyone used this in the past?

  2. #2
    Moderator wildjokerdesign's Avatar
    Join Date
    Jun 2003
    Kansas City Mo


    The script is intended to get the recipient from a hidden from field but you could set it in the file itself if you wanted to. Line 140 in the Config array, simply change the default from an empty field to the email address you want to send to. Even with this hard coded in you should be able to override the default via a hidden form field if you wanted to on per form basis.

    I have also used the NMS versions of the script but you have do download and set them up yourself. I actually like the TFmail variation of the script and the auto installer they have for download well work or at least has in the past on a WH 3.0 account. The only thing is that the NMS versions do not have Captcha but you could integrate one if you wanted to. I've actually used the WH Captcha with their scripts before. Since things may have changed some I can't say for sure the exacts but if you look at the Check-captcha.cgi file you can kind of see the subs you need to integrate in. The captcha.cgi can stay as it is since that is called via an image tag.
    Please remember your charity of choice:

    Handy Links: | Plain Text Editors: EditPlus | Crimson

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts