The Best Formmailer?

**halyfax** · 04-10-2004, 08:40 AM

The only choice

http://nms-cgi.sourceforge.net/scripts.shtml

**Buddha** · 04-10-2004, 10:02 AM

Originally posted by willy

I discovered Mail Manage EX which, according to Hot Scripts , "...is simply the best form-mailer."

Willy I only looked at the code for about 5 minutes and I have some doubts about the security of that script. Especially in a register_globals = ON environment.

**brett** · 04-10-2004, 10:22 AM

If the one willy showed us is not secure, please recommend another with similar functionality. I'm really interested in database/cvs/email/autoreply/etc. On my list so far is now these...

GitHub - andrewmriley/phpformmail: The old PHP port of the PERL email gateway with some enhancements.

http://www.boaddrink.com/projects/phpformmail/index.php

The old PHP port of the PERL email gateway with some enhancements. - andrewmriley/phpformmail

400 No required SSL certificate was sent

http://www.cgi-central.net/scripts/aformmail/

http://www.arecaweb.com/php/newmmex/index.php

PHP Form Mail Script - STADTAUS.com

http://www.stadtaus.com/en/php_scripts/formmail_script/

With this PHP formmailer script you are able to put a contact form on your website. Both HTML layout and e-mail layout are fully customizable by templates.

http://www.holotech.net/scripts.html

http://nutbar.chemlab.org/downloads/

404 Not Found

http://www.dtheatre.com/scripts/formmail.php

404 Not Found

http://www.leveltendesign.com/L10Apps/Fm/index.php

404 Not Found

http://nms-cgi.sourceforge.net/scripts.shtml

After looking at dozens of others, I've used the first 2 here, but now willy's has added another I may have to check out.

**Buddha** · 04-10-2004, 10:57 AM

Originally posted by brett

If the one willy showed us is not secure, please recommend another with similar functionality. I'm really interested in database/cvs/email/autoreply/etc. On my list so far is now these...

I looked through about two dozen highly rated scripts about a year ago...that why I wrote my own. Security should come first when you are considering using any script. Those fancy features won't do you any good, if they're used to take down your site or the whole server.

**Buddha** · 04-10-2004, 06:33 PM

Originally posted by AndrewT

If you are worried about a script you or one of your clients intends to use, please send a ticket into the helpdesk with as much detail on how the script functions and anything else you feel we should know about the script. Please do not ask us if "Script X" is ok without providing any information on the script. There are thousands if not millions of scripts available and there are only a few of those we may be familiar with.

See full topic here: http://forums.dathorn.com/showthread...=1176#post1176

That's a very generous offer that Andrew is making there. I would suggest anyone who's not an experienced programming take him up on that offer.

"One scripting language, three lines of code, and 'Hello World!' doesn't make you an experienced programmer." - Anonymous

**Jim** · 04-10-2004, 07:44 PM

I agree, it is extremely generous.

While were all talking about scripts, any experienced programmers care to go out on a limb and make some suggestions on good, secure, publicly availble scripts.

So far Not Matt's script seems to be the choice for form mailers.

Some suggestions for forums and CMS systems would make good additions. It may also take some of the load off Andrew. I would do it, but sadly I only know enough php to get myself into trouble.

**willy** · 04-10-2004, 08:44 PM

Originally posted by Buddha

Willy I only looked at the code for about 5 minutes and I have some doubts about the security of that script. Especially in a register_globals = ON environment.

Hi Buddha,

The script was designed to work if register golbals are on or off.

Willy

**Buddha** · 04-12-2004, 05:04 AM

Originally posted by willy

The script was designed to work if register golbals are on or off.

Willy, I took a closer look at MMEX and found two major vulnerabilities.

1. The $Settings file can be bypassed. With register globals on, you can just pass your own settings via the form. Gives anyone just about full control. (Re: v3.1.7 mmex.php lines 27,44-46)

2. $Recipient can be set via the form. If your using it to send an email then anyone can use it to send email any where. Register globals setting doesn't matter. (Re: v3.1.7 mmex.php lines 29, 48-49)

Four and half Chillies at HotScripts? People don't risk your site and the server trusting Chillies. Ask Andrew, he was every generous to offer. The final decision is always his anyway. And if you don't want to ask Andrew, you could always pay me to take a look? You may want to sit down before I tell you my hourly rate.

**AndrewT** · 04-12-2004, 09:25 AM

We will not sit down and go through scripts to look for security holes. Obviously this can get far too time consuming if even a handful of you submitted a ticket like this. This statement was simply posted so that if you weren't sure your script would be allowed to run on the server, it doesn't hurt to ask.

**Jonathan** · 04-12-2004, 10:12 AM

yea, crushed me a month back
when I asked about that PHP-Nuke chatroom

CMS: PHP-Nuke, although I've built
a simplified one myself, although no edit function

(one config for title, etc. + can add/remove links dynamically).

Forums: I must say get punBB, not even
two mins after downloading I was finished customizing
it to match my EXACT site design!

**Buddha** · 04-13-2004, 03:58 PM

Originally posted by AndrewT

We will not sit down and go through scripts to look for security holes. Obviously this can get far too time consuming if even a handful of you submitted a ticket like this. This statement was simply posted so that if you weren't sure your script would be allowed to run on the server, it doesn't hurt to ask.

Didn't think you had that much time Andrew but I bet you know what causes trouble on your servers.

But I thought MMEX would make a good example of why you can't trust Chillies.

The Best Formmailer?

The Best Formmailer?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment