Need something changed? I can do script customization
Active Scripts
Abandon Scripts
Contact
HOMEricosend
Example
- See bottom of this page.
Description
- ricosend is a formmail-type PHP script to submit a form's results via email
- Created because I needed a script that was fairly simple and was more secure than most existing scripts.
Download
Terms of Use
- Version 1.2.1 and onward is released under GNU General Public License. Basiclly this means you are free to use the script, modify it, and even redistribute versions of your own under the same license.
What's new
- 1.2.3 [December 16, 2007] - Cleaned up the code, made more "checking" options available
- 1.2.2 [November 11, 2006] - Added additions to filter out multiline header fields (used to try to send spam via your form)
- 1.2.1 [October 11, 2006] - Change it so had an option to discard email if they tried using [url]Free Spam[/url] spam
- 1.2.0 [March 21, 2006]- Change it so had an option to discard email if they tried to use BCC for spamming
- 1.1.1 - Changed it so IP is "real" ip even if using a semi-secure proxy
Instructions
ricosend.php settings
- Open ricosend.php and scroll down to line 33 and set the $config['recipient'] to the address you want your form mailed to
- The setting $config['CheckReferer'] is the type of checking to perform on the server. The options are:
- 0: do not check
- 1: check for invalid && blank referer. if either, display error message to user and stop script (not recommended, easy to forge either and some legit people use blank referers)
- 2: check for invalid && blank referer. if either, discard message silently, but continue like sent (not recommended, easy to forge either and some legit people use blank referers)
- 3: check for invalid referer only. display error message to user and stop script
- 4: check for invalid referer only. discard message silently, but continue like sent
- The setting $config['referer'] you can set the hosts that are allowed to submit forms to be mailed. You can put multiple hosts using the format provided, or you can use Regular Expressions to make wildcard matches.
- The setting $config['checkEmail'] is the type of checking to perform on the "email" field submitted. Syntax refers to how the email address is made up (eg: they can't submit an email from user@#!&%@hotmail.com). Host domain exists checks to make sure the domain part of the address exists (eg: checks to make sure ssjfslkfjsl.com from user@ssjfslkfjsl.com exists). Host domain checking is fairly accurate, but occationally will not on some servers.
- 0: do not check
- 1: check syntax && host domain exists. [display error]
- 2: check syntax && host domain exists. [discard silently]
- 3: check syntax only. [display error]
- 4: check syntax only. [discard silently]
- 5: host domain exists only. [display error]
- 6: host domain exists only. [discard silently]
- The setting $config['CheckSpam'] is a check I added because I get many spam messages sent to me through my own form with links like [url=http://www.domain.com/]Free Spam[/url]. If you don't get these type of messages, you probably don't need to enable this check.
- 0: do not check
- 1: check for potential spam. [display error]
- 2: check for potential spam. [discard silently]
- The setting $config['CheckHeaders'] checks the email header fields submitted (realname, email, subject) for multiple lines. The favorite trick of form spammers is to feed a fake multi-line reply, where the second line is a BCC email header and address. When the mail server goes to read the header, it sees the BBC header and address and then will send a copy of the form to that faked address as well. So i HIGHLY recommend you leave this check enabled (either with error, or silent discard) as there is no way this will effect a legitimate user, and can help prevent spam from being sent to other people through your form.
- 0: do not check
- 1: check for fake headers. [display error]
- 2: check for fake headers. [discard silently]
Form fields (optional)
- These are fields that the form supports. For instance, if you name a textbox "realname" then your email will appear to come from whatever was put in that textbox.
- email: address who message from (required unless $config['checkEmail'] is set to 0)
- realname: is name who it's from
- subject: is message subject
- redirect: is the page you go to after you submit
- referer: is the page that submits the form. With SSI, I use: <input type="hidden" name="referer" value="<!--#echo var="HTTP_REFERER" -->"> but if left blank the script will put the location of the page that sends the form
- You can add any other field names/types you want, those are just the supported ones that have special features