Tell A Friend Script

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
wescrock
Forum Commoner
Posts: 31
Joined: Wed Sep 10, 2008 10:31 am
Location: Fresno, CA

Tell A Friend Script

Post by wescrock »

Hello,

I am looking to find a basic tell-a-friend script that I can implement on my site... I have seen a bunch of different ones, but none that really met what I was looking for. It needs to have just a to and a from line with the option of including a message. The user needs to click a link on the page that opens a pop up with the form that then sends the email.

Anyone have any recommendations?

Thank you,
Wes
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: Tell A Friend Script

Post by Eric! »

This would make a perfect gateway paradise for spammers. They could dump a zillion messages through your form before you even know what happened.

If you excluded the message part and only emailed a fixed text message it would be a lot safer. But allowing them to direct messages to any email address from your site is asking for big trouble.
User avatar
Skara
Forum Regular
Posts: 703
Joined: Sat Mar 12, 2005 7:13 pm
Location: US

Re: Tell A Friend Script

Post by Skara »

I agree with Eric. However, if you do decide to implement this, I could see it... sorta working if the site were small enough.

1) Add captcha and a bot question (e.g. "What is 2 + 7?")
2) Require all emails sent to be approved by an admin. (Would only work with a smaller site or many employees.)
3) Note in bold letters that the email must be approved by an admin on the submission form.
4) Include in the email a link to add the person's email to a "no email" list.

Even then you'll deal with spam and you'll have the added workload of approving emails, but that's the way I would do it if I had to.
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: Tell A Friend Script

Post by Eric! »

If you could make a drop down list of fixed messages, I don't think many spammers would bother with it. You would have to make sure the fixed message is generated in the php code itself, and not from javascripts or taken directly from the form or passed variables. Also they will try to inject a message body into the to, from and subject fields so you'll need to make sure you filter those fields heavily too.

For something this simple you could just white list a set of allowed characters and reject anything else. But if you give them a message field you'll probably have to follow Skara's advice to keep things under control.
wescrock
Forum Commoner
Posts: 31
Joined: Wed Sep 10, 2008 10:31 am
Location: Fresno, CA

Re: Tell A Friend Script

Post by wescrock »

Thanks all,

The ideal would be that the user only enters their email addresses... I would use it as a way to email it to themselves, not others. We are a University library and have many public computers for patrons to use. When they use them, they may need to save links from our site later at home. A CAPTCHA would probably work best for this.

any ideas of what to use for this? There are many bundled, but they all seem rather large for what I actually need... and I need it to send the referring page dynamically to the form.

-Wes
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: Tell A Friend Script

Post by Eric! »

wescrock wrote:The ideal would be that the user only enters their email addresses... I would use it as a way to email it to themselves, not others.
There is no way to stop them from entering someone elses email address as the destination -- just be aware of that.

I posted some simple example code here viewtopic.php?f=1&t=101854

Look about 1/2 down in the thread for contact.html and _mail.php. You can modify the form and the php code to do what you want and it has some filters built in to help stop abuse.
Post Reply