Page 1 of 1
Tell A Friend Script
Posted: Fri Jul 10, 2009 3:38 pm
by wescrock
Hello,
I am looking to find a basic tell-a-friend script that I can implement on my site... I have seen a bunch of different ones, but none that really met what I was looking for. It needs to have just a to and a from line with the option of including a message. The user needs to click a link on the page that opens a pop up with the form that then sends the email.
Anyone have any recommendations?
Thank you,
Wes
Re: Tell A Friend Script
Posted: Fri Jul 10, 2009 4:19 pm
by Eric!
This would make a perfect gateway paradise for spammers. They could dump a zillion messages through your form before you even know what happened.
If you excluded the message part and only emailed a fixed text message it would be a lot safer. But allowing them to direct messages to any email address from your site is asking for big trouble.
Re: Tell A Friend Script
Posted: Fri Jul 10, 2009 4:43 pm
by Skara
I agree with Eric. However, if you do decide to implement this, I could see it... sorta working if the site were small enough.
1) Add captcha and a bot question (e.g. "What is 2 + 7?")
2) Require all emails sent to be approved by an admin. (Would only work with a smaller site or many employees.)
3) Note in bold letters that the email must be approved by an admin on the submission form.
4) Include in the email a link to add the person's email to a "no email" list.
Even then you'll deal with spam and you'll have the added workload of approving emails, but that's the way I would do it if I had to.
Re: Tell A Friend Script
Posted: Fri Jul 10, 2009 5:29 pm
by Eric!
If you could make a drop down list of fixed messages, I don't think many spammers would bother with it. You would have to make sure the fixed message is generated in the php code itself, and not from javascripts or taken directly from the form or passed variables. Also they will try to inject a message body into the to, from and subject fields so you'll need to make sure you filter those fields heavily too.
For something this simple you could just white list a set of allowed characters and reject anything else. But if you give them a message field you'll probably have to follow Skara's advice to keep things under control.
Re: Tell A Friend Script
Posted: Mon Jul 13, 2009 9:59 am
by wescrock
Thanks all,
The ideal would be that the user only enters their email addresses... I would use it as a way to email it to themselves, not others. We are a University library and have many public computers for patrons to use. When they use them, they may need to save links from our site later at home. A CAPTCHA would probably work best for this.
any ideas of what to use for this? There are many bundled, but they all seem rather large for what I actually need... and I need it to send the referring page dynamically to the form.
-Wes
Re: Tell A Friend Script
Posted: Mon Jul 13, 2009 4:44 pm
by Eric!
wescrock wrote:The ideal would be that the user only enters their email addresses... I would use it as a way to email it to themselves, not others.
There is no way to stop them from entering someone elses email address as the destination -- just be aware of that.
I posted some simple example code here
viewtopic.php?f=1&t=101854
Look about 1/2 down in the thread for contact.html and _mail.php. You can modify the form and the php code to do what you want and it has some filters built in to help stop abuse.