Home | 1 | 2 | 3 | 4

ASP FormMail

Setting Up the Script

View the source code for this ASP script.

In order for the ASP script to work, some configuration variables need to be set. These are defined at the beginning of the code and determine what sites can use the script and how it will set up and send the email.

Script Parameters

Here is a view of the code with some typical values. The parameters are described in detail below.

referers   = Array("www.example.net","example.net")
mailComp   = "ASPMail"
smtpServer = "mail.example.net"
fromAddr   = "guest@example.net"
FormMail Configuration Variables
Variable Name Description
referers An array of web host addresses. This is used to prevent other sites from posting forms to your host. Basically, it should match what's in your website address between the "http://" and the next "/" character.

An array value is used so that you can include variations, such as "www.example.net" and "example.net" if your site can be accessed that way. You can even include IP addresses.

Note: A browser or firewall may be configured to block the referer header on HTTP requests. This means that some users will not be able to use the form. You can leave the array empty: 

referers = Array()

to make the script skip this check.
mailComp Must be set to one of "ASPMail", "CDONTS", "CDOSYS" or "JMail". These are the four email components that the script recognizes and can use for sending email.

If your web host does not support any of these, you will need to add your own coding to use whatever is available to you.
smtpServer The hostname of your SMTP server. This is required for all the supported email components except CDONTS.
fromAddr This email address will be used as the sender address for the email created by the script.

Most web hosts do not allow email to be sent from their systems without a valid From address in order to discourage spamming. In any case, you should always use a valid email address for your own site.

The referers list is meant simply for your protection. The script checks the URL of the incoming form against the values you've set in this variable and rejects any that don't match.

Otherwise, anyone from anywhere could set up a form on their own site, point it to your script and start sending email from your host without your consent.

Email Components

The remaining configuration variables relate to the component used to send email. The script has been designed to work with four of the most common ASP email components available and to provide an easy way to set the parameters they generally require.

If your host does not use one of these, you'll need to modify the script to add support for your particular situation. You should check with your host administrator or technical support personnel to find out what is supported on your site and the correct parameters needed to use it.

For more information on the supported email components, visit the vendor sites: ServerObjects (ASPMail), Microsoft (CDONTS and CDOSYS), and Dimac (JMail).

Coding Details

The script is fairly simple with four basic steps.

  1. Check the request to ensure a valid form submission.
  2. Process any control form fields passed.
  3. If no errors occured in the previous steps, create and send the email.
  4. Produce an output page displaying either errors or the data that was emailed.

Note that the script does not necessarily stop processing when an error occurs. Instead, error messages are stored in a global array and processing continues where possible. Then all the error messages can be displayed on the final step.

The details for each step are discussed below.

Checking for a Valid Form Submission

The script first checks for form data in the request, no data means that there is nothing to process. Then it checks the referering URL, parsing out the host name and looking for a match in the referers array.

<% 'Check for form data.

   if Request.ServerVariables("Content_Length") = 0 then
     call AddErrorMsg("No form data submitted.")
   end if

   'Check if referer is allowed.

   validReferer = false
   referer = GetHost(Request.ServerVariables("HTTP_REFERER"))
   for each host in referers
     if host = referer then
       validReferer = true
     end if
   next
   if not validReferer then
     if referer = "" then
       call AddErrorMsg("No referer.")
     else
       call AddErrorMsg("Invalid referer: '" & referer & "'.")
     end if
   end if

   'Check for the recipients field.

   if Request.Form("_recipients") = "" then
     call AddErrorMsg("Missing email recipient.")
   end if %>

The HTTP_REFERER environment variable contains the URL of the form that submitted the request. This is passed to the GetHost() function which parses out the host name, i.e. the characters between the the beginning "http://" (or "https://") and the next "/" character.

The script then looks in the referers list for a match. Any requests from an unauthorized host name generates an error message. If a match is found, the validReferer flag is set to True.

The final check is for the _recipients field, which is the only required control field. If no recipient was supplied, an error message will be given.

Prev | Next

BrainJar.com · ©1999-2006 by Mike Hall Home | 1 | 2 | 3 | 4