first time setting up asp form page,I have form submission and results pages set on server still cant get them to jive.looking to send to email,should the form be on the submission page? and should post go to results page?....john
CSS Codes
New Comer (less than 5 posts)
asp
first time setting up asp form page,I have form submission and results pages set on server still cant get them to jive.looking to send to email,should the form be on the submission page? and should post go to results page?....john
Elite Coders
Hi,
If you want to use a form to accepts the To Address, Message Body, etc from a user through a form, you can do it in two ways:
1. Using a single file that has both ASP code as well as the HTML form code.
2. Using multiple files - In this case there will be an HTML interface (FORM) file through the user will enter their details and when they press submit button then the background file will start the processings for sending the email based on the details entered by the user in the interface file.
I am following the seond approach which is more simple compared to the first one
ASP Code
-------------
The second script is as followsCode:'This is the ASP Code for sending a mail which is based on the value coming from an interface file 'This code helps you to send an email using a remote server 'file name - sendMailRemote.asp <script language="VBScript" runat="server"> 'Hope you've performed all the client-side validation in your HTML interface file Dim from, to, message, subject 'storing the user entered values into variables from = Request.Form("from") to = Request.Form("to") message = Request.Form("message") subject = Request.Form("subject") Dim mailObject Set mailObject= Server.CreateObject("CDO.Message") mailObject.Subject= subject mailObject.From = from mailObject.To = to 'The following line will treat this as a text email message. 'If you want to send an HTML based email then you must use the following line which i commented here 'In HTML email you can have HTML tags on the messages 'mailObject.HTMLBody = message mailObject.TextBody= message mailObject.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2 'Specify the SMTP server name or its IP Address which you want to use while sending the email mailObject.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "smtp.server.com" ' Specify the Server port on which the SMTP server is listening in the above mentioned server mailObject.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25 mailObject.Configuration.Fields.Update mailObject.Send set mailObject=nothing </script>
Plz check a skelton of the HTML interface you can use to test this applicationCode:<% 'file: sendMail.asp Dim mailObject Dim from,to,subject,message 'storing the user entered values into variables from = Request.Form("from") to = Request.Form("to") message = Request.Form("message") subject = Request.Form("subject") Set mailObject= Server.CreateObject("CDO.Message") mailObject.Subject=subject mailObject.From = from mailObject.To = to 'The following line will treat this as a text email message. 'If you want to send an HTML based email then you must use the following line which i commented here 'In HTML email you can have HTML tags on the messages 'mailObject.HTMLBody = message mailObject.TextBody = message mailObject.Send set mailObject=nothing %>
Please keep it in mind that you can specify the ASP file name in which you have the mail sending ASP codeHTML Code:<form method="post" action="sendMailRemote.asp"> From <input type="text" name="from"><br> to <input type="text" name="to"><br> subject <input type="text" name="subject"><br> Message<Textarea name="message" rows="10" cols="50"></textarea><br> <input type="submit" name="submit" value="send"> </form>
Please embed some client-side scripts for the validation of the fields before sending the mail
Elite Coders
That's the general idea, yes.Originally Posted by pageblair
Please include a more complete description of the problem (including relevant code) if you're still having problems. Also, please use a better subject next time: you're posting to the ASP forum, so it's a fair guess that that's the language you're using. Something like "Cannot get data from form submission" or "Cannot send e-mails" should be the minimum information.
I'd hope you'd post code that performed server-side validation. As it is, it looks like what you've posted is the perfect spam relay. Then again, I can't find an object that exposes the interface you're trying to use (I have a reference for two CDO versions, and neither has From or To properties).
Mike
Elite Coders
CDOSYS is the successor of CDONTS, Microsoft has discontinued CODNTS in Windows XP. So using CDOSYS we can send emails from the web pages. If you want to find more details about this, you can explore MSDN library.posted by: MWinter
I can't find an object that exposes the interface you're trying to use (I have a reference for two CDO versions, and neither has From or To properties).
Last edited by codeexploiter; 08-28-2006 at 11:56 AM.
Elite Coders
I did have the documentation, I just didn't look quite in the right place. Anyway, that's irrelevant: the only reason I wanted to check was to see what checking Microsoft did, but there is no explicit description. At most, it might check for conformance with the RFC 822 grammar.
The original point remains: anyone that could access this document could use it to send any mail to any recipient.
Mike
Elite Coders
Hi mike,
It is very difficult to show how users can send mails using remote servers in ASP without facing that fact i think.The original point remains: anyone that could access this document could use it to send any mail to any recipient.
I've mentioned two scripts in my response
One using a a local SMTP server
One using a remote server.
Yes the problem still exists, I agree, But i think anyone who knew how to send mail can perform spamming if they wish i think but the response was just for the sake of information nothing else.
I am very keen to learn a method using which we can prevent spamming using a remote server, if you can provide
Elite Coders
Particularly when the person asking questions gives as little information as the OP did.
Well, a remote SMTP server should protect itself against spamming. It has two choices: authentication, and IP filtering. My ISP used to use the latter, restricting only its own customers (for which it knew the IPs, obviously) from accessing the server. They've now shifted to standard authentication techniques so that the server can be accessed from other machines, and to protect against trojans or virii that might target the machines of ISPs like mine.I am very keen to learn a method using which we can prevent spamming using a remote server, if you can provide
What I was actually concerned about was the fact that the code you posted allows the submitting user to specify whatever To and From values they wish. There's also no frequency controls; the user can submit any amount of mail as often as they like.
I wouldn't personally write a form mail system. Modifying an existing, secure package might be a different matter, but I wouldn't like to risk me overlooking an issue and opening up a mail server to attack.
Mike
Elite Coders
Yes it does allow spamming in this case but it is a reality that anybody with a little knowledge in ASP and messaging systems can perform spamming. But you've mentioned two methods for restricting spammer using SMTP servers in your post.posted by MWinter
What I was actually concerned about was the fact that the code you posted allows the submitting user to specify whatever To and From values they wish. There's also no frequency controls; the user can submit any amount of mail as often as they like.
Thanks a lot for the information since I am working as a developer, not involved with the security mechanisms using for these kind of things.
I would be greatful for these kind of information in the future also.
--Code Exploiter
Posting Permissions
Reply With Quote
Bookmarks