PHP-mailer

Modified on 2011/10/27 23:32 by Jovall — Categorized as: Uncategorized

Form-mailer documentation

Requirements are pretty basic:
Technical information
Strategies for forms using PHP-mailer-FE

Basic use

The most basic use requires just one single script: "phpmailer-fe.php".

Open "phpmailer-fe.php" in your text editor and look for (around line 346):

$recipient = 'yourname@yourdomain.com';

... change the email address to the one you want the form data sent to.

Now, upload "phpmailer-fe.php" to the root directory of your web site. (Hackers cannot use the URL address line to hijack PHPMailer-FE - PHPMailer-FE will not process the Query String).

Next, change the action of your form to point to phpmailer-fe.php. If you put phpmailer-fe.php in the root of your website, your form tag will look similar to:

 <form method="POST" action="/phpmailer-fe.php" enctype="multipart/form-data">
or
<form method="POST" action="/phpmailer-fe.php">

That's it. PHPMailer-FE will now send the output of your form directly to the e-mail address you want.

PHPMailer-FE can also be used to do conditional processing (sending the form to different e-mail addresses, depending on form field contents), display custom pages, send custom e-mail messages to the sender based on success of the form submit, act as an auto-responder, handle file uploads directly to your mailbox (bypassing server storage), and lots more. See the advanced paragraph below.

Advanced use

PHPMailer-FE was designed specifically to get the form data on your website into your mailbox. It handles that extremely well, and securely.

Let's look at security first. PHPMailer-FE will not process any $_GET data from the Query String. It will exit and not process. In a recent release, we included "inc.sanitize.php" to validate and clean up user input. This sanitize process will check for all known hack attempts and return clean data.

Now let's look at the customization options. To customize PHPMailer-FE, you don't actually even have to edit the script in most cases.

When PHPMailer-FE gets handed data by a form, the first thing it checks for is if a file "default.config.php" exists. If it does, PHPMailer-FE will load that file and use the contents as its configuration. Have a look at the one included with your ZIP file to get a sense of all the variables you can control with this default.config.php file.

Next, you can override all configuration settings on a form-by-form basis. Here are the possibilities. When PHPMailer-FE receives data, the first file it processes is defualt.config.php. For the rest of the examples, let's assume your form file name is "contactus.html". The next file PHPMailer-FE looks for, then, is "contactus/contactus.config.php". Now, let's break that down. the first part indicate that there is a directory called "contactus" in the same directory where "phpmailer-fe.php" is. The second part "contactus.config.php" is the configuration file specifically for the "contactus.html" form. Note that there is something in common in all of this naming -- and it is based on the file name of the form "contactus" of "contactus.html". PHPMailer-FE will use the PHP referer global to determine that, but we highly recommend that your form include a hidden field like:
 <input type="hidden" value="contactus.html" name="referer">

Not all servers return the "referer" global, so having it as a hidden field is protection for you. Having a form-by-form configuration increases the possible uses of PHPMailer-FE. In the configuration file, you can specify recipients of the form, cc and bcc fields, select options for processing, you can even have conditional processing based on input by the submitter. Have a look at the samples included with the ZIP.

Next, you can also create a template file for each form. The template file will be used as the email sent to your recipient, with the user submitted data substituted before PHPMailer-FE sends the data. Using the same example above (contactus.html), your template file would be called "contactus/contactus.tpl" ... in the ZIP file, there are three sample forms included, each has its own config file and template file. We suggest looking at those for ideas on how to structure your forms processing environment.

Starting with version 4.0.7, PHPMailer-FE also has the ability to build a CSV log of all form data submitted by users. The CSV file will include the date and time the data is submitted. This new feature in 4.0.7 was part of our own company's "Pro" version. When used in conjunction with a cron, the CSV can be sent to the webmaster for a record and audit of all forms data submitted. (We did this on the first of each month, for the previous month's logs).