[PHP] How do I make an 'email this page' feature?

[PHP Tech]

Hi.

I am on a tight deadline here- I am trying to get a feature on a website I
am creating where you click a link on a page which says 'email this page'
and it takes you to a new page with a form asking you to enter your name,
email and an email address and name of a person you would like to email the
link of the page together with a message.

In theory this is easy to do- but what would be the best and secure way of
doing it?

I thought by clicking the link this would be a form sending the url of the
page to the next page and so I could then use $_GET to retrieve this.  I
also thought of using $_SERVER and getting the referer web address. Then I
could use this in a hidden field and use the mail() function to mail it off.

Aren't both these options open to abuse?  I was impressed with a feature I
saw on this website- http://www.chesternovello.com/composer/606/main.html  -
at the bottom of the page when you click on Email this page it takes you to
another page without using a form, and it seems to use just html.  How do
they do that?  I would really like to use a nice PHP script to do this.

Any ideas? Would be grateful for any thoughts.

I. Gray

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] How do I make an 'email this page' feature?

[PHP Tech]

Hi,

Do you mean that I would have a different ID no. for different pages and
pass that variable to the 'email this page' page which will then send the
url according to the ID number?  If that's what you mean it sounds like a
good idea, but unfortunately as this site has lots of dynamic URLs this
would be impossible to do.

Maybe I should get the info from the refering page and make sure that the
beginning of the url is the url of the website.  However will all browsers
send this info?



-Original Message-
From: Andrew Kreps [mailto:[EMAIL PROTECTED]
Sent: 29 September 2004 23:20
To: PHP List
Subject: Re: [PHP] How do I make an 'email this page' feature?


On Wed, 29 Sep 2004 22:03:07 +0100, PHP Tech <[EMAIL PROTECTED]>
wrote:
>
> I thought by clicking the link this would be a form sending the url of the
> page to the next page and so I could then use $_GET to retrieve this.  I
> also thought of using $_SERVER and getting the referer web address. Then I
> could use this in a hidden field and use the mail() function to mail it
off.
>

I would try to limit the list of items I'm sending via email.  For
example, have a set list of keywords that you generate the emails
based on, such as a product id, or a category name.  Then you generate
the email based on that id, rather than doing, say, an fopen
("http://yoursite.com/page.php";) with the referring page.  The latter
option would be insecure, especially if you don't sanity check the
referrer first.  If you're dealing with a static site, and have to
grab actual HTML files, passing the the page name as a variable and
then doing a local fopen would be a better option.  Checking for
problems before using the form data is the key to keeping this secure.

I imagine having pre-built templates for whatever I'm sending via
email, as I likely wouldn't want the exact same page that's displayed
on my website to be sent via email.  I'd love to hear more specifics
on what you're trying to accomplish.

As for chesternovello.com, there is an awful lot of Javascript magic
happening.  Not to mention that suspicious looking __VIEWSTATE
variable in the form.  There's definitely something happening behind
the scenes there, it's more than just HTML.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php