Upgrading the Email Script
My email script like any computer program needs to be upgraded on occasion to fix problems with the script and perhaps to add functionality. There is no time limit for obtaining upgrades to the free version and 12 months of updates to the advanced version are also included in the purchase price.
Since I first published the script in May 2003 I have applied a number of fixes and enhancements as listed below. Except where specified the fixes/enhancements apply to both the free and advanced versions of the script. Current version numbers are:
- Free version: 3.0
- Advanced Version: 6.0
- Amended referer test to not abort the script when the referer is blank. This means that use of the script from other servers is possible but will only work when the visitor to that site is using a browser with the referer option turned off. As most visitors still have this turned on only a small percentage of visitors to another site would be able to actually use the stolen access to your copy of the script.
- Amended to work with earlier versions of PHP that don't support $_POST by automatically using $HTTP_POST_VARS instead.
- Added a patch to resolve a bug in the qmail mail server that expects \n instead of \r\n. With the standards compliant code emails sent from one site using qmail to another also using qmail would arrive with extra blank lines between the email headers turning the email into garbage. By setting $f_q to 1 at the top of the script the \r characters will be stripped from the email content immediately before it is sent which corrects this problem for outgoing emails (you will have to wait for the official qmail patch before the problem is properly fixed but this fixes my script).
- Moved some field initializations that were not being set correctly when a blank referrer was received.
Advanced Script only - Version two (22nd January 2004) code reorganized to move much of the code into four separate functions which can now be used separately (for example, if you want to develop your own processing for producing multiple emails from one form or even to generate emails without a form).
These functions are: create_mail_headers, format_mail_content, create_mail_body, and mail_send. See the readme.txt file supplied with the code for more information.
- Added $val_email and code triggered when $do = -1 to validate that the destemail address matches one of those listed in the val_email array. If you only have a limited range of destination email addresses then this will stop the script being used to send to other destinations.
- Advanced script only - amended to use filename and type of original file when a temporary file is created on the server in order to allow site visitors to attach a file from their own computer. Also added efopt.php containing optional functions that can be used to upload such files. Refer Attaching and Embedding Local Files for more details.
- To help prevent email addresses in your forms being harvested by spam spiders, a new parameter dom has been added that can be used to pass the domain of destination email addresses separately from the rest of the destination email address. Any destination addresses that do not contain an @ will be assumed to be at the domain specified in this field. The dom field also defaults to the first value specified in the $ref field so that you don't even need to pass it for addresses at your own domain.
- Advanced Script Only - Added a new value for the fmt field. When set to "attach" the form content will be placed in "form.txt" and attached to the email instead of forming the email content.
- Added a new field ccsender that allows a copy of the email to be sent To the sender rather than their being Cced on the original (using the metoo field). This allows the sender to obtain a copy of the email that they sent without compromising the security measures in place to protect the destination email address from spammers.
- Amended coding to increase the security of the script. The script still allows the same usage when the person sending the email has referrer logging enabled. If they have it disabled in their browser or firewall then the script still allows emails to be sent to email addresses on the domain where the script is in use but it will block any attempts to send emails to other domains.
- All processing moved to separate file eproc.php to make application of updates easier.
- Advanced Script Only - Altered the call to mail_send to handle more mail programs.
- Security enhancement to disallow new lines in the middle of email addresses and to disallow both the to and from email addresses being on your domain.
Advanced Script only - Version three (23rd August 2005) code reorganized to move all validation processing into two new functions. Validation has also been added to test for non-blank content in "mandatory" fields as well as being able to verify if mailboxes exist for the specified email addresses. Arguments for the existing functions have been modified as required. Also the configuration setup has been moved into a separate file. Finally, a separate test form page has been supplied to make testing and configuration of the script easier.
The free script has also been modified but only to move the configuration options to be consistent with the new advanced version.
- Advanced script only - load_file in efopt.php modified to test for zero size file for upload
- Advanced script only - added effld.php optional script to allow form fields to be accessed from a PHP thankyou page. email.php also modified to pass the values used by that script.
- Advanced Script Only - efunc.php modified to allow the character encoding to be changed.
- Advanced Script Only - efunc.php split into efunc1.php and efunc2.php.
- Advanced Script Only - validation for "web" field to commence with "http://" or "https://".
- Advanced Script Only - added new aspam field to allow an extra field to be added to the form that must have a specific value entered in order for the email to be submitted. Depending on how obscurely you identify what is to be entered this should help prevent spambots using the form to send spam.
- Advanced Script Only - Allow suppression of header and footer completely for fmt='attach" and fix error in ccsender processing
- Enforced wordwrap at 70 characters for text and HTML emails.
- Advanced Script only - Version four (30th April 2008) - amended to add blacklist array which checks against both sender and receiver emails and to allow for a custom page to be added around error messages via new Pheader and PFooter functions.
- Advanced Script Only - added support for text file attachments with a .sql extension, also updated efopt.php to use $_FILES instead of $HTTP_POST_FILES so that the file upload will continue to work on servers where register_long_arrays is off.
- Advanced Script Only - security patches, note that your serial number now needs to be added to the econf.php file to help secure your script.
- Advanced Script Only - allow spaces in list of mandatory fields and ability to limit the number of links in a message.
- Advanced script 5.0 and free script 2.0 introduce support for multiple languages for the error messages that the script produces so that you can have the errors display in the appropriate language to match your page. Initially Dutch, French, and German are supported in addition to English.
Translations provided by - Dutch language: Johanna Ouwerling, German language: Silke Dallmann, French language: Olivier Geneste.
- Advanced Script Only - can now generate and attach PDFs using 'attachpdf'
- Advanced Script version 6.0 and free script version 3.0 introduce SMTP support with authentication as an alternative to using the PHP mail() function.
The easiest way to implement these changes to your copy of the script is to download a new copy of the free script or resend the advanced script (you will need the item and invoice numbers from your original purchase to request a resend).
This article written by Stephen Chapman, Felgall Pty Ltd.