We use a special version of formmail.pl. This version protects against abuse by ensuring the email recipient is legitimate.
Any form fields included in the call to formmail.pl will be included in the email that is sent.
formmail.pl has many optional hidden fields, but only the recipient field is required since it determines where the email is sent.
formmail.pl accepts form submissions using the POST method. A line of code is required to pass the form input from your page to formmail.pl. This code varies based on your hosting account type and the type of CGI used.
If you have a Dedicated or VPS account without FastCGI or a Shared Hosting account created before June 1, 2011
If your account fits into any of the following categories, follow the instructions below:
- Shared Hosting accounts created before June 1, 2011
- Dedicated accounts not using FastCGI
- VPS accounts not using FastCGI
If one of these categories describes your account, add this code to your webpage:
<form method="post" action="/cgi-sys/formmail.pl">
If your account does not fit any categories above...
If your account does not fit into the categories above, your account will likely fall into one of these categories.
- Shared Hosting accounts created after June 1, 2011
- Dedicated accounts using FastCGI
- VPS accounts using FastCGI
- Any account with cgi-sys disabled
- Domains using suEXEC or php-cgiwrap
If so, follow the instructions below:
- Copy the formmail.pl script from the /usr/www/cgi-bin/ directory into your domain's cgi-bin folder.
- Once you have done this, add this line of code to your webpage:
<form method="post" action="/cgi-bin/formmail.pl">
There are no modifications needed to this line in your code.
Unless you are running suEXEC as well, you should not copy the formmail.pl file to your account's cgi-bin unless you intend on customizing the source code of it. The "cgi-bin" portion of the action above directs the server to look into the server's cgi-bin so the formmail.pl script doesn't need to reside in your individual account.
- Create a file named ".formmail" in your account's home directory (/usr/home/USERNAME). Add all form recipient email addresses into this file. This will prevent the form from being abused to send to arbitrary addresses.
In the following example, only the recipient field is required. This field specifies the destination email address for the form contents.
<input type="hidden" name="recipient" value="firstname.lastname@example.org">
If you wish to have multiple recipient email addresses, then separate each email address with a comma in the value section of this field.
All recipient email addresses that are not hosted on Pair servers must also be listed in a file named .formmail and placed into your account home directory (/usr/home/USERNAME). This prevents the form from being abused to send to arbitrary addresses.
If the recipient address you list on the form is not an email address on your Pair Networks hosting plan, you will receive the following error message.
Error: Bad Recipient One of the recipients of the information on this form is not a customer of Pair Networks. Sorry.
Here are other fields you can use with formmail.pl.
This field specifies the Subject line of the outgoing email. If not given, the default Subject is "WWW Form Submission."
This field specifies the return email address of the user submitting the form. If supplied, this should be a field filled in by the user. The email will be generated so that your mailer's reply function should go to this email address; if not supplied, the default is email@example.com
This field specifies the real name of the user submitting the form. If supplied, this should be a field filled in by the user. The email will be generated with this name in the headers.
This field specifies the URL to which the user should be automatically redirected after successful delivery of the form. It must be a full URL; relative links will not work. If this field is not specified, a default response will be generated by the script.
This field allows you to specify that certain fields (in a comma separated list) in the form are "required." This means that these fields may not be empty when the form is submitted. If any of the specified fields are empty, the user will receive a warning, and the form will not be submitted.
This field specifies the title for the default response page that is generated by the script in absence of a redirect field. The default is "Thank You."
This field specifies a URL that will appear on the default response page that is generated by the script in absence of a redirect field. This URL can be used to allow users to return to, for example, your homepage.