chrometweaks.org

What iPage web host do you recommend that I get for my small ecommerce business?

Click Here To View All Answers...


My 1st question is: What iPage web host do you recommend that I get for my small ecommerce business? Many thanks for any answer. My 2nd question... On a multipart form at.

Http://www.editfast.com/editsub.htm.

I have a "submit" image at the bottom of the form.

<input type="image" border="0" name="submit" alt="submit" value="submit" src="../assets/graphics/submit.gif" width="99" height="27">.

Which I think is causing problems but I don't know why. FormMail returns a message "no recipient or an invalid recipient" but there is a recipient on the form.

<input type="hidden" name="recipient" value="free-.

Bob..

Comments (37)

That's a good question. I'm not sure what is the right answer to your question. I'll do some investigation and get back to you if I find an decent answer. You should email the people at iPage as they probably could give you an answer..

Comment #1

The recipients array is fine, I'm not sure why the carot is there but I guess the formmail uses it for something, I'll have to look at it one of these days, I probably have it on my puter somewhere..

When they changed the button the script probably does not know what the heck to do and just keeps executing until it runs into that error...

Comment #2

Thanks for the replies. I am still looking. According to Matt Wright the carot (That's a new one for me) tells the "perl regular expression parser that it must match the recipient form field exactly".

This works for another "email" form on the same site.

Http://www.editfast.com.

So I think it is in the multipart form itself but the recipients match. Will FormMail spit out this same error for another reason?.

It is a large form.

Http://www.editfast.com/editsub.htm.

So maybe there is something else wrong?.

Thanks again..

Bob..

Comment #3

After removing the image tag and inserting a "Submit" button the form still doesn't work and gives the same error message "Bad Recipient" so there is definitely something else wrong and my first assumption that it was the image causing the problem was wrong..

Bob..

Comment #4

Hmmmm.....is that closing form tag really supposed to be there? Bad karma man, really bad karma......

<input type="TEXT" name="email" size="14" maxlength="35" value="YOUR EMAIL">.

<br>.

<input type="submit" name="submit" value="GET IT!">.

<input type="hidden" name="recipient" value="price-/editpops/thankyou.htm">.

</form>.

<! #EndLibraryItem >..

Comment #5

What you got going on that page? I see at least two forms but only one submit button....check your code and make sure you got the form code (the HTML) correct. It looks like it should be one form from looking at the page.......

Comment #6

This tag looks like it will not work:.

<input type="hidden" name="redirect" onClick="window.open('http://www.editfast.com/editpops/thankyou.htm', 'thankyou', 'toolbar=no, directories=no, location=no, status=yes, menubar=no, resizable=no, scrollbars=no, width=230, height=175'); return false"target="_blank" value="http://www.editfast.com/editpops/thankyou.htm">.

OnClick is not a valid attribute of a hidden form field (is it?) and all those double-quotes are going to break the text up anyway (I think)...

Comment #7

Kevin,.

I think you are on the wrong form. There are two forms but the form for this discussion thread is the large one. The "Free Estimate Order Form"..

The other form "Get Price List" is another experiment which I know doesn't work at this time but let's not go there yet. Please don't worry about that form. I have been experimenting with it all morning and I think you caught it in the middle of a poor attempt..

The <form></form> tags are not the problem as far as I can see. there are two <form... tags and two </form> tags which are related properly..

There is one submit button and one image button which, as I understand it, is treated like a submit button by the browser..

The problem is definitely in the recipient thingy (maybe). I tried just using @recipients = @referers; but I still get the same "bad recipient" message for this form..

Thanks for your hints and input. They keep me on my toes. My karma is rising (I hope)..

Bob..

Comment #8

OK, I think scoutt hit on something, I read the formmail instructions, and if you use the carot in the email addresses, both lists must match exactly. Since you are only sending to your own email addresses, you can drop the carot or add every email address to the list like scoutt did. At least I think so, the instructions are a little difficult to understand...

Comment #9

Scout,.

<input type=hidden name="recipient".

Value="">.

This will send an email to each of these addresses No? I need to have each address different for each form..

Bob..

Comment #10

Correct Kevin, that is the way I understood it too. you must have the same amount of emails in both the hidden field and the @recipient field..

Like I said, try to take out the file upload and see if it works..

Also try this.

<input type=hidden name="recipient".

Value="free-');.

It seems to be the more secure mode, so if that is the case, take out the file upload...

Comment #11

This looks like it should work, which is what I think you have:.

@recipients = ('^">.

So that puts us back at square one........

Comment #12

I think so too but I have tried your sugestion Scout and yours too Kevin but no luck. I sure appreciate you guys taking the time to help. I have gone back over my form and tweaked it a little better. I have also tried using.

@recipients =('^\w+@yourserver.com');.

With no luck. I am almost ready to give up especially in light of Scoutt's comment that FormMail.pl may not be able to handle the "file" value. I assumed it would but after searching in vain on Matt Wright's iPage site for some reference to this I am wondering if I shouldn't use a different method. Any suggestions? Butthe other form works fine. I think it must be my form and table structure. Does it matter where the hidden fields are placed? I know the form has to be within one table but can be in different TD's..

Any more ideas. I am all out..

Bob..

Comment #13

Formmail definetly can.

Not.

Handle file uploads as it is coded. To get it to handle that would be a lot of work. There are other scripts alreay written that will handle file uploads and send the file as an attachment. There is one here modestly priced at $20, maybe there are free ones out there, search script archives..

Http://www.perlservices.net/en/progr...er/index.shtml..

Comment #14

Try to go back to plain email. I mean take out the file upload and the other forms. so all you have it the form you want to work. even though I doubt it that is the problem as you can have as many forms on the page as you want, just as long as they don't over lap each other..

I am going to have a harder look at this and see if I can get to teh bottom of it...

Comment #15

Bummer! That is a shock after spending two days trying to get it to work. But even when I removed the file upload it didn't work so ... I will search around and see what I find. Thanks for your help. I will probably be back here soon with another Q..

Bob..

Comment #16

Did you take out the "encType=multipart/form-data" from the form?.

Also you have more problems then the formmail. you don't seem to close any of your table trays <tr>, in fact you don't close any of the <td> either. I bet if you load this page as is in Netscape it will not load. also put your hidden fields right before the closing form tag..

Also, this won't work.

<SCRIPT language=JavaScript src="status_image.htm">.

</SCRIPT>.

Also this might not work.

<INPUT name=first_name>..

Comment #17

I just tried that myself, I removed the enctype=multipart/form-data and the script executed fine, but with it in there it will not...

Comment #18

Correct I just did that as well..

This is all I had in my fields..

@referers = (' name=recipient>..

Comment #19

I am back. Just had lunch while you guys were working hard at my poorly written form. I am correcting the tables as you suggested but I really don't know how they got like that since I use Dreamweaver and I don't "Hand code" very often. That is strange! I read somewhere that if you have a form which spans across <TD>'S then you have to use the "encType=multipart/form-data" thing. but I have removed it now..

Thanks again. I will try it now..

Bob..

Comment #20

It works!! Thank you very much for all your help. I removed the "encType=multipart/form-data" and it works but is not able to send files so ... I have to go searching. Sorry if I wasted your time but I have learned a lot and again I would like to thank you. May your karma grow bigger..

Bob..

Comment #21

The tables thing was wierd as it was only the middle that didn't have closing tags, but the rest did. the "encType=multipart/form-data" is only for uploading files to the server as far as I know..

Good luck with the search and thank you, I learned something too..

Comment #22

Thanks Scoutt. So if I find another script that allows me to upload documents then I will have to put that "encType=multipart/form-data" back in the form I guess..

Also I should have thought of this before but I need a scriopt that will handle the uploading of Japanese forms as well. Any suggestions?.

Bob..

Comment #23

Here you go. How to write an upload file handler in perl (about 6 lines of code). Just add water.

Http://www.webmasterbase.com/article/474.

Oh and btw, I read the RFC1867 (I know it's sad but I have to read RFC's quite often and so I'm a bit used to them now....sigh...I need a life) and it mentions that if you have enctype="multipart/form-data" then you must have an <input type="file" ...> somewhere. This means that the browser (agent) will look for this if you set that enctype. It cannot process the form without this correct <input> tag as it needs to construct Content-Disposition header, part of which contains information from the input tag..

This probably accounts to why the form would not submit with the enctype set to multipart/form-data after you removed the <input type="file"...> tag. Just a thought...

Comment #24

Thanks Scoutt, Kevin and Torrent for your last minute advice. Your help was really appreciated. I have since that time implemented a diffent technique using PSUpload. It was so easy! The solution is not pretty in programmer terms but it is functional and works to my satisfaction so far. Not sure if it is going to handle Japanese docs (don't see why not) yet but we shall see. There are two forms on separate pages (Not perfect but...) Take a look at it here:.

Http://www.editfast.com/editsub.htm.

And.

Http://www.editfast.com/edituplo.htm.

I have put a 1mb limit on each file but I am not happy with this situation because someone could upload a buch of garbage and fill up my server. Don't want to password protect it though. Not sure what I can do to stop that from happening. Oh ... how can I keep make it mandatory for someone to fill out the first form before getting to the second form? I have "required fields" already but as you can see from the link above there are other ways to this page..

Anyway, I just wanted to thank you all and say I will come back here whenever I am in trouble (lucky you) or when I can help..

Bob..

Comment #25

Well you are very welcome and to answer your Q..

I think you can do this in perl. have it so it will check teeh file exsension and if it isn't .doc then kick them off. other than that if you don't want a password section I don't know right off hand of what to do...

Comment #26

You can restrict what files you want to allow the visitor to upload by specifying the.

"accept".

Attribute in the <input> tag..

E.g. <input type="file" accept="image/gif, image/jpg">.

This will prohibit anyone from being able to select a file that is not a .jpg or .gif. A word of caution though, if someone reeeeally wants to upload garbage and they know about mime-encoding and HTTP headers then this is not too difficult to circumvent. I would say that in all probability though this would suffice. All you need to do is create a comma delimited list of the mime-types you wish to support..

As for the question regarding filling out form one before form two. You could do two things. Firstly check the.

HTTP_REFERER.

(using javascript or a server-side language)and ensure that they have only got to the second form's page from the first form page's url..

Secondly, have this line:.

<input type=hidden name="redirect" value="http://www.editfast.com/edituplo.htm">.

Changed to:.

<input type=hidden name="redirect" value="http://www.editfast.com/edituplo.htm?auth>.

And then on the edituplo.htm page you use javascript's.

Document.url().

(I think this is right, I'm not a javascript guru) to check that the ?auth is there. It's not hack proof but, again, would probably do..

If you are really serious about it then you could always set a cookie on the first form's page and then read it on the second form's page (remember to destroy it after). Again this would involve either javascript or a server-side language..

Anyway, food for thought...

Comment #27

I'd watch out allowing file uploads via this very basic method, the article does not address security concerns at all, no file type checking, no file size limit, no checking the referer so the form could be form-jacked, this is the type of forms that hackers love to play with just to prove how insecure it is. And it returns HTML without adequately parsing the form fields, very bad........

Comment #28

Torrent,.

I have restricted the files already via the "upload.cgi" however I only put in the extensions: cgi, pl, exe any others I should watch out for?.

This PSUpload script is real simple. Even I got it on the first try! It has "@bad_extensions = ();" and "@good_extensions = ();" so I can play around with them until I get it right. I only need to do one, not both but I will have to see which is better for my situation..

Do you know how I can stop the search engines from finding this page so it doesn't appear on thier pages? Is it "Stop the bots" or "no bots" or some META tag like that? Is there a better way?.

As you can see my goal is to allow people to send me their documents for editing. This could include a wide variety from many platforms and software types. This is a concern but I suppose I will have to live with it. What should I lookout for. What protection should I get that will still allow people to upload their documents?.

That's it for now. Time for bed..

Bob..

Comment #29

Regarding the search engines you need to include a robot.txt file the contents of which would be similar to:.

User-agent: *.

Disallow: /cgi-bin/.

Disallow: /popups/.

Disallow: /polls/.

Disallow: /logs/.

Disallow: /images/.

Disallow: /cart/.

Disallow: /forum/.

Here you can see a number of folders that are to be excluded from the searchbots indexing. The user-agent line is so that you can set it up so certain search engines can see directories and some cannot. As you can see this example disallows all searchbots from indexing in those folders..

Regarding the protection. I think you will probably be okay with just restricting the extension types through the upload.cgi script. I would think that for you it would be better to specify which files you will allow as opposed to trying to restrict every other possible file type..

You're right. Time to push out the zzzz's...

Comment #30

First, would the above work to restrict the search bots from seeing the page "edituplo.htm"?.

Where does the "robot.txt" file go? Anywhere in the top level? It seems strange to put the URL of the page I don't want them to see in the file that they read. Are the bots that polite that they read it and go away?.

).

Now for a couple of questions related to our earlier discussion. I have now got two forms involved in the process of uploading my clients documents. One is for the contact and document information and uses FormMail.pl to process the info and send it to me. The other is for the actual uploading of the files and usesPSUpload's "upload.cgi" to get the files to my server. I then have to download them to my home/office computer to edit them..

As a security precaution I would like to receive notice each time that a file(s) has been uploaded to my server. The problem is I don't think you can attach two "actions" to a submit button can you? For example:.

(form method="POST" action="http://www.editfast.com/cgi-bin/upload.cgi" enctype="multipart/form-data").

(form name="PRICE-LIST" method="POST" action="http://www.editfast.com/cgi-bin/FormMail.pl").

I don' think this works if they are in the same form?.

I suppose another way would be to write it into the "upload.cgi" program but that is beyond my capabilites yet. Would it be difficult to do this?.

Maybe Javascript would do the trick?.

Bob..

Comment #31

All you want is an email eveytime someone uploads a script to your server? well that is not hard at all..

We can help you if you need it. and javascript can't do that...

Comment #32

Hi Scoutt,.

Yes but I can't seem to figure out where to start or how to do it. Two ideas keep coming back.

1) Use the "Upload" form itself..

(input type="hidden" name="recipient" value="").

But this would have to be processed by FormMail.pl because as far as I can see the upload.cgi will not process email. (I wish I could find a free script that did both but my searches didn't turn up anything that good) So .... this won't work..

2) Modify the "upload.cgi" script to send me email. This is beyond my abilites. The author of the program said it would cost about $60 to do that..

3) Some sort of script that detects when a file is beeing uploaded to the "uploads" directory on my server and sends me an email. If it is possible this might be ideal because then I might be able to detect the size and type of file as well. Just one more security step. Is this kind of thing possible?.

Bob..

Comment #33

That's what I was just thinking..

1. you are stuck because you can send the email saying somebody uploaded a file but you would not have the file info to get in the email..

2. you could adapt the upload script (30 min not $60) to send email, but you wouldn't have the info from the person that is doing it...

Comment #34

That's true. Never thought of that. How about a real time checker sort of like a virus checker. Could something like this be installed in the upload directory? Starting to sound like $$$.

Bob..

Comment #35

Well you could do something like a cron job to run a certain script to check that directory. and then send an email when it finds somehting. but you are talking out of my league. I have read about it but never set one up. Kevin might be able to help in that area...

Comment #36

Does this have to be done in PERL?.

Do you have access to PHP?.

Another idea is to use the onClick method in the <form> tag to call a javascript function which then invokes formmail.pl (is that even possible)?.

I know the tag would be:.

<form method="post" action="upload.cgi" onClick="javascript_func()">..

Comment #37

No. Perl is just what I have been using because it was available for free..

Yes I have PHP. I use a live customer chat system PHPLive (or at least I plan to) which uses PHP 4 and MySQL but don't ask me to do anything too difficult. Not that I am afraid. I just don't know anything about it..

<form method="post" action="upload.cgi" onClick="javascript_func()">.

This is sort of what I was trying to do but I had it backwards. (Take a look at the previous posts) If I could do this that would be the easiest for me I think. So what would the function be? I am getting confused now with all these different things but I am hanging in there..

Bob..

Comment #38


This question was taken from a support group/message board and re-posted here so others can learn from it.