Drop Shadow

Generic EMail Form

You must use the PHP Email Form for all new forms. This CGI was removed on April 30, 2008.

The GenericEMailForm.cgi relied on the web form to get information on who to send emails to. This has long been a bad idea, because it means that spammers can use the CGI to send spam, by pretending to be the form.

Several years ago we limited the CGI to only be able to send mail to on-campus addresses in order to stave off spam problems. This only meant, however, that spammers could not use the CGI to spam off-campus addresses (and that’s assuming the programming was correct). They could still use it to spam any on-campus addresses they wanted.

With the newer PHP-based Email Form plug-in, there’s no need to keep the CGI. By using the PHP version, the e-mail addresses are set on the server-side, not on the form-side.

Here are three steps to converting your page from the GenericEMailForm.cgi to the PHP version. Basically, it involves moving the e-mail setup from before the form is sent to after the form is sent, to ensure that the process can't be hacked to send spam.

  1. Remove the hidden “x_” fields from your form. There should be about four of them: x_recipient, x_order, x_gracias, and x_subject.
  2. Change the action on the form from …/GenericEMailForm.cgi to a PHP page that you’ll create, something like “thanks.php”.
  3. Create a “thanks.php” to accept the form. For each of the “x_” fields you removed from your form, you’ll need a corresponding PHP line in thanks.php.

Example thanks.php

<html> <head> <title>Thank you for submitting your feedback</title> </head> <body> <h1>Feedback submitted</h1> <p>Your request has been sent. Thank you.</p> <? //recipient $formRecipient = 'yourMySanDiegoAccount'; //message subject $formSubject = 'Feedback for form'; //send the mail include('/web/includes/email.php'); ?> </body> </html>

Obviously you can add styles to this however you wish. You also have many other options when using email.php, which you can see in the Email Form instructions.