Hi,
I would like to write a python script that can be used in my website for
other people whoever browse my webside to send an email using my smtp
server. Is there any sample python script can do that?
Here is my python script, but it does not display To and From editbox in
the webpage for user type in their addresses:
#!/usr/bin/python
import smtplib, cgi, string
form = cgi.FieldStorage()
# Change the lines below to specify the TO and
# FROM addresses
toaddr = 'd***@abc.com'
fromaddr = ''
# Special form fields used by the email.cgi
# script
ack_url = form.getvalue('ack_url',None)
ack_text = form.getvalue('ack_text','Your submission was successful')
subject = form.getvalue('subject', '')
# form fields to skip
to_skip = ['ack_url', 'ack_text', 'subject', 'to']
# create the email headers
msg = "From: %s\r\nTo: %s\r\nSubject: %s\r\n\r\n" % (fromaddr, toaddr,
subject)
for key in form.keys():
if string.lower(key) in to_skip: continue
msg = msg + "%s: %s\n\n" % (key, form.getvalue(key))
server = smtplib.SMTP('mail.xyx.com')
server.set_debuglevel(0)
server.sendmail(fromaddr, toaddr, msg)
server.quit()
if ack_url:
print "Location: %s" % (ack_url)
print
else:
print "Content-type: text/html"
print
print ack_text
3  1827 
wonder <a@b.com> wrote:
I would like to write a python script that can be used in my website for
other people whoever browse my webside to send an email using my smtp
server. Is there any sample python script can do that?
It looks lik you have one here.
Here is my python script, but it does not display To and From editbox in
the webpage for user type in their addresses:
Well, then, add <input type=text name=to size=80> and <input type=text
name=from size=80> to your web page and fetch them here. The rest of this
looks fine.
--
- Tim Roberts, ti**@probo.com
Providenza & Boekelheide, Inc.
wonder <a@b.com> wrote in message news:<cf**********@news.hgc.com.hk>... Hi,
I would like to write a python script that can be used in my website for
other people whoever browse my webside to send an email using my smtp
server. Is there any sample python script can do that?
Here is my python script, but it does not display To and From editbox in
the webpage for user type in their addresses:
#!/usr/bin/python
import smtplib, cgi, string
form = cgi.FieldStorage()
# Change the lines below to specify the TO and
# FROM addresses
toaddr = 'd***@abc.com'
fromaddr = ''
# Special form fields used by the email.cgi
# script
ack_url = form.getvalue('ack_url',None)
ack_text = form.getvalue('ack_text','Your submission was successful')
subject = form.getvalue('subject', '')
# form fields to skip
to_skip = ['ack_url', 'ack_text', 'subject', 'to']
# create the email headers
msg = "From: %s\r\nTo: %s\r\nSubject: %s\r\n\r\n" % (fromaddr, toaddr,
subject)
I'm using almost the same syntax, but I'm not using '\r\n', only '\n'.
Hope this helps..
wonder <a@b.com> wrote: Is there any sample python script can do that?
Not that I know of, but it's pretty simple. Your script seems to cover
it, except for some security issues:
msg = "From: %s\r\nTo: %s\r\nSubject: %s\r\n\r\n" % (fromaddr, toaddr,
subject)
'subject' comes directly from a form submission but has not been
sanitised and can contain control characters. (Some form handling
software will remove them automatically for you, but the 'cgi' module
does not.)
So if an attacker inserts a '\n' into the subject field they can add
arbitrary headers and body content to the mail you are sending out.
You probably don't want that.
print "Content-type: text/html"
print
print ack_text
Here the text is not HTML-escaped. An attacker can send a user to the
form script with an ack_text parameter of
'<script>alert(document.cookie)</script>' or similar
cross-site-scripting exploits. If your site is not particularly
sensitive this might not be a problem for you, but's it's a bad idea
in general.
it does not display To and From editbox in the webpage for user type in
their addresses
If you allow both the 'To' address and arbitrary message text to be
supplied, your script is very likely going to be spending most of its
life sending spam!
--
Andrew Clover
mailto:an*@doxdesk.com This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: krystoffff |
last post by:
Hi all !
I've got a very weird problem !
I was trying to make my PHP script to send emails to every subscribed
member to go faster (each email takes 1 or 2 seconds to be sent !) so
I tried to...
|
by: Chuck Anderson |
last post by:
Can anyone point me in the right direction? I want to use Php to
automate confirmation of someone joining an email list by them replying
to an email (so they don't have to have a browser?).
I...
|
by: mcp6453 |
last post by:
I'm posting in desperation and hopes that someone has a script that will
achieve these objectives:
1. Web interface using forms collects Name, Address, Email Address.
2. Web interface sends this...
|
by: Bill |
last post by:
Is it possible to somehow activate a page containing a php script by sending
an email to a mailbox on the server?
I have a script that sends out notification emails to an individual. He
wants to...
|
by: John Silver |
last post by:
I have a perl script running on machine A, a web server. A visitor
completes certain pieces of data and these are compiled into two emails, one
addressed to the visitor and copied to the site...
|
by: web_design |
last post by:
I put this together from some other scripts I am using on a site. I'm
trying to make a better email hiding script. It isn't working. Also, it
causes Internet Explorer 6 SP2 to block the script...
|
by: E.T. Grey |
last post by:
Is it possible to have a PHP script receive an email (CSV text). The
problem is this, I want a server to send me an email, and then I want to
be able to have a PHP script 'listening' for email and...
|
by: ianbarton |
last post by:
Hello all
I am trying to setup a feedback form on my webpage using some script
provided by my ISP. I really don't know a lot about PHP and it's syntax
etc.
The feedback form only has 4...
|
by: Jerim79 |
last post by:
I am no PHP programmer. At my current job I made it known that I was no
PHP programmer during the interview. Still they have given me a script
to write with the understanding that it will take me a...
|
by: cfish |
last post by:
I'm trying to script my contact page and I have everything the way I want it however I cannot get my script to output Address, City, State, Zip & Phone Number when I get a email. It will output...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
| |
