Hiding personal data in source code viewable on the internet

G

Greg Maxey

Hi,

Only my second post in this group and again hoping that I am in the right
place.

I am trying to set up a user feedback form on my website. I have it set up
and it appears to be working. I have a couple of questions and a concern.

First question. When I use the page to send feedback an e-mail message
comes in from (e-mail address removed) mvps.org is the hose of my site. I was
wondering why the from is not from the person that sent the feedback? Is
there something I need to do to change and make feedback appear from the
person that sent it?

Then next issue is concern for personal information. If I look at my source
code when viewed on the internet the following segment is displayed which
contains my e-mail address:

form method="POST" action="--WEBBOT-SELF--" name="Website User Feedback"
onSubmit="location.href='_derived/nortbots.htm';return false;"
webbot-onSubmit>
<!--webbot bot="SaveResults" S-Email-Format="TEXT/PRE"
S-Email-Address="(e-mail address removed)" B-Email-Label-Fields="TRUE"
B-Email-Subject-From-Field="FALSE" S-Email-Subject="Website Feedback"
S-Builtin-Fields="REMOTE_NAME REMOTE_USER Date Time" startspan
S-Date-Format="%A, %B %d, %Y" S-Time-Format="%H:%M"
S-Form-Fields="MessageType Subject SubjectOther Comments Username UserEmail
ContactRequested " --><input TYPE="hidden" NAME="VTI-GROUP"
VALUE="0"><!--webbot bot="SaveResults" endspan i-checksum="43374" -->
<p align="left"><strong>What is the nature of your comments?</strong>

A friend of mine suggested changing (e-mail address removed) to gmaxey%40mvps%2e.org
thinking it would help avoid spam. When I made those changes I would no
longer get feedback.

Another site I visit has a feedback form and its source code displays:

<form method="POST" action="response.asp"> In place of the mess my shows
above. Apparently there is someway of saving all of that mess above in a
little script file that users can see. Can someone guide me in creating and
using such files. Thanks.
 
P

p c

If you want control over what you do with the results, do not use the
FP/FPSE forms for this. Switch to pure HTML form and scripting for the
reults--ASP for Windows based servers.

Your web page with the form (e.g pageForm.html) will pass the submitted
info to an ASP page (e.g. pageResponse.asp) where you grab the submitted
info, mamipulate if you want, store in a database if you want, send you
an email if yo want, and display a conifrmnation to the submitetr.

Yow will need to work with HTML code in FP and to learn ASP scripting.
Your web server must support ASP (Active Server Pages).

Search for ASP tutorials or get soem books. You don't need complicated
ASP.NET. ASP (or ASP clasisc as it is now referred after .net)is fine.

....PC
 
G

Greg Maxey

PC,

I don't want control over the results. I only want to hide my e-mail
address so it doesn't show up to anyone if they view the source code of my
site with their browser.

Basically how do I covert:
form method="POST" action="--WEBBOT-SELF--" name="Website User
.... S-Email-Address="(e-mail address removed)" ...
VALUE="0"><!--webbot bot="SaveResults" endspan i-checksum="43374" -->

form method="POST" action="response.asp"

So that "response.asp" results in the user feedback being emailed to me.
 
S

Stefan B Rusynko

Mail from a hosted server is always sent from the server (from)
If you have a form field for the senders Email address and use it in the Reply-to properties of the form you can reply to the
senders email address

As for email obfuscation see the Jimco Addin for that at http://www.jimcoaddins.com/
or as pointed out by another user, use a Server side script for mail instead of the FP forms handler



| Hi,
|
| Only my second post in this group and again hoping that I am in the right
| place.
|
| I am trying to set up a user feedback form on my website. I have it set up
| and it appears to be working. I have a couple of questions and a concern.
|
| First question. When I use the page to send feedback an e-mail message
| comes in from (e-mail address removed) mvps.org is the hose of my site. I was
| wondering why the from is not from the person that sent the feedback? Is
| there something I need to do to change and make feedback appear from the
| person that sent it?
|
| Then next issue is concern for personal information. If I look at my source
| code when viewed on the internet the following segment is displayed which
| contains my e-mail address:
|
| form method="POST" action="--WEBBOT-SELF--" name="Website User Feedback"
| onSubmit="location.href='_derived/nortbots.htm';return false;"
| webbot-onSubmit>
| <!--webbot bot="SaveResults" S-Email-Format="TEXT/PRE"
| S-Email-Address="(e-mail address removed)" B-Email-Label-Fields="TRUE"
| B-Email-Subject-From-Field="FALSE" S-Email-Subject="Website Feedback"
| S-Builtin-Fields="REMOTE_NAME REMOTE_USER Date Time" startspan
| S-Date-Format="%A, %B %d, %Y" S-Time-Format="%H:%M"
| S-Form-Fields="MessageType Subject SubjectOther Comments Username UserEmail
| ContactRequested " --><input TYPE="hidden" NAME="VTI-GROUP"
| VALUE="0"><!--webbot bot="SaveResults" endspan i-checksum="43374" -->
| <p align="left"><strong>What is the nature of your comments?</strong>
|
| A friend of mine suggested changing (e-mail address removed) to gmaxey%40mvps%2e.org
| thinking it would help avoid spam. When I made those changes I would no
| longer get feedback.
|
| Another site I visit has a feedback form and its source code displays:
|
| <form method="POST" action="response.asp"> In place of the mess my shows
| above. Apparently there is someway of saving all of that mess above in a
| little script file that users can see. Can someone guide me in creating and
| using such files. Thanks.
|
|
| --
| Greg Maxey/Word MVP
| See:
| http://gregmaxey.mvps.org/word_tips.htm
| For some helpful tips using Word.
|
|
 
R

Ronx

You will have to write your own ASP form handler - the FrontPage
extensions will not send mail unless the email address is in the code.
See http://www.interlacken.com/winnt/tips/tipshow.aspx?tip=46 for some
guidance.

With the extensions handling the form, the From address is that of the
server (which actually sends the mail), not the user who fills in the
form. The users email address can be captured as the Reply-to address
using the forms property sheets.
 
G

Greg Maxey

Steve, Ronx, PC

I know that you are all trying to be helpful. Try as I might I can't seem
to get this sorted out. I know that some of the suggestions weere buy a
book or learn asp scripting, but to tell you the truth I am really hoping
that someone will just give me the fish here.

The page in question is:

http://gregmaxey.mvps.org/User_Feedback.htm

It does everything that I want it to do. The only problem is that that my
unbroken e-mail address is displayed in the source code.

I down loaded the Jimco Spam Addin. While it will allow me to insert a link
on the page to send Email to be and break up the address in the source code,
I can't figure out how to place that broken up code in the S-Email-Address
field of the FP Form.

I have verified that ASP works of my server. I have created a .asp file on
my website named "Response.asp" What I need to know is what script, text,
symbols, etc. do I write in this file so that I can remove:

form method="POST" action="--WEBBOT-SELF--" ...........>
and replace it with
form method="POST" action="Reponse.asp"

and get the same results. That being a e-mail to my addres with the form
results.

Yes I am being asked for spoon feeding ;-0
 
R

Ronx

In form properties on Feedback.htm :
Click the Radio button, Send to Other.
Click the Options button, and in Action type the relative path and
name of the asp page
Response.asp if the page is in the same folder as the form page.
Set the method to POST
Click OK, click OK

If there is a failure, post the code from Response.asp, (you may wish
to disguise email addresses)
 
P

p c

Here's how to do it.

Re-create the form in pure HTML (do not use the FP Web components to
create the form)

Your form tag should be like this
<form method="POST" action="Response.asp">
form fields
</form>

Your form will submit the form results to another web page on the same
folder called "Response.asp" in post mode. See the action field of the
form tag.

Create the process page in HTML mode and save it as response.asp in the
same folder.

Your page will contain process script code to do the following things.

1. In Script: grab the data submitted by the form.
2. In script: create the email message and send it.
3. In HTML and script: produce the confirmation text/HTML to be
displayed in the browser.

I HTML view you enclose ASP script like this
<%
some script
%>

Think of script coding as writing a computer program in BASIC.

For step 1, here's what the code would look like for the form you have
right now.
<%
MessageType= Request.Form("MessageType")
Subject= Request.Form("Subject")
SubjectOther= Request.Form("SubjectOther")
Comments= Request.Form("Comments")
Username= Request.Form("Username")
UserEmail= Request.Form("UserEmail")
ContactRequested= Request.Form("ContactRequested")
%>

For step 2 in the same page, take a look at the example here
http://www.asp101.com/samples/email.asp
And adapt to send the contents of the above variables
Your server must support CDONTS or you need to change for the mail
component supported for your server.

For step 3, create the appropriate HTML page for a web page. Within the
body tags create the desired confirmation message with combination of
HTML and ASP script. For example use your current respose feedback form
and change the "information" part to this:

<p>
<b>Message Type:</b> <%= MessageType %> <br>
<b>Subject: <%= Subject%> <br>
<b>Subject Other:</b> <%=SubjectOther %> <br>
<b>Comments=</b> <%= Comments%> <br>
<b>Your Name:</b> <%= Username%> <br>
<b>Your Email:</b> <%= UserEmail%> <br>
<b>Contact Requested:</b> <%=ContactRequested %> <br>
</p>

Delete or revise for what you want to display.

Now this example of response page does not save your results to a file
or a database on the server. If you want that also, you need to add an
an extra step for that.

Sorry, don't have time to go into that. That's wha I am suggesting
learn ASP and don't rely on FP for these type of things.

....PC
 
G

Greg Maxey

PC and All,

Thanks for your efforts.

I don't know how to get past the first step.
Re-create the form in pure HTML (do not use the FP Web components to
Click to expand...
create the form).
 
P

p c

Sorry Greg. Can't help you more that that.

If you want dynamic pages using ASP, you may want to read a book on HTML
and another one on Active Server Pages. You can visit the library, if
you don't want to buy books. Or enroll in a web developer course in
those topics.

Frontage is good web page editor for the masses. But serious developers
do more than what Frontage can deliver.

...PC
 
G

Greg Maxey

PC,

I don't blame you for giving up on me. My passion is Microsoft Word and
until today I was able to do what I needed with FrontPage.

I have progressed some since my white flag earlier.

I think I have managed to wade through your step 1 and 3.

http://gregmaxey.mvps.org/User_Feedback_Testing.asp this page open a form
which I believe is free of FP form tools. When I click send I get the
Response.asp page with a crude display of the results.

The unsolved problem is how to send the e-mail to me with these results. I
will go back to the site you recommended and see if I can figure it out.
 
S

Stefan B Rusynko

Depends on which mail handler support your host provides for ASP
Take a look at http://www.interlacken.com/winnt/tips/tipshow.aspx?tip=46




| PC,
|
| I don't blame you for giving up on me. My passion is Microsoft Word and
| until today I was able to do what I needed with FrontPage.
|
| I have progressed some since my white flag earlier.
|
| I think I have managed to wade through your step 1 and 3.
|
| http://gregmaxey.mvps.org/User_Feedback_Testing.asp this page open a form
| which I believe is free of FP form tools. When I click send I get the
| Response.asp page with a crude display of the results.
|
| The unsolved problem is how to send the e-mail to me with these results. I
| will go back to the site you recommended and see if I can figure it out.
|
|
| --
| Greg Maxey/Word MVP
| See:
| http://gregmaxey.mvps.org/word_tips.htm
| For some helpful tips using Word.
|
| Greg Maxey wrote:
| > PC and All,
| >
| > Thanks for your efforts.
| >
| > I don't know how to get past the first step.
| >
| >> Re-create the form in pure HTML (do not use the FP Web components to
| >> create the form).
| >
| >
| >
| >
| > p c wrote:
| >> Here's how to do it.
| >>
| >> Re-create the form in pure HTML (do not use the FP Web components to
| >> create the form)
| >>
| >> Your form tag should be like this
| >> <form method="POST" action="Response.asp">
| >> form fields
| >> </form>
| >>
| >> Your form will submit the form results to another web page on the
| >> same folder called "Response.asp" in post mode. See the action field
| >> of the form tag.
| >>
| >> Create the process page in HTML mode and save it as response.asp in
| >> the same folder.
| >>
| >> Your page will contain process script code to do the following
| >> things. 1. In Script: grab the data submitted by the form.
| >> 2. In script: create the email message and send it.
| >> 3. In HTML and script: produce the confirmation text/HTML to be
| >> displayed in the browser.
| >>
| >> I HTML view you enclose ASP script like this
| >> <%
| >> some script
| >> %>
| >>
| >> Think of script coding as writing a computer program in BASIC.
| >>
| >> For step 1, here's what the code would look like for the form you
| >> have right now.
| >> <%
| >> MessageType= Request.Form("MessageType")
| >> Subject= Request.Form("Subject")
| >> SubjectOther= Request.Form("SubjectOther")
| >> Comments= Request.Form("Comments")
| >> Username= Request.Form("Username")
| >> UserEmail= Request.Form("UserEmail")
| >> ContactRequested= Request.Form("ContactRequested")
| >> %>
| >>
| >> For step 2 in the same page, take a look at the example here
| >> http://www.asp101.com/samples/email.asp
| >> And adapt to send the contents of the above variables
| >> Your server must support CDONTS or you need to change for the mail
| >> component supported for your server.
| >>
| >> For step 3, create the appropriate HTML page for a web page. Within
| >> the body tags create the desired confirmation message with
| >> combination of HTML and ASP script. For example use your current
| >> respose feedback form and change the "information" part to this:
| >>
| >> <p>
| >> <b>Message Type:</b> <%= MessageType %> <br>
| >> <b>Subject: <%= Subject%> <br>
| >> <b>Subject Other:</b> <%=SubjectOther %> <br>
| >> <b>Comments=</b> <%= Comments%> <br>
| >> <b>Your Name:</b> <%= Username%> <br>
| >> <b>Your Email:</b> <%= UserEmail%> <br>
| >> <b>Contact Requested:</b> <%=ContactRequested %> <br>
| >> </p>
| >>
| >> Delete or revise for what you want to display.
| >>
| >> Now this example of response page does not save your results to a
| >> file or a database on the server. If you want that also, you need to
| >> add an an extra step for that.
| >>
| >> Sorry, don't have time to go into that. That's wha I am suggesting
| >> learn ASP and don't rely on FP for these type of things.
| >>
| >> ...PC
| >>
| >>
| >>
| >> Greg Maxey wrote:
| >>> Steve, Ronx, PC
| >>>
| >>> I know that you are all trying to be helpful. Try as I might I
| >>> can't seem to get this sorted out. I know that some of the
| >>> suggestions weere buy a book or learn asp scripting, but to tell you
| >>> the truth I am really hoping that someone will just give me the fish
| >>> here. The page in question is:
| >>>
| >>> http://gregmaxey.mvps.org/User_Feedback.htm
| >>>
| >>> It does everything that I want it to do. The only problem is that
| >>> that my unbroken e-mail address is displayed in the source code.
| >>>
| >>> I down loaded the Jimco Spam Addin. While it will allow me to
| >>> insert a link on the page to send Email to be and break up the
| >>> address in the source code, I can't figure out how to place that
| >>> broken up code in the S-Email-Address field of the FP Form.
| >>>
| >>> I have verified that ASP works of my server. I have created a .asp
| >>> file on my website named "Response.asp" What I need to know is what
| >>> script, text, symbols, etc. do I write in this file so that I can
| >>> remove: form method="POST" action="--WEBBOT-SELF--" ...........>
| >>> and replace it with
| >>> form method="POST" action="Reponse.asp"
| >>>
| >>> and get the same results. That being a e-mail to my addres with the
| >>> form results.
| >>>
| >>> Yes I am being asked for spoon feeding ;-0
|
|
 
P

p c

Greg,
study this example.
http://www.powerasp.com/content/hintstips/asp-email.asp

Thwn add these lines before the </body> tag in your resposne page.

<%
Dim MyBody
Dim MyCDONTSMail

Set MyCDONTSMail = CreateObject("CDONTS.NewMail")
MyCDONTSMail.From= UserEmail
MyCDONTSMail.To= "(e-mail address removed)" 'change to your email
MyCDONTSMail.Subject= "Comments from " & Username

MyBody = "Comments from the web site." & vbCrLf & vbCrLf
MyBody = MyBody & "Comments: " & Comments & vbCrLf & vbCrLf
MyBody = MyBody & "Username: " & Username & vbCrLf & vbCrLf
MyBody = MyBody & "UserEmail: " & UserEmail & vbCrLf & vbCrLf
MyBody = MyBody & "ContactRequested: " & ContactRequested & vbCrLf &

MyCDONTSMail.Body= MyBody
MyCDONTSMail.Send
set MyCDONTSMail=nothing
%>

If your server supports sending email with CDONTS and no errors on the
page, it will work.

Now, how many word tips can you give me for that.

....PC
 
G

Greg Maxey

Because it's true or because funny. It is funny none the less.

I will get back to this attempt to work this form through. I have domestice
duties at present.
 
G

Greg Maxey

PC,

No joy. The reponse page displays before adding that code and an error
"Page cannot be displayed" displays after adding it.

I guess my server doesn't support that process :-(
 
G

Greg Maxey

Ronx,

Here is the code in the Response.asp file:
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 6.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>Classic VB: Thanks for your feedback!</title>
<!-- Note the hardcoded path to stylesheet here! -->
<link rel="stylesheet" href="_includes/main.css" type="text/css">
<base target="_top">
</head>

<body>
<p>&nbsp;</p>
<p>Thank you for your feedback.&nbsp; Your feeback was:<%
MessageType= Request.Form("MessageType")
Subject= Request.Form("Subject")
SubjectOther= Request.Form("SubjectOther")
Comments= Request.Form("Comments")
Username= Request.Form("Username")
UserEmail= Request.Form("UserEmail")
ContactRequested= Request.Form("ContactRequested")
%>

</p>
<p>
<b>Message Type:</b> <%= MessageType %> <br>
<b>Subject: <%= Subject%> <br>
<b>Subject Other:</b> <%=SubjectOther %> <br>
<b>Comments=</b> <%= Comments%> <br>
<b>Your Name:</b> <%= Username%> <br>
<b>Your Email:</b> <%= UserEmail%> <br>
<b>Contact Requested:</b> <%=ContactRequested %> <br>
</p>
</body>
</html>

If I click send form the User_Feedback_Test page.
http://gregmaxey.mvps.org/User_Feedback_Testing.asp

The Response.asp page displays with this data:
Thank you for your feedback. Your feeback was:

Message Type: Suggestion
Subject: Word Tips
Subject Other:
Comments= Testing
Your Name: Greg Maxey
Your Email: (e-mail address removed)
Contact Requested:


What is missing of course is an e-mail to me with this information. I tried
posting in the code PC provided an no joy.
 
P

p c

Not necessarily. In the IE browser, uncheck friendly page
errors:IE-->tools-->Internet options-->Advanced tab, look under browsing
and uncheck Show friendly Htt error-->OK.

If you want to pursue further post the code for both your form page and
your response page.

....PC
 
P

p c

Greg,
below is the code for your response page, between the lines. I tested
it on my server and works fine using your form page.

Make sure you change the "To" email address to correspond to yours.

If you server doesn't support CDONTOS for sending email. Then try CDO by
by commenting out the CDONTOS lines (add ' (quotation mark) in front of
the lines) and uncomment the CDO lines (delete the ' (quote mark) in
front of the lines.

---begin response.asp----
<%@ Language = VBscript %>
<% option explicit %>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html;charset=windows-1252">
<title>feedback response</title>
</head>

<body>

<%
Dim MessageType, Subject, SubjectOther, Comments
Dim Username, UserEmail, ContactRequested
Dim MyBody, Mymail

'grab data from the form

MessageType= Request.Form("MessageType")
Subject= Request.Form("Subject")
SubjectOther= Request.Form("SubjectOther")
Comments= Request.Form("Comments")
Username= Request.Form("Username")
UserEmail= Request.Form("UserEmail")
ContactRequested= Request.Form("ContactRequested")
%>

<p>&nbsp;</p>
<p>Thank you for your feedback.&nbsp; Your feeback was:</p>

<p>
<b>Message Type:</b> <%= MessageType %> <br>
<b>Subject:</b> <%= Subject%> <br>
<b>Subject Other:</b> <%=SubjectOther %> <br>
<b>Comments=</b> <%= Comments%> <br>
<b>Your Name:</b> <%= Username%> <br>
<b>Your Email:</b> <%= UserEmail%> <br>
<b>Contact Requested:</b> <%=ContactRequested %> <br>
</p>

<%
'create the email and send it

Set Mymail = CreateObject("CDONTS.NewMail") 'for CDONTS
'Set myMail=CreateObject("CDO.Message") 'for CDO

Mymail.From= UserEmail
Mymail.To= "(e-mail address removed)" 'change to your email
Mymail.Subject= "Website Comments from " & Username

MyBody = "Comments from the web site." & vbCrLf & vbCrLf
MyBody = MyBody & "Comments: " & Comments & vbCrLf & vbCrLf
MyBody = MyBody & "Username: " & Username & vbCrLf & vbCrLf
MyBody = MyBody & "UserEmail: " & UserEmail & vbCrLf & vbCrLf
MyBody = MyBody & "ContactRequested: " & ContactRequested & vbCrLf

Mymail.Body= MyBody 'for CDONTS
'myMail.TextBody= MyBody 'for CDO

Mymail.Send
set Mymail =nothing

%>
</body>
</html>
---end response.asp----

Good luck.
....PC
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Sending e-mail from a ASP form 6
code to submit a forn via email 2
E-mail web response 6
How do I change the 'Time Zone' in the webbot 3
redirect after form submits results to email 4
Form email stopped working after attaching dwt created in Sharepoi 2
forwards to form confirmation instead of specified page 2
Submitting & Validation of Form 2

Top