Visitor Email Page

I have a simple visitor-response page at

http://www.globalfreeenterprise.com/writeme.php

It has a large text area and only two text input boxes - one labeled Your Name and the other labeled Telephone Number. In fact, as long as you type in something, you can type in anything into these boxes and the form will be sent when the Submit button is clicked. The text area can be filled or empty.

When the form is sent, it goes to a fixed email address. It goes to my email address:

$EmailTo = “username@mysite.com”;

The essential property of this page (this php file) is that the sender is assured that the receiver cannot know the senders email address because the message is not being sent from the sender’s email program.

There are legitimate uses for such a page other than sending a message to Jim Adrian. One might want a first-time service entirely managed through snail mail, UPS, and telephone without the risk of getting lots email spam as a direct result. One might want to anonymously say something important or cathartic to one’s Senator without starting a government file the sender’s name. There are other fair uses. I know my shrink has a lot of advise for me but won’t send me email.

Here is what I want to do (and don’t know how to do): I would like to add a text box that allows the visitor to type in an arbitrary email address that somehow gets placed as EMAIL_ADDRESS in this emailto statement like this:

$EmailTo = “EMAIL_ADDRESS”;

It is not just a matter of knowing php and html forms statements. It is the design of the file that has me stumped.

I would appreciate any light being shed on this problem or any leads.

Here is the php file:

<?php
if (isset($_POST['Submit']))

{

// get posted data into local variables
$EmailFrom = "Contact Form at http://www.globalfreeenterprise.com";
$EmailTo = "***********@********************.***";
$Subject = "Contact";
$YourName = Trim(stripslashes($_POST['YourName']));
$Telephone = Trim(stripslashes($_POST['Telephone']));
$Comments = Trim(stripslashes($_POST['Comments']));

// validation
$validationOK=true;
if (Trim($YourName)=="") $validationOK=false;
if (Trim($Telephone)=="") $validationOK=false;
if (!$validationOK) {
print "<meta http-equiv=\\"refresh\\" content=\\"0;URL=http://www.globalfreeenterprise.com/jaerror.htm\\">";
exit;
}

// prepare email body text
$Body .= "YourName: ";
$Body .= $YourName;
$Body .= "\
";
$Body .= "Telephone: ";
$Body .= $Telephone;
$Body .= "\
";
$Body .= "Comments: ";
$Body .= $Comments;
$Body .= "\
";

// send email
$success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>");

// Print style redirect to success page:
if ($success){
print "<meta http-equiv=\\"refresh\\" content=\\"0;URL=http://www.globalfreeenterprise.com/jaok.htm\\">";
}
else{
print "<meta http-equiv=\\"refresh\\" content=\\"0;URL=http://www.globalfreeenterprise.com/jaerror.htm\\">";
}


// Header style redirect to success page:
//if ($success) {
// redirect to success page
//header('Location: http://www.globalfreeenterprise.com/jaok.htm');
//} else{
//header('Location: http://www.globalfreeenterprise.com/jaerror.htm');
//}

// End of header alternative redirect




} // the if ($_POST['Submit']) or the if (isset($_POST['Submit'])) ends here

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>contact.php</title>
<meta name="description" content="Free Enterprise." />
<meta name="keywords" content="Free Enterprise" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="gfe.css" />
</head>

<body class="body0">

<div style="position: absolute; top: 20px; left: 20px;">  <!--  div0  -->
<div style="width: 1200px; background-color: transparent; color: #000000;
font-family: times new roman, geneva, sans-serif, arial, helvetica, verdana, roman;
font-size:20px;
line-height: 30px;
border-bottom-width: 2px;
border-left-width: 2px;
border-right-width: 2px;
border-top-width: 2px;">

<div style="margin-left: 40px; margin-right: 40px;"></div>
<div class="aa1">Send an email message to Jim Adrian</div>
<br /><br />
This method of communication cannot send your email address to the reciever unless you type it into your message.<br />
Only your name and phone number are required to make the program send your message.
<br /><br />
<?php
echo "This is " . date('l,  ') . " the ";
echo date('jS \\of F, ') ;
echo date('Y') . "<br />";
echo "and it is " .  date(i) . " minutes after the hour."
?> 
<br />
<!-- Website Contact Form -->
<form method="POST" action="<?php echo $PHP_SELF;?>">
<br /><br />
Name<br />
<input type="text" name="YourName" value="" size="22" maxlength="100">
<br />
<br />
Telephone Number<br />
<input type="text" name="Telephone" value="" size="22" maxlength="100">
<br />
<br />
<br />
Your Message
<br />
<br />
<textarea name="Comments" rows="15" cols="90">

</textarea>
<br />
<br />
&nbsp;&nbsp;&nbsp;&nbsp;
<input type="submit" name="Submit" value="Submit Form">
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<input type="reset" value="Discard Message">
<br />
<br />
</form>

</div>
</div>  <!--  div0  -->

</body>
</html>

Thank you for your help.

Jim Adrian

SituationSoap,

This information is very useful. Thank you very much.

Jim Adrian

I’d be far less worried about the legal ramifications of what you’re doing (as long as you make it clear that you’re completely anonymous, there’s not a whole lot anyone can do legally), and cooperate with authorities (turn over any server logs when subpoenaed, etc), then things like death threats are unlikely to be an issue (note that I’m not a lawyer, and this isn’t legal advice).

The bigger issue is that you’re providing what is essentially an open relay to send anonymous email to anyone who wants to send it – and this means spam. Your source email address would likely be blacklisted by every major spam filter within a day. Week at the outside.

I was surprised to find a simple solution. Due to my inexperience, I imagined obstacles that just didn’t exist. Here is the current version:

<?php
if (isset($_POST[‘Submit’]))

{

// get posted data into local variables
$EmailFrom = Trim(stripslashes($_POST[‘EmailFrom’]));
$EmailTo = Trim(stripslashes($_POST[‘EmailTo’]));
$Subject = Trim(stripslashes($_POST[‘Subject’]));
$Telephone = Trim(stripslashes($_POST[‘Telephone’]));
$Comments = Trim(stripslashes($_POST[‘Comments’]));

// validation
$validationOK=true;
if (Trim($EmailFrom)==“”) $validationOK=false;
if (Trim($EmailTo)==“”) $validationOK=false;
if (Trim($Telephone)==“”) $validationOK=false;
if (!$validationOK) {
print "<meta http-equiv=\“refresh\” content=\"0;URL=http://www.globalfreeenterprise.com/jaerror.htm\\“&gt;”;
exit;
}

// prepare email body text
$Body .= "EmailFrom: ";
$Body .= $EmailFrom;
$Body .= "
";
$Body .= "EmailTo: ";
$Body .= $EmailTo;
$Body .= "
";
$Body .= "Subject: ";
$Body .= $Subject;
$Body .= "
";
$Body .= "Telephone: ";
$Body .= $Telephone;
$Body .= "
";
$Body .= "Comments: ";
$Body .= $Comments;
$Body .= "
";

// send email
$success = mail($EmailTo, $Subject, $Body, “From: <$EmailFrom>”);

// Print style redirect to success page:
if ($success){
print "<meta http-equiv=\“refresh\” content=\"0;URL=http://www.globalfreeenterprise.com/jaok.htm\\“&gt;”;
}
else{
print "<meta http-equiv=\“refresh\” content=\"0;URL=http://www.globalfreeenterprise.com/jaerror.htm\\“&gt;”;
}

} // the if ($_POST[‘Submit’]) or the if (isset($_POST[‘Submit’])) ends here

?>

<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html>
<head>
<title>message.php</title>
<meta name=“description” content=“” />
<meta name=“keywords” content=“” />
<meta http-equiv=“Content-Type” content=“text/html; charset=utf-8” />
<link rel=“stylesheet” type=“text/css” href=“gfe.css” />
</head>

<body class=“body0”>

<div style=“position: absolute; top: 20px; left: 20px;”>
<div style=“width: 1200px; background-color: transparent; color: #000000;
font-family: times new roman, geneva, sans-serif, arial, helvetica, verdana, roman;
font-size: 20px;
line-height: 30px;
border-bottom-width: 2px;
border-left-width: 2px;
border-right-width: 2px;
border-top-width: 2px;”> <!-- div0 –>

<div style=“margin-left: 40px; margin-right: 40px;”></div>
<div class=“aa1”><center>Send an email message.</center></div>
<br /><br />
This method of communication cannot send your email address to the reciever unless you type it into your message below.<br />
In order to send a mesage, only your name, phone number, and the email address of the intended recipient are required.<br />
If you place a valid email address in the Email Address box, the message will be sent to that address.<br />
<br /><br />
<?php
echo "This is " . date('l, ') . " the ";
echo date('jS \of F, ') ;
echo date(‘Y’) . “<br />”;
echo “and it is " . date(i) . " minutes after the hour.”
?>

<!-- Website Contact Form –>
<form method=“POST” action=“<?php echo $PHP_SELF;?>”>
<br /><br />

<!–
Provide text box inputs for this list:
EmailFrom
EmailTo
Subject
Telephone
Comments
–>

Your Name<br />
<input type=“text” name=“EmailFrom” value=“” size=“30” maxlength=“100”>
<br />
<br />
Email Address of Receiver<br />
<input type=“text” name=“EmailTo” value=“” size=“30” maxlength=“100”>
<br />
<br />
Subject (optional)<br />
<input type=“text” name=“Subject” value=“” size=“30” maxlength=“100”>
<br />
<br />
Your Telephone Number<br />
<input type=“text” name=“Telephone” value=“” size=“22” maxlength=“100”>
<br />
<br />
<br />
<br />
<input type=“submit” name=“Submit” value=“Submit Form”>                    <input type=“reset” value=“Discard Message”>
<br />
<br />
<br />
<br />
<div style=“font-size: 30px; line-height: 40px;”>
Please type your message in the texarea below:
</div>
<br />
<br />
<br />
<textarea name=“Comments” rows=“30” cols=“90”>
</textarea>
<br />
<br />
</form>

</div>
</div> <!-- div0 –>

</body>
</html>


Jim Adrian

I’m quoting my note to Chroniclemaster because I want to add to it.

There is much more to the future development of the script I am working on. I am reluctant to disclose my entire business plan in order to effectively ask my technical question. This thread seems to have been stopped by the idea that I would be placing myself in legal jeopardy by creating a potentially anonymous email page on my website. Isn’t there a way to detect which server is being used or even which home computer is being used to track down criminals? Is there no other issue than what I should be doing with my own reputation? Should I have started this thread on the PHP forum instead of PHP Application Design?

Please help me understand the technical methods.

Thank you for your help.

Jim Adrian

Chroniclemaster1,

I will take you point of view under advisement. The legal case is not yet closed for me, but I would like to see a technical solution - if only for my hardly-started education in php design.

Thank you for thoughtful remarks.

Jim Adrian

I think this is a poor idea. While from the USER’S perspective, this is effectively anonymous, there is absolutely an HTTP header trail on the emails and they will always lead back to YOU. This is not really anonymous email, this is you taking responsibility for the emails which anyone can send from their own email client, but is too afraid to be held accountable.

While I can imagine many people who’d want to have access to this type of HTML form, I think it’s pretty clear why you don’t see any other corporation, organization, or individual providing this service. It will only take one person to make a death threat, and you’re website will be off the air (and that will be the least of your concerns).