Contact Form

A Perl script that you can run on your website that will allow others to send you email through a web interface. Unlike other web to email gateways, Contact Form is designed to thwart spammers. It does not allow email to be sent to unknown addresses, nor does it reveal addresses that it knows.

Design Goals

• Allow email to be sent to a list of known email addresses through a web interface.
• Prevent email from being sent to other addresses.
• Never reveal email addresses through the web interface.
• Contain no cross site scripting (XSS) vulnerabilities.
• Do not allow arbitrary code to be run on the host.
• Provide adequate information in email headers to trace any spammers.
• Allow, but do not require, an external form.
• Server side validity checking of all data before email is sent.
• Optional client side validity checking of all data before the form is submitted.
• A default configuration that requires only a list of email addresses to be ready for use.
• A customizable interface that allows arbitrary fields.
• Easy to change the look and feel for website integration.
• Able to be easily translated into any language.

Setup

1. Download the contactform archive.
2. Extract the contents of the download.
3. Place contact.pl in your webserver's cgi-bin directory or another place that allows scripts.
4. Edit contact.pl to change the email addresses to which email can be sent.
5. Optional - Change any other parameters in contact.pl to taste.
6. Point your web browser at contact.pl on your server.
7. Send yourself email through the web.

Requirements

• A web server that can execute Perl scripts.
• A command line program to send electronic mail. ("sendmail" is installed on most servers.)
• If captchas are used, the Captcha::reCAPTCHA::V2 perl module must be installed
  (cpan install Captcha::reCAPTCHA::V2 or apt-get install libcaptcha-recaptcha-perl or yum install perl-Captcha-reCAPTCHA)
• If external XML file configuration is used, the XML::Simple perl module must be installed
  (cpan install XML::Simple or apt-get install libxml-simple-perl or yum install perl-XML-Simple)

Download

contactform_5_00_00.tar.gz

Examples

• An example Contact Form with a single recipient and preview required.
• An example Contact Form from which any of three recipients can be chosen. No message preview is required.

Keep up to date

The following sites are updated about new releases. Follow or like contact form in one of the following places to be kept up to date:

• Ostermiller Contact Form page on Facebook
• GitHub release tag via RSS

Bugs and Feature Requests

Bugs and features are tracked using Bugzilla.

• See open issues
• File a bug or request a feature

Languages

Contact form can be easily translated. See instructions in the contact.pl file of the download. To submit a translation for a new language, use bugzilla to open a new feature request and attach the translations. It currently comes in the following languages:

• English (en)
• Dutch (nl) example
• Pig Latin (pig) (for testing) example

Changes

• Version 5.00.00
  • Upgraded recaptcha to v2. This enables the "check this box" challenge rather than the "decipher these letters" challenge. Note that Google stopped supporting recaptcha v1 on March 31, 2018, so all ContactForm installations will either need to upgrade or disable recaptcha. In most cases upgrading will entail generating new recaptcha keys from Google because old "global" keys cannot be used with V2. The Perl module Captcha::reCAPTCHA::V2 needs to be installed. ContactForm configuration value names were changed to "recaptcha_site_key" and "recaptcha_secret_key" to match the language currently used by Google.
• Version 4.03.03
  • Added rel canonical meta tag to the HTML
• Version 4.03.02
  • Add HTML5 doctype to default HTML page
  • More correct fix for trap field causes contact form to fail error checking
• Version 4.03.01
  • Typo: "renurn" instead of "return"
  • trap field causes contact form to fail error checking
• Version 4.03.00
  • Allow any special fields such as subject, and name to be shown in the email body with "show_in_message" configuration
• Version 4.02.00
  • Use the user's email address in the Reply-To field rather than the From field (by default) to bypass spam filtering
• Version 4.01.00
  • Default language not specified
  • Dutch (nl) translation
• Version 4.00.00
  • Allow contact form to be translated more easily
  • Allow recipients to easily see that the email was sent to a group rather than an individual
  • Captcha errors not handled correctly -- contact form displays error keys
  • Allow configuration for constant text to be pre-pended to the subject.
  • The preview button sends the message rather than previews it when preview_allowed=2
  • new line shown as text when template cannot be opened
• Version 3.00.00
  • Add captchas to contactform
  • Allow addresses and other configuration to be specified from an external file
  • Regex for phone numbers with required area code and not required area code
  • Prefill parameter does not completely suppress error message
• Version 2.01.01
  • Client side error checking fails in internet explorer 6, falls through to server site error checking
  • Send button appears even when there are preview errors with javascript disabled
  • Description for "must leave blank" trap appears in emails
  • "Must leave blank" trap can be be undefined
  • Single quotes get corrupted on preview when using Internet Explorer
• Version 2.01.00
  • Include a bot trap field that must be left blank
• Version 2.00.02
  • XSS: apostrophes are not escaped properly in html on preview
• Version 2.00.01
  • Client side error checking should be able to report all errors at once
  • Allow defaults to be filled in for every field from configuration
• Version 2.00.00
  • Group configuration parameters better - one entry with multiple properties per field
  • Support radio buttons for selects
  • Allow better control of field description placement
  • Allow selected default value in drop down list
  • Allow droplists to be optional
  • Fixed Perl warnings when using selects
  • Don't allow cgi fields such as name, email, and subject to be used in generated emails if they have been removed from the configuration.
• Version 1.3.9
  • Allow emails to be sent to an entire list of people at once.
  • New preview mode available in which preview is allowed but not required.
• Version 1.3.8
  • Added a "preview" feature such that users must review their message before sending (enabled by default but may be turned off)
  • Changed the format of the from line from "email (name)" to "name <email>" which seems to be more standard
• Version 1.3.7
  • Fixed an "uninitialized value in concatenation" warning from perl.
• Version 1.3.6
  • Contact form look and feel can be better controlled via cascading style sheets (CSS).
  • Support for drop down select fields
• Version 1.3.5
  • Error messages are now in context -- an error message for a field will appear directly above that field.
• Version 1.3.4
  • Ability to disallow specified text in any field.
  • By default disallow html formatted links and message board formatted links to prevent spam.
• Version 1.3.3
  • Track the original referrer from the first hit to the contact form, put it in an email header.
• Version 1.3.2
  • Messages for the input and sent pages can be specified.
  • Fixed a javascript error that occured when no recipient is selected from the drop down menu.
• Version 1.3.1
  • Can redirect to a different page after sending email.
• Version 1.3.0
  • Added templating ability to make look and feel customization much easier.
• Version 1.2.0
  • Allow ordering of multiple email addresses.
  • Fields are now ordered in the order they are specified rather than having to specify an order.
• Version 1.1.9
  • Added a CSS expression to make Internet Explorer use a max-width for the text fields.
• Version 1.1.8
  • Fix a javascript warning that occurred when verifying the form on the client side.
• Version 1.1.7
  • Uses Perl's built in safety checks: -T -w and use strict.
  • "prefill" parameter may be used to suppress error messages when passing in some other parameters prefilled.
• Version 1.1.6
  • Added icon linked from form.
• Version 1.1.5
  • Fix from Steve McCarthy for subdomain regular expression: they can start with numbers.
• Version 1.1.4
  • Corrected spelling of variable names ("feild" to "field")
• Version 1.1.3
  • Client side script disabled for Opera because it can't handle it.
• Version 1.1.2
  • Client side script disabled for old Netscape and IE browsers because they can't handle it.
  • Descriptions for form elements given label tags.
• Version 1.1.1
  • Fixed syntax for the charset on email mime type.
  • Added new email header fields.
• Version 1.1
  • First public stable release.
• Version 1.0
  • Initial release, contains many bugs.

License

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

Other Web to Email Gateways

Name	License	Requirements	Comments
Matt's FormMail	Open source, freeware, must obtain permission to distribute.	Perl, Sendmail	Most commonly used, does not hide email addresses, often used as an open relay.
nms	Open source (GPL or Artistic)	Perl	A replacement for all of Matt's scripts including FormMail. Can send directly to an SMTP server without sendmail. Does not hide email addresses.
MailWebForm	Open source (GPL)	Java, Java Servlets, Java Mail	Hides email addresses.
SCForm	Open source (GPL)	PHP, Sendmail	Hides email addresses.

Copyright (C) 2002-2020 Stephen Ostermiller