Solved

Modifying Forms in HTML Email

Posted on 2003-12-01
7
416 Views
Last Modified: 2010-04-06
Hey, I'm trying to figure out whether it is possible to respond to an HTML form sent in an email.  I'm using a php script to send an email with some dropdown lists and text boxes.  I receive the email OK in Outlook Express, with the form elements displayed correctly.  Ideally, I'd like for a user to be able to modify a received form and hit the Reply button, which will send the form with all the user's changes and input back to our server for processing.

Is it even possible to send back a modified form via Reply?  In my tests, hitting Reply or Forward quotes the original form sent, and does not reflect changes the user may have made.  Is there a better way to have a user submit data filled out in an email form?

Any help would be appreciated!  Thanks.

0
Comment
Question by:DeathCheese
  • 3
  • 3
7 Comments
 
LVL 31

Expert Comment

by:seanpowell
ID: 9853470
Can't be done successfully, as most email clients will strip out the script required to process the form. The tried and true method is still the best - host the form on your site :-)
0
 
LVL 1

Assisted Solution

by:kellysgreen
kellysgreen earned 62 total points
ID: 9854267
Actually, I think you can do what you are asking. but let me see if I understand you correctly...

1) User1 fills out form on website, clicks submit.

2) form results are sent to Admin1 via email

3) Admin1 edits results, and submits them back to website.

To accomplish this, you should be able to format the initial email that Admin1 gets as HTML with a prope <form> </form> area, setting the action= value to the full URL to form parsing CGI on your webserver.  Sounds like that is the only thing you are missing...  then instead of Admin1 REPLYING to the email, they can just click the SUBMIT button embedded in the HTML form inside of the email.

ie:
<form action="http://mysite/formhandler.cgi">
<input name="Test" value="">
<input type="submit">
</form>
0
 
LVL 31

Expert Comment

by:seanpowell
ID: 9858298
It appears that it's this:

1) User fills out form in "email client" and clicks submit.

2) form results are sent to server for processing via email

The problem is #1. You can't do this within an email...
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 1

Expert Comment

by:kellysgreen
ID: 9858603
I dunno... it works great for me using either Mozilla or Outlook 2000 as my email client...
I just created an HTML formatted email which contains an HTML form, filled out the form & submitted the results to the web server (not a local web server either) without incident.  
0
 
LVL 31

Accepted Solution

by:
seanpowell earned 63 total points
ID: 9858642
It's because of the way your email client is set up. The latest security patches generally disable this type of scripting, so there's no way to know whether a user will be able to do this. It can be done - but it's not 100%. Indeed, it may only be 10%. Given that, the best way is to host the form on your site.

There are a number of ways to embed a form in an email that can do a "great" deal of damage - which is why the security has been tightened up :-)
0
 
LVL 1

Expert Comment

by:kellysgreen
ID: 9858779
True, but I'm running Mozilla 1.5 and a fully patched Outlook 2000.  
Also --- one can reasonably inuit that the person who is receiving these HTML forms via email is a known entity and that their email client can be configured or modified as need be to allow for this.
0
 

Author Comment

by:DeathCheese
ID: 9858970
The original idea is something like this:

1) User receives form in email.  Modifies it in email client.

2) User hits reply, and the results of the form are sent via email to my server.

Using an email client's standard "Reply" button to submit the data...in theory.  I wasn't sure if that was possible, and I'm leaning towards not possible now.  The other option, adding a submit button to the email form, seems more realistic.  I've got a simple form submitting from some test emails.  Though I understand that not all email clients may be able to handle the submit action.  It does certainly seem like a vulnerability.

Thanks for all your responses.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Preface In the first article: A Better Website Login System (http://www.experts-exchange.com/A_2902.html) I introduced the EE Collaborative Login System and its intended purpose. In this article I will discuss some of the design consideratio…
Introduction Since I wrote the original article about Handling Date and Time in PHP and MySQL (http://www.experts-exchange.com/articles/201/Handling-Date-and-Time-in-PHP-and-MySQL.html) several years ago, it seemed like now was a good time to updat…
Viewers will learn about the regular for loop in Java and how to use it. Definition: Break the for loop down into 3 parts: Syntax when using for loops: Example using a for loop:
The viewer will learn how to dynamically set the form action using jQuery.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now