Bebosoft.com

[Berendftg]

Hi, is there now a way to use a hidden Field to used as the email owner?

Found a 2004 forum link to this question. - viewtopic.php?f=2&t=53&hilit=Hidden+Field+to+used+as+the+email+owner

Answered with: "In Forms To Go you cannot modify the "TO:" from the form page because it would make it vulnerable to spam or any one could point that form to anyone else not under your control. That´s why for security reasons, the email (To:) is hardcoded encrypted. But you could do it at your own risk manually. In a further version, it would be a way to do it in a secure way. Luis Rodriguez - Tech-Support Bebosoft.com"

Is there a answer in 2010 for this?

Need the option please!
thx
berend

[qton]

Same answer for 2010. Doing this opens up the form to relay abuse and the hidden email address be harvested by spammers.

However, this can be done with the Confirmation Email to User function by selecting the hidden email address field to send to, but you won't be able to send a confirmation email to the actual submitter.

[techsupport]

You won't find any up to date form-to-email script that allows you to do that. Maybe old scripts.

If you want to do it, you'll have to modify the resulting Forms To Go script: is not difficult, just one line change, but it's the easiest way to seed spammers with email addresses.

In the past we were planning to enable that option by giving the users a way to obsfuscate the email address in the hidden field with Javascript (see example at the end), but then we learned that even that is not secure, because many bots are created to run as a browser plugin, and they will get the real values of the form, after the javascript had been processed.

The final decision was to never enable that option, not even give the user the option to enable it. When the form is abused by spammers, then the conclusion is that Forms To Go doesn't create secure scripts.

I found this code on the net and modified the last line:

Code: Select all

<script type="text/javascript" language="javascript">
<!--
// Email obfuscator script 2.1 by Tim Williams, University of Arizona
// Random encryption key feature by Andrew Moulden, Site Engineering Ltd
// This code is freeware provided these four comment lines remain intact
// A wizard to generate this code is at http://www.jottings.com/obfuscator/
{ coded = "7UlARqFUM@UwRAbTU.rnA"
  key = "wmIyZlHoUMutWEOGLP2XD7AY1pT8ncsdFia0z659fxVgCjb43erqQKhRkvSJNB"
  shift=coded.length
  link=""
  for (i=0; i<coded.length; i++) {
    if (key.indexOf(coded.charAt(i))==-1) {
      ltr = coded.charAt(i)
      link += (ltr)
    }
    else {     
      ltr = (key.indexOf(coded.charAt(i))-shift+key.length) % key.length
      link += (key.charAt(ltr))
    }
  }
document.write("<input type='hidden' value='"+link+ "'>")
}
//-->
</script>

That will create a line like:

<input type='hidden' value='webmaster@example.org'>

Not visible in the HTML code.

But it's easy with 2010 spammer technology to get that value in less time than a blink :\