Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Re^6: MAIL::SENDMAIL - Inserting $variable Into TO or FROM?

by Milti (Beadle)
on Feb 03, 2014 at 21:31 UTC ( [id://1073266]=note: print w/replies, xml ) Need Help??


in reply to Re^5: MAIL::SENDMAIL - Inserting $variable Into TO or FROM?
in thread MAIL::SENDMAIL - Inserting $variable Into TO or FROM?

Here's the sequence of events. A person has a profile page on mywebsite.com. That page has a SEND MESSAGE link which forwards the person's AccountID to the cgi which creates a "Compose Your Message" page. When the submit button is hit all the info is forwarded to the program I have shown. All this happens on a dedicated server. The check referrers code was intended to assure that the submittal to the mail program was, indeed, coming from the aforementioned form residing on mywebsite.com. Only other members who have logged on can view the profiles noted above. At least I hope that's the case!. If I don't use the check referrer code, what would you suggest I do to ensure the sequence noted above? Thanks for any input!

  • Comment on Re^6: MAIL::SENDMAIL - Inserting $variable Into TO or FROM?

Replies are listed 'Best First'.
Re^7: MAIL::SENDMAIL - Inserting $variable Into TO or FROM?
by marto (Cardinal) on Feb 04, 2014 at 11:07 UTC

    If someone is logged in to your site can't you check that they should be granted access to features using the associated Session? Given my previous comments regarding SQL injection, are you sure only people with accounts can log in? With my statement about referrer in mind, do you log emails sent or check to ensure people aren't already doing this? Perl CGI Secure Authentication, Super Search for more.

      The website is public. However, anyone wishing to search and view profiles of other members must have an account themselves and log on with their own account ID and PW which are checked against the database. Then, as long as the other member does not block them, they may elect to send a message to the other member. They are not allowed to see the email address of the recipient nor does the recipient see the email address of the sender. At this time it is intended that ccs of messages will not be allowed. It is true that any visitor can elect to register at the site to become a member but then they must conduct a search and focus on an individual before they can send a message.

      I do plan to use placeholders with all my SQL queries.

      Thanks for any additional support you can provide.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://1073266]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others wandering the Monastery: (9)
As of 2024-09-16 12:40 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    The PerlMonks site front end has:





    Results (22 votes). Check out past polls.

    Notices?
    erzuuli‥ 🛈The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.