-1

I am creating a form that users will use to register for an event. However, I just discovered that there are some really tight security limitations due to policies due to the site's hosting and also policies the organization has about external-facing scripts (such as PHP) that are seen as an unneeded vulnerability.

I haven't been told flat-out that all PHP is completely banned, but I think that I won't be able to create a file and send email with it. However, I do want to be able to have an online registration form that can be filled out and emailed in as low-tech a way as possible.

I'm aware that you can use mailto: to prepopulate the subject and body of an email sent through the users normal email client:

mailto:my@addy.com?subject=subject+here&body=body+of+email

This is not the best solution because not everyone will be able to use mailto in this way, and for those that do, they must be relied upon not to mess up the formatting of the email. It isn't very consistent. Is there anything better than mailto: but which is still less of a security risk than PHP?

brentonstrine
  • 21,694
  • 25
  • 74
  • 120
  • 8
    Have someone look over the shoulder of your users. Then when they hit submit they write down the contents of the email, jump on a horse, and deliver the message by hand. – John Conde Mar 17 '14 at 17:45
  • You're currently flapping about a problem you haven't really described. If you want to avoid _all_ server-side scripting your only real choice is getting the user to send the email themselves. Or avoid email all together and just store registration info on a table. – AD7six Mar 17 '14 at 17:54
  • Now I know PHP has its problems, but what does this mean? **but which is still less of a security risk than PHP?** You are talking about sending an email.. if you can't program that to be secure, then pretty much @JohnConde suggestion is your only option. – Rottingham Mar 17 '14 at 18:15
  • @Rottingham I don't really understand it myself, but I don't make the rules. Akeem's answer is exactly what I was looking for, as it is better than `mailto:` but will still makes the paranoid policymakers happy. PS. I've reworded this to remove "best" from the question, hopefully it's no longer an "opinion" question. I think it is pretty concrete what I was asking for here, and Akeem's solution is perfect. – brentonstrine Mar 17 '14 at 19:24

1 Answers1

1

If you don't have the ability to run server side code, then sending an email is pretty much out of the question. Unless of course, you can make javascript calls to some other website that emails or store the form information for you.

Your best bet might be outsourcing it entirely, and using a Google Doc form or something.

Akeem McLennon
  • 167
  • 4