|
|
Posted by Jerry Stuckle on 01/18/08 04:44
yawnmoth wrote:
> On Jan 17, 7:03 pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
>> Gilles Ganault wrote:
>>> Hello
>>> I need customers to be able to send us e-mails from our VB
>>> Classic application using the MSWinsock ActiveX control.
>>> Since there's no easy way to find the address of their SMTP server, I
>>> figured it'd be easier to have it call a PHP script, and send data
>>> with the POST method.
>> Why on earth would you need the address of their SMTP server? Even if
>> you had it, you wouldn't be able to send a message through it if it were
>> correctly configured.
>
> I think you misunderstand the request. I think, although I can't say
> for sure, that what Gilles Ganault would be doing if he had a
> customers SMTP server is that he'd be using the VB Classic app to send
> out the email through their SMTP server. Since the VB Classic app
> would be running on the customers computer, using their SMTP server
> shouldn't be a problem.
>
No, I understand. It won't work on my system - my SMTP server won't
accept it, and my firewalls will prevent the app from ever getting to
the server. That plus the security on my browser won't let it start.
> What is a problem is that he doesn't know how to get the customers
> SMTP server, so he's planning on having the VB Classic app send an
> HTTP POST request to a PHP script that'll send the email, instead.
>
Yes, I understand that.
> As for ways around this... well, Gilles Ganault could set up an SMTP
> server that his customers could use. This SMTP server could require a
> valid username and password for emails to be sent out. Or the PHP
> script could require the username and password.
>
A lot of work.
> But that wasn't exactly what Gilles Ganault asked for, either. So to
> answer the question that was asked... you could just do something
> like this:
>
> $required_keys = ...;
> for ($i=0;$i<count($required_keys);$i++) {
> if (!isset($_POST[$required_keys[$i]])) {
> return false;
> }
> }
> return true;
>
> Of course, that only tests whether or not the appropriate keys are
> set. If, in order to qualify as being "correctly sent", these
> parameters need to be checked against a regular expression, or
> something... well, you could just test them on a case by case basis.
> eg.
>
> if (!preg_match('#...#', $_POST['whatever'])) {
> return false;
> }
>
> if (!preg_match('#...#', $_POST['whatever2'])) {
> return false;
> }
>
> return true;
>
> Or you could have two arrays. One with required parameter names and
> another that uses select parameter names as keys and sets those keys
> to certain regular expressions.
>
> There are lots of solutions...
>
Yep, but there are even more solutions which will make his contact page
an open door for spammers. And since he doesn't know anything about
PHP, he's going to be very hard pressed to get a solution which works
and is secure, unless he's willing to pay someone for it.
Which is why I recommended just doing it in VBScript. He's already
familiar with it, it can be done using his SMTP server and it works well.
A better solution in this case, IMHO.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|