> > In the email generated by the CGI, it is a good idea to add explicit
text
> > in the body saying.
> >
> > The person who submitted the form supplied the email address
> > $replyto
> > There is no guarentee that that address is correct or belongs to the
> > person who submitted the form, but a normal Reply to this message will
> > be sent to that address.
> >
> > Also it is useful to add things to the message headers like
> Might also be helpful to include HTTP_REMOTE_HOST (er, I think thats
> the variable that contains the IP address of the WWW client host)
Well, speaking as the original author of the script in question (one of my
more useful legacies to Cranfield), I took the view that adding lots of
stuff like this is not terribly useful to most users and - as the value
(in security terms) of a client IP address is negligible - quite possibly
misleading to neophytes. So it's possible to substitute any CGI env var
anywhere in the template email. However, the note above and From: are
explicitly overridden by the script, as above; an authenticated HTTP
request could substitute something more appropriate.
NB When Jeff said it isn't a CGI, he politely refrained from noting it's
actually an Apache mod_perl script using a built in Perl interpreter.
Scripts are precompiled to bytecode when Apache starts, so I took
advantage of Perl's Internet::Mail modules and very fast string
manipulation with minimal startup overhead; Apache subprocesses don't exec
either, so most of the memory is shared.