Thread tagged as: Question, Forms

How to pass values through form to populate email - invisibly?

I'm setting up a form that dynamically populate some fields from PHP (or a collection).

It works well! I'm posting it as a tiny tutorial for others:

In php:

 PerchSystem::set_var('someText', $myTextToPopulateForm); // got that from the collection earlier

And in contact.html

<perch:input type="hidden" id="someText" value="<perch:forms id="someText" />" />

And in the Form Settings (Admin Tool)

Email subject line: {someText} // thanks a lot for that 

So that's that, awesome!

But there's another thing I couldn't achieve yet: As for the email TO address, this can't be appearing in the form or be filled with curly brackets in the settings, as it would bring an enormous spamming opportunity.

So my question is: (how) can I pass along some information from the form's call to the submit process without it being visible in the markup? Something like <perch:input type="transitory" /> or <perch:forms id="toEmail" type="hidden" /> ?

EDIT:re-phrased the example

Urs Bräm

Urs Bräm 1 points

  • 5 years ago
Drew McLellan

Drew McLellan 2638 points
Perch Support

As well as privacy, you don't want to send to an email address included in the form because that will enable anyone to use your site to send spam.

Are the recipients all from the same domain? Could you include the username (before the @) in the form, and then add the domain on in the settings?

The email address is not from the form, it's from a collection we fill in the perch backend. (A project gallery, where each project has a different responsible person. The email-domains are completely different among all projects). Each instance of the form sends to one email address only, which is manually entered in Perch Admin.

It's like any other contact form - just that the "to" address comes from perch data and not from the settings.

PS: I'd also be fine with looking up the to-email from the collection before the sending kicks in, but that seems more complicated. Or pass the results to a custom app that does that job and then passes the data back, which sounds even more so...

Drew McLellan

Drew McLellan 2638 points
Perch Support

Ok. In the example you gave, it was in the form.

<perch:input type="hidden" id="toEmail" value="<perch:forms id="toEmail" />" />

I think you're probably expecting too much of the basic Forms app.

So I can't get one form blueprint with varying recipients depending on the context?

Then I'd point the form action to a separate page and handle the submission from there.

Or is it possible to use perch_form via api? that would solve my issue too

Drew McLellan

Drew McLellan 2638 points
Perch Support

How about the technique I suggested - is that workable?

You are more than right with the spam opportunity: it's even possible to edit said "to" input field in the DOM and then send to any email address you like.

In my case it's not possible to obfuscate the to address in the way you mentionned (they are always different, no domain pattern), but also if I used some other pattern (*@*.*), that would still bear the same spamming opportunity.

Making a long story shorter: I'm just looking for this:

perch_form('project_contact.html', [
Drew McLellan

Drew McLellan 2638 points
Perch Support

That's not something the Form app does. There's a big opportunity for a third party developer to go further with forms.

If said developer is to be me, I'm just unable. I can hack it, but not provide a lasting solution. If I'd succeed in hiring someone to enable php options in the forms, and it's done well, would you consider incorporating it, or would that stay a fork anyway?

Ok, I've noticed that said data is needed after submitting, so that's the reason why it's more complicated that it appears at the first look.

I've hacked in a hook that looks up the collection again before sending the email and takes the desired value from there. Not perfect, but it does the job. Cheers.

Rachel Andrew

Rachel Andrew 394 points
Perch Support

Please remember that we can't offer support once you have edited Core Perch files or the files that make up an official add-on. We'd advise against hacking at these files anyway as you render your installation difficult to update.

If you wish to create your own add-on then you can do that using the Perch API. That's why an API exists - to enable people to safely build on top of Perch.

True that. Do you know of a community app that extends an official app? That would be a good starting point to learn from.