CMS Made Simple Forums

Hello,

I know I can use contact_form for a simple e-mail form or formbuilder module for one which has an option for selecting another possible receiver of e-mail (via the pre-defined subject). However, that's not quite I'm looking for. I'd like to have:

• E-mail addresses as links to the form (probably as forms with hidden inputs conaining unique identifiers),
• which would be obfuscated by javascript(something like already existing e-mail tag)
• and which, of course, can't be misused in any way (script/html injection or-how-exactly-it-is-called)

I think it could be done with the help of the database for e-mails and tweaking the contact_form and e-mail plugins, but I just wonder if anybody knows a better solution (or have it done already). Thoughts?

I think if I were to do that, I'd create the form(s), then where you have, say, the person's name, use a {cms_self_link} (I think that's how it's called) to link to the particular form.  To keep the email address hidden from bots, try and define a variable ($mail_to) for the email inside the script.  That way you can reuse a particular script, just setting the variable equal to different people's email. 

Bots looking through source code shouldn't be able to pick up the email address, but I can't say that for sure.  Someone else more knowledgeable about PHP might be able to help you there.

Thanks for response, but I'm afraid this wouldn't work.
Basically, there are two problems:
a) The spambots sniffing for the e-mail address. I decided to just obfuscate the e-mail address with Javascript, so that screen-readers don't have problem reading it.
b) Script/HTML Injection. AFAIK, contact_form is secure as for headers forgery (sorry for the language - meaning you can't forge the addressee in the text input). But if I want to send an e-mail by clicking on the link-address, I need means for sending an information which one of the addressee to choose! And I can't use e-mail address, even if it were separated - there's a danger it could be misused by a hostile form which would forge the addressee again. The risk can be lowered by obfuscating the parts of e-mail addressees, but this is not 100% secure.
I can accept getting spams, cause a) can't be avoided completely, but not allowing the abuse of the contact_form (b)).

The safe way consists of creating a list of addressees in the database and using the primary key number as the means which one of the addressee in the list to choose - the link would hand this number to the contact_form script, which would connect to the database.

However - how to implement it in the site admin? Create a UDT, which would search the database for the e-mail addressee (given by the smarty tag from the user) and if not found, it should create the one? Looking like a good solution, but it has some disadvantages - the worst would be a lot of queries if there are more e-mail links on one page. Another would be to implement a drop-down menu in the content » pages » update page, which wouldn't slow the performance on the frontpage. On the other hand, hacking the admin is something I doesn't like very much...