I have a script that currently does several things. It creates a user account in Active Directory, writes data to a SQL table and sends an email to the account requestor with the account's user name and password.
We'd love to add a hyperlink to that email so that the requestor can click to view their original request form, but I can't quite seem to get the syntax right.
Because double quotes are used in the PowerShell syntax as well as the HTML link, I defined the link as a variable and inserted that variable into the -body section of the email to eliminate double quote confusion, though this may not be necessary.
Can anyone help me insert a link in this email?
Many thanks!
CURRENT COPY:
"The user account you requested (request #$ReqID) has been created."
We'd like $ReqID to hyperlink to the Web form.
THE VARIABLE I'VE DEFINED:
$link = '$ReqID'
But it displays in the email body like this:
The user account you requested (request #$ReqID) has been created.
Help?
Swap your quotes around, i.e.:
$link = "<a href='http://tsturl/detail.aspx?reqID=$reqID'>$ReqID</a>"
Or do:
$link = '$ReqID'
$link = $ExecutionContext.InvokeCommand.ExpandString($link)
Further to your comment, if you want the mail body to render as HTML, an thus display a link, then you'll need to tell your mail client that the body is HTML. $link is just a plain old string and doesn't know that it's HTML.
From your previous question, I'm guessing you're using the Send-MailMessage cmdlet. If so then you need to specify the -BodyAsHtml switch.
Related
For my website, i use a free template form startbootstrap.com, in this template there is a "Send Mail" button, i tried to get it running, but it doest, work. How can i make it work?
I have already changed the mailto#something.com to my real email and it didnt work. I am not very experienced in web developing, so it might be a very simple thing. Any help would be much appreciated
Here is the code section for the email part: \n
The only line i changed was :
action="mailto:myreal#mail.com" method="POST" enctype="text/plain">
This section tells me that i should configure my web server differently if things dont work, how would i do that
<!-- The form should work on most web servers, but if the form is not working you may need to configure your web server differently. -->
I expected this part, to just send an email to me from the provided email addres with the given content, but when i try to run it it says:
Sorry, it seems that my mail server is not responding. Please try again later!
Thanks in advance!
I don't know which template you have chosen, but with "Freelancer" there's a contact_me.php located under mail folder, where you should configure this part:
$to = "yourname#yourdomain.com"; // Add your email address inbetween the "" replacing yourname#yourdomain.com - This is where the form will send a message to.
$subject = "Website Contact Form: $name";
$body = "You have received a new message from your website contact form.\n\n"."Here are the details:\n\nName: $name\n\nEmail: $email\n\nPhone: $phone\n\nMessage:\n$message";
$header = "From: noreply#yourdomain.com\n"; // This is the email address the generated message will be from. We recommend using something like noreply#yourdomain.com.
$header .= "Reply-To: $email";
Since you need php and mail server for this to work, after configuration you can deploy it to a server like xampp or wampp if you'd like to test it locally or just copy it to a real webserver.
I am developing a Cordova App, and I use a URL parameter to manipulate or control my pages. e.g.:
file:///App/www/index.html?goto=profile
What I am trying to do is to remove the goto parameter from the URL.
An example use case: the user login using a temporary password. When the user logged in successfully the app will point them to the "change password" page, which is represented by a parameter on the url - ?goto=profile. Now the url has this parameter.
The problem here is that two parameters are set; ?goto=profile and ?goto=messages (directed the user on his inbox page). So the url now would be file:///App/www/index.html?goto=profile?goto=messages.
How to remove the ?goto=profile in the url without reloading the page?
to add multiple search query parameters, concatenate them with an ampersand (&). e.g.:
file:///App/www/index.html?goto=profile&goto=messages
if you don't want multiple parameters (they have the same name, so i presume you only want to replace the goto parameter value), just overwrite it.
i don't know the implementation used for routing, as you did not specify it in your question, but with plain javascript, it'd be something like this:
location.search = 'goto=messages';
I have created a form that contains the following within its <form> tag:
<input type="hidden" value="<?php echo $user_id ?>" name="author">
The problem I see here is that users can easily inspect element and change the value... and when doing so, affect how that value is processed in the form.
How do people make this type of form processing more secure so that users can't alter values?
The problem I see here is that users can easily inspect element and change the value... and when doing so, affect how that value is processed in the form.
Your application should not allow any such action without full server-side authorisation checks.
If the user is not supposed to be able to change the author value, you shouldn't even bother read the author value in the form submission, take the value you originally put into the form. If the user is supposed to have limited ability to change the author value (eg. only Administrator users can change the author), then check to see if the author value is allowed for the current user, and if it isn't then generate an error.
How do people make this type of form processing more secure so that users can't alter values?
The user is completely in control of what happens on the client-side, you can't make a browser take that control away from them. The security control must be on the server side.
(Some comments are suggesting encryption to protect a value given to a user, but this is much harder to get right than it looks. Applying an encryption function alone is no protection against tampering at all; to do that you need message signing and some connection between data in the signed message and the user/session and field purpose so the user can't just paste in an encrypted value they find elsewhere. Don't go this way until you really need to, the road is littered with corpses.)
<?php echo $user_id ?>
BTW you should use htmlspecialchars() when echoing any variable data into an HTML template otherwise you are vulnerable to HTML-injection (XSS).
I'm not the php crack but I would use something like
<input type="hidden" value="<?php echo encrypt($user_id, $secret) ?>" name="author"/>
where encrypt() should be a php encryption function (maybe How do you Encrypt and Decrypt a PHP String? will help...
On the server side you may use
$user_id = decrypt($POST["author"], $secret)
If conversion fails, somebody did something. To even harden your data, you could add some checksum field to cover the complete data set of hidden values. .NET ASP.NET does something similar with their data passed to the client as part of a form...
I am using Active admin to save my email templates. I am also using Mail Gun to send my emails.
The whole process works absolutely fine if I define my email boday as text such as:
body = "This is the text in my email"
If however I attempt to use the template I made in my active admin like so:
body = load_rendered_template("new_quote_email")
I get the error: wrong status line: '<html>'
The app is using SSL would this have anything to do with it? This is the same error both in production and development.
Issue:
An authentication server (not under my control) is stripping get values after the first from the returnUrl. Is there any way to work around this? (Or around the larger problem as a whole?)
e.g. http://authentication.corporate.com?returnUrl=http://localserver/addcomment.php?FirstName=Sally&SecondName=Sparrow redirects as http://authentication.corporate.com?returnUrl=http://localserver/addcomment.php?FirstName=Sally, stripping any subsequent $_GET values.
(I am led to believe through my research that the stripping of the $_GET values may be an issue with what the authentication server is doing, but I have no way of getting access to it. If this is the case, is there a workaround? If this is not the case, what am I doing wrong?)
Context:
I am writing part of a web application which is to allow users to add comments to documents. The web application must retrieve the user's (correct) corporate username, first name and last name.
I am updating a previous version of this web application which allowed users to add comments in a two-step process.
Step 1 After clicking an 'Add Comment' hyperlink, the user is authenticated and a returnUrl value directs them to a page where they may add their comment. http://authentication.corporate.com?returnUrl=http://localserver/addcomment.php
Step 2 In addcomment.php $_POST values have been retrieved (and confirmed as correct) from the authentication server. The user may then enter their comments in a textarea and submit them via action=post to a final page which inserts the comment and user information into a database.
I would like to reduce this to a one-step process where the user may type in a comment on the main page. The way I am attempting to do this is by passing the comment as a $_GET value to be returned via the authentication server. e.g. http://authentication.corporate.com?returnUrl=http://localserver/addcomment.php?FirstName=Sally&SecondName=Sparrow along with the $_POST values.