I'm playing with a new service's very simple API and I'm just curious if its possible to send an xml-rpc request directly from an html form. The api request example is this:
<?xml version="1.0"?>
<methodCall>
<methodName>send</methodName>
<params>
<param><value><string>YOUR_API_KEY</string></value></param>
<param><value><string>msg#mycompany.com</string></value></param>
<param><value><string>5551231234</string></value></param>
<param><value><string>Test Message from PENNY SMS</string></value></param>
</params>
</methodCall>
And my current form iteration is this:
<form method="POST" enctype="text/xml" action="http://api.pennysms.com/xmlrpc">
<input type="hidden" name="api_key" value="MYAPIKEY"/>
<label for="from">From</label>
<input type="input" name="from" value=""/>
<label for="phone">Phone</label>
<input type="input" name="phone" value=""/>
<label for="text">Text message</label>
<input type="input" name="text" value="">
<input type="submit" value="Send"/>
</form>
Not without involving either Javascript or server code. The "enc-type" attribute specifies the format that the form data is sent to the server in, and unfortunately "xml-rpc" isn't in the list of accepted formats :)
No, this is not possible from plain HTML. The only standard encodings for submitting form data are application/x-www-form-urlencoded and multipart/form-data.
You can do this from JavaScript using an XMLHTTPRequest, though only to APIs on the same domain that the HTML came from. After a quick Google search, I found this AJAX XML-RPC client, though I've never used it so I can't vouch for it.
That might depend if the server is actually enforcing the enctype
For example using the technique shown here http://pentestmonkey.net/blog/csrf-xml-post-request you can do cross-site posts of XML POST data.
Related
how do I make a field that the client can send images to the database as if it were text?
<label for="email"><b>name</b></label>
<input type="text" placeholder="Enter Name" name="email" id="name" requir#the code to input text
but there is a similar way to input images?
A file input element will allow a file (including an image file) to be submitted in an HTTP request.
The form element will need to be configured to encode data in the multipart/form-data format.
<form action="example" method="POST" enctype="multipart/form-data">
<label for="file">Select image</label>
<input type="file" id="file" name="file">
<button>Submit</button>
</form>
How you handle this on the server will depend on the server-side language you are using.
As a rule of thumb, binary data like images are generally best stored on a file system or on a service like Amazon S3 and not placed directly in the database.
I would like for my page to have the green padlock signifying that it is secure. However, according to https://www.whynopadlock.com/ I need to change my mailto: form.
Here is my current HTML code:
<form action="mailto:myemail#gmail.com" enctype="text/plain" method="post">
<input type="text" name="name" placeholder="Name" class="name" required />
<input type="email" name="emailaddress" placeholder="Email" class="email" type="email" required />
<textarea type="text" rows="4" name="Message" placeholder="Message" class="message" required></textarea>
<button class="res" type="reset" value="Reset">Reset</button>
<input name="submit" class="butn" type="submit" value="ยป" />
</form>
How can I change this code to make my site more secure?
However, according to https://www.whynopadlock.com/ I need to change my mailto: form.
I don't see any claim regarding mailto: links at the site you reference.
And there is simply no HTTPS for mailto: links since writing a mail is done by a user specific application, which can be done a local mail client which is using SMTP for mail delivery (with or without TLS, depending on the settings of the client) or it can be done some web based mail application which might or might not be using HTTPS.
Apart from that using mail delivery to forward the data filled into a web form is probably not a good idea in the first place since it requires the user to have setup some mail application already - i.e. unusable for use with web kiosk, internet cafes etc. The common way is instead to have some backend at your site as form target, and this time you could use https://.
So my site is almost done but I'm stuck on the part of sending an email.
Everything works, when I fill in the fields. But it always gets saved as a draft so I don't receive the email.
Here is my html code:
This code is copied from a site.
<form action="mailto:myemailadress#gmail.com" method="post" enctype="text/plain">
Name:<br>
<input type="text" name="name"><br>
E-mail:<br>
<input type="text" name="mail"><br>
Comment:<br>
<input type="text" name="comment" size="50"><br><br>
<input type="submit" value="Send">
<input type="reset" value="Reset">
</form>
action="mailto:myemailadress#gmail.com" <-- This is not correct.
You'll have to point your post submission to a handler php file that will process the form request and submit the email.
Now, some host providers do have a php mailer to make us things easier, e.g godaddy https://www.godaddy.com/es/help/using-our-php-form-mailers-on-web-and-classic-hosting-8376 .
An example of php mail handler for forms can be found here http://www.freecontactform.com/email_form.php . It has some validation code too.
There is a possibility that you're using a server that doesn't support PHP but ASP, .NET, Node.js or some other, in that case i can't help you because i'm not familiar to none of them :)
I am making a website and I want one of the pages to have a form where they write their contact information and then have it sent to me when they press the submit button. I tried doing it in HTML by using this code
<form action="MAILTO:XXXXX#XXX.com" method="post" enctype="text/plain">
And then I have the form entries and a submit button. I enter some random details but it never sends me an email.
Here's my form entries if it means anything
Name:<br>
<input type="text" name="name" value="your name"><br>
E-mail:<br>
<input type="text" name="mail" value="your email"><br>
Comment:<br>
<input type="text" name="comment" value="your comment" size="50"><br><br>
<input type="submit" value="Send">
<input type="reset" value="Reset">
</form>
As others stated in comments above, you're mixing up 2 things. You have 2 options going forward.
Option 1 is using a server-side language like PHP to send the e-mail. This is a bit harder to do, but it allows you to have a form on your page like you describe in your question. In this case, you'd have to change the action attribute of the <form> to the path to the (PHP) page/file that will process the POST request. Here's a tutorial on how to send e-mail in PHP.
Option 2 is to get rid of the form and replace it with a link that will boot the user to his e-mail program with the To: field already filled out. Obviously, this will only work if the user has a local e-mail program set up. It's usually not compatible with webmail (like Gmail, Outlook.com...). However, it can be implemented in a single line of code:
Should you opt for option 2, you can just replace the <form> element with the following code snippet, which will produce the link:
your-address#example.com
Note that in the snippet above, I repeated the e-mail address as the text of the <a> tag. This ensures that people who use webmail can copy-paste the e-mail address in the web app.
So my question is when we use the following code:
<!DOCTYPE html>
<html>
<body>
<h3>Send e-mail to someone#example.com:</h3>
<form action="MAILTO:someone#example.com" method="post" enctype="text/plain">
Name:<br>
<input type="text" name="name" value="your name"><br>
E-mail:<br>
<input type="text" name="mail" value="your email"><br>
Comment:<br>
<input type="text" name="comment" value="your comment" size="50"><br><br>
<input type="submit" value="Send">
<input type="reset" value="Reset">
</form>
</body>
</html>
What I'm asking is:
does this actually send an email to someone#example.com? if so how?
No, the browser fetches the default mail client. It does not automatically send the e-mail, it simply shorthands the process of opening the mail client and putting certain values such as addresses in the header.
No the browser is not capable of sending email. Usually a server side language, like PHP or JAVA is used to send the email. You can find scripts where you can send the data to and it will send an email for you.
Sending an email is a complicated task requiring ports to be open and certain headers to be sent with the message describing the To, From, Subject, Body, and more fields.
mailto is a browser shortcut to enable links to be opened in the default client, that the user chooses.
Here's how you can send email using a PHP Script. If you do not have php on your server then you can not use this.
If you want to create an email template the mailto supports a few more parameters that can be passed along. Here's an example. If you use javascript you can have the user fill in the form, then when they click submit have it open an email, in their default client (including web emails), and have it prefilled for them to click send.