ChurchAssist Hosting

Plans & Features

Domain Registrations
Web Design
Hosting FAQ
Acceptable Use Policy
ChurchAssist Software
Ministry Assistant
Worship Assistant

Contact Us



Installing and Using FormMail

Note: the use of Matt Wriight's FormMail script is prohibited on our servers. This script has well-known security issues.

This walkthrough is based on nms FormMail, which is available here:

The compat version should be chosen, in either the .tar.gz or .zip format, depending on which is easier for you to extract.

After extracting the archive, open the script in your favorite text editor so the variables can be set. For most people, the default values will be sufficient, with the following changes:

Change the following value from 1 to 0 after the script is live. Do not leave the debug option set to 1 when the script is live.

Change the following value from 5 to the actual number of recipients your form is designed to mail. For most people, the maximum number of recipients will be 1.
$max_recipients = 5;

Change the following value to your own domain information.
@referers = qw( localhost);

For instance, if your domain name is, and your IP is, your referers would look like this:
@referers = qw( localhost);

Multiple items are separated by a space. Only the referers listed in this parameter will be permitted to use this script.

Change the following value(s) to the recipients of the form:
@allow_mail_to = qw(you@your.domain localhost);

Do not leave localhost in this parameter, as there is no valid reason for it. If the recipient can be any user at your domain, only the domain name (not a full email address) is required. This will permit the script to be used for multiple forms on the same site without a separate copy or complete list of allowed recipients. If there is only a single form, and only one or two recipients allowed, it is better for security reasons to specifically define those recipients in the script.

Change this value to either a style sheet in use on the site or to 0 or an empty string if no stylesheet is to be used:
$style = '/css/nms.css';

More advanced options are available for the script. Details for those options are available in the README file within the distribution package.

Save the file and upload to your account. Typically, scripts of this nature will be placed in the cgi-bin directory.

Rename the script to anything other than a variation of formmail.*, FormMail.*, or Formmail.*, as these names are filtered and cannot be used. Change the permissions on the script to 755 (rwxr-xr-x).

The script can then be called within the HTML code of the form. Code that previously used the systemwide form to mail script (/cgi-sys/FormMail.cgi) should be modified to use the new script instead. Typically, the POST code will be one of the following:

<form method="post" action="">

<form method="post" action="/home/myusername/public_html/cgi-bin/">

<form method="post" action="">

Many of the same values used by any generic or by the systemwide script, such as subject, redirect, and return link URL can be set within the code. Full details of all variables can be found in the README file included with the package distribution.

In the most general of cases, most people will need only set the variables in the script itself and then replace the code used to post the form data, as this script is designed to be a drop-in replacement for Matt Wright's script, which is banned on our servers - and which is what the systemwide FormMail clone is based on as well.

Form Configuration

The action of your form needs to point towards this script, and the method must be POST or GET. The form action line should be:

<FORM ACTION="/cgi-bin/scriptname" METHOD="POST">

There is only one form field that you must have in your form for FormMail to work correctly. This is the recipient field.

Field: recipient
Description: This form field allows you to specify to whom you wish for your form results to be mailed. Most likely you will want to configure this option as a hidden form field with a value equal to that of your e-mail address.

Syntax: <input type=hidden name="recipient" value="">

Optional Form Fields

Below is a list of form fields you can use and how to implement them.

Field: subject
Description: The subject field will allow you to specify the subject that you wish to appear in the e-mail that is sent to you after this form has been filled out. If you do not have this option turned on, then the script will default to a message subject: WWW Form Submission

Syntax: If you wish to choose what the subject is:
<input type=hidden name="subject" value="Your Subject">
To allow the user to choose a subject:
<input type=text name="subject">

Field: email
Description: This form field will allow the user to specify their return e-mail address. If you want to be able to return e-mail to your user, I strongly suggest that you include this form field and allow them to fill it in. This will be put into the From: field of the message you receive. If you want to require an email address with valid syntax, add this field name to the 'required' field.

Syntax: <input type=text name="email">

Field: realname
Description: The realname form field will allow the user to input their real name. This field is useful for identification purposes and will also be put into the From: line of your message header.

Syntax: <input type=text name="realname">

Field: redirect
Description: If you wish to redirect the user to a different URL, rather than having them see the default response to the fill-out form, you can use this hidden variable to send them to a pre-made HTML page.

Syntax: To choose the URL they will end up at:
<input type=hidden name="redirect"value="">
To allow them to specify a URL they wish to travel to once the form is filled out:
<input type=text name="redirect">

Field: required
Version: 1.3 & Up
Description: You can now require for certain fields in your form to be filled in before the user can successfully submit the form. Simply place all field names that you want to be mandatory into this field. If the required fields are not filled in, the user will be notified of what they need to fill in, and a link back. To use a customized error page, see 'missing_fields_redirect'

Syntax: If you want to require that they fill in the email and phone fields in your form, so that you can reach them once you have received the mail, use a syntax like:

Field: env_report
Version: 1.3 & Up
Description: Allows you to have Environment variables included in the e-mail message you receive after a user has filled out your form. Useful if you wish to know what browser they were using, what domain they were coming from or any other attributes associated with environment variables. The following is a short list of valid environment variables that might be useful:

REMOTE_HOST - Sends the hostname making the request.
REMOTE_ADDR - Sends the IP address of the remote host making the request.
REMOTE_USER - If server supports authentication and script is protected, this is the username they have authenticated as. *This is not usually set.*
HTTP_USER_AGENT - The browser the client is using to send the request.

There are others, but these are a few of the most useful. For more information on environment variables, see: The CGI Resource Index: Documentation: Environment Variables

Syntax: If you wanted to find the remote host and browser sending the request, you would put the following into your form:
<input type=hidden name="env_report" value="REMOTE_HOST,HTTP_USER_AGENT">

Field: sort
Version: 1.4 & Up
Description: This field allows you to choose the order in which you wish for your variables to appear in the e-mail that FormMail generates. You can choose to have the field sorted alphabetically or specify a set order in which you want the fields to appear in your mail message. By leaving this field out, the order will simply default to the order in which the browsers sends the information to the script (which is usually the exact same order as they appeared in the form.) When sorting by a set order of fields, you should include the phrase "order:" as the first part of your value for the sort field, and then follow that with the field names you want to be listed in the e-mail message, separated by commas. Version 1.6 allows a little more flexibility in the listing of ordered fields, in that you can include spaces and line breaks in the field without it messing up the sort. This is helpful when you have many form fields and need to insert a line wrap.

Syntax: To sort alphabetically:
<input type=hidden name="sort" value="alphabetic">
To sort by a set field order:
<input type=hidden name="sort" value="order:name1,name2,etc...">

Field: print_config
Version: 1.5 & Up
Description: print_config allows you to specify which of the config variables you would like to have printed in your e-mail message. By default, no config fields are printed to your e-mail. This is because the important form fields, like email, subject, etc. are included in the header of the message. However some users have asked for this option so they can have these fields printed in the body of the message. The config fields that you wish to have printed should be in the value attribute of your input tag separated by commas.

Syntax: If you want to print the email and subject fields in the body of your message, you would place the following form tag:
<input type=hidden name="print_config" value="email,subject">

Field: print_blank_fields
Version: 1.6
Description: print_blank_fields allows you to request that all form fields are printed in the return HTML, regardless of whether or not they were filled in. FormMail defaults to turning this off, so that unused form fields aren't e-mailed.

Syntax: If you want to print all blank fields:
<input type=hidden name="print_blank_fields" value="1">

Field: title
Version: 1.3 & Up
Description: This form field allows you to specify the title and header that will appear on the resulting page if you do not specify a redirect URL.

Syntax: If you wanted a title of 'Feedback Form Results':
<input type=hidden name="title" value="Feedback Form Results">

Field: return_link_url
Version: 1.3 & Up
Description: This field allows you to specify a URL that will appear, as return_link_title, on the following report page. This field will not be used if you have the redirect field set, but it is useful if you allow the user to receive the report on the following page, but want to offer them a way to get back to your main page.

Syntax: <input type=hidden name="return_link_url" value="">

Field: return_link_title
Version: 1.3 & Up
Description: This is the title that will be used to link the user back to the page you specify with return_link_url. The two fields will be shown on the resulting form page as:
* return_link_title

Syntax: <input type=hidden name="return_link_title" value="Back to Main Page">

Field: missing_fields_redirect
Version: 1.6
Description: This form field allows you to specify a URL that users will be redirected to if there are fields listed in the required form field that are not filled in. This is so you can customize an error page instead of displaying the default.

Syntax: <input type=hidden name="missing_fields_redirect" value="">

Field: background
Version: 1.3 & Up
Description: This form field allow you to specify a background image that will appear if you do not have the redirect field set. This image will appear as the background to the form results page.

Syntax: <input type=hidden name="background" value="">

Field: bgcolor
Version: 1.3 & Up
Description: This form field allow you to specify a bgcolor for the form results page in much the way you specify a background image. This field should not be set if the redirect field is.

Syntax: For a background color of White:
<input type=hidden name="bgcolor" value="#FFFFFF">

Field: text_color
Version: 1.3 & Up
Description: This field works in the same way as bgcolor, except that it will change the color of your text.

Syntax: For a text color of Black:
<input type=hidden name="text_color" value="#000000">

Field: link_color
Version: 1.3 & Up
Description: Changes the color of links on the resulting page. Works in the same way as text_color. Should not be defined if redirect is

Syntax: For a link color of Red:
<input type=hidden name="link_color" value="#FF0000">

Field: vlink_color
Version: 1.3 & Up
Description: Changes the color of visited links on the resulting page. Works exactly the same as link_color. Should not be set if redirect is.

Syntax: For a visited link color of Blue:
<input type=hidden name="vlink_color" value="#0000FF">

Field: alink_color
Version: 1.4 & up
Description: Changes the color of active links on the resulting page. Works exactly the same as link_color. Should not be set if redirect is.

Syntax: For a active link color of Blue:
<input type=hidden name="alink_color" value="#0000FF">

Any other form fields that appear in your script will be mailed back to you and displayed on the resulting page if you do not have the redirect field set. There is no limit as to how many other form fields you can use with this form, except the limits imposed by browsers and your server.

More Documentation

The documentation for Matt Wright's FormMail.cgi might be helpful if you have never used FormMail before. It is available here.