I have a static site that uses a contact form to get users in touch w me.
When it comes to posting the form data I want it to arrive in my email.
I'm looking for a clean eloquent solution here. I don't want to use any services that cost money such as fromspree and fromkeep.
I've looked into using Nodemailer and Express but since my site is a static site it really doesn't make sense to go set up these tools just for a contact form. I know PHP is the usual way to go about this type of request and I found this tutorial here.
If I where to use this tutorial any ideas on how I would modify it to use
the PHP lib that SendGrid developed to work with my simple form?
There is another approach to dealing with static site contact forms via hacking google forms through google apps script.
Any suggestions here? Or best known methods you for me to use?
You asked for services that do not cost money and you mention 'sendgrid' so I presume you don't have too many subscribers.
You can use SendGrid by using only client side JavaScript but you will have to put your password\api for anyone to see, that's a bad idea.
For static site I think you can use MailChimp. Just open a free account and you can use their integrated form to submit the forms to yourself.
If you don't want any third party, or SendGrid specifically, you should have to go with server side code. (NodeJS recommended, php also an option)
Update: sendgrid no longer provides a free account. You can go for mailjet instead.
Update: Today sendgrid support Signup forms too
Related
I am looking to send emails to users showing all of the new posts the people they follow had in the last week. I have the site looking as I want, is there a way to embed the html from a website into an email using an API?
Some examples of this are when Facebook sends you an email with all of the recent posts your friends have had, or when Asana sends each user an email with their outstanding tasks.
Anyone have a good idea on how to tackle this?
I have tried using mailchimp and a few competitors to see if I could just pass them the posts for each user but after talking to their support it doesn't seem possible
You could use EmailJS in order to do this, which is a service providing you an API to send eMails based on templates you can create using their UI. The bad side is that it adds Sent by EmailJS at the end of the mail if remember correctly.
Or you can build your own API with Express on NodeJS (or anyother langage: PHP, Python..) and use a library like nodemailer.
Hope it helps :) Good luck !
I'm in the process of migrating one of the applications from old system in separate/new system. My Single Page App is built in JQuery/HTML5/CSS/AJAX on the front end and ColdFusion on the back end. Before I start developing my new framework and login page I was hoping for some helpful hints on security and best practice for this purpose. I saw blog post by Raymond Camden where he explained how Login page can be done in JQuery/AJAX and ColdFusion.
Link: https://www.raymondcamden.com/2009/03/24/Simple-example-of-a-Form-post-to-ColdFusion-with-jQuery-Login/][1]
He explained the process but I'm wondering about next few things. My main Login page should I use .html file or .cfm file for login page? Also is there any security risk by doing login process through Ajax from submission? I don't have experience in creating Login system and any help would be appreciated. If anyone can provide some useful blogs or code examples that will help in this process please let me know.
I would love to write this as a comment but the question requires a long answer and can be approached many different ways. Please take this with a grain of salt.
Generally, what I have found is the best practices when dealing with any user input especially when the input is being captured in a specific database is the following things:
Client Side Validation (can be done with JavaScript or HTML5 required attribute, if done correctly can increase security on login form and prevent cross site scripting attacks)
Server Side Validation (can be done with ColdFusion)
Using prepared statements (this is extremely important) against whatever database you decide to use. This can be done with ColdFusions <cfquery></cfquery> tag and make sure to add param for one of the attributes. Documentation is here:
https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-tags/tags-p-q/cfqueryparam.html
As for the file, it's subjective because you can have your client side validation on let's say your login page and if they pass client validation, it'll get redirected to a .cfm file that'll perform a server validation. Or you can just have both client side and serverside validation on a single file in which case the file would need to be .cfm
As for your question about the ajax form submission. Yes their are security risks which plays a big role in how you would write your server side validation
When you're performing checks against your database. The most important thing is making sure you sanitize your query inputs whether it be authenticating a user, adding, updating or deleting from the database.
Why not use the API manager to do this for you? (it comes free with CF2016 enterprise)
Otherwise lookup the OWASP functions and form security sections of the docs.
I am at the stage where I am thinking of integrating a social login method into my site. Of course my first one will be the facebook login before moving onwards.
Basically my question is : Which language is best for this type of OAuth connection, and which is going to let me do everything I want?
This will encompass all OAuth connections in general eventually, but specifically Facebook for now.
From what I have read of the documentation, the JavaScript SDK allows you to login, and connect to the open graph API - which in turn will allow me to post / upload etc etc. This is also available in PHP.
From experience which is the more durable route to go?
PHP or JAVASCRIPT
The best and recommend way to authorize users is the JavaScript SDK (FB.login). No redirect needed (better usability), very easy to handle, no PHP needed (the new PHP SDK needs PHP 5.4+). Use PHP only for stuff that involves usage of the App Secret or Extended Access Tokens. And for cron jobs, obviously. You can even just forget about the PHP SDK and use your own CURL calls.
Btw, security is no problem, you should just activate "appsecret_proof" in the App Settings.
More information about appsecret_proof:
https://developers.facebook.com/docs/graph-api/securing-requests
http://www.devils-heaven.com/facebook-php-sdk-4-0-tutorial/
One more reason (and one of the most important ones) is the possibility to refresh Access Tokens (=User Sessions) easily without page refresh by using FB.getLoginStatus.
And another reason is that you need to upgrade to new PHP SDK versions on your own. The JavaScript SDK does not need any upgrades, in the lase few years you only had to change one or two parameters in some cases, the SDK gets downloaded from the Facebook servers.
Also, if you add Social Plugins, you need the JavaScript SDK anyway.
TL;DR PHP/both
I'd really recommend PHP. You'll want to store the login in database. If you do it via JS, you'll need to make an Ajax call to the server, which is not really that secure.
Having said that, they are targeted for different uses. JS is for frontend more, while PHP is for backend (db storage, checks, actual site login, etc). Using JS will let you generate the buttons on the fly, while using PHP you'll need to do some more coding.
Somehting else, the php library will get updated from time to time and you'll need to keep up after testing. JS also, but it's easier, since the code usually works.
If you only want one, use PHP. You can control what the code does and JS will not break your site since it's written by you. However, I'd recommend using both since you will probably want more than just simple login
Edit:
As facebook states, use PHP SDK: Usually this means you're developing with PHP for a Facebook Canvas app, building your own website, or adding server-side functionality to an app that already uses the Facebook SDK for JavaScript.
https://developers.facebook.com/docs/reference/php/4.0.0
The best route would be to use both, together. Some users might have javascript disabled or you might do something within your javascript code that will not work on some browsers. So as a fallback method you can use php api.
Going with only php would be solid and will work regardless of what the users client is, but you can make the user experience better with javascript.
Still, in most cases you'll end up having to use both.
I have just spent the afternoon playing with the JavaScript SDK for facebook and I have to admit I think this is going to be the best option for what I need.
If anyone else is reading this, it may not be perfect for you - but with the way my application has been built I think it is a perfect fit. Here is why :
My standard login system uses JavaScript to grab my form data, then validate, which then passes the validated data via AJAX to a PHP validation script. Which in turn returns a JSON response to the original AJAX call. If my call comes back with "ok" : true then we are good to go basically.
The way the facebook JavaScript SDK works is almost a perfect little jigsaw puzzle to bolt onto the system I am using. All I require is a little bit of profile data, to then keep a record of this user on my system. THIS is provided by facebook, then validated by myself.
However, other social network logins may not be as nice and simple to use as the facebook API, so I could end up changing my mind on the overall system. For now just using facebook, I think the JavaScript SDK is absolutely spot on, as it just gets the information for you to run through your own validation on site. As I said this is a perfect fit for my system however it may not be for yours.
I need to make a dead simple web application. Users hit a static HTML page and enter some basic info (name, and comment). When they hit submit, I want to store this info in either a CSV file or a sqlite on the hosting server. I know all of this is possible with django/python or ror/ruby but is there anyway to do this with just JavaScript?
Thanks in advance..
There's few ways to handle this, using just javascript. Which is to use a hosted Backend-as-a-Service.
You would need to make API calls on the client end, and will be able to connect to it without having to rely on a backend technology.
Most of these technologies are built for mobile, but you can still use it to build it on your static HTML pages. (cross browser issues may vary).
Here are some:
Firebase (https://www.firebase.com/docs/web-quickstart.html)
Parse (https://parse.com/docs/js_guide)
There's more out there if you google Backend as a service.
If you are looking for something more simple, just need to take information and store it (like a form), then I would suggest looking at these services:
Wufoo (http://www.wufoo.com/)
jotform (http://www.jotform.com/)
Hope it helps!
I'm creating a form. As of right now I have simple MAILTO form that just open the email client.
I wonder if there are any better ways of creating a form by avoiding using MAILTO? A nice client-side contact form which doesn't use MAILTO.
I can only use JavaScript and HTML. I can't use any server-side scripts.
What are the alternatives?
You could go a hosted route...there are a few options out there. You could suggest social media options (contact via Facebook, twitter, etc).
But email is nice too. As a user, I prefer contacting people via email rather than filling out another annoying form.
But as Kolink states, if you don't want to use email, you HAVE to have some sort of server-based system...be it your own or hosted elsewhere.
You can use a service like jotform or wufoo to handle the form, I know jotform will email you upon each submission if you set it up to do so. You can also use google docs to create forms that store to a spreadsheet, that way you can load it in excel or any other app that accepts csv files.
I just came across SquareSend.com.
Without any server-side scripts, there are precisely zero alternatives.