Retailers area for our site?

[Painted Hills NB]

Our Retailer's Info page is separate from our online store so that the general public does not order POS materials. We use an email submission form for this activity.

Everything was working just fine on the page until we added a field for the customer's email to the form.

The objective was that in addition to receiving the order, we would obtain their email address from the form and they would receive an order confirmation email.

Unfortunately after adding the code to create the field in the thankyou.php and updating the EZ-pages/Retailer Info nothing works.

I understand that since our form has:

<input name="toEmail" type="hidden" value="[email protected]" />

It is sending to thankyou.php a different variable which we need to assign with a POST, such as:

$toEmail = $_POST['toEmail'];

Then we would have to get that added to the $to variable somehow so that it will send to both email addresses. Any ideas?

[DrByte]

This isn't an answer to your question, but it's something you need to seriously pay attention to ...
By putting the email address into your form like that, you're telling bots, search engines, and malicious hackers not only your email address to spam, but also giving them a way to abuse your server to send spam to any mailbox they want to by simply hacking/altering the form html and submitting it with an outside automated/robot to send crap to anybody's email address anywhere .. and make it look like it came from you!

All the recipient addresses should be added server-side, not browser-side. I suggest rewriting things to do that, and at the same time make the changes you've just posted about also.

[Painted Hills NB]

This isn't an answer to your question, but it's something you need to seriously pay attention to ...
By putting the email address into your form like that, you're telling bots, search engines, and malicious hackers not only your email address to spam, but also giving them a way to abuse your server to send spam to any mailbox they want to by simply hacking/altering the form html and submitting it with an outside automated/robot to send crap to anybody's email address anywhere .. and make it look like it came from you!

All the recipient addresses should be added server-side, not browser-side. I suggest rewriting things to do that, and at the same time make the changes you've just posted about also.

DrByte, thank you for the head's up. This is a site I inherited and have been asked to update existing pages. I am open to suggestions. Is there an add on plugin that would resolve this issue?

[Painted Hills NB]

What I'd really like to do is add these items as a new category but have them list on a separate page from our online store. I believe this would resolve the issue DrByte brings up. Can this be done?

[Ajeh]

Couple options that you might consider ...

1 Mark the products Call for Price, if you do not already use this feature of Zen Cart, and change the image and text to infer: In Store Only

2 Use a different Product Type such as: Document Product, if you do not already use this feature of Zen Cart, and turn off the ability to Add to Cart on this Product Type ...

Now, you have the advantage with either method where you can do the Category separation or enjoy the ability to add Products to any Category and these features will prevent the buying of the Products, which is your goal online but gives the added feature of All customers can see them, the spiders add them to search engines etc. to encourage folks to Call you or Visit you at your off line store ...

[Painted Hills NB]

Ajeh,
Thanks for the suggestions. I'm researching these in the e-Start book. Since this may allow us to create separate Documents side-box this may overcome the objections to having these listed in the store.

Appreciate the input. Will keep you posted on outcome.

[Painted Hills NB]

Couple options that you might consider ...

1 Mark the products Call for Price, if you do not already use this feature of Zen Cart, and change the image and text to infer: In Store Only

2 Use a different Product Type such as: Document Product, if you do not already use this feature of Zen Cart, and turn off the ability to Add to Cart on this Product Type ...

Now, you have the advantage with either method where you can do the Category separation or enjoy the ability to add Products to any Category and these features will prevent the buying of the Products, which is your goal online but gives the added feature of All customers can see them, the spiders add them to search engines etc. to encourage folks to Call you or Visit you at your off line store ...

Pitched this solution to the powers that be...no go. So, I am back to the original issue. Is there a way to fix the current form and (taking in DrByte's observance) make it secure? Is there another form solution? Is there a coder for hire? This is top priority/urgent for us.

Thanks in advance for your assistance.

[Painted Hills NB]

This isn't an answer to your question, but it's something you need to seriously pay attention to ...
By putting the email address into your form like that, you're telling bots, search engines, and malicious hackers not only your email address to spam, but also giving them a way to abuse your server to send spam to any mailbox they want to by simply hacking/altering the form html and submitting it with an outside automated/robot to send crap to anybody's email address anywhere .. and make it look like it came from you!

All the recipient addresses should be added server-side, not browser-side. I suggest rewriting things to do that, and at the same time make the changes you've just posted about also.

Welp, DrByte...you did warn us that we were inviting trouble with our form located here http://www.natural-beef.com/index.ph...eea98f6eeb7715
On Monday between 2:35 pm and 8:09 pm we received about 21 requests filled with gobblety-goop. So now, non-programmer that I am, I am looking for a remedy.
I found this information. Is this what you mean when you suggest rewriting things?
http://support.cmspath.com/kb/editin...-emailed-to-me

Thank you once again for your assistance.