I am sending an HTML email. In the content of that email, I have a submit button.
How do I make sure that the submit button was clicked by the same person to which the email was sent to and not some other person?
In order to achieve that, I will need to parse the email header and extract the email id from it using Javascript.
In short, how can we parse the email header in our Javascript code?
When you send an HTML email, you are just displaying an HTML formatted document to the user through their email client.
The Javascript code cannot parse the email header, in this case, since, the Javascript interpreter lies in the HTML document and doesn't know anything about the email. Anyways, if you want to retrieve the email id from the email header of an email which you have sent yourself, what don't you store it at the time of sending? But, this actually doesn't serve the purpose properly.
You cannot make sure that the submit button was clicked by the same person, since, he can always share the HTML document with somebody.
This type of authentication is not possible. Maybe, if you tell us the problem which you want to solve by this authentication, we can come up with some other form of authentication.
you cannot run JavaScript from your mail but you still can submit forms.
for tracking users you can add to the form action URL the query string with some random number and save this number in a BackEnd before composing the email.
if you have multiple recipients, you have to send the same mail multiple times to 1 recipient at a time with different tracking number in the form.
Related
I am currently studying web development at college and part of my course is to create a website for a mobile company that sells phones and they sell them online.
I'm trying to create a login and signup form but currently struggling to get my form to identify and use the email that the user inputs to send an email to them verifying that they have submitted is it possible and if so any help would be appreciated.
What I will suggest is in your server backend, whether it be PHP, NodeJS, etc
that you register the user in your database and have a boolean value named
'validated' true|false
set default to false, also generate a unique hash and assign it to that user under something like
'validate_hash':gnOOBhgenl2g432noug24g42
Use whatever function your backend server provides (or a library) to generate a unique has, and save this to the newly registered user
Then use a mail function to email the user with a link that will 'verify' them, by adding the unique has to a post url like this:
example.com/register/verify?hash=gnOOBhgenl2g432noug24g42&email=example#mail.com
Obviously you will have to create a script at that location and handles the link and checks the hash value given against the mail provided in the database
If the hash value matches, you can update the users status to
'verified'true
And they can now access services normally.
Majority of this wont need fancy outside libs or complicated coding, just follow what I suggested and google the things I mentioned if you need to figure out a particular element, or comment/msg me!
Posting question in StackExchange for first time. Apologies if this has issues...
Need to track email open.
This is something not very new and the approach generally used is to have a pixel in the HTML which calls a server URL asynchronously. By using this we get the number of opens for an email.
Now the issue is the email is send to a Distribution List (DL) and we have a requirement to track email open and also clearly state who has opened it..
Basically when a hit to server comes, it should says xxxx#mail.com has opened this email.
In my HTML if i have a way by whcih to capture the email headers, my requirement would be sorted... I would use Javascript to get the email headers and then when i call the server URL i will send across the details...
When i searched i found a POST which was doing something similar...
Read email headers in Outlook Web Access (OWA)
But this was for office application...
Also, i am not sure whether this would even work...
Any pointers is well appreciated....
I am specifically at the moment looking for exchange server...
In my HTML if i have a way by whcih to capture the email headers
You don't.
I would use Javascript to get the email headers
You can't run JavaScript in an HTML formatted email
The only identifying information you can get back from the email is the information you put it in it in the first place.
You can put a unique ID in a tracking pixel (increasing the chances of it being marked as spam) but that ID will be given to anyone who gets a copy of the email (including if it is forwarded automatically by a mailing list or manually by a reader). The tracking will also fire only if the image is loaded from the server (plenty of people keep email image loading turned off).
There is no way to find out who your email actually ended up with.
I would like to use Google script to send an email (from a form) to include an accept/reject button.
I currently know how to send an email automatically from an updated form. However, I wish the email to have two buttons which either accept or reject the new form (it's a form for requesting annual company leave).
I can get the email to mention start and end dates, etc., but I don't know how to include buttons.
Thanks in advance.
Gavin.
I have an email sign up form generated by our ESP plugged into a webpage. When the user clicks submit, it takes them to a custom confirmation page we have created. I would like to display the email address they submitted on the confirmation page, so it says something like, 'Thanks for joining, you will now receive emails at [email address]'. Our ESP does not provide a way to do this. Is there is a simple way I can grab the email address from the form and pass it to the next page with JavaScript?
I've tried the solutions presented here, but if I try to update the form tag, the form breaks: http://www.webdeveloper.com/forum/showthread.php?232612-Pass-Variables-from-one-page-to-another-JAVASCRIPT-HTML
I found this article online but I don't understand how the cookie will record only the email address or how to retrieve this information on the next page: http://webdesign.about.com/od/cookies/a/aa083198.htm
Here is the current form code on my page:
<script type="text/javascript" src="https://app.e2ma.net/app2/audience/tts_signup/1723547/4d1180e592869543e75486faa4eb9d23/37406/?v=a"></script>
<div id="load_check" class="signup_form_message">
This form needs Javascript to display, which your browser doesn't support. Sign up here instead
</div>
<script type="text/javascript">signupFormObj.drawForm();</script>
I have very limited understanding of JavaScript and no understanding of PHP so the more specific reply you could give, the better. Any help is greatly appreciated. Thank you.
since you are submitting a form, hence have access to the email adress on the server side, why don't you just output it?
Javascript looses connection between pages as soon as it unloads. Your attempt to do this with javascript is WAYYYYYY to complicated for something HTML1 was able to do.
How do I save html registration form data into a JSON file then log in based on it, without using any server side scripting languages? I want to use only Javascript and jQuery.
HTML file "simple form" contains:
First Name, Middle Name, Last Name, User Name, Password, Confirm Password, E-Mail, Phone
When a user enters his data and clicks the register button, his data will be saved in a JSON file on the server. I have created this JSON file on the server as:
C:\inetpub\wwwroot\usersData.txt
And based on this file usersData.txt, when another user wants to register, I need to check the that user name is unique, if it is a unique user name, save his data back to the JSON file.
I also need to know how to update the password in the JSON file when I use a hypothetical change_password() JS function.
Under normal circumstances, you should not be able to modify files on the server from client side scripting. Allowing that would let a malicious user put anything into that file, or, depending on configuration, any other file the server can access.
Doing only authentication client side is also problematic. If the client can download the userData.txt, the malicious user would know every user's email, password and phone number; using the email and password he could probably login to the user's email account, and another bad stuff can happen, so please don't do it!
So, there's no way to properly do it clientside...
I think you would be better served by not bothering to collect the data -- client-side authentication can never be trusted. Don't try to build a system that pretends to be safe. Instead, make the insecurity very obvious: store the username in a cookie and let any user type any username into whatever field sets the username cookie. (The cookie is just so they don't have to re-type it all the time.)
If you don't care about security be upfront and honest about it.
If you plan to do authentication on the server side, which you really really really should, you have to have something listening on the server, either your code or delegate the authentication to some other system. There's no way to magically update a file on the server from javascript running in the browser.