Skip to end of metadata
Go to start of metadata

Looking to deploy this locally?


This uses the PHP mail() function, not PHPMailer. It is not vulnerable to this.

How to update for the next year

  1. Prepare the new images
    1. Full size images should be 437x622px or 622x437px
    2. Thumbnails should be 216x152px or 152x216px
    3. VC full size image should be 700px wide
    4. VC thumbnail should be 216px wide
  2. Update the card images in the current year folders:
    1. /seasonal/images/cards/2013/
    2. /seasonal/vc/images/cards/2013/
  3. Copy the cards folders for the current year and rename them for next year (this ensures it continues to work over the Christmas holiday):
    1. /seasonal/images/cards/2014/
    2. /seasonal/vc/images/cards/2014/
  4. Make any other changes if required



Code and resources

Code is in an svn repository:

Code is on the web drive:

with the header and footer in the CMS:


These are on the w: drive (a location that the web server can write to) at:

They are locked down to www:info-webed.


  • A web page displaying thumbnails of the cards
    • If not signed in to SSO, displays a button to log in to send a card
    • If signed in to SSO, displays a simple form for sending a card to a single email address
    • Has an option to preview the card

  • A page that provides a preview of the card that will be sent
  • Displays the chosen image, recipient's name, message and sender's name (passed in as parameters from index.php)
  • Uses phpCAS

  • A script to process the form submission
  • Uses phpCAS
  • Process the form data
  • Tests if the data is valid
    • If valid data, sends the email and sets a message to be displayed
    • If bad data, sets a status variable
  • Redirects to the index.php page

  • A script with functions used in the other PHP files
    • Form data processing code
    • Email creation and sending code

Contains functions which:

  • Restrict access to the VC system
  • Process and validate the form data
  • Test email addresses for validity
  • Remove possible XSS code
  • Construct and send emails

Sending cards from the VC

There is a separate system to allow the VC's office to send a card from the VC to many email addresses at once.

The setup is similar to the generic system but has differences:

  • The access is restricted to specific usernames
  • The card is a pre-made image so no custom text is used
  • The form has one input, a textarea, for a comma separated list of email addresses
  • The form processing checks for invalid email addresses
    • Emails are sent to valid email addresses
    • Bad email addresses are displayed to the user after submitting the form

Going live

Moving from test to live we need to:

  • Change the URLs from test.bath to www.bath in:
    • /seasonal/process_index.php
    • /seasonal/site-components/php/functions.php
    • /seasonal/vc/process_index.php
  • Uncomment the rules for /seasonal/ in /opt/www/apache2/conf/cms-aliases.conf
  • Comment out the rule for /seasonal/ in /opt/www/apache2/conf/httpd-vhosts.conf

Taking offline

  • Comment out the rules for /seasonal/ in /opt/www/apache2/conf/cms-aliases.conf

Make available on test

  • Uncomment the rule for /seasonal/ in /opt/www/apache2/conf/httpd-vhosts.conf
  • Change the URLs from www.bath to test.bath in:
    • /seasonal/process_index.php
    • /seasonal/site-components/php/functions.php
    • /seasonal/vc/process_index.php
  • No labels