I'm trying to stop the spam!! I run a few for all links pages , but the "spammers" are making it so i dont want to.
Check it out , I get 1000 aday.
http://www.ccds.addr.com/w
So what I was "trying" to do is, add a few protection measurse.
1. Have the abilty in the script to deny certian words (sex, make money, etc, etc)
2. DENY HTML/CSS
3. Deny anypost except from certian pages
example my page
my friedns page
Reason for this people have programs that add thousands of links everyDAY!!!! and never come to my page!!
I have tryed to make the mods, but i'm busy learning php. thanks
Script start
--------------------------
#!/usr/local/bin/perl
# Define Variables
$filename = "addalink.htm";
$linksurl = "http://www.ccds.addr.com/
$linkscgi = "links.pl";
$linkstitle = "Free for all Links Page";
$database = "database.txt";
# Done
##########################
# Get the input
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
# Split the name-value pairs
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9]
$value =~ s/<([^>]|\n)*>//g;
$value =~ s/<//g;
$value =~ s/>//g;
$FORM{$name} = $value;
}
if ($FORM{'url'} eq 'http://' || $FORM{'url'} !~ /^(f|ht)tp:\/\/\w+\.\w+/) {
&no_url;
}
if (!($FORM{'title'})) {
&no_title;
}
# Enter our tags and sections into an associative array
%sections = ("busi","Business","comp",
"ente","Entertainment","go
"pers","Personal","misc","
# Suck previous link file into one big string
open(FILE,"$filename");
@lines = <FILE>;
close(FILE);
$i=1;
foreach $line (@lines) {
if ($line =~ /\<li\>\<a href\=\"([^\"]+)\">([^<]+)
if ($FORM{'url'} eq $1) {
&repeat_url;
}
$i++;
}
}
# Open Link File to Output
open (FILE,">$filename");
foreach $line (@lines) { # For every line in our data
if ($line =~ /<!--time-->/) {
@months = ('January','February','Mar
'July','August','September
@days = ('Sunday','Monday','Tuesda
'Friday','Saturday');
($sec,$min,$hour,$mday,$mo
if ($sec < 10) { $sec = "0$sec"; }
if ($min < 10) { $min = "0$min"; }
if ($hour < 10) { $hour = "0$hour"; }
if ($mday < 10) { $mday = "0$mday"; }
$year += 1900;
$date = "on $days[$wday], $months[$mon] $mday, $year at $hour:$min:$sec";
print FILE "<!--time--><b>Last link was added $date</b><hr>\n";
}
elsif ($line =~ /<!--number-->/) {
print FILE "<!--number--><b>There are <i>$i</i> links on this ";
print FILE "page.</b><br>\n";
}
else {
print FILE $line;
}
foreach $tag ( keys %sections) { # For every tag
if ( ($FORM{'section'} eq $sections{$tag}) &&
($line =~ /<!--$tag-->/) ) {
print FILE "<li><a href=\"$FORM{'url'}\">$FOR
}
}
}
close (FILE);
# Return Link File
print "Location: $linksurl\n\n";
if ($database ne '') {
open (DATABASE,">>$database");
print DATABASE "$FORM{'url'}\n";
close(DATABASE);
}
sub no_url {
print "Content-type: text/html\n\n";
print "<html><head><title>ERROR:
print "<body bgcolor=#FFFFFF text=#000000><center>";
print "<h1>No URL</h1></center>\n";
print "You forgot to enter a url you wanted added to the Free for ";
print "all link page. Another possible problem was that your link ";
print "was invalid.<p>\n";
print "<form method=POST action=\"$linkscgi\">\n";
print "<input type=hidden name=\"title\" value=\"$FORM{'title'}\">\
print "<input type=hidden name=\"section\"";
print "value=\"$FORM{'section'}\
print "URL: <input type=text name=\"url\" size=50><p>\n";
print "<input type=submit> * <input type=reset>\n";
print "<hr>\n";
print "<a href=\"$linksurl\">$linkst
print "</form></body></html>\n";
exit;
}
sub no_title {
print "Content-type: text/html\n\n";
print "<html><head><title>ERROR:
print "<body bgcolor=#FFFFFF text=#000000><center>";
print "<h1>No Title</h1></center>\n";
print "You forgot to enter a title you wanted added to the Free for ";
print "all link page. Another possible problem is that you title ";
print "contained illegal characters.<p>\n";
print "<form method=POST action=\"$linkscgi\">\n";
print "<input type=hidden name=\"url\" value=\"$FORM{'url'}\">\n"
print "<input type=hidden name=\"section\"";
print "value=\"$FORM{'section'}\
print "TITLE: <input type=text name=\"title\" size=50><p>\n";
print "<input type=submit> * <input type=reset>\n";
print "<hr>\n";
print "<a href=\"$linksurl\">$linkst
print "</form></body></html>\n";
exit;
}
sub repeat_url {
print "Content-type: text/html\n\n";
print "<html><head><title>ERROR:
print "<body bgcolor=#FFFFFF text=#000000><center><h1>R
print "Sorry, this URL is already in the Free For All Link Page.\n";
print "You cannot add this URL to it again. Sorry.<p>\n";
print "<a href=\"$linksurl\">$linkst
print "</body></html>\n";
exit;
}
--------------------------
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
I'm surprised that you're only getting 1,000 per day! Allowing anyone and everyone to post links without being reviewed is only asking for trouble. You could limit the submissions to allow only 1 link per domain and/or IP address, but that still won't help by very much. So, until you decide to moderate the submissions, you won't be able to fix the problem.
On another note, your code could use some work. You should look into using some of the Perl modules that will make the scripts easier to write, more robust, and more secure. Here are a few things to read up on and use.
1)enable warnings
2)use the strict pragma in EVERY Perl script you write
3)run CGI scripts in taint mode
4)use the CGI module
5)use file locks (i.e., flock) for reading/writing the flat file DB files (i.e., database.txt)
6)reading/writing MySQL (or other) database files
7)use one of the modules for calculating and formatting the date (POSIX, Date::Time, Time::Format, etc,)
Here's how the beginning of CGI scripts are generally written.
#!/usr/bin/perl -Tw
use strict;
use CGI;
use CGI::Carp 'fatalsToBrowser';
I would recommend that you create a procedure so that when users register you send them a link to their e-mail address that needs to be verified - this should help a little with the spam issue. Also, check to see if the spammers are using web based e-mail accounts or not and maybe ban these or put in extra steps (e.g. must be verifued by admin) for those users.
I would also look to build an administrative back end with some kind of analysis as to how many postings are being done per user - blocking the IP address won't stop serious spammers as they will probably be on broadband and the ISPs tend to dynamically change their IP address even when thry're connected. If someone is porting like crazy, then you can assume they are a spammer and ban them (or take their e-mail address and spam them back!)
You need to have the capacity to identify mis-spelled words as well, and have a "quarantine" status for those caught by the anti-spam measure that may actually be legitimate. Maybe use soundex to identify possible issues.
Anti-spam is big business now, because it is so hard to do effectively.
Is it worth your while to invest in a commercial anti-spam engine?
The simplest technique I know is to display a short code. e.g. a random four digit number, and ask the visitor to enter that code. Only accept an entry if the visitor's code matches the displayed code.
Hackers can design a workaround which automatically reads the displayed code, but it wouldn't be worth their while unless your links page is almost vying with google for popularity. In that case you could add refinements like displaying the random code as an image at a randomly chosen location on the page, using random fonts.
The best thing I would do, is flag by IP, IP addresses can be spoofed, but setting a limit on how many per IP is a good idea, that and e-mail address (but to be honest e-mail addresses are easy to come by)
this'd only work on if it was the same person doing this
http://BlogX.co.uk try flooding that with comments
any help on the actual programming of the perl to do this
1. Have the abilty in the script to deny certian words (sex, make money, etc, etc)
2. DENY HTML/CSS
3. Deny anypost except from certian pages
example my page
my friedns page
4. Deny more than 3 post per 24 hour period
and
it would be nice to have an email field so the user HAS to enter their email and it then saves their email and url in referrers.dat, for my records.
http://www.blahblah.com (youremail@email.com)
>> 1. Have the abilty in the script to deny certian words (sex, make money, etc, etc)
This is going to be very difficult to write from scratch. First you need to put together the list of words (AND PHRASES?), then you'll need to take each one of them and list their “normal” misspelling, then build a list of their possible obfuscations. Once you have that “database” assembled, then you can start working on how to handle the searching/matching.
For this part of the script, I think you'd be better off by following swift99's suggestion of investing in a commercial product.
>> 2. DENY HTML/CSS
Based on the links you currently have, you can filter most of this with 1 or 2 simple regex's. For example, here's one that will strip out the style tags from the links:
$FORM{'url'} =~ s/style=[^>]+//i;
If you want to strip out the form submissions, this regex should do the job:
$FORM{'url'} =~ s!/\?[^"]+!!;
>> 3. Deny anypost except from certian pages
I'm not exactly sure what you mean.
Based on some of my suggestions, I've reworked portions of your script that you may want to review. Each of the subs uses a different method for outputting the html; however, you should use use only 1 of those methods. My purpose was to show you the various options.
#!/usr/local/bin/perl
use strict;
use POSIX qw(strftime);
use CGI qw(:all);
use CGI::Carp 'fatalsToBrowser';
# Define Variables
my $filename = 'addalink.htm';
my $linksurl = 'http://www.ccds.addr.com/
my $linkscgi = 'links.pl';
my $linkstitle = 'Free for all Links Page';
my $database = 'database.txt';
my $q = new CGI;
my %FORM = $q->Vars;
# Done
##########################
&no_url if ($FORM{'url'} eq 'http://' || $FORM{'url'} !~ /^(f|ht)tp:\/\/\w+\.\w+/);
&no_title if (!($FORM{'title'}));
# strip out the style tags
$FORM{'url'} =~ s/style=[^>]+//i;
# strip out the query string
$FORM{'url'} =~ s!/\?[^"]+!!;
# Enter our tags and sections into an associative array
my %sections = (
busi => 'Business',
comp => 'Computers',
educ => 'Education',
ente => 'Entertainment',
gove => 'Government',
pers => 'Personal',
misc => 'Miscellaneous',
);
# Suck previous link file into an array
open FILE,$filename or die $!;
my @lines = <FILE>;
close(FILE);
my $i=1;
foreach my $line (@lines) {
if ($line =~ /\<li\>\<a href\=\"([^\"]+)\">([^<]+)
if ($FORM{'url'} eq $1) {
&repeat_url;
}
$i++;
}
}
# Open Link File to Output
open FILE,">$filename" or die $!;
foreach my $line (@lines) { # For every line in our data
if ($line =~ /<!--time-->/) {
my $date = strftime("%A, %B %d, %Y at %H:%M:%S %Z", localtime(time));
print FILE "<!--time--><b>Last link was added $date</b><hr>\n";
}
elsif ($line =~ /<!--number-->/) {
print FILE "<!--number--><b>There are <i>$i</i> links on this ";
print FILE "page.</b><br>\n";
}
else {
print FILE $line;
}
foreach my $tag ( keys %sections) { # For every tag
if ( ($FORM{'section'} eq $sections{$tag}) &&
($line =~ /<!--$tag-->/) ) {
print FILE "<li><a href=\"$FORM{'url'}\">$FOR
}
}
}
close (FILE);
# Return Link File
#print "Location: $linksurl\n\n";
if ($database ne '') {
open (DATABASE,">>$database" or die $!);
print DATABASE "$FORM{'url'}\n";
close(DATABASE);
}
sub no_url { # output HTML using a here document
print <<HTML;
Content-type: text/html\n\n
<html><head><title>ERROR: No URL</title></head>
<body bgcolor=#FFFFFF text=#000000><center>
<h1>No URL</h1></center>
You forgot to enter a url you wanted added to the Free for all link page.
Another possible problem was that your link was invalid.<p>
<form method=POST action="$linkscgi">
<input type=hidden name="title" value="$FORM{'title'}">
<input type=hidden name="section""
value="$FORM{'section'}">
URL: <input type=text name="url" size=50><p>
<input type=submit> * <input type=reset>
<hr>
<a href="$linksurl">$linkstit
</form></body></html>
HTML
exit;
}
sub no_title { # output HTML using the CGI.pm object oriented syntax
print (
$q->header,
$q->start_html(-title=>'ER
$q->br."\n",
$q->h1({-align=>center}, 'No Title') . "\n",
$q->p('You forgot to enter a title you wanted added to the Free for all link page.',
$q->br."\n",
'Another possible problem is that you title contained illegal characters.')."\n",
$q->start_form(-method=>'P
$q->hidden(-name=>'url', -value=>$FORM{'url'})."\n"
$q->hidden(-name=>'title',
$q->textfield(-name=>'titl
$q->submit, ' * ', $q->reset,
$q->hr."\n",
$q->a({-href=>$linksurl}, $linkstitle)."\n",
$q->end_form,
$q->end_html,
);
exit;
}
sub repeat_url { # output using the CGI.pm standard syntax
print (
header,
start_html(-title=>'ERROR:
h1({-align=>center}, 'Repeat URL')."\n",
p("Sorry, this URL is already in the Free For All Link Page\n",
"You cannot add this URL to it again. Sorry.\n"),
a({-href=>$linksurl}, $linkstitle),
end_html,
);
exit;
}
You may be interested in using the URI::URL module for parsing the URL.
Detailed Documentation:
http://search.cpan.org/~ga
Lastest Version:
http://search.cpan.org/~ga
Here's a test script I ran that parsed the URL from 2 of your links.
use URI::URL;
$url1 = new URI::URL 'http://www.juiceboosted.c
$url2 = new URI::URL 'http://www.proofofprofit.
foreach $url ($url1, $url2) {
print 'scheme: ' . $url->scheme . "\n";
print 'netloc: ' . $url->netloc . "\n";
print 'path: ' . $url->path . "\n";
print 'query: ' . $url->query . "\n";
print $/ x 2;
}
-- output --
scheme: http
netloc: www.juiceboosted.com
path: /index.php
query: requestId=2&Id=ix1pq
scheme: http
netloc: www.proofofprofit.com
path: /mikl4545/
query: Jul28?Jul28?Jul28?Jul28
swift99, thank you for the compliment. :)
Caiapfas ,
I have another suggestion. Currently, you're reading-in and rewriting the entire 'addalink.htm' file. It would be more effiecient to use a (relational) database such as MySQL to store the urls and other related info and have the 'links.pl' script dynamicly create/output the html links page. If you don't want to use MySQL (or some other relational database), you can use various types of flat files as if they were a relational database. I found this info in one of Tintin's posts in another question.
http://www.experts-exchang
http://search.cpan.org/~jz
This may not be as good as MySQL, but it still would be more effiecient that what you're currently using.
FishMonger,
Almost there.
1. Have the abilty in the script to deny certian words (sex, make money, etc, etc)
For this one I can make the list of words, no SWEAT..but can you make the script check badwords.txt before accepting the post. I can handle the rest.
2. DENY HTML/CSS/Javascript
Will it deny javascript/html?
3. Deny anypost except from certian pages
example my page
my friedns page
They have programs out there that just has the url to my perl script and can add links to the page from that program.
or
all you need to steal is this code...
<form method=POST action="http://www.ccds.ad
Title: <input type=text name="title" size=30><br>
URL: <input type=text name="url" size=55><br>
Section to be placed in: <select name="section">
<option> Business
<option> Computers
<option> Education
<option> Entertainment
<option> Government
<option> Personal
<option selected> Miscellaneous
</select>
<input type=submit value="Add"> * <input type=reset>
</form>
and you can add to my page...So i want to deny post/accepting post only from certian pages laided out in the perl script
example :
# Referrers
$referrers = "http://www.blablah.com";
$referrers = "http://www.blablah22.com"
4. Deny more than 3 post per 24 hour period from same IP
does it do this?
it would be nice to have an email field so the user HAS to enter their email and it then saves their email and url in referrers.dat, for my records.
http://www.blahblah.com (youremail@email.com)
I'll need you to post some lines from your badwords.txt file, so I can work out how to parse it and do the pattern matching against it. Do you need to run these tests against the url itself, or the link discription, or both?
>> <form method=POST action="http://www.ccds.ad
It's not a good idea to use the full address, it would be much better to use relative paths. It would be even better to have it refer to itsef (using a variable) and have the links.pl script build the page dynamiclly.
Fish,
If possible can we make the badword.txt non-case sentive...meaning if i have the word free and the user type freE it still gets denied..
link to file
http://www.ticketstogo.com
and how about a simple list of referrers? to deny post excetp from certian urls.
and does it deny javascript/html?
There are several methods for checking for the bad words. Here's one method.
open BAD, "badword.txt" or die $!;
@badwords = <BAD>;
close BAD;
$badwords = join('|', @badwords);
&badurl if ($FORM{'title'} =~ /$badwords/i or $FORM{'url'} =~ /$badwords/i);
sub badurl {
insert code for displayng the rejection page due to inapropriate words
}
I'm tied up on other projects at the moment, but as soon as I can, I'll respond to your other requests.
I'm still tied up, so I still can't do any scripting, but I need to know if you have the ability to install a couple modules. If not, then we'll have to do things the hard way. My recomendation is to throw away your current script and static html page and use a more robust cgi script, but I don't have the time to write the complete script for you. My plan is to work within your current approach and show you a few module options that should help resolve some, but not all, of the issues.
Caiapfas,
Unfortunately, I still haven't had the time to work on you script needs. My work projects and entertaining visiting relatives has kept me pretty busy. I have a couple of ideas that will help resolve some, if not, most of your concerns, unfortunately I may not be able to work on the code until the weekend.
>> what do you mean install modules? how would i do this
Modules are additional (external) functions and subroutines that you import into your scripts, which will make yours scripts more robust, without having you to “reinvent the wheel” by writing complicated functions. For example, the cg i module that I showed you is a standard module distributed with Perl that, among other things, simplifies the importing/processing of form submissions. If you are hosting the site(s) on your own server, installing Perl modules can be as easy as this command:
ppm install module_name
or
perl -MCPAN -e install module_name
However, if the site is hosted by your ISP (or someone else), it can/will be more complicated, but is still do-able.
Caiapfas,
I haven't heard weather or not you'll be able to install any modules. If you will not be able to install any modules, then it will not be beneficial to either of us if I rewrite most or all of your script to use those modules. So instead, I'll make a few suggestions that will help clear up some of the issues.
Your 'url' field requires the person to specify the protocol, however, your page doesn't mention that requirement. So, you might want to add a selection field (just to the left of the url field) listing the accepted protocols with http:// being the default.
Currently, you have 3 separate "rejection" subroutines, of which, 2 are nearly identical. Following along with that approach, one of my prior posts suggested adding another sub for rejecting the "bad words". Instead, It would be better to have 1 rejection subroutine and pass a variable to it that holds the rejection message(s). As you perform each of the tests, i.e., 'no title', 'bad words', 'no url', etc., you can build up the rejection message and then call the rejection sub, if needed.
When testing the URL, you might want to check its length and reject it if it’s greater than X chars. Currently, some of them are quite long. You can also do a simple regex and reject if certain keywords like style and script are found.
>> Deny any post except from certain pages
There are a couple of CGI Environmental Variables that might help with this, namely: HTTP_REFERER and REMOTE_ADDR. For example, as a starting point, you could do something similar to this:
if($ENV{HTTP_REFERER} !~ m!http://(www\.)?$mydomain
$reject .= “your rejection message”;
}
If you add a required email field (and test for its validity), the combination of the $ENV{HTTP_ADDR} and the email address can be logged in a referrers.dat file.
Now, everything you need, can be done without the use of any additional modules, however, the modules will make it much easier to design, adds readability and maintainability as well as making it more bullet proof. And, if you switch to using a relational database instead of the flat files, you'll add speed, and flexibility.
ok, i perfer not to install any modules.
I only want meager security measures i mentioned for this will cut 95% of the spam.
For the referer denyer...how can i add more than one.
also..could you kindly add the script bits you outlayed on this page in the complete code for me. I tryed many errors =}
and the only thing we havent written code for it seems is the referrers.dat file. I would like the script to add the referrer and email address to this file. and deny adding anymore links ffor the same refferer
and then the very last
only 3 submits in 48 hours per ip, can be logged in the refferers.dat file
Without the benefit of the modules and the database, some of these tasks are going to be difficult and/or make your site run slow due to the extra reading/writing of the flat text files.
My schedule is really full right now, but as soon as I can, I'll work on the script. However, I can't promise to provide you a complete and fully debugged script that does everything you want. Afterall you need to remember that people on this site are here providing free tech support, and would prefer to assist you in writing the script, instead of writing it for you.
Here's another recomendation I can make; use an IDE program such as Komodo to help you write and debug your (Perl and PHP) scripts.
http://activestate.com/Pro
If you feel that you need someone to write the complete scripts (form script and the processing script) and have them done in a hurry, I suggest closing this question, and post a new question in the Perl section. Also, be sure to make it clear that you don't want to use any modules that are not in the base distribution. That way other Perl experts will help and probably come up with solutions that I've missed.
ok
Where do i put this in the script?
-----------------------
open BAD, "badword.txt" or die $!;
@badwords = <BAD>;
close BAD;
chomp @badwords;
$badwords = join('|', @badwords);
&badurl if ($FORM{'title'} =~ /$badwords/i or $FORM{'url'} =~ /$badwords/i);
sub badurl {
insert code for displayng the rejection page due to inapropriate words <<<<what goes here text????
}
--------------------------
where do i insert this
if($ENV{HTTP_REFERER} !~ m!http://(www\.)?$mydomain
$reject .= “your rejection message”;
}
and how can i make it allow more than one?
--------------------------
just these 2 measures will save me 1000000000's of submits
Why not use the "ban list" regexp in that other script I did for you.
# Load ban list
my @banlist;
if (-s $banlistfile) {
open (TXTFILE,"$banlistfile");
flock(TXTFILE,LOCK_SH);
eval {
@banlist = <TXTFILE>;
};
flock(TXTFILE,LOCK_UN);
close(TXTFILE);
die("Could not load ban file: $@") if ($@);
}
----
and
----
# Returns 1 for banned URL
sub IsBanned {
my($cUrl) = @_;
# Scan through the ban list and construct regex's
my $cExp;
foreach (@banlist) {
s/^\s*(.*?)\s*$/$1/;
$cExp = $_;
# Escape all non-word characters
$cExp =~ s/(\W)/\\$1/g;
# Treat * as ungreedy wildcard
$cExp =~ s/\\\*/'(.*?)'/ge;
# Enforce whole string comparison, use * to relax
$cExp = '(?i)^' . $cExp . '$';
# Fail if the URL matches pattern
return 1 if ($cUrl =~ $cExp);
}
return 0;
}
----
These implement a "ban list" where you can use wildcards, like this:
Ban EVERYTHING:
*
Ban any URL containing sex anywhere in the link:
*sex*
Ban any URL ENDING with bad. URL containing bad somewhere else is ok:
*bad
Ban testing.mydomain.com, both http: and https:
http*://testing.mydomain.c
Ban any URL beginning with www and ending with biz, with cgi-bin somewhere in the path:
http://www.*.biz/*cgi-bin*
Remember, the beginning of the pattern and the end of the pattern must match the exact beginning and ending of the URL being tested, except when the pattern begins or ends with "*".
All patterns are case insensitive.
This still needs addtional work, but it meets (most of) your needs.
#!/usr/local/bin/perl -w
use strict;
use POSIX qw(strftime);
use CGI qw(:standard);
use CGI::Carp 'fatalsToBrowser';
# Define Global Variables
my $filename = 'addalink.htm';
my $linksurl = 'http://www.ccds.addr.com/
my $linkscgi = 'links.pl';
my $linkstitle = 'Free for all Links Page';
my $database = 'database.txt';
my (@bandwords, $bandwords, $msg);
my $url = param{'url'};
my $title = param{'title'};
my %sections = (
busi => 'Business',
comp => 'Computers',
educ => 'Education',
ente => 'Entertainment',
gove => 'Government',
pers => 'Personal',
misc => 'Miscellaneous',
);
# Done
##########################
if($ENV{HTTP_REFERER} !~ m!http://www.ccds.addr.com
# The submission is NOT comming from your domain, so
# the error handling on this could be either displaying another error page
# or a redirect to your link submission form
}
open BAD, "bandword.txt" or die $!;
@bandwords = <BAD>;
close BAD;
chomp @bandwords;
$bandwords = join('|', @bandwords);
if (!$title || $title =~ /$bandwords/i) {
$msg = 'You forgot to enter a title or '.
'the title contains banned words';
reject_submission($msg, 'title');
}
if ($url) {
if ($url !~ /^(f|ht)tp:\/\/\w+\.\w+/) {
$msg = 'You forgot to specify the protocol, e.g., http://';
reject_submission($msg, 'url');
}
if ($url =~ /style=[^>]+/i || $url =~ /\?[^"]+/) {
$msg = 'Your url has style tags or is a form submission, ' .
'which are not allowed.';
reject_submission($msg, 'url');
}
if ($url =~ /$bandwords/i) {
$msg = 'Your title contains banned words';
reject_submission($msg, 'url');
}
}
else {
$msg = 'You forgot to provide the url for the link';
reject_submission($msg, 'url');
}
# Suck previous link file into an array
open FILE,$filename or die $!;
my @lines = <FILE>;
close(FILE);
my $i=1;
foreach my $line (@lines) {
if ($line =~ /\<li\>\<a href\=\"([^\"]+)\">([^<]+)
if ($url eq $1) {
&repeat_url;
}
$i++;
}
}
# Open Link File to Output
open FILE,">$filename" or die $!;
foreach my $line (@lines) { # For every line in our data
if ($line =~ /<!--time-->/) {
my $date = strftime("%A, %B %d, %Y at %H:%M:%S %Z", localtime(time));
print FILE "<!--time--><b>Last link was added $date</b><hr>\n";
}
elsif ($line =~ /<!--number-->/) {
print FILE "<!--number--><b>There are <i>$i</i> links on this ";
print FILE "page.</b><br>\n";
}
else {
print FILE $line;
}
foreach my $tag ( keys %sections) { # For every tag
if ( (param{'section'} eq $sections{$tag}) &&
($line =~ /<!--$tag-->/) ) {
print FILE "<li><a href=\"$url\">$title</a>\n
}
}
}
close (FILE);
# Return Link File
#print "Location: $linksurl\n\n";
if ($database ne '') {
open DATABASE,">>$database" or die $!;
print DATABASE "$url\n";
close(DATABASE);
}
sub reject_submission {
my $msg = shift;
my $section = shift;
print <<HTML;
Content-type: text/html\n\n
<html><head><title>Link Rejection</title></head>
<body bgcolor=#FFFFFF text=#000000><center>
<h1>Link Submission Rejected</h1></center>
$msg<p>
<form method=POST action="$linkscgi">
<input type=hidden name="$section" value="$section">
<input type=hidden name="section" value="$section">
$section: <input type=text name="$section" size=50><p>
<input type=submit> * <input type=reset>
<hr>
<a href="$linksurl">$linkstit
</form></body></html>
HTML
exit;
}
sub repeat_url { # output using the CGI.pm standard syntax
print (
header,
start_html(-title=>'ERROR:
h1({-align=>center}, 'Repeat URL')."\n",
p("Sorry, this URL is already in the Free For All Link Page\n",
"You cannot add this URL to it again. Sorry.\n"),
a({-href=>$linksurl}, $linkstitle),
end_html,
);
exit;
}
i get error
Software error:
Bareword "center" not allowed while "strict subs" in use at /usr163/home/c/c/ccds/publ
Execution of /usr163/home/c/c/ccds/publ
you can test it at the above link..
p.s how can i log the urls / email addresses?
As you can see, I didn't fully debug it. The error message is informing use that I forgot to put the quotes around that word. I also noticed a couple other errors of mine that need to be fixed.
change these lines:
my $url = param{'url'};
my $title = param{'title'};
h1({-align=>center}, 'Repeat URL')."\n",
to this:
my $url = param('url');
my $title = param('title');
h1({-align=>'center'}, 'Repeat URL')."\n",
Also, take off the openning and closing ( ) on the print statement in the repeat_url subroutine.
>> how can i log the urls / email addresses?
The first step, of course, is to add the email field to your addalink.htm page. Then in the links.pl, you'd access it with: param('email'). You'll then need to verify that they entered a properly formatted email address, often via a regex. However IMO, unless you take the next step and verify that it actually is a valid address, the logging of it would be pointless. There is a CPAN module that will easily test the format and do a DNS MX lookup to verify that it is a valid address, but you'll need to change your mind about the use/installation of additional modules.
The host name and/or IP address of the visitor can be retreived from 2 of the CGI environment variables i.e., REMOTE_HOST and REMOTE_ADDR.
Once you have the seperate pieces of info, you have several choices on how to handle the logging. The best method is to use a relational database, but if you want to use a file, I'd suggest using a tied hash. A tied hash is "linked" or "tied" directly to a file, so as you make changes to the hash, you are actually making changes to the file. This will allow you to store the info as a "record". Here's a little more info on using a tied hash.
http://www.perl.com/pub/a/
http://www-106.ibm.com/dev
I need to jump onto a couple of other personal projects, but as soon as I can I'll work up some code examples.
I'm getting the error "The title contained '' which is a banned word'
Badwords.txt - http://www.ccds.addr.com/E
links.pl - http://www.ccds.addr.com/E
To test - http://www.ccds.addr.com/w
P.s. adg, could you help me log urls and emails like in the other script?
Line 45 should be a blank line, so did you make ozo's corrections to the appropriate lines?
With ozo’s corrections, lines 43 thru 53 should be:
chomp @bandwords;
$bandwords = join('|', map{quotemeta}@bandwords);
if (!$title) {
$msg = 'You forgot to enter a title.';
reject_submission($msg, 'title');
}
elsif ($title =~ /\b$bandwords\b/i) {
$msg = "The title contained '$&' which is a banned word";
reject_submission($msg, 'title');
}
ok, now i'm get a 500 error
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, webmaster@.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Check out the script here:
links.pl - http://www.ccds.addr.com/E
#!/usr/local/bin/perl -w
use strict;
use POSIX qw(strftime);
use CGI qw(:standard);
use CGI::Carp qw(fatalsToBrowser);
# Define Global Variables
my $filename = '/usr163/home/c/c/ccds/pub
my $linksurl = 'http://www.ccds.addr.com/
my $linkscgi = 'http://www.ccds.addr.com/
my $linkstitle = 'Free for all Links Page';
my $database = '/usr163/home/c/c/ccds/pub
my (@bandwords, $bandwords, $msg);
my $url = param('url');
my $title = param('title');
my $section = param('section');
my %sections = (
busi => 'Business',
comp => 'Computers',
educ => 'Education',
ente => 'Entertainment',
gove => 'Government',
pers => 'Personal',
misc => 'Miscellaneous',
);
# Done
##########################
#if($ENV{HTTP_REFERER} !~ m!http://www.ccds.addr.com
# The submission is NOT comming from your domain, so
# the error handling on this could be either displaying another error page
# or a redirect to your link submission form
#}
if (!$title) {
$msg = 'You forgot to enter a title.';
reject_submission($msg, 'title');
}
if (!$url) {
$msg = 'You forgot to provide the url for the link';
reject_submission($msg, 'url');
}
open BAD, "badwords.txt" or die $!;
@bandwords = <BAD>;
close BAD;
chomp @bandwords;
$bandwords = join('|', map{quotemeta}@bandwords);
if ($title =~ /(\b$bandwords\b)/i) {
$msg = "The title contained '$1' which is a banned word";
reject_submission($msg, 'title');
}
if ($url !~ /^(f|ht)tp:\/\/\w+\.\w+/) {
$msg = 'You forgot to specify the protocol, e.g., http://';
reject_submission($msg, 'url');
}
if ($url =~ /style=[^>]+/i || $url =~ /\?[^"]+/) {
$msg = 'Your url has style tags or is a form submission, ' .
'which are not allowed.';
reject_submission($msg, 'url');
}
if ($url =~ /($bandwords)/i) {
$msg = "The url contained '$1' which is a banned word";
reject_submission($msg, 'url');
}
# Suck previous link file into an array
open FILE,$filename or die $!;
my @lines = <FILE>;
close(FILE);
my $i=1;
foreach my $line (@lines) {
if ($line =~ m!<li><a href="([^"]+)">([^<]+)</a>
if ($url eq $1) {
&repeat_url;
}
$i++;
}
}
# Open Link File to Output
open FILE,">$filename" or die $!;
foreach my $line (@lines) { # For every line in our data
if ($line =~ /<!--time-->/) {
my $date = strftime("%A, %B %d, %Y at %H:%M:%S %Z", localtime(time));
print FILE "<!--time--><b>Last link was added $date</b><hr>\n";
}
elsif ($line =~ /<!--number-->/) {
print FILE "<!--number--><b>There are <i>$i</i> links on this ";
print FILE "page.</b><br>\n";
}
else {
print FILE $line;
}
foreach my $tag ( keys %sections) { # For every tag
if ( $section eq $sections{$tag} &&
($line =~ /<!--$tag-->/) ) {
print FILE "<li><a href=\"$url\">$title</a>\n
}
}
}
close (FILE);
# Return Link File
#print "Location: $linksurl\n\n";
if ($database ne '') {
open DATABASE,">>$database" or die $!;
print DATABASE "$url\n";
close(DATABASE);
}
sub reject_submission {
my $msg = shift;
my $section = shift;
print <<HTML;
Content-type: text/html\n\n
<html><head><title>Link Rejection</title></head>
<body bgcolor=#FFFFFF text=#000000><center>
<h1>Link Submission Rejected</h1></center>
$msg<p>
<form method=POST action="$linkscgi">
<input type=hidden name="$section" value="$section">
<input type=hidden name="section" value="$section">
$section: <input type=text name="$section" size=50><p>
<input type=submit> * <input type=reset>
<hr>
<a href="$linksurl">$linkstit
</form></body></html>
HTML
exit;
}
sub repeat_url { # output using the CGI.pm standard syntax
print
header,
start_html(-title=>'ERROR:
h1({-align=>'center'}, 'Repeat URL')."\n",
p("Sorry, this URL is already in the Free For All Link Page\n",
"You cannot add this URL to it again. Sorry.\n"),
a({-href=>$linksurl}, $linkstitle),
end_html,
;
exit;
}
Sounds like it's a configuration problem, possibly due to permission settings on the script or the web server isn't configured to execute scripts from that directory, i.e., no script alias.
Try running the script from the command line. If it works, it confirms that the script is "ok", so you'll need to look at the permissions/configuration.
C:\Testing>links.pl title='sex and the city' url=http://www.hbo.com/cit
Content-type: text/html
<html><head><title>Link Rejection</title></head>
<body bgcolor=#FFFFFF text=#000000><center>
<h1>Link Submission Rejected</h1></center>
The title contained 'sex' which is a banned word<p>
<form method=POST action="links.pl">
<input type=hidden name="title" value="title">
<input type=hidden name="section" value="title">
title: <input type=text name="title" size=50><p>
<input type=submit> * <input type=reset>
<hr>
<a href="http://www.ccds.addr
</form></body></html>
C:\Testing>links.pl url=http://www.hbo.com/cit
Content-type: text/html
<html><head><title>Link Rejection</title></head>
<body bgcolor=#FFFFFF text=#000000><center>
<h1>Link Submission Rejected</h1></center>
You forgot to enter a title.<p>
<form method=POST action="links.pl">
<input type=hidden name="title" value="title">
<input type=hidden name="section" value="title">
title: <input type=text name="title" size=50><p>
<input type=submit> * <input type=reset>
<hr>
<a href="http://www.ccds.addr
</form></body></html>
C:\Temp>links.pl title=www.hbo.com/city url=www.hbo.com/city/ section=Miscellaneous
Content-type: text/html
<html><head><title>Link Rejection</title></head>
<body bgcolor=#FFFFFF text=#000000><center>
<h1>Link Submission Rejected</h1></center>
You forgot to specify the protocol, e.g., http://<p>
<form method=POST action="links.pl">
<input type=hidden name="url" value="url">
<input type=hidden name="section" value="url">
url: <input type=text name="url" size=50><p>
<input type=submit> * <input type=reset>
<hr>
<a href="http://www.ccds.addr
</form></body></html>
You should also take note on the link being submitted. I chose that link (to a popular TV program) to show that just because it has a "bad" word in the title, doesn't always mean that it needs to be rejected.
I forgot an important caveat; even though a cgi script executes correctly on the command line doesn't mean that it will work in the browser. I ran a couple tests and found the problems.
1) The error handling (die) on opening the filehandles works as expected on the command line but we'll need to change it (create another subroutine) so it will work in the browser.
2) Your apache error log should also record a "Premature end of script headers" error due to the 'print "Location: $linksurl\n\n";' being commented out.
Here's the complete script that I tested, but you'll wantto make a few modifications. 1) You'll need to make the appropriate changes to paths, but I'd suggest using relative paths like I did, rather than the full paths/urls. 2) You'll want to modify the additional error subroutine to use a more appropriate error message. 3) This script is still using a mixture of the methods for outputing the html which was only intended to deminstrate the verious options. You should decide which method you prefer, and use only that one method.
#!c:/perl/bin/perl -w
use strict;
use POSIX qw(strftime);
use CGI qw(:all);
use CGI::Carp 'fatalsToBrowser';
# Define Variables
my $filename = '../htdocs/addalink.htm';
my $linksurl = 'http://localhost/addalink
my $linkscgi = './cgi-bin/links.cgi';
my $linkstitle = 'Free for all Links Page';
my (@bandwords, $msg);
my $bandwords = '../htdocs/badwords.txt';
my $url = param('url');
my $title = param('title');
my $section = param('section');
my %sections = (
busi => 'Business',
comp => 'Computers',
educ => 'Education',
ente => 'Entertainment',
gove => 'Government',
pers => 'Personal',
misc => 'Miscellaneous',
);
my $q = new CGI;
my %FORM = $q->Vars;
# Done
##########################
#if($ENV{HTTP_REFERER} !~ m!http://www.ccds.addr.com
# The submission is NOT comming from your domain, so
# the error handling on this could be either displaying another error page
# or a redirect to your link submission form
#}
if (!$title) {
$msg = 'You forgot to enter a title.';
reject_submission($msg, 'title');
}
if (!$url) {
$msg = 'You forgot to provide the url for the link';
reject_submission($msg, 'url');
}
open BAD, $bandwords or open_error($!, "badwords.txt");
@bandwords = <BAD>;
close BAD;
chomp @bandwords;
$bandwords = join('|', map{quotemeta}@bandwords);
if ($title =~ /(\b$bandwords\b)/i) {
$msg = "The title contained '$1' which is a banned word";
reject_submission($msg, 'title');
}
if ($url !~ /^(f|ht)tp:\/\/\w+\.\w+/) {
$msg = 'You forgot to specify the protocol, e.g., http://';
reject_submission($msg, 'url');
}
if ($url =~ /style=[^>]+/i || $url =~ /\?[^"]+/) {
$msg = 'Your url has style tags or is a form submission, ' .
'which are not allowed.';
reject_submission($msg, 'url');
}
if ($url =~ /($bandwords)/i) {
$msg = "The url contained '$1' which is a banned word";
reject_submission($msg, 'url');
}
# Suck previous link file into an array
open FILE,$filename or open_error($!, $filename);
my @lines = <FILE>;
close(FILE);
my $i=1;
foreach my $line (@lines) {
if ($line =~ m!<li><a href="([^"]+)">([^<]+)</a>
if ($url eq $1) {
&repeat_url;
}
$i++;
}
}
# Open Link File to Output
open FILE,">$filename" or open_error($!, $filename);
foreach my $line (@lines) { # For every line in our data
if ($line =~ /<!--time-->/) {
my $date = strftime("%A, %B %d, %Y at %H:%M:%S %Z", localtime(time));
print FILE "<!--time--><b>Last link was added $date</b><hr>\n";
}
elsif ($line =~ /<!--number-->/) {
print FILE "<!--number--><b>There are <i>$i</i> links on this ";
print FILE "page.</b><br>\n";
}
else {
print FILE $line;
}
foreach my $tag ( keys %sections) { # For every tag
if ( $section eq $sections{$tag} &&
($line =~ /<!--$tag-->/) ) {
print FILE "<li><a href=\"$url\">$title</a>\n
}
}
}
close (FILE);
# Return Link File
print "Location: $linksurl\n\n";
#if ($database ne '') {
# open DATABASE,">>$database" or die $!;
# print DATABASE "$url\n";
# close(DATABASE);
#}
sub reject_submission {
my $msg = shift;
my $section = shift;
print <<HTML;
Content-type: text/html\n\n
<html><head><title>Link Rejection</title></head>
<body bgcolor=#FFFFFF text=#000000><center>
<h1>Link Submission Rejected</h1></center>
$msg<p>
<form method=POST action="$linkscgi">
<input type=hidden name="$section" value="$section">
<input type=hidden name="section" value="$section">
$section: <input type=text name="$section" size=50><p>
<input type=submit> * <input type=reset>
<hr>
<a href="$linksurl">$linkstit
</form></body></html>
HTML
exit;
}
sub repeat_url { # output using the CGI.pm standard syntax
print
header,
start_html(-title=>'ERROR:
h1({-align=>'center'}, 'Repeat URL')."\n",
p("Sorry, this URL is already in the Free For All Link Page\n",
"You cannot add this URL to it again. Sorry.\n"),
a({-href=>$linksurl}, $linkstitle),
end_html;
exit;
}
sub open_error {
my $error = shift;
my $file = shift;
print
header,
start_html(-title=>'ERROR:
h1({-align=>center}, 'File Handle Error')."\n",
p("Sorry, an error occured while opening $file<br>$error"),
a({-href=>$linksurl}, $linkstitle),
end_html;
exit;
}
I forgot to mention, that the reject_submission sub needs a minor change so that it will send the proper form info back to the script; i.e., it should send ALL three required fields.
Also, instead of hard coding the $linksurl, declare it like this:
my $linkscgi = url();
http://search.cpan.org/~ld
If you read the cpan doc on the cgi module, you'll find verious options for obtaining the url as well as other valuable info.
Business Accounts
Answer for Membership
by: CaiapfasPosted on 2004-07-14 at 12:14:28ID: 11552591
also it would be nice to have an email field so the user HAS to enter their email and it then saves their email and url in referrers.dat, for my records.
and maybe a way to only allow 2 post perday per ip.
http://www.blahblah.com (youremail@email.com)