?
Solved

Adding required form fields to WebShop.cgi

Posted on 1999-07-29
46
Medium Priority
?
207 Views
Last Modified: 2010-03-04
My working page and a link to my latest version of WebShop.cgi is posted at http://www.fishhead.com/webshop.html. I just added some code to add required fields to the invoice page of WebShop. All of the code that was added for this function is commented with:
"# ---- Modified on 07-28-99"
There seems to be a bug in the email address checking part of the code. The email checking portion was:

    if(&email_check($FORM{'email'})) {
       &ws_error($Error_Message);

This part caused WebShop.cgi to hang up. It seemed to only hang if there was more than 10 characters past the "@" sign in the customer's email address. I've been using another script FormMail.pl for some time that has a subroutine called "check_email" that is much better at checking syntax of the email address entered in the form. I commented out the lines above and used:

        if ($require eq 'email' && !&check_email($Config{$require})) {
            push(@error,$require);

These lines came from the script FormMail.pl. This seemed to fix the script from hanging up on whatever email address was entered. I'm not a programer so I don't know if what I added would cause any problems or is trying to do things not provided for in WebShop.cgi as it is.

What I would like to do is incorporate the sub check_email into WebShop.cgi. I've already tried to cut and paste the sub into WebShop.cgi but it doesn't check the syntax as it should. I suspect that it has something to do with %Config array from FormMail.pl. Please propose a way for me to include the sub check_email into WebShop.cgi. Please also review the additions from 7-28-99 to see if there are any other problems there.

Thank you
0
Comment
Question by:Gary040897
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 27
  • 14
  • 3
  • +1
46 Comments
 
LVL 5

Expert Comment

by:prakashk021799
ID: 1214477
Just change the lines:

    if(&email_check($FORM{'email'})) {
        &ws_error($Error_Message);

To:

    if(&check_email($FORM{'email'})) {
        &ws_error($Error_Message);

And, cut the check_email subroutine from FormMail.pl and paste into WebShop.cgi.
0
 
LVL 5

Expert Comment

by:prakashk021799
ID: 1214478
I wanted to see what could be the problem with the original email_check routine that was hanging. But I could not find it either of the scripts.
0
 

Author Comment

by:Gary040897
ID: 1214479
I tried that already and it didn't check the syntax properly. To see the scripts just follow the link "Script Information" at http://www.fishhead.com/webshop.html.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:Gary040897
ID: 1214480
Excuse me I didn't change the line exactly as you had it. I'll try that.
0
 
LVL 5

Expert Comment

by:thoellri
ID: 1214481
What happens if you change your newly added code:

            if ($require eq 'email' && !&check_email($Config{$require})) {
                         push(@error,$require);
            }

to:

        if ($require eq 'email' && !check_email($FORM{'email'})) {
           &ws_error("Illegal email address");
        }

and don't forget to paste the code for check_email into WebShop.cgi.

Tobias

0
 

Author Comment

by:Gary040897
ID: 1214482
   if(&check_email($FORM{'email'})) {
             &ws_error($Error_Message);

This still doesn't check syntax properly. I do have the sub check_email in place on what I'm trying now just not in the version posted at http://www.fishhead.com/scripts/WebShop-cgi.txt.
0
 
LVL 5

Expert Comment

by:prakashk021799
ID: 1214483
Could you post some example values for e-mail that are failing the check?
0
 

Author Comment

by:Gary040897
ID: 1214484
To thoellri:

        if ($require eq 'email' && !check_email($FORM{'email'})) {
                &ws_error("Illegal email address");

That doesn't work properly either.
0
 

Author Comment

by:Gary040897
ID: 1214485
Some examples are:

My email address is et@fishhead.com. If I leave the form space blank it will catch a blank field and give the error message. If I only type "et" in the blank it accepts this as an email address and goes to the next function. To test for yourself you can enter the WebShop and order a book and then proceed to the invoice page where the form is. You can type any characters in all the blanks until you get to your card number and expiration date. Leave those two blank and try to finalize your invoice.
0
 

Author Comment

by:Gary040897
ID: 1214486
If you leave the card number and expiration date blank and only type a single character in the email form space, it will approve this as an address and give you the message:

Card number does not have the correct number of digits.

Instead of catching the syntax error. You can type anything in the other form fields for name, address, phone, etc. It only checks that there is something in the blank. I want to at least try to make sure I get a valid email address.
0
 

Author Comment

by:Gary040897
ID: 1214487
This is the check_email sub as I have it installed. Don't know how the cut and paste wil work here.

sub check_email {
    # Initialize local email variable with input to subroutine.              #
    $email = $_[0];

    # If the e-mail address contains:                                        #
    if ($email =~ /(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)/ ||

        # the e-mail address contains an invalid syntax.  Or, if the         #
        # syntax does not match the following regular expression pattern     #
        # it fails basic syntax verification.                                #

        $email !~ /^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,3}|[0-9]{1,3})(\]?)$/) {

        # Basic syntax requires:  one or more characters before the @ sign,  #
        # followed by an optional '[', then any number of letters, numbers,  #
        # dashes or periods (valid domain/IP characters) ending in a period  #
        # and then 2 or 3 letters (for domain suffixes) or 1 to 3 numbers    #
        # (for IP addresses).  An ending bracket is also allowed as it is    #
        # valid syntax to have an email address like: user@[255.255.255.0]   #

        # Return a false value, since the e-mail address did not pass valid  #
        # syntax.                                                            #
        return 0;
    }

    else {

        # Return a true value, e-mail verification passed.                   #
        return 1;
    }
}
0
 
LVL 5

Expert Comment

by:prakashk021799
ID: 1214488
The email_check routine is returning a value of 0 when passed the paramter  "et". Therefore the problem is not in this subroutine.

I suspect it is not being called at the appropriate place.

If you could put you latest source at your site, I will take a look.
0
 

Author Comment

by:Gary040897
ID: 1214489
I can put the exact version of WebShop.cgi I'm using as a text file to scripts dir if that would help. The one posted at the moment just doesn't have the sub check_email installed. I didn't want to keep changing the text version in case you would give me a specific line # to look at or change. Let me know whatever is easiest for you.
0
 
LVL 5

Expert Comment

by:prakashk021799
ID: 1214490
I said:
> The email_check routine ...

I meant the 'check_email' routine.
0
 

Author Comment

by:Gary040897
ID: 1214491
The exact version that's in the cgi-bin is now up at http://www.fishhead.com/scripts/WebShop-cgi.txt
0
 
LVL 5

Expert Comment

by:prakashk021799
ID: 1214492
> The one posted at the moment just doesn't have the sub check_email installed.

But it also doesn't call the routine 'check_email' like I suggested above.

I can't debug your script on my system because it is importing a lot of modules which I don't have. Could you post the modules too on your site?
0
 
LVL 5

Expert Comment

by:prakashk021799
ID: 1214493
check_email returns the value 0 in case of invalid email. We should reverse the testing of the return value.

Change:

if(&check_email($FORM{'email'})) {
    &ws_error($Error_Message);
}

To:

unless (&check_email($FORM{'email'})) {
    &ws_error($Error_Message);
}
0
 

Author Comment

by:Gary040897
ID: 1214494
With the last change of:

It now hangs up when you type in 2 characters and wait for the error message that should be given.

The I put the subs dir at http://www.fishhead.com/scripts/ which has all the other required routines.

0
 

Author Comment

by:Gary040897
ID: 1214495
Sorry,

With the last change of:

unless (&check_email($FORM{'email'})) {
         &ws_error($Error_Message);
0
 
LVL 5

Expert Comment

by:prakashk021799
ID: 1214496
Change:

unless (&check_email($FORM{'email'})) {
                &ws_error($Error_Message);

To:

unless (&check_email($FORM{'email'})) {
                &ws_error('Invalid email address');
0
 

Author Comment

by:Gary040897
ID: 1214497
Ok, now that works. We can close this one now. The next thing I will want to work on is adding a comma to the purchase amounts that are more than 3 places to the left of the ".". I will post this as a question later.
0
 

Author Comment

by:Gary040897
ID: 1214498
If I want to change the look of the error message would I just modify the 'Invalid email address' part? At first I thought it would be best to show the error message format that the other errors would show if left blank but this message may be more effective in letting the user know there is a problem with the way they input their address.
0
 

Author Comment

by:Gary040897
ID: 1214499
The error message that you get when the email address doesn't check looks like it's coming from the sub error_header. I'm not sure where or what I would edit to produce an error message that would match the style of the other error messages. Specifically if I want to produce a table the same format of the other messages.
0
 
LVL 5

Expert Comment

by:prakashk021799
ID: 1214500
> If I want to change the look of the error message would I just modify the 'Invalid email address' part?

Yes. You can even print the value that they entered. Change the line to:

unless (&check_email($FORM{'email'})) {
    &ws_error('Invalid email address: ' . $FORM{'email'});
}

0
 
LVL 5

Expert Comment

by:prakashk021799
ID: 1214501
If you want to match the style of other error messages, you can do something like this:

Change the above code to:

unless (&check_email($FORM{'email'})) {
    &ws_error('invalid_email' , $FORM{'email'});
}

Later, at the end of the subroutine 'ws_error', before the 'else {' part (before the line 1382, but it might be different in your version), add the following code:

    elsif ($error eq 'invalid_email') {
        &error_header('Invalid E-mail Address');
        print "The email address you have entered <$error_file> is invalid.\n";
        print "Please enter the correct address..\n";
        print "</body></html>\n";
    }

0
 

Author Comment

by:Gary040897
ID: 1214502
That all works very nicely now.

Thanks!
0
 

Author Comment

by:Gary040897
ID: 1214503
Oh, I just realized, it's not prining the

print "Please enter the correct address..\n";

part
0
 

Author Comment

by:Gary040897
ID: 1214504
Actuall, it's not printing either of the two lines:

       print "The email address you have entered <$error_file> is invalid.\n";
             print "Please enter the correct address..\n";
0
 
LVL 5

Expert Comment

by:prakashk021799
ID: 1214505
Compare these two lines:

    &ws_error('invalid_email' , $FORM{'email'});

and

    elsif ($error eq 'invalid_email') {

Are they both have the same string ('invalid_email'). Also, in the first line, make sure that there two parameters ('invalid_email'  and $FORM{'email'}) separated by comma.
0
 

Author Comment

by:Gary040897
ID: 1214506
What I had was:

unless (&check_email($FORM{'email'})) {
&ws_error('Invalid email address: ' . $FORM{'email'});

which I changed to:

unless (&check_email($FORM{'email'})) {
&ws_error('invalid_email' , $FORM{'email'});

But I still don't see the <$error_file> inserted into the print line.

I just posted the version that's running in the scripts dir.
0
 
LVL 5

Expert Comment

by:prakashk021799
ID: 1214507
Its those damn angle brackets that are the culprits. The value is being printed in the output, but is not showing up in the browser. The reason is anything between < and > is treated as an HTML tag. Since there is no valid tag like <et> for example, the browser is conveniently ignoring it.

Change tha angle brackets to some other kind of brackets (pick any one of ( ), { }, [ ] pairs) in the following line:

print "The email address you have entered <$error_file> is invalid.\n";

It should work.
0
 
LVL 84

Expert Comment

by:ozo
ID: 1214508
# If the e-mail address contains:                                        #
if ($email =~ /(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)/ ||

    # the e-mail address contains an invalid syntax.  Or, if the         #
Actually, most of those are potentially valid in e-mail addresses.
(But such addresses are unusual enough that you may not lose much by excluding them, and you'd be more likely to see such sequences as a result of errors than in valid addresses)
0
 
LVL 84

Expert Comment

by:ozo
ID: 1214509
print "The email address you have entered &lt;$error_file&gt; is invalid.<br>\n";
#you may have to translate HTML characters in $error_file too
0
 

Author Comment

by:Gary040897
ID: 1214510
I changed that part of the line to read:

\"<font color=#0000FF>$error_file</font>\"

which seems to work ok.
0
 

Author Comment

by:Gary040897
ID: 1214511
for ozo:

Can you think of a better way to check syntax? I've used this line in FormMail.pl for a couple years now and I've yet to hear from anyone who could use the form. But that doesn't mean it's not happening sometime and I just don't know about it.
0
 

Author Comment

by:Gary040897
ID: 1214512
For ozo:

I mean "who couldn't use the form".
0
 

Author Comment

by:Gary040897
ID: 1214513
For ozo:

Sorry, I thought the line

if ($email =~ /(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)/ ||

was already in the checking script. Is this a change you are suggesting I implement in WebShop? Where?
0
 

Author Comment

by:Gary040897
ID: 1214514
For ozo:
Ok I see it in sub check_email. My cut and paste to "find" must have missed something in my text editor.
0
 

Author Comment

by:Gary040897
ID: 1214515
I've been working on the appearance of the error message so that it matches the blank fields error message. I have a problem when I try to run it from the command line. I have the following as the last part of ws_error:

      elsif ($error eq 'invalid_email') {
            print <<HTML_END};
<html>
<head>
      <title>Customer Alert: Invalid E-mail Address</title>
</head>
<body bgcolor=#FFFFFF text=#000000>
<center>
<table border=0 width=600 bgcolor=#9C9C9C>
<tr><th><font size=+2>Error: Invalid E-mail Address</font></th></tr>
</table>
<table border=0 width=600 bgcolor=#99CCCC>
<tr><td><h3>The email address \"<font color=#0000FF>$error_file</font>\" you have entered appears to be invalid.
<p>Please use your browser's BACK button and enter the correct address.
</h3></td></tr>
</table>
</center>
</body>
</html>
HTML_END

    else {
        &error_header($error);
        print "</body></html>\n";
    }
    exit;
}

########################################################

I get the message:

syntax error at WebShop.cgi line 1402, near "else"

and I don't know how to fix it. I got it to compile by using:

HTML_END
    exit;
}

This would check the email address properly but when I would fill in all the blanks on the form and try to finalize the transaction. I would also ways get the message in my browser that the document contains no data.
0
 

Author Comment

by:Gary040897
ID: 1214516
Typo above:

I would "always" get the message in my browser that the document contains no data.
0
 
LVL 84

Expert Comment

by:ozo
ID: 1214517
print <<HTML_END}
...
HTML_END
   else {
#or
print <<HTML_END;
...
   } else {
#(I'd think the latter would tend to be less confusing.)
0
 

Author Comment

by:Gary040897
ID: 1214518
Everything now works and looks like I wanted with this issue. Do both of you need to now propose an answer so I can accept and award points to each? Does ozo have any other comment or suggestion on email syntax verification?
0
 
LVL 5

Expert Comment

by:prakashk021799
ID: 1214519
I don't think two people can propose an "answer" for the same question. You have to decide whom you want to give the points. If you do want to give both, then you need to open a new question for the second person.
0
 

Author Comment

by:Gary040897
ID: 1214520
I was under the impression I could award points to both. If that's not the case then you (prakashk) have posted most of the replies that I've used so I would say that you should post an answer.
0
 
LVL 5

Accepted Solution

by:
prakashk021799 earned 800 total points
ID: 1214521
OK
0
 
LVL 5

Expert Comment

by:thoellri
ID: 1214522
Randal Schwartz says on http://web.stonehenge.com/merlyn/WebTechniques/col38.html

"Lines 49 through 51 validate the email address, using the Email::Valid module found in the CPAN (www.cpan.org). Please do not attempt to do this on your own. If you think you know what you're doing, please remember that nearly any character of the entire printable character set can appear in the local address (to the left of the @). If that's a surprise to you (and you thought it was just the alphanumerics or something), then go get Email::Valid instead. "

Which can be found here: http://theory.uwinnipeg.ca/scripts/CPAN/authors/id/MAURICE/Email-Valid-0.12.tar.gz

Just FYI
  Tobias



0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A year or so back I was asked to have a play with MongoDB; within half an hour I had downloaded (http://www.mongodb.org/downloads),  installed and started the daemon, and had a console window open. After an hour or two of playing at the command …
In the distant past (last year) I hacked together a little toy that would allow a couple of Manager types to query, preview, and extract data from a number of MongoDB instances, to their tool of choice: Excel (http://dilbert.com/strips/comic/2007-08…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Six Sigma Control Plans

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question