Solved

How to email form results to recipients by calling FormMail.pl from another form

Posted on 2002-06-13
19
374 Views
Last Modified: 2008-01-09
I'm using a perl script form that creates allow users to enter info a form field and submit the results. The results are updated to a csv file, which I'm able to convert into an html page. My one and major problem is getting the form results to email to a set of recipients.

I decided to use Matt Wright's FormMail as a sub/secondary-form that will handle emailing the form results to the recipients. I did this by using the following my createcsv.pl perl script

$mailresult=`/usr/local/opt/abcxyz/abc.xyz.com/cgi-bin/FormMail.pl`;
print $mailresult;

I submitted the form but instead got a "Bad Referer" from FormMail.pl  It also told me to add my 'abc.xyz.com' in the @referer, even though it was already there.

I tried moving the $mailresult line above to other sections within the createcsv but keep getting the same "Bad Referer".  I've used FormMail.pl to be called from other .pl scripts but never came across this problem.

Anyone can help, it's highly appreciated.
0
Comment
Question by:jamaica
  • 11
  • 7
19 Comments
 

Author Comment

by:jamaica
Comment Utility
Here's the exact error I got from FormMail.pl

Bad Referrer - Access Denied
The form attempting to use FormMail resides at http://abc.xyz.com/teststuff/test.html, which is not allowed to access this cgi script.
If you are attempting to configure FormMail to run with this form, you need to add the following to @referers, explained in detail in the README file.

Add abc.xyz.com' to your @referers array.
 
0
 
LVL 12

Expert Comment

by:lexxwern
Comment Utility
>  I submitted the form but instead got a "Bad Referer" from FormMail.pl  It also told me to add my 'abc.xyz.com'
in the @referer, even though it was already there.

where are you running the form from, is it your pc where you have the likes of apache installed. i think if you add "127.0.0.1" and your internet protocol / IP address to the @referer, it will work.
0
 

Author Comment

by:jamaica
Comment Utility
It's run from an apache server, so I'm running directly off the server box.

I decided to add the following line
require='usr/local/opt/abcxyz/abc.xyz.com/cgi-bin/FormMail.pl

This line executes FormMail.pl and emailed the form's results BUT it did not write the results to the csv file.
I got an error from the perl script that handles the csv file that the script was executed from html.  I have a print "Content-type: text/html","\n\n"; in the csv.

I'll add 127.0.0.1 and see what I get.

Thanks!


From: lexxwern  Date: 06/13/2002 09:57PM PST  
>
where are you running the form from, is it your pc where you have the likes of apache installed. i think
if you add "127.0.0.1" and your internet protocol / IP address to the @referer, it will work.  
0
 

Author Comment

by:jamaica
Comment Utility
Can anyone help me with this? It's really important and I'm trying everything in my resource capacity.
0
 
LVL 12

Expert Comment

by:lexxwern
Comment Utility
did you try adding your ip and 127.0.0.1/localhost in the @referer?
0
 

Author Comment

by:jamaica
Comment Utility
lexxwern, I added the ip 127.0.0.1 to the @referer but it  did not work.




From: lexxwern  Date: 06/16/2002 06:30PM PST  
did you try adding your ip and 127.0.0.1/localhost in the @referer?  
0
 
LVL 2

Expert Comment

by:nickjc
Comment Utility
http://nms-cgi.sourceforge.net/

A better version of formmail, and they have a support list where they help you get it working.
0
 
LVL 12

Expert Comment

by:lexxwern
Comment Utility
please post your code, there must be an error somewhere else.
0
 

Author Comment

by:jamaica
Comment Utility
lexxwern, here's a copy of the perl script that creates the csv.

I tried using the $mailresult, that would call the basic FormMail.pl and email the form results.

Thanks for the help!

=====
#!/usr/local/opt/bin/perl

print "Content-type: text/html","\n\n";

      $html_path="/opt/www/vhosts/xyz.abc.com/html/test/response.html";
      
      
#----------------- some things to set here ------------------#

# Enter a value of either "+" or "-". This depends on whether your local time
# is after or before GMT.

      $time_transfare_direction="-";

# Enter the difference value of hours between your local time and GMT.

      $time_transfare_hours="5";

# Enter the difference value of minutes between your local time and GMT.

      $time_transfare_minutes="0";

# You can leave this value, but you can also enter a number of seconds to
# calebrate your time by the second.

      $time_transfare_seconds="0";
      

# Enter field names you wish to make 'required'

      $require[0]="FirstName";
      $require[1]="LastName";
      $require[2]="Email";
      $require[3]="SBCUID";
      $require[4]="Telephone";
      $require[5]="Pager";
      $require[6]="ApplicationGroup";
      $require[7]="DirectorReportTo";
      $require[8]="ServiceName";
      $require[9]="Monitoring";
      $require[10]="ProvideDetailsOfMonitoring";



#----- this line uses matt wright's basic formmail for emailing results  --#

$mailresult=`/opt/www/vhosts/xyz.abc.com/cgi-bin/FormMail.pl`;
print $mailresult;

#----- this is the do the job section --------#

read(STDIN,$query_string,$ENV{'CONTENT_LENGTH'});
$time_gap=$time_transfare_seconds+($time_transfare_minutes*60)+($time_transfare_hours*60*60);
if($query_string !~ /\S|=/){
        &produce_error(
                "You Did not access the script through an HTML form"
                );
        }
unless($csv_file=&pick_up("file",$query_string)){
        &produce_error(
                "You did not provide your HTML form with a CSV file path."
                );
        }
@pairs=split("&",$query_string);
$l=0;
foreach $pair (@pairs){
        if($pair=~/[;<>&\*`|]/){
                &produce_error(
                        "Using [;<>&\*`|] meta-characters is frobidden for security reasons."
                        );
                }
        ($e_names[$l],$e_values[$l])=split("=",$pair);
        $e_names[$l]=~s/%([\dA-Fa-f][\dA-Fa-f])/pack("C",hex($1))/eg;
        $e_names[$l]=~tr/+/ /;
        $e_values[$l]=~s/%([\dA-Fa-f][\dA-Fa-f])/pack("C",hex($1))/eg;
        $e_values[$l]=~tr/+/ /;
        if($e_names[$l]=~/"|,/){
                $e_names[$l]=~s/"/""/g;
                $e_names[$l]="\"".$e_names[$l]."\"";
                }
        if($e_values[$l]=~/"|,/){
                $e_values[$l]=~s/"/""/g;
                $e_values[$l]="\"".$e_values[$l]."\"";
                }
        $l=$l+1;
        }
$l_e_names=@e_names;
$l_e_values=@e_values;
$l_require=@require;
foreach $value (@e_names){
        if(($value eq "date_local")||($value eq "time_local")||($value eq "date_gmt")||($value eq "time_gmt")||($value eq "http_referer")||($value eq "remote_host")||($value eq "remote_user")||($value eq "remote_addr")||($value eq "document_name")||($value eq "document_url")||($value eq "http_user_agent")||($value eq "#_record")||($value eq "user_email")||($value eq "#_approved")){
                &produce_error(
                        "You cannot modify CSVform reserved variables through HTML form fields"
                        );
                }
        }
if($l_require != 0){
        NEXT_REQ:
        foreach $req (@require){
                for($l=0;$l<=($l_e_names-1);$l=$l+1){
                        if($req eq ""){
                                next NEXT_REQ;
                                }
                        if($req=~/^$e_names[$l]$/){
                                $got_it="yes";
                                if($e_values[$l] !~ /\S/){
                                        &produce_error(
                                                "field \"$req\" is a required field and should not be left blank."
                                                );
                                        }
                                }
                        }
                if($got_it ne "yes"){
                        &produce_error(
                                "required field(s) is missing"
                                );
                        }
                $got_it="";
                }
        }
$l_if_mail=@if_mail;
if($l_if_mail != 0){
        NEXT_IF_M:
        foreach $if_m (@if_mail){
                for($l=0;$l<=($l_e_names-1);$l=$l+1){
                        if($if_m eq ""){
                                next NEXT_IF_M;
                                }
                        if($if_m=~/^$e_names[$l]$/){
                                if(&check_if_mail($e_values[$l]) ==0){
                                        &produce_error(
                                               "field \"$e_names[$l]\" should contain a valid e-mail address"
                                               );
                                        }
                                }
                        }
                }
        }
@csv_lines=&modify_CSV($csv_file);
$l_csv_lines=@csv_lines;
@headers=split(",",$csv_lines[0]);
$l_headers=@headers;
foreach $header (@headers){
        $header=&search_prepare($header);
        }
NEXT_HEADER:
for($b=0;$b<=($l_headers-1);$b=$b+1){
        for($c=0;$c<=($l_e_names-1);$c=$c+1){
                if($headers[$b] eq "date_gmt"){
                        ($secs,$mins,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=gmtime(time);
                        $b_date="\""."$mday".",".($mon+1).",".(1900+$year)."\"";
                        $new_line[$b]=$b_date;
                        next NEXT_HEADER;
                        }
                if($headers[$b] eq "date_local"){
                        $local_time=time;
                        if(($time_transfare_direction eq "")||($time_transfare_direction eq "+")){
                                $local_time=$local_time+$time_gap;
                                }
                        elsif($time_transfare_direction eq "-"){
                                $local_time=$local_time-$time_gap;
                                }
                                else{
                                        &produce_error(
                                                "You can only use \"+\" or \"-\" as value to variable \$time_transfare_direction"
                                                );
                                        }
                        ($secs,$mins,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=gmtime($local_time);
                        $c_date="\""."$mday".",".($mon+1).",".(1900+$year)."\"";
                        $new_line[$b]=$c_date;
                        next NEXT_HEADER;
                        }
                if($headers[$b] eq "time_local"){
                        $local_time=time;
                        if(($time_transfare_direction eq "")||($time_transfare_direction eq "+")){
                                $local_time=$local_time+$time_gap;
                                }
                        elsif($time_transfare_direction eq "-"){
                                $local_time=$local_time-$time_gap;
                                }
                                else{
                                        &produce_error(
                                                "You can only use \"+\" or \"-\" as value to variable \$time_transfare_direction"
                                                );
                                        }
                        ($secs,$mins,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=gmtime($local_time);
                        $c_time="$secs".":"."$mins".":"."$hour";
                        $new_line[$b]=$c_time;
                        next NEXT_HEADER;
                        }
                if($headers[$b] eq "time_gmt"){
                        ($secs,$mins,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=gmtime(time);
                        $b_time="$secs".":"."$mins".":"."$hour"." GMT";
                        $new_line[$b]=$b_time;
                        next NEXT_HEADER;
                        }
                if($headers[$b] eq "http_referer"){
                        $new_line[$b]=$ENV{'HTTP_REFERER'};
                        next NEXT_HEADER;
                        }
                if($headers[$b] eq "remote_host"){
                        $new_line[$b]=$ENV{'REMOTE_HOST'};
                        next NEXT_HEADER;
                        }
                if($headers[$b] eq "remote_addr"){
                        $new_line[$b]=$ENV{'REMOTE_ADDR'};
                        next NEXT_HEADER;
                        }
                if($headers[$b] eq "remote_user"){
                        $new_line[$b]=$ENV{'REMOTE_USER'};
                        next NEXT_HEADER;
                        }
                if($headers[$b] eq "document_name"){
                        $new_line[$b]=$ENV{'SCRIPT_NAME'};
                        next NEXT_HEADER;
                        }
                if($headers[$b] eq "document_url"){
                        $new_line[$b]=$ENV{'PATH_TRANSLATED'};
                        next NEXT_HEADER;
                        }
                if($headers[$b] eq "http_user_agent"){
                        $new_line[$b]=$ENV{'HTTP_USER_AGENT'};
                        next NEXT_HEADER;
                        }
                if($headers[$b] eq "#_record"){
                        $new_line[$b]=$l_csv_lines;
                        next NEXT_HEADER;
                        }
                if($headers[$b] eq "user_email"){
                        $new_line[$b]=$ENV{'HTTP_FROM'};
                        next NEXT_HEADER;
                        }
                if($headers[$b] eq "#_approved"){
                        $new_line[$b]="N";
                        next NEXT_HEADER;
                        }
                if($headers[$b] eq $e_names[$c]){
                        $new_line[$b]=$e_values[$c];
                        next NEXT_HEADER;
                        }
                }
        }
$l_new_line=@new_line;
if($l_new_line < 1){
        &produce_error(
                "Could not build a CSV database line.",
                "Please check that fields' names included in HTML form are identical to some",
                " headers in CSV file."
                );
        }

$produced_line=join(",",@new_line);
$produced_line .="\n";
if(open(CSV,">>$csv_file")){
        print CSV $produced_line;
        close(CSV);
        }
        else{
                &produce_error(
                        "Could not modify CSV file."
                        );
                }
if(open(HTML,$html_path)){
        @html_data=<HTML>;
        print "@html_data";
        }


close(CSV);
close(HTML);
exit(1);


sub check_if_mail{
        if(($_[0]=~/(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)/)||($_[0]!~/^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,3}|[0-9]{1,3})(\]?)$/)){
                return 0;                
                }
                else{
                        return 1;
                        }
        }
sub modify_CSV
{
if(open(CSV,$_[0])){
      }
      else{
                &produce_error(
                        "Can't open CSV file.",
                        "Please, check that you have provided the cgi script with correct CSV file path.",
                        );
      }
$ccc=0;
while($in_lin=<CSV>){
        if($in_lin!~/\S/){
                next;
                }
        $lines[$ccc]=$in_lin;
        $ccc=$ccc+1;
        }
$lines_length=@lines;
$lines_length=$lines_length-1;
for($l=0;$l<=$lines_length;$l=$l+1){
        $lines[$l]=~s/""/%01/g;
        while($lines[$l]=~/("[^"]+")/){
                $match=$1;
                $match=~s/"//g;
                $match=~s/,/%02/g;
                $lines[$l]=~s/("[^"]+")/$match/;
                }
        }
close(CSV);
chomp(@lines);
return @lines;
}  
sub search_prepare{
        $_[0]=~s/%01/"/g;
        $_[0]=~s/%02/,/g;
        return $_[0];
        }
sub produce_error
{
print "<HTML><HEAD><TITLE>Error message</TITLE><BODY>\n";
print "<img border=\"0\" src=\"http://middleware.sbc.com/images/rejected.gif\"><HR>";
print "<CENTER><IFRAME MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=NO WIDTH=468 HEIGHT=60></IFRAME></CENTER>";
print "<font face=\"Arial\"><B>Your intended use of the Datagate Install does not meet the minimum
              requirements for Middleware.<BR>Please ensure that you meet the minimum requirements before installing
              Datagate.</B></FONT><BR>";
print "<p align=\"center\"></p>";
print "<font face=\"Arial\">";
foreach $line (@_){
        print "<B></b>$line</B><BR>\n";
        }

print "<BR>Go back and revise your entries <a href=\"http://middleware.sbc.com\">Datagate Install</a>";
print "</FONT>";
print "<p align=\"center\"><font size=\"1\" face=\"Arial\"><a href=\"http://middleware.sbc.com\">Middleware.sbc.com</a></font></p><hr>";
print "<p align=\"right\"><b><font size=\"1\" face=\"Arial\">Contact Middleware<font color=\"#FF0000\"></font></font></b><font face=\"Arial\" size=\"1\"> <a href=\"mailto:midware\@momail.sbc.com\">middlewareweb</a></font></p>";
print "</BODY></HTML>";
exit(0);
return (1);
}
sub error_if_nonnumiric
{
if($val =~ /\D/){
        &produce_error(
                "Cannot use non-numiric values as right arguments of:",
                "1- Greater than.",
                "2- Less than.",
                "3- Equal or greater than.",
                "4- Equal or less than.",
                "Operators."
                );
        }
return (1);
}
sub sweep_spaces{
        $val=~s/^ +//;
        $val=~s/ +$//;
        $var=~s/^ +//;
        $var=~s/ +$//;
        }
sub translate_special_variables{
        ($secs,$mins,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=gmtime(time);
        $b_time="$secs".":"."$mins".":"."$hour"." GMT";
        $b_date="$mday".",".($mon+1).",".(1900+$year);
        $_[0]=~s/<<#_matches>>/$_[1]/isg;
        $_[0]=~s/<<#_total>>/$_[2]/isg;
        $_[0]=~s/<<#_date>>/$b_date/isg;
        $_[0]=~s/<<#_time>>/$b_time/isg;
        return $_[0];
        }
sub pick_up{
        if(($_[1]=~/^$_[0]=([^&\b]+)/i)||($_[1]=~/&$_[0]=([^&\b]+)/i)){
                $pick=$+;
                $pick=~s/%([\dA-Fa-f][\dA-Fa-f])/pack("C",hex($1))/eg;
                $pick=~tr/+/ /;
                $_[1]=~s/$_[0]=[^&\b]+//i;
                $_[1]=~s/&&/&/g;
                $_[1]=~s/^&//g;
                $_[1]=~s/&$//g;
                }
                else{
                        return 0;
                        }
        return $pick;
        }
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 12

Expert Comment

by:lexxwern
Comment Utility
hello,
in the file you provided i could not find @referer. please post the code where @referer is defined. it can be in some other file that you got whne you downloaded formmail.

0
 

Author Comment

by:jamaica
Comment Utility
@referer is coded in FormMail.pl.

Here's the codes for Matt Wright's basic formmail.


===Formmail.pl===

#!/usr/local/opt/bin/perl
##############################################################################
# FormMail                        Version 1.6                                #
# Copyright 1995-1997 Matt Wright mattw@worldwidemart.com                    #
# Created 06/09/95                Last Modified 05/02/97                     #
# Matt's Script Archive, Inc.:    http://www.worldwidemart.com/scripts/      #

$mailprog = '/usr/lib/sendmail';

# @referers allows forms to be located only on servers which are defined     #
# in this field.  This security fix from the last version which allowed      #
# anyone on any server to use your FormMail script on their web site.        #

@referers = ('xyz.abc.com','123.456.789.012','unixservername.abc.com','xyz','127.0.0.1');

# Done                                                                       #
##############################################################################

# Check Referring URL
&check_url;

# Retrieve Date
&get_date;

# Parse Form Contents
&parse_form;

# Check Required Fields
&check_required;

# Return HTML Page or Redirect User
&return_html;

# Send E-Mail
&send_mail;

sub check_url {

    # Localize the check_referer flag which determines if user is valid.     #
    local($check_referer) = 0;

    # If a referring URL was specified, for each valid referer, make sure    #
    # that a valid referring URL was passed to FormMail.                     #

    if ($ENV{'HTTP_REFERER'}) {
        foreach $referer (@referers) {
            if ($ENV{'HTTP_REFERER'} =~ m|https?://([^/]*)$referer|i) {
                $check_referer = 1;
                last;
            }
        }
    }
    else {
        $check_referer = 1;
    }

    # If the HTTP_REFERER was invalid, send back an error.                   #
    if ($check_referer != 1) { &error('bad_referer') }
}

sub get_date {

    # Define arrays for the day of the week and month of the year.           #
    @days   = ('Sunday','Monday','Tuesday','Wednesday',
               'Thursday','Friday','Saturday');
    @months = ('January','February','March','April','May','June','July',
               'August','September','October','November','December');

    # Get the current time and format the hour, minutes and seconds.  Add    #
    # 1900 to the year to get the full 4 digit year.                         #
    ($sec,$min,$hour,$mday,$mon,$year,$wday) = (localtime(time))[0,1,2,3,4,5,6];
    $time = sprintf("%02d:%02d:%02d",$hour,$min,$sec);
    $year += 1900;

    # Format the date.                                                       #
    $date = "$days[$wday], $months[$mon] $mday, $year at $time";

}

sub parse_form {

    # Define the configuration associative array.                            #
    %Config = ('recipient','',          'subject','',
               'Email','',              'RequestorName','',
               'redirect','',           'bgcolor','',
               'background','',         'link_color','',
               'vlink_color','',        'text_color','',
               'alink_color','',        'title','',
               'sort','',               'print_config','',
               'required','',           'env_report','',
               'return_link_title','',  'return_link_url','',
               'print_blank_fields','', 'missing_fields_redirect','');

    # Determine the form's REQUEST_METHOD (GET or POST) and split the form   #
    # fields up into their name-value pairs.  If the REQUEST_METHOD was      #
    # not GET or POST, send an error.                                        #
    if ($ENV{'REQUEST_METHOD'} eq 'GET') {
        # Split the name-value pairs
        @pairs = split(/&/, $ENV{'QUERY_STRING'});
    }
    elsif ($ENV{'REQUEST_METHOD'} eq 'POST') {
        # Get the input
        read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
 
        # Split the name-value pairs
        @pairs = split(/&/, $buffer);
    }
    else {
        &error('request_method');
    }

    # For each name-value pair:                                              #
    foreach $pair (@pairs) {

        # Split the pair up into individual variables.                       #
        local($name, $value) = split(/=/, $pair);
 
        # Decode the form encoding on the name and value variables.          #
        $name =~ tr/+/ /;
        $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

        $value =~ tr/+/ /;
        $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

        # If they try to include server side includes, erase them, so they
        # aren't a security risk if the html gets returned.  Another
        # security hole plugged up.
        $value =~ s/<!--(.|\n)*-->//g;

        # If the field name has been specified in the %Config array, it will #
        # return a 1 for defined($Config{$name}}) and we should associate    #
        # this value with the appropriate configuration variable.  If this   #
        # is not a configuration form field, put it into the associative     #
        # array %Form, appending the value with a ', ' if there is already a #
        # value present.  We also save the order of the form fields in the   #
        # @Field_Order array so we can use this order for the generic sort.  #
        if (defined($Config{$name})) {
            $Config{$name} = $value;
        }
        else {
            if ($Form{$name} && $value) {
                $Form{$name} = "$Form{$name}, $value";
            }
            elsif ($value) {
                push(@Field_Order,$name);
                $Form{$name} = $value;
            }
        }
    }

    # The next six lines remove any extra spaces or new lines from the       #
    # configuration variables, which may have been caused if your editor     #
    # wraps lines after a certain length or if you used spaces between field #
    # names or environment variables.                                        #
    $Config{'required'} =~ s/(\s+|\n)?,(\s+|\n)?/,/g;
    $Config{'required'} =~ s/(\s+)?\n+(\s+)?//g;
    $Config{'env_report'} =~ s/(\s+|\n)?,(\s+|\n)?/,/g;
    $Config{'env_report'} =~ s/(\s+)?\n+(\s+)?//g;
    $Config{'print_config'} =~ s/(\s+|\n)?,(\s+|\n)?/,/g;
    $Config{'print_config'} =~ s/(\s+)?\n+(\s+)?//g;

    # Split the configuration variables into individual field names.         #
    @Required = split(/,/,$Config{'required'});
    @Env_Report = split(/,/,$Config{'env_report'});
    @Print_Config = split(/,/,$Config{'print_config'});
}

sub check_required {

    # Localize the variables used in this subroutine.                        #
    local($require, @error);

    if (!$Config{'recipient'}) {
        if (!defined(%Form)) { &error('bad_referer') }
        else                 { &error('no_recipient') }
    }

    # For each require field defined in the form:                            #
    foreach $require (@Required) {

        # If the required field is the Email field, the syntax of the Email  #
        # address if checked to make sure it passes a valid syntax.          #
        if ($require eq 'Email' && !&check_Email($Config{$require})) {
            push(@error,$require);
        }

        # Otherwise, if the required field is a configuration field and it   #
        # has no value or has been filled in with a space, send an error.    #
        elsif (defined($Config{$require})) {
            if (!$Config{$require}) {
                push(@error,$require);
            }
        }

        # If it is a regular form field which has not been filled in or      #
        # filled in with a space, flag it as an error field.                 #
        elsif (!$Form{$require}) {
            push(@error,$require);
        }
    }

    # If any error fields have been found, send error message to the user.   #
    if (@error) { &error('missing_fields', @error) }
}

sub return_html {
    # Local variables used in this subroutine initialized.                   #
    local($key,$sort_order,$sorted_field);

    # If redirect option is used, print the redirectional location header.   #
    if ($Config{'redirect'}) {
        print "Location: $Config{'redirect'}\n\n";
    }

    # Otherwise, begin printing the response page.                           #
    else {

        # Print HTTP header and opening HTML tags.                           #
        print "Content-type: text/html\n\n";
        print "<html>\n <head>\n";

        # Print out title of page                                            #
        if ($Config{'title'}) { print "  <title>$Config{'title'}</title>\n" }
        else                  { print "  <title>Thank You</title>\n"        }

        print " </head>\n <body";

        # Get Body Tag Attributes                                            #
        &body_attributes;

        # Close Body Tag                                                     #
        print ">\n  <center>\n";

        # Print custom or generic title.                                     #
        if ($Config{'title'}) { print "   <h1>$Config{'title'}</h1>\n" }
        else { print "   <h1>Thank You For Filling Out This Form</h1>\n" }

        print "</center>\n";

        print "Below is what you submitted to $Config{'recipient'} on ";
        print "$date<p><hr size=1 width=75\%><p>\n";

        # Sort alphabetically if specified:                                  #
        if ($Config{'sort'} eq 'alphabetic') {
            foreach $field (sort keys %Form) {

                # If the field has a value or the print blank fields option  #
                # is turned on, print out the form field and value.          #
                if ($Config{'print_blank_fields'} || $Form{$field}) {
                    print "<b>$field:</b> $Form{$field}<p>\n";
                }
            }
        }

        # If a sort order is specified, sort the form fields based on that.  #
        elsif ($Config{'sort'} =~ /^order:.*,.*/) {

            # Set the temporary $sort_order variable to the sorting order,   #
            # remove extraneous line breaks and spaces, remove the order:    #
            # directive and split the sort fields into an array.             #
            $sort_order = $Config{'sort'};
            $sort_order =~ s/(\s+|\n)?,(\s+|\n)?/,/g;
            $sort_order =~ s/(\s+)?\n+(\s+)?//g;
            $sort_order =~ s/order://;
            @sorted_fields = split(/,/, $sort_order);

            # For each sorted field, if it has a value or the print blank    #
            # fields option is turned on print the form field and value.     #
            foreach $sorted_field (@sorted_fields) {
                if ($Config{'print_blank_fields'} || $Form{$sorted_field}) {
                    print "<b>$sorted_field:</b> $Form{$sorted_field}<p>\n";
                }
            }
        }

        # Otherwise, default to the order in which the fields were sent.     #
        else {

            # For each form field, if it has a value or the print blank      #
            # fields option is turned on print the form field and value.     #
            foreach $field (@Field_Order) {
                if ($Config{'print_blank_fields'} || $Form{$field}) {
                    print "<b>$field:</b> $Form{$field}<p>\n";
                }
            }
        }

        print "<p><hr size=1 width=75%><p>\n";

        # Check for a Return Link and print one if found.                    #
        if ($Config{'return_link_url'} && $Config{'return_link_title'}) {
            print "<ul>\n";
            print "<li><a href=\"$Config{'return_link_url'}\">$Config{'return_link_title'}</a>\n";
            print "</ul>\n";
        }

        # Print the page footer.                                             #
        print <<"(END HTML FOOTER)";
        <hr size=1 width=75%><p>
        <center><font size=-1><a href="http://www.worldwidemart.com/scripts/formmail.shtml">FormMail</a> V1.6 &copy; 1995 -1997  Matt Wright<br>
A Free Product of <a href="http://www.worldwidemart.com/scripts/">Matt's Script Archive, Inc.</a></font></center>
        </body>
       </html>
(END HTML FOOTER)
    }
}

sub send_mail {
    # Localize variables used in this subroutine.                            #
    local($print_config,$key,$sort_order,$sorted_field,$env_report);

    # Open The Mail Program
#    open(MAIL,"|$mailprog -t");
    if ($Config{'from_Email'}) { open(MAIL,"|$mailprog -f $Config{'Email'} -t"); }
    else                       { open(MAIL,"|$mailprog -t"); }

    print MAIL "To: $Config{'recipient'}\n";
      if ($Config{'cc_Email'}) { print MAIL "Cc: $Config{'Email'}\n"; }
    print MAIL "From: $Config{'Email'} ($Config{'RequestorName'})\n";


    # Check for Message Subject
    if ($Config{'subject'}) { print MAIL "Subject: $Config{'subject'}- VANTIVE NUMBER $Config{'vantive_result'}\n\n" }
    else                    { print MAIL "Subject: WWW Form Submission\n\n" }

    print MAIL "Below is the result of your MQSERIES CONFIG REQUEST form. **PLEASE NOTE VANTIVE NUMBER**  It was submitted by\n";
    print MAIL "$Config{'RequestorName'} ($Config{'Email'}) on $date $Config{'vantive_result'}\n";
    print MAIL "-" x 75 . "\n\n";

    if (@Print_Config) {
        foreach $print_config (@Print_Config) {
            if ($Config{$print_config}) {
                print MAIL "$print_config: $Config{$print_config}\n\n";
            }
        }
    }

    # Sort alphabetically if specified:                                      #
    if ($Config{'sort'} eq 'alphabetic') {
        foreach $field (sort keys %Form) {

            # If the field has a value or the print blank fields option      #
            # is turned on, print out the form field and value.              #
            if ($Config{'print_blank_fields'} || $Form{$field} ||
                $Form{$field} eq '0') {
                print MAIL "$field: $Form{$field}\n\n";
            }
        }
    }

    # If a sort order is specified, sort the form fields based on that.      #
    elsif ($Config{'sort'} =~ /^order:.*,.*/) {

        # Remove extraneous line breaks and spaces, remove the order:        #
        # directive and split the sort fields into an array.                 #
        $Config{'sort'} =~ s/(\s+|\n)?,(\s+|\n)?/,/g;
        $Config{'sort'} =~ s/(\s+)?\n+(\s+)?//g;
        $Config{'sort'} =~ s/order://;
        @sorted_fields = split(/,/, $Config{'sort'});

        # For each sorted field, if it has a value or the print blank        #
        # fields option is turned on print the form field and value.         #
        foreach $sorted_field (@sorted_fields) {
            if ($Config{'print_blank_fields'} || $Form{$sorted_field} ||
                $Form{$sorted_field} eq '0') {
                print MAIL "$sorted_field: $Form{$sorted_field}\n\n";
            }
        }
    }

    # Otherwise, default to the order in which the fields were sent.         #
    else {

        # For each form field, if it has a value or the print blank          #
        # fields option is turned on print the form field and value.         #
        foreach $field (@Field_Order) {
            if ($Config{'print_blank_fields'} || $Form{$field} ||
                $Form{$field} eq '0') {
                print MAIL "$field: $Form{$field}\n\n";
            }
        }
    }

    print MAIL "-" x 75 . "\n\n";

    # Send any specified Environment Variables to recipient.                 #
    foreach $env_report (@Env_Report) {
        if ($ENV{$env_report}) {
            print MAIL "$env_report: $ENV{$env_report}\n";
        }
    }

    close (MAIL);
}

sub check_Email {
    # Initialize local Email variable with input to subroutine.              #
    $Email = $_[0];

    # If the e-mail address contains:                                        #
    if ($Email =~ /(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)/ ||

        # the e-mail address contains an invalid syntax.  Or, if the         #
        # syntax does not match the following regular expression pattern     #
        # it fails basic syntax verification.                                #

        $Email !~ /^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,3}|[0-9]{1,3})(\]?)$/) {

        # Basic syntax requires:  one or more characters before the @ sign,  #
        # followed by an optional '[', then any number of letters, numbers,  #
        # dashes or periods (valid domain/IP characters) ending in a period  #
        # and then 2 or 3 letters (for domain suffixes) or 1 to 3 numbers    #
        # (for IP addresses).  An ending bracket is also allowed as it is    #
        # valid syntax to have an Email address like: user@[255.255.255.0]   #

        # Return a false value, since the e-mail address did not pass valid  #
        # syntax.                                                            #
        return 0;
    }

    else {

        # Return a true value, e-mail verification passed.                   #
        return 1;
    }
}

sub body_attributes {
    # Check for Background Color
    if ($Config{'bgcolor'}) { print " bgcolor=\"$Config{'bgcolor'}\"" }

    # Check for Background Image
    if ($Config{'background'}) { print " background=\"$Config{'background'}\"" }

    # Check for Link Color
    if ($Config{'link_color'}) { print " link=\"$Config{'link_color'}\"" }

    # Check for Visited Link Color
    if ($Config{'vlink_color'}) { print " vlink=\"$Config{'vlink_color'}\"" }

    # Check for Active Link Color
    if ($Config{'alink_color'}) { print " alink=\"$Config{'alink_color'}\"" }

    # Check for Body Text Color
    if ($Config{'text_color'}) { print " text=\"$Config{'text_color'}\"" }
}

sub error {
    # Localize variables and assign subroutine input.                        #
    local($error,@error_fields) = @_;
    local($host,$missing_field,$missing_field_list);

    if ($error eq 'bad_referer') {
        if ($ENV{'HTTP_REFERER'} =~ m|^https?://([\w\.]+)|i) {
            $host = $1;
            print <<"(END ERROR HTML)";
Content-type: text/html

<html>
 <head>
  <title>Bad Referrer - Access Denied</title>
 </head>
 <body bgcolor=#FFFFFF text=#000000>
  <center>
   <table border=0 width=600 bgcolor=#9C9C9C>
    <tr><th><font size=+2>Bad Referrer - Access Denied</font></th></tr>
   </table>
   <table border=0 width=600 bgcolor=#CFCFCF>
    <tr><td>The form attempting to use
     <a href="http://www.worldwidemart.com/scripts/formmail.shtml">FormMail</a>
     resides at <tt>$ENV{'HTTP_REFERER'}</tt>, which is not allowed to access
     this cgi script.<p>

     If you are attempting to configure FormMail to run with this form, you need
     to add the following to \@referers, explained in detail in the README file.<p>

     Add <tt>'$host'</tt> to your <tt><b>\@referers</b></tt> array.<hr size=1>
     <center><font size=-1>
      <a href="http://www.worldwidemart.com/scripts/formmail.shtml">FormMail</a> V1.6 &copy; 1995 - 1997  Matt Wright<br>
      A Free Product of <a href="http://www.worldwidemart.com/scripts/">Matt's Script Archive, Inc.</a>
     </font></center>
    </td></tr>
   </table>
  </center>
 </body>
</html>
(END ERROR HTML)
        }
        else {
            print <<"(END ERROR HTML)";
Content-type: text/html

<html>
 <head>
  <title>FormMail v1.6</title>
 </head>
 <body bgcolor=#FFFFFF text=#000000>
  <center>
   <table border=0 width=600 bgcolor=#9C9C9C>
    <tr><th><font size=+2>FormMail</font></th></tr>
   </table>
   <table border=0 width=600 bgcolor=#CFCFCF>
    <tr><th><tt><font size=+1>Copyright 1995 - 1997 Matt Wright<br>
        Version 1.6 - Released May 02, 1997<br>
        A Free Product of <a href="http://www.worldwidemart.com/scripts/">Matt's Script Archive,
        Inc.</a></font></tt></th></tr>
   </table>
  </center>
 </body>
</html>
(END ERROR HTML)
        }
    }

    elsif ($error eq 'request_method') {
            print <<"(END ERROR HTML)";
Content-type: text/html

<html>
 <head>
  <title>Error: Request Method</title>
 </head>
 <body bgcolor=#FFFFFF text=#000000>
  <center>
   <table border=0 width=600 bgcolor=#9C9C9C>
    <tr><th><font size=+2>Error: Request Method</font></th></tr>
   </table>
   <table border=0 width=600 bgcolor=#CFCFCF>
    <tr><td>The Request Method of the Form you submitted did not match
     either <tt>GET</tt> or <tt>POST</tt>.  Please check the form and make sure the
     <tt>method=</tt> statement is in upper case and matches <tt>GET</tt> or <tt>POST</tt>.<p>

     <center><font size=-1>
      <a href="http://www.worldwidemart.com/scripts/formmail.shtml">FormMail</a> V1.6 &copy; 1995 - 1997  Matt Wright<br>
      A Free Product of <a href="http://www.worldwidemart.com/scripts/">Matt's Script Archive, Inc.</a>
     </font></center>
    </td></tr>
   </table>
  </center>
 </body>
</html>
(END ERROR HTML)
    }

    elsif ($error eq 'no_recipient') {
            print <<"(END ERROR HTML)";
Content-type: text/html

<html>
 <head>
  <title>Error: No Recipient</title>
 </head>
 <body bgcolor=#FFFFFF text=#000000>
  <center>
   <table border=0 width=600 bgcolor=#9C9C9C>
    <tr><th><font size=+2>Error: No Recipient</font></th></tr>
   </table>
   <table border=0 width=600 bgcolor=#CFCFCF>
    <tr><td>No Recipient was specified in the data sent to FormMail.  Please
     make sure you have filled in the 'recipient' form field with an e-mail
     address.  More information on filling in recipient form fields can be
     found in the README file.<hr size=1>

     <center><font size=-1>
      <a href="http://www.worldwidemart.com/scripts/formmail.shtml">FormMail</a> V1.6 &copy; 1995 - 1997  Matt Wright<br>
      A Free Product of <a href="http://www.worldwidemart.com/scripts/">Matt's Script Archive, Inc.</a>
     </font></center>
    </td></tr>
   </table>
  </center>
 </body>
</html>
(END ERROR HTML)
    }

    elsif ($error eq 'missing_fields') {
        if ($Config{'missing_fields_redirect'}) {
            print "Location: $Config{'missing_fields_redirect'}\n\n";
        }
        else {
            foreach $missing_field (@error_fields) {
                $missing_field_list .= "      <li>$missing_field\n";
            }

            print <<"(END ERROR HTML)";
Content-type: text/html

<html>
 <head>
  <title>Error: Blank Fields</title>
 </head>
  <center>
   <table border=0 width=600 bgcolor=#9C9C9C>
    <tr><th><font size=+2>Error: Blank Fields</font></th></tr>
   </table>
   <table border=0 width=600 bgcolor=#CFCFCF>
    <tr><td>The following fields were left blank in your submission form:<p>
     <ul>
$missing_field_list
     </ul><br>

     These fields must be filled in before you can successfully submit the form.<p>
     Please use your browser's back button to return to the form and try again.<hr size=1>
     <center><font size=-1>
      <a href="http://www.worldwidemart.com/scripts/formmail.shtml">FormMail</a> V1.6 &copy; 1995 - 1997  Matt Wright<br>
      A Free Product of <a href="http://www.worldwidemart.com/scripts/">Matt's Script Archive, Inc.</a>
     </font></center>
    </td></tr>
   </table>
  </center>
 </body>
</html>
(END ERROR HTML)
        }
    }
    exit;
}

0
 
LVL 12

Expert Comment

by:lexxwern
Comment Utility
#!/usr/local/opt/bin/perl
##############################################################################
# FormMail                        Version 1.6                                #
# Copyright 1995-1997 Matt Wright mattw@worldwidemart.com                    #
# Created 06/09/95                Last Modified 05/02/97                     #
# Matt's Script Archive, Inc.:    http://www.worldwidemart.com/scripts/     #

$mailprog = '/usr/lib/sendmail';

# @referers allows forms to be located only on servers which are defined     #
# in this field.  This security fix from the last version which allowed      #
# anyone on any server to use your FormMail script on their web site.        #

@referers = ('xyz.abc.com','123.456.789.012','unixservername.abc.com','xyz','127.0.0.1');

# Done                                                                       #
##############################################################################

# Check Referring URL
&check_url;

# Retrieve Date
&get_date;

# Parse Form Contents
&parse_form;

# Check Required Fields
&check_required;

# Return HTML Page or Redirect User
&return_html;

# Send E-Mail
&send_mail;

sub check_url {

   # Localize the check_referer flag which determines if user is valid.     #
   local($check_referer) = 1;

   # If a referring URL was specified, for each valid referer, make sure    #
   # that a valid referring URL was passed to FormMail.                     #


   # If the HTTP_REFERER was invalid, send back an error.                   #
   if ($check_referer != 1) { &error('bad_referer') }
}

sub get_date {

   # Define arrays for the day of the week and month of the year.           #
   @days   = ('Sunday','Monday','Tuesday','Wednesday',
              'Thursday','Friday','Saturday');
   @months = ('January','February','March','April','May','June','July',
              'August','September','October','November','December');

   # Get the current time and format the hour, minutes and seconds.  Add    #
   # 1900 to the year to get the full 4 digit year.                         #
   ($sec,$min,$hour,$mday,$mon,$year,$wday) = (localtime(time))[0,1,2,3,4,5,6];
   $time = sprintf("%02d:%02d:%02d",$hour,$min,$sec);
   $year += 1900;

   # Format the date.                                                       #
   $date = "$days[$wday], $months[$mon] $mday, $year at $time";

}

sub parse_form {

   # Define the configuration associative array.                            #
   %Config = ('recipient','',          'subject','',
              'Email','',              'RequestorName','',
              'redirect','',           'bgcolor','',
              'background','',         'link_color','',
              'vlink_color','',        'text_color','',
              'alink_color','',        'title','',
              'sort','',               'print_config','',
              'required','',           'env_report','',
              'return_link_title','',  'return_link_url','',
              'print_blank_fields','', 'missing_fields_redirect','');

   # Determine the form's REQUEST_METHOD (GET or POST) and split the form   #
   # fields up into their name-value pairs.  If the REQUEST_METHOD was      #
   # not GET or POST, send an error.                                        #
   if ($ENV{'REQUEST_METHOD'} eq 'GET') {
       # Split the name-value pairs
       @pairs = split(/&/, $ENV{'QUERY_STRING'});
   }
   elsif ($ENV{'REQUEST_METHOD'} eq 'POST') {
       # Get the input
       read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});

       # Split the name-value pairs
       @pairs = split(/&/, $buffer);
   }
   else {
       &error('request_method');
   }

   # For each name-value pair:                                              #
   foreach $pair (@pairs) {

       # Split the pair up into individual variables.                       #
       local($name, $value) = split(/=/, $pair);

       # Decode the form encoding on the name and value variables.          #
       $name =~ tr/+/ /;
       $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

       $value =~ tr/+/ /;
       $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

       # If they try to include server side includes, erase them, so they
       # aren't a security risk if the html gets returned.  Another
       # security hole plugged up.
       $value =~ s/<!--(.|\n)*-->//g;

       # If the field name has been specified in the %Config array, it will #
       # return a 1 for defined($Config{$name}}) and we should associate    #
       # this value with the appropriate configuration variable.  If this   #
       # is not a configuration form field, put it into the associative     #
       # array %Form, appending the value with a ', ' if there is already a #
       # value present.  We also save the order of the form fields in the   #
       # @Field_Order array so we can use this order for the generic sort.  #
       if (defined($Config{$name})) {
           $Config{$name} = $value;
       }
       else {
           if ($Form{$name} && $value) {
               $Form{$name} = "$Form{$name}, $value";
           }
           elsif ($value) {
               push(@Field_Order,$name);
               $Form{$name} = $value;
           }
       }
   }

   # The next six lines remove any extra spaces or new lines from the       #
   # configuration variables, which may have been caused if your editor     #
   # wraps lines after a certain length or if you used spaces between field #
   # names or environment variables.                                        #
   $Config{'required'} =~ s/(\s+|\n)?,(\s+|\n)?/,/g;
   $Config{'required'} =~ s/(\s+)?\n+(\s+)?//g;
   $Config{'env_report'} =~ s/(\s+|\n)?,(\s+|\n)?/,/g;
   $Config{'env_report'} =~ s/(\s+)?\n+(\s+)?//g;
   $Config{'print_config'} =~ s/(\s+|\n)?,(\s+|\n)?/,/g;
   $Config{'print_config'} =~ s/(\s+)?\n+(\s+)?//g;

   # Split the configuration variables into individual field names.         #
   @Required = split(/,/,$Config{'required'});
   @Env_Report = split(/,/,$Config{'env_report'});
   @Print_Config = split(/,/,$Config{'print_config'});
}

sub check_required {

   # Localize the variables used in this subroutine.                        #
   local($require, @error);

   if (!$Config{'recipient'}) {
       if (!defined(%Form)) { &error('bad_referer') }
       else                 { &error('no_recipient') }
   }

   # For each require field defined in the form:                            #
   foreach $require (@Required) {

       # If the required field is the Email field, the syntax of the Email  #
       # address if checked to make sure it passes a valid syntax.          #
       if ($require eq 'Email' && !&check_Email($Config{$require})) {
           push(@error,$require);
       }

       # Otherwise, if the required field is a configuration field and it   #
       # has no value or has been filled in with a space, send an error.    #
       elsif (defined($Config{$require})) {
           if (!$Config{$require}) {
               push(@error,$require);
           }
       }

       # If it is a regular form field which has not been filled in or      #
       # filled in with a space, flag it as an error field.                 #
       elsif (!$Form{$require}) {
           push(@error,$require);
       }
   }

   # If any error fields have been found, send error message to the user.   #
   if (@error) { &error('missing_fields', @error) }
}

sub return_html {
   # Local variables used in this subroutine initialized.                   #
   local($key,$sort_order,$sorted_field);

   # If redirect option is used, print the redirectional location header.   #
   if ($Config{'redirect'}) {
       print "Location: $Config{'redirect'}\n\n";
   }

   # Otherwise, begin printing the response page.                           #
   else {

       # Print HTTP header and opening HTML tags.                           #
       print "Content-type: text/html\n\n";
       print "<html>\n <head>\n";

       # Print out title of page                                            #
       if ($Config{'title'}) { print "  <title>$Config{'title'}</title>\n" }
       else                  { print "  <title>Thank You</title>\n"        }

       print " </head>\n <body";

       # Get Body Tag Attributes                                            #
       &body_attributes;

       # Close Body Tag                                                     #
       print ">\n  <center>\n";

       # Print custom or generic title.                                     #
       if ($Config{'title'}) { print "   <h1>$Config{'title'}</h1>\n" }
       else { print "   <h1>Thank You For Filling Out This Form</h1>\n" }

       print "</center>\n";

       print "Below is what you submitted to $Config{'recipient'} on ";
       print "$date<p><hr size=1 width=75\%><p>\n";

       # Sort alphabetically if specified:                                  #
       if ($Config{'sort'} eq 'alphabetic') {
           foreach $field (sort keys %Form) {

               # If the field has a value or the print blank fields option  #
               # is turned on, print out the form field and value.          #
               if ($Config{'print_blank_fields'} || $Form{$field}) {
                   print "<b>$field:</b> $Form{$field}<p>\n";
               }
           }
       }

       # If a sort order is specified, sort the form fields based on that.  #
       elsif ($Config{'sort'} =~ /^order:.*,.*/) {

           # Set the temporary $sort_order variable to the sorting order,   #
           # remove extraneous line breaks and spaces, remove the order:    #
           # directive and split the sort fields into an array.             #
           $sort_order = $Config{'sort'};
           $sort_order =~ s/(\s+|\n)?,(\s+|\n)?/,/g;
           $sort_order =~ s/(\s+)?\n+(\s+)?//g;
           $sort_order =~ s/order://;
           @sorted_fields = split(/,/, $sort_order);

           # For each sorted field, if it has a value or the print blank    #
           # fields option is turned on print the form field and value.     #
           foreach $sorted_field (@sorted_fields) {
               if ($Config{'print_blank_fields'} || $Form{$sorted_field}) {
                   print "<b>$sorted_field:</b> $Form{$sorted_field}<p>\n";
               }
           }
       }

       # Otherwise, default to the order in which the fields were sent.     #
       else {

           # For each form field, if it has a value or the print blank      #
           # fields option is turned on print the form field and value.     #
           foreach $field (@Field_Order) {
               if ($Config{'print_blank_fields'} || $Form{$field}) {
                   print "<b>$field:</b> $Form{$field}<p>\n";
               }
           }
       }

       print "<p><hr size=1 width=75%><p>\n";

       # Check for a Return Link and print one if found.                    #
       if ($Config{'return_link_url'} && $Config{'return_link_title'}) {
           print "<ul>\n";
           print "<li><a href=\"$Config{'return_link_url'}\">$Config{'return_link_title'}</a>\n";
           print "</ul>\n";
       }

       # Print the page footer.                                             #
       print <<"(END HTML FOOTER)";
       <hr size=1 width=75%><p>
       <center><font size=-1><a href="http://www.worldwidemart.com/scripts/formmail.shtml">FormMail</a> V1.6 &copy; 1995 -1997  Matt Wright<br>
A Free Product of <a href="http://www.worldwidemart.com/scripts/">Matt's Script Archive, Inc.</a></font></center>
       </body>
      </html>
(END HTML FOOTER)
   }
}

sub send_mail {
   # Localize variables used in this subroutine.                            #
   local($print_config,$key,$sort_order,$sorted_field,$env_report);

   # Open The Mail Program
#    open(MAIL,"|$mailprog -t");
   if ($Config{'from_Email'}) { open(MAIL,"|$mailprog -f $Config{'Email'} -t"); }
   else                       { open(MAIL,"|$mailprog -t"); }

   print MAIL "To: $Config{'recipient'}\n";
     if ($Config{'cc_Email'}) { print MAIL "Cc: $Config{'Email'}\n"; }
   print MAIL "From: $Config{'Email'} ($Config{'RequestorName'})\n";


   # Check for Message Subject
   if ($Config{'subject'}) { print MAIL "Subject: $Config{'subject'}- VANTIVE NUMBER $Config{'vantive_result'}\n\n"
}
   else                    { print MAIL "Subject: WWW Form Submission\n\n" }

   print MAIL "Below is the result of your MQSERIES CONFIG REQUEST form. **PLEASE NOTE VANTIVE NUMBER**
 It was submitted by\n";
   print MAIL "$Config{'RequestorName'} ($Config{'Email'}) on $date $Config{'vantive_result'}\n";
   print MAIL "-" x 75 . "\n\n";

   if (@Print_Config) {
       foreach $print_config (@Print_Config) {
           if ($Config{$print_config}) {
               print MAIL "$print_config: $Config{$print_config}\n\n";
           }
       }
   }

   # Sort alphabetically if specified:                                      #
   if ($Config{'sort'} eq 'alphabetic') {
       foreach $field (sort keys %Form) {

           # If the field has a value or the print blank fields option      #
           # is turned on, print out the form field and value.              #
           if ($Config{'print_blank_fields'} || $Form{$field} ||
               $Form{$field} eq '0') {
               print MAIL "$field: $Form{$field}\n\n";
           }
       }
   }

   # If a sort order is specified, sort the form fields based on that.      #
   elsif ($Config{'sort'} =~ /^order:.*,.*/) {

       # Remove extraneous line breaks and spaces, remove the order:        #
       # directive and split the sort fields into an array.                 #
       $Config{'sort'} =~ s/(\s+|\n)?,(\s+|\n)?/,/g;
       $Config{'sort'} =~ s/(\s+)?\n+(\s+)?//g;
       $Config{'sort'} =~ s/order://;
       @sorted_fields = split(/,/, $Config{'sort'});

       # For each sorted field, if it has a value or the print blank        #
       # fields option is turned on print the form field and value.         #
       foreach $sorted_field (@sorted_fields) {
           if ($Config{'print_blank_fields'} || $Form{$sorted_field} ||
               $Form{$sorted_field} eq '0') {
               print MAIL "$sorted_field: $Form{$sorted_field}\n\n";
           }
       }
   }

   # Otherwise, default to the order in which the fields were sent.         #
   else {

       # For each form field, if it has a value or the print blank          #
       # fields option is turned on print the form field and value.         #
       foreach $field (@Field_Order) {
           if ($Config{'print_blank_fields'} || $Form{$field} ||
               $Form{$field} eq '0') {
               print MAIL "$field: $Form{$field}\n\n";
           }
       }
   }

   print MAIL "-" x 75 . "\n\n";

   # Send any specified Environment Variables to recipient.                 #
   foreach $env_report (@Env_Report) {
       if ($ENV{$env_report}) {
           print MAIL "$env_report: $ENV{$env_report}\n";
       }
   }

   close (MAIL);
}

sub check_Email {
   # Initialize local Email variable with input to subroutine.              #
   $Email = $_[0];

   # If the e-mail address contains:                                        #
   if ($Email =~ /(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)/ ||

       # the e-mail address contains an invalid syntax.  Or, if the         #
       # syntax does not match the following regular expression pattern     #
       # it fails basic syntax verification.                                #

       $Email !~ /^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,3}|[0-9]{1,3})(\]?)$/) {

       # Basic syntax requires:  one or more characters before the @ sign,  #
       # followed by an optional '[', then any number of letters, numbers,  #
       # dashes or periods (valid domain/IP characters) ending in a period  #
       # and then 2 or 3 letters (for domain suffixes) or 1 to 3 numbers    #
       # (for IP addresses).  An ending bracket is also allowed as it is    #
       # valid syntax to have an Email address like: user@[255.255.255.0]   #

       # Return a false value, since the e-mail address did not pass valid  #
       # syntax.                                                            #
       return 0;
   }

   else {

       # Return a true value, e-mail verification passed.                   #
       return 1;
   }
}

sub body_attributes {
   # Check for Background Color
   if ($Config{'bgcolor'}) { print " bgcolor=\"$Config{'bgcolor'}\"" }

   # Check for Background Image
   if ($Config{'background'}) { print " background=\"$Config{'background'}\"" }

   # Check for Link Color
   if ($Config{'link_color'}) { print " link=\"$Config{'link_color'}\"" }

   # Check for Visited Link Color
   if ($Config{'vlink_color'}) { print " vlink=\"$Config{'vlink_color'}\"" }

   # Check for Active Link Color
   if ($Config{'alink_color'}) { print " alink=\"$Config{'alink_color'}\"" }

   # Check for Body Text Color
   if ($Config{'text_color'}) { print " text=\"$Config{'text_color'}\"" }
}

sub error {
   # Localize variables and assign subroutine input.                        #
   local($error,@error_fields) = @_;
   local($host,$missing_field,$missing_field_list);

   if ($error eq 'bad_referer') {
       if ($ENV{'HTTP_REFERER'} =~ m|^https?://([\w\.]+)|i) {
           $host = $1;
           print <<"(END ERROR HTML)";
Content-type: text/html

<html>
<head>
 <title>Bad Referrer - Access Denied</title>
</head>
<body bgcolor=#FFFFFF text=#000000>
 <center>
  <table border=0 width=600 bgcolor=#9C9C9C>
   <tr><th><font size=+2>Bad Referrer - Access Denied</font></th></tr>
  </table>
  <table border=0 width=600 bgcolor=#CFCFCF>
   <tr><td>The form attempting to use
    <a href="http://www.worldwidemart.com/scripts/formmail.shtml">FormMail</a>
    resides at <tt>$ENV{'HTTP_REFERER'}</tt>, which is not allowed to access
    this cgi script.<p>

    If you are attempting to configure FormMail to run with this form, you need
    to add the following to \@referers, explained in detail in the README file.<p>

    Add <tt>'$host'</tt> to your <tt><b>\@referers</b></tt> array.<hr size=1>
    <center><font size=-1>
     <a href="http://www.worldwidemart.com/scripts/formmail.shtml">FormMail</a> V1.6 &copy; 1995 - 1997  Matt Wright<br>
     A Free Product of <a href="http://www.worldwidemart.com/scripts/">Matt's Script Archive, Inc.</a>
    </font></center>
   </td></tr>
  </table>
 </center>
</body>
</html>
(END ERROR HTML)
       }
       else {
           print <<"(END ERROR HTML)";
Content-type: text/html

<html>
<head>
 <title>FormMail v1.6</title>
</head>
<body bgcolor=#FFFFFF text=#000000>
 <center>
  <table border=0 width=600 bgcolor=#9C9C9C>
   <tr><th><font size=+2>FormMail</font></th></tr>
  </table>
  <table border=0 width=600 bgcolor=#CFCFCF>
   <tr><th><tt><font size=+1>Copyright 1995 - 1997 Matt Wright<br>
       Version 1.6 - Released May 02, 1997<br>
       A Free Product of <a href="http://www.worldwidemart.com/scripts/">Matt's Script Archive,
       Inc.</a></font></tt></th></tr>
  </table>
 </center>
</body>
</html>
(END ERROR HTML)
       }
   }

   elsif ($error eq 'request_method') {
           print <<"(END ERROR HTML)";
Content-type: text/html

<html>
<head>
 <title>Error: Request Method</title>
</head>
<body bgcolor=#FFFFFF text=#000000>
 <center>
  <table border=0 width=600 bgcolor=#9C9C9C>
   <tr><th><font size=+2>Error: Request Method</font></th></tr>
  </table>
  <table border=0 width=600 bgcolor=#CFCFCF>
   <tr><td>The Request Method of the Form you submitted did not match
    either <tt>GET</tt> or <tt>POST</tt>.  Please check the form and make sure the
    <tt>method=</tt> statement is in upper case and matches <tt>GET</tt> or <tt>POST</tt>.<p>

    <center><font size=-1>
     <a href="http://www.worldwidemart.com/scripts/formmail.shtml">FormMail</a> V1.6 &copy; 1995 - 1997  Matt Wright<br>
     A Free Product of <a href="http://www.worldwidemart.com/scripts/">Matt's Script Archive, Inc.</a>
    </font></center>
   </td></tr>
  </table>
 </center>
</body>
</html>
(END ERROR HTML)
   }

   elsif ($error eq 'no_recipient') {
           print <<"(END ERROR HTML)";
Content-type: text/html

<html>
<head>
 <title>Error: No Recipient</title>
</head>
<body bgcolor=#FFFFFF text=#000000>
 <center>
  <table border=0 width=600 bgcolor=#9C9C9C>
   <tr><th><font size=+2>Error: No Recipient</font></th></tr>
  </table>
  <table border=0 width=600 bgcolor=#CFCFCF>
   <tr><td>No Recipient was specified in the data sent to FormMail.  Please
    make sure you have filled in the 'recipient' form field with an e-mail
    address.  More information on filling in recipient form fields can be
    found in the README file.<hr size=1>

    <center><font size=-1>
     <a href="http://www.worldwidemart.com/scripts/formmail.shtml">FormMail</a> V1.6 &copy; 1995 - 1997  Matt Wright<br>
     A Free Product of <a href="http://www.worldwidemart.com/scripts/">Matt's Script Archive, Inc.</a>
    </font></center>
   </td></tr>
  </table>
 </center>
</body>
</html>
(END ERROR HTML)
   }

   elsif ($error eq 'missing_fields') {
       if ($Config{'missing_fields_redirect'}) {
           print "Location: $Config{'missing_fields_redirect'}\n\n";
       }
       else {
           foreach $missing_field (@error_fields) {
               $missing_field_list .= "      <li>$missing_field\n";
           }

           print <<"(END ERROR HTML)";
Content-type: text/html

<html>
<head>
 <title>Error: Blank Fields</title>
</head>
 <center>
  <table border=0 width=600 bgcolor=#9C9C9C>
   <tr><th><font size=+2>Error: Blank Fields</font></th></tr>
  </table>
  <table border=0 width=600 bgcolor=#CFCFCF>
   <tr><td>The following fields were left blank in your submission form:<p>
    <ul>
$missing_field_list
    </ul><br>

    These fields must be filled in before you can successfully submit the form.<p>
    Please use your browser's back button to return to the form and try again.<hr size=1>
    <center><font size=-1>
     <a href="http://www.worldwidemart.com/scripts/formmail.shtml">FormMail</a> V1.6 &copy; 1995 - 1997  Matt Wright<br>
     A Free Product of <a href="http://www.worldwidemart.com/scripts/">Matt's Script Archive, Inc.</a>
    </font></center>
   </td></tr>
  </table>
 </center>
</body>
</html>
(END ERROR HTML)
       }
   }
   exit;
}






i modified it . this should work.
0
 

Author Comment

by:jamaica
Comment Utility
lexx, thank you for all your effort put into this but I'm still not getting it to work, i.e., the sendmail isn't going through to the recipient -- no mail sent through and getting the "Bad Referer" error shown below.

Content-type: text/html
Bad Referrer - Access Denied
The form attempting to use FormMail resides at http://xyz.abc.com/test/test.html, which is not allowed to access this cgi script.
If you are attempting to configure FormMail to run with this form, you need to add the following to @referers, explained in detail in the README file.

Add 'xyz.abc.com' to your @referers array.



 
0
 
LVL 12

Accepted Solution

by:
lexxwern earned 100 total points
Comment Utility
try this please.







#!/usr/local/opt/bin/perl
##############################################################################
# FormMail                        Version 1.6                                #
# Copyright 1995-1997 Matt Wright mattw@worldwidemart.com                    #
# Created 06/09/95                Last Modified 05/02/97                     #
# Matt's Script Archive, Inc.:    http://www.worldwidemart.com/scripts/    #

$mailprog = '/usr/lib/sendmail';

# @referers allows forms to be located only on servers which are defined     #
# in this field.  This security fix from the last version which allowed      #
# anyone on any server to use your FormMail script on their web site.        #

@referers = ('xyz.abc.com','123.456.789.012','unixservername.abc.com','xyz','127.0.0.1');

# Done                                                                       #
##############################################################################

# Check Referring URL
&check_url;

# Retrieve Date
&get_date;

# Parse Form Contents
&parse_form;

# Check Required Fields
&check_required;

# Return HTML Page or Redirect User
&return_html;

# Send E-Mail
&send_mail;

sub check_url {

}

sub get_date {

  # Define arrays for the day of the week and month of the year.           #
  @days   = ('Sunday','Monday','Tuesday','Wednesday',
             'Thursday','Friday','Saturday');
  @months = ('January','February','March','April','May','June','July',
             'August','September','October','November','December');

  # Get the current time and format the hour, minutes and seconds.  Add    #
  # 1900 to the year to get the full 4 digit year.                         #
  ($sec,$min,$hour,$mday,$mon,$year,$wday) = (localtime(time))[0,1,2,3,4,5,6];
  $time = sprintf("%02d:%02d:%02d",$hour,$min,$sec);
  $year += 1900;

  # Format the date.                                                       #
  $date = "$days[$wday], $months[$mon] $mday, $year at $time";

}

sub parse_form {

  # Define the configuration associative array.                            #
  %Config = ('recipient','',          'subject','',
             'Email','',              'RequestorName','',
             'redirect','',           'bgcolor','',
             'background','',         'link_color','',
             'vlink_color','',        'text_color','',
             'alink_color','',        'title','',
             'sort','',               'print_config','',
             'required','',           'env_report','',
             'return_link_title','',  'return_link_url','',
             'print_blank_fields','', 'missing_fields_redirect','');

  # Determine the form's REQUEST_METHOD (GET or POST) and split the form   #
  # fields up into their name-value pairs.  If the REQUEST_METHOD was      #
  # not GET or POST, send an error.                                        #
  if ($ENV{'REQUEST_METHOD'} eq 'GET') {
      # Split the name-value pairs
      @pairs = split(/&/, $ENV{'QUERY_STRING'});
  }
  elsif ($ENV{'REQUEST_METHOD'} eq 'POST') {
      # Get the input
      read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});

      # Split the name-value pairs
      @pairs = split(/&/, $buffer);
  }
  else {
      &error('request_method');
  }

  # For each name-value pair:                                              #
  foreach $pair (@pairs) {

      # Split the pair up into individual variables.                       #
      local($name, $value) = split(/=/, $pair);

      # Decode the form encoding on the name and value variables.          #
      $name =~ tr/+/ /;
      $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

      $value =~ tr/+/ /;
      $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

      # If they try to include server side includes, erase them, so they
      # aren't a security risk if the html gets returned.  Another
      # security hole plugged up.
      $value =~ s/<!--(.|\n)*-->//g;

      # If the field name has been specified in the %Config array, it will #
      # return a 1 for defined($Config{$name}}) and we should associate    #
      # this value with the appropriate configuration variable.  If this   #
      # is not a configuration form field, put it into the associative     #
      # array %Form, appending the value with a ', ' if there is already a #
      # value present.  We also save the order of the form fields in the   #
      # @Field_Order array so we can use this order for the generic sort.  #
      if (defined($Config{$name})) {
          $Config{$name} = $value;
      }
      else {
          if ($Form{$name} && $value) {
              $Form{$name} = "$Form{$name}, $value";
          }
          elsif ($value) {
              push(@Field_Order,$name);
              $Form{$name} = $value;
          }
      }
  }

  # The next six lines remove any extra spaces or new lines from the       #
  # configuration variables, which may have been caused if your editor     #
  # wraps lines after a certain length or if you used spaces between field #
  # names or environment variables.                                        #
  $Config{'required'} =~ s/(\s+|\n)?,(\s+|\n)?/,/g;
  $Config{'required'} =~ s/(\s+)?\n+(\s+)?//g;
  $Config{'env_report'} =~ s/(\s+|\n)?,(\s+|\n)?/,/g;
  $Config{'env_report'} =~ s/(\s+)?\n+(\s+)?//g;
  $Config{'print_config'} =~ s/(\s+|\n)?,(\s+|\n)?/,/g;
  $Config{'print_config'} =~ s/(\s+)?\n+(\s+)?//g;

  # Split the configuration variables into individual field names.         #
  @Required = split(/,/,$Config{'required'});
  @Env_Report = split(/,/,$Config{'env_report'});
  @Print_Config = split(/,/,$Config{'print_config'});
}

sub check_required {

  # Localize the variables used in this subroutine.                        #
  local($require, @error);

  if (!$Config{'recipient'}) {
      if (!defined(%Form)) { &error('bad_referer') }
      else                 { &error('no_recipient') }
  }

  # For each require field defined in the form:                            #
  foreach $require (@Required) {

      # If the required field is the Email field, the syntax of the Email  #
      # address if checked to make sure it passes a valid syntax.          #
      if ($require eq 'Email' && !&check_Email($Config{$require})) {
          push(@error,$require);
      }

      # Otherwise, if the required field is a configuration field and it   #
      # has no value or has been filled in with a space, send an error.    #
      elsif (defined($Config{$require})) {
          if (!$Config{$require}) {
              push(@error,$require);
          }
      }

      # If it is a regular form field which has not been filled in or      #
      # filled in with a space, flag it as an error field.                 #
      elsif (!$Form{$require}) {
          push(@error,$require);
      }
  }

  # If any error fields have been found, send error message to the user.   #
  if (@error) { &error('missing_fields', @error) }
}

sub return_html {
  # Local variables used in this subroutine initialized.                   #
  local($key,$sort_order,$sorted_field);

  # If redirect option is used, print the redirectional location header.   #
  if ($Config{'redirect'}) {
      print "Location: $Config{'redirect'}\n\n";
  }

  # Otherwise, begin printing the response page.                           #
  else {

      # Print HTTP header and opening HTML tags.                           #
      print "Content-type: text/html\n\n";
      print "<html>\n <head>\n";

      # Print out title of page                                            #
      if ($Config{'title'}) { print "  <title>$Config{'title'}</title>\n" }
      else                  { print "  <title>Thank You</title>\n"        }

      print " </head>\n <body";

      # Get Body Tag Attributes                                            #
      &body_attributes;

      # Close Body Tag                                                     #
      print ">\n  <center>\n";

      # Print custom or generic title.                                     #
      if ($Config{'title'}) { print "   <h1>$Config{'title'}</h1>\n" }
      else { print "   <h1>Thank You For Filling Out This Form</h1>\n" }

      print "</center>\n";

      print "Below is what you submitted to $Config{'recipient'} on ";
      print "$date<p><hr size=1 width=75\%><p>\n";

      # Sort alphabetically if specified:                                  #
      if ($Config{'sort'} eq 'alphabetic') {
          foreach $field (sort keys %Form) {

              # If the field has a value or the print blank fields option  #
              # is turned on, print out the form field and value.          #
              if ($Config{'print_blank_fields'} || $Form{$field}) {
                  print "<b>$field:</b> $Form{$field}<p>\n";
              }
          }
      }

      # If a sort order is specified, sort the form fields based on that.  #
      elsif ($Config{'sort'} =~ /^order:.*,.*/) {

          # Set the temporary $sort_order variable to the sorting order,   #
          # remove extraneous line breaks and spaces, remove the order:    #
          # directive and split the sort fields into an array.             #
          $sort_order = $Config{'sort'};
          $sort_order =~ s/(\s+|\n)?,(\s+|\n)?/,/g;
          $sort_order =~ s/(\s+)?\n+(\s+)?//g;
          $sort_order =~ s/order://;
          @sorted_fields = split(/,/, $sort_order);

          # For each sorted field, if it has a value or the print blank    #
          # fields option is turned on print the form field and value.     #
          foreach $sorted_field (@sorted_fields) {
              if ($Config{'print_blank_fields'} || $Form{$sorted_field}) {
                  print "<b>$sorted_field:</b> $Form{$sorted_field}<p>\n";
              }
          }
      }

      # Otherwise, default to the order in which the fields were sent.     #
      else {

          # For each form field, if it has a value or the print blank      #
          # fields option is turned on print the form field and value.     #
          foreach $field (@Field_Order) {
              if ($Config{'print_blank_fields'} || $Form{$field}) {
                  print "<b>$field:</b> $Form{$field}<p>\n";
              }
          }
      }

      print "<p><hr size=1 width=75%><p>\n";

      # Check for a Return Link and print one if found.                    #
      if ($Config{'return_link_url'} && $Config{'return_link_title'}) {
          print "<ul>\n";
          print "<li><a href=\"$Config{'return_link_url'}\">$Config{'return_link_title'}</a>\n";
          print "</ul>\n";
      }

      # Print the page footer.                                             #
      print <<"(END HTML FOOTER)";
      <hr size=1 width=75%><p>
      <center><font size=-1><a href="http://www.worldwidemart.com/scripts/formmail.shtml">FormMail</a> V1.6 &copy; 1995 -1997  Matt Wright<br>
A Free Product of <a href="http://www.worldwidemart.com/scripts/">Matt's Script Archive, Inc.</a></font></center>
      </body>
     </html>
(END HTML FOOTER)
  }
}

sub send_mail {
  # Localize variables used in this subroutine.                            #
  local($print_config,$key,$sort_order,$sorted_field,$env_report);

  # Open The Mail Program
#    open(MAIL,"|$mailprog -t");
  if ($Config{'from_Email'}) { open(MAIL,"|$mailprog -f $Config{'Email'} -t"); }
  else                       { open(MAIL,"|$mailprog -t"); }

  print MAIL "To: $Config{'recipient'}\n";
    if ($Config{'cc_Email'}) { print MAIL "Cc: $Config{'Email'}\n"; }
  print MAIL "From: $Config{'Email'} ($Config{'RequestorName'})\n";


  # Check for Message Subject
  if ($Config{'subject'}) { print MAIL "Subject: $Config{'subject'}- VANTIVE NUMBER $Config{'vantive_result'}\n\n"
}
  else                    { print MAIL "Subject: WWW Form Submission\n\n" }

  print MAIL "Below is the result of your MQSERIES CONFIG REQUEST form. **PLEASE NOTE VANTIVE NUMBER**
It was submitted by\n";
  print MAIL "$Config{'RequestorName'} ($Config{'Email'}) on $date $Config{'vantive_result'}\n";
  print MAIL "-" x 75 . "\n\n";

  if (@Print_Config) {
      foreach $print_config (@Print_Config) {
          if ($Config{$print_config}) {
              print MAIL "$print_config: $Config{$print_config}\n\n";
          }
      }
  }

  # Sort alphabetically if specified:                                      #
  if ($Config{'sort'} eq 'alphabetic') {
      foreach $field (sort keys %Form) {

          # If the field has a value or the print blank fields option      #
          # is turned on, print out the form field and value.              #
          if ($Config{'print_blank_fields'} || $Form{$field} ||
              $Form{$field} eq '0') {
              print MAIL "$field: $Form{$field}\n\n";
          }
      }
  }

  # If a sort order is specified, sort the form fields based on that.      #
  elsif ($Config{'sort'} =~ /^order:.*,.*/) {

      # Remove extraneous line breaks and spaces, remove the order:        #
      # directive and split the sort fields into an array.                 #
      $Config{'sort'} =~ s/(\s+|\n)?,(\s+|\n)?/,/g;
      $Config{'sort'} =~ s/(\s+)?\n+(\s+)?//g;
      $Config{'sort'} =~ s/order://;
      @sorted_fields = split(/,/, $Config{'sort'});

      # For each sorted field, if it has a value or the print blank        #
      # fields option is turned on print the form field and value.         #
      foreach $sorted_field (@sorted_fields) {
          if ($Config{'print_blank_fields'} || $Form{$sorted_field} ||
              $Form{$sorted_field} eq '0') {
              print MAIL "$sorted_field: $Form{$sorted_field}\n\n";
          }
      }
  }

  # Otherwise, default to the order in which the fields were sent.         #
  else {

      # For each form field, if it has a value or the print blank          #
      # fields option is turned on print the form field and value.         #
      foreach $field (@Field_Order) {
          if ($Config{'print_blank_fields'} || $Form{$field} ||
              $Form{$field} eq '0') {
              print MAIL "$field: $Form{$field}\n\n";
          }
      }
  }

  print MAIL "-" x 75 . "\n\n";

  # Send any specified Environment Variables to recipient.                 #
  foreach $env_report (@Env_Report) {
      if ($ENV{$env_report}) {
          print MAIL "$env_report: $ENV{$env_report}\n";
      }
  }

  close (MAIL);
}

sub check_Email {
  # Initialize local Email variable with input to subroutine.              #
  $Email = $_[0];

  # If the e-mail address contains:                                        #
  if ($Email =~ /(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)/ ||

      # the e-mail address contains an invalid syntax.  Or, if the         #
      # syntax does not match the following regular expression pattern     #
      # it fails basic syntax verification.                                #

      $Email !~ /^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,3}|[0-9]{1,3})(\]?)$/) {

      # Basic syntax requires:  one or more characters before the @ sign,  #
      # followed by an optional '[', then any number of letters, numbers,  #
      # dashes or periods (valid domain/IP characters) ending in a period  #
      # and then 2 or 3 letters (for domain suffixes) or 1 to 3 numbers    #
      # (for IP addresses).  An ending bracket is also allowed as it is    #
      # valid syntax to have an Email address like: user@[255.255.255.0]   #

      # Return a false value, since the e-mail address did not pass valid  #
      # syntax.                                                            #
      return 0;
  }

  else {

      # Return a true value, e-mail verification passed.                   #
      return 1;
  }
}

sub body_attributes {
  # Check for Background Color
  if ($Config{'bgcolor'}) { print " bgcolor=\"$Config{'bgcolor'}\"" }

  # Check for Background Image
  if ($Config{'background'}) { print " background=\"$Config{'background'}\"" }

  # Check for Link Color
  if ($Config{'link_color'}) { print " link=\"$Config{'link_color'}\"" }

  # Check for Visited Link Color
  if ($Config{'vlink_color'}) { print " vlink=\"$Config{'vlink_color'}\"" }

  # Check for Active Link Color
  if ($Config{'alink_color'}) { print " alink=\"$Config{'alink_color'}\"" }

  # Check for Body Text Color
  if ($Config{'text_color'}) { print " text=\"$Config{'text_color'}\"" }
}

sub error {
  # Localize variables and assign subroutine input.                        #
  local($error,@error_fields) = @_;
  local($host,$missing_field,$missing_field_list);

  if ($error eq 'bad_referer') {
      if ($ENV{'HTTP_REFERER'} =~ m|^https?://([\w\.]+)|i) {
          $host = $1;
          print <<"(END ERROR HTML)";
Content-type: text/html

<html>
<head>
<title>Bad Referrer - Access Denied</title>
</head>
<body bgcolor=#FFFFFF text=#000000>
<center>
 <table border=0 width=600 bgcolor=#9C9C9C>
  <tr><th><font size=+2>Bad Referrer - Access Denied</font></th></tr>
 </table>
 <table border=0 width=600 bgcolor=#CFCFCF>
  <tr><td>The form attempting to use
   <a href="http://www.worldwidemart.com/scripts/formmail.shtml">FormMail</a>
   resides at <tt>$ENV{'HTTP_REFERER'}</tt>, which is not allowed to access
   this cgi script.<p>

   If you are attempting to configure FormMail to run with this form, you need
   to add the following to \@referers, explained in detail in the README file.<p>

   Add <tt>'$host'</tt> to your <tt><b>\@referers</b></tt> array.<hr size=1>
   <center><font size=-1>
    <a href="http://www.worldwidemart.com/scripts/formmail.shtml">FormMail</a> V1.6 &copy; 1995 - 1997  Matt Wright<br>
    A Free Product of <a href="http://www.worldwidemart.com/scripts/">Matt's Script Archive, Inc.</a>
   </font></center>
  </td></tr>
 </table>
</center>
</body>
</html>
(END ERROR HTML)
      }
      else {
          print <<"(END ERROR HTML)";
Content-type: text/html

<html>
<head>
<title>FormMail v1.6</title>
</head>
<body bgcolor=#FFFFFF text=#000000>
<center>
 <table border=0 width=600 bgcolor=#9C9C9C>
  <tr><th><font size=+2>FormMail</font></th></tr>
 </table>
 <table border=0 width=600 bgcolor=#CFCFCF>
  <tr><th><tt><font size=+1>Copyright 1995 - 1997 Matt Wright<br>
      Version 1.6 - Released May 02, 1997<br>
      A Free Product of <a href="http://www.worldwidemart.com/scripts/">Matt's Script Archive,
      Inc.</a></font></tt></th></tr>
 </table>
</center>
</body>
</html>
(END ERROR HTML)
      }
  }

  elsif ($error eq 'request_method') {
          print <<"(END ERROR HTML)";
Content-type: text/html

<html>
<head>
<title>Error: Request Method</title>
</head>
<body bgcolor=#FFFFFF text=#000000>
<center>
 <table border=0 width=600 bgcolor=#9C9C9C>
  <tr><th><font size=+2>Error: Request Method</font></th></tr>
 </table>
 <table border=0 width=600 bgcolor=#CFCFCF>
  <tr><td>The Request Method of the Form you submitted did not match
   either <tt>GET</tt> or <tt>POST</tt>.  Please check the form and make sure the
   <tt>method=</tt> statement is in upper case and matches <tt>GET</tt> or <tt>POST</tt>.<p>

   <center><font size=-1>
    <a href="http://www.worldwidemart.com/scripts/formmail.shtml">FormMail</a> V1.6 &copy; 1995 - 1997  Matt Wright<br>
    A Free Product of <a href="http://www.worldwidemart.com/scripts/">Matt's Script Archive, Inc.</a>
   </font></center>
  </td></tr>
 </table>
</center>
</body>
</html>
(END ERROR HTML)
  }

  elsif ($error eq 'no_recipient') {
          print <<"(END ERROR HTML)";
Content-type: text/html

<html>
<head>
<title>Error: No Recipient</title>
</head>
<body bgcolor=#FFFFFF text=#000000>
<center>
 <table border=0 width=600 bgcolor=#9C9C9C>
  <tr><th><font size=+2>Error: No Recipient</font></th></tr>
 </table>
 <table border=0 width=600 bgcolor=#CFCFCF>
  <tr><td>No Recipient was specified in the data sent to FormMail.  Please
   make sure you have filled in the 'recipient' form field with an e-mail
   address.  More information on filling in recipient form fields can be
   found in the README file.<hr size=1>

   <center><font size=-1>
    <a href="http://www.worldwidemart.com/scripts/formmail.shtml">FormMail</a> V1.6 &copy; 1995 - 1997  Matt Wright<br>
    A Free Product of <a href="http://www.worldwidemart.com/scripts/">Matt's Script Archive, Inc.</a>
   </font></center>
  </td></tr>
 </table>
</center>
</body>
</html>
(END ERROR HTML)
  }

  elsif ($error eq 'missing_fields') {
      if ($Config{'missing_fields_redirect'}) {
          print "Location: $Config{'missing_fields_redirect'}\n\n";
      }
      else {
          foreach $missing_field (@error_fields) {
              $missing_field_list .= "      <li>$missing_field\n";
          }

          print <<"(END ERROR HTML)";
Content-type: text/html

<html>
<head>
<title>Error: Blank Fields</title>
</head>
<center>
 <table border=0 width=600 bgcolor=#9C9C9C>
  <tr><th><font size=+2>Error: Blank Fields</font></th></tr>
 </table>
 <table border=0 width=600 bgcolor=#CFCFCF>
  <tr><td>The following fields were left blank in your submission form:<p>
   <ul>
$missing_field_list
   </ul><br>

   These fields must be filled in before you can successfully submit the form.<p>
   Please use your browser's back button to return to the form and try again.<hr size=1>
   <center><font size=-1>
    <a href="http://www.worldwidemart.com/scripts/formmail.shtml">FormMail</a> V1.6 &copy; 1995 - 1997  Matt Wright<br>
    A Free Product of <a href="http://www.worldwidemart.com/scripts/">Matt's Script Archive, Inc.</a>
   </font></center>
  </td></tr>
 </table>
</center>
</body>
</html>
(END ERROR HTML)
      }
  }
  exit;
}
0
 

Author Comment

by:jamaica
Comment Utility
lexx, again, I must thank you for your time spending on this ...

I've tried the above but still not getting to work, the "Bad referer" pointing to the @referer.

The form method I'm using is POST, but whenever I use GET it submits the form results through the sendmail to the recipient list BUT it the csv does not get updated.

If I use form method POST, the csv gets updated but the sendmail mailresults does not work and points to the "Bad Referer".

0
 

Author Comment

by:jamaica
Comment Utility
lexx, I'm feeling so exhausted and fedup with this script, it's not funny.

I will go ahead and award you points for the effort you have put into this, though it's not resolved.

Let me know if you're comfortable with that.
0
 
LVL 12

Expert Comment

by:lexxwern
Comment Utility
its really sorry that it didn't workout. there must be something that we are totally overlooking.

please post the solution if you find it in the future.

the points are not required  but are (obviously) okay with me.

regards.
0
 

Author Comment

by:jamaica
Comment Utility
I'm still working on it and would love to find the solution and definitely will make the post here once as I have it figured out. BUT ...

It has turns out that the email notification is now needed if the user makes a selection, e.g., the form has a "Yes|No" checkbox, if the user selects "No", then an email notification must be sent out. I think I better come up with a different perl script to handle that but I'm uncertain ....

I will award you points for your efforts as I appreciate it so much.

NOTE: Administrators, half points will be awarded to lexxwern for the effort he has placed into this, though we have not come up with the final solution. I definitely will post the solution once as I have it resolved, it will be useful for others.

Thanks lexxwern!
0
 

Author Comment

by:jamaica
Comment Utility
I'm still working on it and would love to find the solution and definitely will make the post here once as I have it figured out. BUT ...

It has turns out that the email notification is now needed if the user makes a selection, e.g., the form has a "Yes|No" checkbox, if the user selects "No", then an email notification must be sent out. I think I better come up with a different perl script to handle that but I'm uncertain ....

I will award you points for your efforts as I appreciate it so much.

NOTE: Administrators, half points will be awarded to lexxwern for the effort he has placed into this, though we have not come up with the final solution. I definitely will post the solution once as I have it resolved, it will be useful for others.

Thanks lexxwern!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

I have been pestered over the years to produce and distribute regular data extracts, and often the request have explicitly requested the data be emailed as an Excel attachement; specifically Excel, as it appears: CSV files confuse (no Red or Green h…
A year or so back I was asked to have a play with MongoDB; within half an hour I had downloaded (http://www.mongodb.org/downloads),  installed and started the daemon, and had a console window open. After an hour or two of playing at the command …
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now