$title

#!/usr/local/bin/perl # Name: form_processor.cgi (form.cgi) # # Version: 3.0 # # Last Modified: 10-21-98 (Jim Lucas) # # Copyright Information: This application was written by Selena Sol # (selena@eff.org, http://www.eff.org/~erict) having been inspired by # countless other Perl authors. Feel free to copy, cite, reference, # sample, borrow, resell or plagiarize the contents. However, if you # don't mind, please let me know where it goes so that I can at least # watch and take part in the development of the memes. Information wants # to be free, support public domain freware. Donations are appreciated # and will be spent on further upgrades and other public domain scripts. ####################################################################### # Begin Processing the Form. # ####################################################################### # First, print out the HTTP header. We'll output this quickly so that we # will be able to do some of our debugging from the web and so that in # the case of a bogged down server, we won't get timed-out. We will also # bypass the Perl buffer with the first line. $| = 1; print "Content-type: text/html\n\n"; ####################################################################### # Require Libraries and Parse Form Data # ####################################################################### # Use cgi-lib.pl to read the incoming form data. However, send form_data # as a parameter to the subroutine &ReadParse in cgi-lib.pl so that the # associative array of form keys/values comes back with a descriptinve # name rather than just $in. Also require the library which we will use # to send out mail using sendmail require "/home/staff/itc/http/form/form.setup"; require "/home/staff/itc/http/form/mail-lib.pl"; require "/home/staff/itc/http/form/cgi-lib.pl"; require "/home/staff/itc/http/form/cgi-lib.sol"; ####################################################################### # Gather Form Data. # ####################################################################### # Use cgi-lib.pl to parse the incoming form data and tell cgi-lib to # prepare that information in the associative array %form_data &ReadParse(*form_data); ####################################################################### # Security Test # ####################################################################### # Next let's figure out where the form that is requesting our attention # is located. We'll do this by accessing the environment variable # $ENV{'HTTP_REFERER'} which is equal to the url of the form in question # (ie: http://www.foobar.com/Feedback/feedback.html). We are going to take # that value and split it up into separate variables for every occurance of # "/". We do this in order to isolate www.foobar.com which we can compare # to the value of $your_server_name. Thus $referring_server is the # only varriable here we actually give a hoot about. If they are # not the same, the script # is being accessed by a form on another server. ($http, $empty, $referring_server, @path) = split (/\//, $ENV{'HTTP_REFERER'}); # Now if the $restricted_use has been set to yes, "and" the # $referring_server is not the same as $your_server_name it means that we # have had an illegal attempted access and we will deny the use of this # script. if ($restricted_use eq "yes") { if ($referring_server ne "$your_server_name") { &html_header("Form Error - Wrong Server"); print qq! $wrong_server_error_message !; exit; } } ####################################################################### # Get Variable Order # ####################################################################### # Now break up the variable_order variable that was sent to us from the # form. It should look something like name|email|sign|purpose| and will # have been defined by whoever wrote the form which calls this script # We'll take that variable and split it into array elements everytime we # see a | so that @form_variables might look like ("name", "email", # "sign", "purpose"). @form_variables = split (/\|/, $form_data{'variable_order'}); ####################################################################### # Check Required Fields # ####################################################################### # Now let's do the same thing we did for variable order, but for required # variables. @required_variables = split (/\|/, $form_data{'required_variables'}); # Now that we have the list of required variables, let's check to make # sure that the client submitted values for each of those variables. If # the user did not, then they get a note explaining the problem and a list # of required variables so they won't do it again...asd well as a pointer # back to the form. If you edit this note, make sure to "escape" any # occurances of @ or " with a backslash (ie: # print "selena\@foobar.com"; foreach $variable (@required_variables) { if ($form_data{$variable} eq "") { &html_header("Form Error - Missing Data"); print "Woops, I'm sorry, the following fields are required: "; print "

"; foreach $variable (@required_variables) { print "$variable
"; } # End of foreach $variable (@required_variables) print qq!

Please go back to the form and make sure you fill out all the required information. !; exit; } # End of if ($form_data{$variable} eq "") } # End of foreach $variable (@required_variables) ####################################################################### # Email the Results to the Admin # ####################################################################### if ($should_i_mail eq "yes") { # If we have set the $should_i_mail to yes in the define variables area, # then we want to send the results of the form to some admin alos defined... # So break out the email address that was sent to us from the form into # both the email we should send the processed form data to as well as the # server which runs their email. Also, rename the Email Subject if ($form_data{'mailto'} ne "") { $email_to = "$form_data{'mailto'}"; } $email_subject = "$form_data{'email_subject'}"; # Then begin building the body of the email message that we will send. # We'll create a variables called $email_body which will store the # information that we are going to mail. First we'll note the time with a # little routine written by Matt Wright. Notice also the use of .= which # tells the script to append the new information to the end of the # old...thus $email_body just keeps getting longer and longer as new info # is tagged to the end of the old... $email_body = "This data was submitted on: "; $email_body .= &get_date; $email_body .="\n\n"; # For every form variable, we should add the variable name and their # values in the order specified by $form_data{'variable_order'}. foreach $variable (@form_variables) { $email_body .= "$variable = $form_data{$variable}\n"; } if ($form_data{'client_email'} ne "") { $email_of_sender = "$form_data{'client_email'}"; } # Now, use the send_mail routine in mail-lib.pl to send the data. The # send_mail routine takes 6 parameters, all of which have already been # defined and explained. &send_mail("$email_of_sender","$email_to", "$email_subject", "$email_body"); } # End of if ($should_i_mail eq "yes") ####################################################################### # Append a Database # ####################################################################### # If the $should_I_append_a_database has been set to yes, we will need to # append to the database specified in the hidden field database_name # specified in the form. if ($should_I_append_a_database eq "yes") { # Check to see if the Database actually exists! (-e) $database = "$form_data{'database_name'}"; if (-e $database) { # If the database actually exists, set the # $counter variable equal to zero...we will use the $counter variable to # keep track of the number of fields sent from the form so that we will # know when the database row actually ends. $counter = "0"; # For every fields sent in from the form foreach $variable (@form_variables) { # Increment the counter by one. $counter++; # Append the value of the variable to the growing $database_row variable. $database_row .= "$form_data{$variable}"; # If this is not the last item in the row, we should also divide each # field with the database delimiter. When counter equals the number of # elements in @form_variables, then we will know that it is the end of the # row and we need not append another delimiter. if ($counter <= @form_variables) { $database_row .= "$form_data{'database_delimiter'}"; } } # End of foreach $variable (@form_variables) # Now append the database with the new row...and don't forget the newline # at the end of the row and don't forget to use the lock file routines in # cgi-lib.sol. &GetFileLock ("$database.lock"); open (DATABASE, ">>$database") || &CgiDie ("I am sorry but I cannot seem to open the database in the Append a Database routine. The value I have is $database. Would you check to make sure that the path and the permissions are correct."); print DATABASE "$database_row\n"; close (DATABASE); &ReleaseFileLock ("$database.lock"); } # End of if (-e $database) # If the database file did not exist, however, we need to send an error # message back to the user. Most likely, the hidden form variable was not # correct (the path is wrong) or the permissions of the file or its # directory are not set to be read.writable by the web server. else { &html_header("Form Error - Database Does Not Exist"); print "I'm sorry, I am having trouble finding the database that this informatioon should be sent to. Please contact $form_data{'mailto'} and let them know that there has been a problem. Thank you very much."; print ""; exit; } } # End of if ($should_I_append_a_database eq "yes") ####################################################################### # Respond to the Client # ####################################################################### # Now print up a response to the client. &html_header($form_data{'response_title'}); print "$form_data{'html_response'}"; print "

You sent us the following data:

"; foreach $variable (@form_variables) { print "$variable = $form_data{$variable}
"; } print "

Please return to "; print "$form_data{'return_link_name'}"; print ""; print ""; exit; ####################################################################### # get_date # ####################################################################### sub get_date { @days = ('Sunday','Monday','Tuesday','Wednesday','Thursday', 'Friday','Saturday'); @months = ('January','February','March','April','May','June','July', 'August','September','October','November','December'); # Use the localtime command to get the current time, splitting it into # variables. ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); # Format the variables and assign them to the final $date variable. if ($hour < 10) { $hour = "0$hour"; } if ($min < 10) { $min = "0$min"; } if ($sec < 10) { $sec = "0$sec"; } $date = "$days[$wday], $months[$mon] $mday, 19$year at $hour\:$min\:$sec"; } ####################################################################### # html_header # ####################################################################### sub html_header { # Assign the title variable coming in from the subroutine call to the # local variable $title. local($title) = @_; # Print out the header. print "\n\n$title\n"; print "

\n$title\n

"; }