#!/usr/bin/perl ############################################################################## # FormMail Version 1.5 # # Copyright 1996 Matt Wright mattw@worldwidemart.com # # Created 6/9/95 Last Modified 2/5/96 # # Scripts Archive at: http://www.worldwidemart.com/scripts/ # ############################################################################## # COPYRIGHT NOTICE # # Copyright 1996 Matthew M. Wright All Rights Reserved. # # # # FormMail may be used and modified free of charge by anyone so long as this # # copyright notice and the comments above remain intact. By using this # # code you agree to indemnify Matthew M. Wright from any liability that # # might arise from it's use. # # # # Selling the code for this program without prior written consent is # # expressly forbidden. In other words, please ask first before you try and # # make money off of my program. # # # # Obtain permission before redistributing this software over the Internet or # # in any other medium. In all cases copyright and header must remain intact # ############################################################################## # Define Variables # Detailed Information Found In README File. # $mailprog defines the location of the sendmail program on your system. $mailprog = 'c:/blat/blat.exe'; # @referers allows forms to be located only on servers which are defined # in this field. This fixes a security hole in the last version which # allowed anyone on any server to use your FormMail script. #@referers = ('www.worldwidemart.com','worldwidemart.com','206.31.72.203'); @referers = ('macros','milamber'); # SERVER_OS defines the server Operating System if other that UNIX $SERVER_OS="WIN"; # WIN_TEMPFILE is needed to store the mail as it's built. # this is only required if SERVER_OS is set to "WIN" $WIN_TEMPFILE="c:/website/cgi-temp/formmail.$$"; # Done ############################################################################# # Check Referring URL &check_url; # Retrieve Date &get_date; # Parse Form Contents &parse_form; # Check Required Fields &check_required; # Return HTML Page or Redirect User &return_html; # Send E-Mail &send_mail; sub check_url { if ($ENV{'HTTP_REFERER'}) { foreach $referer (@referers) { if ($ENV{'HTTP_REFERER'} =~ /$referer/i) { $check_referer = '1'; last; } } } else { $check_referer = '1'; } if ($check_referer != 1) { &error('bad_referer'); } } sub get_date { @days = ('Sunday','Monday','Tuesday','Wednesday','Thursday','Friday','Saturday'); @months = ('January','February','March','April','May','June','July', 'August','September','October','November','December'); ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); if ($hour < 10) { $hour = "0$hour"; } if ($min < 10) { $min = "0$min"; } if ($sec < 10) { $sec = "0$sec"; } $date = "$days[$wday], $months[$mon] $mday, 19$year at $hour\:$min\:$sec"; } sub parse_form { if ($ENV{'REQUEST_METHOD'} eq 'GET') { # Split the name-value pairs @pairs = split(/&/, $ENV{'QUERY_STRING'}); } elsif ($ENV{'REQUEST_METHOD'} eq 'POST') { # Get the input read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); # Split the name-value pairs @pairs = split(/&/, $buffer); } else { &error('request_method'); } foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair); $name =~ tr/+/ /; $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; # If they try to include server side includes, erase them, so they # arent a security risk if the html gets returned. Another # security hole plugged up. $value =~ s///g; # Create two associative arrays here. One is a configuration array # which includes all fields that this form recognizes. The other # is for fields which the form does not recognize and will report # back to the user in the html return page and the e-mail message. # Also determine required fields. if ($name eq 'recipient' || $name eq 'subject' || $name eq 'email' || $name eq 'realname' || $name eq 'redirect' || $name eq 'bgcolor' || $name eq 'background' || $name eq 'link_color' || $name eq 'vlink_color' || $name eq 'text_color' || $name eq 'alink_color' || $name eq 'title' || $name eq 'sort' || $name eq 'print_config' || $name eq 'return_link_title' || $name eq 'return_link_url' && ($value)) { $CONFIG{$name} = $value; } elsif ($name eq 'required') { @required = split(/,/,$value); } elsif ($name eq 'env_report') { @env_report = split(/,/,$value); } else { if ($FORM{$name} && ($value)) { $FORM{$name} = "$FORM{$name}, $value"; } elsif ($value) { $FORM{$name} = $value; } } } } sub check_required { foreach $require (@required) { if ($require eq 'recipient' || $require eq 'subject' || $require eq 'email' || $require eq 'realname' || $require eq 'redirect' || $require eq 'bgcolor' || $require eq 'background' || $require eq 'link_color' || $require eq 'vlink_color' || $require eq 'alink_color' || $require eq 'text_color' || $require eq 'sort' || $require eq 'title' || $require eq 'print_config' || $require eq 'return_link_title' || $require eq 'return_link_url') { if (!($CONFIG{$require}) || $CONFIG{$require} eq ' ') { push(@ERROR,$require); } } elsif (!($FORM{$require}) || $FORM{$require} eq ' ') { push(@ERROR,$require); } } if (@ERROR) { &error('missing_fields', @ERROR); } } sub return_html { if ($CONFIG{'redirect'} =~ /http\:\/\/.*\..*/) { # If the redirect option of the form contains a valid url, # print the redirectional location header. print "Location: $CONFIG{'redirect'}\n\n"; } else { print "Content-type: text/html\n\n"; print "\n
\n"; # Print out title of page if ($CONFIG{'title'}) { print "\n"; if ($CONFIG{'sort'} eq 'alphabetic') { foreach $key (sort keys %FORM) { # Print the name and value pairs in FORM array to html. print "$key: $FORM{$key}
\n"; } } elsif ($CONFIG{'sort'} =~ /^order:.*,.*/) { $sort_order = $CONFIG{'sort'}; $sort_order =~ s/order://; @sorted_fields = split(/,/, $sort_order); foreach $sorted_field (@sorted_fields) { # Print the name and value pairs in FORM array to html. if ($FORM{$sorted_field}) { print "$sorted_field: $FORM{$sorted_field}
\n"; } } } else { foreach $key (keys %FORM) { # Print the name and value pairs in FORM array to html. print "$key: $FORM{$key}
\n"; } } print "
\n"; # Check for a Return Link if ($CONFIG{'return_link_url'} =~ /http\:\/\/.*\..*/ && $CONFIG{'return_link_title'}) { print "
\n"; print "Sorry!\n"; print "\n"; } elsif ($error eq 'request_method') { print "\n
\n\n"; print "