On Thu, Jul 12, 2001 at 02:39:34PM -0600, Customer Service wrote:
> I have been using an html form for gathering information to use in order to
> give customers quotes on our products. I have the fields validated on the
> clients browser (javascript) before submission to the server.
While validating input on the client side with Javascript is useful to the
users (they get instant feedback), you still need to do verification on the
server side before using the input. Javascript verification is very easily
bypassed.
> The form is then parsed by formmail.pl, a script the host provided.
That's unfortunate, Matt Wright's formmail is, pardon the candor, an
insecure poorly written piece of crap, as most, if not all, of his code is.
If you can replace it with something better, you should.
I've had joyous experiences with Matt Wright code, I know whereof I speak.
> # From my Html Page
>
> <form onSubmit = "return submitIt (this)" action =
> "http://127.0.0.1/cgi-bin/form_parse.pl" name = "cattlemancustomForm">
> <input
> type="hidden" name="recipient" value="[EMAIL PROTECTED]">
You should avoid putting the email address in the form, both so people can't
submit a different email address as recipient and thus use your form to
spam or harass others, and so people can't harvest the email address.
> <input
> type="hidden" name="subject" value="Cattleman form submittal">
> <input
> type="hidden" name="title" value="Info">
>
>
> # form_parse.pl #
>
> # What do I need to incorporate into my script to email my output to me
> (localhost)?
> # Also, is this a good parsing script, or can it be improved?
> # And finally, does my server (Apache for M$) need the *.conf file to be
> changed in a way that will allow for email?
>
> #!c:/perl/bin/perl -w
You forgot:
use strict;
> print "Content-type: text/html\n\n";
> print header;
> print "<HTML><HEAD><H1><B><CENTER>Check Form Perl
> Script</CENTER></B></H1></HEAD>";
> print "<TITLE>Nate's Form Parser</TITLE>";
>
> sub Parse_Form {
>
> if ($ENV{'REQUEST_METHOD') eq 'GET') {
> @pairs = split (/&/,
> $ENV{'QUERY_STRING'});
> } elsif ($ENV{'REQUEST_METHOD'} eg
> 'POST') {
> read (STDIN, $buffer,
> $ENV{'CONTENT_LENGTH'});
> @pairs = split(/&/, $buffer);
>
> if ($ENV{'QUERY_STRING'}) {
> @getpairs =split(/&/,
> $ENV{'QUERY_STRING'});
> push (@pairs, @getpairs);
> }
Don't parse CGI input manually, use a module such as CGI.pm or CGI_Lite.pm.
>
> } else {
> print "Content-type: text/html\n\n";
> print header;
> print "<P>Use Post or Get";
> }
>
> foreach $pair (@pairs) {
> ($key, $value) = split (/=/, $pair);
> $key =~ tr/+/ /;
> $key =~ s/%([a-fA-F0-9] [a-fA-F0-p])/
> pack("C", hex($1))/eg;
> $value =~ tr/+/ /;
> $value =~s/%[a-fA-F0-9] [a-fA-F0-p])/
> pack("C", hex($1))/eg;
>
> $value =~/<!--(.|\n)*-->//g;
>
> if ($formdata{$key}) {
> $formdata{$key} .= ", $value";
> } else {
> $formdata{$key} = $value;
> }
> }
> }
> 1;
> print "Content-type: text/html\n\n";
> print header;
> foreach $key (sort keys(%formdata)) {
> print "<P>The field named<B>$key</B>
> contained <B>$formdata{$key}</B>";
> }
>
> ########################################################
At this point you'd add something to send yourself the email. Perhaps:
use Mail::Mailer;
my $mailer = Mail::Mailer->new("smtp", Server => "localhost");
$mailer->open({ From => "...", To => $formdata{'recipient'} });
$mailer->print("The field named $_ contained $formdata{$_}.\n")
foreach keys(%formdata);
$mailer->close;
This requires the Mail::Mailer and Net::SMTP modules, as well as an SMTP
server running on localhost. There are other methods for sending mail, both
with Mail::Mailer and with other modules. Search CPAN for Mail::.
Michael
--
Administrator www.shoebox.net
Programmer, System Administrator www.gallanttech.com
--