#!/usr/bin/perl -w use strict; # =============================================================== # order.form # # CGI script for providing form and script # to send mail to configured system users # # no required files # =============================================================== # Carlos A. Pero (cpero@ncsa.uiuc.edu) last update 10/17/95 # Extensively revised by Ted Hopp (ted@zigzagworld.com) # - Cleaned up for Perl 5 for 'use strict' and -w flag # - Revised subroutine structure # =============================================================== # Documentation for WebMonitor can be found at # # =============================================================== # This code is in the public domain. Specifically, we give to the # public domain all rights for future licensing of the source # code, all resale rights, and all publishing rights. # # We ask, but do not require, that the following message be # included in all derived works: # # Portions developed at the National Center for Supercomputing # Applications at the University of Illinois at Urbana-Champaign. # # # THE UNIVERSITY OF ILLINOIS GIVES NO WARRANTY, EXPRESSED OR # IMPLIED, FOR THE SOFTWARE AND/OR DOCUMENTATION PROVIDED, # INCLUDING, WITHOUT LIMITATION, WARRANTY OF MERCHANTABILITY AND # WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE. # =============================================================== # For the greatest security, this script relies on a 'mail.list' # file with a list of authorized nicknames and email address # which can receive email through this mail script. # # For greater scalability, the '@AUTHDOMAINS' array can be used # to store a list of domains. Any email address ending with one # of these domains can use this script to receive email. In this # case, the full email address becomes the 'nickname'. # =============================================================== # This script can be referenced 2 ways for the best flexibility: # # DIRECTLY, # This will generate an email form for the person named in # 'nickname', and if they exist in the 'mail.list' file. If no # 'nickname' is specified in the QUERY_STRING when the script is # first invoked, or the nickname cannot be found in the # 'mail.list', an email form with a SELECT box of all valid # nicknames is generated. When the email form is submitted, it # will call itself via method of POST, and send the email to the # recipient, outputting a confirmation message. If the # HTTP_REFERER was trasmitted when the script was first invoked, # there will be a hyperlink available to go back to that page # (such as the user's home page). # # FORWARDING RESULTS, #
# This will forward the results from the FORM, which can exist # anywhere, to the recipient specified by 'nickname'. Since the # 'nickname' is in the QUERY_STRING, the FORM *must* use the # METHOD="POST", otherwise the recipient's nickname will be blown # away. Users may want to include a: # # If this is present in the FORM input, the client will be # redirected to this HTML file as a confirmation message instead # of the default. In addition, the user can also define any of # the following input names in their form to better customize the # output mailed back to them. # # # # These values will then be used in the header of the email # message. Otherwise, default values will be substituted. # =============================================================== my ($SENDMAIL, @AUTHDOMAINS, $SCRIPT, %FORM, %FLAG); my ($machine, $recipient, $extraaction, $nickname); my (@fields, @requirefields, @ignorefields); my ($scriptName, $method, $contentLength, $queryString); my ($serverName, $referer); my ($remoteHost, $remoteAddr, $userAgent); &init; &cgiReceiveAndDecode; if ($method eq "GET") { &printForm; } else { &processPost; } exit; ################################################################# #### SUBROUTINES ################################################ sub init { ############################################################### ########## Configurable variables ############################# $SENDMAIL = '/usr/lib/sendmail'; # The location of your sendmail binary $recipient = 'showU@zigzagworld.com'; ########## Nothing else to change ############################# ############################################################### #### Retrieve environment variables $scriptName = $ENV{'SCRIPT_NAME'}; $method = $ENV{'REQUEST_METHOD'}; $contentLength = $ENV{'CONTENT_LENGTH'}; $queryString = $ENV{'QUERY_STRING'}; $serverName = $ENV{'SERVER_NAME'}; $referer = $ENV{'HTTP_REFERER'}; $remoteHost = $ENV{'REMOTE_HOST'} || 'none'; $remoteAddr = $ENV{'REMOTE_ADDR'} || 'none'; $userAgent = $ENV{'HTTP_USER_AGENT'} || 'none'; #### Separate script name into command and directory $scriptName =~ m#(/.*/)(.*)$#; $SCRIPT = $2; } sub cgiReceiveAndDecode { #### Do standard CGI HTTP stuff #### my ($incoming, @pairs, @parts, $name, $value); if ($method eq "POST") { read(STDIN, $incoming, $contentLength); } else { $incoming = $queryString; } @pairs = split(/&/, $incoming); foreach (@pairs) { ($name, $value) = split(/=/, $_); #### Standard URL decode of name and value $name =~ tr/+/ /; $name =~ s/%([A-F0-9][A-F0-9])/pack("C", hex($1))/gie; $value =~ tr/+/ /; $value =~ s/%([A-F0-9][A-F0-9])/pack("C", hex($1))/gie; #### Strip out semicolons unless for special character #### NOTE: This assumes that the string '$$' does not already #### appear in the value. # $value =~ s/;/$$/g; # $value =~ s/&(\S{1,6})$$/&$1;/g; # $value =~ s/$$/ /g; $value =~ s/\|/ /g; ## Disallow pipe symbol $value =~ s/^!/ /g; ## Allow exclamation points in sentences #### Split apart any directive prefixes in name #### NOTE: colons are reserved to delimit these prefixes @parts = split(/:/, $name); $name = $parts[$#parts]; if (grep(/^require$/, @parts)) { push (@requirefields, $name); } if (grep(/^ignore$/, @parts)) { push (@ignorefields, $name); } if (grep(/^dynamic$/, @parts)) { #### For simulating a checkbox #### It may be dynamic, but useless if nothing entered next if ($value eq ""); $name = $value; $value = "on"; } #### Skip generally blank fields next if (!$value || $value eq ""); #### Allow for multiple values of a single name $FORM{$name} .= ", " if ($FORM{$name}); $FORM{$name} .= $value; #### Add to ordered list if not on list already push (@fields, $name) unless (grep(/^$name$/, @fields)); } } sub printForm { print << 'END'; Content-type: text/html showU Custom Order Form
showU: demonstrating understanding through pictures

 

Home Features FAQ Requirements Purchase E-Mail
 
Prepare your customized order form
 
Fill out and submit this page and we will email you a customized order form for your copy of showU 1.0.  Print the order form, complete it, and send it to us with your payment.  We will then email you a private password for downloading the showU 1.0 software.

All fields marked with * are required.

 
Institution:
*Name:
*Address:
 
Contact Person (to receive order form by E-mail):
*Name:
*E-mail:
 Title:
 Phone:
 
Your license will include free e-mail technical support for a year for up to two registered users you designate.  You can order technical support for additional individuals for US $250 per individual.
    Number of additional registered users:
 
   

Copyright © 1999 ZigZag, Inc.

END } sub processPost { #### Check for fields marked require foreach my $field (@requirefields) { &error_blank_field($field) unless ($FORM{$field}); } &sendOrderForm; &printResponse; &sendReport; &sendUserName; } sub sendOrderForm { my (@addressLines, $nUsers, $value); my $submitter = $FORM{'contact_email'}; &error_blank_field('a valid email address for yourself') unless $submitter =~ /\@/; $nUsers = $FORM{'more_users'} || 0; open (MAIL, "| $SENDMAIL -ba -U -t") or die ("$SCRIPT: Can't open mail program: $!\n"); print MAIL "Reply-to: showU@\zigzagworld.com (showU)\n"; print MAIL "From: showU\@zigzagworld.com (showU)\n"; print MAIL "To: $submitter ($FORM{'contact_name'})\n"; print MAIL "Subject: showU Order Form\n"; print MAIL "showU 1.0 for a NON-PROFIT EDUCATIONAL INSTITUTION\n\n"; print MAIL "Ordered by:\n\n"; print MAIL " $FORM{'inst_name'}\n"; @addressLines = split(/\n/, $FORM{'inst_addr'}); foreach my $line (@addressLines) { print MAIL " $line\n"; } print MAIL "\n Contact Name: $FORM{'contact_name'}\n"; print MAIL " e-mail: $FORM{'contact_name'}\n"; print MAIL " title: $FORM{'contact_title'}\n" if $FORM{'contact_title'}; print MAIL " telephone: $FORM{'contact_phone'}\n" if $FORM{'contact_phone'}; print MAIL << "ENDForm1"; PLEASE COMPLETE THIS ORDER FORM, ATTACH CHECK, MONEY ORDER OR PURCHASE ORDER, AND SEND TO: ZigZag, Inc. P.O. Box 3902 Gaithersburg, MD 20885-3902 USA ================================================================== ORDER: 1 showU 1.0 License \@ US \$1,500 \$ 1,500 registered users (up to two included with license): Name: e-mail: title: telephone: Name: e-mail: title: telephone: ENDForm1 if ($nUsers > 0) { $value = 250 * $nUsers; print MAIL " $nUsers additional registered users @ US \$250 each \$"; print MAIL " " if $nUsers < 10; if ($value < 1000) { print MAIL " $value\n\n"; } else { printf MAIL "%d,%03d\n\n", $value/1000, $value % 1000; } for (1..$nUsers) { print MAIL " Name: \n e-mail: \n title: \n telephone: \n\n"; } $value += 1500; } else { $value = 1500; } print MAIL "TOTAL PAYMENT: \$ "; printf MAIL "%d,%03d\n", $value/1000, $value % 1000; print MAIL << 'ENDForm2'; ================================================================== PAYMENT METHOD: CHECK ONE METHOD BELOW. ALL PAYMENTS MUST BE IN U.S. DOLLARS. ___ Check ___ Money order ___ Purchase order (Attach P.O. Terms: Net 30 days, FOB Shipping Point) UPON RECEIPT OF PAYMENT, SOFTWARE WILL BE MADE AVAILABLE ELECTRONICALLY VIA THE INTERNET. CHECKS SUBJECT TO CLEARANCE. If you have ordering questions, please contact us at the above address or by email at: sales@zigzagworld.com ENDForm2 close MAIL; } sub printResponse { print << "END"; Content-type: text/html showU Order Form Sent
showU: demonstrating understanding through pictures

 

Home Features FAQ Requirements Purchase E-Mail
 
Thank you
 
Thank you for your interest in showU.  A customized order form has been generated and sent to the address you supplied:

$FORM{'contact_email'}

If you do not receive this e-mail in a few minutes, please write to us directly at showU\@zigzagworld.com.

Copyright \© 1999 ZigZag, Inc.

END } sub sendReport { open (MAIL, "| $SENDMAIL $recipient") or die ("$SCRIPT: Can't open mail program: $!\n"); print MAIL "Reply-to: $FORM{'contact_email'}"; print MAIL " ($FORM{'contact_name'})"; print MAIL "\n"; print MAIL "From: $FORM{'contact_email'}"; print MAIL " ($FORM{'contact_name'})"; print MAIL "\n"; print MAIL "To: $recipient\n"; print MAIL "Subject: showU order request\n"; print MAIL "X-Comments: =============================================================\n"; print MAIL "X-Comments: NOTE: This message was sent through the WizardNet mail form\n"; print MAIL "X-Comments: =============================================================\n"; print MAIL "X-Comments: HOST: $remoteHost ($remoteAddr)\n"; print MAIL "X-Comments: BROWSER: $userAgent\n"; print MAIL "X-Comments: REFERER: $FORM{'previous-url'}\n" if ($FORM{'previous-url'}); print MAIL "X-Comments: =============================================================\n"; print MAIL "\n"; &dump_values(\*MAIL); print MAIL "\n"; close MAIL; } sub dump_values { my $fHandle = shift; foreach my $field (@fields) { next if (grep(/^$field$/, @ignorefields)); if ($FORM{$field} =~ /[\cM\n]/) { print $fHandle "($field)\n"; print $fHandle "-" x 75, "\n", $FORM{$field}, "\n", "-" x 75, "\n"; } else { print $fHandle "($field) $FORM{$field}\n"; } } } sub sendUserName { my $submitter = $FORM{'contact_email'}; open (MAIL, "| $SENDMAIL -ba -U -t") or die ("$SCRIPT: Can't open mail program: $!\n"); print MAIL "Reply-to: showU@\zigzagworld.com (showU)\n"; print MAIL "From: showU\@zigzagworld.com (showU)\n"; print MAIL "To: $submitter ($FORM{'contact_name'})\n"; print MAIL "Subject: Important Information\n"; print MAIL "Dear $FORM{'contact_name'}:\n\n"; print MAIL "Once we receive your order, you will be sent a password by e-mail\n"; print MAIL "to access the showU download site. For these purposes, your user\n"; print MAIL "name will be the e-mail address you supplied:\n"; print MAIL " $submitter\n"; print MAIL "For added security, the password will be sent to you with no\n"; print MAIL "indication of what user name to use. You may wish to save this\n"; print MAIL "notice for future reference.\n\n"; print MAIL "Thank you and let me know if I can help you in any way.\n\n"; print MAIL "Marsha Hopp\n"; print MAIL "marsha\@zigzagworld.com"; close MAIL; } sub error_blank_field { my ($variable) = @_; print << "END"; Content-type: text/html showU Form Error

Error!

You did not fill in $variable. END exit; }