[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Problem with STDIN, in CGI
- Subject: [cobalt-users] Problem with STDIN, in CGI
- From: "Carlos F. Moreno" <webmaster@xxxxxxxxxxxxx>
- Date: Tue May 2 10:17:45 2000
- Organization: CyberFuel
Cobalt RaQ3:
I am using a simple form in html, part of the code is like this:
<FORM ACTION="http://www.cyberfuel.com/cgi-bin/fmail.cgi"; METHOD="POST">
<INPUT TYPE="hidden" NAME="recipient" VALUE="cmoreno@xxxxxxxxxxxxx">
<INPUT NAME="client" TYPE="text" SIZE="33">
<INPUT TYPE="submit" value=" SEND ">
<INPUT TYPE="reset" value="CANCEL"><BR>
</FORM>
Them in the CGI = "fmail.cgi", I have the permission 755.
And this is the code of the CGI:
#!/usr/bin/perl
######################
# General Mail Form To Work With Any Fields
# Created 6/9/95 Last Modified 6/22/99
# Version 1.0
# Modified by Emil Briggs, Charles Brabec Burtland Jones
# Define Variables
$mailprog = '/usr/sbin/sendmail';
######################
# A date for those with no /bin/date
#
@junk = localtime(time);
$date = (Jan,Feb,Mar,Apr,May,Jun,Jul,Aug,Sep,Oct,Nov,Dec)[$junk[4]];
$date .= "-" . $junk[3] . "-" . $junk[5];
$date .= " " . $junk[2] . ":" . $junk[1] . " EST";
$datafile = '/etc/hosts';
######################
# Necessary Fields in HTML Form: (Read the README file for more info)
# recipient = specifies who mail is sent to
# username = specifies the remote users email address for replies
# realname = specifies the remote users real identity
# subject = specifies what you want the subject of your mail to be
########################
# A subroutine to die gracefully under html
########################
sub safe_die {
print "Content-type: text/plain\n\n";
print @_,"\n";
exit(0);
}
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
$finddomain = $ENV{'HTTP_REFERER'};
if ($finddomain eq "") {
&safe_die("Please do not call this interface directly");
}
$finddomain = lc($finddomain);
$finddomain =~ s/^http:\/\///;
$finddomain =~ s/^www\.//;
($finddomain, $junk) = split(/\//, $finddomain, 2);
&check_exists($finddomain);
# Split the name-value pairs
@pairs = split(/&/,$buffer);
foreach $pair (@pairs)
{
($name, $value) = split(/=/, $pair);
# Un-Webify plus signs and %-encoding
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$name =~ tr/+/ /;
$name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$FORM{$name} = $value;
}
# clean up the recipient address, to avoid hackers
$whoto = $FORM{'recipient'};
if ($whoto eq "") {
&safe_die("No Recipient Given!\n");
}
if ($FORM{'username'} eq "") {
$FORM{'username'} = "No-Email-Given\@nowhere.none";
}
# Open The Mail
open (MAIL, "|$mailprog -t") || &safe_die("Can't open $mailprog!\n");
print MAIL "From: $FORM{'username'}\n";
print MAIL "Reply-To: $FORM{'username'}\n";
print MAIL "To: $whoto\n";
print MAIL "Subject: $FORM{'subject'}\n\n";
print MAIL "Below is the information submitted on $date\n";
print MAIL
"----------------------------------------------------------------------------------------\n\n";
foreach $pair (@pairs)
{
($name, $value) = split(/=/, $pair);
# Un-Webify plus signs and %-encoding
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$name =~ tr/+/ /;
$name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$FORM{$name} = $value;
if (($name eq "recipient")||
($name eq "subject") ||
($name eq "Senden") ||
($name eq "Send") ||
($name eq "thankurl")) {
print MAIL "";
}
else {
# Print the MAIL for each name value pair
print MAIL "$name: $value\n";
}}
close (MAIL);
if ($FORM{thankurl} eq "no") {
print "Content-type: text/html\n\n";
print "<html><head><title>Thank You</title></head>\n";
print "<body><h1>Thank You</h1>\n";
print "Below is what you submitted on $date<hr>\n";
foreach $pair (@pairs)
{
($name, $value) = split(/=/, $pair);
# Un-Webify plus signs and %-encoding
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$name =~ tr/+/ /;
$name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$FORM{$name} = $value;
if (($name eq "recipient")||
($name eq "subject") ||
($name eq "Senden") ||
($name eq "Send") ||
($name eq "thankurl")) {
print "";
}
else {
# Print the Return HTML for each name value pair.
print "$name = $value<p>\n";
}}
print "</body></html>";
}
else
{
print "Location: $FORM{'thankurl'}\n\n";
}
sub check_exists {
$chkdomain = shift;
$found = 0;
open(DB, "<$datafile") || &safe_die("Cannot open data file");
while ($lin = <DB>) {
chop($lin);
($rest,$tmpdomain) = split(/\s/, $lin, 3);
$tmpdomain=~s/\s+//g;
if ($tmpdomain eq $chkdomain) {
$found = 1;
last;
}
if ($chkdomain eq "https:") {
$found = 1;
last;
}
next;
}
close(DB);
if ($found == 0) {
&safe_die("$chkdomain Domain does not exist on this server");
}
}
----------------------------------------------------------------------------------------
The CGI is running, but I can get the fields of the form in html.
I try differents ways, and I think the problem was on the server
configuration, because, the next line:
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
The variable: $buffer, is in empty, and these variable, need to have the
form fields, in one line!
Thank for help me!!
Carlos F. Moreno
begin:vcard
n:Moreno;Carlos F.
tel;cell:(506) 386-1672
tel;fax:(506) 282-4776
tel;work:(506) 282-4317
x-mozilla-html:FALSE
url:www.cyberfuel.com
org:Cyber Fuel, Tecnología para su negocio, aplicada al Internet.
adr:;;P.O.Box: 277;Santa Ana 2000;San Jose;6151;Costa Rica
version:2.1
email;internet:webmaster@xxxxxxxxxxxxx
title:Webmaster
fn:Ing. Carlos F. Moreno
end:vcard