#!/usr/local/bin/perl # # CHANGE THE BANG PATH ABOVE IF THIS IS DIFFERENT FROM YOUR PERL LOCATION # guestlist.cgi # Copyright (c) 1996 SurfUtah.Com # written by Rus Berrett # # simple guestlist form in cgi library, customize to your liking # ###### MAKE SURE THIS FILE IS ALSO IN THE DIRECTORY WITH THE SCRIPT require 'util.pl'; $local = 1; # YOU ONLY NEED TO CHANGE THIS ONE ENTRY BELOW HERE WITH YOUR EMAIL ADDRESS # AND UNCOMMENT THE TWO lines @valid_referers and &check_referer(1) to have # the form check to let only your domain use the form. # @valid_referers = ("ENTER YOUR DOMAIN NAME HERE"); # &check_referer(1); # where does everything live $sendmail = "/bin/sendmail"; # check for existence of necessary files unless (-e $sendmail) { &print_header_info("Guestlist Form Error: sendmail not found"); print "

Guestlist Form Error: sendmail not found

\n"; print "Request failed due to improper script configuration.\n"; print "Cannot find \"$sendmail\". Please check your configuration\n"; print "settings at the top of the guestlist.pl file.\n

\n"; &print_footer_info(); exit(1); } # get the filename of the guestlist, make sure it is valid $filename = $ENV{'PATH_TRANSLATED'}; $filename = (split(/[;|]/, $filename))[0]; unless (-e $filename) { &print_header_info("Cannot open $filename"); print <Cannot open $filename Cannot open the guestlist filename you specified, \"$filename\". The guestlist filename is defined by appending the filename to the guestlist cgi specification in the <FORM action=..."> tag. ENDERROR &print_footer_info(); exit(0); } # get the form data &parse_form_data(*array); # fill in the comments if not given if ($array{'comments'} eq "") { $array{'comments'} = "no comments"; } if ($array{'maxentries'} eq "") { $array{'maxentries'} = -1; } # # required variable in the html form: # --recipient, name, email # if ($array{'recipient'} eq "") { # not happy crappy &print_header_info("Recipient Not Specified"); print "

Form Incomplete

\n"; print "The form is incomplete.... no \"recipient\" variable is available.\n"; print "

\n"; &print_footer_info(); exit(1); } if (($array{'name'} eq "") || ($array{'email'} eq "")) { # not happy crappy &print_header_info("Data Incomplete"); print <Data Incomplete Your request to send comments to $array{'recipient'} has been rejected due to insufficient information. To properly send your comments, please fill out:

Your Name\n"; } if ($array{'email'} eq "") { print "
Your Email Address\n"; } print "

\n"; &print_footer_info(); exit(0); } # check for valid characters in recipient if ($array{'recipient'} =~ /[^a-zA-z0-9-.\@]/) { &log_invalid_request("$array{'recipient'}"); $array{'recipient'} =~ s/[^a-zA-z0-9-.\@]//g; } # simple profanity check, add more if necessary if (($array{'comments'} =~ /fuck/) || ($array{'comments'} =~ /shit/) || ($array{'comments'} =~ /bastard/) || ($array{'comments'} =~ /bitch/) || ($array{'name'} =~ /fuck/) || ($array{'name'} =~ /shit/) || ($array{'name'} =~ /bastard/) || ($array{'name'} =~ /bitch/) || ($array{'email'} =~ /fuck/) || ($array{'email'} =~ /shit/) || ($array{'email'} =~ /bastard/) || ($array{'email'} =~ /bitch/)) { # not happy crappy &print_header_info("Entry Rejected"); print <Entry Rejected Your request to add an entry to the guestlist has been rejected due to improper language.

ENDERROR &print_footer_info(); exit(0); } # remove line feeds from comments, stinking textarea widgets $array{'comments'} =~ tr/\015//d; # disble any html tags in the comments, name, or email $array{'name'} =~ s/\/>/g; $array{'email'} =~ s/\/>/g; $array{'comments'} =~ s/\/>/g; # what time is it? $now = time; ($sec,$min,$hour,$mday,$mon,$yr,$wday,$yday,$isdst) = localtime(time); $thisday = (Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday)[$wday]; $month = (January,February,March,April,May,June, July,August,September,October,November,December)[$mon]; $year = 1900 + $yr; # insert the entry into the guestlist $retval = &add_entry(); if ($retval != 0) { # not happy crappy $message = ("", "Guestlist file locked by another process -- Try again later", "Access to guestlist file, \"$filename\", denied")[$retval]; &print_header_info("Unknown Error", 0); &return_error("$message"); } # everything is happy, send message to recipient # make sure we can open up the mail program unless (open(MESSAGE, "|$sendmail -t")) { # not happy crappy &print_header_info("Failed to open $sendmail"); die &return_error("Cannot open mail executable, $sendmail not found or permission denied."); } # echo the message to the mail program print MESSAGE <Guestlist Entry Accepted Your guestlist entry was successfully added and contained the information included below. You can also view your new entry on the guestlist. ENDMESS print "

"; print "Host: $ENV{'REMOTE_HOST'}
"; print "$thisday $month "; if ($mday < 10) { print "0"; } print "$mday, $year "; if ($hour < 10) { print "0"; } print GTMP "$hour:"; if ($min < 10) { print "0"; } print "$min:"; if ($sec < 10) { print "0"; } print "$sec
"; print "$array{'name'}
$array{'comments'}

\n"; &print_footer_info(); ############################################################################## # common subroutines ############################################################################## ################################################ # add entry to guestlist sub add_entry { $w = rindex($filename, "/"); $path = substr($filename, 0, $w); # Check for a lock file if (-f "$path/gtmptmp$$.$now") { return 1; } # No lock, go for it. Use link() for atomicity (no race conditions). open(GTMP, ">$path/gtmptmp$$.$now") || return 2; close(GTMP); $locked = link("$path/gtmptmp$$.$now", "$path/gtmp"); unlink("$path/gtmptmp$$.$now"); $locked || return 1; open(GUESTLIST, $filename) || return 1; open(GTMP, ">$path/gtmp") || return 2; flock(GTMP, 2); # exclusive lock $guestcount = 0; $countguests = 0; while () { chop; if (//) { $countguests = 1; print GTMP "$_\n"; print GTMP "

"; print GTMP "Host: $ENV{'REMOTE_HOST'}
"; print GTMP "$thisday $month "; if ($mday < 10) { print GTMP "0"; } print GTMP "$mday, $year "; if ($hour < 10) { print GTMP "0"; } print GTMP "$hour:"; if ($min < 10) { print GTMP "0"; } print GTMP "$min:"; if ($sec < 10) { print GTMP "0"; } print GTMP "$sec
"; print GTMP "$array{'name'}
$array{'comments'}

\n"; $guestcount++; } elsif (//) { $countguests = 0; print GTMP "$_\n"; } else { if ($countguests) { if (($array{'maxentries'} <= 0) || ($guestcount < $array{'maxentries'})) { $guestcount++; print GTMP "$_\n"; } } else { print GTMP "$_\n"; } } } close GUESTLIST; flock(GTMP, 8); # unlock close GTMP; chmod(0644, "$path/gtmp"); rename("$filename", "$filename.old"); # BTW, this releases the lock rename("$path/gtmp", "$filename") || return 2; return 0; } ############################################################################## # eof comments.pl