#!/usr/bin/perl # SAMPLE.CGI # Sample Guest Book Script ############################################################################## # Guestbook # # Copyright 1995-2003 Web Design Co. # # Sample Script at: http://web-masters.org/samples/guestbook.cgi # ############################################################################## # COPYRIGHT NOTICE # # Copyright 1995-2003 Web Design Co. All Rights Reserved. # # # # Guestbook may be used and modified free of charge by anyone so long as # # this copyright notice and the comments above remain intact. By using this # # code you agree to indemnify Web Design Co. from any liability that might # # arise from its use. # # # # Selling the code for this program without prior written consent is # # expressly forbidden. In other words, please ask first before you try and # # make money off of our program. # # # # Obtain permission before redistributing this software over the Internet or # # in any other medium. In all cases copyright and header must remain intact.# # # # This script tested under UNIX and UNIX clones # ############################################################################## # get input library require("/your_server_path/cgi-bin/cgi-lib.pl"); &ReadParse; ##################################### # get server date $localtime = `date`; chop $localtime; # files location # guest book entries $entries = "/your_server_path/guest/all.txt"; # actual html file (if needed) $html = "/your_server_path/samples/guest.htm"; # parts of the html file that you will built on the fly $htmltop = "/your_server_path/samples/top.txt"; $htmlbottom = "/your_server_path/samples/bottom.txt"; ##################################### # send e-mail on entry receiving $send_email = 0; # 0 - do not send, 1 - send ####################################################################################################### # month conversion hashes %months = ('Jan','01','Feb','02','Mar','03','Apr','04','May','05','Jun','06', 'Jul','07','Aug','08','Sep','09','Oct','10','Nov','11','Dec','12'); %letmonths = ('01','January','02','February','03','March','04','April','05','May','06','June', '07','July','08','August','09','September','10','October','11','November','12','December'); ####################################### # this is a field that tells us if client # submit data or just accessing script # for the first time $checked = $in{'checked'}; ####################################### # get form data $name = $in{'name'}; # Name $email = $in{'email'}; # E-Mail $comments = $in{'comments'}; # Comments ######################################## # here we actually submit the information # to the server after visitor verified it if($checked) {&submit;} ######################################################### # Strip all HTML formating from the Input # so people wouldn't post any pictures or html formatting $name =~ s/\"/\"\;/g; $name =~ s/\/\>\;/g; $email =~ tr/\<\>\"\,//d; $email =~ tr/ //d; $email =~ tr/\x0d\x0a//d; $email =~ tr/A-Z/a-z/; # make all letters lower case $comments =~ s/\"/\"\;/g; $comments =~ s/\/\>\;/g; ######################################################### # Check the validity of the input if (length($name) < 3) { $ertitle = "Name Length Error"; $errmessage = "Name Length error"; $errdescr = "Please enter your full Name in order to post to our Guest Book"; &error; # Call error sub } ######################################################################### # If e-mail field is not empty - check the validity of the e-mail address unless ($email eq '') { # BEGIN IF E-MAIL FIELD IS NOT EMPTY unless (($email =~ /^.+\@.+/) && ($email =~ /^.+\..+/)) { $ertitle = "E-Mail Address is Not Valid"; $errmessage = "Valid E-Mail Address Required"; $errdescr = "E-Mail Address $email is not Valid.

Format: userid\@domain-name.xxx"; &error; } unless(substr($email,-4,1) eq '.' || substr($email,-3,1) eq '.') { $ertitle = "E-Mail Address is Not Valid"; $errmessage = "E-Mail Address is Not Valid"; $errdescr = "E-Mail Address $email is not Valid."; &error; } } # END IF E-MAIL FIELD IS NOT EMPTY ######################################################################### # Check the comments field if it is empty $comentcheck = $comments; # create a replica of the commets $comentcheck =~ tr/\r\n//d; # strip carriage returns and new lines $comentcheck =~ tr/ //d; # strip a white space $comentcheck =~ tr/\(\)\-\_\+\=\.\,\?\!\~\*\&\^\%\$\#\@\!\\\///d; # and all characters that has nothing to do with a content length # now check what's left, you would expect at least 5 characters to be there if (length($comentcheck) < 5) { $ertitle = "Comments Field is too Short"; $errmessage = "Comments Field is too Short"; $errdescr = "Please leave us some comments once you've decided to fill out our Guest Book.\n
\nThank You\!"; &error; } # Checking is done by now, let's do some formatting and submission # here we call a sub which will make first letters in name an UPPER case letters &name; # lets make comments formatted by client's input. insert line breaks # where "enter" was hit # replace carriage return with
$comments1 = $comments; $comments1 =~ s/\r/\/g; # this is for real life date $day = substr($localtime,8,2); # day of the month $year = substr($localtime,24,4); # current year $month = substr($localtime,4,3); # month in server format $month = $months{$month}; # month in numbers $month = $letmonths{$month}; # month in words (from hashes above, remember?) # lets throw the preview screen to the customer so he/she can accept or # reject the entry #################################################################### # well, we're done formatting and checking, now let's show entry to # our client require("show.pl"); exit(0); ######################################################################## # now print formatted text to the entries text file after verification sub submit { # here we do not let anything to be submitted from any location # other then our preview page. Why? Because we checked the input # and if we do not take this measure all garbage will end up on # our server $referer = $ENV{'HTTP_REFERER'}; $referer =~ tr/A-Z/a-z/; unless ($referer eq 'http://your_server/sample.cgi') { $ertitle = "Referrer Error"; $errmessage = "Referrer Error"; $errdescr = "We do not allow any submissions from the locations other than our preview page."; &error; } ################################################## # formatted date from the verify page $todate = $in{'todate'}; ################################################## # get comments for e-mail before it gets formatted $ecomments = $comments; ################################################## # format comments before they get posted to your file $comments =~ s/\r/\/g; ########################################################### # well, if e-mail is not empty, let's make a link out of it # notice the back slash escapes, it won't work without them if($email) { $email = "
\nE-Mail: $email\n"; } open(TXT, ">>$entries"); print TXT "Date: $todate\n
\nName: $name\n"; print TXT "$email
\nComments:\n

\n"; print TXT "
\n\n"; close(TXT); open(TXT, "<$htmltop"); @httops = ; close(TXT); open(TXT, "<$entries"); @allentries = ; close(TXT); open(TXT, "<$htmlbottom"); @htbutms = ; close(TXT); open (HTM, ">$html"); print HTM "@httops\n@allentries@htbutms"; close(HTM); ########### SEND E-MAIL IF REQUIRED ############# if ($send_email eq '1') { # path to your e-mail software "sendmail" $sendmail = '/usr/sbin/sendmail -t -oi'; # send actual e-mail open(MAIL,"|$sendmail"); print MAIL < $ertitle Web Design Co.

Error
Error Error

$errmessage

    $errdescr

Copyright © Web Design Co., 1999.

EOH exit(0); } #### NAME FIELD TRANSFORMATION #### sub name { @names = split(/\s/,$name); $name = ''; foreach $part (@names) { $part1 = substr($part,0,1); $part1 =~ tr/a-z/A-Z/; $ab = length($part); $ab--; $x = substr($part,1,$ab); $part = "$part1$x"; if ($name eq '') {$name = $part;} else { $name = "$name $part"; } } } # end of name sub