Hi, I'm new to this forums and I have made Matt's FormMail.pl work on other sites before, but when it came down to adding reCAPTCHA and new fields, I just get a 500 Internal Server Error. I've followed the directions placed on the reCAPTCHA site, I'm sure it's something to do with the syntax or the lines that I added and removed.
I've even tried using NMS FormMail Version 3.14c1, which I had to improvise adding the reCAPTCHA code. But I'm still getting a 500 Error.
Can anyone help me with this please?
Matt's FormMail Code:
Code:
#!/usr/bin/perl
##############################################################################
# FormMail Version 1.92 #
# Copyright 1995-2002 Matt Wright mattw@scriptarchive.com #
# Created 06/09/95 Last Modified 04/21/02 #
# Matt's Script Archive, Inc.: http://www.scriptarchive.com/ #
##############################################################################
# COPYRIGHT NOTICE #
# Copyright 1995-2002 Matthew M. Wright All Rights Reserved. #
# #
# FormMail may be used and modified free of charge by anyone so long as this #
# copyright notice and the comments above remain intact. By using this #
# code you agree to indemnify Matthew M. Wright from any liability that #
# might arise from its use. #
# #
# Selling the code for this program without prior written consent is #
# expressly forbidden. In other words, please ask first before you try and #
# make money off of my program. #
# #
# Obtain permission before redistributing this software over the Internet or #
# in any other medium. In all cases copyright and header must remain intact. #
##############################################################################
# ACCESS CONTROL FIX: Peter D. Thompson Yezek #
# http://www.securityfocus.com/archive/1/62033 #
##############################################################################
# Define Variables #
# Detailed Information Found In README File. #
# $mailprog defines the location of your sendmail program on your unix #
# system. The flags -i and -t should be passed to sendmail in order to #
# have it ignore single dots on a line and to read message for recipients #
$mailprog = '/usr/sbin/sendmail -i -t';
# @referers allows forms to be located only on servers which are defined #
# in this field. This security fix from the last version which allowed #
# anyone on any server to use your FormMail script on their web site. #
@referers = ('singaporean-directory.com','203.116.66.44');
# @recipients defines the e-mail addresses or domain names that e-mail can #
# be sent to. This must be filled in correctly to prevent SPAM and allow #
# valid addresses to receive e-mail. Read the documentation to find out how #
# this variable works!!! It is EXTREMELY IMPORTANT. #
@recipients = &fill_recipients(@referers);
# ACCESS CONTROL FIX: Peter D. Thompson Yezek #
# @valid_ENV allows the sysadmin to define what environment variables can #
# be reported via the env_report directive. This was implemented to fix #
# the problem reported at http://www.securityfocus.com/bid/1187 #
@valid_ENV = ('REMOTE_HOST','REMOTE_ADDR','REMOTE_USER','HTTP_USER_AGENT');
# Done #
##############################################################################
use LWP::UserAgent;
# Check Referring URL
&check_url;
# Retrieve Date
&get_date;
# Parse Form Contents
&parse_form;
# Check Required Fields
&check_required;
# Check the captcha challenge and response.
&check_captcha;
# Send E-Mail
&send_mail;
# Return HTML Page or Redirect User
&return_html;
##############################################################################
# Check the CAPTCHA response via the reCAPTCHA service.
sub check_captcha {
my $ua = LWP::UserAgent->new();
my $result=$ua->post(
'http://api-verify.recaptcha.net/verify',
{
privatekey => 'your_private_key',
remoteip => $ENV{'REMOTE_ADDR'},
challenge => $Form{'recaptcha_challenge_field'},
response => $Form{'recaptcha_response_field'}
});
if ( $result->is_success && $result->content =~ /^true/) {
return;
} else {
&error('captcha_failed');
}
}
# NOTE rev1.91: This function is no longer intended to stop abuse, that #
......
}
sub parse_form {
# Define the configuration associative array. #
%Config = ('recipient','', 'subject','',
'EMAIL','', 'NAME','',
'TITLE','', 'URL','',
'DESCRIPTION','', 'CATEGORY','',
'RECIPROCAL','', 'missing_fields_redirect','',
'redirect','', 'bgcolor','',
'background','', 'link_color','',
'vlink_color','', 'text_color','',
'alink_color','', 'title','',
'sort','', 'print_config','',
'required','', 'env_report','',
'return_link_title','', 'return_link_url','',
'print_blank_fields','');
# Determine the form's REQUEST_METHOD (GET or POST) and split the form #
......
(END ERROR HTML)
}
exit;
}
Looks like there's not enough space for the NMS FormMail Code, so I'll place it in the next reply.
hard to tell if that is your exact code but these lines will cause a syntax error if that is the real code you are using:
Code:
# NOTE rev1.91: This function is no longer intended to stop abuse, that #
...... <----- ALL THESE DOTS NEED TO BE REMOVED
}<----- THIS CURLY BRACKET SHOULD BE REMOVED
also at the end of the code you posted:
Code:
# Determine the form's REQUEST_METHOD (GET or POST) and split the form #
...... <---- REMOVE THIS LINE
(END ERROR HTML)
}
exit;
}<---- REMOVE THIS CURLY BRACKET
The "......" are just there to represent the rest of the code that wasn't changed. I can't post the full code here, cause there's a 10,000 character limit on each post and the full code is more than 30,000 characters long.
#!/usr/bin/perl
##############################################################################
# FormMail Version 1.92 #
# Copyright 1995-2002 Matt Wright mattw@scriptarchive.com #
# Created 06/09/95 Last Modified 04/21/02 #
# Matt's Script Archive, Inc.: http://www.scriptarchive.com/ #
##############################################################################
# COPYRIGHT NOTICE #
# Copyright 1995-2002 Matthew M. Wright All Rights Reserved. #
# #
# FormMail may be used and modified free of charge by anyone so long as this #
# copyright notice and the comments above remain intact. By using this #
# code you agree to indemnify Matthew M. Wright from any liability that #
# might arise from its use. #
# #
# Selling the code for this program without prior written consent is #
# expressly forbidden. In other words, please ask first before you try and #
# make money off of my program. #
# #
# Obtain permission before redistributing this software over the Internet or #
# in any other medium. In all cases copyright and header must remain intact. #
##############################################################################
# ACCESS CONTROL FIX: Peter D. Thompson Yezek #
# http://www.securityfocus.com/archive/1/62033 #
##############################################################################
# Define Variables #
# Detailed Information Found In README File. #
# $mailprog defines the location of your sendmail program on your unix #
# system. The flags -i and -t should be passed to sendmail in order to #
# have it ignore single dots on a line and to read message for recipients #
$mailprog = '/usr/sbin/sendmail -i -t';
# @referers allows forms to be located only on servers which are defined #
# in this field. This security fix from the last version which allowed #
# anyone on any server to use your FormMail script on their web site. #
@referers = ('singaporean-directory.com','203.116.66.44');
# @recipients defines the e-mail addresses or domain names that e-mail can #
# be sent to. This must be filled in correctly to prevent SPAM and allow #
# valid addresses to receive e-mail. Read the documentation to find out how #
# this variable works!!! It is EXTREMELY IMPORTANT. #
@recipients = &fill_recipients(@referers);
# ACCESS CONTROL FIX: Peter D. Thompson Yezek #
# @valid_ENV allows the sysadmin to define what environment variables can #
# be reported via the env_report directive. This was implemented to fix #
# the problem reported at http://www.securityfocus.com/bid/1187 #
@valid_ENV = ('REMOTE_HOST','REMOTE_ADDR','REMOTE_USER','HTTP_USER_AGENT');
# Done #
##############################################################################
use LWP::UserAgent;
# Check Referring URL
&check_url;
# Retrieve Date
&get_date;
# Parse Form Contents
&parse_form;
# Check Required Fields
&check_required;
# Check the captcha challenge and response.
&check_captcha;
# Send E-Mail
&send_mail;
# Return HTML Page or Redirect User
&return_html;
##############################################################################
# Check the CAPTCHA response via the reCAPTCHA service.
sub check_captcha {
my $ua = LWP::UserAgent->new();
my $result=$ua->post(
'http://api-verify.recaptcha.net/verify',
{
privatekey => 'your_private_key',
remoteip => $ENV{'REMOTE_ADDR'},
challenge => $Form{'recaptcha_challenge_field'},
response => $Form{'recaptcha_response_field'}
});
if ( $result->is_success && $result->content =~ /^true/) {
return;
} else {
&error('captcha_failed');
}
}
# NOTE rev1.91: This function is no longer intended to stop abuse, that #
# functionality is now embedded in the checks made on @recipients and the #
# recipient form field. #
sub check_url {
# Localize the check_referer flag which determines if user is valid. #
local($check_referer) = 0;
# If a referring URL was specified, for each valid referer, make sure #
# that a valid referring URL was passed to FormMail. #
if ($ENV{'HTTP_REFERER'}) {
foreach $referer (@referers) {
if ($ENV{'HTTP_REFERER'} =~ m|https?://([^/]*)$referer|i) {
$check_referer = 1;
last;
}
}
}
else {
$check_referer = 1;
}
# If the HTTP_REFERER was invalid, send back an error. #
if ($check_referer != 1) { &error('bad_referer') }
}
sub get_date {
# Define arrays for the day of the week and month of the year. #
@days = ('Sunday','Monday','Tuesday','Wednesday',
'Thursday','Friday','Saturday');
@months = ('January','February','March','April','May','June','July',
'August','September','October','November','December');
# Get the current time and format the hour, minutes and seconds. Add #
# 1900 to the year to get the full 4 digit year. #
($sec,$min,$hour,$mday,$mon,$year,$wday) = (localtime(time))[0,1,2,3,4,5,6];
$time = sprintf("%02d:%02d:%02d",$hour,$min,$sec);
$year += 1900;
# Format the date. #
$date = "$days[$wday], $months[$mon] $mday, $year at $time";
}
sub parse_form {
# Define the configuration associative array. #
%Config = ('recipient','', 'subject','',
'EMAIL','', 'NAME','',
'TITLE','', 'URL','',
'DESCRIPTION','', 'CATEGORY','',
'RECIPROCAL','', 'missing_fields_redirect','',
'redirect','', 'bgcolor','',
'background','', 'link_color','',
'vlink_color','', 'text_color','',
'alink_color','', 'title','',
'sort','', 'print_config','',
'required','', 'env_report','',
'return_link_title','', 'return_link_url','',
'print_blank_fields','');
# Determine the form's REQUEST_METHOD (GET or POST) and split the form #
# fields up into their name-value pairs. If the REQUEST_METHOD was #
# not GET or POST, send an error. #
if ($ENV{'REQUEST_METHOD'} eq 'GET') {
# Split the name-value pairs
@pairs = split(/&/, $ENV{'QUERY_STRING'});
}
elsif ($ENV{'REQUEST_METHOD'} eq 'POST') {
# Get the input
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
# Split the name-value pairs
@pairs = split(/&/, $buffer);
}
else {
&error('request_method');
}
# For each name-value pair: #
foreach $pair (@pairs) {
# Split the pair up into individual variables. #
local($name, $value) = split(/=/, $pair);
# Decode the form encoding on the name and value variables. #
# v1.92: remove null bytes #
$name =~ tr/+/ /;
$name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$name =~ tr/\0//d;
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$value =~ tr/\0//d;
# If the field name has been specified in the %Config array, it will #
# return a 1 for defined($Config{$name}}) and we should associate #
# this value with the appropriate configuration variable. If this #
# is not a configuration form field, put it into the associative #
# array %Form, appending the value with a ', ' if there is already a #
# value present. We also save the order of the form fields in the #
# @Field_Order array so we can use this order for the generic sort. #
if (defined($Config{$name})) {
$Config{$name} = $value;
}
else {
if ($Form{$name} ne '') {
$Form{$name} = "$Form{$name}, $value";
}
else {
push(@Field_Order,$name);
$Form{$name} = $value;
}
}
}
# For each sorted field, if it has a value or the print blank #
# fields option is turned on print the form field and value. #
foreach $sorted_field (@sorted_fields) {
if ($Config{'print_blank_fields'} || $Form{$sorted_field} ne '') {
print MAIL "$sorted_field: $Form{$sorted_field}\n\n";
}
}
}
# Otherwise, print fields in order they were sent or alphabetically. #
else {
# Sort alphabetically if specified: #
if ($Config{'sort'} eq 'alphabetic') {
@Field_Order = sort @Field_Order;
}
# For each form field, if it has a value or the print blank #
# fields option is turned on print the form field and value. #
foreach $field (@Field_Order) {
if ($Config{'print_blank_fields'} || $Form{$field} ne '') {
print MAIL "$field: $Form{$field}\n\n";
}
}
}
print MAIL "-" x 75 . "\n\n";
# Send any specified Environment Variables to recipient. #
foreach $env_report (@Env_Report) {
if ($ENV{$env_report}) {
print MAIL "$env_report: $ENV{$env_report}\n";
}
}
close (MAIL);
}
sub check_email {
# Initialize local email variable with input to subroutine. #
$email = $_[0];
# If the e-mail address contains: #
if ($email =~ /(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)/ ||
# the e-mail address contains an invalid syntax. Or, if the #
# syntax does not match the following regular expression pattern #
# it fails basic syntax verification. #
$email !~ /^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z0-9]+)(\]?)$/) {
# Basic syntax requires: one or more characters before the @ sign, #
# followed by an optional '[', then any number of letters, numbers, #
# dashes or periods (valid domain/IP characters) ending in a period #
# and then 2 or 3 letters (for domain suffixes) or 1 to 3 numbers #
# (for IP addresses). An ending bracket is also allowed as it is #
# valid syntax to have an email address like: user@[255.255.255.0] #
# Return a false value, since the e-mail address did not pass valid #
# syntax. #
return 0;
}
else {
# Return a true value, e-mail verification passed. #
return 1;
}
}
# This was added into v1.91 to further secure the recipients array. Now, by #
# default it will assume that valid recipients include only users with #
# usernames A-Z, a-z, 0-9, _ and - that match your domain exactly. If this #
# is not what you want, you should read more detailed instructions regarding #
# the configuration of the @recipients variable in the documentation. #
sub fill_recipients {
local(@domains) = @_;
local($domain,@return_recips);
foreach $domain (@domains) {
if ($domain =~ /^\d+\.\d+\.\d+\.\d+$/) {
$domain =~ s/\./\\\./g;
push(@return_recips,'^[\w\-\.]+\@\[' . $domain . '\]');
}
else {
$domain =~ s/\./\\\./g;
$domain =~ s/\-/\\\-/g;
push(@return_recips,'^[\w\-\.]+\@' . $domain);
}
}
return @return_recips;
}
# This function will convert <, >, & and " to their HTML equivalents. #
sub clean_html {
local $value = $_[0];
$value =~ s/\&/\&/g;
$value =~ s/</\</g;
$value =~ s/>/\>/g;
$value =~ s/"/\"/g;
return $value;
}
sub body_attributes {
# Check for Background Color
if ($Config{'bgcolor'}) { print " bgcolor=\"$safeConfig{'bgcolor'}\"" }
# Check for Background Image
if ($Config{'background'}) { print " background=\"$safeConfig{'background'}\"" }
# Check for Link Color
if ($Config{'link_color'}) { print " link=\"$safeConfig{'link_color'}\"" }
# Check for Visited Link Color
if ($Config{'vlink_color'}) { print " vlink=\"$safeConfig{'vlink_color'}\"" }
# Check for Active Link Color
if ($Config{'alink_color'}) { print " alink=\"$safeConfig{'alink_color'}\"" }
# Check for Body Text Color
if ($Config{'text_color'}) { print " text=\"$safeConfig{'text_color'}\"" }
}
sub error {
# Localize variables and assign subroutine input. #
local($error,@error_fields) = @_;
local($host,$missing_field,$missing_field_list);
if ($error eq 'bad_referer') {
if ($ENV{'HTTP_REFERER'} =~ m|^https?://([\w\.]+)|i) {
$host = $1;
my $referer = &clean_html($ENV{'HTTP_REFERER'});
print <<"(END ERROR HTML)";
Content-type: text/html
Weird thing now is, I've tried to use the original FormMail.pl script by Matt, changed the sendmail location, added my domain and IP, but I'm still getting 500 error.
Does this have anything to do with calling the script from a thickbox, I'm beginning to wonder.
So you did substitute /your/desired/error.log to some valid filename, right? And it was a file where you are certain the web server process can write, yes?
“Only a life lived for others is a life worth while” Albert Einstein
“The golden rule for every business man is this: 'Put yourself in your customer’s place'” Orison Swett Marden
“No person was ever honored for what he received; honor has been the reward for what he gave” Calvin Coolidge
Weird thing now is, I've tried to use the original FormMail.pl script by Matt, changed the sendmail location, added my domain and IP, but I'm still getting 500 error.
Does this have anything to do with calling the script from a thickbox, I'm beginning to wonder.
when you installed the original FormMail.pl script by Matt did you over write it? or did you remove and upload the reone?
I have had problem when I over write a script with same name sometimes it keeps the old one..
“Only a life lived for others is a life worth while” Albert Einstein
“The golden rule for every business man is this: 'Put yourself in your customer’s place'” Orison Swett Marden
“No person was ever honored for what he received; honor has been the reward for what he gave” Calvin Coolidge
Reply With Quote
Originally Posted by PulSate
Bookmarks