I have a website with the facility to send e-mails to the webmaster and the Hon Sec using CGI. There is a low level checking procedure which checks for a valid e-mail address by format
The system seems to work fine in that messages do get sent to both webmaster and secretary but messages won’t be sent unless the sender supplies an email of the correct form (even though it is a made-up one).
However recently we have both received completely blank messages. Can anyone explain to me what is happening?
This is the CGI code:
#!/usr/bin/perl -wT
use CGI qw(:standard);
use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
use strict;
my $title = param(‘title’);
my $first = param(‘firstname’);
my $surname = param(‘surname’);
my $em = param(’email’);
my $loc = param(‘loc’);
my $comments = param(‘comments’);
my $fullname = “”;
if ($title ne “”)
{ $fullname .= $title;}
$fullname .= ” “;
$fullname .= $first;
$fullname .= ” “;
$fullname .= $surname;
print header;
print start_html(“Results”);
$ENV{PATH} = “/usr/sbin”;
open (MAIL, “|/usr/sbin/sendmail -oi -t”) or
&dienice(“Can’t fork for sendmail: $!n”);
my $recipient = ‘
print MAIL “To: $recipientn”;
print MAIL “From: JPAGgn”;
print MAIL “Subject: JPAG Guestbook messagenn”;
print MAIL “From: $fullname ()
print MAIL “Location: $locn”;
print MAIL “Comments: $commentsn”;
close(MAIL);
open GBTRIAL, “>>GBFile.txt”;
print GBTRIAL $fullname;
print GBTRIAL “, “;
print GBTRIAL $loc;
print GBTRIAL “n”;
print GBTRIAL $comments;
print GBTRIAL “n”;
print GBTRIAL “n”;
close GBTRIAL;
print <<EndHTML;
<h2>Thank You</h2>
<p>Thank you for writing!</p>
<p>Use Back Button to return to previous pages.</p>
<p>Your message was as follows</p>
<p>$comments</p>
<p>From: $fullname $loc $em</p>
EndHTML
print end_html;
sub dienice {
my($errmsg) =
print “<h2>Error</h2>n”;
print “<p>$errmsg</p>n”;
print end_html;
exit;
}
I have a website with the facility to send e-mails to the webmaster and the Hon Sec using CGI. There is a low level checking procedure which checks for a valid e-mail address by format[email protected]
The system seems to work fine in that messages do get sent to both webmaster and secretary but messages won't be sent unless the sender supplies an email of the correct form (even though it is a made-up one).
However recently we have both received completely blank messages. Can anyone explain to me what is happening?
[/quote]
Thanks for that. I'll incorporate your suggestion.
However I can't replicate the phenomenom from the client side as the e-mail check prevents anything being sent anyway, I suspect your extra code just does the same blocking. My real question is how is something gettting through even when the e-mail check should stop it?[/QUOTE]
Ah!
This may be the answer:
The e-mail check is in the form script.
Is it possible for someone to remove the script and send blank messages?
I presume your suggested script goes into the cgi (which I posted initially)?[/QUOTE]
Is it possible for someone to remove the script and send blank messages?[/QUOTE]
Do you mean that every field should be filled in? Sometimes I don't mind if a field is left blank. Or does validation have a more subtle meaning in this context? As windycitycoder points out the javascript for the form is to check the form rather than a security block. Is what you call validation with reference to the cgi?[/QUOTE]
Windycitycoder
Thanks for your help so far. However I am having problems with the code you sent. It returns an internal server error.
I only use cgi rather tentatively and may be misreading your script. I changed ne to != and eq to == Is that right?[/QUOTE]
>>> I changed ne to != and eq to == Is that right?
In your case, no
eq, ne, lt, gt are used when comparing strings
==, !=, <, > are used when comparing numbers.
Yes the Code works as expected receiving genuine emails but without any validation will let any blank mesage through.
I have corrected the line you mention with no apparent effect on anything.
If I include the line
dienice("You did not enter your first name") unless ($first);
in the cgi and try to send a blank message, then I get the general error message I posted before, but I don't see the text in the dienice argument.[/QUOTE]
<i>
</i>#!/usr/bin/perl -wT
use CGI qw(:standard escape);
use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
use strict;
## Variables ##
my $mailprog = '/usr/sbin/sendmail';
my $gbf = 'GBFile.txt';
my $title = param('title');
my $first = param('firstname');
my $surname = param('surname');
my $em = param('email');
my $loc = param('loc');
my $comments = param('comments');
my $fullname = "";
my $recipient = '[email protected]';
my $whofrom = '[email protected]';
## Variables ##
## Functions - Main Follows ##
sub dienice
{
my($errmsg) = @_;
print header;
print start_html("Error");
print "<h2>Error</h2>n";
print "<p>$errmsg</p>n";
print end_html;
exit;
}
## Functions - Main Follows ##
## Check to see that all required values are there
if (($first eq "") || ($surname eq "") || (length($em) < 7) ||
($loc eq "") || ($comments eq "") || ((length($comments) < 5) ||
((length($comments) >= 5) && ($comments =~ /^ /))))
{
if ($first eq "")
{ &dienice("You did not enter your first name!"); }
elsif ($surname eq "")
{ &dienice("You did not enter your last name!"); }
elsif (length($em) < 7)
{ &dienice("You did not enter a valid e-mail address!"); }
elsif ($loc eq "")
{ &dienice("You did not enter your location!"); }
else
{ &dienice("You did not enter any comments!"); }
}
## If the above if is false, then it's a valid submission, so start working with it.
## Build full name
if ($title ne "")
{ $fullname = $title; $fullname .= " "; }
$fullname .= $first;
$fullname .= " ";
$fullname .= $surname;
print header;
print start_html("Results");
$ENV{PATH} = "/usr/sbin";
open(MAIL, "|$mailprog -oi -t") or &dienice("Can't fork for sendmail: $!n");
print MAIL "To: $recipientn";
print MAIL "From: JPAGg <$whofrom>n";
print MAIL "From: $fullname ( " . $em . " )" . "nn";
print MAIL "Location: $locn";
print MAIL "Comments: $commentsn";
close(MAIL);
open(GBTRIAL, ">>$gbf");
print GBTRIAL $fullname . ", " . $loc . "n" . $comments . "nn";
close(GBTRIAL);
# Now print a thank-you page
print "<h2>Thank You</h2><p>Thank you for writing!</p><p>Use Back Button to return to previous pages.</p>";
print "<p>Your message was as follows</p><p>$comments</p><p>From: $fullname $loc $em</p>";
print end_html;
Progress of sorts!
Using windycitycoder's latest cgi script, the general error message is returned if I leave out a field (so presumably blanks cannot be sent) but the submitter is not told what is happening. If all fields are filled in the message is delivered as planned.
So why is the dienice function not working as it should?
Incidentally I gave the new script a new name (Webmaster.cgi) and had the usual hiccup before I remembered to change permissions![/QUOTE]
I have a website with the facility to send e-mails to the webmaster and the Hon Sec using CGI. There is a low level checking procedure which checks for a valid e-mail address by format[email protected]
The system seems to work fine in that messages do get sent to both webmaster and secretary but messages won't be sent unless the sender supplies an email of the correct form (even though it is a made-up one).
However recently we have both received completely blank messages. Can anyone explain to me what is happening?
This is the CGI code:
#!/usr/bin/perl -wT
use CGI qw(:standard);
use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
use strict;
my $title = param('title');
my $first = param('firstname');
my $surname = param('surname');
my $em = param('email');
my $loc = param('loc');
my $comments = param('comments');
my $fullname = "";
if ($title ne "")
{ $fullname .= $title;}
$fullname .= " ";
$fullname .= $first;
$fullname .= " ";
$fullname .= $surname;
print header;
print start_html("Results");
# Set the PATH environment variable to the same path
# where sendmail is located:
$ENV{PATH} = "/usr/sbin";
# open the pipe to sendmail
open (MAIL, "|/usr/sbin/sendmail -oi -t") or
&dienice("Can't fork for sendmail: $!n");
# change this to your own e-mail address
my $recipient = '[email protected] ';
# Start printing the mail headers
# You must specify who it's to, or it won't be delivered:
print MAIL "To: $recipientn";
# From should probably be the webserver.
print MAIL "From: JPAGgn";
# print a subject line so you know it's from your form cgi.
print MAIL "Subject: JPAG Guestbook messagenn";
# Now print the body of your mail message.
print MAIL "From: $fullname( " . $em . ") " . "nn";
print MAIL "Location: $locn";
print MAIL "Comments: $commentsn";
# Be sure to close the MAIL input stream so that the
# message actually gets mailed.
close(MAIL);
open GBTRIAL, ">>GBFile.txt";
print GBTRIAL $fullname;
print GBTRIAL ", ";
print GBTRIAL $loc;
print GBTRIAL "n";
print GBTRIAL $comments;
print GBTRIAL "n";
print GBTRIAL "n";
close GBTRIAL;
# Now print a thank-you page
print <<EndHTML;
<h2>Thank You</h2>
<p>Thank you for writing!</p>
<p>Use Back Button to return to previous pages.</p>
<p>Your message was as follows</p>
<p>$comments</p>
<p>From: $fullname $loc $em</p>
EndHTML
print end_html;
# The dienice subroutine handles errors.
sub dienice {
my($errmsg) =@_ ;
print "<h2>Error</h2>n";
print "<p>$errmsg</p>n";
print end_html;
exit;
}[/QUOTE]
0.1.9 — BETA 4.27