#!/usr/bin/perl
#
# generiform cgi
# © 2000 Jackie Hamilton - http://www.cgi101.com/
#
# This script is generic; all of the configuration is done in the HTML form.
# Required fields in the HTML form are:
#      send_to : the email address to send the suggestion to.
#
# Optional fields:
#      subject : the subject line of the form mail.
#  field_order : a comma-separated list of the form fields, in the order you 
#                want them presented in the email message.  Please don't use
#                any field names with spaces in them.  NOTE: if you DO define
#                a field order, only the fields in that list will appear in the
#                mail.  Be sure you include all of the fields!
#       ok_url : the url to redirect to after successfully filling out the form.
#        email : the e-mail address of the person filling out the form.
#                this WILL be error-checked, so invalid emails can't be sent.
#
# configuration stuff:
# location of sendmail:
$mailprog = "/usr/sbin/sendmail";
#
# list of domains authorized to call this script:  you really SHOULD set this
# to avert inappropriate use or spam.
@allowed_domains =("www.cgi101.com");  

&chkdomain;

# main
#
%f = &parseform;

# now do some error-checking.
%reqs = ("send_to","the e-mail address to send the form data to (typically this is done via a hidden field in the form)");

$errmsg = "";
foreach $i (keys %reqs) {
   if ($f{$i} eq "") {
      $errmsg .= "You must enter $reqs{$i}.<br>\n";
   }
}
if ($errmsg ne "") {
   &dienice($errmsg);
}
if ($f{send_to} !~ /[\w\-]+\@[\w\-]+\.[\w\-]+/) {
    &dienice("Recipient address `$f{send_to}' doesn't appear to be valid.");
}
if ($f{email} !~ /[\w\-]+\@[\w\-]+\.[\w\-]+/) {
    &dienice("Your e-mail address address `$f{email}' doesn't appear to be valid.");
}

@sortorder = ();
if (exists $f{field_order} and $f{field_order} ne "") {
   $f{field_order} =~ s/\s//g;
   @sortorder = split(/,/,$f{field_order});
}

# now we can prepare the message.
$msg = "";

if (@sortorder != ()) {
   foreach $key (@sortorder) {
      if (exists $f{$key}) {
         $mystring = "$key: $f{$key}\n";
         $msg .= $mystring;
       }
   }
} else {
  foreach $key (sort keys %f) {
     $mystring = "$key: $f{$key}\n";
     $msg .= $mystring;
  }
}

if ($f{subject} eq "") {
   $subject = "Form Submission";
} else {
   $subject = $f{subject};
}

if ($f{email} eq "") {
   $from = "webmaster";
} else {
   $from = $f{email};
}

&sendmail($from,$f{send_to},$subject,$msg);
if (exists $f{ok_url} and $f{ok_url} ne "") {
    print "Location:$f{ok_url}\n\n";
} else {
   &thanks;
}

sub thanks {
   &dohdr;
# You may reconfigure the HTML inside the Endthanks block.
   print <<Endthanks;
   <center>
   <h2>Thank You</h2>
   Thank you for visiting!  Your message has been sent.<p>
   </center>
Endthanks
   &dofooter;
}

sub sendmail {
    my($from,$to,$subject,@msg) = @_;
    open(MAIL,"|$mailprog -t");
    print MAIL "To: $to\n";
    print MAIL "From: $from\n";
    print MAIL "Subject: $subject\n\n";
    print MAIL <<EndMail;
@msg
EndMail
    close(MAIL);
}

sub parseform {
    read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
    @pairs = split(/&/, $buffer);

    foreach $pair (@pairs) {
        ($name, $value) = split(/=/, $pair);
        $value =~ tr/+/ /;
        $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
        $FORM{$name} = $value;
    }
    return %FORM;
}

sub dienice {
    ($msg) = @_;
    &dohdr;
    print "<h2>Error</h2>\n";
    print $msg;
    &dofooter;
    exit;
}

sub dohdr {
    print "Content-type:text/html\n\n";
    print <<EndHdr;
<html><head><title>Results</title></head>
<body bgcolor=#ffffff text=#000000>
EndHdr
}

sub dofooter { print "</body></html>\n"; }

sub chkdomain {
  if (@allowed_domains == () ) { 
     return 
  }
  my($isok) = 0;
  my($referer) = $ENV{'HTTP_REFERER'};
  $referer =~ tr/A-Z/a-z/;
  foreach $i (@allowed_domains) {
    if ($referer =~ /$i/) { 
       return 1;
    }
  }
  &dienice("Referring page ($referer) is not authorized to call this script!");
}