#!/usr/bin/perl
#
# tell a friend cgi
# © 2000 Jackie Hamilton - http://www.cgi101.com/
#
# This script is generic; all of the configuration is done in the HTML form.
# Required fields in the HTML form are:
#         name : the name of the person suggesting the site.
# suggest_from : the email address of the person suggesting the site.
#   suggest_to : the email address to send the suggestion to.
#          url : the URL of the site being suggested.
#
# Optional fields:
#      subject : the subject line of the suggestion mail.
#  automessage : the path of a file on the server to include in the
#                suggestion mail.
#      message : a textarea for the suggester to write a message to the
#                suggestee.
#       ok_url : the url to redirect to after successfully recommending a site.
#
# configuration stuff:
# location of sendmail:
$mailprog = "/usr/sbin/sendmail";
#
# list of domains authorized to call this script:  you really SHOULD set this
# to avert inappropriate use or spam.
@allowed_domains =("www.cgi101.com");  

&chkdomain;

# main
#
%f = &parseform;

# now do some error-checking.
%reqs = ("name", "your name.", "suggest_from", "your e-mail address.", 
"suggest_to", "the e-mail address of the person you're suggesting this site to.", "url", "the URL of the site being suggested (typically this is a hidden field in the form)");

$errmsg = "";
foreach $i (keys %reqs) {
   if ($f{$i} eq "") {
      $errmsg .= "You must enter $reqs{$i}.<br>\n";
   }
}
if ($errmsg ne "") {
   &dienice($errmsg);
}
if ($f{suggest_from} !~ /[\w\-]+\@[\w\-]+\.[\w\-]+/) {
   &dienice("Your e-mail address ($f{suggest_from}) doesn't appear to be valid.");
}
if ($f{suggest_to} !~ /[\w\-]+\@[\w\-]+\.[\w\-]+/) {
    &dienice("Recipient address `$f{suggest_to}' doesn't appear to be valid.");
}

# now we can prepare the message.
@msg = ();
push(@msg,"Web site recommendation from $f{name} ($f{suggest_from}):\n\n     $f{url}\n\n");

if ($f{message} ne "") {
   push(@msg,$f{message} . "\n\n");
}

if ($f{automessage} ne "") {
   if (-e $f{automessage}) {
      open(INF,$f{automessage});
      @grok = <INF>;
      close(INF);
      push(@msg,@grok);
      push(@msg,"\n\n");
   }
}

if ($f{subject} eq "") {
   $subject = "Web site recommendation: $f{url}";
} else {
   $subject = $f{subject};
}

&sendmail($f{suggest_from},$f{suggest_to},$subject,@msg);
if (exists $f{ok_url} and $f{ok_url} ne "") {
    print "Location:$f{ok_url}\n\n";
} else {
   &thanks;
}

sub thanks {
   &dohdr;
# You may reconfigure the HTML inside the Endthanks block.
   print <<Endthanks;
   <center>
   <h2>Thank You</h2>
   Thank you for suggesting $f{url}!  Your message has been sent.<p>
   </center>
Endthanks
   &dofooter;
}

sub sendmail {
    my($from,$to,$subject,@msg) = @_;
    open(MAIL,"|$mailprog -t");
    print MAIL "To: $to\n";
    print MAIL "From: $from\n";
    print MAIL "Subject: $subject\n\n";
    print MAIL <<EndMail;
@msg
EndMail
    close(MAIL);
}

sub parseform {
    read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
    @pairs = split(/&/, $buffer);

    foreach $pair (@pairs) {
        ($name, $value) = split(/=/, $pair);
        $value =~ tr/+/ /;
        $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
        $FORM{$name} = $value;
    }
    return %FORM;
}

sub dienice {
    ($msg) = @_;
    &dohdr;
    print "<h2>Error</h2>\n";
    print $msg;
    &dofooter;
    exit;
}

sub dohdr {
    print "Content-type:text/html\n\n";
    print <<EndHdr;
<html><head><title>Results</title></head>
<body bgcolor=#ffffff text=#000000>
EndHdr
}

sub dofooter { print "</body></html>\n"; }

sub chkdomain {
  if (@allowed_domains == () ) { 
     return 
  }
  my($isok) = 0;
  my($referer) = $ENV{'HTTP_REFERER'};
  $referer =~ tr/A-Z/a-z/;
  foreach $i (@allowed_domains) {
    if ($referer =~ /$i/) { 
       return 1;
    }
  }
  &dienice("Referring page ($referer) is not authorized to call this script!");
}