# bnbbook.cgi GuestBook Script Release 1.0 on 09/07/98
# http://bignosebird.com/
# (C) 1998-2002 BigNoseBird.Com, Inc. This program is freeware and may 
# be used at no cost to you (just leave this notice intact). 

** Updated November 2, 2002 to allow validation of four character TLDs
   such as .info and .name

** Updated on January 24, 2000 to limit message length to 4000
   characters. This is to avoid long postings which lock up the
   MSIE 5.0 browser.

     **----------  BNBBOOK.CGI 1.0 ----------**

     *** FEATURES ***

     o Autorespond letter to signer
     o Sends you e-mail of their entry
     o Filters out your list of dirty words
     o Domain check to prevent offsite calling of the script
     o Newest entry at top of the book
     o Easy to modify letters and guestbook entry formats
     o Handles 'private' messages
     o Allows for signers to use HTML
     o Tired of having your book trashed because of a blown tag?
       The script performs a very rudimentary HTML test.  If there are 
       not an even number of <>" the signer has to correct the entry.
     o Removes all HTML comments to prevent SSI hacks
     o You can have the script MUNG e-mail address to foil spam-spiders
     o Captures their IP address as a comment in the guestbook
     o You can specify required entry fields
     o Automatic redirect to guestbook after signing
     o Validates E-mail address formatting, and warns you in the
       subject not to reply if it looks fake. If fake, no autoresponse
       is sent!
     o Converts easily to 95/98/NT using the blat.exe mail handler.

  
     *** PREEMPTIVE TROUBLESHOOTING ***

Thank you for stopping by our site and grabbing a copy of BNBBOOK.CGI.
We hope you find the script both simple enough to install and
modify, and flexible enough to meet your needs. Before giving you
the installation instructions, here are the most common reasons
for the script not working:

   1.) File was uploaded from a PC to a unix server as BINARY
       instead of ASCII. Always upload html, cgi, txt, and pl
       files as ASCII.
   2.) You did not set the permissions on the file properly.
       You must "chmod 755" the script. This means the owner
       can read/write/execute, and group and others can read
       and execute.
   3.) The path to the guestbook html file is wrong. It must
       be the full unix path starting with /
   4.) Permissions on the guestbook html file are wrong. Try
       644 (read/write for owner and group, read for others).
       On many servers, cgi scripts may not run as "you". If
       this is the case, you must use 666 (read/write for all)
   5.) Your sendmail (mail handler) is not set right. On most
       unix servers, it is "/usr/lib/sendmail -t". On others
       it is "/usr/sbin/sendmail -t". If you are using sendmail
       you MUST use the "-t" option.
   6.) Make sure the line <!--bookmark--> is where the next
       entry in the guestbook is to appear. Do NOT delete this
       line. Everything above and below it remains intact, and
       the new entry is inserted just below that point.

     *** INSTALLATION INSTRUCTIONS ***

Installing BNBBOOK.CGI is very simple. Just read the five items
listed above first. ;-)

1.) Upload the bnbbook.cgi to your server's cgi directory. Usually
    that is cgi-bin. Make sure you upload the file as ASCII if you
    are going from a PC/MAC to Unix.
2.) Make all the necessary USER CONFIGURATION entries listed below.
3.) Set the permissions on the bnbbook.cgi to 755. Read/Write/Exec
    for owner, Read/Exec for group and all others.
4.) Upload the gbook.html file to your desired directory, and set
    the permissions to 644 (Read/Write for owner, Read for group
    and others). If your server does not run scripts as "you"
    set the permissions to 666 (Read/Write for everyone)

   *NT USERS: You will most likely have to rename the script to
              bnbbook.pl as well as obtain blat.exe. To convert
              the script for Windows use, please follow the 
              instructions embedded within the script.

In your script you will find the following items that require
you to make settings to.

 set $HTML="NO" if you do not want users to be able to enter HTML tags
 the form name "private" when set to YES by a reader, if you offer
 the choice, will send you e-mail, but will not write to the guestbook.

   $HTML="YES";

 $GUESTBOOK is the file name for your guestbook file. You must give the
 filename including it's full path.

   $GUESTBOOK="/home/www/gbook.html";

 $GUESTBOOK_URL is the URL of the guestbook. This way after they
 sign the book they are redirected back to it

   $GUESTBOOK_URL="http://domain.com/gbook.html";

 $TEMPDIR is a directory on your server where you have permission to
 write files that will be deleted when the script finishes running.

   $TEMPDIR="/tmp";

 $SEND_THANKS if "YES" will send the signer of the book a thank you
 note if they supplied a valid e-mail address. E-mail is sent to
 the value contained in "signer_email"

   $SEND_THANKS="YES";

 $MY_EMAIL should be your e-mail address. This way people know where
 they get the thank you not from.  Be sure to put that \@ backslash 
  before the AT sign!

   $MY_EMAIL="me\@domain.com";

 If you make $TELL_ME="YES" and supplied a value for $MY_EMAIL,
 the script will notify you when somebody has signed your book.

   $TELL_ME="YES";

 $MAIL_PROGRAM is your system's e-mail program typically either
 /usr/lib/sendmail -t  or /usr/sbin/sendmail -t
 DON'T FORGET THE "-t", omitting it is a major source of script failure

   $MAIL_PROGRAM="/usr/lib/sendmail -t";

 For Windows 95/98/NT using BLAT.EXE, it might look like this:
 $MAIL_PROGRAM="C:/winnt/system32/blat.exe";
 You will find more information on Windows modifications you will
 have to make in the subroutines, notify_me and send_thanks.

 $MUNG="YES" will transform e-mail addresses into something a little
 less spam-spider friendly. <evil grin>

   $MUNG="YES";

 @CENSORED is an array of words that you do not want to have
 appear on your guestbook.

   @CENSORED=('fruck','shat','ashhole','ficker');

 $VALID_DOMAIN if set is where the script can be called from. If
 your site responds with or without the "www", leave off the www!

   $VALID_DOMAIN="domain.com";

  *** DESIGNING YOUR INPUT FORM ***

The gbook.html file included with this distribution has the
input form at the top of the guestbook. If you want you can 
of course split things up. Just MAKE SURE THAT THE LINE
<!--bookmark--> 
Is located just under the heading information of your 
guestbook html file.

           SPECIAL RESERVED HTML FORM NAMES
 When designing your HTML input form for your guest book, 
 there are only four fields that are handled in a special way 
 by the script. The are:

  signer_email: the e-mail address of the signer of the book. If
                you want to have the script autorespond or be able
                to easily reply to them- use this name!
  private:      Value is YES if it is a private message not to 
                be shown in the book. You will get e-mail.
  required:     A comma delimited list of "must-fill" fields.
                If the user does not complete any field you 
                specify, they will get a message to go back.
  url:          The person's homepage URL. This will be presented
                in the guest book as an HTML link.

*** MODIFYING YOUR GUESTBOOK FORMAT AND RESPONSE LETTER

Within the USER CONFIGURATION SECTION you will find two subroutines:
setup_thankyounote and setup_pageentry. These are free form string
statements where you can put anything you want. There are basically
a few rules:

  1.) If you use the @ sign, as in an e-mail address- you MUST
      put a \ backslash before it or the script WILL NOT RUN.
      bnb\@bignosebird.com is okay, bnb@bignosebird.com is NOT.
  2.) Do not delete the lines (or indent) __END_OF_THANK_YOU__
      and __END_OF_PAGE_ENTRY__
  3.) Everything between the between the 
      $THANK_YOU=<<__END_OF_THANK_YOU__;   and
      __END_OF_THANK_YOU__
      is fair game. DO NOT DELETE THOSE LINES!!!
      Same thing for $PAGE_ENTRY.
  4.) Using your form names is as easy as sticking a 
      $fields{'whatever'} where you want it to appear.
      whatever would be in this case an INPUT NAME="whatever"
      in your form. Compare the code in the script to the
      included gbook.html file.

##################################################################
sub setup_thankyounote
{
$THANK_YOU=<<__END_OF_THANK_YOU__;
Hi $fields{'name'},

Thank you so much for visiting our site and signing the guestbook.
We hope you enjoyed your visit and will come back to visit us
soon.

Bruce and Christine

PS- You wrote:

Name:       $fields{'name'}
E-Mail:     $fields{'signer_email'}
City/State: $fields{'city'}
Home Page:  $fields{'url'}
How Found:  $fields{'howfound'}
Message:    $fields{'message'}

__END_OF_THANK_YOU__
}

##################################################################
sub setup_pageentry
{
  $tzn=$fields{'signer_email'};
  if ($MUNG eq "YES")
   {
    $tzn =~ s/\./_DoT_/g;
    $tzn =~ s/\@/_AT_/g;
   }
 
$PAGE_ENTRY=<<__END_OF_PAGE_ENTRY__;
<TABLE WIDTH=560 BORDER=0 CELLPADDING=0 CELLSPACING=0 BGCOLOR="#CCE6FF">
<TR>
 <TD WIDTH=125>Name:</TD>
 <TD WIDTH=435> $fields{'name'}</TD> </TR>
<TR> 
 <TD  WIDTH=125 BGCOLOR="#FFFFCC">E-Mail:</TD>
 <TD WIDTH=435 BGCOLOR="#FFFFCC"> $tzn</TD> </TR>
<TR> 
 <TD WIDTH=125 >City/State:</TD>
 <TD WIDTH=435> $fields{'city'}</TD> </TR>
<TR> 
 <TD WIDTH=125 BGCOLOR="#FFFFCC">Home Page:</TD>
 <TD WIDTH=435 BGCOLOR="#FFFFCC"> <A HREF="$fields{'url'}">$fields{'url'}</A></TD> </TR>
<TR> 
 <TD WIDTH=125 >Date:</TD>
 <TD WIDTH=435> $the_date</TD> </TR>
<TR> 
 <TD WIDTH=125 BGCOLOR="#FFFFCC">How you found us:</TD>
 <TD WIDTH=435 BGCOLOR="#FFFFCC">$fields{'howfound'} </TD> </TR>
<TR> 
 <TD WIDTH=560 BGCOLOR="#FFFFFF" COLSPAN=2><I>Wrote...</I><BR>$fields{'message'}<HR></TD> </TR>
</TABLE>
<!-- $ENV{'REMOTE_ADDR'} submitter's IP address -->
__END_OF_PAGE_ENTRY__

}