#!/usr/bin/perl $|=1; # bnbbook.cgi: yes, another guest book script.... # Release 1.0 on 09/06/98 # (C) 1998-2002 BigNoseBird.Com, Inc. This program is freeware and may # be used at no cost to you (just leave this notice intact). # Feel free to modify, hack, and play with this script. # This guestbook (like the world really needs another one) # has borrowed several ideas from the works of Selena Sol # (http://www.extropia.com/) and Matt Wright # (http://cgi-resources.com/). The script is the result of user # requests for something smaller and simpler to work with, but # with some new tricks. # ################################################################## # START USER CONFIGURATION SECTION # ################################################################## # For information on formatting your autoresponse letter and # # guestbook format, please read the README.TXT # # For information on formatting your input form, also see the # # gbook.html file included in this distribution. # ################################################################## # # SPECIAL RESERVED HTML FORM NAMES # When designing your HTML input form for your guest book, # there are only four fields that are handled in a special way # by the script. The are: # # signer_email: the e-mail address of the signer of the book. If # you want to have the script autorespond or be able # to easily reply to them- use this name! # private: Value is YES if it is a private message not to # be shown in the book. You will get e-mail. # required: A comma delimited list of "must-fill" fields. # If the user does not complete any field you # specify, they will get a message to go back. # url: The person's homepage URL. This will be presented # in the guest book as an HTML link. # ################################################################## # set $HTML="NO" if you do not want users to be able to enter HTML tags # the form name "private" when set to YES by a reader, if you offer # the choice, will send you e-mail, but will not write to the guestbook. $HTML="YES"; # $GUESTBOOK is the file name for your guestbook file. You must give the # filename including it's full path. $GUESTBOOK="/home/www/gbook.html"; # $GUESTBOOK_URL is the URL of the guestbook. This way after they # sign the book they are redirected back to it $GUESTBOOK_URL="http://df132domain.com/gbook.html"; # $TEMPDIR is a directory on your server where you have permission to # write files that will be deleted when the script finishes running. $TEMPDIR="/tmp"; # $SEND_THANKS if "YES" will send the signer of the book a thank you # note if they supplied a valid e-mail address. E-mail is sent to # the value contained in "signer_email" $SEND_THANKS="YES"; # $MY_EMAIL should be your e-mail address. This way people know where # they get the thank you not from. Be sure to put that \@ backslash # before the AT sign! $MY_EMAIL="me\@dfdfdomain.com"; # If you make $TELL_ME="YES" and supplied a value for $MY_EMAIL, # the script will notify you when somebody has signed your book. # If you generally do not want to recieve e-mail, except in the # case of a private message, let $TELL_ME="NO" $TELL_ME="YES"; # $MAIL_PROGRAM is your system's e-mail program typically either # /usr/lib/sendmail -t or /usr/sbin/sendmail -t # DON'T FORGET THE "-t", omitting it is a major source of script failure $MAIL_PROGRAM="/usr/lib/sendmail -t"; # For Windows 95/98/NT using BLAT.EXE, it might look like this: # $MAIL_PROGRAM="C:/winnt/system32/blat.exe"; # You will find more information on Windows modifications you will # have to make in the subroutines, notify_me and send_thanks. # $MUNG="YES" will transform e-mail addresses into something a little # less spam-spider friendly. $MUNG="YES"; # @CENSORED is an array of words that you do not want to have # appear on your guestbook. @CENSORED=('fruck','shat','ashhole','ficker'); # $VALID_DOMAIN if set is where the script can be called from. If # your site responds with or without the "www", leave off the www! $VALID_DOMAIN="dfdfdomain.com"; sub setup_thankyounote { $THANK_YOU=<<__END_OF_THANK_YOU__; Hi $fields{'name'}, Thank you so much for visiting our site and signing the guestbook. We hope you enjoyed your visit and will come back to visit us soon. Bruce and Christine PS- You wrote: Name: $fields{'name'} E-Mail: $fields{'signer_email'} City/State: $fields{'city'} Home Page: $fields{'url'} How Found: $fields{'howfound'} Message: $fields{'message'} __END_OF_THANK_YOU__ } ################################################################## sub setup_pageentry { $tzn=$fields{'signer_email'}; if ($MUNG eq "YES") { $tzn =~ s/\./_DoT_/g; $tzn =~ s/\@/_AT_/g; } $PAGE_ENTRY=<<__END_OF_PAGE_ENTRY__;

Name:	$fields{'name'}
E-Mail:	$tzn
City/State:	$fields{'city'}
Home Page:	$fields{'url'}
Date:	$the_date
How you found us:	$fields{'howfound'}
Wrote... $fields{'message'}

__END_OF_PAGE_ENTRY__ } ################################################################## # END USER CONFIGURATION SECTION # ################################################################## # MAIN ########################################################### # This is where the script starts execution from &valid_page; $the_date=localtime(); &findbook; &decode_vars; &test_required; &valid_address; &setup_pageentry; &setup_thankyounote; &send_thanks; if (($TELL_ME eq "YES" && $MY_EMAIL ne "") || ($TELL_ME eq "NO" && $MY_EMAIL ne "")) { ¬ify_me;} if ($fields{'private'} ne "YES") { &write_entry;} if ( -e $tempmail ) { unlink($tempmail);} print "Location: $GUESTBOOK_URL\n\n"; exit; ################################################################## # NOTE! This routine does a lot more work than it has to so that # People running Windows 95/98/NT can easily adapt it to use # a e-mail SMTP program such as BLAT.EXE ################################################################## sub send_thanks { $SBJ = "Thank you for signing my guestbook"; $fltime = time; $flip = $ENV{'REMOTE_ADDR'}; $flip =~s/\.//g; if ($flip eq "") { $flip = "123456";} $tmpxname=($fltime ^ $flip); $tempmail="$TEMPDIR/$tmpxname.bbb"; open (OTM,">$tempmail"); print OTM "\n"; print OTM "$THANK_YOU\n\n"; close (OTM); open(IMZ,"<$tempmail"); @mailtext=; close(IMZ); if ($BAD_EMAIL_FORMAT eq "NO" && $SEND_THANKS eq "YES") { # IF YOU ARE USING WINDOWS 95/98/NT with BLAT.EXE UNCOMMENT THE LINE BELOW # system ("$MAIL_PROGRAM $tempmail -t $fields{'signer_email'} -f $MY_EMAIL -s \"$SBJ\" -q"); open (MZ,"|$MAIL_PROGRAM") || die "Content-type: text/html\n\n Unable to send mail"; # IF YOU ARE USING BLAT.EXE, COMMENT THE LINES THAT FOLLOW # BY PLACING A # SIGN AT THE START OF THE LINE. DO THIS UNTIL # YOU GET TO THE LINE THAT READS: END OF UNIX PROGRAM CODE print MZ "To: $fields{'signer_email'}\n"; print MZ "From: $MY_EMAIL\n"; print MZ "Subject: $SBJ\n"; foreach $tomail (@mailtext) { print MZ "$tomail"; } # END OF UNIX PROGRAM CODE close (MZ); } } ################################################################## # NOTE! Windows 95/98/NT users will have to edit this routine ################################################################## sub notify_me { if ($BAD_EMAIL_FORMAT eq "YES") { $SBJ = "Guestbook was signed- do NOT reply"; $tmpename=$MY_EMAIL; } else { $SBJ = "Somebody signed your guestbook!"; $tmpename=$fields{'signer_email'}; } # IF YOU ARE USING WINDOWS 95/98/NT with BLAT.EXE UNCOMMENT THE LINE BELOW # system ("$MAIL_PROGRAM $tempmail -t $MY_EMAIL -f $tmpename -s \"$SBJ\" -q"); open (MZT,"|$MAIL_PROGRAM") || die "Content-type: text/html\n\n Unable to send mail"; # IF YOU ARE USING BLAT.EXE, COMMENT THE LINES THAT FOLLOW # BY PLACING A # SIGN AT THE START OF THE LINE. DO THIS UNTIL # YOU GET TO THE LINE THAT READS: END OF UNIX PROGRAM CODE print MZT "To: $MY_EMAIL\n"; print MZT "From: $tmpename\n"; print MZT "Subject: $SBJ\n"; foreach $tomail (@mailtext) { print MZT "$tomail"; } # END OF UNIX PROGRAM CODE close (MZT); } ################################################################## sub test_required { foreach $tst (@mandatory) { if ($fields{$tst} eq "") { $errmesg ="You did not fill in all of the required information.
"; $errmesg .= "Press your BACK BUTTON to return to the entry form!"; &error_exit; } } } ################################################################## sub decode_vars { $i=0; if ( $ENV{'REQUEST_METHOD'} eq "GET") { $temp=$ENV{'QUERY_STRING'};} else { read(STDIN,$temp,$ENV{'CONTENT_LENGTH'});} @pairs=split(/&/,$temp); foreach $item(@pairs) { ($key,$content)=split(/=/,$item,2); $content=~tr/+/ /; $content=~s/%(..)/pack("c",hex($1))/ge; $content=~s/\0//g; #strip nulls #strip comments to prevent server side include calls $content =~ s///g; if ($HTML eq "NO") { $content =~ s/<([^>]|\n)*>//g; } else { $tocheck=$content; &check_html; } if (length($content) > 4000) { $content=substr($content,0,4000); } foreach $citem (@CENSORED) { $content =~ s/\b$citem\b/\*\*\*/gi; } $fields{$key}=$content; if ($key eq "required") { $content=~s/\012//g; $content=~s/\015//g; $content=~s/ //g; @mandatory=split(/,/,$content); } } } ################################################################## sub error_exit { print "Content-type: text/html\n\n"; print <<__END_OF_ERROR__; $errmesg __END_OF_ERROR__ exit; } ################################################################## sub check_html { $quote_count=0; $left_count=0; $right_count=0; for ($i=0;$i") {$right_count++;} } if ( (($left_count % 2) != 0) || (($right_count % 2) != 0) || (($quote_count % 2) != 0)) { $errmesg = "Your HTML doesn't have an even number of "; $errmesg .="< > " marks
"; $errmesg .= "Press your BACK BUTTON to return to the entry form!"; &error_exit; } } ################################################################## sub findbook { if ( -e $GUESTBOOK) { $DONOTHING=0; } else { $errmesg ="Unable to locate your guestbook file
\n"; $errmesg .= "Please check that $GUESTBOOK is the correct path and name"; &error_exit; } if ( -w $GUESTBOOK) { $DONOTHING=0; } else { $errmesg ="Unable to write to your guestbook file
\n"; $errmesg .= "Please check the permissions on $GUESTBOOK"; &error_exit; } } ################################################################## sub write_entry { &get_the_lock; open(RDBK,"<$GUESTBOOK"); @book=; close(RDBK); open(WRBK,">$GUESTBOOK"); foreach $line (@book) { chop $line; if ($line eq "") { print WRBK "\n"; print WRBK "$PAGE_ENTRY\n"; } else { print WRBK "$line\n"; } } close(WRBK); &drop_the_lock; } ################################################################## sub get_the_lock { $lockfile="$TEMPDIR/bnbbook.lck"; local ($endtime); $endtime = 60; $endtime = time + $endtime; while (-e $lockfile && time < $endtime) { # Do Nothing } open(LOCK_FILE, ">$lockfile"); } ################################################################## sub drop_the_lock { close($lockfile); unlink($lockfile); } ################################################################## sub valid_address { if ($fields{'signer_email'} eq "") { $BAD_EMAIL_FORMAT="YES"; return; } $testmail = $fields{'signer_email'}; if ($testmail =~ /(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)/ || $testmail !~ /^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$/) { $BAD_EMAIL_FORMAT="YES"; return; } else { $BAD_EMAIL_FORMAT="NO"; } } ################################################################## sub valid_page { if ($VALID_DOMAIN eq "") {return;} $DN=$ENV{'HTTP_REFERER'}; if ($DN eq "") {return;} $DN=~tr/A-Z/a-z/; $VALID_DOMAIN=~tr/A-Z/a-z/; if ($DN =~ /$VALID_DOMAIN/) {$stayin=1;} else {$stayin=0;} if ($stayin == 0) { $errmesg ="Sorry! You can't run this script from your server
"; &error_exit; } }