#!/usr/bin/perl
$|=1;
# bnbbook.cgi: yes, another guest book script....
# Release 1.0 on 09/06/98
# (C) 1998 BigNoseBird.Com, Inc. This program is freeware and may
# be used at no cost to you (just leave this notice intact).
# Feel free to modify, hack, and play with this script.
# This guestbook (like the world really needs another one)
# has borrowed several ideas from the works of Selena Sol
# (http://www.extropia.com/) and Matt Wright
# (http://cgi-resources.com/). The script is the result of user
# requests for something smaller and simpler to work with, but
# with some new tricks.
#
##################################################################
# START USER CONFIGURATION SECTION #
##################################################################
# For information on formatting your autoresponse letter and #
# guestbook format, please read the README.TXT #
# For information on formatting your input form, also see the #
# gbook.html file included in this distribution. #
##################################################################
#
# SPECIAL RESERVED HTML FORM NAMES
# When designing your HTML input form for your guest book,
# there are only four fields that are handled in a special way
# by the script. The are:
#
# signer_email: the e-mail address of the signer of the book. If
# you want to have the script autorespond or be able
# to easily reply to them- use this name!
# private: Value is YES if it is a private message not to
# be shown in the book. You will get e-mail.
# required: A comma delimited list of "must-fill" fields.
# If the user does not complete any field you
# specify, they will get a message to go back.
# url: The person's homepage URL. This will be presented
# in the guest book as an HTML link.
#
##################################################################
# don't change these
$GUESTBOOK="/home/art-villag/public_html/comments/index.html";
$GUESTBOOK_URL="http://www.art-village.co.uk/comments/class_p_m.htm";
$MY_EMAIL="webmaster\@art-village.co.uk";
$VALID_DOMAIN="art-village.co.uk";
$TELL_ME="NO";
$HTML="YES";
$TEMPDIR="/tmp";
$SEND_THANKS="YES";
$MAIL_PROGRAM="/usr/sbin/sendmail -t";
@CENSORED=('BADBADWORD','BADBADWORD2');
$MUNG="NO";
sub setup_thankyounote
{
$THANK_YOU=<<__END_OF_THANK_YOU__;
Hi $fields{'name'},
Thank you so much for visiting our site and signing the guestbook.
We hope you enjoyed your visit and will come back to visit us
soon.
PS- You wrote:
Name: $fields{'name'}
E-Mail: $fields{'signer_email'}
City/State: $fields{'city'}
Home Page: $fields{'url'}
How Found: $fields{'howfound'}
Message: $fields{'message'}
__END_OF_THANK_YOU__
}
##################################################################
sub setup_pageentry
{
$tzn=$fields{'signer_email'};
if ($MUNG eq "YES")
{
$tzn =~ s/\./_DoT_/g;
$tzn =~ s/\@/_AT_/g;
}
$PAGE_ENTRY=<<__END_OF_PAGE_ENTRY__;
__END_OF_PAGE_ENTRY__
}
##################################################################
# END USER CONFIGURATION SECTION #
##################################################################
# MAIN ###########################################################
# This is where the script starts execution from
&valid_page;
$the_date=localtime();
&findbook;
&decode_vars;
&test_required;
&valid_address;
&setup_pageentry;
&setup_thankyounote;
&send_thanks;
if (($TELL_ME eq "YES" && $MY_EMAIL ne "") ||
($TELL_ME eq "NO" && $MY_EMAIL ne ""))
{ ¬ify_me;}
if ($fields{'private'} ne "YES")
{ &write_entry;}
if ( -e $tempmail )
{ unlink($tempmail);}
print "Location: $GUESTBOOK_URL\n\n";
exit;
##################################################################
# NOTE! This routine does a lot more work than it has to so that
# People running Windows 95/98/NT can easily adapt it to use
# a e-mail SMTP program such as BLAT.EXE
##################################################################
sub send_thanks
{
$SBJ = "Thank you for signing my guestbook";
$fltime = time;
$flip = $ENV{'REMOTE_ADDR'};
$flip =~s/\.//g;
if ($flip eq "")
{ $flip = "123456";}
$tmpxname=($fltime ^ $flip);
$tempmail="$TEMPDIR/$tmpxname.bbb";
open (OTM,">$tempmail");
print OTM "\n";
print OTM "$THANK_YOU\n\n";
close (OTM);
open(IMZ,"<$tempmail");
@mailtext=;
close(IMZ);
if ($BAD_EMAIL_FORMAT eq "NO" && $SEND_THANKS eq "YES")
{
# IF YOU ARE USING WINDOWS 95/98/NT with BLAT.EXE UNCOMMENT THE LINE BELOW
# system ("$MAIL_PROGRAM $tempmail -t $fields{'signer_email'} -f $MY_EMAIL -s \"$SBJ\" -q");
open (MZ,"|$MAIL_PROGRAM") || die "Content-type: text/html\n\n Unable to send mail";
# IF YOU ARE USING BLAT.EXE, COMMENT THE LINES THAT FOLLOW
# BY PLACING A # SIGN AT THE START OF THE LINE. DO THIS UNTIL
# YOU GET TO THE LINE THAT READS: END OF UNIX PROGRAM CODE
print MZ "To: $fields{'signer_email'}\n";
print MZ "From: $MY_EMAIL\n";
print MZ "Subject: $SBJ\n";
foreach $tomail (@mailtext)
{
print MZ "$tomail";
}
# END OF UNIX PROGRAM CODE
close (MZ);
}
}
##################################################################
# NOTE! Windows 95/98/NT users will have to edit this routine
##################################################################
sub notify_me
{
if ($BAD_EMAIL_FORMAT eq "YES")
{
$SBJ = "Guestbook was signed- do NOT reply";
$tmpename=$MY_EMAIL;
}
else
{
$SBJ = "Somebody signed your guestbook!";
$tmpename=$fields{'signer_email'};
}
# IF YOU ARE USING WINDOWS 95/98/NT with BLAT.EXE UNCOMMENT THE LINE BELOW
# system ("$MAIL_PROGRAM $tempmail -t $MY_EMAIL -f $tmpename -s \"$SBJ\" -q");
open (MZT,"|$MAIL_PROGRAM") || die "Content-type: text/html\n\n Unable to send mail";
# IF YOU ARE USING BLAT.EXE, COMMENT THE LINES THAT FOLLOW
# BY PLACING A # SIGN AT THE START OF THE LINE. DO THIS UNTIL
# YOU GET TO THE LINE THAT READS: END OF UNIX PROGRAM CODE
print MZT "To: $MY_EMAIL\n";
print MZT "From: $tmpename\n";
print MZT "Subject: $SBJ\n";
foreach $tomail (@mailtext)
{
print MZT "$tomail";
}
# END OF UNIX PROGRAM CODE
close (MZT);
}
##################################################################
sub test_required
{
foreach $tst (@mandatory)
{
if ($fields{$tst} eq "")
{
$errmesg ="You did not fill in all of the required information. ";
$errmesg .= "Press your BACK BUTTON to return to the entry form!";
&error_exit;
}
}
}
##################################################################
sub decode_vars
{
$i=0;
if ( $ENV{'REQUEST_METHOD'} eq "GET")
{ $temp=$ENV{'QUERY_STRING'};}
else { read(STDIN,$temp,$ENV{'CONTENT_LENGTH'});}
@pairs=split(/&/,$temp);
foreach $item(@pairs)
{
($key,$content)=split(/=/,$item,2);
$content=~tr/+/ /;
$content=~s/%(..)/pack("c",hex($1))/ge;
#strip comments to prevent server side include calls
$content =~ s///g;
if ($HTML eq "NO")
{
$content =~ s/<([^>]|\n)*>//g;
}
else
{
$tocheck=$content;
&check_html;
}
foreach $citem (@CENSORED)
{
$content =~ s/\b$citem\b/\*\*\*/gi;
}
$fields{$key}=$content;
if ($key eq "required")
{
$content=~s/\012//g;
$content=~s/\015//g;
$content=~s/ //g;
@mandatory=split(/,/,$content);
}
}
}
##################################################################
sub error_exit
{
print "Content-type: text/html\n\n";
print <<__END_OF_ERROR__;
$errmesg
__END_OF_ERROR__
exit;
}
##################################################################
sub check_html
{
$quote_count=0;
$left_count=0;
$right_count=0;
for ($i=0;$i") {$right_count++;}
}
if ( (($left_count % 2) != 0) || (($right_count % 2) != 0)
|| (($quote_count % 2) != 0))
{
$errmesg = "Your HTML doesn't have an even number of ";
$errmesg .="< > " marks ";
$errmesg .= "Press your BACK BUTTON to return to the entry form!";
&error_exit;
}
}
##################################################################
sub findbook
{
if ( -e $GUESTBOOK)
{
$DONOTHING=0;
}
else
{
$errmesg ="Unable to locate your guestbook file \n";
$errmesg .= "Please check that $GUESTBOOK is the correct path and name";
&error_exit;
}
if ( -w $GUESTBOOK)
{
$DONOTHING=0;
}
else
{
$errmesg ="Unable to write to your guestbook file \n";
$errmesg .= "Please check the permissions on $GUESTBOOK";
&error_exit;
}
}
##################################################################
sub write_entry
{
&get_the_lock;
open(RDBK,"<$GUESTBOOK");
@book=;
close(RDBK);
open(WRBK,">$GUESTBOOK");
foreach $line (@book)
{
chop $line;
if ($line eq "")
{
print WRBK "\n";
print WRBK "$PAGE_ENTRY\n";
}
else
{
print WRBK "$line\n";
}
}
close(WRBK);
&drop_the_lock;
}
##################################################################
sub get_the_lock
{
$lockfile="$TEMPDIR/bnbbook.lck";
local ($endtime);
$endtime = 60;
$endtime = time + $endtime;
while (-e $lockfile && time < $endtime)
{
# Do Nothing
}
open(LOCK_FILE, ">$lockfile");
}
##################################################################
sub drop_the_lock
{
close($lockfile);
unlink($lockfile);
}
##################################################################
sub valid_address
{
if ($fields{'signer_email'} eq "")
{
$BAD_EMAIL_FORMAT="YES";
return;
}
$testmail = $fields{'signer_email'};
if ($testmail =~ /(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)/ ||
$testmail !~ /^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,3}|[0-9]{1,3})(\]?)$/)
{
$BAD_EMAIL_FORMAT="YES";
return;
}
else
{
$BAD_EMAIL_FORMAT="NO";
}
}
##################################################################
sub valid_page
{
if ($VALID_DOMAIN eq "")
{return;}
$DN=$ENV{'HTTP_REFERER'};
if ($DN eq "")
{return;}
$DN=~tr/A-Z/a-z/;
$VALID_DOMAIN=~tr/A-Z/a-z/;
if ($DN =~ /$VALID_DOMAIN/)
{$stayin=1;}
else {$stayin=0;}
if ($stayin == 0)
{
$errmesg ="Sorry! You can't run this script from your server ";
&error_exit;
}
}