BigNoseBird.Com's - - - - - All Purpose Form Handler FOR UNIX & WINDOWS NOW ON VERSION 4.1 ------------------ Updated November 2, 2002 Proper validation of four character TLDs such as .name and .info now allowed. Updated January 31, 2000 Improved security features. Arbitrary file requests are prevented by the script appending a unique extension to each file type. File names and e-mail addresses are are checked for possible exploit attempts. Multiple recipients and cc's are now supported. Thank you page now shows submitted information. ABOUT THE NEW FILENAME SYSTEM: In order to prevent people from being able to overwrite or read from files on your server, you MUST set up your file names in the following way. Each item such as automessage, is given an extension automatically by the script. Do not include the extension in the VALUE part of the HIDDEN INPUT tag. This is how the exploit attempts are blocked. The list below shows the extension associated with each file type. the file MUST be named mymessage.baut when you save it on the server. the script will create form1.bout the script will create form1.bcnt the script will create form1.bemf This program, bnbform.cgi is designed to allow you to quickly implement your HTML based forms. The program is configured by information you provide in the form itself, so you can get the script to handle your data in a variety of ways without changing your scripts. Without writing one line of perl code, you can do the following (in any combination!): 1.) Submit E-mail to a specified person(s) and CC as well. 2.) Send the data to a file for easy import into a database program. 3.) Automatically send a resonse to the submitter, with a text file to contain your message. 4.) Define the order the data is printed. 5.) Enforce completion of specified fields. 6.) Define a page for a "Thank you" or an "Oops!" message after the form is submitted. I. GETTING READY TO INSTALL ---------------------------- Included in this zip or tar file you will find the following files: FILE NAME DESCRIPTION --------- ----------- README.TXT The file you are reading! bnbform.cgi The script bnbform.html A sample form mymessage.baut A sample autoreponse message oops.html A sample HTML page for incomplete data thanks.html A sample HTML page for saying thanks! NOTE: PLEASE READ THE Q&A BELOW, IT CONTAINS SOME USEFUL SETUP INFORMATION! In order to install the script, you should only have to find out the answers to the following questions: Q: Where is perl on my server? A: On some systems it is /usr/local/bin/perl but it may be in /usr/bin/perl or /usr/sbin/perl. The very first line of the script says, #!/usr/bin/perl This MUST be the first line of the script with nothing including blank lines above it. If your "perl" is not there, edit this line so that it is correct for your system. Q: What is an SMTP server? A: This is the computer that handles your domain's e-mail, but you can also use your ISP's mail server as well (usually). On most systems, the "localhost" will work just fine. Q: Where is my cgi-bin directory? A: This varies. Please check with your system administrator or system FAQ if you do not know this. Q: How do I call a cgi-bin script from a form? A: On my system, this does the trick:

Again, this can vary from server to server so please consult your server FAQ or your system administrator. Q: How do I set file permissions? A: Once the files are installed, using FTP, you want to set the permissions on bnbform.cgi so that they are the equivalent of 755. This means that the owner can read-write-execute, group can read-execute, and others can read-execute. If you can login using telnet, you can issue the command: chmod 755 bnbform.cgi You must "cd" to the directory containing the script before doing this. For specific instructions on setting permissions using FTP, please see the "HELP" for your FTP program. II. INSTALLING THE FILES ON YOUR SERVER ---------------------------------------- Edit the bnbform.cgi to make sure the path to perl is correct, i.e., #!/usr/local/bin/perl Edit the bnbform.html to make sure you are calling the script properly, i.e., Also, change the e-mail address of the "submit_to" and the http://domain.com/oops.html and http:domain.com/thanks.html so that they are correct for your domain. You may delete the lines containing the ok_URL and not_ok_URL if you want. Using FTP, transfer the following files using ASCII mode. NEVER USE BINARY TO TRANSFER TEXT FILES FROM A PC TO A UNIX SERVER!!!!! FILE LOCATION bnbform.cgi cgi-bin directory mymessage.baut cgi-bin directory bnbform.html your webpage directory oops.html your webpage directory thanks.html your webpage directory Set the permissions on bnbform.cgi to 755 which means the owner can read-write-execute, group can read-execute, and others can read-execute. (This was one of the questions above!) Guess what? That's it! Installation is complete and you can test the script using the bnbform.html that is included- after you edit it as described above. III. CONFIGURING THE FORM FOR YOUR NEEDS ---------------------------------------- The bnbform.cgi script is very simple, and very flexible. How it works, is that it looks at the form's data for the existence and content of some special fields, most of which are HIDDEN so the reader doesn't see them. Here are a list of the magic fields: IMPORTANT NOTE: ALL FIELD NAMES AND VALUES ARE CASE SENSITIVE! To keep things simple- just use lower case. submit_by: The e-mail address of the person completing the form. You should make this required if you are using autorespond. required: A list seperated by commas "," listing ALL fields you wish to enforce data completion on. As an example: data_order: In order for your information to show up in a file or in your e-mail, you MUST list each field you want to see in this comma "," separated list. This also specifies the order the data will be printed to mail and to file. Here is an example: submit_to: The person to receive the e-mail. Example You do not have to indicate a "submit_to" if you are sending the information to a file, and don't need e-mail notification. You can use more than one e-mail address, just put commas between them, VALUE="person1@x.com,person2@y.com" cc_to: In addition to submit_to, you can also specify additional, CC recipient(s). You can use more than one e-mail address, just put commas between them, VALUE="person1@x.com,person2@y.com" automessage: A textfile containing a message to go out as the body of an autorespond e-mail. Example, ***You can also specify the actual path to the file if you will be running this outside of the main cgi-bin directory- or if you want the data elsewhere. outputfile: This tells the system you want to log information, and what to name the file. The script will create the file with proper permissions for you. ***You can also specify the actual path to the file if you will be running this outside of the main cgi-bin directory- or if you want the data elsewhere. emailfile: Configured as above. Saves only the sender's email address. countfile: Configures like outputfile(above). Stores a counter number for "Bates" Stamping your mail. The number is available as $newnum or $fields{'counter'} to the script. form_id: Optional. Forms part of the subject in to the e-mail to the person receiving the data. This helps them know which form it came from. ok_url: A URL to jump to after successfully completing the form. If this is not on the form, a default "Thank you" message appears. You MUST specify the full URL as shown above! OPTIONAL! not_ok_url: A URL to jump to after not filling in all the required fields on the form. If this is not on the form, a default "Oops" message appears. You MUST specify the full URL as shown above! OPTIONAL! IV. VARIOUS CONFIGURATION SCENARIOS ------------------------------------ Field Name Datafile E-Mail Auto-Respond A-R with Message ---------- -------- ------ ------------ ---------------- submit_to X ---------------------------------------------------------------- submit_by X X ---------------------------------------------------------------- autorespond X X ---------------------------------------------------------------- outputfile X ---------------------------------------------------------------- automessage X ---------------------------------------------------------------- For datafile and autorespond: submit_by autorespond outputfile For datafile and autorespond with custom message: submit_by autorespond outputfile automessage For e-mail notify and autorespond: submit_to submit_by autorespond For e-mail notify and autorespond with custom message: submit_to submit_by autorespond automessage For the whole enchilada!!!!!! submit_to submit_by autorespond outputfile automessage V. THINGS YOU NEED TO KNOW.... -------------------------------- About CHECKBOX fields... Eventhough you can have multiple CHECKBOX fields with different values- DON'T DO IT! This script only picks up the last checked item. Since information might be going to a datafile, it would be nearly impossible for you to get uneven columns of data straightened out. Use different names for each field. VI. COOL TRICKS ---------------- Let's say you have more than one person you may need to send the mail to depending on the form. What you can do is place the submit_to in a set of radio buttons, i.e., Support Sales Billing President Note that I have indicated CHECKED next to support. This way there is a default value.