#!/usr/bin/perl ## make sure the path to pearl is correct above. ## #----- FULL SERVER PATH TO CGI-BIN -----# ## IF YOU ARE HAVING PROBLEMS RUNNING BIZ MAIL FORM TRY INSERTING THE ## "ABSOLUTE SERVER PATH" TO YOUR CGI-BIN BELOW... **OTHERWISE LEAVE THIS BLANK, WHICH IS THE DEFAULT. ## When adding a path you must use a trailing forward slash: ## ie. /home/www/cgi-bin/ ## You may need to check with your web host or systems admin for this. ## NOTE: this may be necessary for windows users... $ABSOLUTE_PATH_TO_CGI_BIN = ""; #----- S E N D M A I L & S M T P S E T T I N G S -----# ## $useLib defines the method of sending the email auto response and email form info. ## ## Set $useLib = "sendmail"; TO USE THE SENDMAIL METHOD ## Set $useLib = "smtp"; TO USE THE SMTP METHOD $useLib = "sendmail"; ## BELOW CONFIGURED IF $useLib = "sendmail"; ## $mailprog = "/usr/lib/sendmail"; ## $mailprog = path to Sendmail on your server ## ## BELOW CONFIGURED IF $useLib = "smtp"; ## $smtp_server = "smtp.yourdomain.com"; ## $smtp_server = smtp server address ## #----- F R O M E M A I L O N D A T A R E S U L T S E M A I L -----# # Set $send_from_poster = "1"; To use posters email address as the from email # # Set $send_from_poster = "2"; To use $FROM_results_email as the from email # $send_from_poster = "2"; $FROM_results_email = "edria\@thn.org"; #----- S E N D T O E M A I L S E T U P -----# ## $sendto{"1"} is Where form submissions will be sent, ## ## (REMEMBER THE \ BEFORE THE @ SIGN) ## ## This is also the reply address used in the auto response to person filling out the ## ## form. ## $sendto{"1"} = "edria\@thn.org"; ## (REMEMBER THE \ BEFORE THE @ SIGN)## $sendto{"2"} = "ryla\@thn.org"; $sendto{"3"} = "eric\@thn.org"; #----- S E T O K S U B M I S S I O N U R L -----# $setokurl = "0"; ## to use @okurls to verify the url the form is submited by set $setokurl = "1"; and ## ## set $setokurl = "0"; if you do not want to use @okurls to verfiy form submission URL ## ## This feature has been updated, read the readme file for more information ## @okurls = ("http://www.thn.org/", "http://thn.org/", "https://thn.org/", "https://www.thn.org/"); ########################################################################### #### ### #### N O N E E D T O E D I T V A R I A B L E S B E L O W ### #### ### ########################################################################### $SQL_replace_single =~ s/'//g; $SQL_replace_double =~ s/"//g; $MYSQL_insert_id = ""; $HTML_format = "text/html"; $PLAIN_format = "text/plain"; @RESERVED_fields = ("bcc_to", "cell_to", "cell_mesfile", "custom_message_format", "html_custom_mesfile", "plain_custom_mesfile", "field_descriptions", "required_stealth", "SQL_config", "SQL_write", "cell_send", "cell_to", "cell_subject", "cell_desc", "cell_fields", "reply_subject", "subject", "sendreply", "required", "success_page", "message_format", "text_qualifier", "datafile", "outputfile", "data_format", "cc_to", "send_to", "plain_mesfile", "html_mesfile", "error_page", "required_desc"); $CGI_error = "error.cgi"; $CGI_required = "required.cgi"; $CGI_smtp = "smtp.cgi"; $CGI_sql_settings = "sql_settings.cgi"; $CGI_sendmail = "sendmail.cgi"; $CGI_sql = "sql.cgi"; $CGI_datafile = "datafile.cgi"; $CGI_custom_email = "custom_email.cgi"; $versionnumber = ""; $footer = "

Texas Homeless Network "; $offset = @_; $offset=$offset*86400; ($S_sec, $S_min, $S_hour, $S_day, $S_month, $L_year, $weekday, $dayofyear, $IsDST) = localtime(time + $offset); $L_year = $L_year + 1900; @monthsactual = ("January", "February", "March", "April", "May", "June", "July", "August", "September", "October", "November", "December"); $D_month = $monthsactual[$S_month]; @days = ("Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday", "Sunday"); $dayname = $days[$weekday-1]; ## CALCULATE IF IT IS A LEAP YEAR ## if (isleap((localtime(time))[5])) { $IS_leapyear = "1"; }else{ $IS_leapyear = ""; } sub isleap { my ($L_year) = @_; $L_year += 1900; return 1 if ( ($L_year % 4 == 0) && ( ($L_year % 100) || ($L_year % 400 == 0) ) ); return 0; } ## END CALCULATE IF IT IS A LEAP YEAR ## if ($IS_leapyear) { $FEB_days = "29"; }else{ $FEB_days = "28"; } @NUM_month_days = ("0", "31", "$FEB_days", "31", "30", "31", "30", "31", "31", "30", "31", "30", "31"); if (! $HOUR_offset || $HOUR_offset eq "0"){}else{ $S_hour=$S_hour+24; $S_hour=$S_hour+$HOUR_offset; if ($S_hour < "24") { if ($S_day eq "$NUM_month_days[$S_month]") { if ($S_month < "12") { $S_month--; }else{ $S_month = "1"; $L_year++; } $S_day--; }else{ $S_day--; } } elsif ($S_hour > "24") { if ($S_day eq "1") { if ($S_month == "1") { $S_month = "12"; $L_year--; }else{ $S_month--; } $S_day=$S_day+$NUM_month_days[$S_month]; ## ADD NEXT MONTHS DAYS TO HERE ## } $S_day--; ## SUBTRACT ONE DAY $S_hour=$S_hour-24; }else{ $S_hour=$S_hour-24; } } ## GET NEW DATE INFORMATION... $L_min=$S_min; if (length($L_min) eq "1") { $L_min = "0$L_min"; } $L_sec=$S_sec; if (length($L_sec) eq "1") { $L_sec = "0$L_sec"; } $L_month=$S_month; if (length($L_month) eq "1") { $L_month = "0$L_month"; } $L_day=$S_day; if (length($L_day) eq "1") { $L_day = "0$L_day"; } $S_MIL_hour=$S_hour; $L_MIL_hour=$S_hour; if (length($L_MIL_hour) eq "1") { $L_MIL_hour = "0$L_MIL_hour"; } if ($S_hour eq "12"){ $nightday = "PM"; } elsif ($S_hour > 12){ $S_hour=$S_hour-12; $nightday = "PM"; }else{ $nightday = "AM"; } $L_hour=$S_hour; if (length($L_hour) eq "1") { $L_hour = "0$L_hour"; } ## END SYSTEM DATE FORMAT ## ## RETRIEVE IP ADDRESS ## if ($ENV{'HTTP_X_CLIENT_IP'}) { $IPADDRESS = $ENV{'HTTP_X_CLIENT_IP'}; }else{ $IPADDRESS = $ENV{'REMOTE_ADDR'}; } if($ENV{'REQUEST_METHOD'} eq "GET" || ! $ENV{'REQUEST_METHOD'}) { require "$ABSOLUTE_PATH_TO_CGI_BIN$CGI_error"; &nopost; } elsif($ENV{'REQUEST_METHOD'} eq "POST") { &get_form_data; &main; }else{ print "Content-type: text/html\n\n"; print "Your server is MIS-CONFIGURED, and is not running the tag \$ENV{'REQUEST_METHOD'} properly

"; print "Please check with your Host or Systems Administrator to fix this problem."; exit; } sub get_form_data { read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); $buffer =~ s/\%2B/ą/g; ## CONVERT + SIGNS TO ą TO BE LATTER CONVERTED BACK ## @pairs=split(/&/,$buffer); foreach $pair (@pairs) { @a = split(/=/,$pair); $name=$a[0]; $value=$a[1]; $value2=$a[1]; $name =~ s/\+/ /g; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $value =~ s/~!/ ~!/g; $value =~ s/\+/ /g; $value =~ s/(\r)+/\-\-/g; $value =~ s/\n+//g; $value =~ s/(\-\-)+/\n/g; $value =~ s|<|\<\;|g; # convert all '<' to "<\;" $value =~ s|>|\>\;|g; # convert all '>' to ">\;" $value =~ s/\+/ /g; # convert + signs to spaces # $value =~ s/ą/\+/g; # RE-convert ą signs BACK to + # ## $value2 is used in variables of data sent to the data file## $value2 =~ s/(\")+/``/g; #V1.5 Bug Fix - Converts " to `` in data file # $value2 =~ s/(')+/`/g; #V1.8 Bug Fix - Converts ' to ` in data file # $value2 =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $value2 =~ s|\n|
|g; # convert all line feeds to "
" and line feed # #$value2 =~ s/~!/ ~!/g; $value2 =~ s/\+/ /g; # convert + signs to spaces # $value2 =~ s/ą/\+/g; # RE-convert ą signs BACK to + # $value2 =~ s/(\r)+/
/g; #$value2 =~ s/\n+//g; $value2 =~ s/:/ /g; ## NEED TO KEEP - THIS BIG BUG FIX... $CHECK_namelower = "\L$name\E"; if ($CHECK_namelower eq "email") { $POSTER_email = "$value"; } push (@formdata,$name); push (@formdata,$value); push (@formdata2,$name); push (@formdata2,$value2); push (@form,$nameform); push (@form,$valueform); push (@formname,$name); push (@formvalue,$value); push (@formvalue2,$value2); } %formname=@formname; %formname; %formdvalue2=@formvalue2; %formvalue2; %formvalue=@formvalue; %formvalue; %formdata=@formdata; %formdata; %formdata2=@formdata2; %formdata2; ## CHECK IF FIELD DESCRIPTIONS HAVE BEEN SET... ## if ($formdata{'field_descriptions'}) { @F_descr=split(/,/,$formdata{'field_descriptions'}); foreach $F_descr_f (@F_descr) { @F_descr_ind=split(/=/,$F_descr_f); $F_descriptions_name = $F_descr_ind[0]; $F_descriptions_value = $F_descr_ind[1]; push (@field_descriptions,$F_descriptions_name); push (@field_descriptions,$F_descriptions_value); } %field_descriptions=@field_descriptions; %field_descriptions; } ## END CHECK IF FIELD DESCRIPTIONS HAVE BEEN SET... ## } ## END get_form_data ## sub main { ## NEW OK URL FUNCTIONALITY ## if ($setokurl eq "1") { $referer = "\L$ENV{'HTTP_REFERER'}\E"; $url = "0"; foreach $myokurls (@okurls) { $myokurls = "\L$myokurls\E"; $URL_length = length($myokurls); ## GET THE URL LENGTH # $LAST_okurl=$URL_length-1; ## FIND THE LAST CHARACHTER BEGINING NUMBER # $CHECK_trailing = substr($myokurls, $LAST_okurl, $URL_length); ## GET LAST CHARACHTER # ## CHECK IF TRAILING SLASH, IF NOT ADD ## if ($CHECK_trailing eq "/") {}else{ $myokurls = "$myokurls/"; $URL_length++; } ## GET ONLY THE BEGINING OF THE REFERER -- MUST EXACTLY MATCH!!! ## $CHECK_referer = substr($referer, 0, $URL_length); if ($CHECK_referer eq "$myokurls") { $url = "1"; } } ## END FOREACH ## if ( $url eq "0") { print "Content-type: text/html\n\n"; print "

BAD HTTP REFERER

"; exit; } ## added securit if removed HTTP REFERER - PREVENTS HACKING ## if (! $ENV{'HTTP_REFERER'}) { print "Content-type: text/html\n\n"; print "

Security ISSUE! NO REFERER POSTED, SCRIPT NOT EXECUTED!

"; exit; } } ## end SETOK URLS ## ## END NEW OK URL FUNCTIONALITY ## $PERSONAL_time = "$L_hour:$L_min"; $PERSONAL_date = "$L_month/$L_day/$L_year"; ## CHECK IF SEND MESSAGE ## for ($indexval = 0; $indexval < @formvalue; $indexval++) { $myname = $formname[$indexval]; $myname_desc = "$myname"; $myvalue = $formdata{"$myname"}; ## PERSONALIZE ## $formdata{'subject'} =~ s/{$myname}/$myvalue/g; $formdata{'success_page'} =~ s/{$myname}/$myvalue/g; ## END PERSONALIZE ## ## START GET CONTENTS OF RESULTS EMAIL & DATAFILE ## $dontrun = ""; foreach $reserved_f (@RESERVED_fields) { if ($myname eq "$reserved_f"){ $dontrun = "1"; } } ## END Check if config field ## if ($PRNT_blankfields eq "2" && ! $myvalue) { $MAIL_dontrun = "1"; } if (! $dontrun){ if ($field_descriptions{"$myname"}) { $myname_desc = $field_descriptions{"$myname"}; } if (! $formdata{'sort'}) { $MAIL_filed_lines = "$MAIL_filed_lines$myname_desc : $myvalue \n\n"; } if ($send_data_results eq "1") { ## REPLACE UNWANTED CHARACHTERS HERE... ## $DATAFILE_VAL = "$myvalue"; $DATAFILE_VAL =~ s/(\")+/``/g; #V1.5 Bug Fix - Converts " to `` in data file # $DATAFILE_VAL =~ s/(')+/`/g; #V1.8 Bug Fix - Converts ' to ` in data file # $DATA_file_lines = "$DATA_file_lines$D_QUALIFIER$DATAFILE_VAL$D_QUALIFIER$D_SEPERATE"; } } ## END GET CONTENTS OF RESULTS EMAIL & DATAFILE ## } ## END FOR EACH FIELD ## @required = split(/,/,$formdata{'required'}); @required_desc = split(/,/,$formdata{'required_desc'}); ## CHECK REQUIRED FIELDS... ## for ($indexreq = 0; $indexreq < @required; $indexreq++) { $myrequired = $required[$indexreq]; $myformreq = $formdata{"$myrequired"}; if (! $myformreq){ require "$ABSOLUTE_PATH_TO_CGI_BIN$CGI_error"; &format_error; } elsif ($myrequired eq "email") { if (!$myformreq || $myformreq =~ /(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)/ || $myformreq !~ /^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z0-9]+)(\]?)$/){ require "$ABSOLUTE_PATH_TO_CGI_BIN$CGI_error"; &missing_email; } } ## END IF REQUIRED IS EMAIL ## } ## END FOR REQUIRED ## ## END CHECK REQUIRED FIELDS... ## ¬ify; if ($formdata{'success_page'}) { print "Location: $formdata{'success_page'}\n\n"; exit; }else{ require "$ABSOLUTE_PATH_TO_CGI_BIN$CGI_error"; &success; } } ## end main ## sub notify { $FORM_sendto = "$formdata{'send_to'}"; $FORM_ccto = "$formdata{'cc_to'}"; $FINAL_sendto = $sendto{"$FORM_sendto"}; $FINAL_ccto = $cc_to{"$FORM_ccto"}; if ($formdata{'send_to'}){ $mail_sendto = "\"$reply_from_name\" <$FINAL_sendto>"; $MAIN_mail_send = "$FINAL_sendto"; } if ($formdata{'cc_to'}){ $mail_ccto = "$FINAL_ccto"; } $reply_subject = $formdata{'reply_subject'}; ### CHECKS SEND TYPE ### if ($useLib eq "sendmail") { require "$ABSOLUTE_PATH_TO_CGI_BIN$CGI_sendmail"; &sdsmail; }else{ require "$ABSOLUTE_PATH_TO_CGI_BIN$CGI_smtp"; &sdsmtp; } } ## END notify ##