BigNoseBird.Com's
- - - - -
All Purpose Form Handler
FOR UNIX & WINDOWS
NOW ON VERSION 4.0
------------------
Updated January 31, 2000
Improved security features. Arbitrary file requests are
prevented by the script appending a unique extension to
each file type. File names and e-mail addresses are
are checked for possible exploit attempts.
Multiple recipients and cc's are now supported.
Thank you page now shows submitted information.
ABOUT THE NEW FILENAME SYSTEM:
In order to prevent people from being able to overwrite
or read from files on your server, you MUST set up your
file names in the following way. Each item such as
automessage, is given an extension automatically by
the script. Do not include the extension in the VALUE
part of the HIDDEN INPUT tag. This is how the exploit
attempts are blocked. The list below shows the extension
associated with each file type.
<INPUT TYPE="HIDDEN" NAME="automessage" VALUE="mymessage">
the file MUST be named mymessage.baut when you
save it on the server.
<INPUT TYPE="HIDDEN" NAME="outputfile" VALUE="form1">
the script will create form1.bout
<INPUT TYPE="HIDDEN" NAME="countfile" VALUE="form1">
the script will create form1.bcnt
<INPUT TYPE="HIDDEN" NAME="emailfile" VALUE="form1">
the script will create form1.bemf
This program, bnbform.cgi is designed to allow you to
quickly implement your HTML based forms. The program
is configured by information you provide in the form
itself, so you can get the script to handle your data
in a variety of ways without changing your scripts.
Without writing one line of perl code, you can do
the following (in any combination!):
1.) Submit E-mail to a specified person(s) and CC
as well.
2.) Send the data to a file for easy import into a
database program.
3.) Automatically send a resonse to the submitter,
with a text file to contain your message.
4.) Define the order the data is printed.
5.) Enforce completion of specified fields.
6.) Define a page for a "Thank you" or an "Oops!"
message after the form is submitted.
I. GETTING READY TO INSTALL
----------------------------
Included in this zip or tar file you will find the
following files:
FILE NAME DESCRIPTION
--------- -----------
README.TXT The file you are reading!
bnbform.cgi The script
bnbform.html A sample form
mymessage.baut A sample autoreponse message
oops.html A sample HTML page for incomplete data
thanks.html A sample HTML page for saying thanks!
NOTE: PLEASE READ THE Q&A BELOW, IT CONTAINS SOME
USEFUL SETUP INFORMATION!
In order to install the script, you should only have
to find out the answers to the following questions:
Q: Where is perl on my server?
A: On some systems it is /usr/local/bin/perl but it
may be in /usr/bin/perl or /usr/sbin/perl. The very
first line of the script says,
#!/usr/bin/perl
This MUST be the first line of the script with nothing
including blank lines above it. If your "perl" is not
there, edit this line so that it is correct for your
system.
Q: What is an SMTP server?
A: This is the computer that handles your domain's e-mail,
but you can also use your ISP's mail server as well
(usually). On most systems, the "localhost" will work
just fine.
Q: Where is my cgi-bin directory?
A: This varies. Please check with your system
administrator or system FAQ if you do not know
this.
Q: How do I call a cgi-bin script from a form?
A: On my system, this does the trick:
<FORM METHOD="POST" ACTION="/cgi-bin/bnbform.cgi">
Again, this can vary from server to server so
please consult your server FAQ or your system
administrator.
Q: How do I set file permissions?
A: Once the files are installed, using FTP, you want
to set the permissions on bnbform.cgi so that
they are the equivalent of 755. This means that
the owner can read-write-execute, group can
read-execute, and others can read-execute. If you
can login using telnet, you can issue the command:
chmod 755 bnbform.cgi
You must "cd" to the directory containing the
script before doing this.
For specific instructions on setting permissions
using FTP, please see the "HELP" for your FTP
program.
II. INSTALLING THE FILES ON YOUR SERVER
----------------------------------------
Edit the bnbform.cgi to make sure the path to perl is
correct, i.e.,
#!/usr/local/bin/perl
Edit the bnbform.html to make sure you are calling the
script properly, i.e.,
<FORM METHOD="POST" ACTION="/cgi-bin/bnbform.cgi">
Also, change the e-mail address of the "submit_to" and
the http://domain.com/oops.html and http:domain.com/thanks.html
so that they are correct for your domain. You may delete the
lines containing the ok_URL and not_ok_URL if you want.
Using FTP, transfer the following files using ASCII mode.
NEVER USE BINARY TO TRANSFER TEXT FILES FROM A PC TO A
UNIX SERVER!!!!!
FILE LOCATION
bnbform.cgi cgi-bin directory
mymessage.baut cgi-bin directory
bnbform.html your webpage directory
oops.html your webpage directory
thanks.html your webpage directory
Set the permissions on bnbform.cgi to 755 which
means the owner can read-write-execute, group can
read-execute, and others can read-execute. (This
was one of the questions above!)
Guess what? That's it! Installation is complete
and you can test the script using the bnbform.html
that is included- after you edit it as described
above.
III. CONFIGURING THE FORM FOR YOUR NEEDS
----------------------------------------
The bnbform.cgi script is very simple, and very flexible.
How it works, is that it looks at the form's data for the
existence and content of some special fields, most of
which are HIDDEN so the reader doesn't see them. Here are
a list of the magic fields:
IMPORTANT NOTE: ALL FIELD NAMES AND VALUES ARE CASE SENSITIVE!
To keep things simple- just use lower case.
submit_by: The e-mail address of the person completing the
form. You should make this required if you are
using autorespond.
required: A list seperated by commas "," listing ALL fields
you wish to enforce data completion on. As an
example:
<INPUT TYPE="HIDDEN" NAME="required"
VALUE="name,country,submit_by">
data_order: In order for your information to show up in a file
or in your e-mail, you MUST list each field you want
to see in this comma "," separated list. This also
specifies the order the data will be printed to mail
and to file. Here is an example:
<INPUT TYPE="HIDDEN" NAME="data_order"
VALUE="name,country,submit_by,mailing_list,how_found,
grape,banana,apple">
submit_to: The person to receive the e-mail. Example
<INPUT TYPE="HIDDEN" NAME="submit_to"
VALUE="yourname@domain.com">
You do not have to indicate a "submit_to"
if you are sending the information to a file,
and don't need e-mail notification.
You can use more than one e-mail address, just put commas
between them, VALUE="person1@x.com,person2@y.com"
cc_to: In addition to submit_to, you can also specify additional,
CC recipient(s).
<INPUT TYPE="HIDDEN" NAME="cc_to"
VALUE="anotherperson@domain.com">
You can use more than one e-mail address, just put commas
between them, V
