Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 12 of 12
  1. #1
    Regular Coder tpeck's Avatar
    Join Date
    Oct 2002
    Location
    Sydney, Australia
    Posts
    817
    Thanks
    43
    Thanked 6 Times in 5 Posts

    cgi script want to add a send email to sender option

    This script sort of does the job I need:

    But it doesn't send a copy of the email to the sender.

    Ideally I would like to give the sender the option to receive or not.

    Is there a simple way to send TWO emails with this?


    Code:
    #!/usr/bin/perl
    
    #####################################################################
    # Change The Line Above To reflect
    # perl location on  your server.
    # Default is /usr/bin/perl
    #####################################################################
    #
    # Tell A Friend Script
    # (c) Copyright Wayne Pearsall
    # webmaster@e-walks.tk
    # All rights Reserved
    # PS it would be cool if you leave the credit
    # for my script on the thanks page :)
    #
    #####################################################################
    ############ This is the main part of the script it is calling
    &get_form; # Dont Take out this line else the script will not  
    ############ include the form email address' :)
    
    # Set the location of your servers Sendmail Program
    $SEND_MAIL = '/usr/sbin/sendmail -i -t';	
    
    # Set The URL of Your Website you wish to promote.
    $My_Site_Url = "http://my.com";
    
    # What Email address do you want the Email to come from?
    # 1 = your email address 2 = senders email address
    $Whos_Email = "2";
    
    # Subject To Use When Telling A Friend $FORM{who_name} is the person's name.
    $Tell_Friend_Subject = "$FORM{who_name}, I Just Found An Interesting Program";
    
    
    # If you Answered 1 to the last variable, Whats your Email?
    # Always put a \ before the @ sign.
    $My_Email = "my\@my.com";
    
    
    	# /////////////////////////////////////////////////////
    	# And Finally Set The HTML code for the thanks Page.
    	# |||||||||||||||||||||||||||||||||||||||||||||||||||||
    	# Include $FORM{who_to} to set the email name of the recipient.
    	# and $FORM{who_from} to set the name of the sender.
    	# add $FORM{who_name} to add the receivers r/name.
    	# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
    
    $Tell_a_Friend_Text=<<__Stop_Of_Email_Message__; # NOTE! DO NOT EDIT THIS LINE AT ALL!
    
    Hi $FORM{who_name},
    
    blah blah blah
    
    The URL to the download page on the website is:
    $My_Site_Url
    
    Thank You
    $FORM{who_from}
    
    __Stop_Of_Email_Message__
    # NOTE! DO NOT EDIT ABOVE LINE AT ALL! (as in __Stop_ - above that is fine
    
    
    	# /////////////////////////////////////////////////////
    	# And Finally Set The HTML code for the thanks Page.
    	# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
    
    
    print "Content-type: text/html\n\n";
    print <<__End_Of_Thanks_Page__;  # NOTE! DO NOT EDIT Above LINE AT ALL!
    
    <HTML>
    <HEAD>
    <TITLE> Email Sent To Friend </TITLE>
    </HEAD>
    <BODY>
    
    <H1><CENTER>Thank You!</CENTER></H1>
    <H4><CENTER>An Email Has Been Sent To $FORM{who_name} About My Website</CENTER><H4>
    <p align="center"><font>Please <A HREF=" $My_Site_Url ">Click Here</A> To Return To My Site</font></p>
    
    <BR>
    <BR>
    <BR>
    
    <p align="center"><font size="1">Script by <a href="mailto:scripts\@designz.yoll.net?subject=Tell-A-Friend CGI">WPearsall</A>.</font></p>
    </BODY>
    </HTML>
    
    __End_Of_Thanks_Page__
    # NOTE! DO NOT EDIT THIS LINE AT ALL!
    
    
    
    
    ###################################################################
    #				OK - Setup All Done.				#
    ###################################################################
    
    
    if ($Whos_Email eq "1")
    {
    $Email_From = $My_Email;
    }
    if ($Whos_Email eq "2")
    {
    $Email_From = $FORM{who_from};
    }
    
    # End Decision.. Time To Tell The Friend.
    
    open (MAIL, "|$SEND_MAIL -t"); ## Email to the recipient
    print MAIL "To: $FORM{who_to}\n";
    print MAIL "From: $Email_From \n";
    print MAIL "Subject: $Tell_Friend_Subject \n\n";
    print MAIL " $Tell_a_Friend_Text \n";
    close(MAIL); ## Finish e-mail to user webmaster
    
    ## The Part of the program referred to at the very start
    ## *remember &get_form; ?  Well this reason the email address,
    ## and recipients' name
    sub get_form {
    
    	if ($ENV{"REQUEST_METHOD"} eq 'GET') {
    	$buffer = $ENV{'QUERY_STRING'};
    	} else {
            	read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
    	}
    	@pairs = split(/&/, $buffer);
    	foreach $pair (@pairs) {
            	($name, $value) = split(/=/, $pair);
    		$value =~ tr/+/ /; 
    		$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
    		$FORM{$name} = $value;
    	}
    }
    Many thanks for your help.
    Last edited by tpeck; 01-20-2007 at 02:41 PM.
    The difference between genius and stupidity is that genius has its limits. (Albert Einstein)

  • #2
    Super Moderator
    Join Date
    May 2005
    Location
    Southern tip of Silicon Valley
    Posts
    2,871
    Thanks
    2
    Thanked 164 Times in 159 Posts
    You should not use that script unless your intention is to be a spammer or want to be a relay for other spammers. If either of those are true, then no one here will be willing to help.

  • #3
    Super Moderator
    Join Date
    May 2005
    Location
    Southern tip of Silicon Valley
    Posts
    2,871
    Thanks
    2
    Thanked 164 Times in 159 Posts
    Here are a few (but not all) of the reasons why that's a bad script.

    It doesn't use the warnings or strict pragmas, which EVERY Perl script should include.

    It doesn't do any validation of the form submission such as checking for improperly formatted email addresses and/or multiple recipient addresses.

    It allows the user to specify both the sender and recipient addresses.

    It manually parses the form submission instead of using the CGI module and only supports submitting via get. By using the CGI module, you can replace that get_form sub with a single line of code which supports both GET and POST submissions.

    edit:
    After taking a second look, I see that it does support the POST submission, but that's minor issue in comparison to the other proiblems.
    Last edited by FishMonger; 01-20-2007 at 05:39 PM.

  • #4
    Regular Coder tpeck's Avatar
    Join Date
    Oct 2002
    Location
    Sydney, Australia
    Posts
    817
    Thanks
    43
    Thanked 6 Times in 5 Posts
    That's very useful to know. It's been binned.

    Pity it was the only script that did the job I wanted!

    Oh well, back to form2email.pl which isn't very customizeable, like it isn't set up for a Tell-A-Friend situation. But the ones I've seen that are don't seem to work for me.

    Thanks for that valuable info.
    The difference between genius and stupidity is that genius has its limits. (Albert Einstein)

  • #5
    Regular Coder tpeck's Avatar
    Join Date
    Oct 2002
    Location
    Sydney, Australia
    Posts
    817
    Thanks
    43
    Thanked 6 Times in 5 Posts
    You write: <It allows the user to specify both the sender and recipient addresses.>

    But isn't that what Tell-A-Friend is all about?

    Basically, I require a form which does five things:

    1. sends an email with a pre-written message to another person (no option wanted to write your own comment) telling them where to go to download a program if they want to.
    2. sends that same email to yourself (if a checkbox is checked would be desirable)
    3. validates both email addresses (but via a routine in the html page NOT courtesy of the cgi script which always looks horrible - my routine pops up an alert)
    4. has a log would be nice so I can find out what's been happening
    4. is rock solid safe from any and all that spam/ad garbage.

    Do you have any suggestions for a worthy script?

    I am willing to pay for the service since the form will end up on a commercial CD.
    The difference between genius and stupidity is that genius has its limits. (Albert Einstein)

  • #6
    Super Moderator
    Join Date
    May 2005
    Location
    Southern tip of Silicon Valley
    Posts
    2,871
    Thanks
    2
    Thanked 164 Times in 159 Posts
    You write: <It allows the user to specify both the sender and recipient addresses.>

    But isn't that what Tell-A-Friend is all about?
    Yes, that is what it's all about and I've never seen a "Tell-A-Friend" script/email that wasn't spam.

    Basically, I require a form which does five things:

    1. sends an email with a pre-written message to another person (no option wanted to write your own comment) telling them where to go to download a program if they want to.
    Not giving the user the option to add there own comment in the body is the only "saving grace" portion of your version of a Tell-A-Friend script.

    2. sends that same email to yourself (if a checkbox is checked would be desirable)
    That's a simple check to see if the form field exists and adjust the receipient of the email if needed.

    3. validates both email addresses (but via a routine in the html page NOT courtesy of the cgi script which always looks horrible - my routine pops up an alert)
    Your experience of email validatation in the cgi script looking horible is because the code examples that you've seen/used was horribly written. A well written/implemented validatation is simple, clean and short. Doing validation in javascript is fine for the initial cursory check, but it's a very poor approach if used as the primary and only validation. What happens to your validation if the user disables javascript or submits via a script instead of direct intereaction with a browser?

    4. has a log would be nice so I can find out what's been happening
    Logging is easy done in perl.

    5. is rock solid safe from any and all that spam/ad garbage.
    That's the hardest part. With a well written secure script, the majority of the code will be devoted to making it secure as well as trapping/handling errors.

    I don't know of a good Tell-A-Friend script and have no desire to search for one, but I can point you to a couple well written formmail scripts (FormMail and TFMail) which you might be able to customize.
    http://nms-cgi.sourceforge.net/scripts.shtml

  • #7
    Senior Coder
    Join Date
    Mar 2006
    Posts
    1,274
    Thanks
    2
    Thanked 39 Times in 38 Posts
    The guy that wrote that script should be punished.

  • #8
    Regular Coder tpeck's Avatar
    Join Date
    Oct 2002
    Location
    Sydney, Australia
    Posts
    817
    Thanks
    43
    Thanked 6 Times in 5 Posts
    This is invaluable information. Thank you.

    I have no desire to spam anyone or give anyone else the opportunity to do so, only to give a user the opportunity to send a single person a single recommendation at a single point in time. That's where it gets hard - as you say!

    Vis-a-vis the rest of your comments - I hadn't thought of the no javascript enabled problem with validation. I'll rethink that.

    I'll check out the scripts you recommend.

    Meanwhile, can you tell me if this script is spammable?

    Code:
    #!/usr/bin/perl -w
    
    # Copyright David Nelson & Expert Web Installs
    # Free software, licensed under the GPL ( http://www.gnu.org/licenses/gpl.txt )
    # Visit http://www.expertwebinstalls.com/r/easy_tell_a_friend.html for installation help
    
    use strict;
    use CGI::Carp qw(fatalsToBrowser);
    use CGI qw(:standard);
    my $sf = $ENV{'SCRIPT_FILENAME'};
    my $r_sf = reverse $sf;
    my ($script_name, @wanted_path_reverse) = split(/\//, $r_sf);
    my $wanted_path_reverse = join('/', @wanted_path_reverse);
    my $wanted_path = reverse $wanted_path_reverse;
    $wanted_path = '/' . $wanted_path;
    unless ($wanted_path =~ /:/) # windows machines
    {
      $wanted_path = '/' . $wanted_path;
    }
    use lib qw($wanted_path);
    my $config_path = $wanted_path . '/config.txt';
    use Freedom::Emailer;
    use Freedom::Config;
    use Freedom::Validate;
    use Freedom::Display;
    my $config = Freedom::Config->new($config_path);
    my $emailer = Freedom::Emailer->new($config_path);
    my $validate = Freedom::Validate->new($config_path);
    my $display = Freedom::Display->new($config_path);
    my $url = url;
    my $mode = param('mode');
    if($mode eq 'bad_email')
    {
      my $stored_referrer = param('stored_referrer');
      print $display->top('Either you or your friend\'s email was invalid.  Please try again.'), 
      start_form(-action=>$url, 
                 -method=>'post'), 
      hidden(-name=>'mode', 
             -value=>'send_email', 
             -override=>1), 
      table(
        Tr( [
          td( [ b('Your Name'), textfield('your_name') ] ), 
          td( [ b('Your Email'), textfield('your_email') ] ), 
          td( [ b('Friend\'s Name'), textfield('friends_name') ] ), 
          td( [ b('Friend\'s Email'), textfield('friends_email') ] ), 
          td( [ b('A Quick Note'), textfield('specific_comments') ] ), 
          td( {-colspan=>2}, [ submit('Send Email') ] )
        ] )
      ), 
      hidden(-name=>'referrer_url', 
             -value=>$stored_referrer), 
      end_form, 
      $display->bottom;
    }
    elsif($mode eq 'send_email')
    {
      my $referrer;
      my $to_name = param('friends_name');
      my $to_email = param('friends_email');
      my $from_name = param('your_name');
      my $from_email = param('your_email');
      my $specific_comments = param('specific_comments') || '';
      if(param('referrer_url') ne '')
      {
        $referrer = param('referrer_url');
      }
      else
      {
        $referrer = $ENV{'HTTP_REFERER'};
      }
      unless($validate->email_address(param('your_email')) &&
        $validate->email_address(param('friends_email')))
      {
        print redirect("$url?mode=bad_email&stored_referrer=$referrer&friends_name=$to_name&" . 
          "friends_email=$to_email&your_name=$from_name&your_email=$from_email&" . 
          "specific_comments=$specific_comments");
        exit;
      }
      my $comments_to_send;
      if($specific_comments ne '')
      {
        $comments_to_send .= "\n$from_name specifically wanted to mention:\n\n$specific_comments\n";
      }
      my $message_subject = $from_name . ' recommends you visit expertwebinstalls.com';
      my $message;
      open(F, "$wanted_path/tell_a_friend_message.txt") || die("could not open message file at $wanted_path/message.txt because: $!");
      while(<F>)
      {
        $message .= $_;
      }
      $message =~ s/%%to_name%%/$to_name/sg;
      $message =~ s/%%from_name%%/$from_name/sg;
      $message =~ s/%%comments_to_send%%/$comments_to_send/sg;
      $emailer->send(to_name=>$to_name, 
                     to_email=>$to_email, 
                     from_name=>$from_name, 
                     from_email=>$from_email, 
                     subject=>$message_subject, 
                     message=>$message); 
      
      print $display->full('Email sent successfully to ' . $to_name, 
        a({-href=>$referrer}, 'Click here to return to the page you came from.'));
    }
    else
    {
      print $display->full('Bad Mode Specified.  Exiting');
    My problem is I have no way of telling since my skills in this particular area are not high.
    The difference between genius and stupidity is that genius has its limits. (Albert Einstein)

  • #9
    Senior Coder
    Join Date
    Mar 2006
    Posts
    1,274
    Thanks
    2
    Thanked 39 Times in 38 Posts
    tpeck,

    all form to email scripts are subject to being abused. Everyone one of them. Even the ones fishmonger linked you to written by a team of very good perl programmers, the nms project.

    Tell-a-friend scripts are nearly useless. They simply are not worth the potential problems for the few legitimate times the script might be used to recommend you site versus the many times they can be abused. You want people to come to your site? Make a really good website, they will come, sans the tell-a-friend script.

  • #10
    Senior Coder
    Join Date
    Mar 2006
    Posts
    1,274
    Thanks
    2
    Thanked 39 Times in 38 Posts
    But if you insist, that script doesn't look too bad, much better than that other piece of $hit script.

  • #11
    Regular Coder tpeck's Avatar
    Join Date
    Oct 2002
    Location
    Sydney, Australia
    Posts
    817
    Thanks
    43
    Thanked 6 Times in 5 Posts
    I am beginning to see this. My intention is (or was!) to place the form on an html page ON A CD. It will never be on a hosted website page.

    That way, I imagine(d) that spamming would be practically impossible since no automatic process could be invoked, and the form itself would be...well...written in plastic. But maybe that is untrue.
    The difference between genius and stupidity is that genius has its limits. (Albert Einstein)

  • #12
    New to the CF scene
    Join Date
    Apr 2012
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by KevinADC View Post
    But if you insist, that script doesn't look too bad, much better than that other piece of $hit script.
    im sorry to drag up an old thread, but i just couldnt resist... - one of my friends showed me a link to some of my very first coding attempts, which are still floating around the web... - and at first i thought this question was one I asked, until i saw it was one of the codes i wrote in 2000 or so, whilst i was in year 10 (14/15 years old)...

    now obviously... this script was meant as a starting point... for somebody to improve upon... / a lesson... (i believe i originally posted it on vbcode.com [or simular]),,, but... I'm amazed that somebody would just say "the script is sh.t" instead of actually pointing out how to improve it, to somebody who appears to actually want to learn...

    now obviously, back when that script was written, there wasnt that much fuss [that i can remember] about spamming... (anybody remember PHP Nuke ETC? - they all had simple / simular scripts to this - just written in php...)

    and also, this script was meant to serve a purpose... - to simply help me complete my coursework for my school project...

    OBVIOUSLY, if i wrote this script today... I would add so much error checking, ETC... and use a capture "device" to ensure that a robot isnt using this...


    but surely you should of realised it was a learning tool, since it was commented so much ...? lol...

    Thanks.
    Wayne Pearsall


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •