#!/usr/pkg/bin/perl $|=1; # bnbbook.cgi: yes, another guest book script.... # Release 1.0 on 09/06/98 # (C) 1998 BigNoseBird.Com, Inc. This program is freeware and may # be used at no cost to you (just leave this notice intact). # Feel free to modify, hack, and play with this script. # This guestbook (like the world really needs another one) # has borrowed several ideas from the works of Selena Sol # (http://www.extropia.com/) and Matt Wright # (http://cgi-resources.com/). The script is the result of user # requests for something smaller and simpler to work with, but # with some new tricks. # # # This is the copy of the script customized by DIETRICH NEUMAN!! # # ################################################################## # START USER CONFIGURATION SECTION # ################################################################## # For information on formatting your autoresponse letter and # # guestbook format, please read the README.TXT # # For information on formatting your input form, also see the # # gbook.html file included in this distribution. # ################################################################## # # SPECIAL RESERVED HTML FORM NAMES # When designing your HTML input form for your guest book, # there are only four fields that are handled in a special way # by the script. The are: # # signer_email: the e-mail address of the signer of the book. If # you want to have the script autorespond or be able # to easily reply to them- use this name! # private: Value is YES if it is a private message not to # be shown in the book. You will get e-mail. # required: A comma delimited list of "must-fill" fields. # If the user does not complete any field you # specify, they will get a message to go back. # url: The person's homepage URL. This will be presented # in the guest book as an HTML link. # ################################################################## # set $HTML="NO" if you do not want users to be able to enter HTML tags # the form name "private" when set to YES by a reader, if you offer # the choice, will send you e-mail, but will not write to the guestbook. $HTML="NO"; # $GUESTBOOK is the file name for your guestbook file. You must give the # filename including it's full path. $GUESTBOOK="/usr/tanelorn/dietrich/public_html/guestbook.html"; # $GUESTBOOK_URL is the URL of the guestbook. This way after they # sign the book they are redirected back to it $GUESTBOOK_URL="http://www.midgard.net/~dietrich/guestbook.html"; # $TEMPDIR is a directory on your server where you have permission to # write files that will be deleted when the script finishes running. $TEMPDIR="/tmp"; # $MUNG="YES" will transform e-mail addresses into something a little # less spam-spider friendly. $MUNG="NO"; # @CENSORED is an array of words that you do not want to have # appear on your guestbook. @CENSORED=(); # $VALID_DOMAIN if set is where the script can be called from. If # your site responds with or without the "www", leave off the www! $VALID_DOMAIN="midgard.net"; ################################################################## sub setup_pageentry { $tzn=$fields{'signer_email'}; if ($MUNG eq "YES") { $tzn =~ s/\./_DoT_/g; $tzn =~ s/\@/_AT_/g; } $PAGE_ENTRY=<<__END_OF_PAGE_ENTRY__;

$fields{'comments'}

$fields{'name'}   $tzn   $fields{'url'}  
$fields{'city'} $fields{'state'} $fields{'country'} - $the_date

__END_OF_PAGE_ENTRY__ } ################################################################## # END USER CONFIGURATION SECTION # ################################################################## # MAIN ########################################################### # This is where the script starts execution from &valid_page; $the_date=localtime(); &decode_vars; &getbookvars; &findbook; &test_required; &valid_address; &setup_pageentry; if ($fields{'private'} ne "YES") { &write_entry;} if ( -e $tempmail ) { unlink($tempmail);} print "Location: $GUESTBOOK_URL\n\n"; exit; ################################################################## sub test_required { foreach $tst (@mandatory) { if ($fields{$tst} eq "") { $errmesg ="You did not fill in all of the required information.
"; $errmesg .= "Press your BACK BUTTON to return to the entry form!"; &error_exit; } } } ################################################################## sub decode_vars { $i=0; if ( $ENV{'REQUEST_METHOD'} eq "GET") { $temp=$ENV{'QUERY_STRING'};} else { read(STDIN,$temp,$ENV{'CONTENT_LENGTH'});} @pairs=split(/&/,$temp); foreach $item(@pairs) { ($key,$content)=split(/=/,$item,2); $content=~tr/+/ /; $content=~s/%(..)/pack("c",hex($1))/ge; #strip comments to prevent server side include calls $content =~ s///g; if ($HTML eq "NO") { $content =~ s/<([^>]|\n)*>//g; } else { $tocheck=$content; &check_html; } if (length($content) > 4000) { $content=substr($content,1,4000); } foreach $citem (@CENSORED) { $content =~ s/\b$citem\b/\*\*\*/gi; } $fields{$key}=$content; if ($key eq "required") { $content=~s/\012//g; $content=~s/\015//g; $content=~s/ //g; @mandatory=split(/,/,$content); } } } ################################################################## sub error_exit { print "Content-type: text/html\n\n"; print <<__END_OF_ERROR__; $errmesg __END_OF_ERROR__ exit; } ################################################################## sub check_html { $quote_count=0; $left_count=0; $right_count=0; for ($i=0;$i") {$left_count++;} if ($tc eq ">") {$right_count++;} } if ( (($left_count % 2) != 0) || (($right_count % 2) != 0) || (($quote_count % 2) != 0)) { $errmesg = "Your HTML doesn't have an even number of "; $errmesg .="< > " marks
"; $errmesg .= "Press your BACK BUTTON to return to the entry form!"; &error_exit; } } ################################################################## sub getbookvars { # Code added by Dietrich, 8-May-02, to see if a different guestbook is specified by params if ($fields{'guestbook'} ne "") { $GUESTBOOK="/usr/tanelorn/dietrich/public_html/$fields{'guestbook'}"; $GUESTBOOK_URL="http://www.midgard.net/~dietrich/$fields{'guestbook'}"; } # Code added by Dietrich, 24-Sep-03, to see if a different return URL is specified by params if ($fields{'returnurl'} ne "") { $GUESTBOOK_URL="http://www.midgard.net/~dietrich/$fields{'returnurl'}"; } } ################################################################## sub findbook { if ( -e $GUESTBOOK) { $DONOTHING=0; } else { $errmesg ="Unable to locate your guestbook file
\n"; $errmesg .= "Please check that $GUESTBOOK is the correct path and name"; &error_exit; } if ( -w $GUESTBOOK) { $DONOTHING=0; } else { $errmesg ="Unable to write to your guestbook file
\n"; $errmesg .= "Please check the permissions on $GUESTBOOK"; &error_exit; } } ################################################################## sub write_entry { &get_the_lock; open(RDBK,"<$GUESTBOOK"); @book=; close(RDBK); open(WRBK,">$GUESTBOOK"); foreach $line (@book) { chop $line; if ($line eq "") { print WRBK "\n"; print WRBK "$PAGE_ENTRY\n"; } else { print WRBK "$line\n"; } } close(WRBK); &drop_the_lock; } ################################################################## sub get_the_lock { $lockfile="$TEMPDIR/bnbbook.lck"; local ($endtime); $endtime = 60; $endtime = time + $endtime; while (-e $lockfile && time < $endtime) { # Do Nothing } open(LOCK_FILE, ">$lockfile"); } ################################################################## sub drop_the_lock { close($lockfile); unlink($lockfile); } ################################################################## sub valid_address { if ($fields{'signer_email'} eq "") { $BAD_EMAIL_FORMAT="YES"; return; } $testmail = $fields{'signer_email'}; if ($testmail =~ /(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)/ || $testmail !~ /^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,3}|[0-9]{1,3})(\]?)$/) { $BAD_EMAIL_FORMAT="YES"; return; } else { $BAD_EMAIL_FORMAT="NO"; } } ################################################################## sub valid_page { if ($VALID_DOMAIN eq "") {return;} $DN=$ENV{'HTTP_REFERER'}; if ($DN eq "") {return;} $DN=~tr/A-Z/a-z/; $VALID_DOMAIN=~tr/A-Z/a-z/; if ($DN =~ /$VALID_DOMAIN/) {$stayin=1;} else {$stayin=0;} if ($stayin == 0) { $errmesg ="Sorry! You can't run this script from your server
"; &error_exit; } }