#!/usr/local/bin/perl
######################################################################
#
# mailform.cgi v1.4
#
# Feel free to use mailform.cgi as long as you include these comments
#
#
# Written by Todd Kuebler: kuebler@scn.org
#
# 1.0 One late night.....
#
# 1.1 Now I close sendmail after I am done with it. Duh.
#
# 1.2 Allow for '-' in email address since \w doesn't inlude it.
#       Note: \w _does_ include '_'
#
# 1.3 Allow for '.' in email address for compuserve addresses.  And
#       include the e-mail that failed for troubleshooting purposes.
#       Added exit codes and set buffer flush to immediate.
#
# 1.4 Add checking so that people outside your server can't use your
#       script to spoof mail by posting to the cgi with a constructed
#       query string.
#
######################################################################
#
# mailform.cgi is a generic cgi mail script that hopefully can't be
exploited.
# It will send 'mailformFromEmail' an email message with a list of key =
value
# pairs.  It will then send the user back the url 'mailformURL'.
#
# The following are the hidden variables that you should set:
#
# mailformFromEmail - the full email address of who the email is from.
#                     Default = someone@somewhere.com
# mailformFromname  - the name of the person the email is 'supposedly'
from.
#                     Default = Someone
# mailformToEmail   - the full email address of who the email is to.  Must
#                     be of the form user@some.domain (a-zA-Z0-9_ are
allowed)
#                     No default.  This field is REQUIRED.
# mailformToName    - the name of the person the email is to.
#                     No default.
# mailformSubject   - the subject of the email to be sent.
#                     Default = mailform results
# mailformCc        - the address to send a cc to.
# mailformBcc       - the address to send a blind cc to.
# mailformURL       - the url to be returned to the browser.
#                     Default = HTTP_REFERER
#
# Below is an example of how to use mailform.cgi.
# The only required input is 'mailformToEmail'.  All others have
# defaults.
#
# -------8<---------8<--------------8<---------8<-------
# <FORM ACTION="/cgi-bin/mailform.cgi" METHOD="POST">
#
# <INPUT TYPE="hidden" NAME="mailformToEmail" VALUE="todd@wolfe.net">
# <INPUT TYPE="hidden" NAME="mailformToName" VALUE="Todd Kuebler">
# <INPUT TYPE="hidden" NAME="mailformSubject" VALUE="The Subject">
# <INPUT TYPE="hidden" NAME="mailformURL"
VALUE="http://www.wolfe.net/~todd">
#
# Your e-mail:<INPUT TYPE="text" NAME="mailformFromEmail"
VALUE="someone@somewhere.com">
# Your name:<INPUT TYPE="text" NAME="mailformFromName" VALUE="Some One">
#
# A simple text field: <INPUT TYPE="text" NAME="foo">
# Another text field: <INPUT TYPE="text" NAME="bar">
#
# <INPUT TYPE="submit">
#
# </FORM>
# -------8<---------8<--------------8<---------8<-------
#
#  #####################################################################

$|=1;

require("cgi-lib.pl") || die "require cgi-lib.pl died";
&ReadParse(*in);



if( !$ENV{SCRIPT_NAME} ){
        print <<"EOT";
Content-type: text/plain

It appears that the form is trying to be posted from outside the
servers domain or the server is not CGI 1.1 compliant.

Posting from host: $ENV{REMOTE_HOST}

You should notify the owner of this page of their error.
EOT
        exit(0);
}

if( $in{mailformToEmail} !~ /^[\w\d]+[\.\-]?[\w\d]*\@[\w\d\-\.]+$/ ){
        print <<"EOT";
Content-type: text/plain

It appears that the form has given me a an invalid 'ToEmail' address:

ie To: $in{mailformToEmail}

You should notify the owner of this page of their error.
EOT
        exit(0);
}

if( $in{mailformCc} !~ /^[\w\d]+[\.\-]?[\w\d]*\@[\w\d\.\-]+$/ &&
"$in{mailformCc}" ne "" )  {
        print <<"EOT";
Content-type: text/plain

It appears that the form has given me a an invalid 'Cc' address.

ie Cc: $in{mailformCc}

You should notify the owner of this page of their error.
EOT
        exit(0);
}

if( $in{mailformBcc} !~ /^[\w\d]+[\.\-]?[\w\d]*\@[\w\d\.\-]+$/ &&
"$in{mailformBcc}" ne "" )  {
        print <<"EOT";
Content-type: text/plain

It appears that you have given me a an invalid 'Bcc' address.

ie Bcc: $in{mailformBcc}

You should notify the owner of this page of their error.
EOT
        exit(0);
}

if( $in{mailformFromEmail} !~ /^[\w\d]+[\.\-]?[\w\d]*\@[\w\d\.\-]+$/ &&
"$in{mailformFromEmail}" ne "" )  {
        print <<"EOT";
Content-type: text/plain

It appears that you have given me a an invalid mail address.

Your e-mail: $in{mailformFromEmail}

What where you thinking? ;-)
EOT
        exit(0);
}


$sendTo = "$in{mailformToEmail}";
if( "$in{mailformCc}" ne "" )  {
        $sendTo = join(",", $sendTo, $in{mailformCc});
}
if( "$in{mailformBcc}" ne "" )  {
        $sendTo = join(",", $sendTo, $in{mailformBcc});
}


if( "$in{mailformFromEmail}" eq "" )  {
        $in{mailformFromEmail} = "someone\@somewhere.com";
}
if( "$in{mailformFromName}" eq "" )  {
        $in{mailformFromName} = "Someone";
}
if( "$in{mailformSubject}" eq "" )  {
        $in{mailformSubject} = "mailform results";
}
if( "$in{mailformSubject}" eq "" )  {
        $in{mailformSubject} = "mailform results";
}

if( "$in{mailformToEmail}" ne "" )  {
        open(SM, "| /usr/lib/sendmail $sendTo");
        print(SM "From: $in{mailformFromName} <$in{mailformFromEmail}>\n".
                "To: $in{mailformToName} <$in{mailformToEmail}>\n".
                "Cc: $in{mailformCc}\n".
                "Bcc: $in{mailformBcc}\n".
                "Subject: $in{mailformSubject}\n\n");

        foreach $key (sort(keys(%in)))  {
                next if( $key =~ /^mailform/ );
                eval print(SM "$key = $in{$key}\n\n");
        }
        close(SM);
}

if( "$in{mailformURL}" ne "" )  {
        print("Location: $in{mailformURL}\n\n");
}else  {
        print("Location: $ENV{HTTP_REFERER}\n\n");
}
exit(1);