Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Empty Form Submissions

Status
Not open for further replies.
kelly5518

kelly5518

Technical User
Aug 1, 2005
72
US
Hi,

I have a guestbook script written in perl that I'm using on a web site to allow people to post their name and contact information as well as a few other fields. It sends me an email every time someone adds their name to the list.

But for some reason I'm getting emails/posts coming through where nothing is filled in and I can't figure out why. I have javascript validation of a couple fields and I have also set a couple of fields to be required server side, however I'm still getting empty posts.

Here's my previous post about this problem, but even with server side validation I'm still getting empty emails, and I'm wondering if this is some sort of hack.


I'll post the code here in case anyone wants to take a look at it:

Code: 
&valid_page;
  $the_date=localtime();
  &findbook;
  &decode_vars;
  &test_required;
  &valid_address;
  &setup_pageentry;
  &setup_thankyounote;
  &send_thanks;
 if (($TELL_ME eq "YES" && $MY_EMAIL ne "") || 
       ($TELL_ME eq "NO" && $MY_EMAIL ne ""))  
   { 
&notify_me;
}
  if ($fields{'private'} ne "YES")
   { &write_entry;}
  if ( -e $tempmail )
   { 
unlink($tempmail);
}

  print "Location: $GUESTBOOK_URL\n\n";
  exit;

##################################################################
# NOTE! This routine does a lot more work than it has to so that
# People running Windows 95/98/NT can easily adapt it to use 
# a e-mail SMTP program such as BLAT.EXE
##################################################################
sub send_thanks
{
  $SBJ = "My List";
  $fltime = time;
  $flip = $ENV{'REMOTE_ADDR'};
  $flip =~s/\.//g;
  if ($flip eq "")
    { $flip = "123456";}
  $tmpxname=($fltime ^ $flip);
  $tempmail="$TEMPDIR/$tmpxname.bbb";
  open (OTM,">$tempmail");
  print OTM "\n";
  print OTM "$THANK_YOU\n\n";
  close (OTM);
  open(IMZ,"<$tempmail"); 
  @mailtext=<IMZ>;             
  close(IMZ);              

if ($BAD_EMAIL_FORMAT eq "NO" && $SEND_THANKS eq "YES")
 {
# IF YOU ARE USING WINDOWS 95/98/NT with BLAT.EXE UNCOMMENT THE LINE BELOW
# system ("$MAIL_PROGRAM $tempmail -t $fields{'signer_email'} -f $MY_EMAIL -s \"$SBJ\" -q");

  open (MZ,"|$MAIL_PROGRAM") || die "Content-type: text/html\n\n Unable to send mail";

# IF YOU ARE USING BLAT.EXE, COMMENT THE LINES THAT FOLLOW
# BY PLACING A # SIGN AT THE START OF THE LINE. DO THIS UNTIL
# YOU GET TO THE LINE THAT READS: END OF UNIX PROGRAM CODE

  print MZ "To: $fields{'signer_email'}\n";
  print MZ "From: $MY_EMAIL\n";
  print MZ "Subject: $SBJ\n";

  foreach $tomail (@mailtext)
   {
     print MZ "$tomail";
   }
# END OF UNIX PROGRAM CODE
  close (MZ);
 }
}

##################################################################
# NOTE! Windows 95/98/NT users will have to edit this routine
##################################################################
sub notify_me
{

  if ($BAD_EMAIL_FORMAT eq "YES")
   { 
     $SBJ = "List Submission"; 
     $tmpename=$MY_EMAIL;
   }
   else
   { 
    $SBJ = "Men's Match Availability Submission";
    $tmpename=$fields{'signer_email'};
   }

# IF YOU ARE USING WINDOWS 95/98/NT with BLAT.EXE UNCOMMENT THE LINE BELOW
# system ("$MAIL_PROGRAM $tempmail -t $MY_EMAIL -f $tmpename -s \"$SBJ\" -q");

  open (MZT,"|$MAIL_PROGRAM") || die "Content-type: text/html\n\n Unable to send mail"; 

# IF YOU ARE USING BLAT.EXE, COMMENT THE LINES THAT FOLLOW
# BY PLACING A # SIGN AT THE START OF THE LINE. DO THIS UNTIL
# YOU GET TO THE LINE THAT READS: END OF UNIX PROGRAM CODE

  print MZT "To: $MY_EMAIL\n";
  print MZT "From: $tmpename\n";
  print MZT "Subject: $SBJ\n";

  foreach $tomail (@mailtext)
   {
     print MZT "$tomail";
   }
# END OF UNIX PROGRAM CODE
  close (MZT);

}

##################################################################
sub test_required
{
 foreach $tst (@mandatory)
  {
   if ($fields{$tst} eq "")
    {
     $errmesg ="<B>You did not fill in all of the required information.<BR>";
     $errmesg .= "Press your BACK BUTTON to return to the entry form!</B>";
     &error_exit;
    }
 }
}

##################################################################
sub decode_vars
{
  $i=0;
  if ( $ENV{'REQUEST_METHOD'} eq "GET")
   { $temp=$ENV{'QUERY_STRING'};}
   else { read(STDIN,$temp,$ENV{'CONTENT_LENGTH'});}                                          
  @pairs=split(/&/,$temp);
  foreach $item(@pairs)
   {
    ($key,$content)=split(/=/,$item,2);
    $content=~tr/+/ /;
    $content=~s/%(..)/pack("c",hex($1))/ge;
#strip comments to prevent server side include calls
    $content =~ s/<!--(.|\n)*-->//g;
    if ($HTML eq "NO")
     {
      $content =~ s/<([^>]|\n)*>//g;
     }
      else
      {
       $tocheck=$content;
       &check_html;
      }
    if (length($content) > 4000) {
       $content=substr($content,1,4000);
    }
    foreach $citem (@CENSORED)                         
     {                                                
      $content =~ s/\b$citem\b/\*\*\*/gi;
     }                                                
    $fields{$key}=$content;
    if ($key eq "required")
      {
       $content=~s/\012//g;
       $content=~s/\015//g;
       $content=~s/ //g;
       @mandatory=split(/,/,$content);
      }
   }
}

##################################################################
sub error_exit
{
  print "Content-type: text/html\n\n";
  print <<__END_OF_ERROR__;
 </BLOCKQUOTE>
   $errmesg
 </BLOCKQUOTE>
__END_OF_ERROR__
  exit;
}

##################################################################
sub check_html
{
$quote_count=0;
$left_count=0;
$right_count=0;
for ($i=0;$i<length($tocheck);$i++)
 {
  $tc= substr($tocheck,$i,1);
  if ($tc eq "\"") {$quote_count++;}
  if ($tc eq "<") {$left_count++;}
  if ($tc eq ">") {$right_count++;}
 }
 if ( (($left_count % 2) != 0) || (($right_count % 2) != 0) 
    || (($quote_count % 2) != 0))
  {
     $errmesg = "<B>Your HTML doesn't have an even number of ";
     $errmesg .="&lt; &gt; &quot; marks<BR>";
     $errmesg .= "Press your BACK BUTTON to return to the entry form!</B>";
     &error_exit;
  }
}

##################################################################
sub findbook
{
 if ( -e $GUESTBOOK)
  {
   $DONOTHING=0;
  }
  else
   {
   $errmesg ="<B>Unable to locate your guestbook file<BR>\n";
   $errmesg .= "Please check that $GUESTBOOK is the correct path and name</B>";
   &error_exit;
   }
 if ( -w $GUESTBOOK)
  {
   $DONOTHING=0;
  }
  else
   {
   $errmesg ="<B>Unable to write to your guestbook file<BR>\n";
   $errmesg .= "Please check the permissions on $GUESTBOOK</B>";
   &error_exit;
   }
}

##################################################################
sub write_entry
{
   &get_the_lock;
   open(RDBK,"<$GUESTBOOK");
   @book=<RDBK>; 
   close(RDBK);   
   open(WRBK,">$GUESTBOOK");
   foreach $line (@book)
    {
      chop $line;
      if ($line eq "<!--bookmark-->")
       {
         print WRBK "<!--bookmark-->\n";
         print WRBK "$PAGE_ENTRY\n";
       }
       else
       {
        print WRBK "$line\n";
       }
    }
   close(WRBK);
   &drop_the_lock;
}

##################################################################
sub get_the_lock
{
  $lockfile="$TEMPDIR/bnbbook.lck";
  local ($endtime);                                   
  $endtime = 60;                                      
  $endtime = time + $endtime;                         
  while (-e $lockfile && time < $endtime) 
   {
    # Do Nothing                                    
   }                                                   
   open(LOCK_FILE, ">$lockfile");                     
}

##################################################################
sub drop_the_lock
{
  close($lockfile);
  unlink($lockfile);
}


##################################################################
sub valid_address 
 {
  if ($fields{'signer_email'} eq "")
    {
     $BAD_EMAIL_FORMAT="YES";
     return;
    }
  $testmail = $fields{'signer_email'};
  if ($testmail =~ /(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)/ ||
  $testmail !~ /^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,3}|[0-9]{1,3})(\]?)$/)
   {
     $BAD_EMAIL_FORMAT="YES";
     return;
   }
  else
  {
  $BAD_EMAIL_FORMAT="NO";
  }
}

##################################################################
sub valid_page                                                         
 {                                                                     
   if ($VALID_DOMAIN eq "")
      {return;}
   $DN=$ENV{'HTTP_REFERER'};
   if ($DN eq "")
     {return;}
   $DN=~tr/A-Z/a-z/;
   $VALID_DOMAIN=~tr/A-Z/a-z/;
   if ($DN =~ /$VALID_DOMAIN/)
   {$stayin=1;}
     else {$stayin=0;}
   if ($stayin == 0)
    {
     $errmesg ="<B>Sorry! You can't run this script from your server</B><BR>";
     &error_exit;
    }
 }

#####################################################################
sub date_set {

        @days = ('Sunday','Monday','Tuesday','Wednesday','Thursday','Friday','Saturday');
        @months = ('January','February','March','April','May','June','July','August','September','October','November',  'December');

	($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);

	$mon_num = $mon+1;
	$savehour = $hour;
	$hour = "0$hour" if ($hour < 10);
	$min = "0$min" if ($min < 10);
	$sec = "0$sec" if ($sec < 10);
	$saveyear = ($year % 100);
	$year = 1900 + $year;
	$mon_num = "0$mon_num" if ($mon_num < 10);
	$mday = "0$mday" if ($mday < 10);
	$saveyear = "0$saveyear" if ($saveyear < 10);
	$date = "$mon_num/$mday/$saveyear";
	
}

Thanks for any suggestions.

kelly
 
Sort by date Sort by votes
Kelly, the form will be required as well to ensure a complete picture, please post just the html in between the form tags
--Paul

Paul
------------------------------------
Spend an hour a week on CPAN, helps cure all known programming ailments ;-)
 
Upvote 0 Downvote
Thanks for offering to help Paul, but I think I figured it out. The (server side) script doesn't trim spaces before checking for empty fields (which is the main problem), but also I was not doing server side checking for a radio button field which I have now set as required, and I think that will correct the problem and prevent these empty submissions.

If not I'll be back. :)

Thanks again,

kelly
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dan
  • Locked
  • Question
add a variable to subject in formmail.pl
Replies
6
Views
206
feherke
feherke
Pudsters
  • Locked
  • Question
Online order form to only print items ordered 1
Replies
4
Views
126
Pudsters
Pudsters
Bluejay07
  • Locked
  • Question
Convert Form Feed to new line
Replies
4
Views
155
Bluejay07
Bluejay07
meetme
  • Locked
  • Question
Perl format question
Replies
1
Views
82
1DMF
1DMF
spewn
  • Locked
  • Question
after session expires, it's empty and i can't initialize a new session...
Replies
1
Views
93
feherke
feherke

Part and Inventory Search

Sponsor

Back
Top