#!/usr/local/bin/perl
##############################################################################
# FormMail			Version 1.5				     #
# Copyright 1996 Matt Wright	mattw@worldwidemart.com			     #
# Created 6/9/95                Last Modified 2/5/96			     #
# Scripts Archive at:		http://www.worldwidemart.com/scripts/	     #
##############################################################################
# COPYRIGHT NOTICE                                                           #
# Copyright 1996 Matthew M. Wright  All Rights Reserved.                     #
#                                                                            #
# FormMail may be used and modified free of charge by anyone so long as this #
# copyright notice and the comments above remain intact.  By using this      #
# code you agree to indemnify Matthew M. Wright from any liability that      #  
# might arise from it's use.                                                 #  
#									     #
# Selling the code for this program without prior written consent is         #
# expressly forbidden.  In other words, please ask first before you try and  #
# make money off of my program.						     #
#                                                                            #
# Obtain permission before redistributing this software over the Internet or #
# in any other medium.	In all cases copyright and header must remain intact #
##############################################################################
# parts of this were taken from FormMail, hence the notice above

# define variables
$STICKE_BASE='.'; # where stick-e software and applications are found (there is a link from .)
$show_client_calls=1; # for debugging set this non-zero


# @referers allows forms to be located only on servers which are defined 
# in this field.  This fixes a security hole in the last version which 
# allowed anyone on any server to use your FormMail script.

#pjb: addition here
@referers = ( #'www.worldwidemart.com','worldwidemart.com','206.31.72.203',
'wwp.cambridge.rxrc.xerox.com', 'ww.cs.ukc.ac.uk', '/home/brown/sticke', '/home/cur/pjb', '/proj/sticke');

# Done
#############################################################################

# Check Referring URL
&check_url;

      print "Content-type: text/html\n\n";
      print "<html>\n <head>\n";
      print "  <title>Processing form</title>\n";
      print " </head>\n";
      $have_frames = 0; #default
      if (open PARAMS, "../tmp/params") {
	while (<PARAMS>) {
	  if ($_ =~ "FRAMES=Y") {
	    $have_frames = 1;
	  }
	}
      }
      if (!$have_frames) {
	print " <body>\n";
	print `./generate_menu`;
      }



# Parse Form Contents
&parse_form;

      if (!$have_frames) {
	print "</body>";
      }
      print " </html>";
      exit;


#----- checking of url
sub check_url {

   if ($ENV{'HTTP_REFERER'}) {
      foreach $referer (@referers) {
	 if ($ENV{'HTTP_REFERER'} =~ /$referer/i) {
	    $check_referer = '1';
	    last;
	 }
      }
   }
   else {
      $check_referer = '1';
   }

   if ($check_referer != 1) {
      &error('bad_referer');
   }

} # check-url


#---- parse the form
sub parse_form {

   if ($ENV{'REQUEST_METHOD'} eq 'GET') {
      # Split the name-value pairs
      @pairs = split(/&/, $ENV{'QUERY_STRING'});
   }
   elsif ($ENV{'REQUEST_METHOD'} eq 'POST') {
      # Get the input
      read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
 
      # Split the name-value pairs
      @pairs = split(/&/, $buffer);
   }
   else {
      &error('request_method');
   }

   $req_flag = ''; # default
   foreach $pair (@pairs) {
      ($name, $value) = split(/=/, $pair);
 
      $name =~ tr/+/ /;
      $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

      $value =~ tr/+/ /;
      $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

      # If they try to include server side includes, erase them, so they
      # are not a security risk if the html gets returned.  Another 
      # security hole plugged up.

      $value =~ s/<!--(.|\n)*-->//g;

      # call client
      if ($name eq 'REQUIRED') {
	if ($value eq 'REQUIRED') {
	  $req_flag = '-required';
	}
      } else {
	if ($value eq '') {
	  $value = 'off';
	}
	# after each MULTIPLE SELECT that has at least one item already selected
	#  we have a hidden default setting to cover the case when none is selected
	# this is ignored if a selection has already been found
	# e.g.: <input TYPE="HIDDEN" NAME="WITH_default" VALUE="off">
	unless ($name =~ s/_default$// && $name_list{$name} ne '') {
	  # each request for input is preceded by a hidden field showing
	  # the previous setting. e.g. <input type=HIDDEN" NAME="DURING_previous" VALUE="Sep">
	  # the purpose is to detect when a setting has not changed.
	  # NB some settings (e.g. " ... OR some other alternatives") are
	  # not syntactically correct input and are merely comments to the user;
	  # it is important to detect when these come back unchanged.
	  if (!($name =~ /_previous$/) && $name_list{$name . "_previous"} ne $value) {
	    $f_flag = '-F'; # default
	    unless ($name_list{$name} eq '') { # this covers selection after first in MULTIPLE
	      $f_flag = '-+'; # if tag has occurred before use -+ instead of -F
	    }
	    if ($show_client_calls && !$have_frames) {
	      print "<pre>Calling $STICKE_BASE /client $req_flag $f_flag $name .4pretended=$value</pre><br>\n";
	    }
	    print `$STICKE_BASE/client $req_flag $f_flag "$name" ".4pretended=$value"`;
	  } # if
	  #was $name_list .= $name_list . '{' . $name . '}';
	  # print "Setting name_list($name) to $value<br>";
	  $name_list{$name} = $value; # record that the tag has occurred
	} #unless
      } # else
    } # foreach
    print `$STICKE_BASE/client -t`; # do the triggering

} # parse_form

sub error {

   ($error,@error_fields) = @_;

   print "Content-type: text/html\n\n";

   if ($error eq 'bad_referer') {
      print "<html>\n <head>\n  <title>Bad Referrer - Access Denied</title>\n </head>\n";
      print " <body>\n  <center>\n   <h1>Bad Referrer - Access Denied</h1>\n  </center>\n";
      print "The form that is trying to use this <a href=\"http://www.worldwidemart.com/scripts/\">FormMail Program</a>\n";
      print "resides at: $ENV{'HTTP_REFERER'}, which is not allowed to access this cgi script.<p>\n";
      print "Sorry!\n";
      print "</body></html>\n";
   }

   elsif ($error eq 'request_method') {
      print "<html>\n <head>\n  <title>Error: Request Method</title>\n </head>\n";
      print "</head>\n <body";

      # Get Body Tag Attributes
      &body_attributes;

      # Close Body Tag
      print ">\n <center>\n\n";

      print "   <h1>Error: Request Method</h1>\n  </center>\n\n";
      print "The Request Method of the Form you submitted did not match\n";
      print "either GET or POST.  Please check the form, and make sure the\n";
      print "method= statement is in upper case and matches GET or POST.\n";
      print "<p><hr size=7 width=75%><p>\n";
      print "<ul>\n";
      print "<li><a href=\"$ENV{'HTTP_REFERER'}\">Back to the Submission Form</a>\n";
      print "</ul>\n";
      print "</body></html>\n";
   }

   elsif ($error eq 'missing_fields') {

      print "<html>\n <head>\n  <title>Error: Blank Fields</title>\n </head>\n";
      print " </head>\n <body";
      
      # Get Body Tag Attributes
      &body_attributes;
	 
      # Close Body Tag
      print ">\n  <center>\n";

      print "   <h1>Error: Blank Fields</h1>\n\n";
      print "The following fields were left blank in your submission form:<p>\n";

      # Print Out Missing Fields in a List.
      print "<ul>\n";
      foreach $missing_field (@error_fields) {
	 print "<li>$missing_field\n";
      }
      print "</ul>\n";

      # Provide Explanation for Error and Offer Link Back to Form.
      print "<p><hr size=7 width=75\%><p>\n";
      print "These fields must be filled out before you can successfully submit\n";
      print "the form.  Please return to the <a href=\"$ENV{'HTTP_REFERER'}\">Fill Out Form</a> and try again.\n";
      print "</body></html>\n";
   }
   exit;
} # error


sub body_attributes {
   # Check for Background Color
   if ($CONFIG{'bgcolor'}) {
      print " bgcolor=\"$CONFIG{'bgcolor'}\"";
   }

   # Check for Background Image
   if ($CONFIG{'background'} =~ /http\:\/\/.*\..*/) {
      print " background=\"$CONFIG{'background'}\"";
   }

   # Check for Link Color
   if ($CONFIG{'link_color'}) {
      print " link=\"$CONFIG{'link_color'}\"";
   }

   # Check for Visited Link Color
   if ($CONFIG{'vlink_color'}) {   
      print " vlink=\"$CONFIG{'vlink_color'}\"";
   }

   # Check for Active Link Color
   if ($CONFIG{'alink_color'}) {
      print " alink=\"$CONFIG{'alink_color'}\"";
   }

   # Check for Body Text Color
   if ($CONFIG{'text_color'}) {
      print " text=\"$CONFIG{'text_color'}\"";
   }
}