Spellmeista
Gebruiker
- Lid geworden
- 23 feb 2009
- Berichten
- 24
Hallo, ik zit al dagen te klooien met een formulier op een band pagina. Als ik eenmaal weet hoe het werkt dan kan ik waarschijnlijk zelf toevoegingen doen aan het cgi-script. Dat is nog en eens niet het probleem nu.
Ik snap iets niet: Ik gebruik de volgende code:
<FORM ACTION="http://www.3volt.nl/cgi-bin/mailform.cgi" METHOD="POST">
<INPUT TYPE="hidden" NAME="mailformToEmail" VALUE="test@test.nl">
<INPUT TYPE="hidden" NAME="mailformToName" VALUE="Revolt">
<INPUT TYPE="hidden" NAME="mailformSubject" VALUE="The Subject">
<INPUT TYPE="hidden" NAME="mailformURL" VALUE="contact/danku.html">
Your e-mail:<INPUT TYPE="text" NAME="mailformFromEmail" VALUE="uwemail@domein.nl">
Your name:<INPUT TYPE="text" NAME="mailformFromName" VALUE="uwnaam">
A simple text field: <INPUT TYPE="text" NAME="foo">
Another text field: <INPUT TYPE="text" NAME="bar">
<INPUT TYPE="submit">
</FORM>
ok zover de html code ik zou zeggen een verwijzing naar een cgi script in een cgi-bin folder dus verzenden. Maar nee dus.
Mijn formmail.cgi script ziet er als volgende uit en staat in de cgi-bin geparkeerd!
!/usr/local/bin/perl
######################################################################
#
# mailform.cgi v1.4
#
# Feel free to use mailform.cgi as long as you include these comments
#
#
# Written by Todd Kuebler: kuebler@scn.org
#
# 1.0 One late night.....
#
# 1.1 Now I close sendmail after I am done with it. Duh.
#
# 1.2 Allow for '-' in email address since \w doesn't inlude it.
# Note: \w _does_ include '_'
#
# 1.3 Allow for '.' in email address for compuserve addresses. And
# include the e-mail that failed for troubleshooting purposes.
# Added exit codes and set buffer flush to immediate.
#
# 1.4 Add checking so that people outside your server can't use your
# script to spoof mail by posting to the cgi from other than
# the form.
#
#
######################################################################
#
# mailform.cgi is a generic cgi mail script that hopefully can't be exploited.
# It will send 'mailformFromEmail' an email message with a list of key = value
# pairs. It will then send the user back the url 'mailformURL'.
#
# The following are the hidden variables that you should set:
#
# mailformFromEmail - the full email address of who the email is from.
# Default = someone@somewhere.com
# mailformFromName - the name of the person the email is 'supposedly' from.
# Default = Someone
# mailformToEmail - the full email address of who the email is to. Must
# be of the form user@some.domain (a-zA-Z0-9_ are allowed)
# No default. This field is REQUIRED.
# mailformToName - the name of the person the email is to.
# No default.
# mailformSubject - the subject of the email to be sent.
# Default = mailform results
# mailformCc - the address to send a cc to.
# mailformBcc - the address to send a blind cc to.
# mailformURL - the url to be returned to the browser.
# Default = HTTP_REFERER
#
# Below is an example of how to use mailform.cgi.
# The only required input is 'mailformToEmail'. All others have
# defaults.
#
# -------8<---------8<--------------8<---------8<-------
# <FORM ACTION="/cgi-bin/mailform.cgi" METHOD="POST">
#
# <INPUT TYPE="hidden" NAME="mailformToEmail" VALUE="test@planet.nl">
# <INPUT TYPE="hidden" NAME="mailformToName" VALUE="test">
# <INPUT TYPE="hidden" NAME="mailformSubject" VALUE="The Subject">
# <INPUT TYPE="hidden" NAME="mailformURL" VALUE="contact/danku.html">
#
# Your e-mail:<INPUT TYPE="text" NAME="mailformFromEmail" VALUE="uwemail@domein.nl">
# Your name:<INPUT TYPE="text" NAME="mailformFromName" VALUE="uwnaam">
#
# A simple text field: <INPUT TYPE="text" NAME="foo">
# Another text field: <INPUT TYPE="text" NAME="bar">
#
# <INPUT TYPE="submit">
#
# </FORM>
# -------8<---------8<--------------8<---------8<-------
#
# #####################################################################
$|=1;
require("cgi-lib.pl") || die "require cgi-lib.pl died";
&ReadParse(*in);
if( !$ENV{SCRIPT_NAME} ) {
print <<"EOT";
Content-type: text/plain
It appears that the form is trying to be posted from outside the
servers domain or the server is not CGI 1.1 compliant.
Posting from host: $ENV{REMOTE_HOST}
You should notify the owner of this page of their error.
EOT
exit(0);
}
if( $in{mailformToEmail} !~ /^[\w\d]+[\.\-]?[\w\d]*\@[\w\d\-\.]+$/ ){
print <<"EOT";
Content-type: text/plain
It appears that the form has given me a an invalid 'ToEmail' address:
ie To: $in{mailformToEmail}
You should notify the owner of this page of their error.
EOT
exit(0);
}
if( $in{mailformCc} !~ /^[\w\d]+[\.\-]?[\w\d]*\@[\w\d\.\-]+$/ && "$in{mailformCc}" ne "" ) {
print <<"EOT";
Content-type: text/plain
It appears that the form has given me a an invalid '' address.
ie Cc: $in{mailformCc}
You should notify the owner of this page of their error.
EOT
exit(0);
}
if( $in{mailformBcc} !~ /^[\w\d]+[\.\-]?[\w\d]*\@[\w\d\.\-]+$/ && "$in{mailformBcc}" ne "" ) {
print <<"EOT";
Content-type: text/plain
It appears that you have given me a an invalid 'Bcc' address.
ie Bcc: $in{mailformBcc}
You should notify the owner of this page of their error.
EOT
exit(0);
}
if( $in{mailformFromEmail} !~ /^[\w\d]+[\.\-]?[\w\d]*\@[\w\d\.\-]+$/ && "$in{mailformFromEmail}" ne "" ) {
print <<"EOT";
Content-type: text/plain
It appears that you have given me a an invalid mail address.
Your e-mail: $in{mailformFromEmail}
What where you thinking? ;-)
EOT
exit(0);
}
$sendTo = "$in{mailformToEmail}";
if( "$in{mailformCc}" ne "" ) {
$sendTo = join(",", $sendTo, $in{mailformCc});
}
if( "$in{mailformBcc}" ne "" ) {
$sendTo = join(",", $sendTo, $in{mailformBcc});
}
if( "$in{mailformFromEmail}" eq "" ) {
$in{mailformFromEmail} = "someone\@somewhere.com";
}
if( "$in{mailformFromName}" eq "" ) {
$in{mailformFromName} = "Someone";
}
if( "$in{mailformSubject}" eq "" ) {
$in{mailformSubject} = "mailform results";
}
if( "$in{mailformSubject}" eq "" ) {
$in{mailformSubject} = "mailform results";
}
if( "$in{mailformToEmail}" ne "" ) {
open(SM, "| /usr/lib/sendmail $sendTo");
print(SM "From: $in{mailformFromName} <$in{mailformFromEmail}>\n".
"To: $in{mailformToName} <$in{mailformToEmail}>\n".
"Cc: $in{mailformCc}\n".
"Bcc: $in{mailformBcc}\n".
"Subject: $in{mailformSubject}\n\n");
foreach $key (sort(keys(%in))) {
next if( $key =~ /^mailform/ );
eval print(SM "$key = $in{$key}\n\n");
}
close(SM);
}
if( "$in{mailformURL}" ne "" ) {
print("Location: $in{mailformURL}\n\n");
}else {
print("Location: $ENV{HTTP_REFERER}\n\n");
}
exit(1);
How in gods name kan ik dit gewoon laten werken? Moet ik nog bepaalde permissies instellen voor de cgi-bin folder? Please help me voordat ik hierdoor helemaal doordraai!
Hier mijn linkje naar het test-formulier: http://www.3volt.nl/contact/formtest.html
Thx als je even wilt helpen!
Ik snap iets niet: Ik gebruik de volgende code:
<FORM ACTION="http://www.3volt.nl/cgi-bin/mailform.cgi" METHOD="POST">
<INPUT TYPE="hidden" NAME="mailformToEmail" VALUE="test@test.nl">
<INPUT TYPE="hidden" NAME="mailformToName" VALUE="Revolt">
<INPUT TYPE="hidden" NAME="mailformSubject" VALUE="The Subject">
<INPUT TYPE="hidden" NAME="mailformURL" VALUE="contact/danku.html">
Your e-mail:<INPUT TYPE="text" NAME="mailformFromEmail" VALUE="uwemail@domein.nl">
Your name:<INPUT TYPE="text" NAME="mailformFromName" VALUE="uwnaam">
A simple text field: <INPUT TYPE="text" NAME="foo">
Another text field: <INPUT TYPE="text" NAME="bar">
<INPUT TYPE="submit">
</FORM>
ok zover de html code ik zou zeggen een verwijzing naar een cgi script in een cgi-bin folder dus verzenden. Maar nee dus.
Mijn formmail.cgi script ziet er als volgende uit en staat in de cgi-bin geparkeerd!
!/usr/local/bin/perl
######################################################################
#
# mailform.cgi v1.4
#
# Feel free to use mailform.cgi as long as you include these comments
#
#
# Written by Todd Kuebler: kuebler@scn.org
#
# 1.0 One late night.....
#
# 1.1 Now I close sendmail after I am done with it. Duh.
#
# 1.2 Allow for '-' in email address since \w doesn't inlude it.
# Note: \w _does_ include '_'
#
# 1.3 Allow for '.' in email address for compuserve addresses. And
# include the e-mail that failed for troubleshooting purposes.
# Added exit codes and set buffer flush to immediate.
#
# 1.4 Add checking so that people outside your server can't use your
# script to spoof mail by posting to the cgi from other than
# the form.
#
#
######################################################################
#
# mailform.cgi is a generic cgi mail script that hopefully can't be exploited.
# It will send 'mailformFromEmail' an email message with a list of key = value
# pairs. It will then send the user back the url 'mailformURL'.
#
# The following are the hidden variables that you should set:
#
# mailformFromEmail - the full email address of who the email is from.
# Default = someone@somewhere.com
# mailformFromName - the name of the person the email is 'supposedly' from.
# Default = Someone
# mailformToEmail - the full email address of who the email is to. Must
# be of the form user@some.domain (a-zA-Z0-9_ are allowed)
# No default. This field is REQUIRED.
# mailformToName - the name of the person the email is to.
# No default.
# mailformSubject - the subject of the email to be sent.
# Default = mailform results
# mailformCc - the address to send a cc to.
# mailformBcc - the address to send a blind cc to.
# mailformURL - the url to be returned to the browser.
# Default = HTTP_REFERER
#
# Below is an example of how to use mailform.cgi.
# The only required input is 'mailformToEmail'. All others have
# defaults.
#
# -------8<---------8<--------------8<---------8<-------
# <FORM ACTION="/cgi-bin/mailform.cgi" METHOD="POST">
#
# <INPUT TYPE="hidden" NAME="mailformToEmail" VALUE="test@planet.nl">
# <INPUT TYPE="hidden" NAME="mailformToName" VALUE="test">
# <INPUT TYPE="hidden" NAME="mailformSubject" VALUE="The Subject">
# <INPUT TYPE="hidden" NAME="mailformURL" VALUE="contact/danku.html">
#
# Your e-mail:<INPUT TYPE="text" NAME="mailformFromEmail" VALUE="uwemail@domein.nl">
# Your name:<INPUT TYPE="text" NAME="mailformFromName" VALUE="uwnaam">
#
# A simple text field: <INPUT TYPE="text" NAME="foo">
# Another text field: <INPUT TYPE="text" NAME="bar">
#
# <INPUT TYPE="submit">
#
# </FORM>
# -------8<---------8<--------------8<---------8<-------
#
# #####################################################################
$|=1;
require("cgi-lib.pl") || die "require cgi-lib.pl died";
&ReadParse(*in);
if( !$ENV{SCRIPT_NAME} ) {
print <<"EOT";
Content-type: text/plain
It appears that the form is trying to be posted from outside the
servers domain or the server is not CGI 1.1 compliant.
Posting from host: $ENV{REMOTE_HOST}
You should notify the owner of this page of their error.
EOT
exit(0);
}
if( $in{mailformToEmail} !~ /^[\w\d]+[\.\-]?[\w\d]*\@[\w\d\-\.]+$/ ){
print <<"EOT";
Content-type: text/plain
It appears that the form has given me a an invalid 'ToEmail' address:
ie To: $in{mailformToEmail}
You should notify the owner of this page of their error.
EOT
exit(0);
}
if( $in{mailformCc} !~ /^[\w\d]+[\.\-]?[\w\d]*\@[\w\d\.\-]+$/ && "$in{mailformCc}" ne "" ) {
print <<"EOT";
Content-type: text/plain
It appears that the form has given me a an invalid '' address.
ie Cc: $in{mailformCc}
You should notify the owner of this page of their error.
EOT
exit(0);
}
if( $in{mailformBcc} !~ /^[\w\d]+[\.\-]?[\w\d]*\@[\w\d\.\-]+$/ && "$in{mailformBcc}" ne "" ) {
print <<"EOT";
Content-type: text/plain
It appears that you have given me a an invalid 'Bcc' address.
ie Bcc: $in{mailformBcc}
You should notify the owner of this page of their error.
EOT
exit(0);
}
if( $in{mailformFromEmail} !~ /^[\w\d]+[\.\-]?[\w\d]*\@[\w\d\.\-]+$/ && "$in{mailformFromEmail}" ne "" ) {
print <<"EOT";
Content-type: text/plain
It appears that you have given me a an invalid mail address.
Your e-mail: $in{mailformFromEmail}
What where you thinking? ;-)
EOT
exit(0);
}
$sendTo = "$in{mailformToEmail}";
if( "$in{mailformCc}" ne "" ) {
$sendTo = join(",", $sendTo, $in{mailformCc});
}
if( "$in{mailformBcc}" ne "" ) {
$sendTo = join(",", $sendTo, $in{mailformBcc});
}
if( "$in{mailformFromEmail}" eq "" ) {
$in{mailformFromEmail} = "someone\@somewhere.com";
}
if( "$in{mailformFromName}" eq "" ) {
$in{mailformFromName} = "Someone";
}
if( "$in{mailformSubject}" eq "" ) {
$in{mailformSubject} = "mailform results";
}
if( "$in{mailformSubject}" eq "" ) {
$in{mailformSubject} = "mailform results";
}
if( "$in{mailformToEmail}" ne "" ) {
open(SM, "| /usr/lib/sendmail $sendTo");
print(SM "From: $in{mailformFromName} <$in{mailformFromEmail}>\n".
"To: $in{mailformToName} <$in{mailformToEmail}>\n".
"Cc: $in{mailformCc}\n".
"Bcc: $in{mailformBcc}\n".
"Subject: $in{mailformSubject}\n\n");
foreach $key (sort(keys(%in))) {
next if( $key =~ /^mailform/ );
eval print(SM "$key = $in{$key}\n\n");
}
close(SM);
}
if( "$in{mailformURL}" ne "" ) {
print("Location: $in{mailformURL}\n\n");
}else {
print("Location: $ENV{HTTP_REFERER}\n\n");
}
exit(1);
How in gods name kan ik dit gewoon laten werken? Moet ik nog bepaalde permissies instellen voor de cgi-bin folder? Please help me voordat ik hierdoor helemaal doordraai!
Hier mijn linkje naar het test-formulier: http://www.3volt.nl/contact/formtest.html
Thx als je even wilt helpen!
Laatst bewerkt: