#!/usr/local/bin/perl
######################################################################
# 
# mailform.cgi v1.4
#
# Feel free to use mailform.cgi as long as you include these comments
#
# 
# Written by Todd Kuebler: kuebler@scn.org
#
# 1.0 One late night.....
#
# 1.1 Now I close sendmail after I am done with it. Duh.
#
# 1.2 Allow for '-' in email address since \w doesn't inlude it.
#	Note: \w _does_ include '_'
#
# 1.3 Allow for '.' in email address for compuserve addresses.  And
#	include the e-mail that failed for troubleshooting purposes.
#       Added exit codes and set buffer flush to immediate.
#
# 1.4 Add checking so that people outside your server can't use your
#	script to spoof mail by posting to the cgi from other than 
#	the form.
#	
#
######################################################################
#  
# mailform.cgi is a generic cgi mail script that hopefully can't be exploited.
# It will send 'mailformFromEmail' an email message with a list of key = value
# pairs.  It will then send the user back the url 'mailformURL'.
# 
# The following are the hidden variables that you should set:
# 
# mailformFromEmail - the full email address of who the email is from.
#                     Default = someone@somewhere.com
# mailformFromName  - the name of the person the email is 'supposedly' from.
#                     Default = Someone
# mailformToEmail   - the full email address of who the email is to.  Must
#                     be of the form user@some.domain (a-zA-Z0-9_ are allowed)
#                     No default.  This field is REQUIRED.
# mailformToName    - the name of the person the email is to.
#                     No default.
# mailformSubject   - the subject of the email to be sent.
#                     Default = mailform results
# mailformCc        - the address to send a cc to.
# mailformBcc       - the address to send a blind cc to.
# mailformURL       - the url to be returned to the browser.
#                     Default = HTTP_REFERER
# 
# Below is an example of how to use mailform.cgi.  
# The only required input is 'mailformToEmail'.  All others have
# defaults.  
# 
# -------8<---------8<--------------8<---------8<-------
# <FORM ACTION="/cgi-bin/mailform.cgi" METHOD="POST">
# 
# <INPUT TYPE="hidden" NAME="mailformToEmail" VALUE="todd@wolfe.net">
# <INPUT TYPE="hidden" NAME="mailformToName" VALUE="Todd Kuebler">
# <INPUT TYPE="hidden" NAME="mailformSubject" VALUE="The Subject">
# <INPUT TYPE="hidden" NAME="mailformURL" VALUE="http://www.wolfe.net/~todd">
#
# Your e-mail:<INPUT TYPE="text" NAME="mailformFromEmail" VALUE="someone@somewhere.com">
# Your name:<INPUT TYPE="text" NAME="mailformFromName" VALUE="Some One">
# 
# A simple text field: <INPUT TYPE="text" NAME="foo">
# Another text field: <INPUT TYPE="text" NAME="bar">
# 
# <INPUT TYPE="submit">
# 
# </FORM>
# -------8<---------8<--------------8<---------8<-------
# 
#  #####################################################################

$|=1;

require("cgi-lib.pl") || die "require cgi-lib.pl died";

&ReadParse(*in);



if( !$ENV{SCRIPT_NAME} ) {
	print <<"EOT";
Content-type: text/plain

It appears that the form is trying to be posted from outside the 
servers domain or the server is not CGI 1.1 compliant.  

Posting from host: $ENV{REMOTE_HOST}

You should notify the owner of this page of their error. 
EOT
	exit(0);
}

if( $in{mailformToEmail} !~ /^[\w\d]+[\.\-]?[\w\d]*\@[\w\d\-\.]+$/ ){
	print <<"EOT";
Content-type: text/plain

It appears that the form has given me a an invalid 'ToEmail' address: 

ie To: $in{mailformToEmail}

You should notify the owner of this page of their error. 
EOT
	exit(0);
}

if( $in{mailformCc} !~ /^[\w\d]+[\.\-]?[\w\d]*\@[\w\d\.\-]+$/ && "$in{mailformCc}" ne "" )  {
	print <<"EOT";
Content-type: text/plain

It appears that the form has given me a an invalid '' address.

ie Cc: $in{mailformCc}

You should notify the owner of this page of their error.
EOT
	exit(0);
}

if( $in{mailformBcc} !~ /^[\w\d]+[\.\-]?[\w\d]*\@[\w\d\.\-]+$/ && "$in{mailformBcc}" ne "" )  {
	print <<"EOT";
Content-type: text/plain

It appears that you have given me a an invalid 'Bcc' address.

ie Bcc: $in{mailformBcc}

You should notify the owner of this page of their error.
EOT
	exit(0);
}

if( $in{mailformFromEmail} !~ /^[\w\d]+[\.\-]?[\w\d]*\@[\w\d\.\-]+$/ && "$in{mailformFromEmail}" ne "" )  {
	print <<"EOT";
Content-type: text/plain

It appears that you have given me a an invalid mail address.

Your e-mail: $in{mailformFromEmail}

What where you thinking? ;-)
EOT
	exit(0);
}


$sendTo = "$in{mailformToEmail}";
if( "$in{mailformCc}" ne "" )  {
	$sendTo = join(",", $sendTo, $in{mailformCc});
}
if( "$in{mailformBcc}" ne "" )  {
	$sendTo = join(",", $sendTo, $in{mailformBcc});
}


if( "$in{mailformFromEmail}" eq "" )  {
	$in{mailformFromEmail} = "someone\@somewhere.com";
}
if( "$in{mailformFromName}" eq "" )  {
	$in{mailformFromName} = "Someone";
}
if( "$in{mailformSubject}" eq "" )  {
	$in{mailformSubject} = "mailform results";
}
if( "$in{mailformSubject}" eq "" )  {
	$in{mailformSubject} = "mailform results";
}

if( "$in{mailformToEmail}" ne "" )  {
	open(SM, "| /usr/lib/sendmail $sendTo");
	print(SM "From: $in{mailformFromName} <$in{mailformFromEmail}>\n".
		"To: $in{mailformToName} <$in{mailformToEmail}>\n".
		"Cc: $in{mailformCc}\n".
		"Bcc: $in{mailformBcc}\n".
		"Subject: $in{mailformSubject}\n\n");

	foreach $key (sort(keys(%in)))  {
		next if( $key =~ /^mailform/ );
		eval print(SM "$key = $in{$key}\n\n");
	}
	close(SM);
}

if( "$in{mailformURL}" ne "" )  {
	print("Location: $in{mailformURL}\n\n");
}else  {
	print("Location: $ENV{HTTP_REFERER}\n\n");
}
exit(1);