#!/usr/bin/perl # (C)2000 Room101 Limited # All rights reserved # Modification or distribution prohibited # &connectsql; @fields = ( "yourname", "youremail", "targetname", "targetemail", "subject", "textarea1"); @fieldnames = ( "Your Name", "Your Email Address", "Friend's Name", "Friend's Email Address", "Subject", "Message" ); @required = ( "1", "1", "1", "1", "1", "1" ); $number_of_fields = @fields; open ( TMPL, "taf.html"); $/ = undef; $template = ; $/ = "\n"; close ( TMPL ); $customersite = 'http://www.myschoolplus.co.uk/'; $mailprog = '/usr/sbin/sendmail'; print "Content-type: text/html\n\n"; if ( $ENV{'REQUEST_METHOD'} eq 'GET' ) { &showorderform; } else { &processorder; } # ------------------------------------------------------------ sub showorderform { print $template; } sub processorder { read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); @pairs = split(/&/, $buffer); foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair); $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $value =~ s/~!/ ~!/g; $value =~ tr/<>`\\\;/ /; # deny use of dodgy characters $FORM{$name} = $value; } $FORM{'remotehost'} = $ENV{'REMOTE_HOST'}; $FORM{'yourname'} = "$FORM{fname} $FORM{lname}"; $FORM{textarea1} =~ s/http:\/\/www.myschoolplus.co.uk/http:\/\/www.myschoolplus.co.uk<\/a>/g; $FORM{textarea1} =~ s/VISIT THE SITE NOW AND YOU COULD WIN FAMILY TICKETS TO ALTON TOWERS AND OTHER FANTASTIC THEME PARKS!/VISIT THE SITE NOW AND YOU COULD WIN FAMILY TICKETS TO ALTON TOWERS AND OTHER FANTASTIC THEME PARKS!<\/a>/g; $FORM{textarea1} =~ s/CLICK HERE/CLICK HERE<\/a>/g; $FORM{textarea1}=~s/\n/
/g; #check email if ( $FORM{'targetemail'} =~ /^[0-9A-Za-z\.\-\_]+\@[0-9A-Za-z\.\-\_]+\.[a-zA-Z]{2,4}$/ ) { #check not already told! open ( READFILE, "friends.txt") || die("Cannot Open File FOR READING"); $/ = undef; $friends = ; $/ = "\n"; close ( READFILE ); if ($friends =~ /$FORM{'targetemail'}/){ $template=~s//

$FORM{'targetname'} has already been told - message not sent./sig; }else{ $template=~s//

Thank You. Your message has been sent.<\/b>/sig; #youremail is not compulsory so if not entered or invalid - make it nsp email if ( $FORM{'youremail'} !~ /^[0-9A-Za-z\.\-\_]+\@[0-9A-Za-z\.\-\_]+\.[a-zA-Z]{2,4}$/ ) { $FORM{'youremail'}="info\@nationalschoolspartnership.com"; } &sendmail; open ( WRITEFILE, ">>friends.txt") || die("Cannot Open File FOR WRITING"); print WRITEFILE "$FORM{'targetemail'}\n"; close ( WRITEFILE ); #also now write to database! $sql="insert into referrers (SenderFirstName, SenderLastName, SenderEmail, RecipientsName , RecipientsEmail) values(\"$FORM{fname}\", \"$FORM{lname}\", \"$FORM{youremail}\", \"$FORM{targetname}\", \"$FORM{targetemail}\")"; #print "$sql"; $sql = $dbh->prepare($sql); $sql->execute; } }else{ #if invalid email give false positive $template=~s//

Message Sent/sig; } print "$template"; } sub sendmail { open (MAIL, "| $mailprog -t") || die "Can't open $mailprog!\n"; print MAIL "Mime-Version: 1.0\n"; print MAIL "From: \"$FORM{'yourname'}\" <$FORM{'youremail'}>\n"; print MAIL "To: \"$FORM{'targetname'}\" <$FORM{'targetemail'}>\n"; print MAIL "Subject: $FORM{'subject'}\n"; print MAIL "Content-Type: text/html\n\n"; print MAIL "\n$FORM{'textarea1'}\n"; close ( MAIL ); } sub connectsql{ use DBI; $passwd="7HwsRnqD"; $dbh = DBI->connect('DBI:mysql:database=schoolsdb;host=212.67.202.137','schools', $passwd); } # end of file