#!/usr/bin/perl -Tw
use strict;
## Path set to minimal default
$ENV{PATH} = "/usr/bin:/bin:/usr/sbin";
use warnings;
use subs qw(isHostValid);
use CGI qw( :standard );
use CGI::Carp qw(fatalsToBrowser);
## Capture error message
BEGIN{
CGI::Carp::set_message(\&carp_error);
}
## Path of nslooku. Change this to the path of your nslookup
my $NSLOOKUP = '/usr/bin/nslookup';
## Path of sendmail. change this to the path of your sendmail
my $SENDMAIL = '/usr/sbin/sendmail';
## Set your email address here
my $RECIP = 'youremail@here.com';
############################################################
# ACTION HANDLER #
############################################################
#
#
if($ENV{REQUEST_METHOD} eq 'POST'){
## Fetch form data input
my $name_in = param('name');
my $name = q{};
my $email_in = param('email');
my $email = q{};
my $comments_in = param('comments');
my $comments = q{};
## Check for html tags in name field
if($name_in !~ /<.*>/){
$name_in =~ /(.*)/;
$name = $1;
}else{
die ("oops! you have html tags. naughty, naughty!");
}
## Check to see if email is valid.
## Does not match email addresses using an IP address instead
## of a domain name.
if ($email_in =~ m/\b[a-z0-9._%-]+@[a-z0-9.-]+\.[a-z]{2,4}\b/){
$email_in =~ /(.*)/;
$email = $1;
}else{
die ("oops! your email address is not valid one");
}
## Check for html tags in name field;
if($comments_in !~ /<.*>/ ){
$comments_in =~ /(.*)/;
$comments = $1;
}else{
die ("oops! you have html tags. naughty, naughty!");
}
## Okay! you have passed the tests. now the ultimate test.
my @result = split(m/@/, $email);
if(!isHostValid($result[1])) {
die ("Oops! invalid host name");
}
## Send form data to your email address
open (MAIL, "|$SENDMAIL -t");
print MAIL "To: $RECIP\n";
print MAIL "Reply: $email\n";
print MAIL "Subject:email from web form\n";
print MAIL "\n\n";
print MAIL "name: ". $name."\n" ;
print MAIL "emial: ".$email."\n" ;
print MAIL "comments: ".$comments."\n" ;
print MAIL "\n\n";
close (MAIL);
## Display confirmation message
print header;
print start_html;
print "Thanks you for using the comment form.
We are going to get back to you as soon
as we can say thank you again.";
print end_html;
}else{
## Display form
print header;
print start_html;
print start_form(-method => "post", -action => "");
print h4("Contact Form");
print "Name: ", textfield(-name => "name"), br;
print "E-mail: ", textfield(-name => "email"), br;
print "Enter your comments:", br;
print textarea(-name => "comments", -rows => "5", -column => "50"), br;
print submit(-value => "Submit");
print end_form;
print end_html;
}
##
# Subroutine checks if the host is valid
#
# @param host
#
sub isHostValid{
my $host = shift;
$/='';
open(my $fh, "-|", $NSLOOKUP, "-type=any", $host)
or die "unable to exec $NSLOOKUP: $!";
my @response = <$fh>;
close $fh;
$/='\n';
return 1 if (grep /Name:\s+$host/, @response);
return 0;
}
##
# Subroutine displays error message
#
# @param error_message
#
sub carp_error{
my $error_message = shift();
print start_html("Error") .
h1("Error") .
p("Sorry, the following error has occurred: ") .
p(i($error_message)) .
end_html;
}
####
sub isHostValid{
my $host = shift;
my $NSLOOKUP = '/usr/bin/nslookup';
$/='';
my $fh = new IO::File "$NSLOOKUP -type=any $host 2>&1 |";
my @response = <$fh>;
close $fh;
$/='\n';
if (grep /Name:\s+$host/, @response){
return 1;
}
return 0;
}
####
#!/usr/bin/perl -w
use strict;
use warnings;
use CGI qw( :standard );
use CGI::Carp qw(fatalsToBrowser);
use IO::File;
use English qw(-no_match_vars);
local $OUTPUT_AUTOFLUSH = 1;
## Path set to minimal default
$ENV{PATH} = "/usr/bin:/bin:/usr/sbin";
## Capture error message
BEGIN{
CGI::Carp::set_message(\&carp_error);
}
############################################################
# ACTION HANDLER #
############################################################
#
#
if($ENV{REQUEST_METHOD} eq 'POST'){
## Fetch form data
my $name = param('name');
my $email = param('email');
my $comments = param('comments');
## Check for html tags
if($name =~ /<.*>/ || $comments =~ /<.*>/ ){
die ("oops! you have html tags. naughty, naughty!");
}
## Check to see if email is valid.
## Does not match email addresses using an IP address instead of a domain name.
if ($email !~ m/\b[a-z0-9._%-]+@[a-z0-9.-]+\.[a-z]{2,4}\b/){
die ("oops! your email address is not valid one");
}
## Okay! you have passed the test. you have a valid email address.
my @result = split(m/@/, $email);
if(isHostValid($result[1])) {
die ("Oops! invalid host name");
}
# Change this to the path of your sendmail
my $mail_prog = '/usr/sbin/sendmail';
# Change this to your email address
my $recip = 'youremail@host.com';
open (MAIL, "|$mail_prog -t");
print MAIL "To: $recip\n";
print MAIL "Reply: $email\n";
print MAIL "Subject:email from web form\n";
print MAIL "\n\n";
print MAIL "name: ". $name."\n" ;
print MAIL "emial: ".$email."\n" ;
print MAIL "comments: ".$comments."\n" ;
print MAIL "\n\n";
close (MAIL);
## Display confirmation message
print header;
print start_html;
print "Thanks you for using the comment form.
We are going to get back to you as soon
as we can say thank you again.";
print end_html;
}else{
## Display form
print header;
print start_html;
print start_form(-method => "post", -action => "");
print h4("Contact Form");
print "Name: ", textfield(-name => "name"), br;
print "E-mail: ", textfield(-name => "email"), br;
print "Enter your comments:", br;
print textarea(-name => "comments", -rows => "5", -column => "50"), br;
print submit(-value => "Submit");
print end_form;
print end_html;
}
##
# Subroutine checks if the host is valid
#
# @param host
#
sub isHostValid{
my $host = shift;
my $NSLOOKUP = '/usr/bin/nslookup';
$/='';
my $fh = new IO::File "$NSLOOKUP -type=any $host 2>&1 |";
my @response = <$fh>;
close $fh;
$/='\n';
if (grep /Name:\s+$host/, @response){
return 1;
}
return 0;
}
##
# Subroutine displays error message
#
# @param error_message
#
sub carp_error{
my $error_message = shift();
print start_html("Error") .
h1("Error") .
p("Sorry, the following error has occurred: ") .
p(i($error_message)) .
end_html;
}