#!/usr/bin/perl -w

use strict;
use warnings;
use CGI qw( :standard );
use CGI::Carp qw(fatalsToBrowser);
use IO::File;
use English qw(-no_match_vars);
local $OUTPUT_AUTOFLUSH = 1;

## Path set to minimal default
$ENV{PATH} = "/usr/bin:/bin:/usr/sbin";


## Capture error message
BEGIN{
	CGI::Carp::set_message(\&carp_error);
}


############################################################
#                    ACTION HANDLER                        #
############################################################
#
#
if($ENV{REQUEST_METHOD} eq 'POST'){
        ## Fetch form data
        my $name = param('name');
        my $email = param('email');
        my $comments = param('comments');
        
        ## Check for html tags
        if($name =~ /<.*>/ || $comments =~ /<.*>/ ){
                die ("oops! you have html tags. naughty, naughty!");
        }
        ## Check to see if email is valid. 
        ## Does not match email addresses using an IP address instead of a domain name.
        if ($email !~ m/\b[a-z0-9._%-]+@[a-z0-9.-]+\.[a-z]{2,4}\b/){
                die ("oops! your email address is not valid one");
        }
        
        ## Okay! you have passed the test. you have a valid email address.
        my @result = split(m/@/, $email);
        
        if(isHostValid($result[1])) {
                die ("Oops! invalid host name");
        }
        
        # Change this to the path of your sendmail
        my $mail_prog = '/usr/sbin/sendmail';
        # Change this to your email address
        my $recip = 'youremail@host.com';

        open (MAIL, "|$mail_prog -t");
        print MAIL "To: $recip\n";
        print MAIL "Reply: $email\n";
        print MAIL "Subject:email from web form\n";
        print MAIL "\n\n";
        print MAIL "name: ". $name."\n" ;
        print MAIL "emial: ".$email."\n" ;
        print MAIL "comments: ".$comments."\n" ;
        print MAIL "\n\n";
        close (MAIL);

        
        ## Display confirmation message
        print header;
        print start_html;
        print "Thanks you for using the comment form.
                We are going to get back to you as soon
                as we can say thank you again.";
        print end_html;
}else{
	## Display form
        print header;
        print start_html;
        print start_form(-method => "post", -action => "");
        print h4("Contact Form");
        print "Name: ", textfield(-name => "name"), br;
        print "E-mail: ", textfield(-name => "email"), br;
        print "Enter your comments:", br;
        print textarea(-name => "comments", -rows => "5", -column => "50"), br;
        print submit(-value => "Submit");
        print end_form;
        print end_html;
}

##
# Subroutine checks if the host is valid
#
# @param	host
#
sub isHostValid{
        my $host = shift;
	my $NSLOOKUP = '/usr/bin/nslookup';
	
  	$/='';
	my $fh = new IO::File "$NSLOOKUP -type=any $host 2>&1 |";
	my @response = <$fh>;
      	close $fh;
      	$/='\n';
      	
      	if (grep /Name:\s+$host/, @response){
      		return 1;   
      	}
      	
      	return 0;
}

##
# Subroutine displays error message
#
# @param 	error_message
#
sub carp_error{
	my $error_message = shift();


	
	print start_html("Error") .
                h1("Error") .
                p("Sorry, the following error has occurred: ") .
                p(i($error_message)) .
                end_html;
}