Hi All

Can someone take a look at my code below. It accepts input from a form, and passes the data to another script. I know my code is sloppy, and would very much appreciate it if someone could perfect it for me.
I havn't been using perl for very long, and am sure some of my regexps and other things are broken (or possibly insecure)

Thanks 
#!/usr/bin/perl -wT

use CGI;
use strict;

#####################
# Set Env Variables #
#####################
my $w          = new CGI;
my $redir      = new CGI;
my $time       = localtime;
my $ipaddr     = $ENV{'REMOTE_ADDR'};
my $message    = "";
my $found_err  = "";
$ENV{'PATH'}   = '/usr/sbin:/etc/adduser';
$ENV{'ENV'}    = '/usr/sbin:/etc/adduser';

########################
# Grab Input From Form #
########################
my $fullname   = $w->param('fullname');
my $username   = $w->param('username');
my $password   = $w->param('password');
my $mothers    = $w->param('mothers');
my $email      = $w->param('email');
my $referral   = $w->param('referral');
my $conditions = $w->param('conditions');

#############################
# Perform User Input Checks #
#############################
if ($fullname !~ /^[-.\w\s]{3,30}$/) {
    $message = $message.'<p>Full Name Must Be Between 3-30 Chars With 
+No Symbols.</p>';
    $found_err = 1; }
if ($username !~ /^[a-z][a-z0-9-._]{2,29}$/) {
    $message = $message.'<p>User Name Must Be Between 3-30 Chars With 
+No Symbols Or Upper-Case.</p>';
    $found_err = 1; }
if(defined(getpwnam($username))) {
    $message = $message.'<p>The Chosen Username Already Exists.</p>';
    $found_err = 1; }
if ($username =~ m/^administrator|accounts|support|postmaster|webmaste
+r|
    |spam-admin|technical|billing|sales|purchase|buy|misuse|
    |assistance|mail|virus-admin|manager|usenet|hostmaster$/) {
    $message = $message.'<p>The Chosen Username Already Exists.</p>';
    $found_err = 1; }
if ($password !~ /^[-.\w\s\d]{6,30}$/) {
    $message = $message.'<p>Password Must Be Between 6-30 Chars With N
+o Symbols.</p>';
    $found_err = 1; }
if ($mothers !~ /^[-.\w\s]{3,30}$/) {
    $message = $message.'<p>Mothers Maiden Name Must Be Between 3-30 C
+hars With No Symbols</p>';
    $found_err = 1; }
if ($email !~ /^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]
+)+$/i) {
    $message = $message.'<p>Please Enter A Valid E-Mail Address.</p>';
    $found_err = 1; }
if ($referral !~ /^[-.\w\s]{3,30}$/) {
    $message = $message.'<p>Referral Information Must Be Between 3-30 
+Chars With No Symbols.</p>';
    $found_err = 1; }
if ($conditions !~ m/^Yes$/) {
    $message = $message.'<p>Please Accept The Terms And Conditions.</p
+>';
    $found_err = 1; }

if ($found_err) {
        &PrintError; }

###############################
# Encrypt Password Using Salt #
###############################
my $salt      = '$1$' . join '',
               ('.', '/', 0..9, 'A'..'Z', 'a'..'z')
               [ map { int rand 64 } 0 .. 7 ];
my $epassword = crypt($password, $salt);

########################################
# Pass Details To AddUser For Creation #
########################################
!system ('/etc/adduser/adduser.pl', "-fullname=$fullname", "-username=
+$username",
                                    "-password=$epassword") or die;
   
########################################
# Send E-Mails To Support And New User #
########################################
open (MAIL, "|/usr/sbin/sendmail -t") or die;
print MAIL <<"END_OF_MAIL";
To: support\@domain.com
Reply-to: $email
From: $email
Subject: New User $username/$ipaddr

FullName  : $fullname
UserName  : $username
Security  : $mothers
Referral  : $referral
IP Address: $ipaddr

***End Of E-Mail***

END_OF_MAIL
close (MAIL);

open (MAIL, "|/usr/sbin/sendmail -t") or die;
print MAIL <<"END_OF_MAIL";
To: $email
Reply-to: support\@domain.com
From: support\@domain.com
Subject: Welcome To My Service

Dear $fullname,

blah blah blah blah

END_OF_MAIL
close (MAIL);

########################################
# Log User Create And Pass To Complete #
########################################
open  LOGFILE, '>>',"/etc/adduser/adduser.log" or die;
print LOGFILE "$time:$username:$password:$email:$ipaddr\n";
close LOGFILE;
print $redir->redirect('https://www.domain.com/complete.shtml');

###########################
# Display Creation Errors #
###########################
sub PrintError {
print "Content-type: text/html\n\n";
print $message;
exit 0; }

[download]

20030704 Edit by Corion: Added READMORE tag, changed title from "naff coding..."

In reply to CGI script review by Anonymous Monk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.