# Solved: please help with form script



## ms_khw (Jul 12, 2004)

Help?

I'm trying to create a form for my site and I'm not terribly familiar with perl. With a little help from the internet this is what I've come up with. I've created the form and placed it in my public directory, then I created the script and placed that in my cgi-bin. But it just doesn't seem to work, I get that nasty error message. I'm using the editor that is provided through my hosts panel instead of my notepad. When I began to create the new file in the cgi-bin I was given several options on file type, ie: html etc and perl, I selected perl. One note when I went into the editor, it began with the following code : use CGI::Carp qw(fatalsToBrowser); First attempt I wrote that into the code, but no go, then I wrote it as it is shown here, & again no go. I saved the file as form_mailer.cgi I'd appreciate any help on what I'm doing wrong.
With thanks msk

This is the test form, I named the file mailform.html

Your Email Address:

Your Comments:

And this is the script.

use CGI;
my $query = new CGI;
print $query->header ( );
$variable_name = $query->param("parameter_name");
my $email_address = $query->param("email_address");
my $comments = $query->param("comments");
open ( MAIL, "| /usr/lib/sendmail -t" );
print MAIL "From: $email_address\n";
print MAIL "To: webmaster\@abcwebdzine.ca\n";
print MAIL "Subject: Form Submission\n\n";
print MAIL "$comments\n";
print MAIL "\n.\n";
close ( MAIL );
print <<END_HTML;

Thanks for filling in our form!

END_HTML


----------



## bassetman (Jun 7, 2001)

Try looking here

http://www.google.com/search?hl=en&lr=&safe=off&q=web+form+scripts


----------



## thecoalman (Mar 6, 2006)

Being a little more explicit as to what the error is might help.. otherwise everyone is just guessing.

I use formail to process forms, most hosts have it already installed. If not you can get it here: http://www.scriptarchive.com/formmail.html


----------



## ms_khw (Jul 12, 2004)

Sorry, I guess the error message just might help.  This is the message:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.


----------



## ms_khw (Jul 12, 2004)

Found my error logs, and this is another error report:

error: file has no execute permission


----------



## bassetman (Jun 7, 2001)

ms_khw said:


> Found my error logs, and this is another error report:
> 
> error: file has no execute permission


Sounds like you need to set the Read Write Execute permissions. Those should be in a readme.txt file with program.


----------



## brendandonhu (Jul 8, 2002)

I don't know Perl but that script looks like it might be insecure to me. it seems like the user would be able to change the recipients of the email by injecting into the "Your email address" field. Does your host support PHP? If they do, I know of another formmail script you could use.


----------



## ms_khw (Jul 12, 2004)

I am getting kind of lost in perl...now I've got to jump into the cold-cold waters of php.  
Yes it appears that my host supports it, I found options in my control panel for creating chats in php, so I guess means yes. If the script is not secure as pointed out here, then I guess it is a no-no. How much more difficult is php?


----------



## brendandonhu (Jul 8, 2002)

I'm not entirely sure if there's an insecurity in it but it looks like there is.
There's an easy PHP script here: http://webdevfaqs.com/php.php#mailer


----------



## ms_khw (Jul 12, 2004)

I will look into that script, thanks.

I noticed that I have an option of using cgiemail and have been working on that in the hopes that it would prove successful. So far not luck. I created my form and placed it in my public directory (is this correct). For the action I wrote the following: ACTION="http://www.abcwebdzine.ca/bin/cgiecho/wwwdev/cgiemail/questions3.txt">
But once again the dreaded error page. This time I got the following:
Any thoughts on what I'm doing wrong?

Not Found
The requested URL /wwwdev/cgiemail/questions3.txt was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/1.3.34 Server at www.abcwebdzine.ca Port 80


----------



## brendandonhu (Jul 8, 2002)

The action should be set to the address of your CGI script. Your host might be able to help you with the specifics of that.


----------



## ms_khw (Jul 12, 2004)

Thanks, I'll contact my host.  
If I was to use the php script that you suggested, once written where would I place the file?
once again, thanks


----------



## brendandonhu (Jul 8, 2002)

Doesn't matter, just save it as .php and upload it to your host.


----------



## ms_khw (Jul 12, 2004)

I think I've got it! I'm still thinking of trying the php mailer for the sake of security. But for now I guess I'll work with this. I used formmail. I added 
It worked! I can't thank everyone enough for all of your help.
I do have one other question, how can I redirect the visitor to another page in my site after they have completed the form and clicked submit?


----------



## brendandonhu (Jul 8, 2002)

The problem with that is that the visitor could chnge the value of "recipient" and use your form to send spam.

Also the PHP script has this where you can redirect them after sending the email:
$forward = 0; # redirect? 1 : yes || 0 : no 
$location = "thankyou.htm"; #set page to redirect to, if 1 is above


----------



## ms_khw (Jul 12, 2004)

Thanks, then I guess I'll toss this one aside and go with your suggestion. As you say, save the form as .php and it doesn't matter what folder that it is placed in. I'll give it a shot.
thanks for everything


----------



## brendandonhu (Jul 8, 2002)

Just put it in the same folder as your form and make sure its saved as something.php. Then you set the action of your form to the name of the php file.


----------



## ms_khw (Jul 12, 2004)

I've got everything set up, but I'm getting a parse error. I created the form and placed it in my public folder and titled it as form.html, then I created the php script and placed that in the public folder as you suggested. Creating the php script within my public folder, I was given the following options on what I wanted to create: text document, html document, perl script, shell script. Not having an option for php I chose text. I then created the script and saved it as mailer.php 
This is how I started the php script:
<?PHP 
$to = "myemailplacedhere"; 
$subject = "Results from your request form";
$headers = "From: Form Mailer"; 
$forward = 1; 
$location = "thankyou.html"; 
## set up the time ##
This is the action that I placed in my form:

Thoughts on where I went wrong?


----------



## brendandonhu (Jul 8, 2002)

That part looks fine, could you post the whole PHP file (edit out the email address if you want), and let me know what line number it says the parse error is on.


----------



## ms_khw (Jul 12, 2004)

This is the entire script. The parse error is: Parse error: parse error, unexpected '<' in /home/my account sign in name shows here/public_html/mailer.php on line 2

<?PHP 

$to = "[email protected]"; 
$subject = "Results from your request form";
$headers = "From: Form Mailer"; 
$forward = 1; 
$location = "thankyou.html"; 
## set up the time ##

$date = date ("l, F jS, Y");
$time = date ("h:i A");

## mail the message ##

$msg = "Below is the result of your feedback form. It was submitted on $date at $time.\n\n";

if ($_SERVER['REQUEST_METHOD'] == "POST") {
foreach ($_POST as $key => $value) {
$msg .= ucfirst ($key) ." : ". $value . "\n";
}
}
else {
foreach ($_GET as $key => $value) {
$msg .= ucfirst ($key) ." : ". $value . "\n";
}
}

mail($to, $subject, $msg, $headers);
if ($forward == 1) {
header ("Location:$location");
}
else {
echo "Thank you for submitting our form. We will get back to you as soon as possible.";
}

?>

```

```


----------



## brendandonhu (Jul 8, 2002)

The # signs need to remain around the text, that section should look like this:
####################################################### 
# This script is Copyright 2003, Infinity Web Design # 
# Distributed by http://www.webdevfaqs.com # 
# Written by Ryan Brill - [email protected] # 
# All Rights Reserved - Do not remove this notice # 
#######################################################


----------



## ms_khw (Jul 12, 2004)

Thanks, I fixed it, but now I get a page that says this page cannot be found. Should I leave everything in the script that contains #instructions? This is the script:
<?PHP 
#######################################################
# This script is Copyright 2003, Infinity Web Design #
# Distributed by http://www.webdevfaqs.com #
# Written by Ryan Brill - [email protected] #
# All Rights Reserved - Do not remove this notice #
#######################################################

$to = "myemail"; 
$subject = "Results from your request form";
$headers = "From: Form Mailer"; 
$forward = 1; 
$location = "thankyou.html"; 
## set up the time ##

$date = date ("l, F jS, Y");
$time = date ("h:i A");

## mail the message ##

$msg = "Below is the result of your feedback form. It was submitted on $date at $time.\n\n";

if ($_SERVER['REQUEST_METHOD'] == "POST") {
foreach ($_POST as $key => $value) {
$msg .= ucfirst ($key) ." : ". $value . "\n";
}
}
else {
foreach ($_GET as $key => $value) {
$msg .= ucfirst ($key) ." : ". $value . "\n";
}
}

mail($to, $subject, $msg, $headers);
if ($forward == 1) {
header ("Location:$location");
}
else {
echo "Thank you for submitting our form. We will get back to you as soon as possible.";
}

?>

```

```


----------



## ms_khw (Jul 12, 2004)

Wait a minute, I think I just might know the answer, be right back....


----------



## ms_khw (Jul 12, 2004)

I've got it! I've got it! :up:  I had forgot to upload the thank you page.  Everything is working, and I can't thank you enough for all of your help and patience. One final question, in the email the from field is empty/unknown. How can I correct this?
Once again deepest thanks!


----------



## brendandonhu (Jul 8, 2002)

Change the from address here:
$headers = "From: Form Mailer";


----------



## ms_khw (Jul 12, 2004)

Thanks Brendran. You have been so helpful, I just can't thank you enough!
msk


----------



## ms_khw (Jul 12, 2004)

Sorry, me again. I should write the from as $headers = "From: Form Mailer"; ? My script has that written as such? Did I misunderstand?


----------



## brendandonhu (Jul 8, 2002)

That's where you change the From field, change Form Mailer to whatever you want.


----------



## ms_khw (Jul 12, 2004)

Thanks. Will do. Have a good night.
msk


----------



## brendandonhu (Jul 8, 2002)

[tsg=yourewelcome]yourewelcome[/tsg]


----------



## thecoalman (Mar 6, 2006)

brendandonhu said:


> The problem with that is that the visitor could chnge the value of "recipient" and use your form to send spam.


formmail adresses that, it will only accept forms from the domain you specify.



> @referers = ('scriptarchive.com','YOUR_IP');
> This array allows you to define the domains on which you allow forms to reside and use this installation of FormMail. If a user tries to put a form on another server, that is not scriptarchive.com, they will receive an error message when someone tries to fill out their form. By placing scriptarchive.com in the @referers array, this also allows www.scriptarchive.com, ftp.scriptarchive.com, any other http address with scriptarchive.com in it and scriptarchive.com's IP address to access this script as well, so no users will be turned away.
> NOTE: This is not a security check. Referer headers can EASILY be faked. Rather, it prevents someone on xyznotyou.com from using the FormMail on your server to process forms on their server on a regular basis. It remains in the script as a remnant of earlier versions when it was used for security, *but the @recipients variable is now used to specify exactly who can receive e-mail from this installation.*
> .


Thje recipient value by default can only be a referer:



> @recipients = &fill_recipients(@referers);
> If you wish to only allow e-mail addresses at the domain names in @referers to receive form results, you probably do not need to change this variable. However, if you get any 'Error: Bad/No Recipient' messages when running FormMail, you may have to revisit @recipients and make sure you have correctly listed all domains or configured this variable.


----------

