Simple Form

NEWS: v3.0 will be released by the end of November.

| PageMod | MySQL Backup | FutureSQL | WCN:Talk (formerly FutureForum) |
| Search and Replace | Selected Backup | Simple Form |

[ Visit our Open Source Software page or one of the links above to obtain other Open Source programs ]

Open Source Support Forum: If you need technical help, you may also leave a post at our Open Source Support Forum. If others answer questions before I get to them, I don't mind at all :-)

Register your email to receive notification about updates to our Open Source software!

"Simple Form" is written in Perl. There are a TON of form processors, many of them great. I wanted something simple and quick that could be used for any form, so instead of checking out all the others, I rolled my own. Was that a time saver? I don't know, but I enjoyed it. :-)

Bug Update: March 5, 2005

I will be releasing a fix for this bug in the near future, but I wanted to post the info here, to alert any users of the script. The script requires that the HTTP_REFERER variable is passed from the form, via the user's browser, in order to validate that the script is only used by forms on the local server. However, some browsers don't pass that variable, resulting in the script / form being blocked from use even though it was a valid use.

Workaround: The workaround is to set the variable:

$restrict_to_hosts to 'no'.

Because the email_to fields are set in the script and not in the form, I don't believe that setting the restrict_to_hosts variable to 'no' will cause any significant problem. Even if someone pointed their form to your script, your script will send any results to your email, not the other person's. Thus, it wouldn't benefit them to use your script. I'm working on various options for the above issue, for the next release.

New features and fixes in 2.3 include:

• SECURITY: Added routine to remove linefeeds from email headers in subroutines &mail_to and &mail_to_win - one more step against spammers.
• FEATURE: Added ability to use an html template for response pages. The parameters for this are in the hidden html form fields.
• FEATURE: Added ability to use "include files" inside the html response files by placing :!:tags:!: representing the include files where the normal <!--#include virtual="/header.html" --> include SSI commands would go. For example, instead of using the above SSI command, you would place a tag, :!:header:!: in that spot. Then, in the form hidden field called "include_file_vars", you would place the tag name "header". You can use more than one, separated by | pipes.
• FEATURE: Added a hook to include a Perl include file that contains various calculations on the form fields - such as totaling orders, etc. Thus, the script can be expanded without modification. Note that the code in the include file has to be aware of what's going on in the form and the script.
• BUGFIX: fixed problem with checkboxes - multiple values with preview function were not getting passed.
• OTHERS: a number of other cosmetic features, such as variables for tables, ability to use multiple tags in the email subject line, etc. (see history in script).

New features and fixes in 2.2 include:

• MAJOR: removed admin_email_to and admin_email_from from the form parameters to stop spammers from potentially setting the to and from fields via the url line. the vars are now set in the script
• MAJOR: added ability to store admin_email_to, admin_email_from and return_path emails in secondary script file, providing for multiple form usage
  
  
• Fixes:
• checked for linefeeds in the email and subject lines to stop spammers from using a \nCc: syntax
• added a var, $script_name, to check to make sure the return url does not contain the script name, setting up a potential loop
• added a var, $return_path for bounces
• added an error_message subroutine
• added additional checks to trap use from other hosts when $restrict_to_hosts = 'yes'
• added check for GET method of form submission - blocks such usage
• added output of ENV variables with email sent to admin user of form abuse
• added check_emails subroutine

Note that the instructions and an example of all of the hidden fields that are required in the html form are included in the beginning of the script itself. Nothing needs to be modified in the script (everything is controlled from the html form) except the variables related to the email server or email program and a few new variables related to email addresses .

The script is not terribly complicated. It's good for simple and quick form usage, using any number of multiple forms (we use it here, at WCN.)

[ Note to Programmers: If you're a programmer, and are concerned about issues such as 'use strict', 'my' and other programming constructs, you may be interested in a note about programming methods. ]

Current Version - v2.3 (Don't Use Older Versions!)

• s_form.txt (rename with .cgi and set permissions to 755 - also note that the name of the script has to match the variable "script_name" in the setup area of this file)
• s_form.calc.include.txt (optional: sample calculation file - rename with .pl)
• s_form_response.html (optional: sample response page)
• s_form.tar.gz ( zip file of all 3 files above )

History

See History in Script.

Return to Top Open Source Page