Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

Re^4: MAIL::SENDMAIL - Inserting $variable Into TO or FROM?

by Milti (Beadle)
on Jan 31, 2014 at 17:04 UTC ( [id://1072879]=note: print w/replies, xml ) Need Help??


in reply to Re^3: MAIL::SENDMAIL - Inserting $variable Into TO or FROM?
in thread MAIL::SENDMAIL - Inserting $variable Into TO or FROM?

Here's the code:

#!/usr/bin/perl -w ###use strict; use DBI; use CGI qw(:standard); print "Content-type: text/html\n\n"; @referers = ('72.167.40.203','www.mywebsite.com','mywebsite.com'); &check_url; &mail; sub check_url { local($check_referer) = 0; if ($ENV{'HTTP_REFERER'}) { foreach $referer (@referers) { if ($ENV{'HTTP_REFERER'} =~ m|https?://([^/]*)$referer|i) +{ $check_referer = 1; last; } } } else { $check_referer = 1; } if ($check_referer != 1) {&bad_referer} } sub bad_referer { print "content-type: text/html\n\n"; print <<"(END ERROR HTML)"; <html> <head> <title>Bad Referrer - Access Denied</title> </head> <body bgcolor=#FFFFFF text=#000000> <center> <table border=0 width=600 bgcolor=#9C9C9C> <tr><th><font size=+2>Bad Referrer - Access Denied</font></th></tr +> </table> </center> </body> </html> (END ERROR HTML) exit; } sub mail { ###Get the name, email address, and profile address of the sender my ($dbh, $sth, $count, $AccountID,$SenderFirstName, $SenderLastName, +$SenderEmail, $ID, $row, $View); $dbh = DBI->connect('dbi:mysql:membersdb','ID','pw') or die "Connection Error: $DBI::errstr\n"; my $SenderID = param('SenderID'); $sth = $dbh->prepare("SELECT FirstName,LastName,Email,View FROM member +info WHERE AccountID='$SenderID'"); $sth->execute (); my @row = $sth->fetchrow_array (); $SenderFirstName= $row[0]; $SenderLastName= $row[1]; $SenderEmail= $row[2]; $SenderView= $row[3]; $sth->finish; ##Get the name & email address of the recipient my ($dbh, $sth, $count, $AccountID,$FirstName, $LastName, $Email, $row +); $dbh = DBI->connect('dbi:mysql:membersdb','ID','pw') or die "Connection Error: $DBI::errstr\n"; my $ID = param('AccountID'); $sth = $dbh->prepare("SELECT FirstName,LastName, Email FROM memberinfo + WHERE AccountID='$ID'"); $sth->execute (); my @row = $sth->fetchrow_array (); $FirstName= $row[0]; $LastName= $row[1]; $Recipient= $row[2]; $sth->finish; $dbh->disconnect (); use HTML::Entities; use Mail::Sendmail 0.79; my $Message = param('Message'); $From="info\@mywebsite.com"; $html = <<END_HTML; <p>$SenderFirstName $SenderLastName has sent you a message.</p> <p>$Message</p> <form method="POST" action="http://www.mywebsite.com/cgi-bin/global/cr +eate_reply_mail_htm.pl?ID=$SenderID"> <p>Reply to $SenderFirstName --- <input type="submit" value="REPLY" na +me="B1" style="color: #FFFFFF; background-color: #0000FF"> </p> </form></p> END_HTML %mail = ( from => "$From", to => "$Recipient", subject => 'A Message From My Website', 'content-type' => 'text/html; charset="iso-8859-1"', ); $mail{body} = <<END_OF_BODY; <html>$html</html> END_OF_BODY sendmail(%mail) || print "Error: $Mail::Sendmail::error\n"; ###} &redirect; exit (0); sub redirect { print "Your Message Was Sent\n\n"; } exit; }
$FROM is a constant so the '@' sign was simply escaped with a \. Other variables are sent from forms and everything works fine with the above code with the param function. I do have another question. Where do I find information as to how to get CGI.pm to accept either POST or GET methods? Is there a smidgen of code to use?

Replies are listed 'Best First'.
Re^5: MAIL::SENDMAIL - Inserting $variable Into TO or FROM?
by marto (Cardinal) on Jan 31, 2014 at 17:59 UTC

      Here's the sequence of events. A person has a profile page on mywebsite.com. That page has a SEND MESSAGE link which forwards the person's AccountID to the cgi which creates a "Compose Your Message" page. When the submit button is hit all the info is forwarded to the program I have shown. All this happens on a dedicated server. The check referrers code was intended to assure that the submittal to the mail program was, indeed, coming from the aforementioned form residing on mywebsite.com. Only other members who have logged on can view the profiles noted above. At least I hope that's the case!. If I don't use the check referrer code, what would you suggest I do to ensure the sequence noted above? Thanks for any input!

        If someone is logged in to your site can't you check that they should be granted access to features using the associated Session? Given my previous comments regarding SQL injection, are you sure only people with accounts can log in? With my statement about referrer in mind, do you log emails sent or check to ensure people aren't already doing this? Perl CGI Secure Authentication, Super Search for more.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://1072879]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others pondering the Monastery: (6)
As of 2024-09-17 21:47 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    The PerlMonks site front end has:





    Results (22 votes). Check out past polls.

    Notices?
    erzuuli‥ 🛈The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.