NinerNet Communications™
Documentation

Contents of /sendit/sendit_readme.txt

COPYRIGHT

TFMail
Copyright 2002 - 2004 London Perl Mongers, All rights reserved

The file MIME_Lite.pm is copyright ZeeGee Software Inc,
see the file for details.

LICENSE

This script is free software; you are free to redistribute it
and/or modify it under the same terms as Perl itself.

URL

The most up to date version of this script is available from the nms
script archive at  <http://nms-cgi.sourceforge.net/>

SUMMARY

TFmail is a script which allows you to receive the results of an
HTML form submission via an email message.

TFmail is *not* a plug-in replacement for FormMail.pl, although
it has a lot of the same features.  TFmail is configured via
text files on the server rather than via hidden form fields, has
templates for output, and can support HTTP file uploads.

FILES

In this distribution, you will find the following files:

TFmail.pl        - The main Perl script
TFmail_config.pl - A script to help with setting up the configuration files.
GBview.pl        - A script that allows TFmail to function as a guestbook
NMStreq.pm       - A Perl module that TFmail.pl needs
NMSCharset.pm    - Another Perl module that TFmail.pl needs
MIME_Lite.pm     - A Perl module that TFmail.pl needs if you want to use
                   file uploads, unless MIME::Lite is installed on the
                   server
default.trc    -   The main configuration file
gb.trc         -   An example configuration file for a guestbook
spage.trt      -   The template file that controls the layout of the success
                   page
missing.trt    -   The template file that controls the layout of the page
                   presented to the user if some required fields have been
                   left blank
email.trt      -   The template file that controls the layout of the email
                   body
README         -   This file. Instructions on how to install and use TFmail
EXAMPLES       -   Some examples of the use of TFmail
FAQ            -   Some problems and their solutions
ChangeLog      -   The change history of these files
MANIFEST       -   List of files

SCRIPT CONFIGURATION

There are a number of variables that you can change in TFmail.pl which
alter the way that the program works.

DEBUGGING           - This should be set to 1 whilst you are installing
                      and testing the script. Once the script is live you
                      should change it to 0. When set to 1, errors will
                      be output to the browser. This is a security risk and
                      should not be used when the script is live.

LIBDIR              - The filesystem path to the location of the .pm files
                      that come with TFmail.pl.  See the section below on
                      choosing secure locations for files.

MAILPROG            - The command line that the script should use to fire
                      up a program that will read an email message from its
                      standard input, get a list of recipients from the To
                      header and send the email.  On most UNIX systems, the
                      correct value will be either:

                        MAILPROG => '/usr/lib/sendmail -oi -t';

                      or

                        MAILPROG => '/usr/sbin/sendmail -oi -t';

                      If your system lacks a suitable sendmail program, then
                      you can configure TFmail to talk directly to an SMTP
                      relay rather then using sendmail.

                      For example, if your ISP has a host called
                      "mailhost.your-isp.net" which will act as an SMTP relay
                      for the web server, you would set:

                        MAILPROG => 'SMTP:mailhost.your-isp.net';

POSTMASTER          - The email address to use as the 'envelope sender' of
                      outgoing e-mails.  This address will receive the bounce
                      messages if there is trouble delivering an e-mail, so
                      it's important to set this.  If in doubt, set this to
                      your e-mail address.

CONFIG_ROOT         - The filesystem path to the directory that holds all of
                      the configuration files and template files for the script.
                      This must be set to the path to the directory on the
                      server to which you uploaded the .trc and .trt files.

                      See the section below on choosing secure locations for
                      files.

SESSION_DIR         - The location where (if you are using sessions as 
                      described below) the session information will be stored.
                      This needs to be a directory in which the user that the
                      TFmail is run as can create and delete files.  You may
                      want to consider having this a separate directory as it
                      will make it easier to clean up any orphaned sessions.

                      Again you should see the section on  choosing secure
                      locations for files.
                      
MAX_DEPTH           - The depth of subdirectories under CONFIG_ROOT that
                      configuration files and templates may be placed.  The
                      default of 0 is fine for most people.

CONFIG_EXT          - The file extension that configuration files have.  The
                      default of .trc will work with the sample configuration
                      files supplied.

TEMPLATE_EXT        - The file extension that template files have.  The default
                      of .trt will work with the sample template files supplied.

ENABLE_UPLOADS      - Set this to 1 if you wish to use HTTP file uploads to
                      allow users to upload files via the form and have them
                      come through to you as attachments to the email.

USE_MIME_LITE       - If you're not using file uploads then you can set this to
                      0 to prevent TFmail from using the MIME::Lite
                      perl module.  This may speed the script up in
                      some cases, and might be desirable if the e-mail
                      is going to an automated system that doesn't
                      understand MIME messages.  However, the e-mail
                      is more likely to be mangled in some way by mail
                      transport agents if you don't use MIME::Lite.

LOGFILE_ROOT        - The filesystem path to the directory under which log
                      files can be written.  Leave this set to the empty
                      string to disable writing to log files.

                      See the section below on choosing secure locations for
                      files.

LOGFILE_EXT         - The file extension that log files must have.  Default:
                      .log

HTMLFILE_ROOT       - The filesystem path to the directory under which any 
                      HTML files that you wish TFmail to modify live.
                      Leave this set to the empty string unless you want
                      to use TFmail to modify HTML files on your server.

HTMLFILE_EXT        - The file extension that the HTML files which TFmail
                      modifies must have.  Default: .html

CHARSET             - The character encoding to use for output documents and
                      e-mails.  All user input must be encoded with the same
                      charset or the output may appear garbled.  The default
                      of 'iso-8859-1' works for many Western languages.  If
                      you need characters that iso-8859-1 cannot represent
                      then you might want to consider setting CHARSET to
                      'utf-8'.


SCRIPT INSTALLATION

TFmail is installed by copying the file TFmail.pl into your cgi-bin
directory. If you don't know where your cgi-bin directory is, then
please ask your system administrator.

You must also copy NMStreq.pm and MIME_Lite.pm to the server.  You
should put them in the location that you configured for LIBDIR above.
Leaving LIBDIR set to '.' and uploading the .pm files into your
cgi-bin directory will work on most UNIX systems.  See the section
below on choosing secure locations for files.

You may need to rename TFmail.pl to TFmail.cgi. Again, your system
administrator will know if this is the case.

You will probably need to turn on execute permissions to the file. You can
do this by running the command "chmod +x TFmail.pl" from your command
line. If you don't have command line access to your web server then there
will probably be an equivalent function in your file transfer program.


CHOOSING SECURE LOCATIONS FOR FILES

The TFmail.pl CGI requires many support files, such as the .pm
files, the .trc configuration files, the .trt output template files
and possibly some log files and/or the nms_sendmail script.  It's
important to consider security when choosing locations for these
files on the web server.

The most important consideration is to prevent an attacker from
accessing any of these files directly via the web server, and
hence gaining information about your setup or access to your log
files.  Since your e-mail address appears in the configuration
file(s), it's important to protect them.  The log files may
contain even more sensitive information.

For example, if you were to put your configuration files in a
'tfmail' subdirectory of your web site, then an attacker would
be able to read them by typing a URL like

  http://www.your.domain/tfmail/default.trc

into his or her web browser.  That's bad security.

The best place to put all these files is somewhere outside the
web server's document root.  That eliminates the whole problem
at a single stroke.

However, if you are using an account on a shared web server then
you may not have access to any location outside the web server's
document root.  In that case, you should put all these support
files into a subdirectory of your site to which the web server
is configured to deny all access.  Your hosting provider should
be able to tell you how to block HTTP access to a subdirectory
of your site.

If you can't configure the web server to deny access to a
subdirectory of your site, then maybe you can set up a password
protected subdirectory.  That's almost as good, so long as you
choose a password that nobody will be able to guess.

Finally, if all else fails, a small amount of security can be
gained by making the URL to the configuration and other
support files hard to guess.  For example, if you were to put
all the configuration files in a subdirectory of your site but
pick the name 'p5xltfe' instead of 'tfmail', then the attacker
would need to guess the URL:

  http://www.your.domain/p5xltfe/default.trc

which is harder.  Be aware however that this is a weak form of
security.  Web server bugs and configuration errors that allow
this type of precaution to be bypassed are relatively common.


THE CONFIGURATION SCRIPT

If you wish, you can upload the TFmail_config.pl script and use
that to interactively create all the .trt and .trc files that
you'll need, instead of editing and uploading the .trt and .trc
files.

See the comments at the top of TFmail_config.pl for directions as
to how to configure that script.

TFmail_config.pl is quite new, and should be considered to be an
experimental feature.


OUTPUT CUSTOMIZATION

The .trt files are templates used by TFmail to generate the output
HTML and the body of the email.  You can edit them to change the
look of the output before uploading them to the CONFIG_ROOT directory.

The character combinations "{=" and "=}" are used to mark template
directives.  Whenever TFmail encounters a template directive, it
replaces it with a value.  For example, the template directive
{= date =} will be replaced with the current date.  There are also
directives for introducing environment variables and CGI form input
values, and a few others.

For example, by default TFmail will use the template email.tft to
generate the body of the email.  By default that template looks
like this:


%% NMS email template file %%
Below is the result of your feedback form.  It was submitted
{= by_submitter =}on {= date =}.
----------------------------------------------------------------------

{= FOREACH input_field =}
{= name =}: {= value =}

{= END =}
----------------------------------------------------------------------


The first line just tells TFmail that this is indeed a template
file for an email body - it won't be included in the output.

The {= by_submitter =} directive generates the user's email address
and real name followed by the string "by ", if there are email
address and realname inputs in the form.  If TFmail can't work out
the user's email address then the {= by_submitter =} directive
produces nothing.  The "by " string was made part of the directive
output so that the sentence would make sense in either case.  The
word 'by' can be replaced by setting the "by_submitter_by"
configuration directive to the required text.

The {= FOREACH input_field =} directive repeats the lines between
the FOREACH line and the END line for each field in the form who's
name starts with a letter or a number.

If everything goes OK and the email is sent, TFmail presents a
success page to the user.  By default, that success page comes
from the spage.trt template file, which defaults to this:


%% NMS html template file %%
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title>Thank You</title>
    <link rel="stylesheet" type="text/css" href="/css/nms.css" />
    <style>
       h1.title {
                   text-align : center;
                }
    </style>
  </head>
  <body>
    <h1 class="title">Thank You</h1>
    <p>Below is what you submitted on {= date =}</p>
    <hr size="1" width="75%" />
{= FOREACH input_field =}
    <p><b>{= name =}:</b> {= value =}</p>
{= END =}
    <hr size="1" width="75%" />
    <p align="center">
      <font size="-1">
        <a href="http://nms-cgi.sourceforge.net/">TFmail</a>
        &copy; 2002 London Perl Mongers
      </font>
    </p>
  </body>
</html>


You can change these templates to anything you like, giving you
full control over the look of the output.  You don't have to
include the {= FOREACH input_field =} directive or the {= date =}
directive unless you want to.

You can use "param" directives to get at the values of individual
CGI parameters.  The directive {= param.foo =} will output the
value of the "foo" CGI parameter, if there is one.

For example, if your HTML form has only two inputs, "name" and
"age", then your success page template file might look like this:

%% NMS html template file %%
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title>Thank You</title>
  </head>
  <body>
    <h1>Thank You {= param.name =}</h1>
    <p>
      Thanks {= param.name =} for registering your age
      as <b>{= param.age =}</b>.  Your results have been
      added to our database.
    </p>
  </body>
</html>

In a similar way, you can access the CGI environment variables
via "env" template directives.  For example:

%% NMS html template file %%
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title>Thank You</title>
  </head>
  <body>
    <h1>Thank You {= param.name =}</h1>
    <p>
      Thanks {= param.name =} for registering your age
      as <b>{= param.age =}</b>.  Your results have been
      added to our database.
    </p>
    <p>
      Note: we have logged your IP address as {= env.REMOTE_ADDR =},
      and we will be reporting you to the FBI if you lied about
      your age.  Have a nice day.
    </p>
  </body>
</html>

You can also use these "param" and "env" template directives
in the email template, to get finer control over the body of
the email.


CONFIGURATION FILES

TFmail reads its configuration from a configuration file.  By
default, that file is default.trc in whatever directory you set
for CONFIG_ROOT above.

If you have several forms on your site using TFmail, each will
need its own configuration file.  You can control TFmail's choice
of configuration file via the "_config" hidden form field.  For
example, if you added the line:

  <input type="hidden" name="_config" value="foo" />

to one of your HTML forms, then TFmail would use foo.trc in the
CONFIG_ROOT directory as its configuration file when processing
that form.

The choice of configuration file is the only thing that can be
configured via a hidden form field.

The first line of the configuration file has to be exactly the
text:

  %% NMS configuration file %%

Lines starting with '#' are ignored, and configuration values
are set by putting the name of the configuration setting at
the start of a line, followed by a ':' character, followed by
the value for that setting.  The value can be split over
several lines.

One configuration value that you must set is "recipient", the
email address to which the form results should be mailed.  For
example, your configuration file might look like:

%% NMS configuration file %%
#
# This is my configuration file
#
recipient: me@my.domain

You can have several recipients set, in which case the form
results will be copied to all of them:

%% NMS configuration file %%
#
# This is my configuration file
#
recipient: me@my.domain, some-else@my.domain

Other things that can be set in the configuration file are:

email_template              - The template file to use for the body
                              of the email.  Default: email

success_page_template       - The template file to use for the main
                              HTML success page, displayed when the
                              email has been sent.  Default: spage

sort                        - This sets the order in which the
                              {= FOREACH input_field =} directive processes
                              the CGI parameters.  It can be the string
                              'alphabetic' for alphabetic order, or the
                              string "order:" followed by a comma separated
                              list of the parameter names.  Default: the
                              parameters are output in the order in which
                              they occur in the HTTP request.

print_blank_fields          - If this is set to a true value then fields that
                              the user left blank will be visited by the
                              {= FOREACH input_field =} directive.  Normally,
                              blank fields are suppressed to save space.
                              Default: 0

subject                     - The subject for the email.  Default:
                              "WWW Form Submission".  Template directives can
                              be included in the subject value, see the section
                              on OUTPUT CUSTOMIZATION below.

email_input                 - The name of the CGI parameter that
                              will hold the user's email address.
                              Used by TFmail to set the From field
                              of the email.  Default: no email_input,
                              the mail comes from POSTMASTER.

realname_input              - The name of the CGI parameter that will
                              hold the user's full name.  Used by
                              TFmail to set the comment part of the
                              From field of the email if a valid
                              email address was found in the
                              email_input input.  Default: none, so
                              there will be no comment on the From
                              address.  If you list several inputs here then
                              their values will be concatenated to make up
                              the comment.

by_submitter_by             - The phrase added by the {= by_submitter =}
                              template directive when outputting the user's
                              email address.  Default: 'by'.

redirect                    - If this configuration value is set, then it
                              must be a URL and TFmail will generate a
                              redirect to that URL on success, instead of
                              using the success page template.

required                    - A comma separated list of the names of inputs
                              that the user cannot leave blank.  If any of
                              these are blank, then the submission will not
                              be accepted and 'missing_template' be displayed.
                              Default: no fields are required.

missing_template            - The HTML template file used to generate the
                              page that the user sees if they leave a
                              required field blank. Default: missing.

missing_fields_redirect     - If this configuration value is set then
                              it must be a URL and TFmail will generate
                              a redirect to that URL instead of using a
                              template if the user leaves a required
                              field blank. Default: display template.

confirmation_template       - If this field is set then it must be the
                              name of an email template that will be used
                              to send a mail back to the user confirming
                              their submission.  CAUTION: since the user
                              could give any email address (not just their
                              own) and submit repeatedly, there is a risk that
                              some nasty person will use this to mailbomb
                              a third party.  Only switch this on if you
                              really need it.  Template directives that
                              depend on user input will be disabled for this
                              template, so that this feature can't be used to
                              send SPAM.  Default: no confirmation email.

confirmation_subject        - The subject for the confirmation email, if it
                              is activated by the confirmation_template
                              directive above.

confirmation_email_from     - The email address that the confirmation will
                              have as the From: address.  Default is the
                              value of POSTMASTER as configured in the TFmail
                              program itself.

logfile                     - The name of a file to which data will be
                              appended for each successful run of the
                              script.  The name is relative to the
                              LOGFILE_ROOT directory and does not include
                              the LOGFILE_EXT file extension.  Default: no
                              logging.  Note that logging is disabled unless
                              the LOGFILE_ROOT constant in the script is set.

log_template                - The template file used to construct the text
                              that gets appended to the log file if the
                              logfile setting above is set.  Default: log

                              See WRITING TO A LOG FILE below.

modify_html_files           - A list of the names of one or more HTML files
                              into which TFmail should insert text, relative
                              to the HTMLFILE_ROOT directory and without the
                              HTMLFILE_EXT file extension.  See the section
                              below on inserting text into HTML files.

no_email                    - Set this to a true value to prevent the main
                              e-mail from being sent.  You might wish to do
                              that if you're using TFmail.pl to record data
                              to a log file and don't need it mailed as well.

date_fmt                    - The format that the date will be displayed in. 
                              This is a string that contains a number
                              of different 'tags'.  Each tag consists
                              of a % character followed by a letter.
                              Each tag represents one way of displaying
                              a particular part of the date or time. Here
                              are some common tags:

                              %Y - four digit year (2002)
                              %y - two digit year (02)
                              %m - month of the year (01 to 12)
                              %b - short month name (Jan to Dec)
                              %B - long month name (January to December)
                              %d - day of the month (01 to 31)
                              %a - short day name (Sun to Sat)
                              %A - long day name (Sunday to Saturday)
                              %H - hour in 24 hour clock (00 to 23)
                              %I - hour in 12 hour clock (01 to 12)
                              %p - AM or PM
                              %M - minutes (00 to 59)
                              %S - seconds (00 to 59)
                              %Z - the name of the local timezone

                              Default: '%A, %B %d, %Y at %H:%M:%S'

bad_method_status          - if this is set to 1 then TFmail will return the
                             Status code for "Request Method Not Allowed"
                             rather than an error page if the Request Method
                             is not 'POST' (optionally 'GET' - see the items
                             'get_redirect' and 'get_template' below) you
                             may want to use this if your server is 
                             configured to give custom error messages. The
                             default value is 0 meaning the default error page
                             will be displayed.

bad_method_template        - If this is set then the template will be used as
                             the content when bad_method_status = 1 and the
                             request method is invalid (see above.)

get_redirect               - Normally TFmail will only accept a 'POST' method
                             however if this is set to a valid URL then it
                             will redirect to the indicated page on a 'GET'
                             request, you could for example use this to
                             cause a redirection to your form if someone
                             has bookmarked the results of a previous
                             request. See also 'get_template' below.

get_template               - If this is set then it must specify a valid
                             template that will be used when a 'GET' request
                             is used, the template will be filled in the
                             same way as the success page but no further
                             action (such as sending mail or writing a log)
                             will be taken.  This might be useful when
                             creating a multipage form for example or if you 
                             wanted to have a link to a partly prefilled
                             form.  If both this and 'get_redirect' are
                             specified then the 'get_redirect' will take
                             precedence. If this is set then it is possible
                             to use the session capabilities as described in
                             the items below.

session_cookies            - If this is set to 1 and get_template is set then
                             when the templated page is sent out in response
                             to a GET request a session is created and a
                             Cookie is sent with the Session Id which will
                             be checked when a POST request is sent - TFmail
                             will abort if the session does not exist or there
                             is no SessionID cooke.  Some users may turn off
                             cookies in their browser settings, if this is a
                             problem to you then you might want to see 
                             session_field below.

session_field              - this can be set to the name of a hidden field on
                             your templated form that will contain the
                             session id when the form is posted.  If this is
                             set then for a GET request the template directive
                             {= session_id =} will be available and contain
                             the Session ID - you would want to create a field
                             like:
                              
                               <input type="hidden" name="SessionID"
                                      value="{= session_id =}" />

                             where you have session_field set to SessionID.

address_style              - This will specify the style of the address that
                             is used in the From: address of the main mail
                             message.  The default (and the previous style
                             before this option was added) is to create a
                             form of "$email ($realname)", if it is set to
                             a value of 1 then the address will be generated
                             as "$realname <$email>".  You may want to use 
                             this if you are using a mail client that takes
                             the same address in the two perfectly valid
                             styles to be different and you want to sort
                             by From address, for instance.

locale                     - This when set will determine the locale which is
                             used when determining the names of months and
                             days when using {= date =} template directive
                             the default is to use the locale set on the
                             server.  A few examples of locale codes are:

                              Catalan           ca_ES
                              Croatian          hr_HR
                              Czech             cs_CZ
                              Danish            da_DK
                              Dutc              nl_NL
                              Estonian          et_EE
                              Finnish           fi_FI
                              French            fr_FR
                              Galician          gl_ES
                              German            de_DE
                              Greek             el_GR
                              Hebrew            he_IL
                              Hungarian         hu_HU
                              Icelandic         is_IS
                              Italian           it_IT
                              Japanese          ja_JP
                              Korean            ko_KR
                              Lithuanian        lt_LT
                              Norwegian         no_NO
                              Polish            pl_PL
                              Portuguese        pt_PT
                              Romanian          ro_RO
                              Russian           ru_RU
                              Slovak            sk_SK
                              Slovenian         sl_SI
                              Spanish           es_ES
                              Swedish           sv_SE
                              Thai              th_TH
                              Turkish           tr_TR

                            This is not a complete list and your server may
                            support a different set. 

recipient_input            - This specifies the name of a form field that
                             the recipient is taken from.  It takes precedence
                             over any recipient specified in the config.
                             When this is set ALL templating that allows input
                             from the form to be introduced into the mail is
                             switched off and attempting to use a template
                             for the email that does this will result in an
                             error.  You should think carefully before using
                             this as it is only intended for a "recommend this
                             page" type scenario and is not generally useful.

no_content                 - If this configuration is set to 1 then no HTML
                             output will be sent to the browser and instead a
                             204 status will be sent telling the browser that
                             no content was intended to be sent and it should
                             not update the current view.  This could be 
                             useful if, for instance you are using a Flash
                             form or you have a small subscription box on your
                             page, on the other hand it may be confusing to
                             the visitor of your web page as they will have no
                             feedback that the submission was successful.

block_lists                - This is a space delimited list of DNSBL zones
                             that list open proxies or exploited computers
                             that can be used by spammers or crackers to
                             attempt to anonymously access TFmail, if this
                             is set and the requesting client appears in one
                             of the lists then the request will be refused
                             before any further action is taken - the default
                             response status is '403 Forbidden' but this
                             may be altered by setting the block_status
                             configuration directive.  Care should be taken
                             in using this item as a lookup on a nonexistent
                             or overloaded zone could block for some time.
                             More information on DNSBL and useful zones can
                             be found in README.dnsbl you got with TFmail.

block_status               - This will set the status that is returned if one
                             of the configured block_lists has an entry for
                             the requesting host - the default is
                             '403 Forbidden' which is probably appropriate
                              but you may for instance want to use
                             '404 Not Found', or some other status that will
                             indicate a permanently unsuccessful request.
                             Issuing a status beginning with '2' is almost
                             certainly not appropriate unless for some reason
                             you want to encourage the client to make further
                             requests in the belief that this one was
                             successfull.

blocked_template           - If this is set to a valid template file (as
                             described above) and block_lists is set then
                             this will be displayed when the client is blocked.

counter_file               - If this is set to the name of a writable file
                             then the {= counter =} directive is enabled.
                             the first time it is referenced in a single
                             request it will be incremented
                             
                             
INLINE TEMPLATES

If you don't want to have a separate file for each template, you can
choose to put some or all of the templates directly into the
configuration file instead, putting a '%' character at the start of
each line.

For example, rather than having the configuration file line:


email_template: my_email_template


... and a separate my_email_template.trt file with the text:


%% NMS email template file %%
This is the email.

remote address: {= env.REMOTE_ADDR =}
user agent:     {= env.HTTP_USER_AGENT =}
referer:        {= env.HTTP_REFERER =}

The name they entered was: {= param.name =}


... you could just have the block:


email_template:
%This is the email.
%
%remote address: {= env.REMOTE_ADDR =}
%user agent:     {= env.HTTP_USER_AGENT =}
%referer:        {= env.HTTP_REFERER =}
%
%The name they entered was: {= param.name =}


... in the configuration file.  You can do this for any of the
configuration variables listed above that expect a template file
as a value.

Note that you must leave out the %% NMS ???? template file %%
line when using an inline template like this.


WRITING TO A LOG FILE

If you want to keep your log files in /usr/local/tfmail/logs, then
you would set LOGFILE_ROOT to '/usr/local/tfmail/logs', and you
might add the following lines to your .trc file:


logfile: foo
log_template:
%{= date =}|{= env.REMOTE_ADDR =}|{= param.email =}


One problem with log files done this way is that the values input
by the user can contain '|' and newline characters, so it's possible
for a malicious user to mess up your log files.

However, TFmail will change tag-like constructs such as "<foo>" found
in the user input into "< foo>" when it writes the log file, so using
an HTML-like format for log files makes them more resilient:


logfile: foo
log_template:
%{= date =}<x>{= env.REMOTE_ADDR =}<x>{= param.email =}<eol>


FILE UPLOADS

To enable file uploads, you will need to set the ENABLE_UPLOADS constant
in the script to 1.  You will also need to set the correct encoding in
your HTML form:

<form method="post" enctype="multipart/form-data" action="/cgi-bin/TFmail.pl">
...

...and you will need to configure one or more inputs to be file uploads
in your configuration file.  The configuration directive to make an
input act as a file upload is upload_*, with the * replaced by the name
of the input.  The value is a list of acceptable file extensions for
the uploaded file, with the last one being the default that gets used
if the uploaded file has another extension.

For example, suppose you want the user to be able to upload a picture.
You might put in the configuration file:

upload_picture: gif jpg jpeg png xxx

and you might put in the HTML form:

  A picture of yourself:
  <input type="file" name="picture" />

If you want the MIME content-type of the upload to be recorded in the
email, then you should add:

  {= content_type.picture =}

to the email template file.

INSERTING TEXT INTO HTML FILES

As well as sending email and writing log files, TFmail can be made to
insert some text into the middle of an existing HTML file.  The
HTMLFILE_ROOT constant in the script should be set to the filesystem
path under which all of the HTML files that you might want TFmail to
modify reside.

For example, to use TFmail.pl as a guestbook script, with your
guestbook stored in the file /www/sites/31337/guestbook.html, you
might set the HTMLFILE_ROOT constant to '/www/sites/31337' and put
the following in a guestbook.trc file:


%% NMS configuration file %%

no_email: 1

modify_html_files: guestbook

htmlfile_template_guestbook:
%   <p><b>Date:</b>{= date =}</p>
%   <p><b>Name:</b>{= param.name =}</p>
%   <p><b>Comments:</b>{= param.comments =}</p>
%   <hr />

required: name,comments

missing_template:
%<?xml version="1.0" encoding="iso-8859-1"?>
%<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
% "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
%<html>
% <head>
%  <title>Missing Fields</title>
%  <link rel="stylesheet" type="text/css" href="/css/nms.css" />
% </head>
% <body>
%  <p>
%   You must fill in both the <b>name</b> and <b>comments</b> fields.
%   Please try again.
%  </p>
%  <form method="post">
%   <input type="hidden" name="_config" value="guestbook" />
%   <p>Your Name: <input type="text" name="name" size="30" value="{= param.name =}" /></p>
%   <p>
%    Comments:<br />
%    <textarea name="comments" cols="60" rows="4">{= param.comments =}</textarea>
%   </p>
%   <p><input type="submit" /> * <input type="reset" /></p>
%  </form>
%  <hr />
% </body>
%</html>

redirect: http://www.your.domain/thankyou.html


... and you might put something like this in the guestbook.html file:


<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
 <head>
  <title>Guestbook</title>
  <link rel="stylesheet" type="text/css" href="/css/nms.css" />
 </head>
 <body>
  <h1>Guestbook</h1>
  <p>Thank you for visiting our pages.  We would love it if you would
   <a href="addguest.html">Add</a> to this guestbook we are keeping!</p>
  <hr />
<!-- NMS insert below -->
 </body>
</html>


... and addguest.html would probably look something like:


<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
 <head>
  <title>Add to our Guestbook</title>
  <link rel="stylesheet" type="text/css" href="/css/nms.css" />
 </head>
 <body>
  <h1>Add to our Guestbook</h1>
  <p>Fill in the blanks below to add to our guestbook.</p>
  <hr />
  <form method="post" action="http://www.your.domain/cgi-bin/TFmail.pl">
   <input type="hidden" name="_config" value="guestbook" />
   <p>Your Name: <input type="text" name="name" size="30" /></p>
   <p>Comments:<br /><textarea name="comments" cols="60" rows="4"></textarea></p>
   <p><input type="submit" /> * <input type="reset" /></p>
  </form>
  <hr />
 </body>
</html>


ADVANCED GUESTBOOK

The trouble with the guestbook scheme described above is that it writes
the entries directly into the guestbook HTML file, so you can't change
the style in which the entries are shown without going back and editing
all the old entries by hand.

There is an alternative scheme, using the script GBview.pl, which
formats the guestbook when it is displayed.  GBview.pl also allows you
to split a long guestbook into multiple pages.

To use the GBview scheme, adapt the example GBview configuration file
supplied as gb.trc to your requirements, and upload it.  You will also
need to edit the configuration section of GBview.pl and upload it to
the same place as TFmail.pl.  Give all the configuration constants in
GBview.pl the same values that you used for TFmail.pl.

You will need to have the HTMLFILE_ROOT configuration constant set in
both TFmail and GBview.  Since the HTML file that TFmail rewrites isn't
viewed directly by the user in this case, it's best to set HTMLFILE_ROOT
to a location outside of the web server's document root.  See the
section on CHOOSING SECURE LOCATIONS FOR FILES above.

You will need an addguest.html file, such as the one shown in the
example above.  You must change the value of the hidden "_config" input
to "gb" in the HTML form.  You will also need to upload an empty
gbdata.html file to the HTMLFILE_ROOT directory on the server.

See http://cleaton.net/nms/agb.html for a working example of a guestbook
of this type.


SUPPORT

For support of this script please email:

  <nms-cgi-support@lists.sourceforge.net>




Home