Simple Maildata Forwarder

Download this program


  <form method="post" action="/cgi/smf.cgi" name="Software Registration">
  <input type=hidden name=smf_mailto value="">
  <input type=hidden name=smf_subject value="New Registrant for Software">
  <input type=hidden name=smf_continue value="thankyou.html">
  <input type=hidden name=smf_order value="Firstname,Lastname,Email">
  <p><b>First Name:</b><br> <input type=text name=Firstname size=60></p>
  <input type=hidden name=smfrx_Firstname value="^\w+">
  <p><b>Last Name:</b><br> <input type=text name=Lastname size=60></p>
  <input type=hidden name=smfrx_Lastname value="^\w+">
  <p><b>E-mail Address:</b><br> <input type=text name=Email size=60></p>
  <input type=hidden name=smfrx_Email value="^\S+@\S+">
  <p><b><input type="submit" name="Submit" value="Submit Registration"></b></p>


Use this program as a CGI script to Email the results of some form to a particular user or set of users. This is convenience for cases like software registration forms, where the user provides various details and then the information is mailed to someone for further processing.

All input to the CGI script is provided by variables in the form which begin with 'smf_'. These control the behavior of the script including which form variables are put in the Email and to whom the Email is sent.

The body of the Email that is sent to the address in 'smf_mailto' and will contain the keywords you specify (see variable 'smf_order' in the example) like this (based on the HTML form above):

   'smf_subject' (or No Subject)


This script is inherently insecure - it's purpose is to receive data using a web browser and then send it via Email to someone. While this is very convenient, it always introduces some level of risk.

The CGI script can be placed in your /cgi-bin (or whatever you call it) or if your web server permits, in a directory in HTDOC. If using this latter method, you can create a .htaccess file which will require a userid/password combination before the CGI can even be invoked. This seems like a good idea.

Choose your protocol carefully. All data passed between the browser and the web server (including password prompts, invoking CGI scripts and data) are sent in clear text if you use HTTP. A more secure protocol is to use HTTPS.

You are encouraged to use HTTPS and the auth=, validfcns= and validusers= keys in the configuration file for the best security. Realize though, that the only way to be completely secure is to not use a web browser to directly change data.

The form contains a control to restrict the Email domain to whom you are sending data to one domain. This is intended to prevent just anyone on the web from using your copy of smf.cgi. Look for this constant at the top of the code.


These are arbitrary names of form variables and their values which are forwarded on a part of the Email.


Required. Specifies the Email address to mail data to.

Specifies the subject for the mail. It defaults t; 'No Subject'.

Specifies a level of debugging. If this is enabled, various details are written to as HTML output.

Specifies the name of columns to Email. Each name must correspond to a FORM field name.

Allows to to specify a Perl regular expression to use to verify the form has valid data. This is unlikely to be complete verification of an input value, but you can use it to avoid obvious errors and to force certain fields to be required.

In the example at the top of this text, lastname is required by forcing the user to provide a non-whitespace character in the beginning of the 'Lastname' text box.

Similarly, a modest check is made for the Email address provided by requiring it to look like 'characters@characters'.

Upon completion of the form, you may specify a URL to continue with. On the example above, we continue with 'thankyou.html'.

Upon completion of the form, if the field 'key' in the form was equal to a 'value', then we continue with a link to the destination provided. This allows a modest amount of control based on how the form was filled out.


This is a CGI script and while the program exits with the proper return codes for an application, they are ignored.


Written by Terry Gliedt <> in 2000-2004 and is is free software. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; See