Simple Maildata Forwarder
<form method="post" action="/cgi/smf.cgi" name="Software Registration"> <input type=hidden name=smf_mailto value="email@example.com"> <input type=hidden name=smf_subject value="New Registrant for Software"> <input type=hidden name=smf_continue value="thankyou.html"> <input type=hidden name=smf_order value="Firstname,Lastname,Email"> smf.cgi?name=apple,fcn=edit <p><b>First Name:</b><br> <input type=text name=Firstname size=60></p> <input type=hidden name=smfrx_Firstname value="^\w+"> <p><b>Last Name:</b><br> <input type=text name=Lastname size=60></p> <input type=hidden name=smfrx_Lastname value="^\w+"> <p><b>E-mail Address:</b><br> <input type=text name=Email size=60></p> <input type=hidden name=smfrx_Email value="^\S+@\S+"> <p><b><input type="submit" name="Submit" value="Submit Registration"></b></p> </form>
Use this program as a CGI script to Email the results of some form to a particular user or set of users. This is convenience for cases like software registration forms, where the user provides various details and then the information is mailed to someone for further processing.
All input to the CGI script is provided by variables in the form which begin with 'smf_'. These control the behavior of the script including which form variables are put in the Email and to whom the Email is sent.
The body of the Email that is sent to the address in 'smf_mailto' and will contain the keywords you specify (see variable 'smf_order' in the example) like this (based on the HTML form above):
'smf_subject' (or No Subject)
Firstname=value Lastname=value Email=value
This script is inherently insecure - it's purpose is to receive data using a web browser and then send it via Email to someone. While this is very convenient, it always introduces some level of risk.
The CGI script can be placed in your /cgi-bin (or whatever you call it) or if your web server permits, in a directory in HTDOC. If using this latter method, you can create a .htaccess file which will require a userid/password combination before the CGI can even be invoked. This seems like a good idea.
Choose your protocol carefully. All data passed between the browser and the web server (including password prompts, invoking CGI scripts and data) are sent in clear text if you use HTTP. A more secure protocol is to use HTTPS.
You are encouraged to use HTTPS and the auth=, validfcns= and validusers= keys in the configuration file for the best security. Realize though, that the only way to be completely secure is to not use a web browser to directly change data.
The form contains a control to restrict the Email domain to whom you are sending data to one domain. This is intended to prevent just anyone on the web from using your copy of smf.cgi. Look for this constant at the top of the code.
This is a CGI script and while the program exits with the proper return codes for an application, they are ignored.
Written by Terry Gliedt <firstname.lastname@example.org