#!/usr/bin/perl -w use CGI; $SHOP_DIR = "/web/htdocs/nycmoto/shop_reviews"; #$SHOP_URL = "http://www.magpie.com/nycmoto/shop_reviews"; $MAILER = "/usr/sbin/sendmail"; $POSTMASTER = "root\@magpie.com"; $HOMEPG = "/nycmoto"; $PAGEHEADER = "

\n"; #@okaydomains=( "http://magpie.com", # "http://www.stevemanes.com"); #$DOMAIN_OK = 0; #$RF = $ENV{'HTTP_REFERER'}; #$RF =~ tr/A-Z/a-z/; # #foreach $ts (@okaydomains) { #if ($RF =~ /$ts/) { $DOMAIN_OK = 1; } #} #if ( $DOMAIN_OK == 0) { # print "Sorry"; # exit; # print "Content-type: text/html\n\n Sorry..."; # exit; #} $q = new CGI; my %data = $q->Vars; print "Content-type: text/html", "\n\n"; print < Shop Review Submission $PAGEHEADER EOF ############################### ## write review to $SHOP_DIR ## ############################### ####################################################################### ## This is a little tricky... we pass a sample HTML page back to the ## user for acceptance, stashing the information in hidden variables. ## If the user accepts it, we also set $data{'state'} = "2", which ## when it is passed back to us writes the data to an HTML file in ## SHOP_DIR. ######################################################################## if (!$data{'state'}) { $data{'state'} = 'picklist'; } if ($data{'state'} eq "1") { ## validate input entry if ($data{'poster_name'} eq "") { &reject("Your name is required."); } if ($data{'poster_email'} eq "") { &reject("Your email address is required."); } if ($data{'shop_name'} eq "") { &reject("You didn't specify the shop's name."); } if ($data{'shop_location'} eq "") { &reject("You didn't specify the shop's location."); } if ($data{'rating'} eq "" || $data{'rating'} < 0 || $data{'rating'} > 10) { &reject("Please rate the shop's work, 0 to 10."); } if ($data{'motorcycle'} eq "") { &reject("Please choose a category which best represents the type of motorcycle worked on by the shop."); } if ($data{'comments'} eq "") { &reject("Please detail your experience with the shop in the Comments area."); } if (length($data{'comments'}) < 200) { &reject("Please provide more detail about the shop in the Comments area."); } if (length($data{'comments'}) > 5000) { &reject("Please limit your comments to 5000 characters."); } ## escape any dangerous HTML tags while (my($key, $val) = each(%data)) { $data{$key} = CGI::escapeHTML($data{$key}); } print "Here is your survey report.

"; print "If it is okay, click on ACCEPT to submit it to the server.
"; print "If you've changed your mind, click on FORGET IT.

"; print "Shop: $data{'shop_name'}
\n"; print "Location: $data{'shop_location'}
\n"; print "Category: $data{'motorcycle'}
\n"; print "Delivered: $data{'date'}\n"; print "

\n"; print "Survey submitted by: $data{'poster_name'} ($data{'poster_email'})
\n"; print "NNTP host: $ENV{'REMOTE_HOST'} at $ENV{'REMOTE_ADDR'}

\n"; print "On a scale of 0 to 10, I rate this shop as \'$data{'rating'}\'.

\n"; $str = $data{'comments'}; $str =~ s/\r\n\r\n/

/g; $data{'comments'} =~ s/\"/\"/g; # escape quotation marks print "$str"; ## stuff data in hidden variables, get acceptance from user print "

\n"; $data{'state'} = "write"; foreach $key (keys(%data)) { print "\n"; } print "\n"; print "
\n"; print "FORGET IT... return to NYC Motorcyclists.

\n"; } elsif ($data{'state'} eq "write") { ## get next available HTML filename (1...x.html) $idx = 0; do { $file = sprintf("%s/%04d.html", $SHOP_DIR, ++$idx); } until (! -e $file); ## escape any dangerous HTML tags while (my($key, $val) = each(%data)) { $data{$key} =~ s//>/g; # $data{$key} = CGI::escapeHTML($data{$key}); } open(FD, ">$file") || die "Can't open $file for writing"; print FD "Shop: $data{'shop_name'}\n"; print FD "Location: $data{'shop_location'}\n"; print FD "Category: $data{'motorcycle'}\n"; print FD "Rating: $data{'rating'}\n"; print FD "Delivered: $data{'date'}\n"; print FD "Submitted by: $data{'poster_name'}\n"; print FD "Email: $data{'poster_email'}\n"; print FD "Host: $ENV{'REMOTE_HOST'} at $ENV{'REMOTE_ADDR'}\n"; ($j, $j, $j, $mday, $mon, $year) = localtime(time); $year += 1900; printf FD ("Date: %d/%d/%d\n\n", $mon+1, $mday, $year); $data{'comments'} =~ s/\r//g; print FD "$data{'comments'}\n"; print STDOUT "

Survey written!

"; &mailadmin($file, $data{'poster_name'}); } elsif ($data{'state'} eq "picklist") { ## display a picklist of shops print "

Survey List

\n"; $idx = 1; do { $file = sprintf("%s/%04d.html", $SHOP_DIR, $idx); open(FD, "<$file") && do { while () { chop; $_ = CGI::unescapeHTML($_); if (/^Shop: /) { $shop = $'; } elsif (/^Location: /) { $location = $'; } elsif (/^Category: /) { $category = $'; } } close FD; $htmlfile = sprintf("%04d.html", $idx); push(@shops, "

\n"; print "
\n"; print "\n"; # print "
\n"; print "
\n"; } elsif ($data{'state'} eq "show") { ## show a review in SHOP_DIR if ($data{'file'} eq "") { print "

\n"; print "Please click on a shop survey first, then click on \"Read Survey\"\n"; print "

\n"; exit 0; } # Alphanumerics only $data{'file'} =~ /^(\w+)$/; $data{'file'} = &detaint($data{'file'}); $file = "${SHOP_DIR}/$data{'file'}"; open(FD, "<$file") || die "Can't open $file"; print "

Customer Shop Survey

\n"; while () { chop; if (/^Shop: /) { $shop = $'; } elsif (/^Location: /) { $location = $'; } elsif (/^Category: /) { $category = $'; } elsif (/^Submitted by: /) { $name = $'; } elsif (/^Email: /) { $email = $'; } elsif (/^Host: /) { $host = $' || 'unknown'; } elsif (/^Rating: /) { $rating = $'; } elsif (/^Date: /) { $date = $'; } elsif (/^Delivered: /) { $delivered = $' || ''; } elsif (length($_) < 1) { last; } } print "Shop: $shop
\n"; print "Location: $location
\n"; print "Category: $category
\n"; print "Rating (on scale of 0 to 10): $rating\n"; print "

\n"; print "Survey submitted by: $name ($email)
\n"; print "Host: $host
\n"; print "Incident date: $delivered
\n"; print "Date report submitted: $date\n"; print "

\n"; while () { if (/^\n/) { print "

\n"; } else { print; } } close FD; } print STDOUT "

Back

NYC Motorcyclists\n"; exit 0; ##################################### ## reject survey with error message ##################################### sub reject { local($str) = @_; print "

Woops!

\n"; print "

Your survey was rejected for the following reason:

\n"; print "$str

\n"; print "Please click the Back button on your browser, edit this entry "; print "and click on Submit Review again.

\n"; exit 0; } ###################################################### ## send a message to the admin about the submission ###################################################### sub mailadmin { local($file, $user) = @_; open(MAIL, "|$MAILER $POSTMASTER") || die "Can't create pipe to $MAILER"; print MAIL "Subject: NYC-Moto Shop Survey Submission\n\n"; print MAIL "File $file has been received from $user.\n\n"; close MAIL; } ################################## ## detaint ################################## sub detaint { $_ = shift; s/\-+(.*)/\$1/g; s/(.*)[ \t]+\-(.*)/\$1\$2/g; tr/\$\'\`\"\<\>\/\;\!\|/_/; return($_); }