#!/usr/local/bin/perl

#Change this path!

$COMMENT_FILE = "/home/boutell/comments.txt";

# The associative array $values will contain the data.

print "Content-type: text/html\n\n";
print "<html>\n";
print "<head>\n";

# Make sure it's a POST-method form submission 
if (! &VerifyForm()) {
	print "<title>Not a POST Form Submission</title>\n";	
	print "</head>\n";
	print "<h1>Not a POST Form Submission</h1>\n";	
	print "This page should be accessed only by submitting\n";
	print "a form using the POST method. Perhaps your\n";
	print "browser does not support forms.\n";
	print "</body></html>\n";
	exit 0;
}

#OK, it's a form submission, so parse it. 
&ParseForm();

#Use the information 

#If any field is missing, complain! 
if ((! $values{"name"}) || 
	(! $values{"email"}) || 
	(! $values{"comments"})) 
{
	print "<title>Please fill out all the fields</title>\n";	
	print "</head>\n";
	print "<h1>Please fill out all the fields</h1>\n";	
	print "Please fill out the name, email address, AND\n";
	print "comment fields. Back up to the previous page\n";
	print "to try again.\n";
	print "</body></html>\n";
	exit 0;
}			
	
#OK, we have all the data. Write it to a file in which
#we collect comments from users. Open to append, of course. 

$fname = ">>" . $COMMENT_FILE;
open(OUT, $fname);

#The format I write here just happens to be appropriate for
#reading with a typical Unix mail reader; for instance,
#mail -f comments.txt should open the file.
#No subject lines, though.

print OUT "From: ", $values{"name"}, " <", $values{"email"}, ">\n";
print OUT $values{"comments"}, "\n";
close(OUT);

print "<title>Thank you, ", $values{"name"}, "</title>\n";	
print "</head>\n";
print "<h1>Thank you, ", $values{"name"}, "</h1>\n";	
print "Thank you for your comments.\n";
print "</body></html>\n";
exit 0;

sub VerifyForm
{
	local($bad, $contentType, $requestMethod, $result);
	$bad = 0;
	# Check the content type of the data we've received
	$contentType = $ENV{"CONTENT_TYPE"};
	if ($contentType ne "application/x-www-form-urlencoded") {
		$bad = 1;
	}
	# And make sure the POST method was used 
	$requestMethod = $ENV{"REQUEST_METHOD"};
	if ($requestMethod ne "POST") {
		$bad = 1;
	}

	$result = ! $bad;
}

sub ParseForm 
{
	local($fields, $name, $value, $data);
	#Split standard input into fields

	read(STDIN, $data, $ENV{"CONTENT_LENGTH"});
	@fields = split(/&/, $data);

	#Split the fields into names and values, creating
	#an associative array indexed by the names

	foreach $item (@fields) {
		($name, $value) = split(/=/, $item);
		$name = &UnescapeString($name);
		$value = &UnescapeString($value);
		$values{$name} = $value;
	}
}

#Unescape any special characters in a string

sub UnescapeString 
{
        local($s) = $_[0];
	local($pos, $ascii);
	# Replace the + sign with spaces
	$s =~ s/\+/ /g;
	# Seek out and replace %xx hexadecimal escapes
	$pos = 0;
	while (($pos = index($s, "%", $pos)) != -1) {	
		$ascii = hex(substr($s, $pos + 1, 2));
		substr($s, $pos, 3) = pack("c", $ascii);
	}
	$s;
}