Menu
▾
▴
nms-cgi-devel — Developers discussion for NMS CGI programs
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(90) |
Dec
(25) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(183) |
Feb
(124) |
Mar
(123) |
Apr
(75) |
May
(49) |
Jun
(60) |
Jul
(58) |
Aug
(41) |
Sep
(27) |
Oct
(30) |
Nov
(13) |
Dec
(19) |
| 2003 |
Jan
(119) |
Feb
(70) |
Mar
(5) |
Apr
(16) |
May
(3) |
Jun
(1) |
Jul
|
Aug
|
Sep
(1) |
Oct
(3) |
Nov
(4) |
Dec
(7) |
| 2004 |
Jan
(9) |
Feb
|
Mar
(1) |
Apr
(7) |
May
(12) |
Jun
(4) |
Jul
(11) |
Aug
(17) |
Sep
(3) |
Oct
(15) |
Nov
(7) |
Dec
(2) |
| 2005 |
Jan
(4) |
Feb
(7) |
Mar
(2) |
Apr
(2) |
May
|
Jun
(1) |
Jul
(3) |
Aug
(1) |
Sep
(9) |
Oct
(4) |
Nov
(1) |
Dec
|
| 2006 |
Jan
(5) |
Feb
(7) |
Mar
(19) |
Apr
(8) |
May
(6) |
Jun
(2) |
Jul
(1) |
Aug
|
Sep
(1) |
Oct
(1) |
Nov
(1) |
Dec
(1) |
| 2007 |
Jan
(1) |
Feb
|
Mar
(4) |
Apr
(2) |
May
(2) |
Jun
(1) |
Jul
(1) |
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
(1) |
| 2008 |
Jan
|
Feb
(3) |
Mar
|
Apr
(1) |
May
|
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
(4) |
Nov
|
Dec
|
| 2009 |
Jan
(2) |
Feb
(2) |
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2010 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
| 2012 |
Jan
(2) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: SourceForge.net <no...@so...> - 2012-01-11 20:59:28
|
Feature Requests item #3472555, was opened at 2012-01-11 12:58 Message generated for change (Settings changed) made by mapopa You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=425772&aid=3472555&group_id=39625 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Priority: 5 Private: No Submitted By: mariuz (mapopa) Assigned to: Nobody/Anonymous (nobody) >Summary: in debug mode add fatalsToBrowser to TFmail.pl Initial Comment: It is a lot easier for host that don't give access to error logs use CGI::Carp qw(fatalsToBrowser); See my problem with one of these shared servers http://mapopa.blogspot.com/2012/01/debugging-tips-for-perl-tfmailpl-on.html ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=425772&aid=3472555&group_id=39625 |
|
From: SourceForge.net <no...@so...> - 2012-01-11 20:58:36
|
Feature Requests item #3472555, was opened at 2012-01-11 12:58 Message generated for change (Tracker Item Submitted) made by mapopa You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=425772&aid=3472555&group_id=39625 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Priority: 5 Private: No Submitted By: mariuz (mapopa) Assigned to: Nobody/Anonymous (nobody) Summary: in debug mode add atalsToBrowser) Initial Comment: It is a lot easier for host that don't give access to error logs use CGI::Carp qw(fatalsToBrowser); See my problem with one of these shared servers http://mapopa.blogspot.com/2012/01/debugging-tips-for-perl-tfmailpl-on.html ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=425772&aid=3472555&group_id=39625 |
|
From: Ben S. <mai...@gm...> - 2009-08-04 02:33:36
|
Hello, world!
I just joined this list last week. Haven't seen any traffic yet.
Anybody here?
Below is a patch against TFmail 1.38. It makes the following changes:
1. In submitted form fields, converts (encoded CR LF)
sequences into newlines. Some browsers encode newlines in TEXTAREA
fields. Before, users would get hard-to-read mess. Now they get
properly formatted text. This may break scripts that assume
one-line-per-field, but our submissions go to people, not scripts.
2. Some basic features to counter spam submissions to HTML forms.
The anti-spam features discard form submissions which trigger spam
detectors. They controlled by the following new config options:
reject_html: declares form fields which should never contain HTML
trapfield: declares form fields which should never contain anything
spam_redirect: URL to redirect browser to if spam detected
spam_template: file name of template to feed browser if spam detected
spamlog: file name of log for spam detections
It appears most spam scripts blast HTML into TEXTAREAs, so by
looking for HTML in fields that should never contain it, we can detect
spam. Likewise, most spam scripts appear to blast something into
every field. By configuring a "trap field" which should be left
blank, spam can be detected. CSS can be used to make a trap hidden;
most spam scripts apparently don't parse CSS.
The HTML detection is currently ridiculously simplistic, but it also
appears to be effective for almost all cases. In fact, I haven't had
a need to employ a trap field yet.
Response on spam detection is much like response to missing input
for required fields. You can use an HTML template or redirect to a
URL. The template is parsed like all the others, so if you want, you
can even have it list what fields triggered. Useful for debugging.
For real-world use, it's not a good idea to tell spammers what to do
differently. We use a generic "We could not process your submission.
Please contact blah blah blah." message for that.
You can optionally log spam detections to a log file. This could be
used to monitor how many spam attempts you're getting. It also logs
the fields which triggered the detection, so you can see if the
spammers are trying different things. It may also reveal false
positives.
Hope this helps someone!
-- Ben Scott (AKA bscott, AKA DragonHawk, AKA mailvortex)
--- TFmail-1.38.pl 2006-02-09 21:40:04.000000000 -0500
+++ TFmail.pl 2009-08-03 22:12:16.481039400 -0400
@@ -2,6 +2,7 @@
use strict;
#
# $Id: TFmail.pl,v 1.38 2006/02/09 21:40:27 gellyfish Exp $
+# Modifications by bscott, release 1, 2009 Aug 03
#
# USER CONFIGURATION SECTION
# --------------------------
@@ -52,6 +53,8 @@
use lib LIBDIR;
use NMStreq;
use NMSCharset;
+use POSIX qw(strftime); # spam_log generates its own datestamps
+
BEGIN
{
if (MIME_LITE)
@@ -71,6 +74,7 @@
use vars qw($VERSION);
$VERSION = substr q$Revision: 1.38 $, 10, -1;
+ $VERSION .= '-bscott1';
}
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
@@ -168,6 +172,8 @@
if ( check_required_fields($treq) )
{
+ if ( check_spam_content($treq) )
+ {
setup_input_fields($treq);
my $confto = send_main_email($treq, $recipients);
if ( HTMLFILE_ROOT ne '' )
@@ -191,6 +197,12 @@
}
else
{
+ spam_html($treq);
+ spam_log($treq) if (LOGFILE_ROOT ne '');
+ }
+ }
+ else
+ {
missing_html($treq);
}
}
@@ -529,6 +541,50 @@
}
}
+=item check_spam_content ( TREQ )
+
+Returns false if any fields contain apparent spam,
+true otherwise.
+
+=cut
+
+sub check_spam_content
+{
+ my ($treq) = @_;
+
+ my @has_spam = (); # fields found to have spam
+
+ # check fields configured to prohibit HTML
+ my @reject_html = split /\s*,\s*/, $treq->config('reject_html', '');
+ foreach my $r (@reject_html)
+ {
+ # this is VERY basic at this point. we are only looking for
</a>, something common in almost all
+ # spam messages that come through and very unlikely to be
entered by a legitimate user.
+ push @has_spam, $r if $treq->param($r) =~ m{<\s*/a\s*>}i;
+ }
+
+ my @trapfield = split /\s*,\s*/, $treq->config('trapfield', '');
+ foreach my $r (@trapfield)
+ {
+ # if a trapfield has any non-whitespace content, it is spam
+ push @has_spam, $r if $treq->param($r) =~ m{\S+}i;
+ }
+
+ # if any fields had spam, we reject the submission, after
installing field handlers
+ if (scalar @has_spam)
+ {
+ $treq->install_foreach(
+ 'spam_field',
+ [map { {name => $_, value => $treq->param($_)} } @has_spam]
+ );
+ return 0; # has spam
+ }
+ else
+ {
+ return 1; # no spam detected
+ }
+}
+
=item setup_input_fields ( TREQ )
Installs a FOREACH directive in the TREQ object to
@@ -713,7 +769,10 @@
$save = clean_template($treq);
}
- $msg->{body} = $treq->process_template($template, 'email', undef);
+ my $body;
+ $body = $treq->process_template($template, 'email', undef);
+ $body =~ s{ }{\n}g; # convert any sequences to newlines
+ $msg->{body} = $body;
if ( dangerous_recipient($treq))
{
@@ -1043,8 +1102,9 @@
my ($treq) = @_;
my $file = $treq->config('logfile', '');
+ return unless $file; # no logging if config didn't request it
$file = $treq->process_template("\%$file",'email', undef);
- return unless $file;
+ return unless $file; # no logging if that left us nothing
$file =~ m#^([\/\-\w]{1,100})$# or die "bad logfile name [$file]";
$file = $1;
@@ -1177,6 +1237,87 @@
}
}
+=item spam_html ( TREQ )
+
+Generates the output page in the case where submission
+failed anti-spam checks.
+
+=cut
+
+sub spam_html
+{
+ my ($treq) = @_;
+
+ my $redirect = $treq->config('spam_redirect');
+ if ( $redirect )
+ {
+ print "Location: $redirect\n\n";
+ }
+ else
+ {
+ html_page($treq, $treq->config('spam_template','spam'));
+ }
+}
+
+=item spam_log ( TREQ )
+
+Logs submissions rejected as spam, if so configured.
+
+=cut
+
+sub spam_log
+{
+
+ my ($treq) = @_;
+
+ # get requested log file name from config
+ my $spamlog = $treq->config('spamlog', '');
+ return unless $spamlog; # no logging if config didn't request it
+
+ # make sure log file contains only word characters, dir separator
(/), or dash (-)
+ $spamlog =~ m#^([\/\-\w]{1,100})$# or die "bad spam log file name
[$spamlog]";
+ $spamlog = $1; # de-taint
+
+ # build full path name of log file
+ $spamlog = LOGFILE_ROOT . '/' . $spamlog . LOGFILE_EXT;
+
+ # build log message
+ my $logtrt =
+ '%' .
+ strftime ('%Y-%m-%d %H:%M:%S ', localtime) .
+ '{= env.REMOTE_ADDR =} ' .
+ '(' .
+ 'via=<{= env.HTTP_VIA =}> ' .
+ 'UA=<{= env.HTTP_USER_AGENT =}>' .
+ '): ' .
+ '{= FOREACH spam_field =}<{= name =}>=<{= value =}> {= END =}'
+ ;
+
+ open SPAMLOG,"+>>$spamlog" or die "$spamlog: open: $!";
+
+ # get lock for writing, or about
+ if (!(flock SPAMLOG, LOCK_EX))
+ {
+ warn "$spamlog: flock: $!";
+ close SPAMLOG or die "$spamlog: close: $1";
+ return;
+ }
+
+ # seek to end for append
+ seek SPAMLOG, 0, 2 or die "$spamlog: seek: $!";
+
+ # record the log entry
+ $treq->process_template(
+ $logtrt,
+ 'email',
+ \*SPAMLOG
+ );
+
+ # finish up
+ close SPAMLOG or die "$spamlog: close: $1";
+
+} # spam_log
+
=item return_html ( TREQ )
Generates the output page in the case where the email has been
|
|
From: Dave C. <da...@us...> - 2009-05-17 20:05:10
|
Hello all, Things have been pretty quiet round here for some time. The last check-in to the nms code repository was in 2006 or something like that. I'm not sure why that is. Perhaps the nms programs are all finished and there's nothing more to do. Or perhaps it's all a bit too much of a hassle to be involved. I'll admit that we all got a bit stuck in the past and we were still using Sourceforge's CVS repositories. And who remembers how to still use CVS? I know it has me scratching my head every time I consider doing anything with nms. So this afternoon, I've been looking around and I discovered that Sourceforge offer Git support for all of their projects. And I've moved nms to Git (via Subversion - as that seemed the easiest route to take). You can find all the details you'll need to access the Git repository at: https://sourceforge.net/scm/?type=git&group_id=39625 And there's a Gitweb installation at: http://nms-cgi.git.sourceforge.net/git/gitweb.cgi?p=nms-cgi In order to have write access to the repository, you'll need to be a member of the project and I'll need to give you access. But I'm happy to be pretty liberal with those permissions. Let me know if you need any more information. Or if you have any plans to work on anything for the project. Cheers, Dave... |
|
From: <me...@st...> - 2009-02-10 19:52:13
|
glad to hear you solved your problem. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <me...@st...> <URL:http://www.stonehenge.com/merlyn/> Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion |
|
From: Lewis K. <nm...@dm...> - 2009-02-08 23:10:35
|
At 12:20 PM -0800 1/29/09, Randal L. Schwartz wrote:
>>>>>> "Lewis" == Lewis Kirk <nm...@dm...> writes:
>
>Lewis> Is there some reason that $ENV{REMOTE_ADDR} picks up this syntax? Or is
>Lewis> it a spam technique?
>
Randal> If you're sure you're looking at REMOTE_ADDR, and it's not simply an IP
Randal> address, this would be a question for your hosting operator, not for us.
>
OK. I found it. I am using Guestbook.pl,v 1.52 and it uses POSIX. There are two places where I replaced "my $remote = remote_host();" with "my $remote = $ENV{REMOTE_ADDR};". Now I get a normal IP address which I can use in the banned list.
Then I tried using my $remote = remote_addr(); and that seems to work also with POSIX.
|
|
From: <me...@st...> - 2009-01-29 20:47:34
|
>>>>> "Lewis" == Lewis Kirk <nm...@dm...> writes:
Lewis> Is there some reason that $ENV{REMOTE_ADDR} picks up this syntax? Or is
Lewis> it a spam technique?
If you're sure you're looking at REMOTE_ADDR, and it's not simply an IP
address, this would be a question for your hosting operator, not for us.
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<me...@st...> <URL:http://www.stonehenge.com/merlyn/>
Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc.
See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion
|
|
From: Lewis K. <nm...@dm...> - 2009-01-29 18:55:33
|
I have been using the Guestbook with the admin and delete the spam. I sometimes block the IP addresses if they are from known spam spewers and become annoying; however, lately the IP addresses being displayed in the log look like: 216-31-225-6.static-ip.telepacific.net 198.235.14.30 ip-72-55-188-250.static.privatedns.com 82.173.92.64.static.reverse.ltdomains.com 198.65.122.125 ns.km10329.keymachine.de 41.220.227.2 mailer2.mtvi.com cpe-024-168-247-224.sc.res.rr.com ns.km10329.keymachine.de 72.52.96.51 mailer2.mtvi.com 151.11.232.92 74.223.57.126.nw.nuvox.net 89-149-241-118.internetserviceteam.com www.macs.net host99.190-139-105.telecom.net.ar 89-149-227-238.internetserviceteam.com (I modified the script so that it will list only IP addresses to make it easier to copy them to the banned list.) Is there some reason that $ENV{REMOTE_ADDR} picks up this syntax? Or is it a spam technique? Thanks! |
|
From: Samuel M. (Home) <le...@ab...> - 2008-10-21 15:47:51
|
G'day everyone I did a brief search of the archives and did not find a wishlist item like this one. It would be great if there could be a survey script. The survey script would basically be a formmail script with more elaborate instructions or commented-out HTML. It must be possible to have multipage surveys. One way to kludge the fact that a single visitor may submit multiple pages (and therefore multiple mails) is to have a "name" field at the top for the person's name (or code), that is stored in a cookie and automatically filled in on each subsequent page's "name" field, until the last page of the survey is reached, at which time the cookie is deleted. This will means multiple mails per visitor, but at least you'll be able to see which mails belong to which users. I guess it could be made more sophisticated too, if the script can store the information from the previous pages until the last page is reached, and only send the survey results when the final submit button is pressed. Then you'll get a single e-mail instead of several. The cookie can still be used, perhaps, to ensure that multiple and simultaneous visitors from the same IP address are not confused with each other on the server. There are several free survey sites but they all offer very limited free services (eg only 10 responses, or only a summary of results), or the display banner adverts inappropriate for the survey. The reason for multipage surveys is simple: nothing is more annoying than filling in a long form and then the browser hangs or you accidently close the page. A survey script would avoid that -- the user can stop the survey at any time and continue from where he left off later. Your thoughts? Samuel |
|
From: Phil W. <nm...@ju...> - 2008-10-14 17:05:15
|
Hello,
I have successfully used TFMail for some time now, and find that it
fits almost all of my needs. Thank you all for that.
However, recently, I have come across one scenario which, although I
had assumed would be quite possible, seems not to be so. My apologies
if I have not RTFM - pointers would be gratefully received...
I have a form, the contents of which are to be emailed to me (so far,
so standard). However, the resultant email must be multipart/mixed MIME
encapsulated message.
in particular, it should end up with an attachment in the form of:
--foobar
Content-Type: text/calendar; charset=ISO-8859-1; method=REQUEST
Content-Transfer-Encoding: 7bit
BEGIN:VCALENDAR
VERSION:2.0
CALSCALE:GREGORIAN
METHOD:REQUEST
BEGIN:VEVENT
DTSTART:{= date =}
...and so on ...
Is this possible with the TFMail script as-is? Alternatively, what
degree of modification would be required to all for this?
Many thanks,
Phil.
|
|
From: SourceForge.net <no...@so...> - 2008-06-30 19:52:54
|
Feature Requests item #1948117, was opened at 2008-04-21 13:26 Message generated for change (Comment added) made by girardot You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=425772&aid=1948117&group_id=39625 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Interface Improvements (example) Group: None Status: Open Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: Add CAPTCHA? Initial Comment: Our NMS FormMail script as been getting spammed as of late. It seems having CAPTCHA or at least an OPTION for CAPTCHA would be nice. reCAPTCHA (http://recaptcha.net/resources.html) looks like an easy thing to add/implement. The problem is I don't know where in the NMS FormMail script to add it myself (or I would). Obviously, one of the user configurations would be for the reCAPTCHA API keys (so being an OPTION is nice). If NMS FormMail is no longer being developed or if this is a feature that would NOT be added I would like to at least be contacted by someone who could help my add it to my implementation of NMS FormMail. Thank you, Mike Michaelson mi...@pe... ---------------------------------------------------------------------- Comment By: blake girardot (girardot) Date: 2008-06-30 15:53 Message: Logged In: YES user_id=135704 Originator: NO Here is one way to add reCaptcha support, less than perfect, but it works. In case it doesn't post properly here is a link to it on the web displaying properly: http://groups.google.com/group/recaptcha/browse_thread/thread/b4b35aa61353d485 These are notes for how I added reCaptcha support to the NMS version of FormMail.pl (http://nms-cgi.sourceforge.net/), a much better version of the original FormMail.pl. reCaptcha is a specific implementation of the general captcha idea and more information about it can be found here: http://recaptcha.net/ I have the fully self contained, stand alone version of NMS FormMail.pl installed, called the "compat" version on the sourceforge page. This basically means the FormMail.pl script has all the code it needs are all in the one file, it has embedded any other modules it might need to work directly in its own script. This makes it fully self contained and doesn't need any additional modules to work making installation simple. My method installs the reCaptcha perl module in the system wide perl installation and then calls that perl module from the FormMail.pl script. I took the example perl code from http://code.google.com/p/recaptcha/, stripped out the HTML parts and stuck it in the FormMail.pl script following the conventions used in that script as best I could. I am not a perl expert so I can't promise this is the best way to accomplish this goal, but it does meet my needs just fine. I am all for someone who really knows perl doing it the right way but people have been asking around for a while and I haven't seen any other solutions on the internet yet so I thought I would take a stab at it. 1. Install the reCaptcha perl module, at the time of writing this the latest version was 0.92 http://search.cpan.org/~andya/Captcha-reCAPTCHA/ Directly edit the FormMail.pl script, add the two single lines and the two following functions: 2. Line 1034 is blank, change it to: use Captcha::reCAPTCHA; 3. Line 2094 is blank, change it to: $self->check_recaptcha or return; 4. Insert the following two functions into the FormMail.pl script starting at line 2104. Replace YOUR_PRIVATE_KEY_HERE with your actual private key from the reCaptcha folks: # START additions to support reCaptcha verification =item check_recaptcha ( ) Uses the reCaptcha perl module to CHECK the user entered words. =cut sub check_recaptcha { my ($self) = @_; use constant PRIVATE_KEY => 'YOUR_PRIVATE_KEY_HERE'; my $c = Captcha::reCAPTCHA->new; if ( $self->{Form}{recaptcha_response_field} ) { my $result = $c->check_answer( PRIVATE_KEY, $ENV{'REMOTE_ADDR'}, $self->{Form}{recaptcha_challenge_field}, $self->{Form}{recaptcha_response_field} ); if ( $result->{is_valid} ) { return 1; } else { $self->bad_recaptcha_error_page; return 0; } } else { $self->bad_recaptcha_error_page; return 0; } } =item bad_recaptcha_error_page () Outputs the error page for a bad or missing reCaptcha user entry. =cut sub bad_recaptcha_error_page { my ($self) = @_; my $errhtml = <<END; <p> The validation word response was missing or not correct. All test phrases are two words long so your entry should be two words as well. The presented words are generated automatically from a scanned book and are often hard to read. Please use the back button in your browser to return to the form and you will automatically have two new words. There is a small refresh icon next to the response field that will generate two new words if you can not read the two words presented. </p> END $self->error_page( 'Error: Incorrect or Missing Challenge Words', $errhtml ); } # END additions to support reCaptcha verification 5. Insert the following javascript in your form html to generate the challenge words box from reCaptcha. I use a static HTML form to feed my FormMail.pl script so I use the javascript code from reCaptcha to generate the challenge words. This javascript code can be found here http://recaptcha.net/apidocs/captcha/client.html since it might not display properly below depending on where you are reading these notes. <script type="text/javascript" src="http://api.recaptcha.net/challenge?k=<your_public_key>"> </script> <noscript> <iframe src="http://api.recaptcha.net/noscript?k=<your_public_key>" height="300" width="500" frameborder="0"></iframe><br> <textarea name="recaptcha_challenge_field" rows="3" cols="40"> </textarea> <input type="hidden" name="recaptcha_response_field" value="manual_challenge"> </noscript> That should about do it really, those are all the changes I made to my set up to get reCaptcha support in NMS FormMail.pl. Best wishes, Blake Girardot bgirardot funnyatsymbol gmail com ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=425772&aid=1948117&group_id=39625 |
|
From: SourceForge.net <no...@so...> - 2008-04-21 17:26:08
|
Feature Requests item #1948117, was opened at 2008-04-21 10:26 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=425772&aid=1948117&group_id=39625 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Interface Improvements (example) Group: None Status: Open Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: Add CAPTCHA? Initial Comment: Our NMS FormMail script as been getting spammed as of late. It seems having CAPTCHA or at least an OPTION for CAPTCHA would be nice. reCAPTCHA (http://recaptcha.net/resources.html) looks like an easy thing to add/implement. The problem is I don't know where in the NMS FormMail script to add it myself (or I would). Obviously, one of the user configurations would be for the reCAPTCHA API keys (so being an OPTION is nice). If NMS FormMail is no longer being developed or if this is a feature that would NOT be added I would like to at least be contacted by someone who could help my add it to my implementation of NMS FormMail. Thank you, Mike Michaelson mi...@pe... ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=425772&aid=1948117&group_id=39625 |
|
From: SourceForge.net <no...@so...> - 2008-02-28 23:32:21
|
Patches item #1904294, was opened at 2008-02-28 16:40 Message generated for change (Comment added) made by kona You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=425771&aid=1904294&group_id=39625 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: William McKee (kona) Assigned to: Nobody/Anonymous (nobody) Summary: Patch for adding support for writing form submissions to CSV Initial Comment: I needed to be able to write form submissions to a CSV file for backup and data manipulation. The following patch does the job. NOTES: 1. It requires Text::CSV be availble 2. A new config parameter called 'csv_file' is expected with the path to write the file to 3. A header line is only output if the file exists and size is 0 4. If you change your form, you should reset your csv file. No warnings are in place to let you know that changes are happening. ---------------------------------------------------------------------- >Comment By: William McKee (kona) Date: 2008-02-28 18:32 Message: Logged In: YES user_id=224605 Originator: YES In addition, if you want fields like 'email' to come through into the csv file, you need to add include_config_NAME. Here's an example of a %more_config settings for setting the csv_file and include: %more_config = ( 'csv_file' => '/home/garlicgold/public_html/cgi/sample_form_db.csv', 'include_config_email' => 1, ); ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=425771&aid=1904294&group_id=39625 |
|
From: SourceForge.net <no...@so...> - 2008-02-28 21:40:21
|
Patches item #1904294, was opened at 2008-02-28 16:40 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=425771&aid=1904294&group_id=39625 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: William McKee (kona) Assigned to: Nobody/Anonymous (nobody) Summary: Patch for adding support for writing form submissions to CSV Initial Comment: I needed to be able to write form submissions to a CSV file for backup and data manipulation. The following patch does the job. NOTES: 1. It requires Text::CSV be availble 2. A new config parameter called 'csv_file' is expected with the path to write the file to 3. A header line is only output if the file exists and size is 0 4. If you change your form, you should reset your csv file. No warnings are in place to let you know that changes are happening. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=425771&aid=1904294&group_id=39625 |
|
From: SourceForge.net <no...@so...> - 2008-02-26 16:49:53
|
Bugs item #1902325, was opened at 2008-02-26 08:39 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=425769&aid=1902325&group_id=39625 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: Formmail bug Initial Comment: NMS FormMail Version 3.14c1 has a bug in which the script errors "The HTML form fails to specify the POST method" on submit. The error is on line 2235: if ($method ne 'POST') The 'ne' operator is wrong and should be 'eq'. I ran into this when my web host switched to a new platform and the NMS script no longer worked. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=425769&aid=1902325&group_id=39625 |
|
From: SourceForge.net <no...@so...> - 2007-12-03 23:25:02
|
Support Requests item #1843724, was opened at 2007-12-03 18:25 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=425770&aid=1843724&group_id=39625 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: B Sanders (barbisanders) Assigned to: Nobody/Anonymous (nobody) Summary: NMS FormMail Version 3.14c1 - 'bad referer' Initial Comment: This is the only part of the original *.pl file I've altered: BEGIN { $DEBUGGING = 1; $emulate_matts_code= 0; $secure = 1; $allow_empty_ref = 1; $max_recipients = 5; $mailprog = '/usr/lib/sendmail -oi -t'; $postmaster = 'bar...@ac...'; @referers = qw(www.actionmechanics.com); @allow_mail_to = qw(bar...@ac...); @recipients = (); %recipient_alias = (); @valid_ENV = qw(REMOTE_HOST REMOTE_ADDR REMOTE_USER HTTP_USER_AGENT); $locale = ''; $charset = 'iso-8859-1'; $date_fmt = '%A, %B %d, %Y at %H:%M:%S'; $style = '/MMC/css/MMC_general.css'; $no_content = 0; $double_spacing = 1; $wrap_text = 0; $wrap_style = 1; $address_style = 0; $send_confirmation_mail = 0; $confirmation_text = <<'END_OF_CONFIRMATION'; It works fine on most computers from a variety of home and office locations, but one particular doctor's office is getting the 'bad referer' error, even though I have the $allow_empty_ref set to 1. Any suggestions? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=425770&aid=1843724&group_id=39625 |
|
From: SourceForge.net <no...@so...> - 2007-07-11 19:17:00
|
Support Requests item #1752164, was opened at 2007-07-11 14:17 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=425770&aid=1752164&group_id=39625 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: 4WardMotion (tyy) Assigned to: Nobody/Anonymous (nobody) Summary: Redirect Issues Initial Comment: I am having a problem with the formmail.pl script and getting my contact form to redirect to my thank you page and not to the default page of the script. Here are the changes that I have made to the script and my html code: BEGIN { $DEBUGGING = 1; $emulate_matts_code= 0; $secure = 1; $allow_empty_ref = 1; $max_recipients = 2; $mailprog = '/usr/sbin/sendmail -oi -t -f mail@cre...'; $postmaster = ''; @referers = qw(www.cre...); @allow_mail_to = qw(mail@cre...); @recipients = (); %recipient_alias = (); @valid_ENV = qw(REMOTE_HOST REMOTE_ADDR REMOTE_USER HTTP_USER_AGENT); $locale = ''; $charset = 'iso-8859-1'; $date_fmt = '%A, %B %d, %Y at %H:%M:%S'; $style = '/css/nms.css'; $no_content = 0; $double_spacing = 1; $wrap_text = 0; $wrap_style = 1; $address_style = 0; $send_confirmation_mail = 0; $confirmation_text = <<'END_OF_CONFIRMATION'; From: mail@cre... Subject: form submission Thank you for your form submission. END_OF_CONFIRMATION HTML Code: <input name="redirect" type="hidden" id="redirect" value="http://www.cre....com/thank_you.html" /> Thank you for your help. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=425770&aid=1752164&group_id=39625 |
|
From: Dave C. <da...@da...> - 2007-06-05 12:13:18
|
Tuc at T-B-O-H.NET wrote: > Hi, > > Is this list active any? I didn't see any replies to my "Guestbook" > post, but SourceForge claims 3 "Thread Posts". > > Does anyone have anything on my work and/or issues? Tuc, The development list does seem very quiet. It looks like no-one has time to work on improvements to the nms programs any more. We'll still make security patches, but until we get some more enthusiastic developers, I can't see any new features being added. Dave... |
|
From: Tuc at T-B-O-H.N. <ml...@t-...> - 2007-05-30 21:56:34
|
Hi, Is this list active any? I didn't see any replies to my "Guestbook" post, but SourceForge claims 3 "Thread Posts". Does anyone have anything on my work and/or issues? Thanks, Tuc |
|
From: Tuc at T-B-O-H.N. <ml...@t-...> - 2007-05-23 21:52:10
|
Hi,
As with most people, my guestbook is being used for spam. Even
though its "hidden until approved", search engines still pick it up.
Today I got annoyed at it, so I looked to start adding Captcha to
it. (Sorry, I just got distracted. Even though I pulled the page, they
are submitting to the cgi directly...So now THATS chmod 000).
I first started by changing the reference on Guestbook.html from
"AddGuest.html" to "/cgi-bin/AddGuest.cgi".
I then copied my AddGuest.html to AddGuesttemplate.html .
After the Comments section, I added :
<INPUT TYPE=hidden name=crypt value="%CRYPT%">
Please enter the characters in the image below: <INPUT TYPE=text name=co
de>
<BR>
<IMG SRC="%CAPTCHASRC%"><BR>
I then created AddGuest.cgi as :
#!/usr/bin/perl
use Authen::Captcha;
my $output_dir = "/my/html/captcha";
my $www_output_dir = "/captcha";
my $db_dir = "/my/cgi-bin/captcha.db";
my $num_of_characters = 7;
my $captcha = Authen::Captcha->new(
output_folder => $output_dir,
data_folder => $db_dir
);
my $md5sum = $captcha->generate_code($num_of_characters);
undef $file;
open (IN,"</my/html/AddGuesttemplate.html");
while (<IN>)
{
$file .= $_;
}
close (IN);
$file =~ s/%CRYPT%/$md5sum/g;
$file =~ s/%CAPTCHASRC%/$www_output_dir\/$md5sum.png/g;
print "Content-Type: text/html; charset=iso-8859-1\n\n";
print $file;
exit;
There are alot of changes to guestbook.pl...
1) add $captcha to the "use vars qw("
2) put a $captcha=1; under the $line_breaks=1;
3) Add
if ($captcha)
{
require Authen::Captcha;
import Authen::Captcha;
}
under the "if ($mailprog =~ /SMTP:/i )"
4) After the part where it foreach's the input_names to strip_nonprintable
I added :
if ($captcha)
{
my $output_dir = "/usr/home/tucobx/html/captcha";
my $www_output_dir = "/captcha";
my $db_dir = "/usr/home/tucobx/cgi-bin/captcha.db";
my $num_of_characters = 7;
my $captcha = Authen::Captcha->new(
output_folder => $output_dir,
data_folder => $db_dir
);
if ($inputs{'code'} && $inputs{'crypt'})
{
}
else
{
}
}
Well, the reason there isn't anything in there yet is I did a
quick test. I got my captcha out fine, and when I hit SUBMIT, I realized
there were parts of the code I never knew ran. It ends up that there are
inputs for the fields built right into the CGI. At this point, I've stopped.
I really don't know what to do at this point. Personally, I like
the nice pretty fancy page I made previously. The starkness of the stuff
in form_error bothers me alot.
Has any thought be given to another re-write/version of this?
What I personally would love to see is that you allow the user to have a
template like mine, but maybe even have a bigger replace of
%GUESTBOOK_CODE_HERE% where it inserts the input chunk area and can include
the captcha if necessary, so that when there is an error, just suck the
template back in, and spit all the error info/etc into its midsection.
Sorry for such a long first post....
Tuc
|
|
From: Romain M. <ro...@wi...> - 2007-04-12 12:41:57
|
my email address is ro...@wi... |
|
From: David W. <dwi...@ce...> - 2007-04-05 20:15:57
|
yo, is Jules on this list? daas. Helios. find me jules. signing off. |
|
From: David C. <da...@ra...> - 2007-03-26 21:35:34
|
I modified my copy of NMStreq.pm to optionally read a second configuration=
file of default values. It makes maintaining many TFMail configuration=
files easier.
In each primary/_config configuration file that I want to use defaults for=
settings I didn't specify, I set "defaults" to a filename (without=
extension) of a configuration file containing default values.
I added the following 9 lines in sub new, after the primary configuration=
file is read, and before CGI parameters are loaded:
my $cfg_name2 =3D $self->config('defaults');
if ($cfg_name2)
{
my $config2 =3D $self->_read_config_file($cfg_name2);
while ( my($key, $val) =3D each %$config2 )
{
$self->{r}{config}{$key} =3D $val unless exists=
$self->{r}{config}{$key};
}
}
I am not a Perl expert, so I assume there are better code and methods to=
fulfill my objective. For example, loading defaults for keys already set=
could be avoided by modifying sub _read_config_file. That would also=
remove a loop and reduce memory use and code needed. But, I avoided=
modifying existing code.
I joined this email list yesterday.
David
|
|
From: Dave C. <da...@da...> - 2007-03-18 15:37:01
|
This request came in to the nms support list a couple of days ago. It seems like a reasonable enough request and I wondered if anyone on the devel list fancied spending an hour or two investigating how we might implement it. If you want a commit bit on the nms cvs repository just drop me an email or, alternatively, just send me a patch. Or perhaps the project is a dead as this user seems to think it is :( Cheers, Dave... -------- Original Message -------- Subject: [Nms-cgi-support] NMS Formmail NMS Formmail 3.14c1 Being Spammed Date: Fri, 16 Mar 2007 15:15:08 -0700 (PDT) From: George25 <gb...@ly...> To: nms...@li... I doubt if this posting will receive a reply but I am putting it up on the outside hope it will open a discussion and perhaps a resolution. As mentioned over and over in this forum, the NMS Formmail 3.14c1 script is being attacked and spam sent to the email address(es) designated in the script. Apparently this is being done by mindless spam bots that have nothing better to do than bombard us with urls hopping we will click on them. Do a Google search like "nms formmail being spammed" and see the level of frustration. I understand that further development of the the NMS Formmail 3.14c1 script is apparently dead or abandoned. Perhaps that could be reconsidered. Just a fix to allow the user to reject submissions with URLs in them or limit the length of submissions could be considered. It would mean much to those of us who use the form and find it most beneficial but don't like wading through the buckets of spam that are being dumped on us by the bots. I have looked over the TFMail and it seems like a rather complex script to install and I suspect it would hit by the bots just like NMS Formmail 3.14c1. -- View this message in context: http://www.nabble.com/NMS-Formmail-NMS-Formmail-3.14c1-Being-Spammed-tf3417132.html#a9523467 Sent from the nms-cgi-support mailing list archive at Nabble.com. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ To unsubscribe from this mailing list visit https://lists.sourceforge.net/lists/listinfo/nms-cgi-support and follow the simple instructions. |
|
From: Todd A. S. <tas...@pu...> - 2007-03-12 02:08:17
|
On 3/11/07, gre...@ao... <gre...@ao...> wrote: > > Hello, I am a webdesign student trying to figure out how to get forms to > work on a webpage. How do I put this program to work? I don't know where > to place the code from the "formmail.pl" file. I have Dreamweaver 8. > > or any basic tips that will help me make a contact form in a webpage would > be very much appreciated. > > thanks > Morgan Morgan, it's all in the documentation, which is bundled with the program code and available for download from the NMS Project's 'Programs' page (on SourceForge): http://nms-cgi.sourceforge.net/scripts.shtml Basically, the FormMail program (FormMail.pl) runs on the server. So, you'll need to know how to FTP that to your server, and where to place it. You may also want to refer to the following resources: NMS FAQ http://nms-cgi.sourceforge.net/faq_nms.html NMS Support Page http://nms-cgi.sourceforge.net/support1.html NMS Support Mailing List Archive (mirrored on Nabble): http://www.nabble.com/nms-f4293.html Of course, after you've read the documentation and attempted the configuration, if you still have questions, or if you get any errors, please feel free to direct them to this list. -Todd |
14 messages has been excluded from this view by a project administrator.
