While sophisticated CGI programming is almost always done in either Perl or C, simple tasks can often be accomplished with a shell script. There are some security issues of which you should be conscious, because it's rather easy to inadvertently pass a dangerous parameter (for example, an email address that a user enters) from a form to the shell for evaluation, which a hacker might exploit. However, these potential security holes will likely never arise if your CGI needs are sufficiently modest.
A very common page on a website is a contact request form, which is fed to the server for processing and then emailed to the appropriate party within the organization. Here's the HTML source for a simple form (with a little Cascading Style Sheet (CSS) information thrown in to make it pretty):
<body bgcolor=#CCFFCC><center> <!-- Tweak action value if script is placed in /cgi-bin/ or other --> <form method="post" action="074-contactus.cgi" style='border: 3px double #636;padding:4px'> <div style='font-size: 175%;font-weight;bold; border-bottom: 3px double #636'>We Love Feedback!</div> Name: <input type="text" name="name"><br> Email: <input type="text" name="email"><br> Your message or comment (please be brief):<br> <textarea rows="5" cols="70" name="comments"></textarea><br> <input type="submit" value="submit"> </form> </center>
This form has three input fields: one for name, one for email address, and one for comments. When the user clicks the submit button, the information is packaged up and sent to contactus.cgi for interpretation and processing.
Because the form uses a method="post" encoding, the data is handed to the CGI script as standard input. For entries of "Dave" , < "email@example.com" >, and "my comment" , the resulting data stream would be
That's all the information we need to create a shell script that turns the data stream ” the form information ” into an email message, mails it off, and puts up a thank-you message for the web surfer.
#!/bin/sh # formmail - Processes the contact us form data, emails it to the designated # recipient, and returns a succinct thank-you message. recipient="taylor" thankyou="thankyou.html" # optional 'thanks' page ( cat << EOF From: (Your Web Site Contact Form) www@$(hostname) To: $recipient Subject: Contact Request from Web Site Content of the Web site contact form: EOF cat - tr '&' '\n' \ sed -e 's/+/ /g' -e 's/%40/@/g' -e 's/=/: /' echo ""; echo "" echo "Form submitted on $(date)" ) sendmail -t echo "Content-type: text/html" echo "" if [ -r $thankyou ] ; then cat $thankyou else echo "<html><body bgcolor=\"white\">" echo "Thank you. We'll try to contact you soonest." echo "</body></html>" fi exit 0
The cat statement translates the field separator & into a carriage return with tr , then cleans up the data stream a bit with sed , turning + into a space, the %40 encoding sequence into an @ , and = into a colon followed by a space. Finally, a rudimentary thank-you message is displayed to the user.
Frankly, this isn't the most elegant solution (a Perl-based script could have more flexibility, for example), but for a quick and dirty hack, it'll do just fine.
Remember that every CGI script needs to be readable and executable by everyone. To use this contact form, you need to save the HTML document somewhere on your site, perhaps on your home page or on another page called contactus.html . It might look like Figure 8-4.
To run the CGI script, simply enter information into the fields specified on the form and click the submit button.
The results of running this script ” submitting a contact query ” are twofold. An email is sent to the registered recipient, and either the contents of a thank-you HTML document (the variable thankyou in the script) are displayed or a rudimentary thank-you message is displayed. Here's the email produced from the form input shown in Figure 8-4:
From: (Your Web Site Contact Form) firstname.lastname@example.org To: taylor Subject: Contact Request from Web Site Content of the Web site contact form: name: Dave Taylor email: email@example.com comments: Very interesting example%2C but I don%27t like your form color scheme%21 Form submitted on Fri Sep 5 14:20:54 MDT 2003
Note that not all of the punctuation characters are translated back into their regular characters , so instead of example, but we see example%2C but . This can be easily remedied by adding more mapping rules in the sed statement, as desired.