|
PGP FormMail CGI
PGP FormMail combines FormMail and PGP into a single, secure tool for sending e-mail from web-based
forms (such as an order form).
FormMail is a generic WWW form to e-mail
gateway, which will parse the results of any form and send them to the specified user. This
CGI has many formatting and operational options, most
of which can be specified through the form, meaning you don't need any programming knowledge or
multiple CGIs for multiple forms. This also makes FormMail the perfect system-wide solution for a
llowing users form-based user feedback capabilities without the risks of allowing freedom of CGI
access.
PGP (Pretty Good Privacy), originally developed by
Phil Zimmerman, is a high security cryptographic software application for MSDOS, UNIX, VAX/VMS,
and other computers. PGP allows people to exchange files or messages with privacy, authentication,
and convenience.
Installation
Connect to your Virtual Private Server via Telnet or
SSH and do the following.
Install PGP 5.0. Install the PGP FormMail software. Issue the commands that match your Virtual Private
Server O/S.
FreeBSD &
Solaris
% vinstall pgp5formmail
BSD/OS Upgrade!
[PGP FormMail 1.6]
% cd
% tar -xvf /usr/local/contrib/pgp5formmail.tar
Huh?
If you don't know the Virtual Private Server O/S, try the following:
These commands install two files, pgp5formmail.pl and pgp5formmail.README.txt,
into your ~/www/cgi-bin directory.
Configuration
Set the referer information such that only your server will have privileges to use the PGP
FormMail CGI. Near the top of the
pgp5formmail.pl
file you will find the following line:
@referers = ('YOUR-DOMAIN.NAME','YOUR.IP.ADD.RESS');
Substitute your domain name and server IP address for the values YOUR-DOMAIN.NAME and
YOUR.IP.ADD.RESS respectively.
Usage
Create a form that you would like the contents mailed to some address. The form should include the
following fields (at the very least):
- recipient = specifies who mail is sent to
- pgpuserid = specifies your PGP user ID
Other optional fields can also be used to enhance the operation of PGP FormMail for you site,
for example:
- subject = specify the subject included in e-mail sent back to you
- email = allow the user to specify a return e-mail address
- realname = allow the user to input their real name
- redirect = URL of page to redirect to instead of echoing form input
- required = list of field names that are required input (comma delimited)
Several other fields are supported, please see the
pgp5formmail.README
document for a complete presentation of the supported fields.
For example, the HTML source for your form may look like this:
<form method="POST" action="/cgi-bin/pgp5formmail.pl">
<input type="hidden" name="recipient"
value="order@yourdomain.com">
<input type="hidden" name="pgpuserid"
value="YOUR-USER-ID">
<input type="hidden" name="subject"
value="Order Request">
<input type="hidden" name="required"
value="realname,username,phone">
Please Enter Your Name:<br>
<input name="realname" size="40">
<p>
Please Enter Your Email Address:<br>
<input name="username" size="40">
<p>
Please Enter Your Phone Number:<br>
<input name="phone" size="40">
<p>
.
.
.
<input type="submit" value="Submit">
<input type="reset" value="Reset">
</form>
YOUR-USER-ID is the user ID for your public key. If your user ID contains characters
that could be misinterpreted by a web browser, such as '<' and '>', you will want to replace
these characters with the proper escape sequences. For example if your user ID is:
John Q. Smith <12345.6789@compuserve.com>
Represent the user ID with the following string (note the < and >
escape sequences):
John Q. Smith <12345.6789@compuserve.com>
|