PGP FormMail CGI
PGP FormMail combines FormMail and PGP into a single, secure tool for sending e-mail from web-based forms (such
as an order form).
FormMail is a generic WWW form to e-mail
gateway, which will parse the results of any form and send them to the specified user. This
CGI has many formatting and operational options, most
of which can be specified through the form, meaning you don't need any programming knowledge or multiple
CGIs for multiple forms. This also makes FormMail the perfect system-wide solution for allowing users
form-based user feedback capabilities without the risks of allowing freedom of CGI access.
PGP (Pretty Good Privacy), originally developed by
Phil Zimmerman, is a high security cryptographic software application for MSDOS, UNIX, VAX/VMS, and other
computers. PGP allows people to exchange files or messages with privacy, authentication, and convenience.
Installation
Connect to your Virtual Private Server via SSH,
su to root, and do the following.
- Install PGP 5.0.
- Install the PGP FormMail software.
# vinstall pgp5formmail
The command installs two files, pgp5formmail.pl and pgp5formmail.README.txt, into your
~/www/cgi-bin directory.
Configuration
Set the referer information such that only your server will have privileges to use the PGP FormMail CGI. Near the
top of the pgp5formmail.pl
file you will find the following line:
@referers = ('YOUR-DOMAIN.NAME','YOUR.IP.ADD.RESS');
Substitute your domain name and server IP address for the values YOUR-DOMAIN.NAME and YOUR.IP.ADD.RESS
respectively.
Usage
Create a form that you would like the contents mailed to some address. The form should include the following
fields (at the very least):
- recipient = specifies who mail is sent to
- pgpuserid = specifies your PGP user ID
Other optional fields can also be used to enhance the operation of PGP FormMail for you site, for example:
- subject = specify the subject included in e-mail sent back to you
- e-mail = allow the user to specify a return e-mail address
- realname = allow the user to input their real name
- redirect = URL of page to redirect to instead of echoing form input
- required = list of field names that are required input (comma delimited)
Several other fields are supported, please see the
pgp5formmail.README
document for a complete presentation of the supported fields.
For example, the HTML source for your form may look like this:
<form method="POST" action="/cgi-bin/pgp5formmail.pl">
<input type="hidden" name="recipient"
value="order@yourdomain.com">
<input type="hidden" name="pgpuserid"
value="YOUR-USER-ID">
<input type="hidden" name="subject"
value="Order Request">
<input type="hidden" name="required"
value="realname,username,phone">
Please Enter Your Name:<br>
<input name="realname" size="40">
<p>
Please Enter Your E-mail Address:<br>
<input name="username" size="40">
<p>
Please Enter Your Phone Number:<br>
<input name="phone" size="40">
<p>
.
.
.
<input type="submit" value="Submit">
<input type="reset" value="Reset">
</form>
YOUR-USER-ID is the user ID for your public key. If your user ID contains characters that could
be misinterpreted by a web browser, such as '<' and '>', you will want to replace these characters
with the proper escape sequences. For example if your user ID is:
John Q. Smith <12345.6789@compuserve.com>
Represent the user ID with the following string (note the < and > escape
sequences):
John Q. Smith <12345.6789@compuserve.com>
|
