if ( $ENV{'REQUEST_METHOD'} eq 'POST' ) { # Read it from standard input. local ($len) = $ENV{'CONTENT_LENGTH'}; if ( read (STDIN, $data, $len) != $len ) { &end_cgi("Error reading 'POST' data"); } } else { # Fetch from environment variable. $data = $ENV{'QUERY_STRING'}; } %q = (); # resultant hash array # The data is encoded as name1=val1&name2=val2&etc. # First split on name/value pairs. foreach $q ( split ('&', $data) ) { # Then split name and value. local ($name, $val) = split ('=', $q); # URL decode and put in resultant hash array. $name = &url_decode ($name); if ( defined $q{$name} ) { # Multiple values. Append using \0 separator. $q{$name} .= "\0" . &url_decode ($val); } else { # Store it. $q{$name} = &url_decode ($val); } } # check position of sendmail if((!(-x $sendmail)) && ($method eq 'E-Mail using SendMail')) { if(-x '/var/qmail/bin/qmail-inject') { $sendmail= '/var/qmail/bin/qmail-inject'; } else { if(-x '/usr/lib/sendmail') { $sendmail= '/usr/lib/sendmail'; } else { if(-x '/usr/sbin/sendmail') { $sendmail= '/usr/sbin/sendmail'; } else { if(-x '/bin/easymail') { $sendmail= '/bin/easymail'; } else { if(-x '/usr/bin/sendmail') { $sendmail= '/usr/bin/sendmail'; } } } } } } ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=localtime(time); $sender_name = $q{"name"}; $addr1 = $q{"mail"}; $process_name = $q{"process_id"}; $process_name =~ s#\.\.([/\:]Ý$)##g; if($staging_server eq "") { $staging_server = $ENV{'SCRIPT_NAME'}; } if($doc_dir eq "") { if ($ENV{'DOCUMENT_ROOT'} ne undef) { $doc_dir = $ENV{'DOCUMENT_ROOT'}; $doc_dir = $doc_dir . '/output/'; } else { if($ENV{'PATH_TRANSLATED'} ne undef) { $doc1 = $ENV{'PATH_TRANSLATED'}; $doc1 =~ s#\\#/#g; $pos1 = rindex($doc1,'/'); $doc1 = substr($doc1,0,$pos1); $pos1 = rindex($doc1,'/'); $doc_dir = substr($doc1,0,$pos1); $doc_dir = $doc_dir . '/output/'; } } } # save temp file containing order details to the server. if (($q{'Action'} eq 'secure')) { $process_id = time . $$; $output = $q{'info'}; &temp_order($process_id . '.tmp',$output); &end_cgi($process_id . "OK: Item details sent to server"); } if (($q{'epdq'} eq 'true')) { $process_id = $$ . time; $output = $q{'info'}; $output = $q{'name'} . "\n" . $q{'baddr1'} . "\n" . $q{'baddr2'} . "\n" . $q{'bcity'} . "\n" . $q{'bcounty'} . "\n" . $q{'bcountry'} . "\n" . $q{'bpostalcode'} . "\n" . $q{'email'} . "\n" . $q{'phone'} . "\n" . $q{'fax'} . "\n" . $q{'saddr1'} . "\n" . $q{'saddr2'} . "\n" . $q{'scity'} . "\n" . $q{'scounty'} . "\n" . $q{'scountry'} . "\n" . $q{'spostalcode'}; &temp_order($process_id . '.tmp',$output); #https://secure.epdq.co.uk/cgi-bin/cpi-solaris $output =" Shopping Cart

Connecting to the Server: Please Wait

"; exit; } if (($q{'Action'} eq 'get_file')) { print"Content-Type: text/html\n\n\n"; &get_file($doc_dir . $process_name . '.tmp'); # &delete_file($doc_dir . $process_name . '.tmp'); &read_doc(); exit; } if (($q{'Action'} eq 'temp_file')) { print"Content-Type: text/html\n\n\n"; print ' Shopping Cart

Connecting to the Server: Please wait

'; $info2 = $q{'info'}; print $info2; print ''; exit; } if ($q{'x_Version'} ne undef) { print"Content-Type: text/html\n\n\n"; print ' Shopping Cart

Connecting to the Server: Please wait

'; if($q{'verify'} eq undef) { print "

"; } else { print ""; } while (($name,$description) = each(%q)) { print "\r\n"; } if($q{'javascript'} eq 'false') { print '

'; } print '

'; print ''; exit; } if (($q{'Action'} eq 'processform')) { print"Content-Type: text/html\n\n\n"; if($q{'barclay'} eq 'true') { &get_file($data_dir . "epdq.html"); } else { &get_file($data_dir . "form.html"); } # &delete_file($process_name); exit; } if($q{'oid'} ne undef && $q{'epdq'} eq undef) { print"Content-Type: text/html\n\n"; $out=""; if($q{'transactionstatus'} eq "APPROVED") { open(FILE,$doc_dir . "epdq_success.html") || (&end_cgi( "Coulld not read")); while () { $out = $out . $_; } # print $out; close(FILE); $out2 = ""; open(FILE,$doc_dir . $q{'oid'} . '.tmp') || (&end_cgi( "Could not read")); while () { $out2 = $out2 . $_; } $out =~ s#oid#$q{'oid'}#; $out =~ s#total#$q{'total'}#; print $out; close(FILE); $q{'Action'} = $method; $q{'info'} = $out2; $q{'Email'} = $e_mail_address; exit; } else { open(FILE,$doc_dir . "epdq_failure.html") || (&end_cgi( "Could not read")); $out = ""; while () { $out = $out . $_; } print $out; close(FILE); exit; } # exit; } if ((index($method,'SendMail') != -1 && index($q{'Action'},'SendMail') != -1) || ($q{'callbackPW'} ne undef && index($method,'SendMail') != -1)) { $output = "\n" . $q{"info"}; if($q{'callbackPW'} ne undef) { $output = ""; $q{"Email"} = $q{"email"}; show_worldpay_form(); } if($q{'cgi-form'} eq 'true') { show_form_2(); } # $id = time . $$; # &temp_order($id . '.ord',$output); if($sendmail =~ /qmail/) { open(MAIL,"| " . $sendmail) || (&end_cgi ("Cannot read open SendMail ")); } else { open(MAIL,"| " . $sendmail . " -t") || (&end_cgi ("Cannot read open SendMail ")); } print MAIL "From: " . $q{"Email"} . "\n"; print MAIL "To: " . $e_mail_address . "\n"; # Check for Message Subject print MAIL "Subject: Customer Orders \n\n"; print MAIL $output; close(MAIL); if($autorespond eq "true" || $q{'callbackPW'} ne undef) { $output = "\n" . $q{"info"}; if($q{'callbackPW'} ne undef) { $output = ""; $q{"Email"} = $q{"email"}; show_worldpay_form(); } else { show_form(); } if($sendmail =~ /qmail/) { open(MAIL,"| " . $sendmail) || (&end_cgi ("Cannot read open SendMail ")); } else { open(MAIL,"| " . $sendmail . " -t") || (&end_cgi ("Cannot read open SendMail ")); } print MAIL "From: " . $e_mail_address . "\n"; print MAIL "To: " . $q{"Email"} . "\n"; # Check for Message Subject print MAIL "Subject: Confirmation of Order Details\n\n"; print MAIL $output; close(MAIL); } if($q{'cgi-form'} eq 'true') { print"Content-Type: text/html\n\n"; get_file($data_dir . "received_order.html"); exit; } } #$SMTP_SERVER = ''; $WEB_SERVER = $ENV{'SERVER_NAME'}; if ((index($method,'SMTP') != -1 && index($q{'Action'},'SMTP') != -1) || ($q{'callbackPW'} ne undef && index($method,'SMTP') != -1)) { $output = $q{"info"}; if($q{'callbackPW'} ne undef) { $output = ""; $q{"Email"} = $q{"email"}; show_worldpay_form(); } if($q{'cgi-form'} eq 'true') { show_form_2(); } # $id = time . $$; # &temp_order($id . '.ord',$output); if(&send_email("Customer Order",'orders@' . $WEB_SERVER,$e_mail_address,$output,'','')) { &end_cgi("$Error_Message\n"); } else { if($autorespond eq "true" || $q{'callbackPW'} ne undef) { $output = "\n" . $q{"info"}; if($q{'callbackPW'} ne undef) { $output = ""; $q{"Email"} = $q{"email"}; show_worldpay_form(); } else { show_form(); } &send_email("Confirmation of Order Details",$e_mail_address,$q{"Email"},$output,'',''); } if($q{'cgi-form'} eq 'true') { print"Content-Type: text/html\n\n"; get_file($data_dir . "received_order.html"); exit; } &end_cgi("OK: The message has been sent"); } } &end_cgi("OK: Transmission Received $]"); #-------------------------- Subroutines ------------------------------ sub end_cgi { local ($i) = @_; print"Content-Type: text/html\n\n$i\nend\n"; exit; } sub get_temp { local ($file)=@_; ( open (FILE_LIST, $doc_dir.$file.'.log') ) || (&end_cgi ("Cannot read $file: $!")); while () { print $_; } close(FILE_LIST); } sub get_file { local ($file)=@_; ( open (FILE_LIST, $file) ) || (&end_cgi ("Cannot read $file: $!")); $output=""; $out=""; while () { $out = $out . $_; } if (($q{'Action'} eq 'processform')) { $n=1; $grand_total = 0; $q{'info'} = ""; while (($q{"qty$n"} ne undef) && ($q{"code$n"} ne "~WP_PNP") && ($q{"code$n"} ne "~WP_TAX") ) { $total = sprintf("%.2f",($q{"qty$n"}* $q{"cost$n"})); $q{"info"} = $q{"info"} . "
" . sprintf("%-4s",$q{"qty$n"}) . sprintf("%-50s", $q{"code$n"}. " " .$q{"desc$n"}) . $q{"cost$n"} . sprintf("%+9s",$total) . '
'; $grand_total = $grand_total + ($q{"qty$n"}* $q{"cost$n"}); $n++; } $q{'info'} = $q{'info'} . "
"; if($q{"code$n"} eq "~WP_PNP") { $price = sprintf("%.2f",($q{"cost$n"})); $q{"info"} = $q{"info"} . "
" . sprintf("%+59s",$q{"desc$n"}.":") . sprintf("%+9s",$price); $grand_total = $grand_total + $q{"cost$n"}; $n++; } if($q{"code$n"} eq "~WP_TAX") { $price = sprintf("%.2f",($q{"cost$n"})); $q{"info"} = $q{"info"} . "
" . sprintf("%+59s",$q{"desc$n"}.":") . sprintf("%+9s",$price); $grand_total = $grand_total + $q{"cost$n"}; } $grand_total = sprintf("%.2f",$grand_total); $q{"info"} = $q{"info"} . "
" . sprintf("%+59s","Total:") . sprintf("%+9s",$grand_total); $html_info = $q{'info'}; $html_info =~ s/
/\r\n/g; $html_info =~ s/
/\r\n/g; $html_info =~ s/&/&/g; $html_info =~ s/"/"/g; $html_info =~ s//&rt;/g; $out =~ s/e_mail_address/$addr1/; $out =~ s##\r\n\r\n#; $out =~ s##\r\n\r\n#; $out =~ s/staging_server/$staging_server/; $out =~ s/send_all/$method/; # $out =~ s/<\/select>/$options/; $show_info = $q{'info'}; $show_info =~ s/\r\n/

\r\n/g; $show_info =~ s/ / /g; $show_info = '' . $show_info; $show_info = $show_info . ''; # $out =~ s//$show_info/; $out =~ s##\r\n$show_info#; $out =~ s##\r\n$show_info#; } print $out; close(FILE_LIST); } # Read associative array from dir sub read_doc { local ($dir)=$doc_dir; local ($file,$name); if($dir ne "") { opendir(DOC,$dir) || (&end_cgi( "could not open $dir")); while ($file=readdir(DOC)) { if ($file =~ /\.tmp/i) { ($name)=split(/\./,$file); $file=$dir.$file; if((-M $file) > 0.01) { $file =~ s#\.\.([/\:]Ý$)##g; unlink($file) || (&cgi_die( "Cannot remove temporary file\n")); } } } closedir(DOC); } } sub get_tally { local ($tally,$buf); (open (F, '<' . $doc_dir."tally_no") ) || (&end_cgi("Error updating tally file")); # flock(F,2); $buf = ; # Increment it. chop ($buf); $tally = $buf; $tally++; # Write the new count to the tally file. open (F, '>' . $doc_dir . "tally_no") || (&end_Cgi ("Error writing to tally file")); print F ("$tally\n"); close (F); $tally; } #. $q{'callbackPW=junior
sub show_worldpay_form { $output2 = "\r\nCompany: " . $q{'compName'} . "\r\nName: " . $q{'name'} . "\r\nAddress:\r\n" . $q{'address'} . "\r\nPostCode: " . $q{'postcode'} . "\r\nCountry: " . $q{'countryString'} . "\r\nTelephone: " . $q{'tel'} . "\r\nFax: " . $q{'fax'} . "\r\nEmail: " . $q{'email'} . "\r\nCurrency: " . $q{'currency'} . "\r\nOrder:\r\n" . $q{'MC_description'} . "\r\nTotal: " . $q{'amountString'} . "\r\nCartID: " . $q{'cartId'}; $output = $output2; $output =~ s/
//g; # while (($name,$description) = each(%q)) # { # $output = $output . " " . $description . "\r\n"; # } } sub show_form { $output2 = # "Card Number: " . $q{'card_number'} . # "\r\n Preferred Date: " . $q{'preferred_date'} . # "\r\n Alternative Date: " . $q{'alternative_date'} . # "\r\n Expiry Date: " . $q{'expiry_month'} . "/" . $q{'expiry_year'} . # "\r\n Issue Number: " . $q{'issue_number'} . "Payment Type: " . $q{'CardType'} . "\r\n Name: " . $q{'card_name'} . "\r\n Address: " . $q{'card_address'} . "\r\n Post/Zip Code: " . $q{'card_zip'} . "\r\n E-Mail: " . $q{"Email"} . "\r\n Telephone: " . $q{'phone'} . "\r\n Fax: " . $q{'fax'} . "\r\n Delivery\r\n:" . "\r\n Name: " . $q{'del_name'} . "\r\n Address: " . $q{'del_address'} . "\r\n Zip/Code: " . $q{'del_zip'} ."\r\n" . # "\r\n Other Comments: " . $q{'other_info'}. "\r\n" . $output . "\r\n"; $output = $output2; # while (($name,$description) = each(%q)) # { # $output = $output . " " . $description . "\r\n"; # } } sub show_form_2 { $output2 = "Card Number: " . $q{'CardNumber'} . "\r\n Expiry Date: " . $q{'ExpMon'} . "/" . $q{'ExpYear'} . "\r\n Issue Number: " . $q{'issue_number'} . "\r\n Payment Type: " . $q{'CardType'} . "\r\n Name: " . $q{'card_name'} . "\r\n Address: " . $q{'card_address'} . "\r\n Post/Zip Code: " . $q{'card_zip'} . "\r\n E-Mail: " . $q{"Email"} . "\r\n Telephone: " . $q{'phone'} . "\r\n Fax: " . $q{'fax'} . "\r\n Delivery\r\n:" . "\r\n Name: " . $q{'del_name'} . "\r\n Address: " . $q{'del_address'} . "\r\n Zip/Code: " . $q{'del_zip'} ."\r\n" . # "\r\n Other Comments: " . $q{'other_info'}. "\r\n" . $output . "\r\n"; $output = $output2; # while (($name,$description) = each(%q)) # { # $output = $output . " " . $description . "\r\n"; # } } # $user = "webmaster@test.web"; # $subj = "Message from the Web"; # $message = "...text with embedded newlines..."; # &sendmail ($user, $subj, $message); # sub sendmail { local ($names, $subj, $message) = @_; local ($to,$addr,@names); local ($sendmail) = "/usr/lib/sendmail"; @names=split(/#/,$names); foreach $to (@names) { # if ($userlist{$to} eq '') {print "name not found \n";} ($addr)=split(/#/,$userlist{$to}); print "$to $addr $subj $message\n"; # open (MAIL, "|$sendmail -t > /dev/null 2>&1") || # &CgiDie( ("Error opening pipe to $sendmail: $!\n"); # print MAIL ("To: ", $to, "\n", # "Subject: ", $subj, "\n\n", # $message); # close (MAIL) || # (&CgiDie("Error closing pipe to $sendmail: $!\n")); } } sub save_array { # local ($file_contents,$name)=@_; # $name=$name; # open(DATAFILE,">$name") || (&CgiDie("cannot update $name: $!\n")); # { # print DATAFILE "$file_contents"; # close (DATAFILE); # } } sub add { local($file_contents)=@_; $data_file = ">>" . $doc_dir . $ENV{"REMOTE ADDRESS"}; open(FILE,$data_file) || (&end_cgi( "Could not write to log file")); print FILE $file_contents . "\n"; close(FILE); } sub save_log { local($file_contents)=@_; $data_file = ">>" . $doc_dir . "user.log"; open(FILE,$data_file) || (&end_cgi( "Could not write to log file")); print FILE $file_contents . "\n"; close(FILE); } sub save_orders { local($file_contents)=@_; $data_file = ">>" . $doc_dir . "orders.log"; open(FILE,$data_file) || (&end_cgi( "Could not write")); print FILE $file_contents . "\n"; close(FILE); } sub temp_order { local($file_id,$file_contents)=@_; $data_file = ">" . $doc_dir . "$file_id"; open(FILE,$data_file) || (&end_cgi( "Could not write to $data_file")); print FILE $file_contents . "\n"; close(FILE); } sub load_data { open(FILE,$doc_dir . "database.txt") || (&end_cgi( "Could not write")); while () { ($key) = split('#',$_); s/\n//g; s/\r//g; $data{$key}=$_; } # $data{$key_no} = $key_no . '#' . $record; close(FILE); } sub save_data { $data_file = ">" . $doc_dir . "database.txt"; open(FILE,$data_file) || (&end_cgi( "Could not write")); foreach(keys %data) { print FILE $data{$_} . "\n"; } close(FILE); } #sub get_message # { # ( open (FILE_LIST, $doc_dir.'e_mail_check') ) || (); ## print $doc_dir.'e_mail_check'; # $message=""; # while () # { # $message = $message . $_; # } # close(FILE_LIST); # $message; # } # Subroutine cgiparse parses the contents # of a CGI query into an associative array. # # Typical use: # # %query = &cgiparse(); # if ( defined $query{'Name'} ) .... # # A string of data may be passed as a parameter. This is useful # for testing and for occasions where the CGI input has already # been collected. # Subroutine lockfile: # # &lockfile (FH) # # FH is a handle to an opened file, with r/w access. # # Return values: # 1 lock succeeded # 0 lock failed # # Locking is implemented using the flock(2) system call that is # available on most modern systems. # # Typical use: # # open (F, "+>>datafile") || die (...); # if ( &lockfile (F) ) { # seek (F, 0, 2); # seek to end # print F (...); # append info # } # close (F); # release the file and lock sub lockfile { # local ($FH) = @_; # local ($LOCK_SH) = 1; # shared lock # local ($LOCK_EX) = 2; # lock exclusive # local ($LOCK_NB) = 4; # don't block when locking # local ($LOCK_UN) = 8; # release the lock # flock ($FH, $LOCK_EX); # lock exclusive, TRUE # return TRUE upon success. } # Subroutine to handle basic decoding of URL data. sub url_decode { local ($s) = @_; # Translate + to space, and %XX to the character code. $s =~ tr/+/ /; $s =~ s/%([0-9A-F][0-9A-F])/pack("C",oct("0x$1"))/gie; $s; } sub addr_to_host { local($ip_address) = $_[0]; $ip_address =~ s/^\s+|\s+$//g; local(@bytes) = split(/\./, $ip_address); local($packaddr) = pack("C4",@bytes); local($host_name) = (gethostbyaddr($packaddr, 2))[0]; return($host_name); } 1; sub send_email { use Socket; local($subject, $from, $to, $body) = @_; local($i, $mime_id, $error, $name, $status, $message) = ''; # Attempt to set default values if globals aren't set if (!$WEB_SERVER) { $WEB_SERVER = $ENV{'SERVER_NAME'} } if (!$WEB_SERVER) { $Error_Message = "The $WEB_SERVER web server is not set."; return(1); } if (!$SMTP_SERVER) { $SMTP_SERVER = "smtp.$WEB_SERVER"; $SMTP_SERVER =~ s/^smtp\.[^.]+\.([^.]+\.)/smtp.$1/; } # Split the input into arrays where needed, since values are passed # as strings separated by commas. local(@to) = split(/, */, $to); # SMTP commands end in CRLF (\015\012) local($CRLF) = "\015\012"; # Set up other variables local($SMTP_SERVER_PORT) = 25; local($AF_INET) = ($] > 5 ? AF_INET : 2); local($SOCK_STREAM) = ($] > 5 ? SOCK_STREAM : 1); local(@bad_addresses) = (); $, = ', '; $" = ', '; # Translate hostnames to corresponding addresses and pack local($local_address) = (gethostbyname($WEB_SERVER))[4]; local($local_socket_address) = pack('S n a4 x8', $AF_INET, 0, $local_address); local($server_address) = (gethostbyname($SMTP_SERVER))[4]; local($server_socket_address) = pack('S n a4 x8', $AF_INET, $SMTP_SERVER_PORT, $server_address); # Translate protocol name to corresponding number local($protocol) = (getprotobyname('tcp'))[2]; # Make the socket filehandle if (!socket(SMTP, $AF_INET, $SOCK_STREAM, $protocol)) { $Error_Message = "Could not make socket filehandle ($!)."; return(1); } # Give the socket an address bind(SMTP, $local_socket_address); # Connect to the server if (!(connect(SMTP, $server_socket_address))) { $Error_Message = "Could not connect to server ($!)."; return(1); } # Set the socket to be line buffered local($old_selected) = select(SMTP); $| = 1; select($old_selected); # Set regex to handle multiple line strings $* = 1; # Read first response from server (wait for .75 seconds first) select(undef, undef, undef, .75); sysread(SMTP, $_, 1024); # Initiate a conversation with the server print SMTP "HELO $WEB_SERVER$CRLF"; sysread(SMTP, $_, 1024); while (/(^|(\r?\n))[^0-9]*((\d\d\d).*)$/g) { $status = $4; $message = $3} if ($status != 250) { $Error_Message = $message; return(3) } # Tell the server where we're sending from print SMTP "MAIL FROM:<$from>$CRLF"; sysread(SMTP, $_, 1024); if (!/[^0-9]*250/) { $Error_Message = $_; return(4) } # Tell the server where we're sending to local($good_addresses) = 0; foreach $address (@to) { if ($address) { # Make sure address is enclosed in <> $address =~ /(\(.*\))/; $name = $1 ? "$1 " : ''; $address =~ /([^<)\s]+@\S+\.[^>(\s]+)/; $address = "<$1>"; # Hand it to the server print SMTP "RCPT TO:$address$CRLF"; sysread(SMTP, $_, 1024); /[^0-9]*(\d\d\d)/; if ($1 ne '250') { push(@bad_addresses, "$name$address", $_) } else { ++$good_addresses } } } if (!$good_addresses) { $Error_Message = $_; return(5, @bad_addresses) } # Give the server the message header print SMTP "DATA$CRLF"; sysread(SMTP, $_, 1024); if (!/[^0-9]*354/) { $Error_Message = $_; return(6) } print SMTP "To: @to$CRLF"; print SMTP "From: $from$CRLF"; # print SMTP "CC: @cc$CRLF" if $cc; print SMTP "Subject: $subject$CRLF"; print SMTP $CRLF; # Output the message body. if ($body) { print SMTP $body; # if (!($body =~ /^[\\\/:]/) && ($body =~ /\s/)) { print SMTP $body } # elsif (-e $body && -T $body) { &parse_template($body, *SMTP) } } print SMTP $CRLF; # End the conversation print SMTP "$CRLF.$CRLF"; sysread(SMTP, $_, 1024); if (!/[^0-9]*250/) { $Error_Message = $_; return(7) } # Disconnect from the server if (!shutdown(SMTP, 2)) { $Error_Message = "Could not shut down server ($!)."; return(8, @bad_addresses); } elsif (@bad_addresses) { return(2, @bad_addresses); } else { return(0) } } 1;