I've recently moved my website to futurequest and I'm having a bit of a time configuring my submission page / cgi-script. I've attached the HTML and would greatly appreciate anyones feedback as to it's validity. Any suggestions or comments are welcome.
-----------------
<!-- saved from url=(0022)http://internet.e-mail -->
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<title>Conscious Choices: Submit Your Questions</title>
</head>
<body bgcolor="#FFFFFF" link="#660000" vlink="#003366" alink="#FF9900" background="bg.gif">
[nbsp]
<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="600" >
<tr>
<td VALIGN=TOP ROWSPAN="2">
<table BORDER=0 CELLSPACING=2 CELLPADDING=0 WIDTH="150" >
<tr>
<td WIDTH="150"><a href="index.html"><img SRC="but_home.gif" ALT="home" BORDER=0 height=41 width=102></a></td>
</tr>

<tr>
<td><a href="meet.html"><img SRC="but_meet.gif" ALT="meet your counselor" BORDER=0 height=41 width=102></a></td>
</tr>

<tr>
<td><a href="faqs.html"><img SRC="but_faq.gif" ALT="frequently asked questions" BORDER=0 height=41 width=102></a></td>
</tr>

<tr>
<td><a href="link.html"><img SRC="but_link.gif" ALT="links" BORDER=0 height=41 width=102></a></td>
</tr>
</table>
</td>

<td WIDTH="174" HEIGHT="70"><img SRC="t_form.gif" height=70 width=174></td>

<td WIDTH="224" HEIGHT="70"><a NAME="#top"></a><img SRC="t_choice.gif" height=70 width=224></td>

<td WIDTH="52" HEIGHT="70"><img SRC="aspace.gif" height=1 width=52 align=CENTER></td>
</tr>

<tr>
<td VALIGN=TOP COLSPAN="3">[nbsp]
<br><font face="Verdana, Arial, Helvetica, sans-serif"><font size=-1>Please
<b>complete all fields</b>. When stating your questions/concerns please
provide me with as much background information as possible. Also state
what your <i><font color="#003333">desired outcome </font></i>would be.
Initial consultation is <b>free</b>...I will contact you in a day or two
letting you know if I'm able to work with you. Then we will negotiate fees
for subsequent email, ICQ chat sessions or phone consultations. Usual fees
for my services online are as follows: $25 US per email reply or $1.50 US
per minute of ICQ chat or phone session. Typically, I contract with my clients
for either a series of 5 email sessions for $100 or 30 days of unlimited email for $200.
For individuals under financial hardship alternative rates may be negotiable.
My preferred method of payment is by credit card (<b>Visa,</b> <b>MC,</b> <b>Amex</b>) but I will accept
checks and/or money orders on a limited basis.</font>
<center>
<form NAME="Submission Form" action="/cgi-sys/mailform" METHOD="POST"> <INPUT TYPE=hidden name="recipient" value="consciouschoices@cybertherapy.com"></center>

<center><table BORDER=0 CELLSPACING=3 CELLPADDING=3 WIDTH="450" >
<tr>
<td COLSPAN="2">[nbsp]
<center>
<br><b><font face="Georgia, Times New Roman, Times, serif"><font color="#003366">Your
Questions &amp; Concerns</font></font></b></center>
</td>
</tr>

<tr>
<td COLSPAN="2">
<center><textarea name="questions and concern" rows=12 cols=50 ></textarea></center>
</td>
</tr>

<tr>
<td NOWRAP>
<div align=right><font face="Georgia, Times New Roman, Times, serif"><font color="#330000"><font size=-1>Name
on card:</font></font></font></div>
</td>

<td><input type="text" name="real name" value="" size=40 maxlength=42 ></td>
</tr>

<tr>
<td NOWRAP>
<div align=right><font face="Georgia, Times New Roman, Times, serif"><font color="#330000"><font size=-1>Credit
Card # :</font></font></font></div>
</td>

<td><input type="text" name="cc number" value="" size=40 maxlength=42 ></td>
</tr>

<tr>
<td NOWRAP>
<div align=right><font face="Georgia, Times New Roman, Times, serif"><font color="#330000"><font size=-1>Exp.
Date :</font></font></font></div>
</td>

<td><input type="text" name="exp date" value="" size=40 maxlength=42 ></td>
</tr>

<tr>
<td NOWRAP>
<div align=right><font face="Georgia, Times New Roman, Times, serif"><font color="#330000"><font size=-1>email
address :</font></font></font></div>
</td>

<td><input type="text" name="email" value="" size=40 maxlength=42 ></td>
</tr>

<tr>
<td COLSPAN="2">
<center><input type="submit" name="Feedback" value="Submit" ><input type="reset" name="Clear" value="Clear" ></center>
</td>
</tr>
</table></center>

<center><input type="hidden" name="recipient" value="consciouschoices@cybertherapy.com"><input type="hidden" name="subject" value="Cybertherapy Form Submitted"><input type="hidden" name="redirect" value="https://xcybertherapy.MerchantQuest.net/cgi-ssl/confirm.html"><input type="hidden" name="env_report" value="REMOTE_HOST,REMOTE_ADDR,HTTP_USER_AGENT"><input type="hidden" name="required" value="real name,cc number,exp date,email,questions and concern"></form>
<br><font face="Georgia, Times New Roman, Times, serif"><font size=-1>||
<a href="#top">top</a> || <a href="index.html">home</a>|| <a href="meet.html" target="">meet
your counselor</a> || <a href="faqs.html">faqs</a> || <a href="link.html">links</a>
||[nbsp]</font></center>
</td>
</tr>
</table>
<a href="http://www.ismho.org/webpsych/"><img SRC="wpsylogo.GIF" BORDER=0 height=42 width=90></a>
<br><font face="Verdana, Arial, Helvetica, sans-serif"><font color="#FFFFFF"><font size=-1>revised</font></font></font>
<font face="Verdana, Arial, Helvetica, sans-serif"><font color="#FFFFFF"><font size=-1>2-9-01</font></font></font></br>
</body>
</html>

What sort of problems are you having?

Obvious things to check first are:

Is your script actually at /cgi-sys/mailform (and should that have a .pl or .cgi extension?)

has the script been uploaded as ascii

are the script permissions correct

Thanks Tidbit,
You've asked some really good questions and I'm a little embarrased to say that I'm not sure exactly how to respond. First off I'm not sure where /cgi-sys/mailform is among my folders? Is this the cgi-ssl bin? Or is there a folder in my CNC called /cgi-sys/mailform? Secondly what is a .pl and .cgi extension? You are beginning to see the depth of my understanding and the reason for my embarrasement. Is this what you put on the end of the page ie. my page is currently called sub.html should I replace the html with sub.pl or sub.cgi? Or am I way off? As to the script permissions they are all 755 and I ran the troubleshooter on the scripts and the error message I am getting is "invalid path" I appreciate your feedback, thanks
Peter

Okay, not knowing your level of undestanding I was trying not to appear patronising.. I will ahve to look some stuff up, I don't (unfortunately) have a Futurequest account:(

Here is the script error log from last attempt
---------
%% [Thu Aug 16 16:00:38 2001] GET /cgi-bin/confirm.html HTTP/1.1
%% 500 /big/dom/xcybertherapy/cgi-bin/
%request
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-us
Connection: Keep-Alive

okay, a few point..

scripts (files ending in .cgi or .pl) should be in your cgi-bin directory, and .html files shouldn't not be in there.

It's probably not a good idea to post your full paths here, you might like to edit the post to replace your username with xxx or something.

So if my submission page is sub.html should I change it to read sub.cgi or sub.pl? The script is in the document no? What do I need to do to get this thing to work? PS. thanks for the heads up re: path

your mailform script (should be named mailform.cgi ) needs to go in your /big/dom/xxx/cgi-bin directory, it must be uploaded as ascii (see http://www.aota.net/Script_Installation_Tips/ascii.php3 ) and your HTML needs to be

<form NAME="Submission Form" action="/cgi-bin/mailform.cgi" METHOD="POST">

and should be installed in your documents folder.

I think.

You may have to chmod the script ( http://www.aota.net/Script_Installation_Tips/changemode.php3 ) but I don't think this is necessary on FQ with .cgi files.

Originally posted by pchechele:
So if my submission page is sub.html should I change it to read sub.cgi or sub.pl? The script is in the document no? What do I need to do to get this thing to work? PS. thanks for the heads up re: path

No, your actual submission page needs to be a .html file and has to be in your /www/ directory. The actual work is done by a seperate script (the target of the form), mailform.cgi, which has to be in your /cgi-bin/ directory.

oh dear.. I've just been to your site and you've got this merchantquest complication.. now I'm really out of my depth.

Help someone?

okay, the HTML should read, instead of what I said above:

<form NAME="Submission Form" action="/cgi-ssl/mailform.cgi" METHOD="POST">

I've checked, and the script seems to be there, so now all you have to do is upload sub.html (with the changes above) to

/big/dom/xdomain/www

with the rest of your site, and change the link on your homepage from

https://xdomain.merchantquest.net/cgi-ssl/sub.html

to

http://www.domain.com/sub.html

(replacing all the 'domain' bits)

The permissions are fine 755. And it is uploaded in ASCII but the problems I am apparently having I think are more to do with the HTML code and maybe where I've placed or named certain files. Now I have mailform.cgi as the name of my submission form in the cgi-bin. Granted I have two cgi-bins one ssl and the other not. and I have the exact same submission page in my documents folder called sub.html This doesn't seem right to me and I know although I am a bit confused I am not that far from getting all this right ;)

Hello Peter,

Didn't we speak recently ;)

A couple of points here.

It appears that you are attempting to use the preinstalled formmail script from your secure web space, and while this is possible, it will show your visitors, as they submit the form, that it is being submitted insecurely.

To use the preinstalled formmail from your https://xdomainname.merchantquest.net pages you would need to change this line in the script you are using:

<form NAME="Submission Form" action="/cgi-sys/mailform" METHOD="POST">


To this:

<form NAME="Submission Form" action="http://www.yourdomain.com/cgi-sys/mailform" METHOD="POST">


To see a working example that I threw together and put up please visit:
https://xwolfstalks0.merchantquest.net/securecontact.htm

You will note that upon submission you will be prompted to acknowledge that this form is being sent unsecurely.

But it's possible :)

Hope this helps,
Bob

- Busy, Busy Friday :P -

Listen to this dude Bob, he knows what he's talking about.

I dont.



"Strange things are afoot at the Circle K"

Now that I'm looking at all of this I don't even think I have a cgi-script in my bin. All I have is a submission page that points to the bin but the script is not in there just another version of the sub page. I thought the page was my script but now I am thinking it is not. How embarrasing.

What does merchantquest have to do with anything? Not sure what you mean by this...

Some additional information, that I will attempt to point you to.

To submit the form to the server securely, would require you to obtain and install your own formmail script within your cgi-ssl.

An easy script to work with is:
http://worldwidemart.com/scripts/formmail.shtml

Note, that this will only send the information to the server securely, it will_not send you a secure email. At least that's the way I understand it %)

A true Secure solution to your form being submitted to you would be found here:
http://www.merchantquest.com/pgp/

Hope this helps,
Bob

- Rich, Ohhhh Rich, where are you, getting to my drowning point :P -

You're doin' just fine Bob... :)

First, to re-iterate what Bob has told you:

Your "page" is what's in the .html file

Your "script" is what you reference in <form action="somescript"

To call the script securely you'll need to use:

<form action="https://xdomainname.merchantquest.net/cgi-ssl/mailform"...

Next, you'll need to obtain and install the script (from the site Bob mentioned) into your /cgi-ssl directory.

(Oh, and change the part of your .html that says name="real name" to name="realname").

Once you get all this working, you will be able to collect the form input securely, but the information submitted will be e-mailed to you in plain text, which is a severe security breach.

To correct this problem, you'll need to use the PGP Form Mail script which will encrypt and then mail the form contents.

However, get the standard (non-PGP) version of the script working first from you site. Then, you can work on replacing it with the PGP version.

<edit>
TIP: If you try the above and still are having problems, I would suggest you do the following:

(1) Read the readme file that comes with the formmail.pl script.

(2) Set your existing .html file aside and create a new (very small) .html form so you can remove all the "clutter" and focus on getting the form/script working properly.

Then it will be much easier to pick-up your original .html and get it working.
</edit>


Rich
-- bite-sized chunks

Thanks guys,
UGH, I really hate the thought of using PGP. Talk about confusing stuff. I never could get that public/private key thing figured out. Oh well, I appreciate your suggestions and I may have to grin and bear it in order to get this thing tight.