# Generic Aurora cgi to mail form data and display a new page
# Revision history
# 1998-05-20  prj  initial version
# 1998-12-15  prj  added mf_mailfrom, plus little cleanups
# 1999-04-29  prj  added conditional field inclusion
# 1999-05-14  prj  fixed weird problem with AURORAfooter - mustn't touch $/
# 2006-03-14  TNS  Force user to hard-code recipient to avoid script being hijacked

print "Content-type: text/html\n\n";
print AURORAheader($FORM::mf_title, '', $FORM::mf_headtags, '',
                   $FORM::mf_bodyattrib);

# Default values
$mailto="my.name\@case.edu"; # Put the address of the recipient(s) here
$FORM::mf_maintainer=$mailto;
$FORM::mf_format='%f: %v' unless defined($FORM::mf_format);
$FORM::mf_success='Success!' unless defined($FORM::mf_success);

# Converts 'name' or 'name=value' to true (\*_) or false (undef)
sub condition {
    $_=shift;
    return $_ if !defined($_) || ref($_);
    my ($name, $value)=split(/=/, $_, 2);
    $name=~s/\W/_/g;
    return exists($FORM::{$name})? \*_: undef unless defined($value);
    foreach (@{$FORM::{$name}}) {
        return \*_ if $_ eq $value;
    }
    return undef;
}

if ($FORM::mf_fields eq '') {
    print "<p>One or more of the form input fields required for mailform to\n",
          "function properly was not present in the form.  Please direct\n",
          "the maintainer of this Aurora account to the\n",
          '<a href="http://www.case.edu/help/AuroraCGI/mailform.html">',
          "mailform documentation</a>.\n";
} else {
    # Process conditional fields
    $_=$FORM::mf_reqfields;
  LISTS:
    foreach $list (\@reqfields, \@fields) {
        $condition=\*_;
        $parens=0;
        foreach (split) {
            if ($_ eq '?') {
                $malformed=1, last LISTS if $parens;
                $condition=condition(pop(@$list));
            } elsif ($_ eq '&') {
                $malformed=1, last LISTS if $parens;
                $c0=condition(pop(@$list));
                $c1=condition(pop(@$list));
                push(@$list, ($c0 and $c1)? \*_: undef);
            } elsif ($_ eq '|') {
                $malformed=1, last LISTS if $parens;
                $c0=condition(pop(@$list));
                $c1=condition(pop(@$list));
                push(@$list, ($c0 or  $c1)? \*_: undef);
            } elsif ($_ eq '^') {
                $malformed=1, last LISTS if $parens;
                $c0=condition(pop(@$list));
                $c1=condition(pop(@$list));
                push(@$list, ($c0 xor $c1)? \*_: undef);
            } elsif ($_ eq '!') {
                $malformed=1, last LISTS if $parens;
                $c0=condition(pop(@$list));
                push(@$list, (not $c0)? \*_: undef);
            } elsif ($_ eq '(') {
                ++$parens;
            } elsif ($_ eq ')') {
                --$parens;
                $condition=\*_ unless $parens;
            } elsif ($condition) {
                push(@$list, $_);
            } elsif (!$parens) {
                $condition=\*_;
            }
        }
        $_=$FORM::mf_fields;
    }
    if ($malformed) {
        $page=$FORM::mf_failure;
        mail($mailto, 'mailform is misconfigured',
             'The form at '.$ENV{'HTTP_REFERER'}." has a malformed\n".
             "conditional expression in mf_fields or mf_reqfields.\n".
             "Check the mailform documentation at\n".
             "http://www.case.edu/help/AuroraCGI/mailform.html\n");
        print "<p>This form was misconfigured.  Please direct\n",
              "the maintainer of this Aurora account to the\n",
              '<a href="http://www.case.edu/help/AuroraCGI/mailform.html">',
              "mailform documentation</a>.<br>\n";
    } else {
        # Check for all the required fields
        foreach $field (@reqfields) {
            # FORM:: variables have nonalphanumeric characters replaced with _
            ($field_=$field)=~s/\W/_/g;
            # Add " foo+" to the list of missing fields if $FORM::foo_ is blank
            $missing.=" $field" if $ {$FORM::{$field_}} eq '';
        }

        if ($missing ne '') {
            $page=$FORM::mf_failure;
            print 'The following required field(s) were not entered: ',
                  $missing, ".<br>\n";
        } else {
            $page=$FORM::mf_success;
            # Process each input field specified in the "fields" field
            foreach $field (@fields) {
                ($field_=$field)=~s/\W/_/g;
                # Loop over each value of the field
                foreach $value (@{$FORM::{$field_}}) {
                    # Construct the output line and append it to the message
                    ($line=$FORM::mf_format)=~s[%(.)]
                        [($_={ f=>$field, u=>$field_, v=>$value }->{$1},
                         defined($_))? $_: $1]ge;
                    $message.="$line\n";
                }
            }
            unless (defined($FORM::mf_mailfrom)?
                    mail($FORM::mf_mailfrom, $mailto,
                         $FORM::mf_subject, $message):
                    mail($mailto, $FORM::mf_subject, $message)) {
                print "There was an error while mailing your data.<br>\n";
                $page=$FORM::mf_failure;
            }
        }
    }
    if ($page!~m{^/}) {
        print $page;
    } elsif (ropen(PAGE, $page)) {
        print <PAGE>;
        close(PAGE);
    } else {
        mail($FORM::mf_maintainer, "mailform could not find `$page'",
             'The form at '.$ENV{'HTTP_REFERER'}." directed mailform to\n".
             "a file named $page, but mailform was unable to access it.\n");
    }
}

print AURORAfooter($FORM::mf_maintainer, 'mailto:'.$FORM::mf_maintainer);