Question about POST

Sannyasin Sivakatirswami katir at hindu.org
Thu Sep 5 17:41:01 EDT 2002 

Andre:

Not sure if we  understand  you correctly but if  your intent is to 
take data from a form in a Revolution card and send it to a CGI, using 
POST, then the normal method is to URLEncode that data. The following 
script encodes a simple form and sends it to the generic "formmail.pl" 
Perl script which is a CGI on a remote server. it wants just to get the 
persons name and address info plus comments.

There is a very big caveat, though, related to spam and service 
attacks, if the CGI is hosted on a server that is not under your 
control: most servers and many CGI's that process incoming data will 
only accept data that is generated from forms that are resident on the 
same host system, or from authorized domains that are hard coded into 
the CGI script.

In the formmail.pl script that was set to process the following 
data...after I set the "authorized domains" variable in [Matt's] 
formmail.pl on the host system (where our content is hosted on a 
virtual domain),   the following failed if used in any standalone that 
was distributed... because, obviously, the standalone was posting the 
data through the ISP of the user that was using the standalone and thus 
appeared to the server that was running the CGI as a spam attack on the 
CGI from an outside, unauthorized domain.

I was never able to resolve this one.. . I hesitated to remove the 
authorized domain variable from the formmail.pl, because our server 
logs clearly show attempts to spam "formmail"  by hackers, and although 
the sys admin for the HOST is pretty soft on this one and has no global 
protection in place against it... there would be serious repercussions 
if one of my forms were the cause of the server going down....

  I resorted to asking people in the stand alone to simply email us 
their name and address and contact information from their own email 
client... here the intent was to let them "register" as a user from 
within the standalone,

Can anyone else comment on this? I could be missing something very 
simple here. Could one somehow keep the authorized domain list on the 
host machine's CGI and still create a mechanism on a publicly 
distributed standalone to post data to that CGI from an ISP other than 
the machine that hosted the CGI? Where the domain from which the POST 
was originating would be completely unknown? i suppose if I used a 
faceless xTalk CGI and configured it to accept only input from the 
standalone, that could also be another solution?

Insights anyone?

   local tText
   put "a-email,j-subject,k-comments,i-country,b-firstname,c-lastname" 
into requiredFields
   repeat for each item z in requiredFields
     if fld z is empty then
       answer "Email, name, subject, country and comments are required.."
       select  text of fld z
       exit to metacard
     end if
   end repeat
   set the cursor to watch
   put "to=" & fld "recipient"  into tText
   put "CyberHall--" & fld "j-subject" into jai
   put "&sub="&urlEncode(jai)  after tText
   put "&from="&urlEncode(fld "a-email") after tText
   put "&a-firstName="&urlEncode(fld "b-firstName") after tText
   put "&c-lastName="&urlEncode(fld "c-lastName") after tText
   put "&d-add1="&urlEncode(fld "d-add1") after tText
   put "&e-add2="&urlEncode(fld "e-add2") after tText
   put "&f-city="&urlEncode(fld "f-city") after tText
   put "&g-state="&urlEncode(fld "g-state") after tText
   put "&h-zip="&urlEncode(fld "h-zip") after tText
   put "&i-country="&urlEncode(fld "i-country") after tText
   put "&k-Comments="&urlEncode(fld "k-Comments") after tText
   post tText to url "http://www.somedomain.com/cgi-bin/formmail.pl"
   set the cursor to watch
   showreport it
end mouseUp
>

> Message: 3
> Date: Thu, 5 Sep 2002 13:34:08 -0300
> Subject: Question about POST
> From: Andre Garzia <soapdog at mac.com>
> To: use-revolution at lists.runrev.com
> Reply-To: use-revolution at lists.runrev.com
>
> Hi Comunity,
>
> i want to make an app that fill a web form using the post method, i
> found the post keyword in the transcript dictionary but how do i tell
> wich content go under wich var... my form is a little complex with many
> fields and the post keyword says post chunk to site, how do i order 
> that
> data? if someone could please help.... just mail me some copy&paste
> code, i'll figure the rest... Tanx in advance.
> Andre Garzia Ô£ø 2002
> imac2 ibook p100 e uma torradeira....
>
>
> --__--__--
>
> Message: 4
> Date: Thu, 5 Sep 2002 09:42:23 -0700
> To: use-revolution at lists.runrev.com
> From: Kee Nethery <kee at kagi.com>
> Subject: I changed the name of a stack
> Reply-To: use-revolution at lists.runrev.com
>
> I'm told I sent this to the wrong address and that I should resend
> it. Sorry if you have seen it previously.
>
> -------------------------------------------
>
> I changed the name of a stack in the properties and at the directory
> level. The properties name is (and was) different from the file name.
> Now when I open the stack from within the Revolution development
> environment most of the menus are greyed out. In the "Object" menu
> the only selectable menu items are "Colors and Patterns", "New
> Control" and "Alignment Palete".
>
> I cannot access the scripts or properties of the stack via the Object
> menu. I changed the name back to what it was but that doesn't seem to
> help.
>
> I can get to the scripts if I put it into debug mode and then press
> the edit script button but that is a kludge.
>
> What secret move do I need to do to be able to once again deal with
> this stack as a normal stack?
>
> Do I have to rebuild it from the ground up and use the debug edit
> kludge to grab all the scripts?
>
> Kee Nethery
>
>
> --__--__--
>
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> http://lists.runrev.com/mailman/listinfo/use-revolution
>
>
> End of use-revolution Digest
>

More information about the use-livecode mailing list