PDA

View Full Version : Need Help with Formmail



Joavatar
03-04-2004, 07:30 AM
Hello,

I am new to forms, cgi apps, don't know anything about perl. I just took over maintenance on a site that uses formmail for secure order processing.

When I click the send button, I get the message:

Bad Referrer - Access Denied
The form attempting to use FormMail resides at https://ssl4.westserver.net/taketimecenter.com/taketime_ordering.htm, which is not allowed to access this cgi script.
If you are attempting to configure FormMail to run with this form, you need to add the following to @referers, explained in detail in the README file.

Add 'ssl4.westserver.net' to your @referers array.


So, I know this means I need to edit the formmail.pl script, but I don't know how to do that. Can someone help me?

Thank you.
Joanne

Joavatar
03-04-2004, 08:07 AM
Hi again,

I figured out how to edit the formmail.pl script. I added ssl4.westserver.net to the @referers array, but I am still gettting the
Bad Referrer error.

Anyone have a clue as to what I might have done wrong?

Thanks.
Joanne

ccwebb
03-04-2004, 02:01 PM
Your ordering.htm is on a secure server. The .htm form call

http://taketimecenter.com/cgi-bin/formmail/FormMail.pl
is to FormMail.pl on the regular server (no https).

Did you change FormMail on the non secure server?

If YES then reply back showing what you have in @referers (copy/paste)

Charlie

(note: after posting this I am not sure the above is correct - at one time the secure and non-secure servers were two separate servers. It may be now under 2.0 that they are on the same physical server)

wildjokerdesign
03-04-2004, 02:43 PM
I think it is a bug in the script itself. If I rember the script when it is checking referers it is looking for a pattern that only uses one dot in the domain name. If it is not that it could be that it is not checking using the https but I don't think that is part of the pattern match in this case. I'll go did up an old copy of it and see what I can find out.

UPDATE:

No I just checked and that shouldn't be problem. It should catch http or https and the amount of "dots" should not matter. You might double check the spelling and check to make sure that you got the new changed version uploaded to the server. Can't tell you how many times I thought I had uploaded the changesthe after about an hour for looking for the problem figured out I had not. :)