|
|||||||||||
|
|
||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||
|
Sign Up |
||||||||||
|
This document describes how you can use our forms handling scripts to handle your form data. It features
The forms handler script is called forms.cgi and can be invoked from your form using an html <FORM> tag and setting action="http://www.bigbiz.com/cgi-bin/forms.cgi". www.bigbiz.com mey be changed depending on which server you are on, this will be discussed later. For secure forms you can post to https://www.bigbiz.com/cgi-bin/forms.cgi. If you are a FrontPage user, you can set your form properties to post to a cgi script and type in the name of this script, more on that later. ExampleLets start with an exampleThis form lets you enter your name, and email address, and posts it to the forms.cgi script. This form is configured to send the message "Thank you for using forms.cgi" to the email address you enter. This is just a simple demonstration of using forms.cgi to mailback form results. The HTML code for the above example is as follows action="http://www.bigbiz.com/cgi-bin/forms.cgi"ACTION specifies the CGI script your form is posted to. Depending on which server you are on, and whether you want to post the form data securely, the URL can change.
method="POST"The method will always be POST; this is just the world wide web standard for cgi scripting.mynameThis is a user defined field, it is later listed in F_fields to put it into the message thats mailed to you. You should probably list all user defined fields in the F_fields variable.F_toWhen you want the form results to be e-mailed, you need to specify system variables F_to, F_from, and F_subject. In this form we let the user type in the F_to variable. Note: all system variables begin with an uppercase F and underscore "F_"; and have special meanings.hiddenHidden variables are useful to pass user information and system information to the forms.cgi script. There are many system variables that control the forms.cgi script (see the reference section). These are typically passed into the script as hidden variables. You can also pass in user defined hidden variables to be included in your form results.msgThis is a user defined hidden variable and will be placed in the body of the email. It is listed in F_fields.yournameThis is a user defined hidden variable and will be placed in the body of the email. It is listed in F_fields.F_fieldsThis system variable specifies which variables are to be included in the body of the message. The format of F_fields determines how your message will appear, a "+" is replaced with a space, and a "," is replaced by a new-line. You should always specify a F_fields hidden variable.F_subjectThis is a system variable for email - specifies the subject line used in the message.F_fromThis is a system variable for email - specifies the sender of the message.submitEach form must have a submit button, the value will be shown on the button.FrontPage FormsIf you are a FrontPage user, you can design your forms using the FrontPage editor. As an example we will duplicate creating the above form using FrontPage. We will show you step-by-step what to do to achieve the same results as the above html.Click HERE for the FrontPage step-by-step, which includes all the screen shots. The page has a lot of screen shots and may take some time to load, be patient. Click HERE for the "light" version where you can click-thru to each graphic (loads much faster). Mail Back FormsThe most common use for forms.cgi is to mail the users' input to the webmaster. The mailback example above illustrates its use. As a minimum you should specify a F_to variable. We also recommend setting F_from, F_subject, and F_fields.Example: Secure FormsA popular use of secure forms is for online order forms. Security is needed to make sure sensitive information (like credit card numbers and bank account info) cant be intercepted by third parties.To set up a secure form, you need to
Access the form using a secure URLYour web site is normally accessed using http://www.yourdomain.com and is considered (by industry experts) to be non-secure. A third party with the proper equipment can tap the transit routers and capture the data as it goes across the internet and steal your information. Think of the analogy of someone tapping your phone line or listening in on your cellular phone call.Your web site can also be accessed using a secure URL using the https protocol, example: https://www.bigbiz.com/yourdomain.com. When you use https, the information across the internet is encrypted and is nearly impossible for someone capturing the data to decrypt. Your secure URL will depend on which server your web site was assigned to and you can find it on your "welcome" message you received when we opened your account. Currently the following are the shared secure server URLs:
When you have a form on your web site, you can link to it using the secure URL to the form instead of the regular URL, that will give the users of your form the feeling of security. Example, suppose your form is at http://www.acme.com/shopping/orderform.html and you are on web01, then the secure URL is https://www.bigbiz.com/acme.com/shopping/orderform.html.
Translating
a normal URL to a secure URL is key to making portions of your web site
secure. We illustrate with 2 examples, one on web01 and one on web04:  Note: FrontPage users, you cannot use any web-bots on your secure forms (example: hit counters), they will not work when you access it using the shared secure server. Design your secure forms without web-bots.
Specify a secure URL for the form ACTIONFor the ACTION="URL" field in the <FORM> tag, specify the secure URL of the forms.cgi script. The following table shows the URL to use
Encrypt sensitive fieldsFor best protection, you can tell forms.cgi to encrypt some fields. If someone intercepts your e-mail, or somehow gets your logfile they would have a very difficult time to decrypt your message. We highly recommend encrypting credit card numbers.Note: To use encryption you must obtain an encryption key first. Click HERE to get an encryption key. To encrypt, add "_encrypted" to the variable you want to encrypt in the F_fields list; the encrypted version of the variables will be sent instead of the normal versions. You will also need to add system variable F_key, which is your encryption key as obtained above. You can use your encryption key on your forms, even tell other people, however DO NOT TELL ANYONE YOUR SECRET PASS PHRASE. You will use your secret pass phrase to decrypt your messages. Example: Working Example: This example form lets you enter a credit card number (you dont have to enter a real one) and demonstrates encrypting it. It will email you the encrypted number. When you receive the email, use the Decryption Form to decrypt the number. You can use your own encryption key, or for this demo you can use encrytion key="nNxgFpguL0A" decryption phrase="Mary had a little lamb.".Example: skip to the section on Secure Order Forms for a real example OK and Error PagesAfter the user submits the form and forms.cgi processes it, it displays a simple page "Your form has been processed, thank you". This is probably not adequate for most applications so forms.cgi allows you to specify your own URL for the thank-you page. Set the URL in the system variable F_ok_url, example:Sometimes an error is detected in forms.cgi; a required field is missing, a email address is not valid, etc... We display the error message and instruct the user to go BACK and correct it and re-submit. You can override this behaviour by specifying your own F_error_url, example: Working Example: This example shows F_ok_url and F_error_url being used. http://www.bigbiz.com/faqs/forms/ok-url-test.php
Confirmation PageA confirmation page is optionally displayed to the users browser after their input has been accepted. If you set the confirmation page variable F_display, then it overrides the F_ok_url and the default thank you message. You have better control over the confirmation page display, and you can include the users input on the page.Set F_display to the title of the confirmation page. The confirmation page contents will be the same as whats produced by F_fields. You can override F_fields using F_display_fields. If you want to be fancy, you can include HTML tags in F_display_fields to customize the output. Example: We will respond as soon as possible.'"> Validating Credit Card Numbersforms.cgi can validate credit card numbers using an industry standard checksum. Simply set the system variable F_validate_cc to your credit card number variable name. forms.cgi will check the credit card number and detect errors.Example: Required fieldsforms.cgi can detect missing required fields, simply set the system variable F_required to the list of required fields. If any of the fields are blank then an error message is issued.Example: Logfileforms.cgi normally generates an e-mail message. However it can be modified to also generate a log file. In order to generate a logfile you will need to upload your own cgi script to define the name of the log file and the fields that will be recorded. Here is the format of your scriptBy specifying the variables $logfile and $logfilefields, the script will append the form results to a logfile. You can later download the file and use it for whatever purposes, order tracking, import to database, etc... Set $logfile to the name of the file, it will be put into your home directory; if you are a FrontPage user, the file will be put into your _private directory. Set $logfilefields to a list of fields to log, you can include special fields (ones beginning with F_), and also you can include encrypted fields (ending with _encrypted). In the above example you may end up with a logfile that looks like this: It is safe to encrypt secret fields into your logfile, if someone manages to steal your logfile, they cannot get the secret fields. to decrypt your logfile, download it to your system, and use the decryption page's "UPLOAD" feature to decrypt an entire file all at once. Note: we assume you already know how to upload scripts into your cgi-bin directory. Special F_fields VariablesAdd these special variables to your F_fields list if you want them in your message.
Testing your formInstead of forms.cgi, use forms-test.cgi as your <form> action and you can test your form. The test scrript will display all your input, any errors detected, and give you a summary of actions it would have taken. We recommend using forms-test.cgi until everything is OK, then you can change the action to forms.cgi and go live. In case you haven't noticed yet, the working example in the "Mail Back Forms" topic above posts to forms-test.cgi; try it.Example Order Form Featuresforms.cgi has special features to handle order forms with multiple lines of items. It can calculate line totals, subtotals, tax, and order total. (It cannot calculate shipping costs, so you would have to make a flat rate estimate).On your order form line items, you need to send the fields QTY* and PRICE*, where * is a number. For example if you have 3 items, you can set PRICE1, PRICE2, and PRICE3. The corresponding QTY1, QTY2, and QTY3 would be the quantity ordered, and is generally a user entry field on the order form. You can define additional line fields, such as CATALOG_NUMBER*, DESC*, etc... which represent the item on the line. When an order form is submitted, forms.cgi will calculate line totals (QTY* times PRICE*), and order subtotal (total of all the line totals). If the special variables F_taxrate is set, then we also calculate the tax (order subtotal times taxrate). Another special variable F_totalsum gives a list of fields to sum for the final order total. All of the calculated values (line totals, subtotals, tax, order total) are available to be used in your email, confirmation, or logfile using special variable names. Here is an example of a simple order form for a hardware store. We explain how each form component works. You can try it out and send yourself some test orders. We also show you how you can make the form secure.
|
|
|
Lets discuss the various fields and their meanings
QTY1, QTY2, QTY3, and QTY4These fields are for user input for # of items ordered. The name must be QTYnnn where nnn is a number.PRICE1, PRICE2, PRICE3, and PRICE4These hidden fields are the corresponding single unit prices for each line item. The name must be PRICEnnn where nnn is a number corresponding to QTYnnn.CATN1-4, ITEM1-4These are additional descriptions for each line item. They are referenced in the variable F_orderline which is used to format the orderline output. You can have more of these XXXnnn variables depending on what your order processing department needs.F_to, F_from, F_subjectEmail fields. This sends the order to the order processing department.F_taxrateThis radio button set inputs the tax rate to the script. The number is in percent. The special variable F_taxrate is used to calculate F_tax using the formula F_subtotal * F_taxrate / 100.ShippingThis radio button set inputs the shipping charges. The variable Shipping is used later in F_totalsum to determine the order total.F_subtotalThis is a calculated number, it is all the line totals combined.F_linetotalThis special system variable holds the line total for each line whose quantity is non-zero. It is used in F_orderline for formatting the line output. This is a calculated number and has no meaning outside of F_orderline.F_taxThis is the calculated tax based on F_taxrate.F_totalsumA list of variables to add together to arrive at the order total. F_subtotal and F_tax are calculated. Shipping is a user input. The calculated value can be printed using the variable F_total.F_orderlineThis gives the format of the order line used in the output (F_orderline* in F_fields). Each of the '*' variables are replaced by their corresponding line item values. F_linetotal is a special variable representing the line total.F_fieldsThe format of the body of the message. The special features we use here are F_orderline*, which represents each order line (see F_orderline for its format). Note also the calculated values for F_subtotal, F_tax, and F_total are printed. The credit card number is encrypted.F_keyThe key used for encrytion. The key here corresponds to a decryption phrase "Mary had a little lamb.". When you receive the email order you can use the decryption page to decode the credit card number.F_cc_validateWe validate the credit card number before processing.thanksJust a literal used later in F_display_fields.F_display and F_display_fieldsThe confirmation page title and format. Note use of F_orderline* surrounded by <listing></listing> so we can get a better format confirmation page.F_requiredWe require the user enter all those fieldsexp1 and exp2Fancy input to collect the credit card expiration date.action="https://www.bigbiz.com/cgi-bin/forms.cgi"The form action posts to the secure URL. This is because we want to protect the credit card information.Secure Order FormWe've taken a copy of the above order form and uploaded it to the motelworld.com website. motelworld.com is on web02. We modified the form slightly
Note you can invoke the form secure by translating the normal URL http://www.motelworld.com/acme/order_test.html to https://secure.bigbiz.com/motelworld.com/acme/order_test.html. Since you are in charge of the links on your web site, make sure you use the secure link. Thats all there is to converting a normal order form to a secure order form. FrontPage design of Secure Order FormOur final FrontPage example gives step-by-step instructions to design the secure order form shown above.Go HERE for the page with all the graphics. The page has a lot of screen shots and may take some time to load, be patient. Go HERE for the "light" version where you can click-thru to each graphic (loads much faster). ReferenceThis section lists all system variables, (those that begin with F_). When naming your own variables, dont name any beginning with "F_". We may add new system variables from time to time, they will always begin with F_.F_ccSpecifies the Cc recipient(s) of the email message. See also F_to.F_dateSpecify this variable in your F_fields list to get a time/date stamp. ExampleF_displayWill display a web page with this title after processing the form. The body of the page is determined by F_display_fields or F_fields. You can use this to display a confirmation to the user that you received their input.Example: This form sends email and then displays a confirmation. F_error_urlThe is the URL which will be redirected to if the forms.cgi script detects an error. If you dont specify one then we simply display the error message. You can specify an html file or a cgi script. If you specify a CGI script, you can process the form variable error_message which we will pass to you.Examples F_fieldsThis system variable specifies which variables are to be included in the body of the message. All user defined fields should probably be put here. If you dont specify F_fields, then all user variables will be placed in the message, in alphabetical order.Besides user variables, you can include any system variable in the list as well, expecially F_date, F_ip_address, and F_referer, and F_host. Example
F_fromSpecifies the from address of the email that is sent. To send email you should specify F_from, F_to, and F_subject, and optionally F_cc. ExampleF_hostSpecify this variable in your F_fields list to get the Hostname of the user (if possible). Hostname is an attempt to resolve the user's IP address, sometimes it fails because the user's ISP has not configured reverse DNS. See also F_ip_address.F_ip_addressSpecify this variable in your F_fields list to get the IP Address of the user. IP address may be used as a clue to which ISP they are using to connect to the internet. For an example see F_date above.F_key and *_encryptedF_key specifies an encryption key to use for encrypting fields. Fields to be encrypted are named in the F_fields list with a _encrypted suffix. Use https://www.bigbiz.com/genkey.php to get a key to use. Use https://www.bigbiz.com/decrypt.php to decrypt your messages. Example:F_linetotalIt holds the current line total (QTY * PRICE), and is only useful in the F_orderline format. See Order Forms for details.$logfile$logfile can be set to the name of a file to log all results to. You can only set this variable if you upload your own cgi script. See the discussion on Log Files for an example.The logfile will be either placed in your home directory or in the web directory _private if it exists (Note: FrontPage automatically creates the _private directory). To retrieve the contents of the logfile, you can ftp it from your home directory, make sure you set TEXT or ASCII mode to transfer the file. If it is placed in your _private web directory, you can get it with your browser at http://www.yourdomain.com/_private/name_of_file. You will need to enter your FrontPage userid and password. Note: non-FrontPage users can also use the _private mechanism, simply create the web directory _private and add appropriate protections with .htaccess. The variable $logfilefields can be used to specify the format for the logfile body. $logfilefieldsList the variables you want logged. The overall format of the logfile entries is comma separated values enclosed in quotes (commonly known as CSV). The logfiles are suitable for importing into spreadsheet and database programs.Example: F_namesSet this variable to 1 is you want variables to be preceded by their names.Example: Normally we dont display names, the body looks like this the body looks like this F_ok_urlThis is the URL the users browser is redirected to after successful processing of the form. ExampleF_orderline and F_orderline*F_orderline gives the format of the F_orderline* variable used in F_fields. It determines the print format of each line item (whose QTY is nonzero). End variable names with '*' to indicate it is variable per item.When you use F_orderline* in F_fields, it places the entire block of formatted order lines into the output. You can also use F_orderline* in F_display_fields. QTY* and PRICE*These special names are used for order form processing. See the section on Order Forms for details.F_refererSpecify this variable in your F_fields list to get the URL of the form which posted to the script. Note: some browsers do not send referer correctly. For an example see F_date above.F_requiredYou can specify a list of variables which must have a value. For example if your form requires name, address, and phone number to have an input useF_subjectSpecifies the Subject: of the email message. See F_from for an example.F_subtotalThis is a calcluated amount, and is the sum of all the line totals. For example QTY1*PRICE1 + QTY2*PRICE2 + ... See Order Forms for details.F_taxrate and F_taxIf F_taxrate is set, will cause the value of F_tax to be calculated as F_tax = F_taxrate * F_subtotal * 100. (The multiply by 100 is there because the rate is a percentage). The astute programmer will notice that seting this to a negative number will give a discount. See Order Forms for details.F_toSpecifies the recipient(s) of the email message. See F_from for an example.F_totalsum and F_totalF_totalsum is a list of variables which are added together to calculate F_total. See Order Forms for details.Example: F_validate_ccSpecifies the variable name of a credit card number which will be checked for validity. Note: this only does a industry standard checksum, it does NOT use the banking network to check funds. It is at most useful for guarding against mis-typed numbers. Example: |
|
| Our Services E-Mail Billing Info News Policy Statement Tech Info FAQs Contact |
