We need a "contact us" web page/form created and linked to a Windows server running Active Perl.
The "Contact us" form must contain the following fields:
Subject:
Your name:
Your email address:
Message:
...along with a Submit button.
All of this sounds fairly simple, however, there are some features we want built into the Perl handler that makes this form special. Here are the items we want to see added, features that should help reduce the number of SPAM messages and bots:
1) Every field needs to be verified using server-side code. Email addresses entered need to be checked using a good regular expression. All fields should be scanned for HTML tags, SQL injections, excessive length (buffer overflow). Each field should have a maximum length value that cannot be exceeded. A Javascript client side check should exist, and also a server side check.
2) An array of predefined words and phrases will be scanned against, and if any match with what is being submitted from the form occurs, then the contents of the form must not be submitted. The array of phrases/words could be like:
www.
http:/
viagra
porno
lottery
This list should be in a separate ASCII file that can be easily edited using Notepad.
3) Check for rogue POST and GET values. If the form expects three POSTed fields, the existence of a fourth could indicate a hacking attempt. Check that no additional GET values have been passed.
4) Check the HTTP header. If no user agent (HTTP_USER_AGENT) exists or a referring page (HTTP_REFERER) then the form submission should be refused.
continued below...
Requirements Interview Answers: 
To help you bid more accurately, the buyer was interviewed about the requirements for this project. Below are their answers.
Untitled Page
Other Requirements:
We need a "contact us" web page/form created and linked to a Windows server running Active Perl.
The "Contact us" form must contain the following fields:
Subject:
Your name:
Your email address:
Message:
...along with a Submit button.
All of this sounds fairly simple, however, there are some features we want built into the Perl handler that makes this form special. Here are the items we want to see added, features that should help reduce the number of SPAM messages and bots:
1) Every field needs to be verified using server-side code. Email addresses entered need to be checked using a good regular expression. All fields should be scanned for HTML tags, SQL injections, excessive length (buffer overflow). Each field should have a maximum length value that cannot be exceeded. A Javascript client side check should exist, and also a server side check.
2) An array of predefined words and phrases will be scanned against, and if any match with what is being submitted from the form occurs, then the contents of the form must not be submitted. The array of phrases/words could be like:
www.
http:/
viagra
porno
lottery
This list should be in a separate ASCII file that can be easily edited using Notepad.
3) Check for rogue POST and GET values. If the form expects three POSTed fields, the existence of a fourth could indicate a hacking attempt. Check that no additional GET values have been passed.
4) Check the HTTP header. If no user agent (HTTP_USER_AGENT) exists or a referring page (HTTP_REFERER) then the form submission should be refused.
5) Add a user "time response." All users will take a little time to complete forms whereas bots are almost instantaneous. The Active Perl solution should be something like the following:
+ The current server time is recorded when the form page is generated.
+ The time value is encoded into a string. The actual encoding algorithm is up to you, but it must be one that is not obvious and allow decoding back to the original value. I would also recommend using unique user data, such as the IP address, as an encryption key.
+ The encoded time is put in a hidden form value.
+ When the form is posted back, the field is checked and decoded back to a time. This can now be compared with the current server time to ensure the response time falls within a specific window, e.g. between 15 seconds and 15 minutes.
6) The Perl code should have fields that define:
+ An email address to whom the submitted form data is passed on to
+ An optional "cc" address
+ Values defining the mail server parameters (the server is running iMail server)
7) The form data should be inserted into a ASCII template file, and then sent to the predefined email addresses. The template should look something like:
---- snip 8< ----
Subject: %Subject%
Date/time: %Date% %Time% (e.g., Tuesday, Oct. 3, 2009, 9:34 am)
Contact name: %YourName% <%emailAddress%>
Message: %MessageBody%
IP: %IPAddress%
---- snip 8< ----
8) The email message should be sent to the mail server using the visitor's email address, so that when we receive the incoming message, all we have to do is hit REPLY and our response will be sent to the visitor. Yes, our email server allows local relaying.
9) Error messages should be displayed above each field in red to indicate which fields failed to be accepted according to the guidelines above.
10) A URL of the page to be displayed upon a successful submission needs to be included in the Perl code.
11) A list of valid referrers must be included in the code, and one of the values must match the incoming referer in order to be accepted as a valid submission. Example:
@referers = (
'www.mywebsite.com',
'192.168.1.2',
'66.67.68.115');
Again, the code must be in Active Perl and run on a Windows 2000 server.
Source code must be liberally commented to our satisfaction.
Remember that contacting the other party outside of the site (by email, phone, etc.) on all business projects < $500 (before the buyer's money is escrowed) is a violation of both the software buyer and seller agreements.
Rent A Coder monitors all site activity for such violations and can instantly expel transgressors on the spot, so we thank you in advance for your cooperation.
If you notice a violation please help out the site and report it. Thanks for your help.
Categories:
(Note: Like everything else on this page, these categories are part of the original contract for this bid request.)
Web, Language Specific, Perl, Software Related (Includes Websites)
Excellent
Messages summary
Post first reply
Chat log
Status reports
Escrow Log
Work acceptance
Assembla Tools
Mediation / Arbitration
Contact info / receipts
Bid request phase log
Ratings
Brief Summary:
