#!/usr/bin/python import cgitb; cgitb.enable() import cgi import os import subprocess import sys # Target list name ListName = "blaag" print "Content-type: text/html" print print "Into the fray..." print "

Invite your friends!

" form = cgi.FieldStorage() #print "Environment:
"; #for param in os.environ.keys(): # print "%s: %s
" % (param,os.environ[param]) #print "number of form elements: " + str(len(form)) + "

" # References: # http://www.tutorialspoint.com/python/python_cgi_programming.htm # http://httpd.apache.org/docs/2.0/howto/auth.html from string import * rfc822_specials = '()<>@,;:\\"[]' def isAddressValid(addr): '''Validate an email address''' # First we validate the name portion (name@domain) c = 0 while c < len(addr): if addr[c] == '"' and (not c or addr[c - 1] == '.' or addr[c - 1] == '"'): c = c + 1 while c < len(addr): if addr[c] == '"': break if addr[c] == '\\' and addr[c + 1] == ' ': c = c + 2 continue if ord(addr[c]) < 32 or ord(addr[c]) >= 127: return 0 c = c + 1 else: return 0 if addr[c] == '@': break if addr[c] != '.': return 0 c = c + 1 continue if addr[c] == '@': break if ord(addr[c]) <= 32 or ord(addr[c]) >= 127: return 0 if addr[c] in rfc822_specials: return 0 c = c + 1 if not c or addr[c - 1] == '.': return 0 # Next we validate the domain portion (name@domain) domain = c = c + 1 if domain >= len(addr): return 0 count = 0 while c < len(addr): if addr[c] == '.': if c == domain or addr[c - 1] == '.': return 0 count = count + 1 if ord(addr[c]) <= 32 or ord(addr[c]) >= 127: return 0 if addr[c] in rfc822_specials: return 0 c = c + 1 return count >= 1 # GET method if os.environ['REQUEST_METHOD'] == "GET": print """
Use this form to invite your friends to the list '""" + ListName + """'. A standard mailman confirmation will be sent to the specified address.

Email Address:
Verify Email Address:

NOTE: Once subscribed, users may unsubscribe using the standard mailman techniques, described in the mailman welcome email.
""" # POST method if os.environ['REQUEST_METHOD'] == "POST": # print "Got form items:
" # for k in form.keys(): # print "key %s with value %s
" % (k, form.getvalue(k)) # Check that the email address was typed correctly if form.getvalue('address') == form.getvalue('address_verify'): invitee = form.getvalue('address') pass else: print """ The supplied addresses do not match, type better next time!
Ok, I'll try my best """ sys.exit() # Verify that the input is a valid email address if isAddressValid(invitee): pass else: print """ The supplied input is not a valid email address, stop hacking!
Ok, I will stop hacking """ sys.exit() # Fire off new_add_members, passing address as stdin # we're emulating something like: echo "ADDRESS" | new_add_members -r - LISTNAME proc = subprocess.Popen( [ 'sudo', '/usr/sbin/new_add_members', '-r', '-', ListName, ], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, ) # the value of 'address' is sent via stdin stdout,stderr = proc.communicate(form.getvalue('address')) print stdout if stderr: print stderr print "

Invite another friend!"