git ssb

0+

cel / freecheck



Tree: d362cada9d1fece1ac933832b994a43578709c74

Files: d362cada9d1fece1ac933832b994a43578709c74 / freecheck.cgi

13166 bytesRaw
1#!/usr/bin/perl
2
3#---------------
4#
5# FreeCheck - a free check printing application released
6# under the GNU General Public Licene.
7#
8# Copyright (C) 2000 Eric Sandeen (sandeen-freecheck@sandeen.net)
9#
10# This program is free software; you can redistribute it and/or modify
11# it under the terms of the GNU General Public License as published by
12# the Free Software Foundation; either version 2 of the License, or
13# (at your option) any later version.
14#
15# This program is distributed in the hope that it will be useful,
16# but WITHOUT ANY WARRANTY; without even the implied warranty of
17# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18# GNU General Public License for more details.
19#
20# You should have received a copy of the GNU General Public License
21# along with this program; if not, write to the Free Software
22# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23#
24#---------------
25
26###########################################
27# WARNING WARNING WARNING WARNING WARNING #
28###########################################
29# THIS CODE EXECUTES AT LEAST ONE EXTERNAL PROGRAM, BASED ON
30# STRINGS PASSED IN FROM THE FORM. A FEEBLE EFFORT HAS BEEN
31# MADE TO SANITIZE THOSE STRINGS, BUT THERE COULD STILL BE
32# A SECURITY RISK HERE. YOU HAVE BEEN WARNED
33##########################################
34
35# This script will generate a form that allows users to fill out information to
36# be printed on checks, and they get back either a PostScript or a PDF document.
37# Currently, the freecheck script and config files need to be in the same dir as
38# the CGI. If you want to generate PDFs, you need GhostScript. You also really
39# need the 6.x series, or the PDFs will look horrible, and checks printed almost
40# certainly will not be machine readable.
41
42# The freecheck executable script, and the freecheck config file
43# (freecheck.cfg) should be in the same dir as this script.
44
45use CGI qw(:standard);
46
47# The path to the GhostScript executable, with escaped "/"s
48$GS = "\/usr\/bin\/gs";
49
50# Parameters to GhostScript to generate PDFs (trailing "-" means STDIN
51$PDFOptions = "-q -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sOutputFile=- -";
52
53
54# Get the cookie to set the defaults, if it's there...
55%pairs_hash = cookie('FreeCheck');
56
57# If it's not there, set minimum defaults so the main script won't bonk
58if (!%pairs_hash) {
59 %pairs_hash = ( "NumPages", "1",
60 "PrintCheckBody", "true",
61 "PrintMICRLine", "true",
62 "CheckNumber", "100");
63}
64
65# If we have no parameters passed, generate the initial page with default vals
66# Those defaults might be from a cookie (above) if one has been set.
67if (!param()) {
68 print header;
69 print start_html('FreeCheck Online'),
70 #"Cookie:",br,
71 #%pairs_hash,
72 h1('FreeCheck'),
73 "A free check printing utility",
74 br,
75 "Version 0.30",
76 br,
77 "Copyright (C) 2000 Eric Sandeen (sandeen-freecheck @ sandeen.net)",
78 hr,
79 "WARNING - unless you're brave, treat this application as a
80 proof-of-concept, rather than a useful utility. I have not
81 had a chance to test this stuff with a bank yet, and I'm also
82 a bit concerned about the accuracy during conversion to
83 PDF. Just don't go paying your rent with this yet, ok? :)",
84 hr,
85 start_form,
86 submit( -name=>"Submit",
87 -label=>" Get my checks! "),
88 h2('Check Information'),
89 h3('Account Holder Information'),
90
91 textfield( -name=>'Name1',
92 -default=>$pairs_hash{"Name1"},
93 -maxlength=>50),
94 " Name 1", br,
95
96 textfield( -name=>'Name2',
97 -default=>$pairs_hash{"Name2"},
98 -maxlength=>50),
99 " Name 2", br,
100
101 textfield( -name=>'Address1',
102 -default=>$pairs_hash{"Address1"},
103 -maxlength=>50),
104 " Address Line 1", br,
105
106 textfield( -name=>'Address2',
107 -default=>$pairs_hash{"Address2"},
108 -maxlength=>50),
109 " Address Line 2", br,
110
111 textfield( -name=>'CityStateZip',
112 -default=>$pairs_hash{"CityStateZip"},
113 -maxlength=>50),
114 " City, State, Zip", br,
115
116 textfield( -name=>'PhoneNumber',
117 -default=>$pairs_hash{"PhoneNumber"},
118 -maxlength=>50),
119 " Phone Number", br,
120
121 h3('MICR Line Information'),
122 "Pay close attention here - this is where you enter the MICR
123 line at the bottom of your check. For the following symbols,
124 use these characters:", p,
125
126 hr,
127 img {-src=>'/images/transit.gif'}, " = \"R\"", br,
128 img {-src=>'/images/onus.gif'}, " = \"P\"", br,
129 img {-src=>'/images/dash.gif'}, " = \"-\" (dash, or minus)", p,
130 "For spaces, enter \"S\"", p,
131 "For check numbers, enter a \"C\" for each check digit", p,
132 hr,
133
134 "Auxiliary On-Us field - Everything to the left of the leftmost ",
135 img {-src=>'/images/transit.gif'}, " symbol", br,
136 em("Don't forget to include trailing spaces (\"S\")!"), br,
137 "This field may not be present on personal checks", br,
138
139 textfield( -name=>'AuxOnUs',
140 -default=>$pairs_hash{"AuxOnUs"},
141 -maxlength=>50),
142
143 " Auxiliary On-Us field", p,
144
145 "Transit / Routing Field - 9 numbers between, and including, the ",
146 img {-src=>'/images/transit.gif'}, " symbols", br,
147
148 textfield( -name=>'Routing',
149 -default=>$pairs_hash{"Routing"},
150 -size=>11, -maxlength=>11),
151
152 " Routing Field", p,
153
154 "On-Us field - everything to the right of the rightmost ",
155 img {-src=>'/images/transit.gif'}, " symbol", br,
156 em("Don't forget to include leading spaces (\"S\")!"), br,
157
158 textfield( -name=>'OnUs',
159 -default=>$pairs_hash{"OnUs"},
160 -maxlength=>50),
161
162 " On-Us field", p,
163
164 textfield( -name=>'Fraction',
165 -default=>$pairs_hash{"Fraction"},
166 -maxlength=>50),
167
168 " Fraction (printed at top right of check)", br,
169
170 h3('Bank Information'),
171 textfield( -name=>'BankName',
172 -default=>$pairs_hash{"BankName"},
173 -maxlength=>50),
174 " Bank Name", br,
175
176 textfield( -name=>'BankAddr1',
177 -default=>$pairs_hash{"BankAddr1"},
178 -maxlength=>50),
179 " Bank Address1", br,
180
181 textfield( -name=>'BankAddr2',
182 -default=>$pairs_hash{"BankAddr2"},
183 -maxlength=>50),
184 " Bank Address 2", br,
185
186 textfield( -name=>'BankCityStateZip',
187 -default=>$pairs_hash{"BankCityStateZip"},
188 -maxlength=>50),
189 " Bank City, State, Zip", br,
190
191 h2('Printing Options'),
192 textfield( -name=>'CheckNumber',
193 -default=>$pairs_hash{"CheckNumber"},
194 -size=>10,
195 -maxlength=>10),
196 " Starting Check Number",
197 br,
198
199 "Select check style: ",
200 popup_menu( -name=>'CheckStyle',
201 -values=>['Normal','Quicken_Personal'],
202 -default=>$pairs_hash{"CheckStyle"}),
203 br,
204
205 "Select check blank: ",
206 popup_menu( -name=>'CheckType',
207 -values=>['MVG3001','MVG1000','MVD1001'],
208 -default=>$pairs_hash{"CheckType"},
209 -labels=>{ 'MVG3001'=>'VersaCheck MVG3001',
210 'MVG1000'=>'VersaCheck MVG1000',
211 'MVD1001'=>'VersaCheck MVD1001'}),
212 p,
213
214
215 checkbox( -name=>'PrintCheckBody',
216 -checked=>$pairs_hash{"PrintCheckBody"},
217 -value=>'true',
218 -label=>' Print Check Body'),
219 br,
220
221 checkbox( -name=>'PrintMICRLine',
222 -checked=>$pairs_hash{"PrintMICRLine"},
223 -value=>'true',
224 -label=>' Print MICR Line'),
225 br,
226
227 checkbox( -name=>'Test',
228 -checked=>$pairs_hash{"Test"},
229 -value=>'true',
230 -label=>' Print voided test checks'),
231 p,
232
233 "Select Output Format:",
234 br,
235 em("Be sure to de-select \"Fit to Page\" when printing PDFs"),
236 br,
237 em("To view PostScript correctly, you must have the
238 GnuMICR font installed locally"),
239 br,
240 radio_group( -name=>'OutputType',
241 -values=>['PDF', 'PostScript'],
242 -labels=>{'PDF'=>' PDF',
243 'PostScript'=>' PostScript'},
244 -default=>$pairs_hash{"OutputType"},
245 -linebreak=>'true'),
246 br,
247
248 "Number of Pages to Print: ",
249 textfield( -name=>'NumPages',
250 -default=>$pairs_hash{"NumPages"},
251 -size=>2,
252 -maxlength=>1),
253 p,
254
255 "Save information in a cookie?",
256 br,
257 em("Note: if you're security-paranoid, and you've entered real data,
258 this might not be a such a good idea at this point..."),
259 br,
260 radio_group( -name=>'Cookie',
261 -values=>['ClearCookie', 'SetCookie'],
262 -default=>$pairs_hash{"Cookie"},
263 -labels=>{'ClearCookie'=>' Don\'t set, or clear',
264 'SetCookie'=>' Set a cookie'},
265 -linebreak=>'true'),
266 br,
267 submit( -name=>"Submit",
268 -label=>" Get my checks! "),
269 end_form,
270 em("If Netscape wants to save \"freecheck.cgi\" just rename it to
271 \"mychecks.[pdf,ps]\" - I don't know why this happens"),
272 hr;
273 print end_html;
274}
275
276# If Submit button has been pressed , then process the values
277if (param("Submit")) {
278
279 # Get a hash of all the fields and their values
280 my @names = param();
281 $pairs_string = "";
282 foreach (@names) {
283 $name = $_;
284 $value = param($_);
285 #$pairs_string = $pairs_string . $_ . " $value\n";
286 $pairs_hash{$name} = $value;
287 }
288 # "Submit" is the only thing we don't want to store
289 delete $pairs_hash{"Submit"};
290
291 # Deal with the form elements that didn't go in the hash:
292 $CheckStyle = param("CheckStyle");
293 $CheckType = param("CheckType");
294
295 # For checkboxes, delete them from the hash/cookie if not checked
296 if ( param("PrintMICRLine") ne "true" ) {
297 $MICR = "--nomicr";
298 delete $pairs_hash{"PrintMICRLine"};
299 }
300
301 if ( param("PrintCheckBody") ne "true" ) {
302 $BODY = "--nobody";
303 delete $pairs_hash{"PrintCheckBody"};
304 }
305
306 if ( param("Test") eq "true") {
307 $TEST = "--test";
308 } else {
309 delete $pairs_hash{"Test"};
310 }
311
312 # Turn the hash into a string (this is a bit goofy, I guess...)
313 # We do it as a hash initially to make it easier to fill in the
314 # forms, above.
315 # This is what is passed to the check generation script
316
317 $pairs_string = "";
318 $NotDefs="Submit Cookie Test OutputType CheckStyle CheckType";
319 while ( ($name,$value) = each(%pairs_hash) ) {
320 unless ($NotDefs =~ /${name}/ ) {
321 $pairs_string = $pairs_string . "$name $value\n";
322 }
323 }
324
325 # Create the argument string
326 $arguments = "--checkstyle $CheckStyle --checktype $CheckType $MICR $BODY $TEST";
327
328 # This is where we should set the next check number to be printed,
329 # if we knew how many checks per page we had... any good way
330 # to do this....? For now, we'll just set things up semi-manually
331
332 %ChecksPerPage =
333 ("MVG3001", "3", "MVG1000", "1", "MVD1001", "1");
334
335 $NextCheckNumber = param("CheckNumber") +
336 param("NumPages") *
337 $ChecksPerPage{param("CheckType")};
338
339 $pairs_hash{"CheckNumber"} = $NextCheckNumber;
340
341 # Sanitize $pairs_string and $arguments
342 # Let's not go spawning any new shells (this is minimal security...)
343 # Also checks for SSI strings
344
345 # Look for SSI
346 if ($pairs_string =~ /\<\!--\#(.*)\s+(.*)\s?=\s?(.*)--\>/s) {
347 kill_input();
348 }
349
350 if ($arguments =~ /\<\!--\#(.*)\s+(.*)\s?=\s?(.*)--\>/s) {
351 kill_input();
352 }
353
354 # Look for shell metachars
355 if ($pairs_string =~ /[;><\*`\|]/s) {
356 kill_input();
357 }
358
359 if ($arguments =~ /[;><\*`\|]/s) {
360 kill_input();
361 }
362
363 if ( param("Cookie") eq "SetCookie" ) {
364 $cookie = cookie( -name=>'FreeCheck',
365 -value=>\%pairs_hash,
366 -expires=>'+6M',
367 -path=>script_name(),
368 -domain=>server_name());
369 } elsif ( param("Cookie") eq "ClearCookie" ) {
370 $cookie = cookie( -name=>'FreeCheck',
371 -value=>'',
372 -expires=>'+1m',
373 -path=>script_name(),
374 -domain=>server_name());
375 }
376
377 # Generate the actual output.
378 # The PDF thing might become an option in the main script
379 # soon...
380 ###########################################
381 # WARNING WARNING WARNING WARNING WARNING #
382 ###########################################
383 # THIS CODE EXECUTES AT LEAST ONE EXTERNAL PROGRAM, BASED ON
384 # STRINGS PASSED IN FROM THE FORM. A FEEBLE EFFORT HAS BEEN
385 # MADE TO SANITIZE THOSE STRINGS, BUT THERE COULD STILL BE
386 # A SECURITY RISK HERE. YOU HAVE BEEN WARNED
387
388 if (param("OutputType") eq "PDF") {
389 $PDFConvert = "\| $GS $PDFOptions";
390 }
391
392 #print (`.\/freecheck --cgi \"$pairs_string\" $arguments \| $GS $PDFConvert`);
393 # This is just the postscript result, or the error:
394 $Result = `.\/freecheck --cgi \"$pairs_string\" $arguments`;
395
396 if (length($Result) < 500 ) { # Anything this short is an error...
397 print header;
398 print start_html("We encountered an error...");
399 print h1("There are some errors on your form:");
400 # HTML-ify the result ( \n to <br> )
401 $Result =~ s/\n/<br>/gsm;
402 print $Result;
403 print br;
404 print "Press the Back button on your browser to fix them...";
405 print p;
406 print em("If you select \"Print voided test checks\" then
407 MICR consistency checking will not be performed");
408 print end_html;
409 exit;
410 }
411
412 # Otherwise, generate the apropriate header...
413 # And send the data
414 if (param("OutputType") eq "PDF") {
415 print header( -type=>'application/pdf',
416 -attachment=>'mychecks.pdf',
417 -cookie=>$cookie);
418
419 # This is bad... running the script a 2nd time... must be a better
420 # way. Like open(PDF, "|$GS $PDFConvert
421 #open (PDF, "| $PDFConvert");
422 #print PDF $Result;
423 #close(PDF);
424
425 print (`.\/freecheck --cgi \"$pairs_string\" $arguments \| $GS $PDFOptions`);
426 } else {
427 print header( -type=>'application/postscript',
428 -attachment=>'mychecks.ps',
429 -cookie=>$cookie);
430
431 print $Result;
432 }
433
434 exit;
435}
436
437sub kill_input {
438 print header;
439 print start_html("Problem with those strings...");
440 print "You seem to have some shell metacharacters in your ";
441 print "entered strings. Sorry, you can't do that...";
442 print p;
443 print "Please get those funky things out of your form, and try again";
444 print p;
445 print "You can hit the back button to go back to your form.";
446 print end_html;
447 exit;
448}
449

Built with git-ssb-web