src/hg/hgUserSuggestion/hgUserSuggestion.c b357fdb3711550e750d419d4b1ba74eb77539d55

b357fdb3711550e750d419d4b1ba74eb77539d55
chinhli
  Thu Jun 13 10:53:15 2013 -0700
Check email format at server side, add vertical space between text box.
diff --git src/hg/hgUserSuggestion/hgUserSuggestion.c src/hg/hgUserSuggestion/hgUserSuggestion.c
index bacdcec..a7264a6 100644
--- src/hg/hgUserSuggestion/hgUserSuggestion.c
+++ src/hg/hgUserSuggestion/hgUserSuggestion.c
@@ -70,62 +70,114 @@
 {
 return cloneString(cfgOption(CFG_SUGGEST_BROWSER_NAME));
 }
 
 static char *now()
 /* Return a mysql-formatted time like "2008-05-19 15:33:34". */
 {
 char nowBuf[256];
 time_t curtime;
 curtime = time (NULL); 
 struct tm *theTime = localtime(&curtime);
 strftime(nowBuf, sizeof nowBuf, "%Y-%m-%d %H:%M:%S", theTime);
 return cloneString(nowBuf);
 }
 
+int spc_email_isvalid(const char *address) {
+/* Check the format of an email address syntactically. Return 1 if
+ * valid, else 0 */
+/* Code copied from the book: 
+"Secure Programming Cookbook for C and C++"
+By: John Viega; Matt Messier
+Publisher: O'Reilly Media, Inc.
+Pub. Date: July 14, 2003
+Print ISBN-13: 978-0-596-00394-4
+*/
+int  count = 0;
+const char *c, *domain;
+static char *rfc822_specials = "()<>@,;:\\\"[]";
+
+/* first we validate the name portion (name@domain) */
+for (c = address;  *c;  c++)
+    {
+    if (*c == '\"' && (c == address || *(c - 1) == '.' || *(c - 1) ==  '\"'))
+        {
+        while (*++c)
+            {
+            if (*c == '\"') break;
+            if (*c == '\\' && (*++c == ' ')) continue;
+            if (*c <= ' ' || *c >= 127) return 0;
+            }
+         if (!*c++) return 0;
+         if (*c == '@') break;
+         if (*c != '.') return 0;
+         continue;
+        }
+    if (*c == '@') break;
+    if (*c <= ' ' || *c >= 127) return 0;
+    if (strchr(rfc822_specials, *c)) return 0;
+    }
+if (c == address || *(c - 1) == '.') return 0;
+
+/* next we validate the domain portion (name@domain) */
+if (!*(domain = ++c)) return 0;
+do
+    {
+    if (*c == '.')
+        {
+        if (c == domain || *(c - 1) == '.') return 0;
+        count++;
+        }
+    if (*c <= ' ' || *c >= 127) return 0;
+    if (strchr(rfc822_specials, *c)) return 0;
+    } while (*++c);
+
+return (count >= 1);
+}
+
 
 /* javascript functions */
 void printMainForm()
 /* Create the main suggestion form */
 {
 hPrintf(
     "     <FORM ACTION=\"../cgi-bin/hgUserSuggestion?do.suggestSendMail=1\" METHOD=\"POST\" ENCTYPE=\"multipart/form-data\" NAME=\"mainForm\" onLoad=\"document.forms.mainForm.name.focus()\">\n");
 hPrintf(
     "<H2>User Suggestion Form</H2>\n"
     "<P>If you have ideas about how we can improve the value of the Genome Browser to your research, "
     "we'd like to hear from you. Please provide a concise description below. "
     "A copy of the suggestion will be sent to your email address along with a reference number. "
-    "You may follow up on the status of your request at any time by <a href=\"../contacts.html#followup\">contact</a> us quoting the reference number.</P>");
+    "You may follow up on the status of your request at any time by <a href=\"../contacts.html#followup\">contacting us</a> and quoting the reference number.</P>");
 hPrintf("<P>Please note: this form is not the proper place to submit questions regarding browser use or bug reports. Use the links on our contact page instead.</P>");
 hPrintf("<HR><BR>"); 
 hPrintf(
     "      <div id=\"suggest\">  \n"
-    "       <label for=\"name\">Your Name:</label><input type=\"text\" name=\"suggestName\" id=\"name\" size=\"50\" /><BR>\n"
-    "       <label for=\"email\">Your Email:</label><input type=\"text\" name=\"suggestEmail\" id=\"email\" size=\"50\" /><BR>   \n"
+    "       <label for=\"name\">Your Name:</label><input type=\"text\" name=\"suggestName\" id=\"name\" size=\"50\" /><BR><BR>\n"
+    "       <label for=\"email\">Your Email:</label><input type=\"text\" name=\"suggestEmail\" id=\"email\" size=\"50\" /><BR><BR>\n"
     "       <label for=\"confirmEmail\">Re-enter Your Email:</label><input type=\"text\" \n"
-    "          name=\"suggestCfmEmail\" id=\"cfmemail\" size=\"50\" /><BR>   \n");
+    "          name=\"suggestCfmEmail\" id=\"cfmemail\" size=\"50\" /><BR><BR>\n");
 hPrintf(
     "       <label for=\"category\">Category:</label><select name=\"suggestCategory\" id=\"category\">\n"
     "         <option selected>Tracks</option> \n"
     "         <option>Genome Assemblies</option>\n"
     "         <option>Browser Tools</option>\n"
     "         <option>Command-line Utilities</option>\n"
     "         <option>Others</option>\n"
-    "         </select><BR>\n");
+    "         </select><BR><BR>\n");
 hPrintf(
-    "       <label for=\"summary\">Summary:</label><input type=\"text\" name=\"suggestSummary\" id=\"summary\" size=\"50\" /><BR>\n"
-    "       <label for=\"details\">Details:</label><BR><textarea name=\"suggestDetails\" id=\"details\" cols=\"100\" rows=\"10\"></textarea><BR>  \n"
+    "       <label for=\"summary\">Summary:</label><input type=\"text\" name=\"suggestSummary\" id=\"summary\" size=\"50\" /><BR><BR>\n"
+    "       <label for=\"details\">Details:</label><BR><textarea name=\"suggestDetails\" id=\"details\" cols=\"100\" rows=\"10\"></textarea><BR><BR>\n"
     "     </div>\n");
 hPrintf(
     "         <p>\n"
     "           <label for=\"code\">Enter the following value below: <span id=\"txtCaptchaDiv\" style=\"color:#F00\"></span><BR> \n"
     "           <input type=\"hidden\" id=\"txtCaptcha\" /></label>\n"
     "           <input type=\"text\" name=\"txtInput\" id=\"txtInput\" size=\"30\" />\n"
     "         </p>\n");
 hPrintf(
     "      <div class=\"formControls\">\n"
     "        <input id=\"sendButton\" type=\"button\" value=\"Send\" onclick=\"submitform()\"/> \n"
     "        <input type=\"reset\" name=\"suggestClear\" value=\"Clear\" class=\"largeButton\"> \n"
     "      </div>\n"
     "      \n"
     "     </FORM>\n\n");
 }
@@ -255,45 +307,57 @@
     "        {\n"
     "          document.forms[\"mainForm\"].submit();\n"
     "        }\n"
     "     }\n"
     "     </script>\n\n");
 }
 
 void printSuggestionConfirmed(char *summary, char * refID, char *userAddr, char *adminAddr, char *details)
 /* display suggestion confirm page */
 {
 hPrintf(
     "<h2>Thank you for your suggestion!</h2>");
 hPrintf(
     "<p>"
     "You may follow up on the status of your request at any time by "
-    "<a href=\"../contacts.html#followup\">contact</a> us quoting your reference number:<BR><BR>%s<BR><BR>"
+    "<a href=\"../contacts.html#followup\">contacting us</a> and quoting your reference number:<BR><BR>%s<BR><BR>"
     "A copy of this information has also been sent to you at %s.<BR></p>",
      refID, userAddr); 
 hPrintf(
     "<p><a href=\"hgUserSuggestion\">Click here if you wish to make additional suggestions.</a></p>");
 hPrintf(
     "<p>"
     "<B>Your suggestion summary:</B><BR>"
     "%s<BR>"
     "<B>Your suggestion details:</B><BR>"
     "<pre>%s</pre>"
     "</p>",
     summary, details);
 } 
 
+void printInvalidEmailAddr(char *invalidEmailAddr)
+/* display suggestion confirm page */
+{
+hPrintf(
+    "<h2>Invalid email address format.</h2>");
+hPrintf(
+    "<p>"
+    "The email address \"%s\" is invalid. Please correct it and "
+    "<a href=\"javascript: history.go(-1)\">submit</a> again.</p>",
+    invalidEmailAddr);
+}
+
 void sendSuggestionBack(char *sName, char *sEmail, char *sCategory, char *sSummary, char *sDetails, char *suggestID)
 /* send back the suggestion */
 {
 /* parameters from hg.cong */
 char *mailTo = mailToAddr();
 char *mailFrom=mailFromAddr();
 char *filter=filterKeyword();
 char subject[256];
 char msg[4096]; /* need to make larger */
 safef(msg, sizeof(msg),
     "SuggestionID:: %s\nUserName:: %s\nUserEmail:: %s\nCategory:: %s\nSummary:: %s\n\n\nDetails::\n%s",
     suggestID, sName, sEmail, sCategory, sSummary, sDetails);
 
 safef(subject, sizeof(subject),"%s %s", filter, suggestID);   
 int result;
@@ -337,36 +401,43 @@
 {
 /* parameters from hg.cong */
 char *filter=filterKeyword();
 
 /* values from cart */
 char *sName=cartUsualString(cart,"suggestName","");
 char *sEmail=cartUsualString(cart,"suggestEmail","");
 char *sCategory=cartUsualString(cart,"suggestCategory","");
 char *sSummary=cartUsualString(cart,"suggestSummary","");
 char *sDetails=cartUsualString(cart,"suggestDetails","");
 
 char suggestID[256];
 safef(suggestID, sizeof(suggestID),"%s %s", sEmail, now());
 char subject[256];
 safef(subject, sizeof(subject),"%s %s", filter, suggestID);
+/* Send back suggestion only with valid user email address */
+if (spc_email_isvalid(sEmail) != 0)
+{
 /* send back the suggestion */
 sendSuggestionBack(sName, sEmail, sCategory, sSummary, sDetails, suggestID);
 /* send confirmation mail to user */
 sendConfirmMail(sEmail,suggestID, sSummary, sDetails);
 /* display confirmation page */
 printSuggestionConfirmed(sSummary, suggestID, sEmail, mailReturnAddr(), sDetails);
+} else {
+    /* save all field value in cart */
+     printInvalidEmailAddr(sEmail);
+}
 cartRemove(cart, "do.suggestSendMail");
 }
 
 void doMiddle(struct cart *theCart)
 /* Write header and body of html page. */
 {
 char *db, *organism;
 cart = theCart;
 getDbAndGenome(cart, &db, &organism, oldVars);
 cartWebStart(theCart, db, "User Suggestion");
 checkHgConfForSuggestion();
 if (cartVarExists(cart, "do.suggestSendMail"))
     {
     submitSuggestion();
     cartRemove(cart, "do.suggestSendMail");