Switching from cgiemail to tmail.pl

tmail.pl is very close to being plug & play compatible with
cgiemail, but there are definitely differences that you'll need
to know about not only to make it work, but some small changes
you'll need to make to keep your form secure.

tmail.pl goes in the cgi-bin directory, and needs execute permission.

in the html page that has the form, change:

    <FORM METHOD="POST" ACTION="/cgi-bin/cgiemail/sometemplate.txt">

to:

    <FORM METHOD="POST" ACTION="/cgi-bin/tmail.pl">
    <INPUT NAME="template" TYPE="hidden" VALUE="sometemplate.txt">

In addition, any parameter names that have spaces need to be
renamed to no longer have them in both the HTML and template.

That's it for the HTML.

The template should be placed or moved into the cgi-bin
directory. Among other things, that keeps the naked template
from being visible to the outside world.

In the template make the following changes:

- Any parameter that is expected to be an email address should
  be prefixed with an "@". For example:
  
    To: [required-name] <[required-email]>
  
  becomes:

    To: [required-name] <[@required-email]>
    
  This will perform email address validity checking on the
  parameter when the form is processed.

  If a variable is used more than once, it really need only be
  error checked once - additional instances of its use may be
  unchecked (i.e. [required-email]).

- Any other parameter in the email header portion of the
  template that is not an environment variable (i.e. does not
  begin with "$"), should be prefixed with "!". For example:

    To: [required-name] <[@required-email]>

  becomes:
  
    To: [!required-name] <[@required-email]>

  This checks for illegal characters when the form is processed.
  
  If a variable is used more than once, it really need only be
  error checked once - additional instances of its use may be
  unchecked (i.e. [required-name]).

  You MAY do this in areas beyond the header, but probably
  don't want to. Among other things, multi-line text box
  entries would be considered "invalid" when you probably
  actually want them.
  
- Any parameter that is optional (i.e. may or may not be
  specified in the form - typically unslected radio buttons)
  must be prefixed with "#". Optional parameters are NOT
  error checked, and thus should not be used in the mail
  header. ALL other paramters referenced in the template MUST be
  defined in the HTML FORM.
  
Note that square brackets cannot be used in the form for
anything other than parameter substitution.

A FINAL WARNING: you can still write an insecure template! The
rule of thumb is that EVERY paramter substitution in the email
header should have a "$", "@" or "!". An unprefixed or optional
substitution is unchecked by the script, and if used in the
email header leaves you open to potential hacking.