#!/usr/bin/perl ######################## # # guestbook cgi application demo for web perl class # # The assignment was to do this both with and without CGI.pm; # this is the "fly-by-night roll-your-own" version - just to # see what's going on on under the hood. # # The point is three fold : # (a) to see how to use CGI.pm # (b) to get more practice writing a perl/cgi, including file I/O # (c) to see how form input/output is handled. # # To use this thing, just point your browser at it and follow the directions. # # Many of these strings have space converted to %20 and things like that, # with "URL encoding" : see for example # http://www.blooberry.com/indexdot/html/topics/urlencoding.htm # # This version is a mess : # I haven't tested it much, and don't recommend doing things this way. # It's just nice to be able to see what's going on under the hood. # # Note that the web server must be able to read/write # the guestbook file in this directory; # with the setuid scripts running in the /home/user/html/cgi/ directories, # that means everything (including the directory) should be set # to "chmod 755". Remember that incorrect permissions are the cause # of 4 out of 5 web script problems. Your mileage may vary. # # As it exists, here, this script is not particularly secure. # Can you see how to do any upleasant stuff with it? # # And there are some behaviors which aren't really the best - # in particular, once a user has given a username, they can't change it... # # Jim Mahoney # v0.1 Sep 27 2004 ######################## use strict; use warnings; #use CGI qw(:standard); #use CGI::Carp qw(fatalsToBrowser); my $title = "Jim's Other Guestbook"; my $filename = "./guestbook_data_two.txt"; my $cookiename = "jims_guestbook_cookie_two"; # Read and convert the cgi parameters by hand. (Ughh...) # The standard input string will look like this (using show_env.cgi) # username=Jim+Mahoney&data=When+in+the+course+of+human+events%2C+... my $stdin = <>; # any on standard input? my %params = split(/=|&/, $stdin); # split apart to hash on = and & chars my $new_entry = $params{data}; $new_entry =~ s/%20/ /g; # change %20 to space everywhere $new_entry =~ s/\+/ /g; # and change + to space everywhere # To do this right, we'd do a more thorough encoding conversion. # Grab the cookies from the environment, and parse 'em. (Ugghh...) # The string will look something like (using show-env.cgi to see it) # jims_guestbook_cookie_two=Jim # though with spaces in the name it'll get messier... my $cookiestring = $ENV{HTTP_COOKIE}; my %cookies = (); %cookies = split(/; |=/, $cookiestring) if $cookiestring; my $username = $cookies{$cookiename} || $params{username}; $username =~ s/ |%20/_/g; # Change spaces, %20's to underbars $username =~ s/\+/_/g; # same for + signs $username =~ s/\.//g; # and remove periods, if any. my $error_message = ''; if ($new_entry and not $username){ $error_message = q{ } . q{Please enter your name as well as a message.}; } output_to_file($new_entry, $username, $filename) if ($new_entry and $username); my $all_entries = read_from_file($filename); # print the HTTPD headers print "Set-cookie: $cookiename=$username; path=/\n"; print "Content-type: text/html\n\n"; # print the starting HTML stuff print qq{ $title

$title

$error_message }, html_page($all_entries, $username), qq{
} ; # Seeing what's going on : put this line for the
tag : # # == subroutines ===================================================== # Input: guestbook entries text # Output: a string with the HTML body of the guestbook page. # (Don't put the starting html or form stuff; we're using CGI.pm for that.) sub html_page { my ($guestbook_entries, $username) = @_; my $html; if ($username){ $html .= qq{ Hi $username, welcome back.
Would you like to leave another note?

}; } else { $html .= qq{

Enter your name and some text in the provided fields below.
Then just click the button...

Your name:

}; } $html .= qq{
Your words of wisdom :

}; $html .= $guestbook_entries if $guestbook_entries; $html .= qq{
Questions? Send some mail to Jim Mahoney (mahoney\@marlboro.ddu).
view source
}; return $html; } # Inputs: # text to append to the guestbook, # username of who's doing it, # filename where it'll be stored. # Sideffect: # appends an entry to the given file, # with a username, date, and a bit of formatting. # Output: # none sub output_to_file { my ($text, $username, $filename) = @_; open DATA, ">> $filename" or die "Oops - couldn't open '$filename' for writing"; print DATA qq{
$username on } . scalar(localtime()) . " writes
\n" . "
$text
\n" . "
\n" . "
"; close DATA } # Input: filename # Output: all text from the file as a single string sub read_from_file { my ($filename) = @_; return '' unless -e $filename; open DATA, "< $filename" or die "oops - couldn't open '$filename' for reading"; my @lines = ; return join('', @lines); }