Listing 1: An HTML form,
order.html, used by the fictitious Yoyodyne Corp.
to collect order information via a graphical Web browser.
<TITLE>Yoyodyne Corp. Product Order Form</TITLE> <H1>Product Order</H1> <FORM ACTION="/cgi-bin/submit_order" METHOD="POST"> <UL> <LI> Name: <P> <INPUT NAME="name" SIZE=80> <P> <LI> Address:<P> <INPUT NAME="address" SIZE=80,3><P> <LI> Email Address:<P> <INPUT NAME="email" SIZE=50><P> <LI> Phone:<P> <INPUT NAME="phone" SIZE=30><P> </UL> <HR> Items to order: <P> <TEXTAREA NAME="items" ROWS=3 COLS=80></TEXTAREA> <P> Choose method of payment: <P> <SELECT NAME="payment"> <OPTION> Bill Me <OPTION> Visa <OPTION> American Express <OPTION> Personal Check <OPTION> Corporate Account </SELECT> <P> If using a corporate account, please enter your account number and authorization key: <P> <UL> <LI> Account Number<P> <INPUT NAME="account" SIZE=50><P> <LI> Authorization Key<P> <INPUT TYPE="password" NAME="key" SIZE=50><P> </UL> <INPUT NAME="cc" TYPE = "checkbox" VALUE = "true"> Click here to send a carbon-copy of your order to your email address (as specified above). <P> <HR> <INPUT TYPE = "submit" VALUE = "Submit Order"> <INPUT TYPE = "reset" VALUE = "Clear Form"> <P> </FORM>Listing 2: The CGI program,
submit_order,
specified in order.html.
#!/usr/bin/perl
# Patrick Ryan (patrick.m.ryan@bell-atl.com)
eval "exec /usr/bin/perl -S $0 $*" if $running_under_some_shell;
# extra include directories
push(@INC,'/app/people/guide/GUIDE/server/WWW/httpd_1.1/cgi-bin');
require 'ctime.pl';
require 'cgi-lib.pl';
chop($now = &ctime(time()));
# Read in everything from httpd.
&ReadParse;
# Send the initial info back to the server.
print &PrintHeader;
print "<TITLE>Results of Your Order Submission</TITLE>\n";
unless ($in{'name'}) {
print "You must include your name in any order.<P>";
exit 0;
}
if ($in{'cc'} && !$in{'email'}) {
print <<_EOT_;
You asked for a carbon copy of your order but did not include your
email address. Please add your address and resubmit your order.<P>
_EOT_
exit 0;
}
# Open up temporary file for ordering system
$order_file = "/tmp/order.$$";
open(ORDER,">$order_file");
print ORDER <<_EOT_;
NAME: $in{'name'}
ADDRESS:
$in{'address'}
PHONE: $in{'phone'}
EMAIL: $in{'email'}
PAYMENT: $in{'payment'}
ACCOUNT: $in{'account'}
AUTHORIZATION: $in{'key'}
_EOT_
print ORDER "ITEMS:\n";
$n=0;
foreach(split(/\n/,$in{'items'}))
{ ++$n; printf ORDER "%3d\t%s\n",$n,$_; }
print ORDER "RECEIVED: $now\n";
print ORDER "\n";
print ORDER <<_EOT_;
REMOTE: $ENV{'REMOTE_HOST'}
_EOT_
print ORDER "\n";
close ORDER;
# Send the order to the Processing database
$cmd = "/usr/local/bin/process_order $order_file";
system $cmd;
# If requested, send the user a copy of the order.
if ($in{'cc'} && $in{'email'})
{
@addresses=($in{'email'});
$to = join(' ',@addresses);
# Escape any suspicious characters
$to=&protect($to);
$mail_cmd = "/bin/mail";
$cmd = "$mail_cmd $to";
unless (open(MAIL,"| $cmd")) {
print <<_EOT_;
An error occurred while trying to submit your order. Please contact
root@yoyodyne.com.<P>
_EOT_
exit 0;
}
print MAIL "\n";
open(ORDER,"<$order_file");
while (<ORDER>)
{ print MAIL $_; }
print MAIL "\n";
close MAIL;
close ORDER;
}
print <<_EOT_;
Thank you. Your order was received at $now and has been sent to
the Processing Department.<P>
_EOT_
unlink($order_file);
exit 0;
sub protect
# Quotify characters which are special to the shell
{
local($_)=@_;
s!([;:&\$'`|()])!\\$1!g; # Use backslash to escape metacharacters
$_;
}
Listing 3: Test script cgi_test.
#!/usr/bin/perl # # CGI script to process Software Modification Requests (SMRs) # patrick.m.ryan@bell-atl.com (patrick m. ryan) # eval "exec /usr/bin/perl -S $0 $*" if $running_under_some_shell; # extra include directories push(@INC,'/app/people/guide/GUIDE/server/WWW/httpd_1.1/cgi-bin'); push(@INC,'/app/people/ryan/perl'); require 'cgi-lib.pl'; require 'date.pl'; $now = &date(time()-(4*3600)); select STDOUT; $|=1; # Suck in everything from httpd. &ReadParse; print &PrintHeader; print "<TITLE>CGI test</TITLE>\n"; print &PrintVariables(%in); print &PrintVariables(%ENV); exit 0;