#!/usr/bin/perl -w # # print "Content-type: text/html\n\n"; print "\n"; # # &VerifyForm(); &ParseForm(); # Returned from the script offer.cgi second time if no cookie set. #if ( $queryString{"Cookie"} > 0 ) { if ($queryString{"Cookie"}){ &Get_Cookie(); } &Submit_Form(); exit(0); # # # # sub Submit_Form{ print < function setcookie(name,value,duration){ cookiestring=name+"="+escape(value)+";EXPIRES="+getexpiredate(duration); document.cookie=name+"="+escape(value)+";EXPIRES="+getexpiredate(duration); getcookie(name); } function getcookie(cookiename) { var cookiestring=""+document.cookie; var index1=cookiestring.indexOf(cookiename); if (index1==-1 || cookiename=="") { document.writeCookie.Cookie.value=1; document.writeCookie.submit(); return;} // var index2=cookiestring.indexOf(';',index1); if (index2==-1) index2=cookiestring.length; document.getQuery.UserId.value=unescape(cookiestring.substring(index1+cookiename.length+1,index2)); document.getQuery.submit(); //return unescape(cookiestring.substring(index1+cookiename.length+1,index2)); } function getexpiredate( nodays){ var UTCstring; Today = new Date(); nomilli=Date.parse(Today); Today.setTime(nomilli+nodays*24*60*60*1000); UTCstring = Today.toUTCString(); return UTCstring; } HTML ; # # Return from no cookie set, now setting a cookie if ( $queryString{"Cookie"} > 0 ) { print ""; } else { print ""; print "
"; foreach $name (keys(%queryString)) { print "\n"; } print "
"; } print "
"; foreach $name (keys(%queryString)) { print "\n"; } # print "
"; } ########################################################### sub Get_Cookie { use DBI; my $dbh = DBI->connect('DBI:mysql:eStore:localhost:3306', 'andyy', 'hammond') or die "Couldn't connect to database: " . DBI->errstr; $userIP = $ENV{"REMOTE_ADDR"}; $userBrowser= $ENV{"HTTP_USER_AGENT"}; my $Cookie = "INSERT INTO cookie (cod_cookie,http_remote_address,cod_browser_info) VALUES (0,'$userIP','$userBrowser');"; my $sth = $dbh->prepare($Cookie) or die "Couldn't prepare statement: " . $dbh->errstr; $sth->execute() or die "Couldn't execute statement: " . $sth->errstr; my $getCookie = "SELECT LAST_INSERT_ID() from cookie"; $sth = $dbh->prepare($getCookie) or die "Couldn't prepare statement: " . $dbh->errstr; $i=0; my @data; $sth->execute() or die "Couldn't execute statement: " . $sth->errstr; while (@data = $sth->fetchrow_array()) { $userId = $data[0]; } } # sub VerifyForm { local($bad, $contentType, $result); $contentType = $ENV{"CONTENT_TYPE"} ; if ($contentType ne "application/x-www-form-urlencoded") { $bad = 1; } $requestMethod = $ENV{"REQUEST_METHOD"} ; } # sub ParseForm { local($bad, $contentType, $result); $contentType = $ENV{"CONTENT_TYPE"} ; if ($contentType ne "application/x-www-form-urlencoded") { $bad = 1; } $requestMethod = $ENV{"REQUEST_METHOD"} ; %queryString = (); # If this is a post #$queryString{"Cookie"}=0; if ( $requestMethod eq "POST" ) { local ($fields, $name, $value, $Edata); read(STDIN, $Edata, $ENV{"CONTENT_LENGTH"}) ; @fields = split(/&/, $Edata); foreach $item (@fields) { ($name, $value) = split(/=/, $item ); $name = &UnescapeString($name); $value = &UnescapeString($value); $queryString{$name} = $value; } } else { # If this is a get $tmpStr = $ENV{ "QUERY_STRING" }; @parts = split( /\&/, $tmpStr ); foreach $part (@parts) { ( $name, $value ) = split( /\=/, $part ); $queryString{"$name"} = $value; } } } # sub EmailString { local($fields, $name, $value, $node, $com); ($name, $value) = split(/\@/, $values{"QYEMAIL"}); ($node, $com) = split(/\./, $value); if ((! $node) || (! $com)) { print ""; print "

"; print "The e-mail address you supplied is incorrect.

"; print "Please use the back button and verify that it is "; print "correct.
"; print ""; exit 0; } } sub UnescapeString { local($s) = $_[0]; local($pos, $ascii); $s =~ s/\+/ /g; $pos = 0; while (($pos = index($s, "%", $pos)) != -1) { $ascii = hex(substr($s, $pos + 1, 2)); substr($s, $pos, 3) = pack ("c", $ascii); } $s; }