PC User 2002 July

home *** CD-ROM | disk | FTP | other *** search

/ PC User 2002 July / Disc 1 / PCU0702CD1.iso / software / sfeflash / flies / en-us / ps_0 / regdb_order.cgi < prev next >

Wrap

Text File | 2002-05-17 | 14.9 KB | 615 lines

#!/usr/local/bin/perl # $external_prefix is the prefix to append to lockssl-on.gif and thankyou_url if necessary. # If you want to use "/files/lockssl-on.gif" and "/files/thankyou.html" then $external_prefix # must be set to '/files/' $external_prefix = ''; # valid referers @referers = ( '.*ordernav\.html', # standard '.*regdb_order\.cgi', # standard with custom payment fields '.*enter\.html', # these four are for IE 5.5 beta '.*index\.html', # which sends an incorrect HTTP_REFERER '.*default\.html', # header '.*home\.html', '.*customerdtl\.html', # should be unnecessary '.*deliverydtl\.html', # should be unnecessary ); @ERROR = (); @FC = (); %FORM = {}; %CONFIG = {}; $PARAM = ""; $HEADER_PRINTED = 0; &parse_form(); &check_referer() or &show_errors('bad_referer'); (&check_required() or &show_errors('missing_fields', @ERROR)) if not @ERROR; (&check_valid_cc() or &show_errors('invalid_cc', @ERROR)) if not @ERROR; (&check_valid() or &show_errors('Invalid data', @ERROR)) if not @ERROR; if ($FORM{'submit'} and not @ERROR) { &redirect_to_email(); exit; } else { &print_header() if (not $HEADER_PRINTED); &print_html() and ($HEADER_PRINTED); &print_footer() and ($HEADER_PRINTED); } sub URLencode { my ($str) = (@_); $str =~ s/([^a-zA-Z0-9_.-])/uc(sprintf("%%%02x",ord($1)))/eg; return $str; } sub redirect_to_email { print qq[Content-type: text/html\n\n<html]; ($CONFIG{'html_lang'}) and print qq[ lang="$CONFIG{'html_lang'}"]; ($CONFIG{'html_dir'}) and print qq[ dir="$CONFIG{'html_dir'}"]; print qq[> <head> ]; ($CONFIG{'http_charset'}) and print qq[<meta http-equiv="Content-Type" content="text/html" charset="$CONFIG{'http_charset'}">]; #xxx print qq[ <script language="javascript"> function document_onLoad() { document.orderForm.submit(); } </script> </head> <body onload="javascript:document_onLoad();" ].&body_attributes().qq[> <form name="orderForm" action="regdb_email.cgi" method="post"> ]; while (($key,$value) = each %CONFIG) { print qq[<input type="hidden" name="$key" value="$value">\n]; } while (($key,$value) = each %FORM) { next if ($key =~ /^fc\d|submit|HASH/); print qq[<input type="hidden" name="$key" value="$value">\n]; } print qq[ </form> </body> </html> ]; } sub print_header { print qq[Content-type: text/html\n\n<html]; ($CONFIG{'html_lang'}) and print qq[ lang="$CONFIG{'html_lang'}"]; ($CONFIG{'html_dir'}) and print qq[ dir="$CONFIG{'html_dir'}"]; print qq[> <head> ]; ($CONFIG{'http_charset'}) and print qq[<meta http-equiv="Content-Type" content="text/html" charset="$CONFIG{'http_charset'}">]; print qq[ </head> <body ].&body_attributes().qq[> ]; $HEADER_PRINTED = 1; } sub print_footer { print qq[</body></html>]; } sub print_html { print qq[ <center><img src="${external_prefix}lockssl-on.gif"></center><br> <center><p><b>$FORM{'ln_fill_in_order'}</b></p></center> <center> <form name="orderForm" method="post"> <table border="3" cellpadding="2" width="90%" bgcolor="$FORM{'doc_table_bgcolor'}"> ].&print_form_controls().qq[ </table> </center> ]; while (($key,$value) = each %CONFIG) { print qq[<input type="hidden" name="$key" value="$value">\n]; } while (($key,$value) = each %FORM) { next if ($key =~ /^field_|submit/); print qq[<input type="hidden" name="$key" value="$value">\n]; } print qq[ <p align="center"><input type="reset" value="$FORM{'ln_clear'}"> <input type="submit" name="submit" value="$FORM{'ln_next'}"></p> </form> ]; } sub check_referer { my $referer_ok = 0; if ($ENV{'HTTP_REFERER'}) { foreach my $referer (@referers) { if ($ENV{'HTTP_REFERER'} =~ /$referer/i) { $referer_ok = 1; last; } } } else { $referer_ok = 1; } return $referer_ok; } sub check_required { while (@ERROR) { pop(@ERROR); } foreach my $require (@REQUIRED) { if ($require eq 'bgcolor' || $require eq 'background' || $require eq 'text_color' || $require eq 'link_color' || $require eq 'alink_color' || $require eq 'vlink_color') { if (!($CONFIG{$require}) || $CONFIG{$require} eq ' ') { push(@ERROR, $require); } } elsif (!($FORM{$require}) || $FORM{$require} eq ' ') { push(@ERROR, $require); } } if ($FORM{'submit'}) { my $display_name; foreach my $fc (@FC) { if ($fc->{'isRequired'} && !$FORM{$fc->{'name'}}) { ($display_name = $fc->{'name'}) =~ s/^field_//; push(@ERROR, $display_name); } } } return ($#ERROR+1 ? 0 : 1); } sub odd { my ($n) = (@_); return ($n & 0x0001 ? 1 : 0); } sub validate_credit_card { my ($num) = (@_); $num =~ s/\D//g; my $valid = 0; my $len = length($num); if ($len < 12) { $valid = 0; } else { my $i, $x = 0, $y = 0; if (odd($len)) { for ($i = ($len-2); $i >= 0; --$i) { $y = (ord(substr($num, $i, 1)) - ord('0')); $y *= 2 if (odd($i)); $y = (($y - 10) + 1) if ($y >= 10); $x += $y; } } else { for ($i = ($len-2); $i >= 0; --$i) { $y = (ord(substr($num, $i, 1)) - ord('0')); $y *= 2 if (not odd($i)); $y = (($y - 10) + 1) if ($y >= 10); $x += $y; } } $x = (10 - ($x % 10)); $x = 0 if ($x == 10); if ($x == (ord(substr($num, $len-1, 1)) - ord('0'))) { $valid = substr($num, 0, 1); } else { $valid = 0; } } return $valid; } sub check_valid_cc { while (@ERROR) { pop(@ERROR); } if ($FORM{'submit'}) { foreach my $fc (@FC) { my @value = split(/, /, $FORM{$fc->{'name'}}); my $valid; foreach my $value (@value) { if (uc($fc->{'typeData'}) eq 'CREDITCARD') { $valid = &validate_credit_card($value); push(@ERROR, $fc->{'label'}) if (not $valid); } } } } return ($#ERROR+1 ? 0 : 1); } sub check_valid { while (@ERROR) { pop(@ERROR); } if ($FORM{'submit'}) { foreach my $fc (@FC) { my @value = split(/, /, $FORM{$fc->{'name'}}); my $valid; foreach my $value (@value) { SWITCH: for (uc($fc->{'typeData'})) { /TEXT/ && do { $valid = 1; last; }; /CREDITCARD/ && do { $valid = &validate_credit_card($value); last; }; /EMAIL/ && do { $valid = ($value =~ /^\w[\w._]+@\w+(\.\w+)+$/); last; }; /NUMBER/ && do { $valid = ($value =~ /^\d+$/); last; }; /PHONE/ && do { $valid = ($value =~ /^\+?\s*(($\d+(\s*-?\s*\d+)*$\s*-?\s*)|(\d+(\s*-?\s*\d+)*\s*-?\s*))+\s*$/); last; }; } push(@ERROR, $fc->{'label'}) if (not $valid); } } } return ($#ERROR+1 ? 0 : 1); } sub show_errors { my ($error, @error_fields) = @_; my (@fatal_error) = ('bad_referer', 'request_method'); &print_header() if (not $HEADER_PRINTED); SWITCH: for ($error) { /bad_referer/ && do { print qq[ <center><h1>$FORM{'ln_badreferer'}</h1></center> $FORM{'ln_badreferer_desc'} ]; last; }; /request_method/ && do { print qq[ <center><h1>Invalid Request Method</h1></center> <p>The Request Method of the submitted form did not match either GET or POST.</p> ]; last; }; /missing_fields/ && do { print qq[ <center><h1>$FORM{'ln_error_missing'}</h1></center> <p>$FORM{'ln_error_fields'}:</p> ]; print '<ul><li>'.join('<li>', @error_fields).'</ul>'; last; }; /invalid_cc/ && do { print qq[ <center><h1>$FORM{'ln_error_cc_invalid'}</h1></center> <p>$FORM{'ln_error_fields'}:</p> ]; print '<ul><li>'.join('<li>', @error_fields).'</ul>'; last; }; print qq[<center><h1>$FORM{'ln_error'}: $error</h1></center>]; print '<ul><li>'.join('<li>', @error_fields).'</ul>'; } if (grep(/$error/, @fatal_error)) { &print_footer(); exit; } } sub parse_form { my @pair; my $buffer; if ($ENV{'REQUEST_METHOD'} =~ 'GET') { $PARAM = $ENV{'QUERY_STRING'}; @pairs = split(/&/, $ENV{'QUERY_STRING'}); # Split the name-value pairs } elsif ($ENV{'REQUEST_METHOD'} =~ 'POST') { read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); # Get the input $PARAM = $buffer; @pairs = split(/&/, $buffer); # Split the name-value pairs } else { &show_errors('request_method'); } my $key, $value, $index, $fcName; my $choiceIndex, $choiceName; my @choice; foreach my $pair (@pairs) { ($name, $value) = split(/=/, $pair); # Split pair into name and value $name =~ tr/+/ /; # un-URL-encode the name $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $value =~ tr/+/ /; # un-URL-encode the value $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $value =~ s///g; # remove possible SSI directives from value if ($name =~ /^fc\d+.*/) { ($index) = ($name =~ /^fc(\d+).*/); ($fcName) = ($name =~ /^fc\d+(.*)/); ($value =~ /false/i) and $value = 0; ($value =~ /true/i) and $value = 1; if ( ($choiceIndex, $choiceName) = ($fcName =~ /^choices(\d+)(.*)/) ) { $choice[$index][$choiceIndex]{$choiceName} = $value; $FC[$index]{'choice'} = $choice[$index]; } else { if ($fcName eq 'name' and $value eq '') { $FORM{'submit'} = 'submit'; } else { $FC[$index]{$fcName} = ($fcName eq 'name' ? 'field_' : '').$value; } } } if ($name eq 'mail_encoding' || $name eq 'http_charset' || $name eq 'mail_charset' || $name eq 'html_lang' || $name eq 'html_dir' || $name eq 'bgcolor' || $name eq 'background' || $name eq 'text_color' || $name eq 'link_color' || $name eq 'alink_color' || $name eq 'vlink_color' && ($value)) { $CONFIG{$name} = $value; } else { if ($FORM{$name} && ($value)) { $FORM{$name} = "$FORM{$name}, $value"; } elsif ($value) { $FORM{$name} = $value; } } } # defaults if (!$FORM{'doc_table_text'}) { $FORM{'doc_table_text'} = "\#000000"; } if(!$FORM{'cc_expiry_years'}) { $FORM{'cc_expiry_years'} = "2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011"; } if(!$FORM{'ln_badreferer'}) { $FORM{'ln_badreferer'} = 'Bad Referrer - Access Denied'; } if(!$FORM{'ln_badreferer_desc'}) { $FORM{'ln_badreferer_desc'} = 'The URL of the form that is trying to use this CGI application is not in the list of valid referrers.'; } if(!$FORM{'ln_error_missing'}) { $FORM{'ln_error_missing'} = 'Missing Fields'; } if(!$FORM{'ln_error'}) { $FORM{'ln_error'} = 'Error'; } # set default mail charset if(!$CONFIG{'mail_charset'}) { $CONFIG{'mail_charset'} = $CONFIG{'http_charset'}; } } sub body_attributes { my $str; ($CONFIG{'background'} =~ /http\:\/\/.*\..*/) and $str .= qq[ background="$CONFIG{'background'}"]; ($CONFIG{'bgcolor'}) and $str .= qq[ bgcolor="$CONFIG{'bgcolor'}"]; ($CONFIG{'link_color'}) and $str .= qq[ link="$CONFIG{'link_color'}"]; ($CONFIG{'vlink_color'}) and $str .= qq[ vlink="$CONFIG{'vlink_color'}"]; ($CONFIG{'alink_color'}) and $str .= qq[ alink="$CONFIG{'alink_color'}"]; ($CONFIG{'text_color'}) and $str .= qq[ text="$CONFIG{'text_color'}"]; return $str; } sub print_form_controls { my $str; my $display_name; foreach my $fc (@FC) { ($display_name = $fc->{'name'}) =~ s/^field_//; if (uc($fc->{'typeForm'}) eq "HIDDEN") { $str .= get_form_control_HTML($fc); next; } $str .= qq[ <tr bgcolor="$FORM{'doc_table_bgcolor'}" valign="top"> <td align="right"> <font size=+1 color="$FORM{'doc_table_text'}"> ]; $str .= ($fc->{'isRequired'} ? '*' : ''); $str .= qq[ $display_name: </font> </td> <td align="left"> <font size=+1 color="$FORM{'doc_table_text'}"> ].&get_form_control_HTML($fc).qq[ </font> </td> </tr> ]; } return $str; } sub get_form_control_HTML { my ($fc) = (@_); my $str = ""; SWITCH: for (uc($fc->{'typeForm'})) { /^LABEL$/ && do { $str .= ($fc->{'name'} or $fc->{'choice'}[0]{'value'}); last; }; /^HIDDEN$/ && do { $str .= qq[<INPUT TYPE="hidden" NAME="$fc->{'name'}"]; $str .= qq[ VALUE="].($fc->{'label'} or $fc->{'choice'}[0]{'value'}).qq["]; $str .= qq[>]; last; }; /^TEXT$/ && do { $str .= qq[<INPUT TYPE="TEXT" NAME="$fc->{'name'}"]; ($fc->{'cols'} > 0) and $str .= qq[ SIZE="$fc->{'cols'}"]; ($fc->{'maxLength'} > 0) and $str .= qq[ MAXLENGTH="$fc->{'maxLength'}"]; $str .= qq[ VALUE="].($fc->{'label'} or $fc->{'choice'}[0]{'value'}).qq["]; $str .= qq[>]; last; }; /^TEXTAREA$/ && do { $str .= qq[<TEXTAREA WRAP="soft" NAME="$fc->{'name'}"]; ($fc->{'cols'} > 0) and $str .= qq[ COLS="$fc->{'cols'}"]; ($fc->{'rows'} > 0) and $str .= qq[ ROWS="$fc->{'rows'}"]; ($fc->{'maxLength'} > 0) and $str .= qq[ MAXLENGTH="$fc->{'maxLength'}" ONCHANGE="if (this.value.length > $fc->{'maxLength'}) this.value=this.value.substring(0,$fc->{'maxLength'});"]; $str .= qq[>]; $str .= ($fc->{'label'} or $fc->{'choice'}[0]{'value'}); $str .= qq[</TEXTAREA>]; last; }; /^CHECKBOX$|_CHECKBOX$/ && do { my @value = split(/, /, $FORM{$fc->{'name'}}); for my $choice (@{$fc->{'choice'}}) { $str .= qq[<INPUT TYPE="checkbox" NAME="$fc->{'name'}" VALUE="$choice->{'value'}"]; ($fc->{'label'} eq $choice->{'value'}) and $str .= qq[ CHECKED]; $str .= qq[>$choice->{'name'} <BR>]; } last; }; /^RADIO$|_RADIO$/ && do { for my $choice (@{$fc->{'choice'}}) { $str .= qq[<INPUT TYPE="radio" NAME="$fc->{'name'}" VALUE="$choice->{'value'}"]; ($fc->{'label'} eq $choice->{'value'}) and $str .= qq[ CHECKED]; $str .= qq[>$choice->{'name'} <br>]; } last; }; /^SELECT$|_COMBO$|_LISTBOX$/ && do { $str .= qq[<FONT SIZE="-1"><SELECT NAME="$fc->{'name'}"]; ($fc->{'rows'} > 0) and $str .= qq[ SIZE="$fc->{'rows'}"]; $str .= ($fc->{'isMultiChoice'} ? qq[ MULTIPLE>] : qq[>]); $str .= qq[ <OPTION VALUE=""></OPTION>]; if ($fc->{'isMultiChoice'}) { # deprecated. no facility to have multiple default values my @value = split(/, /, $FORM{$fc->{'name'}}); for my $choice (@{$fc->{'choice'}}) { $str .= qq[ <OPTION VALUE="$choice->{'value'}"]; ($fc->{'label'} eq $choice->{'value'}) and $str .= qq[ SELECTED]; $str .= qq[>$choice->{'name'}</OPTION>]; } } else { for my $choice (@{$fc->{'choice'}}) { $str .= qq[ <OPTION VALUE="$choice->{'value'}"]; ($fc->{'label'} eq $choice->{'value'}) and $str .= qq[ SELECTED]; $str .= qq[>$choice->{'name'} <br>]; } } $str .= qq[</SELECT></FONT>]; last; }; $str .= qq[<p>Unknown form control</p>]; } return($str); }