Phoenix.pm: Damn Cookies

EdelSys Consulting edelsys at edelsys.com
Mon Aug 9 01:21:36 CDT 1999


At 10:16 PM 8/8/99 -0700, you wrote:
>
>OK, I am going crazy. I have been trying all day to get a very easy script
>to work and it won't. The basic idea is just writing a cookie. I have
>tried it in the perlscript itself, and then, in desperation, commented out
>the perl cookie stuff and tried javascript. Everytime I check the cookie
>file, I get zilch. I try to call the cookie for the info and I get the
>name value, followed by a print "Content-type:text/html\n\n";
>

Here is a little cookie.cgi that I always keep around for reference:
Notice that I don't have the -T switch turned on, although I include
an untaint subroutine.  You should always untaint incoming data, from
the environment, from files, from any external data source, before using
it.

-----

#!/usr/bin/perl -w

use strict;
package cookie;

;# *=== cookie variables ===*

my $cookie        = "this is cookie text";
my $cookiedomain  = ".edelsys.com";
my $cookieexpires = "Friday, 31-Dec-99 23:59:59 GMT";

;# *=== get cookie ===*

my $HTTP_COOKIE = '';
   $HTTP_COOKIE = $ENV{'HTTP_COOKIE'} if ( defined($ENV{'HTTP_COOKIE'})  );
   
   $HTTP_COOKIE = ''                  if ( ! defined($HTTP_COOKIE) );
   $HTTP_COOKIE = &decode($HTTP_COOKIE);

;# *=== prepare for html output ===*

$| = 1;
print("Content-type: text/html\n");

;# *=== set cookie ===*

$cookie = &encode($cookie);

print("Set-Cookie: cookie=$cookie; expires=$cookieexpires
domain=$cookiedomain\n");

print("\n");

;# *=== display retrieved cookie ===*

print <<EOP;

<html>
<body>

Cookie = $HTTP_COOKIE

</body>
</html>

EOP

;# *=== ttfn ===*

exit(0);

;# *=== untaint arg ===*

sub untaint

{ my($taint)=@_;

  my $untaint =  $taint;

  $untaint    =~ s/\+/ /g;
  $untaint    =~ s/\;//g;
  $untaint    =~ s/\&//g;
  $untaint    =~ s/\|//g;
  $untaint    =~ s/\>//g;
  $untaint    =~ s/\<//g;
  $untaint    =~ s/\?//g;
  $untaint    =~ s/\]//g;
  $untaint    =~ s/\[//g;
  $untaint    =~ s/\'//g;

  $untaint    =~ /^(.*)$/s;
  $untaint    = $1;

  return($untaint); }

;# *=== decode form data ===*

sub decode

{ my($in) = @_;
  my($ot) = ('');
  $ot = $in;
  $ot =~ s/\+/ /g;
  $ot =~ s/\%/\\x/g;
  $ot =~ s/\@/\\@/g;
  eval("\$ot = \"$ot\"");
  return($ot); }

;# *=== encode form data ===*

sub encode

{ my($in) = @_;
  my $ot  = '';
  my $c   = '';
  my $h   = '';

  foreach $c ( split('',$in) )

  {    if($c eq ' ')    { $ot .= '+'; }
    elsif($c =~ /^\w$/) { $ot .= $c;  }

    else

    { $h   = sprintf("%lx",ord($c));
      $h   = "0$h" if ( length($h)==1 );
      $h   = "%$h";
      $ot .= $h; }
  }

  return($ot); }

-----

Tony

>I just want to make a damn cookie and add info to it. What am I doing
>wrong?
>
>
>Here is my kludge:
>
>#!/usr/bin/perl
>
>
>$method = $ENV{'REQUEST_METHOD'};
>
>if ($method eq "GET") {
>         $buffer = $ENV{'QUERY_STRING'};
>        }
>else {
>        read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
>        }
>
>@pairs = split(/&/, $buffer);
>
>foreach $pair (@pairs)
>{
>    ($name, $value) = split(/=/, $pair);
>    $value =~ tr/+/ /;
>    $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
>
>     $FORM{$name} = $value;
>}
>
>
>$cookiestuff = $ENV{'HTTP_COOKIE'};
>
>$phase = $FORM{'phase'};
>$visitor = $FORM{'visitor'};
>$item = $FORM{'item'};
>
>$phase = "new" unless $phase;
>
>$expires = "Tuesday, 10-August-1999 06:55:00 GMT";
>
>$path = "/web/glen/shop";
>$cgipath = "/web/cgi-bin/glen/shop";
>$hostdomain = ".azfamily.com";
>$date = `date +"%Y%m%d %T"`;
>chomp $date;
>
>&confirm if ($phase eq "ordering");
>&finished if ($phase eq "confirmed");
>
>
># Set cookie
>
>print "Set-Cookie:VISITOR=$visitor; expires=$expires; path=$cgipath;
>domain=$hostdomain"||&error;
>#print "Set-Cookie:VISITOR=glen; path=/web/cgi-bin/glen/shop;
>domain=.azfamily.com"||&error;
>
>#print form
>
>print "Content-type:text/html\n\n";
>
>&header;
>
>
>print "<BR>$phase<BR>";
>
>print <<ORDERFORM;
>
><P><B>$date</B></P>
>
><P>
><BIG>Welcome to Sticky Widgets, Inc.</BIG><BR>
>Please enter your name and select the kind of widget you want:
></P>
>
><FORM ACTION="http://www.azfamily.com/cgi-bin/glen/shop/shoptest.pl"
>METHOD="post">
>
><INPUT TYPE="hidden" NAME="phase" VALUE="ordering">
>
><P>
>Name: <INPUT TYPE="text" NAME="visitor" SIZE="12" MAXLENGTH="24">
></P>
>
><P>
><INPUT TYPE="radio" NAME="item" VALUE="001">Widget Type 1<BR>
><INPUT TYPE="radio" NAME="item" VALUE="002">Widget Type 2<BR>
><INPUT TYPE="radio" NAME="item" VALUE="003">Widget Type 3<BR>
><INPUT TYPE="radio" NAME="item" VALUE="004">Widget Type 4<BR>
></P>
>
><P>
><INPUT TYPE="submit" VALUE="Submit this Form">
></P>
>
>
></FORM>
>
>ORDERFORM
>
>&footer;
>
>exit;
>
>
>###############
># subroutines #
>###############
>sub confirm{
>
># print "Set-Cookie:WIDGET=$item; VISITOR=$visitor\n";
>
>print "Content-type:text/html\n\n";
>print <<CONFIRM;
><HTML>
><HEAD>
>
><TITLE>Shop At Joe's</TITLE>
>
><SCRIPT LANGUAGE="JavaScript">
> document.cookie="VISITOR=glen; expires=Monday, 09-August-1999 06:55:00
>GMT; path=/web/cgi-bin/glen/shop; domain=.azfamily.com;
> </SCRIPT>
>
>
></HEAD>
>
><BODY TEXT="#000000" LINK="#003366" VLINK="#990000" ALINK="#FFFFFF"
>BGCOLOR="#FFFFFF">
>
><P>
><BIG>Yes, we got the order</BIG>
></P>
>
><P>
>You wanted to order a type $item Widget.
></P>
>
><FORM ACTION="http://www.azfamily.com/cgi-bin/glen/shop/shoptest.pl"
>METHOD="post">
>
><INPUT TYPE="hidden" NAME="phase" VALUE="confirmed">
>
><P>
><INPUT TYPE="submit" VALUE="Yes, this is my order.">
></P>
>
>
></FORM>
>
>
></BODY>
></HTML>
>
>CONFIRM
>exit;
>}
>
>sub finished{
>
># print "Set-Cookie: WIDGET=$item";
>
>print "Content-type:text/html\n\n";
>print <<FINISHED;
><HTML>
><HEAD>
>
><TITLE>Shop At Joe's</TITLE>
>
></HEAD>
>
><BODY TEXT="#000000" LINK="#003366" VLINK="#990000" ALINK="#FFFFFF"
>BGCOLOR="#FFFFFF">
>
><P>
>Finished. 
></P>
>
><P>
>$cookiestuff
></P>
>
><P>
>Thank you for your order. 
></P>
>
></BODY>
></HTML>
>
>FINISHED
>exit;
>}
>
>sub header{
>print <<HEADER;
><HTML>
><HEAD>
>
><TITLE>Shop At Joe's</TITLE>
>
></HEAD>
>
><BODY TEXT="#000000" LINK="#003366" VLINK="#990000" ALINK="#FFFFFF"
>BGCOLOR="#FFFFFF">
>
>HEADER
>}
>
>sub footer{
>
>print <<FOOTER;
>
></BODY>
></HTML>
>FOOTER
>}
>sub error{
>
>print "Content-type:text/html\n\n";
>print " Could not bake a cookie. :(";
>exit;
>
>}
>
>
>---------------------------------------------------------------------------
----
>Glen G. Walker,  coyotl at primenet.com
>www.primenet.com/~coyotl	
>---------------------------------------------------------------------------
----
>
--
--  Anthony R. Nemmer 
--  http://www.swlink.net/~edelsys -- edelsys at swlink.net
--
--  EdelSys Consulting
--  http://www.edelsys.com/ -- edelsys at edelsys.com
--
--  EFNet IRC Nick Teratogen -- ICQ #14638605
--  (480) 968-6438 -- P.O. Box 1883, Tempe, Arizona 85280-1883
--




More information about the Phoenix-pm mailing list