#!/usr/bin/perl

# pizza6.cgi
# handles pizza6.html order form - multiple form and page example

# get form data
$input=untaint(<STDIN>);                # Read from stdin and untaint it 
chomp($input); chomp($input);           # Get rid of trailing CR/LF    

# Check for unencoded equal signs.  If there are none, the input       
# didn't come from a FORM.                                             
if ( $input !~ /=/ )
{ 
    die "Query String not from FORM\n";
} 

# Query string okay.  Split data into name=value fields, at the ampersand 
@fields = split ("&", $input);

# Process each field and put it into an associative array              
@toppings = ();                         # toppings is a multiple choice
foreach $one (@fields)
{                                                                      
    ($name, $value) = split("=",$one);  # split at the equal sign      
    &convert($name);                    # decode the name and value strings 
    &convert($value);                                                  
    if ($name ne "toppings")
    {
       $array{"$name"} = $value;        # put data into associative array 
    }
    else
    {
       push(@toppings, "$value");       # collect toppings
    }
}

# Check for null fields
if ($array{"name"} eq "")
{
    &error ("Name field is NULL");
}
if ($array{"address"} eq "")
{
    &error ("Address field is NULL");
}

# Send the response page
# Fixed data is sent using HERE documents
# HTTP header must end with a single blank line
print <<EndOfHTTPHeader;
Content-type: text/html

EndOfHTTPHeader
print <<EndOfHTMLHeader;
<!DOCTYPE html PUBLIC
   "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
   <title>Your Order</title>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
<h1>Purple Pizza Order Confirmation</h1>
<p>Thank you for ordering from Dr. Hwang\'s Purple Pizza Parlor.</p>
EndOfHTMLHeader

# Send the variable data
print "<p>You have ordered a ", $array{"size"}, " pizza with ";
if (scalar(@toppings) == 0)
{
   $toppinglist="";
   print "no toppings\n";
}
else
{
   $toppinglist=join(", ", @toppings);
   print $toppinglist, " as toppings\n";
}
print "<br /><br />\n";
print "to be delivered to: <br /><br />\n";
print $array{"name"}, "<br />\n";
# Split address into lines and print each one
@lines = split ("\n", $array{"address"});
foreach $line (@lines)
{
    print $line, "<br />\n";
}
print "</p>\n";
print "<form action=\"http://csserver.evansville.edu/~hwang/cgi-bin/f06-courses/cs350/pizza5submit.cgi\" method=\"post\">\n";
print "<input type=\"hidden\" name=\"order\" value=yes />\n";
print "<input type=\"hidden\" name=\"name\" value=\"$array{name}\" />\n";
print "<input type=\"hidden\" name=\"address\" value=\"$array{address}\" />\n";
print "<input type=\"hidden\" name=\"size\" value=\"$array{size}\" />\n";
print "<input type=\"hidden\" name=\"toppings\" value=\"$toppinglist\" />\n";
print "<p>If this is correct, click here: &nbsp\n";
print "<input type=\"submit\" value=\"Finish Order\" /></p>\n";
print "</form>\n";
print "<form action=\"http://csserver.evansville.edu/~hwang/cgi-bin/f06-courses/cs350/pizza5cancel.cgi\" method=\"post\">\n";
print "<p>If this is not correct, click here: &nbsp";
print "<input type=\"submit\" value=\"Cancel Order\" /></p>\n";
print "</form>\n";

# Send end of document
print <<EndOfHTMLFooter;
</body>
</html>
EndOfHTMLFooter

# Get around security issues
sub untaint 
{
    $_[0]=~/\A(.*)\Z/m;
    $_[0]=$1;
    return $1;
}                                                          

sub convert
{
   $_[0] =~ s/\+/ /g;                      # Convert + to space        
   $_[0] =~ s/%(..)/pack("c",hex($1))/ge;  # Convert URL hex to Latin-1 
} 

sub error
{
   # Send error page and exit
   print <<EndOfHTTPHeader;
Content-type: text/html

EndOfHTTPHeader
   print <<EndOfHTMLHeader;
<!DOCTYPE html PUBLIC
   "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
   <title>Error In Form Submission</title>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
<h1>Error in Form Submission</h1>
<p>The following error was detected: </p>
EndOfHTMLHeader

   # Send the variable data
   print "<h2>", $_[0], "</h2>\n\n";


   # Send end of document
   print <<EndOfHTMLFooter;
<p>Please use the Back button to correct your form and resubmit</p>
</body>
</html>
EndOfHTMLFooter

   exit 0;
}