#!/usr/bin/perl

# pizza5submit.cgi
# handles pizza5.cgi order completion form

# get form data
$input=untaint(<STDIN>);                # Read from stdin and untaint it 
chomp($input); chomp($input);           # Get rid of trailing CR/LF    

# Check for unencoded equal signs.  If there are none, the input       
# didn't come from a FORM.                                             
if ( $input !~ /=/ )
{ 
    die "Query String not from FORM\n";
} 

# Query string okay.  Split data into name=value fields, at the ampersand 
@fields = split ("&", $input);

# Process each field and put it into an associative array              
foreach $one (@fields)
{                                                                      
    ($name, $value) = split("=",$one);  # split at the equal sign      
    &convert($name);                    # decode the name and value strings 
    &convert($value);                                                  
    $array{"$name"} = $value;           # put data into associative array 
}

if (!defined($array{"order"}))
{
    die "Query String not from pizza order form\n";
}

# Put data into a file: output/orders.txt; directory must exist
unless(open (OUTFILE, ">> output/orders.txt"))  # open for append
{
   &error("Unable to open output file: orders.txt");
}
print OUTFILE "Name: ", $array{"name"}, "\n";
print OUTFILE "Address: ", $array{"address"}, "\n";
print OUTFILE "Size: ", $array{"size"}, "\n";
print OUTFILE "Toppings: ", $array{"toppings"}, "\n";
print OUTFILE "------------------------------------------\n";

# Send the response page
# Fixed data is sent using HERE documents
# HTTP header must end with a single blank line
print <<EndOfHTTPHeader;
Content-type: text/html

EndOfHTTPHeader
print <<EndOfHTMLHeader;
<!DOCTYPE html PUBLIC
   "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
   <title>Your Order</title>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
<h1>Purple Pizza Order Confirmation</h1>
<p>Thank you for ordering from Dr. Hwang\'s Purple Pizza Parlor.</p>
EndOfHTMLHeader

# Send the variable data
print "<p>You have ordered a ", $array{"size"}, " pizza with ";
if (scalar(@toppings) == 0)
{
   print "no toppings. </p>\n";
}
else
{
   print join(", ", @toppings), " as toppings. </p>\n";
}
print "<p>Your pizza will be delivered in about a half hour to:<br />\n";
print $array{"name"}, "<br />\n";
# Split address into lines and print each one
@lines = split ("\n", $array{"address"});
foreach $line (@lines)
{
    print $line, "<br />\n";
}
print "</p>\n";

# Send end of document
print <<EndOfHTMLFooter;
</body>
</html>
EndOfHTMLFooter

# Get around security issues
sub untaint 
{
    $_[0]=~/\A(.*)\Z/m;
    $_[0]=$1;
    return $1;
}                                                          

sub convert
{
   $_[0] =~ s/\+/ /g;                      # Convert + to space        
   $_[0] =~ s/%(..)/pack("c",hex($1))/ge;  # Convert URL hex to Latin-1 
} 

sub error
{
   # Send error page and exit
   print <<EndOfHTTPHeader;
Content-type: text/html

EndOfHTTPHeader
   print <<EndOfHTMLHeader;
<!DOCTYPE html PUBLIC
   "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
   <title>Error In Form Submission</title>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
<h1>Error in Form Submission</h1>
<p>The following error was detected: </p>
EndOfHTMLHeader

   # Send the variable data
   print "<h2>", $_[0], "</h2>\n\n";


   # Send end of document
   print <<EndOfHTMLFooter;
<p>Please use the Back button to correct your form and resubmit</p>
</body>
</html>
EndOfHTMLFooter

   exit 0;
}