use strict;

use Digest::MD5 qw(md5_base64);
use constant SECRET_PHRASE => 'myzylplyk';

warn "This method is not secure!\n";

# Turn 'angela' into quasi-signed cookie
my $cookie = generate_cookie('angela');
print "Cookie for 'angela' is: '$cookie'\n";

# Turn quasi-signed cookie back into angela
print "Translating back: ";
print "ok\n" if get_username($cookie) eq 'angela';

# See what happens if we turn angela into mary
$cookie =~ s/angela/mary/;
print "Gonna die now\n";
my $username = get_username($cookie);

sub make_hash {
  my ($username) = @_;
  return md5_base64($username . SECRET_PHRASE);
}

sub generate_cookie
{
   my ($username) = @_;

   my $enc_hash = make_hash($username);
   return "$username:$enc_hash";
}

# Returns the username if all checks out,
# dies horribly otherwise
sub get_username
{
   my ($cookie) = @_;

   my ($username, $digest) = split(/:/, $cookie);
   make_hash($username) eq $digest or die "Hack attack! Username '$username' doesn't match hash\n";
   return $username;
}