#!/usr/bin/perl -wT
use strict;
use CGI;
# We use this to prevent someone from inserting HTML tags.
# Otherwise, they can include pornographic images, server
# side includes, or a meta refresh tags!
use HTML::Entities;
my @text;
# By defining the separator here and not hardcoding it in the script,
# we can make it much easier to change in the future!
my $separator = "::";
my $query = new CGI;
print $query->header,
$query->start_html(-title => "Guestbook Thing"),
$query->h1("Guestbook Thing");
writeit();
readit();
printit();
print $query->end_html;
sub writeit{
my($query)=@_;
print $query->startform;
print "Name:",
$query->textfield( -name => 'Name' ),
$query->br(),
"Message:
",
$query->textarea( -name => "Comments",
-rows => "10",
-columns => "50" ),
$query->br(),
$query->submit( -value => "Submit"),
$query->reset( -value => "Reset" ),
$query->hr(),
$query->endform;
my $name = $query->param('Name');
my $comments = $query->param('Comments');
# We're going to eliminate newlines so each comment is on one line
$comments =~ s/\n/
/g;
chomp ( $name = encode_entities( $name ) );
chomp ( $comments = encode_entities( $comments ) );
# Oops! We need to get the
back!
$comments =~ s/<br>/
/g;
if ( defined $name and defined $comments ) {
open(WRITE,">>guestbook.txt") || dienice("AHH $!");
print WRITE ( join $separator, ( $name, $comments ) ) . "\n";
close(WRITE) || dienice("AHH $!");
}
}
sub readit{
open(WRITE,"guestbook.txt") || dienice("AHH $!");
@text = ;
chomp @text;
close(WRITE);
}
sub printit{
print $query->h2('Current Results');
foreach ( @text ) {
my ( $name, $message ) = split /$separator/, $_;
print $query->hr,
"Message By: $name",
$query->br,
"<Message>: ",
$query->br,
$query->blockquote( $message ),
"</Message>";
}
}