use Digest::MD5;

# Given a message and key, returns a message authentication code
# with the following properties relevant to our example:
# - a 22-character string that may contain + / 0-9 a-z A-Z
# - any given message and key will always produce the same MAC
# - if you don't know the key, it's very hard to guess it
#   even if you have a message, its MAC, and this source code
# - if you have a message, its MAC, and even the key, it's 
#   very hard to find a different message with the same MAC
# - even a tiny change to a message, including adding on to
#   the end of it, will produce a very different MAC
sub compute_mac {
    my ($message, $key) = @_;
    Digest::MD5::md5_base64($key, Digest::MD5::md5($key, $message));
}

# Load a secret key string from somewhere safe
my $secret = 'skS>DrF1d:R-6<g8qmm7@Ml}?JQD1C';

# Ensures that an integer score is decorated with it's MAC
sub authenticated_score {
    my $score = shift;
    my $mac   = compute_mac(int($score), $secret);
    "$score/$mac";
}

##</code><code>##

use CGI;
use CGI::Cookie;

my $score = 1;

$score     = authenticated_score($score);
my $cookie = CGI::Cookie->new(-name => 'score', -value => $score);
print header(-cookie=>$cookie);

##</code><code>##

my %cookies = CGI::Cookie->fetch;
$score = $cookies{score}->value;

# Eliminate any score that's been tampered with
$score = 0 unless $score eq authenticated_score($score);

##</code><code>##

my %cookies = CGI::Cookie->fetch;
my $score = $cookies{score}->value;
$score = 0 unless $score eq authenticated_score($score);

# (play game here, adding 1 to $score if this is a win)

log_winner() if $score >= 100;

$score     = authenticated_score($score);
my $cookie = CGI::Cookie->new(-name => 'score', -value => $score);
print header(-cookie=>$cookie);

# (send the rest of your HTML to the player.)