rshoe has asked for the wisdom of the Perl Monks concerning the following question:

I do not know if this is possible but I am trying to create a form that sends information to a cgi file. That file creates a cookie. Then I have another cgi file that displays the information of the cookie. Most of the files work except the last one. I'm trying to use an if statement to tell if a certain radio button is used then print the information one way if not print the information another way. I'm using a regular expression in the if statement. The last file "membership.cgi" does not work correctly. If any one can help me I would appreciate it. Thank you for your time. Randy Here are my files: html file: 
<!doctype html>
<html lang = "en">
<head>
     <title>Sign Up</title>
</head>


<body>

<h2>Sign up and choose your options</h2>
<form action="/cgi-bin/signup.cgi" method="post">
<table border="2" cellspacing="5" cellpadding="5">
<tr>
     <td align="center">Name</td>
     <td><input type="text" name="name" size="30"></td>
</tr>
<tr>
<td align="center">Select MemberShip Type</td>
<td><input type = "radio" name = "membership" value="0">Life
<input type = "radio" name = "membership" value="1">Annual
<input type = "radio" name = "membership" value="2">Fee Trial</td>
</tr>
<tr>
<td align="center">Choose Background Color</td>
<td><select name = "color">
    <option value = "pk">Pink
    <option value ="cy">Cyan
    <option value = "ma">Magenta
    <option value ="wh">White
    <option value = "go">Gold
    <option value ="bl">Blue
</select>
</tr>
<tr>
  <td colspan="2" align="center"><input type = "submit" value="Sign Up
+ and Set Options" </td>
</tr>
</form>
</table>
</body>
</html>

[download]
The cookie cgi file 
#!c:\Dwimperl\perl\bin\perl.exe

use CGI qw(:standard);
use CGI::Carp qw(fatalsToBrowser);
use strict;
use warnings;

my $name = param('name');
my $membership = param('membership');
my $color = param('color');

my @members = ('Life', 'Annual', 'Free Trial');
my %colors =(pk => 'Pink',
             cy => 'Cyan',
             ma => 'Magenta',
             wh => 'White',
             go => 'Gold',
             bl => 'Blue',);
             


my @newmembers =($members[$membership], $name, $colors{$color});


my $mem = cookie(-name => "member",
                       -value => "@newmembers",
                       -path => "/",
                       -expires => "+1M" );

print header( -cookie => [$mem] ),
start_html,
"<h2>Thank you. Your data has been recorded</h2>",
"<a href='membership.cgi'>See member page</a>",
end_html;

[download]
The output cgi file 
#!c:\Dwimperl\perl\bin\perl.exe

use CGI qw(:standard);
use CGI::Carp qw(fatalsToBrowser);
use strict;
use warnings;

my @ara = split (/ /,cookie("member"));  #### splits on spaces into ar
+ray 


if($ara[0] =~ /Free Trial/){
print header, start_html;
print "<body bgcolor ='".$ara[4]."'/>";
print "<h1>Welcome back, ".$ara[0]." ".$ara[1]." Member ".$ara[2]." ".
+$ara[3]."</h1>"; 
print end_html;
    
}else{
print header, start_html;
print "<body bgcolor ='".$ara[3]."'/>";
print "<h1>Welcome back, ".$ara[0]." Member ".$ara[1]." ".$ara[2]."</h
+1>"; 
print end_html;
}

[download]

Replies are listed 'Best First'.
Re: Regular Expressions in a cookie
by FloydATC (Deacon) on Oct 22, 2014 at 05:03 UTC

    Keep in mind that although the average user can't see or interfere with cookies, they are just as unsafe as any other data you're getting from a user. A malicious user could manually design a cookie to attack your system and cause it to behave in ways you did not intend.

    Be very careful when using cookies for anything else than encrypted or easily verifiable information. They are no safer than information passed as form parameters or part of the URL. The only difference is they can be stored between sessions.

    Instead of passing the name and membership details, consider sending just an identifying number, a timestamp and a hash of the number + the timestamp + a secret string only known by your scripts. That way, you can check the identifier against the hash to determine if it has been tampered with. If the hash doesn't check out, deny the request. It still won't be 100% safe but atleast it won't be trivial.

    -- FloydATC

    Time flies when you don't know what you're doing

[reply]
Re: Regular Expressions in a cookie
by tangent (Parson) on Oct 22, 2014 at 02:59 UTC
    #### splits on spaces into array
    The problem is that your parameter values have spaces within e.g. "Free Trial" and no doubt "param('name')". The fact you are using $ara[4] to get the color is hinting that your @ara has 5 elements instead of 3. It would be easier to create multiple cookies: 
    my $cookie1 = cookie(
    -name => 'member',
    -value => $members[$membership],
);
my $cookie2 = cookie(
    -name => 'name',
    -value => $name,
);
my $cookie3 = cookie(
    -name => 'color',
    -value => $color,
);
print header( -cookie => [ $cookie1, $cookie2, $cookie3 ] );

    [download]
    Then, in membership.cgi you can retrieve each value. This will make printing your HTML easier too, as will using the quote-like operator qq|| instead of plain quotes: 
    my $member = cookie('member');
my $name = cookie('name');
my $color = cookie('color');
...
print qq|<body style="background-color:$color;">|;
print qq|<h1>Welcome back, $member Member $name</h1>|;

    [download]
    In your first script you might also want to check that values have been entered for each parameter.
[reply]
[d/l]
[select]
Re: Regular Expressions in a cookie
by Anonymous Monk on Oct 21, 2014 at 23:12 UTC
[reply]

Back to Seekers of Perl Wisdom