/* CGI program that handles multiple forms */ /* Each form includes a hidden field that specifies the name of the form */ #include #include #include #include #include #include #include "cgilib.h" /* simple CGI request parsing routines */ /* print HTML error message and exit */ void fatal_error( char *s) { printf("

\n"); printf("%s

\n",s); exit(1); } /* Here is a routine that simply prints the contents of a file This is used so we can save most of the HTML we need to generate in files, so we can change the appearance of the pizza system without recompiling */ void sendfile( char *filename ) { FILE *f; char buf[1000]; if ( (f=fopen(filename,"r")) == NULL) { fatal_error("can't find a file"); } while (fgets(buf,1000,f)) { printf("%s",buf); } fclose(f); } #define MAXFIELDS 10 /* Max number of fields we will handle */ /* see if a string contains any nonblank chars */ int empty( char *s) { return(strlen(s)==strspn( s, " \t\n")); } /* Some file names */ char *logo = "logo"; /* the file containing the pizza logo */ char *login = "loginform.tmpl"; /* the file with the login form */ char *order = "orderform.tmpl"; /* most of the order form */ char *baduser = "baduser"; /* Nasty bad user message */ char *nicetry = "nicetry"; /* another bad user message */ char *pwfile="passwords"; /* validate a user by seeing of a (name,password) pair is found in the password database (not the system password database, just a file we use to keep track of names and passwords */ int validate_user(char *name, char *password) { FILE *pw; char u[100],p[100]; /* empty name or password is invalid */ if ((empty(name)) || (empty(password))) return(0); /* open the password database */ if ( (pw=fopen(pwfile,"r"))==NULL) fatal_error("Sorry we lost our password file"); /* check each entry in the database against the name and password we got with the query. The file contains one word per line, the first line holds a name, the second a password (and so on). */ while (!feof(pw)) { /* read a username and password from the database */ if (!fgets(u,100,pw)) { fclose(pw); return(0); } if (!fgets(p,100,pw)) { fclose(pw); return(0); } /* Eliminate trailing whitespace */ while (isspace(u[strlen(u)-1])) u[strlen(u)-1]=0; while (isspace(p[strlen(p)-1])) p[strlen(p)-1]=0; /* see if we got a match */ if ( (strcmp(u,name)==0) && (strcmp(p,password)==0) ) { fclose(pw); return(1); /* we found it! */ } } fclose(pw); return(0); /* we didn't find it */ } /* takes care of login requests. Each valid login request should include the following fields: name password The names of the fields submitted in the query are in the array names, and the field values are in vals We ignore any other fields. */ void handle_login( char **names, char **vals, int n) { char *name; char *password; int i; /* find the name and password entered */ name=password=NULL; for (i=0;iHello "); printf("%s, place your order\n",name); printf("

\n"); printf("\n",name); printf("\n",password); /* the rest of the form is in a file */ sendfile(order); } char *validpizzas[] = { "Cheese", "Veggie", "Pepperoni", "Sausage" }; int n_validpizzas = sizeof(validpizzas)/sizeof(char *); int validate_pizza(char *p) { int i; if ((p==NULL) || (empty(p))) return(0); for (i=0;i\n"); printf("Your pizza selection is invalid! (%s)\n",pizza); printf("

Hello "); printf("%s, place your order

\n",name); printf("\n"); printf("\n",name); printf("\n",password); sendfile(order); return; } /* Make sure the size is valid */ if (! validate_size(size)) { sendfile(nicetry); /* indicate that there is some problem */ /* now send a customized error message explaining that the pizza size requested is not valid, and send back an order form */ printf("

\n"); printf("Your size selection is invalid! (%s)\n",size); printf("
Hello "); printf("%s, place your order
\n",name); printf("\n"); printf("\n",name); printf("\n",password); sendfile(order); return; } /* Valid order - send back a receipt / printf("
Thanks for your order %s
\n",name); printf("\n"); printf("\n"); printf("\n",name); printf(""); printf("\n", timerec->tm_mon+1,timerec->tm_mday,timerec->tm_year+1900); printf(""); printf("\n", timerec->tm_hour,timerec->tm_min); printf("\n",pizza); printf("\n",size); printf(""); printf("\n", timerec->tm_hour+1,timerec->tm_min); printf(""); if (strcmp(size,"small")==0) printf("\n"); else if (strcmp(size,"medium")==0) printf("\n"); else printf("\n"); printf("
RECEIPT
Name: %s
Date: %d/%d/%d
Time: %d:%d
Pizza: %s
Size: %s
Time Ready: %d:%d
Amount Due: $6.50
$8.50
$10.50
\n"); } / Pizza system main program - gets the request and determines whether this is a login request or an order request. If neither - it just sends back a login form (so the user can log in). A login request or an order request will include a field named "formname" which can have the value "login" or "order". / int main() { char query; char names[MAXFIELDS]; / will hold field names / char vals[MAXFIELDS]; /* will hold field values / char form; int i,n; /* always tell the browser what kind of document we are sending / / NOTE: the web server that started the CGI program will send back the appropriate HTTP status line !!! / printf("Content-type: text/html\n\n"); / now send the Pizza logo / sendfile(logo); / get the query / query = get_request(); if ((query==NULL)||(strlen(query)==0)) { / we got nothing - we need to send back the login form / sendfile(login); } else { / we got a query, for now just figure out which form we are handling / / parse the request string and chop into fields */ n = split_and_parse(query,names,vals,MAXFIELDS); form=NULL; for (i=0;i

RECEIPT
Name:	%s
Date:	%d/%d/%d
Time:	%d:%d
Pizza:	%s
Size:	%s
Time Ready:	%d:%d
Amount Due:	$6.50
$8.50
$10.50