📄 fig19_12.pl
字号:
#!perl -T
# Fig. 19.12: fig19_12.pl
# Uses hidden fields in an insecure manner
use warnings;
use strict;
use CGI::Pretty ":standard";
use Digest::MD5 qw( md5_base64 );
my $encodeString = 'An encoder string';
print( header(), start_html( 'Bid on Deitel Books' ) );
# There are two separate sections--one for bidding/reviewing,
# one for reporting a purchase.
unless ( param( 'Buy It' ) ) {
my ( %prices, @rows, $total );
# Set up the products table and prices hash
open( FILE, 'products.txt' ) or die( "Cannot open file" );
while ( <FILE> ) {
my ( $book, $price, @row ) = split( /::/ );
$prices{ $book } = $price;
unshift( @row, $book );
push( @row, '$'.textfield( -name => $book,
-size => '5' ) );
push( @rows, td( \@row ) );
}
# make a table of all the bids made
my %bids;
foreach my $name ( param() ) {
$bids{ $name } =
param( $name ) if ( param( $name ) > 0 );
}
if ( %bids ) {
my @bidRows = ( th( [ 'Product', 'Bid', 'Result' ] ) );
foreach my $key ( keys( %bids ) ) {
my $bidRow =
td( [ $key, sprintf( '$%.2f', $bids{ $key } ) ] );
if ( $bids{ $key } > $prices{ $key } ) {
$bidRow .= td( 'OK' );
$bidRow .= hidden( $key.'digest',
md5_base64( $key, $bids{ $key },
$encodeString ) );
$bidRow .= hidden( -name => 'bid', -value => $key );
$bidRow .= hidden( -name => $key,
-value => $bids{ $key } );
$total += $bids{ $key };
}
else {
$bidRow .= td( 'Too low' );
}
push( @bidRows, $bidRow );
}
push( @bidRows, td( [ 'Total', sprintf( '$%.2f', $total ),
submit( -name => 'Buy It', -value => 'Buy It' ) ] ) );
print( start_form(), table( { border => '1' },
caption( h3( 'Current Bids' ) ), Tr( [ @bidRows ] ), ),
end_form() );
}
# make the products table
print( start_form(),
table( { border => '3' },
caption( h1( 'Product List' ) ),
Tr( { -valign => 'top' },
[ th( [ 'Product Name', 'Description', 'Bid' ] ),
@rows,
td( [ '', '', submit( -name => 'Review' ) ] )
] ) ), end_form() );
}
else {
my ( $total, @rows );
foreach my $name ( param( 'bid' ) ) {
if ( param( $name.'digest' ) ne
md5_base64( $name, param( $name ),
$encodeString ) ) {
print( h1( "You have tampered with the fields!!!" ),
end_html() );
die();
}
$total += param( $name );
push( @rows, td( $name ).td( { align => 'right' },
sprintf( '$%.2f', param( $name ) ) ) );
}
if ( @rows ) {
print( h1( 'Order Processed' ), table( { border => '3' },
caption( h4( 'Products Ordered' ) ),
Tr( [ th( [ 'Product', 'Price' ] ), @rows,
th( [ 'Total', sprintf '$%.2f', $total ] )
] ) ) );
}
else {
print( h4( 'You have not ordered anything. Please go ',
'back and revise any bids which were too low.' ) );
}
}
print( end_html() );
###########################################################################
# (C) Copyright 2001 by Deitel & Associates, Inc. and Prentice Hall. #
# All Rights Reserved. #
# #
# DISCLAIMER: The authors and publisher of this book have used their #
# best efforts in preparing the book. These efforts include the #
# development, research, and testing of the theories and programs #
# to determine their effectiveness. The authors and publisher make #
# no warranty of any kind, expressed or implied, with regard to these #
# programs or to the documentation contained in these books. The authors #
# and publisher shall not be liable in any event for incidental or #
# consequential damages in connection with, or arising out of, the #
# furnishing, performance, or use of these programs. #
###########################################################################
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -