// Record details for guest book // // (C) M.A.Smith University of Brighton // // Permission is granted to use this code // provided this declaration and copyright notice remains intact. // // Created: 1 March 1997 // Last modified: 12 - March 1997 //#include "t99_type.h" #include #include #include #include #include #include #include //#define NO_MAP #include "parse.h" #include "parse.cpp" inline void html( char str[] ) { std::cout << str << "\n"; } inline void html_( char str[] ) { std::cout << str; } inline void html_( char c ) { std::cout << c; } char* getenv_n( char var[] ) { char *p = getenv( var ); return p == NULL ? (char*)"[]" : p; } // Parameters to the CGI program // passed in the QUERY_STRING environment variable // // book -- Name of Guest book // To make this safe the first 20 characters of // the guest book must be: // GuestBook-Security** // page -- Unique name for this guest book entry // back -- URL of "back to normal pages" // // name-title name -- Title & Name // e-mail -- e-mail address // who who-cont -- who // comment -- comment // Remember all files name must be absolute or relative to the // directory in which the CGI script is run bool valid ( char book[] ) { std::ifstream inf( book ); bool res = false; if ( !inf.fail() ) { char mes[] = "12345678901234567890"; inf.read( mes, 20 ); if ( strncmp( mes, "GuestBook-Security**", 20 ) == 0 ) { res = true; } else { html("Recording failed" ); html_( "Security marker: " ); html_( mes ); html( " Not valid"); } inf.close(); } else { html("Canot open recording file" ); } return res; } void write_log_entry( char book[], char page[], char title[], char name[], char email[], char who[], char whocont[], char comment[] ) { if ( valid( book ) ) { std::ofstream ofs( book, std::ios::app ); if ( !ofs.fail() ) { time_t t; time( &t); char *str = ctime( &t ); str[24] = '\0'; ofs << setiosflags( std::ios::left ); ofs << "\n"; ofs << std::setw(15) << page << str << "\n"; ofs << std::setw(15) << "Name: " << title << " " << name << "\n"; ofs << std::setw(15) << "E-mail: " << email << "\n"; ofs << std::setw(15) << "Who: " << who << " " << whocont << "\n"; ofs << std::setw(15) << "Host: " << std::setw(14) << getenv_n( "REMOTE_ADDR" ) << " " << getenv_n( "REMOTE_HOST" ) << "\n"; ofs << comment << "\n"; } else { html("

"); html("Can not append to guest book"); html("

"); } } else { html("

"); html("Internal security check failed : Can not append to guest book"); html("

"); } } bool present( char name[] ) { return strlen( name ) != 0; } int main() { html("Content-type: text/html"); html(""); html(""); html(""); char *query_str = getenv("QUERY_STRING"); Parse list( query_str == 0 ? (char*)"book=mas&name-title=Mr&name=Mas&e-mail=mas@brighton.ac.uk" : query_str ); bool accepted = false; if ( present( list.get_item_n( "name" ) ) && present( list.get_item_n( "e-mail" ) ) ) { accepted = true; } if ( list.get_item( "book" ) != NULL && accepted ) { write_log_entry( list.get_item_n( "book", 1 , true ), list.get_item_n( "page" ), list.get_item_n( "name-title" ), list.get_item_n( "name" ), list.get_item_n( "e-mail" ), list.get_item_n( "who" ), list.get_item_n( "who-cont" ), list.get_item_n( "comment" ) ); } html("

"); if ( accepted ) { html("

Accepted

"); html("Thank you for signing the guest book"); } else { html(""); html("

Not accepted

"); html("Please fill in your name amd e-mail address"); html(""); html("

"); html("Use the back button on your browser to preserve details in the form"); html("
"); html("Othewise use the return link"); } html("

"); html_(""); html_("[Return]"); html(""); #ifdef DEBUG html("

"); html("

");
  html_("book  = " ); html( list.get_item_n( "book", 1, true ) );
  html_("page  = " ); html( list.get_item_n( "page" ) );
  html("

"); #endif html(""); html(""); return 0; }