Perl Form Validation using CGI scripting - perl

I'm trying to achieve one last task for my assignment is to validate the form before submit it to the another CGI program.
What happen is that I have a simple CGI program that will ask user to input the data
#!/usr/bin/perl -w
use CGI qw/:standard/;
# Standard HTTP header
print header();
# Write information to data file and produce a form
&printForm();
# Finish HTML page
print end_html();
# This sub will create a form to access the print_fortune.cgi script
sub printForm
{
print qq~
<html>
<head><title>My Search Engine</title>
</head>
<body>
<form action="b1.cgi" method="GET">
What is your e-msil address? <input type="text" name="passing" size=40>
<input type="submit" value="send address">
<input type="hidden" name="form" value="insert" />
</form>
<form method="get" action="b1.cgi" enctype="application/x-www-form-urlencoded">
<input type="text" name="search" value="" size="30" /><br />
<label><input type="radio" name="option" value="name" checked="checked" />name</label>
<label><input type="radio" name="option" value="author" />author</label><label>
<input type="radio" name="option" value="url" />url</label>
<label><input type="radio" name="option" value="keyword" />keyword</label>
<input type="submit" name=".submit" value="Search" />
<input type="hidden" name="passing" value="http://default.com" />
<div><input type="hidden" name="form" value="search" /></div></form>
</body>
So the above program contains two forms. One is to add new data to the database and the other one is to search from the database.
#!/usr/bin/perl
print "Content-type: text/html\n\n";
use LWP::Simple;
use CGI;
use HTML::HeadParser;
use DBI;
my $serverName = "";
my $serverPort = "";
my $serverUser = "";
my $serverPass = "";
my $serverDb = "";
my $serverTabl = "";
$cgi = CGI->new;
my $pass = $cgi->param('passing');
$URL = get ("$pass");
$head = HTML::HeadParser->new;
$head->parse("$URL");
my $methods = $cgi->param('form');
if ($methods eq "insert"){
insert_entry();
}
show_entries();
sub insert_entry {
my ($dbh, $success, $name, $author, $url,$temp);
$dbh = DBI->connect("DBI:mysql:database=$serverDb;host=$serverName;port=$serverPort",$serverUser,$serverPass);
$name = $head->header('X-Meta-Name');
$author = $head->header('X-Meta-Author');
$url = $cgi->param('passing');
$temp = $head->header('X-Meta-Keywords');
#keyword = split(/,/,$temp);
$success = $dbh->do("INSERT INTO $serverTabl(name,author,url,keyword1,keyword2,keyword3,keyword4,keyword5) VALUES(?,?,?,?,?,?,?,?)", undef,$name,$
author,$url,$keyword[0],$keyword[1],$keyword[2],$keyword[3],$keyword[4]);
$dbh->disconnect;
if($success != 1) {
return "Sorry, the database was unable to add your entry.
Please try again later.";
} else {
return;
}
}
sub show_entries {
my ($dbh, $sth, #row);
my $search = $cgi->param('search');
my $option = $cgi->param('option');
$dbh = DBI->connect("DBI:mysql:database=$serverDb;host=$serverName;port=$serverPort",$serverUser,$serverPass);
$sth = $dbh->prepare("SELECT *
FROM $serverTabl
WHERE $option LIKE '%$search%'");
$sth->execute;
print "Existing Entries",HR;
while(#row = $sth->fetchrow_array) {
$row[5] = scalar(localtime($row[5]));
print "<table border='2'><tr>";
print "<td>" . $row[0] . "</td>";
print "<td>Name" . $row[1] . "</td>";
print "<td>Author" . $row[2] . "</td>";
print "<td>URL" . $row[3] . "</td>";
print "<td>Keyword1" . $row[4] . "</td>";
print "<td>Keyword2" . $row[5] . "</td>";
print "<td>Keyword3" . $row[6] . "</td>";
print "<td>Keyword4" . $row[7] . "</td>";
print "<td>Keyword5" . $row[8] . "</td>";
print "</tr></table>";
}
$sth->finish;
$dbh->disconnect;
}
So now the question is how can I do a regular expression for the form submission before it goes to the second program?
I want to do validation for
name allows spaces but only alphabetical characters
author allows spaces but only alphabetical characters
keywords allows no spaces and only alphabetical characters
url only allows alphanumerical characters and the following :/.~?=+& No two periods can exist consecutively.
I'm really sorry but I'm really new to Perl. We are only been taught about PHP, but Perl almost nothing....


The perluniprops Perl document lists all the \p regular expression properties.
For a string that contains only letters, you want
/^[\p{Alpha}]+$/
For a string that contains only letters and spaces you want
/^[\p{Alpha}\x20]+$/
To match a URL the documentation of the URI module gives this as an official pattern to match a URL
m|^(?:([^:/?#]+):)?(?://([^/?#]*))?([^?#]*)(?:\?([^#]*))?(?:#(.*))?$|
Be sure to cite the references in your work to get extra marks!

Related

Perl - How to validate Chinese character input from web form?

My web page uses Charset UTF-8 to allow Chinese character input in a textarea form field. I want to test if the input contains a certain character. I've writtena test script to see how Perl is going to handle the Chinese input. It's not finding the match when there is a known match.
Here is my test form:
<!DOCTYPE html>
<head>
<meta charset="utf-8">
</head>
<body>
<form method="post" action="http://www.my_domain.com/cgi-bin/my_test_script.pl">
<textarea name="user_input" rows="" cols=""></textarea>
<input type="submit" name="submit" value="submit">
</form>
</body>
</html>
Here is my code:
#!/usr/bin/perl -T
use strict;
use warnings;
use CGI;
use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
use utf8;
print "Content-type: text/html; charset=UTF-8\n\n";
print "<meta http-equiv='content-type' content='text/html;charset=UTF-8'>";
my $query = new CGI;
my $msg = $query->param('user_input');
chomp $msg;
my $msg_code = ord($msg);
print "<p> Message was: ".$msg."\n";
print "<p> Message Code is: ".$msg_code."\n";
my $char_from_code_point = "\N{U+89C6}";
my $char_from_code_point_reverse_code = ord($char_from_code_point);
print "<p> char_from_code_point= ".$char_from_code_point."\n";
print "<p> char_from_code_point_reverse_code = ".$char_from_code_point_reverse_code."\n";
if ($msg =~ m/$char_from_code_point/) {
print "<p>Matched!\n";
}
else {
print "<p> NOT matched\n";
}
And here is the output from submitting the correct character:
Message was: 视
Message Code is: 232
char_from_code_point= 视
char_from_code_point_reverse_code = 35270
NOT matched
Could someone please point out what I'm doing wrong?
Thank you.

Input boxes in while loop

I am wondering how I can differentiate the name on the input box in a while loop so when I post I get 2 separate values. Here is my code:
<form method="post" action="rewarded.php">
<?php
$nameqry="SELECT name FROM kids";
$names=mysqli_query($conn, $nameqry) or die ("Error could not execute name query: " . mysqli_error());
echo "<table>";
while($namerow=mysqli_fetch_array($names)) {
$name=$namerow["name"];
echo "<tr><td>$name will use <input type='text' name='points'> points.</td></tr>";
}
echo "</table>";
echo "<input type='submit' value='Submit'>";
?>
</form>

while($namerow=mysqli_fetch_array($names)) {
$name=$namerow["name"];
echo "<tr><td>$name will use <input type='text' name='points-<?php echo $name; ?>'> points.</td></tr>";
}
each time the code repeated in loop it gives you a different input name.
also you can use name="points[]"
it will return all names in a array

You could make the name a variable and change the variable on each loop.
$input_name_count = 1;
while($namerow=mysqli_fetch_array($names)) {
$name=$namerow["name"];
echo "<tr><td>$name will use <input type='text' name='".$input_name_count."'> points.</td></tr>";
}
Alternatively, if you don't want to use numbers (i.e. points1, points2, etc.or 1,2,3 etc.) make a list of names that you want.
$names_list = ['name', 'name 2', 'hippos'];
Then simply select the item you want from the list using a counter.
$counter = 0;
while($namerow=mysqli_fetch_array($names)) {
$name=$namerow["name"];
echo "<tr><td>$name will use <input type='text' name='".$names_list[$counter]."'> points.</td></tr>";
$counter++;
}

Why am I getting this error when testing a Perl/CGI scipt on Padre?

Spent better part of 3-days writing a CGI script to handle the input form data from my HTML. Used Padre as an editor but now receive this error when running the script.
"uncaught exception from user code: "-T" is on the #! line, it must also be used on the command line at scipt.pl"
I'd like some pointers if anyone is willing to look over my code and offer guidance. This is my first endeavor into Perl and CGI. What I desire for endstate is a form a webuser enters data and then hits submit. After validation a page is sent back to the browser with information and errors if they exist. here is my code and thanks in advance!
HTML Code:
<html>
<head><title>My First CGI-PERL</title>
<!--Link to css for styling here-->
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<header>
<h1>Welcome to my first CGI-PERL Form submission</h1></header>
<br>
<p>Please Enter the following information in the fields and click
SUBMIT.</p>
<hr>
<br>
<div class="container1">
<form action="/cgi-bin/text.pl" method="post"> <!--script to process
this section-->
Item Number<input type="text" name="Item"><br> <!--Cannot be blank-->
Product Name<input type="text" name="Name"><br> <!--Cannot be
blank-->
Product Cost<input type="text" name="Cost"><br> <!--must be between .50 and $1000-->
Selling Price<input type="text" name="Price"><br> <!--price from 1.00 to 2000.00-->
Quantity on Hand<input type="text" name="Quantity"><br> <!--cannot be negative-->
</form></div>
<br>
<br>
<hr>
<br>
<h2>Choose A Product Category</h2> <!--must be one of the categories-->
<br>
<div class="container2">
<form action="/cgi-bin/radio.pl" method="post"> <!--name of script that handles this section-->
<input type="radio" name="letter" value="F">F<br>
<input type="radio" name="letter" value="H">H<br>
<input type="radio" name="letter" value="M">M<br>
<input type="radio" name="letter" value="C">C<br>
<input type="radio" name="letter" value="T">T<br>
<br>
</form></div>
<hr>
<br>
<div class="container4">
<form action="/cgi-bin/myfirstcgi.cgi" method="post"> <!--script to process submit and send a second page back-->
<input type="submit" name="submit" value="SUBMIT"><br>
</form></div> <!--close container 2-->
<!--Profit should be auto generated on the second page created by the script-->
</body>
</html>
Perl Script:
#!/usr/bin/perl
print "Content-type: text/html\n\n";
use strict;
use warnings;
use CGI qw(:standard);
print "<html><body>";
print "Thank you for submitting the form. <br>\n";
#return to html page with form
print "To go back to the form page click"; #how can i insert a link to the form page here
print "You chose item number ", param("Item")," \n";
print "The product name is ", param("Name"), " \n";
print "The Cost is ", param("Cost")," \n";
print "Selling Price ", param("Price")," \n";
print "Quantity on Hand is ", param("Quantity")," \n";
#scalar variables to hold form input data
my $item = param("Item");
my $name = param("Name");
my $cost = param("Cost");
my $price = param("Price");
my $category = param("Category"); #radio button chosen
my $quantity = param("Quantity");
my $profit = $cost - $price;
#radio buttons
my %categories = ("F", "H", "M", "C", "T");
#validation a category was chosen
my $categories = param("letter");
if (exists $categories{$category}) {
print "The product Category is $category";
}
else {
error ("You must select a category");
}
#validate input
if ($item eq "") {
error ("Field cannot be blank");
}
if ($name eq "") {
error ("Field cannot be blank");
}
if ($cost < .50 && $cost > 1000) {
error ("Invalid Entry Cost must be between $.50 and $1000");
}
if ($price < 1.00 && $cost > 2000) {
error ("Invalid Amount Please enter Price between $1.00 and $2000");
}
if ($quantity < 0) {
error ("Quantity cannot be negative number");
}
sub error {
my ($errormsg) = #_;
print "<h2>Error</h2>\n";
print "$errormsg<p>\n";
print "</body></html>\n";
exit;
}

Your homework should be done by you. But Since there is lot of syntax mistakes there I will try to help you.
First of all Bind all the elements inside the html into a single form with single submit button so that it can go to server in the form of query string in a single go.
Your html should be:
<html>
<head><title>My First CGI-PERL</title>
<!--Link to css for styling here-->
<!--<link rel="stylesheet" type="text/css" href="style.css">-->
</head>
<body>
<header>
<h1>Welcome to my first CGI-PERL Form submission</h1></header>
<br>
<p>Please Enter the following information in the fields and click
SUBMIT.</p>
<hr>
<br>
<div class="container1">
<form action="action.cgi" method="post"> <!--script to process
this section-->
Item Number<input type="text" name="Item"><br> <!--Cannot be blank-->
Product Name<input type="text" name="Name"><br> <!--Cannot be
blank-->
Product Cost<input type="text" name="Cost"><br> <!--must be between .50 and $1000-->
Selling Price<input type="text" name="Price"><br> <!--price from 1.00 to 2000.00-->
Quantity on Hand<input type="text" name="Quantity"><br> <!--cannot be negative-->
<br>
<br>
<hr>
<br>
<h2>Choose A Product Category</h2> <!--must be one of the categories-->
<br>
<div class="container2">
<input type="radio" name="letter" value="F">F<br>
<input type="radio" name="letter" value="H">H<br>
<input type="radio" name="letter" value="M">M<br>
<input type="radio" name="letter" value="C">C<br>
<input type="radio" name="letter" value="T">T<br>
<br>
<hr>
<br>
<div class="container4">
<input type="submit" name="submit" value="SUBMIT"><br>
</form></div> <!--close container 2-->
<!--Profit should be auto generated on the second page created by the script-->
</body>
</html>
Your cgi script I named as action.cgi and It should be like this for the above html from your approach. Whatever the error you had I tried to show it using commented lines.
#!/usr/bin/perl -T
print "Content-type: text/html\n\n";
use strict;
use warnings;
use CGI qw(:standard);
print "<html><body>";
print '<h1>"Thank you for submitting the form. <br>"\n';
#return to html page with form
print '<h2>To go back to the form page click Here.</h2>';#missing quotes
print "<hr><br><br>";
print "You chose item number ",param("Item")," <br>";
print "The product name is ", param("Name"), " <br>";print "The Cost is
", param("Cost")," \n";
print "Selling Price ", param("Price")," <br />";
print "Quantity on Hand is ", param("Quantity")," <br> ";
#scalar variables to hold form input data
my $item = param("Item");
my $name = param("Name");
my $cost = param("Cost");
my $price = param("Price");
my $category = param("Category"); #radio button chosen
my $quantity = param("Quantity");
my $profit = $cost - $price;
#radio buttons
my #categories = ("F", "H", "M", "C", "T");#better use array
#vali`dation a category was chosen
$category = param("letter");
if(grep { /$category/ } #categories) { # check if category exist in your predefined array
print "The product Category is $category \n";
}
else {
error ("You must select a category");
}
#validate input
if ($item eq "") {
error ("Field cannot be blank");
}
if ($name eq "" ){
error ("Field cannot be blank");
}
if ($cost < .50 && $cost > 1000) {
error ("Invalid Entry Cost must be between $.50 and $1000");
}
if ($price < 1.00 && $cost > 2000) {
error ("Invalid Amount Please enter Price between $1.00 and $2000");
}
if ($quantity < 0) {
error ("Quantity cannot be negative number");
}
#Error subroutine
sub error {
my $errormsg = shift;#you shouldn't assign array to variable
print "<h2>Error</h2>\n";
print "$errormsg<p>\n";
print "</body></html>\n";
}
If you really want to learn perl after basic understanding try to learn
perldsc,perlvar,perlref,perloo,perlobj

Padre runs Perl programs using a command like:
/usr/bin/perl <your_file.pl>
Taint checking requires deep changes to how the compiler works, so it needs to be turned on immediately after the compiler starts up. You have -T on the shebang line inside your program and that isn't parsed until after the compiler starts - too late for taint mode to be enabled. It would be confusing for Perl to start running your code not in taint mode when you think that taint mode has been turned on, so it halts execution with the error message that you have seen.
You can fix this by configuring Padre to run your code with as slightly different command:
/usr/bin/perl -T <your_file.pl>
In Padre choose Tools -> Preferences from the menu and then select the "Language - Perl 5" option. There is a text input labelled "Interpreter arguments". You can put your -T there and save the changes.
Also, I'll just reiterate my previous advice that using CGI in 2015 is ridiculous. Please take a look at CGI::Alternatives and switch to a more modern architecture.

HTML form action to execute cgi is not working

I have been trying to run a simple perl-cgi script on windows XP. This is a simple HTML form with an Submit button where clicking on Submit button displays some text(Username). But clicking the Submit button on the HTML page, nothing is happening. If I open up browser with url its working fine.
HTML Form:
<form id="form" name="form" method="post" action="C:/Server/Apache2/cgi-bin/hello.cgi" enctype="multipart/form-data">
<h1><center>User Login</center></h1>
<p><label><h4>Username</h4></label>
<input type="text" name="username" id="username" /></p>
<p><label><h4>Password</h4></label>
<input type="password" name="password" id="password" /></p>
<button type="submit">Sign-In</button><br><br>
CGI :
#!C:\perl\bin\perl.exe -wT
local ($buffer, #pairs, $pair, $name, $value, %FORM);
# Read in text
$ENV{'REQUEST_METHOD'} =~ tr/a-z/A-Z/;
if ($ENV{'REQUEST_METHOD'} eq "POST")
{
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
}else {
$buffer = $ENV{'QUERY_STRING'};
}
# Split information into name/value pairs
#pairs = split(/&/, $buffer);
foreach $pair (#pairs)
{
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%(..)/pack("C", hex($1))/eg;
$FORM{$name} = $value;
}
$user_name = $FORM{username};
print "Content-type:text/html\r\n\r\n";
print "<html>";
print "<head>";
print "<title>Hello - Second CGI Program</title>";
print "</head>";
print "<body>";
print "<h2>Hello $user_name - Second CGI Program</h2>";
print "</body>";
print "</html>";
1;
Opening CGI directly in browser:

You need proper URL in form action attribute, ie. action="/cgi-bin/hello.cgi"

Another suggestion just to add.
Since it looks like you are just starting to learn perl, I would read into the CGI module. CGI is a widely used perl module for programming CGI : Common Gateway Interface which is used to recieve user input and produce HTML output. It processes form submissions, query string manipulation, and processing and preparing HTTP headers.
There are two styles of programming with CGI, object-oriented and function-oriented.

Pass value from HTML page form to a CGI program

I'm trying to create a simple program that will get the content of the webpage for the sake of my assignment.
Right now I create a very simple HTML page that will let the user enter a URL.
<html>
<head><title>URL page</title>
</head>
<body>
<form action="cgi-bin/b1.cgi" method="GET">
Enter the URL you want to see <input type="text" name="passing" size=40>
<input type="submit" value="submit">
</form>
</body>
</html>
so I just want to pass the url to my CGI program that I have so far
#!/usr/bin/perl
print "Content-type: text/html\n\n";
use LWP::Simple;
use CGI;
use HTML::HeadParser;
#my $pass = $cgi->param('passing');
$URL = get ("$passing");
$head = HTML::HeadParser->new;
$head->parse("$URL");
print "This is the Title of the page" . $head->header('Title') . "\n\n";
print $head->header('X-Meta-Description') . "\n\n";
print $head->header('X-Meta-Keywords') . "\n\n";
print $head->header('Content-Type') . "\n\n";
print $head->header('Content-Language') . "\n\n";
exit;
So from the above code as you can see if I can get the value that pass from the GET method to the line where it say URL = get(); then I can get the content.
I tried some approch like my $pass = $cgi->param('passing'); but it gives me an error about param
Any suggestion would be so much appreciated.