game.cgi

1. #!/usr/bin/perl -w
2.  
3. use CGI qw/:all/;
4. use CGI::Carp qw/fatalsToBrowser warningsToBrowser/;
5. $max_number_to_guess = 99;
6. sub main() {
7. # print start of HTML ASAP to assist debugging if there is an error in the script
8. print page_header();
9.  
10. # Now tell CGI::Carp to embed any warning in HTML
11. warningsToBrowser(1);
12.  
13. $username = param('username') || '';
14. $password = param('password') || '';
15.  
16.  
17. # remove any non-word characters from username
18. # another malicious user could include ../ in username
19. $username =~ s/\W//g;
20. # limit username to 32 word characters
21. $username = substr $username, 0, 32;
22.  
23.  
24. if (!$username || !$password) {
25. print login_form();
26. } elsif (open F, "accounts/$username/password") {
27. $check = <F>;
28. chomp $check;
29. if ($password eq $check) {
30. $guess = param('guess') || '';
31. # remove any non-digit characters from guess
32. $guess =~ s/\D//g;
33.  
34. $number_to_guess = param('number_to_guess') || '';
35. $number_to_guess =~ s/\D//g;
36.  
37. if (-e "accounts/$username/number") {
38. ;
39. } else {
40. open G, ">", "accounts/$username/number";
41. close G;
42.  
43. }
44.  
45. if (open G, "<", "accounts/$username/number") {
46. $number_to_guess = <G>;
47. close G;
48. if($number_to_guess eq ""){
49. $number_to_guess = 1 + int(rand $max_number_to_guess);
50. open H, ">", "accounts/$username/number";
51. print H "$number_to_guess";
52. }
53. }
54.  
55. if ($guess eq '') {
56. print "I've thought of a number.\n";
57. print guess_number_form($username, $password);
58. } elsif ($guess eq $number_to_guess) {
59. print "You guessed right, it was $number_to_guess.\n";
60. # delete number file here
61. print new_game_form($username, $password);
62. } elsif ($guess < $number_to_guess) {
63. print "Its higher than $guess.\n";
64. print guess_number_form($username, $password);
65. } else {
66. print "Its lower than $guess.\n";
67. print guess_number_form($username, $password);
68. }
69. } else {
70. print "Incorrect password!\n";
71. }
72. } else {
73. print "Unknown username!\n";
74. }
75.  
76. print page_trailer();
77. }
78.  
79. # form to allow user to supply username/password
80.  
81. sub login_form {
82. return <<eof;
83. <form method="POST" action="">
84. Username: <input type="textfield" name="username">
85. <p>
86. Password: <input type="password" name="password">
87. <p>
88. <input type="submit" value="Login">
89. </form>
90. eof
91. }
92.  
93. #
94. # form to allow user to guess a number
95. #
96. # Pass username & password to next invocation as hidden
97. # field so user doesn't have to login again
98. #
99.  
100. sub guess_number_form {
101. my ($username, $password) = @_;
102. return <<eof;
103. <form method="POST" action="">
104. Enter a guess between 1 and $max_number_to_guess (inclusive):
105. <input type="textfield" name="guess">
106. <input type="hidden" name="username" value="$username">
107. <input type="hidden" name="password" value="$password">
108. </form>
109. eof
110. }
111.  
112. #
113. # form to allow user to go to a new game
114. #
115. sub new_game_form {
116. my ($username, $password) = @_;
117. return <<eof;
118. <form method="POST" action="">
119. <input type="submit" value="Play Again">
120. <input type="hidden" name="username" value="$username">
121. <input type="hidden" name="password" value="$password">
122. </form>
123. eof
124. }
125.  
126.  
127.  
128. #
129. # HTML placed at the top of every page
130. #
131. sub page_header {
132. return <<eof
133. Content-Type: text/html;charset=utf-8
134.  
135. <!DOCTYPE html>
136. <html lang="en">
137. <head>
138. <title>Guess A Number</title>
139. </head>
140. <body>
141. eof
142. }
143.  
144.  
145. #
146. # HTML placed at the bottom of every page
147. #
148. sub page_trailer {
149. return "</body>\n</html>\n";
150. }
151.  
152. main();
153. exit(0);