game.cgi

1. #!/usr/bin/perl -w
2.  
3. use CGI qw/:all/;
4. use CGI::Carp qw/fatalsToBrowser warningsToBrowser/;
5. $max_number_to_guess = 99;
6. sub main() {
7. # print start of HTML ASAP to assist debugging if there is an error in the script
8. print page_header();
9.  
10. # Now tell CGI::Carp to embed any warning in HTML
11. warningsToBrowser(1);
12.  
13. $username = param('username') || '';
14. $password = param('password') || '';
15.  
16.  
17. # remove any non-word characters from username
18. # another malicious user could include ../ in username
19. $username =~ s/\W//g;
20. # limit username to 32 word characters
21. $username = substr $username, 0, 32;
22.  
23.  
24. if (!$username || !$password) {
25. print login_form();
26. } elsif (open F, "accounts/$username/password") {
27. $check = <F>;
28. chomp $check;
29. if ($password eq $check) {
30. $guess = param('guess') || '';
31. # remove any non-digit characters from guess
32. $guess =~ s/\D//g;
33.  
34. $number_to_guess = param('number_to_guess') || '';
35. $number_to_guess =~ s/\D//g;
36.  
37. if (-e "accounts/$username/number") {
38. ;
39. } else {
40. open G, ">", "accounts/$username/number";
41. close G;
42.  
43. }
44.  
45. if (open G, "<", "accounts/$username/number") {
46. $number_to_guess = <G>;
47. close G;
48. if($number_to_guess eq ""){
49. $number_to_guess = 1 + int(rand $max_number_to_guess);
50. open H, ">", "accounts/$username/number";
51. print H "$number_to_guess";
52. }
53. }
54.  
55. if ($guess eq '') {
56. print "I've thought of a number.\n";
57. print guess_number_form($username, $password);
58. } elsif ($guess eq $number_to_guess) {
59. print "You guessed right, it was $number_to_guess.\n";
60. # delete number file here
61. if (-e "accounts/$username/number") {
62. unlink('accounts/$username/number');
63. }
64. unlink "accounts/$username/number";
65. print new_game_form($username, $password);
66. } elsif ($guess < $number_to_guess) {
67. print "Its higher than $guess.\n";
68. print guess_number_form($username, $password);
69. } else {
70. print "Its lower than $guess.\n";
71. print guess_number_form($username, $password);
72. }
73. } else {
74. print "Incorrect password!\n";
75. }
76. } else {
77. print "Unknown username!\n";
78. }
79.  
80. print page_trailer();
81. }
82.  
83. # form to allow user to supply username/password
84.  
85. sub login_form {
86. return <<eof;
87. <form method="POST" action="">
88. Username: <input type="textfield" name="username">
89. <p>
90. Password: <input type="password" name="password">
91. <p>
92. <input type="submit" value="Login">
93. </form>
94. eof
95. }
96.  
97. #
98. # form to allow user to guess a number
99. #
100. # Pass username & password to next invocation as hidden
101. # field so user doesn't have to login again
102. #
103.  
104. sub guess_number_form {
105. my ($username, $password) = @_;
106. return <<eof;
107. <form method="POST" action="">
108. Enter a guess between 1 and $max_number_to_guess (inclusive):
109. <input type="textfield" name="guess">
110. <input type="hidden" name="username" value="$username">
111. <input type="hidden" name="password" value="$password">
112. </form>
113. eof
114. }
115.  
116. #
117. # form to allow user to go to a new game
118. #
119. sub new_game_form {
120. my ($username, $password) = @_;
121. return <<eof;
122. <form method="POST" action="">
123. <input type="submit" value="Play Again">
124. <input type="hidden" name="username" value="$username">
125. <input type="hidden" name="password" value="$password">
126. </form>
127. eof
128. }
129.  
130.  
131.  
132. #
133. # HTML placed at the top of every page
134. #
135. sub page_header {
136. return <<eof
137. Content-Type: text/html;charset=utf-8
138.  
139. <!DOCTYPE html>
140. <html lang="en">
141. <head>
142. <title>Guess A Number</title>
143. </head>
144. <body>
145. eof
146. }
147.  
148.  
149. #
150. # HTML placed at the bottom of every page
151. #
152. sub page_trailer {
153. return "</body>\n</html>\n";
154. }
155.  
156. main();
157. exit(0);