Untitled

#!/usr/bin/perl -wT

use DBI;

$db="int420_101a20";
$user="int420_101a20";
$passwd="18639171";
$host="db-mysql.zenit";
$connectionInfo="dbi:mysql:$db;$host";


# print "Content-type:text/html\n\n";


if ($ENV{REQUEST_METHOD} eq "GET")
{
	&browsecatalog;
	exit;
}
else
{
	&parseform;

	if ($form{submit} eq "Buy")
	{
	&getcookiedata;
		if ($cookie{uid} ne "")
		{
			&showcheckout;
		}
		else
		{
			&senditemcookie;
			&showlogin;

		}
	}
	elsif ($form{submit} eq "login")
	{
		if (&validateuser)
		{
			&sendlogincookie;
			&showcheckout;
		}
		else
		{
			&showlogin;
		}
	}
	elsif ($form{submit} eq "checkout")
	{
		if (&validatecheckout)
			{
			&inserttrans;
			&emailreceipt;
			&showreceipt;
			}
		else
			{
			&showcheckout;
			}
	}
}


sub senditemcookie
{

print "Content-type:text/html\n";
print "Set-Cookie:product=$from{hidid} \n";
}


sub browsecatalog
{
print "Content-type:text/html\n";
print qq~
<html>
<title>Ninja Warehouse Inventory</title>
</head>
<body bgcolor="black">
<font color="white">
<center>
<br>
<h1> Ninja Items </h1>
<br>
<br>
<table border cellpadding=10>
<tr style="color:#00FF00">
<th>ID Number</th><th>Prod Name</th><th>Description</th><th>Price</th><th>Picture</th><th>Options</th>
</tr>~;

$select=qq~select id, idnum, name, descr, price, pic from inventory order by idnum;~;
$dbh=DBI->connect($connectionInfo,$user,$passwd);
$sth=$dbh->prepare($select);
$sth->execute();
$itemno = $row[0];
while (@row=$sth->fetchrow_array())
{
 print qq~
<tr style="color:#00FF00"><td>$row[1]</td><td>$row[2] $row[0]</td> <td>$row[3]</td> <td>\$ $row[4]</td> <td><img src="/img/$row[5]"/></td>
        <td>
                <form action="stage4.cgi" method="post">
                <input type="hidden" name="hidid" value="$row[0]">
                <input type="submit" name="submit" value="Buy">

        </td>
        </tr>~
}
print qq~
</table>
</body>
</html>
~;

}

sub parseform
{
        read(STDIN, $qstring, $ENV{'CONTENT_LENGTH'});

        @pairs = split(/&/, $qstring);

        foreach (@pairs) {
                ($key, $value) = split(/=/);
                $value =~ tr/+/ /;
                $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
                $form{$key} = $value;
                        }

}


sub showlogin
{
print "Content-type:text/html\n";
print qq~
<html>
<head>
<title>Ninja Warehouse</title>
</head>
<body bgcolor="black">
<form action="stage4.cgi" method=POST>
<p>
<font color="white">
<center>
<h2>Ninja Warehouse Customer Registration</h2>
<table border = "0">

<tr style="color:#00Ff00"><td> Login Name:  </td><td><input type=text name=logn value="$form{logn}" ></td><td> $errors{logn}</td><td> $found</td>
</tr>

<tr style="color:#00Ff00"><td> Password:  </td><td><input type=text name=passw value="$form{passw}"></td><td> $errors{logn}</td><td> $error{pass}</td>
</tr>

</table>
</font>
<input type=submit name="submit" value="login" name"submit">
<br>
<a href=/cgi-bin/stage2.cgi> Register now!<a>
</form>
</p>
</center>
</body>
</html>
~
}

sub validateuser
{
$dbh=DBI->connect($connectionInfo,$user,$passwd);
$select=qq~select id,logn,passw from customers where logn='$form{logn}';~;
$sth=$dbh->prepare($select);
$sth->execute();

if (@row=$sth->fetchrow_array())
{}
$pass = crypt($form{passw},"ab");

if($form{logn} ne $row[1])
{
	$found = "Username Not found";
	&showlogin;
	exit;
}elsif($pass ne $row[2])
{
	$error{pass}="Incorrect Password";
	&showlogin;
	exit;
}else{
	&sendlogincookie;
#	&showcheckout;
}
}

sub sendlogincookie
{
print "Content-type:text/html\n";
print "Set-Cookie: uid=$row[0]\n";
}

sub getcookiedata
{
@cookiepairs=split(/; /, $ENV{'HTTP_COOKIE'});
foreach (@cookiepairs){
        ($cookie,$value)=split(/=/);
        $value=~ tr/+/ /;
        $value=~ s/%([A-Za-z0-9][A-Za-z0-9])/pack("C", hex($1))/eg;
        $cookiedata{$cookie}=$value;
        }
}

sub showcheckout
{

&getcookiedata;

print "Content-type:text/html\n";

$getship= qq~select fname,lname,sadd,city,zip,cnt from customers where id = $cookiedata{uid};~;
$dbh=DBI->connect($connectionInfo,$user,$passwd);
$sth=$dbh->prepare($getship);
$sth->execute();
@srow=$sth->fetchrow_array();

print qq~
UID$cookiedata{uid}\n
Product:$cookiedata{product}
<html>
<head>
<title> Ninja Checkout </title>
</head>
<body>
<form action="stage4.cgi" method=post>
<center>
<h2> Confirm your checkout information : </h2>
First Name: <input type=text name=fname value=$srow[0]> $errors{fname}
<br>
Last Name: <input type=text name=lname value=$srow[1]> $errors{lname}
<br>
Address: <input type=text name=address value=$srow[2]> $errors{sadd}
<br>
City <input type=text name=zip value=$srow[3]> $errors{city}
<br>
Postal Code: <input type=text name=zip value=$srow[4]> $errors{zip}
<br>
Country: <input type=text name=cnt value=$srow[5]> $errors{cnt}
<br>
<br>
Credit Card Type: <input type="radio" name=cctype value="Visa">Visa
<input type="radio" name="cctype" value="Mastercard">Mastercard
<input type="radio" name="cctype" value="Amex">American Express
<br>
Credit Card Number: <input type=text name=ccnum value="$form{ccnum}">$errors{ccnum}
<br>
Credit Card Security Code: <input type=text name=cccode value="$form{cccode}">$errors{cccode}
<br>

<input type=submit value="Checkout" name=submit>
</form>
</body>
</html>
~;
}

sub validatecheckout
{
%patterns=( 'sadd' => '^[^@$%/*&!]',
            'zip' => '^[a-zA-Z][0-9][a-zA-Z][ -][0-9][a-zA-Z][0-9]$',
            'city' => '^[A-Za-z].*$',
            'ccnum'=>'\d{4}-\d{4}-\d{4}-\d{4}$',
            'cccode'=>'^\d{3}$');
$valid=1;
foreach (keys %form)
{
	if($form{$_}!~$patterns{$_})
	{
		$errormsg="Format is incorrect for this field";
		$valid=0;
	}else{
		$errormsg="";
	}
$errors{$_}=$errormsg;
}
return $valid;
}

sub inserttrans
{
&getcookiedata;
$insert = qq~insert into transaction (userid, prodnum,cctype,ccnum,cccode)values('$cookiedata{uid}','$cookiedata{product}','$form{cctype}','$form{ccnum}','$form{cccode}');~;
$dbh=DBI->connect($connectionInfo,$user,$passwd);
$sth=$dbh->prepare($insert);
$sth->execute();
$dbh->disconnect();
}