#!/usr/bin/perl -w push(@INC,"/www/cgi-bin"); require 5.003; require "cgi-lib.pl"; #-------------------------- What This Does ---------------------------- # Sanitize user's input and only accept standard characters. # # Added: Sanitize #---------------------------- Configure ---------------------------- $data_dir = "/www/cgi-bin/210/vote"; # Directory where data is kept $voted = "$data_dir/voted"; # those who already voted $form = "http://hans.math.upenn.edu/cgi-bin/210/vote/vote8.pl"; # The next vote tally file will have only one line. That line has the # vote data contained in %tally shown in the "What this does" section above. $votefile = "$data_dir/Votes"; # The lists of candidates: @candidates = ("Bush","Gore","someone else","undecided"); #---------------------------- Main Program ---------------------------- &Sanitize; &ReadParse; print &PrintHeader; &Preliminaries; # If there is no data (so the hidden field in the form is not defined), # only print the blank vote form. if (!defined($in{hidden})) { &VoteForm; exit; } # If something is missing, print an error message and return to form. if (($in{lastname} eq "") || ($in{firstname} eq "") || ($in{"pres"} eq "")) { $missing = "true"; &VoteForm; } else { # Their ballot is complete. OK unless voted already. &AlreadyVoted; if ( $alreadyvoted ne "yes") { &RecordVote; # Record vote, add name to voted list &Thanks; # Thanks and give current tally. &ClosePage; } } # end Main Program #--------------------------------------------------------------- sub Preliminaries { # Next is a useful "Return to the Form" button. $header = '
Return to Voting Forms Page
'; # Initialize the tally array using the data from the votefile: open(VOTES, "$votefile") || die "Can't open $votefile\n"; # Read it's one line of data. This gives the @votes array while () { chomp; # Removes the line ending (Line Feed). @votes = split(/,/); # Split the input at each comma } close (VOTES); # Now we can define the tally array assigning the votes to the candidates: $k=0; foreach $candidate (@candidates) { $tally{$candidate} = $votes[$k]; $k++; # increment k, so k -> k+1 } # Initialize some variables $missing = "false"; $err = ""; $Lastname = ""; $Firstname = ""; foreach $candidate (@candidates) { $choice{$candidate} = ""; } #initialize # If known, use first and last names. if ( defined($in{lastname}) ) { $Lastname = $in{lastname}; } if ( defined($in{firstname}) ) { $Firstname = $in{firstname}; } # Note the person receiving this vote (the radio button is "checked") if ( defined($in{"pres"}) ) {$choice{$in{"pres"}} = "checked";} } # end Preliminaries #--------------------------------------------------------------- sub Sanitize { # not yet working\ } { # $_ = $user_data = $ENV{'QUERY_STRING'}; # Get the data $user_data = $ENV{'QUERY_STRING'}; # Get the data # print "$user_data\n"; # In other applications might also accept: $ % & ( ) $OK_CHARS='-_a-zA-Z0-9.,@ \''; # Only accept these characters $user_data =~ s/[^$OK_CHARS]/_/go; # Replace bad characters with _ $user_data = $_; print "$user_data\n"; exit(0); } #--------------------------------------------------------------- sub VoteForm { # Define the error message if some data is missing. if ( $missing eq "true" ) { $err = "
To vote, you must include your First and Last names as well as your Vote.
\n

"; } print <Election
Return to Voting Forms Page

An Election Poll

$err

Last Name:     First Name:

Which presidential candidate do you prefer?

Bill Bradle
George W. Bush
Al Gore
John McCain
someone else
undecided
end } # end VoteForm #--------------------------------------------------------------- sub AlreadyVoted { # Did they already vote? We check. # Open the file listing those who already voted; die & warn if can't open. open(VOTED, "$voted") || die "Can't open $voted\n"; # Look through the list line by line to locate this voter. while () { # This reads VOTED one line at a time until the end. if ($_ eq "$in{lastname},$in{firstname}\n") { # if this person is found print "Our lists show you have already voted. Only one vote per person is allowed.\n"; $alreadyvoted = "yes"; last # Stop searching if the person is found. close(VOTED); } } } # end AlreadyVoted #--------------------------------------------------------------- sub RecordVote { # Record how this person voted $tally{$in{pres}}++; # Increment the tally $newvotes = ""; # Initialize the string foreach $candidate (@candidates) { $newvotes = "$newvotes$tally{$candidate},"; } `echo "$newvotes" > $votefile`; # Record that this person has voted # We could use the Unix "echo" command: # `echo "$in{lastname},$in{firstname}" >> $voted`; # Instead we use only internal perl commands: open(VOTED, ">>$voted") || die "Can't open $voted\n"; print VOTED "$in{lastname},$in{firstname}\n"; close(VOTED); } # end RecordVote #--------------------------------------------------------------- sub Thanks { # Say thanks and give voting summary print <Election 2000 $header  
To:   $in{firstname} $in{lastname}

Thank you for voting. (One more vote for "$in{pres}").

Here is the latest tally:

ok # Print the latest vote tally. foreach $candidate (@candidates) { print "
$candidate $tally{$candidate}"; } print "
"; } # end Thanks #--------------------------------------------------------------- sub ClosePage { # This closes the HTML page. print < end } # end ClosePage #---------------------------------------------------------------