perl

Discussion in 'Programming' started by dean5000v, Sep 9, 2008.

0
  1. #1
    hey i dont now much about perl i wanted to execute this script but it was password protected with .htaccess but for some reason i cldnt login so i deleted the htaccess file hoping that i would be able to then see the page normally however i still can't can anyone see whats still restricting me? 
    #!/usr/bin/perl

use DBI;
use CGI qw(:standard);

print "Content-type: text/html\n\n";

$input = new CGI;

my $cat, $nrows, $mesg, $query, $data, $db_itemno, $db_desc, $db_text, $db_price1, $db_price2, $db_alt, $inc, $next_no, $sel, $got_pos, $next_pos, $t_desc, $sel_itemno;
my $dbname = "";
my $userid = "";
my $xw = "";

my @heading = ( "", "Starters", "Pizzas", "Extras", "Pasta", "Meat \& Fish", "Desserts", "Coffee", "Beverages", "", "Test (not shown on menu)");

my $dbh = DBI->connect("DBI:mysql:database=$dbname;user=$userid;password=$xw") or die ("connection failed");

my $ident = $ENV{REMOTE_USER};

my $fd_cat = $input->param("fd_cat");
my $fd_submit = $input->param("fd_submit");
my $fd_itemno = $input->param("fd_itemno");
my $fd_desc = $input->param("fd_desc");
my $fd_text = $input->param("fd_text");
my $fd_price1 = $input->param("fd_price1");
my $fd_price2 = $input->param("fd_price2");
my $fd_alt = $input->param("fd_alt");
my $fd_newpos = $input->param("fd_newpos");
my $fd_oldpos = $input->param("fd_oldpos");




print <<HERE;
<html>
<head>
<title>

</title>
<style type="text/css">
<!--
.heading_red {
	font-family: "Georgia","Times New Roman";
	font-size: 19px;
	line-height: 23px;
	color: #d02236;
	font-weight: normal;

}
.heading_green {
	font-family: "Georgia","Times New Roman";
	font-size: 19px;
	line-height: 23px;
	color: #197b30;
	font-weight: normal;

}
.heading_white {
	font-family: "Georgia","Times New Roman";
	font-size: 19px;
	line-height: 23px;
	color: #ffffff;
	font-weight: normal;

}
.sheading_red {
	font-family: "Georgia","Times New Roman";
	font-size: 17px;
	line-height: 17px;
	color: #d02236;
	font-weight: normal;

}
.sheading_green {
	font-family: "Georgia","Times New Roman";
	font-size: 17px;
	line-height: 17px;
	color: #197b30;
	font-weight: normal;

}
.body_red {
	font-family: "Georgia","Times New Roman";
	font-size: 12px;
	line-height: 16px;
	color: #d02236;
	font-weight: normal;

}
.body_green {
	font-family: "Georgia","Times New Roman";
	font-size: 12px;
	line-height: 16px;
	color: #197b30;
	font-weight: normal;

}
.body_black {
	font-family: "Georgia","Times New Roman";
	font-size: 12px;
	line-height: 16px;
	color: #333333;
	font-weight: normal;

}
.input_red {
	font-family: "Georgia","Times New Roman";
	font-size: 12px;
	line-height: 16px;
	color: #d02236;
	font-weight: normal;
	width: 420;

}
.input_green {
	font-family: "Georgia","Times New Roman";
	font-size: 12px;
	line-height: 16px;
	color: #197b30;
	font-weight: normal;
	width: 420;

}
-->
</style>
<script language="JavaScript">
<!--

function validate()
{
	var xsummary = "Details are restricted to 255 characters, you have entered " + update.fd_text.value.length + " characters."
	
	
	
	if(update.fd_desc.value == '')
	{
		alert('A Description is required.');
		event.returnValue=false;
	}
	else if(update.fd_text.value.length > 255)
	{
		alert(xsummary);
		event.returnValue=false;
	}
	
}


function ConfirmDelete(desc)
{
	var delme = "Delete '" + desc + "' from the Menu"
	
	Response = confirm(delme)
	if (Response == true) 
	{
		event.returnValue=true;
  	}
  	else 
  	{
   		event.returnValue=false;
    	}

}

//-->
</script>
</head>
<body bgcolor="#ffffff" background="/images/tricolour.gif" link="#d02236" vlink="#d02236" alink="#d02236">
<table cellpadding="2" cellspacing="0" width="700" topmargin="0">
<tr>
<td align="right" valign="top" colspan="5" class="heading_green">
<img src="/images/inos.gif" align="right" width="319" height="29" alt="" vspace="5">
<img src="/images/logo_small.gif" align="left" align="bottom" width="120" height="79" alt="" align="top">
<br>
<br>
<i>Menu Manager</i>
</td>
</tr>
<tr height="26">
<td colspan="5" valign="top">
<hr size="1" color="#197b30" noshade>
</td>
</tr>
HERE


if($ident eq "manager")
{
	
	if($fd_submit eq "Add New Item to Menu" || $fd_submit eq "Update")
	{
		$sel = " disabled";
	}
	else
	{
		$sel = "";
	}
	
	if($fd_cat == 0)
	{
		$fd_cat = 1;
	}
	
	if($fd_submit eq "Delete from Menu")
	{
		
		$mesg = "delete from MENU where ME_cat = $fd_cat and ME_itemno = $fd_itemno";

		$query = $dbh->prepare($mesg);

		if(!$query->execute)
		{
			$err_mesg = $dbh->errstr;
		}

		$query->finish;		
		
	}
	
	
	if($fd_submit eq "Save Changes")
	{
		
		$fd_price1 =~ tr/0-9.//dc;
		$fd_price2 =~ tr/0-9.//dc;
		
		$fd_price1 = sprintf("%.2f", $fd_price1);
		$fd_price2 = sprintf("%.2f", $fd_price2);
		
		$fd_desc =~ s/\'/\´/g;
		$fd_text =~ s/\'/\´/g;
		$fd_alt =~ s/\'/\´/g;
		
		if($fd_newpos == $fd_oldpos)
		{
			$mesg = "update MENU set ME_desc = '$fd_desc', ME_text = '$fd_text', ME_price1 = $fd_price1, ME_price2 = $fd_price2, ME_alt = '$fd_alt' where ME_cat = $fd_cat and ME_itemno = $fd_itemno";
			
			$query = $dbh->prepare($mesg);
			
			if(!$query->execute)
			{
				$err_mesg = $dbh->errstr;
			}
			
			$query->finish;
						
		}
		else
		{
			
			
			$mesg = "delete from MENU where ME_cat = $fd_cat and ME_itemno = $fd_itemno";
			
			$query = $dbh->prepare($mesg);
			
			if(!$query->execute)
			{
				$err_mesg = $dbh->errstr;
			}
			
			$query->finish;
			
			$fd_itemno = $fd_newpos;
			$fd_submit = "Add Item";
		}
		
		
	}
	
	if($fd_submit eq "Add Item")
	{
		
		$fd_price1 =~ tr/0-9.//dc;
		$fd_price2 =~ tr/0-9.//dc;
		
		$fd_price1 = sprintf("%.2f", $fd_price1);
		$fd_price2 = sprintf("%.2f", $fd_price2);
		
		$fd_desc =~ s/\'/\´/g;
		$fd_text =~ s/\'/\´/g;
		$fd_alt =~ s/\'/\´/g;
		
		$next_pos = 0;
		$got_pos = 0;
		
		$mesg = "select ME_itemno from MENU where ME_cat = $fd_cat and ME_itemno < 90000 order by ME_itemno";
		
		$query = $dbh->prepare($mesg);
		
		if($query->execute)
		{
			while($data = $query->fetchrow_hashref)
			{
				$db_itemno = $data->{"ME_itemno"};
				
				if($got_pos == 0 && $db_itemno > $fd_itemno)
				{
					$next_pos = $db_itemno;
					$got_pos = 1;
				}
				
			}

			
		}
		else
		{
			$err_mesg = $dbh->errstr;
		}
		
		$query->finish;
		
		if($got_pos)
		{
			$tval = $next_pos - $fd_itemno;
			$tval = int($tval / 2);
			$fd_itemno += $tval;

		}
		else
		{
			$fd_itemno += 1000;
		}
		
		$mesg = "insert into MENU (ME_cat,ME_itemno,ME_desc,ME_text,ME_price1,ME_price2,ME_alt)
			values ($fd_cat,$fd_itemno,'$fd_desc','$fd_text',$fd_price1,$fd_price2,'$fd_alt')";
			
		$query = $dbh->prepare($mesg);
		
		if(!$query->execute)
		{
			$err_mesg = $dbh->errstr;
		}
		
		$query->finish;
		
		
		
		
		
	}
	
	print <<HERE;
<form method="post" action="/cgi-bin/bos/menu_man.pl">
<tr>
<td colspan="5" valign="top" class="body_green">
Heading &nbsp;&nbsp;
<select name="fd_cat" class="body_red"$sel>
HERE

	for($inc = 1; $inc < 11; $inc++)
	{
		if($inc == $fd_cat)
		{
			print "<option value=\"$inc\" selected>$heading[$inc]\n";
		}
		else
		{
			print "<option value=\"$inc\">$heading[$inc]\n";
		}
	}
	
	print "</select>\n";
	
	print "&nbsp;&nbsp;<input type=\"submit\" name=\"fd_submit\" value=\"Select\" class=\"body_black\"$sel>\n";
	
	print "</td>\n</tr>\n</form>\n";
	print "<tr height=\"26\">\n";
	print "<td colspan=\"5\" valign=\"bottom\">\n";
	print "<hr size=\"1\" color=\"#197b30\" noshade>\n";
	print "</td>\n</tr>\n";
	
	if($fd_submit eq "Update")
	{
		
		$mesg = "select * from MENU where ME_cat = $fd_cat and ME_itemno = $fd_itemno";
		
		$query = $dbh->prepare($mesg);
		
		if($query->execute)
		{
			$data = $query->fetchrow_hashref;
			
			$db_desc = $data->{"ME_desc"};
			$db_text = $data->{"ME_text"};
			$db_price1 = $data->{"ME_price1"};
			$db_price2 = $data->{"ME_price2"};
			$db_alt = $data->{"ME_alt"};
			$db_itemno = $data->{"ME_itemno"};			
			
		}
		else
		{
			$err_mesg = $dbh->errstr;
		}
		
		$query->finish;
		
		print <<HERE;
<form name="update" method="post" action="/cgi-bin/bos/menu_man.pl">
<input type="hidden" name="fd_cat" value="$fd_cat">
<input type="hidden" name="fd_itemno" value="$fd_itemno">
<tr height="40">
<td valign="top" class="body_green">
Position Item After
</td>
<td valign="top" colspan="4" class="body_green">
<select name="fd_newpos" class="input_red">
HERE

		$mesg = "select ME_itemno,ME_desc from MENU where ME_cat = '$fd_cat' order by ME_itemno";

		$query = $dbh->prepare($mesg);

		if($query->execute)
		{
			while($data = $query->fetchrow_hashref)
			{

				$db_itemno = $data->{"ME_itemno"};

				if($db_itemno < $fd_itemno)
				{
					$sel_itemno = $db_itemno;
				}
			}

		}
		else
		{
			$err_mesg = $dbh->errstr;
		}

		$query->finish;



		print "<option value=\"0\">Heading (top of list)\n";


		$mesg = "select ME_itemno,ME_desc from MENU where ME_cat = '$fd_cat' order by ME_itemno";

		$query = $dbh->prepare($mesg);

		if($query->execute)
		{
			while($data = $query->fetchrow_hashref)
			{
				$t_desc = $data->{"ME_desc"};
				$db_itemno = $data->{"ME_itemno"};

				if($db_itemno == $sel_itemno)
				{
					print "<option value=\"$db_itemno\" selected>$t_desc\n";	
				}
				elsif($db_itemno != $fd_itemno)
				{

					print "<option value=\"$db_itemno\">$t_desc\n";
				}

			}

		}
		else
		{
			$err_mesg = $dbh->errstr;
		}

		$query->finish;

		$sel_itemno = int($sel_itemno);


print <<HERE;
</select>
</td>
</tr>
<input type="hidden" name="fd_oldpos" value="$sel_itemno">
<tr height="40">
<td valign="top" class="body_green">
Description
</td>
<td valign="top" colspan="4" class="body_green">
<input type="text" name="fd_desc" value="$db_desc" size="80" maxlength="80" class="input_red">
</td>
</tr>
<tr height="85">
<td valign="top" class="body_green">
Details
</td>
<td valign="top" colspan="4" class="body_green">
<textarea name="fd_text" wrap="virtual" rows="4" class="input_green">$db_text</textarea>
</td>
</tr>
<tr height="40">
<td valign="top" class="body_green">
Price
</td>
<td valign="top" colspan="4" class="body_green">
<input type="text" name="fd_price1" value="$db_price1" size="5" maxlength="5" class="body_red"> &nbsp;(e.g. 6.50)
</td>
</tr>
<tr>
<tr height="40">
<td valign="top" class="body_green">
12" Pizza Price
</td>
<td valign="top" colspan="4" class="body_green">
<input type="text" name="fd_price2" value="$db_price2" size="5" maxlength="5" class="body_red">
</td>
</tr>
<tr height="40">
<td valign="top" class="body_green">
Alternative Price Text
</td>
<td valign="top" colspan="4" class="body_green">
<input type="text" name="fd_alt" value="$db_alt" size="14" maxlength="14" class="body_red"> &nbsp;(displayed only if Price is blank)
</td>
</tr>
<tr>
<tr>
<td colspan="5" align="center" valign="top" class="body_green">
<input type="submit" name="fd_submit" value="Save Changes" class="body_black" onClick="validate()">
&nbsp;
<input type="submit" name="fd_submit" value="Cancel" class="body_black">
&nbsp;
<input type="submit" name="fd_submit" value="Delete from Menu" class="body_black" onClick="ConfirmDelete('$db_desc')">
</td>
</tr>
HERE
	}
	elsif($fd_submit eq "Add New Item to Menu")
	{
		print <<HERE;
<form name="update" method="post" action="/cgi-bin/bos/menu_man.pl">
<input type="hidden" name="fd_cat" value="$fd_cat">
<tr height="40">
<td colspan="5" align="center" valign="top" class="sheading_green">
Add a new item to the menu under heading "$heading[$fd_cat]".
</td>
</tr>
<tr height="40">
<td valign="top" class="body_green">
Position Item After
</td>
<td valign="top" colspan="4" class="body_green">
<select name="fd_itemno" class="input_red">
HERE

		$mesg = "select ME_itemno,ME_desc from MENU where ME_cat = '$fd_cat' and ME_itemno < 90000 order by ME_itemno";

		$query = $dbh->prepare($mesg);

		if($query->execute)
		{
			while($data = $query->fetchrow_hashref)
			{
				$db_desc = $data->{"ME_desc"};
				$db_itemno = $data->{"ME_itemno"};
			}

		}
		else
		{
			$err_mesg = $dbh->errstr;
		}

		$query->finish;

		if($db_itemno)
		{
			print "<option value=\"$db_itemno\">$db_desc\n";
		}

		print "<option value=\"0\">Heading (top of list)\n";


		$mesg = "select ME_itemno,ME_desc from MENU where ME_cat = '$fd_cat' order by ME_itemno";

		$query = $dbh->prepare($mesg);

		if($query->execute)
		{
			while($data = $query->fetchrow_hashref)
			{
				$db_desc = $data->{"ME_desc"};
				$db_itemno = $data->{"ME_itemno"};

				print "<option value=\"$db_itemno\">$db_desc\n";	

			}

		}
		else
		{
			$err_mesg = $dbh->errstr;
		}

		$query->finish;




print <<HERE;
</select>
</td>
</tr>
<tr height="40">
<td valign="top" class="body_green">
Description
</td>
<td valign="top" colspan="4" class="body_green">
<input type="text" name="fd_desc" size="80" maxlength="80" class="input_red">
</td>
</tr>
<tr height="85">
<td valign="top" class="body_green">
Details
</td>
<td valign="top" colspan="4" class="body_green">
<textarea name="fd_text" wrap="virtual" rows="4" class="input_green"></textarea>
</td>
</tr>
<tr height="40">
<td valign="top" class="body_green">
Price
</td>
<td valign="top" colspan="4" class="body_green">
<input type="text" name="fd_price1" size="5" maxlength="5" class="body_red"> &nbsp;(e.g. 6.50)
</td>
</tr>
<tr>
<tr height="40">
<td valign="top" class="body_green">
12" Pizza Price
</td>
<td valign="top" colspan="4" class="body_green">
<input type="text" name="fd_price2" size="5" maxlength="5" class="body_red">
</td>
</tr>
<tr height="40">
<td valign="top" class="body_green">
Alternative Price Text
</td>
<td valign="top" colspan="4" class="body_green">
<input type="text" name="fd_alt" size="14" maxlength="14" class="body_red"> &nbsp;(displayed only if Price is blank)
</td>
</tr>
<tr>
<tr>
<td colspan="5" align="center" valign="top" class="body_green">
<input type="submit" name="fd_submit" value="Add Item" class="body_black" onClick="validate()">
&nbsp;
<input type="submit" name="fd_submit" value="Cancel" class="body_black">
</td>
</tr>
HERE


	
	}
	else
	{

		print "<tr>\n";
		print "<td width=\"340\" valign=\"top\" class=\"body_green\"><u>Description</u></td>\n";
		print "<td width=\"90\" align=\"right\" valign=\"top\" class=\"body_green\"><u>Price</u></td>\n";
		print "<td width=\"90\" align=\"right\" valign=\"top\" class=\"body_green\"><u>Price 12\"</u></td>\n";
		print "<td width=\"90\" align=\"right\" valign=\"top\" class=\"body_green\"><u>Not Priced</u></td>\n";
		print "<td width=\"90\" align=\"right\" valign=\"top\" class=\"body_green\"><u><br></u></td>\n";
		print "</tr>\n";
		
		$mesg = "select * from MENU where ME_cat = $fd_cat order by ME_itemno";

		$query = $dbh->prepare($mesg);

		if($query->execute)
		{		
			while($data = $query->fetchrow_hashref)
			{
				$db_desc = $data->{"ME_desc"};
				$db_text = $data->{"ME_text"};
				$db_price1 = $data->{"ME_price1"};
				$db_price2 = $data->{"ME_price2"};
				$db_alt = $data->{"ME_alt"};
				$db_itemno = $data->{"ME_itemno"};
				
				if($db_text eq "")
				{
					$db_text = "<br>";
				}
				
				print <<HERE;
<form method="post" action="/cgi-bin/bos/menu_man.pl">
<input type="hidden" name="fd_cat" value="$fd_cat">
<input type="hidden" name="fd_itemno" value="$db_itemno">
<tr>
<td valign="top" class="body_red">
$db_desc
</td>
<td align="right" valign="top" class="body_red">
$db_price1
</td>
<td align="right" valign="top" class="body_red">
$db_price2
</td>
<td align="right" valign="top" class="body_red">
$db_alt
</td>
<td align="right" valign="top" class="body_red">
<input type="submit" name="fd_submit" value="Update" class="body_black">
</td>
</tr>
<tr>
<td valign="top" colspan="5" class="body_green">
$db_text
</td>
</tr>
</form>
HERE

				
				
			}
		}
		else
		{
			$err_mesg = $dbh->errstr;
		}
		
		$query->finish;
		
		
		print <<HERE;
<form method="post" action="/cgi-bin/bos/menu_man.pl">
<input type="hidden" name="fd_cat" value="$fd_cat">
<tr>
<td align="right" valign="top" colspan="5" class="body_red">
<input type="submit" name="fd_submit" value="Add New Item to Menu" class="body_black">
</td>
</tr>
</form>
HERE
		
		
	}

	
	
	
	
	
}
else
{
	print <<HERE;
<tr>
<td colspan="5" class="heading_red">
Access Denied!
</td>
</tr>
HERE
}



if($err_mesg ne "")
{
	print "<tr>\n<td colspan=\"5\" class=\"body_red\">\n";
	print "<hr size=\"1\" color=\"#d02236\" noshade>\n";
	print $err_mesg;
	print "<hr size=\"1\" color=\"#d02236\" noshade>\n";
	print "</td>\n</tr>\n";
}


print <<HERE;
<tr>
<td colspan="5" class="body_green">
<hr size="1" color="#197b30" noshade>

</td>
</tr>
HERE


print "</table>\n";


print "</body>\n</html>\n";

$dbh->disconnect;

exit(0);
    Code (markup):

     
    dean5000v, Sep 9, 2008 IP