Hello Amigos!

I'm facing a challenge that I hope someone here can help me with.

I need a simple cgi script that can take the contents of a post to my site and display them as a web page.

Nothing too fancy, just something simple.

Here's what I mean...

After my client buys from me, my CC processor redirects all info back to my site via the GET method.

Some of the variables in the query string are:
bill_name
amount
orderid
options1
... and so on.

When the person is redirected back to my site, the address bar displays something like:

http://www.mysite.com/cgi-bin/file.cgi?bill_name=John+Doe&amount=7.95&orderid=12345&description=Miracle+Widget

What I'd like the file.cgi to do is to be able to get each of those variables and print out an HTML page that says something like:

*********

Dear John Doe,

Thanks for ordering the Miracle Widget!
Remember that your order ID is: 12345
and you paid only $7.95 for it.

Thanks again and I hope you enjoy your
new Miracle Widget!

**********

Now, since the query string has a "+" for every time there is more than one word, the script needs to be able to convert that "+" into a space. That way, the HTML page won't read, "Miracle+Widget". Instead it should read, "Miracle Widget".

One more thing... If possible, could you add a little security so that if someone tries to access the "file.cgi" by typing it into the browser, it gives them some kind of "access denied" error. It should only be accessible after a successful post from the processor.

Well, that's it, if you're up for the challenge or if you know someone else who can help me, please ask them to post their solution here.

Thanks for your time and kind consideration.

Sincerely,

Jaime Ojeda

first of all, change your form to the POST method.

second: here's a quick script, you'll have to modify. there is no security.


#!/usr/bin/perl

use CGI;

$q = new CGI;

$bill_name = $q->param("bill_name");
$amount = $q->param("amount");
# etc

print <<EOF;
Content-type: text/html


Dear $bill_name,

Your total is $amount. have a nice day.

dswimboy
EOF

exit;

some security could be added with the following:


if ($ENV{'HTTP_REFERER'} eq 'http://yoursite.com/form.html') {
# execute code from before
}

Hey amigo,

This script looks awesome. Now, If I wanted to make it so that it requires the "orderid" AND the "description" variable, how would I modify it?

For example, when the information gets posted back from the processor, the url should contain:
www.mysite.com/script.cgi?orderid=12345&description=Miracle+Widget

If it's missing either the "orderid" or the "description", it should simply display a simple page with the words, "Access to this file is Forbidden".

I know that there is a simple way to do it for those who understand perl. Since I don't, It's like trying to speak Chinese for me.

I look forward to your kind assistance.

Sincerely,

Jaime Ojeda

you really need to change your form method to POST. that means you should see nothing but 'www.mysite.com/script.cgi' in the location. if you don't understand this, tell me.

your requirements. hopefully you've got something like this:

$oderid = $q->param("oderid");
$description = $q->param("description");

to require them, place this in your script:

if ($orderid && $description) {
# continue execution as normal.
} else {
# display access denied page.
}