CSCI A348
Mastering the World-Wide Web

Spring `96 Assignment #3
CGI Guestbook

1. Modify your environment printing program from Assignment #2 to also print out any CGI input data available. You may use any of the Perl CGI libraries on the course resources page. You should output all the data names and their associated values. Note that a single name may have multiple values and all of them should be printed out. Remember to escape any HTML special characters in the data you output if your script output is in HTML.
2. Write and install an HTML document on your server containing a form which asks for the data you wish to collect from the users of your guestbook. This may include their name, e-mail address, home page, comments and anything else you wish. See the HTML chapters in your textbook or the online HTML resources for the details of HTML forms tags. At this point, you should use your environment printing program as the processor for your form, so you can see how your form data is collected by the browser, parsed by your CGI library and made available to your CGI program.
3. Write a new, well-commented CGI program to implement your guestbook. If run with no CGI input data, it should only output your form and the current contents of the guestbook. You may either embed your form in the CGI program code or have your program read it from a file. The guestbook should be a file containing HTML source for the accumulated data that people submit via your form. Your guestbook program should output a valid HTML document containing both the form and the current guestbook. If your guestbook program is run with some submitted CGI input data, it should process this data and append it to the guestbook, then output the form and current guestbook as before. Thus, submitting your guestbook form should result in the guestbook form page again, but now containing the newly added entry. In pseudocode, your guestbook program can have this structure:

   if there's CGI input data {
       if you can open the guestbook file {
           attain an exclusive lock on the file
           append the data to the file in the proper format
           close the guestbook file
       } else {
           output an error message
       }
   }
   output the form and the guestbook,
     with a shared lock on the guestbook while reading it
   

   Note that a program of this sort is vulnerable to abuse on at least two fronts. First, guestbook data may contain HTML tags or HTML-like sequences which invalidate the remainder of the guestbook or exploit the server. You can prevent this by escaping any HTML special characters in the stored data, if you don't mind sacrificing the ability to have arbitrary HTML code in input guestbook data. Second, guestbook data could be so voluminous that it prohibits the guestbook from functioning effectively or fills your disk quota. So, you may wish to truncate or reject guestbook data that exceeds a certain size.
4. Link your guestbook program to your student server home page in an easy-to-find location. Also, link the source code for your guestbook program to your server home page and/or your guestbook page in an easy-to-find location. You are encouraged to examine the solutions of other students and borrow and adapt good ideas you find. However, in these cases, you must credit the student in the program comments and the guestbook page, and inform them of your use of their idea and help. Do develop your own individual form and scripts, though, or your learning will be greatly diminished. (Duplicate programs will not be accepted).