Lab-2

CGI

An electronic guest book is an area where visitors of a web site can leave their name, contact information, and comments. This allows visitors to provide feedback (positive and negative), which may help improve the site. In an eCommerce setting, the guest book is typically part of a bigger section of the site, known as the online customer service. In it, customers can not only post comments about the site, they can also write reviews about particular products that they bought from the site, submit billing concerns, or ask questions specific to their orders. In this lab, you will build a cgi-based online customer service site using Perl. You will write one script entitled olcs.cgi to handle all the functions specified below (the acronym stands for On-Line Customer Service).

When a client visits your script, it should serve a form that prompts for the client's name, preferred contact data (phone or email), and the reason for this visit: a general comment or a specific inquiry. When this form is submitted, a second page appears. The content of the second page depends on the selection made in the first page: For comments, the client specifies if this relates to the web site as a whole, about a particular product, or about the client's experience after making an order. The client writes the comment itself in a text area. For inquiries, the client must specify whether it is a billing, shipping, or delivery inquiry, and then writes the inquiry itself in a text area.

After submitting the second page, a third page is displayed. It consists of a promise to get in touch promptly in the case of inquiries and a simple thank-you note in case of comments.

In addition to the above functions, your script must support three more features:

Remote Administration: The site's administrator can access your site using the admin=1 query string in a GET HTTP request. When this occurs, your script must prompt for the admin password (hard-coded in your script) and, if authenticated, displays the comments left by all clients. The inquiries are not shown in this mode.
Customer Support: Customer support specialists can access your site using the admin=2 query string in a GET HTTP request. When this occurs, your script must prompt for the support password (hard-coded in your script) and, if authenticated, displays the inquiries left by all clients. The comments are not shown in this mode.
Filtering: The script should not serve more than one request from the same machine in any 24-hour period. You can assume that cookies are enabled at the client side. Note that this restriction does not apply to admin requests.

Note that the above specs do not involve any sensitive data and, hence, you do not need a secure connection. When the admin requests are handled, however, the https protocol should be used to safeguard the two passwords.