HTML::Ballot::Trusting - HTML-template-based insercure multiple-choice ballot

HTML-Ballot-Trusting documentation Contained in the HTML-Ballot-Trusting distribution.

Index

Code Index:

NAME

Top

HTML::Ballot::Trusting - HTML-template-based insercure multiple-choice ballot

SYNOPSIS

Top

# Create the poll

	use HTML::Ballot::Trusting;
	$HTML::Ballot::Trusting::CHAT = 3;
	my $p = new HTML::Ballot::Trusting {
		ARTICLE_ROOT => 'E:/www/leegoddard_com',
		URL_ROOT 	=> 'http://localhost/leegoddard_com',
		RPATH 	 => 'E:/www/leegoddard_com/vote/results.html',
		TPATH	 => 'E:/www/leegoddard_com/vote/template.html',
		QPATH	 =>	'E:/www/leegoddard_com/vote/vote.html',
		CPATH 	 => 'E:/www/leegoddard_com/CGI_BIN/vote.pl',
		ASKNAMES => 1,
		QUESTIONS => [
			'Why?',
			'Why not?',
			'Only for £300.'
		]
	};
	$p->create();

DESCRIPTION

Top

A simple module for inseucre web ballots.

This is a very beta version that will mature over the next week or so. Please let me know how it breaks.

Features:

In future these features may be added:

USE

Top

1.

Construct an HTML template that can be used to generate the question and answer pages. Where you wish the questions and answers to appear, insert the following element:

	<TEMPLATEITEM name='QUESTIONS'></TEMPLATEITEM>

The template should at least define the CSS representation for votehighscorebar and votebar as having a coloured background, or you will not be able to view the results' bar graph. See CSS SPECIFICATION for more details on other CSS classes employed.

Other functions may be included as below. Note that TEMPLATEITEMs may require some minimal content of at least a space character, I'm not sure, I'd better check.

  • If you wish to allow a user to submit a comment with their vote, include the following element: 

    	<TEMPLATEITEM name='COMMENT'>
		This is what voter's have said:
	</TEMPLATEITEM>


    Unlike the QUESTIONS TEMPLATEITEM, any text you include in this block will be reatained at the top of a list of users' comments.
  • If you wish to have the result page display a list of the names entered by voters, also include: 

    	<TEMPLATEITEM name='VOTERLIST'>
		Here is the voterlist...
	</TEMPLATEITEM>


    This acts in the manner of the COMMENT TEMPLATEITEM, above.
  • If you wish to have the result page display a list of the most frequently-posting IP addresses, include: 

    	<TEMPLATEITEM name='IPCHART'>
		<H2>Top IP Addresses To Post To This Ballot</H2>
	</TEMPLATEITEM>


    To this, the module will add a SPAN of HTML that lists the top posters. Anything before that span (in this example, the H2 element) will remain.

2.

Initiate the ballot by constructnig an HTML::Ballot::Trusting object and calling create method upon it in a manner simillar to that described in SYNOPSIS.

In response, you should receive a list of the locations of files used and dynamically created by the process.

GLOBAL VARIABLES

Top

Several global variables exist as system defaults. Most may be over-riden using the constructor (see the sections ARTICLE_ROOT, URL_ROOT, STARTGRAPHIC, SHEBANG in CONSTRUCTOR (new).>

THe number of items to include in the IP chart of frequent posters

CONSTRUCTOR (new)

Top

Requires a reference to the class into which to bless, as well as a hash (or reference to such) with the following key/value content:

ARTICLE_ROOT

the root, in the filesystem, where these HTML pages begin - can over-ride the global constant of the same name;

URL_ROOT

the root, on the internet, where these HTML pages begin - can over-ride the global constant of the same name;

QUESTIONS

an array of questions to use in the ballot

TPATH

Path at which the HTML Template may be found

QPATH

Path at which to save the HTML ballot Questions' page

RPATH

Path at which to save the HTML Results page

CPATH

If you do not use the SUBMITTO attribute (below), you must use this: Path at which to save a dynamically-generated perl script that processes form submissions. Obviously must be CGI accessible and CHMOD appropriately.

SUBMITTO

If you do not use the CPATH attribute (above), you must use this: Path to the script that processes submission of the CGI voting form

SHEBANG

Represents the Shebang line you place at the start of your perl scrpts: set this to over-ride the default value taken from the global constant scalar of the same name. Could adjust this to suss the path from Config.pm or even MakeMaker, if it came to it, but time....

COMMENTLENGTH

Maximum acceptable length of text comments.

ASKNAMES

Set if users should supply their name when voting.

NAMELENGTH

If ASKNAMES (above) is defined, this value may be set to limit the possible length of a name.

METHODS

Top

METHOD create

Creates the HTML voting page.

Accepts: just the calling object: all properties used should be set during construction (see CONSTRUCTOR (new)).

If the page contains a COMMENT TEMPLATEITEM, will include a text box in the voting page, to allow users to submit comments. Setting COMMENTLENGTH to a value when calling the constructor will restrict the length of acceptable comments.

If the page contains a <VOTERLIST TEMPLATEITEM>, this will be updated with the name supplied by the user.

Returns: the path to the saved HTML question document.

See also USE and CSS SPECIFICATION.

The action attribute of the FORM element is set to the CGI environment variable, SCRIPT_NAME (that is, the location of this script).

Form elements are simply seperated by linebreaks (BR): use CSS to control the layout: the radio-button HTML elements are set to be class voteoption; the SUBMIT button element is set to be class votesubmit.

HTML is used to create bar charts, but this should be easy to replace with a GD image, or a stretched single-pixel. Each question is given a TEMPLATEITEM element, and results will be placed within by the vote method (see METHOD vote).

See also CSS SPECIFICATION.

METHOD cast_vote

Casts a vote and updates the results file.

Accepts:

1. the question voted for, as defined in the HTML vote form's INPUT/value.

2. optionally, a user-submitted comment.

3. optionally, a user-submitted name.

CSS SPECIFICATION

Top

The following CSS classes are employed (and expected) in the HTML:

votehighscorebar and votebar

the TD within the chart (above) that represent volume of votes cast. These must be defined for results to be visable, though if the NOHTML flag is set in the constructor, a red background will be used as well.

	<style type="text/css">
	<!--
	.votebar {  background-color: #990000}
	.votebar {  background-color: red}
	-->
	</style>
chart

the right-most TD, containg the chart TABLE

voteresults

the layer of the whole results section;

votequestion

the left-most TD, containing the text representing the questions;

votescore

the centre-left TD, containing the text representing the number of votes recieved by the item;

votepc

the centre-right TD, containing the text representing the percentage of vote obtained

voteoptionradio

The radio button in the question-asking phase.

voteoptiontext

The text associated with radio buttons, as above.

voteoptionsubmit

The submit button as above.

votecommenttextbox

The text box used to accept comments.

votecommenttext

Text associated with the textbox (above).

votecommentdate

The date SPAN of a comment.

voteusrname

The SPAN that covers a user-entered name in the report.

listvoteusrname

The SPAN that covers user-entered names and IP address in list context

voteusrname

The SPAN that covers the user name within listvoteusrname.

voteusrip

As above, but for IP address.

ipchartitem

An item in the IP chart.

SEE ALSO

Top

HTML::EasyTemplate.

AUTHOR

Top

Lee Goddard (LGoddard@CPAN.org)

COPYRIGHT AND LICENCE

Top

This module and all associated code is Copyright (C) Lee Goddard 2001. All rights reserved.

This is free software and may be used under the same terms as Perl itself with the added condition that it not be used in a commercial setting, to make money, either directly or indirectly, without the advanced and explicit prior signed permission of the author.

HTML-Ballot-Trusting documentation Contained in the HTML-Ballot-Trusting distribution. 
package HTML::Ballot::Trusting;
our $VERSION = 0.2;		# Thu Jul 26 15:03:11 2001
use strict;
use warnings;
use Carp;
use HTML::Entities ();

# Later: CGI and use HTML::EasyTemplate 0.985;


our $CHAT = undef;		# Set for reports to STDERR.



#
# These defaults can be over-ridden by using their
# names as values in the hash passed to the constructor
#
our $ARTICLE_ROOT 	= 'E:/www/leegoddard_com';
our $URL_ROOT 		= 'http://localhost/leegoddard_com';
our $STARTGRAPHIC 	= "STARTGRAPHICHERE__";
our $STARTPC		= "STARTPCHERE__";
our $SHEBANG		= '';
our $ASKNAMETEXT	= 'Your name, please';
our $ASKCOMMENTTEXT	= 'Optionally, your comment optional';
our $MAXTOTALCOMMENTLENGTH = 2000000;	# Maxium size of all comment mark up permitted


our $IPCHART 		= 5;


sub new {
	my $class = shift or die "Called without class";
	my %args;
	my $self = {};
	bless $self,$class;

	# Default instance variables
	$self->{ARTICLE_ROOT} 	= $ARTICLE_ROOT;
	$self->{URL_ROOT} 		= $URL_ROOT;
	$self->{COMMENTLENGTH}	= 75;
	$self->{NAMELENGTH}		= 30;

	# Take parameters and place in object slots/set as instance variables
	if (ref $_[0] eq 'HASH'){	%args = %{$_[0]} }
	elsif (not ref $_[0]){		%args = @_ }

	# Overwrite default instance variables with user's values
	foreach (keys %args) { $self->{uc $_} = $args{$_} }
	undef %args;

	# Calling-paramter error checking
	croak "Template path TPATH does not exist" if exists $self->{TPATH} and not -e $self->{TPATH};
	croak "No RPATH" if not exists $self->{RPATH} and not defined $self->{RPATH};

	return $self;
} # End sub new




sub create { my $self = shift;
	local *OUT;
	my %template_items;
	my $form_processing_url ;
	croak "No path to HTML template" if not exists $self->{TPATH} or not defined $self->{TPATH};
	croak "No path to save HTML at" if not exists $self->{QPATH} or not defined $self->{QPATH};
	croak "No questions" if not exists $self->{QUESTIONS} or not defined $self->{QUESTIONS};
	if ((not exists $self->{SUBMITTO} or not defined $self->{SUBMITTO})
	and (not exists $self->{CPATH} or not defined $self->{CPATH})){
		croak "No SUBMITTO or CPATH value defined - one or the other is required"
	}

	use HTML::EasyTemplate 0.985;

	# Create question poll page QPATH #############################################
	#
	# Create radio button HTML from questions
	my $TEMPLATE = new HTML::EasyTemplate(
		{	ADD_TAGS => 1,
			SOURCE_PATH => $self->{TPATH},
			ARTICLE_ROOT => $self->{ARTICLE_ROOT},
			URL_ROOT => $self->{URL_ROOT},
		});
	$TEMPLATE -> process('collect');					# Collect the values

	# Where should the form ACTION point? Set now so can use TEMPLATE methods
	if (exists $self->{CPATH}){
		$form_processing_url = $TEMPLATE->set_article_url($self->{CPATH});
	} else {
		$form_processing_url = $self->{SUBMITTO}
	}

	# Construct form
	my $qhtml =	"<form name=\"".__PACKAGE__."\" method=\"post\" action=\"$form_processing_url\" ";
	$qhtml .= "onSubmit=\"";
	$qhtml .= "if (this.usrcomment.value=='$ASKCOMMENTTEXT'){this.usrcomment.value=''}";
	$qhtml .= "if (this.usrname.value==''){alert('Please, please, please enter your name.... it will not be recorded against your vote');this.usrname.focus();return false;}";
	$qhtml .= "if (this.usrname.value=='$ASKNAMETEXT'){alert('Please enter your name.. It will not be recorded against your vote');this.usrname.focus();return false;}";
	$qhtml .= "return true;";
	$qhtml .= "\">\n";

	foreach (@{$self->{QUESTIONS}}) {
		$_ = HTML::Entities::encode($_);
 		$qhtml .= "<input class=\"voteoptionradio\" type=\"radio\" name=\"question\" value=\"$_\"><SPAN class=\"voteoptiontext\">$_</SPAN></input><BR>\n";
	}
	$qhtml.="<INPUT type=\"HIDDEN\" name=\"rpath\" value=\"$self->{RPATH}\">\n";

	# Add name input field if appropriate
	if (exists $self->{ASKNAMES}){
		$qhtml.="<INPUT name=\"usrname\" value=\"$ASKNAMETEXT\" onFocus=\"this.value=''\" class=\"votenametextbox\" type=\"TEXT\" MAXLENGTH=\"$self->{NAMELENGTH}\" SIZE=\"40\">\n";
	}

	# Add comment input field if comment output area is defined:
	if (exists $TEMPLATE->{TEMPLATEITEMS}->{COMMENT} and defined $TEMPLATE->{TEMPLATEITEMS}->{COMMENT}){
		$qhtml.="<INPUT name=\"usrcomment\" value=\"$ASKCOMMENTTEXT\" onFocus=\"this.value=''\" class=\"votecommenttextbox\" type=\"TEXT\" MAXLENGTH=\"$self->{COMMENTLENGTH}\" SIZE=\"40\">\n";
	}

	$qhtml.="<INPUT type=\"SUBMIT\" class=\"voteoptionsubmit\" value=\"Cast Vote\">\n</FORM>\n";
	$template_items{QUESTIONS} 	= $qhtml;				# Make new values, for example:
	$TEMPLATE -> process('fill', \%template_items );	# Add them to the page
	$TEMPLATE -> save($self->{QPATH});

	# Create initial results page RPATH template ####################################
	#
	my $rhtml = "<DIV class=\"voteresults\">\n<TABLE width=\"100%\">\n";
	foreach (@{$self->{QUESTIONS}}) {
		$rhtml .= "<TR>\n<TD class=\"votequestion\" align=\"left\" nowrap width=\"25%\">$_</TD>\n\t";
		$rhtml .= "<TD class=\"votescore\" align=\"right\"><TEMPLATEITEM name=\"$_\">0</TEMPLATEITEM></TD>\n";
		$rhtml .= "<TD class=\"votepc\" nowrap align=\"right\"><TEMPLATEITEM name=\"$STARTPC$_\">0%</TEMPLATEITEM></TD>\n";
		$rhtml .= "<TD class=\"chart\" width=\"75%\" align=\"left\"><TEMPLATEITEM name=\"$STARTGRAPHIC$_\">No votes yet cast.</TEMPLATEITEM></TD>\n";
		$rhtml .= "</TR>\n";
	}
	$rhtml .= "</TABLE>\n</DIV>\n";

	$TEMPLATE = new HTML::EasyTemplate(
		{	ADD_TAGS => 1,
			SOURCE_PATH => $self->{TPATH},
			ARTICLE_ROOT => $self->{ARTICLE_ROOT},
			URL_ROOT => $self->{URL_ROOT},
		});
	$TEMPLATE -> process('collect');					# Collect the values

	$template_items{QUESTIONS} 	= $rhtml;				# Make new values, for example:

	if (exists $TEMPLATE->{TEMPLATEITEMS}->{COMMENT} and defined $TEMPLATE->{TEMPLATEITEMS}->{COMMENT}){
		#die "<XMP>",$TEMPLATE->{TEMPLATEITEMS}->{COMMENT},"</XMP>";
		$template_items{COMMENT} = $TEMPLATE->{TEMPLATEITEMS}->{COMMENT};
	}
	if (exists $TEMPLATE->{TEMPLATEITEMS}->{VOTERLIST}){
		$template_items{VOTERLIST} =  $TEMPLATE->{TEMPLATEITEMS}->{VOTERLIST};
	}
	# Add IP chart if requested
	if (exists $TEMPLATE->{TEMPLATEITEMS}->{IPCHART} ){
		$template_items{IPCHART} = $TEMPLATE->{TEMPLATEITEMS}->{IPCHART}
	}
	$TEMPLATE -> process('fill', \%template_items );	# Add them to the page
	$TEMPLATE -> save($self->{RPATH});

	# Create the script to submit the form ##########################################
	# Could have this sciprt's functionality within the module, checking for CGI
	# param on every calling, and that may be more economical, but is less clean.
	$_ = scalar __PACKAGE__;
	my $Perl =<<EOPERL;

$SHEBANG
\# Caller script located at $self->{CPATH} ($form_processing_url)
\# Dynamically generated by and for $_ :: create

use HTML::Ballot::Trusting;
use CGI;
our \$cgi = new CGI;
if (\$cgi->param() and \$cgi->param('question') and \$cgi->param('rpath') ){
	\$v = new HTML::Ballot::Trusting ( {RPATH=>\$cgi->param('rpath')});
	\$v->cast_vote( \$cgi->param('question'),\$cgi->param('usrcomment'),\$cgi->param('usrname') );
} else {print "Location: $form_processing_url\\n\\n\\n";}
exit;

EOPERL

	open OUT, ">$self->{CPATH}" or croak "Could not open <$self->{CPATH}> for writing";
	print OUT $Perl;
	close OUT;

	# Report #######################################################################
	print "Created poll.\n",
		"Calling-script at: $self->{CPATH}\n",
		"HTML template at: $self->{TPATH}\n",
		"Qustion HTML is at: $self->{QPATH}\n",
		"Results HTML is at: $self->{RPATH}\n\n";

	return 1;
}





sub cast_vote { my ($self, $q_answered,$usrcomment,$usrname) = (shift,shift,shift,shift);
	croak "No object" if not defined $self;
	croak "No answer" if not defined $q_answered;
	croak "No RPATH" if not exists $self->{RPATH};
	croak "No RPATH path to save results at" if not exists $self->{RPATH};

	@_ = split/ /,(scalar localtime); # Create the date
	my $todaydate = "$_[2] $_[1] $_[4] $_[3]";

	# Get existing results
	my $TEMPLATE = new HTML::EasyTemplate(
		{	ADD_TAGS => 1,
			SOURCE_PATH => $self->{RPATH},
			ARTICLE_ROOT => $self->{ARTICLE_ROOT},
			URL_ROOT => $self->{URL_ROOT},
			FLOCK => 1,
		});
	$TEMPLATE -> process('collect');						# Collect the values
	my %template_items = %{$TEMPLATE->{TEMPLATEITEMS}};		# Do something with them

	my %scores;												# Keyed by question
	my ($total_cast,$hi_score) = (0,0);
	# Aquire results from template
	foreach (keys %template_items){
		if ($_!~/^(VOTERLIST|IPCHART|COMMENT|\Q$STARTGRAPHIC\E|\Q$STARTPC\E)/ and $_ ne 'QUESTIONS'){
			$template_items{$_}++ if $_ eq $q_answered;
			$scores{$_} = $template_items{$_}; # Will create a warning, not-numeric, but works...:(
			$total_cast += $scores{$_};
			$hi_score = $scores{$_} if $scores{$_} > $hi_score;
		}
	}
	# Create new results
	foreach (keys %scores){
		warn "$_...$template_items{$_}\n" if $CHAT;
		my $pc = ((100 / $total_cast) * $template_items{$_} );
		$template_items{$_} = $scores{$_};
		$template_items{"$STARTGRAPHIC$_"} = '<TABLE width="100%"><TR><TD ';
		if ($scores{$_} == $hi_score){
			$template_items{"$STARTGRAPHIC$_"}.= 'class="votehighscorebar" ';
		} elsif ($scores{$_}>0) {
			$template_items{"$STARTGRAPHIC$_"}.= 'class="votebar" ';
		}
		$template_items{"$STARTGRAPHIC$_"}.= 'width="';
		if ($scores{$_}==0){
			$template_items{"$STARTGRAPHIC$_"}.='0%">';
		} else {
			$template_items{"$STARTGRAPHIC$_"} .= $pc;
			$template_items{"$STARTGRAPHIC$_"}.= '%" ';
			$template_items{"$STARTGRAPHIC$_"}.= 'bgcolor="red"' if exists $self->{NOCSS};
			$template_items{"$STARTGRAPHIC$_"}.= '>&nbsp;';
		}
		$template_items{"$STARTPC$_"} = sprintf("%.2f", $pc)."%";
		$template_items{"$STARTGRAPHIC$_"}.= '</TD><TD></TD></TR></TABLE>'."\n";
	}
	# Include user's comments
	if (defined $usrcomment and $usrcomment!~/^\s*$/g
	and length $template_items{COMMENT}<$MAXTOTALCOMMENTLENGTH		# No overstuffing of the file
	){
		$usrcomment = substr $usrcomment,$self->{COMMENTLENGTH} if length $usrcomment>$self->{COMMENTLENGTH};
		$usrcomment = HTML::Entities::encode($usrcomment);
		$template_items{COMMENT} .= "<DIV class=\"comment\"><SPAN class=\"votecommentdate\">$todaydate</SPAN><SPAN class=\"voteusrname\">$usrname</SPAN><SPAN class=\"votecommenttext\">$usrcomment</SPAN></DIV>\n";
	}

	# Include user's name
	if (exists $template_items{VOTERLIST}){
		$template_items{VOTERLIST}.="<SPAN class\"listvoteusrname\"><SPAN class=\"voteusrname\">$usrname </SPAN>";
	}
	# Include IP?
	if (exists $template_items{VOTERLIST}){
		$template_items{VOTERLIST}.="<SPAN class=\"voteusrip\">($ENV{REMOTE_HOST})</SPAN>";
	}
	# Finish user's name list
	if (exists $template_items{VOTERLIST}){
		$template_items{VOTERLIST}.="</SPAN>\n";
	}
	# Top-X IPs
	if (exists $template_items{IPCHART}){
		# Collect IP addresses from VOTERLIST
		my %ips;
		while ($template_items{VOTERLIST} =~ m/\QSPAN class="voteusrip">(\E(127.0.0.1)\Q)<\/SPAN>\E/g){
			$ips{$1}++;
		}
		# Remove previous chart (as defined below) from page
		$template_items{IPCHART} =~ s/<SPAN class="ipchart">.*//s;
		# Add the chart
		$template_items{IPCHART} .= '<SPAN class="ipchart">';
		my @ips = sort { $ips{$b} <=> $ips{$a} } keys %ips;
		for (0..$IPCHART-1){
			$template_items{IPCHART} .= "<SPAN class=\"ipchartitem\">".($_+1).": $ips[$_]</SPAN>\n";
		}
		$template_items{IPCHART} .= '</SPAN>';
	}

	$TEMPLATE -> process('fill', \%template_items );		# Add them to the page
	$TEMPLATE -> save($self->{RPATH});
	# Redirect
	print "Location: $TEMPLATE->{ARTICLE_PATH}\n\n";
	return 1;
}



1;
__END__