#!/usr/bin/perl --

use CGI;
use CGI::Carp (fatalsToBrowser);

require "cookie.lib";

############################################################################
#
# Created by Digital Decibel Technology. http://www.digitaldecibel.com
# Copyright 2000. This file may not be changed without our consent.
#
############################################################################

#set the variables
$siteurl = "http://www.middleeast.org";
$mburl = "http://www.middleeast.org/comments/fightback.cgi";
$imagedir = "http://www.middleeast.org/comments/images";
$sitename = "Mid-East Realities";
$mbname = "Mid-East Realities";
$maindir = "conf";
$templatedir = "templates";
$dirfile = "dirs.txt";
$userfile = "users.txt";
$confirmfile = "confirm.txt";
$publicdir = "";
$publicurl = "http://www.middleeast.org/comments";
$mailprog = '/usr/sbin/sendmail';
#enter "nobody" if you don't want them to know your email address
$replyto = "info\@middleeast.org";  
$maxposts = "100";

#A value of "1" allows the script to eliminate all html content from all form submissions.
#it is recommended to leave this at "1" for security reasons, although you are at liberty 
#to change it to a value of "0", which would allow html.
#default is "1".
$switch2 = "1";

#A value of "0" tells the script to ONLY use javascript alerts when warning the user that an error occured.
#A value of "1" tells the script to ONLY use html when warning the user that an error occured.
#A value of "2" tells the script to use both javascript alerts and html when warning the user that an error has occured.
#default is "2".
$switch3 = "1";

#A value of "0" denies anonymous posts. All posts must be from registered users.
#A value of "1" allows anonymous posts
#default is "0"
$switch5 = "1";

$theminute = (localtime(time()))[1];
$theminute = sprintf("%2.0f", $theminute);
$theminute =~ s/ /0/g;
$thehour = (localtime(time()))[2];
$thehour = sprintf("%2.0f", $thehour);
$thehour++;
$thehour =~ s/ /0/g;
$theday = (localtime(time()))[3];
$thedayyear = (localtime(time()))[7];
$themonth = (localtime(time()))[4];
$themonth++;
$theyear = (localtime(time()))[5];
$theyear = $theyear + 1900;

&parse;
&login if ($INPUT{'function'} eq "login");
&signup if ($INPUT{'function'} eq "signup");
&display if ($INPUT{'function'} eq "display");
&topicdisplay if ($INPUT{'function'} eq "topicdisplay");
&post if ($INPUT{'function'} eq "post");
&postreply if ($INPUT{'function'} eq "postreply");
&confirm if ($INPUT{'function'} eq "confirm");
&write if ($INPUT{'function'} eq "write");
&delete if ($INPUT{'function'} eq "delete");
&edit if ($INPUT{'function'} eq "edit");

sub parse {

#get the input


	if ($ENV{'REQUEST_METHOD'} eq 'GET') {
		@pairs = split(/&/, $ENV{'QUERY_STRING'});
	}
	elsif ($ENV{'REQUEST_METHOD'} eq 'POST') {
		read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
		$buffer =~ s/||//g;
		@pairs = split(/&/, $buffer);
	}

#de-webify the input
	foreach $pair (@pairs) {
		($name, $value) = split(/=/, $pair);
		$name =~ tr/+/ /;
		$name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
             $value =~ s/%20/ /g;
		$value =~ tr/+/ /;
		$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
        	$value =~ s/"/'/g;
		$value =~ s/<([^>]|\n)*>//g if ($switch2 eq "1");
		$INPUT{$name} = $value;
	}

}


sub confirm {


if ($INPUT{'whatfor'} eq "write") {

	$INPUT{'message'} = "$INPUT{'message'}<!--4565end-->";
	for ($cnt=14; $cnt < 10015; $cnt++) {
		$count = $cnt - 14;
		last if (substr($INPUT{'message'}, $count, $cnt) eq "<!--4565end-->");
	}

	if ($count == 25000) {
		$back = "$mburl?function=post&dir=$INPUT{'dir'}";
		$pass = "Your post was larger then 10000 characters, the maximum number of characters allowed per post.";
		&templates("none","error");
		exit;
	} 

	$empty = "0";
	foreach $line (@INPUT) {
		if (($line eq "") || ($line eq " ")) {
          	$empty = "1";
		}
	}

	if ($empty eq "1") {
		$back = "$mburl?function=post&dir=$INPUT{'dir'}";
		$pass = "Empty field(s)";
		&templates("none","error");
	}

	if ($empty eq "0") {
		if ($INPUT{'reply'} eq "no") { &templates("$INPUT{'dir'}","post_new_confirmation") }
		elsif ($INPUT{'reply'} eq "yes") { &templates("$INPUT{'dir'}","post_reply_confirmation") }
	}
}
elsif ($INPUT{'whatfor'} eq "signup") {
	&templates("none","signup_confirmation");
}

}

sub write {

	$continue = "1";
	$continue = "0" if (($INPUT{'topic'} eq "") || ($INPUT{'topic'} eq "*** This field must be completed ***"));
	$continue = "0" if (($INPUT{'message'} eq "") || ($INPUT{'message'} eq "*** This field must be completed ***"));

	$success = "0";
	if ($continue eq "0") {
		$pass = "Empty field(s)";
		$back = "$mburl?function=post&dir=$INPUT{'dir'}" if ($INPUT{'reply'} eq "no");
		$back = "$mburl?function=postreply&dir=$INPUT{'dir'}&id=$INPUT{'id'}&topic=$INPUT{'topic'}" if ($INPUT{'reply'} eq "yes");
		&templates("none","error");
	}
	else {

		#if this is a new topic, not a reply.
		if ($INPUT{'reply'} ne "yes") {

			#get then change the ID number
			open(IN, "$maindir/$INPUT{'dir'}/id.txt");
			@idcount = <IN>;
			close(IN);
			chop($idcount[0]);
			$newid = $idcount[0] + 1;
			open(ID, ">$maindir/$INPUT{'dir'}/id.txt");
			print ID "$newid\n";
			close(ID);

			#add the post to the TOP of the topic file
			open (IN, "$maindir/$INPUT{'dir'}/topics.txt");
			@temp = <IN>;
			close(IN);
			open (OUT, ">$maindir/$INPUT{'dir'}/topics.txt");
			print OUT "$newid|$INPUT{'topic'}|$INPUT{'username'}|0|$themonth/$theday/$theyear|none|$ENV{'REMOTE_ADDR'}|$thedayyear|$theyear\n";
			foreach $line (@temp) { print OUT "$line" }
			close(OUT);

				open (TOPIC, ">$maindir/$INPUT{'dir'}/topics/$newid.txt");
				print TOPIC "0|$INPUT{'username'}\n" if ($INPUT{'anon'} eq "no");
				print TOPIC "0|\n" if ($INPUT{'anon'} eq "yes");
				close(TOPIC);

				open (POSTS, "$publicdir/posts/$INPUT{'dir'}.html");
				@posts = <POSTS>;
				close(POSTS);
				($a, $b) = split(/<\/font><\/td><td align=center>/, $posts[0]);
				if ($posts[0] eq "") {
					$a = "0";
				}	

				$a++;
				open (POSTS, ">$publicdir/posts/$INPUT{'dir'}.html");
				print POSTS "$a</font></td><td align=center><font size=\"2\" face=\"Verdana\">$thehour:$theminute ($themonth/$theday/$theyear)";				
				close(POSTS);

				&templates("$INPUT{'dir'}","html_create");
				&templates("none","post_success");

		}

		#if this is a reply, not a new topic
		if ($INPUT{'reply'} eq "yes") {

			#get the topics
			open(IN, "$maindir/$INPUT{'dir'}/topics.txt");
			@indata = <IN>;
			close(IN);

			#find the current number of replies, then increment
			open (OUT, ">$maindir/$INPUT{'dir'}/topics.txt");
			foreach $line (@indata) {
				($id, $topic, $postedby, $replies, $tdate, $lastreply, $ip, $doy, $year) = split(/\|/, $line);
				if ($id ne $INPUT{'id'}) {
					print OUT "$line";
				}
				else {
					$replies++;
					print OUT "$id|$topic|$postedby|$replies|$tdate|$themonth/$theday/$theyear|$ip|$doy|$year";
				}
			}
			close(OUT);
    
				open (POSTS, "$publicdir/posts/$INPUT{'dir'}.html");
				@posts = <POSTS>;
				close(POSTS);
				($a, $b) = split(/<\/font><\/td><td align=center>/, $posts[0]);
				if ($posts[0] eq "") {
					$a = "0";
				}	

				$a++;
				open (POSTS, ">$publicdir/posts/$INPUT{'dir'}.html");
				print POSTS "$a</font></td><td align=center><font size=\"2\" face=\"Verdana\">$thehour:$theminute ($themonth/$theday/$theyear)";				
				close(POSTS);

				&templates("$INPUT{'dir'}","html_add");
				&templates("none","post_success");
		}
	}
}

sub postreply {

#get the topics
	open(IN, "$maindir/$INPUT{'dir'}/topics.txt");
	@topics = <IN>;
	close(IN);

#find the topic's record
	$cnt=0;
	foreach $line (@topics) {
		$cnt++;
		if ($cnt eq $INPUT{'id'}) {
			($id, $topic, $postedby, $replies, $date, $lastreply, $ip, $doy) = split(/\|/, $line);
			last;
		}
	}


#print the form
&templates("$INPUT{'dir'}","post_reply");


}

sub post {

#check if they have cookies already set
if (&GetCookies('fightback_username', 'fightback_password')) {
	$username = $Cookies{'fightback_username'};
	$password = $Cookies{'fightback_password'};
}

#print the form
&templates("$INPUT{'dir'}","post_new");

}

sub display {

&templates("none","header") if ($switch3 ne "0");

if ($INPUT{'dir'} eq "") {
	$back = "$mburl/fightback.cgi?function=login";
	$pass = "Directory doesn't exist";
	&templates("none","error");
}
elsif ($INPUT{'position'} < -1) {
	$back = "$mburl/fightback.cgi?function=display&dir=$INPUT{'dir'}";
	$pass = "Invalid position";
	&templates("none","error");
}
else {
	&templates($INPUT{'dir'},"topics");
}
&templates("none","footer");

}




sub templates() {
my($dir,$which) = @_;
require "$templatedir/$which.pl";


if ($which eq "header")      {&header()   }
elsif ($which eq "footer")   {&footer()   }
elsif ($which eq "login")    {&login()    }
elsif ($which eq "error")    {&error()    }
elsif ($which eq "main")     {&main()     }
elsif ($which eq "edit")     {&edit()     }
elsif ($which eq "signup")   {&signup()   }
elsif ($which eq "topics")   {&topics()   }
elsif ($which eq "post_new") {&post_new() }
elsif ($which eq "html_add") {&html_add() }
elsif ($which eq "login_edit")                {&login_edit()    }
elsif ($which eq "login_second")              {&login_second()            }
elsif ($which eq "post_reply")                {&post_reply()              }
elsif ($which eq "html_create")               {&html_create()             }
elsif ($which eq "post_edit_new")             {&post_edit_new()           }
elsif ($which eq "post_edit_reply")           {&post_edit_reply()         }
elsif ($which eq "post_success")              {&post_success()            }
elsif ($which eq "signup_confirmation")       {&signup_confirmation()     }
elsif ($which eq "post_new_confirmation")     {&post_new_confirmation()   }
elsif ($which eq "post_reply_confirmation")   {&post_reply_confirmation() }
elsif ($which eq "forget_password")           {&forget_password()         }
elsif ($which eq "signup_emailsent")          {&signup_emailsent()        }
elsif ($which eq "main_cookiesremoved")       {&main_cookiesremoved()     }
elsif ($which eq "displaytopic")              {&displaytopic()            }
}