#!/usr/bin/perl
##########################################################
my $prog_name = "ecupdate.pl";
my $base_file ="/home/content/w/i/s/wiserobj2/html/epad2user/AresMembers.txt";
my $HTML_thankyou = 'http://www.epad2.net/ecom/thankyou.htm';
my $template = "/home/content/w/i/s/wiserobj2/html/ecom/edit-template.htm";
my $separator = '|';
my $change = "I";
my $line_break = ' ';
my $kill_html_tags = 1;
my $ID_field = "Call";
my $Password_field = "Password";
my @no_show_fields = ("Status","VanAvail","StatDate","StatComnt","Extra2","Extra3","Extra4","Extra5","Extra6","Extra7","Extra8","Extra9","Extra0","Btn","End","Type");
my @no_edit_fields = ("ID","End");
##########################################################
# Log-in errors
my $no_match = "Sorry, your record not found!";
my $no_login = "Sorry, your password is incorrect!";
my $no_id = "Sorry, your request without id(record unique key)!";
##########################################################
# Table & big textbox description
my @textareas = ();
my $table_width = 400;
my $rows = 4;
my $cols = 40;
my $text_box = 50;
##########################################################
# Advanced Settings required fields
my @required_fields = ("Name","Call","Address","City","State","Zip","Class","County","OtherCnty","user","Password");
my @required_fields_numbers = ();
my @required_fields_email = (email);
my $error_fields_require = "Field is blank, it is required";
my $error_fields_numbers = "Only numbers";
my $error_fields_email = "email address is not valid";
my $error_title = "Sorry, we require more information";
my $fontColor = "black";
my $fontSize = 2;
my $fontFace = "Verdana";
my $return_message = " Please click 'back' on your browser and try again ";
##########################################################
# Advanced Settings email
my $send_me = 0;
my $admin_mail = 'wb3w@wb3w.net';
my $from = 'epaec2@wb3w.net';
my $email_input_error = "Non resolved email input";
my $send_just_data = 0;
my $mailprog = '/usr/sbin/sendmail';
my $subject = 'User has updated the database';
##########################################################
# Advanced Settings SMTP email
# use Net::SMTP;
my $send_via_SMTP = 0;
my $mailhost = 'smtp.com';
##########################################################
# Advanced Settings file upload
my $file_upload = 0;
my @file_upload_fields = ();
my $rename_file = 1;
my $max_size = 100000;
my @required_file_types = ("txt", "jpg", "jpeg", "tif", "gif");
my $error_max_size = "Your file is too big!";
my $error_file_type = "File type is not valid!";
my $file_dir = "/path/to/file/directory";
my $fileURL = "http://www.your-url.co.uk/files";
##########################################################
#use strict;
my $content_type;
(my $scriptname=$0) =~s!^.*[/\\]!!;
error("Error: Bad record separator!") if !$separator or $separator eq $change or $separator=~m /["'\.\\\/]/;
my $my_separator=$separator;
$my_separator="\\".$separator if $separator eq '|'or $separator eq ',' or $separator eq '.';
use CGI qw(:standard :cgi-lib);
my %FORM = Vars;
my @field = param;
my $a++;
foreach $key (keys %FORM) {
$FORM{$key} =~ s/%(..)/pack("c",hex($1))/ge;
$FORM{$key} =~ s/\Q$separator/$change/g;
$FORM{$key} =~ s/"/"/g;
$FORM{$key} =~ s/'/'/g;
$FORM{$key} =~ s///g if $kill_html_tags;
$FORM{$key} =~ s/<([^>]|\n)*>//g if $kill_html_tags;
$FORM{$key} =~ s/\n/$line_break/g; # added to strip line breaks
$FORM{$key} =~ s/\r//g;
}
my %INSERT=();
promt() unless $FORM{$ID_field};
unshift @no_edit_fields, $ID_field;
my @fields;
my $position=-1;
my $record_position = -1;
my @data; my %data;
my $data = get_data($FORM{$ID_field});
error($no_match, 1) unless $data{$ID_field};
#test login
if($FORM{$ID_field}){
if($Password_field && !$FORM{password}){promt($FORM{$ID_field});}
if($Password_field && $FORM{password} ne $data{$Password_field}){error("$no_login",1);}
}
else{promt();}
#set date
my @date=localtime();
$date[4]++;
$date[5]+=1900;
my $date="$date[5]-$date[4]-$date[3]";
push @no_edit_fields, 'DATA';
if ($FORM{action} eq 'save'){save($FORM{$ID_field});}
else{edit($FORM{$ID_field});}
exit;
##############################################################
sub promt{
my $field;
if ($_[0]){$field ="";}
else{$field ="
Call Sign:
";
}
my $text = qq|
|;
html_text($text);
}
sub save{
my $ID = shift;
#test form
my $errors='';
foreach(@required_fields){
$errors.="ERROR FIELD < $_ >: $error_fields_require! " if $FORM{$_} eq "";
}
foreach(@required_fields_numbers){
$errors.="ERROR FIELD < $_ >: $error_fields_numbers! " if $FORM{$_}=~m/\D/ or $FORM{$_} eq '';
}
foreach(@required_fields_email){
$errors.="ERROR FIELD < $_ >: $error_fields_email! " if $FORM{$_} !~m/\S+?\@\S+?\.\S+?/;
}
error("$errors",1) if $errors;
if($file_upload){
foreach (@file_upload_fields){
if($FORM{$_}){
$FORM{$_} = save_file($_,$file_dir);
}
else{push @no_show_fields,$_}
$ind++;
}
}
#create new line
my $message;
my $a=0;
my @new_line;
foreach(@fields){
if ($_ eq 'REMOTE_ADDR'){
$new_line[$a]="$ENV{REMOTE_ADDR}";
$message.="$_: " unless $send_just_data;
$message.="$ENV{REMOTE_ADDR}\n";
}
elsif ($_ eq 'HTTP_USER_AGENT'){
$new_line[$a]="$ENV{HTTP_USER_AGENT}";
$message.="$_: " unless $send_just_data;
$message.="ENV{HTTP_USER_AGENT}\n";
}
elsif ($_ eq 'DATE'){
$new_line[$a]="$date[2]:$date[1]:$date[0] $date";
$message.="$_: " unless $send_just_data;
$message.="$date[2]:$date[1]:$date[0] $date\n";
}
elsif($_ eq $Password_field && !$FORM{$_}){
$new_line[$a] =$data{$_};
$message.="$_: " unless $send_just_data;
$message.="$FORM{$_}\n";
}
elsif($_ eq $ID_field && !$FORM{$_}){
$new_line[$a] =$data{$_};
$message.="$_: " unless $send_just_data;
$message.="$FORM{$_}\n";
}
elsif (show_this($_) && edit_this($_)) {
$new_line[$a]=$FORM{$_};
$message.="$_: " unless $send_just_data;
$message.="$FORM{$_}\n";
}
else {
$new_line[$a] =$data{$_};
$message.="$_: " unless $send_just_data;
$message.="$FORM{$_}\n";
}
$a++;
}
$data[$record_position] = join($separator, @new_line);
splice (@data,0,0, join($separator, @fields));
open(F, ">$base_file") || error("Can't open file $base_file!");
foreach(@data) {print F $_."\n";}
close F;
#send mail to admin
if($admin_mail && $send_me){male($admin_mail, $from, $subject, $message);}
print "Location: $HTML_thankyou\n\n";
}
sub show_this{
foreach(@no_show_fields){return 0 if $_ eq $_[0];}
return 1;
}
sub edit_this{
foreach(@no_edit_fields){return 0 if $_ eq $_[0];}
return 1;
}
sub edit{
my $ID = shift;
print "Content-type: text/html\n\n";
@no_show_fields =(@no_show_fields,@file_type_fields,@file_size_fields);
if($file_upload){for(@file_upload_fields){$images{$_}=1;}}
$content_type=1;
my $text = "";
if ($file_upload)
{
$text = "";
html_text($text);
}
sub male{
error($email_input_error) if length($_[1])>120 or length($_[0])>120;
error($email_input_error) if $_[1]=~m/:/is or $_[0]=~m/:/is;
error($email_input_error) if $_[1]=~m/Content-type/is or $_[0]=~m/Content-type/is;
error($email_input_error) if $_[1]=~m/\n/is or $_[0]=~m/\n/is ;
$_[1] =~ s/<([^>]|\n)*>//g;
$_[0] =~ s/<([^>]|\n)*>//g;
$_[1]=~s/\n|\r//g;
$_[0]=~s/\n|\r//g;
if($send_via_SMTP){
my $smtp = Net::SMTP->new($mailhost);
$smtp->mail($_[1]);
$smtp->to($_[0]);
$smtp->data();
$smtp->datasend("To: $_[0]\n");
$smtp->datasend("Subject: $_[2]\n\n");
$smtp->datasend("\n");
$smtp->datasend("$_[3]\n");
$smtp->dataend();
$smtp->quit;
}
else{
open(MAIL,"|$mailprog -t");
print MAIL "To: $_[0]\n";
print MAIL "From: $_[1]\n";
print MAIL "Subject: $_[2]\n\n";
print MAIL "$_[3]\n";
close(MAIL);
#print "To: $_[0] ";
}
}
sub get_record{
my $text = $_[0];
$text =~ s{<<(.*?)>>}{exists($INSERT{$1}) ? $INSERT{$1} : ""}gsex;
return $text;
}
sub get_html{
my @txt = read_file($_[0]);
my $txt;
foreach(@txt){$txt.=$_;}
$txt=~/(.*)(.*)<\/template>(.*)/s;
error("Template-tag not found!") if !$1 or !$2;
return ($1,$2,$3);
}
sub get_data{
my $ID=shift;
@data = read_file("$base_file");
my $data;
#read field names
my $row = shift @data;
chomp $row;
@fields=split($my_separator, $row);
error("You have bad file!") if !@fields;
#find ID position
my $i=0;
my $position =-1;
foreach(@fields){
$position=$i if $_ eq $ID_field;
$i++;
}
error("ID-field not found in db") if $position==-1;
my $a=0;
foreach (@data){
chomp;
my @row=split($my_separator, $_);
if($ID eq $row[$position]){
$i=0; my $name;
foreach $name (@fields){$data{$name}=$row[$i++];}
$record_position=$a;
}
$a++;
}
return $data;
}
sub read_file{
open(F, "$_[0]") || error("Can't open file $_[0]!");
my @data = ;
close F;
return @data;
}
sub error{
print "Content-type: text/html\n\n" unless $content_type;
$content_type=1 unless $content_type;
if($_[1]){
my $txt = "
$_[0]";
$txt.= "$return_message" if $_[1];
html_text($txt);
}
else{
print "Error
$_[0]";
}
exit;
}
sub html_text{
print "Content-type: text/html\n\n" unless $content_type;
if($template){
(my $head, my $tmp, my $foot) = get_html($template);
print get_record($head), $_[0], get_record($foot);
}
else{
print qq|
CSVedit
$_[0]
|;
}
exit;
}
sub save_file{
($file=param($_[0]))=~m/([^\\\/]*\.\w*\Z)/i;
$filename=$1;
$filename=~m/.*\.(\w*\Z)/i;
my $type = $1;
my $found=0;
foreach(@required_file_types){$found =1 if lc $_ eq lc $type}
error($error_file_type) unless $found;
my $tmp_size =0;
if($rename_file){
$filename = $_[0]."_".int(rand(10000)).".".$type;
while(-e $filename){$filename = $_[0]."_".int(rand(10000)).".".$type;}
}
open(FILE,">$file_dir/$filename") || error("Can't save file $filename");
binmode FILE;
while ($bytesread=read($file,$buffer,1024)) {
print FILE $buffer;
$tmp_size+=1024;
if($max_size<$tmp_size){
close FILE; unlink "$file_dir/$filename";
error("$error_max_size");
}
}
close(FILE);
return "$filename";
}
##########################################################
##########################################################