#!/usr/bin/perl
#
# guestlist.pl  
# Copyright (c) 1996 SurfUtah.Com
# written by Rus Berrett
#
# simple guestlist form in cgi library, customize to your liking 
# 

require 'util.pl';

$| = 1;  # unbuffer the data

# whereis sendmail
$mailprog = "/bin/sendmail";
unless (-e $mailprog) {
  &print_header_info("Cannot open $mailprog");
  print <<ENDERROR;
  <h2><u>Cannot open $mailprog</u></h2>
  Cannot open \"$mailprog\".  File not found or permission denied.
ENDERROR
  &print_footer_info();
  exit(0);
}

# get the filename of the guestlist, make sure it is valid
$filename = $ENV{'PATH_TRANSLATED'};
unless (-e $filename) {
  &print_header_info("Cannot open $filename");
  print <<ENDERROR;
  <h2><u>Cannot open $filename</u></h2>
  Cannot open the guestlist filename you specified, \"$filename\".
  The guestlist filename is defined by appending the filename to
  the guestlist cgi specification in the &lt;FORM action=..."&gt;
  tag.
ENDERROR
  &print_footer_info();
  exit(0);
}

#
# check occurrence in REFERER of SERVER_NAME, i.e. only allow 
# post to guestlist from a form on the server (security).
#
unless ($ENV{'HTTP_REFERER'} =~ /$ENV{'SERVER_NAME'}/) {
  &print_header_info("Invalid Referer");
  print <<ENDERROR;
  <h2><u>Invalid Referer</u></h2>
  This script will only respond to forms that reside on this
  server.  Tough luck.
  <p>
ENDERROR
  &print_footer_info();
  exit(0);
}

# get the form data
&parse_form_data(*array);

# fill in the comments if not given
if ($array{'comments'} eq "") {
  $array{'comments'} = "no comments";
}
if ($array{'maxentries'} eq "") {
  $array{'maxentries'} = -1;
}

#
# required variable in the html form:
#    --recipient, name, email
#
if ($array{'recipient'} eq "") {
  # not happy crappy
  &print_header_info("Form Incomplete");
  print <<ENDERROR;
  <h2><u>Form Incomplete</u></h2>
  The form is incomplete.... no \"recipient\" variable is 
  available.
  <p>
ENDERROR
  &print_footer_info();
  exit(0);
}
if (($array{'name'} eq "") || ($array{'email'} eq "")) {
  # not happy crappy
  &print_header_info("Data Incomplete");
  print <<ENDERROR;
  <h2><u>Data Incomplete</u></h2>
  Your request to send comments to $array{'recipient'} has been 
  rejected due to insufficient information.  To properly send
  your comments, please fill out:
  <ul>
ENDERROR
  if ($array{'name'} eq "") {
    print "<li> Your Name\n";
  }
  if ($array{'email'} eq "") {
    print "<li> Your Email Address\n";
  }
  print "</ul>\n<p>\n";
  &print_footer_info();
  exit(0);
}

# simple profanity check, add more if necessary
if (($array{'comments'} =~ /fuck/) ||
    ($array{'comments'} =~ /shit/) ||
    ($array{'comments'} =~ /bastard/) ||
    ($array{'comments'} =~ /bitch/) ||
    ($array{'name'} =~ /fuck/) ||
    ($array{'name'} =~ /shit/) ||
    ($array{'name'} =~ /bastard/) ||
    ($array{'name'} =~ /bitch/) ||
    ($array{'email'} =~ /fuck/) ||
    ($array{'email'} =~ /shit/) ||
    ($array{'email'} =~ /bastard/) ||
    ($array{'email'} =~ /bitch/)) {
  # not happy crappy
  &print_header_info("Entry Rejected");
  print <<ENDERROR;
  <h2><u>Entry Rejected</u></h2>
  Your request to add an entry to the guestlist has been rejected
  due to improper language.
  <p>
ENDERROR
  &print_footer_info();
  exit(0);
}

# remove line feeds from comments, stinking textarea widgets
$array{'comments'} =~ tr/\015//d;

# disble any html tags in the comments, name, or email
$array{'name'} =~ s/\</&lt;/g;
$array{'name'} =~ s/\>/&gt;/g;
$array{'email'} =~ s/\</&lt;/g;
$array{'email'} =~ s/\>/&gt;/g;
$array{'comments'} =~ s/\</&lt;/g;
$array{'comments'} =~ s/\>/&gt;/g;

# what time is it?
$now = time; 
($sec,$min,$hour,$mday,$mon,$yr,$wday,$yday,$isdst) = localtime(time);
$thisday = (Sunday, Monday, Tuesday, Wednesday,
            Thursday, Friday, Saturday)[$wday]; 
$month = (January,February,March,April,May,June,
          July,August,September,October,November,December)[$mon]; 
$year = 1900 + $yr;

# insert the entry into the guestlist
$retval = &add_entry();
if ($retval != 0) {
  # not happy crappy
  $message = 
    ("", "Guestlist file locked by another process -- Try again later",
       "Access to guestlist file, \"$filename\", denied")[$retval];
  &print_header_info("Unknown Error", 0);
  &return_error("$message");
}

# everything is happy, send message to recipient
# make sure we can open up the mail program
$array{'recipient'} = (split("\;", $array{'recipient'}))[0];
unless (open(MESSAGE, "|$mailprog $array{'recipient'}")) {
  # not happy crappy
  &print_header_info("Failed to open $mailprog");
  die &return_error("Cannot open mail executable, $mailprog not found
                     or permission denied.");
}
# echo the message to the mail program
print MESSAGE <<ENDMESS;
From: $array{'email'} ($array{'name'})
Reply-To: $array{'email'} ($array{'name'})
Subject: Guestlist Entry

The following message was sent from the web guestlist page
-----------------------------------------------------------------
Comments:
$array{'comments'}

ENDMESS
close(MESSAGE);

# tell the client the message was sent ok
&print_header_info("Guestlist Entry Accepted");
print <<ENDMESS;
<h2><u>Guestlist Entry Accepted</u></h2>
Your guestlist entry was successfully added and 
contained the information included below.  You can
also view your new entry on the
<a href=\"http://$ENV{'SERVER_NAME'}$ENV{'PATH_INFO'}\">guestlist</a>.
ENDMESS
print "<hr><p align=center>";
print "Host: $ENV{'REMOTE_HOST'}<br>";
print "$thisday $month ";
if ($mday < 10) {
print "0";
}
print "$mday, $year &#160; ";
if ($hour < 10) {
  print "0";
}
print GTMP "$hour:";
if ($min < 10) {
  print "0";
}
  print "$min:";
if ($sec < 10) {
  print "0";
}
print "$sec<br><a href=\"mailto:$array{'email'}\">";
print "$array{'name'}</a><br>$array{'comments'}<br></p>\n";
&print_footer_info();

##############################################################################
# common subroutines
##############################################################################

################################################
# add entry to guestlist
sub add_entry
{
  $w = rindex($filename, "/");
  $path = substr($filename, 0, $w);

  # Check for a lock file
  if (-f "$path/gtmptmp$$.$now") {
    return 1;
  }

  # No lock, go for it.  Use link() for atomicity (no race conditions).
  open(GTMP, ">$path/gtmptmp$$.$now") || return 2;
  close(GTMP);
  $locked = link("$path/gtmptmp$$.$now", "$path/gtmp");
  unlink("$path/gtmptmp$$.$now");
  $locked || return 1;
   
  open(GUESTLIST, $filename) || return 1;
  open(GTMP, ">$path/gtmp")  || return 2;
  flock(GTMP, 2);  # exclusive lock

  $guestcount = 0;
  $countguests = 0;
  while (<GUESTLIST>) {
    chop;
    if (/<!-- __GUESTLIST_BEGIN__ -->/) {
      $countguests = 1;
      print GTMP "$_\n";
      print GTMP "<hr><p align=center>";
      print GTMP "Host: $ENV{'REMOTE_HOST'}<br>";
      print GTMP "$thisday $month ";
      if ($mday < 10) {
        print GTMP "0";
      }
      print GTMP "$mday, $year &#160; ";
      if ($hour < 10) {
        print GTMP "0";
      }
      print GTMP "$hour:";
      if ($min < 10) {
        print GTMP "0";
      }
      print GTMP "$min:";
      if ($sec < 10) {
        print GTMP "0";
      }
      print GTMP "$sec<br><a href=\"mailto:$array{'email'}\">";
      print GTMP "$array{'name'}</a><br>$array{'comments'}<br></p>\n";
      $guestcount++;
    } elsif (/<!-- __GUESTLIST_END__ -->/) {
      $countguests = 0;
      print GTMP "$_\n";
    } else {
      if ($countguests) {
        if (($array{'maxentries'} <= 0) || 
            ($guestcount < $array{'maxentries'})) {
          $guestcount++;
          print GTMP "$_\n";
        }
      }
      else {
        print GTMP "$_\n";
      }
    }
  }

  close GUESTLIST;
  flock(GTMP, 8);  # unlock
  close GTMP;
   
  chmod(0644, "$path/gtmp");
  rename("$filename", "$filename.old");
  # BTW, this releases the lock
  rename("$path/gtmp", "$filename") || return 2;
  return 0;

}

##############################################################################
# eof comments.pl