#!/usr/local/bin/perl -w
use strict;

use CGI::Carp qw/fatalsToBrowser /;

use lib ('/home/xxxxx/public_html/mods');

use CGI qw/:all /;

# this line added to try to deal with error
use CGI::Util qw(rearrange make_attributes unescape escape expires ebcdic2ascii ascii2ebcdic);


my $q = CGI->new();

use CGI::Upload;
my $upload = CGI::Upload->new;

use DBI;

my $user_pass = $q->param('pass');
my $name = 	$q->param('name');
my $corrected_filename = $name;
$corrected_filename =~ s/ /_/g;
$corrected_filename =~ s/[^a-zA-Z0-9_-]//g;
my $file_extension = $upload->file_type('temp_filename');
$corrected_filename .= ".$file_extension";

my $target_directory = "/home/ehrhardt/public_html/releases/";

if ($user_pass eq 'xxxxx') {
	file_up();
} else {
	print $q->header, start_html, h2('Bad Password=', $user_pass);
	exit;
}

sub file_up {
	local $| = 1;
	my ($bytesread,$buffer,$file);
	my $fh = $upload->file_handle('temp_filename');
	open(OUTF, '>' . $target_directory . $corrected_filename);
	while ($bytesread = read($fh, $buffer, 1024)) {
    	print(OUTF $buffer);
	}
	close(OUTF);
	if (!$file && $q->cgi_error) {
	    print($q->header(-status=>$q->cgi_error));
	    exit 0;
	}

	update_db();	
	
	my $redir = "http://www.xxxxx.com/admin/done.htm";
	print $q->redirect("$redir");

}

sub update_db {
	my $dbh = DBI->connect("DBI:mysql:PressReleases:localhost","xxxx","xxxxx",{'RaiseError' => 1}); 
	my $sth = $dbh->prepare("INSERT INTO Releases (Row, Name, FileURL, Description, Uploaded, Archived) VALUES (?, ?, ?, ?, ?, ?)");
	my $fileURL = "http://65.57.xxx.x/~xxxx/xxxxx/$corrected_filename";
	my $description = $q->param('description');
	$description =~ s/\'/\\\'/g;
	$sth->execute('', $name, $fileURL, $description, undef, '');
}