#!/usr/bin/perl -w

use warnings;
use strict;
use CGI;
use CGI::Carp qw/fatalsToBrowser warningsToBrowser/;
use Digest::MD5 qw(md5_base64);
use CGI::Session;
use lib "<path to my libraries on that server>";
use Navi;
use DB;

my $cgi = CGI->new();
my $dbh = DB::connect_db();

my $usr = $cgi->param('usr');
my $pwd = $cgi->param('pwd');

if($usr ne '')
{
	my $encrpass = md5_base64($pwd);
	my $sql = qq{SELECT id FROM consystem_users WHERE username=? and password=?};
	my $sth = $dbh->prepare($sql)
	  or die $dbh->errstr;
	$sth->execute($usr, $encrpass)
	  or die $sth->errstr;
	my $userid = $sth->fetchrow_array;
	if($userid != "")
	{
		my $session = new CGI::Session();
		$session->param("uid", $userid);
		$session->expire('+1h');
		print $session->header(-location=>'index.pl');
	}
	else
	{
		Navi::print_navi(": digioso :"); # Print Navigation
		print qq{<div id="category">[ LOGIN ]</div>};
		print "Username or password wrong !<br/><a href='login.pl?action=login'>Try again.</a>";
		Navi->end_navi();
	}
}
elsif($cgi->param('action') eq 'logout')
{
	my $session = CGI::Session->load() or die CGI::Session->errstr;
	$session->delete();
	print $session->header(-location=>'login.pl');
}
elsif($cgi->param('action') ne 'login' && $usr eq "")
{
	Navi::print_navi(": digioso :"); # Print Navigation
	print "<br/><br/>Please input username and password !";
	print_login();
}
else
{
	Navi::print_navi(": digioso :"); # Print Navigation
	print_login();
}

sub print_login()
{
	print qq{<br/><br/><form method="post"><table>
		<tr><td>Username:</td><td><input type="text" name="usr"></td></tr>
		<tr><td>Password:</td><td><input type="password" name="pwd" maxlength="30"></td></tr></table><br/>
		<input type="submit" value="Submit">
		</form>
		<br/>You don't have an account? Create one <a href="register.pl">here</a>.};
	Navi->end_navi();
}

DB::close_db();
exit 0;