#!/usr/local/bin/perl -w

use DBI;
use PHP::Session;
use CGI::Lite;

($msg, $dbh, $dbu, $sth, $stu, $sql, $uid) = undef;
$session_name = 'POSTNUKESID';

print "Content-type: text/html \n\n";
cookie_parse();
if ( $uid != 0 ) {
	begin_html();
	body_html();
	finish_html();
}
else {
	failure_check();
}

sub begin_html {
	# My header area, saving space not relevant, removed
}

sub finish_html {
	# My footer and /html area, again saving space
}

sub db_connect {
    my $user = "blah";
    my $pass = 'bl@h';
	my ($st) = 0;
    $dbh = DBI->connect("dbi:mysql:host=my.work.host.net", $user, $pass) or die "Database Connection not made: $DBI::errstr\n";
	if ( ! $dbh ) { 
		print "Error opening database:<BR>$DBI::err<BR><BR>$DBI::errstr<BR><BR>"; $st++;
	}
	$dbh->do("use MYDB");
	return ($st);
}

sub db_disconnect { 
	$dbh->disconnect();
}

sub cookie_parse {
	$cgi = new CGI::Lite;
	$cookies = $cgi->parse_cookies;
	$session_id = $cookies->{$session_name};
	if ($cookies->{$session_name}) {
		if ( &db_connect() ) { exit (1); }
		($sth) = $dbh->prepare("select * from my_session_table where session_id = '$session_id'");
		$sth->execute();
		(@cols) = $sth->fetchrow;
		$uid = $cols[4];
		($stu) = $dbh->prepare("select * from my_users where user_ids = '$uid'");
		$stu->execute();
		(@colt) = $stu->fetchrow;
	}	
	else {
		print "<br> can't find session cookie $session_name";
	}
	return ();
}

sub body_html {
	#general form information and html code, removed for space
	# Within the form just before the SUBMIT button, I placed the following line
	
	print "<INPUT TYPE=\"hidden\" NAME=\"update_uid\" VALUE=$colt[2]></td>","\n";

	#this pulls the "username" at $colt[2] and passes into the posting script along with all the other data from the form.
	#user does not know that their name is being captured (insert evil laugh here).
}

sub failure_check {
	# generic "You are in idiot, please log into the website first" page is display'd
}