#!/usr/bin/perl -w
use CGI;
use HTML::Template;
use CGI::Session;
use lib ('/home/scott/intranet/cgi/mods');
use Digest::SHA2;
use DBI;
use DBD::mysql;

CGI::Session->name("test");

my $query = new CGI;
my $sid = $query->cookie( 'test' ) || undef;
    my $session = CGI::Session->new("driver:File", $sid, {Directory=>'/tmp'});
    $query->param( 'session' => $session);
    if (!$sid or $sid ne $session->id ) {
       my $cookie = $query->cookie(
          -name    => 'test',
          -value   => $session->id,
          #-expires => ''  makes it so on close session expires.
       )
	}
	init($session, $query);
sub init {
        my ($session, $cgi) = @_; # receive two args

        if ( $session->param("~logged-in") ) {
            return 1;  # if logged in, don't bother going further
        }

        my $lg_name = $cgi->param("lg_nick") or return;
        my $lg_psswd=$cgi->param("lg_pass") or return;

        # if we came this far, user did submit the login form
        # so let's try to load his/her profile if name/psswds match
        if ( my $profile = login($lg_name, $lg_psswd) ) {
            $session->param("~profile", $profile);
            $session->param("~logged-in", 1);
			$template->param(PROFILE => 1);
            $session->clear(["~login-trials"]);
            return 1;

        }

        # if we came this far, the login/psswds do not match
        # the entries in the database
        my $trials = $session->param("~login-trials") || 0;
        return $session->param("~login-trials", ++$trials);
}
	
my $template = HTML::Template->new(filename => 'index.tmpl',
									path => '/home/scott/intranet/cgi/intranet/',
									associate => $query);

	
	
sub getpassword {
	# MySQL CONFIG VARIABLES
	my($username) = @_;
	my $host = "localhost";
	my $database = "write";
	my $user = "userid";
	my $pw = "dbpass";
	my $dsn = "dbi:mysql:$database:localhost:3306";
	my $dbstore = DBI->connect($dsn, $user, $pw) or die "Unable to connect: $DBI::errstr\n";
	my $prepquery = $dbstore->prepare("SELECT * FROM userlogin WHERE USERNAME='$username'") or die "Unable to connect: $DBI::errstr\n";
	$prepquery->execute();
	my $timestampUpdate = $dbstore->prepare("UPDATE write.userlogin SET userlogin.TIMESTAMP = NOW( ) WHERE userlogin.USERNAME = '$username'" ) or die "Unable to connect: $DBI::errstr\n";
	$timestampUpdate->execute();
	my $ref = $prepquery->fetchrow_hashref();
	my $password = $ref->{'PASSWORD'};
		$prepquery->finish();
		$timestampUpdate->finish();
		$dbstore->disconnect();
			return $password;
}


sub login{
    my($nick, $pass) = @_;
	my($password) = getpassword($nick);
	my $encryptobj = new Digest::SHA2 512;
	$encryptobj->add($pass);
	my $digest = $encryptobj->hexdigest();

	if($digest eq $password){
            # replace this check above with something real ie lookup from a database
            return 0;
        }
		else
		{
			return 1;
		}
}
	
	$template->param('TEST', $query->param('lg_nick'));

	$template->param(MYURL => 'http://192.168.1.9/cgi-bin');
print $query->header( -cookie=>$cookie ), $template->output;