#!/usr/bin/perl -w


# NEEDED Variables
$basedir = "/home/**/**";
$linkscgi = "http://www.foo.cgi";

# use form to get the data
use CGI qw(:standard);
$query = new CGI;

# enable MySQL database
use DBI;
$dsn="DBI:mysql:database=foo";

$client_email = $query->param('email');
chomp($client_email);
$new_url = $query->param('url');
chomp($new_url);
$new_title = $query->param('title');

print "Content-Type: text/html\n\n";
$|++;


$mailprog = "/usr/sbin/sendmail";

$LOC = "ALL"; 

$TRACKER = $ENV{'HTTP_REFERER'};
if (!($TRACKER)) { $TRACKER = $ENV{'REMOTE_ADDR'}; }


####################################
# CHECK Entries

@LINE= split (/"/,$new_url);

$new_url = $LINE[0];

$new_title =~ s/<[^>]*>//g;
$new_title =~ s/\/[^>]*>//g;
$new_title = &convert_bad_chars($new_title);
$new_url = &convert_bad_chars($new_url);
 

if ($new_url eq 'http://' || $new_url !~ /^(f|ht)tp:\/\/(\w|\-)+\.\w+/) { 
   &no_url; 
} 
if (!($new_title)) {
   &no_title;
}
if (!($client_email)) {
   &no_emailid;
}

if ($client_email !~ /^[\w\d][\w\d\,\.\-]*\@([\w\d\-]+\.)+([a-zA-Z]{3}|[a-zA-Z]{2})$/) {
   &no_emailid;
}

open (FILE, "badurls.txt");
flock (FILE, 2);
@banURL = grep{/$LINE[0]/} <FILE>;
flock (FILE, 8);
close (FILE);
if (@banURL) { &not_allowed($LINE[0]); }

#check against 'bad-email' list
open (FILE, "bademails.txt");
flock (FILE, 2);
@banEMAIL = grep{/$client_email/}<FILE>;
flock (FILE, 8);
close (FILE);
if (@banEMAIL) { &not_allowed($client_email); }

#check to see if code is unique	
	$flag = 1;
	$dbh = DBI->connect($dsn,'foo','foo') or die "Can't connect to MySQL database.";
	while ($flag == 1) {
		$CODE = &gen_code;
		$cursor = $dbh->prepare("SELECT count(*) FROM s_table WHERE ID_Code = '$CODE'");
		$cursor->execute();
		while (my $get = $cursor->fetchrow_hashref()) {
			$check = $get->{'count(*)'};
			}
		if ($check==0) { $flag = 0; }
		}	
		$cursor->finish();
		$dbh->disconnect;
		
# Enter MySQL and Add Entry....
	$dbh = DBI->connect($dsn,'foo','foo') or die "Can't connect to MySQL database.";
	while ($flag == 1) {
		$cursor = $dbh->prepare("INSERT INTO s_table (ID_Code,Email,Url,Title,Section,Location,Tracker,Date)
			VALUES ('$CODE','$client_email','$new_url','$new_title','$where','$LOC','$TRACKER',
			NOW())");
		$cursor->execute();
#check to see if entry was accepted
		$cursor = $dbh->prepare("SELECT count(*) FROM s_table WHERE ID_Code = '$CODE'");
		$cursor->execute();
		while (my $get = $cursor->fetchrow_hashref()) {
			$check = $get->{'count(*)'};
			}
		if ($check) { $flag = 0; }
		}	
		$cursor->finish();
		$dbh->disconnect;
	
#######
# convert title,url 

$new_title =~ s/\\//g;
$new_url =~ s/\\//g;	
$date= localtime;
	

#Send Email...

 open (MAIL, "|$mailprog -t") || die "Can't open $mailprog!\n";

    print MAIL "To: $client_email\n";
    print MAIL "From: foo\n";   
    print MAIL "Subject: Your entry\n\n";

    print MAIL "Thank you for adding your entry.\n";
    print MAIL "\n------------------------------------------------------\n";
    print MAIL "Your Link:\n\n";

    print MAIL "$new_title\n";

    print MAIL "$new_url\n";
    print MAIL "Section: $where\n\n";
    print MAIL "Submitted on $date\n";
    print MAIL "\n";
    close (MAIL);


print "<html><head><title>Output stuff...</title></head>\n";
print "Thanks!</body></html>";
exit(0);


sub no_url {
   print "<html><head><title>ERROR: No URL</title></head>\n";
   print "<body bgcolor=#FFFFFF text=#000000>";
   print "<center><h1>No URL $new_url</h1></center>\n";
   print "You forgot to enter a url you wanted added to the  ";  
   print "link page.  Another possible problem was that your link ";
   print "was invalid.<p>\n";
   print "<form method=POST action=\"$linkscgi\">\n";
   &get_fields;
   print "<input type=submit> * <input type=reset>\n";
   print "<hr>\n";
   print "</form></body></html>\n";

   exit(0);
}

sub no_illegal_chars {
   print "<html><head><title>ERROR: No URL</title></head>\n";
   print "<body bgcolor=#FFFFFF text=#000000>";
   print "<center><h1>No Illegal Characters</h1></center>\n";
   print "Your entry contains characters that are illegal to use.";  
   print "<p>\n";
   print "<form method=POST action=\"$linkscgi\">\n";
   &get_fields;
   print "<input type=submit> * <input type=reset>\n";
   print "<hr>\n";
   print "</form></body></html>\n";

   exit(0);
}

sub no_title {
   print "<html><head><title>ERROR: No Title</title></head>\n";
   print "<body bgcolor=#FFFFFF text=#000000>";
   print "<center><h1>No Title</h1></center>\n";
   print "You forgot to enter a title you wanted added to the ";
   print " link page.  Another possible problem is that your title ";
   print "contained illegal characters.<p>\n";
   print "<form method=POST action=\"$linkscgi\">\n";
   &get_fields;
   print "<input type=submit> * <input type=reset>\n";
   print "<hr>\n";
   print "</form></body></html>\n";

   exit(0);
}


sub no_emailid {
   print "<html><head><title>ERROR: No EMail Id</title></head>\n";
   print "<body bgcolor=#FFFFFF text=#000000>";
   print "<center><h1>No E-mail ID</h1></center>\n";
   print "You forgot to enter your e-mail id. "; 
   print "Another possible problem is that your e-mail id ";
   print "contained illegal characters.<p>\n";
   print "<form method=POST action=\"$linkscgi\">\n";
   &get_fields;
   print "<input type=submit> * <input type=reset>\n";
   print "<hr>\n";
   print "</form></body></html>\n";

   exit(0);
}


sub get_fields {
   print "\nEMail: <input type=text name=\"email\" value=\"$client_email\" size=30><br>";
   print "\nTitle: <input type=text name=\"title\" value=\"$new_title\" size=40><br> ";
   print "\nURL: <input type=text name=\"url\" value=\"$new_url\" size=55><br>";
   print "<input type=hidden name=\"section\"";
   print "value=\"$where\">\n";
   
   if ($LOC ne "ALL") {
		print "<input type=hidden name=\"lnkuser\"";
   		print "value=\"$LOC\">\n";
   		}
   }

sub not_allowed {
	$error = $_[0];
   print "<html><head><title>ERROR: URL Entry Denied</title></head>\n";
   print "<body bgcolor=#FFFFFF text=#000000>";
   print "<center><h1>URL Entry Denied</h1></center>\n";
   print "<center>Sorry, $error\n";
   print "You cannot add this URL to this page.<p>\n";
   print "</center>";
   print "</body></html>\n";

   exit(0);
}   



sub gen_code {
	my ($sec,$min,$hour,$mday,$mon,$year,$wday) = (localtime(time))[0,1,2,3,4,5,6];
	if ($sec<10) {$sec = "0".$sec;}
	if ($min<10) {$min = "0".$min;}
	if ($hour<10) {$hour = "0".$hour;}
	if ($mday<10) {$mday = "0".$mday;}
	my $RND = int(rand(1000));
	my $CODE = "$mday$hour$min$sec$RND";
	return $CODE;
}

sub convert_bad_chars {
	my $string = $_[0];
	$string =~ s/'/\\'/g;
	$string =~ s/"/\\"/g;
	return $string;
}