#!/usr/bin/perl

use strict;
use warnings;
use DBI;
use CGI qw/:standard/; 
use CGI::Session;
use Crypt::PasswdMD5;

#Initiate the connection to the database
my $dbh = DBI->connect("DBI:mysql:database=DATABASE;host=localhost", "USER","PASS",{'RaiseError' => 1});

#Create the session
#my $session = new CGI::Session("DBI:MySQL", undef, {Handle=>$dbh});
my $session = new CGI::Session(undef, undef, {Directory=>'/tmp'});

#create a CGI instance
my $cgi = new CGI;

#create a cookie with the session id
my $cookie = $cgi->cookie(CGISESSID => $session->id);
#$session->header();

sub init {
	my ($session, $cgi) = @_;

	if ( $session->param("~logged-in") ) {
		return 1;
	}
	
	my $trials = $session->param("~login-trials") || 0;
	my $name = $cgi->param('user') or return $session->param("~login-trials", ++$trials);;
	my $pass = $cgi->param('pass') or return $session->param("~login-trials", ++$trials);;

	if ( my $profile = _load_profile($name, $pass) ) {
		$session->param("~profile", $profile);
		$session->param("~logged-in", 1);
		$session->param("~login-trials",0);
		return 1;
	}

	return $session->param("~login-trials", ++$trials);
}

sub _load_profile {
	my ($user, $pass) = @_;

	local $/ = "\n";

	my $query = "SELECT pass,email FROM users WHERE user = '$user'";
	my $sth = $dbh->prepare($query);
	$sth->execute;

	my $dbpass;
	my $email;
	while ( my $ref = $sth->fetchrow_hashref() ) {
		$dbpass = $ref->{pass};
		$email = $ref->{email};
	}
	my @bits = split '\$', $dbpass;

	my $crypt = unix_md5_crypt($pass, $bits[2]);
	
	if ($crypt eq $dbpass) {
		my $mask = "x";
		return {username=>$user, password=>$mask, email=>$email};
	}
	return undef;
}

sub login_page {
	print "<br><b>Wrong information</b>\n";
	open FILE, "<../login.html" or die "Could not open login file: $!\n";

	while (<FILE>) {
		print $_;
	}
	close (FILE);
}



print header, start_html("Logging In...");

my $trials = init($session, $cgi);
print "<br>trials = $trials\n";

if ( $session->param("~login-trials") >= 3 ) {
	print error("You failed 3 times in a row." . 
	"Your session is blocked. Please contact us with" .
	"the details of your action");
	exit(0);
}

unless ( $session->param("~logged-in") ) {
	print login_page($cgi, $session);
	exit(0);
}

my $profile = $session->param("~profile");
print "<br>Hello $profile->{username} ($profile->{email})";
print "<br><a href=\"home.cgi\">home</a>\n";
print end_html;


##</code><code>##

#!/usr/bin/perl

use strict;
use warnings;
use CGI qw/:standard/;
use CGI::Cookie;
use CGI::Session;


my %cookies = fetch CGI::Cookie;


print header, start_html;
print "<br> Booo\n";

print "<br>Cookies:\n";
my $session_vars;
foreach my $key (keys %cookies) {
	$session_vars = $cookies{$key} if ( $key eq 'CGISESSID' );
}
my @vars = split ';', $session_vars;

my $session_id;
foreach my $v ( @vars ) {
	if ( $v =~ /CGISESSID/ ) {
		my @bits = split '=', $v;
		$session_id = $bits[1];
	}
}
print "<br>sess : $session_id\n";

my $session = new CGI::Session(undef, $session_id, {Directory=>'/tmp'});

my $profile = $session->param("~profile");

print "<br> Hello: $profile->{username}\n";

print end_html;


##</code><code>##

#Initiate the connection to the database
my $dbh = DBI->connect("DBI:mysql:database=DATABASE;host=localhost", "USER","PASS",{'RaiseError' => 1});

#create a CGI instance
my $cgi = new CGI;

#Create the session
#my $session = new CGI::Session("DBI:MySQL", undef, {Handle=>$dbh});
my $session = new CGI::Session(undef, $cgi, {Directory=>'/tmp'});