#!/usr/bin/perl
#------------------------------------------------------------------------------
# Copyright (C) 2001 Thomax Kaulmann
# 
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
# 
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
# 
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

use DBI;
use CGI;
use lib '/opt/oma/oma-bin';
use OMA;
use lib '/opt/oma/transact';
use XSQL;
use Digest::SHA1 qw(sha1 sha1_hex sha1_base64);


local %in, @row, $trans;
undef %in;
undef @row;
undef($trans);


                  ##    ######                                     ###
                  ##     ##  ##                                     ##
  #####   ####   #####   ##  ##  ####     ####    ####  ##   ##  #####
 ##  ##  ##  ##   ##     #####      ##   ##      ##     ## # ## ##  ##
 ##  ##  ######   ##     ##      #####    ####    ####  ## # ## ##  ##
  #####  ##       ## ##  ##     ##  ##       ##      ## ####### ##  ##
     ##   ####     ###  ####     ### ##  #####   #####   ## ##   ### ##
 #####
sub getPasswd
{
	my($passwd) = shift;
	

	my $db2 = DBI->connect("DBI:Pg:dbname=rubi","","");
	my $st = $db2->prepare("SELECT password,salt FROM users WHERE username='$in{user}'");
	$st->execute();
	my @row = $st->fetchrow();
	$st->finish();

	if($#row < 1) {
		print "You are not known to the rubi scheduler<br><br>\n";
		mask;
		do_exit;
		exit;
	}

	$digest = uc(sha1_hex("$in{passwd}$row[1]"));

	if($digest ne $row[0]) {
		print "Your password doesn't match this rubi scheduler one<br><br>\n";
		mask;
		do_exit;
		exit;
	}

	return crypt($passwd,"OMA");
}


                  ##     ##  ##
                  ##     ##  ##
  #####   ####   #####   ##  ##   ####    ####  ## ###  ## ###   ####    ## ##
 ##  ##  ##  ##   ##     ##  ##  ##      ##  ##  ### ##  ##  ##     ##  #######
 ##  ##  ######   ##     ##  ##   ####   ######  ##      ##  ##  #####  ## # ##
  #####  ##       ## ##  ##  ##      ##  ##      ##      ##  ## ##  ##  ## # ##
     ##   ####     ###    ####   #####    ####  ####     ##  ##  ### ## ##   ##
 #####
sub getUsername {
	my $query = new CGI;
	my ($id) =  split(/,/,$query->cookie('ad_user_login'));
	my $ret;

	if($id) {
		my $db2 = DBI->connect("DBI:Pg:dbname=rubi","","");
		my $st = $db2->prepare("SELECT username FROM users WHERE user_id=$id");
		$st->execute();
		my @row = $st->fetchrow();
		$ret = $row[0];
	}
	return($ret);
}


   ###                                     ##     ##
    ##                                            ##
 #####    ####            ####  ##   ##   ###    #####
##  ##   ##  ##          ##  ##  ## ##     ##     ##
##  ##   ##  ##          ######   ###      ##     ##
##  ##   ##  ##          ##      ## ##     ##     ## ##
 ### ##   ####            ####  ##   ##   ####     ###
                ########
sub do_exit
{
	print "</span></html>";
	exit;
}



##   ##            ##            ######         ##   ##
### ###           ####             ##           ###  ##
#######          ##  ##            ##           #### ##
#######          ##  ##            ##           ## ####
## # ##          ######            ##           ##  ###
##   ##          ##  ##            ##           ##   ##
##   ##          ##  ##          ######         ##   ##


print <<EOF;
<html>
<head></head>
<style>
body { font-family:arial; font-weight:bold; font-size:11px; color:#606060; background:#e0e0e0; }
a { color:007700; }
td { font-family:arial; font-weight:bold; font-size:11px; }
input,textarea,select { font-family:arial; font-weight:bold; font-size:11px; background:#e0e0ff; }
</style>

<span style="font-family:helvetica">
EOF

CGI::ReadParse();
$db = OMA::opendb();


sub updateuser {
	$in{'passwd'} = getPasswd($in{'passwd'});

	XSQL::transopen();
	XSQL::transact("UPDATE users SET passwd='$in{'passwd'}', email='$in{'email'}', name='$in{'label'}', street='$in{'street'}', postal='$in{'postal'}', city='$in{'city'}', country='$in{'country'}', url='$in{'url'}' where username='$in{'user'}'");
	XSQL::transclose();
	print "fine. your account has been updated.\n";
	do_exit;
}
			
sub newuser {
	$in{'passwd'} = getPasswd($in{'passwd'});


	XSQL::transopen();
	XSQL::transact("INSERT INTO users VALUES ('$in{'user'}', '$in{'passwd'}', '$in{'email'}', '$in{'label'}', '$in{'street'}', '$in{'postal'}', '$in{'city'}', '$in{'country'}', '$in{'url'}')");
	XSQL::transclose();
	print <<EOF;
fine. your account has been added.<br>
<br>
Maybe you like to try to log into the OMA Archive?<br>
If this is the case, you are always able to log in by<br>
calling this link:<br>
<br>
<a href="https://archive.reboot.fm/oma-bin/go">https://archive.reboot.fm/oma-bin/go</a><br>
<br>
Don't miss to bookmark this link!
EOF
	do_exit;
}

sub mask {
	my $username = getUsername();

	if($username && !$in{'user'}) {
		$in{'user'} = $username;
	}

	print <<EOF;

<form method=post>
<table cellspacing=0 cellpadding=0 width=300>
<tr><td colspan="2">
This form will provides you access rights with the same username and password you use on the rubi scheduler system at <a href="http://www.reboot.fm">http://www.reboot.fm</a>. Just enter <u>username</u> and <u>password</u> you use there. All other informations are optional. Don't forget to press the <u>approve</u> button. The username means the very first email address you registered at the scheduler.
<br>
<br>
</td></tr>
<tr><td align="right"><font style="color:#cc0000">Username:&nbsp;</font></td><td><input name=user value="$in{user}"></td></tr>
<tr><td align="right"><font style="color:#cc0000">Password:&nbsp;</font></td><td><input type=password name=passwd value="$in{passwd}"></td></tr>
<tr><td align="right">E-Mail:&nbsp;</td><td><input name=email value="$in{email}"></td></tr>
<tr><td align="right">Name/Org/Label:&nbsp;</td><td><input name=label value="$in{label}"></td></tr>
<tr><td align="right">Street:&nbsp;</td><td><input name=street value="$in{street}"></td></tr>
<tr><td align="right">Postal:&nbsp;</td><td><input name=postal value="$in{postal}"></td></tr>
<tr><td align="right">City:&nbsp;</td><td><input name=city value="$in{city}"></td></tr>
<tr><td align="right">Country:&nbsp;</td><td><input name=country value="$in{county}"></td></tr>
<tr><td align="right">URL:&nbsp;</td><td><input name=url value="$in{url}"></td></tr>
<tr><td></td>
<td>
<input type=submit value=approve name=approve>
</td></tr>
</table>
</form>
</html>
EOF
	do_exit;
}

if($in{'approve'}) {
	if($in{'user'} && $in{'passwd'}) {
		$query = $db->prepare("SELECT * from users where username='$in{'user'}'");
		$query->execute();
		@row = $query->fetchrow();
		$query->finish();
		if($#row > 0) {
			updateuser;
		} else {
			newuser;
		}
	} else {
		print "we need at least your username and password<br><br>\n";
		mask;
	}
}
mask;
