#!/usr/local/bin/perl 

print "Content-type: text/html\n\n";

##&Admin_Login unless (&checkLogin);

#get the files we need

##this cgi should accept new entries and stick them in the directory with a "-" at the end of the file name.
#
#
#

%formdata = &Parse_web_data();

$from = $ENV{HTTP_REFERER};

##change cheese44 to your chosen password
unless ($formdata{pass}=~/cheese44/i){
	print "Invalid password. Please try again";
	exit;
	}

##change the path below to the path to your blosxom file
$filepath = '/home/laurien/public_html/cgi/blosxom.cgi';

$filename = $formdata{who};
$directory = $formdata{directory}."/";

$file = $filepath . $directory . $filename . ".txt";

$file =~ s/ //g;

$counter = 2;


while (-e $file) {
	$file = $filepath.$directory.$filename.$counter.".txt";
	$counter++;
	}

open (WRITE, ">$file");
	print WRITE "$formdata{title}\n";
	print WRITE "<br>";
	print WRITE "$formdata{body}\n";
	print WRITE "<br><br>\n";
	print WRITE "posted by <a href=\"mailto:$formdata{email}\">$formdata{who}</a>.";
&notify_mail();

print <<REDIRECT_HTML;
	<html>
	<head>
	<title>Thanks!</title>
	</head>
	<body>
	<p>Thanks for your entry!  It should appear immediately here: </p>
#change the line below to link to your blosxom space
	<a href="http://grove.ufl.edu/~laurien/cgi/blosxom.cgi">Main</a>
	</body>
	</html>
REDIRECT_HTML

exit;

#####################################################
#
# subs
#
#####################################################

sub notify_mail {
#change the emails below to your email addresses
#	
	my @mail;
	#To:
	$mail[0] = "laurien\@ufl.edu";
	#from:
	$mail[1] = "laurien\@ufl.edu";
	#reply-to:
	$mail[2] = "ltaylor\@clas.ufl.edu";
	#subject:
	$mail[3] = "New blog entry";
	#message:
	$mail[4] = "A New blog entry has been posted by $formdata{who}.  It is called $file";
	
	&Send_mail_message(@mail);


}

sub Parse_web_data {

    # standard form-parsing code
    # based on Shishir Gundavaram's (from the mouse book)
    # returns web form data as hash %Parsed_data

    local (@Form_data, $Form_length, $Data, $Key, $Val, %Parsed_data);

    if ($ENV{'REQUEST_METHOD'} eq "GET" ) {
        $Form_data = $ENV{'QUERY_STRING'};
    } elsif ($ENV{'REQUEST_METHOD'} eq "POST") {
        read(STDIN, $Form_data, $ENV{'CONTENT_LENGTH'});
    }

    @Form_data = split (/&/, $Form_data);

    foreach $Data (@Form_data) {

        ($Key, $Val) = split (/=/, $Data);

        # clean up hexidecimal crap

        $Val =~ tr/+/ /;
        $Val =~ s/%([\dA-Fa-f][\dA-Fa-f])/pack ("C", hex ($1))/eg;

        # Delete all nasty characters. We could be a LOT more anal
        # about this, but removing these statement delimiters isn't
        # a bad idea. This is a start for a secure CGI...

        ##$Val =~ s/[;><&*`|]//eg;
        $Parsed_data{$Key} = $Val;
    }
    return %Parsed_data;
}

sub Send_mail_message {

    # Opens pipe to sendmail and sends message.
    # Returns error if sendmail can't open or if the sub isn't used right.
    # If return string matches /^Error/ it didn't work.

    # $_[0] = recipient
    # $_[1] = from
    # $_[2] = reply-to
    # $_[3] = subject
    # $_[4 and up] = message

    my($Recipient, $From, $Reply_to, $Subject, @Mail) = @_;

    # Bail if stuff is undefined or doesn't look right
    # Return an error code

    return "Error: bad recipient email."
        unless ($Recipient =~ m!\S+\@\S+\.\S+!);
    return "Error: bad reply-to email."
        unless ($Reply_to  =~ m!\S+\@\S+\.\S+!);
    return "Error: no subject given." unless $Subject;
    return "Error: no message given." unless @Mail;

    open (MAIL, "| /usr/lib/sendmail $Recipient") ||
        return "Error: sendmail could not open.";

    print MAIL "X-Mailer: GroveBlosxom temp Perl module\n";
    print MAIL "From: $From\n";
    print MAIL "To: $Recipient\n";
    print MAIL "Reply-To: $Reply_to\n";
    print MAIL "Subject: $Subject\n\n";

    foreach (@Mail) { print MAIL "$_\n"; }

    close MAIL;

    return "Message sent.";
}