#!/usr/bin/perl

##########################################################################
# Blosedit.cgi																				 #
# Allows editing of Blosxom files while maintining posting file date.	 #
# Using just one other file for user/password entry, one can root a		 #
# user to a home directory. The use of user flags control visibility of	 #
# subdirectories such as /.settings/ as used in Blosxom 3 and visibility #
# of dot named files such as .htaccess. Old files can be edited while	 #
# maintaining integrity of timestamps. New files can aslo be created.	 #
# Edited files can be saved as draft and then later saved as completed	 #
# Directories or files need to be writable by "www" (or "apache")			 #
# work.																						 #
#																								 #
# Blosedit is free software. you may redistribute it and/or modify it	 #
# under the terms of the GNU General Public License as published by the	 #
# Free Software Foundation.															 #
# pdr 10/15/04, v1.0.2																	 #
##########################################################################
use CGI;
use Time::Local;
# 
# <<<<<<<<<<<<<< Edit below for Your setup >>>>>>>>>>>>>>>>>

# as they say, "Location, Location, Location!"
my $passfile = '/var/www/cgi-bin/pssw.txt';  # absolute path to user/password file
# my $passfile = '/Library/WebServer/CGI-Executables/pssw.txt'; # absolute path to user/password file
my $salt ='gh';								# salt for crypt function
my $usesecure = 0; 							# set if you want to use SSL secured cookie
my $Xpiration = '+1d';						# cookie expiration date
my $MAX_SIZE = 50;							# if flag is set, user is not allowed to upload flles larger then this in kilobytes
my $draft = tmp;			# draft file extension ig. mysummertrip.txt is saved as mysummertrip.txt.tmp
								# thus preventing blosxom from showing it until it has a valid 'flavour' name
								# also when re-loaded, comes up with non-draft name for normal save

# for more personal style define your own header/footer								
# Note, user's header and footer files care not active until log in 								
my $usr_headerfile ='';		# path is relative to current user's root
my $usr_footerfile ='';		# path is relative to current user's root

# If user's header/footer not defined or doesn't exist then try default (if defined and exists)
my $default_headerfile='';	# must be aboslute path to header
my $default_footerfile='';	# must be aboslute path to footer


# <<<<<<<<<<<<<< Edit above for Your setup >>>>>>>>>>>>>>>>>
 
##########################################################################
#				  Password File Format:
# a tab delimited file with the following on each line
# userid	password	flags	rootdirectory
#
# example:
# admin	bratwurst	0	/var/www/html/data
# betty	boop	3	/var/www/html/toons_only
# otto	bismark	12	/var/www/html/prussia
# 
# file flags are decimal summation of flag (bits) values that are set
# if flag is clear then its value is not added (= zero)
# File Invisibility			value = 1	files with names starting with period are not shown
# Directory Invisible		value = 2	directories w/names starting w/period are not shown
# Directory create			value	= 4	User cannot create new subdirectories in home folder
# File upload					value = 8	User limited to maximum set file size
# example: betty can not see any dot name files or directories since flag = 3 =1 + 2
# and otto is not allowed to expand beyond his current boundaries by making new subdirectories
# in his root folder named prussia and his upload size is limited 12 = 4 + 8
##########################################################################


#create a new CGI object
$cgi = new CGI;

my $script=$cgi->script_name;

my $user;
my $pass;
my $root;
my $mydir;

#flags
my $FileInvisible=1;
my $DirInvisible=2;
my $DirCreate=4;
my $LimitUpload=8;

#attempt to read the cookie from the clients cache
$userdata = $cgi->cookie("login");
if ($userdata) {
	$userdata =~ / pw=/;
	$user = $`;
	$pass = $';
	$user =~ / /;
	$mydir = $';
	$user = $`;
	if (ValidateUser()) {
# user has a valid cookie.
		GetAction();
	}
}
else {
# check if the user has filled in the form. verify their ID/password and issue a cookie
	$submitted = $cgi->param('choose');
	if ($submitted eq 'Login') {
		$user = $cgi->param('user');
		$pass = $cgi->param('pass');
		chomp($user);
		chomp($pass);
		$pass = crypt($pass, $salt);
		if (ValidateUser()) {
			HTML_ShowFiles();
		}
		else {
# Let them know that they didn't pass
			my $badlogin =1;
			HTML_Login();
		}
	}
	else {
# user has no valid cookie.  Allow them to log in
		HTML_Login();
	}
}

############## HTML Forms ##############

sub HTML_Login {
	$Blosedit_title = 'Login';
	HTML_Header ();
	print qq(<div id="loginbox">);
	print $cgi->startform('post',$script);
	print 'Username:' .$cgi->textfield('user','',20).'<br />';
	print 'Password: '.$cgi->password_field('pass','',20).'<br /><br />';	
	print $cgi->submit("choose" , "Login");
	print qq(<p>Username/Password invalid!</h2><\p>\n) if $badlogin;
	print qq(</form></div>);
	HTML_Foot();
}

sub HTML_MkDir {
	$Blosedit_title = 'Enter New Directory Name';
	HTML_Header ();
	print qq(<div id="mid">);
	print $cgi->startform('post',$script);
	print 'New Directory:' .$cgi->textfield('new','',32).'<br />';
	print $cgi->submit("choose" , "Create");
	print $cgi->submit("choose" , "Cancel");
	print qq(</form></div>);
	HTML_Foot();
}

sub HTML_ShowFiles {
	$dir = $root.'/'.$mydir;	  
	chdir($dir);
	opendir(DIRHANDLE, $dir) || Error( "Can't open ", $dir); 
	my @Flist = readdir(DIRHANDLE); 
	closedir(DIRHANDLE);
	$Blosedit_title = 'Select File';	
	HTML_Header();
#directory location header
	print qq(<div id="container">\n<div id="header" align="center">Subdirectory = /root$mydir<\div>\n);
	
# Select Directory form
	print qq(<div id="dirlist" align="center">\n);
	print qq(<form method="post" action="$script" >);
	print qq(<select name=sname size=10>\n);		
	print qq(<option value="..">..\n) if $mydir; 
	for( $i = 2; $i < @Flist; $i++ ) {
		if( -d $Flist[ $i ] ) {
			print qq(<option value="$Flist[$i]">$Flist[$i]\n) if (!( $DirInvisible && ($Flist[ $i ]  =~ /^\./) )) 
		}
	} 
	print qq(</select><br />\n);
	print $cgi->submit("choose" , "Select Directory").'<br /><br />';
	if (!$DirCreate) {
		print $cgi->submit("choose" , "New Directory").'<br />' ;
		print $cgi->submit("choose" , "Remove Directory") ;
	}
	print qq(</form>\n</div>); 
	
# Edit File form
	print qq(<div id="filelist" align="center">\n);
	print qq(<form method="post" action="$script" >);
	print qq(<select name=sname size=10>\n);
	my $i;
	for($i = 0; $i < @Flist; $i++) {
		if( !-d $Flist[$i] ) {
			print qq(<option value=\"$Flist[$i]\">$Flist[$i]\n) if (!( $FileInvisible && ($Flist[ $i ]  =~ /^\./) ))
 		}
	}	
	print qq(</select><br />\n);
	print $cgi->submit("choose" , 'Edit File').'<br /><br />';
	print $cgi->submit("choose" , 'New File').'<br>';
	print $cgi->submit("choose" , 'Remove File');
	print qq(</form>\n</div>\n);
# Upload File form
	print qq(<div id="upload">\n);
	print $cgi->start_multipart_form('post',$script);
	print qq(<br />Upload: );
	print $cgi->filefield('upload', '',60).'<br />';
	print $cgi->submit("choose" , 'Upload');
	print '<hr>'.$cgi->submit("choose" , "Logout");
	print $cgi->endform;
	print qq(</div></div>);
	
	HTML_Foot();
}

sub HTML_EditFile {
	chdir ($root.$mydir);
	if($newname) {
		
		$myfile = $root.$mydir.'/'.$newname;
		open (FILEHANDLE, $myfile) || Error('Cant open: ', $myfile);
		@fcontent = <FILEHANDLE>;
		($atime, $mtime) = (stat(FILEHANDLE))[8,9];
		close(FILEHANDLE);
		
		($Sec, $Min, $Hr, $Day, $Mon, $Yr, $WkDay, $DayOfYr, $IsDST) = localtime($mtime);
		$Sec = "0$Sec" if($Sec <10);
		$Min = "0$Min" if($Min <10);
		$Hr = "0$Hr" if($Hr <10);
		$Day = "0$Day" if($Day <10);
		$Mon = "0$Mon" if(++$Mon <10);
		$Yr = $Yr + 1900;
		
		$title=shift(@fcontent);
		$newname =~ s/\.$draft\z// ;
	}
	else {
		$newname = 'untitled.txt';
		$i =0;
		while (( $i < 100) && ((-e $newname) || (-e $newname.'.'.$draft))) { $newname = 'untitled'.++$i.'.txt' }
		$myfile = $root.$mydir.'/'.$newname;
	}
	$Blosedit_title ='Edit File';
	HTML_Header();
	
#ediiting form	
	print qq(<div id="container">\n<div id="header" align="left">Subdirectory = /root$mydir<\div>\n);
	print qq(<form action="$script" method="POST">\n);
	print qq(<p><b>File Name: </b>\n);
	print qq(<input type="text" name="sname" value="$newname" size="30" />);
	print qq(\n</p>\n);
	print qq(<p>\n<b>Date: </b>\n);
	print $cgi->textfield('fmonth', $Mon, 2);
	print ' / '.$cgi->textfield('fday', $Day, 2);
	print ' / '.$cgi->textfield('fyear', $Yr, 4);

	print qq( &nbsp;enter zero in MM or DD to use current DateTime<br /></p>\n);
	print qq(<p><b>Time: </b>\n);
	print $cgi->textfield('fhour', $Hr, 2);
	print ' : '.$cgi->textfield('fmin', $Min, 2);
	print ' : '.$cgi->textfield('fsec', $Sec, 2);
	print qq(</p>\n);
	print qq(<p><b>Title</b><br />);
	print $cgi->textfield('title', $title, 80)."</p>\n";
	
	print qq(<p><b>Body</b><br /><textarea name="body" cols="80" rows="16" wrap="virtual">);
	foreach (@fcontent) { s/&/&amp;/g; print() } print qq(</textarea></p>\n);	
	print $cgi->submit("choose" , 'Save');
	print $cgi->submit("choose" , 'Draft');
	print $cgi->submit("choose" , 'Cancel');
	print qq(</p>\n);
	HTML_Foot();
}

sub HTML_Header {
	if (($Blosedit_title ne 'Login') || ($Xpiration eq 'now')) {
# you passed user/password, so here's a cookie for you!
		$userdata = "$user $mydir pw=$pass"; 
		$cookie = $cgi->cookie(-name=>'login', -value=>$userdata, -expires=>$Xpiration, -secure=>$usesecure);
		print $cgi->header(-cookie=>$cookie);
	}
	else {
# blehhhh... no cookie for you
		print $cgi->header;
	}
# get a name of an external header only if it exists
	if ($usr_headerfile && (-e $root.'/'.$usr_headerfile)) {
		$headerfile = $root.'/'.$usr_headerfile;	
	}
	elsif ($default_headerfile && (-e $default_headerfile)) {
		$headerfile = $default_headerfile;
	}

	if ($headerfile) {
		open (HTML_FILEHANDLE, $headerfile) || Error('Cant open header file: ', $headerfile);
		@fcontent = <HTML_FILEHANDLE>;
		close(HTML_FILEHANDLE);
		foreach (@fcontent) { print() }
	}
	else {
			print qq(<html><head><title>$Blosedit_title</title>\n);	
			print qq(<style type="text/css" media="screen">\nbody {background-color:#ffe; }\n);
			print qq(#loginbox { position:absolute; left:50%; width:300px; margin-top:50px; margin-left:-166px; text-align:left; );
			print qq(padding:15px; border:2px solid #333; background-color:#ffccff; }\n);
			print qq(#container { width: 700px;	 border: 1px solid gray; margin: 10px; );
			print qq(margin-left: auto; margin-right: auto; padding: 10px; background-color: #ffc;}\n);
			print qq(#dirlocation { padding: 5px; margin-bottom: 5px; background-color: #ffff99; text-align: center }\n);
			print qq(#mid { padding: 5px; margin-left: 300px; margin-right: 300px; background-color: #ffc; }\n);
			print qq(#dirlist { float: left; width: 300px; width: 310px; width: 300px; margin: 0;  );
			print qq(margin-right: 5px; padding: 5px; background-color: #ffc; text-align: center; }\n);
			print qq(#filelist { float: right; width: 300px; width: 310px; width: 300px; margin: 0; );
			print qq(margin-left: 5px; padding: 5px; background-color: #ffc; text-align: center; }\n);
			print qq(#upload { clear: both; padding: 5px; margin-top: 5px;	 background-color: #ffc;}\n);
			print qq(</style></head><body>\n);
	}
}

sub HTML_Foot {
# get a name of an external footer only if it exists
	if ($usr_footerfile && (-e $root.'/'.$usr_footerfile)) {
		$footerfile = $root.'/'.$usr_footerfile;	
	}
	elsif ($default_footerfile && (-e $default_footerfile)) {
		$footerfile = $default_footerfile;
	}

	if ($footerfile) {
		open (HTML_FILEHANDLE, $footerfile) || Error('Cant open footer file: ', $footerfile);
		@fcontent = <HTML_FILEHANDLE>;
		close(HTML_FILEHANDLE);
		foreach (@fcontent) { print() }
	}
	else {
		print $cgi->end_html;
	}
}
	
############## Utility Subs  ##############

sub ValidateUser {
# Get User Info from	 password File and check against login or cookie
	open (FILEHANDLE, $passfile) || Error('open', $passfile);
	($_) = grep(/^$user\t/, <FILEHANDLE>);
	close(FILEHANDLE);
	s/\n//;
	($ulogin, $upass, $uflags, $root) = split /\t|\n/;
	$upass = crypt($upass, $salt);
	if (($ulogin eq $user) && ($upass eq $pass)) {
		$FileInvisible &= $uflags;
		$DirInvisible &= $uflags;
		$DirCreate &= $uflags;
		$LimitUpdate &= $uflags;
		$results=1;
	}
		return $results;
}

sub GetAction	{
# Evaluate all form data
	$submitted = $cgi->param('choose');
	$option = $cgi->param('sname');
	$newname = $cgi->param('new');
	if ($submitted eq 'New Directory') {
		HTML_MkDir ();		
	}
	elsif ($submitted eq 'Create') {
		if ($newname) {
			$mydir = $mydir."/".$newname;
			mkdir ($root.$mydir , 0777) || Error ('make directory','(onwership or permissions problem)');
			HTML_ShowFiles ();
		}
	}
	elsif ($submitted eq 'Remove Directory') {
		if (($option ne '..') || !$option) {
			if (rmdir("$root/$mydir/$option") eq 0){
				PrintData($option, 'not empty? or permissions problem') 
			}
			else {
				HTML_ShowFiles ();
			}
		}
	}
	elsif ($submitted eq 'Select Directory') {		
		if ($option eq '..') {
# if string has no '/' then infinite loop w/o empty string test
				until (($i eq '/') || !($mydir)) {$i=chop($mydir)}; 
		}
		elsif ($option) {
				$mydir = $mydir."/".$option;
		}
		
		HTML_ShowFiles ();
	}
	elsif ($submitted eq 'New File') {
		$newname = '';
		HTML_EditFile ();
	}
	elsif ($submitted eq 'Remove File') {
		if ($option) {
			unlink("$root/$mydir/$option");
		}
		HTML_ShowFiles ();
	}
	elsif (($submitted eq 'Edit File') && $option) {
		$newname = $option;
		HTML_EditFile ();
	}
	elsif ($submitted eq 'Upload') {
		$upload = $cgi->param('upload');
		if ($upload) {
			$_ = $upload;
			s/\w:/\//g;		#for Mac OS 9
			s/\w\\/\//g;	#for Windows
			s/([^\/\\]+)$//;
			$_ = $1;
			s/\.\.+//g;
			s/\s+//g;
			$filename = $_;
			$tofile = $root.$mydir.'/'.$filename;
		open(FILEHANDLE,'>',$tofile) || Error('Error opening file '," $filename for writing!");
		binmode FILEHANDLE;
		while (read($upload,$buff,1024)) {
				if ((++$size > $MAX_SIZE) && ($LimitUpload)) {
					last;
					$size = 0;
				}
				else {
					print FILEHANDLE $buff;
				}
		}
		close(FILEHANDLE);
			$size = (stat ($tofile))[7];
		if ($size <= 0) {
				unlink($tofile);
				Error($tofile, "$size write unsuccesful");
			}
		}
		HTML_ShowFiles();
	}
	elsif (($submitted eq 'Save') || ($submitted eq 'Draft')) {
		$option =$option.'.'.$draft if ($submitted eq 'Draft');
		$filename = $root.$mydir.'/'.$option;
		$msg = $cgi->param('body');
		$Mon = $cgi->param('fmonth');
		$Day = $cgi->param('fday');
		$Yr = $cgi->param('fyear');
		$Hr = $cgi->param('fhour');
		$Min = $cgi->param('fmin');
		$Sec = $cgi->param('fsec');
		if (($Mon > 0) && ($Day > 0)) {
			eval {$mtime = timelocal($Sec, $Min, $Hr, $Day, $Mon-1, $Yr) };
			Error ('continue', "invalid Date or Time entry") if $@;
		}
		else {
			$mtime=time();
		}
		$title = $cgi->param('title');
		@fcontent = $cgi->param('body');
		open(FILEHANDLE,">$filename") || Error('Error opening file '," $option for writing!");
		print FILEHANDLE "$title\n";
		foreach (@fcontent) { print FILEHANDLE $_ }
		close(FILEHANDLE);
		utime $mtime, $mtime, $filename;
		HTML_ShowFiles();
	}
	elsif ($submitted eq 'Logout') {
		$Xpiration='now';
		HTML_Login();
	}
	else {
		HTML_ShowFiles();
	}
}

sub Error
{
	print $cgi->header();
	print $cgi->start_html('Error!');
	print "$_[0]	$_[1]: $! \n";
	print $cgi->end_html;
	exit;
}

sub PrintData {
#was for debugging now for warn
	print $cgi->header();
	print $cgi->start_html('data');
	print "$_[0] $_[1]";
	print $cgi->end_html;
}