#!/usr/local/bin/perl

require ('cgi-lib.pl');

&ReadParse;

print "Content-type: text/HTML\n\n";

# ###    Arnon Yaar 7/99    ###
# Originally - the inputs will come from the side form. After the first refresh - 
# the cgi will pass to auto.cgi the refrate in the query string, which will refresh to itself.
# This script (board.cgi) will take care of updating the DataBase too.

# In case that input from the side bar exsists:
$name    =$in{'name'};
$address =$in{'email'};
$message =$in{'message'};
$refRate =$in{'refresh'};
$IPaddress = $ENV{'REMOTE_ADDR'};

# Get the mirrored message (The if is for the case of old browsers that didn't execute the swap)
$real=$in{'realmessage'};
if ($message eq '' and $real ne '') { $message=$real;}

# calculate the current time:
@time_array = localtime(time());
$month=1+$time_array[4];
$day=$time_array[3];
$year=$time_array[5];
$hour=$time_array[2];
$minutes=$time_array[1];
if ($minutes<10) {
	$minuteString = "0$minutes";
} else {
	$minuteString = "$minutes";
}
$date="$month/$day/$year\&nbsp\;$hour:$minuteString";


####################################################################

# contents tests:
# if there is something in $name -  then activate DBupdate
if ($name ne '' and $message ne '') {
	# only if there is a name and a message 
        # - execute security test on the texts 
	#   and then update DB

# Security check for all the fields:
$name=testChars($name);
$address=testChars($address);
$message=testChars($message);

# email test - make sure the address looks something like an Email (otherwise - ignore it)
# - Create a mailto string that will always appear (and may be void if the address is to be ignored)
if ($address =~ /@/ )   {
	$hrefStart = qq*<A HREF="mailto:$address">*;
	$hrefEnd   = "</A>";
} else {
	$hrefStart = "";
	$hrefEnd   = "";
}


####################################################################

# Update the DB with a new message:
open (DATABASE, "database.txt") || die " Can't open file: $!";
flock (DATABASE, 2);
open (TEMP, ">secondDB.txt") || die " Can't open file: $!";
flock (TEMP, 2);

print TEMP <<EOT2;
<BR>$hrefStart<B>$name</B>$hrefEnd\&nbsp\;<B>($date)</B><!-- $IPaddress refarate:$refRate -->\&nbsp\;\&nbsp\;$message
EOT2

while (<DATABASE>) {
	print TEMP "$_";
}
close (DATABASE);
close (TEMP);

open (DATABASE, ">database.txt") || die " Can't open file: $!";
open (TEMP, "secondDB.txt") || die " Can't open file: $!";
while (<TEMP>) {
	print DATABASE "$_";
}
close (DATABASE);
close (TEMP);
flock (DATABASE, 8); 
flock (TEMP, 8); 
} #... end of if($name ne '')

####################################################################

# Print the actual HTML
# first stage - prepare a couple of header strings;

# Create a refresh string that will always appear in the html header 
# ( but sometimes will be void):
if ($refRate eq '' or $refRate eq '0') {
	$refreshString="";
} 
else {
	$refreshString=qq*<META HTTP-EQUIV="Refresh" CONTENT="$refRate; URL=auto.cgi?$refRate">*;
}

# create the actual HTML header string:
$header=<<EOT1;
<html>
<head>
<!-- Arnon 7/99 -->
<title>Chat & Discussion</title>
</head>
$refreshString
<body background="../images/background.jpg" bgcolor="white" text="maroon">

EOT1

print $header; 

# and now - print from the DB:
open (DATABASE, "database.txt") || die " Can't open file: $!";
while (<DATABASE>){
	print "$_";
}
close (DATABASE);

print "</body></html>";



####################################################################

# subroutine for security tests on a string.
# This subroutine will change "suspicious" characters with leagal ones.
sub testChars {
local ($tested)=@_;
$tested =~s/\;/\:/g;
$tested =~s/\</&lt\;/g;
$tested =~s/\>/&gt\;/g;
return ($tested);
}