#!/usr/local/bin/perl

##
# $Id: webadmin.cgi,v 1.4 1998/06/10 08:08:29 falcon Exp $
##

$| = 1;

$debug = 0;

use CGI qw(:standard);

require "lib-webadmin.pl";

$query = new CGI;
$baseurl = setBaseUrl();

$cookie_name = "WebAdminAuth";
$cookie_expiretime = "+8h";
$got_cookie = 0;
$logged_in = 0;
$access = 0;
$found_unix = 0;
$header_sent = 0;
$menu_dir = "menus";
$mainMenu_file = $menu_dir . "/main.mnu";
$conf_dir = "conf";
$admins_file = $conf_dir . "/admins";
$sessionID_dir = "sessionID";
@saltset = ('a' .. 'z', 'A' .. 'Z', '0' .. '9', '.' .. '/');


if($ARGV[0] eq "logout")
{
  doLogout();
  printLoginPage("Please login");
  exit;
}


##
# First thing we want to do here is see if we can get a session cookie
##

%authinfo = cookie($cookie_name);

if(defined %authinfo)
{
  $got_cookie = 1;
  $logged_in = 1;
  $sessionID = $authinfo{sessionID};
  $sessionID_file = "$sessionID_dir/$sessionID";

  if(-e $sessionID_file)
  {
    open(SESSION_FILE, "$sessionID_file") || html_abort("Can't open $sessionID_file : $!\n");

    while($ses_line = <SESSION_FILE>)
    {
      ($working_user, $remote_addr, $login_time, $last_click) = split(/:/, $ses_line);
    }

    close(SESSION_FILE);

  }
  else
  {
    $logged_in = 0;
    $status_text = c_str("ERROR", "red") . " : Couldn't Find a session file.  Perhaps you timed out?<br>";
    doLogout();
  }
}
elsif($query->param("username"))
{
  $sessionID = time() . "p" . $$;
  $sessionID_file = "$sessionID_dir/$sessionID";
  $working_user = $query->param(username);
  $working_passwd = $query->param(password);
  open(USERS, "$admins_file") || html_abort("Can't open $admins_file : $!\n");
  
  while($a_line = <USERS>)
  {
    next if($a_line =~ /^#/ || $user_line =~ /^\n/);
    chop($a_line);

    ($a_username, $a_passwd, $a_add_perm, $a_mod_perm, $a_del_perm, $a_admin_perm) = split(/:/, $a_line);

    if($a_username eq $working_user)
    {
      $access = 1;
      last;
    }
  }

  close(USERS);

  if($access && ($a_passwd eq "unix"))
  {
    while(($pw_username, $pw_passwd) = getpwent)
    {
      if($pw_username eq $working_user)
      {
        $found_unix = 1;
        if(crypt($working_passwd, $pw_passwd) eq $pw_passwd)
        {
          $authinfo{sessionID} = $sessionID;
          $logged_in = 1;
          $title = "Hello, $working_user, nice to see you again.";
          $status_text = "Dave's not here man!";
          $login_time = time();
          $last_click = $login_time;
          $remote_addr = $ENV{REMOTE_ADDR};

          open(SESSION_FILE, ">$sessionID_file") || html_abort("Can't open $sessionID_file : $!\n");

          print SESSION_FILE "$working_user:$remote_addr:$login_time:$last_click\n";
          close(SESSION_FILE);
          last;
        }
        else
        {
          $title = "Access Denied!";
          $status_text = c_str("ERROR", "red") . " : Invalid login.  Password didn't match.";
          last;
        }
      }
    }

    if(! $found_unix)
    {
      $title = "Access Denied!";
      $status_text = c_str("ERROR", "red") . " : You're in the access file and you're auth type is unix password... I can't find a unix account for you, so something is wrong.";
    }
  }
  elsif($access && (crypt($working_passwd, $a_passwd) eq $a_passwd))
  {
    $authinfo{sessionID} = $sessionID;
    $logged_in = 1;
    $title = "Hello, $working_user, nice to see you again.";
    $status_text = "Dave's not here man! But Joe is!";
    $login_time = time();
    $last_click = $login_time;
    $remote_addr = $ENV{REMOTE_ADDR};
    
    open(SESSION_FILE, ">$sessionID_file") || html_abort("Can't open $sessionID_file : $!\n");
  
    print SESSION_FILE "$working_user:$remote_addr:$login_time:$last_click\n";  
    close(SESSION_FILE);
    #last;
  }
  elsif($working_user)
  {
    $title = "Access Denied!";
    $status_text = c_str("ERROR", "red") . " : User is not in access file!";
  }
}

if((!param() && ! $logged_in) || ! $logged_in)
{
  unless($header_sent) 
  { 
    $test_cookie =  cookie(-name=> 'TestCookie',
                           -expires => '$cookie_expiretime',
		           -value => 'Hi_I_am_A_Test_Cookie'); 
    print header(-cookie => $test_cookie);
    $header_sent = 1;
  }
  printLoginPage("Please login");
}
elsif($logged_in && ! $action)
{
  
  if(! defined (cookie("TestCookie")))
  {
    print header();
    print "Guess what?  You have cookies turned off.\n<br>";
    print "Cookie support is required to use this tool, please turn them on and try again.<br>\n";
    exit;
  }
   
  if(! $got_cookie)
  {
    $cookie = cookie(-name=>$cookie_name,
                     -value=>\%authinfo,
                     -expires=>$cookie_expiretime);

    print header(-cookie => $cookie);
    #print header(-cookie => $cookie, -expires => '-1d');
    $header_sent = 1;

  }
  unless($header_sent) { print header(-expires => '-1d'); $header_sent = 1;}

  $path_info = path_info();

  if(($path_info =~ s/\///) && $path_info eq "useradm")
  {
    unless($header_sent) { print header(-expires => '-1d'); $header_sent = 1;}
    printPageHead();
    print "path_info : $path_info\n";
    printCommonMNU();
    printPageFoot();
    exit;
  }
  elsif($path_info eq "dnsadm")
  { 
    unless($header_sent) { print header(-expires => '-1d'); $header_sent = 1;}
    printPageHead();
    print "path_info : $path_info\n";
    printCommonMNU();
    printPageFoot();
    exit;
  }
  elsif($path_info eq "phonelog")
  {
    unless($header_sent) { print header(-expires => '-1d'); $header_sent = 1;}
    printPageHead();
    print "path_info : $path_info\n";
    printCommonMNU();
    printPageFoot();
    exit;
  }
  elsif($path_info)
  {
    unless($header_sent) { print header(-expires => '-1d'); $header_sent = 1;}
    printPageHead();
    print "path_info : $path_info\n";
    printCommonMNU();
    printPageFoot();
    print end_html();
    exit;
  }

  printMainMenuPage();
}
else 
{
  print header(-expires => '-1d');
  printPageHead();
  print "<br><a href=\"webadmin.cgi\">Main Menu</a>";
  print "wrong usage!\n<br>\n";

  @names = $query->param;

  foreach $name (@names)
  {
    $value = $query->param($name);
    print "$name : $value <br>\n";
  }
 
  printPageFoot();
}


sub printLoginPage
{
  my($title) = shift;
  printPageHead($title);
  printStatusText();
  print "(", (keys %authinfo), ",", $authinfo{sessionID}, ",$got_cookie,$logged_in)" if($debug);
  printLoginForm();
  printPageFoot();
}

sub printLoginForm
{
  print $query->startform("POST", "$base_url/webadmin.cgi");

  print "<center><table border=0 width=\"100%\">\n";
  print "<tr>";
  print <<EOF;

  <td align="right"><b>Username : </b>
  </td>
  <td>
EOF
  print $query->textfield('username', '', 8, 8);
  print "</td>";
  print "</tr>";
  print "<tr>";
  print <<EOF;

  <td align="right"><b>Password : </b>
  </td>
  <td>
EOF
  print $query->password_field('password', '', 8, 8);
  print "</td>";
  print "<tr>";
  print <<EOF;
  <td align="">
  </td>
  <td align="left">
EOF
  printButton("login", "images/login-brown.jpg");
  print "</td>";
  print "</tr>";
  print "</table></center>";
  print $query->endform();
}

sub doLogout()
{
  my(%authinfo) = cookie($cookie_name);

  if(defined %authinfo)
  {
    $got_cookie = 0;
    $logged_in = 0;
    $sessionID = $authinfo{sessionID};
    $sessionID_file = "$sessionID_dir/$sessionID";
 
    $cookie = $query->cookie(-name => $cookie_name,
                             -value => 'null'
                             -expires => '-1d');

    print $query->header(-cookie => $cookie);
    
    $header_sent = 1;

    if(-e $sessionID_file)
    {
      unlink($sessionID_file) || html_abort("Can't delete $sessionID_file : $!\n")
;
    }
  }
  else 
  {
    print $query->header();
    $status_text = c_str("ERROR", "red") . " : Not logged in.\n";
  }
}

sub printMainMenuPage
{
  #($status_text) = shift;
  printPageHead("Main Menu");
  open(MAINMENU, "$mainMenu_file") || html_abort("Can't open $mainMenu_file : $!\n");
  while($mnu_line = <MAINMENU>)
  {
    chop($mnu_line);
    ($mnu_keyword, $mnu_desc, $mnu_url, $mnu_gfx) = split(/:/, $mnu_line);
    print "<br>\n";
    print "<a href=\"$base_url/webadmin.cgi$mnu_keyword\">$mnu_desc</a>\n";
  }
  close(MAINMENU);
  printCommonMNU();
  printPageFoot();
}