##################################
###CONFIGURATION##################
##################################
##################################
###FULL URL of BBS################
##################################
$BBS_HOME='::';
##################################
###DISPLAY DIRECTORY##############
##################################
$HTML_DIR='::html';
$ERROR='error.html';
$ERROR_CHAR='error-char.html';
$SUCCESS='success.html';
###################################
###STORAGE DIRECTORY###############
###################################
# This directory should be "server" readable/writeable/executable only.
$STORAGE_DIR='::message';
# The files below should be world readable/writable only.
$ERROR_COLLECT='error-collect.txt';
$SUCCESS_COLLECT='bbs-data.html';
$TOKEN_FILE ='counter';
$THREAD_TOKEN ='thread_counter';
# if your system does not support the flock() function, comment this out, or set it to 0.
# the latest edition of NT Perl, as well as all unix perl should have flock build in.
$flock_exists = 1;
##################################
### END OF CONFIGURATION #########
##################################
### APPEND DIRECTORY with FILE ###
##################################
 $ERROR = $HTML_DIR.':'.$ERROR;
$ERROR_CHAR = $HTML_DIR.':'.$ERROR_CHAR;
$SUCCESS = $HTML_DIR.':'.$SUCCESS;
$TMP = $STORAGE_DIR.':'.($$).".tmp";
$ERROR_COLLECT = $STORAGE_DIR.':'.$ERROR_COLLECT;
$INDEX_FILE = $STORAGE_DIR.':'.$SUCCESS_COLLECT;
$TOKEN_FILE = $STORAGE_DIR.':'.$TOKEN_FILE;
$THREAD_TOKEN = $STORAGE_DIR.':'.$THREAD_TOKEN;
###################################


print "Content-type: text/html\n\n";
#
# This reads in the information sent when the user pressed Submit
#
if ($ENV{'REQUEST_METHOD'} eq "GET") { $buffer = $ENV{'QUERY_STRING'}; }
else { read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); }
#
# Now, using a little loop, we'll split up the data into name/value
# pairs, which makes them easier to work with. 
#
@pairs = split(/&/, $buffer);
foreach $pair (@pairs)
{
    ($name, $value) = split(/=/, $pair);
    $value =~ tr/+/ /;
    $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
	 
    $FORM{$name} = $value;
}
#
# Once the name/value pairs have been created, you can work with
# them by referring to the variable names you set up in the 
# original HTML, using $FORM{"varname"}.
#
#
# First, we make sure that they actually gave an email address
#
#check for error -- REQUIRE ALL
&notcomplete unless $FORM{'thread'} && $FORM{'time'} && $FORM{'RealTime'};
#$FORM{'name'} =~ s/([\(\)\>\<\"\'])/\\$1/g;
$FORM{'name'} =~ tr/\n//d;
#$FORM{'email'} =~ s/([\(\)\>\<\"\'])/\\$1/g;
$FORM{'email'} =~ tr/\n//d;
# $FORM{'subject'} =~ s/([\(\)\>\<\"\'])/\\$1/g;
$FORM{'subject'} =~ tr/\n//d;
#$FORM{'body'} =~ s/([\(\)\>\<\"\'])/\\$1/g;
$body = $FORM{'body'};
$body =~ s/\r//g;
$body =~ s/\n/<br>/g;
$name = $FORM{'name'};
$name =~ s/\r//g;
$name =~ s/\n/<br>/g;
$email = $FORM{'email'};
$email =~ s/\r//g;
$email =~ s/\n/<br>/g;
$subject = $FORM{'subject'};
$subject =~ s/\r//g;
$subject =~ s/\n/<br>/g;
$subject2 = $subject;
$subject2 =~ s/\"/\\\"/g;
$name2 = $name;
$name2 =~ s/\"/\\\"/g;

### The following 3 field is internal and self generating. user have no business
### to generate beyond the set allowed 
&invalidchar if $FORM{'RealTime'} =~ /([*\|\;\&\\\~\^\[\]\$\.\(\)\>\<\"\'\n\r])/;
&invalidchar if $FORM{'thread'} =~ /([A-z*\|\;\&\\\~\^\[\]\$\.\(\)\>\<\"\'\,\n\r])/;
&invalidchar if $FORM{'time'} =~ /([A-z*\|\;\&\\\~\^\[\]\$\.\(\)\>\<\"\'\,\n\r])/;
&invalidchar if $FORM{'parent'} =~ /([A-z*\|\;\&\\\~\^\[\]\$\.\(\)\>\<\"\'\,\n\r])/;
$realTime = $FORM{'RealTime'};
$realTime =~ s/_/ /g;
&makeMessage;
&addToIndex;
&success;
exit;
#######################################################################
 ############################  Add to data file  #######################
#######################################################################
sub addToIndex {
    select(STDOUT);
    open(toINDEX,"$INDEX_FILE") || die "can't open $INDEX_FILE\n";
    &lock(toINDEX);
    open(temp, "> $TMP") || die "can't open $TMP\n";
    while(<toINDEX>){
        if(/<!--insertion point-->/){
            print temp "parent.addpbbsArray(\"$subject2\",$FORM{'time'},\"$realTime\",\"$name2\",$FORM{'thread'},\"message/$file_handle.html\",\"$FORM{'parent'}\",\"$file_handle\")\n<!--insertion point-->\n";
        }
        else {
            print temp $_;
        }
    }
    &unlock(toINDEX);
    close(toINDEX);
    close(temp);
       rename($TMP, $INDEX_FILE);
}
######################################################################
############################  Make .dat file    ######################
######################################################################
sub makeMessage {
    select(STDOUT);
    $file_handle = getToken();
    open(NEW,">> $STORAGE_DIR:$file_handle.html") || die "can't open $STORAGE_DIR:$file_handle.html\n";
    select(NEW);
print <<"DONE";
<html>
<META HTTP-EQUIV="Expires" CONTENT="Sat, 29 Sep 1973 23:59:00 GMT">
<head>
    <title>$subject</title>
</head>
<body bgcolor="#FFFFFF">
<script language="JavaScript">
<!--
    var coun = navigator.appVersion.indexOf("(");
    var last = navigator.appVersion.lastIndexOf(";");
       document.write('<a href="#" onclick=parent.goNgbr($file_handle,"Prev")><img src="../image/previous.gif" border=0></a>');
       document.write('<a href="#" onclick=parent.goNgbr($file_handle,"Next")><img src="../image/next.gif" border=0></a>');
       document.write('<a href="../cgi-bin/submit-bbs-form.cgi?$FORM{'thread'}" target="message"><img src="../image/reply.gif" border=0></a><br>');	
//-->
</script><hr>
<pre>
<b>Name</b>:    $name
<b>Email</b>:   <a href=mailto:$email>$email </a> 
<b>Subject</b>: $subject
<b>Thread</b>:  $FORM{'thread'}
<b>Time</b>:    $realTime
</pre><hr>
<!-- since 1/1/70 GMT$FORM{'time'} -->
<b>
    $body
</b>
</body>
</html>
DONE
    close(NEW);
}
###############################################################################
############################  Get Token #######################################
sub getToken{
######
#lock
######
    open(TOKEN,"$TOKEN_FILE") || die "can't open $STORDIR:$file_handle.html\n";
    &lock(TOKEN);
    while (<TOKEN>) {
        $tokenReturn  = "$_";
        chop($tokenReturn);
    }
    close(TOKEN);
    open(TOKEN,"> $TOKEN_FILE") || die "can't open $STORDIR:$file_handle.html\n";
    $tokenNext = $tokenReturn + 1;
    select(TOKEN);
 print <<"DONE";
$tokenNext
DONE
    &unlock(TOKEN);
    close(TOKEN);
    select(STDOUT);
    return $tokenReturn;
#######
#unlock
#######
}
sub lock{
}
sub unlock{
}
###############################################################################
############################  Complete/Success  ###############################
###############################################################################
sub success{
    select(STDOUT);
    open(EP,"$SUCCESS");
    while(<EP>){
        $tk = "$_";
       $tk =~ s/\#\#\#\#HOME-LOCATION\#\#\#\#/$BBS_HOME/;
        print "$tk";
    }
    close(EP);
    exit;
}
###############################################################################
############################  Incomplete Error  ###############################
###############################################################################
sub notcomplete {
    select(STDOUT);
    open(EP,"$ERROR");
    while(<EP>){
        print "$_";
    }
    close(EP);
    exit;
} 
###############################################################################
############################  Invalid char  ###############################
###############################################################################
sub invalidchar {
    select(STDOUT);
    open(EP,"$ERROR_CHAR");
    while(<EP>){
        print "$_";
    }
    close(EP);
    exit;
}