#!/usr/bin/perl -w # print HTTP headers print "Content-type:text/html\n\n"; # be anal retentive use strict; use CGI::Carp qw(fatalsToBrowser set_message); BEGIN { sub handle_errors { my $msg = shift; print "

The Calendar Update program has encountered an error.


Exiting...
"; print "$msg"; print "
$!"; } &set_message (\&handle_errors); } $| = 1; # flush buffers after each print # initialize the $ENV hash $main::ENV = \%ENV; # grab & parse input my $FORM = &parseSTDIN(); # grab templates my $templatehead = &suckFile("./templates/cal/templatehead.html"); my $templatefoot = &suckFile("./templates/cal/templatefoot.html"); # where's the password db? my $adminpassfile = "./data/pwddb.txt"; # autoload the default methods for this program if no parameters are passed &default() if $ENV->{CONTENT_LENGTH} == 0; # validate program caller when command parameters are passed &validateCaller(); # if your directives don't include a stage=3 parameter, perform the validation sequence &validateAdmin() unless $FORM->{stage} eq "3" or $FORM->{aheadto} eq "2"; # but if your input comes from an approved source, and includes the stage=3 parameter, allow editing of the events database if ($FORM->{stage} eq "3") { &saveChanges(); } # exit exit; # --------------- end main program block ---------------- # --------------- define subroutines ---------------- sub validateCaller { # authenticate program caller my @allowed = ("adoula4u.com/cgi-bin/calupdate.cgi", "adoula4u.com/cgi-bin/admin.cgi"); print qq|${$templatehead}
Execution of this program has aborted.

Error:
Unauthorized Use of this program is prohibitted.
This program was called by an unrecognized Referrer and is now exiting.

Program called from $ENV->{HTTP_REFERER}, $ENV->{REMOTE_ADDR} at |. time. qq| UTC.
Your IP address has been logged.
${$templatefoot}| and exit unless (lc($ENV->{HTTP_REFERER}) =~ m/($allowed[0])|($allowed[1])/i); } # end sub validateCaller # get the file I want sub suckFile { if (wantarray()) { open(FILE, $_[0]) or die "can't open $_[0] for reading: $!"; my @file = ; close FILE; return @file; } elsif ((wantarray()) eq "") { my $file; open(FILE, $_[0]) or die "can't open $_[0] for reading: $!"; while () { $file .= $_; } close FILE; return \$file; } else { carp "Subroutine &suckFile() was called in void context"; } } # end sub suckFile sub parseSTDIN { my $FORM = {}; my $buffer = ''; read STDIN, $buffer, $ENV->{CONTENT_LENGTH}; my @pairs = split (/&/, $buffer); foreach my $pair (@pairs) { my ($name, $value) = split /=/, $pair; $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $FORM->{$name} = $value; } # close foreach loop return $FORM; } # end sub parseSTDIN sub default { my $login_box = &make_Login(); print qq|${$templatehead}
${$login_box} ${$templatefoot}|; exit; } # end sub default sub getEvents { my $records; open(EVDB,"./data/eventdb.txt") or die "can't open calendar of events database for reading: $!"; while () { chop; my($r) = {}; ( $r->{'recid'}, $r->{'eventname'}, $r->{'eventdate'}, $r->{'eventday'}, $r->{'eventtime'}, $r->{'eventlocation'}, $r->{'eventdesc'}, $r->{'contactinfo'}, $r->{'directions'}, $r->{'notes'}, $r->{'sponsorship'}, $r->{'legalinfo'}, $r->{'other'} ) = split /~=~~=~/, $_ if length($_) > 0; # don't waste cpu cycles on empty db lines push(@$records, $r) if $r->{'recid'}; # don't stuff empty entries into our in-memory copy of the db } # end while close(EVDB); # $records is now a reference to an anonymous array whose indicies are references to anonymous hashes containing # one record each from the database. The new in-memory database is accessible via ' @{$records} '. Each record is # accessible via the ${@{$records}->[$i]} syntax, while the individual record fields are accessible via the # ${@{$records}->[$i]}{'fieldname'} syntax. return $records; } # end sub getEvents sub make_Login { my $login_box = qq|

In order to edit the Events that are currently displayed on the 'calendar' page of this website you will need to sign in below.

User name:
Password:
|; return \$login_box; } # end sub make_Login sub formatForAdmin { my $events = &getEvents("./data/eventdb.txt"); my $formattedEvents = qq|
Want to add a new Event?

Event Name
Event Day
Date ( MM/DD/YYYY )
Time
Event Location
Contact Information

Event Description:


Directions to this event:


Sponsorship Info:


Legal Info:


Notes:


Other:





Event Database - Current Entries
    |; my $i = 0; foreach (@{$events}) { $formattedEvents .= qq|
  1. Delete this event?
    • Event: ${@{$events}->[$i]}{'eventname'}
      ${@{$events}->[$i]}{'eventtime'}, ${@{$events}->[$i]}{'eventday'}, ${@{$events}->[$i]}{'eventdate'}
    • Location: ${@{$events}->[$i]}{'eventlocation'}
    • Contact Information: ${@{$events}->[$i]}{'contactinfo'}
    • Sponsorship: ${@{$events}->[$i]}{'sponsorship'}
    • Event Description:
      ${@{$events}->[$i]}{'eventdesc'}
    • Directions to this event:
      ${@{$events}->[$i]}{'directions'}
    • Notes: ${@{$events}->[$i]}{'notes'}
    • Legal Info: ${@{$events}->[$i]}{'legalinfo'}
    • Other: ${@{$events}->[$i]}{'other'}



    2. |; $i++; } $formattedEvents .= qq|
|; return \$formattedEvents; } # end sub formatForAdmin sub validateAdmin { unless (open PWDDB, $adminpassfile) { print "
Can't open pwddb for reading: $!\n"; exit; } my $pwd = ; close PWDDB; my $salt = "tommy"; my $comparegiven = crypt ($FORM->{pwd}, $salt); if ($comparegiven ne $pwd) { #print "
$comparegiven ne @pwd

"; print "Access Denied. Invalid password. You do not have access to the "; print "administrative console of this program."; exit; } if ($FORM->{usr} ne "usums") { print "Access Denied. Invalid Username. You do not have access to the "; print "administrative console of this program."; exit; } else { &enter(); } } # end sub validateAdmin sub enter { my $formattedEvents = &formatForAdmin(); print qq| ${$templatehead} ${$formattedEvents} ${$templatefoot}|; exit; } # end sub enter sub saveChanges { my $recid = &getUniqueID(rand); my $oldrecs = &getEvents(); print ${$templatehead}; foreach my $key (keys %{$FORM}) { # set empty values to 'null' if ($FORM->{$key} eq '') { $FORM->{$key} = "null"; } # substitute carriage returns with HTML
's for all input fields $FORM->{$key} =~ s/\n/\/gsi; # delete this record? &killRec($oldrecs, $FORM->{$key}) if $key =~ m/kill/i; } sub killRec { my $oldrecs = $_[0]; my $i = 0; foreach (@{$oldrecs}) { if ($_[1] eq "kill_${@{$oldrecs}->[$i]}{'eventname'}") { ${@{$oldrecs}->[$i]}{'eventname'} = 'killme'; } $i++; } } if ($FORM->{eventname} ne 'null' and $FORM->{eventdate} ne 'null') { my $newrec = {recid => ${$recid}, eventname => $FORM->{eventname}, eventdate => $FORM->{eventdate}, eventday => $FORM->{eventday}, eventtime => $FORM->{eventtime}, eventlocation => $FORM->{eventlocation}, eventdesc => $FORM->{eventdesc}, contactinfo => $FORM->{contactinfo}, directions => $FORM->{directions}, notes => $FORM->{notes}, sponsorship => $FORM->{sponsorship}, legalinfo => $FORM->{legalinfo}, other => $FORM->{other}}; push (@saveChanges::allrecs, $newrec); } my $n = 0; foreach (@{$oldrecs}) { push(@saveChanges::allrecs, $oldrecs->[$n]); $n++; } &overwriteFile(@saveChanges::allrecs); my $formattedFAQs = &formatForAdmin(); print ${$formattedFAQs}; print ${$templatefoot}; exit; } # end sub saveChanges sub getUniqueID { my $randed = rand; $randed = crypt($randed, $_[0]); $randed =~ s/(\W|\.)//gs; return \$randed; } # end sub getUniqueID sub overwriteFile { open(FILE, ">./data/eventdb.txt") or die "can't open eventDB for writing: $!"; my $i = 0; foreach (@_) { my $r = \%{$_[$i]}; unless ($r->{'eventname'} eq 'killme') { print FILE join("~=~~=~", $r->{'recid'}, $r->{'eventname'}, $r->{'eventdate'}, $r->{'eventday'}, $r->{'eventtime'}, $r->{'eventlocation'}, $r->{'eventdesc'}, $r->{'contactinfo'}, $r->{'directions'}, $r->{'notes'}, $r->{'sponsorship'}, $r->{'legalinfo'}, $r->{'other'}); print FILE "\n"; } $i++; } close FILE; } # end sub overwriteFile __END__