#!/usr/bin/perl

require 'common.pl';
use strict;
use CGI "escapeHTML";

sub main($)
{
  my ($dbh) = @_;
  my $q = new CGI;

  if( !$q->param('v') && !$::default_view )
  {
    mysql_log($dbh, $q, 'No View');
    print('Location: '.$::base_url."\n\n");
    return( 0 );
  }

  my $viewname = $q->param('v') || $::default_view;
  if( $viewname !~ /^[\d\w][\d\w\_\.\,-]+[\d\w]$/ )
  {
    mysql_log($dbh, $q, 'Illegal View');
    print('Location: '.$::base_url."\n\n");
    return( 0 );
  }
  my $viewname = $::login_pool.'/'.$viewname;
  if( !-f($viewname) || !-r($viewname) )
  {
    mysql_log($dbh, $q, 'View not found');
    print('Location: '.$::base_url."\n\n");
    return( 0 );
  }

  my $viewtext;
  if( open(VIEW, $viewname) )
  {
    $viewtext = join('', <VIEW>);
    close(VIEW);
  }

  my $showtext = '';
  my @viewdata = split(/(\[[A-Z]+\])/, $viewtext);
  foreach my $viewpart (@viewdata)
  {
    if( $viewpart =~ /^\[PASS\]$/ )
    {
      $showtext .= '<input type="text" size="24" name="p" />';
    }
    elsif( $viewpart =~ /^\[LOGIN\]$/ )
    {
      $showtext .= sprintf('<input type="hidden" name="u" value="%s" /><input type="hidden" name="v" value="%s" /><input type="submit" value="Login" />', escapeHTML($q->param('u')), escapeHTML($q->param('v')||$::default_view));
    }
    elsif( $viewpart =~ /^\[EMAIL\]$/ )
    {
      if( $q->param('u') )
      {
        $showtext .= escapeHTML(decode_base64($q->param('u')));
      }
      else
      {
        $showtext .= '<input type="text" size="24" name="e" />';
      }
    }
    else
    {
      $showtext .= $viewpart;
    }
  }
  print("Content-type: text/html\n\n");
  print($showtext);
}

my $dbh;
if( $dbh = mysql_connect() )
{
  main($dbh);
  mysql_disconnect($dbh);
}

exit( 0 );