#!/usr/bin/perl

require 'common.pl';
use strict;
use CGI "escapeHTML";

sub main($)
{
  my ($dbh) = @_;
  my $q = new CGI;

  if( !$q->param('v') && !$::default_view )
  {
    mysql_log($dbh, $q, 'No View');
    print('Location: '.$::base_url."\n\n");
    return( 0 );
  }

  my $viewname = $q->param('v') || $::default_view;
  if( $viewname !~ /^[\d\w][\d\w\_\.\,-]+[\d\w]$/ )
  {
    mysql_log($dbh, $q, 'Illegal View');
    print('Location: '.$::base_url."\n\n");
    return( 0 );
  }
  my $viewname = $::view_pool.'/'.$viewname;
  if( !-f($viewname) || !-r($viewname) )
  {
    mysql_log($dbh, $q, 'View not found');
    print('Location: '.$::base_url."\n\n");
    return( 0 );
  }

  my $viewtext;
  if( open(VIEW, $viewname) )
  {
    $viewtext = join('', <VIEW>);
    close(VIEW);
  }

  my @files = listFiles($dbh, $q);

  my $showtext = '';
  my @viewdata = split(/(\[DOWNLOAD:[\d\w][\d\w\_\.\,-]+[\d\w]\])/, $viewtext);
  foreach my $viewpart (@viewdata)
  {
    if( $viewpart =~ /^\[DOWNLOAD:([\d\w][\d\w\_\.\,-]+[\d\w])\]$/ )
    {
      my $file = $1;
      my $name = $file;
      $q->param('f', $file);
      my $namehash;
      ($namehash) = mysql_hashrefs($dbh, "SELECT Name FROM files WHERE File = ? AND User = ? AND Active = 'Y'", $file, decode_base64($q->param('u')||''));
      if( !$namehash )
      {
        ($namehash) = mysql_hashrefs($dbh, "SELECT Name FROM files WHERE File = ? AND User = '-' AND Active = 'Y'", $file);
      }
      if( !$namehash )
      {
        ($namehash) = mysql_hashrefs($dbh, "SELECT Name FROM files WHERE File = ? AND User = '*' AND Active = 'Y'", $file);
      }
      if( $namehash )
      {
        $name = $namehash->{Name};
      }
      if( grep { $_ eq $file } @files )
      {
        $showtext .= genDownloadLink($q, $name);
      }
      else
      {
        $showtext .= genDownloadLink($q, $name, 1);
      }
    }
    else
    {
      $showtext .= $viewpart;
    }
  }
  print("Content-type: text/html\n\n");
  print($showtext);
}

sub genDownloadLink($$;$)
{
  my ($q, $text, $disabled) = @_;
  my $result =
    sprintf('<form action="download.cgi" method="post"><input type="hidden" name="u" value="%s" /><input type="hidden" name="p" value="%s" /><input type="hidden" name="f" value="%s" /><input type="hidden" name="v" value="%s" /><input type="submit" value="%s" %s /></form>',
      escapeHTML($q->param('u')), escapeHTML($q->param('p')),
      escapeHTML($q->param('f')), escapeHTML($q->param('v')||$::default_view),
      escapeHTML($text), ($disabled ? 'disabled="disabled"' : ''));
  return( $result );
}

my $dbh;
if( $dbh = mysql_connect() )
{
  main($dbh);
  mysql_disconnect($dbh);
}

exit( 0 );