#!/usr/bin/perl -Tw
##################################################################
# 12/1/2005 Add check email and comments variables               #
# 08/12/2010 Add guess code                                      #
# 12/16/2012 Add if statement for gcode                          #
##################################################################

$data_file = '/home/essenba/public_html/comments/ebp_guestbook.txt';

$max_entries = 0; # how many guestbook entries to save?
                   # set to '0' (zero) for infinite entries...

use CGI;
use Fcntl;
$query = new CGI;

unless ($action = $query->param('action')) {
    $action = 'none';
}

print <<"Headerinfo";
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 
"http://www.w3.org/TR/html4/loose.dtd">
<HTML>
<HEAD>
<TITLE>Essential Baptist Principles Guestbook</TITLE>
</HEAD>
<BODY background="/images/Lighttex.gif">
<center>
<p><img height="60" src="/images/Butrfly8.gif" alt="Butterfly" width="60"><font face="Century Schoolbook" color="#800000" size="6">Essential
  Baptist Principles Guestbook</font>
<br>
<font size="2">We sincerely appreciate any constructive comments you have and hope you will visit again.</font><br>
</p>
<a href="javascript:history.back(1)"><img border="0"  src="/images/back.gif" alt="back" width="20" height="22"align="left"></a>
<a href="http://www.essentialbaptistprinciples.org">Home Page</a>
<br><br><A HREF="#form">Click to add your own comment</A>
<hr size=1>
</center>
Headerinfo

if ($action eq 'Add comment') {
############################################################
# get time stamp                                           #
############################################################
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
 $year = $year+1900;
 $mon = $mon+1;

# if ($hour > 0) {$hour = $hour-1};
##############################################################
# process the form submission                                #
# and assemble the guestbook entry                           #
##############################################################
    $gcode = $query->param('gcode');
    $name = $query->param('name');
    $city = $query->param('city');
    $state = $query->param('state');
    $country = $query->param('country');
    $email =  $query->param('email');
    $comment = $query->param('comment');
    $remote_addr = $ENV{"REMOTE_ADDR"};
    $remote_host = $ENV{"REMOTE_HOST"};
     
 ###############################################
 # Check guess code and remote host name       #
 ###############################################

     unless ($gcode =~/500/) { 
        die "Incorrect Guess Code\n";}

     if ($gcode != 500) {
        die "Incorrect Guess Code\n";}

    if($remote_host=~//) {
    die "Unathorized:$remote_host\n";}

 ##################################################
 # Check city and name                            #
 ##################################################
    if($city=~/usa/) {
    die "Unathorized:$city\n";}

     if($name=~/bang|boby|mikky|Alexran|Alexnsd|chris|nicky|exshit|suzanne|pamela|zero|bob|Roberta|Amanda/) {
    die "Unathorized:$name\n";}

    if (length($email) > 0 ) {
       $email = "Email = $email";
    }
    # untaint variable
    unless ($email =~ /^([^<]*)$/) {
        die "couldn't untaint email: $email\n";
    }
     ###########################################
     # Check email                             #
     ###########################################  
     if ($email =~ /tony_d|a_ray|DarkSites|greg_2000|mail.ru|lesbian@yahoo|exshit@hotmail.com/) {
	die "unathorized user: $email\n"; }

    # clean up and fiddle with $name

    unless ($name) {
        $name = 'Anonymous'; # no name given
        die "unathorized user: $name\n"; 
}
    if (length($name) > 50) {
        $name = 'Someone with an extra long name';
    die "Must be a real name: $name\n";


}
##########################################################
# disable all HTML tags                                  #
##########################################################
    $name =~ s/</</g;

    # untaint variable
    unless ($name =~ /^([^<]*)$/) {
        die "couldn't untaint name: $name\n";
    }
    $name = $1;

    #################################################
    # clean up and assemble $from_where             #
    #################################################

    $from_where = "$city, $state, $country, $email, $remote_addr";
    $from_where =~ s/^, //;     # lose leading ', ', if any
    $from_where =~ s/, , /, /;  # double ', ' becomes single
    if ($from_where =~ /^[,\s]+$/) {
        # nothing but commas and whitespace
        $from_where = 'Unknown parts';
    }

    if (length($from_where) > 115) {
        $from_where = 'somewhere with a really long name';
        die "bad:$from_where\n";
    }

    # disable HTML tags
    $from_where =~ s/</</g;

    # untaint variable
    unless ($from_where =~ /^([^<]*)$/) {
        die "couldn't untaint from_where: $from_where\n";
    }
    $from_where = $1;

    # clean up and fiddle with $comment

    if (length($comment) > 32768) {
        $comment = '...to much to post in my guestbook.';
    die "to much: $comment\n"; }
   
  
 unless ($comment) {
      die "Bye: $comment\n"; 
           }
 if (length($comment) < 6) {
            die "Must be a real name: $comment\n"; }

    # fix line-endings
    $comment =~ s/\r\n?/\n/g;

    # lose HTML tags
    $comment =~ s/</</g;

    # untaint variable
    unless ($comment =~ /^([^<]*)$/) {
        die "couldn't untaint comment: $comment\n";
    }
########################################################
# Check Grammar in comment field                       #
########################################################

     if ($comment =~ /cialis|viagra|valium|sex|lesbian|dude|Gay|fuck|loan|Hardcore|ringtones|porn|pussy|blowjob|triks|poker/) {
           $comment = 'Inappropiate Grammar.';
             die "couldn't untaint comment: $comment\n";

       }
    $comment = $1;
########################################################
# assemble finished guestbook entry                    #
########################################################
    $entry = <<"Newentry";
$mon/$mday/$year $hour:$min:$sec EST <P><STRONG>$name</STRONG> <EM>from $from_where</EM> Wrote:<BR>
<BLOCKQUOTE>$comment</BLOCKQUOTE><BR>$remote_host<BR>
<HR size=1>
Newentry


    # open non-destructively, read old entries, write out new

    $all_entries .= $entry;
    sysopen(ENTRIES, "$data_file", O_RDWR)
                             or die "can't open $data_file: $!";
    flock(ENTRIES, 2)        or die "can't LOCK_EX $data_file: $!";
    while(<ENTRIES>) {
        $all_entries .= $_;
    }

  if ($max_entries) {

       # use shift to lop the head off the guestbook, if necessary
       # use pop to lop the bottom of the guestbook, if necessary

       @all_entries = split(/<HR size=1>/i, $all_entries);
       $entry_count = @all_entries - 1;

       while ($entry_count > $max_entries) {
           pop @all_entries;
           $entry_count = @all_entries - 1;
       }

       $all_entries = join('<hr size=1>', @all_entries);

   }

###########################################################
# Write out to $data_file                                 #
###########################################################

    seek(ENTRIES, 0, 0)        or die "can't rewind $data_file: $!";
    truncate(ENTRIES, 0)       or die "can't truncate $data_file: $!";
    print ENTRIES $all_entries or die "can't print to $data_file: $!";
    close(ENTRIES)             or die "can't close $data_file: $!";

}
###########################################################
# end of Add comment routine                              #
###########################################################

#####################################################
# display the guestbook   from $datafile            #
#####################################################

open (IN, "$data_file") or die "Can't open $data_file for reading: $!";
flock(IN, 1)            or die "Can't get LOCK_SH on $data_file: $!";
while (<IN>) {
    print;
}
close IN                or die "Can't close $data_file: $!";

#####################################################
#  display the add comment form	                #
#####################################################

print <<"Displayform";
<hr size=1>
<br><br><br><br><br><br><br>
<center>
<img src="/images/river_view_1.jpg"  height="222" alt="river view">
</center>

<a href="javascript:history.back(1)">
<img border="0"  src="/images/back.gif" alt="back" width="20" height="22"align="left"></a>
<center><a href="http://www.essentialbaptistprinciples.org">Home Page </a>
</center>
<br><br>
<br><br><br>

<A NAME="form">Enter correct guest code to add your comment to the Essential Baptist Principles guestbook :</A>
<FORM METHOD="POST" ACTION="/cgi-bin/ebp_perlgb">
<TABLE>
<TR>
<TD ALIGN="right"><STRONG>Enter Guess Code:</STRONG></TD>
<TD><INPUT NAME="gcode" value="xxx" SIZE=4></TD>
</TR>

<TR>
<TD ALIGN="right"><STRONG>Name:</STRONG></TD>
<TD><INPUT NAME="name" SIZE=40></TD>
</TR>

<TR>
<TD ALIGN="right"><STRONG>City:</STRONG></TD>
<TD><INPUT NAME="city" SIZE=20></TD>
</TR>

<TR>
<TD ALIGN="right"><STRONG>State:</STRONG></TD>
<TD><INPUT NAME="state" SIZE=10></TD>
</TR>

<TR>
<TD ALIGN="right"><STRONG>Country:</STRONG></TD>
<TD><INPUT NAME="country" SIZE=20></TD>
</TR>

<TR>
<TD ALIGN="right"><STRONG>Email:</STRONG></TD>
<TD><INPUT NAME="email" SIZE=30 ></TD>
</TR>

<TR>
<TD ALIGN="right"><STRONG>Comment:</STRONG></TD>
<TD>
<TEXTAREA NAME="comment" ROWS="5" COLS="30"></textarea>
</TD>
</TR>

<TR><TD COLSPAN=2> </TD></TR>
<TR>
<TD> </TD>
<TD><INPUT TYPE="submit" NAME="action" VALUE="Add comment"></TD>
</TR>
</TABLE>

</FORM>
</BODY>
</HTML>
Displayform