#!/usr/bin/perl -Tw
#############################################################################
# 12-1-2005 Added check email code       	                            #
# 12-3-2005 Added check grammar code     	                            #
# 02-2014 Added check guess code        	                            #
#############################################################################

$announce_file = '/home/essenba/public_html/comments/announcements.txt';
$announce_log = '/home/essenba/public_html/comments/logannouncements.txt';

$max_entries = 0; # how many guestbook entries to save?
                   # set to '0' (zero) for infinite entries...

use CGI;
use Fcntl;
$query = new CGI;

unless ($action = $query->param('action')) {
    $action = 'none';
}

#############################################################################
#                       Create header    	                            #
#############################################################################
print <<"Headerinfo";
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 
"http://www.w3.org/TR/html4/loose.dtd">
<HTML>
<HEAD>
<TITLE>Announcements</TITLE>
<meta name="robots" content="noindex">
<link rel="stylesheet" type="text/css" href="../images/publications.css">
</HEAD>
<BODY bgcolor="#e5e5d5">
<center>
<font size="5" color="maroon"> News and Announcements for Old line Primitive Baptists</font><br><font size="3" color="maroon">(Any church related news such as: meetings,ordinations,prayer requests)</font><br>
<a class="select" href="http://www.essentialbaptistprinciples.org">Home Page</a><br><br><br>
<a  href="javascript:history.back(1)"><img border="0"  alt="back" src="../images/back.gif" width="20" height="22"align="left"></a>
<br><A HREF="#announcements">Click to add News or Announcements</A><br>(Guess Code = 500)
<hr size=1>
<br>
<a href="newslogz">History-News & Announcments</a>
<br>
<br>
<br>
<center>
Headerinfo

#############################################################################
#       Process the form submission and assemble the Announcement entry     #
#############################################################################

if ($action eq 'Add Announcement') {

my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
 $year = $year+1900;
 $mon  = $mon+1;

    $gcode = $query->param('gcode');
    $name = $query->param('name');
    $city = $query->param('city');
    $state = $query->param('state');
    $country = $query->param('country');
    $email =  $query->param('email');
    $comment = $query->param('comment');
    $remote_addr = $ENV{"REMOTE_ADDR"};
    $remote_host = $ENV{"REMOTE_HOST"};

 ###############################################
 # Check guess code and remote host name       #
 ###############################################

     unless ($gcode =~/500/) { 
        die "Incorrect Guess Code\n";}

     if ($gcode != 500) {
        die "Incorrect Guess Code\n";}

    if($remote_host=~//) {
    die "Unathorized:$remote_host\n";}

 ###############################################
 # Check for null email and name               #
 ###############################################

    if (length($email) > 0 ) {
       $email = "Email = $email";
    }

unless ($name) {
            die "No name: $name\n";

    }


if ($city =~ /Unknown/) {
       die "unauthorized name:$city\n";
        }

   
 # untaint variable
    unless ($email =~ /^([^<]*)$/) {
        die "couldn't untaint email: $email\n";
    }

    # check email
      if ($email =~ /tony_d|a_ray|DarkSites|greg_2000|myrealbox/) {
         die "Unauthorized user: $email\n"; }
    #######################################
    #  Check and clean up  $name                                          #
     #######################################

 if ($name =~ /Alexjbr|Alexufc|Alexbif|Alexnsd|Alexzbb|sex|lesbian|Alexqpm|Alexrcm|Alex/) {
       die "unauthorized name:$name\n";
        }


    unless ($name) {
        $name = 'Anonymous';       # no name given
    }

    if (length($name) > 50) {
        $name = 'Unrealistic long name given';
    }

    # disable all HTML tags in $name
    $name =~ s/</&lt;/g;

    # untaint variable
    unless ($name =~ /^([^<]*)$/) {
        die "couldn't untaint name: $name\n";
    }
    $name = $1;

    # clean up $from_where

    $from_where = "$city, $state, $country, $email";
    $from_where =~ s/^, //;     # lose leading ', ', if any
    $from_where =~ s/, , /, /;  # double ', ' becomes single
    if ($from_where =~ /^[,\s]+$/) {
        # nothing but commas and whitespace
        $from_where = 'Unknown parts';
    }
    if (length($from_where) > 115) {
        $from_where = 'Unrelistic long location name';
    }

    # disable HTML tags
    $from_where =~ s/</&lt;/g;

    # untaint variable
    unless ($from_where =~ /^([^<]*)$/) {
        die "couldn't untaint from_where: $from_where\n";
    }
    $from_where = $1;

    # clean up $comment

    if (length($comment) > 32768) {
        $comment = '...Announcement exceeds 32768 Character..redo.';
    }
    unless ($comment) {
        $comment = '...No announcement';
      die "couldn't untaint comment: $comment\n";

    }

    # fix line-endings
    $comment =~ s/\r\n?/\n/g;

    # lose HTML tags
    $comment =~ s/</&lt;/g;

    # untaint variable
    unless ($comment =~ /^([^<]*)$/) {
        die "couldn't untaint comment: $comment\n";
    }

#############################################################################
#   Check Grammar in comment field                                          #
#############################################################################

    if ($comment =~ /cialis|viagra|valium|sex|lesbian|ezmoney/) {
       $comment = 'Inappropiate Grammar.';
        }

    $comment = $1;

#############################################################################
#   Assemble finished Announcement entry                                    #
#############################################################################

    $entry = <<"Newentry";
<table border=1 cellpadding="10" width="750"><tr><td>
$mon/$mday/$year $hour:$min:$sec:EST
 <br>
Submitted by <STRONG>$name</STRONG> <EM>from $from_where</EM>:<BR>
<BLOCKQUOTE>$comment </BLOCKQUOTE>
</table>
Newentry


#############################################################################
# Open non-destructively, read old entries, writeout new                    #
#############################################################################

    $all_entries .= $entry;
    sysopen(ENTRIES, "$announce_file", O_RDWR)
                             or die "can't open $announce_file: $!";
    flock(ENTRIES, 2)        or die "can't LOCK_EX $announce_file: $!";
    while(<ENTRIES>) {
        $all_entries .= $_;
    }

  if ($max_entries) {

       # use shift to lop the head off the guestbook, if necessary
       # use pop to lop the bottom of the guestbook, if necessary

       @all_entries = split(/<HR size=1>/i, $all_entries);
       $entry_count = @all_entries - 1;

       while ($entry_count > $max_entries) {
           pop @all_entries;
           $entry_count = @all_entries - 1;
       }

       $all_entries = join('<hr size=1>', @all_entries);

   }


    # now write out to $announce_file

    seek(ENTRIES, 0, 0)        or die "can't rewind $announce_file: $!";
    truncate(ENTRIES, 0)       or die "can't truncate $announce_file: $!";
    print ENTRIES $all_entries or die "can't print to $announce_file: $!";
    close(ENTRIES)             or die "can't close $announce_file: $!";

########################################################################
#  Write to announcements log file                                     #
########################################################################
    open(ENTRIES, ">> $announce_log")
                             or die "can't open $announce_log: $!";
    flock(ENTRIES, 2)        or die "can't LOCK_EX $announce_log: $!";
    print ENTRIES $entry     or die "Can't Print to $announce_log: $!";
    close (ENTRIES);
}

#############################################################################
# display the updated announcements                                         #
#############################################################################

open (IN, "$announce_file") or die "Can't open $announce_file for reading: $!";
flock(IN, 1)            or die "Can't get LOCK_SH on $announce_file: $!";
while (<IN>) {
    print;
}
close IN                or die "Can't close $announce_file: $!";

#############################################################################
#                       display input announcements form                    #
#############################################################################

print <<"Announcements_form";
 </center>
 <br>
<center>Essential Baptist Principles</center>
<hr size=1>
<br><br><br><br><br><br>
<br><br><br><br><br><br>
<br><br><br><br><br><br>
<br><br><br><br><br><br>
<a  href="javascript:history.back(1)"><img border="0"  src="../images/back.gif" alt="back" width="20" height="22"align="left"></a>
<br><A NAME="announcements">*</A>

<FORM METHOD="POST" ACTION="newsperlz">
<TABLE>

<TR>
<TD ALIGN="right"><STRONG>GuessCode:</STRONG></TD>
<TD><INPUT type= "password" NAME="gcode" SIZE=4></TD>
</TR>

<TR>
<TD ALIGN="right"><STRONG>Name:</STRONG></TD>
<TD><INPUT NAME="name" SIZE=40></TD>
</TR>

<TR>
<TD ALIGN="right"><STRONG>City:</STRONG></TD>
<TD><INPUT NAME="city" SIZE=20></TD>
</TR>

<TR>
<TD ALIGN="right"><STRONG>State:</STRONG></TD>
<TD><INPUT NAME="state" SIZE=10></TD>
</TR>

<TR>
<TD ALIGN="right"><STRONG>Country:</STRONG></TD>
<TD><INPUT NAME="country" SIZE=20></TD>
</TR>

<TR>
<TD ALIGN="right"><STRONG>Email:</STRONG></TD>
<TD><INPUT NAME="email" SIZE=30 ></TD>
</TR>

<TR>
<TD ALIGN="left"><STRONG>Announcements<br>and or News:</STRONG></TD>
<TD>
<TEXTAREA NAME="comment" ROWS=5 COLS=65></TEXTAREA>
</TD>
</TR>

<TR><TD COLSPAN=2> </TD></TR>
<TR>
<TD> </TD>
<TD><INPUT TYPE="submit" NAME="action" VALUE="Add Announcement"></TD>
</TR>
</TABLE>
</FORM>
</center>
</BODY>
</HTML>
Announcements_form