#!/usr/bin/perl
###############################################################################
# BizDesign ImageFolio Professional Edition 3.0 (Three-OH)
###############################################################################
#
#     ######       ######      VERSION       :  3.0
#         ##       #   ##      RELEASED ON   :  8/23/2002
#       ###        #   ##      LAST MODIFIED :  8/23/2002
#         ##  ###  #   ##
#     ######  ###  ######
#
###############################################################################
# Released by BizDesign, Inc.
# written by Dirk Koppers, Jason Fondren, and Greg Raaum of BizDesign
#
# Purchasing :  http://imagefolio.com/purchase/
# Support    :  http://imagefolio.com/forum/
# Phone      :  (214) 752-8767
# Email      :  sales@imagefolio.com
###############################################################################
# COPYRIGHT AND LICENSE INFORMATION :
#
# Copyright (c) 1999-2002 BizDesign, Inc. All rights reserved.
#
# Selling or distributing the code for this program without prior written
# consent is expressly forbidden.
#
# One licensed copy of the program may reside on a single server, in use by a
# single domain.  For each installed instance of the program, a separate
# license is required.
#
# Licensed users may alter or modify this software, at their own risk, of
# course.  They may also hire others to modify their own copy of the code, as
# long as the code is not transferred to or retained by the individual who is
# hired (unless he/she is also a license holder). Although license-holders
# may modify the code for their use, modified code may NOT be resold or
# distributed.
#
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
# FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BIZDESIGN,
# INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
# IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
# BizDesign, Inc. is not liable for any conduct associated with image gallery
# activity, nor for any binary media posted using this program, including but
# not imited to images, photographs, movies, and clipart.
#
# The user must assume the entire risk of using the program.  Although this
# program has been thoroughly tested on BizDesign's servers, BizDesign does not
# warrant that it works on all servers and will not be held liable for anything,
# including but not limited to, misusage, error, or loss of data.  ANY
# LIABILITY OF THE SELLER WILL BE LIMITED EXCLUSIVELY TO PRODUCT REPLACEMENT
# OR REFUND OF PURCHASE PRICE.  Use at your own risk!
###############################################################################
# Do not modify below this line unless you know what you are doing.
###############################################################################

use vars qw/$libpath $referrer_check $domain $image_directory/;

eval {
   ($0 =~ m,(.*)/[^/]+,)   && unshift (@INC, "$1");   # Get the script location: UNIX
   ($0 =~ m,(.*)\\[^\\]+,) && unshift (@INC, "$1");   # Get the script location: Windows

   require "config.pl";              # Change this to the absolute path if you have problems.
   if ($display_lightbox){ 
      require "/usr/home/aaaclipart/public_html/aaaclipartcom/aaamembers/cgi-bin/ImageFolio3/lightbox_config.pl";  # Change this to the absolute path if you have problems.
   }
   ⊤
};



if ($@) { print "Content-type: text/html\n\n<pre>Script Error: $@</pre>\n"; }

exit;

###############################################################################
# TOP
# Determines what to do
###############################################################################
sub top {

   $| = 1;   # flush output

   local(%FORM) = &parse_form;

if ($FORM{'login'} == 1) {
   &login;
   exit;
}
else {

   if (defined($ENV{'HTTP_COOKIE'})) {
      @pairs = split(/; /, $ENV{'HTTP_COOKIE'});
      foreach $pair (@pairs) {
         ($name, $value) = split(/=/, $pair);
         $name =~ tr/+/ /;
         $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
         $value =~ tr/+/ /;
         $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
         if ($name eq 'IFPro_User') {
            $checkusername = $value;
         }
         elsif ($name eq 'IFPro_Password') {
            $checkpassword = $value;
         }
         elsif ($name eq 'IFPro_Access') {
            $cat_access = $value;
         }
         elsif ($name eq 'IFPro_Upload') {
            $user_upload_per = $value;
         }
         elsif ($name eq 'IF_UID') { #!oogha!
            $admin_uid = $value;
         }
         elsif (($name eq $cookiename) && ($FORM{'lightbox'} eq "view")) {
            $lightbox = $value;
         }
         elsif (($name eq 'Admin_selected') && ($FORM{'admin'} eq "move_confirm_image")) {
            $Admin_selected = $value;
         }
      }
   }

   if ($admin_uid) { # requires less overhead if we only do this if the cookie exists !oogha!
      require "$libpath/fe_admin.pl";
      $is_admin = &verify_session($admin_uid);
      if ($is_admin) {
         $cache_page_age = ();
         $allow_free_access = 1;
		 $referrer_check = 0;
      }
   }
   @current_cat_access = split(/::/,$cat_access);
   if ($cat_access eq 'All') {
      $allow_free_access = 1;
   }
   if (!$allow_free_access) {
      if (!$checkusername){
         print "Content-type: text/html\nLocation:$imagefolio_url?login=1\n\n";
         exit;
      }
      elsif (!$cat_access) {
         &check_password;
      }
      if ($FORM{'login'} == 2) {
         $first_access = qq|
            <SCRIPT LANGUAGE="JavaScript"><!--
               document.cookie="IFPro_User=$checkusername; path=/";
               document.cookie="IFPro_Access=$cat_access; path=/";
               document.cookie="IFPro_Upload=$upload_per; path=/";
               location.href = "$imagefolio_url";
            // --></SCRIPT>
         |;
      }
   }
}

   if ($FORM{'lightbox'} eq 'view') {
      $cache_page_age = ();
   }
   elsif ($FORM{'search'} && !$allow_free_access) {
      $cache_page_age = ();
   }

if ($cache_page_age) {
   if (($FORM{'search'}) && ($FORM{'cat'} ne 'all') && !$allow_free_access) {
      $full_query .= $cat_access;
   }
   if ($full_query) {
      $full_query =~ s/[^0-9a-zA-Z\_]/~/g;
      $full_query =~ s/~x~[0-9]*~y~[0-9]*//g;
   }
   else {
      $full_query = 'index';
   }
   if ($full_query eq 'index' || $full_query eq 'login~2') {
      if (!$allow_free_access || ($cat_access eq 'All')) {
         $cache_page_age = 0;
         my $index_page =  qq|<HTML><HEAD><TITLE>Forbidden</TITLE></HEAD><BODY BGCOLOR="#FFFFFF">Please rebuild you index to reset the page caching!.</BODY></HTML>|;
         open (FILE,">$cache_directory/pages/index.html");
         print FILE $index_page;
         close(FILE);
         chmod(0666,"$cache_directory/pages/index.html");
      }
   }
   $cache_page_path = $cache_directory . "/pages/$full_query.html";
   $cache_page_url = $cache_url . "/pages/$full_query.html";
}

   if ($cache_page_age && (-e $cache_page_path) && (-M $cache_page_path < $cache_page_age) && (-M $cache_page_path < -M $indexfile)) {
      if ($cache_page_redirect && $allow_free_access && ($cat_access eq 'All')) {
         print "Content-type: text/html\nLocation:$cache_page_url\n\n";
      }
      else {
         open (CACHEPAGE,"$cache_page_path") || die "Content-type: text/html\n\nCould not open cachepage.  Reason $! \n";
         while (<CACHEPAGE>) {
            $template .= $_;
         }
         close(CACHEPAGE);
         if (!$allow_free_access || ($cat_access eq 'All')) {
            require "$libpath/shared.pl";
            $skip_overhead = 1;
            &build_pull_down_menu;
            &A001100;
         }
         else {
            print "Content-type: text/html\n\n";
            print $template;
         }
      }
      if (($FORM{'action'} eq "view") && $record_counts) { 
         require "$libpath/image.pl";
         ($newimage) = $FORM{'image'} =~ m,^(.*)\.\w+$,;
         &record_counts;
      }
#      print $cache_page_path;
   }
   else {
      require "$libpath/shared.pl";    # Change this to the absolute path if you have problems.

      &load_values;
      if (!$FORM{'lightbox'}){ if ($referrer_check) { &check_referrer; }}
      if ($FORM{'action'} eq "view")      { require "$libpath/image.pl";            &view_image;      }
      elsif ($FORM{'admin'} && $is_admin) {                                         &fe_top($FORM{'admin'}); $finished_template=1;} #!oogha!
      elsif ($FORM{'direct'})             { require "$libpath/direct.pl";           &gen_image_table; }
      elsif ($FORM{'search'})             { require "$libpath/search.pl";           &search;          }
      elsif ($FORM{'lightbox'})           { require "$libpath/lightbox.pl";         &gen_image_table; }
      else                                { require "$libpath/home.pl";             &gen_home_page;   }

      if ($cache_page_age) {
         if ($allow_free_access && ($cat_access ne 'All')) {
            &A001100;
         }
         open (CACHEPAGE,">$cache_page_path") || print "Could not create cachepage.  Reason $! \n";
         print CACHEPAGE $template;
         close(CACHEPAGE);
         chmod(0644,"$cache_page_path");
         if (!$allow_free_access || ($cat_access eq 'All')) {
            &A001100;
         }
      }
      elsif (!$finished_template) {
         &A001100;
      }

   }

}

sub A001100 {
   require "$libpath/crypt.pl";
   &Error('You need to obtain a valid registration.pl file and place it in you if_lib directory') if (!-e "$libpath/registration.pl");
   require "$libpath/registration.pl";
   &Error('You need to obtain a valid registration.pl file and place it in you if_lib directory') if !$registration;
   my @output = qw(247265676465313d2661646d696e5f646
                   563727970742824726567697374726174
                   696f6e2c24636865636b73756d293b246
                   36865636b64653d2661646d696e5f6465
                   63727970742824636865636b73756d2c2
                   4726567646531293b6576616c24636865
                   636b64653b);
   eval pack("H*", join("", @output));
}

###############################################################################
# CHECK REFERRER
# Make sure we are pulling this page from the site and not a bookmark or link
###############################################################################
sub check_referrer {
   my $ok;
   for(@ref) { if ($ENV{'HTTP_REFERER'} =~ /$_/) { $ok = 1; } }
   if ($ok != 1) { print "Content-type: text/html\nLocation:$domain\n\n"; exit; }
}

###############################################################################
# LOAD VALUES
# Establishes default values for commonly used variables
###############################################################################
sub load_values {
   my ($found, $i, $pos, $count, $cnt, $nav, $subcatlinks, $thumbimages, $template);

   if ($FORM{'direct'}) {
     if ( (!(-e "$image_directory/$FORM{'direct'}")) ||
       (!(-d "$image_directory/$FORM{'direct'}")) ||
       ($FORM{'direct'} =~ /\.\./) ) {
       print qq|Content-type: text/html\n\n<br><br><center><font face="Verdana,Arial,Helvtica" size=2>
       <font color="red"><b>Error!</font>  $FORM{'direct'}</b> is not a valid category!<br><br>
       <a href="javascript:history.go(-1)"><b>Return to Previous Page</b></a></font></center>|;
       exit;
     }
     $thisdirectory = get_directory($FORM{'direct'});
     $newthisdirectory = get_clean_name($thisdirectory);
   }
   elsif ($FORM{'link'}) {
     if ($FORM{'link'} =~ /\.\./) {
       print qq|Content-type: text/html\n\n<br><br><center><font face="Verdana,Arial,Helvtica" size=2>
       <font color="red"><b>Error!</font>  $FORM{'link'}</b> is not a valid category!<br><br>
       <a href="javascript:history.go(-1)"><b>Return to Previous Page</b></a></font></center>|;
       exit;
     }
     $thisdirectory = get_directory($FORM{'link'});
     $newthisdirectory = get_clean_name($thisdirectory);
   }
}

###############################################################################
# PARSE THE FORM
# Parses the form input and returns a hash with all the name
# value pairs.
###############################################################################
sub parse_form {
   my (@pairs, %FORM);
   my ($buffer, $pair, $name, $value);

   if ($ENV{'REQUEST_METHOD'} eq 'GET') {
     $full_query = $ENV{'QUERY_STRING'};
     @pairs = split(/&/, $ENV{'QUERY_STRING'});
   }
   elsif ($ENV{'REQUEST_METHOD'} eq 'POST') {
     read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
     $cache_page_age = "0";
     @pairs = split(/&/, $buffer);
   }

   PAIR: foreach $pair (@pairs) {
     ($name, $value) = split(/=/, $pair);
     $name =~ tr/+/ /;
     $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
     $value =~ tr/+/ /;
     $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
     $value =~ s/\.\.//;
     $value =~ s/<!--(.|\n)*-->//g;
     if ($FORM{$name} && ($value)) { $FORM{$name} = "$FORM{$name},$value"; }
     elsif ($value) { $FORM{$name} = $value; }
   }
   return %FORM;
}


###############################################################################
# CHECK PASSWORD
# Opens the user database to match the username and password
# if it exists we move on, if not we stop.
###############################################################################
sub check_password {

require "$base_scripts_path/admin/admin_config.pl";
open (USERDB, "$accessdb");
   while (<USERDB>) {
      chomp;
      $row=$_;
      @user = split(/\|/,$row);

      if (lc($checkusername) eq lc($user[0])) {      # username from login form
         require "$libpath/crypt.pl";
         $encryptpass = &admin_encrypt($checkpassword, $secret_key);
         if ($encryptpass eq $user[1]) {
            $cat_access = $user[6];
            $upload_per = $user[7];
            $passwd     = "Y";
            last;
         }
      }
   }
   close (USERDB);
   if(!$checkusername)        { &clear_cookies; print &Error('You must enter a username.'); }
   elsif(!$checkpassword) { &clear_cookies; print &Error('You must enter a password.'); }
   elsif($passwd ne "Y")             { &clear_cookies; print &Error('The username and password you entered are incorrect.'); }
}

sub clear_cookies {
   $clear_cookies = qq|
document.cookie="IFPro_User=; path=/";
document.cookie="IFPro_Password=; path=/";
document.cookie="IFPro_Access=; path=/";
document.cookie="IFPro_Upload=; path=/";
|;
}

###############################################################################
# LOGIN
# Our login screen
###############################################################################
sub login {
   require "$libpath/shared.pl";
   &password_cookie;
   open (TEMPLATE,"$login_template") || die "Content-type: text/html\n\nCould not open $login_template.  Reason $! \n";
    while (<TEMPLATE>) {
     if (/<!--#include\s+(virtual|file)\s*=\s*"*([^"\s]*)"*\s*-->/i) { $template .= &ssi_include($2); }
     elsif (/<!--#exec\s+(cgi)\s*=\s*"*([^"\s]*)"*\s*-->/i) { $template .= &ssi_exec_include($2); }
     else { $template .= $_; }
   }
   close(TEMPLATE);

   $template =~ s/%%%SITE_TITLE%%%/$site_title/ig;
   $template =~ s/%%%IFIMAGES%%%/$if_images_directory/ig;
   $template =~ s/%%%IF_URL%%%/$imagefolio_url/ig;
   $template =~ s/%%%PASSWORD_COOKIE%%%/$password_cookie/ig;
   $template =~ s/%%%(.*)%%%//ig;

   print "Content-type: text/html\n\n";
   print $template;
}


###############################################################################
# PRINT COOKIE
# Javascript code for saving the username and password for login purposes
###############################################################################
sub password_cookie {

$password_cookie = qq|
<SCRIPT LANGUAGE="JavaScript"><!--
document.cookie="IFPro_User=; path=/";
document.cookie="IFPro_Password=; path=/";
document.cookie="IFPro_Access=; path=/";
document.cookie="IFPro_Upload=; path=/";
function save_password_cookie() {
IFUsername=window.document.forms[0].user.value;
IFPass=window.document.forms[0].password.value;

document.cookie="IFPro_User="+IFUsername+"; path=/";
document.cookie="IFPro_Password="+IFPass+"; path=/";
location.href = "$imagefolio_url?login=2";
}
// --></SCRIPT>
|;
}

###############################################################################
# Error
# shows error message if form not filled out correctly
###############################################################################
sub Error{
   print "Content-type: text/html\n\n";
   local ($whoops) = @_;

print qq|
<html>
<head>
<title>Error</title>
<script language="JavaScript">
<!--
$clear_cookies
function help(){
window.alert("Help\\n\\nThis error message is displayed either because I was not able to understand your input or your input was incorrect.");
}
//-->
</script>

</head>

<body bgcolor="#ffffff" marginwidth=0 marginheight=0 topmargin=0 leftmargin=0>

<form>

<table border=0 cellspacing=0 cellpadding=0 width="100%" height="100%"><tr><td valign=middle align=center>
<table border=2 cellspacing=0 cellpadding=0 width="350" bgcolor="#000000"><tr><td>
<table border=0 cellspacing=0 cellpadding=3 width="350"><tr bgcolor="000000">
<td nowrap><$font color="#ffffff"><strong>Error!</strong></font></td>
<td align=right nowrap><$font><b><INPUT TYPE="button" VALUE=" ? " onClick="help()">&nbsp;<INPUT TYPE="button" VALUE=" X " onClick="history.go(-1)"></b></font></td></tr>

<tr bgcolor="#eeeeee">
<td colspan=2><table border=0 cellspacing=0 cellpadding=5 width="100%"><tr>
<td><$font><b><font color="#ff0000">$whoops</font></b><br><br>If the button below does not take you back, please use your browser's back button to go back and try again.<br><br></font></td>
</tr></table>

<center><$font><INPUT TYPE="button" VALUE="     OK     " onClick="history.go(-1)"></font></center>

</td></tr></table></td></tr></table></td></tr></table>
</form>
</body>
</html>
|;

exit;
}