#!/usr/bin/perl
$|=1; 
# bnbbook.cgi: yes, another guest book script....
# Release 1.0 on 09/06/98
# (C) 1998 BigNoseBird.Com, Inc. This program is freeware and may 
# be used at no cost to you (just leave this notice intact). 
# Feel free to modify, hack, and play  with this script. 
# This guestbook (like the world really needs another one) 
# has borrowed several ideas from the works of Selena Sol 
# (http://www.extropia.com/) and Matt Wright
# (http://cgi-resources.com/). The script is the result of user
# requests for something smaller and simpler to work with, but 
# with some new tricks.
#
##################################################################
#           START USER CONFIGURATION SECTION                     #
##################################################################
# For information on formatting your autoresponse letter and     #
# guestbook format, please read the README.TXT                   #
# For information on formatting your input form, also see the    #
# gbook.html file included in this distribution.                 #
##################################################################
#
#           SPECIAL RESERVED HTML FORM NAMES
# When designing your HTML input form for your guest book, 
# there are only four fields that are handled in a special way 
# by the script. The are:
#
#  signer_email: the e-mail address of the signer of the book. If
#                you want to have the script autorespond or be able
#                to easily reply to them- use this name!
#  private:      Value is YES if it is a private message not to 
#                be shown in the book. You will get e-mail.
#  required:     A comma delimited list of "must-fill" fields.
#                If the user does not complete any field you 
#                specify, they will get a message to go back.
#  url:          The person's homepage URL. This will be presented
#                in the guest book as an HTML link.
#
##################################################################

# set $HTML="NO" if you do not want users to be able to enter HTML tags
# the form name "private" when set to YES by a reader, if you offer
# the choice, will send you e-mail, but will not write to the guestbook.

   $HTML="NO";

# $GUESTBOOK is the file name for your guestbook file. You must give the
# filename including it's full path.

   $GUESTBOOK="/www/htdocs/webcam.html";

# $GUESTBOOK_URL is the URL of the guestbook. This way after they
# sign the book they are redirected back to it

   $GUESTBOOK_URL="http://www.lockergnome.com/webcam.html#gnomecams";

# $TEMPDIR is a directory on your server where you have permission to
# write files that will be deleted when the script finishes running.

   $TEMPDIR="/tmp";

# $SEND_THANKS if "YES" will send the signer of the book a thank you
# note if they supplied a valid e-mail address. E-mail is sent to
# the value contained in "signer_email"

   $SEND_THANKS="YES";

# $MY_EMAIL should be your e-mail address. This way people know where
# they get the thank you not from.  Be sure to put that \@ backslash 
#  before the AT sign!

   $MY_EMAIL="webcam\@lockergnome.com";

# If you make $TELL_ME="YES" and supplied a value for $MY_EMAIL,
# the script will notify you when somebody has signed your book.
# If you generally do not want to recieve e-mail, except in the
# case of a private message, let $TELL_ME="NO"

   $TELL_ME="YES";

# $MAIL_PROGRAM is your system's e-mail program typically either
# /usr/lib/sendmail -t  or /usr/sbin/sendmail -t
# DON'T FORGET THE "-t", omitting it is a major source of script failure

   $MAIL_PROGRAM="/usr/sbin/sendmail -t";

# For Windows 95/98/NT using BLAT.EXE, it might look like this:
# $MAIL_PROGRAM="C:/winnt/system32/blat.exe";
# You will find more information on Windows modifications you will
# have to make in the subroutines, notify_me and send_thanks.

# $MUNG="YES" will transform e-mail addresses into something a little
# less spam-spider friendly. <evil grin>

   $MUNG="YES";

# @CENSORED is an array of words that you do not want to have
# appear on your guestbook.

   @CENSORED=('fuck','shit','fucker','goddamn','fucking','fucked');
   @CENSORED=('forez.com');

# $VALID_DOMAIN if set is where the script can be called from. If
# your site responds with or without the "www", leave off the www!

   $VALID_DOMAIN="lockergnome.com";

sub setup_thankyounote
{
$THANK_YOU=<<__END_OF_THANK_YOU__;
Hey $fields{'name'}!

Thank you VERY much for adding your Webcam to the list of those who
enjoy sharing their personal space with the rest of the GnomeWORLD.
Please check back often to meet new friends!

If you would like to link back to Lockergnome, please use:

      88x31 GIF: http://www.lockergnome.com/images/lockerlink.gif

     Direct URL: http://www.lockergnome.com/webcam.html

    Posted Name: $fields{'name'}
    Posted Site: $fields{'url'}

__END_OF_THANK_YOU__
}

##################################################################
sub setup_pageentry
{
  $tzn=$fields{'signer_email'};
  if ($MUNG eq "YES")
   {
    $tzn =~ s/\./_DoT_/g;
    $tzn =~ s/\@/_AT_/g;
   }
 
$PAGE_ENTRY=<<__END_OF_PAGE_ENTRY__;

<li><A target="_blank" HREF="$fields{'url'}">$fields{'name'}</A> <font color="#404040">(Updated $fields{'message'})</font>

__END_OF_PAGE_ENTRY__

}

# <!-- $ENV{'REMOTE_ADDR'} submitter's IP address -->

##################################################################
#             END USER CONFIGURATION SECTION                     #
##################################################################

# MAIN ###########################################################
# This is where the script starts execution from
  &valid_page;
  $the_date=localtime();
  &findbook;
  &decode_vars;
  &test_required;
  &valid_address;
  &setup_pageentry;
  &setup_thankyounote;
  &send_thanks;
 if (($TELL_ME eq "YES" && $MY_EMAIL ne "") || 
       ($TELL_ME eq "NO" && $MY_EMAIL ne ""))  
   { &notify_me;}
  if ($fields{'private'} ne "YES")
   { &write_entry;}
  if ( -e $tempmail )
   { unlink($tempmail);}

  print "Location: $GUESTBOOK_URL\n\n";
  exit;

##################################################################
# NOTE! This routine does a lot more work than it has to so that
# People running Windows 95/98/NT can easily adapt it to use 
# a e-mail SMTP program such as BLAT.EXE
##################################################################
sub send_thanks
{
  $SBJ = "Thank you for adding your Webcam to Lockergnome.com!";
  $fltime = time;
  $flip = $ENV{'REMOTE_ADDR'};
  $flip =~s/\.//g;
  if ($flip eq "")
    { $flip = "123456";}
  $tmpxname=($fltime ^ $flip);
  $tempmail="$TEMPDIR/$tmpxname.bbb";
  open (OTM,">$tempmail");
  print OTM "\n";
  print OTM "$THANK_YOU\n\n";
  close (OTM);
  open(IMZ,"<$tempmail"); 
  @mailtext=<IMZ>;             
  close(IMZ);              

if ($BAD_EMAIL_FORMAT eq "NO" && $SEND_THANKS eq "YES")
 {
# IF YOU ARE USING WINDOWS 95/98/NT with BLAT.EXE UNCOMMENT THE LINE BELOW
# system ("$MAIL_PROGRAM $tempmail -t $fields{'signer_email'} -f $MY_EMAIL -s \"$SBJ\" -q");

  open (MZ,"|$MAIL_PROGRAM") || die "Content-type: text/html\n\n Unable to send mail";

# IF YOU ARE USING BLAT.EXE, COMMENT THE LINES THAT FOLLOW
# BY PLACING A # SIGN AT THE START OF THE LINE. DO THIS UNTIL
# YOU GET TO THE LINE THAT READS: END OF UNIX PROGRAM CODE

  print MZ "To: $fields{'signer_email'}\n";
  print MZ "From: $MY_EMAIL\n";
  print MZ "Subject: $SBJ\n";

  foreach $tomail (@mailtext)
   {
     print MZ "$tomail";
   }
# END OF UNIX PROGRAM CODE
  close (MZ);
 }
}

##################################################################
# NOTE! Windows 95/98/NT users will have to edit this routine
##################################################################
sub notify_me
{

  if ($BAD_EMAIL_FORMAT eq "YES")
   { 
     $SBJ = "Webcam was added - do NOT reply"; 
     $tmpename=$MY_EMAIL;
   }
   else
   { 
    $SBJ = "New Gnomie Webcam";
    $tmpename=$fields{'signer_email'};
   }

# IF YOU ARE USING WINDOWS 95/98/NT with BLAT.EXE UNCOMMENT THE LINE BELOW
# system ("$MAIL_PROGRAM $tempmail -t $MY_EMAIL -f $tmpename -s \"$SBJ\" -q");

  open (MZT,"|$MAIL_PROGRAM") || die "Content-type: text/html\n\n Unable to send mail"; 

# IF YOU ARE USING BLAT.EXE, COMMENT THE LINES THAT FOLLOW
# BY PLACING A # SIGN AT THE START OF THE LINE. DO THIS UNTIL
# YOU GET TO THE LINE THAT READS: END OF UNIX PROGRAM CODE

  print MZT "To: $MY_EMAIL\n";
  print MZT "From: $tmpename\n";
  print MZT "Subject: $SBJ\n";

  foreach $tomail (@mailtext)
   {
     print MZT "$tomail";
   }
# END OF UNIX PROGRAM CODE
  close (MZT);

}

##################################################################
sub test_required
{
 foreach $tst (@mandatory)
  {
   if ($fields{$tst} eq "")
    {
     $errmesg ="<B>You did not fill in all of the required information.<BR>";
     $errmesg .= "Press your BACK BUTTON to return to the entry form!</B>";
     &error_exit;
    }
 }
}

##################################################################
sub decode_vars
{
  $i=0;
  if ( $ENV{'REQUEST_METHOD'} eq "GET")
   { $temp=$ENV{'QUERY_STRING'};}
   else { read(STDIN,$temp,$ENV{'CONTENT_LENGTH'});}                                          
  @pairs=split(/&/,$temp);
  foreach $item(@pairs)
   {
    ($key,$content)=split(/=/,$item,2);
    $content=~tr/+/ /;
    $content=~s/%(..)/pack("c",hex($1))/ge;
#strip comments to prevent server side include calls
    $content =~ s/<!--(.|\n)*-->//g;
    if ($HTML eq "NO")
     {
      $content =~ s/<([^>]|\n)*>//g;
     }
      else
      {
       $tocheck=$content;
       &check_html;
      }
    if (length($content) > 4000) {
       $content=substr($content,1,4000);
    }
    foreach $citem (@CENSORED)                         
     {                                                
      $content =~ s/\b$citem\b/\*\*\*/gi;
     }                                                
    $fields{$key}=$content;
    if ($key eq "required")
      {
       $content=~s/\012//g;
       $content=~s/\015//g;
       $content=~s/ //g;
       @mandatory=split(/,/,$content);
      }
   }
}

##################################################################
sub error_exit
{
  print "Content-type: text/html\n\n";
  print <<__END_OF_ERROR__;
 </BLOCKQUOTE>
   $errmesg
 </BLOCKQUOTE>
__END_OF_ERROR__
  exit;
}

##################################################################
sub check_html
{
$quote_count=0;
$left_count=0;
$right_count=0;
for ($i=0;$i<length($tocheck);$i++)
 {
  $tc= substr($tocheck,$i,1);
  if ($tc eq "\"") {$quote_count++;}
  if ($tc eq "<") {$left_count++;}
  if ($tc eq ">") {$right_count++;}
 }
 if ( (($left_count % 2) != 0) || (($right_count % 2) != 0) 
    || (($quote_count % 2) != 0))
  {
     $errmesg = "<B>Your HTML doesn't have an even number of ";
     $errmesg .="&lt; &gt; &quot; marks<BR>";
     $errmesg .= "Press your BACK BUTTON to return to the entry form!</B>";
     &error_exit;
  }
}

##################################################################
sub findbook
{
 if ( -e $GUESTBOOK)
  {
   $DONOTHING=0;
  }
  else
   {
   $errmesg ="<B>Unable to locate your guestbook file<BR>\n";
   $errmesg .= "Please check that $GUESTBOOK is the correct path and name</B>";
   &error_exit;
   }
 if ( -w $GUESTBOOK)
  {
   $DONOTHING=0;
  }
  else
   {
   $errmesg ="<B>Unable to write to your guestbook file<BR>\n";
   $errmesg .= "Please check the permissions on $GUESTBOOK</B>";
   &error_exit;
   }
}

##################################################################
sub write_entry
{
   &get_the_lock;
   open(RDBK,"<$GUESTBOOK");
   @book=<RDBK>; 
   close(RDBK);   
   open(WRBK,">$GUESTBOOK");
   foreach $line (@book)
    {
      chop $line;
      if ($line eq "<!--bookmark-->")
       {
         print WRBK "<!--bookmark-->\n";
         print WRBK "$PAGE_ENTRY\n";
       }
       else
       {
        print WRBK "$line\n";
       }
    }
   close(WRBK);
   &drop_the_lock;
}

##################################################################
sub get_the_lock
{
  $lockfile="$TEMPDIR/bnbbook.lck";
  local ($endtime);                                   
  $endtime = 60;                                      
  $endtime = time + $endtime;                         
  while (-e $lockfile && time < $endtime) 
   {
    # Do Nothing                                    
   }                                                   
   open(LOCK_FILE, ">$lockfile");                     
}

##################################################################
sub drop_the_lock
{
  close($lockfile);
  unlink($lockfile);
}


##################################################################
sub valid_address 
 {
  if ($fields{'signer_email'} eq "")
    {
     $BAD_EMAIL_FORMAT="YES";
     return;
    }
  $testmail = $fields{'signer_email'};
  if ($testmail =~ /(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)/ ||
  $testmail !~ /^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,3}|[0-9]{1,3})(\]?)$/)
   {
     $BAD_EMAIL_FORMAT="YES";
     return;
   }
  else
  {
  $BAD_EMAIL_FORMAT="NO";
  }
}

##################################################################
sub valid_page                                                         
 {                                                                     
   if ($VALID_DOMAIN eq "")
      {return;}
   $DN=$ENV{'HTTP_REFERER'};
   if ($DN eq "")
     {return;}
   $DN=~tr/A-Z/a-z/;
   $VALID_DOMAIN=~tr/A-Z/a-z/;
   if ($DN =~ /$VALID_DOMAIN/)
   {$stayin=1;}
     else {$stayin=0;}
   if ($stayin == 0)
    {
     $errmesg ="<B>Sorry! You can't run this script from your server</B><BR>";
     &error_exit;
    }
 }