#!/usr/bin/perl
##############################################################################
# shiromuku(u3)DIARY version 1.52
# Created 08/12/2004
# Copyright 2004 Shiromuku
# Available at http://www.t-okada.com/cgi/
###############################################################################
# COPYRIGHT NOTICE （著作権の告示）  
# Copyright 2004 Shiromuku All Rights Reserved.
# This script can be used and modified free of charge as long as you don't change this header or any of the parts that give me credit for writing this. （このスクリプトは無償で使用または改変できます。ただしこの著作権の告知と上記のコメント、及びCGIにより生成されるHTML表示下部にある著作権表示部は変えないで下さい。）
# By using this script you agree to indemnify me from any liability that might arise from its use.  In simple English, if this script somehow makes your computer run amuck and kill the pope, it's not my fault.（このスクリプトを使用することにより、使用者はその使用によって起こる可能性のあるいかなる事柄に対する責務についても、私Shiromukuに免責の保証を与えることに同意したものとします。）
# Redistributing and selling the code for this program without prior written consent is expressly forbidden.（前もって書面での承諾を得ることなくこのプログラムのコードを再配布したり売ったりすることは 明確に禁じられています。）

#######################
require './jcode.pl';
require './su3_diary_lib.cgi';

#######################
use strict;
my $gl = &get_globals("su3_diary_gl.cgi");
$gl->{version} = "version 1.52";
$gl->{userip} = $ENV{'REMOTE_ADDR'};

my ($form, $filename);
my $config = &open_config ($gl);
if ($ENV{'CONTENT_LENGTH'} || $ENV{'QUERY_STRING'}) {$form = &parse_data($gl,$config);}

my %HoD = ();
@HoD{"gl", "config", "form"} = ($gl, $config, $form);

if (-e "$gl->{basedir}/$gl->{passfile}") {
	if ($config->{use_view_pass}) {
		my%boardname = split(/\,/,$HoD{gl}{boardname});
		my$cookie = &get_cookie (\%boardname);
		if ($HoD{form}{view_password}) {
			&check_view_pass (\%HoD,"view_pass");
		}
		else {
			if ($cookie->{view_password}) {
				$HoD{form}{view_password} = $cookie->{view_password};
				&check_view_pass (\%HoD,"view_pass");
			}
			else {&return_login(\%HoD); exit (0) ;}
		}
	}
	if ($ENV{'REQUEST_METHOD'} eq "POST") {
		if ($form->{action} eq "admin_enter") {&return_admin_enter(\%HoD);}
		elsif ($form->{action} eq "show_icon") {&show_icon(\%HoD);}
		elsif ($form->{action} eq "show_detail") {&selectsec(\%HoD);}
		elsif ($form->{action} eq "search_all") {&selectsec(\%HoD); exit(0) ;}
		elsif ($form->{action} eq "write_article") {&write_article(\%HoD);}
		elsif ($form->{action} eq "removearticle") {
			&check_pass(\%HoD);
			&selectsec(\%HoD); exit(0) ;
		}
		elsif ($form->{action} eq "download_log") {&selectsec(\%HoD); exit(0) ;}
		elsif ($form->{action} eq "showlast") {
			&selectsec(\%HoD); exit(0) ;
		}
		elsif ($form->{action} eq "r_add"){
			if (!$config->{allow_reply}) {
				if ($form->{u_type}) {&check_pass(\%HoD);}
				else {&error("返信が許可されていません。\n", \%HoD);}
			}
			my$r_flag;
			open(FILE,"<$gl->{basedir}/$gl->{section}_log\.cgi") or &error("$gl->{basedir}/$gl->{section}_log\.cgiがありません。\n", \%HoD);
			while (<FILE>) {
				my@c_data = split(/\|\|\|/,$_);
				if (($form->{p_num} eq $c_data[11]) && ($c_data[8] eq "")) {
					$r_flag = 1;
					last;
				}
			}
			close(FILE);
			if ($r_flag != 1) {&error("親記事がありません。\n", \%HoD);}
			&r_write(\%HoD);
		}
		exit (0) ;
	}
	if ($form->{action} eq "show_icon") {&show_icon(\%HoD); exit (0);}
	elsif ($form->{action} eq "show_detail") {&selectsec(\%HoD);exit (0);}
	elsif ($form->{action} eq "showlast") {&selectsec(\%HoD);}
	else {&selectsec(\%HoD);}
}
else {
	&head("管理用ページ", \%HoD);
	print "<BR><CENTER><H4>IDとパスワードの設定をする</H4></CENTER>\n";
	print "<BR><CENTER>まず最初にIDとパスワードの設定をして下さい<BR></CENTER>\n";
	print "<BR><form METHOD=\"POST\"  ACTION=\"$gl->{cgi_a}\">\n";
	print "<INPUT TYPE=\"HIDDEN\" NAME=\"action\" VALUE=\"make_pass\">\n";
	print "<INPUT TYPE=\"HIDDEN\" NAME=\"txtnumber\" VALUE=\"log\">\n";
	print "<CENTER><TABLE BORDER=1 CELLPADDING=5 CELLSPACING=0>\n";
	print "<TR><TD>ユーザID</TD><TD><INPUT TYPE=\"text\" NAME=\"username\" maxlength=8><BR>（半角英数字で８文字以内にして下さい。）</TD></TR>\n";
	print "<TR><TD>パスワード</TD><TD><INPUT TYPE=\"password\" NAME=\"password\" maxlength=8><BR>（半角英数字で８文字以内にして下さい。）</TD></TR>\n";
	print "<TR><TD>パスワード</TD><TD><INPUT TYPE=\"password\" NAME=\"password1\" maxlength=8><BR>（確認のためもう一度）</TD></TR></TABLE></CENTER>\n";
	print "<BR><CENTER><INPUT TYPE=\"SUBMIT\" NAME=\"config\" VALUE=\"設定をする\"></CENTER>\n";
	print "</form>\n";
	print "</BODY></HTML>\n";
}
exit (0) ;

############################
sub parse_data {
	my ($gl,$config) = @_;
	my ($buffer, @pairs, $pair, $name, %form, $value);
	if ($ENV{'REQUEST_METHOD'} eq "POST") {
		if ($config->{check_referer} == 1) {&check_referer($gl,$config);}
		read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
	}
	else {$buffer = $ENV{'QUERY_STRING'};}
	@pairs = split(/&/, $buffer);
	foreach $pair (@pairs) {
		($name, $value) = split(/=/, $pair);
		$value =~ tr/+/ /;
		$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
		if (($value =~ /\W/) && ($ENV{'REQUEST_METHOD'} ne "POST") && ($name ne "img_type") && ($name ne "searchword")) {
			if ($value =~ /\W/){&error("エラーです。\n");}
		}
		$value =~ s/\|\|\|//g;
		$value =~ s/</&lt;/ig; 
		$value =~ s/>/&gt;/ig;
		$value =~ s/"/&quot;/g;
		$value =~ s/\r\n/<BR>/g;
		$value =~ s/\r/<BR>/g;
		$value =~ s/\n/<BR>/g;
		if (($name eq "email") && ($value !~ /^[\w\.\-]+\@[\w\.\-\_]+\.[a-zA-Z]+$/)) {
			$value = "";
		}
		if (($name eq "url1") && ($value eq "http://")) {$value = "";}
		if ($name eq "url1") {
			unless ($value =~ /^(f|ht)tp:\/\/[\w\.\-\~\/\?\&\+\=\#\%]+[\w\/]$/) {$value = "";}
		}
		jcode::convert(\$value,$gl->{mycode});
		if ($gl->{mycode} eq 'sjis') {jcode::h2z_sjis(\$value); }
		if ($gl->{mycode} eq 'euc')  {jcode::h2z_euc(\$value); }
		$form{$name} = $value;
	}
	return \%form;
}

############################
#書き込みの場合の処理
sub r_write {
	my $HoD = shift;
	my($flag1,$r_flag,@new,@current,$i);
	&reject_url($HoD);
	if ($HoD->{form}{u_name} eq '') {
		&error("お名前が未記入です。ブラウザの「戻る」ボタンで戻ってやり直して下さい。\n",$HoD);
	}
	if ($HoD->{form}{descrip} eq '') {
		&error("メッセージが未記入です。ブラウザの「戻る」ボタンで戻ってやり直して下さい。\n",$HoD);
	}
	if ($HoD->{config}{n_r_max}) {
		my$w_size = length($HoD->{form}{material});
		if ($w_size > $HoD->{config}{n_r_max}) {
			&error("書き込みが多すぎます。$HoD->{config}{n_r_max}バイト以下にして下さい。\n", $HoD);
		}
	}
	if ($HoD->{config}{reply_botton} eq "") {$HoD->{config}{reply_botton} = "感想";}
	open (LFILE,">$HoD->{gl}{basedir}/$HoD->{gl}{lockfile}") or &error("ファイルがオープンできません。\n",$HoD);
	eval("flock(LFILE, 2)");
	my($yearn, $monn, $dayn, $hourn, $minn, $secn, $week, $date, $time, $timex) = &date_time($HoD);
	my$pass_new = &crypt ($HoD->{form}{pass}, 'aa', $HoD);
	#my$mynum = &get_number ($HoD->{gl}{numfile}, '1', $HoD);
	open(TFILE,">$HoD->{gl}{basedir}/$HoD->{gl}{tempfile}") || &error("$HoD->{gl}{basedir}/$HoD->{gl}{tempfile}がオープンできません。\n", $HoD);
	open(LOG,"<$HoD->{gl}{basedir}/$HoD->{gl}{section}_log\.cgi");
	my$mynum = <LOG>;
	++$mynum;
	print TFILE "$mynum\n";
	my$r_new = "reply|||$HoD->{form}{url}|||$date|||$time|||$HoD->{form}{icon}|||$HoD->{form}{subject}|||$HoD->{form}{descrip}|||$HoD->{ufile}{u_file1}{f_name}|||$HoD->{form}{p_num}|||$pass_new|||$HoD->{form}{color}|||$mynum|||$HoD->{form}{cat}|||$HoD->{form}{u_name}|||$HoD->{form}{email}|||$HoD->{form}{url1}|||$HoD->{ufile}{u_file2}{f_name}|||$HoD->{ufile}{u_file3}{f_name}|||$HoD->{ufile}{u_file4}{f_name}|||$HoD->{form}{check_image}|||$HoD->{form}{image_align}|||$timex|||$HoD->{form}{return}|||\n";
	$i = 0;
	while (<LOG>) {
		my@data1 = split(/\|\|\|/,$_);
		if ($data1[8]) {
			if ($HoD->{form}{descrip} eq $data1[6]) {
				&error("書き込みが重複しています。\n", $HoD);
			}
			++$i;
		}
		print TFILE $_;
	}
	close(LOG);
	print TFILE $r_new;
	if (($i < $HoD->{config}{n_r_num}) || (!$HoD->{config}{n_r_num})) {$r_flag = 1;}
	if ($r_flag != 1) {
		#unlink "$HoD->{gl}{basedir_h1}/$HoD->{ufile}{u_file1}{f_name}";
		close(TFILE);
		&error("申し訳ありませんが、現在これ以上返信の投稿は出来ません。\n", $HoD);
	}	
	close(TFILE);
	my$file_name = "$HoD->{gl}{basedir}/$HoD->{gl}{tempfile}";
	my$new_file_name = "$HoD->{gl}{basedir}/$HoD->{gl}{section}_log\.cgi";
	rename ($file_name, $new_file_name) or &error("renameができません。\n",$HoD);
	#&increment_num ($HoD->{gl}{numfile},$mynum, $HoD);
	#if ($HoD->{config}{use_all_umark}) {&rewrite_cat($HoD,$HoD->{form}{cat});}
	$HoD->{cookie}{u_name} = $HoD->{form}{u_name};
	$HoD->{cookie}{email} = $HoD->{form}{email};
	$HoD->{cookie}{url} = $HoD->{form}{url};
	#$HoD->{cookie}{icon} = $HoD->{form}{icon};
	$HoD->{cookie}{pass} = $HoD->{form}{pass};
	$HoD->{cookie}{color} = $HoD->{form}{color};
	my%boardname = split(/\,/,$HoD->{gl}{boardname});
	if ($HoD->{config}{usepasscookie} == 1) {&set_cookie ($boardname{"user"}, $HoD);}
	eval("flock(LFILE, 8)");
	close(LFILE);
	$HoD->{form}{date} = $date;
	$HoD->{form}{time} = $time;
	$HoD->{form}{cat_name_j} = "$HoD->{config}{reply_botton}";
	if (($HoD->{config}{sendtomaster}==1) && $HoD->{config}{masteremail} && $HoD->{config}{mailprg}) {
		&send_mail(\%HoD);
	}
	&return_suc(\%HoD);
}

############################
#メール送信
sub send_mail {
	my$HoD = shift;
	my($emails,$message,$titles);
	if ($HoD->{form}{email}) {$emails = $HoD->{form}{email};}
	else {$emails = $HoD->{config}{masteremail};}
	my$mail_subject="$HoD->{config}{titles} $HoD->{form}{cat_name_j} 記帳のお知らせ";
	$message .= "投稿日時: $HoD->{form}{date}/$HoD->{form}{time}\n";
	$message .= "お名前: $HoD->{form}{u_name}\n";
	$message .= "投稿者情報: $HoD->{gl}{userip}\n";
	$message .= "E-Mail: $HoD->{form}{email}\n" if ($HoD->{form}{email} ne "");
	$message .= "U R L: $HoD->{form}{url1}\n" if (($HoD->{form}{url1} ne "") && ($HoD->{form}{url} ne "http://"));
	if ($HoD->{form}{p_num}) {
		$message .= "【$HoD->{form}{url}】の日記の$HoD->{config}{reply_botton}\n" if ($HoD->{form}{url} ne "");
		$HoD->{config}{item_a1} = "$HoD->{config}{reply_botton}";
	}
	$message .= "$HoD->{form}{descrip}\n" if ($HoD->{form}{descrip} ne "");
	$message =~ s/<BR>/\n/g;
	$message =~ s/<([^>]|\n)*>//g;
	#$message =~ s/&gt;/>/g;
	$titles = $HoD->{config}{titles};
	jcode::convert(\$mail_subject,'jis');
	jcode::convert(\$message,'jis');
	jcode::convert(\$titles,'jis');
	open (OUTMAIL,"|$HoD->{config}{mailprg} -t -oi") || die "Mail system error";
	print OUTMAIL "To: $HoD->{config}{masteremail}\n";
	print OUTMAIL "Subject: $mail_subject\n";
	print OUTMAIL "From: $emails\n";
	print OUTMAIL "Content-Transfer-Encoding: 7bit\n";
	print OUTMAIL "Content-Type: text/plain\; charset=\"ISO-2022-JP\"\n\n";
	print OUTMAIL "======================================\n";
	print OUTMAIL "$message";
	print OUTMAIL "----------\n";
	print OUTMAIL "$titles: \n";
	print OUTMAIL "$HoD->{gl}{cgi}\n";
	print OUTMAIL "======================================\n";
	print OUTMAIL "\n\n";
	close(OUTMAIL);
}

############################
#アクセス拒否
sub reject_url {
	my $HoD = shift;
	my (@reject_url, $check_referer1);
	if ($HoD->{gl}{userip} && $HoD->{config}{reject_url}) {
		@reject_url = split(/\,/,$HoD->{config}{reject_url});
		foreach (@reject_url) {
			if ($HoD->{gl}{userip} eq $_) {
				$check_referer1 = 1;
				last;
			}
		}
		if ($check_referer1 == 1) {
			&error("申し訳ありませんが、投稿できません。\n", $HoD);
		}
	}
}

############################
#counter
sub counter {
	my $HoD = shift;
	my $c_num = &get_number ($HoD->{gl}{c_numfile}, '1', $HoD);
	#if ($HoD->{form}{txtnumber} eq "log") {
	unless ($HoD->{form}{action} =~ /^showlast/) {
		&increment_num ($HoD->{gl}{c_numfile},$c_num, $HoD);
	}
	if (length $c_num < $HoD->{config}{n_figure1}) {
		$c_num = &make_figure ($c_num,length $c_num,$HoD->{config}{n_figure1});
	}
	return $c_num;
}

############################
#桁数調整
sub make_figure {
	my ($num, $length, $figure) = @_;
	my $keta = $figure - $length;
	my $i = 0;
	while ($i < $keta) {
		$num = "0$num";
		$i++;
	}
	return $num;
}

############################
#アイコンの表示
sub show_icon {
	my $HoD = shift;
	my @icon_data;
	my $file = &file_open("$HoD->{gl}{basedir}/$HoD->{gl}{iconfile}");
	$HoD->{config}{c1_image} = "Icon";
	$HoD->{config}{c2_title} = "<CENTER><H3>Icon</H3></CENTER>";
	print "Content-type: text/html\n\n";
	&head_html(\*STDOUT,$HoD);
	print "<CENTER><H3>Icon</H3></CENTER>\n";
	&show_files($HoD);
	print "<BR><CENTER><FONT SIZE=2>ブラウザを閉じて戻って下さい。</FONT></CENTER>\n";
	print "</BODY></HTML>\n";
}

############################
#日記の書き込み
sub write_article {
	my $HoD = shift;
	my($cookie,$descrip);
	if ($HoD->{config}{use_add_pass}) {&check_view_pass ($HoD,"add_pass");}
	else {&check_pass ($HoD);}
	my%boardname = split(/\,/,$HoD->{gl}{boardname});
	if ($HoD->{config}{usepasscookie} == 1) {$cookie = &get_cookie (\%boardname);}
	if (-s "$HoD->{gl}{basedir}/$HoD->{gl}{keepfile}") {
		open(FILE,"<$HoD->{gl}{basedir}/$HoD->{gl}{keepfile}") or &error("ファイルがオープンできません。\n");
		$descrip = <FILE>;
		close(FILE);
	}
	$HoD->{form}{descrip} = $descrip;
	&head("日記の書き込み",$HoD);
	print "<BR><FORM ENCTYPE=\"multipart/form-data\" METHOD=\"POST\" ACTION=\"$HoD->{gl}{cgi_r}\">\n";
	#print "<INPUT TYPE=\"HIDDEN\" NAME=\"action\" VALUE=\"add\">\n";
	print "<INPUT TYPE=\"HIDDEN\" NAME=\"txtnumber\" VALUE=\"$HoD->{form}{txtnumber}\">\n";
	&add_html ($HoD);
	&id_html1($HoD);
	if ($HoD->{config}{use_add_pass}) {
		print "<BR><CENTER><FONT SIZE=2>修正・削除用Pass</FONT><INPUT TYPE=\"password\" NAME=\"pass\" SIZE=10 maxlength=10 VALUE=$cookie->{pass}></CENTER>\n";
	}
	#print "<BR><CENTER><INPUT TYPE=\"SUBMIT\" VALUE=\"送信\">\n";
	print "<BR><CENTER><SELECT NAME=\"action\">\n";
	print "<OPTION VALUE=\"add\" SELECTED>書き込み\n";
	print "<OPTION VALUE=\"keep\">一時保存\n";
	print "</SELECT>\n";
	print "<INPUT TYPE=\"SUBMIT\" VALUE=\"GO\"></CENTER></FORM>\n";
	#print "<INPUT TYPE=\"RESET\" VALUE=\"リセット\"></CENTER></FORM>\n";
	if ($HoD->{config}{use_icon} eq "1") {
		#print "<CENTER><FORM METHOD=\"POST\" ACTION=\"$HoD->{gl}{cgi_a}\" TARGET=_blank>\n";
		#print "<INPUT TYPE=\"HIDDEN\" NAME=\"action\" VALUE=\"show_icon\">\n";
		#print "<INPUT TYPE=\"SUBMIT\" VALUE=\"アイコンを見る\"></FORM></CENTER><BR>\n";
	}
	print "<BR><CENTER>「一時保存」にすると、現在の日記の内容が保存され、次回日記書き込み時にフォーム内に表示されます。<BR>（保存されるのは「内容」のみです。）</CENTER>\n";
	print "<BR><HR><BR>\n";
	if ($HoD->{form}{username} && $HoD->{form}{password}) {
		&check_pass ($HoD);
		&admin_html ($HoD);
	}
	&foot_html (\*STDOUT, $HoD);
}