#!/usr/bin/perl

##############################################
##                                          ##
##  PROFILE MANAGER PREMIUM 2.1             ##
##  Build 2004-02-19                        ##
##                                          ##
##  Aytekin Tank                            ##
##  email: aytekin@interlogy.com            ##
##  http://www.interlogy.com/products/pmpre ##
##                                          ##
##  Copyright 1999-2004 Aytekin Tank.       ##
##                                          ##
##############################################

 ###############################
 # find the root if this is IIS:
 ###############################
 if($ENV{'SERVER_SOFTWARE'} =~ m/IIS/)
 {
	if($root eq "" && $ENV{'PATH_TRANSLATED'} ne "")
	{
		my $pt = $ENV{'PATH_TRANSLATED'};
		my @pts = split(/\\/, $pt);
		$pts[-1] = "";
		$root = join "/", @pts;
		$OS = "NT";
	}
 }


 ###############################
 # functions library:
 ###############################
 if(!$dontparse){ 
        require "${root}data/config/pmpre.cfg";
	require "${root}lib/pm.lib"; 
 }

 ###############################
 # Read the data coming from the form..
 ###############################
 if(!$dontparse){ &readit; }

 ###############################
 # read cookie
 ###############################
 if($use_cookie eq "yes" && !$dontparse && $input{'ID'}<1){
   #- retrieve existing cookie
   $lp = $req->cookie("pmpre");
   my ($clogin, $cID) = split(/\|/, pm_decode($lp));
   if(($clogin ne "") and ($cID ne "")){
	   if($input{'login'} eq ""){
		$input{'login'} = $clogin;	
	   }
	   if($input{'ID'} eq "" && $input{'password'} eq ""){
		$input{'ID'} = $cID;
	   }
   }

 }

 ###############################
 # Read session
 ###############################
 if($input{'session'} ne "" && $input{'session'} ne "session" && $input{'action'} ne "display" && $input{'action'} ne "show"){
     ($input{'login'}, $input{'ID'}, $input{'logintime'}) = split(/\|/, pm_decode($input{'session'}));
     $input{'ID'}=0 if( (time()-$input{'logintime'}) > 3600 );	# expire
 }elsif($input{'action'} ne "display" && $input{'action'} ne "show" && $input{'action'} ne "list"){
     $input{'session'} = pm_encode("$input{'login'}|$input{'ID'}|".time());
 }

 if($input{'action'} eq "login") 
 {
   if(&pm_check eq "yes"){
	   $input{'session'} = pm_encode("$input{'login'}|$input{'ID'}|".time());
	   $cookie_pmpre = $req->cookie( 
		-NAME           => "pmpre",
		-VALUE          => $input{'session'},
		-EXPIRES        => "+1h",
		-PATH           => "/"
	   );
   } else {
       $use_cookie  = "no";
   }

   #- setting cookie for a populated login form
   if($input{'save'} eq "yes"){
           my $encoded_login = pm_encode("$input{'login'}|$input{'password'}");
	   my $cookie_pmpre_login = $req->cookie( 
					-NAME           => "pmpre_login",
					-VALUE          => "$encoded_login",
					-EXPIRES        => "+1y",
					-PATH           => "/"
	   );
	   print $req->header(-COOKIE => [$cookie_pmpre, $cookie_pmpre_login]);
    #- setting cookie for accessing any page without ID
   } elsif( $use_cookie eq "yes"){
	   print $req->header(-COOKIE => $cookie_pmpre);
   }else{
	       print "Content-type: text/html\n\n";
   }
  } elsif ($input{'action'} eq "logout") {
   my $cookie_pmpre = $req->cookie( 
				-NAME           => "pmpre",
				-VALUE          => "0",
				-EXPIRES        => "-1d",
				-PATH           => "/"
   );
   my $cookie_pmpre_login = $req->cookie( 
				-NAME           => "pmpre_login",
				-VALUE          => "0",
				-EXPIRES        => "-1d",
				-PATH           => "/"
   );
   print $req->header( -COOKIE => [$cookie_pmpre, $cookie_pmpre_login] );
 } elsif ($input{'action'} eq "approved") {
	$noheader = 1;
 } else {
       print "Content-type: text/html\n\n";
 }


###############################
# Make it easy to find the errors
###############################
eval("main");
if ($@) {
   #print "Content-type: text/plain\n\n",
   &err("<p>\n$@\n");
  }
 
sub main
{


 ###############################
 # track user movement
 ###############################
 if($track_user eq "yes"){
	&track_user;
 }

 ###############################
 # some definations:
 ###############################
 $info = "login=$input{'login'}";
 if($input{'ID'} ne "")
 { $info .= "&ID=$input{'ID'}"; $gotid=1;}
 elsif((&pm_check) eq "yes")
 { $info .= "&ID=$values{'ID'}";}
 &init_errors;


 ###############################
 # create the links
 ###############################
 &link_em;

 ###############################
 # show header
 ###############################
 &pm_header;

 ########
 # MENU #
 ########
  if ($input{'action'} eq "display")
  { &display_cgi; &end; }

  elsif ($input{'action'} eq "delete")
  { if(&pm_check eq "yes"){&pm_delete_form;}else{&err($error_message{'no permission'})}; &end; }

  elsif ($input{'action'} eq "deleted")
  { &pm_delete; &end; }

  elsif ($input{'action'} eq "register")
  {
	&pm_register; 
	&end;
  }

  elsif ($input{'action'} eq "list")
  {&list; &tempwiz; &end; }

  elsif ($input{'action'} eq "error")
  { &err($error_message{$input{'why'}}); &end;}

  elsif ($input{'action'} eq "modify")
  { if(&pm_check eq "yes"){&pm_modify_form} else{&err($error_message{'no permission'})};  &end;  }

  elsif ($input{'action'} eq "show"){ 
	&show; &end; }

  elsif ($input{'action'} eq "member") { 
	&member; &end; }

  elsif ($input{'action'} eq "approved")
  { &approved; exit; }

  elsif ($input{'action'} eq "admin")
  { &admin; &end; }

  elsif ($input{'action'} eq "modified")
  { if(&pm_check eq "yes"){ &pm_modify }; &end; }

  elsif ($input{'action'} eq "login")
  {  
	if($save_stats eq "yes") {&log_event;} 
	if($can_unapproved_login eq "no"){
		if(!&check_approval($input{'login'})){
			&err($error_message{'not approved'});
			&end;
		}
	}
	&panel_check;  
	&end;
  }

  elsif ($input{'action'} eq "send_password"){ 
	&pm_send_password; &end; }

  elsif ($input{'action'} eq "change_password"){
        if(&pm_check eq "yes"){
                &pm_change_password
        }else{
                &err($error_message{'no permission'})
        }; 
        &end;
  }

  elsif ($input{'action'} eq "upload"){ 
        if(&pm_check eq "yes"){
		&pm_upload_page
        }else{
                &err($error_message{'no permission'})
        }; 
        &end;
  }

  elsif ($input{'action'} eq "uploaded"){
        if(&pm_check eq "yes"){
                &modify_element_by_number($input{'field'}, $endURL);
        }&end; 
  }

  elsif ($input{'action'} eq "delete_image") {
        if(&pm_check eq "yes"){
                &modify_element_by_number($input{'field'}, " "); 
        }&end;
  }

  elsif($input{'action'} eq "profile_send_email"){ 
	&profile_send_email; &end; }

  elsif($input{'action'} eq "mail_delete")
  { if(&pm_check eq "yes") { &mail_delete; &tempwiz; } &end; }

  elsif($input{'action'} eq "mail_read")
  { 
    if(&pm_check eq "yes"){ 
        &mail_read; &tempwiz;
    }else{
	&err($error_message{'no permission'});
    } 
    &end; 
  }

  elsif($input{'action'} eq "mail_send"){
	if(&pm_check eq "yes"){
		&mail_send;
		&tempwiz;
		&end;
	}
  }

  elsif($input{'action'} eq "mail_write")
  { 
	if($input{'to'} eq ""){ $input{'to'} = "_" }
	if($input{'subject'} eq ""){ $input{'subject'} = "_" }
	if($input{'body'} eq ""){ $input{'body'} = "_" }
	if(&pm_check eq "yes"){
		&tempwiz;
		&end;
	} else {
		$input{'action'} = "mail_write_login";
		&tempwiz;
		&end;
	}
  }

  elsif($input{'action'} eq "mail_reply")
  { 
	if(&pm_check eq "yes"){
		&mail_reply;
		$input{'action'} = "mail_write";
		&tempwiz;
	}else{
		&err($error_message{'no permission'});
	}
	&end;
  }

  elsif($input{'action'} eq "add_favorite")
  { 
	if(&pm_check eq "yes"){
		&add_favorite;
		&tempwiz;
		&end;
	}else{
		&err($error_message{'no permission'});&end;
	}
  }

  elsif($input{'action'} eq "delete_favorite")
  { 
	if(&pm_check eq "yes"){
		&delete_favorite;
		&tempwiz;
		&end;
	}else{
		&err($error_message{'no permission'});&end;
	}
  }

  elsif($input{'action'} eq "list_favorites")
  { 
	if(&pm_check eq "yes"){
		&list_favorites;
		&tempwiz;
		&end;
	}else{
		&err($error_message{'no permission'});&end;
	}
  }

  elsif($input{'action'} eq "myblog")
  {
	if(&pm_check eq "yes"){
		&blog_list;
		&tempwiz;
		&end;
	}else{
		&err($error_message{'no permission'});&end;
	}
  }


  elsif($input{'action'} eq "blog_add_form")
  {
	if(&pm_check eq "yes"){
		&tempwiz;
		&end;
	}else{
		&err($error_message{'no permission'});&end;
	}
  }

  elsif($input{'action'} eq "blog_modify_form")
  {
	if(&pm_check eq "yes"){
		&blog_display;
		&tempwiz;
		&end;
	}else{
		&err($error_message{'no permission'});&end;
	}
  }

  elsif($input{'action'} eq "blog_delete_form")
  {
	if(&pm_check eq "yes"){
		&tempwiz;
		&end;
	}else{
		&err($error_message{'no permission'});&end;
	}
  }

  elsif($input{'action'} eq "blog_add")
  {
	if(&pm_check eq "yes"){
		&blog_add;
		&tempwiz;
		&end;
	}else{
		&err($error_message{'no permission'});&end;
	}
  }

  elsif($input{'action'} eq "blog_modify")
  {
	if(&pm_check eq "yes"){
		&blog_modify;
		&tempwiz;
		&end;
	}else{
		&err($error_message{'no permission'});&end;
	}
  }

  elsif($input{'action'} eq "blog_delete")
  {
	if(&pm_check eq "yes"){
		&blog_delete;
		&tempwiz;
		&end;
	}else{
		&err($error_message{'no permission'});&end;
	}
  }

  elsif($input{'action'} eq "blog_display")
  {
	&blog_display;
	&tempwiz;
	&end;
  }

  elsif($input{'action'} eq "blog_list")
  {
	&blog_list;
	&tempwiz;
	&end;
  }

  elsif($input{'action'} eq "blog_modify_list")
  {
	&blog_list;
	&tempwiz;
	&end;
  }

  elsif($input{'action'} eq "blog_search")
  {
	&blog_search;
	&tempwiz;
	&end;
  }

  elsif($input{'action'} eq "logout")
  {
	&tempwiz;
	&end;
  }

  else
  {  &panel_check; &end; }

 &err($error_message{'no permission'});&end;
}
#######
# END #
#######