#!/usr/bin/perl

use strict;
push(@INC,'/home/oc/cgi-bin/');
use lib '/home/oc/cgi-bin/';
use lib './';
use OC;
use CGI qw/:standard/;;
use HTML::Template;
use Tie::IxHash;
use Digest::MD5 qw(md5_hex);
use Mail::Sender;

use vars qw/
%CONFIG
$template
%form
%cookie
$self_url
$TITLE
@LINKS
$BODY
@DISPLAYED
$CAN_EDIT
$CAN_ADD
$LOGGED_IN
@NOTE
$NAVIGATION
$USERNAME
/;


sub Initialize {
    %form=();
    my $query=new CGI;
    foreach ($query->param) {
        $form{$_}=$query->param($_);
    }   
    foreach ($query->cookie) {
        $cookie{$_}=$query->cookie($_);
    }
    %CONFIG=%OC::CONFIG;

    $self_url=$CONFIG{article_url};

#    $self_url=$ENV{REQUEST_URI};
#    $self_url=~s/^(.*)\?.*$/$1/;
#    $self_url=~s/^(.*.cgi).*$/$1/;

    @DISPLAYED=();
    @LINKS=();
    $TITLE='';
    $BODY='';
    @NOTE=();
    $NAVIGATION='';
    $LOGGED_IN=0;
    $CAN_EDIT=0;
    $CAN_ADD=0;
}


sub ConnectToDatabase {
    if (!defined $::db) {
      $::db = DBI->connect("DBI:mysql:$CONFIG{db_name}:$CONFIG{db_host}:
        $CONFIG{db_port}",$CONFIG{db_username},$CONFIG{db_password})
        || die "Can't connect to database server.";
    }
    return $::db;
}

sub PrepareSQL {
    my ($str) = (@_);
    $::sth=$::db->prepare($str);
}
 
sub ExecuteSQL {
    $::sth->execute(@_) || die "Could not execute SQL statement";
}

sub SendSQL {
    PrepareSQL(@_); 
    ExecuteSQL();
}

sub FetchSQLData {
    return $::sth->fetchrow_array();
}

sub Note {
    push(@NOTE,$_[0]);
}

sub Output_Notes {
    my $result="<font color=red>";
    foreach (@NOTE) {
        $result.="$_<br>";
    }
    $result.="</font><p>";
    return $result;
}

sub Prepare_Template {
    $template=HTML::Template->new(
	filename=>$_[0],
        die_on_bad_params=>0,
        loop_context_vars=>1,
        global_vars=>0,
        shared_cache=>0,
    );
    $template->param(table_color1=>$CONFIG{color}{table1});
    $template->param(table_color3=>$CONFIG{color}{table3});
}

sub Write_Article_Screen {
    $TITLE="Write an article";
    unless ($CAN_ADD) {
        $BODY.="You don't have permissions for writing articles. Are you logged in?";
    } else {
        $BODY.=Output_Notes;
        $BODY.="<form action='$self_url' method=post>";
        $BODY.="<table><tr><td>";
        $BODY.="<p><b>Source</b><br><input type=query name=source value='$form{source}' size=40>";
        $BODY.="<p><b>Title</b><br><input type=query name=title value='$form{title}' size=40><p>
          <b>Body</b><br><textarea name=body value='' cols=70 rows=40 wrap=soft>$form{body}</textarea>
          <input type=hidden name=cmd value='submit_article'><center><hr noshade=1 size=1>
          <input type=submit value='Submit'></td></tr></table>";
        $BODY.="</form>";
    }
}

sub Submit_Article {
    @NOTE=();
    unless ($CAN_ADD) {
        Note("You don't have permissions to add article! Are you logged in?");
    }    
    if (length($form{title})<3) {
        Note("Title too short!");
    }
    if (length($form{body})<50) {
        Note("Body too short!");
    }
    if (scalar(@NOTE)) {
        Write_Article_Screen;
        return;
    }

    PrepareSQL("insert into article (author,title,body,added,status,source) values (?,?,?,?,?,?)");
    ExecuteSQL($cookie{username},$form{title},$form{body},time,'pending',$form{source});

    $TITLE="Submit article";
    $BODY.="Article successfully added to queue. In next 24 hours it will be approved or rejected!
     You can check status on your personal page.";
    
    OC::Mail_Webmaster("Request for article..");
}

sub Show_Queue {
    $TITLE="Article queue";

    unless ($CAN_EDIT) {
        $BODY.="You don't have permissions for editing articles! Are you logged in?";
        return;
    }
    
    $BODY.=Output_Notes;

    my @news=();
    SendSQL("select title,body,author,added,id,source from article where status='pending'");
    while (my @result=FetchSQLData) {
        my %row=();
        $row{title}=$result[0];
        $row{body}=${OC::Smart_Reformat(\$result[1])};
        $row{author}=$result[2];
        $row{added}=OC::Time_To_Str($result[3],'date_only');
        SendSQL("select fullname from account where username='$result[2]'");
        my $author=FetchSQLData;
        $row{author}=$author if ($author); 
        $row{id}=$result[4];
        $row{source}=$result[5];
        push(@news,\%row);
    }

    if (scalar(@news)) {
        $BODY.="<table>";
        my ($color1,$color2)=('#d0d0d0','#ffffff');
        foreach (@news) {
            my %row=%{$_};
            
            $BODY.="<tr bgcolor='$color1'><td>$row{added}</td>
              <td valign=top><b>$row{title}</b><br>$row{body}</td></tr>";
            $BODY.="<tr bgcolor='$color1'><td>$row{author}</td>
              <td align=right><a href='$self_url/admin?cmd=edit&id=$row{id}'>Edit</a>&nbsp;</td></tr>";
            $BODY.="<tr bgcolor='$color1'><td>Source</td>
              <td>$row{source}</td></tr>";
            $BODY.="<tr bgcolor='$color1'><td colspan=2 align=center>
              <form action='$self_url/admin' method=post>
              Response<br><textarea name=response rows=4 cols=50></textarea>
              <br><input type=submit name=approve_article value='Approve'>
              <input type=submit name=reject_article value='Reject'>
              <input type=hidden name=id value=$row{id}>
              </form></td></tr>";
            ($color1,$color2)=($color2,$color1);
        }

        $BODY.="</table>";
    } else {
        $BODY.="No articles in queue..";
    }
    
}

sub Edit_Article {
    my ($title,$body,$by,$source);
    SendSQL("select title,body,author, source from article where id=$form{id}");
    unless (($title,$body,$by,$source)=FetchSQLData) {
        Note("Invalid id: $form{id}!");
        Show_Queue;
        return;
    }

    foreach ($title,$by,$source) {
        $_=~s/"/&quot;/sg;
    }

    $TITLE="Edit article";
    $BODY.=Output_Notes;
    $BODY.="<form action='$self_url/admin' method=post>";
    $BODY.="<table>
      <tr><td>
      By<br><input type=query name=by value=\"$by\" size=40><p>
      Source<br><input type=query name=source value=\"$source\" size=40><p>
      Title<br><input type=query name=title value=\"$title\" size=40><p>
      Body<br><textarea name=body cols=70 rows=40 wrap=soft>$body</textarea>
      <input type=hidden name=id value='$form{id}'>
      <center><hr noshade size=1>
      <input type=submit name=save value='Save'>
      <input type=submit name=justify value='Justify'>
      <input type=reset value='Reset'></td></tr></table>";
    $BODY.="</form>";
}

sub Save_Article {
    PrepareSQL("update article set title=?, body=?, author=?, source=? where id=?");
    ExecuteSQL($form{title},$form{body},$form{by},$form{source},$form{id});
}

sub Justify_Article {
    my $body=$form{body};

    $body=~s/([^\n^\r]+)\r?\n +([^-]{1})/$1 $2/sg;
    $body=~s/(\r?\n) +([^ ^\n^\r]{1})/$1$2/sg;

    PrepareSQL("update article set title=?, body=? where id=?");
    ExecuteSQL($form{title},$body,$form{id});
}


sub Approve_Article {
    PrepareSQL("update article set status=?, response=? where id=?");
    ExecuteSQL('approved',$form{response},$form{id});
}

sub Reject_Article {
    PrepareSQL("update article set status=?, response=? where id=?");
    ExecuteSQL('rejected',$form{response},$form{id});
}

sub Browse_Articles {
    my $offset=$form{offset};
    my %account=();
    SendSQL("select username,fullname from account");
    while (my @sqlresult=FetchSQLData) {
        $account{$sqlresult[0]}=$sqlresult[1];
        $account{$sqlresult[1]}=$sqlresult[0];
    }
    my @article=();
    SendSQL("select title,author,added,id from article where status='approved' order by added desc");
    while (my @result=FetchSQLData) {
        my %row=();
        $row{title}=$result[0];
        $row{author}=$result[1];
        $row{added}=OC::Time_To_Str($result[2],'nice');
        my ($author,$username)=($account{$result[1]},$account{$account{$result[1]}});
        if ($author eq '') {
            $author=$row{author};
        }
        if ($username ne '') {
            $row{author}="<a href='$CONFIG{account_url}/$row{author}'>$author</a>";
        }
        $row{id}=$result[3];
        push(@article,\%row);
    }

    $TITLE="Articles";
    $BODY.=Output_Notes;
    if (scalar(@article)) {
        $BODY.="<ul>";
        foreach (@article) {
            my %row=%{$_};
            $BODY.="<li>$row{added} - <a href='$self_url?cmd=view_article&id=$row{id}'>$row{title}</a> - $row{author}</li>";
        }

        $BODY.="</ul>";
    } else {
        $BODY.="No articles yet..";
    }
    $template->param(
        no_panel=>1,
        page_title=>'Articles',
    );
}

sub View_Article {
    my @result;
    SendSQL("select title,body,author,added,source from article where id=$form{id} and status='approved'");
    unless (@result=FetchSQLData) {
        Note("Invalid article id!");
        Browse_Articles;
        return;
    }

    SendSQL("select fullname,username from account where username='$result[2]'");
    my ($fullname,$username)=FetchSQLData;
    my $author=$fullname;
    if ($fullname eq '') {
        $author=$result[2];
    } 
    if ($username ne '') {
        $author="<a href='$CONFIG{account_url}/$result[2]'>$author</a>";
    }

    $TITLE=$result[0];
    my $link='';
    if ($CAN_EDIT) {
        $link="<a href='$self_url/admin?cmd=edit&id=$form{id}'>
              <img src='$CONFIG{edit_image}' border=0 alt='Click here to edit this block'></a>";
    }
    my $body=${OC::Smart_Reformat(\$result[1])};
    my $date=OC::Time_To_Str($result[3],'nice');
    $BODY.="$date $link<p>by $author <br>source: $result[4]<p> $body";
    $template->param(
        no_panel=>1,
        page_title=>"article: $TITLE",
    );

}

sub Tmpl_Links {
    my ($screen)=@_;
    @LINKS=();
    if ($CAN_EDIT) {
        my %row=();
        $row{name}="Admin";
        $row{link}="$self_url/admin/" if ($screen ne 'admin');
        push(@LINKS,\%row);
    }
    if ($CAN_ADD) {
        my %row=();
        $row{name}="Write an article";
        $row{link}="$self_url?cmd=write_article_screen" if ($screen ne 'write');
        push(@LINKS,\%row);
    }
    if ($CAN_ADD) {
        my %row=();
        $row{name}="Browse";
        $row{link}="$self_url" if ($screen ne 'home');
        push(@LINKS,\%row);
    }
}


sub Output {
    $template->param(
        links=>\@LINKS,
        title=>$TITLE,
        body=>$BODY,
        no_panel=>1,
    );
    print $template->output;
}

sub First_Page {
    my $body='';
    SendSQL("select id,title from article where status='approved' order by added desc limit 5");
    while (my @result=FetchSQLData) {
        $body.=OC::Li("<a href='$CONFIG{article_url}?cmd=view_article&id=$result[0]'>$result[1]</a>");
    }
    print $body;
}

sub Main {
    Initialize;
    Prepare_Template($CONFIG{tmpl_account_file});
    my ($junk,$cmd)=split(/\//,$ENV{PATH_INFO});
    ConnectToDatabase();
    if ($ARGV[0] eq '-fp') {
        First_Page();
        exit;
    }
    print header(-type  =>  'text/html',-charset=>'');
    SendSQL("select username,password,type from account where username='$cookie{username}'");
    my @result=FetchSQLData;
    if (OC::Login($cookie{username},$cookie{password}) ne '') {
        $LOGGED_IN=1;
        if ($result[2] eq 'admin') {
            $CAN_EDIT=1;
            $CAN_ADD=1;
        } elsif ($result[2] eq 'project' || $result[2] eq 'article') {
            $CAN_ADD=1;
        }
    }
    if ($cmd eq 'admin' && $CAN_EDIT) {
        if ($form{approve_article}) {
            Approve_Article;
            Show_Queue;
            Tmpl_Links();
        } elsif ($form{reject_article}) {
            Reject_Article;
            Show_Queue;
            Tmpl_Links();
        } elsif ($form{cmd} eq 'edit') {
            Edit_Article;
            Tmpl_Links();
        } elsif ($form{save}) {
            Save_Article;
            Edit_Article;
            Tmpl_Links();
        } elsif ($form{justify}) {
            Justify_Article;
            Edit_Article;
            Tmpl_Links();
        } else {
            Show_Queue;
            Tmpl_Links('admin');
        }
    } else {
        if ($form{cmd} eq 'first_page') {
            Browse_Articles;
            print $BODY;
            return;
        } elsif ($form{cmd} eq 'write_article_screen') {
            Tmpl_Links('write');
            Write_Article_Screen;
        } elsif ($form{cmd} eq 'submit_article') {
            Tmpl_Links('add');
            Submit_Article;
        } elsif ($form{cmd} eq 'view_article') {
            Tmpl_Links('');
            View_Article;
        } else {
            Tmpl_Links('home');
            Browse_Articles;
        }
    }
    Output;
}

Main;