#!/usr/bin/perl

# +-------------------------------------------+
# | council_password.cgi -- Password          |
# |                         protection        |
# |                         CGI script        |
# | Author           : Unknown                |
# | Created On       : Unknown                |
# | Last Modified By : Ryan William Facer     |
# | Last Modified On : Thursday July 30, 1998 |
# | Update Count     : 2                      |
# | E-Mail           : cattails@cattails.ca   |
# +-------------------------------------------+
# | 1. Renamed everything to council          |
# | 2. Change title to Council                |
# +-------------------------------------------+

# Set Variables

$passwd = "com2";
# The password you want

$login = "council";
# The username you want

$protected = "http://www.secretan.com/wwwboard/council_discuss.html";
# The URL of the protected page

$cgiurl = "http://www.secretan.com/cgi/council_password.cgi";
# The URL of the script.

$log = "0";
# 1 to log unsuccessfull attempts to get passed the script, anything else
# to not log the attempts

$logfile = "council.log";
# The file to log unsuccessfull attempts to get through. must be chmod 777

$bodycolor = "<BODY BGCOLOR=\"FFFFFF\" TEXT=\"000000\">";
# The <BODY> tag and whatever attributes you want to give it, you can
# also include a <FONT FACE=XXX> or <FONT SIZE=XXX> or <FONT COLOR=XXX>
# and anything else you want at the top. note that all quotes (") need
# to have a \ in front of them (\")

$title = "Higher Ground Community Council Discussion Forum Password Protection";
# The Title of the page.
#
# Done Setting Variables
##########################################



if ($ENV{QUERY_STRING} eq "about"){
	&about;
}; # if

if ($ENV{REQUEST_METHOD} eq "GET"){
	&get_login;
} else {
	&parse_form;
}; # if

$password = $input{'password'};
$username = $input{'username'};

if ($username eq $login) {
	if ($password eq $passwd){
		print "Location: $protected\n\n";
	} else {
		&error;
	}; # if
} else {
	&error;
}; # if

sub parse_form {

   read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
   if (length($buffer) < 5) {
         $buffer = $ENV{QUERY_STRING};
   }; # if
   @pairs = split(/&/, $buffer);
   foreach $pair (@pairs) {
      ($name, $value) = split(/=/, $pair);

      $value =~ tr/+/ /;
      $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

      $input{$name} = $value;
   }; # foreach
}; # parse_form

sub get_login{
	print "Content-type: text/html\n\n";
	print "<HTML><HEAD><TITLE>$title</Title></HEAD>\n";
	print "$bodycolor\n";
	print "<CENTER><H1>Welcome to the Higher Ground Community Council Password Protection</CENTER></H1><br><hr><br>\n";
	print "<FORM ACTION=\"$cgiurl\" METHOD=POST><CENTER>\n";
	print "<TABLE BORDER=5><TH COLSPAN=2>Login</TH>";
	print "<TR><TD>User Name:</TD><TD><INPUT TYPE=text NAME=\"username\" SIZE=15></TD></TR>\n";
	print "<TR><TD>Password:</TD><TD><INPUT TYPE=password  NAME=\"password\" SIZE=15></TD></TR>\n";
	print "<TR><TD COLSPAN=2 ALIGN=CENTER><INPUT TYPE=submit VALUE=\" Login \">\n";
	print "<INPUT TYPE=reset VALUE=\" Clear \">\n";
	print "</FORM></TD></TR></TABLE>\n";
	print "<BR><BR></BODY></HTML>\n";
	exit;
}; # get_login

sub error{
	print "Content-type: text/html\n\n";
	print "<HTML><HEAD><TITLE>Access Error!</Title></HEAD>\n";
	print "$bodycolor\n";
	print "<CENTER><H1>Ooops! Sorry, but the password you just entered is incorrect.</H1></CENTER>\n";
	print "<CENTER><P>Please pause, smell the roses and try again.</P></CENTER>\n";
	print "<IMG SRC=http://www.secretan.com/html/images/rose.jpg>\n";
#	print "<CENTER><H1>Access Error! - Please Go back and re-enter your username and password</H1><br>\n";
#	print "<BLINK><H3>Your IP Has Been Logged.</H3></BLINK></CENTER>\n";
	print "<hr></BODY></HTML>\n";
	if ($log eq '1'){
		read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
		open(LOG,">>$logfile") || die $!;
		print LOG "$ENV{REMOTE_HOST} tryed to get by the script.\n";
		print LOG "using $ENV{HTTP_USER_AGENT}.\nPassword: $password\n";
		print LOG "Username: $username\n\n";
		close(LOG);
	}; # if
	exit;
}; # error

sub about{
	print "Content-type: text/html\n\n";
	print "<HTML><HEAD><TITLE>Protect-A-Page v1.0</TITLE></HEAD><BODY>\n";
	print "<CENTER><H1>Protect-A-Page v1.0</CENTER></H1><BR>\n";
	print "Protect-A-Page v1.0 is just a simple way to password protect\n";
	print "web pages with a CGI script.<br><br>Written By:\n";
	print "<BR><br>Protect-A-Page may be obtained from\n";
	print "<a href=\"http://www.wilter.com/ehack/\">The Wiltered Realm</a>\n";
	print "in the \"Scripts\" section of the page, along with\n";
	print "all of the other scripts I've released.\n";
	print "<br><a href=\"$cgiurl\">Go Back</a>";
	print "<br><hr>";
	exit;
}; # about