#!/usr/bin/perl

use CGI qw(-no_xhtml :standard);
use DBI;
#use Mail::Mailer($mtype);
use lib "/usr/local/psa/home/vhosts/vallecactus.it/INCLUDE";
use Piantegrasse;
use POSIX qw/ceil/;
use Digest::MD5;

$app='piantegrasse.cgi';
#$PATH.='/';$CATPATH.='/';
$q=new CGI;

my %States;
my $page = $q->param('s') || 'login';
%States = (
    'login'      => \&login,
    'accesso'    => \&accesso,
    'start'      => \&Start,
    'mostra'	  =>\&mostraProdotto,
    'profilo'     =>\&mostraProfilo,
    'modpass'     =>\&modificaPassword,
    'mostrap'    => \&mostraSingolaScheda,
    'rinf'       =>\&richiediInfo,
    'rinfok'       =>\&inviaInfo,
    'profilo'   =>\&mostraProfilo,
    'logoff'        =>\&esciPannello,
    'img'      =>\&imgout
    
     
	);

if ( $States{$page} ) {
    $States{$page}->();    # richiama la sub
}
else {
    standard_header();
}

print end_html;
exit();


sub standard_header {

    print header(-expires=> '-1d', -COOKIE=>[$SID,$user,$uid] );
    
    print start_html(  -lang=>'it', -background=>$CATPATH.'bg.gif', -link=>"#FF6600", -vlink=>"#FF6600", -alink=>"#FF0000",-title=>"Area privata - $cognome");
    
    print <<JS;
<SCRIPT language=Javascript1.2>

<!--
var message='Copyright © 2003 Valle Cactus'; function click(e)
{if (document.all) {if (event.button == 2) {alert(message);return false;}}
if (document.layers) {if (e.which == 3) {alert(message);return false;}}}
if (document.layers) {document.captureEvents(Event.MOUSEDOWN);}
document.onmousedown=click;
// -->    
</SCRIPT>
JS
    
    print font({-face=>'Verdana',-size=>1},
	 p(
	   img({-src=>$CATPATH."logo1.gif",-border=>0}),
		)
	)

}

sub login {
   
    
    $id = get_id();
  
    $msg = shift;
    
    standard_header();

    if ( -e ".lock" && ( $q->param('access') ne 'granted' ) ) {
        print p, p, p( { -align => 'center' },
            h3('Accesso temporaneamente disabilitato.') );
        exit;
    }

    print
qq`<table align=center cellpadding="3" cellspacing="8" width="80%" border=0>`;
    print qq`<tr>
		<td>
		`;

    unless ($msg) {
        print qq`<p> &nbsp; </p> <img src=/piantegrasse/rightr.gif border=0> 	
			Inserire la login e password:`;
        print "</td> </tr>";

    }
    else { print $msg }

    print start_form(-action=>$Url.$PATH.$app),hidden(-name=>'s',-value=>'accesso',-override=>1);
   
      print Tr({-bground=>'##F2A826'},
        td(
            { -width => 70 },
            [
                p(font({-face=>'Verdana',-size=>'2'},
                    b('login')
                        ),
                    textfield(
                        -name      => 'login',
                        -value     => '',
                        -size      => 20,
                        -maxlength => 14
                    )
                )
            ]
        )
      ),
      Tr(
        td(
            { -width => 70 },
            [
                p(font({-face=>'Verdana',-size=>'2'},
                    b('Password')
                     ),
                    password_field(
                        -name      => 'pass',
                        -value     => '',
                        -size      => 20,
                        -maxlength => 14,
                        -override=>1
                    )
                )
            ]
        )
    );
	
    print Tr( td( p( submit('Invia'), reset('Annulla') ) ) );

    print endform;

    print "</table>";

}

sub accesso {
    
    $id = cookie('SID');
    
    my ( $clearuser, $clearpass ) = ( param('login'), param('pass') );
    my $usql = qq`select login,pass, Cognome, Nome from clienti 
		where lcase(login)=lcase('$clearuser')`;
   		
    $sth = $dbh->prepare($usql);
    $sth->execute;

    my ( $login, $pass, $cognome, $nome ) = $sth->fetchrow_array;

    if ( ( $pass ne $clearpass ) || ( $sth->rows == 0 ) ) {

        &login(
            h3(
                p(
'&Egrave; necessario inserire i dati di accesso per il proprio account:',
                    br,
                    'Si prega di riprovare.'
                )
            )
        );
    }
    else {

        $makeuid = Digest::MD5->new;
        $makeuid->add( $clearuser, $pass, $id );
        
        my $uid = $makeuid->b64digest;
        $uid =~ s/[^\w\d]//g;
	$UID=$q->cookie(-name=>'uid',
		-value=>$uid,
		                -expires=>'+1h',
                -path=>'/cgi-bin/piantegrasse');
	$USER=$q->cookie(-name=>'user',-value=>$clearuser,                -expires=>'+1h',
                -path=>'/cgi-bin/piantegrasse');
		
        print redirect(
            -uri => $Url . $PATH. $app . '?s=start' ,-cookie=>[$id,$UID,$USER]);

        exit();
    }
}


sub Start {
    my ( $id, $user, $uid ) = ( cookie('SID'), cookie('user'), cookie('uid') );
    print $id,br,$uid,br,$user;
    unless ( checkuser( $user, $uid, $id ) ) {
        standard_header();
        &elenco;
        print br,br,p({-align=>'center'},
        b("VALLE CACTUS ti d&agrave; il benvenuto!")
        ),
        br;
    }
    else {
       &login( p( b("Inserire login e password:") ) );
    }
}



sub mostraProdotto {
	my ( $id, $user, $uid ) = ( cookie('SID'), cookie('user'), cookie('uid') );
	unless ( checkuser( $user, $uid, $id ) ) {
	standard_header();
	&elenco;
	
	
	
		 }   else {
       			&login( p( b("Inserire login e password:") ) );
    		}
}



sub esciPannello {

	 $SID=$q->cookie (
                -name=>'SID',
                -value=>0,
                -path=>'/cgi-bin/piantegrasse',
                -expires=>'now'
                );
           	 $user=$q->cookie (
                -name=>'user',
                -value=>0,
                -path=>'/cgi-bin/piantegrasse',
                -expires=>'now'
                );     
                	 $uid=$q->cookie (
                -name=>'uid',
                -value=>0,
                -path=>'/cgi-bin/piantegrasse',
                -expires=>'now'
                );
                
#standard_header();

#print p({-align=>'center'},b('Arrivederci!'))
 print redirect(
            -uri => $Url )


}

sub imgout {
   my ( $id, $user, $uid ) = ( cookie('SID'), cookie('user'), cookie('uid') );
	my ($nimg,$tipo);
		
  unless ( checkuser( $user, $uid, $id ) ) 	{	
   ($nimg,$tipo)=(param('img'),param('tipo'));
      ($tipo eq 'thumb') && do {$nimg.='t'};
   } else { $nimg='prod0.gif' }
  
 
  my $buffer=0;
  local *IMG;
  open(IMG,"$storeimg/prod".$nimg) || open(IMG,"$storeimg/prod0.gif") || die "Errore sysopen $!";
  print $q->header( -type=>"image/jpeg",-expires=>"+23m");
     while(read(IMG,$buffer,1024)) {
        
        print $buffer;
                }
         close IMG;
         
}

sub mostraSingolaScheda {
	my ( $id, $user, $uid ) = ( cookie('SID'), cookie('user'), cookie('uid') );
	my $idl=param('id');
	
	unless ( checkuser( $user, $uid, $id ) ) {
	standard_header();
	&elenco;
	
	my $sth=$dbh->prepare('select prod,descr1,descr2,confezione, disp, imballo from prodotti where IDL=?');
	$sth->execute($idl);
	my ($prod,$descr1,$descr2,$confezione, $disp, $imballo)=$sth->fetchrow_array;
 print table(
        {
            -border      => 0,
            -cellpadding => 2,
            -cellspacing => 3,
            -width       => '65%',
            -bordercolorlight=>"#ffffff",
            -bordercolordark=>"#000000",
	    -align=>'center'
        	}
	);
 print Tr(td({-align=>'center'},[img({-src=>$app.'?s=img&img='.$idl})])),br,
       Tr(td({-bgcolor=>'#ffffff',-align=>'center'},font({-face=>'Verdana',-size=>3,-color=>'#000000'},p($descr1)))),
      Tr(td({-bgcolor=>'#ffffff',-align=>'center'},font({-face=>'Verdana',-size=>3,-color=>'#000000'},p($descr2)))),
       Tr(td({-bgcolor=>'#C0C0C0',-align=>'center'},font({-face=>'Verdana',-size=>3,-color=>'#000000'},p(b('confezione:'),$confezione)))),
       Tr(td({-bgcolor=>'#C0C0C0',-align=>'center'},font({-face=>'Verdana',-size=>3,-color=>'#000000'},p(b('disponibilit&agrave;:'),$disp)))),
       Tr(td({-bgcolor=>'#C0C0C0',-align=>'center'},font({-face=>'Verdana',-size=>3,-color=>'#000000'},p(b('imballo:'),$imballo))));
       
       print '</table>';
       print br,p({-align=>'right'},
       font({-face=>'Verdana',-size=>2,-color=>'#000000'},a({-href=>$app."?s=rinf&id=$idl"},"[ Richiedi maggiori informazioni su $prod ]")));
       
       
       
       
       
       
       
       
       
	
 }   else {
       			&login( p( b("Inserire login e password:") ) );
    		}	
	
}

sub richiediInfo {
	
	my ( $id, $user, $uid ) = ( cookie('SID'), cookie('user'), cookie('uid') );
	my $idl=param('id');
	
	unless ( checkuser( $user, $uid, $id ) ) {
	standard_header();
	&elenco;
	my $sth=$dbh->prepare('select prod,descr1,descr2,confezione, disp, imballo from prodotti where IDL=?');
	$sth->execute($idl);
	my ($prod,$descr1,$descr2,$confezione, $disp, $imballo)=$sth->fetchrow_array;
	print start_form(),
	hidden(-name=>'s',-value=>'rinfok',-override=>1),hidden(-name=>'id',-value=>$idl,-override=>1),
	table(
        {
            -border      => 1,
            -cellpadding => 1,
            -cellspacing => 1,
            -width       => '65%',
            -bgcolor =>'#ffffff',
            -bordercolorlight=>"#000000",
            -bordercolordark=>"#000000",
	    -align=>'center'
        },
        
        Tr(
        td({-align=>'center'},
         ["Desidero ricevere direttamente sulla casella di posta elettronica maggiori informazioni riguardanti<br><b>$prod</b>."])),
         Tr(
        td({-align=>'center'},
        submit(-name=>' OK '))
        )
	
	), endform;
	
	
		
 }   else {
       			&login( p( b("Inserire login e password:") ) );
    		}	
	
}


sub inviaInfo {
	
	
	my ( $id, $user, $uid ) = ( cookie('SID'), cookie('user'), cookie('uid') );
	my $idl=param('id');
	
	unless ( checkuser( $user, $uid, $id ) ) {
		
	my $sth=$dbh->prepare('select prod,descr1,descr2,confezione, disp, imballo from prodotti where IDL=?');
	$sth->execute($idl);
	my ($prod,$descr1,$descr2,$confezione, $disp, $imballo)=$sth->fetchrow_array;	
		
	standard_header();

	
	
open(SENDMAIL, "|/usr/sbin/sendmail -oi -t") or die "Fork non riuscita: $!\n";
 print SENDMAIL <<"EOF";
From: "$nome $cognome" <$email>
To: $boss
Subject: Richiesta informazioni
X-Priority: 1
X-MSMail-Priority: High
 
Informazioni su:
$prod 
 
.
EOF
close (SENDMAIL);      
	&elenco;
	
	print br,br,p( { -align => 'center' },'La richiesta &egrave; stata inoltrata.'),p( { -align => 'center' },'Grazie per il tuo interesse!');

 }   else {
       			&login( p( b("Inserire login e password:") ) );
    		}	
 
	
}


sub mostraProfilo {
	
	
	my ( $id, $user, $uid ) = ( cookie('SID'), cookie('user'), cookie('uid') );
	unless ( checkuser( $user, $uid, $id ) ) {
	standard_header();
	&elenco;
	
	print br,
	font({-face=>'Courier',-size=>2},
	table(
        {
            -border      => 0,
            -cellpadding => 3,
            -cellspacing => 3,
            -width       => '65%',
            -bgcolor =>'#ffffff',
            #-bordercolorlight=>"#ffffff",
            #-bordercolordark=>"#ffffff",
	    -align=>'center'
        },
        Tr(
           td( ["$nome $cognome"]
            )
          ),
          
        Tr(
           td( [$ditta]
            )
          ),
          
          
         Tr(
           td( ["P.IVA: $piva"]
            )
          ),   
          
          
        Tr(
           td( [$indirizzo]
            )
          ),   
        
	        Tr(
           td( ["$cap $citta $prov"]
            )
          ),   
		        Tr(
           td( [$telefono]
            )
          ),  	
			        Tr(
           td( [$email]
            )
          )
          
          ))	
	
	
	 }   else {
       			&login( p( b("Inserire login e password:") ) );
    		}	
 
	
}




sub elenco {
	print 	font({-face=>'Verdana',-size=>2},
	p({-align=>'right'},
	 a({-href=>$app.'?s=profilo'},'[ profilo utente ]'),'&nbsp;&nbsp;&nbsp;&nbsp;',
	 a({-href=>$app.'?s=logoff'},'[ esci ]')
	 ));
	 
	my $sth=$dbh->prepare('select IDL,prod,descr1 from prodotti where attivo=1 order by prod');
        $sth->execute;
       
	print table(
        {
            -border      => 1,
            -cellpadding => 1,
            -cellspacing => 1,
            -width       => '28%',
            -bordercolorlight=>"#ffffff",
            -bordercolordark=>"#000000",
	    -align=>'left'
        	}
	);
	
	while ( my ($idl,$prod,$descr1)=$sth->fetchrow_array) {
		print Tr( 
			td( {-bgcolor=>'#E9EC00'},
				 [ font({-face=>'Verdana',-size=>2},a({-href=>"$app?s=mostrap;id=$idl",,-color=>'#000000'},$prod )  ),
				img({-src=>$app.'?s=img;tipo=thumb;img='.$idl} ) ]
				)
			)
		}	
	
	print '</table>';
	
}




sub checkuser {
   $id=0;
    my ( $chuser, $chuid ) = @_;
   $id =  $q->cookie('SID');
   $uid = $q->cookie('uid');
   $user= $q->cookie('user');
   $SID=$id;
   # checkid();

    if ( -e ".lock" && $chuser !~ /^charp$/i ) {
        print p, p, p( { -align => 'center' },
            h3('Accesso temporaneamente disabilitato.') );
        exit;
    }

    my $usql =
qq`select IDR,login,pass, Nome,Cognome,Ditta,PIVA, Indirizzo, CAP, Citta, Prov, Telefono, email from clienti 
		where login=lcase('$user')
  `;
    $sth = $dbh->prepare($usql);
    $sth->execute;
    ( $idr, $login, $pass, $nome, $cognome,$ditta, $piva, $indirizzo, $cap, $citta, $prov, $telefono, $email ) =
      $sth->fetchrow_array;
    return 1 if ( !($login) || !($pass) );
    $checkmd5uid = Digest::MD5->new;
    $checkmd5uid->add( $login, $pass, $id );
    my $checkmd5uidresult = $checkmd5uid->b64digest;
    $checkmd5uidresult =~ s/[^\w\d]//g;

    if ( $checkmd5uidresult eq $chuid ) { return 0 }
    else { return 1 }

}

sub get_id {



        $md5 = Digest::MD5->new;

        $md5->add($SEC);
        $md5->add( remote_host() );
        $md5->add( rand() );
        my $Md5 = $md5->b64digest;
        $Md5 =~ s/[^\w\d]//g;
        $id = $Md5;
        $SID=$q->cookie (
                -name=>'SID',
                -value=>$id,
                -expires=>'+1h',
                -path=>'/cgi-bin/piantegrasse'
                );


        return $id;

}