#####################################################################
# Multiple records per user
# Limit total number of records a user can add
# Add a record at the time of signup
# To be used *with* the password lookup mod
# To be used with the *user-friendly* html.pl file
#
# by JPDeni
# Created 12-July-2000
#####################################################################
# This mod will allow you to either have the same limit per user or
# a different limit. If you want to change the number of records a
# user can add, go to the "Admin" link and enter the new number in
# the "Add" field.
#####################################################################
#
# You can have the user fill out the form for a new record at the
# same time he signs up for an account.
#
# Install the secure password lookup mod before you install this one.
#
# Note that this will take away a little bit of security. The user's
# email address will not be verified before he signs up for an
# account.
#
#
# You will not be able to use the autogenerate feature if you use this
# mod.
#
# You must include the following in your .cfg file:

  #-- $db_key_track = 1;
  #-- a userid field
  #-- $auth_user_field set to the correct field number
  #-- $auth_signup = 1;

# If you are allowing multiple records per user, you probably will
# not have an email address field in your database. If you do and you
# don't know what changes to make, contact me at deni@jpdeni.com and
# I will tell you what to do.

# Change the @auth_signup_permissions to indicate the default number
# of records a user can add:

#---------------------------
# Permissions a new signup should get.
    @auth_signup_permissions = (1,5,1,1,0);
#---------------------------
# The above would allow new users to add 5 records.

# Also, you should be sure to set

$auth_modify_own = 1;

# in your .cfg file.

#####################################################################
# In html.pl, replace sub html_signup with the following:

sub html_signup_form {
# --------------------------------------------------------
# This form is displayed for new users who want to create an account.
#
  my $error = shift;
  my %rec;
  $in{'signup_form'} = 1;

  $page_title = "Create Account";
  &html_page_top;

  $submit_button = "Create";
  $submit_button = "Create";
  $reset_button = "Cancel";

# < -- Start page text -- >
  print qq|
    <$font>To create your own account, simply fill out the following form.<p>
  |;
# < -- End page text -->

  if ($error) {
    print "<font color=red>$error</font></p>";
    %rec = %in;
  }
  else {
    %rec = &get_defaults;
  }

  print qq|
    <form action="$db_script_url" method="POST">
      <input type=hidden name="db" value="$db_setup">
      <input type=hidden name="uid" value="$db_uid">|;

  &html_record_form(%rec);

  print qq|
          <p><center>
          <INPUT TYPE="SUBMIT" name="signup" VALUE="$submit_button">
          <INPUT TYPE="SUBMIT" NAME="logoff" VALUE="$reset_button">
      </center></p></form>
  |;

  &html_page_bottom;
}

#####################################################################
# Copy sub html_add_success and replace sub html_signup_success with
# it.
#
# You will probably want to change the wording on the subroutine.

#####################################################################
# In sub html_record_form, after

  print qq|
    <TABLE WIDTH="450" CELLPADDING=0 CELLSPACING=0 BORDER=1 BGCOLOR="#FFFFCC">

# add

|;
if ($in{'signup_form'}) {
  print qq|
        <tr><td><$font><b>Email address:</b></FONT></td>
            <td><input type="TEXT" name="email" value="$in{'email'}"></td></tr>
        <tr><td><$font><b>Password:</b></FONT></td>
            <td><input type="PASSWORD" name="pw" value="$in{'pw'}"></td></tr>
  |;
}
print qq|

#####################################################################
# In db.cgi replace sub signup with the following
# Note that this includes the code for the secure password lookup
# mod.


sub signup {
# --------------------------------------------------------
# Allows a user to sign up without admin approval. Must have $auth_signup = 1
# set. The user gets @default_permissions.
#
#
  my ($message,$userid, $pw, $view, $add, $del, $mod, $admin, $email,$password);
  my ($output, $status, $counter);

# Check to make sure userid is ok, pw ok, and userid is unique.
  unless ((length($in{$db_cols[$auth_user_field]}) >= 3) and (length($in{$db_cols[$auth_user_field]}) <= 12) and ($in{'userid'} =~ /^[a-zA-Z0-9]+$/)) {
    $message = "Invalid userid: $in{'userid'}. Must only contain only letters and be less than 12 and greater than 3 characters.<BR>";
  }
  unless ((length($in{'pw'}) >= 3) and (length($in{'pw'}) <= 12)) {
    $message .= "Invalid pw: '$in{'pw'}'. Must be less than 12 and greater than 3 characters.<BR>";
  }
  unless ($in{'email'} =~ /.+\@.+\..+/) {
    $message .= "Invalid email address format: '$in{'email'}'.<BR>";
  }

  open (PASSWD, "<$auth_pw_file") || &cgierr("unable to open password file. Reason: $!\n");
    @passwds = <PASSWD>;
  close PASSWD;
  foreach $pass (@passwds) {  # Go through each pass and see if we match..
    next if ($pass =~ /^$/);        # Skip blank lines.
    next if ($pass =~ /^#/);        # Skip Comment lines.
    chomp ($pass);
    ($userid, $pw, $view, $add, $del, $mod, $admin, $email) = split (/:/,$pass);
    if (lc($in{$db_cols[$auth_user_field]}) eq lc($userid)) {
      $message = "userid already exists. Please try another.<BR>";
    }
    if (lc($in{'email'}) eq lc($email)) {
      $message .= "email address already exists.";
    }
  }
  if ($message) {
    &html_signup_form ($message);
    return;
  }

  $status = &validate_record;

  while ($status eq "duplicate key error" and $db_key_track) {
    if ($counter++ > 50) {
      &html_signup_form("duplicate key error");
      &html_signup_form("duplicate key error");
      return;
    }
    $in{$db_key}++;
    $status = &validate_record;
  }
  if ($status eq "ok") {
    open (DB, ">>$db_file_name") or &cgierr("error in add_record. unable to open database: $db_file_name.\nReason: $!");
      if ($db_use_flock) {
        flock(DB, 2)  or &cgierr("unable to get exclusive lock on $db_file_name.\nReason: $!");
      }
      print DB &join_encode(%in);
    close DB;
    open (ID, ">$db_id_file_name") or &cgierr("error in get_defaults. unable to open id file: $db_id_file_name.\nReason: $!");
      if ($db_use_flock) {
        flock(ID, 2)  or &cgierr("unable to get exclusive lock on $db_id_file_name.\nReason: $!");
      }
      print ID $in{$db_key};
    close ID;

    $in{'email'} = lc($in{'email'});
# Add the userid into the file with signup permissions.
    open (PASS, ">>$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
      if ($db_use_flock) {
        flock(PASS, 2)  or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
      }
      srand( time() ^ ($$ + ($$ << 15)) );    # Seed Random Number
      my @salt_chars  = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
      my $salt        = join '', @salt_chars[rand 64, rand 64];
      my $encrypted   = crypt($in{'pw'}, $salt);
      my $permissions = join (":", @auth_signup_permissions);

      print PASS "$in{$db_cols[$auth_user_field]}:$encrypted:$permissions:$in{'email'}\n";

    close PASS;
    $in{'login'} = 1;
    $db_uid = "";
    $in{'userid'} = $in{$db_cols[$auth_user_field]};

    ($status, $uid, $per_view, $per_add, $per_del, $per_mod, $per_admin) =&auth_check_password;
    if ($status eq "ok") {
      $db_script_link_url = "$db_script_url?db=$db_setup&uid=$db_uid";
      ($db_userid) = $db_uid =~ /([A-Za-z0-9]+)\.\d+/;
    }
    &auth_logging("added new user: $in{$db_cols[$auth_user_field]}") if ($auth_logging);
    &html_signup_success;
  }
  else {
    &html_signup_form($status);
  }
}


######
# In db.cgi, sub add_record, after
######

&auth_logging("added record: $in{$db_key}") if ($auth_logging);

######
# add
######

unless ($per_admin) {
  open (PASS, "<$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
    if ($db_use_flock) { flock(PASS, 1); }
    @lines = <PASS>;
  close PASS;

  open (PASS, ">$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
    if ($db_use_flock) {
      flock(PASS, 2)  or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
    }
    foreach $line (@lines) {
      if ($line =~ /^$db_userid:/) {
        chomp $line;
        @passdata = split ':',$line;
        --$passdata[3];
        $per_add = $passdata[3];
        $pass_line = join ':',@passdata;
        print PASS "$pass_line\n";
        print PASS "$pass_line\n";
      }
      else {
        print PASS $line;
      }
    }
  close PASS;
}

######
# In sub delete_records, change
######

if ($in{$key} eq "delete") {
  $delete_list{$key} = 1;
  $rec_to_delete = 1;
}

######
# to
######

if ($in{$key} eq "delete") {
  $delete_list{$key} = 1;
  $rec_to_delete = 1;
  unless ($per_admin) {
    ++$user_count;
  }
}

######
# Also in sub delete_records, after
######

&auth_logging("deleted records: $succstr") if ($auth_logging);

######
# add
######

open (PASS, "<$auth_pw_file") or &cgierr ("unable to open:
$auth_pw_file.\nReason: $!");
  if ($db_use_flock) { flock(PASS, 1); }
  @lines = <PASS>;
close PASS;


open (PASS, ">$auth_pw_file") or &cgierr ("unable to open:$auth_pw_file.\nReason: $!");
  if ($db_use_flock) {
    flock(PASS, 2)  or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
  }
  foreach $line (@lines) {
    if ($line =~ /^$db_userid:/) {
      chomp $line;
      @passdata = split ':',$line;
      $passdata[3] += $user_count;
      $per_add = $passdata[3];
      $pass_line = join ':',@passdata;
      print PASS "$pass_line\n";
    }
    else {
      print PASS $line;
    }
  }
close PASS;

######
# In sub admin_display, change
######

    if ($in{'inquire'} and ($in{'username'} eq $data[0])) {
        $user_list .= qq~<option value="$data[0]" SELECTED>$data[0]</option>\n~;
        $perm = qq|
          View <input type=checkbox name="per_view" value="1"     |; ($data[2] and $perm .= "CHECKED"); $perm .= qq|>
          Add <input type=checkbox name="per_add" value="1"       |; ($data[3] and $perm .= "CHECKED"); $perm .= qq|>
          Delete <input type=checkbox name="per_del" value="1"    |; ($data[4] and $perm .= "CHECKED"); $perm .= qq|>
          Modify <input type=checkbox name="per_mod" value="1"    |; ($data[5] and $perm .= "CHECKED"); $perm .= qq|>
          Admin <input type=checkbox name="per_admin" value="1"   |; ($data[6] and $perm .= "CHECKED"); $perm .= qq|>|;
          $password = $data[1];
    }
    else {
      $user_list .= qq~<option value="$data[0]">$data[0]</option>\n~;
    }
  }
  $user_list .= "</select>";

# Build the permissions list if we haven't inquired in someone.
  if (!$perm) {
    $perm = qq|
      View <input type=checkbox name="per_view" value="1"     |; ($auth_default_perm[0] and $perm .= "CHECKED"); $perm .= qq|>
      Add <input type=checkbox name="per_add" value="1"       |; ($auth_default_perm[1] and $perm .= "CHECKED"); $perm .= qq|>
      Delete <input type=checkbox name="per_del" value="1"    |; ($auth_default_perm[2] and $perm .= "CHECKED"); $perm .= qq|>
      Modify <input type=checkbox name="per_mod" value="1"    |; ($auth_default_perm[3] and $perm .= "CHECKED"); $perm .= qq|>
      Admin <input type=checkbox name="per_admin" value="1"   |; ($auth_default_perm[4] and $perm .= "CHECKED"); $perm .= qq|>|;
  }
  &html_admin_display ($message, $user_list, $password, $perm);
}

######
# to
######


    if ($in{'inquire'} and ($in{'username'} eq $data[0])) {
        $user_list .= qq~<option value="$data[0]" SELECTED>$data[0]</option>\n~;
        $perm = qq|
          View <input type=checkbox name="per_view" value="1"     |; ($data[2] and $perm .= "CHECKED"); $perm .= qq|>
          Add <input type=text name="per_add" value="$data[3]" size=3>
          Delete <input type=checkbox name="per_del" value="1"    |; ($data[4] and $perm .= "CHECKED"); $perm .= qq|>
          Modify <input type=checkbox name="per_mod" value="1"    |; ($data[5] and $perm .= "CHECKED"); $perm .= qq|>
          Admin <input type=checkbox name="per_admin" value="1"   |; ($data[6] and $perm .= "CHECKED"); $perm .= qq|>|;
          $password = $data[1];
    }
    else {
      $user_list .= qq~<option value="$data[0]">$data[0]</option>\n~;
    }
  }
  $user_list .= "</select>";
# Build the permissions list if we haven't inquired in someone.
  if (!$perm) {
    $perm = qq|
      View <input type=checkbox name="per_view" value="1"     |; ($auth_signup_permissions[0] and $perm .= "CHECKED"); $perm .= qq|>
      Add <input type=text name="per_add" value="$auth_signup_permissions[1]"size=3>
      Delete <input type=checkbox name="per_del" value="1"    |; ($auth_signup_permissions[2] and $perm .= "CHECKED"); $perm .= qq|>
      Modify <input type=checkbox name="per_mod" value="1"    |; ($auth_signup_permissions[3] and $perm .= "CHECKED"); $perm .= qq|>
      Admin <input type=checkbox name="per_admin" value="1"   |; ($auth_signup_permissions[4] and $perm .= "CHECKED"); $perm .= qq|>|;
  }
  &html_admin_display ($message, $user_list, $password, $perm);
}


#####################################################################
# To create a link to the signup form--

# from a static .html page --

<a href="http://url/to/db.cgi?db=database name&signup_form=1">Sign up</a>

# from within DBMan --

<a href="$db_script_url?db=$db_setup&signup_form=1">Sign up</a>