#!/usr/local/bin/perl
##########################################################################
#
# Note from Henry: If you can't make this work through our form
# email me. It has been modified to work with railfan.net and
# has been tested several times, but we all know that the only 
# sure things are death and taxes....
#
# Note that there are no system() or open() calls to save any info
# anywhere or any socket functions to send data anywhere else. This 
# just extracts the info from the submission page and prints the 
# results to ONLY your web browser.
#
# The htpwd.cgi file is hardlinked to the_script.txt so that the 
# web server can display the CGI as a web page instead of executing 
# it which is what happens when you click the "Make the Passwords" 
# button in your web browser. What you are seeing here is the actual 
# CGI program which is executed!
#
###########################################################################
# Define Variables
$script = 'http://railpix.railfan.net/htpwd.cgi';

      # Get the input from the web page

      read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
 
      # Split the name-value login/password pairs

      @pairs = split(/&/, $buffer);

   foreach $pair (@pairs) {
      ($name, $value) = split(/=/, $pair);
 
      $name =~ tr/+/ /;
      $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

      $value =~ tr/+/ /;
      $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
       
   $FORM{$name} = $value;

    }

# call the encryption routine

&do_passwords;

# send back the results ONLY to your web browser

&print_page;


# Let's scramble the passwords now

sub do_passwords {
$NAMEA = $FORM{'NAMEA'};
$NAMEB = $FORM{'NAMEB'};
$NAMEC = $FORM{'NAMEC'};
$NAMED = $FORM{'NAMED'};
$PASSA = crypt($FORM{'PASSA'},XX);
$PASSB = crypt($FORM{'PASSB'},XX);
$PASSC = crypt($FORM{'PASSC'},XX);
$PASSD = crypt($FORM{'PASSD'},XX);
if ($NAMEA ne "") {
$PAIRA = "$NAMEA".":"."$PASSA";
   }
if ($NAMEB ne "") {
$PAIRB = "$NAMEB".":"."$PASSB";
   }
if ($NAMEC ne "") {
$PAIRC = "$NAMEC".":"."$PASSC";
   }
if ($NAMED ne "") {
$PAIRD = "$NAMED".":"."$PASSD";
   } 
}


# Let's print out the page for your browser and only your browser.

sub print_page {
$user = $FORM{'user'};

# slap your desired text into the password requestor

$MESSAGE = $FORM{'AUTHNAME'};

# time to start printing the results page to your browser.

print "Content-type: text/html\n\n";

print "<HTML><HEAD>\n";
print "<TITLE>Hamburger Helper by derk\@sonic.net</TITLE>\n";
print "</HEAD><BODY bgcolor=FFFFFF>\n";
print "</CENTER>\n";

# Gotta have the homedir for the AuthUserFile in .htaccess, let's ask the 
# system for it if your login name exists.

@hdir = getpwnam("$user");
if (! @hdir) {
  &invalid_user;
}
else {
$homedir = $hdir[7];
$homedir =~ s/\/\.\/?$//;
}

print "<B>Welcome back...<BR>Make sure you follow all the instructions on this\n";
print " page to the letter.<BR> Otherwise, you'll have problems later. :-(</B>\n"; 

# print qq! makes life easier sometimes...

print qq!<P><B>Here are your password file name/password pairs.<BR>\n!;
print qq!Cut and paste them into a text editor, do not use "View Source"\!<P><FONT COLOR=FF0000>\n!;
print qq!$PAIRA<BR>\n!;
print qq!$PAIRB<BR>\n!;
print qq!$PAIRC<BR>\n!;
print qq!$PAIRD<BR>\n!;
print qq!\n<P></FONT> \n!;
print qq!Now that the file is in your text editor your cursor should be at  the end of the last line of your last name/password pairs, if so, press "enter". Otherwise move your cursor there and press "enter". <BR>Now save the new file as "passwords.txt"<BR>\n!;
print qq!(If you want to add more users later resend the form with new names/passwords\n!;
print qq! and simply paste them onto the end of your passwords file, but remember you need a blank line at the end of the passwords file.)\n!;
print qq!<P>OK - Here is your .htaccess file.<BR>\n!;
print qq!Cut and paste it into a text editor as a new file. - Do not use "View Source".<B><P>\n!;
print qq!<FORM><TEXTAREA COLS=80 ROWS=10>!;
print qq!AuthUserFile ${homedir}/passwords\n!;
print qq!AuthGroupFile /dev/null  \n!;
print qq!AuthName \"$MESSAGE\" \n!;
print qq!AuthType Basic  \n!;
print qq!<limit GET> \n!;
print qq!require valid-user  \n!;
print qq!</limit> \n!;
print qq!</TEXTAREA></FORM>\n!;
print qq!Make sure there is a path in the first line.\n!;
print qq!If there is only "AuthUserFile /passwords" then you did not enter your login name correctly in which case click the BACK button and try again.\n!;
print qq!<P>If the first line has your login name in it then save the file as "htaccess.txt"<P>\n!;
print qq!<P>When you are done <A HREF="/finish.html">\n!;
print qq!click this link</A></B>\n!;
exit;
}

# we're done, only you have the password info now :-)

# If it didn't find a user then let you know

sub invalid_user {
print "<h1>Invalid Login Name!</h1>";
print "Click the BACK button on your web browser and try again.<br><p>";
print "Remember that it is CASE Sensitive and must be entered EXACTLY as it is used when logging in through FTP.";
print "If all else fails then email Henry!";
exit 0;
}