#!/usr/bin/perl

use strict;
use warnings;
use CGI;
use Socket;  # Required for reverse DNS lookups
my $cgi = new CGI;
my $mode;
my $file_login;
my $file_password;
my $file_permission;
my $line;
my $login_valid;
my $avail_id;
my $avail_permission;
my $avail_filename;
my $avail_descr;
my $download_file_name;
my @download_file_holder;

my ( $sec, $min, $hr, $mday, $mon, $year, $wday, $yday, $isdst ) = localtime(time);
my $fixmo  = $mon + 1;
my $longyr = $year + 1900;

# Configuration
my $filename_logins = "download_logins.dat"; # List of authorized users 
my $filename_files = "download_files.dat";   # List of files available for download
my $filename_log = "download_log.dat";       # Log file of downloads

# Get the login from the user
my $user_login = $cgi->param('username') || 'No Username';
my $user_password = $cgi->param('password') || 'No Password';

# Get the file ID from the user
my $user_file_id = $cgi->param('file_id') || '0';

# Determine mode
if($cgi->param('mode') eq "")
{
    # Default to display if none set
    $mode = "display";
}
else
{
    $mode = $cgi->param('mode');
}

# Display correct page for mode
if($mode eq "display")
{
    page_display();
}
elsif($mode eq "download")
{
    page_download();
}
else
{
    page_invalid();
}

exit (0);


# Display files to download
sub page_display
{
    print $cgi->header();
    print $cgi->start_html( -title => 'Download Files',
			    -style => 'style.css');
    print "<h3>Please select a file to download</h3>";

    print "<form name='form' method='post' action='downloads.cgi'>";
    print "<p>Username:";
    print "<input name='username' type='text' id='username' size='10' maxlength='30'>";
    print "</p><p>Password:";
    print "<input name='password' type='password' id='password' size='10' maxlength='30'>";
    print "</p>";
    print "<p><select name='file_id'>";

    open (FILE, $filename_files) || die "Unable to open downloads file";

    while($line = <FILE>)
    {
	# Split on ::
	($avail_id, $avail_permission, $avail_filename, $avail_descr) = split(/::/, $line);

	if($avail_permission eq "MTA")
	{
	    print "<option value='$avail_id'>* $avail_descr</option>\n";
	}
	else
	{
	    print "<option value='$avail_id'>$avail_descr</option>\n";
	}
    }
    close(FILE);


    print "</select><br>\n";
    print "* = A signed MTA is required to download this file</p>\n";
    print "<input name='download' type='submit' id='download' value='Download'>\n";
    print "<input name='mode' type='hidden' value='download'>\n";
    print "</form>\n";

    print $cgi->end_html . "\n";
    exit;
}


# Download a specific file by ID number
sub page_download
{
    # Search the file to see if the login exists
    open (LOGINS, $filename_logins) || die "Unable to open login file";

    $login_valid = 0;
    while($line = <LOGINS>)
    {
	# Split on ::
	($file_login, $file_password, $file_permission) = split(/::/, $line);
	
	if($user_login eq $file_login && $user_password eq $file_password)
	{
	    $login_valid = 1;
	    last;
	}
    }
    close(LOGINS);
    
    if($login_valid == 0)
    {
	page_invalid_login();
	exit;
    }
    else
    {
	# Valid login
	
	# Search for the file that has this download ID
	open (FILE, $filename_files) || die "Unable to open downloads file";
	
	while($line = <FILE>)
	{
	    # Split on ::
	    ($avail_id, $avail_permission, $avail_filename, $avail_descr) = split(/::/, $line);
	    
	    if($user_file_id eq $avail_id)
	    {
		$download_file_name = $avail_filename;
		last;
	    }
	}
	close(FILE);
	
	if($download_file_name eq "")
	{
	    exit;
	}

	# If MTA file, check that user has permission to download
	if($avail_permission eq "MTA" && $file_permission ne "MTA")
	{
	    page_no_perms();
	    exit;
	}
	
	open(FILE, "<hidden_download_dir/$download_file_name") || Error('open', 'file');  
	@download_file_holder = <FILE>;  
	close (FILE) || Error ('close', 'file');
	
	print "Content-Type:application/x-download\n";  
	print "Content-Disposition:attachment;filename=$download_file_name\n\n";
	print @download_file_holder;
	
	# Log this download
	open (LOGFILE, ">>$filename_log") || Error('open','file');
	printf (LOGFILE "%02d/%02d/%04d\t", $fixmo, $mday, $longyr );
	print LOGFILE $ENV{'REMOTE_ADDR'} . "\t"; 
	print LOGFILE gethostbyaddr(inet_aton($ENV{'REMOTE_ADDR'}), AF_INET) . "\t";
	print LOGFILE "$user_login\t";
	print LOGFILE "$download_file_name\n";
	close (LOGFILE);
    }
}


# Invalid mode
sub page_invalid
{
    print $cgi->header();
    print $cgi->start_html( -title => 'Invalid Mode',
			    -style => 'style.css');
    print "<h2>Sorry, you selected an incorrect mode.</h2>";
    print $cgi->end_html . "\n";
    exit;
}

# Invalid login
sub page_invalid_login()
{
    print $cgi->header();
    print $cgi->start_html( -title => 'Invalid Login',
			    -style => 'style.css');
    print "<h2>Sorry, your login was incorrect</h2>";
    print "<p>Login name: $user_login</p>";
    print "<a href='downloads.cgi'>Try again</a>";
    
    print $cgi->end_html . "\n";
}

# Insufficient permissions
sub page_no_perms
{
    print $cgi->header();
    print $cgi->start_html( -title => 'Invalid Mode',
			    -style => 'style.css');
    print "<h2>Insufficient Permissions</h2>";
    print "<p>Sorry, you must sign a MTA before you can download this file.</p>";
    print "<a href='downloads.cgi'>Try again</a>";

    print $cgi->end_html . "\n";
    exit;
}

# Generic error
sub Error {
    print "Content-type: text/html\n\n";
    print "The server can't $_[0] the $_[1]: $! \n";
    exit;
}