#!/usr/bin/perl use warnings; use CGI::WebOut; # safe output use CGI::WebIn; # form input use CGI::Tools; # html tools use Text::xSV; $CGI::WebOut::ErrorReporting = 0; # no errors from WebOut require "../priceman/priceconf"; # Define variables # Define variables our $DIR_prices = "../priceman/prices"; our $DIR_forms = "forms"; our $FILE_users = "userlist"; our $DIR_catalog = "../priceman/users"; our $SCRIPT = "view_price.pl"; our $SCRIPT_DL = "download.pl"; ### # MAIN # # analyze input data my $action=$IN{'do'}; ACTION: { if ($action eq "auth") {&auth; last ACTION;} if ($action eq "list") {&show_pricelist; last ACTION;} if ($action eq "view") {&show_price; last ACTION;} #if ($action eq "download") {&download_price; last ACTION;} &login_form; } exit; # # MAIN -- END ### sub login_form() { show_form("login"); } sub auth() { $in_login=$POST{"login"}; $in_password=$POST{"password"}; open (USERS, "$DIR_catalog/$FILE_users"); @users = ; close (USERS); foreach $users (@users) { @entry = split (/\|\|/, $users); $uid=$entry[0]; if (($in_login eq $entry[1])&&($in_password eq $entry[2])) { $price0=1; $price1=2; $price2=3; $price3=4; ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=localtime(); $lastentry = $hour + $mon + 10 + $wday; if ($entry[$pos{$PRICE[0]}] ne "") {$price0++} if ($entry[$pos{$PRICE[1]}] ne "") {$price1++} if ($entry[$pos{$PRICE[2]}] ne "") {$price2++} if ($entry[$pos{$PRICE[3]}] ne "") {$price3++} $price_s = $price0+$price1+$lastentry; $price_m = $price1+$price2+$lastentry; $price_x = $price2+$price3+$lastentry; $cookie="$price_s$price1$price0$price_m$price3$price2$price_x$lastentry"; #$username="" } } #foreach users print qq{ processing... } } #login #37 3 2 38 4 3 39 32 sub show_pricelist() { our $COOKIE = $IN{'c'}; $prices[0]=substr($COOKIE,3,1); $prices[1]=substr($COOKIE,2,1); $prices[2]=substr($COOKIE,7,1); $prices[3]=substr($COOKIE,6,1); $price_s = substr($COOKIE,0,2); $price_m = substr($COOKIE,4,2); $price_x = substr($COOKIE,8,2); $lastentry = substr($COOKIE,10,2); ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=localtime(); $lastentry_real = $hour + $mon + 10 + $wday; $lastentry_real = $lastentry_real - 2; if ($lastentry_real > $lastentry) {exit;} if ($prices[0]+$prices[1]+$lastentry != $price_s) {exit;} if ($prices[1]+$prices[2]+$lastentry != $price_m) {exit;} if ($prices[2]+$prices[3]+$lastentry != $price_x) {exit;} $id = 2; print "\n"; for ($i=0; $i<4; $i++) { if ($prices[$i] eq $id) { $prc = $PRICE[$i]; $prc =~ s/.csv//g; $cook = $COOKIE; $pname = $priceid{$PRICE[$i]}; show_form("price_entry_view"); } $id++; } print "\n"; } sub show_price() { our $FRM_price = $IN{'p'}; $FRM_price =~ s/\0//g; # anti null-byte poisoning $FRM_price =~ s/\|//g; $FRM_price =~ s/\\//g; $FRM_price =~ s/\///g; $FRM_price =~ s/;//g; our $COOKIE = $IN{'c'}; $prices[0]=substr($COOKIE,3,1); $prices[1]=substr($COOKIE,2,1); $prices[2]=substr($COOKIE,7,1); $prices[3]=substr($COOKIE,6,1); $price_s = substr($COOKIE,0,2); $price_m = substr($COOKIE,4,2); $price_x = substr($COOKIE,8,2); $lastentry = substr($COOKIE,10,2); ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=localtime(); $lastentry_real = $hour + $mon + 10 + $wday; $lastentry_real = $lastentry_real - 2; if ($lastentry_real > $lastentry) {exit;} if ($prices[0]+$prices[1]+$lastentry != $price_s) {exit;} if ($prices[1]+$prices[2]+$lastentry != $price_m) {exit;} if ($prices[2]+$prices[3]+$lastentry != $price_x) {exit;} $allow = 0; $id = 2; for ($i=0; $i<4; $i++) { if ($prices[$i] eq $id) { $prc = join ("", $FRM_price, ".csv"); if ($PRICE[$i] eq $prc) {$allow = 1} } $id++; } if ($allow == 0) {exit;} $cook = $COOKIE; print qq{

<< Список прайсов

}; my $pricelist = new Text::xSV; $pricelist->set_sep(";"); $pricelist->open_file("$DIR_prices/${FRM_price}.csv"); $pricelist->read_header(); my @fields = $pricelist->get_fields; my $is_header = 1; while ($pricelist->get_row()) { my %record = $pricelist->extract_hash(); my $fld_cnt = 0; foreach my $field (@fields) {if ($record{$field}) {$fld_cnt++}} my $cellclass="pricetd"; if ($is_header == 1) { $is_header = 2; print "

$record{$fields[0]}

\n"; print "\n"; next; } if ($is_header == 2) { $cellclass="pricetdh"; $is_header = 0; } print " \n"; # start of table if ($fld_cnt > 1) { foreach my $field (@fields) { if ($record{$field} eq " ") {$record{$field} = " "} print " \n"; } } else { $cellclass="pricetdc"; $mytext = $record{$fields[0]}; $mytext =~ s/\n/
\n/g; my $fld_num = $#fields + 1; $b1 = $b2 = ""; if ($mytext =~ m/===/) { $mytext =~ s/===//g; $cellclass="pricetdcom"; $b1="

• ";$b2="

"; $mytext =~ s/
\n/\n

/g; } print "

\n"; } print " \n"; } print "

$record{$field}

$b1$mytext$b2

\n"; } sub download_price { exit; our $FRM_price = $IN{'p'}; our $COOKIE = $IN{'c'}; $prices[0]=substr($COOKIE,3,1); $prices[1]=substr($COOKIE,2,1); $prices[2]=substr($COOKIE,7,1); $prices[3]=substr($COOKIE,6,1); $price_s = substr($COOKIE,0,2); $price_m = substr($COOKIE,4,2); $price_x = substr($COOKIE,8,2); $lastentry = substr($COOKIE,10,2); ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=localtime(); $lastentry_real = $hour + $mon + 10 + $wday; $lastentry_real = $lastentry_real - 2; if ($lastentry_real > $lastentry) {exit;} if ($prices[0]+$prices[1]+$lastentry != $price_s) {exit;} if ($prices[1]+$prices[2]+$lastentry != $price_m) {exit;} if ($prices[2]+$prices[3]+$lastentry != $price_x) {exit;} $allow = 0; $id = 2; for ($i=0; $i<4; $i++) { if ($prices[$i] eq $id) { $prc = join ("", $FRM_price, ".csv"); if ($PRICE[$i] eq $prc) {$allow = 1} } $id++; } if ($allow == 0) {exit;} $prc = join ("", $FRM_price, ".xls"); $pricefile = $prc; Header("Content-Disposition: attachment; filename=\"$pricefile\""); Header("Pragma: no-cache"); open (PRICE, "$DIR_prices/$pricefile"); binmode(PRICE); print ; close (PRICE); } ### # Show HTML form # sub show_form { my $form_nm = $_[0]; my (@form, $form); my $form_name = join ("", $form_nm, ".frm"); open (FFL, "$DIR_forms/$form_name"); while ($form=) { # dereferensing variables $form =~ s/(\$\w+)/$1/gee; print $form; } close (FFL); } #sub show_form ##