###################################################################
# password.pl                                                     #
#                                                                 #
# copyright 1998 Kenneth Ruyter for The Graphic Age.              #
# http://www.graphicage.com   mailto:keny@graphicage.com          #
#                                                                 #
# Email me if you have modifications to this script or            #
# suggestions to make it better. Oh, Yeah and the bug thing too.. #
#                                                                 #
# General Description:                                            #
# a utility to verify a password against a database of passwords  #
# requires parseform.pl                                           #
# you should call sub VerifyLogin from ParseForm                  #
#                                                                 #
# sub Authenticate prints out the password screen,                #
# sub VerifyLogin checks it against a file                        #
#                                                                 #
# Key Features:                                                   #
# allows the user to werify password and gain entry to a cgi      #
# this is acheived by calling another subroutine if the           #
# password is good.                                               #
#                                                                 #
###################################################################

# sub Authenticate

sub Authenticate {
# Gets user information
print "Content-type: text/html\n\n";

print <<"HTML"; 
<!doctype html public "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>

<title>RiverWeb Entry Point</title>

<script language="JavaScript">


<!-- hide


function Witch() {
  focus("tourWindow");
  open("tour/objectives.html", "tourWindow", 
    "width=330,resizable=yes,height=400,status=yes,toolbar=yes,menubar=yes,scrollbars=yes,titlebar=yes,location=yes");
   
}


// -->


</script>

</head>
<body bgcolor="#ffffff">

<center>
<b>
Please Enter your Name and Password, <br>
Then select whether you want to retrieve <br>
a session or create a new session.<br><br>
</b>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
<form action="$script" method=post>

<input type="hidden" name="verifyLogin" value="yes">

Login:<br>
<input type="text" name="login" selected><br>
Password:<br>
<input type="password" name="password"><br>
<br>
<select name="edit">
<option>New
<option>Retrieve
</select> Session<br><br>
<input type="submit" VALUE="Submit"><br><br>
<a href="" onClick="Witch();this.href='riverweb.cgi';window.name=('riverweb')">Tour RiverWeb</a>
</form>
</td>
</tr>
</table>
</center>

</body>
</html>
HTML

  
}

# sub VerifyLogin
sub VerifyLogin {

# open datafile of login/passwords
open (DATA, "<$datafile");

 # Set a number to count lines in file
 $d = 1;
  
  # While reading in data, do this
  while (<DATA>) {
  
   # count the lines in the file
   $d += 1;
   
    # ditch the newline
    chop;

     # split the information on that line on the ands, 
     # assign each to a variable.
     ($login, $password, $order) = split("&",$_);
     
      # Send the info to a doubly subscripted array, giving each line a home.
      push(@database, {
      Login    => $login,
	  Password => $password,
      Order => $order,
     });
    }
    
   # close datafile
   close (DATA);
   
 # get the login and password info from the form, assign it to variables
 if ( $form{"login"} ){
 $logging = $form{"login"};
 }
 if ( $form{"password"} ){
 $pussword = $form{"password"};
 }
 
 # $imin is a test to see whether you entered the right data
 $imin = 0;
 
 # loop through array and test for password (it's not the most secure script!)
 # for each of the lines in the password file do this..
 for ($c = 0; $c <= $d ; $c++){
 
  # if the login is correct, do this..
  if ($database[$c]{Login} eq $logging){

	$logged = "oui";
	
   # if the password is correct, do this..
   if ($database[$c]{Password} eq $pussword){
	  
	  # if the password is a string, not nothing do this.. (fixes a bug)
      if ($pussword){
      
      # set the imin to 1, saying you got in
      $imin = 1;
      
###################################################################
      if ($form{"edit"} eq "New"){
       $user = $form{login};
       &ResetOrderInDatabase;
       &PrintArrayToDatabase;
       &PrintMap;
      }
      else {
	   # print "Honey I'm Home";
	   # Order is stored in $database[$c]{Order}
	   # Login is stored in $database[$c]{login}
	   # Password is stored in $database[$c]{password}
       &PrintMap;
      }
###################################################################
     
     # end good password action loop
     }
     
    # end password test loop
    }
   
   # end login test loop
   }
   
  # end loop through array
  }

  # now if that didn't work
  if ($imin == 0){

	if ($logged eq "oui"){
	
		$error = "Authentication Failed, Please enter a correct password for user $form{login}";
  		&PrintError;
	
	}
	else {
	
		# if user wants to retrieve, error/record does not exist
   		if ($form{"edit"} eq "Retrieve"){
   			$error = "record does not exist - perhaps you entered the wrong login information";
  			&PrintError;
   		}
  		 else {
   			 # Add user to database
   			 $user = $form{login};
    		&ApendDatabase;
			&PrintMap;
    		# Login is stored in  $form{"login"}
    		# Password is stored in $form{"password"}
   		}
   	}
  # close bad password loop 
  }

# close the subroutine
}

1;