#!/usr/bin/perl -w
$DEBUG = 0;
$path = "/home/httpd/html/pablotron";
$url="http://www.pablotron.org";

print "Content-type: text/html\n\n";

# get get method args
$qs = $ENV{'QUERY_STRING'};
@qargs = split /&/,$qs;
foreach (@qargs)	{
	tr/+/ /;
	@temp = split /=/,$_;
	$query{$temp[0]} = $temp[1];
}

# get post method args
$qs = "";
$qs .= $_ while (<>);
@qargs = split /&/,$qs;
foreach (@qargs)	{
	tr/+/ /;
	@temp = split /=/,$_;
	$temp[1] =~ s/%([a-fA-F0-9]{2})/chr(hex($1))/ge;
	$query{$temp[0]} = $temp[1];
}

chdir "$path";
chroot "$path";

#$path = $query{ PATH };
$hdr = $query{ HEADER };
$hdr =~ s/\/// if ($hdr =~ /^\//);
if ($hdr =~ /(\.\.\/)+/)	{
	$naughty++;
	#$hdr =~ s#\.\./##g;
	$hdr = "";
}
if ($hdr)	{
	open HEADER, "$hdr" or print "<B>Couldn't open HEADER file $url/$hdr.</B><BR>\n";
}
$bdy = $query{ BODY };

if ($bdy =~ /(\.\.\/)+/)	{
	$naughty++;
	$bdy =~ s#\.\./##g;
	$bdy = "";
}
$bdy .= "index.shtml" if ($bdy =~ /\/$/ );
$bdy =~ s/\/// if ($bdy =~ /^\//);
if ($bdy)	{
	open BODY, "$bdy" or print "<B>Couldn't open BODY file $url/$bdy.</B><BR>\n";
}

$ftr = $query{ FOOTER };
$ftr =~ s/\/// if ($ftr =~ /^\//);
if ($ftr =~ /(\.\.\/)+/)	{
	$naughty++;
	$ftr =~ s#\.\./##g;
	$ftr = "";
}
if ($ftr)	{
	open FOOTER, "$ftr" or print "<B>Couldn't open FOOTER file $url/$ftr.</B><BR>\n";
}


if ($naughty) {
	print "<HTML><HEAD><TITLE>Thanks for trying to break into my server</TITLE>
</HEAD>


<!-- from http://www.ifni.com/ -- Thanks Rich! -->
<SCRIPT LANGUAGE=\"VBScript\">
<!-- 
function PlayIE(musicFile)

if IsObject(navigator) and (navigator.appName = \"Microsoft Internet Explorer\") then
   dim cObj
   dim objTag

   on error resume next
   set cObj = CreateObject(\"Crescendo\")
   cres = IsObject(cObj)
   if (cres) then
        document.write \"<OBJECT ID=Crescendo \" & _
          \"CLASSID=\"\"clsid:0FC6BF2B-E16A-11CF-AB2E-0080AD08A326\"\" \" & _
          \"HEIGHT=55 WIDTH=200> \" 
        document.write \"<PARAM NAME=\"\"Song\"\" VALUE=\"\"\" & musicFile & \"\"\">\"
        document.write \"</OBJECT>\"
   else
      document.write \"<bgsound src=\"\"\" & musicFile & \"\"\" loop=infinite>\"
   end if
end if

end function
//--> 
</script>

<SCRIPT LANGUAGE=\"JavaScript\">
<!-- 
function PlayNS(musicFile)
{
   if (navigator.appName == \"Netscape\")
      {
      var EmbedString;

      EmbedString = \"<EMBED SRC='\"+musicFile+\"' AUTOSTART='true' HIDDEN='true' LOOP='true'>\";
      /* document.write(EmbedString); -- this doesn't work worth a damn */
      }
}

function PlaySong(SongURL)
{
   if (navigator.appName == \"Netscape\")
       PlayNS(SongURL);
   else PlayIE(SongURL);
}
PlaySong(\"/code/view/livin_la_vida_loca.mid\")
//--> 
</script>

<BODY BGCOLOR=\"#FFFFFF\"
      onLoad=\"PlaySong('http://www.pablotron.org/code/view/livin_la_vida_loca.midi');\">


		<BR><BR><CENTER>
		<IMG SRC=\"/code/view/mickey-finger.jpg\"><BR>
		<B>Nope, but thanks for trying!<BR>
		Your information ($ENV{REMOTE_ADDR}, $ENV{HTTP_USER_AGENT}) has been  logged.<BR>
		Please drive through...</B>
</CENTER>\n<BR><BR>
</BODY></HTML>";
} else {
	print "$_" while (<HEADER>);
	while (<BODY>)	{
		#s/__([A-Z0-9a-z_\-\.]+)__/$query{$1}/g;
		s/\&/\&amp\;/g;
		s/</\&lt\;/g;
		s/>/\&gt\;/g;
		s#href="/(.*?)"#href="<a href="/cgi-bin/pablotron/view.pl?HEADER=code/view/top.html\&FOOTER=code/view/bot.html\&BODY=$1">/$1</a>"#i;
		s#virtual="/(.*?)"#virtual="<a href="/cgi-bin/pablotron/view.pl?HEADER=code/view/top.html\&FOOTER=code/view/bot.html\&BODY=$1">/$1</a>"#i;
		s#(src)="(.*?)"#$1="<a href="$2">$2</a>"#ig;
		s#(background)="(.*?)"#$1="<a href="$2">$2</a>"#ig;
		s#href="mailto:(.*?)"#href="mailto:<a href="mailto:$1">$1</a>"#ig;
		print "<B>$1</B>" if ($DEBUG);
		print "$_<BR>";
	}
	
	if ($DEBUG)	{
	print "<BR><BR>";
	print "$_=$query{$_}<BR>\n" foreach (sort keys %query);
	}
	print "$_" while (<FOOTER>);
}