#!/usr/bin/perl -Tw

# check for student 4x4 and group # to start review
# get review item number from list

# Copyright 2002 Dean F. Hougen.  All rights reserved.

$review_dir = '/home/hougen/www/cgi-bin/IIRreviews2002/';
$class_file = $review_dir . 'classfile';
$sendmail = '/usr/lib/sendmail';
$num_groups = 10;

use CGI;
use Fcntl qw(:DEFAULT :flock);
$review = new CGI;

$ENV{'PATH'} = '/usr/bin:/usr/lib';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

# sub untaint;
# sub user_login_form;
# sub validate_login;
# sub user_review_form;
# sub thank_you;

$action = $review->param('action');
if (!$action) {
    # there is no action, must be the first time here, present login form
    user_login_form();
}

elsif ($action eq 'LOGIN'){
    validate_login();
    user_review_form();
}

elsif ($action eq 'SUBMIT'){
    validate_login();
    process_review_form();
    $review_num++;
    if ($review_num <= $num_reviews) {
        user_review_form();
    }
    elsif ($review_num == $num_reviews + 1) {
        thank_you();
    }
    else {
        die "Invalid Review Num: $review_num\n";
    }
}

else {
    # action is undefined
    error_page ("<H1>Error Running Script -- undefined action: $action.</H1>");
}

#######################################################################

sub user_login_form{
    print "Content-type: text/html\n\n";

    print <<"EOF";
    <html>
    <head> 
    <title>CS 4970-001/5973-002 - Intro to Intelligent Robotics  - Spring 2002,
    Review Login</title>
    </head>
    
    <body bgcolor="FFFFFF">
    
                                     <center>
                          <H1>Login Page for Reviews</H1>
                                     </center>
    
    <p>Note, for reviews of group projects, each person should evaluate the
    work of all of the groups <b>individually</b>.  While I have given only a
    single copy of each group's work to each group, the reviews are <b>NOT</b>
    to be done as a group.  Each of you should <b>independently</b> look at
    each proposal and arrive at your <b>own</b> conclusions about the work of
    the groups.  Think of this as homework that you are assigned to do on your
    own.</p> 

    <p>Note, for peer reviews of group members, you should evaluate
    yourself as well as each of your team mates.</p>

    <a name="form"><H2>Enter your OU 4x4, group number, group size, OU
    email address, and the item you are reviewing.</H2></A>
    
    <form method="POST" action="./IIRreview2002.cgi">
    <table>
    
    <tr>
    <td align="right"><b>OU 4 x 4:</b></td>
    <td><input name="four_by_four" size=8></td>
    </tr>
    
    <tr>
    <td align="right"><b>Group Number:</b></td>
    <td><input name="group_num" size=2></td>
    </tr>

    <tr>
    <td align="right"><b>Number of Members in Your Group (Including You):</b></td>
    <td><input name="group_size" size=1></td>
    </tr>
    
    <tr>
    <td align="right"><b>OU Email Address:</b></td>
    <td><input name="email_addr" size=10><b>\@ou.edu</td>
    </tr>
    
    <tr>
    <td align="right"><b>Item to Review:</b></td>
    <td>
    <table bgcolor="#FFFFFF" border cellpadding=6>
    <tr>
    <td><input name="review_item" type="radio" value="P0Tasks">
    </td>
    <td> Project 0 Task Allocation Proposal</td>
    </tr>
    <tr>
    <td><input name="review_item" type="radio" value="P0Peer">
    </td>
    <td> Project 0 Peer Review of Group Members</td>
    </tr>
    <tr>
    <td><input name="review_item" type="radio" value="P1Peer">
    </td>
    <td> Project 1 Peer Review of Group Members</td>
    </tr>
    <tr>
    <td><input name="review_item" type="radio" value="P2Peer">
    </td>
    <td> Project 2 Peer Review of Group Members</td>
    </tr>
    <tr>
    <td><input name="review_item" type="radio" value="P3Peer">
    </td>
    <td> Project 3 Peer Review of Group Members</td>
    </tr>
    </table>
    </td>
    </tr>
    
    <tr>
    <td></td>
    <td><input type="submit" name="action" value="LOGIN"></td>
    </tr>
    </table>
    
    <input name="review_num" type="hidden" value=1>
    
    </form>
    </body> 
    </html>
EOF
} # end of user_login_form

#######################################################################

sub validate_login{
    #process the login information

    $four_by_four = $review->param('four_by_four');
    $group_num = $review->param('group_num');
    $group_size = $review->param('group_size');
    $review_item = $review->param('review_item');
    $review_num = $review->param('review_num');
    $email_addr = $review->param('email_addr');

    #debug_page($four_by_four);

    #check for length of 4x4
    unless (length($four_by_four) > 5 && length($four_by_four) < 9) {
        error_page("<H1>Error Logging In -- Invalid Login Information.</H1> <p>4 x 4 Given: $four_by_four</p>");
    }

    #untaint 4x4
    $four_by_four = untaint($four_by_four);


    #check for length of Group Number
    unless (length($group_num) < 3 && $group_num > 0 && $group_num < 11) {
        error_page("<H1>Error Logging In -- Invalid Login Information.</H1> <p>Group Number Given: $group_num</p>");
    }

    #untaint Group Number
    $group_num = untaint($group_num);

    #check for length of Group Size
    unless (length($group_size) < 2 && $group_size > 3 && $group_size < 6) {
        error_page("<H1>Error Logging In -- Invalid Login Information.</H1>
<p>Group Size Given: $group_size</p>");
    }

    #untaint Group Size
    $group_size = untaint($group_size);


    #untaint Review Item
    $review_item = untaint($review_item);


    #determine number of times through form
    if ($review_item eq 'P0Tasks'){
        $num_reviews = $num_groups;
    }
    else {
        $num_reviews = $group_size;
    }

    #untaint Email Address
    $email_addr = untaint($email_addr);


    #combine 4x4 and Group Number into a single data item
    $login_code = $four_by_four . $group_num . $email_addr ;
    #$login_code = $four_by_four . $group_num;
    #debug_page("Login code is: $login_code");


    #open class file non-destructively, read in entries
    #entry format is "4x4#email_addr" on each line

    $found = 0;
    #debug_page("Classfile is: $class_file");

    sysopen(STUDENTS, "$class_file", O_RDONLY) or die "Can't open $class_file: $!";
    #debug_page("class file opened");
    flock(STUDENTS, LOCK_SH) or die "Can't get shared lock on $class_file: $!";
    while(<STUDENTS>) {
        #debug_page("item is: $_");
        if ($login_code . "\n" eq $_) {
            $found = 1;
            #debug_page("Found is true!");
        }
    }
    close(STUDENTS) or die "Can't close $class_file: $!";
    #debug_page("class file closed");




#        $student_list .= $_;
#    }
#    close(STUDENTS) or die "Can't close $class_file: $!";
#
#    debug_page("Student list is: $student_list");
#
#    #see if login info matches file
#
#    $found = 0;
#    foreach $student ($student_list) {
#        debug_page("Student is: $student");
#        if ($student eq $login_code) {
#            $found = 1;
#            debug_page("Found is true!");
#        }
#    }

    #debug_page("Found is: $found");

    unless (1 == $found){
        error_page("<H1>Error Logging In -- Invalid Login Information.</H1> <p>4 x 4 Given: $four_by_four<br>Group Number Given: $group_num<br>OU Email Address Given: $email_addr\@ou.edu</p>");
    }
}

#######################################################################

sub process_review_form{
    #process the review form

    $review_data = '';

    foreach $field ($review->param) {
        if (length($field) > 20){
            die "Sabotaged Form\n";
        }
        $field = untaint($field);
        foreach $value ($review->param($field)) {
            $value = untaint($value);
            if ((!$value) || $value eq '-1'){
                error_page("<H1>Cannot Leave Any Fields Blank: $field</H1>");
            }
            if (length($value) > 1000){
                error_page("<H1>Error In Form Data -- Invalid Information.</H1> <p>Data Value (must be 1000 characters or less): $value</p>");
            }

            $review_data .= "$field: $value\n";
        }
    }

    #generate file name from data
    $filename = $review_dir . $review_item . $login_code . $review_num;
    $filename = untaint($filename);
    #debug_page($filename);

    #open file, write, and close
    sysopen(REVIEW_FILE, "$filename", O_CREAT | O_EXCL | O_WRONLY) 
    #open(REVIEW_FILE, ">$filename")
        or error_page ("<H1>Error Saving Review -- Already Completed.</H1> <p>We already have this review on file for you.  If this is incorrect, please contact Prof. Hougen.</p>");
    flock(REVIEW_FILE, LOCK_EX) or error_page ("<H1>Error Saving Review -- Locking Error</H1> Can't get exclusive lock on $filename: $!</p>");
    print REVIEW_FILE $review_data
        or error_page ("<H1>Error Saving Review -- Writing Error</H1> <p>Can't write to $filename: $!</p>");
    close(REVIEW_FILE)
        or error_page ("<H1>Error Saving Review -- Close Error</H1> <p>Can't close $filename: $!</p>");
}

#######################################################################

sub user_review_form{
    #the file name to open is built from the review item name
    $filename = $review_dir . $review_item . '.html';
    #debug_page("$filename should be opened");

    print "Content-type: text/html\n\n";

    sysopen(FORM_FILE, "$filename", O_RDONLY) or die "Can't open $filename: $!";
    #debug_page("$filename opened");
    flock(FORM_FILE, LOCK_SH) or die "Can't get shared lock on $filename: $!";
    while(<FORM_FILE>) {
        #debug_page("item is: $_");
        if ($_ eq "<H2>This is the form for group X.</H2>\n"){
            print "<H2>This is the form for group $review_num.</H2>\n"; 
        }
        elsif ($_ eq "<td colspan=13 align=center><H2>Form for group member X</H2></td>\n"){
            print "<td colspan=13 align=center><H2>Form for group member $review_num\n";
        }
        else {
            print;
        }
    }
    close(FORM_FILE) or die "Can't close $filename: $!";

    print <<"EOF";
    <input name="review_num" type="hidden" value=$review_num>
    <input name="four_by_four" type="hidden" value=$four_by_four>
    <input name="group_num" type="hidden" value=$group_num>
    <input name="group_size" type="hidden" value=$group_size>
    <input name="review_item" type="hidden" value=$review_item>
    <input name="email_addr" type="hidden" value=$email_addr>

    </form>
    </body>
    </html>
EOF
}


#######################################################################

sub untaint{
    my $local_var = $_[0];
    unless ($local_var =~ /^([^<]*)$/) {
        die "Couldn't untaint entry: $local_var\n";
    }
    #print $1;
    return $1;
}

#######################################################################

sub error_page{
    print "Content-type: text/html\n\n";

    print <<"EOF";
    <html>
    <head>
    <title>CS 4970-001/5973-002 - Intro to Intelligent Robotics  -
    Spring 2002, Form Error</title>
    </head>
    
    <body bgcolor="FFFFFF">
    @_

    <p>Please back up and try again.</p>

    </body>
    </html>
EOF

    die "Error: @_\n";
}

#######################################################################

sub debug_page{
    print "Content-type: text/html\n\n";

    print <<"EOF";
    <html>
    <head>
    <title>CS 4970-001/5973-002 - Intro to Intelligent Robotics  -
    Spring 2002, Debug Page</title>
    </head>
    
    <body bgcolor="FFFFFF">
    @_

    </body>
    </html>
EOF
}

#######################################################################

sub thank_you{
    open(MAIL, "|$sendmail -t") or error_page ("Can't open pipe to $sendmail: $!\n");
    print MAIL "To: $email_addr\@ou.edu\n";
    print MAIL "From: Dean Hougen <hougen\@ou.edu>\n";
    print MAIL "Cc: Dean Hougen <hougen\@ou.edu>\n";
    print MAIL "Subject:  Review Form Submission Complete\n\n";
    print MAIL "You have completed the reviews for $review_item.\n\n";
    print MAIL "Thank you,\n";
    print MAIL "Prof. Hougen\n";
    close(MAIL) or error_page ("Can't close pipe to $sendmail: $!\n");

    print "Content-type: text/html\n\n";

    print <<"EOF";
    <html>
    <head>
    <title>CS 4970-001/5973-002 - Intro to Intelligent Robotics  -
    Spring 2002, Review Completion</title>
    </head>
    
    <body bgcolor="FFFFFF">
    <H1>Thank you for completing the review process for $review_item.</H1>
    <p>You will soon receive an email verifying your completion of this process.</p>
    </body>
    </html>
EOF
}