#!/usr/bin/perl -w
use strict;
#use lib qw ( @@ LIBDIR@@ );
use lib qw ( /usr/share/perl5/vendor_perl/ );
# my $kas=/"/";
use Misc;

#my $wwwdir="@@ WWWDIR@@";
#my $usersfile="@@ ETCDIR@@users";
#my $htpass ="@@ htpasswd@@";
my $etcdir="/etc/lstat/";
my $usersfile="/etc/lstat/users";
my $htpass ="";

my $htread=$etcdir.'htaccess.view';
my $htedit=$etcdir.'htaccess.edit';
my $dialog='';
my ($key, $msg, $cmd);

$ENV{'PATH'} = '/bin:/usr/bin:/sbin:/usr/sbin';


#load language translations
LoadLangData ('','security');
my $lf="\n";
if (@ARGV) {
$dialog ='';

} else {
#find dialog patch
my @out=`which dialog 2>&1`;
$dialog = $out[0] if (! $?);
chomp ($dialog);
$lf='\n' if ($dialog);
}
my $backtitle=$dict{'BACK_TITLE'};

$msg =$dict{'WELCOME_MSG'};

if ($dialog) {
 print "$dict{'HANG'}\n";
 $cmd = "$dialog --backtitle '$backtitle' --title '$dict{'WELCOME_TITLE'}' --msgbox '$msg' 15 60";
`$cmd`;
} else {
 print ("\n",'-' x 70, "\n\n");
 $msg =~ s/\\n/\n/g;
 print $msg, "\n\n$dict{'WELCOME_WAIT'}";
 $key =<STDIN>;
}

my $secinfo =$dict{'SEC_INFO'};
my $readinfo =$dict{'READ_INFO'};
my @readopt=split (/;/, $dict{'READ_OPT'});

if ($dialog) {
 $cmd = "$dialog --backtitle '$backtitle' --title '$dict{'SEC_TITLE'}' --msgbox '$secinfo' 15 60";
`$cmd`;
} else {
 $secinfo =~ s/\\n/\n/g;
 print "\n$secinfo\n"
 };

do {
if ($dialog) {
$msg='';
for (my $i=1; ($i-1) < @readopt; $i++) {

 $msg .="$i '$readopt[$i-1]' ";
}
$cmd = "$dialog --backtitle '$backtitle' --title '$dict{'SEL_TITLE'}' --menu '$readinfo' 15 60 5 $msg";
my @out =`$cmd 2>&1`;
if (@out) { $key = $out[0];}
else {exit;};
#print "$cmd";
} else {
print "\n$readinfo\n";
for (my $i=1; ($i-1) < @readopt; $i++) {
 print "$i\. $readopt[$i-1]\n";
}
print "$dict{'SEL_OPT'}\n";

$key =<STDIN>;
}
}
while ( ! ($key =~ /^[1-5]$/));

my (@ipread, @ipedit);
my ($userread, $passread, $useredit, $passedit);
my $satisfyread;
my $satisfyedit;
my $noread=0;
my $noedit=0;
my $same=0;

get_ip (\@ipread) if ($key =~ /[245]/);
($userread, $passread) = get_user () if ($key =~ /[345]/);
$satisfyread='all' if ($key =~ /[4]/);
$satisfyread='any' if ($key =~ /[5]/);
$noread=1 if ($key =~ /[1]/);

my $editinfo ="\n$dict{'EDIT_INFO'}";
my @editopt=split (/;/, $dict{'EDIT_OPT'});

do {
if ($dialog) {
$msg='';
for (my $i=1; ($i-1) < @editopt; $i++) {

 $msg .="$i '$editopt[$i-1]' ";
}
$cmd = "$dialog --backtitle '$backtitle' --title '$dict{'SEL_TITLE'}' --menu '$editinfo' 15 60 6 $msg";
my @out =`$cmd 2>&1`;
if (@out) { $key = $out[0];}
else {exit;};
#print "$cmd";
} else {
print "$editinfo\n";
for (my $i=1; ($i-1) < @editopt; $i++) {
 print "$i\. $editopt[$i-1]\n";
}
print "$dict{'SEL_OPT'}\n";

$key =<STDIN>;
}
}
while ( ! ($key =~ /^[1-5]$/));


get_ip (\@ipedit) if ($key =~ /[245]/);
($useredit, $passedit) = get_user () if ($key =~ /[345]/);
$noedit=1 if ($key =~ /[1]/);
$satisfyedit='all' if ($key =~ /[4]/);
$satisfyedit='any' if ($key =~ /[5]/);
$same=1 if ($key =~ /[1]/);



my $sum =  $dict{'SUMMARY_Q'}.$lf.$lf;

if (! $noread) {
 $sum .= "$dict{'SUMMARY_IP'}.$lf";
 if (@ipread) {foreach (@ipread) {$sum .= "$_$lf"} } else {$sum .= "$dict{'NONE'}$lf"};
 if (defined ($userread)) { $sum .= "$dict{'USER'} $userread, $dict{'PASS'} $passread$lf"}
 $sum .= "$dict{'SEC_MODE'} $satisfyread$lf" if (defined ($satisfyread));
 } else {$sum .= "$dict{'NO_READ'}$lf"}

if (! $noedit) {
 if ($same) { $sum .= "$dict{'EDIT_LIKE_READ'}$lf"}
  else {
 $sum .= "$dict{'SUMMARY_IP_EDIT'}$lf";
 if (@ipedit) {foreach (@ipedit) {$sum .= "$_$lf"} } else {$sum .= "$dict{'NONE'}$lf"};
 if (defined ($useredit)) { $sum .= "$dict{'USER'} $useredit, $dict{'PASS'} $passedit$lf"}
 $sum .= "$dict{'SEC_MODE'} $satisfyedit$lf" if (defined ($satisfyedit));
  }
 } else {$sum .= "$dict{'NO_EDIT'}$lf";}

if ($dialog) {
 $cmd = "$dialog  --backtitle '$backtitle' --title '$dict{'SUMMARY_TITLE'}' --yesno '$sum' 18 60";
 my @out =`$cmd 2>&1`;
if (! $?) { $key = $dict{'YES'}}
} else {
print ("\n\n",'-' x 70,"\n$dict{'SETTINGS'}\n");
print $sum;
print "\n $dict{'ASK_STR'}";
$key =<STDIN>;
}

my $ok1="\n$dict{'UPDATE_OK'}\n";
my $ok2="\n$dict{'UPDATE_CANCELED'}\n";

if ($key =~ /^$dict{'YES'}/i) {

#create files-------------------------
#delete old files
unlink ($usersfile);
unlink ($htread);
unlink ($htedit);

# XXX no restriction AT THIS TIME MOMENT (between unlink and create new file!!!)

create_httaccess ('LinuxStat', $htread, \@ipread, $satisfyread, $userread, $passread);
create_httaccess ('LinuxStat-Edit', $htedit, \@ipedit, $satisfyedit, $useredit, $passedit) if (!$same);

#remove Lock FILE if exists
my $lockfile= $sysconfig{'LSTAT_LCK'};
if ( -e $lockfile ){
 unlink ($lockfile) if ( $lockfile =~ /\.lck$/); #remove only files with .lck extension
}

if ($dialog) {
 $cmd = "$dialog  --clear --backtitle '$backtitle' --title '$dict{'END_WORK'}' --msgbox '$ok1' 10 60";
 `$cmd`;
 } else {print $ok1;}
} else {
if ($dialog) {
 $cmd = "$dialog  --clear --backtitle '$backtitle' --title '$dict{'END_WORK'}' --msgbox '$ok2' 10 60";
 `$cmd`;
 } else {print $ok2 }
}

#-------------SUBS----------------------------------------------------------------


#get ip addresses comma separated list
sub get_ip {
my $ref = shift;
my $info =$dict{'IP_INFO'};
my $data;
if ($dialog) {
my $cmd = "$dialog --backtitle '$backtitle' --title '$dict{'ADDR'}' --inputbox '$info' 10 60";
my @out =`$cmd 2>&1`;
if (@out) { $data = $out[0];}
else {exit;};

} else {
print "\n$info\n";
$data = <STDIN>;
}
chomp ($data);
@$ref = split (/,/, $data);
}

#get ip addresses comma separated list
sub get_user {
my $info1=$dict{'USER_INFO'};
my $user;
if ($dialog) {
my $cmd = "$dialog --backtitle '$backtitle' --title '$dict{'USER_NAME'}' --inputbox '$info1' 10 60";
my @out =`$cmd 2>&1`;
if (@out) { $user = $out[0];}
else {exit;};

} else {
print "\n$info1\n";
$user = <STDIN>;
}
my $info2=$dict{'USER_PASS'};
my $pass;

if ($dialog) {
my $cmd = "$dialog --backtitle '$backtitle' --title  '$dict{'USER_PASS'}' --inputbox '$info2' 10 60";
my @out =`$cmd 2>&1`;
if (@out) { $pass = $out[0];}
else {exit;};

} else {
print "\n$info2\n";
$pass = <STDIN>;
}

chomp ($user);
chomp ($pass);
return ($user, $pass);
}


sub create_httaccess {
 my ($authname, $htfile, $ipref, $satisfy, $user, $pass) = @_;
 open (FILE, ">$htfile" ) or die "Cant create $htfile: $!\n";
 print FILE "AuthName \"$authname\"\nAuthUserFile $usersfile\nAuthType Basic\n";
 if (@$ipref) {
  #ip access
  print FILE "Order deny,allow\ndeny from all\n";
  foreach my $ip (@$ipref) {
   print FILE "allow from $ip\n";
  }
 }
 if (defined ($user)) {
  #user auth
  print FILE "require user $user\n";
  #add to password file
  my $flags ="";
  $flags ="-c" if (! -e $usersfile);
  print `$htpass -m -b $flags $usersfile $user $pass`;
  chmod 0644, $usersfile;
 }
 if (!@$ipref && !defined ($user)) {
  #no auth
  print FILE "Order deny,allow\nallow from all\n";
 }
 print FILE "satisfy $satisfy\n" if (defined ($satisfy));
 close FILE;
 chmod 0644, $htfile;
}
