#!/usr/bin/perl -Tw
############################################################
## Written and copyright 2002 by 
## Jacqueline D. Hamilton (kira@cgi101.com)
##
## This code is excerpted from "CGI Programming 201"
## (http://www.cgi101.com/advanced)
##
## You may use this code on your own website, however
## you may not publish or sell any copy or derivative work
## without permission of the author.
#############################################################
use strict;
use lib '.';
use MyBoard;
use HTML::TagFilter;

my($tf) = HTML::TagFilter->new;
# Now we're going to allow paragraph tags, breaks, italics, bolds,
# and links (<a href=)
$tf->allow_tags({p=>{'any'}}, {br=>{'any'}}, {i=>{'any'}}, {b=>{'any'}}, {a=>{'any'}});

# add a second TagFilter to remove ALL tags - use that on e-mail address
# and subject line.
my($tf2) = HTML::TagFilter->new;
$tf2->allow_tags();

my($i, $sth, $asth, $rv, $replyto, $thread_id);

# do some error-checking - be sure they filled out all the fields
# $cgi->param returns an array of the input field names.
foreach $i ($cgi->param()) {
    if ($cgi->param($i) =~ /^\s*$/) {
        &dienice("$i was blank - please fill out all of the fields.");
    }
}
my($subject) = $tf2->filter($cgi->param('subject'));
my($message) = $tf->filter($cgi->param('message'));
my($from) = $tf2->filter($cgi->param('name'));
my($email) = $tf2->filter($cgi->param('email'));

$sth = $dbh->prepare("insert into messages(author, subject, 
email, date, ip, message, thread_id) values(?,?,?, current_timestamp(),?,?,?)") or &dbdie;

if ($cgi->param('replyto_id') eq "") {
   &dienice("This shouldn't have happened, but you aren't allowed to post new messages here - only follow-ups.");
} else {
   $asth = $dbh->prepare("select * from messages where id=?");
   $rv = $asth->execute($cgi->param('replyto_id'));
   $replyto = $asth->fetchrow_hashref;
   my($thread_id);
   if ($replyto->{'thread_id'} == 0) {
      $thread_id = $replyto->{'id'};
   } else {
      $thread_id = $replyto->{'thread_id'};
   }
   $sth->execute($from, $subject, $cgi->param('email'), $ENV{REMOTE_ADDR}, 
     $message, $thread_id) or &dbdie;
   print $cgi->redirect("$url/message.cgi?$thread_id");
}