#!/usr/bin/perl -Tw
############################################################
## Written and copyright 2002 by 
## Jacqueline D. Hamilton (kira@cgi101.com)
##
## This code is excerpted from "CGI Programming 201"
## (http://www.cgi101.com/advanced)
##
## You may use this code on your own website, however
## you may not publish or sell any copy or derivative work
## without permission of the author.
#############################################################
use strict;
use lib '.';
use MyBoard;
use HTML::TagFilter;

my($tf) = HTML::TagFilter->new;
$tf->allow_tags();

my($i, $forum_id, $sth, $asth, $rv, $replyto, $thread_id);

# do some error-checking - be sure they filled out all the fields
# $cgi->param returns an array of the input field names.
foreach $i ($cgi->param()) {
    if ($cgi->param($i) =~ /^\s*$/) {
        &dienice("$i was blank - please fill out all of the fields.");
    }
}
$forum_id = $cgi->param('forum');
my($subject) = $tf->filter($cgi->param('subject'));
my($message) = $tf->filter($cgi->param('message'));
my($from) = $tf->filter($cgi->param('name'));

if ($cgi->param('email') !~ /[\w\-]+\@[\w\-]+\.[\w\-]+/) {
   &dienice("You didn't enter a valid e-mail address.");
}

$sth = $dbh->prepare("insert into messages(forum, author, subject, 
email, date, ip, message, thread_id) values(?,?,?,?, current_timestamp(),?,?,?)") or &dbdie;

if ($cgi->param('replyto_id') eq "") {
   $sth->execute($cgi->param('forum'), $from, $subject, 
$cgi->param('email'), $ENV{REMOTE_ADDR}, $message, 0) or &dbdie;
} else {
   $asth = $dbh->prepare("select * from messages where id=?");
   $rv = $asth->execute($cgi->param('replyto_id'));
   $replyto = $asth->fetchrow_hashref;
   my($thread_id);
   if ($replyto->{'thread_id'} == 0) {
      $thread_id = $replyto->{'id'};
   } else {
      $thread_id = $replyto->{'thread_id'};
   }
   if ($cgi->param('post') eq "1") {
       $sth->execute($cgi->param('forum'), $from, $subject,
       $cgi->param('email'), $ENV{REMOTE_ADDR}, $message, $thread_id) or &dbdie;
   }
   if ($cgi->param('mail') eq "1") {
       my($msg) = "This is a private email reply to your post on the discussion board at $url/forum.cgi?" . $replyto->{'forum'} . "\n\n" . $message;
       &sendmail($cgi->param('email'), $replyto->{'email'}, $subject, $msg);
   }
}

print $cgi->redirect("$url/forum.cgi?$forum_id");

sub sendmail {
    my($from, $to, $subject, $message) = @_;
    $ENV{PATH} = "/usr/sbin:/usr/bin";
    my($mailprog) = "/usr/sbin/sendmail";
    open(MAIL,"|$mailprog -t") or &dienice("Couldn't access $mailprog: $!");
    print MAIL "To: $to\n";
    print MAIL "From: $from\n";
    print MAIL "Subject: $subject\n\n";
    print MAIL $message;
    close(MAIL);
}