#!/usr/bin/perl

#
# Allow users to change/activate/deactivate their Vacation message
#

use strict;
use English;
use CGI;
use CGI::Carp qw(fatalsToBrowser);
my $www = new CGI;

# Definitions
my $HOME_BASE = "/home/users";
my $SYSTEM_USER_CUTOFF = 500;
my $URL = "/cgi-bin-ssl/vacation/vacation";
my $DEFAULT_MESSAGE = "/etc/vacation.msg";
my $PROCMAIL_RECIPE = "/etc/vacation.procmail";
my $EMAIL_EXTENSION = "\@otc.isu.edu";

# Environment
$ENV{'PATH'} = "/bin:/usr/bin";

# Slow down any guesses..
sleep (3);

# Untaint remote user
my $user = $ENV{'REMOTE_USER'};
$user =~ /^([A-Za-z0-9]+)$/;
$user = $1;

# Get Data
my %vacation;
die "Unable to load vacation status :$vacation{'error'}"
   unless (get_vacation_status($user, \%vacation));
if ($vacation{'pwent'}->[2] < $SYSTEM_USER_CUTOFF) {
   die "Only real users allowed to use vacation."
}

# Become User
my @temp = ($vacation{'pwent'}->[2], $vacation{'pwent'}->[3]);
$GID = $vacation{'pwent'}->[3];
$EGID = $vacation{'pwent'}->[3];
$UID = $vacation{'pwent'}->[2];
$EUID = $vacation{'pwent'}->[2];
# Make sure privs are really gone
($EUID, $EGID) = @temp;
my @groups = split(/\s/, $EGID);
die "Still have root privs ([$vacation{'pwent'}->[2]] [$EUID] [$vacation{'pwent'}->[3]] [$EGID])"
   if (
       ($EUID == 0) ||
       (grep (/^0$/, @groups)) ||
       (grep (/root/, @groups))
      );

print $www->header;
print $www->start_html(-title => "OTC E-Mail Vacation Control",
		       -author => 'Craig Kelley',
 		       -base => 'true',
	 	       -target => undef,
		       -meta => undef,
		       -style => undef,
		       -BGCOLOR => 'white'
		      );

if ($www->param('Activate')) {
   
   print $www->start_form(-method => 'post',
			  -action => $URL);
   
   print "Enter the text you'd like to use for your vacation message.  " .
      "This information will be saved in a file called " .
      "<code>\"vacation_message.txt\"</code> in your home drive (which " .
      "you should be able to edit with any editor).<p>\n";
   my $default;
   open (IN, $DEFAULT_MESSAGE) || die $!;
   while (my $line = <IN>) {
      $default .= $line;
   }
   close IN;
   print $www->textarea(-name => 'Message',
			-default => $default,
			-rows => 10,
			-columns => 80) . "<P>\n";
   print $www->submit(-name => 'ActivateNow',
		      -value => 'Start Auto-reply Now');
   print $www->end_form;
   print $www->end_html;

}
elsif ($www->param('ActivateNow')) {

   my $home = $vacation{'pwent'}->[7];
   open (IN, $PROCMAIL_RECIPE) || die "Unable to read procmail recipe: $!";
   open (OUT, ">$home/.procmailrc") || 
      die "Unable to write $home/.procmailrc: $!";
   my $line;
   while ($line = <IN>) {
      $line =~ s/MY_EMAIL/$user$EMAIL_EXTENSION/;
      print OUT $line;
   }
   close OUT;
   close IN;
   open (OUT, ">$home/vacation_message.txt") ||
      die "Unable to write $home/vacation_message.txt: $!";
   print OUT $www->param('Message');
   close OUT;
   
   print "<H2>Currently sending this vacation message:</H2><P>\n";
   print "<PRE>" . $www->param('Message') . "\n</PRE><p>\n";
   
   print $www->start_form(-method => 'post',
			  -action => $URL);   
   print $www->submit(-name => 'Deactivate',
		      -value => 'Deactivate Vacation Message');
   print $www->submit(-name => 'Edit',
		      -value => 'Edit Vacation Message');
   print $www->end_form;
   print $www->end_html;

}
elsif ($www->param('Deactivate')) {

   my $home = $vacation{'pwent'}->[7];

   unlink ("$home/.procmailrc");
   unlink ("$home/vacation_message.txt");
   unlink ("$home/vacation.cache");

   if ((-e "$home/.procmailrc") || (-e "$home/.vacation_message")) {
      die "Unable to remove vacation files! ($!)";
   }

   print "<H2>Vacation Message Stopped</H2><p>";
   print $www->start_form(-method => 'post',
			  -action => $URL);
   print $www->submit(-name => 'Activate',
		      -value => 'Activate Vacation Message');
   print $www->end_form;
   print $www->end_html;
}
elsif ($www->param('Edit')) {
   
   print $www->start_form(-method => 'post',
			  -action => $URL);
   
   print "Enter the text you'd like to use for your vacation message.  " .
      "This information will be saved in a file called " .
      "<code>\"vacation_message.txt\"</code> in your home drive (which " .
      "you should be able to edit with any editor).<p>\n";
   my $default;
   print $www->textarea(-name => 'Message',
			-default => $vacation{'vacation_message'},
			-rows => 10,
			-columns => 80) . "<P>\n";
   print $www->submit(-name => 'ActivateNow',
		      -value => 'Start Auto-reply Now');
   print $www->end_form;
   print $www->end_html;

}
else {
   # Default Page
   print "<H2>" . $vacation{'pwent'}->[6] . "'s Vacation Email Status</H2><p>\n";
   print $www->start_form(-method => 'post',
			  -action => $URL);
   if ($vacation{'procmailrc'}) {
      print "Vacation auto-reply is currently set to use the following message:";
      print "\n<p>\n<pre>\n$vacation{'vacation_message'}\n</pre><p>\n";
      print $www->submit(-name => 'Deactivate',
			 -value => 'Deactivate Vacation Message');
      print $www->submit(-name => 'Edit',
			 -value => 'Edit Vacation Message');
   }
   else {
      print "Vacation auto-reply is currently <strong>OFF</strong><p>\n";
      print $www->submit(-name => 'Activate',
			 -value => 'Activate Vacation Message');
   }
   print $www->end_form;
   print $www->end_html;
}

exit (0);

sub get_vacation_status {

   my ($user, $rhash) = @_;

   @{$rhash->{'pwent'}} = getpwnam($user);

   unless (ref $rhash->{'pwent'} eq "ARRAY") {
      $rhash->{'error'} = "getpwnam() failed for $user";
      return undef;
   }

   my $home = $rhash->{'pwent'}->[7];
   unless (-d $home) {
      $rhash->{'error'} = "Not a directory: $home";
      return undef;
   }

   if (-e "$home/.procmailrc") {
      $rhash->{'procmailrc'} = 1;
   }

   if (-e "$home/vacation_message.txt") {
      open (IN, "$home/vacation_message.txt");
      while (my $line = <IN>) {
	 $rhash->{'vacation_message'} .= $line;
      }
      close IN
   }
   return 1;
}