Untitled

#!/usr/bin/perl

#use strict;
use warnings;
use CGI;
use DBI;
use CGI::Session;
use CGI::Session::Driver::mysql;
use Digest::MD5 qw/md5_hex/;

### subs
sub db_connect {
    open(CONF, shift || "./config.txt") || return 0;
        # read config file
        @a = <CONF>;
        chomp @a;
        my ($dbhost, $dbuser, $dbpass, $dbname) = @a;
    close CONF;
    $k = DBI->connect("DBI:mysql:$dbname;host=$dbhost", $dbuser, $dbpass);
    return $k;
}
sub db_query {
    $q = $kapcs->prepare(shift);
    $q->execute();
    while($row = $q->fetchrow_hashref()) {
        push @ret, \%$row;
    }
    return @ret;
}
sub check_login {
    $nev = shift; $nev =~ s/'/\\'/;     # avoid sql injection
    $pass = shift; $pass = md5_hex $pass;
    $kapcs = db_connect;
    $q = $kapcs->prepare("SELECT uid FROM users WHERE nev='$nev' AND pass='$pass'");
    $q->execute();
    $row = $q->fetchrow_hashref();
    return $row->{uid};
}
sub session_start {
    open(CONF, shift || "./config.txt") || return 0;
        # read config file
        @a = <CONF>;
        chomp @a;
        my ($dbhost, $dbuser, $dbpass, $dbname) = @a;
    close CONF;
    $session = CGI::Session->new("driver:mysql", undef, {DataSource => "DBI:mysql:$dbname;host=$dbhost", User => $dbuser, Password => $dbpass});
    $session->expire(shift || '+30m');
    #return CGI::Cookie->new(-name=>$session->name, -value=>$session->id, -path=>shift||'/');
    return $session;
}
sub session_stop {
    $session->delete();
    $session->flush();
}
sub session_set {
    # takes: string1 string2
    $session->param(shift, shift);
    $session->flush();
}
sub session_get {
    # takes: string
    # returns: value of variable represented by string
    return $session->param(shift);
}
sub form_read {
    if($ENV{REQUEST_METHOD} =~ /GET/i) {
        $q = $ENV{QUERY_STRING};
        @pairs = split(/&/, $q);
        foreach $pair (@pairs) {
            ($var, $val) = split(/=/, $pair);
            $val =~ tr/+/ /;
            $val =~ s/%(..)/pack("C", hex($1))/eg;
            $form{$var} = $val;
        }
    } elsif($ENV{REQUEST_METHOD} =~ /POST/i) {
        #read(STDIN, $q, $ENV{CONTENT_LENGTH});
        foreach $field ($cgi->param()) {
            $form{$field} = $cgi->param($field);
        }
    }
    return %form;
}
### end subs

### globals
our $session = 0;
our $cgi=CGI->new();
our %form;
### end globals

### headers
$session = CGI::Session->load();
if($session->is_expired()) {
    $session->delete();
}
if(not $session or $session->is_empty()) {
    $session = session_start;
} else {
}
print $cgi->header(-type, "text/html", -charset, "UTF-8", -cookie, CGI::Cookie->new(-name=>$session->name, -value=>$session->id));
### end headers

## read GET/POST variables
%form = form_read;


if(not $session->is_empty() and session_get("uid")) {
    ### MAIN PART
    $email = session_get("email");
    $nev = session_get("nev");


    if($kapcs = db_connect()) {
        @rows = db_query "SELECT uid,email,nev FROM users";
        foreach my $row1 (@rows) {
            foreach my $col1 (keys %$row1) {
                print " | ".$row1->{$col1}."";
            }
            print "\n";
        }
    } else {
        die "Error: $DBI::errstr";
    }

    ### END MAIN PART

} else {
    if($form{nev}) {
        if($uid = check_login $form{nev}, $form{pass} ) {
            session_set 'uid', $uid;
            print "logged in";
        } else {
            # incorrect login/pass
            print "incorrect";
        }
    } else {
        # login screen
        print "please login!";
    }
}
print "\n";