#!/usr/local/bin/perl
print "Content-type: text/html\n\n";
$foot = `cat shtml/footer.html`; 
$head = `cat shtml/header.html`; 
$imagedir="../bashimg2";
chdir "$imagedir";
$reloadtime =5;
$script="browser-secured.cgi";
$list = `/bin/ls -l |grep -v $script`;
@listarray = split('\n',$list);
$num = @listarray;
$num --;
if ($page > $num) {print "image error";}
&parse_form;
if ($FORM{page}) {$page=$FORM{page};}
else {$page=1;}
if ($FORM{reloadtime}) {$reloadtime=$FORM{reloadtime};}
else {$reloadtime=0;}

$,=' ';
$line="@listarray[$page]";
($a,$a,$a,$a,$size,$a,$a,$a,$fname) = split(' ',$line);
while ($size < 1) {
   $line="@listarray[$page]";
   ($a,$a,$a,$a,$size,$a,$a,$a,$fname) = split(' ',$line);
   $page ++;
}
$prev = $page -1;
$next = $page +1;

print "<html><head><title>Whiplash Bash Page $page</title>";
if ($reloadtime) {print "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"$reloadtime; URL=$script?page=$next&reloadtime=$reloadtime\">\n";}

#print "$head";

#$page --;
print "</head>
<br>
<center>
<form action=browser-secured.cgi>";
print "<input type=hidden name=reloadtime value=$reloadtime> ";
print "Photo: ";
print "<select name=page>\n";
   print "<option>$page\n";
for ($i=1; $i<= $num; $i++) {
   print "<option>$i\n";
}
print "</select>";
print "<input type=submit value=go> ";
#print "<input type=text name=page value=$page size=3> ";
print "of $num \n";

#for ($i=0; $i<$num; $i++){
   #if ($i eq $page) { print "<b>$i</b> \n";}
   #else {print "<a href=$script?page=$i>$i</a> \n";}
#}

if ($page >1) {print "[<a href=$script?page=$prev&reloadtime=$reloadtime>prev</a>]";}
if ($page < $num) {print "[<a href=$script?page=$next&reloadtime=$reloadtime>next</a>]";}
if ($reloadtime) {print "[<a href=$script?page=$page&reloadtime=0>pause</a>]";}
else {
   if ($page < $num) {print "[<a href=$script?page=$page&reloadtime=3>slideshow</a>]";}}
print "<br>
<table border=3><tr><td> <img src=$imagedir/$fname><br>
</td></tr></table>";
print "$head";
print "$foot";


#}

sub parse_form {

   if ($ENV{'REQUEST_METHOD'} eq 'GET') {
      # Split the name-value pairs
      @pairs = split(/&/, $ENV{'QUERY_STRING'});
   }
   elsif ($ENV{'REQUEST_METHOD'} eq 'POST') {
      # Get the input
      read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
 
      # Split the name-value pairs
      @pairs = split(/&/, $buffer);
   }
   else {
      #&error('request_method');
   }

   foreach $pair (@pairs) {
      if ($pair =~ /\|/) { print "parse error: exiting...\n"; exit; }
      ($name, $value) = split(/=/, $pair);
 
      $name =~ tr/+/ /;
      $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

      $value =~ tr/+/ /;
      $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

      # If they try to include server side includes, erase them, so they
      # arent a security risk if the html gets returned.  Another 
      # security hole plugged up.

      $value =~ s/<!--(.|\n)*-->//g;

      # Create two associative arrays here.  One is a configuration array
      # which includes all fields that this form recognizes.  The other
      # is for fields which the form does not recognize and will report 
      # back to the user in the html return page and the e-mail message.
      # Also determine required fields.

      if ($name eq 'recipient' ||
	  $name eq 'subject' ||
	  $name eq 'email' ||
	  $name eq 'realname' ||
	  $name eq 'redirect' ||
	  $name eq 'bgcolor' ||
	  $name eq 'background' ||
	  $name eq 'link_color' ||
	  $name eq 'vlink_color' ||
          $name eq 'text_color' ||
   	  $name eq 'alink_color' ||
	  $name eq 'title' ||
	  $name eq 'sort' ||
	  $name eq 'print_config' ||
	  $name eq 'return_link_title' ||
	  $name eq 'return_link_url' && ($value)) {
         
	 $CONFIG{$name} = $value;
      }
      elsif ($name eq 'required') {
         @required = split(/,/,$value);
      }
      elsif ($name eq 'env_report') {
         @env_report = split(/,/,$value);
      }
      else {
         if ($FORM{$name} && ($value)) {
	    $FORM{$name} = "$FORM{$name}, $value";
	 }
         elsif ($value) {
            $FORM{$name} = $value;
         }
      }
   }
}