Project Name IWorld

use vars qw(%config %category %form);
use strict;

local %config;

$config{'basepath'} ='/auction/';
$config{'regdir'} = 'reg';

#

%category = (
Orchids => 'Orchid Species',
Orchids => 'Orchid Hybrids',
Other => 'Classifieds',
);

$config{'adminpass'} = 'fremar';

$config{'mailhost'} = 'localhost';

$config{'admin_address'} = 'iwaustralia@hotmail.com';

$config{'scripturl'} = 'http://www.IWAustralia.8m.com';

$config{'colortablehead'} = '#bbbbbb;
$config{'colortablebody'} = '#EEEEEE';

$config{'sitename'} = 'IWAustralia';

$config{'header'} =<<"Thanks for dropping by.";

$config{IWAustralia} - Powered By EveryAuction

$config{IWAustralia}

Online Auction

Thanks for dropping by, Call again soon.

$config{'footer'} =<<"Come back soon"

Powered By EveryAuction 1.53

EOF

$config{'aftermin'} = 5;

$config{'flock'} = 1;

$config{'newokay'} = 1;

print "Content-type: text/html\n\n";
print $config{'header'};

local %form = &get_form_data;
if ($form{'action'} eq 'new') { &new; }
elsif ($form{'action'} eq 'repost') { &new; }
elsif ($form{'action'} eq 'procnew') { &procnew; }
elsif ($form{'action'} eq 'procbid') { &procbid; }
elsif ($form{'action'} eq 'reg') { ® }
elsif ($form{'action'} eq 'procreg') { &procreg; }
elsif ($form{'action'} eq 'creg') { &creg; }
elsif ($form{'action'} eq 'proccreg') { &proccreg; }
elsif ($form{'action'} eq 'closed') { &viewclosed1; }
elsif ($form{'action'} eq 'closed2') { &viewclosed2; }
elsif ($form{'action'} eq 'closed3') { &viewclosed3; }
elsif ($form{'action'} eq 'admin') { &admin; }
elsif ($form{'action'} eq 'procadmin') { &procadmin; }
elsif ($form{'action'} eq 'search') { &procsearch; }
elsif ($form{'item'} eq int($form{'item'}) and $category{$form{'category'}}) { &dispitem; }
elsif ($category{$form{'category'}}) { &displist; }
else { &dispcat; }

print "

[Category List]";
print " [Post New Item]" if ($config{'newokay'});
print " [New Registration] [Change Registration]" if ($config{'regdir'});
print " [Closed Auctions]" if ($config{'regdir'}) and ($config{'closedir'});
print "

\n";
print $config{'footer'};

sub dispcat {
print "

Auction Categories

\n";
print "";
my $key;
foreach $key (sort keys %category) {
umask(000); # UNIX file permission junk
mkdir("$config{'basepath'}$key", 0777) unless (-d "$config{'basepath'}$key");
opendir DIR, "$config{'basepath'}$key" or &oops("Category directory $key could not be opened.");
my $numfiles = scalar(grep -T, map "$config{'basepath'}$key/$_", readdir DIR);
closedir DIR;
print "";
}
print "

Category	Items
$category{$key}	$numfiles

\n";
}

sub displist {
print "

$category{$form{'category'}}

\n";
print "\n";
print "\n";
opendir THEDIR, "$config{'basepath'}$form{'category'}" or &oops("Category directory $form{'category'} could not be opened.");
my @allfiles = grep -T, map "$config{'basepath'}$form{'category'}/$_", sort { int($a) <=> int($b) } (readdir THEDIR);
closedir THEDIR;
my $file;
foreach $file (@allfiles) {
$file =~ s/^$config{'basepath'}$form{'category'}\///;
$file =~ s/\.dat$//;
my ($title, $reserve, $inc, $desc, $image, @bids) = &read_item_file($form{'category'},$file);
if ($title ne '') {
my ($alias, $email, $bid, $time, $add1, $add2, $add3) = &read_bid($bids[$#bids]);
my @closetime = localtime($file);
$closetime[4]++;
print "\n";
}
}
print "

Item	Closes	Num Bids	High Bid
$title"; print " [PIC]" if ($image); print "	$closetime[4]/$closetime[3]	$#bids	\$$bid

\n";
}

sub dispitem {
my ($title, $reserve, $inc, $desc, $image, @bids) = &read_item_file($form{'category'},$form{'item'});
&oops("Item $form{'item'} could not be opened. If this item is closed, you can view statistics and bid history using our closed item viewer.") if $title eq '';
my $nowtime = localtime(time);
my $closetime = localtime($form{'item'});
my $html_description = &strip_scripts(&enable_html($desc));
print "

$title

Information

\n";
print "";
print "" if ($image);
print "

$title

Category: $category{$form{'category'}}

";
my ($alias, $email, $bid, $time, $add1, $add2, $add3) = &read_bid($bids[0]); # read first bid
print "Offered By: $alias

Current Time: $nowtime

Closes: $closetime
Or $config{'aftermin'} minutes after last bid...

Number of Bids: $#bids

";
my ($alias, $email, $bid, $time, $add1, $add2, $add3) = &read_bid($bids[$#bids]); # read last bid
print "Last Bid: \$$bid ";
print "(reserve price not yet met)" if ($bid < $reserve);
print "(reserve price met)" if (($bid >= $reserve) and ($reserve > 0));
print "

\n";
print "

Description

$html_description";
print "

Bid History

\n";
my $lowest_new_bid;
if ($#bids) {
for (my $i=1; $i my ($alias, $email, $bid, $time, $add1, $add2, $add3) = &read_bid($bids[$i]);
my $bidtime = localtime($time);
print "$alias $$bidtime$ - \$$bid
";
}
$lowest_new_bid = &parsebid($bid+$inc);
}
else {
print "No bids yet...
";
$lowest_new_bid = (&read_bid($bids[0]))[2];
}
# either the item is closed or we will display a bid form
my ($alias, $email, $bid, $time, $add1, $add2, $add3) = &read_bid($bids[$#bids]); # read the last bid
if ((time > int($form{'item'})) && (time > (60 * $config{'aftermin'} + $time))) {
print "BIDDING IS NOW CLOSED
";
&closeit($form{'category'},$form{'item'});
}
else {
print <<"EOF";

Place A Bid

The High Bid Is: \$$bid

The Lowest You May Bid Is: \$$lowest_new_bid

Please note that by placing a bid you are making a contract between you and the seller.
Once you place a bid, you may not retract it. In some states, it is illegal to win
an auction and not purchase the item. In other words, if you don't want to pay for it,
don't bid!
EOF

if ($config{'regdir'}) {
print <<"EOF";

Registration is required to post or bid!

Your Handle/Alias: (used to track your bid)

Your Password: (must be valid)

Your Bid: \$

EOF
}
else {
print <<"EOF";

Your Handle/Alias: (used to track your bid)

Your E-Mail Address: (must be valid)

Your Bid: \$

Contact Information: (will be given out only to the seller)

Full Name:

Street Address:

City, State, ZIP:

EOF
}
print <<"EOF";

EOF
}
}

sub new {
my ($title, $reserve, $inc, $desc, $image, @bids);
my $inc = '1.00'; # default increment
if ($form{'REPOST'}) {
$form{'REPOST'} =~ s/\W//g;
if (-T "$config{'basepath'}$config{'closedir'}/$form{'REPOST'}.dat") {
open THEFILE, "$config{'basepath'}$config{'closedir'}/$form{'REPOST'}.dat";
($title, $reserve, $inc, $desc, $image, @bids) = ;
close THEFILE;
chomp($title, $reserve, $inc, $desc, $image, @bids);
}
}
print <<"EOF";

Post A New Item

Title/Item Name: No HTML
Category: Select One
Image URL: Optional, should be no larger than 200x200
Days Until Close: 1-14
Description: May include HTML - This should include the condition of the item, payment and shipping information, and any other information the buyer should know.	$desc
Please note that by placing an item up for bid you are making a contract between you and the buyer. Once you place an item, you may not retract it and you must sell it for the highest bid. In other words, if you don't want to sell it, don't place it up for bid! EOF if ($config{'regdir'}) { print <<"EOF"; Registration is required to post or bid!
Your Handle/Alias: Used to track your post
Your Password: Must be valid
Your Starting Bid:	\$
Your Reserve Price: You are not obligated to sell below this price. Leave blank if none.	\$
Bid Increment:	\$

EOF
}
else {
print <<"EOF";

Your Handle/Alias:
Used to track your post
Your E-Mail Address:
Must be valid
Your Starting Bid:\$
Your Reserve Price:
You are not obligated to sell below this price. Leave blank if none.\$
Bid Increment:\$
Contact Information:
Will be given out only to the buyer
Full Name:

Street Address:

City, State, ZIP:

EOF
}
print <<"EOF";

EOF
}

sub procnew {
my ($password, @userbids);
if ($config{'regdir'} ne "") {
&oops('Your alias could not be found!') unless ($password, $form{'EMAIL'}, $form{'ADDRESS1'}, $form{'ADDRESS2'}, $form{'ADDRESS3'}, @userbids) = &read_reg_file($form{'ALIAS'});
$form{'ALIAS'} = ucfirst(lc($form{'ALIAS'}));
&oops('Your password is incorrect.') unless ((lc $password) eq (lc $form{'PASSWORD'}));
}
&oops('You must have an item title that is up to 50 characters.') unless ($form{'TITLE'} && (length($form{'TITLE'}) < 51));
&oops('You must select a valid category.') unless (-d "$config{'basepath'}$form{'CATEGORY'}" and $category{$form{'CATEGORY'}});
$form{'IMAGE'} = "" if ($form{'IMAGE'} eq "http://");
&oops('You must enter the number of days your auction should run, from 1 to 14.') unless (($form{'DAYS'} > 0) and ($form{'DAYS'} < 15));
&oops('You must enter an item description.') unless ($form{'DESC'});
&oops('You must enter an alias to track your item.') unless ($form{'ALIAS'});
&oops('You must enter a valid e-mail address.') unless (&check_email($form{'EMAIL'}));
&oops('You must enter a valid starting bid.') unless ($form{'BID'} =~ /^(\d+\.?\d*|\.\d+)$/);
&oops('You must enter a valid bid increment.') unless (($form{'INC'} =~ /^(\d+\.?\d*|\.\d+)$/) and ($form{'INC'} >= .01));
$form{'INC'} = &parsebid($form{'INC'});
$form{'RESERVE'} = &parsebid($form{'RESERVE'});
&oops('You must enter your full name.') unless ($form{'ADDRESS1'});
&oops('You must enter your street address.') unless ($form{'ADDRESS2'});
&oops('You must enter your city, state, and zip code.') unless ($form{'ADDRESS3'});
foreach my $key (keys %form) {
$form{$key} = &strip_html($form{$key});
}
my $item_number = ($form{'DAYS'} * 86400 + time);
$item_number = ($form{'DAYS'} * 86400 + time) until (!(-f "$config{'basepath'}$form{'CATEGORY'}/$item_number.dat"));
if ($form{'FROMPREVIEW'}) {
&oops('We are unable to post your item. This could be a write permissions problem.') unless (open (NEW, ">$config{'basepath'}$form{'CATEGORY'}/$item_number.dat"));
print NEW "$form{'TITLE'}\n$form{'RESERVE'}\n$form{'INC'}\n$form{'DESC'}\n$form{'IMAGE'}\n$form{'ALIAS'}\[\]$form{'EMAIL'}\[\]".&parsebid($form{'BID'})."\[\]".time."\[\]$form{'ADDRESS1'}\[\]$form{'ADDRESS2'}\[\]$form{'ADDRESS3'}";
close NEW;
if ($config{'regdir'} ne "") {
&oops('We could not open the registration file. This could be a server write issue.') unless (open(REGFILE, ">>$config{'basepath'}$config{'regdir'}/$form{'ALIAS'}.dat"));
print REGFILE "\n$form{'CATEGORY'}$item_number";
close REGFILE;
}
print "$form{'TITLE'} was posted under $category{$form{'CATEGORY'}}....
You may want to go to the item to confirm placement.\n\n";
}
else {
my $nowtime = localtime(time);
my $closetime = localtime($item_number);
my $html_description = &strip_scripts(&enable_html($form{'DESC'}));
print "

$form{'TITLE'} PREVIEW

Information

\n";
print "";
print "" if ($form{'IMAGE'});
print "

$form{'TITLE'}

Category: $category{$form{'CATEGORY'}}

Offered By: $form{'ALIAS'}

Current Time: $nowtime

Closes: $closetime
Or $config{'aftermin'} minutes after last bid...

Number of Bids: 0

Last Bid: \$$form{'BID'}

\n";
print "

Description

$html_description";
print "

If this looks good, hit , else hit the back button on your browser to edit the item.\n";
foreach my $key (keys %form) {
print "\n";
}
print "

\n";
}
}

sub procbid {
my ($password, @userbids);
if ($config{'regdir'} ne "") {
&oops('Your alias could not be found!') unless ($password, $form{'EMAIL'}, $form{'ADDRESS1'}, $form{'ADDRESS2'}, $form{'ADDRESS3'}, @userbids) = &read_reg_file($form{'ALIAS'});
$form{'ALIAS'} = ucfirst(lc($form{'ALIAS'}));
&oops('Your password is incorrect.') unless ((lc $password) eq (lc $form{'PASSWORD'}));
}
&oops('You must enter an alias to track your item.') unless ($form{'ALIAS'});
&oops('You must enter a valid e-mail address.') unless (&check_email($form{'EMAIL'}));
&oops('You must enter a valid bid amount.') unless ($form{'BID'} =~ /^(\d+\.?\d*|\.\d+)$/);
$form{'BID'} = &parsebid($form{'BID'});
&oops('You must enter your full name.') unless ($form{'ADDRESS1'});
&oops('You must enter your street address.') unless ($form{'ADDRESS2'});
&oops('You must enter you city, state, and zip.') unless ($form{'ADDRESS3'});
my ($title, $reserve, $inc, $desc, $image, @bids) = &read_item_file($form{'CATEGORY'},$form{'ITEM'});
&oops('The item number you entered cannot be found. Maybe it has closed or it was moved since you last loaded the page.') if $title eq '';
my ($alias, $email, $bid, $time, $add1, $add2, $add3) = &read_bid($bids[$#bids]);
if ((time <= $form{'ITEM'}) or (time <= (60 * $config{'aftermin'} + $time))) {
&oops('Your bid is too low. Sorry.') if ($form{'BID'} < ($bid+$inc) and ($#bids)) or ($form{'BID'} < $bid);
&oops('We are unable to append your bid to the auction item. It appears to be a file write problem.') unless (open NEW, ">>$config{'basepath'}$form{'CATEGORY'}/$form{'ITEM'}.dat");
if ($config{'flock'}) {
flock(NEW, 2);
seek(NEW, 0, 2);
}
print NEW "\n$form{'ALIAS'}\[\]$form{'EMAIL'}\[\]$form{'BID'}\[\]".time."\[\]$form{'ADDRESS1'}\[\]$form{'ADDRESS2'}\[\]$form{'ADDRESS3'}";
close NEW;
print "$form{'ALIAS'}, your bid has been placed on item number $form{'ITEM'} for \$$form{'BID'} on ".scalar(localtime(time)).".
You may want to print this notice as confirmation of your bid.

Go back to the item\n";
my $flag=0;
my $userbid;
foreach $userbid (@userbids) {
$flag=1 if ("$form{'CATEGORY'}$form{'ITEM'}" eq $userbid);
}
if ($flag==0 && $config{'regdir'} ne "") {
&oops('We could not open the registration file. This could be a server write issue.') unless (open(REGFILE, ">>$config{'basepath'}$config{'regdir'}/$form{'ALIAS'}.dat"));
print REGFILE "\n$form{'CATEGORY'}$form{'ITEM'}";
close REGFILE;
}
&sendemail($email, $config{'admin_address'}, 'You\'ve been outbid!', "You have been outbid on $title\! If you want to place a higher bid, please visit\:\r\n\r\n\thttp://$config{'scripturl'}$ENV{'SCRIPT_NAME'}\?category=$form{'CATEGORY'}\&item=$form{'ITEM'}\r\n\r\nThe current high bid is \$$form{'BID'}.") if ($config{'scripturl'} and $#bids);
}
else {
print "Item number $form{'ITEM'} in category $form{'CATEGORY'} is now closed!
Sorry...\n";
}
}

sub procsearch {
print "

Search Results - $form{'searchstring'}

\n";
print "\n";
print "\n";
my $key;
foreach $key (sort keys %category) {
opendir THEDIR, "$config{'basepath'}$key" or &oops("Category directory $key could not be opened.");
my @allfiles = grep -T, map "$config{'basepath'}$key/$_", sort { int($a) <=> int($b) } (readdir THEDIR);
closedir THEDIR;
my $file;
foreach $file (@allfiles) {
$file =~ s/^$config{'basepath'}$key\///;
$file =~ s/\.dat$//;
my ($title, $reserve, $inc, $desc, $image, @bids) = &read_item_file($key,$file);
if ($title ne '') {
my ($alias, $email, $bid, $time, $add1, $add2, $add3) = &read_bid($bids[$#bids]);
my @closetime = localtime($file);
$closetime[4]++;
if($form{'searchtype'} eq 'keyword' and ($title =~ /$form{'searchstring'}/i) || ($desc =~ /$form{'searchstring'}/i)) {
print "\n";
}
elsif($form{'searchtype'} eq 'username' and join(' ',@bids) =~ /$form{'searchstring'}/i) {
print "\n";
}
}
}
}
print "

Item	Closes	Num Bids	High Bid
$title"; print " [PIC]" if ($image); print "	$closetime[4]/$closetime[3]	$#bids	\$$bid
$title"; print " [PIC]" if ($image); print "	$closetime[4]/$closetime[3]	$#bids	\$$bid

\n";
}

sub creg {
print <<"EOF";

Change Street Address and/or Password

This form will allow you to change your street address and/or password.
Your Handle/Alias: Required for verification
Your Current Password: Required for verification
Your New Password: Leave blank if unchanged
Your New Password Again: Leave blank if unchanged
Contact Information: Leave blank if unchanged	`Full Name:` `Street Address:` `City, State, ZIP:`

EOF
}

sub proccreg {
if ($config{'regdir'}) {
&oops('You must enter your alias so we can validate your account.') unless ($form{'ALIAS'});
&oops('You must enter your old password so we can validate your account.') unless ($form{'OLDPASS'});
if ($form{'ADDRESS1'}) {
&oops('You must enter all of your contact information. Please enter your street address.') unless ($form{'ADDRESS2'});
&oops('You must enter all of your contact information. Please enter your city, state, and zip.') unless ($form{'ADDRESS3'});
}
if ($form{'NEWPASS1'}) {
&oops('Your new passwords do not match.') unless ($form{'NEWPASS2'} eq $form{'NEWPASS1'});
}
if (my ($password,$email,$add1,$add2,$add3,@past_bids) = &read_reg_file($form{'ALIAS'})) {
$form{'ALIAS'} = ucfirst(lc($form{'ALIAS'}));
&oops('Your old password does not match up.') unless ((lc $password) eq (lc $form{'OLDPASS'}));
$form{'NEWPASS1'} = $password if !($form{'NEWPASS1'});
$form{'ADDRESS1'} = $add1 if !($form{'ADDRESS1'});
$form{'ADDRESS2'} = $add2 if !($form{'ADDRESS2'});
$form{'ADDRESS3'} = $add3 if !($form{'ADDRESS3'});
&oops('We cannot open your account. This could be a server data write issue.') unless (open NEWREG, ">$config{'basepath'}$config{'regdir'}/$form{'ALIAS'}.dat");
print NEWREG "$form{'NEWPASS1'}\n$email\n$form{'ADDRESS1'}\n$form{'ADDRESS2'}\n$form{'ADDRESS3'}";
my $bid;
foreach $bid (@past_bids) {
print NEWREG "\n$bid";
}
close NEWREG;
print "$form{'ALIAS'}, your information has been successfully changed.\n";
}
else {
print "Sorry... That Username is not valid. If you do not have an alias (or cannot remember it) you should create a new account.\n";
}
}
else {
print "User Registration is Not Implemented on This Server! The System Administrator Did Not Specify a Registration Directory...\n";
}
}

sub reg {
print <<"EOF";

New User Registration

This form will allow you to register to buy or sell
auction items. You must enter accurate data, and your new password will be e-mailed
to you