#!/usr/local/bin/perl

$questions="questions.txt";
$datafile = "adnt-patch.tgz";


$qstring = $ENV{'QUERY_STRING'};
$method = $ENV{'REQUEST_METHOD'};
$clen = $ENV{'CONTENT_LENGTH'};

if ($method ne 'POST') {
	fatal(400, "You naughty thing, you tried to bypass the form!!!");
}


$formdata = '';
$n = read(STDIN, $formdata, $clen);

if ($n < $clen) {
	fatal(400, "Error trying to read formdata: $!")
}

foreach $arg (split(/&/, $formdata)) {
	($name, $value) = split(/=/, $arg, 2);
	($name, $value) = decode($name, $value);
	$fields{$name} = $value;
}


@names = ();

open(IN, "<$questions") or fatal(400, "Can't open control file: $!");

while (<IN>) {
	chomp;
	next unless $_;
	if (/^NAME=(.*)$/) {
		push(@names, $1);
	}
}
close IN;


$fail = 0;
foreach $name (@names) {
	($fail = 1) if ($fields{$name} ne 'YES')
}

if ($fail) {
	print <<EOF;
Content-type: text/html

	<HTML><HEAD>
	<TITLE>
	Download Denied!!
	</TITLE>
	<BODY>
	<H1> Download denied!</H1>
	You failed to answer <i>yes</i> to all of the questions on the previous
	form.

	<P> If you made a mistake, hit the "back" button on your
	browser, or <A HREF="disclaimer.shtml"> click here</A>.

	<P> If you would like to return to the Self-Help page, <A
	HREF="/self-help/alcatel">click here</a>

	</BODY>
	</HTML>
EOF

	exit(0);
}

if (!-r $datafile) {
	fatal(400, "Can't read data file!")
}

$len = -s $datafile;

open(IN, "<$datafile") or fatal(400, "Can't open datafile: $!");

print <<EOF;
Content-type: application/x-gzip
Content-transer-encoding: binary
Content-length: $len
URI: http://security.sdsc.edu/self-help/alcatel/tools/patchfile.tgz

EOF

$buf = '';
$buflen = 8192;

while (($n = read(IN, $buf, $buflen)) > 0) {
	print $buf;
}

exit(0);

sub decode {

	my(@new, $x);

	foreach $x (@_) {
		$x =~ s/\+/ /g;					# restore spaces
		$x =~ s/%([0-9A-F]{2})/chr(hex $1)/eig;		# unhexify
		push(@new, $x);
	}

	@new;
}
	
sub fatal {
	my($code, $text) = @_;

	print <<EOF;
Content-type: text/html

<HTML><HEAD><TITLE>Error</TITLE></HEAD>
<BODY>
<H1>$code - Error</H1>
$text
</BODY></HTML>
EOF

	exit(0);
}



__END__

if ( (defined $ENV{'QUERY_STRING'}) && ($ENV{'QUERY_STRING'} =~ "c=") ) {
	print '<P>';
	($_ = $ENV{'QUERY_STRING'}) =~ s/\+/ /g;	# restore spaces
	s/%([0-9A-F]{2})/chr(hex $1)/eig;		# unhexify

	if (/^c=([- A-Za-z0-9\(\)\']{20,40})$/) {
		my $challenge = $1;
		my $response = get_response $challenge;
		if (defined $response and length $response) {
			print "For challenge string <B>$challenge</B><BR>\nthe response is <B>$response</B>";
			}
		else {
			print "Server failure while computing the response.  Try again later.";
			}
		}
	else {
		print "Syntax error in challenge string.";
		}
	print "\n\n";
	}

print << 'EOF';

<BR><BR>
"EXPERT" mode was implemented primarily for (Alcatel) experts to perform
low level troubleshooting.  <P> Use of this mode can cause loss of
service, or damage or destruction of the Speed Touch device. <P>  For the "EXPERT", it is
very powerful and can be extremely <a href="snr.html">useful</a> in
debugging line problems.
<P>
More details coming soon...

EOF

print "<P><CENTER>[ <A HREF=\"index.shtml\">return to Alcatel self-help guide</A> ]</CENTER>\n</BODY>\n</HTML>\n";