#!/usr/bin/perl

use CGI;
use MIME::Base64;
use Encode;
require './commons/include.cgi';

if($ENV{'REQUEST_METHOD'} eq "POST"){
	$form{'id'} = time;
	($sec,$min,$hour,$day,$mon,$year) = localtime($form{'id'});
	$form{'date'} = sprintf("%04d-%02d-%02d %02d:%02d:%02d",$year+=1900,$mon+=1,$day,$hour,$min,$sec);
	@comment_fields = ('id','msg_id','date','msg_time','msg_name','msg_mail','msg_body','ip');
	$form{'ip'} = $ENV{'REMOTE_ADDR'};
	read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
	@pairs = split(/&/, $buffer);
	foreach $pair (@pairs) {
		($name, $value) = split(/=/, $pair);
		$name =~ tr/+/ /;
		$name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
		$value =~ tr/+/ /;
		$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
		$value =~ s/<eq>/\=/g;
		$value =~ s/<amp>/\&/g;
		$value =~ s/</&lt;/g;
		$value =~ s/>/&gt;/g;
		$value =~ s/\r\n/\r/ig;
		$value =~ s/\r/\n/ig;
		$value =~ s/\n/<br \/>/ig;
		$value =~ s/\t/ /ig;
		if(!($value !~ /[\x80-\xff]/)){
			$spam = 0;
		}
		$form{$name} = $value;
	}

	$saved = 1;
	for($cnt=0;$cnt<@comment_fields;$cnt++){
		push @saved,$form{$comment_fields[$cnt]};
		if($form{$comment_fields[$cnt]} eq $null){
			$saved = 0;
		}
		elsif(index($form{$comment_fields[$cnt]},'http://') > -1){
			$saved = 0;
		}
	}
	if($saved){
		$saved = join("\t",@saved);
		$msg_date = $date;
		$msg_body = $form{'msg_body'};
		$msg_name = $form{'msg_name'};
		if($init{'comment.email'} eq $form{'msg_mail'}){
			$className = "wl_comment_my";
		}
		else {
			$className = "wl_comment_other";
		}
		$script = &WL_REBUILD_BLOCK_COMMENT;
		#$script = "<dl><dt>" . $form{'msg_name'} . "</dt><dd>" . $form{'msg_body'} . "<span>" . $date . "</span></dd></dl>";
		$load_path = "$init{'logoutput'}$init{'prefix'}_$form{'msg_id'}\.html";
		if(-f $load_path){
			&_ADDSAVE($init{'comment.file'},$saved);
			$save_html = join("\n",&_LOAD($load_path));
			$add_msg_comment = "${script}\t\t\t\t\t\t<!--msg_comments-->";
			$save_html =~ s/<!--msg_comments-->/${add_msg_comment}/g;
			&_SAVE($load_path,$save_html);
		}
		&WL_COMMENT_NOTIFY;
	}
	else {
		$script = 'saved error';
	}
}
else {
	$script = <<"	__EOF__";
var timer_min = 0;
var timer_handle = 0;
var timer_switch = 1;
function wl_timer(){
	timer_min++;
	if(document.forms["msg"]){
		if(document.forms["msg"].elements["msg_time"].value == ""){
			document.forms["msg"].elements["msg_time"].value = 0;
		}
		document.forms["msg"].elements["msg_time"].value = timer_min;
	}
}
function element_focus(obj){
	if(obj.value == obj.defaultValue){
		obj.value = "";
		obj.style.color = "#000000";
	}
}
function element_blur(obj){
	if(obj.value == ""){
		obj.value = obj.defaultValue;
		obj.style.color = "#999999";
	}
}
function comment_submit(obj){
	var error_txt = "";
	if(obj.elements["msg_body"].value == "" || obj.elements["msg_body"].value == obj.elements["msg_body"].defaultValue)
		error_txt += "コメントが入力されていません。";
	if(obj.elements["msg_name"].value == "" || obj.elements["msg_name"].value == obj.elements["msg_name"].defaultValue)
		error_txt += "お名前が入力されていません。";
	if(obj.elements["msg_mail"].value == "" || obj.elements["msg_mail"].value == obj.elements["msg_mail"].defaultValue)
		error_txt += "メールアドレスが入力されていません。";
	else if(!obj.elements["msg_mail"].value.match(/.+@.+\..+/))
		error_txt += "メールアドレスが間違っています。";
	if(!obj.elements["msg_body"].value.match(/[^A-Za-z\s.-]+/))
		error_txt += "英数のみのコメントはブロックされます。";
	if(obj.elements["msg_body"].value.indexOf('http') > -1)
		error_txt += "URLが書かれたコメントはブロックされます。";
	if(obj.elements["msg_id"].value == "")
		error_txt += "SPAM BLOCK ERROR";
	if(error_txt != ""){
		document.getElementById("msg_error").innerHTML = error_txt;
		document.getElementById("msg_error").style.display = "block";
	}
	else {
		document.getElementById("msg_error").style.display = "none";
		obj.elements["msg_body"].style.color = "#666666";
		obj.elements["msg_name"].style.color = "#666666";
		obj.elements["msg_mail"].style.color = "#666666";
		obj.elements["msg_body"].style.backgroundColor = "#EEEEEE";
		obj.elements["msg_name"].style.backgroundColor = "#EEEEEE";
		obj.elements["msg_mail"].style.backgroundColor = "#EEEEEE";
		document.getElementById("msg_comment").style.display = "inline";
		obj.elements["msg_body"].disabled = true;
		obj.elements["msg_name"].disabled = true;
		obj.elements["msg_mail"].disabled = true;
		obj.elements["msg_submit"].disabled = true;
		var befor = new Array('=','&');
		var after = new Array('<eq>','<amp>');
		for(ei=0;ei<befor.length;ei++){
			var temp = new Array();
			temp = obj.elements["msg_body"].value.split(befor[ei]);
			obj.elements["msg_body"].value = temp.join(after[ei]);
		}
		wl_post(obj);
	}
}
function wl_post(obj){
	wlCommentObj = createXMLHttpRequest();
	wlCommentObj.onreadystatechange = wl_get;
	wlCommentObj.open("POST","$init{'domain'}$init{'dir'}$init{'script_dir'}/weblogs.comment.cgi",true);
	wlCommentObj.send("msg_name="+encodeURI(obj.elements["msg_name"].value)+"&msg_body="+encodeURI(obj.elements["msg_body"].value)+"&msg_mail="+encodeURI(obj.elements["msg_mail"].value)+"&msg_id="+encodeURI(obj.elements["msg_id"].value)+"&msg_time="+encodeURI(obj.elements["msg_time"].value));
	return false;
}
function wl_get(){
	if ((wlCommentObj.readyState == 4) && (wlCommentObj.status == 200)) {
		document.getElementById("msg_comment").innerHTML = decodeURI(wlCommentObj.responseText);
	}
	else{
		document.getElementById("msg_comment").innerHTML = "<p>saved...</p>";
	}
}
function createXMLHttp() {
	try {
		return new ActiveXObject ("Microsoft.XMLHTTP");
	}catch(e){
		try {
			return new XMLHttpRequest();
		}catch(e) {
			return null;
		}
	}
	return null;
}
function createXMLHttpRequest(){
	var XMLwlCommentObject = null;
	try{
		XMLwlCommentObject = new XMLHttpRequest();
	}
	catch(e){
		try{
			XMLwlCommentObject = new ActiveXObject("Msxml2.XMLHTTP");
		}
		catch(e){
			try{
				XMLwlCommentObject = new ActiveXObject("Microsoft.XMLHTTP");
			}
			catch(e){
				return null;
			}
		}
	}
	return XMLwlCommentObject;
}
wl_timer_handle = setInterval("wl_timer()",1000);
wl_array = location.href.split('_');
wl_array = wl_array[wl_array.length-1].split('.');
document.forms["msg"].elements["msg_id"].value = wl_array[0];
	__EOF__
}
print "Pragma: no-cache\n";
print "Cache-Control: no-cache\n";
print "Content-type: text/plain; charset=UTF-8\n\n";
print $script;
exit;