#!/usr/bin/perl 
#########################################################
#                                                       #
#                                                       #
#                  payperpixel.cgi                      #
#           copyright 2005 cgiscripts4u.com             #
#                                                       #
#           email sales@cgiscripts4u.com                #
#                                                       #
#########################################################
#
# LICENSE TO REDISTRIBUTE
#-----------------------------------------------------------------------
# Distributing the software and/or documentation with other products
# (commercial or otherwise) or by any means without
# cgiscripts4u's prior written permission is forbidden.
# All rights to the PayPerPixel software and documentation not expressly
# granted under this Agreement are reserved to cgiscripts4u.
#
# DISCLAIMER OR WARRANTY
#-----------------------------------------------------------------------
# THIS SOFTWARE AND ACCOMPANYING DOCUMENTATION ARE PROVIDED
# "AS IS" AND WITHOUT WARRANTIES AS TO PERFORMANCE OF
# MERCHANTABILITY OR ANY OTHER WARRANTIES WHETHER EXPRESSED OR
# IMPLIED.   BECAUSE OF THE VARIOUS HARDWARE AND SOFTWARE
# ENVIRONMENTS INTO WHICH THE PAY PER PIXEL SCRIPT MAY BE USED,
# NO WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE IS OFFERED.  THE
# USER MUST ASSUME THE ENTIRE RISK OF USING THIS PROGRAM.  ANY
# LIABILITY OF CGISCRIPTS4U WILL BE LIMITED EXCLUSIVELY TO
# PRODUCT REPLACEMENT OR REFUND OF PURCHASE PRICE. IN NO CASE
# SHALL CGISCRIPTS4U BE LIABLE FOR ANY INCIDENTAL, SPECIAL
# OR CONSEQUENTIAL DAMAGES OR LOSS, INCLUDING, WITHOUT
# LIMITATION, LOST PROFITS OR THE INABILITY TO USE EQUIPMENT OR
# ACCESS DATA, WHETHER SUCH DAMAGES ARE BASED UPON A BREACH OF
# EXPRESS OR IMPLIED WARRANTIES, BREACH OF CONTRACT, NEGLIGENCE,
# STRICT TORT, OR ANY OTHER LEGAL THEORY. THIS IS TRUE EVEN IF
# CGISCRIPTS4U IS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN
# NO CASE WILL CGISCRIPTS4U'S LIABILITY EXCEED THE AMOUNT
# OF THE LICENSE FEE ACTUALLY PAID BY LICENSEE TO CGISCRIPTS4U.
#
#############################################

#BEGIN { 
#
#@INC = qw(	/usr/lib/perl5/5.6.1/i386-linux
#    		/usr/lib/perl5/5.6.1
#    		/usr/lib/perl5/site_perl/5.6.1/i386-linux
#    		/usr/lib/perl5/site_perl/5.6.1
#    		/usr/lib/perl5/site_perl/5.6.0
#		/usr/lib/perl5/site_perl/5.6.0/i386-linux
#    		/usr/lib/perl5/site_perl);
#}
use lib "/www/anetsource/local_perl/lib";
use DBI;
use CGI qw/:standard *table start_ul/;
use Image::Magick;
use Image::Info qw(image_info dim);
use Digest::MD5 qw(md5_hex);
use LWP::UserAgent;
our($filesize, $flimit, $newfile);
foreach(url_param()){param($_,url_param($_))}
require '/services/webpages/a/n/anetsource.com/public/payperpixel_usba.conf';
if (defined param('directhome') and param('directhome') ne ''){print redirect($homepage)}
$src = Image::Magick->new;
$back = Image::Magick->new || die "cant create object back";
$time=time();$jscript='';
if (defined param('newpicture') and param('newpicture') ne ''){$time=param('newpicture')}
if (defined param('picture') and param('picture') ne ''){
    my $file=upload('picture');

## ----------
## -ML Check files size 20080210
## ----------
my @fileinfo = stat($file);
$filesize = $fileinfo[7];
$flimit = 100000;
#BUG    chomp $file;

    $newfile="$tmpdir$time";
    open (TMP,">$newfile")||die "cant write to $newfile $!";
	# open (LOG_DEBUG,">>log_bug.txt");
    # print LOG_DEBUG "And the file is: $newfile \n";
    while (<$file>){print TMP $_;}
    close(TMP);
    my $info = image_info($newfile);
	#print LOG_DEBUG "info is: " . $info->{error} . "\n";
	#close(LOG_DEBUG);
    if ($info->{file_media_type} !~ /image/){
	$message = "<font color=\"red\">Sorry your file does not appear to be an image file so could not be used</font>";
#	unlink($newfile);
    close(TMP);
    }
    else {
	param('newpicture',"$time");
    }
}

if (defined param('reserve') and param('reserve') eq 'ON'){
    if (!defined param('newpicture')){param('newpicture',"$time-Reserved")}
       my $back2=Image::Magick->new(size=>"10x10");
        $rv=$back2->ReadImage('xc:black');
        die $rv if $rv;
        $rv=$back2->Annotate(pointsize=>9, fill=>'white', text=>"R",gravity=>'Center');
        die $rv if $rv;
        $rv=$back2->Write(filename=>"gif:$tmpdir$time-Reserved");
	die $rv if $rv;
	

}

if ((defined param('save') and param('save') eq 'View It' and !defined param('newpicture') || param('newpicture') eq '')  and (!defined param('picture') || param('picture') eq '')){
$message="<script language='javascript'>\nalert('You have not uploaded an image, please try again.')\n</script>";
Delete('newpicture');Delete('picture');Delete('save');
}


if (defined param('save') and (param('save') eq 'PayPal' || param('save') eq 'Moneybookers')){
if (!defined param('link') or (defined param('link') and param('link') eq 'http://')){
$message="<script language='javascript'>\nalert('You have not entered a link url, please try again.')\n</script>";
}
elsif ((!defined param('city') || param('city') eq '') or (!defined param('state') || param('state') eq '') or (!defined param('zip') || param('zip') eq '')){
$message="<script language='javascript'>\nalert('Please fill out all address information.')\n</script>";
}
elsif ((!defined param('newpicture') || param('newpicture') eq '')  and (!defined param('picture') || param('picture') eq '')){
$message="<script language='javascript'>\nalert('You have not uploaded an image, please try again.')\n</script>";
}
elsif ($filesize > $flimit){
$message="<script language='javascript'>\nalert('The file that you specified is larger than 100 kB. Please upload a smaller image')\n</script>";
Delete('newpicture');Delete('picture');unlink $newfile;
}
elsif (($terms eq 'yes') and (!defined param('terms') || param('terms') eq '')){
$message="<script language='javascript'>\nalert('You must agree to the terms and contitions.')\n</script>";
}
else {
    $site = "DBI:mysql:host=$mysqlhost;database=$mysqldb;";
    $dbh=DBI->connect($site, $mysqluser, $mysqlpass,{PrintError => 1,AutoCommit => 1});
    my $block=sqrt($blocksize);
    my @xaxis=((param('xstart')/$block)..((param('xstart')+(param('width')-$block))/$block));
    my @yaxis=((param('ystart')/$block)..((param('ystart')+(param('height')-$block))/$block));
    my $sth=$dbh->prepare("select va from position where x=? and y=?");
    my $found;my $cost;
    foreach my $x(@xaxis){
	foreach my $y(@yaxis){
	    my $found1=0;
	    $sth->execute(($x*$block),($y*$block));
	    while (my @rows=$sth->fetchrow_array()){if (@rows[0]){$found1=1;$found++;}}
	}
    }
    if (!$found){
	$cost=(param('width')*param('height'))*$costperpixel;
	my $alttext=param('alttext');$alttext=~s/\"//ig;param('alttext',$alttext);
	my $newfile=param('xstart')."x".param('ystart')."-size-".param('width')."x".param('height');
	$dbh->do("insert into links set link='".param('link')."',image='$newfile',cost=$cost,tmpfile='$time',alttext=\"".param('alttext')."\"");
	&insert_location(param('alttext'),param('city'),param('state'),param('zip'),param('link'),param('email'));
	my $id=$dbh->selectrow_array("select id from links where image like '$newfile'");
	foreach my $x(@xaxis){
	    foreach my $y(@yaxis){
		$dbh->do("insert into position set x=".($x*$block).", y=".($y*$block).", va='p',custid=$id");
	    }
	}	
	$dbh->disconnect();
	my @prms;
	if (param('save') eq 'PayPal'){
	    $payurl="https://www.paypal.com/cgi-bin/webscr";
	    push(@prms,"cmd=_xclick");
            push(@prms,"currency_code=$currency");
            push(@prms,"business=$paypalemail");
            push(@prms,"item_number=$id");
            push(@prms,"item_name=Link on $sitetitle");
            push (@prms,"amount=$cost");
            push (@prms,"cbt=Return to $sitetitle");
            push(@prms,"return=".url()."?directhome=1");
            push(@prms,"cancel_return=".url()."?directhome=1");
            push(@prms,"notify_url=".url()."?payment=paypal");
	}
	elsif (param('save') eq 'Moneybookers'){
            $payurl="https://www.moneybookers.com/app/payment.pl";
	    push(@prms,"amount=$cost");
            push(@prms,"language=EN");
            push(@prms,"currency=$currency");
            push(@prms,"detail1_description=Link on Million Dollar Picture");
            push(@prms,"detail1_text=");
            push(@prms,"pay_to_email=$moneybookersemail");
            push(@prms,"merchant_fields=custid");
            push (@prms,"custid=$id");
            push(@prms,"return_url=".url()."?directhome=1");
            push(@prms,"cancel_url=".url()."?directhome=1");
            push(@prms,"status_url=".url()."?payment=moneybooker");
	}
	my $url=join("\&",@prms);
	$dbh->disconnect();
	print header(),"<script language='javascript'>\nparent.location.href=\"$payurl\?$url\"\n</script>";
    }
    else {$message="<script language='javascript'>\nalert('the position you chose is either overlapping an existing image or an image that is in the process of being paid for.')\n</script>"}
}
} ## -> COMMIT -ML
elsif (defined param('payment') and (param('payment') eq 'paypal' || param('payment') eq 'moneybooker' || param('payment') eq $override)){
    my $custid;my $mailto;
   $site = "DBI:mysql:host=$mysqlhost;database=$mysqldb;";
    $dbh=DBI->connect($site, $mysqluser, $mysqlpass,{PrintError => 1,AutoCommit => 1});
    if (param('payment') eq 'moneybooker'){
	my $string=param('merchant_id').param('transaction_id').uc(md5_hex($secret)).param('mb_amount').param('mb_currency').param('status');
	$custid=param('custid');
	my $md5string=uc(md5_hex($string));
	if (param('status') eq '2' && param('md5sig') eq $md5string){
	    	$dbh->do("update links set transactionid='".param('mb_transaction_id')."' where id=$custid and cost=".param('mb_amount'));
		$dbh->do("insert into payments set amount=".param('mb_amount').",txn_id='".param('mb_transaction_id')."',payer_email='".param('pay_from_email')."',item_number=$custid,payment_date=now(),payment_type='moneybookers'");
	}
$mailto= "To: ".param('pay_from_email')."\nBcc: $moneybookersemail\nFrom: $moneybookersemail\n";

    }
    elsif (param('payment') eq $override){$custid=param('custid');$dbh->do("update links set transactionid='manualentry' where id=$custid and cost=".param('amount'))}
    elsif (param('payment') eq 'paypal'){
	my $query="";
	foreach (param()){$query.=$_."=".param($_)."&";}
	$query .= 'cmd=_notify-validate';
	my $ua = new LWP::UserAgent;
	my $req = new HTTP::Request 'POST',"http://$paypalurl";
	$req->content_type('application/x-www-form-urlencoded');
	$req->content($query);
	my $res = $ua->request($req);
	my $content=$res->content;
	if ($res->is_error) {
	    print header()."ERROR\n";
	    exit;
	}
	elsif ($res->content eq 'VERIFIED') {
		&insert_location(param('alttext'),param('city'),param('state'),param('zip'),param('link'),param('email'));
	    if (param('payment_status') eq "Completed") {
	        my $ok=$dbh->selectrow_array("select txn_id from payments where txn_id like '".param('txn_id')."'");
	        if ($ok){
	            print header()."OK\n";
		    $dbh->disconnect();
	            exit;
	        }
	 else {
                param('amount',param('mc_gross'));
                my @fields;
                $sth=$dbh->prepare("describe payments");$sth->execute();
                my @fields;
                while (my @rows=$sth->fetchrow_array()){push(@fields,$rows[0])}
                     my $sql="insert into payments set ";
                     foreach (@fields){
                        if ($_ =~ "payment_date"){$sql.=",payment_date=now()"}
                        else {
                            my $fld=param($_);$fld=~s/\'//ig;
                            if (param($_)){$sql .=",$_='$fld'"}
                        }
                     }
                    $sql=~s/set \,/set /ig;
		    $dbh->do($sql);
                    $custid=param('item_number');
                    $dbh->do("update links set transactionid='".param('txn_id')."' where id=$custid and cost=".param('mc_gross'));
$mailto="To: ".param('payer_email')."\nBcc: $paypalemail\nFrom: $paypalemail\n";

                }
            }
            else {print header()."OK\n";exit 255;}
        }
     else {print header()."OK\n";exit 255;}
     }

	my @imagedetails=$dbh->selectrow_array("select * from links where id=$custid");
if ($mailto and $mailto ne ''){
open MAIL, "| $sendmail -t";
print MAIL $mailto;
if ($rows[5] !~ /Reserved/){
print MAIL "Subject: Your image has been added\n\n";
print MAIL "We are pleased to confirm that your image has been added to $sitetitle\n\nPlease spread the word and let others know of our site.\n\nThanks\n\n";
}
else {
print MAIL "Subject: Your space has been reserved\n\n";
print MAIL "We are pleased to confirm that your space has image has been reserved on $sitetitle and you must send us an email with your image attached so that we can add it for you.\n\nPlease spread the word and let others know of our site.\n\nThanks\n\n";
}
close(MAIL);
}
	$rv = $back->Read($backimg);
	die $rv if $rv;
        $rv = $src->Read("$tmpdir$imagedetails[5]");
	die $rv if $rv;
	my (@junk)=split("-",$imagedetails[2]);
	my ($width,$height)=split("x",$junk[2]);
	my ($startx,$starty)=split("x",$junk[0]);
	$newwidth=$width."x".$height;
	$rv = $src->Resize(width=>$width,height=>$height);
	die $rv if $rv;
	$rv=$back->Composite(compose=>'over',x=>$startx,y=>$starty,image=>$src);
	die $rv if $rv;
        while (-e $tmpdir."themilliondollarpicture.gif"){sleep 2}
        $rv=$back->Write(filename=>$tmpdir."themilliondollarpicture.gif");
	die $rv if $rv;
	$rv=$back->Write(filename=>$backimg);
	die $rv if $rv;
	unlink("$tmpdir$imagedetails[5]");
	unlink($tmpdir."themilliondollarpicture.gif");
	open(IND,"$indexpath") || warn "cant read $indexpath";
	@lines=<IND>;
	close(IND);
	if ($imagedetails[5] !~/Reserved/){
        $newdiv='<!-- ADD DIVS -->'."\n".a({-style=>"position:absolute;left:".($startx+$arealeft)."px;top:".($starty+$areatop)."px;width:".$width."px;height:".$height."px;cursor:pointer;",-onclick=>"Start('$cgiurl?id=$custid');return false;",-onmouseover=>"showStats($imagedetails[0]);return true;",-onmouseout=>"window.status=' ';return true;",-href=>"$imagedetails[1]",-title=>"$imagedetails[7]"},img({-src=>'/USBA/blank.gif',-width=>$width,-height=>$height,
#BUG -alt=>"$imagedetails[7]",
-border=>0}))."\n";

	while (-e $tmpdir."index.lock"){sleep 2}
	open(FLK,">".$tmpdir."index.lock");print FLK "\n";close(FLK);
        open(IND,">$indexpath");
	foreach (@lines){
	    chomp;
	    $_=~s/\<\!\-\-\ ADD\ DIVS\ -\-\>/$newdiv/ig;
	    print IND "$_\n";
	}
	close (IND);
	unlink($tmpdir."index.lock");
	}
print header(),"OK";
exit;
}
elsif (defined param('save')){$jscript="divPath.src='$tmpurl".param('newpicture')."';"}
my $block=sqrt($blocksize);
for (my $i=1;$i<=($areawidth/$block);$i++){push (@xvalues,($i*$block))}
for (my $i=1;$i<=($areaheight/$block);$i++){push (@yvalues,($i*$block))}
for (my $i=0;$i<($areawidth/$block);$i++){push(@startxvalues,($i*$block))}
for (my $i=0;$i<($areaheight/$block);$i++){push(@startyvalues,($i*$block))}
print header(),start_html(-onload=>'UpdateDiv();');
print "<style  type=\"text/css\">\nbody{background:$background;margin:0px;font-size:12px;font-family : serif;}\n</style>";
print div({-style=>"position:absolute;top:0px:left:0px;cursor:pointer;font-size:10px;",-onclick=>"parent.shw('orderform');parent.shw('blockselect');"},"[close]");
print start_multipart_form(-id=>'myform'),table({-cellpadding=>0,-cellspacing=>5,-style=>"border:0px;margin:5px;"},Tr(th({colspan=>2},$message)),Tr(th({-colspan=>2},"Decide which image you want to use".br."(not larger than 100kb)")),Tr(td("Select your Image"),td(filefield(-name=>'picture'))),Tr(td({-colspan=>2},checkbox(-name=>'reserve',-value=>'ON',-label=>"Or tick this box to reserve your space and email us your image later using your Alt text info in the subject line."),"(Payment is required to reserve space)")),Tr(th({-colspan=>2},"Tell us the size you want your image (it will be resized to this)")),hidden('newpicture'),
	Tr(td("Size of Image (in pixels)"),td('width ',popup_menu(-name=>'width',-values=>[@xvalues],-onchange=>"UpdateDiv();"),' height ',popup_menu(-name=>'height',-values=>[@yvalues],-onchange=>"UpdateDiv();"))),
	Tr(th({-colspan=>2},"Decide where you want us to place your image.".br."(or use the mouse and click the position you want))")),
	Tr(td("Top left position"),td(popup_menu(-name=>'xstart',-values=>[@startxvalues],-onchange=>"UpdateDiv();"),'x',popup_menu(-name=>'ystart',-values=>[@startyvalues],-onchange=>"UpdateDiv();"))),
	Tr(th({-colspan=>2},"Happy with everything?")),Tr(td("cost is $currency",textfield(-name=>'cost',-size=>8)),td(submit(-value=>'View It',-name=>'save'))),Tr(td("Add Link ",br,textfield(-name=>'link',-value=>'http://')),td("Alt text",br,textfield(-name=>'alttext',-maxlength=>60))),

	## Add Location information -ML
	#Tr(th({-colspan=>2},"Enter your location")),
	Tr((td("City",br,textfield(-name=>'city',-value=>'')),td("State",br,textfield(-name=>'state',-size=>2,-maxlength=>2)))),
	Tr((td("zip",br,textfield(-name=>'zip',-value=>''))),td("email",br,textfield(-name=>'email',-value=>''))),

	(($terms eq 'yes')?Tr(td({-colspan=>2},checkbox(-name=>'terms',label=>"I have read and accept the terms and conditions"))):""),
	Tr(td((($paypalemail ne '')?submit(-value=>'PayPal',-name=>'save'):"")),td((($moneybookersemail ne '')?submit(-value=>'Moneybookers',-name=>'save'):"")))),
	end_form();

print qq#<script language='javascript'>
function UpdateDiv(){
var orderPath = parent.document.getElementById('orderform').style;
var divPath = parent.document.getElementById('blockselect');
var myform=document.getElementById('myform');
var formleft=parseInt(myform.xstart.options[myform.xstart.selectedIndex].value);
var formtop=parseInt(myform.ystart.options[myform.ystart.selectedIndex].value);
var formwidth=parseInt(myform.width.options[myform.width.selectedIndex].value);
var formheight=parseInt(myform.height.options[myform.height.selectedIndex].value);
var orderleft=parseInt(orderPath.left)-$arealeft;
var ordertop=parseInt(orderPath.top)-$areatop;
var orderwidth=parseInt(orderPath.width);
var orderheight=parseInt(orderPath.height);
var orderright=orderwidth+orderleft;
var orderbot=ordertop+orderheight;
var formright=formwidth+formleft;
var formbot=formtop+formheight;
var x=0;
orderPath.top=(formtop-350)+'px';
if (parseInt(orderPath.top)<$topsize) {orderPath.top=$topsize+'px'}
if (parseInt(orderPath.top)<360 &&  formtop<360){orderPath.top=(formtop+formheight+10+$topsize)+'px'}
if (formleft+formwidth>$areawidth){
formleft=$areawidth-formwidth;
myform.xstart.options[(formleft/$block)].selected=true;
}
if (formtop+formheight>$areaheight){
formtop=$areaheight-formheight;
myform.ystart.options[(formtop/$block)].selected=true;
}

divPath.style.left = (formleft+$arealeft)+'px' ;
divPath.style.top = (formtop+$areatop)+'px' ;
divPath.style.width = formwidth+'px' ;
divPath.style.height = formheight+'px' ;

$jscript
document.getElementById('myform').cost.value=formwidth*formheight*$costperpixel;
}

function clickspot(e) {
var tempX = 0;
var tempY = 0;
if (e.pageX) {
tempX=e.pageX;
tempY=e.pageY;
}
else if (parent.event.clientX){
tempX=parent.event.clientX+parent.document.documentElement.scrollLeft+parent.document.body.scrollLeft;
tempY=parent.event.clientY+parent.document.documentElement.scrollTop+parent.document.body.scrollTop;
}
tempY-=$areatop;
tempX-=$arealeft;
if (tempX < 0){tempX = 0}
if (tempY < 0){tempY = 0}
if (tempX > $areawidth){tempX = $areawidth-$block}
if (tempY > $areaheight){tempY = $areaheight-$block}

var part2 = document.getElementById('myform');
tempX=Math.round((tempX-($block/2))/$block,0);
tempY=Math.round((tempY-($block/2))/$block,0);
part2.xstart.options[tempX].selected=true;
part2.ystart.options[tempY].selected=true;
parent.hdeall();
parent.shw('orderform');
parent.shw('blockselect');
UpdateDiv();
}
 
</script>
#;
print end_html();

## Added function for location data -ML
sub insert_location (){

	$site = "DBI:mysql:host=$mysqlhost;database=$mysqldb;";
	$dbh=DBI->connect($site, $mysqluser, $mysqlpass,{PrintError => 1,AutoCommit => 1});
	
	$name = shift;
	$city = shift;
	$state = shift;
	$zip = shift;
	$web_site = shift;
	$email = shift;

	$email = time() if ($email !~ /\w/);
	print "<!-- $name,$city,$state,$zip,$web_site -->\n";

	my $search_count = 0;
	my $searchdb_table = 'search_usb';
	$sth=$dbh->prepare("select count(*) from $searchdb_table where name=\"$name\";");
	$sth->execute();
	while (my @rows=$sth->fetchrow_array()){
		$search_count=$rows[0];
	}
	
	if ($search_count == 0) {
	
		my($g_lat,$g_lon);
		$php='/usr/local/bin/php';
	
		my $geocodes = `$php get_geocodes.php "$city, $state $zip"`;
		($g_lat,$g_lon) = split (/,/,$geocodes);
	
		##print "GEOCODES: $g_lat/$g_lon\n";
	
		my $sth=$dbh->prepare("insert into $searchdb_table (name,city,state,zip,web_site,g_lat,g_lon) values(?,?,?,?,?,?,?)");
		$sth->execute($name,$city,$state,$zip,$web_site,$g_lat,$g_lon);
		
	}else{
		print "<!-- WARNING: Company Name is already in the database -->\n";
	}

	my $id_handle=$dbh->prepare("select id from links where alttext=\"$name\";");
	$id_handle->execute();
	my $thisid;
	while (my @rows=$id_handle->fetchrow_array()){
		$thisid=$rows[0];
	}

	my $sth=$dbh->prepare("insert into temp_links (id,email,links_id) values (\'$thisid\',\'$email\',\'$thisid\');");
	$sth->execute();

}