%#
%# Code is copyright 2007 OneUnified
%#  Created by Ray Burkholder, ray@oneunified.net
%#

<html>
<head>

  <script language="JavaScript">
  function postForm ( ) {
    document.pageform.submit();
    }

  function onLoad() {
    // called from body onload action

%   my $interval = $m->base_comp()->attr( 'refreshinterval' );
%   if ( $interval > 0 ) {
      // credit:  http://www.netcraftsmen.net/welcher/papers/qosdemo.html
      // wait time in ms
      // (1) = force reload, no matter what user preferences are re cachex
      setTimeout("document.location.reload(1)", <% $interval %> );
%     }
    }

<& SELF:formFunctions &>

</script>

  <meta name="robots" content="index,follow">
  <LINK rel="stylesheet" type="text/css" href="/css/main.css">
  <title><% $m->fetch_comp('/_sitespecific/_site')->attr('company') %>:  <& SELF:title &></title>
  <!-- Code is copyright 2007 OneUnified -->
  <!-- Created by Ray Burkholder, ray@oneunified.net -->

  </head>

<body topmargin=0 leftmargin=0 rightmargin=0 bottommargin=0
  bgcolor="<% $m->fetch_comp('/_sitespecific/_site')->attr('bgcolor') %>"
  onload="onLoad()"
  >

<form method="post" name="pageform" action="<& SELF:formHandler &>">

%#  <table width=750 cellspacing="0" cellpadding="0" border=0 cols=1 align=center>
  <table  cellspacing="0" cellpadding="0" border=0 cols=1 align=left>
    <tr>
      <td><& _siteheader &>
    <tr>
      <td><& _header &>
    <tr>
      <td><& _content, \%ARGS, %db, %session  &>
    <tr>
      <td><& _footer &>
    <tr>
      <td><& _sitefooter &>
    </table>
  <input type=hidden name=sessionuuid value="<% $sessionuuid %>">
  <input type=hidden name=sysParam>
  <input type=hidden name=sysAction>

  </form>
  </body>
  </html>

%# validation levels are:  guest, authenticate (ad authentication), authorize (needs authentication plus a group)

%# validationlevel => 'guest'
%# validationgroup => 'null'


<%attr>
bgcolor => 'white'
refreshinterval => 0
Cache => 1
validationlevel => 'ad'
validationgroup => 'NetAdmin'
</%attr>

<%method title>One Unified Network Monitoring Server</%method>

<%method formFunctions>
<!--- -->
</%method>

<%method formHandler><% $m->base_comp()->path() %></%method>

<%method RightNav><& _sitenavright.default &></%method>

<%method SiteNavLeft>
<& _sitenavleft, @_ &>
</%method>

<%method SiteNavRight>
<& _sitenavright, @_ &>
</%method>

<%args>
</%args>

<%once>
#my ( $sDbConn, $sDbUser, $sDbPass, $sSearchProfile ) = getDbOUParams();
#my ( $sOUDbConn, $sOUDbUser, $sOUDbPass ) = getDbOneUnifiedParams();
</%once>

<%init>
use strict;
use MIME::Base64;
#use Apache::Const qw(:common);
#use Apache::Table ();
#use Apache2::Const -compile => qw(REDIRECT);
use Data::UUID;
use CGI::Cookie;
use DBI;

use OneUnified::Const;
#use OneUnified::Session;
use OneUnified::isADGroupMember;

my %session;

my $self = $m->base_comp;

my ( $rv, $rc, $row_hash, $sth, $rows );
my ( $sessionuuid, $sessionuid );

my ( $sOUDbConn, $sOUDbUser, $sOUDbPass ) = getDbOneUnifiedParams();
my $hDbOneUnified = DBI->connect( $sOUDbConn, $sOUDbUser, $sOUDbPass, { RaiseError => 1, AutoCommit => 1 } );

my $hDbNetDisco;
my $sDbNetDiscoConn=q{dbi:Pg:dbname=netdisco};
my $sDbNetDiscoUser = q{netdisco};
my $sDbNetDiscoPass = q{netdisco};

$hDbNetDisco = DBI->connect( $sDbNetDiscoConn, $sDbNetDiscoUser, $sDbNetDiscoPass, { RaiseError => 1, AutoCommit => 1 } );

my %db;
$db{oneunified} = \$hDbOneUnified;
$db{netdisco}   = \$hDbNetDisco;

#my $query = new CGI('');

# These variables arrive via the AuthNTLM module which is loaded in Apache configuration file
my $authBasic = $r->pnotes('basic');
my $authNTLM  = $r->pnotes('ntlm');
my $authUserName = uc( $r->pnotes('username') );
my $authUserDomain = uc( $r->pnotes('userdomain') );

# If we don't have a cookie coming back to us with a session id, create one for ongoing use

my $html_headers = $r -> headers_in();
my $cookie_header = $$html_headers{Cookie};

if ( $cookie_header eq "" ) {
  }
else {
  my %cookies = parse CGI::Cookie( $cookie_header );
  if ( defined( $cookies{sessionuuid} ) ) {
    $sessionuuid = $cookies{sessionuuid} -> value();
    }
  }

if ( $sessionuuid =~ /^[0-9A-F]{4}([0-9A-F]{4}-){4}[0-9A-F]{12}$/ ) {
  }
else {
  my $ug = new Data::UUID;
  $sessionuuid = $ug->create_str();
  }

# send a cookie header back with the existing sessionuuid

my $cookie;
if ( $self->attr('Cache') ) {
  # caching page is ok
  $cookie = new CGI::Cookie( -name => 'sessionuuid', -value => $sessionuuid );
  }
else {
  # don't cache page
  $cookie = new CGI::Cookie( -name => 'sessionuuid', -value => $sessionuuid, -expires => '+5s' );
  $r->no_cache(1);  
  }
$r->err_headers_out->add('Set-Cookie' => $cookie);

# check validation level of page, that we have a session with a non-zero userid, and has not expired

my ( $uuid, $userid, $ts );

$sth = $hDbOneUnified->prepare( q{select pksessionid, fkuserid, ( ( now() - ts ) < interval '1 hour' ) from sessions where pksessionid=?} );
$rv = $sth->execute( $sessionuuid );
$sth->bind_columns( \$uuid, \$userid, \$ts );
$rc = $sth->fetch();
$sth->finish();

# $duration = $fldts;
my $sessionsignedin = 0;
my $sessioncreated = 0;

if ( 0 == $rc ) {
  # no session recorded so authenticate and authorize user at a later step
  }
else { # we did have a session record
  # we have a session and a user, so update/reset the session timout
  if ( $ts ) { # we have an active session
    $sth = $hDbOneUnified->prepare( q{update sessions set ts=now() where pksessionid=? } );
    $rv = $sth->execute( $sessionuuid );
    $sth->finish();
    $sessionsignedin=1;  # indicate that we are signed in
    $sessioncreated=1;
    }
  else { # session has timed out, so delete it
    # $sth = $hDbOneUnified->prepare( q{update session set fkuserid=0 where pksessionid=? } );
    $sth = $hDbOneUnified->prepare( q{delete from sessions where pksessionid=? } );
    $rv = $sth->execute( $sessionuuid );
    $sth->finish();
    }
  }

my $membershipgroup = $self->attr( 'validationgroup' );

if ( !$sessionsignedin ) {

my $sessioncreate = 0;  # once validation is done, check again if a session is to be recorded
# since we aren't signed in, check if we need to be signed in, and do so if so
if ( 'guest' eq $self->attr('validationlevel' ) ) {
  if ( !$sessionsignedin ) {
    # record a session and indicate as being signed in
    $sessioncreate = 1;
    $sessionsignedin = 1;
    }
  }
else {
  # since guest is not allowed, we need authentication and authorization
  # we need to be authenticated and authorized
  if ( isMember( $authUserName, $membershipgroup ) ) {
    # is an active member so grant access
    $sessioncreate = 1;
    $sessionsignedin = 1;
    }
  else {
    # since we are not allowed, force a message
    $sessioncreate = 0;
    $sessionsignedin = 0;
    }
  }

if ( $sessioncreate && !$sessioncreated ) {
  $sth =  $hDbOneUnified->prepare( q{select pkuserid from users where pkuserid=?} );
  $rv = $sth->execute( $authUserName );
  my $pkuserid;
  $sth->bind_columns( \$pkuserid );
  $rc = $sth->fetch();
  $sth->finish();
  if ( 0 == $rc ) {
    # add user to table
    $hDbOneUnified->do( q{insert into users ( pkuserid, userdomain, authtype ) values ( ?,?,?)},
    undef, 
    ( $authUserName, $authUserDomain, 'ntlm' ) );
    }
  $hDbOneUnified->do( 
    q{insert into sessions ( pksessionid, fkuserid, ts, groupname, grouppermission ) values ( ?,?,now(),?,?) },
    undef, 
    ( $sessionuuid, $authUserName, $membershipgroup, 1 ) );
  }

  } # if !sessionsignedin


#if ( ( 0 == $sessionsignedin ) && ( 'guest' ne $self->attr('validationlevel') ) ) {
#if ( 'TESTRAY' eq $authUserName ) {
if ( !$sessionsignedin ) {

  $m->print( "<html>\n" );
  $m->print( "<head><title>User Authentication/Authorization Error</title></head>\n" );
  $m->print( "<body>Error:  User $authUserDomain\\$authUserName not authenticated for this page with group $membershipgroup. </body> \n" );
  $m->print( "</html>\n" );

  $hDbOneUnified->disconnect;
  $hDbNetDisco->disconnect;

  $m->abort;
  }

$sessionuid = $userid if $sessionsignedin;

$session{uuid} =  $sessionuuid;
#$session{userid} = $$userid;
$session{signedin} = $sessionsignedin;
$session{authUserName} = $authUserName;
$session{authDomainName} = $authUserDomain;


</%init>

<%cleanup>
  $hDbOneUnified->disconnect;
  $hDbNetDisco->disconnect;
</%cleanup>