#!/usr/bin/perl -w

#QED: Question Editing Database
#(C) 2006-2007 by Carlo Angiuli

use CGI::Carp 'fatalsToBrowser';
use strict;
use warnings;
use DBI;
use CGI;
use Digest::MD5 'md5_hex';
#use MIME::Lite; # These two are imported later if needed.
#use Net::SMTP;

my ($mail_from, $org_name, 
$mysql_database, $mysql_host, $mysql_port, $mysql_user, $mysql_pass, 
@types, @categories, $dtbu, $dtbq, $isadmin, $isround);

##########################
##### User Variables #####
##########################

$mail_from = '';

$org_name = "";
$mysql_database = "";
$mysql_host = "";
$mysql_port = 3306;
$mysql_user = "";
$mysql_pass = "";

$dtbu = "";
$dtbq = "";

@types = ("Tossup", "Bonus");

@categories = (
	"Fine Arts: Music",
	"Fine Arts: Visual Art",
	"Fine Arts: Other",
	"Literature: Language Arts",
	"Literature: Literature",
	"Literature: Mythology",
	"Math: Algebra",
	"Math: Calculus",
	"Math: General",
	"Math: Geometry",
	"Math: Other",
	"Miscellaneous: Entertainment",
	"Miscellaneous: Interdisciplinary",
	"Miscellaneous: Sports",
	"Miscellaneous: Technology",
	"Miscellaneous: Other",
	"Science: Astronomy",
	"Science: Biology",
	"Science: Chemistry",
	"Science: Earth Science",
	"Science: Physics",
	"Social Studies: Current Events",
	"Social Studies: Geography",
	"Social Studies: U.S. History",
	"Social Studies: World History",
	"Social Studies: Other"
);

##########################
###### General Code ######
##########################

my $prgm_version = "1.40";

sub login_screen;
sub gui;
sub gui_home;
sub edit_question;
sub new_question;
sub gui_edit;
sub gui_list;
sub gui_list_table;
sub search;
sub gui_about;
sub gui_delete;
sub gui_delete_done;
sub gui_search;

sub admin_backup;
sub admin_gui_config;
sub admin_gui_users;
sub admin_gui_stats;
sub admin_gui_rounds;

sub round_gui_options;
sub round_gui_acquire;
sub round_gui_acquire_table;
sub round_acquire;
sub round_unacquire;
sub round_gui_organize;
sub round_organize;
sub round_gui_order;
sub round_order;
sub round_gui_stats;
sub round_gui_output;
sub round_output;

sub order_string;
sub rtrim;
sub ceiling;
sub parseget;

sub output_question;

print "Content-type: text/html\n\n";

my $cgi= new CGI;
my $ip = $ENV{'REMOTE_ADDR'};
my $filename = $ENV{'SCRIPT_NAME'};
my $pagename = lc($ENV{'SCRIPT_URL'}); #follows qed.pl/ in URL
	$pagename =~ /$filename\/(.*)/;
	$pagename = $1;
my $query;

my ($username, $password, $round);
for (split(';',$ENV{'HTTP_COOKIE'})) {
	if (/qed=([a-zA-Z0-9]+)\|([a-f0-9]+)/) {
		$username = $1;
		$password = $2;
	} elsif (/qed-rnd=([a-zA-Z0-9]+)/) {
		$round = $1;
	}
}

#CREATE TABLE users (
#     user CHAR(10),
#     password CHAR(32),
#     flags INT(11));
#The password column contains the md5 hash of the password, 
#or if it's a round, the number of packets it contains.
#
#CREATE TABLE questions (
#     id INTEGER AUTO_INCREMENT PRIMARY KEY,
#     type TEXT,
#     category TEXT,
#     question TEXT,
#     answer TEXT,
#     owner TEXT,
#     round TEXT,
#     comment TEXT,);

my $dbh = DBI->connect("DBI:mysql:database=${mysql_database};host=${mysql_host};port=${mysql_port}",$mysql_user,$mysql_pass);

$query = $dbh->prepare("SELECT * FROM $dtbu WHERE user=?");
$query->execute($username);
my @sqluser = $query->fetchrow_array();
$query->finish();

#A cookie is set client-side when logging in, with the format qed=(username)|(md5hash), 
#where the hash is calculated client-side, so only the username is transmitted plaintext. 
#The hash is md5(ip . md5(pass)), so only the same IP address can use that hash.

if ($password ne md5_hex($ENV{'REMOTE_ADDR'} . $sqluser[1])) {
	login_screen;
} elsif ($pagename =~ /^output=(\d{1,2})/) {
	round_output($1);
} elsif ($pagename =~ /^delete=(\d)/) {
	gui_delete; 
} elsif ($cgi->param("cgi") && $cgi->param("delete")) {
	gui_delete_done;
} elsif ($sqluser[2] == 0) {
	$round = ""; gui;
} elsif ($sqluser[2] == 1) {
	$isadmin = 1; gui;
}

##########################
#### Normal Interface ####
##########################

sub login_screen {
print qq`<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title>QED $prgm_version | Login</title>
<style type="text/css">
body {font-family: Arial, sans-serif; 
	font-size: .8em;
	text-align: center;}
#qed {letter-spacing: -0.1em; 
	font-size: 10em;
	font-weight: bold;
	color: #7b68ee;
	margin: 0em;}
#tagline {font-size: 1.5em;
	margin-top: -.4em;
	margin-bottom: .1em;
	color: #7b68ee;
	font-variant: small-caps;
	font-weight: bold;}
#version {font-size: 1.5em;
	margin-bottom: 1em;
	color: #7b68ee;
	font-variant: small-caps;
	font-weight: bold;}
#organization {font-size: 1.5em;
	color: #6898ee;
	margin: 1.5em;}
#copyright {font-size: .8em;
	color:#c0c0c0;
	margin-top: 3em;}
</style>
<script type="text/javascript">
<!--

function setCookies() {
document.cookie = "qed=" + document.getElementById('user').value + 
"|" + hex_md5(document.getElementById('ip').value + 
hex_md5(document.getElementById('password').value)) +
";path=/;";
document.getElementById('user').value = "";
document.getElementById('password').value = "";
}

/* A JavaScript implementation of the RSA Data Security, Inc. MD5 Message
 * Digest Algorithm, as defined in RFC 1321.
 * Version 2.1 Copyright (C) Paul Johnston 1999 - 2002.
 * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
 * Distributed under the BSD License
 * See http://pajhome.org.uk/crypt/md5 for more info.*/

var hexcase =0;var b64pad="";var chrsz=8;
function hex_md5(s){return binl2hex(core_md5(str2binl(s),s.length*chrsz));}
function b64_md5(s){return binl2b64(core_md5(str2binl(s),s.length*chrsz));}
function str_md5(s){return binl2str(core_md5(str2binl(s),s.length*chrsz));}
function hex_hmac_md5(key,data){return binl2hex(core_hmac_md5(key,data));}
function b64_hmac_md5(key,data){return binl2b64(core_hmac_md5(key,data));}
function str_hmac_md5(key,data){return binl2str(core_hmac_md5(key,data));}
function md5_vm_test(){return hex_md5("abc")=="900150983cd24fb0d6963f7d28e17f72";}
function core_md5(x,len){x[len>>5]|=0x80<<((len)%32);x[(((len+64)>>>9)<<4)+14]=len;var a=1732584193;var b=-271733879;
var c=-1732584194;var d=271733878;for(var i=0;i<x.length;i+=16){var olda=a;var oldb=b;var oldc=c;var oldd=d;
a=md5_ff(a,b,c,d,x[i+0],7,-680876936);d=md5_ff(d,a,b,c,x[i+1],12,-389564586);c=md5_ff(c,d,a,b,x[i+2],17,606105819);
b=md5_ff(b,c,d,a,x[i+3],22,-1044525330);a=md5_ff(a,b,c,d,x[i+4],7,-176418897);d=md5_ff(d,a,b,c,x[i+5],12,1200080426);
c=md5_ff(c,d,a,b,x[i+6],17,-1473231341);b=md5_ff(b,c,d,a,x[i+7],22,-45705983);a=md5_ff(a,b,c,d,x[i+8],7,1770035416);
d=md5_ff(d,a,b,c,x[i+9],12,-1958414417);c=md5_ff(c,d,a,b,x[i+10],17,-42063);b=md5_ff(b,c,d,a,x[i+11],22,-1990404162);
a=md5_ff(a,b,c,d,x[i+12],7,1804603682);d=md5_ff(d,a,b,c,x[i+13],12,-40341101);c=md5_ff(c,d,a,b,x[i+14],17,-1502002290);
b=md5_ff(b,c,d,a,x[i+15],22,1236535329);a=md5_gg(a,b,c,d,x[i+1],5,-165796510);d=md5_gg(d,a,b,c,x[i+6],9,-1069501632);
c=md5_gg(c,d,a,b,x[i+11],14,643717713);b=md5_gg(b,c,d,a,x[i+0],20,-373897302);a=md5_gg(a,b,c,d,x[i+5],5,-701558691);
d=md5_gg(d,a,b,c,x[i+10],9,38016083);c=md5_gg(c,d,a,b,x[i+15],14,-660478335);b=md5_gg(b,c,d,a,x[i+4],20,-405537848);
a=md5_gg(a,b,c,d,x[i+9],5,568446438);d=md5_gg(d,a,b,c,x[i+14],9,-1019803690);c=md5_gg(c,d,a,b,x[i+3],14,-187363961);
b=md5_gg(b,c,d,a,x[i+8],20,1163531501);a=md5_gg(a,b,c,d,x[i+13],5,-1444681467);d=md5_gg(d,a,b,c,x[i+2],9,-51403784);
c=md5_gg(c,d,a,b,x[i+7],14,1735328473);b=md5_gg(b,c,d,a,x[i+12],20,-1926607734);a=md5_hh(a,b,c,d,x[i+5],4,-378558);
d=md5_hh(d,a,b,c,x[i+8],11,-2022574463);c=md5_hh(c,d,a,b,x[i+11],16,1839030562);b=md5_hh(b,c,d,a,x[i+14],23,-35309556);
a=md5_hh(a,b,c,d,x[i+1],4,-1530992060);d=md5_hh(d,a,b,c,x[i+4],11,1272893353);c=md5_hh(c,d,a,b,x[i+7],16,-155497632);
b=md5_hh(b,c,d,a,x[i+10],23,-1094730640);a=md5_hh(a,b,c,d,x[i+13],4,681279174);d=md5_hh(d,a,b,c,x[i+0],11,-358537222);
c=md5_hh(c,d,a,b,x[i+3],16,-722521979);b=md5_hh(b,c,d,a,x[i+6],23,76029189);a=md5_hh(a,b,c,d,x[i+9],4,-640364487);
d=md5_hh(d,a,b,c,x[i+12],11,-421815835);c=md5_hh(c,d,a,b,x[i+15],16,530742520);b=md5_hh(b,c,d,a,x[i+2],23,-995338651);
a=md5_ii(a,b,c,d,x[i+0],6,-198630844);d=md5_ii(d,a,b,c,x[i+7],10,1126891415);c=md5_ii(c,d,a,b,x[i+14],15,-1416354905);
b=md5_ii(b,c,d,a,x[i+5],21,-57434055);a=md5_ii(a,b,c,d,x[i+12],6,1700485571);d=md5_ii(d,a,b,c,x[i+3],10,-1894986606);
c=md5_ii(c,d,a,b,x[i+10],15,-1051523);b=md5_ii(b,c,d,a,x[i+1],21,-2054922799);a=md5_ii(a,b,c,d,x[i+8],6,1873313359);
d=md5_ii(d,a,b,c,x[i+15],10,-30611744);c=md5_ii(c,d,a,b,x[i+6],15,-1560198380);b=md5_ii(b,c,d,a,x[i+13],21,1309151649);
a=md5_ii(a,b,c,d,x[i+4],6,-145523070);d=md5_ii(d,a,b,c,x[i+11],10,-1120210379);c=md5_ii(c,d,a,b,x[i+2],15,718787259);
b=md5_ii(b,c,d,a,x[i+9],21,-343485551);a=safe_add(a,olda);b=safe_add(b,oldb);c=safe_add(c,oldc);d=safe_add(d,oldd);}
return Array(a,b,c,d);}
function md5_cmn(q,a,b,x,s,t){return safe_add(bit_rol(safe_add(safe_add(a,q),safe_add(x,t)),s),b);}
function md5_ff(a,b,c,d,x,s,t){return md5_cmn((b&c)|((~b)&d),a,b,x,s,t);}
function md5_gg(a,b,c,d,x,s,t){return md5_cmn((b&d)|(c&(~d)),a,b,x,s,t);}
function md5_hh(a,b,c,d,x,s,t){return md5_cmn(b^c^d,a,b,x,s,t);}
function md5_ii(a,b,c,d,x,s,t){return md5_cmn(c^(b|(~d)),a,b,x,s,t);}
function core_hmac_md5(key,data){var bkey=str2binl(key);if(bkey.length>16)bkey=core_md5(bkey,key.length*chrsz);var ipad=Array(16),opad=Array(16);
for(var i=0;i<16;i++){ipad[i]=bkey[i]^0x36363636;opad[i]=bkey[i]^0x5C5C5C5C;}var hash=core_md5(ipad.concat(str2binl(data)),512+data.length*chrsz);
return core_md5(opad.concat(hash),512+128);}
function safe_add(x,y){var lsw=(x&0xFFFF)+(y&0xFFFF);var msw=(x>>16)+(y>>16)+(lsw>>16);return(msw<<16)|(lsw&0xFFFF);}
function bit_rol(num,cnt){return (num<<cnt)|(num>>>(32-cnt));}
function str2binl(str){var bin=Array();var mask=(1<<chrsz)-1;for(var i=0;i<str.length*chrsz;i+=chrsz)bin[i>>5]|=(str.charCodeAt(i/chrsz)&mask)<<(i%32);return bin;}
function binl2str(bin){var str="";var mask=(1<<chrsz)-1;for(var i=0;i<bin.length*32;i+=chrsz)str+=String.fromCharCode((bin[i>>5]>>>(i%32))&mask);return str;}
function binl2hex(binarray){var hex_tab=hexcase ?"0123456789ABCDEF":"0123456789abcdef";var str="";for(var i=0;i<binarray.length*4;i++){str+=hex_tab.charAt((binarray[i>>2]>>((i%4)*8+4))&0xF)+hex_tab.charAt((binarray[i>>2]>>((i%4)*8))&0xF);}return str;}
function binl2b64(binarray){var tab="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";var str="";for(var i=0;i<binarray.length*4;i+=3){var triplet=(((binarray[i>>2]>>8*(i%4))&0xFF)<<16)|(((binarray[i+1>>2]>>8*((i+1)%4))&0xFF)<<8)|((binarray[i+2>>2]>>8*((i+2)%4))&0xFF);
for(var j=0;j<4;j++){if(i*8+j*6>binarray.length*32)str+=b64pad;else str+=tab.charAt((triplet>>6*(3-j))&0x3F);}}return str;}
//-->
</script>
</head>
<body>
<div id="qed">QED</div>
<div id="tagline">Question Editing Database</div>
<div id="version">Version $prgm_version</div>
<div id="organization">$org_name</div>

<form action="$filename" onsubmit="setCookies();" method="get">
<table border="0" align="center">
<tr><td>Username:</td><td><input type="text" id="user" /></td></tr>
<tr><td>Password:</td><td><input type="password" id="password" /></td></tr>
<input type="hidden" id="ip" value="$ip" />
</table><p><input type="submit" value="Log in" /></p>
</form>
<div id="copyright">&copy;2006-2007 by Carlo Angiuli</div>
</body>
</html>
`;
exit;
}

sub gui {
my $usertype = ($isadmin ? "Admin" : "Writer");
my $usercolor = ($isadmin ? "#ff0000" : "#000000");
my $usercss = ($isadmin ? "#menu a.admin {color: #ee6897;}
#menu a.admin:hover {background-color: #f4c5cb;}
#menu a.round {color: #2e8b57;}
#menu a.round:hover {background-color: #bce9bf;}
#adminusers td {padding-right:1em;}
.roundlist {text-decoration: none; color:#000000; font-size:1.2em;}
.roundlist:hover {text-decoration:underline;}
.orgqs td {padding-right:.7em;}
" : "#questions {width: 85%;}");
my $userjs = ($pagename =~ /^round-acquire/ ? qq` onload="count();"` : "");

print qq`<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title>QED $prgm_version | $usertype</title>
<style type="text/css">
body {font-family: Arial, sans-serif; font-size: .8em;}
#menu {position: absolute; top: 5em; left: 1em; font-size: 1.5em; width:5em;}
#menu a {display: block; text-decoration: none; color: #7b68ee;}
#menu a:hover {background-color: #c2d3f4;}
#content {position: absolute; top: 6.9em; left: 10em; width: 70%;}
#questions .list:hover {background-color:#e0e0e0;}
#questions .flagged {background-color:#ffaaaa;}
#questions .round {background-color:#bce9bf;}
#questions a {text-decoration: none; color: #000000;}
#searchpages a {text-decoration: none; color: #7b68ee;}
#searchpages a:visited {color: #7b68ee;}
h1 {margin-top: 0px;}
$usercss
</style>
<script type="text/javascript">
<!--
function logout() {document.cookie = "qed=x;path=/;";}
//-->
</script>
</head>
<body$userjs>
<div style="font-weight:bold;position:absolute;right:20%;">
<span style="color:#7b68ee;">QED $prgm_version</span> |
<span style="color:#6898ee;">$org_name</span> | 
<span style="color:$usercolor;">$username ($usertype)</span> | 
<a onclick="logout();" href="$filename">Log out</a>
</div>
<div id="menu">
<a href="$filename">Home</a>
<a href="$filename/edit">New</a>
<a href="$filename/list">List</a>
<a href="$filename/about">About</a>`;

print qq`<a href="$filename/admin-config" class="admin">Admin</a>
<a href="$filename/admin-users" class="admin">Users</a>
<a href="$filename/admin-stats" class="admin">Stats</a>
<a href="$filename/admin-rounds" class="admin">Rounds</a>` if $isadmin;

print qq`<a href="$filename/round-options" class="round">Options</a>
<a href="$filename/round-stats" class="round">Stats</a>
<a href="$filename/round-acquire?aua=y&ar=y" class="round">Acquire</a>
<a href="$filename/round-organize" class="round">Organize</a>
<a href="$filename/round-order" class="round">Order</a>
<a href="$filename/round-output" class="round">Output</a>
` if $isadmin && $round ne "";

print qq`</div>
<div id="content">
`;

admin_backup if $cgi->param("backup-yes") && $isadmin;
edit_question if $cgi->param("cgi") && $cgi->param("edit");
new_question if $cgi->param("cgi") && not($cgi->param("edit"));
if ($cgi->param("acquire") && $isadmin) {
	$cgi->delete("acquire");
	round_acquire($cgi->param());
}

if ($isadmin && $pagename =~ /^admin-config/) {admin_gui_config;}
elsif ($isadmin && $pagename =~ /^admin-users/) {admin_gui_users;}
elsif ($isadmin && $pagename =~ /^admin-stats/) {admin_gui_stats;}
elsif ($isadmin && $pagename =~ /^admin-rounds/) {admin_gui_rounds;}
elsif ($isadmin && $round ne "" && $pagename =~ /^round-stats/) {round_gui_stats;}
elsif ($isadmin && $round ne "" && $pagename =~ /^round-options/) {round_gui_options;}
elsif ($isadmin && $round ne "" && $pagename =~ /^round-acquire/) {round_gui_acquire;}
elsif ($isadmin && $round ne "" && $pagename =~ /^round-organize/) {round_gui_organize;}
elsif ($isadmin && $round ne "" && $pagename =~ /^round-order/) {round_gui_order;}
elsif ($isadmin && $round ne "" && $pagename =~ /^round-output/) {round_gui_output;}
elsif ($pagename =~ /^list/) {gui_list;}
elsif ($pagename =~ /^about/) {gui_about;}
elsif ($pagename =~ /^edit/) {gui_edit;}
else {gui_home;}

print qq`</div></body></html>
`;
exit;

}

sub gui_home {

$query = $dbh->prepare("SELECT count(*) FROM $dtbq WHERE owner = '$username'");
$query->execute();
my $questions = $query->fetchrow_array();
$query->finish();

$query = $dbh->prepare("SELECT count(*) FROM $dtbq WHERE owner = '$username' and comment != ''");
$query->execute();
my $flagged = $query->fetchrow_array();
$query->finish();

print qq`<h1>Welcome, $username!</h1>
<p>Hello, $username! You currently have <strong>$questions</strong> questions. `;

if ($flagged > 1) {print qq`<span style="color:#ff0000"><strong>You have <a href="$filename/list?in=f" style="color:#ff0000">$flagged questions</a> flagged for attention.</strong></span>`;} 
	elsif ($flagged == 1) {print qq`<span style="color:#ff0000"><strong>You have <a href="$filename/list?in=f" style="color:#ff0000">1 question</a> flagged for attention.</strong></span>`;} 
	else {print qq`You have no questions flagged for attention.`;}

print qq`</p><p>Having problems? Check the <a href="qed/help.html">help file</a> or 
<a href="mailto:carlo\@aegisquestions.com">email Carlo</a>.</p>`;
}

sub edit_question {

my $iscomp = ""; $iscomp = " (Comp)" if $cgi->param("computational") eq "Computational";

my $id = $cgi->param("id");
my $type = $dbh->quote($cgi->param("type"));
my $category = $dbh->quote($cgi->param("category") . $iscomp);
my $question = $dbh->quote(rtrim($cgi->param("question")));
my $answer = $dbh->quote(rtrim($cgi->param("answer")));
my $comment = $dbh->quote($cgi->param("comment"));

$dbh->do("UPDATE $dtbq SET type=$type , category=$category , question=$question , answer=$answer , comment=$comment WHERE id = $id");
}

sub new_question {

my $iscomp = ""; $iscomp = " (Comp)" if $cgi->param("computational") eq "Computational";

my $type = $dbh->quote($cgi->param("type"));
my $category = $dbh->quote($cgi->param("category") . $iscomp);
my $question = $dbh->quote(rtrim($cgi->param("question")));
my $answer = $dbh->quote(rtrim($cgi->param("answer")));
my $comment = $dbh->quote($cgi->param("comment"));

$dbh->do("INSERT INTO $dtbq (id, type, category, question, answer, owner, round, comment) VALUES(NULL, $type , $category , $question , $answer , '$username', '', $comment);");
}

sub gui_edit {
$pagename =~ /edit=(\d*)/;

print qq`<script type="text/javascript">
<!--
function isempty() {
var commentbox = document.getElementById('comment');
if (commentbox.value=='') commentbox.style.backgroundColor = '#dedede'; else commentbox.style.backgroundColor = '#ffaaaa';}
//-->
</script>
`;

if ($1 eq "") {
print qq`<h1>New Question</h1>

<form action="$filename/list" method="post">
<input type="hidden" name="cgi" value="1" />
<input type="hidden" name="edit" value="0" />
<table border="0"><tr>
<td><input type="radio" name="type" value="$types[0]" checked="checked" /> $types[0]&nbsp;&nbsp;</td>`;

print qq`<td><input type="radio" name="type" value="$_" /> $_&nbsp;&nbsp;</td>` foreach (@types[1..$#types]);

print qq`<td><input type="checkbox" name="computational" value="Computational" /> Computational</td></tr></table>
<br />Category: <select name="category">`;

foreach (@categories) {print qq`<option>$_</option>\r\n`;}

print qq`
</select><br /><br />
Question:<br />
<textarea name="question" cols="60" rows="9"></textarea><br />
Answer:<br />
<textarea name="answer" cols="60" rows="5"></textarea><br />
<input type="submit" value="Save Changes" />
<br /><span style="color:#9a9a9a">(Comment/request for attention. Leave blank if none.)</span><br />
<textarea id="comment" name="comment" cols="60" rows="2" onkeyup="isempty()" style="background-color:#dedede"></textarea>
</form>
`;

} else {

$pagename =~ /^edit=(\d+)/;
my $id = $dbh->quote($1);

if ($isadmin or $isround) {$query = $dbh->prepare("SELECT * FROM $dtbq WHERE id=$id");
	} else {$query = $dbh->prepare("SELECT * FROM $dtbq WHERE id=$id AND owner='$username'")}

$query->execute();
my @question = $query->fetchrow_array();

if ($question[5] eq "") {print "<h1>Question not found.</h1></div></body></html>"; exit;}

print qq`<h1>Edit Question</h1>

<form action="$filename/list" method="post">
<input type="hidden" name="cgi" value="1" />
<input type="hidden" name="id" value="$1" />
<input type="hidden" name="edit" value="1" />`;

print qq`<table border="0"><tr><td>`;

foreach (@types) {
print qq`<td><input type="radio" name="type" value="$_" `;
print qq`checked="yes" ` if $question[1] eq $_;
print qq`/> $_&nbsp;&nbsp;</td>`;
}

print qq`</td><td><input type="checkbox" name="computational" value="Computational" `;

print "checked " if $question[2] =~ /(Comp)/;

print qq`/> Computational</td></tr></table>
<br />Category: <select name="category">`;

foreach (@categories) {
print qq`<option`;
print " selected" if $question[2] =~ /^$_/;
print qq`>$_</option>\r\n`;
}

my $commentbg;
if (length($question[7])) {$commentbg = "ffaaaa"} else {$commentbg = "dedede"}

print qq`
</select><br /><br />
Question:<br />
<textarea name="question" cols="60" rows="9">$question[3]</textarea><br />
Answer:<br />
<textarea name="answer" cols="60" rows="5">$question[4]</textarea><br />
<input type="submit" value="Save Changes" />
<input type="button" value="Delete Question" onclick="window.open('$filename/delete=$question[0]','delete','width=400,height=200,resizable=no,scrollbars=no,toolbar=no,location=no,directories=no,status=no,menubar=no');" />
<br /><span style="color:#9a9a9a">(Comment/request for attention. Leave blank if none.)</span><br />
<textarea id="comment" name="comment" cols="60" rows="2" onkeyup="isempty()" style="background-color:#$commentbg">$question[7]</textarea>
</form>
`;
$query->finish();
}
}

sub gui_list {
print qq`<h1>List Questions</h1>
<form action="$filename/list" method="get">
<p style="background-color:#e5eeff;padding:1em;margin-bottom:0">Containing exact phrase: <input type="text" name="q" size="25" />&nbsp;&nbsp;
in <select name="in"><option value="qa">questions or answers</option><option value="q">questions only</option><option value="a">answers only</option><option value="c">categories</option><option value="f">flagged questions</option></select>
<br /><br />
<select name="num"><option value="10">10 results</option><option value="25" selected="selected">25 results</option><option value="50">50 results</option><option value="100">100 results</option><option value="200">200 results</option><option value="10000">All results</option></select>
per page, ordered by 
<select name="of"><option value="0">order written</option><option value="1">type</option><option value="2">category</option><option value="3">question</option><option value="4">answer</option></select>
&nbsp; <input name="ob" type="radio" value="a" /> &darr;
<input name="ob" type="radio" value="d" checked="checked" /> &uarr; &nbsp;&nbsp;
<input type="submit" value="Update" /></p>`;

if ($isadmin) {print qq`<p style="background-color:#f8d8dd;padding:1em;margin-top:0">By users (separated by spaces): <input type="text" name="au" size="25" />
&nbsp;&nbsp; or view all users <input type="checkbox" name="aua" value="y" /><br /><br />
View questions in rounds <input type="checkbox" name="ar" value="y" />
</p></form>`};

gui_search;
}

sub gui_list_table {
my $questionquery = shift;
my @questions = @$questionquery;
$isadmin ? 
	print "<td>ID</td><td>Type</td><td>Category</td><td>Question</td><td>Answer</td><td>Owner</td></tr>"
	: print "<td>Type</td><td>Category</td><td>Question</td><td>Answer</td></tr>";
foreach (@questions) {
	my $question = substr(@$_[3],0,50);	$question .= "..." if length(@$_[3]) > 50;
	my $answer = substr(@$_[4],0,50);	$answer .= "..." if length(@$_[4]) > 50;
	$question =~ s/>/&gt;/g; $question =~ s/</&lt;/g;
	print qq`<tr class="list`;
	print qq` flagged` if length(@$_[7]);
	print qq` round` if length(@$_[6]);
	$isadmin ?
		print qq`"><td><a href="$filename/edit=@$_[0]">@$_[0]</a></td><td><a href="$filename/edit=@$_[0]">@$_[1]</a></td><td><a href="$filename/edit=@$_[0]">@$_[2]</a></td><td><a href="$filename/edit=@$_[0]">$question</a></td><td><a href="$filename/edit=@$_[0]">$answer</a></td><td><a href="$filename/edit=@$_[0]">@$_[5]</a></td></tr>`
		: print qq`"><td><a href="$filename/edit=@$_[0]">@$_[1]</a></td><td><a href="$filename/edit=@$_[0]">@$_[2]</a></td><td><a href="$filename/edit=@$_[0]">$question</a></td><td><a href="$filename/edit=@$_[0]">$answer</a></td></tr>`;
}
}

sub search {
my ($search,$querystring,$ownerstring,$setstring,$orderstring,$limitstring,$infields,$squery);
my ($allresults,$perpage,$page,$offset);

my %get = parseget;

if ($pagename =~ /\?q\=/) {
	$querystring = " FROM $dtbq WHERE owner='$username'";
	$limitstring = " LIMIT 0,25";
} else {
	$squery = $dbh->quote($get{"q"}) if exists $get{"q"};
		$squery =~ s/^'//;
		$squery =~ s/'$//;
	$perpage = (exists $get{"num"} ? $get{"num"} : 25);
		$perpage =~ s/[^\d]//g;
	$page = (exists $get{"pg"} ? $get{"pg"} : 1);
		$page =~ s/[^\d]//g;
	$offset = ($page - 1) * $perpage;
	$infields = (exists $get{"in"} ? $get{"in"} : "qa");
	if (exists $get{"of"} and exists $get{"ob"}) {
		$orderstring = order_string($get{"of"} . $get{"ob"});
	} else {$orderstring = "order by id desc";}
	$pagename =~ s/\&of+$//;}

if ($squery eq "" && $infields ne "f") {$search = ""} else {
	if ($infields eq "qa") {$search="(question regexp '$squery' or answer regexp '$squery') and"}
	elsif ($infields eq "q") {$search="(question regexp '$squery') and"}
	elsif ($infields eq "a") {$search="(answer regexp '$squery') and"}
	elsif ($infields eq "c") {$search="(category regexp '$squery') and"}
	elsif ($infields eq "f") {$search="(comment != '') and"}}

if ($isadmin and exists $get{"aua"} and $get{"aua"} eq "y") {
	$ownerstring = "1";
} elsif ($isadmin and exists $get{"au"} and $get{"au"} ne "") {
	my @searchusers = split / /, $get{"au"};
	$ownerstring = "owner=''";
	$ownerstring .= " or owner like '%%$_%%'" foreach @searchusers;
} else {$ownerstring = "owner='$username'"}

if ($isadmin and exists $get{"ar"} and $get{"ar"} eq "y") {
	$setstring = "and 1";
} else {$setstring = "and ((round is null) or (round=''))"}

$querystring = " FROM $dtbq WHERE $search $ownerstring $setstring $orderstring";
$limitstring = " LIMIT $offset,$perpage";

$query = $dbh->prepare("SELECT COUNT(*)" . $querystring);
$query->execute();
$allresults = $query->fetchrow_array();
$query->finish();

return ("SELECT *" . $querystring . $limitstring, $offset + 1, $allresults, $perpage, $page);

}

sub gui_about {
print qq`
<h1>About QED</h1>
<p>Welcome to QED, Question Editing Database. QED is a full-featured quizbowl 
question management program designed to allow users secure access to a question database. 
It allows users to input and edit questions, and collects them to be compiled into packets.</p>
<p>Running QED requires a web server with Perl/CGI capabilities,  the Sendmail MTA 
(or an SMTP server), as well as MySQL to store the databases. If you are interested in 
running QED but do not have access to these resources, Aegis Questions is offering to 
host your QED installation; contact Carlo at the address below. Using QED requires only a 
modern browser with JavaScript and CSS. (Firefox recommended.)</p>
<p>Questions? Comments? Contact Carlo Angiuli at <a href="mailto:carlo\@aegisquestions.com">
carlo\@aegisquestions.com</a>. QED is free to use, and you may modify the source code 
as long as the original name and author are maintained. QED is &copy;2006-2007 Carlo Angiuli.</p>
<p><strong>Note:</strong> QED uses a JavaScript implementation of the RSA Data 
Security, Inc. MD5 Message-Digest Algorithm. JavaScript MD5 is released under the 
<a href="http://pajhome.org.uk/site/legal.html#bsdlicense">BSD License</a> and is copyright 
&copy;1998 - 2002, Paul Johnston & Contributors, all rights reserved. You can find 
it at <a href="http://pajhome.org.uk/crypt/md5">http://pajhome.org.uk/crypt/md5</a>.</p>
`;
}

sub gui_delete {
$pagename =~ /^delete=(\d+)/;
my $id = $1;

print qq`<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title>Confirm Delete</title>
<style type="text/css">
body {font-family: Arial, sans-serif;font-size: .8em;text-align: center;}
</style>
</head><body>
<p>Are you sure you want to delete this question permanently?</p>
<form action="$filename?closewindow" method="post">
<input type="hidden" name="cgi" value="1" />
<input type="hidden" name="id" value="$id" />
<input type="hidden" name="delete" value="1" />
<input type="submit" value="Yes" /> 
<input type="button" value="No" onclick="window.close();" />
</form></body></html>
`;
}

sub gui_delete_done {
my $id = $dbh->quote($cgi->param("id"));
$dbh->do("DELETE FROM $dtbq WHERE id=$id");
$dbh->do("ALTER TABLE $dtbq AUTO_INCREMENT=1");

print qq`<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title>Question Deleted</title>
<style type="text/css">
body {font-family: Arial, sans-serif;font-size: .8em;text-align: center;}
</style>
</head><body onload="setTimeout('window.opener.location.reload();self.close();',1);">
<p>Deleted.</p>
</body></html>
`;
}

sub gui_search {
my $orderstring = order_string($pagename);
my ($search,$first,$allresults,$perpage,$page) = search;
$query = $dbh->prepare($search);
$query->execute();
my $questionquery = $query->fetchall_arrayref([]);
my @questions = @$questionquery;
my $last = @questions + $first - 1;
my $pages = ceiling($allresults / $perpage);
my $pg = $ENV{'QUERY_STRING'};
$pg =~ s/&?pg=(\d*)//;

print qq`\n<p style="padding-top:1em;" id="searchpages"><strong>Page: &nbsp;&nbsp;`;
print ($_ == $page ? qq` &nbsp;$_&nbsp; ` : qq` &nbsp;<a href="$filename/$pagename?$pg&pg=$_">$_</a>&nbsp; `) foreach (1..$pages);
print qq`</strong></p>
<p style="text-align:right;font-weight:bold;">Questions $first - $last of $allresults</p>
<table id="questions" cellpadding="3"><tr style="font-weight:bold;">`;

if ($pagename =~ /^list/) {gui_list_table($questionquery);
} elsif ($pagename =~ /^round-acquire/) {round_gui_acquire_table($questionquery);}

$query->finish();
print qq`</table>
<p style="padding-top:2em" id="searchpages"><strong>Page: &nbsp;&nbsp;`;
print ($_ == $page ? qq` &nbsp;$_&nbsp; ` : qq` &nbsp;<a href="$filename/$pagename?$pg&pg=$_">$_</a>&nbsp; `) foreach (1..$pages);
print qq`</strong></p>`;

}

##########################
####### Admin Code #######
##########################

sub admin_backup {
use MIME::Lite;
use Net::SMTP;
open BACKUP, "> backup.csv";
print BACKUP "id,type,category,question,answer,owner,round,comment\n";
$query = $dbh->prepare("SELECT * FROM $dtbq");
$query->execute();
my $questionquery = $query->fetchall_arrayref([]);
my @questions = @$questionquery;

foreach (@questions) {
my $question = @$_[3];
my $answer = @$_[4];
my $comment = @$_[7];
$question =~ s/\r\n/\\r\\n/g; $answer =~ s/\r\n/\\r\\n/g; $comment =~ s/\r\n/\\r\\n/g;
$question =~ s/"/""/g; $answer =~ s/"/""/g; $comment =~ s/"/""/g;
print BACKUP qq`@$_[0],@$_[1],@$_[2],"$question","$answer",@$_[5],@$_[6],"$comment"\n`;
}
$query->finish();
close BACKUP;
my @time = localtime(time);
my $datestr = ($time[5]+1900) . "-" . ($time[4]+1) . "-" . $time[3];
my $msg = MIME::Lite->new (
	From => $mail_from,
	To => $cgi->param("backup-email"),
	Subject => "QED Database Backup",
	Type => "multipart/mixed");
$msg->attach (
	Type => "TEXT",
	Data => "As requested, here is a CSV backup of your QED question database.\n\nEmailed from QED $prgm_version.");
$msg->attach (
	Type => "text/plain",
	Path => "backup.csv",
	Filename => "$datestr.csv",
	Disposition => "attachment");
#I use sendmail. If you need an SMTP server instead, uncomment the next line.
#MIME::Lite->send("smtp", "mail.yourmailserver.com", Timeout => 60, AuthUser => "username", AuthPass => "password");
$msg->send;
unlink "backup.csv";
}

sub admin_gui_config {

$query = $dbh->prepare("SELECT COUNT(*) FROM $dtbu");
$query->execute();
my $usernum = $query->fetchrow_array();
$query->finish();

$query = $dbh->prepare("SELECT COUNT(*) FROM $dtbq");
$query->execute();
my $questionnum = $query->fetchrow_array();
$query->finish();

print qq`<h1>Administrator Panel</h1>
<h3>Back Up Database</h3>
<form action="$filename/admin-config" method="post">
Email address: <input type="text" name="backup-email" size="30" />
<input type="submit" name="backup-yes" value="Email CSV Backup" />
</form>
<h3>QED Statistics</h3>
Users: $usernum<br />
Questions: $questionnum<br />
<h3>QED Settings</h3>
\$mail_from = $mail_from<br />
\$org_name = $org_name<br />
\$mysql_database = $mysql_database<br />
\$mysql_host = $mysql_host<br />
\$mysql_port = $mysql_port<br />
\$mysql_user = $mysql_user<br />
\$mysql_pass = <em>(hidden)</em><br />
\$dtbu = $dtbu<br />
\$dtbq = $dtbq<br />
\@types = (`;
print "$_, " foreach (@types[0..@types-2]);
print @types[@types-1] . ")<br />";
print qq`\@categories = (`;
print "$_, " foreach (@categories[0..@categories-2]);
print @categories[@categories-1] . ")";
}

sub admin_gui_users {

#Run admin-action commands from admin-users screen before displaying page

if ($cgi->param("admin-action") eq "Create User") {
	my $newuser = $dbh->quote($cgi->param("newuser"));
	my $newpass = $dbh->quote(md5_hex($cgi->param("newpass")));
	$query = $dbh->do("INSERT INTO $dtbu (user, password) VALUES($newuser, $newpass)");

} elsif ($cgi->param("admin-action") eq "Delete User(s)") {
	foreach ($cgi->param()) {
		if ($cgi->param($_) eq "on" && $_ ne "newuser" && $_ ne "newpass") {
			my $deleteuser = $dbh->quote($_);
			$query = $dbh->do("DELETE FROM $dtbu WHERE user=$deleteuser");
		}
	}

} elsif ($cgi->param("admin-action") eq "Grant Admin Privileges") {
	foreach ($cgi->param()) {
		if ($cgi->param($_) eq "on" && $_ ne "newuser" && $_ ne "newpass") {
			my $adminuser = $dbh->quote($_);
			$query = $dbh->do("UPDATE $dtbu SET flags='1' WHERE user=$adminuser AND (NOT flags='2')");
		}
	}

} elsif ($cgi->param("admin-action") eq "Revoke Admin Privileges") {
	foreach ($cgi->param()) {
		if ($cgi->param($_) eq "on" && $_ ne "newuser" && $_ ne "newpass") {
		my $notadminuser = $dbh->quote($_);
		$query = $dbh->do("UPDATE $dtbu SET flags='0' WHERE user=$notadminuser AND (NOT flags='2')");
		}
	}
}

$query = $dbh->prepare("SELECT * FROM $dtbu");
$query->execute();
my $userquery = $query->fetchall_arrayref([]);
my @users = @$userquery;

print qq`<h1>Manage Users</h1>
<form action="$filename/admin-users" method="post">
<table id="adminusers"><tr style="font-weight: bold;"><td>&nbsp;</td><td>user</td><td>&nbsp;</td></tr>`;

foreach (@users) {
	print qq`<tr><td><input type="checkbox" name="@$_[0]" value="on" /></td><td>`;
	if (@$_[2] == 0) {print @$_[0]}
		elsif (@$_[2] == 1) {print qq`<strong style="color:#ff0000">@$_[0] (Admin)</strong>`}
		elsif (@$_[2] == 2) {print qq`<strong style="color:#2e8b57">@$_[0] (Question Set)</strong>`}
	unless (@$_[2] == 2) {print qq`</td><td><a href="$filename/admin-users" onclick="document.cookie='qed=@$_[0]|` . md5_hex($ip . @$_[1]) . qq`;path=/;'">Log&nbsp;in</a></td></tr>`}
		else {print qq`</td><td>&nbsp;</td></tr>`}
}

$query->finish();
print qq`</table>
<script type="text/javascript">
<!--
function checkInput(evt) {
var asc = (evt.which) ? evt.which : event.keyCode
if (asc > 31 && !(asc >= 48 && asc <= 57) && !(asc >= 65 && asc <= 90) && !(asc >= 97 && asc <= 122)) return false;
return true;}
//-->
</script>
<p><input type="submit" name="admin-action" value="Grant Admin Privileges" /> 
<input type="submit" name="admin-action" value="Revoke Admin Privileges" /> 
<input type="submit" name="admin-action" value="Delete User(s)" /></p>
<br /><p>User: <input type="text" name="newuser" size="15" maxlength="10" onkeypress="return checkInput(event)" /> 
Pass: <input type="password" name="newpass" size="15" /> 
<input type="submit" name="admin-action" value="Create User" /></p>
</form>`;
}

sub admin_gui_stats {
$query = $dbh->prepare("SELECT * FROM $dtbu WHERE flags <> 2");
	$query->execute();
	my $userquery = $query->fetchall_arrayref([]);
	my @users = @$userquery;
	$query->finish();
my ($usrname,$usrquery);
if ($ENV{'QUERY_STRING'} eq "") {
	$usrname = "All Users";
	$usrquery = "1";}
else {
	$usrname = $ENV{'QUERY_STRING'};
	$usrquery = "owner = '$usrname'";}
print qq`<h1>View Stats: $usrname</h1>
<table><tr><td><table><tr style="font-weight:bold;"><td>Category&nbsp;</td>`;
print "<td>$_ &nbsp;</td>" foreach (@types);
print "</tr>";
foreach (@categories) {
	my $thiscat = $_;
	print "<tr><td>$_ &nbsp;</td>";
	foreach (@types) {
		$query = $dbh->prepare("SELECT COUNT(*) FROM $dtbq WHERE category like '%%$thiscat%%' AND type='$_' AND $usrquery");
		$query->execute();
		print "<td>" . $query->fetchrow_array() . "</td>";
		$query->finish();
	}
	print "</tr>";
}
print qq`<tr style="font-weight:bold"><td>Total:&nbsp;</td>`;
foreach (@types) {
	$query = $dbh->prepare("SELECT COUNT(*) FROM $dtbq WHERE type='$_' AND $usrquery");
	$query->execute();
	print "<td>" . $query->fetchrow_array() . "</td>";
	$query->finish();
}
print qq`</tr></table></td><td style="padding-left:3em;vertical-align:top;line-height:1.5em">
<strong>View stats for:</strong><br />
<ul><li><a href="$filename/admin-stats?">All Users</a></li>`;
print qq`<li><a href="$filename/admin-stats?@$_[0]">@$_[0]</a></li>` foreach (@users);
print qq`</ul></td></tr></table>`;

}

sub admin_gui_rounds {
if ($cgi->param("admin-action") eq "Create Set") {
	my $newuser = $dbh->quote($cgi->param("newuser"));
	$query = $dbh->do("INSERT INTO $dtbu (user, password, flags) VALUES($newuser, '0', '2')");
}

$query = $dbh->prepare("SELECT * FROM $dtbu WHERE flags='2'");
$query->execute();
my $userquery = $query->fetchall_arrayref([]);
my @users = @$userquery;

print qq`<h1>Manage Rounds</h1>
<form action="$filename/admin-rounds" method="post">
<table><tr style="font-weight:bold;"><td>Round</td><td>&nbsp;</td></tr>`;

foreach (@users) {
my $color = (@$_[0] eq $round ? ' style="background-color:#bce9bf;font-weight:bold"' : "");
print qq`<tr$color><td style="padding:1em;padding-right:4em;">@$_[0]</td><td><a href="$filename/admin-rounds" onclick="document.cookie='qed-rnd=@$_[0];path=/;';" style="text-decoration:none;font-weight:bold;color:#2e8b57">Edit</a></td></tr>`;
}
print qq`<tr><td style="padding:1em;padding-right:4em;"><em>(none)</em></td><td><a href="$filename/admin-rounds" onclick="document.cookie='qed-rnd=;path=/;';" style="text-decoration:none;font-weight:bold;color:#2e8b57">Edit</a></td></tr>`;

print qq`</table>
<p>Set Name: <input type="text" name="newuser" size="15" maxlength="10" /> <input type="submit" name="admin-action" value="Create Set" /></p>
</form>`;
}


##########################
####### Round Code #######
##########################

sub round_gui_options {
if ($cgi->param("roundoptions")) {
	if ($cgi->param("acquireids") ne "") {round_acquire(split / /, $cgi->param("acquireids"));}
	if ($cgi->param("unacquireids") ne "") {round_unacquire(split / /, $cgi->param("unacquireids"));}
}

print qq`<h1>Advanced Options for &ldquo;$round&rdquo;</h1>
<form action="$filename/round-options" method="post">
<p><strong>Mass acquire questions by ID, separated by spaces:</strong><br />
<textarea name="acquireids" cols="60" rows="5"></textarea>
</p>
<p><strong>Unacquire questions by ID, separated by spaces:</strong><br />
<textarea name="unacquireids" cols="60" rows="5"></textarea>
</p>
<input type="submit" name="roundoptions" value="Submit">
</form>
`;
}
sub round_gui_acquire {
my $querystring = $ENV{'QUERY_STRING'};
print qq`<h1>Acquire Questions for &ldquo;$round&rdquo;</h1>
<script type="text/javascript">
<!--
function count() {
var total = 0;
var boxes = document.getElementsByTagName('input');
for(var i = 0; i < boxes.length; i++) {
	if (boxes[i].className == "q") {
		if (boxes[i].checked) {
			total++;}}}
document.getElementById("questionnum").innerHTML = total;
}
//-->
</script>
<div id="questionnum" style="position:fixed;top:10px;right:10px;font-size:2.5em;background-color:#bce9bf;"></div>
<form action="$filename/round-acquire" method="get">
<p style="background-color:#e5eeff;padding:1em;margin-bottom:0">Containing exact phrase: <input type="text" name="q" size="25" />&nbsp;&nbsp;
in <select name="in"><option value="qa">questions or answers</option><option value="q">questions only</option><option value="a">answers only</option><option value="c">categories</option><option value="f">flagged questions</option></select>
<br /><br />
<select name="num"><option value="10">10 results</option><option value="25" selected="selected">25 results</option><option value="50">50 results</option><option value="100">100 results</option><option value="200">200 results</option><option value="10000">All results</option></select>
per page, ordered by 
<select name="of"><option value="0">order written</option><option value="1">type</option><option value="2">category</option><option value="3">question</option><option value="4">answer</option></select>
&nbsp; <input name="ob" type="radio" value="a" /> &darr;
<input name="ob" type="radio" value="d" checked="checked" /> &uarr; &nbsp;&nbsp;
<input type="submit" value="Update" /></p>
<p style="background-color:#f8d8dd;padding:1em;margin-top:0">By users (separated by spaces): <input type="text" name="au" size="25" />
&nbsp;&nbsp; or view all users <input type="checkbox" name="aua" value="y" checked="checked" /><br /><br />
View questions in rounds <input type="checkbox" name="ar" value="y" checked="checked" />
</p></form>`;
print qq`<form action="$filename/round-acquire?$querystring" method="post">`;
gui_search;
print qq`<input type="submit" name="acquire" value="Acquire"></form>`;
}

sub round_gui_acquire_table {
my $questionquery = shift;
my @questions = @$questionquery;
print "<td>&nbsp;</td><td>ID</td><td>Type</td><td>Category</td><td>Question</td><td>Answer</td><td>Owner</td></tr>";
foreach (@questions) {
	my $question = substr(@$_[3],0,50);	$question .= "..." if length(@$_[3]) > 50;
	my $answer = substr(@$_[4],0,50);	$answer .= "..." if length(@$_[4]) > 50;
	$question =~ s/>/&gt;/g; $question =~ s/</&lt;/g;
	print qq`<tr class="list`;
	print qq` flagged` if length(@$_[7]);
	print qq` round` if length(@$_[6]);
	print qq`"><td><input type="checkbox" onclick="count();" class="q" name="@$_[0]" value="y"`;
		print qq`checked="checked" ` if @$_[6] =~ /\|$round\-/;
	print qq`/></td><td><a href="$filename/edit=@$_[0]">@$_[0]</a></td><td><a href="$filename/edit=@$_[0]">@$_[1]</a></td><td><a href="$filename/edit=@$_[0]">@$_[2]</a></td><td><a href="$filename/edit=@$_[0]">$question</a></td><td><a href="$filename/edit=@$_[0]">$answer</a></td><td><a href="$filename/edit=@$_[0]">@$_[5]</a></td></tr>`;
}
}

sub round_acquire {
$dbh->do("UPDATE $dtbq SET round=CONCAT(round,'|$round-00/00-') WHERE (id='$_') AND NOT (round like '%%|$round-%%')") foreach (@_);
}
sub round_unacquire {
$dbh->do("UPDATE $dtbq SET round=CONCAT(MID(round,1,LOCATE('|$round-',round)-1),MID(round,LOCATE('|$round-',round)+LENGTH('$round')+8)) WHERE (id='$_') AND (round like '%%|$round-%%')") foreach (@_);
}

sub round_gui_organize {
if ($cgi->param("roundorganize") ne "") {round_organize;}

$query = $dbh->prepare("SELECT password FROM $dtbu WHERE user='$round'");
	$query->execute();
	my $roundnum = $query->fetchrow_array();
	$query->finish();
if ($cgi->param("organizeminus") ne "") {
	my $roundnumzp = ($roundnum<10 ? "0$roundnum" : "$roundnum");
	$roundnum--;
	$dbh->do("UPDATE $dtbu SET password ='$roundnum' WHERE user='$round'");
	$dbh->do("UPDATE $dtbq SET round=CONCAT(MID(round,1,LOCATE('|$round-',round)-1),'|$round-00/00-',MID(round,LOCATE('|$round-',round)+LENGTH('$round')+8)) WHERE (round like '%%|$round-$roundnumzp/%%')");
}
if ($cgi->param("organizeplus") ne "" or $roundnum == 0) {
	$roundnum++ unless $roundnum == 99;
	$dbh->do("UPDATE $dtbu SET password ='$roundnum' WHERE user='$round'")
}
$ENV{'QUERY_STRING'} =~ /^(\d{1,2})/;
my $lround = (($1 > 0 and $roundnum <= $1) ? $1 : 0);
my $lroundzp = ($lround<10 ? "0$lround" : "$lround");

print qq`<h1>Organize &ldquo;$round&rdquo; Into Packets</h1>
<form action="$filename/round-organize" method="post">
<div style="background-color:#bce9bf;padding:.5em;"><p>$round has <strong>$roundnum</strong> packet(s). 
<input type="submit" name="organizeplus" value="Add another"> &nbsp;
<input type="submit" name="organizeminus" style="font-size:.7em;background-color:#ee6897;padding:0" value="Remove last"></p>
<p style="padding-top:.5em"><input type="submit" name="roundorganize" value="Submit Changes"></p></div>
<table style="width:100%"><tr>
<td style="width:75%;vertical-align:top;">
<h2 style="color=#fff18b">&raquo; Questions in `;
print ($lround == 0 ? "Unassigned</h2>" : "Packet $lround</h2>");
$query = $dbh->prepare("SELECT * FROM $dtbq WHERE round LIKE '%%|$round-$lroundzp/%%'");
$query->execute();
my $questionquery = $query->fetchall_arrayref([]);
my @questions = @$questionquery;
print qq`<table id="questions" class="orgqs"><tr style="font-weight:bold;"><td>&nbsp;</td><td>ID</td><td>Type</td><td>Category</td><td>Answer</td><td>Owner</td></tr>`;
foreach (@questions) {
	my $answer = substr(@$_[4],0,50);	$answer .= "..." if length(@$_[4]) > 50;	
	$answer =~ s/>/&gt;/g;	$answer =~ s/</&lt;/g;
	print qq`<tr class="list"><td><input type="checkbox" name="@$_[0]" value="y" /></td>
	<td><a href="$filename/edit=@$_[0]">@$_[0]</a></td><td><a href="$filename/edit=@$_[0]">@$_[1]</a></td>
	<td><a href="$filename/edit=@$_[0]">@$_[2]</a></td>
	<td><a href="$filename/edit=@$_[0]">$answer</a></td>
	<td><a href="$filename/edit=@$_[0]">@$_[5]</a></td></tr>`;
}
print qq`</table></td><td style="vertical-align:top;"><h2>&raquo; Move to / View</h2>`;
foreach (0..$roundnum) {
	my $roundnumzp = ($_<10 ? "0$_" : "$_");
	$query = $dbh->prepare("SELECT COUNT(*) FROM $dtbq WHERE round LIKE '%%|$round-$roundnumzp/%%'");
	$query->execute();
	my $numin = $query->fetchrow_array();
	print qq`<p style="background-color:#fff18b;padding:1em .5em 1em .5em;">
	<input type="radio"` . ($_ == $lround ? qq` checked="checked" ` : " ") . qq`name="intoround" value="$_">
	<a href="$filename/round-organize?$_" class="roundlist">` . ($_ == 0 ? "Unassigned" : "Packet $_") . qq`<em>($numin)</em></a></p>`;
}
print qq`</td></tr></table></form>`;
}

sub round_organize {
my $intoround = $cgi->param("intoround");
$cgi->delete("roundorganize");
$cgi->delete("intoround");
my $intoroundzp = ($_<10 ? "0$intoround" : "$intoround");
foreach ($cgi->param()) {
	$dbh->do("UPDATE $dtbq SET round=CONCAT(MID(round,1,LOCATE('|$round-',round)-1),'|$round-$intoroundzp/00-',MID(round,LOCATE('|$round-',round)+LENGTH('$round')+8)) WHERE id like '$_' and not round like '%%|$round-$intoroundzp/%%'");
}
}
sub round_gui_order {
if ($cgi->param("roundorder") ne "") {round_order;}
$query = $dbh->prepare("SELECT password FROM $dtbu WHERE user='$round'");
	$query->execute();
	my $roundnum = $query->fetchrow_array();
	$query->finish();
$ENV{'QUERY_STRING'} =~ /^(\d{1,2})/;
my $thisround = ($1 > 0 ? $1 : 1);
my $thisroundzp = ($thisround<10 ? "0$thisround" : "$thisround");
print qq`<h1>Order Packet $thisround</h1>
<script type="text/javascript">
<!--
function checkNumber(evt) {
var asc = (evt.which) ? evt.which : event.keyCode
if ((asc < 48 || asc > 57) && asc > 31) return false;
return true;}

function giveNum(questionid) {
document.getElementById(questionid).value = document.getElementById('nextnumber').value;
document.getElementById('nextnumber').value++;
document.getElementById(questionid).focus();}
//-->
</script>
`;

print qq`<form "$filename/round-order?$thisround" method="post">
<p style="background-color:#bce9bf;padding:1em"><strong>Choose packet: `;
print qq`<a href="$filename/round-order?$_">$_</a> - ` foreach (1..$roundnum-1);
print qq`<a href="$filename/round-order?$roundnum">$roundnum</a>`;
print qq`</strong><br /><br />The next ID you click on will be assigned number: 
<input type="text" id="nextnumber" value="1" onkeypress="return checkNumber(event)" maxlength="2" size="2" /><br /><br />
<input type="submit" name="roundorder" value="Submit Changes" /></p>`;

$query = $dbh->prepare("SELECT * FROM $dtbq WHERE round LIKE '%%|$round-$thisroundzp/%%' ORDER BY MID(round,LOCATE('|$round-',round)+LENGTH('$round')+5,2) ASC");
$query->execute();
my $questionquery = $query->fetchall_arrayref([]);
my @questions = @$questionquery;
print qq`<table id="questions" class="orgqs"><tr style="font-weight:bold;"><td>#</td><td>ID</td><td>Type</td><td>Category</td><td>Answer</td><td>Owner</td></tr>`;
foreach (@questions) {
	my $answer = substr(@$_[4],0,50);	$answer .= "..." if length(@$_[4]) > 50;
	$answer =~ s/>/&gt;/g;	$answer =~ s/</&lt;/g;
	@$_[6] =~ /\|$round\-$thisroundzp\/(\d\d)\-/;
	my $thisnum = ($1 eq "00" ? "" : $1);
	$thisnum = substr($thisnum,1,1) if substr($thisnum,0,1) eq "0";
	print qq`<tr class="list">
	<td><input type="text" value="$thisnum" id="@$_[0]" name="@$_[0]" onkeypress="return checkNumber(event)" maxlength="2" size="2" /></td>
	<td style="background-color:#bce9bf"><a href="javascript:giveNum(@$_[0])">@$_[0]</a></td>
	<td><a href="$filename/edit=@$_[0]">@$_[1]</a></td>
	<td><a href="$filename/edit=@$_[0]">@$_[2]</a></td>
	<td><a href="$filename/edit=@$_[0]">$answer</a></td>
	<td><a href="$filename/edit=@$_[0]">@$_[5]</a></td></tr>`;
}
print qq`</table></form>`;
}

sub round_order {
$ENV{'QUERY_STRING'} =~ /^(\d{1,2})/;
my $thisround = ($1 > 0 ? $1 : 1);
my $thisroundzp = ($thisround<10 ? "0$thisround" : "$thisround");
$cgi->delete("roundorder");
foreach ($cgi->param()) {
	my $num = $cgi->param($_);
	$num = 0 if $num eq "";
	my $numzp = ($num<10 ? "0$num" : "$num");
	$dbh->do("UPDATE $dtbq SET round=CONCAT(MID(round,1,LOCATE('|$round-',round)+LENGTH('$round')+4),'$numzp-',MID(round,LOCATE('|$round-',round)+LENGTH('$round')+8)) WHERE id='$_'");
}
}

sub round_gui_stats {
print qq`<h1>Stats for &ldquo;$round&rdquo;</h1>`;
$query = $dbh->prepare("SELECT * FROM $dtbq WHERE round LIKE '%%|$round-%%'");
	$query->execute();
	my $questionquery = $query->fetchall_arrayref([]);
	my @questions = @$questionquery;
$query = $dbh->prepare("SELECT password FROM $dtbu WHERE user='$round'");
	$query->execute();
	my $roundnum = $query->fetchrow_array();
	$query->finish();
print qq`<p style="background-color:#bce9bf;padding:1em"><strong>View stats for:</strong>
<a href="$filename/round-stats?">Whole Set</a>, <a href="$filename/round-stats?0">Unassigned</a>, or Packet `;
print qq`<a href="$filename/round-stats?$_">$_</a> &nbsp;` foreach (1..$roundnum);
print "</p>";
my ($roundquery, $roundname);
if ($ENV{'QUERY_STRING'} eq "") {
	$roundquery = "round LIKE '%%|$round-%%'"; 
	$roundname = "Whole Set";}
else {
	$ENV{'QUERY_STRING'} =~ /^(\d{1,2})/;
	my $thisround = (($1 > 0 and $roundnum <= $1) ? $1 : 0);
	my $thisroundzp = ($thisround<10 ? "0$thisround" : "$thisround");
	$roundquery = "round LIKE '%%|$round-$thisroundzp/%%'"; 
	$roundname = ($thisround == 0 ? "Unassigned" : "Packet $thisround");
}
print qq`<h2>$roundname</h2><table><tr><td><table><tr style="font-weight:bold;"><td>Category&nbsp;</td>`;
print "<td>$_ &nbsp;</td>" foreach (@types);
print "</tr>";
foreach (@categories) {
	my $thiscat = $_;
	print "<tr><td>$_ &nbsp;</td>";
	foreach (@types) {
		$query = $dbh->prepare("SELECT COUNT(*) FROM $dtbq WHERE category like '%%$thiscat%%' AND type='$_' AND $roundquery");
		$query->execute();
		print "<td>" . $query->fetchrow_array() . "</td>";
		$query->finish();
	}
	print "</tr>";
}
print qq`<tr style="font-weight:bold"><td>Total:&nbsp;</td>`;
foreach (@types) {
	$query = $dbh->prepare("SELECT COUNT(*) FROM $dtbq WHERE type='$_' AND $roundquery");
	$query->execute();
	print "<td>" . $query->fetchrow_array() . "</td>";
	$query->finish();
}
print qq`</tr></table></td><td style="padding-left:5em;vertical-align:top;">`;
$query = $dbh->prepare("SELECT * FROM $dtbu WHERE (NOT flags='2')");
$query->execute();
my $userquery = $query->fetchall_arrayref([]);
my @userq = @$userquery;
my @users;
push @users, @$_[0] foreach @userq;
$query->finish();

print qq`<table><tr style="font-weight:bold;"><td>Author&nbsp;</td>`;
print "<td>$_ &nbsp;</td>" foreach (@types);
print "</tr>";

foreach (@users) {
	my $thisauthor = $_;
	print "<tr><td>$_&nbsp;&nbsp;</td>";	
	foreach (@types) {
		$query = $dbh->prepare("SELECT COUNT(*) FROM $dtbq WHERE type='$_' AND owner='$thisauthor' AND $roundquery");
		$query->execute();
		print "<td>" . $query->fetchrow_array() . "</td>";
		$query->finish();
	}
	print "</tr>";
}
print qq`</table></td></tr></table>`;
}

sub round_gui_output {
print "<h1>Output Packets for &ldquo;$round&rdquo;</h1>";
$query = $dbh->prepare("SELECT password FROM $dtbu WHERE user='$round'");
	$query->execute();
	my $roundnum = $query->fetchrow_array();
	$query->finish();
print qq`<p style="background-color:#bce9bf;padding:1em">Output packet: <strong>`;
print qq`<a href="$filename/output=$_">$_</a> &nbsp;` foreach (1..$roundnum);
print "</strong></p>";
}

sub round_output {
my $packet = shift;
my $packetzp = ($packet<10 ? "0$packet" : "$packet");
print qq`<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title>QED $prgm_version | Set $round, Packet $packet</title>
</head>
<body>`;

$query = $dbh->prepare("SELECT * FROM $dtbq WHERE round LIKE '%%|$round-$packetzp/%%' AND NOT (round LIKE '%%|$round-$packetzp/00-%%') ORDER BY MID(round,LOCATE('|$round-',round)+LENGTH('$round')+5,2) ASC");
$query->execute();
my $questionquery = $query->fetchall_arrayref([]);
my @questions = @$questionquery;

foreach (@questions) {
	@$_[6] =~ /\|$round\-$packetzp\/(\d\d)\-/;
	output_question($1,@$_[1],@$_[2],@$_[3],@$_[4]);
}
print qq`</body></html>`;
exit;
}


###########################
##### Misc. Functions #####
###########################

sub order_string {
my $string = shift;
my $orderstring;
if ($string =~ m/([0-9])([a-z])$/) {
$orderstring = "ORDER BY ";
if ($1 == 0) {$orderstring .= "id";}
elsif ($1 == 1) {$orderstring .= "type";}
elsif ($1 == 2) {$orderstring .= "category";}
elsif ($1 == 3) {$orderstring .= "question";}
elsif ($1 == 4) {$orderstring .= "answer";}
elsif ($1 == 5) {$orderstring .= "owner";}
if ($2 eq "d") {$orderstring .= " DESC";}
elsif ($2 eq "a") {$orderstring .= " ASC";}
}
return $orderstring;
}

sub rtrim {
my $string = shift;
$string =~ s/\s+$//;
return $string;
}
sub ceiling {
my $num = shift;
return ($num == int($num) ? $num : int($num) + 1);
}

sub parseget {
my %formdata;
my @getpairs = split(/&/,$ENV{'QUERY_STRING'});
#read (STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
#my @postpairs = split(/&/,$buffer);
#my @pairs = (@getpairs, @postpairs);

foreach (@getpairs) {
	my ($key, $value) = split /=/;
	$key =~ tr/+/ /;
	$key =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
	$value =~ tr/+/ /;
	$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
	if ($formdata{$key}) {
		$formdata{$key} .= ", $value";
	} else {
		$formdata{$key} = $value;
	}
}
return %formdata;
}

###########################
####### Output Code #######
###########################

sub output_question {
my @question = @_;

# @question[0..4] has format: position, type, category, question, answer.

#Here's some parsing that should change depending on format and taste.
#I'm simply translating markup, not checking whether it's right.

#Convert < and > and & into HTML entities.
$question[3] =~ s/>/&gt;/g; $question[3] =~ s/</&lt;/g;
$question[4] =~ s/>/&gt;/g; $question[4] =~ s/</&lt;/g;

#Determine the "pair" number. (Only for paired tossup/bonus formats.)
my $pairnumber = ceiling($question[0] / 2);

#"Answer" is plural if it's a bonus.
my $isbonus = $question[1] eq "Bonus" ? "s" : "";

#Split the category and subcategory (separated by semicolon and space).
my @category = split /: /, $question[2];

#Make [ and ] start and end italicized parentheticals in the question and answer.
#In the answer, turn off bolding when italics are on.
$question[3] =~ s/\[/<em>(/g;
$question[3] =~ s/\]/)<\/em>/g;
$question[4] =~ s/\[/<\/strong><em>(/g;
$question[4] =~ s/\]/)<\/em><strong>/g;

#Make new lines in the question into line breaks. Preface each one after the first
#with A:, B:, C:, D:, etc.
my @alphabet = qw(A B C D E);
my @qparts = split /\n/, $question[3];
$qparts[$_] = "<br />\n" . $alphabet[$_-1] . ": " . $qparts[$_] for (1..$#qparts);
$question[3] = join "", @qparts if $question[1] eq "Bonus";

#Same with the answer, but without line breaks.
my @aparts = split /\n/, $question[4];
$aparts[$_] ne "" ? $aparts[$_] = "</strong> " . $alphabet[$_] . ": <strong>" . $aparts[$_] : "" for (0..@aparts);
$question[4] = join "", @aparts if $question[1] eq "Bonus";

#If it's a bonus answer that starts with a parenthetical, put it before the A:, not after.
$question[4] =~ s/^<\/strong> A: <strong><\/strong><em>\(([\w\W]+?)\)<\/em>/<\/strong><em>\($1\)<\/em> A: /;

#Make _ and _ start and end bold underlining in the answer.
$question[4] =~ s/_([^_]+)_/<span style="text-decoration:underline">$1<\/span>/g;

#If it's a bonus and it has three or five parts, say so.
my $isnotfour;
$isnotfour = " -- Three Parts" if $question[1] eq "Bonus" && @aparts == 3;
$isnotfour = " -- Five Parts" if $question[1] eq "Bonus" && @aparts == 5;

#If it's a tossup and it's computational, say so.
my $iscomp;
if ($question[1] eq "Tossup" and $question[2] =~ / \(Comp\)/) {
$category[1] =~ s/ \(Comp\)//;
$iscomp = " -- Computational (30 Seconds)";}

print qq`
<p><strong>$question[1] $pairnumber: $category[0] ($category[1])$isnotfour$iscomp</strong><br />
$question[3]<br />
Answer${isbonus}: <strong>$question[4]</strong></p>

`;
}