Dialysekreuzfahrten ASTOR

astor-bremerhavenDie ASTOR steht für klassische Kreuzfahrttradition, nicht nur weil das Schiff ganz in weiß sehr elegant aussieht. Mit maximal 578 Passagieren gehört die ASTOR zu den eher kleinen Schiffen.

Das verspricht interessante Routen und eine persönliche Atmosphäre an Bord, zumal die Bordsprache Deutsch ist.

Dialysekreuzfahrten  ASTOR:

#!/usr/bin/perl
print "Content-type: text/html"."\n\n";


#################################################
#                                    		#
# readCSVPlus v3.0                   		#
# Copyright 2001 by Dominik Strnad   		#
# litinoveweedle@cmail.cz            		#
# http://web.redbox.cz/litinoveweedle@cmail.cz 	#
#                                    		#
# Last modified on Feb. 6, 2001      		#
#                                    		#
#################################################
#
# Copyright Notice:
# Copyright 2001 Dominik Strnad.  All Rights Reserved.
#
# This code may be used and modified by anyone so long as this header and
# copyright information remains intact.  By using this code you agree to 
# indemnify Dominik Strnad from any liability that might arise from its 
# use.  You must obtain written consent before selling or redistributing 
# this code.
#
# part of this code is used from original CSV scrits from http://ezscripting.com
# provided by Mutasem Abudahab. THX to him. LiTin'Ove Weedle 2001
#
# tested on Win9X, Sambar web server, Activestate Perl 5.6.0 build620 by LiTinOveWeedle
# tested on Linux RedHat, Apache, Perl by David Lingerak THX
#
# -------------------------------------------------------------------------
# main program body - no changes needed under this line

use CGI qw(:standard);
use locale;

$config = param('config');
if ( $config =~ /^([.\w]+)$/ ) {
    $config = $1;
    require "$config";
    &logging("config file read");
}
else { die; }

    &logging("#script readcsvplus started");
&check_cgi;
    &logging("cgi values security check");
&read_file;
    &logging("database file read");
&read_cgi;
    &logging("cgi values read, sorting and querying done");
if ( $first_rec > @file or @file == 0 ) {
    &no_record; 
    &logging("html 'no record page' was printed");
}
else {
    &print_template;
    &logging("html 'read template page' was printed");
}
 

# -------------------------------------------------------------------------
# security check data from cgi form
sub check_cgi {
    my ( $value, $name, $field );
    foreach $name ( param() ) {
	$value = param($name);
	if ( $value =~ /^([$security\w<>=]*)$/ ) {
	    $value = $1;
	    $value =~ s/$delimiter/$notdelimiter/g;
	    param($name,$value);
	}
	else { 
	    &produce_error( 4, $security ); 
	    &logging("entered bad string - possible security violation");
	    die;
        }
    }

    while ( $i < @referer ) {
	$test = $referer[$i] . url(-relative=>1);
	if ( $test eq url() ) { last; }
 	elsif ( $i + 1 >= @referer ) {
	    &produce_error( 8, url() ); 
	    &logging("URL refferer does not contain any of enabled domains");
	    die;
	}
 	else { $i++; } 
    }
}


# -------------------------------------------------------------------------
# read data from file to array
sub read_file {
    my ( $line );
    if ( not open(FILE, $csv_file_path) ) {
	&logging( "Can't open CSV database file. Please check that you have provided the correct path to your CSV database file in config file." ); 
        &produce_error( 5 ); 
	die;
    }
    if ( $file_lock ) { flock(FILE, 1); }
    @file = ();
    while ( $line =  ) {
	chomp($line);
	push(@file, $line);
    }
    close(FILE);
    @fields = split( /$delimiter/, $file[0] );
    shift( @file );
    $total = @file;
}


# -------------------------------------------------------------------------
# read data from cgi form to array
sub read_cgi {
    my ( $i, $field, $name, $sortby, $check );

# querying admin password
    if ( param('admin') eq $admin_pass ) { $admin = 1; }
    elsif ( param('admin') ne "" ) {
   	&produce_error( 11, param('admin') ); 
	&logging("!!!Bad administrator logging - possible brute force attack!!!");
	die;
    }

# querying value in all fields - wild card search
    if ( param('search') ne "" ) { &find_data2( param('search') ); }
    
# querying value in specific field
    foreach $field ( @fields ) {
	if ( param($field) ne "" or param($field) != 0 ) {
	    foreach $name ( @private ) {
		if ( $field eq $name and $admin != 1 ) {
		    &produce_error( 9, param($field) ); 
		    &logging("script was called by private field - possible security violation");
		    die;
		}
	    }
	    $check = param($field);
	    if ( $check =~ /^>{1}\d+$/ ) { $check =  substr($check, 1); &find_data1( $field, $check, 1 ); }
	    elsif ( $check =~ /^<{1}\d+$/ ) { $check = substr($check, 1); &find_data1( $field ,$check, 2 ); }
	    elsif ( $check =~ /^(=>){1}\d+$/ ) { $check = substr($check, 2); &find_data1( $field, $check, 3 ); }
	    elsif ( $check =~ /^(=<){1}\d+$/ ) { $check = substr($check, 2); &find_data1( $field, $check, 4 ); }
	    elsif ( $check =~ /^!{2}\d+$/ ) { $check = substr($check, 2); &find_data1( $field, $check, 5 ); }
	    elsif ( $check =~ /^(!'){1}\S+'{1}$/ ) { $check =  substr($check, 2, -1); &find_data1( $field, $check, 6 ); } 
	    elsif ( $check =~ /^!{1}\S+$/ ) { $check =  substr($check, 1); &find_data1( $field, $check, 7 ); }
	    elsif ( $check =~ /^'{1}\S+'{1}$/ ) { $check = substr($check, 1, -1); &find_data1( $field, $check, 8 ); }
	    else { &find_data1( $field, $check, 9 ); }
	}
    } 

# checking value of "new" parameter
    if ( param('new') =~ /^[on]{1}$/i ) { &newold_data( param('new') ); }
    elsif ( param('new') != 0 ) {
    	&produce_error( 9, param('new') ); 
	&logging("script was called with bad new /old operator - possible security violation");
	die;
    }

# sorting by field
    if ( param('sort_a') and param('sort_d') ) {
    	&produce_error( 9, "both sort operator used" ); 
	&logging("script was called with bad sorting operator - possible security violation");
	die;
    }
    elsif ( not( param('sort_a') ) and param('sort_d') ) {
	$sortby = param('sort_d');
	$i = 0;
	foreach $field ( @fields ) {
	    if ( $sortby eq $field ) { $i = 1; }
	}
        foreach $name ( @private ) {
	    if ( $sortby eq $name and $admin != 1 ) { $i = 0; }
        }
        if ( $i == 0 ) {
	    &produce_error( 9, param('sort_d') ); 
	    &logging("script was called with bad sorting operator - possible security violation");
	    die;
	}
	&sort_data( $sortby, 0 );
    }
    elsif ( param('sort_a') and not( param('sort_d') ) ) {
	$sortby = param('sort_a');
	$i = 0;
	foreach $field ( @fields ) {
	    if ( $sortby eq $field ) { $i = 1; }
	}
        foreach $name ( @private ) {
	    if ( $sortby eq $name and $admin != 1 ) { $i = 0; }
        }
        if ( $i == 0 ) {
	    &produce_error( 9, param('sort_d') ); 
	    &logging("script was called with bad sorting operator - possible security violation");
	    die;
	}
	&sort_data( $sortby, 1 );
    }
    
# randomizing record in array
    if ( param('random') == 1 ) { &randomsort_data; }
    elsif ( param('random') != 0 ) {
	&produce_error( 9, param('random') ); 
	&logging("script was called with bad randomize operator - possible security violation");
	die;
    }

# customizing number of matches
    if ( $max_matches == 0 or $max_matches > @file ) { $max_matches = @file; }
    if ( param('matches') =~ /^\d+$/ or param('matches') eq "" ) {
	if ( param('matches') > $max_matches ) { $matches = $max_matches; }
	else { $matches = param('matches'); }
    }
    elsif ( param('matches') eq "random" ) { 
	srand;
	$matches = int(rand($max_matches));
    }
    else {
	&produce_error( 9, param('matches') ); 
	&logging("script was called with bad matches operator - possible security violation");
	die;
    }

# show next page of results
    unless ( param('page') =~ /^\d+$/ or param('page') eq "" ) { 
	&produce_error( 9, param('page') ); 
	&logging("script was called with bad page operator - possible security violation");
	die;
    }

#counting first and last record which will been dispalyied
    $first_rec = $matches * param('page');
    $last_rec = $matches * param('page') - 1 + $matches;
    if ( $last_rec >= @file or $last_rec < 0 ) { $last_rec = @file - 1; }
}


# -------------------------------------------------------------------------
# sorting data in array
sub sort_data {
    my ( $i, $sortby, $order, $name, $line, @temp  );
    $sortby = @_[0];
    $order = @_[1];
    @temp = ();
    @temp = @file;
    @file = ();

    foreach $name ( @numeric ) {
	if ( $name eq $sortby ) {
	    for ( $sortindex=0; $sortindex<@fields; $sortindex++ ) {
		if ( $fields[$sortindex] eq $sortby ) {
		    foreach $line ( sort sorting_numeric @temp ) {
			push ( @file, $line );
		    }
		}
	    }
	if ( $order == 1 ) { @file = reverse ( @file ); }
	return;
	}
    }
    for ( $sortindex=0; $sortindex<@fields; $sortindex++ ) {
	if ( $fields[$sortindex] eq $sortby ) {
	    foreach $line ( sort sorting_chars @temp ) {
		push ( @file, $line );
	    }
	}
    }
    if ( $order == 1 ) { @file = reverse ( @file ); }
}


# -------------------------------------------------------------------------
# sorting procedure - numeric
sub sorting_numeric {
    my ( @temp1, @temp2 );
    @temp1 = split( /$delimiter/, $a );
    @temp2 = split( /$delimiter/, $b );
    if ( $numeric_format == 1 ) {
	$temp1[$sortindex] =~ s/.//isg;
	$temp2[$sortindex] =~ s/.//isg;
	$temp1[$sortindex] =~ s/,/./;
	$temp2[$sortindex] =~ s/,/./;
    }
    elsif ( $numeric_format == 2 ) {
    	$temp1[$sortindex] =~ s/,//isg;
	$temp2[$sortindex] =~ s/,//isg;
    }
    else {
	&produce_error( 5 ); 
	&logging("numeric_format value in config file is out of range");
	die;
    }
    return ( $temp2[$sortindex] <=> $temp1[$sortindex] );
}


# -------------------------------------------------------------------------
# sorting procedure - chars
sub sorting_chars {
    my ( @temp1, @temp2 );
    @temp1 = split( /$delimiter/, $a );
    @temp2 = split( /$delimiter/, $b );
    if ( $temp1[$sortindex] lt $temp2[$sortindex] ) { return 1; }
    elsif ( $temp1[$sortindex] gt $temp2[$sortindex] ) { return -1; }
    else { return 0; }
}


# -------------------------------------------------------------------------
# random sort data in array
sub randomsort_data {
    my ( $i, $temp, @temp );
    @temp = ();
    @temp = @file;
    @file = ();

    srand;
    while ( @temp > 0 ) {
	$i = int( rand(@temp) );
	$temp = splice( @temp, $i, 1 );
	push( @file, $temp );
    }
}


# -------------------------------------------------------------------------
# search in array for asked data in defined fiels and delete useless record
sub find_data1 {
    my ( $i, $field, $find, $line, $name, @fields1, @temp );
    $field = @_[0];
    $find = @_[1];
    $how = @_[2];
    @temp = ();
    @temp = @file;
    @file = ();

    for ( $i=0; $i<@fields; $i++ ) {
	if ( $fields[$i] eq $field ) {
	    foreach $line ( @temp ) {
		@fields1 = split( /$delimiter/, $line );
		if ( $how == 1 and ( $fields1[$i] > $find ) ) { push( @file, $line ); }
		elsif ( $how == 2 and ( $fields1[$i] < $find ) ) { push( @file, $line ); }
		elsif ( $how == 3 and ( $fields1[$i] >= $find ) ) { push( @file, $line ); }
		elsif ( $how == 4 and ( $fields1[$i] <= $find ) ) { push( @file, $line ); }
		elsif ( $how == 5 and ( $fields1[$i] != $find ) ) { push( @file, $line ); }
		elsif ( $how == 6 and ( $fields1[$i] !~ /^($find){1}$/i ) ) { push( @file, $line ); }
  		elsif ( $how == 7 and ( $fields1[$i] !~ /$find/i ) ) { push( @file, $line ); }
		elsif ( $how == 8 and ( $fields1[$i] =~ /^($find){1}$/i ) ) { push( @file, $line ); }
		elsif ( $how == 9 and ( $fields1[$i] =~ /$find/i ) ) { push( @file, $line ); }
	    }
	}
    }
}


# -------------------------------------------------------------------------
# search whole array for asked data and delete useless record
sub find_data2 {
    my ( $i, $j, $find, $name, $line, @temp, @fields1 );
    $find = @_[0];
    @temp = ();
    @temp = @file;
    @file = ();
    foreach $line ( @temp ) {
	@fields1 = split( /$delimiter/, $line ); 
	for ( $i=0; $i<@fields; $i++ ) {
	    $j = 0;
     	    if ( $admin != 1 ) {
		foreach $name ( @private ) {
		    if ( $fields[$i] eq $name ) { $j = 1; }
		}
            }
	    if ( $j == 0 and $fields1[$i] =~ /$find/i ) { 
		push( @file, $line );
		$i = @fields;
	    }
        }
    }    
}

# -------------------------------------------------------------------------
# search for asked "new" or "old" records and delete useless ones
sub newold_data {
    my ( $i, $how, $line, @fields1, @temp );
    $how = lc(@_[0]);
    @temp = ();
    @temp = @file;
    @file = ();

    for ( $i=0; $i<@fields; $i++ ) {
	if ( $fields[$i] eq "_index" ) {
	    foreach $line ( @temp ) {
		@fields1 = split( /$delimiter/, $line );
  		if ( ($new_compare_dat * 86400 + $fields1[$i]) > time and $how eq "n" ) { push( @file, $line ); } 
		elsif ( ($new_compare_dat * 86400 + $fields1[$i]) < time and $how eq "o" ) { push( @file, $line ); }
	    }
	}
    }
} 


# -------------------------------------------------------------------------
# logging
sub logging {
    my ( @time, $i );
    if ( $log ne "" ) {
        if ( not open(LOG, ">>".$log_file_path) ) {
            &produce_error( 7 ); 
            die;
            }
        @time = localtime(time);
        $time[4] = $time[4] + 1;
        $time[5] = $time[5] + 1900;
	for ( $i=0; $i<@time; $i++ ) {
	    if ( $time[$i] < 10 ) { $time[$i] = "0" . $time[$i]; }
	}
        if ( $file_lock ) { flock(LOG, 2); }
        print LOG "$time[3]. $time[4]. $time[2]:$time[1]:$time[0]  \t @_ \r\n";
        close(LOG);
    }
}


# -------------------------------------------------------------------------
# generate html page
sub print_template {
    my ( $i, $j, $k, $html, $field, $upper, $template, $html_template_path, $footer, $temp, $temp1, $temp2, $backup, $time, $rec, $name, @html, @fields1, @time );
    if ( param('template') =~ /^\d+$/ and $html_template_path[param('template')] ne "" ) { $html_template_path = $html_template_path[param('template')]; }
    else { $html_template_path = $html_template_path[0]; }
              
    if ( open(HTML,$html_template_path) ){
	if ( $file_lock ) { flock(HTML, 1); }
	@html=;
	close(HTML);
	}
    else {
	&logging( "Can't open html read template file. Please check that you have provided the correct path to your your html ok_page file in config file." ); 
	&produce_error( 5 );
	die;
    }

    $html = join( "", @html );
    unless ( $html =~ /(.*)