#!/usr/bin/perl -w

# Copyright (C) 2003 Robert Gorlitsky

# This script is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.

# This script is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.

# You should have received a copy of the GNU General Public
# License along with this script; if not, write to the Free
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

use CGI(':standard', '-nph');
use File::Basename;

# this is used as the default redirection target
my $mydir = dirname(self_url);
# store the name of this script for later use in regex comparisons
my $script_name = script_name;

# this cookie is used so the script can do a redirect the second time
# it's called instead of logging the user out again
my $cookie_name = '__JUST_LOGGED_OUT__';
# this cookie is used to hold the referer since IE doesn't always give
# a referer
my $referer_cookie = '__LOGOUT_REFERER__';

# get the referer from the environemnt or from the cookie if need be
my $referer = referer;
$referer = cookie($referer_cookie) unless defined($referer);
$referer = '' unless defined($referer);

# where to redirect when the user has just logged out and they choose
# not to log back in
my $redir = param('redir');
# redirect to the directory this script is in by default
$redir = $mydir unless defined($redir);

# this is where we go if the user immediately re-authenticates
my $reAuthRedir = param('reAuthRedir');
$reAuthRedir = $mydir unless defined($reAuthRedir);

# read the relm name from the .htaccess file; feel free
# to change the way this works to suit your application
open(HT, '.htaccess');
my ($relm) = map({/\"(.*)\"/; $1} grep(/AuthName/, <HT>));
close(HT);

my $self_url = self_url;
my $creds = remote_user . ':logout';
$self_url =~ s{://}{://$creds\@};

# This happens the first time this script is run after the user has hit a
# logout button.  What this does for us is it makes it clear that the script
# has been run once.  This allows the script to know if the user is logging
# out or if the user has re-authenticated and is really loggin back in.
if ($referer !~ /$script_name/) {
	 # set a cookie and redirect to ourself
	 print header(-cookie=>[cookie(-name=>$cookie_name,
											 -value=>1),
									cookie(-name=>'__LOGOUT_REFERER__',
											 -value=>$self_url)]);
	 print start_html,
	 "<script>location.replace('".$self_url."')</script>",
	 end_html;
} else {
	 # if the cookie is set and we're coming from ourselves, then the user
	 # just logged out and we should kill the auth
	 if ($referer =~ /$script_name/ &&
		  defined(cookie($cookie_name)) &&
		  cookie($cookie_name) eq '1')
	 {
 		  print header(-status=>'401 Unauthorized',
							'-WWW-authenticate'=>"basic realm=$relm",
 							-cookie=>[cookie(-name=>$cookie_name,
 												  -value=>0),
 										 cookie(-name=>'__LOGOUT_REFERER__',
 												  -value=>$self_url)]);

		  # output a little redirection javascript so if we hit cancel on the
		  # password box, we don't end up in an endless loop of asking to login
		  print start_html, "<script>location='$redir'</script>", end_html;
	 }
	 # otherwise, the user just re-authenticated and we should send
	 # them on to your application
	 else {
		  print redirect($reAuthRedir);
#		  print header;
#		  print start_html, "<script>location='$reAuthRedir'</script>", end_html;
	 }
}