#!/usr/local/bin/perl
use Fcntl ':flock';
use call;
##############################################################################
# WWWBoard Version 2.0 ALPHA 2.1 #
# Copyright 1996 Matt Wright mattw@worldwidemart.com #
# Created 10/21/95 Last Modified 11/25/95 #
# Security Patches/Bug Fixes: January 07, 2000 #
# Scripts Archive at: http://www.worldwidemart.com/scripts/ #
##############################################################################
# COPYRIGHT NOTICE #
# Copyright 1996 Matthew M. Wright All Rights Reserved. #
# #
# WWWBoard may be used and modified free of charge by anyone so long as #
# this copyright notice and the comments above remain intact. By using this #
# code you agree to indemnify Matthew M. Wright from any liability that #
# might arise from it's use. #
# #
# Selling the code for this program without prior written consent is #
# expressly forbidden. In other words, please ask first before you try and #
# make money off of my program. #
# #
# Obtain permission before redistributing this software over the Internet or #
# in any other medium. In all cases copyright and header must remain intact.#
##############################################################################
# Define Variables
$basedir = "../../pz";
$cgi_url = "wwwboard.cgi";
$mesgdir = "messages";
$datafile = "data.txt";
$mesgfile = $cgi_url."?show=";
$faqfile = $cgi_url."?html=faq";
$ext = "htm";
$title = "Конференц-зал";
$time_plus = 11;
# Done
print "Content-type: text/html\n\n";
$code='';
if ($ENV{'QUERY_STRING'}=~/code=([a-zA-Z0-9\-]+)/i) {
$code=&call::SessionVerify($1); }
if ($ENV{'QUERY_STRING'}=~/delete=/i) {
&call::SessionDelete($code);
print "\n
\n\n";
print "Выход\n\\n\n";
print "Спасибо за ";
print "использование конференц-зала.
\n";
print "Вход в конференц-зал.\n";
exit (0); }
if ($ENV{'QUERY_STRING'}=~/auto=/i) {
$login=''; $password='';
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs=split(/&/, $buffer);
foreach $pair (@pairs) {
($name,$value)=split(/=/,$pair);
$login=$value if $name eq 'login';
$password=$value if $name eq 'password'; }
open (F,"<$basedir/users.txt") || &call::Error("wwwboard.cgi: Cannot open file '$basedir/users.txt' - $!");
flock(F,LOCK_EX);
if (($login ne '') && ($password ne '')) {
$t=$login.":".$password; $c=1;
while (($str=) && ($c)) {
$str=~s/\r//; $str=~s/\n//;
$c=0 if $str eq $t; }
close(F);
$code=&call::SessionNew('') if $c==0; } }
if ($code eq "") {
&call::AutoHTML();
exit(0); }
if ($ENV{'QUERY_STRING'}=~/show=|auto=/i) {
open (F,"<$basedir/wwwboard.htm") || &call::Error("wwwboard.cgi: Cannot open file '$basedir/wwwboard.htm' - $!");
flock(F,LOCK_EX);
while ($buffer=) {
$buffer=~s/code=\*CODE\*\">/code=$code\">/g; print $buffer; }
exit (0); }
if ($ENV{'QUERY_STRING'}=~/html=(\d+.htm)/i) {
open (F,"<$basedir/messages/$1") || &call::Error("wwwboard.cgi: Cannot open file '$basedir/messages/$1' - $!");
flock(F,LOCK_EX);
while ($buffer=) {
$buffer=~s/code=\*CODE\*\">/code=$code\">/g; print $buffer; }
exit (0); }
if ($ENV{'QUERY_STRING'}=~/html=faq/i) {
open (F,"<$basedir/faq.htm") || &call::Error("wwwboard.cgi: Cannot open file '$basedir/faq.htm' - $!");
while ($buffer=) {
$buffer=~s/code=\*CODE\*\">/code=$code\">/g; print $buffer; }
exit (0); }
###########################################################################
###########################################################################
# Configure Options
$show_faq = 1; # 1 - YES; 0 = NO
$allow_html = 1; # 1 = YES; 0 = NO
$quote_text = 1; # 1 = YES; 0 = NO
$subject_line = 0; # 0 = Quote Subject Editable; 1 = Quote Subject
# UnEditable; 2 = Don't Quote Subject, Editable.
$use_time = 1; # 1 = YES; 0 = NO
$show_poster_ip = 1; # 1 = Show the IP of every poster; 0 = Don't
$enforce_max_len = 0; # 2 = YES, error; 1 = YES, truncate; 0 = NO
%max_len = ('name', 50,
'email', 70,
'subject', 80,
'url', 150,
'url_title', 80,
'img', 150,
'body', 3000,
'origsubject', 80,
'origname', 50,
'origemail', 70,
'origdate', 50);
# Done
###########################################################################
# Get the Data Number
&get_number;
# Get Form Information
&parse_form;
# Put items into nice variables
&get_variables;
# Open the new file and write information to it.
&new_file;
# Open the Main WWWBoard File to add link
&main_page;
# Now Add Thread to Individual Pages
if ($num_followups >= 1) {
&thread_pages;
}
# Return the user HTML
&return_html;
# Increment Number
###&increment_num;
############################
# Get Data Number Subroutine
sub get_number {
open(NUMBER,"+<$basedir/$datafile") || &call::Error("wwwboard.cgi: Cannot open file '$basedir/$datafile' - $!");
flock (NUMBER,LOCK_EX);
$num = ;
### close(NUMBER);
if ($num == 999999 || $num !~ /^\d+$/) {
$num = "1";
}
else {
$num++;
}
seek(NUMBER,SEEK_SET,0);
print NUMBER $num;
close(NUMBER);
}
#######################
# Parse Form Subroutine
sub parse_form {
local($name,$value);
# Get the input
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
# Split the name-value pairs
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
# Un-Webify plus signs and %-encoding
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
# Remove any NULL characters, Server Side Includes
$value =~ s/\0//g;
$value =~ s///g;
if ($allow_html != 1) {
$value =~ s/<([^>]|\n)*>//g;
}
else {
unless ($name eq 'body') {
$value =~ s/<([^>]|\n)*>//g;
}
}
$FORM{$name} = $value;
}
# Make sure that message fields do not exceed allowed value
if ($enforce_max_len) {
foreach $name (keys %max_len) {
if (length($FORM{$name}) > $max_len{$name}) {
if ($enforce_max_len == 2) { &error('field_size'); }
else { $FORM{$name} = sprintf("%.$max_len{$name}s",$FORM{$name}); }
}
}
}
}
###############
# Get Variables
sub get_variables {
if ($FORM{'followup'}) {
$followup = "1";
@followup_num = split(/,/,$FORM{'followup'});
$last_message=@followup_num[$#followup_num];
# Changes based in part on information contained in BugTraq archives
# message 'WWWBoard Vulnerability' posted by Samuel Sparling Nov-09-1998.
# Also requires that each followup number is in fact a number, to
# prevent message clobbering.
local(%fcheck);
foreach $fn (@followup_num) {
if ($fn !~ /^\d+$/ || $fcheck{$fn}) { &error('followup_data'); }
$fcheck{$fn} = 1;
}
@followup_num = keys %fcheck;
$num_followups = @followup_num;
$origdate = "$FORM{'origdate'}";
$origname = "$FORM{'origname'}";
$origsubject = "$FORM{'origsubject'}";
}
else {
$followup = "0";
}
if ($FORM{'name'}) {
$name = "$FORM{'name'}";
$name =~ s/"//g;
$name =~ s//g;
$name =~ s/>//g;
$name =~ s/\&//g;
}
else {
&error(no_name);
}
if ($FORM{'email'} =~ /.*\@.*\..*/) {
$email = "$FORM{'email'}";
}
if ($FORM{'subject'}) {
$subject = "$FORM{'subject'}";
$subject =~ s/\&/\&\;/g;
$subject =~ s/"/\"\;/g;
}
else {
&error(no_subject);
}
if ($FORM{'url'} =~ /.*\:.*\..*/ && $FORM{'url_title'}) {
$message_url = "$FORM{'url'}";
$message_url_title = "$FORM{'url_title'}";
}
if ($FORM{'img'} =~ /.*tp:\/\/.*\..*/) {
$message_img = "$FORM{'img'}";
}
if ($FORM{'body'}) {
$body = "$FORM{'body'}";
$body =~ s/\cM//g;
$body =~ s/\n\n//g;
$body =~ s/\n/
/g;
$body =~ s/<//g;
$body =~ s/"/"/g;
}
else {
&error(no_body);
}
if ($quote_text == 1) {
$hidden_body = "$body";
$hidden_body =~ s/</g;
$hidden_body =~ s/>/>/g;
$hidden_body =~ s/"/"/g;
}
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time+3600*$time_plus);
$month = ($mon + 1);
@months = ("January","February","March","April","May","June","July","August","September","October","November","December");
$year += 1900;
$long_date = sprintf("%s %02d, %4d at %02d:%02d:%02d",$months[$mon],$mday,$year,$hour,$min,$sec);
$year %= 100;
if ($use_time == 1) {
$date = sprintf("%02d:%02d:%02d %02d/%02d/%02d",$hour,$min,$sec,$month,$mday,$year);
}
else {
$date = sprintf("%02d/%02d/%02d",$month,$mday,$year);
}
}
#####################
# New File Subroutine
sub new_file {
open(NEWFILE,">$basedir/$mesgdir/$num\.$ext") || &call::Error("board.pl: Cannot open file '$basedir/$mesgdir/$num\.$ext' - $!");
print NEWFILE "\n";
print NEWFILE "
\n";
print NEWFILE " \n";
print NEWFILE " $subject\n";
print NEWFILE " \n";
print NEWFILE " \n";
print NEWFILE " \n";
print NEWFILE " $subject
\n";
print NEWFILE " \n";
print NEWFILE "
\n";
if ($show_faq == 1) {
print NEWFILE "[ Follow Ups ] [ Post Followup ] [ $title ] [ FAQ ] [ Выход ]\n";
}
else {
print NEWFILE "[ Follow Ups ] [ Post Followup ] [ $title ] [ Выход ]\n";
}
print NEWFILE "
\n";
print NEWFILE "Posted by ";
if ($email) {
print NEWFILE "$name ";
}
else {
print NEWFILE "$name \n";
}
if ($show_poster_ip) { print NEWFILE "($ENV{'REMOTE_ADDR'}) "; }
print NEWFILE "on $long_date:
\n";
if ($followup == 1) {
print NEWFILE "In Reply to: $origsubject posted by ";
if ($origemail) {
print NEWFILE "$origname on $origdate:
\n";
}
else {
print NEWFILE "$origname on $origdate:
\n";
}
}
if ($message_img) {
print NEWFILE "
\n";
}
print NEWFILE "$body\n";
print NEWFILE "
\n";
if ($message_url) {
print NEWFILE "
\n";
}
print NEWFILE "
\n";
print NEWFILE "Follow Ups:
\n";
print NEWFILE "
\n";
print NEWFILE "
\n";
print NEWFILE "Post a Followup
\n";
print NEWFILE "