#Discus board administration script (board-admin)
#-------------------------------------------------------------------------------
#This script is copyright (c) 1997-98 by Kevin W. Paulisse and William F. Polik,
#all rights reserved.  You may not modify or delete this copyright header.
#The use of this product is subject to a license agreement.  Contact Kevin
#Paulisse (paulisse@mulliken.chem.hope.edu) for further information.
#-------------------------------------------------------------------------------

# If you are getting an "unexplained error" when trying to do something,
# you can turn on the diagnostic mode to check what variables are being
# passed.  Do this by setting $diagnostic = 1.

$diagnostic = 1;

#-------------------------------------------------------------------------------

open (FILE, "$discus_conf");
@file = <FILE>;
close (FILE);
$evals = "";
foreach $line (@file) {
	if ($line =~ /^(\w+)=(.*)/) {
		$varname = $1;
		$value = $2;
		$value =~ s/'/\\'/g;
		$evals .= "\$$varname='$value'; ";
	}
}
eval($evals);
require "$admin_dir/source/src-board-subs-common";

&parse_form;
&read_cookie;

if ($ENV{'HTTP_REFERER'} =~ /\.$cgi_extension/i) {
	$_ = $FORM{'HTTP_REFERER'};
	s/#(.*)//g;
} else {
	$_ = $ENV{'HTTP_REFERER'};
	s/#(.*)//g;
}
&extract ($_) if $_ ne "";

#############################################################################
# BOARD MANAGER FUNCTIONS
#############################################################################

if ($FORM{'action'} eq 'Add_Topic') {
	&error_message('Permissions Error', 'Only the superuser may access the "Add New Topic" functionality!') if $FORM{'username'} ne "$superuser";
	&check_passwd;
	($new_topic) = &ex('webtags',$FORM{'topic'},3);
	$group = $FORM{'group'};
	$group =~ tr/A-Z/a-z/;
	$group =~ s/\W//g;
	&error_message('Group Specification Error', 'You did not specify a valid group!') if $group eq "";
	&ex('add_topic', $new_topic, $group);
	&ex('board_manager', $FORM{"username"}); exit(0);
	exit(0);
}

if ($FORM{'action'} eq 'board_toppage') {
	&error_message('Permissions Error', 'Only the superuser may access this functionality!') if $FORM{'username'} ne "$superuser";
	&check_passwd;
	if ($FORM{'Bold'}) { $boldon = 1; } else { $boldon = 0; }
	if ($FORM{'Group'}) { $groupon = 1; } else { $groupon = 0; }
	if ($FORM{'Date'}) { $dateon = 1; } else { $dateon = 0; }
	&ex('change_board_toppage', $boldon, $groupon, $dateon);
	&ex('board_manager', $FORM{"username"}); exit(0);
}
if ($FORM{'action'} eq 'topics') {
	if ($FORM{'SELECTION'} =~ /delete(\w+)/) {
		$todo = $1;
		&error_message('Permissions Error', 'Only the superuser may access this functionality!') if $FORM{'username'} ne "$superuser";
		&check_passwd;
		if ($todo ne "all") {
			$todo =~ s/\D//g;
			if ($todo != 0) {
				&ex('remove_topic', $todo);
			}
		} else {
			@mark = split(/,/, $FORM{'MARK'});
			foreach $num (@mark) {
				$num =~ s/\D//g;
				&ex('remove_topic', $num) if $num != 0;
			}
		}
		&ex('board_manager', $FORM{"username"}); exit(0);
		exit(0);
	} elsif ($FORM{'SELECTION'} =~ /properties(\d+)/) {
		$todo = $1;
		&error_message('Permissions Error', 'Only the superuser may access this functionality!') if $FORM{'username'} ne "$superuser";
		&check_passwd;
		&extract ("//$todo/$todo.$ext");
		&ex('rename_topic_form', $topic_name,$todo,$FORM{"username"});
		exit(0);
	} elsif ($FORM{'SELECTION'} =~ /group(\w+)/) {
		$todo = $1;
		&error_message('Permissions Error', 'Only the superuser may access this functionality!') if $FORM{'username'} ne "$superuser";
		&check_passwd;
		if ($todo ne "all") {
			$todo =~ s/[^\d,]//g;
			if ($todo != 0) {
				&ex('change_topic_group_form', $todo, $FORM{"username"});
			}
		} else {
			&ex('change_topic_group_form', $FORM{'MARK'},$FORM{"username"});
		}
		&ex('board_manager', $FORM{"username"}); exit(0);
	} elsif ($FORM{'SELECTION'} =~ /reorderall/) {
		undef @data;
		undef @datakeys;
		foreach $key (keys(%FORM)) {
			if ($key =~ m|^ORDER(\d+)|) {
				push (@data, $1);
				push (@dataval, $FORM{$key});
			}
		}
		@array = @data[sort {$dataval[$a] <=> $dataval[$b]} $[..$#data];
		$arraystr = join(":", @array);
		&ex('reorder_topics', $arraystr);
		&ex('board_manager', $FORM{"username"}); exit(0);
	}
}

if ($FORM{'action'} eq 'rename_a_topic') {
	&error_message('Permissions Error', 'Only the superuser may access the "Rename Topic" functionality!') if $FORM{'username'} ne "$superuser";
	&check_passwd;
	($newname) = &ex('webtags', $FORM{"newname"},3);
	$newname = &remove_links($newname);
	&error_message("Rename Error", "You didn't specify a new topic name!") if $newname eq "";
	&error_message("Formatting Error", "The following formatting error was returned:<BR><BR>$newname<BR><BR>") if $newname =~ /<H3>FORMATTING/i;
	$topic = $FORM{'topic'};
	$topic =~ s/\D//g;
	&error_message("Rename Error", "You didn't specify a valid initial topic!") if $topic == 0;
	&ex('rename_topic', $topic,$newname);
	&ex('board_manager', $FORM{"username"}); exit(0);
	exit(0);
}

if ($FORM{'action'} eq 'main_message') {
	&error_message('Permissions Error', 'Only the superuser may change the main message!') if $FORM{'username'} ne "$superuser";
	&check_passwd;
	if ($FORM{'submit'} !~ /Preview/) {
		$message = $FORM{'message'};
		($message_in) = &ex('webtags', $message,1);
		$FORM{'submit'} = "Preview" if $message_in =~ /<H3>FORMATTING/;
	}
	if ($FORM{'submit'} !~ "Preview") {
		$source = &escape($message);
		&ex('change_main_message', $message_in, $source);
		&ex('board_manager', $FORM{"username"}); exit(0);
	} else {
		($message_in) = &ex('webtags', $FORM{"message"},1);
		$FORM{'message'} =~ s/</&lt;/g;
		$FORM{'message'} =~ s/>/&gt;/g;
		$FORM{'message'} =~ s/&/&amp;/g;
		$FORM{'message'} =~ s/"/&quot;/g;
		&ex('preview_admin_message', $FORM{"message"}, $message_in, $FORM{'username'}, "", "main_message", "Main Message");
		exit(0);
	}
}

if ($FORM{'action'} eq 'change_topic_group') {
	&error_message('Permissions Error', "Only the superuser may change a topic's group!") if $FORM{'username'} ne "$superuser";
	&check_passwd;
	$group = $FORM{'group'}; $group =~ tr/A-Z/a-z/; $group =~ s/\W//g;
	&error_message('Group Specification Error', 'You did not specify a valid group!') if $group eq "";
	$topic = $FORM{'topics'}; $topic =~ s/[^\d,]//g;
	&error_message("Invalid Topic", "Topic selected is not valid.") if $topic eq "";
	@topics = split(/,/, $topic);
	foreach $line (@topics) {
		$line =~ s/\D//g;
		&ex('change_topic_group', $line, $group);
	}
	&ex('board_manager', $FORM{"username"}); exit(0);
}

if ($FORM{'action'} eq "board_appearance") {
	&error_message('Permissions Error', 'Only the superuser may change the board appearance!') if $FORM{'username'} ne "$superuser";
	&check_passwd;
	$FORM{'bgcolor'} =~ s/\W//g;
	$FORM{'text'} =~ s/\W//g;
	$FORM{'link'} =~ s/\W//g;
	$FORM{'vlink'} =~ s/\W//g;
	$FORM{'alink'} =~ s/\W//g;
	$FORM{'size'} =~ s/\D//g;
	$FORM{'face'} =~ s/[^\w\s,]//g;
	$FORM{'image'} =~ s/[<>"&'\[\];]//g;
	if ($FORM{'submit'} =~ /Preview/) {
		&ex('preview_board_colors', $FORM{"bgcolor"}, $FORM{"text"}, $FORM{"link"}, $FORM{"vlink"}, $FORM{"alink"}, $FORM{"face"}, $FORM{"size"}, $FORM{"username"}, $FORM{"image"});
		exit(0);
	} else {
		&ex('change_board_colors', $FORM{"bgcolor"}, $FORM{"text"}, $FORM{"link"}, $FORM{"vlink"}, $FORM{"alink"}, $FORM{"face"}, $FORM{"size"}, $FORM{"image"});
		&ex('board_manager', $FORM{"username"}); exit(0);
	}
}

###########################################################################
# PAGE MANAGER FUNCTIONS
###########################################################################

if ($FORM{'action'} eq 'add_subtopic') {
	&check_passwd;
	&extract ($FORM{'HTTP_REFERER'});
	&verify_owner($owner,$FORM{'username'});
	&error_message("Add Subtopic Error", "You did not specify a title for the new subtopic!") if $FORM{'subtopic'} eq "";
	($newtitle) = &ex("webtags", $FORM{'subtopic'},3);
	&error_message("Add Subtopic Error", "Formatting tags returned the following error: <P>$newtitle") if $newtitle =~ /<H3>Formatting/i;
	$param = "Sublist" if $FORM{'pagetype'} eq "privateindex";
	$param = "SublistCreate" if $FORM{'pagetype'} eq "publicindex";
	$param = "MessagesAdd" if $FORM{'pagetype'} eq "message";
	$target = "Main" if $FORM{'linktype'} eq "rightframe";
	$target = "_top" if $FORM{'linktype'} eq "top";
	$target = "_blank" if $FORM{'linktype'} eq "new";
	$param = "LINK" if $FORM{'type'} eq "link";
	if ($param eq "LINK") {
		$url = $FORM{'url'};
		&error_message('Add Subtopic Error', "The URL you specified was not valid") if $FORM{'url'} eq "";
	}
	($newnum_number) = &ex("add_page", $newtitle,$param,$url,$target);
	($dt) = &ex("get_date_time", "short");
	($ts) = &ex("get_date_time", "long");
	$ts =~ s/\W//g;
	&ex("update_time", $topic_number, $newnum_number, $me_number, $ts, $dt);
	$append = "?username=$FORM{'username'}";
	&ex("page_mgr_2", $FORM{"HTTP_REFERER"},$FORM{"username"});
	exit(0);
}

if ($FORM{'action'} eq "subtopics") {
	&check_passwd;
	&extract($FORM{'HTTP_REFERER'});
	&verify_owner($owner, $FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to edit this topic!");
	if ($FORM{'SELECTION'} =~ /^delete(\w+)/) {
		$todo = $1;
		if ($todo eq "all") {
			$todo = $FORM{'MARK'};
		}
		&ex("remove_page", $topic_number, $me_number, $todo);
		&ex("page_mgr_2", $FORM{"HTTP_REFERER"},$FORM{"username"});
	} elsif ($FORM{'SELECTION'} =~ /move(\w+)/) {
		if ($1 =~ /^(\d+)$/) {
			$tomove = $1;
			$plural = ""; $singular = "a ";
		} else {
			$tomove = $FORM{'MARK'};
			$plural = "s"; $singular = "";
		}
		&ex('move_subtopic_form', $topic_number, $me_number, $FORM{'username'}, $plural, $singular, $FORM{'HTTP_REFERER'});
		exit(0);
	} elsif ($FORM{'SELECTION'} =~ /properties(\d+)/) {
		$torename = $1;
		if ($torename =~ /^0/) {
			$torename =~ s/^0//g;
			&ex("rename_link_form", $FORM{"HTTP_REFERER"},$torename,$FORM{"username"});
		} else {
			&ex("rename_subtopic_form", $FORM{"HTTP_REFERER"}, $torename, $FORM{"username"});
		}
		exit(0);
	} elsif ($FORM{'SELECTION'} =~ /reorder/) {
		undef @data;
		undef @datakeys;
		foreach $key (keys(%FORM)) {
			$key2 = $key;
			$keystr .= "$key2=$FORM{$key2}<BR>";
			if ($key2 =~ /^ORDER/) {
				$key2 =~ s/^ORDER//g;
				$key2 =~ s/^0//g;
				push (@data, $key2);
				push (@dataval, $FORM{$key});
			}
		}
		@array = @data[sort {$dataval[$a] <=> $dataval[$b]} $[..$#data];
		$arraystr = join(":", @array);
		&ex("reorder_subtopics", $FORM{"HTTP_REFERER"}, $arraystr);
		&ex("page_mgr_2", $FORM{"HTTP_REFERER"},$FORM{"username"});
	}
}

if ($FORM{'action'} eq 'rename_a_subtopic' || $FORM{'action'} eq 'rename_a_link') {
	&check_passwd;
	&extract ($FORM{'HTTP_REFERER'});
	&verify_owner ($owner,$FORM{'username'}) || &error_message("Permissions Error", "You do not have permissions to rename subtopics on this page!");
	($newname) = &ex('webtags', $FORM{"newname"}, 3);
	$newname = &remove_links($newname);
	&error_message("Rename Error", "You didn't specify a new subtopic/link name!") if $newname eq "";
	&error_message("Formatting Error", "The following formatting error was returned:<BR><BR>$newname<BR><BR>") if $newname =~ /<H3>FORMATTING/i;
	if ($FORM{'action'} eq "rename_a_subtopic") {
		$subtopic = $FORM{'subtopic'};
		$subtopic =~ s/\D//g;
		&error_message("Rename Error", "You didn't specify a valid initial subtopic!") if $subtopic == 0;
		&ex("rename_subtopic", $FORM{"HTTP_REFERER"}, $subtopic, $newname);
	} else {
		$linknum = $FORM{'link'};
		$url = &remove_html($FORM{'url'});
		if ($FORM{'frame'} eq "top") {
			$target = "_top";
		} elsif ($FORM{'frame'} eq "new") {
			$target = "_blank";
		} else {
			$target = "Main";
		}
		&ex("rename_link", $FORM{"HTTP_REFERER"}, $linknum, $newname, $url, $target);
	}
	&ex("page_mgr_2", $FORM{"HTTP_REFERER"},$FORM{"username"});
}

if ($FORM{'action'} eq "move_subtopic") {
	&check_passwd;
	&extract ($FORM{'HTTP_REFERER'});
	&verify_owner ($owner,$FORM{'username'}) || &error_message("Permissions Error", "You do not have permissions to move subtopics from this page!");
	$oldtopic = $topic_number;
	$oldparent = $me_number;
	&extract("//$FORM{'click'}.$ext");
	&verify_owner ($owner,$FORM{'username'}) || &error_message("Permissions Error", "You do not have permissions to move subtopics to this page!");
	$newtopic = $topic_number;
	$newtopic_hold = $newtopic;
	$newhome = $me_number;
	$newhome_hold = $newhome;
	@tomove = split(/,/, $FORM{'move'});
	foreach $page (@tomove) {
		$page =~ s/^0//;
	}
	$tomove = join(",", @tomove);
	&ex('move_page', $oldtopic, $tomove, $oldparent, $newtopic, $newhome);
	&extract("//$newtopic_hold/$newhome_hold.$ext");
	if ($param !~ /Sublist/) {
		&ex('change_layout', $newtopic_hold, $newhome_hold, $param . "Sublist");
	}
	($dt) = &ex('get_date_time', "short");
	($ts) = &ex('get_date_time', "long");
	$ts =~ s/\W//g;
	&ex('update_time', $topic_number, $me_number, $parent_number, $ts, $dt);
	&ex("page_mgr_2", $FORM{"HTTP_REFERER"},$FORM{"username"});	exit(0);
}

if ($FORM{'action'} eq "messages") {
	&check_passwd;
	&extract($FORM{'HTTP_REFERER'});
	&verify_owner($owner, $FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to edit this topic!");
	if ($FORM{'SELECTION'} =~ /delete(\w+)/) {
		$todo = $1;
		if ($todo ne "all") {
			$todo =~ s/\D//g;
			if ($todo != 0) {
				&ex('remove_message', $FORM{"HTTP_REFERER"}, $todo);
			}
		} else {
			&ex('remove_message', $FORM{"HTTP_REFERER"}, $FORM{'MARK'});
		}
		&ex("page_mgr_2", $FORM{"HTTP_REFERER"},$FORM{"username"});
	} elsif ($FORM{'SELECTION'} =~ /move(\w+)/) {
		$tomove = $1;
		&ex('move_message_form', $topic_number, $tomove, $FORM{"move"}, $FORM{"MARK"}, $FORM{"HTTP_REFERER"}, $FORM{"username"});
		exit(0);
	} elsif ($FORM{'SELECTION'} =~ /edit(\d+)/) {
		$toedit = $1;
		($source) = &ex('read_source', "$message_dir/$topic_number/$me_number.$ext", $toedit);
		&error_message("Edit Message Error", "The specified message number is invalid.") if $source eq "";
		chop ($source) if $source =~ /\n$/;
		&ex('edit_message_form', $topic_number, $me_number, $toedit, $source, "", $FORM{"username"});
		exit(0);
	} elsif ($FORM{'SELECTION'} =~ /reorder/) {
		undef @data;
		undef @datakeys;
		foreach $key (keys(%FORM)) {
			$key2 = $key;
			$keystr .= "$key2=$FORM{$key2}<BR>";
			if ($key2 =~ /^ORDER/) {
				$key2 =~ s/^ORDER//g;
				push (@data, $key2);
				push (@dataval, $FORM{$key});
			}
		}
		@array = @data[sort {$dataval[$a] <=> $dataval[$b]} $[..$#data];
		$arraystr = join(":", @array);
		&ex('reorder_messages', $FORM{"HTTP_REFERER"}, $arraystr);
		&ex("page_mgr_2", $FORM{"HTTP_REFERER"},$FORM{"username"});
	}
}

if ($FORM{'action'} eq "edit_message") {
	&check_passwd;
	&extract($FORM{'HTTP_REFERER'});
	&verify_owner($owner, $FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to edit messages in this topic!");
	($source) = &ex('read_source', "$message_dir/$topic_number/$me_number.$ext", $FORM{"postindex"});
	&error_message ("Edit Message Error", "Specified post index is not valid - source is blank.") if $source eq "";
	$source = $FORM{"message"};
	($lint, $message) = &ex('webtags', $source, 0, 1);
	&error_message ("Edit Message Error", "You cannot specify a blank message!") if $message eq "";
	$FORM{'submit'} = "Preview" if $lint eq "!Error";
	if ($FORM{'submit'} =~ /Preview/) {
		&ex('edit_message_form', $topic_number, $me_number, $FORM{"postindex"}, $source, $message, $FORM{"username"});
		exit(0);
	}
	&ex('save_edited_message', $topic_number, $me_number, $FORM{"postindex"}, &escape($source), $message, $FORM{"username"});
	&ex("page_mgr_2", $FORM{"HTTP_REFERER"},$FORM{"username"});
}

if ($FORM{'action'} eq "move_message") {
	&check_passwd;
	&extract($FORM{'HTTP_REFERER'});
	&verify_owner($owner, $FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to move messages from this topic!");
	($old_topic,$old_page) = ($topic_number, $me_number);
	if ($FORM{'click'}) {
		&extract ("//$FORM{'click'}.$ext");
		&verify_owner($owner, $FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to move messages to this topic!");
		($new_topic, $new_page) = ($topic_number, $me_number);
		$page_num = $new_page;
	} else {
		$new_topic = "Create";
		$new_page = $FORM{'newname'};
	}
	($new_page, $new_topic) = &ex('move_message', $old_topic, $old_page, $FORM{"move"}, $new_topic, $new_page, $FORM{"parm"});
	if ($new_page != 0) {
		$page_num = $new_page;
		$new_topic = $old_topic if $new_topic =~ /\D/;
		&extract ("//$new_topic/$new_page.$ext");
		$param =~ s/noneset//g;
		if ($param !~ /Messages/) {
			&ex('change_layout', $new_topic, $page_num, $param . "Messages");
			$param .= "Messages";
			if ($param !~ /Add/ && $FORM{"parm"} == 1) {
				&ex('change_layout', $new_topic, $page_num, $param . "Add");
			}
		}
	}
	&extract("//$new_topic/$new_page.$ext");
	($dt) = &ex('get_date_time', "short");
	($ts) = &ex('get_date_time', "long");
	$ts =~ s/\W//g;
	&ex('update_time', $topic_number, $me_number, $parent_number, $ts, $dt);
	&ex("page_mgr_2", $FORM{"HTTP_REFERER"},$FORM{"username"});
}

if ($FORM{'action'} eq 'about_message') {
	&check_passwd;
	&extract ($FORM{'HTTP_REFERER'});
	&verify_owner ($owner, $FORM{'username'});
	$new_message = $FORM{'message'};
	($new_message) = &ex('webtags', $new_message, 1);
	$FORM{'submit'} = "Preview" if $new_message =~ /<H3>FORMATTING/i;
	if ($FORM{'submit'} =~ /Preview/) {
		$FORM{'message'} =~ s/&/&amp;/g;
		$FORM{'message'} =~ s/</&lt;/g;
		$FORM{'message'} =~ s/>/&gt;/g;
		$FORM{'message'} =~ s/"/&quot;/g;
		&ex('preview_admin_message', $FORM{"message"}, $new_message, $FORM{"username"}, $FORM{"HTTP_REFERER"}, "about_message", "About Message");
		exit(0);
	} else {
		$file = "$message_dir/$topic_number/$me_number.$ext";
		&ex('change_about_message', $file, $FORM{"message"}, $new_message);
		($dt) = &ex('get_date_time', "short");
		($ts) = &ex('get_date_time', "long"); $ts =~ s/\W//g;
		&ex('update_time', $topic_number, $me_number, $parent_number, $ts, $dt);
		&ex("page_mgr_2", $FORM{"HTTP_REFERER"},$FORM{"username"});
	}
}

if ($FORM{'action'} eq "change_layout") {
	&check_passwd;
	&extract ($FORM{'HTTP_REFERER'});
	&verify_owner($owner, $FORM{'username'});
	$layout = "";
	$layout .= "Sublist" if $FORM{'element1'} eq "on";
	$layout .= "Create" if $FORM{'element2'} eq "on";
	$layout .= "About" if $FORM{'element3'} eq "on";
	$layout .= "Messages" if $FORM{'element4'} eq "on";
	$layout .= "Add" if $FORM{'element5'} eq "on";
	&ex('change_layout', $topic_number, $me_number, $layout);
	$append = "?username=$FORM{'username'}";
	&ex("page_mgr_2", $FORM{"HTTP_REFERER"},$FORM{"username"});
	exit(0);
}

############################################################################
# MODERATOR MANAGER FUNCTIONS
############################################################################

if ($FORM{'action'} eq "add_moderator") {
	&error_message('Permissions Error', 'Only the superuser may access the "Add New Moderator" functionality!') if $FORM{'username'} ne "$superuser";
	&check_passwd;
	&ex('add_moderator', $FORM{"username"}, $FORM{"user"}, $FORM{"pass_1"}, $FORM{"pass_2"});
	&ex('moderator_mgr', $FORM{"username"}); exit(0);
}

if ($FORM{'action'} eq "moderator_form") {
	&error_message("Permissions Error", "Only the superuser may delete and edit moderators!") if $FORM{'username'} ne $superuser;
	&check_passwd;
	if ($FORM{'SELECTION'} =~ /^delete(\w+)/) {
		$remove = $1;
		if ($remove ne "All") {
			&ex('delete_moderator', $remove) if $remove ne $superuser;
		} else {
			@mark = split(/,/, $FORM{'MARK'});
			@mark = grep(!/^$superuser$/, @mark);
			foreach $user (@mark) {
				&ex('delete_moderator', $user);
			}
		}
		&ex('moderator_mgr', $FORM{"username"}); exit(0);
	} elsif ($FORM{'SELECTION'} =~ /^edit(\w+)/) {
		$edit = $1;
		&ex("profile_editor", $FORM{"username"}, "passwd.txt", $cgiurl, 1, "profile_su", "password_su", $edit, "", "Moderator Editor: \u$edit", 2);
		exit(0);
	}
}

if ($FORM{'action'} eq "password_su") {
	&error_message("Permissions Error", "Only the superuser may change the passwords of other moderators!") if $FORM{'username'} ne $superuser;
	&check_passwd;
	&error_message("Change Password Error", "The superuser's password cannot be changed using this method!") if $FORM{'user'} eq $superuser;
	&ex('change_password', "passwd", $FORM{"user"}, $FORM{"pass1"}, $FORM{"pass2"});
	&ex("profile_editor", $FORM{"username"}, "passwd.txt", $cgiurl, 1, "profile_su", "password_su", $FORM{"user"}, "", "Moderator Editor: \u$FORM{'user'}", 2);
	exit(0);
}

if ($FORM{'action'} eq "profile_su") {
	&error_message("Permissions Error", "Only the superuser may change the profiles of other moderators!") if $FORM{'username'} ne $superuser;
	&check_passwd;
	foreach $key (keys(%FORM)) {
		$FORM{$key} =~ s/[:<>;]//g;
	}
	@notifyoptions = split(/,/, $FORM{'notify'});
	$tally = 0;
	foreach $num (@notifyoptions) {
		$tally += $num;
	}
	&ex('change_profile', "passwd", $FORM{"user"}, $FORM{"email"}, $FORM{"fullname"}, $FORM{"profile"}, $tally, "*");
	&ex("profile_editor", $FORM{"username"}, "passwd.txt", $cgiurl, 1, "profile_su", "password_su", $FORM{"user"}, "", "Moderator Editor: \u$FORM{'user'}", 2);
	exit(0);
}

##########################################################################
# GROUP MANAGER FUNCTIONS
##########################################################################

if ($FORM{'action'} eq "add_group") {
	&error_message('Permissions Error', 'Only the superuser may access the "Add New Group" functionality!') if $FORM{'username'} ne "$superuser";
	&check_passwd;
	&ex('add_group', $FORM{"username"}, $FORM{"group"});
   &ex('group_mgr', $FORM{"username"}); exit(0);
}

if ($FORM{'action'} eq "group_form") {
	&error_message("Permissions Error", "Only the superuser may delete and edit groups!") if $FORM{'username'} ne $superuser;
	&check_passwd;
	if ($FORM{'SELECTION'} =~ /delete([\w\-]+)/) {
		$remove = $1;
		if ($remove ne "All") {
			&ex('delete_group', $remove);
		} else {
			@mark = split(/,/, $FORM{'MARK'});
			foreach $user (@mark) {
				&ex('delete_group', $user);
			}
		}
	   &ex('group_mgr', $FORM{"username"}); exit(0);
	} elsif ($FORM{'SELECTION'} =~ /edit([\w\-]+)/) {
		$edit = $1;
		&ex('edit_group', $FORM{"username"}, $edit);
		exit(0);
	}
}

if ($FORM{'action'} eq "edit_group_form") {
	&error_message("Permissions Error", "Only the superuser may delete and edit groups!") if $FORM{'username'} ne $superuser;
	&check_passwd;
	if ($FORM{'SELECTION'} =~ /^delete(\w+)/) {
		$remove = $1;
		if ($remove ne "All") {
			&ex('delete_moderator_from_group', $remove, $FORM{"group"});
		} else {
			@mark = split(/,/, $FORM{'MARK'});
			foreach $user (@mark) {
				&ex('delete_moderator_from_group', $user, $FORM{"group"});
			}
		}
		$edit = $FORM{'group'};
		&ex('edit_group', $FORM{"username"}, $edit);
		exit(0);
	}
}

if ($FORM{'action'} eq "add_to_group") {
	&error_message('Permissions Error', 'Only the superuser may add a moderator to a group!') if $FORM{'username'} ne "$superuser";
	&check_passwd;
	if ($FORM{'SELECTION'} =~ /^add(\w+)/) {
		$add = $1;
		if ($add ne "All") {
			&ex('add_to_group', $FORM{"group"}, $add);
		} else {
			@mark = split(/,/, $FORM{'MARK'});
			foreach $user (@mark) {
				&ex('add_to_group', $FORM{"group"}, $user);
			}
		}
	}
	$edit = $FORM{'group'};
	&ex('edit_group', $FORM{"username"}, $edit);
	exit(0);
}

##########################################################################
# PROFILE MANAGER FUNCTIONS
##########################################################################

if ($FORM{'action'} eq "password") {
	&check_passwd;
	open (PASSWD, "$admin_dir/passwd.txt");
	@passwd = <PASSWD>;
	close (PASSWD);
	($line) = grep(/^$FORM{'username'}:/, @passwd);
	($user, $pass, $email, $full, $profile, $wantemail, $lastcheck) = split(/:/, $line);
	&error_message("Change Password Error", "You do not have permission to edit your own profile!") if $profile == 0 && $FORM{'username'} ne $superuser;
	&ex('change_password', "passwd", $FORM{"username"}, $FORM{"pass1"}, $FORM{"pass2"});
	if ($FORM{'firsttime'}) {
		&ex('register_discus', 1);
	} else {
		&ex('passwd_success', 1);
	}
	exit(0);
}

if ($FORM{'action'} eq "profile") {
	&check_passwd;
	open (PASSWD, "$admin_dir/passwd.txt");
	@passwd = <PASSWD>;
	close (PASSWD);
	($line) = grep(/^$FORM{'username'}:/, @passwd);
	($user, $pass, $email, $full, $profile, $wantemail, $lastcheck) = split(/:/, $line);
	&error_message("Edit Profile Error", "You do not have permission to edit your own profile!") if $profile == 0 && $FORM{'username'} ne $superuser;
	foreach $key (keys(%FORM)) {
		$FORM{$key} =~ s/[:<>;]//g;
	}
	@notifyoptions = split(/,/, $FORM{'notify'});
	$tally = 0;
	foreach $num (@notifyoptions) {
		$tally += $num;
	}
	&ex('change_profile', "passwd", $FORM{"username"}, $FORM{"email"}, $FORM{"fullname"}, "*", $tally, "*");
	&ex("profile_editor", $FORM{"username"}, "passwd.txt", $cgiurl, 0, "profile", "password", "", "", "Profile Manager", 0);
	exit(0);
}


##########################################################################
# USER MANAGER FUNCTIONS
##########################################################################

if ($FORM{'action'} eq "add_user") {
	&check_passwd;
	&verify_owner($FORM{'group'},$FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to add users to this group!");
	&ex('add_user', $FORM{"username"}, $FORM{"newuser"}, $FORM{"pass_1"}, $FORM{"pass_2"}, $FORM{"group"});
	&ex('user_mgr_2', $FORM{"username"}, $FORM{"group"}); exit(0);
}

if ($FORM{'action'} eq 'preview_list') {
	&check_passwd;
	&verify_owner($FORM{'group'},$FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to add users to this group!");
	&ex("preview_user_list", $FORM{"username"}, $FORM{"group"}, $FORM{"list"});
	exit(0);
}

if ($FORM{'action'} eq 'submit_list') {
	&check_passwd;
	&verify_owner($FORM{'group'},$FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to add users to this group!");
	if ($FORM{'modify'} == 1) {
		($modified_list) = &ex("modify_list", 1);
		&ex("preview_user_list", $FORM{"username"}, $FORM{"group"}, $modified_list, $FORM{"delimiter"});
	} else {
		&ex("add_user_list", $FORM{"username"}, $FORM{"group"});
		&ex('user_mgr_2', $FORM{"username"}, $FORM{"group"}); exit(0);
	}
}

if ($FORM{'action'} eq "user_form") {
	&check_passwd;
	&verify_owner($FORM{'group'},$FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to remove or edit users in this group!");
	if ($FORM{'SELECTION'} =~ /^delete(\w+)/) {
		$remove = $1;
		if ($remove ne "ALL") {
			&ex("delete_user", $remove, $FORM{"group"});
		} else {
			&ex("delete_user", $FORM{"MARK"}, $FORM{"group"});
		}
		&ex('user_mgr_2', $FORM{"username"}, $FORM{"group"}); exit(0);
	} elsif ($FORM{'SELECTION'} =~ /^edit(\w+)/) {
		$edit = $1;
		&ex("profile_editor", $FORM{"username"}, "users.txt", $cgiurl, 1, "profile_user", "password_user", $edit, $FORM{'group'}, "User Editor: \u$edit", 1);
		exit(0);
	}
}

if ($FORM{'action'} eq "profile_user") {
	&check_passwd;
	&verify_owner($FORM{'group'},$FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to remove or edit users in this group!");
	foreach $key (keys(%FORM)) {
		$FORM{$key} =~ s/[:<>;]//g;
	}
	@notifyoptions = split(/,/, $FORM{'notify'});
	$tally = 0;
	foreach $num (@notifyoptions) {
		$tally += $num;
	}
	&ex("change_profile", "users", $FORM{"user"}, $FORM{"email"}, $FORM{"fullname"}, $FORM{"profile"}, $tally, "*", $FORM{"group"});
	&ex("profile_editor", $FORM{"username"}, "users.txt", $cgiurl, 1, "profile_user", "password_user", $FORM{"user"}, $FORM{'group'}, "User Editor: \u$FORM{'user'}", 1);
	exit(0);
}

if ($FORM{'action'} eq "password_user") {
	&check_passwd;
	&verify_owner($FORM{'group'},$FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to remove or edit users in this group!");
	&ex("change_password", "users", $FORM{"user"}, $FORM{"pass1"}, $FORM{"pass2"}, $FORM{"group"});
	&ex("profile_editor", $FORM{"username"}, "users.txt", $cgiurl, 1, "profile_user", "password_user", $FORM{"user"}, $FORM{'group'}, "User Editor: \u$FORM{'user'}", 1);
	exit(0);
}

if ($FORM{'action'} eq "special_user") {
	&check_passwd;
	&verify_owner($FORM{'group'},$FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to edit special permissions in this group!");
	&ex("special_user", $FORM{"group"}, "PUBLIC", $FORM{"public"});
	&ex("special_user", $FORM{"group"}, "USERS", $FORM{"users"});
	&ex("special_user", $FORM{"group"}, "MODERATORS", $FORM{"moderators"});
	&ex("special_user", $FORM{"group"}, "DISABLE", $FORM{"disable"});
	&ex('user_mgr_2', $FORM{"username"}, $FORM{"group"}); exit(0);
}

if ($FORM{'action'} eq "profile_perm") {
	&check_passwd;
	&verify_owner($FORM{'group'},$FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to edit special permissions in this group!");
	@process = ("anon", "email", "stamp");
	foreach $process (@process) {
		if ($FORM{$process} eq "on") {
			$FORM{$process} = "";
		} else {
			$FORM{$process} = "on";
		}
	}
	&ex("special_user", $FORM{"group"}, "DISABLEANON", $FORM{"anon"});
	&ex("special_user", $FORM{"group"}, "DISABLEEMAIL", $FORM{"email"});
	&ex("special_user", $FORM{"group"}, "DISABLESTAMP", $FORM{"stamp"});
	&ex('user_mgr_2', $FORM{"username"}, $FORM{"group"}); exit(0);
}

##########################################################################
# GENERAL FUNCTIONS
##########################################################################

if ($diagnostic == 0) {
	&error_message("Unexplained Error", "The script form values passed to the board administration program produced an unexplained error.");
} else {
	print "Content-type: text/html\n\n";
	print "Script administration error - invalid query\n";
	print "-" x 50, "\n";
	print "FORM keys and values:\n";
	foreach $key (sort(keys(%FORM))) {
		print "\t'$key' = '$FORM{$key}'\n";
	}
	print "-" x 50, "\n";
	print "ENV keys and values:\n";
	foreach $key (sort(keys(%ENV))) {
		print "\t'$key' = '$ENV{$key}'\n";
	}
	print "-" x 50, "\n";
	exit(0);
}

sub check_passwd {
	$username = $FORM{'username'}; $username =~ tr/A-Z/a-z/;
	$guess = $FORM{'password'}; $guess =~ tr/A-Z/a-z/;
	open(PASSWD,"$admin_dir/passwd.txt") || &error_message("Verify Password Error", "Cannot open password file (passwd.txt) for reading!");
	@passwd_line = <PASSWD>;
	close(PASSWD);
	$ok = "";
	foreach $line (@passwd_line) {
		($user, $pass) = split(/:/, $line);
		if ($user eq $username) {
			$test_pass = crypt($guess, $pass);
			$ok = "Yes" if $test_pass eq $pass;
			$ok = "No" if $pass eq "";
			$ok = "Yes" if $username eq $superuser && $pass eq "" && $guess eq "";
			$ok = "No" if $username ne $superuser && $pass eq "";
			$ok = "No" if $username eq $superuser && $pass ne "" && $guess eq "";
			$ok = "Yes" if $COOKIE{'pass'} eq crypt($pass, "cookie") && $guess eq "";
			return $test_pass if $ok eq "Yes";
		}
	}
	if ($ok ne "Yes") {
		open (LOG, ">>$admin_dir/admin.log");
		print LOG "$user\"$host\"$addr\"$ts\"WRONG\n";
		close (LOG);
		&error_message("Bad Login", "Your username/password combination was invalid to access the administration program!");
	}
}

sub verify_owner {
	local ($owner, $username) = @_;
	local (@group_data, $group, $usernames, @username, $groupname);
	open (GROUP, "$admin_dir/groups.txt") || &error_message("File Error", "Cannot open group file (groups.txt)!");
	@group_data = <GROUP>;
	close (GROUP);
	foreach $group (@group_data) {
		chop ($group) if $group =~ /\n$/;
		($groupname, $usernames) = split(/:/, $group);
		if ($groupname eq $owner) {
			@username = split(/,/, $usernames);
			if (grep (/^$username$/, @username)) {
				return 1;
			} else {
				return 0;
			}
		}
	}
	return 0;
}