#Discus board image upload script
#-------------------------------------------------------------------------------
#This script is copyright (c) 1997-98 by Kevin W. Paulisse and William F. Polik,
#all rights reserved.  You may not modify or delete this copyright header.
#The use of this product is subject to a license agreement.  Contact Kevin
#Paulisse (paulisse@mulliken.chem.hope.edu) for further information.
#-------------------------------------------------------------------------------

open (FILE, "$discus_conf");
@file = <FILE>;
close (FILE);
$evals = "";
foreach $line (@file) {
	if ($line =~ /^(\w+)=(.*)/) {
		$varname = $1;
		$value = $2;
		$value =~ s/'/\\'/g;
		$evals .= "\$$varname='$value'; ";
	}
}
eval($evals);
require "$admin_dir/source/src-board-subs-common";

###################### MIME TYPES FOR ACCEPTABLE IMAGES ######################

$extension{"image/gif"} = "gif"; $tag{"image/gif"} = "image_alreadyuploaded";
$extension{"image/jpeg"} = "jpg"; $tag{"image/jpeg"} = "jpeg_alreadyuploaded";
$extension{"image/pjpeg"} = "jpg"; $tag{"image/pjpeg"} = "jpeg_alreadyuploaded";

################################################
#	Script Starts Here
################################################

&parse_multipart;
&read_cookie;
&extract($FORM{'HTTP_REFERER'});

$FORM{'name'} = $FORM{'username'} if $FORM{'username'} ne "";
$FORM{'number'} = $FORM{'passwd'} if $FORM{'passwd'} ne "";

$name2 = $FORM{'name'}; $name2 =~ tr/A-Z/a-z/;
$number2 = $FORM{'number'}; $number2 =~ tr/A-Z/a-z/;
&check_password_and_permissions ($name2, $number2, $owner);

#---- Security Check ----#

open (LOG, "$admin_dir/log.txt");
@log = <LOG>;
close (LOG);

if ($ENV{'HTTP_REFERER'} ne "$script_url/board-post.$cgi_extension" && $ENV{'HTTP_REFERER'} ne "$script_url/board-image.$cgi_extension") {
	&error_message("Invalid Referer", "You are not accessing this page from an acceptable referring page.  What are you trying to do?");
}

$ctr = 0;

#---- Extract original message ---#
&lock("$message_dir/$topic_number/$me_number.$ext");
open (FILE, "$message_dir/$topic_number/$me_number.$ext"); @file = <FILE>; close (FILE);
$message = ""; $before = ""; $after = "";
$flag = 0;
foreach $line (@file) {
	$formpostindex = $FORM{'postindex'};
	if ($line =~ /<!-Post: $formpostindex-!>/) {
		$flag = 1;
		$before .= $line;
	} elsif ($line =~ /<!-\/Post: $formpostindex-!>/) {
		$flag = 2;
		$after .= $line;
	} elsif ($flag == 1) {
		$message .= $line;
	} elsif ($flag == 2) {
		$after .= $line;
	} elsif ($flag == 0) {
		$before .= $line;
	}
}

$message_new = $message; $message =~ s/\n//g; $result = "";
$errors = 0;
if ($message eq "") {
	&unlock("$message_dir/$topic_number/$me_number.$ext");
	&error_message("Message Not Found", "Referenced message not found!!!");
}

$adminappend = "?username=$FORM{'name'}";
$adminappend .= "&HTTP_REFERER=$FORM{'HTTP_REFERER'}&action=page_editor";

#---- Extract Source of Message ----#

&ex('message_source');
($srcline) = &ex('read_source', "$message_dir/$topic_number/$me_number.$ext", $FORM{"postindex"});
($bgcolor, $text, $link, $vlink, $alink, $face, $size, $image) = &ex('extract_colorsonly', 1);
$srcline =~ s/\n+$//;
$srcline = &unescape($srcline) unless $srcline =~ /\s/;

#---- Scan File and Handle Uploads ----#
$ctr = 0;
while ($message =~ /<IMG SRC="([^"]*)" ALT="([^"]*)">/) {
	$url = $1; $alt = $2;
	$origmatch = $&; $message = $'; $match = $origmatch;
	$ctr += 1;
	$imgname = "Image$ctr";
	if ($url ne $url_to_default_image) {
		$result .= "<TR><TD><FONT FACE=\"$face\" SIZE=$size>$ctr</FONT></TD>";
		$result .= "<TD><FONT FACE=\"$face\" SIZE=$size>$alt</FONT></TD>";
		$result .= "<TD><FONT FACE=\"$face\" SIZE=$size>$L{BIITSUPLOADED}</FONT></TD></TR>\n";
	} else {
		$content = $CONTENT{$imgname};
		$content =~ tr/A-Z/a-z/;
		if (!grep(m|^$content$|, keys(%tag))) {
			$errors += 1;
			$result .= "<TR>";
			$result .= "<TD><FONT FACE=\"$face\" SIZE=$size>$alt</FONT></TD>";
			$result .= "<TD><FONT FACE=\"$face\" SIZE=$size>$L{BIUNRECOGNIZED} ($CONTENT{$imgname})</FONT></TD></TR>\n";
		} else {
			if ($FILE{$imgname} ne "") {
				($num) = &ex('get_number', 1);
				open (IMAGE, ">$message_dir/$topic_number/$num.$extension{$content}");
				eval 'binmode(IMAGE);'; #Windows versions
				print IMAGE $FILE{$imgname};
				close (IMAGE);
				chmod (0644, "$message_dir/$topic_number/$num.$extension{$content}");
				$result .= "<TR>";
				$result .= "<TD><FONT FACE=\"$face\" SIZE=$size>$alt</FONT></TD>";
				$result .= "<TD><FONT FACE=\"$face\" SIZE=$size>$L{BIITSUPLOADED}</FONT></TD></TR>\n";
				$match = "<IMG SRC=\"$message_url/$topic_number/$num.$extension{$content}\" ALT=\"$alt\">";
				if ($srcline =~ /\\image_notuploaded{$ctr,([^}]*)}/) {
					$srcline = $` . "\\$tag{$content}" . "{$num,$1}" . $';
				}
			} else {
				$errors += 1;
				$result .= "<TR>";
				$result .= "<TD><FONT FACE=\"$face\" SIZE=$size>$alt</FONT></TD>";
				$result .= "<TD><FONT FACE=\"$face\" SIZE=$size>$L{BINOTFOUND}</FONT></TD></TR>\n";
			}
		}
	}
	$message_new =~ s/$origmatch/$match/ if $origmatch ne $match;
}

open (FILE, ">$message_dir/$topic_number/$me_number.$ext");
print FILE $before . $message_new . $after;
close (FILE);
&unlock("$message_dir/$topic_number/$me_number.$ext");

&ex('remove_source', "$message_dir/$topic_number/$me_number.$ext", $FORM{"postindex"});
$srcline = &escape($srcline);
&ex('write_source', "$message_dir/$topic_number/$me_number.$ext", $FORM{"postindex"}, $srcline);

if ($errors > 0) {
	&header;
	&ex('printuntil', 1, 1, $topic_number, "$L{BIUPLOADSTATUS}");
	print "<FONT SIZE=+1><CENTER><B>$L{BIUPLOADSTATUS}</B></CENTER></FONT>\n";
	for ($i = 3; $i <= 9; $i += 2) {
		&ex('printuntil', $i, $i, $topic_number, "$L{BIUPLOADSTATUS}");
	}
	print "<HR>\n";
	if ($errors == 1) {
		print $L{BIONEERROR};
	} else {
		$ts = $L{BIPLURALERROR};
		$ts =~ s/\%d/$errors/g;
		print $ts;
	}
	print "<P>\n";
	print "<TABLE BORDER=1>\n";
	print "<TR ALIGN=LEFT><TH><FONT FACE=\"$face\" SIZE=$size>$L{BIIMGDESCR}</FONT></TH><TH><FONT FACE=\"$face\" SIZE=$size>$L{BIUPLOADSTATUSTABLE}</FONT></TH></TR>\n";
	print $result;
	print "</TABLE>\n";
	print "<HR>$L{BIUSEPREVFORM}<P>\n";
	print "<FORM><INPUT TYPE=BUTTON VALUE=\"$L{BIGOBACK}\" onClick=\"history.back()\"></FORM>\n";
	print "<P>$L{BPIMGUPLOADCANCEL1} ";
	print "<A HREF=\"$message_url/$topic_number/$me_number.$ext\"" if $FORM{'isitok'} ne "okiedokie";
	print "<A HREF=\"$cgiurlm$adminappend\"" if $FORM{'isitok'} eq "okiedokie";
	print ">$L{BPIMGUPLOADCANCEL2}</A>. $L{BPIMGUPLOADCANCEL3}";
	for ($i = 11; $i <= 17; $i += 2) {
		&ex('printuntil', $i, $i, $topic_number);
	}
	exit(0);
}

&seturl("$message_url/$topic_number/$me_number.$ext") if $FORM{'isitok'} ne "okiedokie";
&seturl("$cgiurlm$adminappend") if $FORM{'isitok'} eq "okiedokie";

sub parse_multipart {
	$type = $ENV{'CONTENT_TYPE'};
	($boundary) = ($type =~ /boundary=(.*)/);
	$boundary = "--" . $boundary;
	$length = $ENV{'CONTENT_LENGTH'}; $len = 0; $input = "";
	eval 'binmode(STDIN);'; #Windows versions
	while ($len < $length) {
		$buf = ""; $len += sysread(STDIN, $buf, $length); $input .= $buf;
	}
	@input_pairs = split(/$boundary/, $input);
	foreach $line (@input_pairs) {
		($header, $body) = split(/\r\n\r\n|\n\n|\r\r/, $line, 2);
		$body =~ s/\r\n$//;
		$header =~ /name="([^"]+)"/;
		$formname = $1;
		if ($header =~ /Type: (.*)/) {
			$content = $1;
			$FILE{$formname} = $body;
			$CONTENT{$formname} = $content;
		} elsif ($formname =~ /^(\w+)$/) {
			$FORM{$formname} = $body if $FORM{$formname} eq "";
			$FORM{$formname} =~ s/\r//g;
		}
	}
}

sub check_password_and_permissions {
	local ($username, $guess, $group) = @_;
	local ($user, $ok, @passwd_line, $line, $pass, $test_pass, @group, $groupline);
	local ($field1, $field2, @valid);
	# Read in groups
	undef (@users);
	open (PASSWD, "$admin_dir/users.txt") || &error_message("Verify Password Error", "Cannot open password file (users.txt) for reading!");
	@users = <PASSWD>;
	close (PASSWD);
	@valid = grep(/:$group(\n?)$/, @users);
	local ($public, $users, $moderators) = (0,0,0);
	$public = 1 if (grep(/^PUBLIC:/, @valid));
	$users = 1 if (grep(/^USERS:/, @valid));
	$moderators = 1 if (grep(/^MODERATORS:/, @valid));
	open(PASSWD,"$admin_dir/passwd.txt") || &error_message("Verify Password Error", "Cannot open password file (passwd.txt) for reading!");
	@passwd_line = <PASSWD>;
	close(PASSWD);
	$ok = "";
	foreach $line (@passwd_line) {
		($user, $pass) = split(/:/, $line, 3);
		if ($user eq $username) {
			$test_pass = crypt($guess, $pass);
			$ok = "";
			$ok = "Yes" if $test_pass eq $pass;
			$ok = "No" if $guess eq "";
			$ok = "Yes" if $COOKIE{'pass'} eq crypt($pass, "cookie");
			$ok = "Yes" if $COOKIE{'cpwd'} eq crypt($pass, "cookie");
			$ok = "No" if $pass eq "";
			if ($ok eq "Yes") {
				open (GROUP, "$admin_dir/groups.txt") || &error_message("Verify Password Error", "Cannot open groups file (groups.txt) for reading!");
				@group = <GROUP>;
				close (GROUP);
				($groupline) = grep (/^$group:/, @group);
				chop ($groupline) if $groupline =~ /\n$/;
				($field1, $field2) = split(/:/, $groupline);
				@valid = split(/,/, $field2);
				return $line if grep (/^$username$/, @valid);
				&error_message("Posting Disabled", "Posting is currently disabled in this topic.  Contact your discussion moderator for more information.") if $disabled;
				return $line if $moderators;
				return $line if $public;
			}
		}
	}
	open(PASSWD,"$admin_dir/users.txt") || &error_message("Verify Password Error", "Cannot open password file (users.txt) for reading!");
	@passwd_line = <PASSWD>;
	close(PASSWD);
	$ok = "";
	foreach $line (@passwd_line) {
		chop ($line) if $line =~ /\n/;
		($user, $pass, $foo, $foo, $foo, $foo, $foo, $group_test) = split(/:/, $line);
		if ($user eq $username) {
			$test_pass = crypt($guess, $pass);
			$ok = "";
			$ok = "Yes" if $test_pass eq $pass;
			$ok = "Yes" if $COOKIE{'cpwd'} eq crypt($pass, "cookie");
			$ok = "No" if $guess eq "";
			$ok = "No" if $pass eq "";
			if ($ok eq "Yes") {
				&error_message("Posting Disabled", "Posting is currently disabled in this topic.  Contact your discussion moderator for more information.") if $disabled;
				return $line if $group_test eq $group;
				return $line if $users;
				return $line if $public;
			}
		}
	}
	&error_message("Posting Disabled", "Posting is currently disabled in this topic.  Contact your discussion moderator for more information.") if $disabled;
	return "public user" if $public;
	return "invalid";
}