#Discus board post script (board-post.cgi) #------------------------------------------------------------------------------- #This script is copyright (c) 1997-98 by Kevin W. Paulisse and William F. Polik, #all rights reserved. You may not modify or delete this copyright header. #The use of this product is subject to a license agreement. Contact Kevin #Paulisse (paulisse@mulliken.chem.hope.edu) for further information. #------------------------------------------------------------------------------- ####################################################### # E-Mail Notification where requested # 1=On 0=Off # This variable is now set in the "discus.conf" file. ####################################################### # Double post protection # 1=On 0=Off $double_post_protection_enabled = 1; $double_post_threshold = 120; #in seconds ####################################################### # Possible formatting errors (whether to display this # new screen that points out possible oopses) # 1=On 0=Off $possible_formatting_errors_notify = 1; ####################################################### # Display IP host/address on post. Pretty self # explanatory what this does -- it puts it in # parentheses after the post. # 1=On 0=Off $ip_address_on_posts = 0; ####################################################### # Discussion order: where are new messages/subtopics # added? Default is to add them at the bottom of the # list to go in chronological order. Changing these # could make a structured board become chaotic, and it # is our preference not to change them. However, it's # ultimately up to you. # 1=Bottom 0=Top $new_messages_go = 1; #when adding a new message $new_subtopics_go = 1; #when creating a new conversation ####################################################### # Reply by e-mail: some people have been given a script # to intercept incoming mail messages and process them # as Discus messages. To permit this, the following # variable must be set to 1. # 1=On 0=Off [Default] $reply_by_email = 0; $replyto = ''; ####################################################### # SCRIPT BEGINS HERE... open (FILE, "$discus_conf"); @file = ; close (FILE); $evals = ""; foreach $line (@file) { if ($line =~ /^(\w+)=(.*)/) { $varname = $1; $value = $2; $value =~ s/'/\\'/g; $evals .= "\$$varname='$value'; "; } } eval($evals); require "$admin_dir/source/src-board-subs-common"; &parse_form; &read_cookie; $FORM{'name'} = $FORM{'username'} if $FORM{'username'} ne ""; $FORM{'number'} = $FORM{'passwd'} if $FORM{'passwd'} ne ""; $email_notification = 0 if $windows; $adminappend = "?username=$FORM{'name'}"; $adminappend .= "&HTTP_REFERER=$FORM{'HTTP_REFERER'}&action=page_editor#Messages"; if ($ENV{'HTTP_REFERER'} =~ /\.$cgi_extension/i || $FORM{'HTTP_REFERER'}) { $_ = $FORM{'HTTP_REFERER'}; s/#(.*)//g; } else { $_ = $ENV{'HTTP_REFERER'}; $FORM{'HTTP_REFERER'} = $_; s/#(.*)//g; } $FORM{'name'} =~ s/[]//g; $username_input = $FORM{'name'}; &extract ($_) if $_ ne ""; $name2 = $username_input; $name2 =~ tr/A-Z/a-z/; $number2 = $FORM{'number'}; $number2 =~ tr/A-Z/a-z/; $passwordline = &check_password_and_permissions($name2, $number2, $owner); ($username, $encpass, $email, $fullname,$foo,$foo,$foo,$groupname) = split(/:/, $passwordline); $groupname = "MODERATOR" if $groupname eq ""; $groupname = "" if $username eq ""; $username = "public user" if $username eq ""; $name = $FORM{'name'}; $FORM{'name'} =~ tr/A-Z/a-z/; $name =~ s/[^\w\s\.\-]//g; open (PASSWD, "$admin_dir/users.txt") || &error_message("File Error", "Cannot open user password file (users.txt)!"); @passwd = ; close (PASSWD); @users = grep(/:$owner\n?$/, @passwd); $email_notification = 0 if (grep(/^DISABLEEMAIL:/, @users)); if ($FORM{'Anon'} eq "on") { if (!(grep(/^DISABLEANON:/, @users))) { $postby = "$L{BPANONYMOUS}"; } else { $warnanon = 1; $FORM{'Anon'} = ""; } } if ($FORM{'Anon'} ne "on") { if (!(grep(/^DISABLESTAMP:/, @users))) { $postby = "\u$name"; if ($fullname ne "" && $fullname ne "fullname" && $fullname ne "none") { $postby = $fullname; $namelc = $fullname; $namelc =~ tr/A-Z/a-z/; $postby .= " (\u$username)" if $namelc ne $username; } $postby = join("", "", $postby, "") if ($email ne "" && $email ne "email" && $email ne "none"); if ($username eq "public user") { $postby = join("", "", $postby, "") if $FORM{'email'} =~ m|^([\w\.\-\+]+)\@([\w\.\-\+]+)$|; } } else { $postby = "\u$name"; $namelc = $name; $namelc =~ tr/A-Z/a-z/; $postby .= " (\u$username)" if $namelc ne $username; } } $rh = $ENV{'REMOTE_HOST'}; $rh =~ s/[<>]//g; $ra = $ENV{'REMOTE_ADDR'}; $ra =~ s/[<>]//g; $postby .= " ($rh - $ra)" if $ip_address_on_posts; $FORM{'message'} =~ s/\s+$//; $FORM{'message'} =~ s/\n{3,}/\n\n\n/g; if ($FORM{"message"} !~ /\\(\S+)\{/) { $FORM{"message"} =~ s|(http://)([\w\-\.\+/~\%\?\&\=]+)|\\topurl\{$1$2,$1$2\}|gi; $FORM{"message"} =~ s|([\w\-\+\.]+)\@([\w\-\+\.]+)|\\mail\{$1\@$2,$1\@$2\}|gi; } if ($FORM{'subject'} ne "") { ($newsubject) = &ex('webtags', $FORM{"subject"}, 3); $newsubj = 1; } ($lint, $newmessage) = &ex('webtags', $FORM{"message"}, 0, 1); $error_observed = 1; if ($passwordline eq "invalid") { $newmessage = "

$L{BPAUTHERROR}

$L{BPAUTHERRORINVALID}"; } elsif ($postby eq "") { $newmessage = "

$L{BPAUTHERROR}

$L{BPAUTHERRORNONAME}"; } elsif ($FORM{'name'} !~ /\S/) { $newmessage = "

$L{BPAUTHERROR}

$L{BPAUTHERRORNONAME}"; } elsif ($FORM{"message"} eq "") { $newmessage = "

$L{BPADDMSGERROR}

$L{BPADDMSGERRORDESC}"; } elsif ($FORM{"new_conversation"} == 1 && $FORM{"subject"} eq "") { $newmessage = "

$L{BPCREATEERROR}

$L{BPCREATEERRORDESC}"; } else { $error_observed = 0; } $error_observed = 1 if $lint eq "!Error"; $message_hold = $FORM{'message'}; $message_hold =~ s/&/&/g; $message_hold =~ s/>/>/g; $message_hold =~ s//>/g; $subject_hold =~ s/\n"; print "$L{BPNORMALTITLE}\n" if $newsubj == 0; print "$L{BPCREATETITLE}\n" if $newsubj == 1; print "\n"; print "\n" if $FORM{'new_conversation'} == 1; print "\n" if $FORM{'isitok'} eq "okiedokie"; print "

\n"; &ex('printuntil', 3, 3, $topic_number, $title); open (FILE, "$message_dir/$topic_number/$me_number.$ext"); @file = ; close (FILE); if ($FORM{'isitok'} ne "okiedokie") { ($navbar) = &ex('prepare_navbar', @file); $navbar =~ m|^(.*): |; $pre = join("", $1, ": "); $url = "$message_url/$topic_number/$me_number.$ext"; $newsubj = 1 if $FORM{'new_conversation'} == 1; $javastr = &JavaScript_prepare($me_name); $pre .= "$me_name: "; } else { &extract("$FORM{'HTTP_REFERER'}"); local (@array) = ("$topic_number:$topic_name"); foreach $key (sort by_number keys(%level_number)) { push (@array, "$level_number{$key}:$level_name{$key}"); } $pre = "Page Manager: \n"; foreach $line (@array) { ($number,$name) = split(/:/, $line, 2); $pre .= "$name: "; } } $pre .= "$L{BPCREATEDISPLAY}" if $newsubj == 1; $pre .= "$L{BPNORMALDISPLAY}" if $newsubj == 0; for ($i = 5; $i <= 9; $i += 2) { &ex('printuntil', $i, $i, $topic_number, $title); } print "$pre\n"; print "

\n"; if (!($error_observed)) { print "$L{BPMESSAGEPOST}" if $newsubj == 0; print "$L{BPCREATEPOST}" if $newsubj == 1; print "

"; if ($warnanon == 1) { print "$L{BPWARNANONYMOUS}

\n"; } if ($lint ne "" && $possible_formatting_errors_notify == 1) { print "$L{BPPOSSIBLEFORMATTINGERRORS}

"; print "$L{BPPOSSIBLEFORMATTINGERRORSDESC}"; print "

\n"; print "

$lint

\n"; } &ex('printuntil', 11, 11, $topic_number, $title); print "\n"; print "
\n"; if ($newsubj == 1) { print "$L{BPSUBJECTTAG} $newsubject
\n"; } $pb = $L{POSTBY}; $postby = join("", "", $postby, "") if $warnanon == 1; ($datetime) = &ex('get_date_time', "long"); $pb =~ s/\%name/$postby/g; $pb =~ s/\%date/$datetime/g; print "$pb
\n"; } print "$newmessage"; if (!$error_observed) { print "
\n"; print "

\n"; print "\n"; print "\n" if !$error_observed; print " "; } else { print "'$cgiurlm$adminappend'\"> "; } print "\n"; } else { print "

\n"; } print "

\n"; &ex('printuntil', 13, 13, $topic_number); $privpub = "private"; open (USER, "$admin_dir/users.txt"); @users = ; close (USERS); @valid = grep(/:$owner\n?$/, @users); $privpub = "public" if grep(/^PUBLIC:/, @valid); open (FILE, "$admin_dir/addmessage-$privpub.txt"); @file = ; close (FILE); foreach $line (@file) { $line =~ s///g; $line = "" if $line =~ m|FORM>|; } $am = $L{ADDMESSAGE}; if ($newsubj == 1) { $flag = 0; foreach $line (@file) { if ($line =~ m|$am|i && $flag == 0) { print join("", $`, "$L{BPREVISESUBJECT}", $'); $flag = 1; } } print "

$L{BPREVISESUBJECT}

\n" if $flag == 0; print "$L{BPFSUBJECT}

\n"; print "

\n"; print "

\n"; } $flag = 0; foreach $line (@file) { if ($line =~ //) { $flag = 1; } elsif ($line =~ /|i) { $line = join("", $`, $message_hold, $&, $'); } print $line; } } print "

\n"; print "\n"; print "\n"; print "\n"; } else { print "'$cgiurlm$adminappend'\"> "; } print "

\n"; &ex('printuntil', 15, 15, $topic_number); &ex('printuntil', 17, 17, $topic_number); exit(0); } &error_message ("Error", "This page ($me_number) does not allow for public posting of messages!") if $param !~ /Add/ && $newsubj == 0 && $FORM{'isitok'} ne "okiedokie"; &error_message ("Error", "This page does not allow for public creation of conversations!") if $param !~ /Create/ && $newsubj == 1; &error_message ("Error", "Your username/password combination was invalid, or you are not allowed to post to this topic.") if $passwordline eq "invalid"; if ($double_post_protection_enabled) { open (LOG, "$admin_dir/log.txt"); @LOG = ; close (LOG); $now = time; $mh = $newmessage; $mh = &JavaScript_prepare($mh); $mh = &escape($mh); foreach $line (reverse(@LOG)) { ($index,$by,$time,$where,$addr,$host,$mt, $who2) = split(/;/, $line); last if ($now - $double_post_threshold) > $time; $mt =~ s/\s+$//; ($by2) = ($by =~ m|^(.*):|); if ($by2 eq $username && substr($mh, 0, length($mt)) eq $mt) { if ($where eq "$topic_number/$me_number" || $newsubj == 1) { if ($FORM{'isitok'} ne 'okiedokie') { $url = "$message_url/$where.$ext"; ($ts) = &ex('extract_lastmodified', "$topic_number:$me_number"); $url .= "?$ts" if !$noqm; } else { $url = "$cgiurlm$adminappend"; } ($head, $color, $lm, $sublist, $about, $about_src, $message, $message_src) = &get_page(split(/\//, $where)); $flag = 0; $source = ""; @msgsrc = split(/\n/, $message_src); foreach $line2 (@msgsrc) { if ($line2 =~ m||) { $flag = 1; } elsif ($line2 =~ m||) { $flag = 0; } elsif ($flag == 1) { $source .= $line2; } } $source =~ s/\s+$//; if ($source eq &escape($message_hold)) { &error_message("$L{BPALREADYPOSTED}", "$L{BPALREADYPOSTEDDESC}

$L{BPCLICKCONTINUE}

"); } } } } } #---- Create a New Page? ----# if ($newsubj == 1) { ($num) = &ex('get_number', 1); $newnum = $num; $pagetitle = $newsubject; ($dt) = &ex('get_date_time', "long"); $dt =~ s/\W//g; $me_number_hold = $me_number; &ex('new_file', $topic_number, $num, $me_number, $owner, $pagetitle); &ex('change_layout', $topic_number, $num, "MessagesAdd"); $url = "$message_url/$topic_number/$num.$ext"; $url .= "?$dt" if !$noqm; $newpage = $newsubject; $str = &JavaScript_prepare($newpage); $strg = "onMouseOver=\"return setStatus('$str')\""; ($ts) = &ex('get_date_time', "short"); $linex = "

$newpage "; $linex .= "$ts

\n"; ($head, $color, $lm, $sublist, $about, $about_src, $message, $message_src) = &get_page($topic_number, $me_number); if ($new_subtopics_go == 0) { &set_page($topic_number, $me_number, $head, $color, $lm, join("",$linex,$sublist), $about, $about_src, $message, $message_src); } else { &set_page($topic_number, $me_number, $head, $color, $lm, join("",$sublist,$linex), $about, $about_src, $message, $message_src); } &extract("//$topic_number/$num.$ext"); } ($postindex) = &ex('post_message',$topic_number,$me_number,$message_hold,$newmessage,$postby,$username,$groupname); ($dt) = &ex('get_date_time', "short"); ($ts) = &ex('get_date_time',"long"); $ts =~ s/\W//g; $newnum_number = $parent_number if $newnum_number == 0; &ex('update_time', $topic_number, $newnum_number, $me_number, $ts, $dt); $url = "$message_url/$topic_number/$me_number.$ext"; $url .= "?$ts" if !$noqm; &email_notification($owner,$passwordline, $postby, $newmessage) if $email_notification == 1; if ($newmessage !~ /

$L{BPIMGUPLOADTITLE}\n

\n"; for ($i = 3; $i <= 9; $i += 2) { &ex('printuntil', $i, $i, $topic_number, "$L{BPIMGUPLOADTITLE}"); } print "$L{BPIMGUPLOADINSTR}

\n"; print "

\n"; print "\n"; if ($FORM{'isitok'} ne "okiedokie") { print "$L{BPIMGUPLOADCANCEL1} \n"; } else { print "$L{BPIMGUPLOADCANCEL1} \n"; } print "$L{BPIMGUPLOADCANCEL2}. "; print "$L{BPIMGUPLOADCANCEL3}\n"; print "
\n"; for ($i = 15; $i <= 17; $i += 2) { &ex('printuntil', $i, $i, $topic_number); } exit(0); } sub check_password_and_permissions { local ($username, $guess, $group) = @_; local ($user, $ok, @passwd_line, $line, $pass, $test_pass, @group, $groupline); local ($field1, $field2, @valid); undef (@users); open (PASSWD, "$admin_dir/users.txt") || &error_message("Verify Password Error", "Cannot open password file (users.txt) for reading!"); @users = ; close (PASSWD); @valid = grep(/:$group(\n?)$/, @users); local ($public, $users, $moderators) = (0,0,0); $public = 1 if (grep(/^PUBLIC:/, @valid)); $users = 1 if (grep(/^USERS:/, @valid)); $moderators = 1 if (grep(/^MODERATORS:/, @valid)); $disabled = 1 if (grep(/^DISABLE:/, @valid)); open(PASSWD,"$admin_dir/passwd.txt") || &error_message("Verify Password Error", "Cannot open password file (passwd.txt) for reading!"); @passwd_line = ; close(PASSWD); $ok = ""; foreach $line (@passwd_line) { ($user, $pass) = split(/:/, $line, 3); if ($user eq $username) { $test_pass = crypt($guess, $pass); $ok = ""; $ok = "Yes" if $test_pass eq $pass; $ok = "No" if $guess eq ""; $ok = "No" if $pass eq ""; $ok = "Yes" if $COOKIE{'pass'} eq crypt($pass, "cookie"); $ok = "Yes" if $COOKIE{'cpwd'} eq crypt($pass, "cookie"); if ($COOKIE{'user'} ne $user && $ok eq "Yes") { &print_cookie_string($user); } if ($COOKIE{'cpwd'} ne crypt($pass, "cookie") && $ok eq "Yes") { &print_cookie_string("", length($FORM{'number'}), $pass); } if ($ok eq "Yes") { open (GROUP, "$admin_dir/groups.txt") || &error_message("Verify Password Error", "Cannot open groups file (groups.txt) for reading!"); @group = ; close (GROUP); ($groupline) = grep (/^$group:/, @group); chop ($groupline) if $groupline =~ /\n$/; ($field1, $field2) = split(/:/, $groupline); @valid = split(/,/, $field2); return $line if grep (/^$username$/, @valid); &error_message("$L{BPPOSTINGDISABLEDTITLE}", "$L{BPPOSTINGDISABLEDDESCR}") if $disabled; return $line if $moderators; return $line if $public; } } } open(PASSWD,"$admin_dir/users.txt") || &error_message("Verify Password Error", "Cannot open password file (users.txt) for reading!"); @passwd_line = ; close(PASSWD); $ok = ""; foreach $line (@passwd_line) { chop ($line) if $line =~ /\n/; ($user, $pass, $foo, $foo, $foo, $foo, $foo, $group_test) = split(/:/, $line); if ($user eq $username) { $test_pass = crypt($guess, $pass); $ok = ""; $ok = "Yes" if $test_pass eq $pass; $ok = "No" if $guess eq ""; $ok = "No" if $pass eq ""; $ok = "Yes" if $COOKIE{'cpwd'} eq crypt($pass, "cookie"); if ($COOKIE{'user'} ne $user && $ok eq "Yes") { &print_cookie_string($user); } if ($COOKIE{'cpwd'} ne crypt($pass, "cookie") && $ok eq "Yes") { &print_cookie_string("", length($FORM{'number'}), $pass); } if ($ok eq "Yes") { &error_message("$L{BPPOSTINGDISABLEDTITLE}", "$L{BPPOSTINGDISABLEDDESCR}") if $disabled; return $line if $group_test eq $group; return $line if $users; return $line if $public; } } } &error_message("$L{BPPOSTINGDISABLEDTITLE}", "$L{BPPOSTINGDISABLEDDESCR}") if $disabled; return "public user" if $public; return "invalid"; } sub send_email { local ($to, $postby, $message, $linein) = @_; $message .= " "; $to =~ s/[<>\|\\`#\$!'";]//g; $postby =~ s/<([^>]*)>//g; $message =~ s/
/\n/g; $message =~ s/ ([^

/$1/g; $message =~ s/

/\n\* /g; $message =~ s/<\/UL>/\n\n/g; $message =~ s/<([^>]*)>//g; $postby =~ s/&#(\d+);//g; $message =~ s/&#(\d+);/pack("c", $1)/ge; $message =~ s/>/>/g; $message =~ s/</; close (CONF); undef @res; foreach $line (@conf) { $line =~ s/#(.*)//; $line =~ s/^\s+//; $line =~ s/\s+$//; next if $line !~ /\S/; next if $line =~ /^#/; $line =~ s/\s+/ /g; push (@res, $line); } foreach $line (@res) { $line =~ m|^(\w+)\s?=\s?(.*)|; ($varname, $param) = ($1, $2); $P{$varname} = $param; } if ($P{'program_path'}) { $cmdline = " $P{'program_path'} "; } else { $flag = 0; } $opt = ""; $cmdline .= " $P{'command_line'} "; foreach $prm ('from_name', 'to', 'subj') { $par = "$to" if $prm eq "to"; $par = "$P{'from'}" if $prm eq "from_name"; $par = "$P{'subject'}" if $prm eq "subj"; if ($P{$prm} =~ m|<(.*)>|) { $key = $1; $opt .= "$key $par\n"; } else { $key = $P{$prm}; $par =~ s/["\\<>;\|]//g; $cmdline .= "-$key\"$par\" "; } } $opt .= "Reply-to: $replyto\n" if $replyto ne ""; } else { $flag = 0; } if ($flag == 1) { if (open (MAIL, "| $cmdline")) { print MAIL $opt; print MAIL "\n"; } else { open (MAIL, "| mail $to"); } } elsif ($mailprog =~ m|/sendmail$|) { $contact =~ m||; $fr = $1; open (MAIL, "| $mailprog -t"); print MAIL "To: $to\n"; print MAIL "From: \"$titlej\" <$fr>\n"; print MAIL "Subject: $L{BPEMAILSUBJECT}\n"; print MAIL "Reply-to: $replyto\n" if $replyto ne ""; print MAIL "\n"; } elsif ($mailprog =~ m|/mail$|) { open (MAIL, "| $mailprog $to -s '$L{BPEMAILSUBJECT}'"); } else { open (MAIL, "| mail $to"); } format MAIL = ~~^<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< $lineprint . ($date) = &ex('get_date_time', "long"); $titlestr = ""; $topic_temp = $topic_name; $titlestr = "$title: $topic_temp"; foreach $key (sort {$a <=> $b} keys(%level_number)) { $topic_temp = $level_name{$key}; $titlestr .= ": $topic_temp"; } $titlestr =~ s/ ([^

/$1/g; $titlestr =~ s/<([^>]*)>//g; $titlestr =~ s/&#(\d+);/pack("c", $1)/ge; $titlestr =~ s/>/>/g; $titlestr =~ s/</; close (PASSWD); open (GROUP, "$admin_dir/groups.txt"); @group = ; close (GROUP); ($thegroup) = grep(/^$group:/, @group); ($foo, $thegroup) = split(/:/, $thegroup); chop ($thegroup) if $thegroup =~ /\n$/; @members = split(/,/, $thegroup); foreach $member (@members) { ($theline) = grep(/^$member:/, @passwd); ($user, $pass, $address, $fullname, $profile, $want) = split(/:/, $theline); if ($want >= 2 && $theline ne $linein) { if ($address =~ /^([\w\.\-\+]+)\@([\w\.\-\+]+)$/) { &send_email($address, $postby, "$message", $theline); } } } open (PASSWD, "$admin_dir/users.txt"); @passwd = ; close (PASSWD); @members = grep (/:$group_hold(\n?)$/, @passwd); foreach $member (@members) { $theline = $member; chop ($theline) if $theline =~ /\n$/; ($user, $pass, $address, $fullname, $profile, $want, $other) = split(/:/, $theline); if (($want == 2 || $want == 3) && ($theline ne $linein)) { if ($address =~ /^([\w\.\-\+]+)\@([\w\.\-\+]+)$/) { &send_email($address, "$postby", $message, $theline); } } } }