ftp.sunet.sepub/pictures

home *** CD-ROM | disk | FTP | other *** search

/ ftp.sunet.sepub/pictures / 2014.11.ftp.sunet.se-pictures.tar / ftp.sunet.se / pub / pictures / ACiD-artpacks / www / mirrors / acheron / cgi-bin / discus / board-image.cgi < prev next >

Wrap

Text File | 1999-01-26 | 12KB | 300 lines

#!/usr/bin/perl $discus_conf = '/usr/local/www/www.acheron.org/discus_admin_245059122/discus.conf'; #Discus board image upload script #------------------------------------------------------------------------------- # This script is copyright (c) 1998 by DiscusWare, LLC, all rights reserved. # Its use is subject to the license agreement that can be found at the following # URL: http://www.chem.hope.edu/discus/license #------------------------------------------------------------------------------- if (open (FILE, "$discus_conf")) { @file = <FILE>; close (FILE); $evals = ""; foreach $line (@file) { if ($line =~ /^(\w+)=(.*)/) { $varname = $1; $value = $2; $value =~ s/'/\\'/g; $value =~ s/\r//g; $evals .= "\$$varname='$value'; "; } } eval($evals); require "$admin_dir/source/src-board-subs-common"; } else { print "Content-type: text/html\n\n"; print "<HTML><HEAD><TITLE>Script Execution Error</TITLE></HEAD>\n"; print "<BODY BGCOLOR=#ffffff TEXT=#000000>\n"; print "<H1>Script Execution Error</H1>\n"; print "Discus scripts could not execute because the discus.conf file\n"; print "could not be opened."; print "<P>Reason: <FONT COLOR=#ff0000><B>$!</B></FONT>" if $!; print "<P>This generally indicates a setup error of some kind.\n"; print "Consult the <A HREF=\"http://www.chem.hope.edu/discus/rc\">Discus "; print "Resource Center</A> for troubleshooting information.</BODY></HTML>\n"; exit(0); } require "$admin_dir/source/src-board-subs-admin"; ###################### MIME TYPES FOR ACCEPTABLE IMAGES ###################### $extension{"image/gif"} = "gif"; $tag{"image/gif"} = "image_alreadyuploaded"; $extension{"image/jpeg"} = "jpg"; $tag{"image/jpeg"} = "jpeg_alreadyuploaded"; $extension{"image/pjpeg"} = "jpg"; $tag{"image/pjpeg"} = "jpeg_alreadyuploaded"; ################################################ # Script Starts Here ################################################ &parse_multipart; &read_cookie; if ($FORM{'action'} =~ /profile/) { &ex('image_handler_PRO', 1); exit(0); } &extract($FORM{'HTTP_REFERER'}); $FORM{'name'} = $FORM{'username'} if $FORM{'username'} ne ""; $FORM{'number'} = $FORM{'passwd'} if $FORM{'passwd'} ne ""; $name2 = $FORM{'name'}; $name2 =~ tr/A-Z/a-z/; $number2 = $FORM{'number'}; $number2 =~ tr/A-Z/a-z/; ($auth, $passwordline, $poster_type) = &ex('verify_postread_privileges', $topic_number, $name2, $password_input, $number2, "posting"); if ($ENV{'HTTP_REFERER'} ne "$script_url/board-post.$cgi_extension" && $ENV{'HTTP_REFERER'} ne "$script_url/board-image.$cgi_extension") { &error_message("Invalid Referer", "You are not accessing this page from an acceptable referring page. What are you trying to do?"); } if ($FORM{'queue'}) { $FORM{'queue'} =~ s/\D//g; if (!-e "$admin_dir/queue/$FORM{'queue'}.txt") { &error_message("Message Queue Error", "The message you are attempting to access is no longer in the queue."); } } $formpostindex = $FORM{'postindex'}; $formpostindex =~ s/\D//g; if (!$FORM{'queue'} ) { &lock("$message_dir/$topic_number/$me_number.$ext"); $filename = "$topic_number/$me_number.$ext"; ($head, $color, $lm, $ann, $ann_src, $sublist, $about, $about_src, $message_in, $message_src) = &get_page($topic_number,$me_number); if (-e "$message_dir/$filename") { $secure = 0; } else { $secure = 1; } @src = split(/\n/,$message_src); $flag = 0; foreach $line (@src) { if ($line =~ m|<!-Source: $formpostindex-|) { $flag = 1; } elsif ($line =~ m|<!-/Source: $formpostindex-|) { $flag = 0; } elsif ($flag == 1) { $srcline = $line; } } } else { $filename = "$admin_dir/queue/$FORM{'queue'}.txt"; &lock($filename); open (QUEUE, $filename); @queue = <QUEUE>; close (QUEUE); ($message_src) = grep(/^SOURCE: /, @queue); $message_src =~ s/^(\w+): (.*)/$2/; $srcline = $message_src; $queue = 1; &unlock($filename); } $adminappend = "?username=$FORM{'name'}"; $adminappend .= "&HTTP_REFERER=$FORM{'HTTP_REFERER'}&action=page_editor"; ($bgcolor, $text, $link, $vlink, $alink, $face, $size, $image) = &ex('extract_colorsonly', 1); undef %status; undef %statuscode; undef @statusorder; undef %descr; $srcline = &unescape($srcline); while ($srcline =~ m|\\image_notuploaded\{(\d+),([^\}]*)\}|) { ($counter, $description, $before, $after) = ($1, $2, $`, $'); $descr{$counter} = $description; $FORMNAME{$counter} = "Image$counter"; push (@statusorder, $counter); $formname = "Image$counter"; $content = $CONTENT{$formname}; if ($content =~ m|mac/unknown|) { $content = "image/gif" if $FILE{$formname} =~ m|^GIF|i; $content = "image/jpeg" if $FILE{$formname} !~ m|^GIF|i; } if ($FILE{$formname} eq "") { $status{$counter} = $FILENAME{$formname}; $statuscode{$counter} = 2; $srcline = join("", $before, "\\image_notuploaded*{$counter,$description}", $after); } elsif (!grep(/^$content$/, keys(%tag))) { $status{$counter} = $content; $statuscode{$counter} = 1; $srcline = join("", $before, "\\image_notuploaded*{$counter,$description}", $after); } elsif ($poster_type == 8 && length($FILE{$formname}) > ($GLOBAL_OPTIONS{'public_maxsize'} * 1000) && $GLOBAL_OPTIONS{'public_maxsize'} != 0) { $statuscode{$counter} = 3; $srcline = join("", $before, "\\image_notuploaded*{$counter,$description}", $after); } elsif ($poster_type != 8 && length($FILE{$formname}) > ($GLOBAL_OPTIONS{'registered_maxsize'} * 1000) && $GLOBAL_OPTIONS{'registered_maxsize'} != 0) { $statuscode{$counter} = 3; $srcline = join("", $before, "\\image_notuploaded*{$counter,$description}", $after); } else { $newtag = $tag{$content}; $newext = $extension{$content}; ($num) = &ex('get_number', 1); $srcline = join("", $before, "\\", $newtag, "{$num,$description}", $after); $filename = "$message_dir/$topic_number/$num.$newext" if (!$queue && -e "$message_dir/$topic_number"); $filename = "$secdir/$topic_number/$num.$newext" if (!$queue && !-e "$message_dir/$topic_number"); $filename = "$admin_dir/queue/$num.$newext" if $queue; open (FILE, ">$filename"); eval 'binmode(FILE);'; print FILE $FILE{$formname}; close (FILE); chmod(0644, $filename); $status{$counter} = length($FILE{$formname}); $statuscode{$counter} = 0; $redoflag = 1; } } while ($srcline =~ m|\\image_notuploaded\*\{(\d+),([^\}]*)\}|) { ($counter, $description, $before, $after) = ($1, $2, $`, $'); $srcline = join("", $before, "\\image_notuploaded{$counter,$description}", $after); } if ($pro) { ($srcline) = &ex('attachment_upload', $srcline, $topic_number, $queue, $poster_type); } $srcline =~ s/\"/"/g; $srcline =~ s/\</</g; $srcline =~ s/\>/>/g; $srcline =~ s/\&/&/g; $srcline_new = $srcline; $srcline = &escape($srcline_new); ($lint, $message_var_replace) = &ex('webtags', $srcline_new, 0, 1); if (!$queue) { @msg = split(/\n/, $message_in); $flag = 0; $ctr = 0; foreach $line (@msg) { $ctr += 1; if ($line =~ m|<!-/Post: $formpostindex-!>|) { $flag = ($ctr-1); } } if ($flag) { $msg[$flag-1] = $message_var_replace; } @src = split(/\n/, $message_src); $flag = 0; foreach $line (@src) { if ($line =~ m|<!-Source: $formpostindex-|) { $flag = 1; } elsif ($line =~ m|<!-/Source: $formpostindex-|) { $flag = 0; } elsif ($flag == 1) { $line = $srcline; } } $message_var = join("\n", @msg); $new_source = join("\n", @src); &set_page($topic_number, $me_number, $head, $color, $lm, $ann, $ann_src, $sublist, $about, $about_src, $message_var, $new_source) if !$queue; &unlock("$message_dir/$topic_number/$me_number.$ext"); } else { $filename = "$admin_dir/queue/$FORM{'queue'}.txt"; &lock($filename); open (QUEUE, "$filename"); @queue = <QUEUE>; close (QUEUE); @queue = grep(!/^TEXT:/, @queue); @queue = grep(!/^SOURCE:/, @queue); push (@queue, "TEXT: " . &escape($message_var_replace) . "\n"); push (@queue, "SOURCE: " . $srcline . "\n"); open (QUEUE, ">$filename"); print QUEUE @queue; close (QUEUE); &unlock($filename); } $error = 0; foreach $key (keys(%statuscode)) { $error = 1 if $statuscode{$key} != 0; } if ($error == 0) { if ($queue) { &ex('queue_submitted', $topic_number, $me_number, $adminappend, $FORM{'isitok'}); } elsif ($FORM{'isitok'} eq "okiedokie") { &seturl("$cgiurlm$adminappend"); } else { if (-e "$message_dir/$topic_number/$me_number.$ext") { $lmstuff = "?$lm" if !$noqm; &seturl("$message_url/$topic_number/$me_number.$ext$lmstuff"); } else { &seturl("$script_url/board-auth.$cgi_extension?file=/$topic_number/$me_number.$ext&lm=$lm"); } } } &header; &ex('printuntil', 1, 1, 0, $L{BI_UPLOAD_ERROR_TITLE}); print "<CENTER><FONT SIZE=+1><B>$L{BI_UPLOAD_ERROR_TITLE}</B></FONT></CENTER><HR>\n"; print $L{BI_UPLOAD_ERROR_MESSAGE}; print "<P><HR>\n"; &ex('printuntil', 3, 11, 0, "", 0, 1); print "<FORM ACTION=\"$script_url/board-image.$cgi_extension\" METHOD=POST ENCTYPE=\"multipart/form-data\">\n"; foreach $num (@statusorder) { next if $statuscode{$num} == 0; print "$L{BPPROVIDEFILE} <B>$descr{$num}</B>:<P>\n"; $formname = $FORMNAME{$num}; if ($statuscode{$num} == 1) { $fmt = $CONTENT{"Image$num"}; $fmtstr = $L{BI_UPLOAD_ERROR_BADFORMAT}; $fmtstr =~ s/\%format/$fmt/g; print "<UL>$fmtstr</UL>\n"; print "<P>\n"; } elsif ($statuscode{$num} == 2) { print "<UL>$L{BI_UPLOAD_ERROR_NODATA}</UL>\n"; print "<P>\n"; } elsif ($statuscode{$num} == 3) { $fmtstr = $L{BI_UPLOAD_EXCEEDED_MAXLENGTH}; $maxsize = $GLOBAL_OPTIONS{'public_maxsize'} if $poster_type == 8; $maxsize = $GLOBAL_OPTIONS{'registered_maxsize'} if $poster_type != 8; $yoursize = length($FILE{$formname}); $yoursize = ($yoursize / 1000); if ($yoursize =~ m|\.|) { $yoursize = $`; } $fmtstr =~ s/\%maxsize/$maxsize/g; $fmtstr =~ s/\%yoursize/$yoursize/g; print "<UL>$fmtstr</UL>\n"; print "<P>\n"; } $ctr++; print "<TABLE><TR><TD><INPUT TYPE=FILE NAME=\"Attachment$num\" SIZE=40></TD></TR></TABLE>\n" if $formname =~ m|Attachment|; print "<TABLE><TR><TD><INPUT TYPE=FILE NAME=\"Image$num\" SIZE=40></TD></TR></TABLE>\n" if $formname =~ m|Image|; print "<HR>\n"; } print "<INPUT TYPE=SUBMIT VALUE=\"$L{BPIMGUPLOADBUTTON}\">\n"; print "<INPUT TYPE=HIDDEN NAME=name VALUE=\"$FORM{'name'}\">\n"; print "<INPUT TYPE=HIDDEN NAME=number VALUE=\"$FORM{'number'}\">\n"; print "<INPUT TYPE=HIDDEN NAME=HTTP_REFERER VALUE=\"$FORM{'HTTP_REFERER'}\">\n"; print "<INPUT TYPE=HIDDEN NAME=postindex VALUE=\"$FORM{'postindex'}\">\n"; print "<INPUT Type=hidden name=\"isitok\" value=\"okiedokie\">\n" if $FORM{'isitok'} eq "okiedokie"; print "<INPUT TYPE=HIDDEN NAME=queue VALUE=\"$FORM{'queue'}\">\n"; print "<HR></FORM>\n"; &extract($FORM{'HTTP_REFERER'}); $secure = 0; $secure = 1 if !-e "$message_dir/$topic_number"; $url = "$message_url/$topic_number/$me_number.$ext" if !$secure; $url = "$script_url/board-auth.$cgi_extension?file=/$topic_number/$me_number.$ext&lm=$ts" if $secure; if ($FORM{'isitok'} ne "okiedokie") { print "$L{BPIMGUPLOADCANCEL13_00} <A HREF=\"$url\">\n"; } else { print "$L{BPIMGUPLOADCANCEL13_00} <A HREF=\"$cgiurlm$adminappend\">\n"; } print "$L{BPIMGUPLOADCANCEL2}</A>. "; print "$L{BPIMGUPLOADCANCEL33_00}\n"; &ex('printuntil', 13, 17, 0, "", 0, 1); exit(0); sub parse_multipart { &ex('default_mime_types', 1) if $pro; $type = $ENV{'CONTENT_TYPE'}; ($boundary) = ($type =~ /boundary=(.*)/); $boundary = "--" . $boundary; $length = $ENV{'CONTENT_LENGTH'}; $len = 0; $input = ""; eval 'binmode(STDIN);'; while ($len < $length) { $buf = ""; $len += sysread(STDIN, $buf, $length); $input .= $buf; } @input_pairs = split(/$boundary/, $input); foreach $line (@input_pairs) { ($header, $body) = split(/\r\n\r\n|\n\n/, $line, 2); $body =~ s/\r\n$//; $header =~ /name="([^"]+)"/; $formname = $1; $header =~ /filename="([^"]+)"/; $filename = $1; if ($header =~ /Type: (.*)/) { $content = $1; $FILE{$formname} = $body; $CONTENT{$formname} = $content; ($FILENAME{$formname}) = &ex('parse_filename', $filename); } elsif ($header =~ m|filename="|) { $content = "mac/unknown"; $FILE{$formname} = $body; $CONTENT{$formname} = $content; ($FILENAME{$formname}) = &ex('parse_filename', $filename); } elsif ($formname =~ /^(\w+)$/) { $FORM{$formname} = $body if $FORM{$formname} eq ""; $FORM{$formname} =~ s/\r//g; } } }