home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
ftp.sunet.sepub/pictures
/
2014.11.ftp.sunet.se-pictures.tar
/
ftp.sunet.se
/
pub
/
pictures
/
ACiD-artpacks
/
www
/
mirrors
/
hirez
/
cgi-bin
/
discus
/
board-admin-2.cgi
< prev
next >
Wrap
Text File
|
1999-02-12
|
17KB
|
419 lines
#!/usr/bin/perl
$discus_conf = '/usr/local/www/www.hirez.org/discus_admin_149349189/discus.conf';
#Discus board administration script (board-admin-2.cgi)
#-------------------------------------------------------------------------------
# This script is copyright (c) 1998 by DiscusWare, LLC, all rights reserved.
# Its use is subject to the license agreement that can be found at the following
# URL: http://www.chem.hope.edu/discus/license
#-------------------------------------------------------------------------------
if (open (FILE, "$discus_conf")) {
@file = <FILE>;
close (FILE);
$evals = "";
foreach $line (@file) {
if ($line =~ /^(\w+)=(.*)/) {
$varname = $1;
$value = $2;
$value =~ s/'/\\'/g; $value =~ s/\r//g;
$evals .= "\$$varname='$value'; ";
}
}
eval($evals);
require "$admin_dir/source/src-board-subs-common";
} else {
print "Content-type: text/html\n\n";
print "<HTML><HEAD><TITLE>Script Execution Error</TITLE></HEAD>\n";
print "<BODY BGCOLOR=#ffffff TEXT=#000000>\n";
print "<H1>Script Execution Error</H1>\n";
print "Discus scripts could not execute because the discus.conf file\n";
print "could not be opened.";
print "<P>Reason: <FONT COLOR=#ff0000><B>$!</B></FONT>" if $!;
print "<P>This generally indicates a setup error of some kind.\n";
print "Consult the <A HREF=\"http://www.chem.hope.edu/discus/rc\">Discus ";
print "Resource Center</A> for troubleshooting information.</BODY></HTML>\n";
exit(0);
}
require "$admin_dir/source/src-board-subs-admin";
&parse_form;
&read_cookie;
#-------------------------------------------------------------------------------
# BOARD MANAGER ACTIONS AND OTHER RELATED FUNCTIONS
#-------------------------------------------------------------------------------
if ($FORM{'action'} eq "topic_description") {
&error_message('Permissions Error', 'Only the superuser may access this functionality!') if $FORM{'username'} ne "$superuser";
&check_passwd;
$topic_number = $FORM{'HTTP_REFERER'} if $FORM{'HTTP_REFERER'};
$topic_number = $FORM{'topic'} if $FORM{'topic'};
if ($FORM{'submit'} !~ /Preview/) {
$message = $FORM{'message'};
($lint, $message_in) = &ex('webtags', $message, 1, 1);
$FORM{'submit'} = "Preview" if $lint eq "!Error";
}
if ($FORM{'submit'} !~ "Preview") {
$source = &escape($message);
&ex('save_description', $topic_number, $message_in, $source);
&extract("//$topic_number/$topic_number.$ext");
&ex('rename_topic_form', $topic_name, $topic_number, $FORM{"username"}, &unescape($source));
exit(0);
} else {
($message_in) = &ex('webtags', $FORM{"message"},1);
$FORM{'message'} =~ s/</</g;
$FORM{'message'} =~ s/>/>/g;
$FORM{'message'} =~ s/&/&/g;
$FORM{'message'} =~ s/"/"/g;
&ex('preview_admin_message', $FORM{"message"}, $message_in, $FORM{'username'}, $topic_number, "topic_description", "Topic Description");
exit(0);
}
}
if ($FORM{'action'} eq 'Add_Topic') {
&error_message('Permissions Error', 'Only the superuser may access the "Add New Topic" functionality!') if $FORM{'username'} ne "$superuser";
&check_passwd;
($new_topic) = &ex('webtags',$FORM{'topic'},3);
$group = $FORM{'group'};
$group =~ tr/A-Z/a-z/;
$group =~ s/\W//g;
&error_message('Group Specification Error', 'You did not specify a valid group!') if $group eq "";
&ex('add_topic', $new_topic, $group, $FORM{'privs'}, $FORM{'templ'}, $FORM{'topic'});
&ex('board_manager', $FORM{"username"}); exit(0);
exit(0);
}
if ($FORM{'action'} eq 'board_toppage') {
&error_message('Permissions Error', 'Only the superuser may access this functionality!') if $FORM{'username'} ne "$superuser";
&check_passwd;
if ($FORM{'Bold'}) { $boldon = 1; } else { $boldon = 0; }
if ($FORM{'Group'}) { $groupon = 1; } else { $groupon = 0; }
if ($FORM{'Date'}) { $dateon = 1; } else { $dateon = 0; }
if ($FORM{'Lock'}) { $lockon = 1; } else { $lockon = 0; }
if ($FORM{'Hide'}) { $hideon = 1; } else { $hideon = 0; }
&ex('change_board_toppage', $boldon, $groupon, $dateon, $lockon, $hideon);
&ex('board_manager', $FORM{"username"}); exit(0);
}
if ($FORM{'action'} eq 'topics') {
if ($FORM{'SELECTION'} =~ /delete(\w+)/) {
$todo = $1;
&error_message('Permissions Error', 'Only the superuser may access this functionality!') if $FORM{'username'} ne "$superuser";
&check_passwd;
if ($todo ne "all") {
$todo =~ s/\D//g;
if ($todo != 0) {
&ex('remove_topic', $todo);
}
} else {
@mark = split(/,/, $FORM{'MARK'});
foreach $num (@mark) {
$num =~ s/\D//g;
&ex('remove_topic', $num) if $num != 0;
}
}
&ex('board_manager', $FORM{"username"}); exit(0);
exit(0);
} elsif ($FORM{'SELECTION'} =~ /properties(\d+)/) {
$todo = $1;
&error_message('Permissions Error', 'Only the superuser may access this functionality!') if $FORM{'username'} ne "$superuser";
&check_passwd;
open (TOP, "$message_dir/board-topics.html"); @top = <TOP>; close (TOP);
($srcline) = grep(/^<!-Source: $todo-!>/, @top);
if ($srcline =~ m|<!-Source: $todo-!>|) {
$srcline = $'; $srcline = &unescape($srcline);
}
&extract ("//$todo/$todo.$ext");
&ex('rename_topic_form', $topic_name, $todo, $FORM{"username"}, $srcline);
exit(0);
} elsif ($FORM{'SELECTION'} =~ /group(\w+)/) {
$todo = $1;
&error_message('Permissions Error', 'Only the superuser may access this functionality!') if $FORM{'username'} ne "$superuser";
&check_passwd;
if ($todo ne "all") {
$todo =~ s/[^\d,]//g;
if ($todo != 0) {
&ex('change_topic_group_form', $todo, $FORM{"username"});
}
} else {
&ex('change_topic_group_form', $FORM{'MARK'},$FORM{"username"});
}
&ex('board_manager', $FORM{"username"}); exit(0);
} elsif ($FORM{'SELECTION'} =~ /reorderall/) {
undef @data;
undef @datakeys;
foreach $key (keys(%FORM)) {
if ($key =~ m|^ORDER(\d+)|) {
push (@data, $1);
push (@dataval, $FORM{$key});
}
}
@array = @data[sort {$dataval[$a] <=> $dataval[$b]} $[..$#data];
$arraystr = join(":", @array);
&ex('reorder_topics', $arraystr);
&ex('board_manager', $FORM{"username"}); exit(0);
}
}
if ($FORM{'action'} eq 'rename_a_topic') {
&error_message('Permissions Error', 'Only the superuser may access the "Rename Topic" functionality!') if $FORM{'username'} ne "$superuser";
&check_passwd;
($newname) = &ex('webtags', $FORM{"newname"},3);
$newname = &remove_links($newname);
&error_message("Rename Error", "You didn't specify a new topic name!") if $newname eq "";
&error_message("Formatting Error", "The following formatting error was returned:<BR><BR>$newname<BR><BR>") if $newname =~ /<H3>FORMATTING/i;
$topic = $FORM{'topic'};
$topic =~ s/\D//g;
&error_message("Rename Error", "You didn't specify a valid initial topic!") if $topic == 0;
&ex('rename_topic', $topic,$newname);
&ex('board_manager', $FORM{"username"}); exit(0);
exit(0);
}
if ($FORM{'action'} eq 'main_message' || $FORM{'action'} eq 'title_message') {
&check_passwd;
&error_message('Permissions Error', 'Only the superuser may change this property!') if $FORM{'username'} ne "$superuser";
if ($FORM{'submit'} !~ /Preview/) {
$message = $FORM{'message'};
($lint, $message_in) = &ex('webtags', $message, 1, 1);
$FORM{'submit'} = "Preview" if $lint eq "!Error";
}
if ($FORM{'submit'} !~ "Preview") {
$source = &escape($message);
$sub = "change_$FORM{'action'}";
&ex($sub, $message_in, $source);
&ex('board_manager', $FORM{"username"}); exit(0);
} else {
($message_in) = &ex('webtags', $FORM{"message"},1);
$FORM{'message'} =~ s/</</g;
$FORM{'message'} =~ s/>/>/g;
$FORM{'message'} =~ s/&/&/g;
$FORM{'message'} =~ s/"/"/g;
$descr = "Main Message" if $FORM{'action'} eq "main_message";
$descr = "Title Message" if $FORM{'action'} eq "title_message";
&ex('preview_admin_message', $FORM{"message"}, $message_in, $FORM{'username'}, "", $FORM{'action'}, $descr);
exit(0);
}
}
if ($FORM{'action'} eq 'meta_tags_top') {
&error_message('Permissions Error', "Only the superuser may change META Tags!") if $FORM{'username'} ne "$superuser";
&check_passwd;
&ex('save_top_meta_tags', $FORM{'DESCRIPTION'}, $FORM{'KEYWORDS'}, $FORM{'ROBOTS'});
if ($FORM{'applyall'}) {
open (MAIN, "$message_dir/board-topics.html"); @main = <MAIN>; close (MAIN);
@tpc = grep(/^<!-Top: (\d+)/, @main);
foreach $line (@tpc) {
if ($line =~ m|^<!-Top: (\d+)-!>|) {
&ex('save_topic_meta_tags', $1, $FORM{'DESCRIPTION'}, $FORM{'KEYWORDS'}, $FORM{'ROBOTS'});
}
}
}
&ex('board_manager', $FORM{"username"}); exit(0);
}
if ($FORM{'action'} eq 'meta_tags_topic') {
&error_message('Permissions Error', "Only the superuser may change META Tags!") if $FORM{'username'} ne "$superuser";
&check_passwd;
&extract("//$FORM{'topic'}/$FORM{'topic'}.$ext");
&ex('save_topic_meta_tags', $FORM{'topic'}, $FORM{'DESCRIPTION'}, $FORM{'KEYWORDS'}, $FORM{'ROBOTS'});
open (TOP, "$message_dir/board-topics.html"); @top = <TOP>; close (TOP);
$todo = $FORM{'topic'};
($srcline) = grep(/^<!-Source: $todo-!>/, @top);
if ($srcline =~ m|<!-Source: $todo-!>|) {
$srcline = $'; $srcline = &unescape($srcline);
}
&extract ("//$todo/$todo.$ext");
&ex('rename_topic_form', $topic_name, $todo, $FORM{"username"}, $srcline);
}
if ($FORM{'action'} eq 'change_topic_group') {
&error_message('Permissions Error', "Only the superuser may change a topic's group!") if $FORM{'username'} ne "$superuser";
&check_passwd;
$group = $FORM{'group'}; $group =~ tr/A-Z/a-z/; $group =~ s/\W//g;
&error_message('Group Specification Error', 'You did not specify a valid group!') if $group eq "";
$topic = $FORM{'topics'}; $topic =~ s/[^\d,]//g;
&error_message("Invalid Topic", "Topic selected is not valid.") if $topic eq "";
@topics = split(/,/, $topic);
foreach $line (@topics) {
$line =~ s/\D//g;
&ex('change_topic_group', $line, $group, $FORM{'smart'});
}
&ex('board_manager', $FORM{"username"}); exit(0);
}
if ($FORM{'action'} eq "board_appearance") {
&error_message('Permissions Error', 'Only the superuser may change the board appearance!') if $FORM{'username'} ne "$superuser";
&check_passwd;
$FORM{'bgcolor'} =~ s/[^\w#\s]//g;
$FORM{'text'} =~ s/[^\w#\s]//g;
$FORM{'link'} =~ s/[^\w#\s]//g;
$FORM{'vlink'} =~ s/[^\w#\s]//g;
$FORM{'alink'} =~ s/[^\w#\s]//g;
$FORM{'size'} =~ s/\D//g;
$FORM{'face'} =~ s/[<>"&'\[\];]//g;
$FORM{'image'} =~ s/[<>"&'\[\];]//g;
if ($FORM{'submit'} =~ /Preview/) {
&ex('preview_board_colors', $FORM{"bgcolor"}, $FORM{"text"}, $FORM{"link"}, $FORM{"vlink"}, $FORM{"alink"}, $FORM{"face"}, $FORM{"size"}, $FORM{"username"}, $FORM{"image"}, $FORM{"move_board"});
exit(0);
} else {
&ex('upgrade_file_structure', 1);
&ex('change_board_colors', $FORM{"bgcolor"}, $FORM{"text"}, $FORM{"link"}, $FORM{"vlink"}, $FORM{"alink"}, $FORM{"face"}, $FORM{"size"}, $FORM{"image"}, $FORM{"move_board"});
&ex('board_manager', $FORM{"username"}); exit(0);
}
}
#-------------------------------------------------------------------------------
# MODERATOR MANAGER ACTIONS AND OTHER RELATED FUNCTIONS
#-------------------------------------------------------------------------------
if ($FORM{'action'} eq "add_moderator") {
&error_message('Permissions Error', 'Only the superuser may access the "Add New Moderator" functionality!') if $FORM{'username'} ne "$superuser";
&check_passwd;
&ex('add_moderator', $FORM{"username"}, $FORM{"user"}, $FORM{"pass_1"}, $FORM{"pass_2"}, $FORM{'email'}, $FORM{'fullname'});
&ex('moderator_mgr', $FORM{"username"}); exit(0);
}
if ($FORM{'action'} eq "moderator_form") {
&error_message("Permissions Error", "Only the superuser may delete and edit moderators!") if $FORM{'username'} ne $superuser;
&check_passwd;
if ($FORM{'SELECTION'} =~ /^delete(.*)/) {
$remove = $1;
if ($remove ne "All") {
&ex('delete_moderator', $remove) if $remove ne $superuser;
} else {
@mark = split(/,/, $FORM{'MARK'});
@mark = grep(!/^$superuser$/, @mark);
foreach $user (@mark) {
&ex('delete_moderator', $user);
}
}
&ex('moderator_mgr', $FORM{"username"}); exit(0);
} elsif ($FORM{'SELECTION'} =~ /^edit(.*)/) {
$edit = $1;
&ex("profile_editor_screen", "passwd", $edit, "", $FORM{"username"}, "$cgiurl2", "profile_moderator", 2) if !$pro;
&ex("profile_editor_screen_PRO", "passwd", $edit, "", $FORM{"username"}, "$cgiurl2", "profile_moderator", 2) if $pro;
exit(0);
}
}
if ($FORM{'action'} eq "profile_moderator") {
&check_passwd;
&error_message("Permissions Error", "Only the superuser may access this functionality!") if $FORM{'username'} ne $superuser;
$act2 = $FORM{'action2'};
$username = $FORM{'username_edit'};
open (PASSWD, "$admin_dir/passwd.txt"); @passwd = <PASSWD>; close (PASSWD);
($result) = grep(/^$username:/, @passwd);
$result = "PASSWD:$result";
@result = ($result);
if ($act2 eq "infosave") {
$email = $FORM{'profile_email'};
$full = $FORM{'profile_fullname'};
if ($email =~ m|^([\w\-\+\.]+)\@([\w\-\+\.]+)$|) {
$email_new = $email;
} else {
$email_new = "email";
}
if ($full eq "") {
$full = "fullname";
} else {
$full =~ s/\n//g;
$full =~ s/[:<>]//g;
}
&ex('save_profile_information', "", $email_new, $full, "", "", "", "", @result);
} elsif ($act2 eq "notifysave") {
if (!$pro) {
undef @em;
foreach $key (keys(%FORM)) {
if ($key =~ m|^notify_(\d+)|) {
push (@em, $1);
}
}
$emr = join(",", @em); $emr = "*" if $emr eq "";
&ex('save_profile_information', "", "", "", "", $emr, "", "", @result);
} else {
&ex('select_by_subtopics', "passwd", $FORM{"username_edit"}, $FORM{'group'}, $FORM{"username"}, "$cgiurl2", "profile_moderator", 2) if $FORM{'submit'} eq $L{PRED_FIRSTLEVEL};
&ex('notify_save_pro', $FORM{'username_edit'}, $FORM{'username'});
}
} elsif ($act2 eq "changepass") {
$p1 = $FORM{'pass_1'}; $p2 = $FORM{'pass_2'};
$p1 =~ tr/A-Z/a-z/; $p2 =~ tr/A-Z/a-z/;
while ($p1 =~ m|(\W)|g) {
$o = ord($1); $m = $1;
&error_message("Change Password Error", "Password is invalid (password may not contain the character <B>$m</B>).") if $o < 126;
}
&error_message("Change Password Error", "Password is invalid (must contain 1 to 20 characters)") if (length($p1) < 1 || length($p1) > 20);
srand(time);
undef (@salt);
for ($i=1; $i<=4; $i++) {
push (@salt, int(rand(26))+65);
}
$salt = pack('c4', @salt);
$new_password = crypt($p1, $salt);
&ex('save_profile_information', $new_password, "", "", "", "", "", "", @result);
} elsif ($act2 eq "editpriv") {
$FORM{'editing'} =~ s/\D//g;
&ex('save_profile_information', "", "", "", $FORM{'editing'}, "", "", "", @result);
} elsif ($FORM{'action2'} eq "preferences") {
@result_save = @result;
&ex('prefs_save_pro', 1);
} elsif ($FORM{'action2'} eq "infosection") {
@result_save = @result;
&ex('info_save_pro', 1);
} elsif ($act2 eq "picture") {
&ex('clear_picture', @result);
}
&ex("profile_editor_screen", "passwd", $username, "", $FORM{"username"}, "$cgiurl2", "profile_moderator", 2) if !$pro;
&ex("profile_editor_screen_PRO", "passwd", $username, "", $FORM{"username"}, "$cgiurl2", "profile_moderator", 2) if $pro;
exit(0);
}
#-------------------------------------------------------------------------------
# GROUP MANAGER ACTIONS AND OTHER RELATED FUNCTIONS
#-------------------------------------------------------------------------------
if ($FORM{'action'} eq "add_group") {
&error_message('Permissions Error', 'Only the superuser may access the "Add New Group" functionality!') if $FORM{'username'} ne "$superuser";
&check_passwd;
&ex('add_group', $FORM{"username"}, $FORM{"group"});
&ex('group_mgr', $FORM{"username"}); exit(0);
}
if ($FORM{'action'} eq "group_form") {
&error_message("Permissions Error", "Only the superuser may delete and edit groups!") if $FORM{'username'} ne $superuser;
&check_passwd;
if ($FORM{'SELECTION'} =~ /delete([\w\-]+)/) {
$remove = $1;
if ($remove ne "All") {
&ex('delete_group', $remove);
} else {
@mark = split(/,/, $FORM{'MARK'});
foreach $user (@mark) {
&ex('delete_group', $user);
}
}
&ex('group_mgr', $FORM{"username"}); exit(0);
} elsif ($FORM{'SELECTION'} =~ /edit([\w\-]+)/) {
$edit = $1;
&ex('edit_group', $FORM{"username"}, $edit);
exit(0);
}
}
if ($FORM{'action'} eq "edit_group_form") {
&error_message("Permissions Error", "Only the superuser may delete and edit groups!") if $FORM{'username'} ne $superuser;
&check_passwd;
if ($FORM{'SELECTION'} =~ /^delete(.+)/) {
$remove = $1;
if ($remove ne "All") {
&ex('delete_moderator_from_group', $remove, $FORM{"group"});
} else {
@mark = split(/,/, $FORM{'MARK'});
foreach $user (@mark) {
&ex('delete_moderator_from_group', $user, $FORM{"group"});
}
}
$edit = $FORM{'group'};
&ex('edit_group', $FORM{"username"}, $edit);
exit(0);
}
}
if ($FORM{'action'} eq "add_to_group") {
&error_message('Permissions Error', 'Only the superuser may add a moderator to a group!') if $FORM{'username'} ne "$superuser";
&check_passwd;
if ($FORM{'SELECTION'} =~ /^add(.+)/) {
$add = $1;
if ($add ne "All") {
&ex('add_to_group', $FORM{"group"}, $add);
} else {
@mark = split(/,/, $FORM{'MARK'});
foreach $user (@mark) {
&ex('add_to_group', $FORM{"group"}, $user);
}
}
}
$edit = $FORM{'group'};
&ex('edit_group', $FORM{"username"}, $edit);
exit(0);
}
&error_message("Invalid Query", "The form action $FORM{action} is not valid for this script (ID# 2)");