home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
ftp.sunet.sepub/pictures
/
2014.11.ftp.sunet.se-pictures.tar
/
ftp.sunet.se
/
pub
/
pictures
/
ACiD-artpacks
/
www
/
mirrors
/
hirez
/
cgi-bin
/
discus
/
board-image.cgi
< prev
next >
Wrap
Text File
|
1999-02-12
|
12KB
|
300 lines
#!/usr/bin/perl
$discus_conf = '/usr/local/www/www.hirez.org/discus_admin_149349189/discus.conf';
#Discus board image upload script
#-------------------------------------------------------------------------------
# This script is copyright (c) 1998 by DiscusWare, LLC, all rights reserved.
# Its use is subject to the license agreement that can be found at the following
# URL: http://www.chem.hope.edu/discus/license
#-------------------------------------------------------------------------------
if (open (FILE, "$discus_conf")) {
@file = <FILE>;
close (FILE);
$evals = "";
foreach $line (@file) {
if ($line =~ /^(\w+)=(.*)/) {
$varname = $1;
$value = $2;
$value =~ s/'/\\'/g; $value =~ s/\r//g;
$evals .= "\$$varname='$value'; ";
}
}
eval($evals);
require "$admin_dir/source/src-board-subs-common";
} else {
print "Content-type: text/html\n\n";
print "<HTML><HEAD><TITLE>Script Execution Error</TITLE></HEAD>\n";
print "<BODY BGCOLOR=#ffffff TEXT=#000000>\n";
print "<H1>Script Execution Error</H1>\n";
print "Discus scripts could not execute because the discus.conf file\n";
print "could not be opened.";
print "<P>Reason: <FONT COLOR=#ff0000><B>$!</B></FONT>" if $!;
print "<P>This generally indicates a setup error of some kind.\n";
print "Consult the <A HREF=\"http://www.chem.hope.edu/discus/rc\">Discus ";
print "Resource Center</A> for troubleshooting information.</BODY></HTML>\n";
exit(0);
}
require "$admin_dir/source/src-board-subs-admin";
###################### MIME TYPES FOR ACCEPTABLE IMAGES ######################
$extension{"image/gif"} = "gif"; $tag{"image/gif"} = "image_alreadyuploaded";
$extension{"image/jpeg"} = "jpg"; $tag{"image/jpeg"} = "jpeg_alreadyuploaded";
$extension{"image/pjpeg"} = "jpg"; $tag{"image/pjpeg"} = "jpeg_alreadyuploaded";
################################################
# Script Starts Here
################################################
&parse_multipart;
&read_cookie;
if ($FORM{'action'} =~ /profile/) {
&ex('image_handler_PRO', 1);
exit(0);
}
&extract($FORM{'HTTP_REFERER'});
$FORM{'name'} = $FORM{'username'} if $FORM{'username'} ne "";
$FORM{'number'} = $FORM{'passwd'} if $FORM{'passwd'} ne "";
$name2 = $FORM{'name'}; $name2 =~ tr/A-Z/a-z/;
$number2 = $FORM{'number'}; $number2 =~ tr/A-Z/a-z/;
($auth, $passwordline, $poster_type) = &ex('verify_postread_privileges', $topic_number, $name2, $password_input, $number2, "posting");
if ($ENV{'HTTP_REFERER'} ne "$script_url/board-post.$cgi_extension" && $ENV{'HTTP_REFERER'} ne "$script_url/board-image.$cgi_extension") {
&error_message("Invalid Referer", "You are not accessing this page from an acceptable referring page. What are you trying to do?");
}
if ($FORM{'queue'}) {
$FORM{'queue'} =~ s/\D//g;
if (!-e "$admin_dir/queue/$FORM{'queue'}.txt") {
&error_message("Message Queue Error", "The message you are attempting to access is no longer in the queue.");
}
}
$formpostindex = $FORM{'postindex'}; $formpostindex =~ s/\D//g;
if (!$FORM{'queue'} ) {
&lock("$message_dir/$topic_number/$me_number.$ext");
$filename = "$topic_number/$me_number.$ext";
($head, $color, $lm, $ann, $ann_src, $sublist, $about, $about_src, $message_in, $message_src) = &get_page($topic_number,$me_number);
if (-e "$message_dir/$filename") {
$secure = 0;
} else {
$secure = 1;
}
@src = split(/\n/,$message_src); $flag = 0;
foreach $line (@src) {
if ($line =~ m|<!-Source: $formpostindex-|) {
$flag = 1;
} elsif ($line =~ m|<!-/Source: $formpostindex-|) {
$flag = 0;
} elsif ($flag == 1) {
$srcline = $line;
}
}
} else {
$filename = "$admin_dir/queue/$FORM{'queue'}.txt";
&lock($filename);
open (QUEUE, $filename); @queue = <QUEUE>; close (QUEUE);
($message_src) = grep(/^SOURCE: /, @queue); $message_src =~ s/^(\w+): (.*)/$2/;
$srcline = $message_src;
$queue = 1;
&unlock($filename);
}
$adminappend = "?username=$FORM{'name'}";
$adminappend .= "&HTTP_REFERER=$FORM{'HTTP_REFERER'}&action=page_editor";
($bgcolor, $text, $link, $vlink, $alink, $face, $size, $image) = &ex('extract_colorsonly', 1);
undef %status; undef %statuscode; undef @statusorder; undef %descr;
$srcline = &unescape($srcline);
while ($srcline =~ m|\\image_notuploaded\{(\d+),([^\}]*)\}|) {
($counter, $description, $before, $after) = ($1, $2, $`, $');
$descr{$counter} = $description;
$FORMNAME{$counter} = "Image$counter";
push (@statusorder, $counter);
$formname = "Image$counter"; $content = $CONTENT{$formname};
if ($content =~ m|mac/unknown|) {
$content = "image/gif" if $FILE{$formname} =~ m|^GIF|i;
$content = "image/jpeg" if $FILE{$formname} !~ m|^GIF|i;
}
if ($FILE{$formname} eq "") {
$status{$counter} = $FILENAME{$formname};
$statuscode{$counter} = 2;
$srcline = join("", $before, "\\image_notuploaded*{$counter,$description}", $after);
} elsif (!grep(/^$content$/, keys(%tag))) {
$status{$counter} = $content;
$statuscode{$counter} = 1;
$srcline = join("", $before, "\\image_notuploaded*{$counter,$description}", $after);
} elsif ($poster_type == 8 && length($FILE{$formname}) > ($GLOBAL_OPTIONS{'public_maxsize'} * 1000) && $GLOBAL_OPTIONS{'public_maxsize'} != 0) {
$statuscode{$counter} = 3;
$srcline = join("", $before, "\\image_notuploaded*{$counter,$description}", $after);
} elsif ($poster_type != 8 && length($FILE{$formname}) > ($GLOBAL_OPTIONS{'registered_maxsize'} * 1000) && $GLOBAL_OPTIONS{'registered_maxsize'} != 0) {
$statuscode{$counter} = 3;
$srcline = join("", $before, "\\image_notuploaded*{$counter,$description}", $after);
} else {
$newtag = $tag{$content}; $newext = $extension{$content};
($num) = &ex('get_number', 1);
$srcline = join("", $before, "\\", $newtag, "{$num,$description}", $after);
$filename = "$message_dir/$topic_number/$num.$newext" if (!$queue && -e "$message_dir/$topic_number");
$filename = "$secdir/$topic_number/$num.$newext" if (!$queue && !-e "$message_dir/$topic_number");
$filename = "$admin_dir/queue/$num.$newext" if $queue;
open (FILE, ">$filename");
eval 'binmode(FILE);';
print FILE $FILE{$formname};
close (FILE);
chmod(0644, $filename);
$status{$counter} = length($FILE{$formname});
$statuscode{$counter} = 0;
$redoflag = 1;
}
}
while ($srcline =~ m|\\image_notuploaded\*\{(\d+),([^\}]*)\}|) {
($counter, $description, $before, $after) = ($1, $2, $`, $');
$srcline = join("", $before, "\\image_notuploaded{$counter,$description}", $after);
}
if ($pro) {
($srcline) = &ex('attachment_upload', $srcline, $topic_number, $queue, $poster_type);
}
$srcline =~ s/\"/"/g;
$srcline =~ s/\</</g;
$srcline =~ s/\>/>/g;
$srcline =~ s/\&/&/g;
$srcline_new = $srcline;
$srcline = &escape($srcline_new);
($lint, $message_var_replace) = &ex('webtags', $srcline_new, 0, 1);
if (!$queue) {
@msg = split(/\n/, $message_in); $flag = 0; $ctr = 0;
foreach $line (@msg) {
$ctr += 1;
if ($line =~ m|<!-/Post: $formpostindex-!>|) {
$flag = ($ctr-1);
}
}
if ($flag) {
$msg[$flag-1] = $message_var_replace;
}
@src = split(/\n/, $message_src); $flag = 0;
foreach $line (@src) {
if ($line =~ m|<!-Source: $formpostindex-|) {
$flag = 1;
} elsif ($line =~ m|<!-/Source: $formpostindex-|) {
$flag = 0;
} elsif ($flag == 1) {
$line = $srcline;
}
}
$message_var = join("\n", @msg);
$new_source = join("\n", @src);
&set_page($topic_number, $me_number, $head, $color, $lm, $ann, $ann_src, $sublist, $about, $about_src, $message_var, $new_source) if !$queue;
&unlock("$message_dir/$topic_number/$me_number.$ext");
} else {
$filename = "$admin_dir/queue/$FORM{'queue'}.txt";
&lock($filename);
open (QUEUE, "$filename"); @queue = <QUEUE>; close (QUEUE);
@queue = grep(!/^TEXT:/, @queue);
@queue = grep(!/^SOURCE:/, @queue);
push (@queue, "TEXT: " . &escape($message_var_replace) . "\n");
push (@queue, "SOURCE: " . $srcline . "\n");
open (QUEUE, ">$filename"); print QUEUE @queue; close (QUEUE);
&unlock($filename);
}
$error = 0;
foreach $key (keys(%statuscode)) {
$error = 1 if $statuscode{$key} != 0;
}
if ($error == 0) {
if ($queue) {
&ex('queue_submitted', $topic_number, $me_number, $adminappend, $FORM{'isitok'});
} elsif ($FORM{'isitok'} eq "okiedokie") {
&seturl("$cgiurlm$adminappend");
} else {
if (-e "$message_dir/$topic_number/$me_number.$ext") {
$lmstuff = "?$lm" if !$noqm;
&seturl("$message_url/$topic_number/$me_number.$ext$lmstuff");
} else {
&seturl("$script_url/board-auth.$cgi_extension?file=/$topic_number/$me_number.$ext&lm=$lm");
}
}
}
&header;
&ex('printuntil', 1, 1, 0, $L{BI_UPLOAD_ERROR_TITLE});
print "<CENTER><FONT SIZE=+1><B>$L{BI_UPLOAD_ERROR_TITLE}</B></FONT></CENTER><HR>\n";
print $L{BI_UPLOAD_ERROR_MESSAGE};
print "<P><HR>\n";
&ex('printuntil', 3, 11, 0, "", 0, 1);
print "<FORM ACTION=\"$script_url/board-image.$cgi_extension\" METHOD=POST ENCTYPE=\"multipart/form-data\">\n";
foreach $num (@statusorder) {
next if $statuscode{$num} == 0;
print "$L{BPPROVIDEFILE} <B>$descr{$num}</B>:<P>\n";
$formname = $FORMNAME{$num};
if ($statuscode{$num} == 1) {
$fmt = $CONTENT{"Image$num"};
$fmtstr = $L{BI_UPLOAD_ERROR_BADFORMAT};
$fmtstr =~ s/\%format/$fmt/g;
print "<UL>$fmtstr</UL>\n";
print "<P>\n";
} elsif ($statuscode{$num} == 2) {
print "<UL>$L{BI_UPLOAD_ERROR_NODATA}</UL>\n";
print "<P>\n";
} elsif ($statuscode{$num} == 3) {
$fmtstr = $L{BI_UPLOAD_EXCEEDED_MAXLENGTH};
$maxsize = $GLOBAL_OPTIONS{'public_maxsize'} if $poster_type == 8;
$maxsize = $GLOBAL_OPTIONS{'registered_maxsize'} if $poster_type != 8;
$yoursize = length($FILE{$formname}); $yoursize = ($yoursize / 1000);
if ($yoursize =~ m|\.|) { $yoursize = $`; }
$fmtstr =~ s/\%maxsize/$maxsize/g;
$fmtstr =~ s/\%yoursize/$yoursize/g;
print "<UL>$fmtstr</UL>\n";
print "<P>\n";
}
$ctr++;
print "<TABLE><TR><TD><INPUT TYPE=FILE NAME=\"Attachment$num\" SIZE=40></TD></TR></TABLE>\n" if $formname =~ m|Attachment|;
print "<TABLE><TR><TD><INPUT TYPE=FILE NAME=\"Image$num\" SIZE=40></TD></TR></TABLE>\n" if $formname =~ m|Image|;
print "<HR>\n";
}
print "<INPUT TYPE=SUBMIT VALUE=\"$L{BPIMGUPLOADBUTTON}\">\n";
print "<INPUT TYPE=HIDDEN NAME=name VALUE=\"$FORM{'name'}\">\n";
print "<INPUT TYPE=HIDDEN NAME=number VALUE=\"$FORM{'number'}\">\n";
print "<INPUT TYPE=HIDDEN NAME=HTTP_REFERER VALUE=\"$FORM{'HTTP_REFERER'}\">\n";
print "<INPUT TYPE=HIDDEN NAME=postindex VALUE=\"$FORM{'postindex'}\">\n";
print "<INPUT Type=hidden name=\"isitok\" value=\"okiedokie\">\n" if $FORM{'isitok'} eq "okiedokie";
print "<INPUT TYPE=HIDDEN NAME=queue VALUE=\"$FORM{'queue'}\">\n";
print "<HR></FORM>\n";
&extract($FORM{'HTTP_REFERER'});
$secure = 0;
$secure = 1 if !-e "$message_dir/$topic_number";
$url = "$message_url/$topic_number/$me_number.$ext" if !$secure;
$url = "$script_url/board-auth.$cgi_extension?file=/$topic_number/$me_number.$ext&lm=$ts" if $secure;
if ($FORM{'isitok'} ne "okiedokie") {
print "$L{BPIMGUPLOADCANCEL13_00} <A HREF=\"$url\">\n";
} else {
print "$L{BPIMGUPLOADCANCEL13_00} <A HREF=\"$cgiurlm$adminappend\">\n";
}
print "$L{BPIMGUPLOADCANCEL2}</A>. ";
print "$L{BPIMGUPLOADCANCEL33_00}\n";
&ex('printuntil', 13, 17, 0, "", 0, 1);
exit(0);
sub parse_multipart {
&ex('default_mime_types', 1) if $pro;
$type = $ENV{'CONTENT_TYPE'};
($boundary) = ($type =~ /boundary=(.*)/);
$boundary = "--" . $boundary;
$length = $ENV{'CONTENT_LENGTH'}; $len = 0; $input = "";
eval 'binmode(STDIN);';
while ($len < $length) {
$buf = ""; $len += sysread(STDIN, $buf, $length); $input .= $buf;
}
@input_pairs = split(/$boundary/, $input);
foreach $line (@input_pairs) {
($header, $body) = split(/\r\n\r\n|\n\n/, $line, 2);
$body =~ s/\r\n$//;
$header =~ /name="([^"]+)"/;
$formname = $1;
$header =~ /filename="([^"]+)"/;
$filename = $1;
if ($header =~ /Type: (.*)/) {
$content = $1;
$FILE{$formname} = $body;
$CONTENT{$formname} = $content;
($FILENAME{$formname}) = &ex('parse_filename', $filename);
} elsif ($header =~ m|filename="|) {
$content = "mac/unknown";
$FILE{$formname} = $body;
$CONTENT{$formname} = $content;
($FILENAME{$formname}) = &ex('parse_filename', $filename);
} elsif ($formname =~ /^(\w+)$/) {
$FORM{$formname} = $body if $FORM{$formname} eq "";
$FORM{$formname} =~ s/\r//g;
}
}
}