home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
ftp.sunet.sepub/pictures
/
2014.11.ftp.sunet.se-pictures.tar
/
ftp.sunet.se
/
pub
/
pictures
/
ACiD-artpacks
/
www
/
mirrors
/
hirez
/
cgi-bin
/
discus
/
board-profile.cgi
< prev
next >
Wrap
Text File
|
1999-02-12
|
12KB
|
315 lines
#!/usr/bin/perl
$discus_conf = '/usr/local/www/www.hirez.org/discus_admin_149349189/discus.conf';
#Discus user profile editor script (board-profile.cgi)
#-------------------------------------------------------------------------------
# This script is copyright (c) 1998 by DiscusWare, LLC, all rights reserved.
# Its use is subject to the license agreement that can be found at the following
# URL: http://www.chem.hope.edu/discus/license
#-------------------------------------------------------------------------------
if (open (FILE, "$discus_conf")) {
@file = <FILE>;
close (FILE);
$evals = "";
foreach $line (@file) {
if ($line =~ /^(\w+)=(.*)/) {
$varname = $1;
$value = $2;
$value =~ s/'/\\'/g; $value =~ s/\r//g;
$evals .= "\$$varname='$value'; ";
}
}
eval($evals);
require "$admin_dir/source/src-board-subs-common";
} else {
print "Content-type: text/html\n\n";
print "<HTML><HEAD><TITLE>Script Execution Error</TITLE></HEAD>\n";
print "<BODY BGCOLOR=#ffffff TEXT=#000000>\n";
print "<H1>Script Execution Error</H1>\n";
print "Discus scripts could not execute because the discus.conf file\n";
print "could not be opened.";
print "<P>Reason: <FONT COLOR=#ff0000><B>$!</B></FONT>" if $!;
print "<P>This generally indicates a setup error of some kind.\n";
print "Consult the <A HREF=\"http://www.chem.hope.edu/discus/rc\">Discus ";
print "Resource Center</A> for troubleshooting information.</BODY></HTML>\n";
exit(0);
}
&parse_form;
&read_cookie;
#-------------------------------------------------------------------------------
$FORM{'username'} =~ tr/A-Z/a-z/;
$FORM{'password'} =~ tr/A-Z/a-z/;
if ($FORM{'action'} eq "clear_cookie") {
print "Set-Cookie: user$COOKIE_ID=nobody; expires=Sunday, 06-Sep-1998 00:00:00 GMT; path=/\n";
print "Set-Cookie: cpwd$COOKIE_ID=nobody; expires=Sunday, 06-Sep-1998 00:00:00 GMT; path=/\n";
print "Set-Cookie: rpwd$COOKIE_ID=nobody; expires=Sunday, 06-Sep-1998 00:00:00 GMT; path=/\n";
print "Set-Cookie: pass$COOKIE_ID=nobody; expires=Sunday, 06-Sep-1998 00:00:00 GMT; path=/\n";
$COOKIE{'user' . $COOKIE_ID} = "";
$COOKIE{'cpwd' . $COOKIE_ID} = "";
$COOKIE{'rpwd' . $COOKIE_ID} = "";
$FORM{'action'} = "";
$script_url =~ m|^http://([^/]+)|; $aft = $';
foreach $key (keys(%COOKIE)) {
if ($key =~ m|^auth(\d+)|) {
print "Set-Cookie: $key=none; expires=Sunday, 06-Sep-1998 00:00:00 GMT; path=$aft\n";
$COOKIE{$key} = "";
}
}
}
if ($FORM{'action'} eq "") {
&header;
($bg, $tx, $li, $vl, $al, $face, $size, $image) = &ex('extract_colorsonly', 1);
&ex('printuntil', 1, 1, 0, $L{PROFEDIT_TITLE});
print "<CENTER><FONT SIZE=+1><B>$L{PROFEDIT_TITLE}</B></FONT></CENTER><HR>\n";
print $L{PROFILE_LOGIN};
$ucid = "user$COOKIE_ID";
print "<FORM ACTION=\"$script_url/board-profile.$cgi_extension\" METHOD=POST>\n";
print "<TABLE><TR><TD><FONT FACE=\"$face\" SIZE=$size><B>$L{PROFILE_USERNAME}</B></FONT></TD>\n";
print "<TD><INPUT TYPE=TEXT NAME=username VALUE=\"";
print $COOKIE{$ucid} if $COOKIE{$ucid} ne "";
print "\" SIZE=15></TD></TR>\n";
print "<TR><TD><FONT FACE=\"$face\" SIZE=$size><B>$L{PROFILE_PASSWORD}</B></FONT></TD>\n";
print "<TD><INPUT TYPE=PASSWORD NAME=password VALUE=\"\" SIZE=15></TD></TR>\n";
print "</TABLE><P><INPUT TYPE=SUBMIT VALUE=\"$L{PROFILE_LOGIN_BUTTON}\">\n";
print "<INPUT TYPE=HIDDEN NAME=action VALUE=profile_editor_screen>\n";
print "</FORM>\n";
if ($COOKIE{$ucid} ne "") {
$ts = $L{LOGIN_YOUARELOGGEDIN};
$cu = $COOKIE{$ucid};
$ts =~ s/\%user/$cu/g;
print "<FORM ACTION=\"$script_url/board-profile.$cgi_extension\" METHOD=POST>\n";
print "<HR><INPUT TYPE=HIDDEN NAME=action VALUE=clear_cookie>\n";
print $ts;
print "<P>\n";
print "<INPUT TYPE=SUBMIT VALUE=\"$L{LOGIN_CLEARBUTTON}\">\n";
print "</FORM>\n";
}
if ($GLOBAL_OPTIONS{'allow_selfreg'}) {
print "<FORM ACTION=\"$script_url/board-profile.$cgi_extension\" METHOD=POST>\n";
print "<HR>$L{REG_FRONTSCREEN}<P>\n";
print "<INPUT TYPE=SUBMIT VALUE=\"$L{REG_FRONTSCREEN_BUTTON}\">\n";
print "<INPUT TYPE=HIDDEN NAME=action VALUE=register>\n";
print "</FORM>\n";
}
&ex('printuntil', 3, 17, 0, "", 0, 1);
exit(0);
}
if ($FORM{'action'} eq "display_profile") {
$profile = $FORM{'profile'};
if ($pro) {
&ex('display_profile', $profile);
} else {
&error_message("$L{FEATURE_NOT_SUPPORTED}", "$L{FEATURE_NOT_SUPPORTED_DESCR}");
}
exit(0);
}
if ($FORM{'action'} eq "register") {
&ex('register_1', 1);
}
if ($FORM{'action'} eq "register_2") {
&ex('register_2', 1);
}
if ($FORM{'action'} eq "display_picture") {
$profile = $FORM{'picture'};
&ex('display_picture', $profile);
exit(0);
}
if ($FORM{'action'} eq "sync") {
($result) = &ex('verify_user_password', $FORM{'username'}, $FORM{'password'}, 1);
@result = split(/\n/, $result);
@result_save = @result;
foreach $line (@result) {
$line =~ s/\s+$//;
($file, $user, $pass, $email, $full, $edit) = split(/:/, $line);
$line = "" if $edit == 0;
}
@result = grep(/\S/, @result);
$s = join("\n", @result);
foreach $line (@result) {
($file, $user, $pass, $email, $full, $edit, $notify, $last, $group) = split(/:/, $line);
if ($edit == 2 || $edit == 4) {
$EMAIL_FORCE = $email;
}
}
foreach $line (@result) {
($file, $user, $pass, $email, $full, $edit, $notify, $last, $group) = split(/:/, $line);
if ($file eq $FORM{'file'}) {
if ($group eq $FORM{'group'}) {
$email = $EMAIL_FORCE if $EMAIL_FORCE;
$notify = "*" if $notify eq "";
&ex('save_profile_information', $pass, $email, $full, "", $notify, $last, "", @result_save);
&ex('synchronize_PRO', $file, $user, $s) if $pro;
last;
}
}
}
$FORM{'action'} = "profile_editor_screen";
}
if ($FORM{'action'} eq "profile_editor_screen") {
($result) = &ex('verify_user_password', $FORM{'username'}, $FORM{'password'}, 1);
@result = split(/\n/, $result);
foreach $line (@result) {
($file, $user, $pass, $email, $full, $edit) = split(/:/, $line);
$line = "" if $edit == 0;
$LINE_FORCE = $line if ($edit == 2 || $edit == 4);
}
@result = grep(/\S/, @result);
if (scalar(@result) == 0) {
&error_message($L{PROFILE_AUTHERROR}, $L{PROFILE_AUTHERROR_DESCR}, 0, 1);
}
$r = $result[0];
$r = $LINE_FORCE if $LINE_FORCE;
$r =~ s/\n$//;
$s = join("\n", @result);
@result_save = @result;
($differences) = &ex('compare_profiles', $s) if !$pro;
($differences) = &ex('compare_profiles_PRO', $s) if $pro;
&ex('display_profile_differences', $FORM{'username'}, $FORM{'password'}, $s) if ($differences && !$pro);
&ex('display_profile_differences_PRO', $FORM{'username'}, $FORM{'password'}, $s) if ($differences && $pro);
($file, $user, $pass, $email, $full, $edit, $notify, $last, $group) = split(/:/, $r);
$file =~ tr/A-Z/a-z/;
&ex("profile_editor_screen", $file, $FORM{"username"}, $group, $FORM{"username"}, "$script_url/board-profile.$cgi_extension", "profile_editor") if !$pro;
&ex("profile_editor_screen_PRO", $file, $FORM{"username"}, $group, $FORM{"username"}, "$script_url/board-profile.$cgi_extension", "profile_editor") if $pro;
exit(0);
}
if ($FORM{'action'} eq "register_info") {
$user = $FORM{'username'}; $user =~ s/://g;
@group = split(/,/, $FORM{'group'});
undef @result;
open (USERS, "$admin_dir/users.txt");
@users = <USERS>;
close (USERS);
@u = grep(/^$user:/, @users);
foreach $line (@u) {
chop $line if $line =~ m|\n|;
($u, $p, $e, $f, $d, $n, $l, $g) = split(/:/, $line);
if (grep(/^$g$/, @group) || $p eq "*Q*") {
push (@result, "USERS:$line\n");
}
}
@result_save = @result;
&ex('info_save_pro', 1);
&ex('register_thanks', 1);
}
if ($FORM{'action'} eq "profile_editor") {
($result) = &ex('verify_user_password', $FORM{'username'}, $FORM{'password'}, 1);
@result = split(/\n/, $result);
foreach $line (@result) {
($file, $user, $pass, $email, $full, $edit) = split(/:/, $line);
$EMAIL_FORCE = $email if ($edit == 2 || $edit == 4);
$line = "" if $edit == 0;
}
@result = grep(/\S/, @result);
@result_save = @result;
if (scalar(@result) == 0) {
&error_message($L{PROFILE_AUTHERROR}, $L{PROFILE_AUTHERROR_DESCR}, 0, 1);
}
if ($FORM{'action2'} eq "infosave") {
$email = $FORM{'profile_email'}; $email = substr($email, 0, 40) if length($email) > 40;
$full = $FORM{'profile_fullname'}; $full = substr($full, 0, 40) if length($full) > 40;
if ($email =~ m|^([\w\-\+\.]+)\@([\w\-\+\.]+)$|) {
$email_new = $email;
} else {
$email_new = "email";
}
if ($full eq "") {
$full = "fullname";
} else {
$full =~ s/\n//g;
$full =~ s/[:<>]//g;
}
$email_new = $EMAIL_FORCE if $EMAIL_FORCE;
&ex('save_profile_information', "", $email_new, $full, "", "", "", "", @result);
}
if ($FORM{'action2'} eq "notifysave") {
if (!$pro) {
undef @em;
foreach $key (keys(%FORM)) {
if ($key =~ m|^notify_(\d+)|) {
push (@em, $1);
}
}
$emr = join(",", @em); $emr = "*" if $emr eq "";
&ex('save_profile_information', "", "", "", "", $emr, "", "", @result);
} else {
&ex('notify_save_pro', 1) if $FORM{'submit'} ne $L{PRED_FIRSTLEVEL};
&ex('select_by_subtopics', $file, $FORM{"username"}, $group, $FORM{"username"}, "$script_url/board-profile.$cgi_extension", "profile_editor") if $FORM{'submit'} eq $L{PRED_FIRSTLEVEL};
}
}
if ($FORM{'action2'} eq "preferences") {
&ex('prefs_save_pro', 1);
}
if ($FORM{'action2'} eq "infosection") {
&ex('info_save_pro', 1);
}
if ($FORM{'action2'} eq "changepass") {
$p1 = $FORM{'pass_1'}; $p2 = $FORM{'pass_2'};
$p1 =~ tr/A-Z/a-z/; $p2 =~ tr/A-Z/a-z/;
while ($p1 =~ m|(\W)|g) {
$o = ord($1); $m = $1;
&error_message($L{PROFILE_CHPASS_ERROR}, $L{PROFILE_CHPASS_ERROR_ALPHA}) if $o < 126;
}
&error_message($L{PROFILE_CHPASS_ERROR}, $L{PROFILE_CHPASS_ERROR_MATCH}) if $p1 ne $p2;
&error_message($L{PROFILE_CHPASS_ERROR}, $L{PROFILE_CHPASS_ERROR_LENGTH}) if (length($p1) < 1 || length($p2) > 20);
srand(time);
undef (@salt);
for ($i=1; $i<=4; $i++) {
push (@salt, int(rand(26))+65);
}
$salt = pack('c4', @salt);
$new_password = crypt($p1, $salt);
&ex('save_profile_information', $new_password, "", "", "", "", "", "", @result);
if ($FORM{'password'} eq "adminlogin" && $COOKIE{'pass' . $COOKIE_ID} ne "") {
print "Set-Cookie: pass", $COOKIE_ID, "=", crypt($new_password, "cookie"), "; path=/\n";
&seturl("$script_url/board-profile.$cgi_extension?action=profile_editor_screen&password=adminlogin&username=$FORM{'username'}");
exit(0);
}
&header;
&ex('printuntil', 1, 1, 0, $L{PROFILE_CHANGEDPASSWORD});
print "<CENTER><FONT SIZE=4><B>$L{PROFILE_CHANGEDPASSWORD}</B></FONT></CENTER><HR>\n";
$l = $L{PROFILE_CHANGEDPASSWORD_DESCR};
print $l if $FORM{'password'} ne "adminlogin";
$l = $L{BPCLICKCONTINUE};
print "<P><CENTER><A HREF=\"$script_url/board-profile.$cgi_extension\">$l</A></CENTER>\n";
&ex('printuntil', 3, 17, 0, "", 0, 1);
exit(0);
}
if ($FORM{'action2'} eq "editpost") {
($key) = grep(/^(\d+)$/, keys(%FORM));
&ex('edit_post_form', 0, 0, $key, "", "", $FORM{'username'});
exit(0);
}
($result) = &ex('verify_user_password', $FORM{'username'}, $FORM{'password'}, 1);
@result = split(/\n/, $result);
foreach $line (@result) {
($file, $user, $pass, $email, $full, $edit, $email, $time, $group) = split(/:/, $line);
$line = "" if $edit == 0;
}
foreach $line (@result) {
($file, $user, $pass, $email, $full, $edit, $email, $time, $group) = split(/:/, $line);
if ($edit == 2) {
last;
}
}
@result = grep(/\S/, @result);
@result_save = @result;
&ex("profile_editor_screen", $file, $FORM{"username"}, $group, $FORM{"username"}, "$script_url/board-profile.$cgi_extension", "profile_editor") if !$pro;
&ex("profile_editor_screen_PRO", $file, $FORM{"username"}, $group, $FORM{"username"}, "$script_url/board-profile.$cgi_extension", "profile_editor") if $pro;
}
if ($FORM{'action'} eq "edit_message") {
($result) = &ex('verify_user_password', $FORM{'username'}, $FORM{'password'}, 1);
@result = split(/\n/, $result);
foreach $line (@result) {
($file, $user, $pass, $email, $full, $edit) = split(/:/, $line);
$line = "" if $edit == 0;
}
@result = grep(/\S/, @result);
@result_save = @result;
if (scalar(@result) == 0) {
&error_message($L{PROFILE_AUTHERROR}, $L{PROFILE_AUTHERROR_DESCR}, 0, 1);
}
&ex('edit_message_action', 1);
$file =~ tr/A-Z/a-z/;
&ex("profile_editor_screen_PRO", $file, $FORM{"username"}, $group, $FORM{"username"}, "$script_url/board-profile.$cgi_extension", "profile_editor");
}
&error_message("Unrecognized action");