#!/usr/local/bin/perl ############################################################################## # WWWBoard Version 2.0 ALPHA 2.1 # # Copyright 1996 Matt Wright mattw@scriptarchive.com # # Created 10/21/95 Last Modified 11/25/95 # # Security Patches/Bug Fixes: January 07, 2000 # # Scripts Archive at: http://www.scriptarchive.com/ # ############################################################################## # COPYRIGHT NOTICE # # Copyright 1996 Matthew M. Wright All Rights Reserved. # # # # WWWBoard may be used and modified free of charge by anyone so long as # # this copyright notice and the comments above remain intact. By using this # # code you agree to indemnify Matthew M. Wright from any liability that # # might arise from it's use. # # # # Selling the code for this program without prior written consent is # # expressly forbidden. In other words, please ask first before you try and # # make money off of my program. # # # # Obtain permission before redistributing this software over the Internet or # # in any other medium. In all cases copyright and header must remain intact.# ############################################################################## # Define Variables $basedir = "/path/to/wwwboard"; $baseurl = "http://your.host.xxx/wwwboard"; $cgi_url = "http://your.host.xxx/cgi-bin/wwwboard.pl"; $mesgdir = "messages"; $datafile = "data.txt"; $mesgfile = "wwwboard.html"; $faqfile = "faq.html"; $ext = "html"; $title = "WWWBoard Version 2.0 Test"; # Done ########################################################################### ########################################################################### # Configure Options $show_faq = 1; # 1 - YES; 0 = NO $allow_html = 1; # 1 = YES; 0 = NO $quote_text = 1; # 1 = YES; 0 = NO $subject_line = 0; # 0 = Quote Subject Editable; 1 = Quote Subject # UnEditable; 2 = Don't Quote Subject, Editable. $use_time = 1; # 1 = YES; 0 = NO $show_poster_ip = 1; # 1 = Show the IP of every poster; 0 = Don't $enforce_max_len = 0; # 2 = YES, error; 1 = YES, truncate; 0 = NO %max_len = ('name', 50, 'email', 70, 'subject', 80, 'url', 150, 'url_title', 80, 'img', 150, 'body', 3000, 'origsubject', 80, 'origname', 50, 'origemail', 70, 'origdate', 50); # Done ########################################################################### # Get the Data Number &get_number; # Get Form Information &parse_form; # Put items into nice variables &get_variables; # Open the new file and write information to it. &new_file; # Open the Main WWWBoard File to add link &main_page; # Now Add Thread to Individual Pages if ($num_followups >= 1) { &thread_pages; } # Return the user HTML &return_html; # Increment Number &increment_num; ############################ # Get Data Number Subroutine sub get_number { open(NUMBER,"$basedir/$datafile"); $num = ; close(NUMBER); if ($num == 999999 || $num !~ /^\d+$/) { $num = "1"; } else { $num++; } } ####################### # Parse Form Subroutine sub parse_form { local($name,$value); # Get the input read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); # Split the name-value pairs @pairs = split(/&/, $buffer); foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair); # Un-Webify plus signs and %-encoding $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; # Remove any NULL characters, Server Side Includes $value =~ s/\0//g; $value =~ s///g; if ($allow_html != 1) { $value =~ s/<([^>]|\n)*>//g; } else { unless ($name eq 'body') { $value =~ s/<([^>]|\n)*>//g; } } $FORM{$name} = $value; } # Make sure that message fields do not exceed allowed value if ($enforce_max_len) { foreach $name (keys %max_len) { if (length($FORM{$name}) > $max_len{$name}) { if ($enforce_max_len == 2) { &error('field_size'); } else { $FORM{$name} = sprintf("%.$max_len{$name}s",$FORM{$name}); } } } } } ############### # Get Variables sub get_variables { if ($FORM{'followup'}) { $followup = "1"; @followup_num = split(/,/,$FORM{'followup'}); # Changes based in part on information contained in BugTraq archives # message 'WWWBoard Vulnerability' posted by Samuel Sparling Nov-09-1998. # Also requires that each followup number is in fact a number, to # prevent message clobbering. local(%fcheck); foreach $fn (@followup_num) { if ($fn !~ /^\d+$/ || $fcheck{$fn}) { &error('followup_data'); } $fcheck{$fn} = 1; } @followup_num = keys %fcheck; $num_followups = @followups = @followup_num; $last_message = pop(@followups); $origdate = "$FORM{'origdate'}"; $origname = "$FORM{'origname'}"; $origsubject = "$FORM{'origsubject'}"; } else { $followup = "0"; } if ($FORM{'name'}) { $name = "$FORM{'name'}"; $name =~ s/"//g; $name =~ s///g; $name =~ s/\&//g; } else { &error(no_name); } if ($FORM{'email'} =~ /.*\@.*\..*/) { $email = "$FORM{'email'}"; } if ($FORM{'subject'}) { $subject = "$FORM{'subject'}"; $subject =~ s/\&/\&\;/g; $subject =~ s/"/\"\;/g; } else { &error(no_subject); } if ($FORM{'url'} =~ /.*\:.*\..*/ && $FORM{'url_title'}) { $message_url = "$FORM{'url'}"; $message_url_title = "$FORM{'url_title'}"; } if ($FORM{'img'} =~ /.*tp:\/\/.*\..*/) { $message_img = "$FORM{'img'}"; } if ($FORM{'body'}) { $body = "$FORM{'body'}"; $body =~ s/\cM//g; $body =~ s/\n\n/

/g; $body =~ s/\n/
/g; $body =~ s/<//g; $body =~ s/"/"/g; } else { &error(no_body); } if ($quote_text == 1) { $hidden_body = "$body"; $hidden_body =~ s//>/g; $hidden_body =~ s/"/"/g; } ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); $month = ($mon + 1); @months = ("January","February","March","April","May","June","July","August","September","October","November","December"); $year += 1900; $long_date = sprintf("%s %02d, %4d at %02d:%02d:%02d",$months[$mon],$mday,$year,$hour,$min,$sec); $year %= 100; if ($use_time == 1) { $date = sprintf("%02d:%02d:%02d %02d/%02d/%02d",$hour,$min,$sec,$month,$mday,$year); } else { $date = sprintf("%02d/%02d/%02d",$month,$mday,$year); } } ##################### # New File Subroutine sub new_file { open(NEWFILE,">$basedir/$mesgdir/$num\.$ext") || die $!; print NEWFILE "\n"; print NEWFILE " \n"; print NEWFILE " $subject\n"; print NEWFILE " \n"; print NEWFILE " \n"; print NEWFILE "

\n"; print NEWFILE "

$subject

\n"; print NEWFILE "
\n"; print NEWFILE "
\n"; if ($show_faq == 1) { print NEWFILE "
[ Follow Ups ] [ Post Followup ] [ $title ] [ FAQ ]
\n"; } else { print NEWFILE "
[ Follow Ups ] [ Post Followup ] [ $title ]
\n"; } print NEWFILE "

\n"; print NEWFILE "Posted by "; if ($email) { print NEWFILE "$name "; } else { print NEWFILE "$name \n"; } if ($show_poster_ip) { print NEWFILE "($ENV{'REMOTE_ADDR'}) "; } print NEWFILE "on $long_date:

\n"; if ($followup == 1) { print NEWFILE "In Reply to: $origsubject posted by "; if ($origemail) { print NEWFILE "$origname on $origdate:

\n"; } else { print NEWFILE "$origname on $origdate:

\n"; } } if ($message_img) { print NEWFILE "

\n"; } print NEWFILE "$body\n"; print NEWFILE "
\n"; if ($message_url) { print NEWFILE "

\n"; } print NEWFILE "

\n"; print NEWFILE "Follow Ups:
\n"; print NEWFILE "

\n"; print NEWFILE "

\n"; print NEWFILE "Post a Followup

\n"; print NEWFILE "

\n"; print NEWFILE "\n"; print NEWFILE "\n"; if ($email) { print NEWFILE "\n"; } print NEWFILE "\n"; print NEWFILE "\n"; print NEWFILE "Name:
\n"; print NEWFILE "E-Mail:

\n"; if ($subject_line == 1) { if ($subject_line =~ /^Re:/) { print NEWFILE "\n"; print NEWFILE "Subject: $subject

\n"; } else { print NEWFILE "\n"; print NEWFILE "Subject: Re: $subject

\n"; } } elsif ($subject_line == 2) { print NEWFILE "Subject:

\n"; } else { if ($subject =~ /^Re:/) { print NEWFILE "Subject:

\n"; } else { print NEWFILE "Subject:

\n"; } } print NEWFILE "Comments:
\n"; print NEWFILE "\n"; print NEWFILE "

\n"; print NEWFILE "Optional Link URL:
\n"; print NEWFILE "Link Title:
\n"; print NEWFILE "Optional Image URL:

\n"; print NEWFILE " \n"; print NEWFILE "


\n"; if ($show_faq == 1) { print NEWFILE "
[ Follow Ups ] [ Post Followup ] [ $title ] [ FAQ ]
\n"; } else { print NEWFILE "
[ Follow Ups ] [ Post Followup ] [ $title ]
\n"; } print NEWFILE "\n"; close(NEWFILE); } ############################### # Main WWWBoard Page Subroutine sub main_page { open(MAIN,"$basedir/$mesgfile") || die $!; @main =
; close(MAIN); open(MAIN,">$basedir/$mesgfile") || die $!; if ($followup == 0) { foreach $main_line (@main) { if ($main_line =~ //) { print MAIN "\n"; print MAIN "
  • $subject - $name $date\n"; print MAIN "(0)\n"; print MAIN "
      \n"; print MAIN "
    \n"; } else { print MAIN "$main_line"; } } } else { foreach $main_line (@main) { $work = 0; if ($main_line =~ /
      /) { print MAIN "
        \n"; print MAIN "
      • $subject - $name $date\n"; print MAIN "(0)\n"; print MAIN "
          \n"; print MAIN "
        \n"; } elsif ($main_line =~ /\((.*)\)/) { $response_num = $1; $num_responses = $2; $num_responses++; foreach $followup_num (@followup_num) { if ($followup_num == $response_num) { print MAIN "($num_responses)\n"; $work = 1; } } if ($work != 1) { print MAIN "$main_line"; } } else { print MAIN "$main_line"; } } } close(MAIN); } ############################################ # Add Followup Threading to Individual Pages sub thread_pages { foreach $followup_num (@followup_num) { open(FOLLOWUP,"$basedir/$mesgdir/$followup_num\.$ext"); @followup_lines = ; close(FOLLOWUP); open(FOLLOWUP,">$basedir/$mesgdir/$followup_num\.$ext"); foreach $followup_line (@followup_lines) { $work = 0; if ($followup_line =~ /
          /) { print FOLLOWUP "
            \n"; print FOLLOWUP "
          • $subject $name $date\n"; print FOLLOWUP "(0)\n"; print FOLLOWUP "
              \n"; print FOLLOWUP "
            \n"; } elsif ($followup_line =~ /\((.*)\)/) { $response_num = $1; $num_responses = $2; $num_responses++; foreach $followup_num (@followup_num) { if ($followup_num == $response_num) { print FOLLOWUP "($num_responses)\n"; $work = 1; } } if ($work != 1) { print FOLLOWUP "$followup_line"; } } else { print FOLLOWUP "$followup_line"; } } close(FOLLOWUP); } } sub return_html { print "Content-type: text/html\n\n"; print "Message Added: $subject\n"; print "

            Message Added: $subject

            \n"; print "The following information was added to the message board:


            \n"; print "Name: $name
            \n"; print "E-Mail: $email
            \n"; print "Subject: $subject
            \n"; print "Body of Message:

            \n"; print "$body

            \n"; if ($message_url) { print "Link: $message_url_title
            \n"; } if ($message_img) { print "Image:
            \n"; } print "Added on Date: $date

            \n"; print "


            \n"; print "
            [ Go to Your Message ] [ $title ]
            \n"; print "\n"; } sub increment_num { open(NUM,">$basedir/$datafile") || die $!; print NUM "$num"; close(NUM); } sub error { $error = $_[0]; print "Content-type: text/html\n\n"; if ($error eq 'no_name') { print "$title ERROR: No Name\n"; print "

            ERROR: No Name

            \n"; print "You forgot to fill in the 'Name' field in your posting. Correct it below and re-submit. The necessary fields are: Name, Subject and Message.


            \n"; &rest_of_form; } elsif ($error eq 'no_subject') { print "$title ERROR: No Subject\n"; print "

            ERROR: No Subject

            \n"; print "You forgot to fill in the 'Subject' field in your posting. Correct it below and re-submit. The necessary fields are: Name, Subject and Message.


            \n"; &rest_of_form; } elsif ($error eq 'no_body') { print "$title ERROR: No Message\n"; print "

            ERROR: No Message

            \n"; print "You forgot to fill in the 'Message' field in your posting. Correct it below and re-submit. The necessary fields are: Name, Subject and Message.


            \n"; &rest_of_form; } elsif ($error eq 'field_size') { printf "$title ERROR: Field too Long\n"; print "

            ERROR: Field too Long

            \n"; print "One of the form fields in the message submission was too long. The following are the limits on the size of each field (in characters):

              \n"; print "
            • Name: $max_len{'name'}\n"; print "
            • E-Mail: $max_len{'email'}\n"; print "
            • Subject: $max_len{'subject'}\n"; print "
            • Body: $max_len{'body'}\n"; print "
            • URL: $max_len{'url'}\n"; print "
            • URL Title: $max_len{'url_title'}\n"; print "
            • Image URL: $max_len{'img'}\n"; print "
            Please modify the form data and resubmit.


            \n"; &rest_of_form; } else { print "ERROR! Undefined.\n"; } exit; } sub rest_of_form { print "\n"; if ($followup == 1) { print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; } print "Name:
            \n"; print "E-Mail:

            \n"; if ($subject_line == 1) { print "\n"; print "Subject: $FORM{'subject'}

            \n"; } else { print "Subject:

            \n"; } print "Message:
            \n"; print "

            \n"; print "Optional Link URL:
            \n"; print "Link Title:
            \n"; print "Optional Image URL:

            \n"; print " \n"; print "

          • \n"; print "

            \n"; if ($show_faq == 1) { print "
            [ Follow Ups ] [ Post Followup ] [ $title ] [ FAQ ]
            \n"; } else { print "
            [ Follow Ups ] [ Post Followup ] [ $title ]
            \n"; } print "\n"; }