#Discus board administration script (board-admin) #------------------------------------------------------------------------------- #This script is copyright (c) 1997-98 by Kevin W. Paulisse and William F. Polik, #all rights reserved. You may not modify or delete this copyright header. #The use of this product is subject to a license agreement. Contact Kevin #Paulisse (paulisse@mulliken.chem.hope.edu) for further information. #------------------------------------------------------------------------------- # If you are getting an "unexplained error" when trying to do something, # you can turn on the diagnostic mode to check what variables are being # passed. Do this by setting $diagnostic = 1. $diagnostic = 1; #------------------------------------------------------------------------------- open (FILE, "$discus_conf"); @file = ; close (FILE); $evals = ""; foreach $line (@file) { if ($line =~ /^(\w+)=(.*)/) { $varname = $1; $value = $2; $value =~ s/'/\\'/g; $evals .= "\$$varname='$value'; "; } } eval($evals); require "$admin_dir/source/src-board-subs-common"; &parse_form; &read_cookie; if ($ENV{'HTTP_REFERER'} =~ /\.$cgi_extension/i) { $_ = $FORM{'HTTP_REFERER'}; s/#(.*)//g; } else { $_ = $ENV{'HTTP_REFERER'}; s/#(.*)//g; } &extract ($_) if $_ ne ""; ############################################################################# # BOARD MANAGER FUNCTIONS ############################################################################# if ($FORM{'action'} eq 'Add_Topic') { &error_message('Permissions Error', 'Only the superuser may access the "Add New Topic" functionality!') if $FORM{'username'} ne "$superuser"; &check_passwd; ($new_topic) = &ex('webtags',$FORM{'topic'},3); $group = $FORM{'group'}; $group =~ tr/A-Z/a-z/; $group =~ s/\W//g; &error_message('Group Specification Error', 'You did not specify a valid group!') if $group eq ""; &ex('add_topic', $new_topic, $group); &ex('board_manager', $FORM{"username"}); exit(0); exit(0); } if ($FORM{'action'} eq 'board_toppage') { &error_message('Permissions Error', 'Only the superuser may access this functionality!') if $FORM{'username'} ne "$superuser"; &check_passwd; if ($FORM{'Bold'}) { $boldon = 1; } else { $boldon = 0; } if ($FORM{'Group'}) { $groupon = 1; } else { $groupon = 0; } if ($FORM{'Date'}) { $dateon = 1; } else { $dateon = 0; } &ex('change_board_toppage', $boldon, $groupon, $dateon); &ex('board_manager', $FORM{"username"}); exit(0); } if ($FORM{'action'} eq 'topics') { if ($FORM{'SELECTION'} =~ /delete(\w+)/) { $todo = $1; &error_message('Permissions Error', 'Only the superuser may access this functionality!') if $FORM{'username'} ne "$superuser"; &check_passwd; if ($todo ne "all") { $todo =~ s/\D//g; if ($todo != 0) { &ex('remove_topic', $todo); } } else { @mark = split(/,/, $FORM{'MARK'}); foreach $num (@mark) { $num =~ s/\D//g; &ex('remove_topic', $num) if $num != 0; } } &ex('board_manager', $FORM{"username"}); exit(0); exit(0); } elsif ($FORM{'SELECTION'} =~ /properties(\d+)/) { $todo = $1; &error_message('Permissions Error', 'Only the superuser may access this functionality!') if $FORM{'username'} ne "$superuser"; &check_passwd; &extract ("//$todo/$todo.$ext"); &ex('rename_topic_form', $topic_name,$todo,$FORM{"username"}); exit(0); } elsif ($FORM{'SELECTION'} =~ /group(\w+)/) { $todo = $1; &error_message('Permissions Error', 'Only the superuser may access this functionality!') if $FORM{'username'} ne "$superuser"; &check_passwd; if ($todo ne "all") { $todo =~ s/[^\d,]//g; if ($todo != 0) { &ex('change_topic_group_form', $todo, $FORM{"username"}); } } else { &ex('change_topic_group_form', $FORM{'MARK'},$FORM{"username"}); } &ex('board_manager', $FORM{"username"}); exit(0); } elsif ($FORM{'SELECTION'} =~ /reorderall/) { undef @data; undef @datakeys; foreach $key (keys(%FORM)) { if ($key =~ m|^ORDER(\d+)|) { push (@data, $1); push (@dataval, $FORM{$key}); } } @array = @data[sort {$dataval[$a] <=> $dataval[$b]} $[..$#data]; $arraystr = join(":", @array); &ex('reorder_topics', $arraystr); &ex('board_manager', $FORM{"username"}); exit(0); } } if ($FORM{'action'} eq 'rename_a_topic') { &error_message('Permissions Error', 'Only the superuser may access the "Rename Topic" functionality!') if $FORM{'username'} ne "$superuser"; &check_passwd; ($newname) = &ex('webtags', $FORM{"newname"},3); $newname = &remove_links($newname); &error_message("Rename Error", "You didn't specify a new topic name!") if $newname eq ""; &error_message("Formatting Error", "The following formatting error was returned:

$newname

") if $newname =~ /

FORMATTING/i; $topic = $FORM{'topic'}; $topic =~ s/\D//g; &error_message("Rename Error", "You didn't specify a valid initial topic!") if $topic == 0; &ex('rename_topic', $topic,$newname); &ex('board_manager', $FORM{"username"}); exit(0); exit(0); } if ($FORM{'action'} eq 'main_message') { &error_message('Permissions Error', 'Only the superuser may change the main message!') if $FORM{'username'} ne "$superuser"; &check_passwd; if ($FORM{'submit'} !~ /Preview/) { $message = $FORM{'message'}; ($message_in) = &ex('webtags', $message,1); $FORM{'submit'} = "Preview" if $message_in =~ /

FORMATTING/; } if ($FORM{'submit'} !~ "Preview") { $source = &escape($message); &ex('change_main_message', $message_in, $source); &ex('board_manager', $FORM{"username"}); exit(0); } else { ($message_in) = &ex('webtags', $FORM{"message"},1); $FORM{'message'} =~ s//>/g; $FORM{'message'} =~ s/&/&/g; $FORM{'message'} =~ s/"/"/g; &ex('preview_admin_message', $FORM{"message"}, $message_in, $FORM{'username'}, "", "main_message", "Main Message"); exit(0); } } if ($FORM{'action'} eq 'change_topic_group') { &error_message('Permissions Error', "Only the superuser may change a topic's group!") if $FORM{'username'} ne "$superuser"; &check_passwd; $group = $FORM{'group'}; $group =~ tr/A-Z/a-z/; $group =~ s/\W//g; &error_message('Group Specification Error', 'You did not specify a valid group!') if $group eq ""; $topic = $FORM{'topics'}; $topic =~ s/[^\d,]//g; &error_message("Invalid Topic", "Topic selected is not valid.") if $topic eq ""; @topics = split(/,/, $topic); foreach $line (@topics) { $line =~ s/\D//g; &ex('change_topic_group', $line, $group); } &ex('board_manager', $FORM{"username"}); exit(0); } if ($FORM{'action'} eq "board_appearance") { &error_message('Permissions Error', 'Only the superuser may change the board appearance!') if $FORM{'username'} ne "$superuser"; &check_passwd; $FORM{'bgcolor'} =~ s/\W//g; $FORM{'text'} =~ s/\W//g; $FORM{'link'} =~ s/\W//g; $FORM{'vlink'} =~ s/\W//g; $FORM{'alink'} =~ s/\W//g; $FORM{'size'} =~ s/\D//g; $FORM{'face'} =~ s/[^\w\s,]//g; $FORM{'image'} =~ s/[<>"&'\[\];]//g; if ($FORM{'submit'} =~ /Preview/) { &ex('preview_board_colors', $FORM{"bgcolor"}, $FORM{"text"}, $FORM{"link"}, $FORM{"vlink"}, $FORM{"alink"}, $FORM{"face"}, $FORM{"size"}, $FORM{"username"}, $FORM{"image"}); exit(0); } else { &ex('change_board_colors', $FORM{"bgcolor"}, $FORM{"text"}, $FORM{"link"}, $FORM{"vlink"}, $FORM{"alink"}, $FORM{"face"}, $FORM{"size"}, $FORM{"image"}); &ex('board_manager', $FORM{"username"}); exit(0); } } ########################################################################### # PAGE MANAGER FUNCTIONS ########################################################################### if ($FORM{'action'} eq 'add_subtopic') { &check_passwd; &extract ($FORM{'HTTP_REFERER'}); &verify_owner($owner,$FORM{'username'}); &error_message("Add Subtopic Error", "You did not specify a title for the new subtopic!") if $FORM{'subtopic'} eq ""; ($newtitle) = &ex("webtags", $FORM{'subtopic'},3); &error_message("Add Subtopic Error", "Formatting tags returned the following error:

$newtitle") if $newtitle =~ /

Formatting/i; $param = "Sublist" if $FORM{'pagetype'} eq "privateindex"; $param = "SublistCreate" if $FORM{'pagetype'} eq "publicindex"; $param = "MessagesAdd" if $FORM{'pagetype'} eq "message"; $target = "Main" if $FORM{'linktype'} eq "rightframe"; $target = "_top" if $FORM{'linktype'} eq "top"; $target = "_blank" if $FORM{'linktype'} eq "new"; $param = "LINK" if $FORM{'type'} eq "link"; if ($param eq "LINK") { $url = $FORM{'url'}; &error_message('Add Subtopic Error', "The URL you specified was not valid") if $FORM{'url'} eq ""; } ($newnum_number) = &ex("add_page", $newtitle,$param,$url,$target); ($dt) = &ex("get_date_time", "short"); ($ts) = &ex("get_date_time", "long"); $ts =~ s/\W//g; &ex("update_time", $topic_number, $newnum_number, $me_number, $ts, $dt); $append = "?username=$FORM{'username'}"; &ex("page_mgr_2", $FORM{"HTTP_REFERER"},$FORM{"username"}); exit(0); } if ($FORM{'action'} eq "subtopics") { &check_passwd; &extract($FORM{'HTTP_REFERER'}); &verify_owner($owner, $FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to edit this topic!"); if ($FORM{'SELECTION'} =~ /^delete(\w+)/) { $todo = $1; if ($todo eq "all") { $todo = $FORM{'MARK'}; } &ex("remove_page", $topic_number, $me_number, $todo); &ex("page_mgr_2", $FORM{"HTTP_REFERER"},$FORM{"username"}); } elsif ($FORM{'SELECTION'} =~ /move(\w+)/) { if ($1 =~ /^(\d+)$/) { $tomove = $1; $plural = ""; $singular = "a "; } else { $tomove = $FORM{'MARK'}; $plural = "s"; $singular = ""; } &ex('move_subtopic_form', $topic_number, $me_number, $FORM{'username'}, $plural, $singular, $FORM{'HTTP_REFERER'}); exit(0); } elsif ($FORM{'SELECTION'} =~ /properties(\d+)/) { $torename = $1; if ($torename =~ /^0/) { $torename =~ s/^0//g; &ex("rename_link_form", $FORM{"HTTP_REFERER"},$torename,$FORM{"username"}); } else { &ex("rename_subtopic_form", $FORM{"HTTP_REFERER"}, $torename, $FORM{"username"}); } exit(0); } elsif ($FORM{'SELECTION'} =~ /reorder/) { undef @data; undef @datakeys; foreach $key (keys(%FORM)) { $key2 = $key; $keystr .= "$key2=$FORM{$key2}
"; if ($key2 =~ /^ORDER/) { $key2 =~ s/^ORDER//g; $key2 =~ s/^0//g; push (@data, $key2); push (@dataval, $FORM{$key}); } } @array = @data[sort {$dataval[$a] <=> $dataval[$b]} $[..$#data]; $arraystr = join(":", @array); &ex("reorder_subtopics", $FORM{"HTTP_REFERER"}, $arraystr); &ex("page_mgr_2", $FORM{"HTTP_REFERER"},$FORM{"username"}); } } if ($FORM{'action'} eq 'rename_a_subtopic' || $FORM{'action'} eq 'rename_a_link') { &check_passwd; &extract ($FORM{'HTTP_REFERER'}); &verify_owner ($owner,$FORM{'username'}) || &error_message("Permissions Error", "You do not have permissions to rename subtopics on this page!"); ($newname) = &ex('webtags', $FORM{"newname"}, 3); $newname = &remove_links($newname); &error_message("Rename Error", "You didn't specify a new subtopic/link name!") if $newname eq ""; &error_message("Formatting Error", "The following formatting error was returned:

$newname

") if $newname =~ /

FORMATTING/i; if ($FORM{'action'} eq "rename_a_subtopic") { $subtopic = $FORM{'subtopic'}; $subtopic =~ s/\D//g; &error_message("Rename Error", "You didn't specify a valid initial subtopic!") if $subtopic == 0; &ex("rename_subtopic", $FORM{"HTTP_REFERER"}, $subtopic, $newname); } else { $linknum = $FORM{'link'}; $url = &remove_html($FORM{'url'}); if ($FORM{'frame'} eq "top") { $target = "_top"; } elsif ($FORM{'frame'} eq "new") { $target = "_blank"; } else { $target = "Main"; } &ex("rename_link", $FORM{"HTTP_REFERER"}, $linknum, $newname, $url, $target); } &ex("page_mgr_2", $FORM{"HTTP_REFERER"},$FORM{"username"}); } if ($FORM{'action'} eq "move_subtopic") { &check_passwd; &extract ($FORM{'HTTP_REFERER'}); &verify_owner ($owner,$FORM{'username'}) || &error_message("Permissions Error", "You do not have permissions to move subtopics from this page!"); $oldtopic = $topic_number; $oldparent = $me_number; &extract("//$FORM{'click'}.$ext"); &verify_owner ($owner,$FORM{'username'}) || &error_message("Permissions Error", "You do not have permissions to move subtopics to this page!"); $newtopic = $topic_number; $newtopic_hold = $newtopic; $newhome = $me_number; $newhome_hold = $newhome; @tomove = split(/,/, $FORM{'move'}); foreach $page (@tomove) { $page =~ s/^0//; } $tomove = join(",", @tomove); &ex('move_page', $oldtopic, $tomove, $oldparent, $newtopic, $newhome); &extract("//$newtopic_hold/$newhome_hold.$ext"); if ($param !~ /Sublist/) { &ex('change_layout', $newtopic_hold, $newhome_hold, $param . "Sublist"); } ($dt) = &ex('get_date_time', "short"); ($ts) = &ex('get_date_time', "long"); $ts =~ s/\W//g; &ex('update_time', $topic_number, $me_number, $parent_number, $ts, $dt); &ex("page_mgr_2", $FORM{"HTTP_REFERER"},$FORM{"username"}); exit(0); } if ($FORM{'action'} eq "messages") { &check_passwd; &extract($FORM{'HTTP_REFERER'}); &verify_owner($owner, $FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to edit this topic!"); if ($FORM{'SELECTION'} =~ /delete(\w+)/) { $todo = $1; if ($todo ne "all") { $todo =~ s/\D//g; if ($todo != 0) { &ex('remove_message', $FORM{"HTTP_REFERER"}, $todo); } } else { &ex('remove_message', $FORM{"HTTP_REFERER"}, $FORM{'MARK'}); } &ex("page_mgr_2", $FORM{"HTTP_REFERER"},$FORM{"username"}); } elsif ($FORM{'SELECTION'} =~ /move(\w+)/) { $tomove = $1; &ex('move_message_form', $topic_number, $tomove, $FORM{"move"}, $FORM{"MARK"}, $FORM{"HTTP_REFERER"}, $FORM{"username"}); exit(0); } elsif ($FORM{'SELECTION'} =~ /edit(\d+)/) { $toedit = $1; ($source) = &ex('read_source', "$message_dir/$topic_number/$me_number.$ext", $toedit); &error_message("Edit Message Error", "The specified message number is invalid.") if $source eq ""; chop ($source) if $source =~ /\n$/; &ex('edit_message_form', $topic_number, $me_number, $toedit, $source, "", $FORM{"username"}); exit(0); } elsif ($FORM{'SELECTION'} =~ /reorder/) { undef @data; undef @datakeys; foreach $key (keys(%FORM)) { $key2 = $key; $keystr .= "$key2=$FORM{$key2}
"; if ($key2 =~ /^ORDER/) { $key2 =~ s/^ORDER//g; push (@data, $key2); push (@dataval, $FORM{$key}); } } @array = @data[sort {$dataval[$a] <=> $dataval[$b]} $[..$#data]; $arraystr = join(":", @array); &ex('reorder_messages', $FORM{"HTTP_REFERER"}, $arraystr); &ex("page_mgr_2", $FORM{"HTTP_REFERER"},$FORM{"username"}); } } if ($FORM{'action'} eq "edit_message") { &check_passwd; &extract($FORM{'HTTP_REFERER'}); &verify_owner($owner, $FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to edit messages in this topic!"); ($source) = &ex('read_source', "$message_dir/$topic_number/$me_number.$ext", $FORM{"postindex"}); &error_message ("Edit Message Error", "Specified post index is not valid - source is blank.") if $source eq ""; $source = $FORM{"message"}; ($lint, $message) = &ex('webtags', $source, 0, 1); &error_message ("Edit Message Error", "You cannot specify a blank message!") if $message eq ""; $FORM{'submit'} = "Preview" if $lint eq "!Error"; if ($FORM{'submit'} =~ /Preview/) { &ex('edit_message_form', $topic_number, $me_number, $FORM{"postindex"}, $source, $message, $FORM{"username"}); exit(0); } &ex('save_edited_message', $topic_number, $me_number, $FORM{"postindex"}, &escape($source), $message, $FORM{"username"}); &ex("page_mgr_2", $FORM{"HTTP_REFERER"},$FORM{"username"}); } if ($FORM{'action'} eq "move_message") { &check_passwd; &extract($FORM{'HTTP_REFERER'}); &verify_owner($owner, $FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to move messages from this topic!"); ($old_topic,$old_page) = ($topic_number, $me_number); if ($FORM{'click'}) { &extract ("//$FORM{'click'}.$ext"); &verify_owner($owner, $FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to move messages to this topic!"); ($new_topic, $new_page) = ($topic_number, $me_number); $page_num = $new_page; } else { $new_topic = "Create"; $new_page = $FORM{'newname'}; } ($new_page, $new_topic) = &ex('move_message', $old_topic, $old_page, $FORM{"move"}, $new_topic, $new_page, $FORM{"parm"}); if ($new_page != 0) { $page_num = $new_page; $new_topic = $old_topic if $new_topic =~ /\D/; &extract ("//$new_topic/$new_page.$ext"); $param =~ s/noneset//g; if ($param !~ /Messages/) { &ex('change_layout', $new_topic, $page_num, $param . "Messages"); $param .= "Messages"; if ($param !~ /Add/ && $FORM{"parm"} == 1) { &ex('change_layout', $new_topic, $page_num, $param . "Add"); } } } &extract("//$new_topic/$new_page.$ext"); ($dt) = &ex('get_date_time', "short"); ($ts) = &ex('get_date_time', "long"); $ts =~ s/\W//g; &ex('update_time', $topic_number, $me_number, $parent_number, $ts, $dt); &ex("page_mgr_2", $FORM{"HTTP_REFERER"},$FORM{"username"}); } if ($FORM{'action'} eq 'about_message') { &check_passwd; &extract ($FORM{'HTTP_REFERER'}); &verify_owner ($owner, $FORM{'username'}); $new_message = $FORM{'message'}; ($new_message) = &ex('webtags', $new_message, 1); $FORM{'submit'} = "Preview" if $new_message =~ /

FORMATTING/i; if ($FORM{'submit'} =~ /Preview/) { $FORM{'message'} =~ s/&/&/g; $FORM{'message'} =~ s//>/g; $FORM{'message'} =~ s/"/"/g; &ex('preview_admin_message', $FORM{"message"}, $new_message, $FORM{"username"}, $FORM{"HTTP_REFERER"}, "about_message", "About Message"); exit(0); } else { $file = "$message_dir/$topic_number/$me_number.$ext"; &ex('change_about_message', $file, $FORM{"message"}, $new_message); ($dt) = &ex('get_date_time', "short"); ($ts) = &ex('get_date_time', "long"); $ts =~ s/\W//g; &ex('update_time', $topic_number, $me_number, $parent_number, $ts, $dt); &ex("page_mgr_2", $FORM{"HTTP_REFERER"},$FORM{"username"}); } } if ($FORM{'action'} eq "change_layout") { &check_passwd; &extract ($FORM{'HTTP_REFERER'}); &verify_owner($owner, $FORM{'username'}); $layout = ""; $layout .= "Sublist" if $FORM{'element1'} eq "on"; $layout .= "Create" if $FORM{'element2'} eq "on"; $layout .= "About" if $FORM{'element3'} eq "on"; $layout .= "Messages" if $FORM{'element4'} eq "on"; $layout .= "Add" if $FORM{'element5'} eq "on"; &ex('change_layout', $topic_number, $me_number, $layout); $append = "?username=$FORM{'username'}"; &ex("page_mgr_2", $FORM{"HTTP_REFERER"},$FORM{"username"}); exit(0); } ############################################################################ # MODERATOR MANAGER FUNCTIONS ############################################################################ if ($FORM{'action'} eq "add_moderator") { &error_message('Permissions Error', 'Only the superuser may access the "Add New Moderator" functionality!') if $FORM{'username'} ne "$superuser"; &check_passwd; &ex('add_moderator', $FORM{"username"}, $FORM{"user"}, $FORM{"pass_1"}, $FORM{"pass_2"}); &ex('moderator_mgr', $FORM{"username"}); exit(0); } if ($FORM{'action'} eq "moderator_form") { &error_message("Permissions Error", "Only the superuser may delete and edit moderators!") if $FORM{'username'} ne $superuser; &check_passwd; if ($FORM{'SELECTION'} =~ /^delete(\w+)/) { $remove = $1; if ($remove ne "All") { &ex('delete_moderator', $remove) if $remove ne $superuser; } else { @mark = split(/,/, $FORM{'MARK'}); @mark = grep(!/^$superuser$/, @mark); foreach $user (@mark) { &ex('delete_moderator', $user); } } &ex('moderator_mgr', $FORM{"username"}); exit(0); } elsif ($FORM{'SELECTION'} =~ /^edit(\w+)/) { $edit = $1; &ex("profile_editor", $FORM{"username"}, "passwd.txt", $cgiurl, 1, "profile_su", "password_su", $edit, "", "Moderator Editor: \u$edit", 2); exit(0); } } if ($FORM{'action'} eq "password_su") { &error_message("Permissions Error", "Only the superuser may change the passwords of other moderators!") if $FORM{'username'} ne $superuser; &check_passwd; &error_message("Change Password Error", "The superuser's password cannot be changed using this method!") if $FORM{'user'} eq $superuser; &ex('change_password', "passwd", $FORM{"user"}, $FORM{"pass1"}, $FORM{"pass2"}); &ex("profile_editor", $FORM{"username"}, "passwd.txt", $cgiurl, 1, "profile_su", "password_su", $FORM{"user"}, "", "Moderator Editor: \u$FORM{'user'}", 2); exit(0); } if ($FORM{'action'} eq "profile_su") { &error_message("Permissions Error", "Only the superuser may change the profiles of other moderators!") if $FORM{'username'} ne $superuser; &check_passwd; foreach $key (keys(%FORM)) { $FORM{$key} =~ s/[:<>;]//g; } @notifyoptions = split(/,/, $FORM{'notify'}); $tally = 0; foreach $num (@notifyoptions) { $tally += $num; } &ex('change_profile', "passwd", $FORM{"user"}, $FORM{"email"}, $FORM{"fullname"}, $FORM{"profile"}, $tally, "*"); &ex("profile_editor", $FORM{"username"}, "passwd.txt", $cgiurl, 1, "profile_su", "password_su", $FORM{"user"}, "", "Moderator Editor: \u$FORM{'user'}", 2); exit(0); } ########################################################################## # GROUP MANAGER FUNCTIONS ########################################################################## if ($FORM{'action'} eq "add_group") { &error_message('Permissions Error', 'Only the superuser may access the "Add New Group" functionality!') if $FORM{'username'} ne "$superuser"; &check_passwd; &ex('add_group', $FORM{"username"}, $FORM{"group"}); &ex('group_mgr', $FORM{"username"}); exit(0); } if ($FORM{'action'} eq "group_form") { &error_message("Permissions Error", "Only the superuser may delete and edit groups!") if $FORM{'username'} ne $superuser; &check_passwd; if ($FORM{'SELECTION'} =~ /delete([\w\-]+)/) { $remove = $1; if ($remove ne "All") { &ex('delete_group', $remove); } else { @mark = split(/,/, $FORM{'MARK'}); foreach $user (@mark) { &ex('delete_group', $user); } } &ex('group_mgr', $FORM{"username"}); exit(0); } elsif ($FORM{'SELECTION'} =~ /edit([\w\-]+)/) { $edit = $1; &ex('edit_group', $FORM{"username"}, $edit); exit(0); } } if ($FORM{'action'} eq "edit_group_form") { &error_message("Permissions Error", "Only the superuser may delete and edit groups!") if $FORM{'username'} ne $superuser; &check_passwd; if ($FORM{'SELECTION'} =~ /^delete(\w+)/) { $remove = $1; if ($remove ne "All") { &ex('delete_moderator_from_group', $remove, $FORM{"group"}); } else { @mark = split(/,/, $FORM{'MARK'}); foreach $user (@mark) { &ex('delete_moderator_from_group', $user, $FORM{"group"}); } } $edit = $FORM{'group'}; &ex('edit_group', $FORM{"username"}, $edit); exit(0); } } if ($FORM{'action'} eq "add_to_group") { &error_message('Permissions Error', 'Only the superuser may add a moderator to a group!') if $FORM{'username'} ne "$superuser"; &check_passwd; if ($FORM{'SELECTION'} =~ /^add(\w+)/) { $add = $1; if ($add ne "All") { &ex('add_to_group', $FORM{"group"}, $add); } else { @mark = split(/,/, $FORM{'MARK'}); foreach $user (@mark) { &ex('add_to_group', $FORM{"group"}, $user); } } } $edit = $FORM{'group'}; &ex('edit_group', $FORM{"username"}, $edit); exit(0); } ########################################################################## # PROFILE MANAGER FUNCTIONS ########################################################################## if ($FORM{'action'} eq "password") { &check_passwd; open (PASSWD, "$admin_dir/passwd.txt"); @passwd = ; close (PASSWD); ($line) = grep(/^$FORM{'username'}:/, @passwd); ($user, $pass, $email, $full, $profile, $wantemail, $lastcheck) = split(/:/, $line); &error_message("Change Password Error", "You do not have permission to edit your own profile!") if $profile == 0 && $FORM{'username'} ne $superuser; &ex('change_password', "passwd", $FORM{"username"}, $FORM{"pass1"}, $FORM{"pass2"}); if ($FORM{'firsttime'}) { &ex('register_discus', 1); } else { &ex('passwd_success', 1); } exit(0); } if ($FORM{'action'} eq "profile") { &check_passwd; open (PASSWD, "$admin_dir/passwd.txt"); @passwd = ; close (PASSWD); ($line) = grep(/^$FORM{'username'}:/, @passwd); ($user, $pass, $email, $full, $profile, $wantemail, $lastcheck) = split(/:/, $line); &error_message("Edit Profile Error", "You do not have permission to edit your own profile!") if $profile == 0 && $FORM{'username'} ne $superuser; foreach $key (keys(%FORM)) { $FORM{$key} =~ s/[:<>;]//g; } @notifyoptions = split(/,/, $FORM{'notify'}); $tally = 0; foreach $num (@notifyoptions) { $tally += $num; } &ex('change_profile', "passwd", $FORM{"username"}, $FORM{"email"}, $FORM{"fullname"}, "*", $tally, "*"); &ex("profile_editor", $FORM{"username"}, "passwd.txt", $cgiurl, 0, "profile", "password", "", "", "Profile Manager", 0); exit(0); } ########################################################################## # USER MANAGER FUNCTIONS ########################################################################## if ($FORM{'action'} eq "add_user") { &check_passwd; &verify_owner($FORM{'group'},$FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to add users to this group!"); &ex('add_user', $FORM{"username"}, $FORM{"newuser"}, $FORM{"pass_1"}, $FORM{"pass_2"}, $FORM{"group"}); &ex('user_mgr_2', $FORM{"username"}, $FORM{"group"}); exit(0); } if ($FORM{'action'} eq 'preview_list') { &check_passwd; &verify_owner($FORM{'group'},$FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to add users to this group!"); &ex("preview_user_list", $FORM{"username"}, $FORM{"group"}, $FORM{"list"}); exit(0); } if ($FORM{'action'} eq 'submit_list') { &check_passwd; &verify_owner($FORM{'group'},$FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to add users to this group!"); if ($FORM{'modify'} == 1) { ($modified_list) = &ex("modify_list", 1); &ex("preview_user_list", $FORM{"username"}, $FORM{"group"}, $modified_list, $FORM{"delimiter"}); } else { &ex("add_user_list", $FORM{"username"}, $FORM{"group"}); &ex('user_mgr_2', $FORM{"username"}, $FORM{"group"}); exit(0); } } if ($FORM{'action'} eq "user_form") { &check_passwd; &verify_owner($FORM{'group'},$FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to remove or edit users in this group!"); if ($FORM{'SELECTION'} =~ /^delete(\w+)/) { $remove = $1; if ($remove ne "ALL") { &ex("delete_user", $remove, $FORM{"group"}); } else { &ex("delete_user", $FORM{"MARK"}, $FORM{"group"}); } &ex('user_mgr_2', $FORM{"username"}, $FORM{"group"}); exit(0); } elsif ($FORM{'SELECTION'} =~ /^edit(\w+)/) { $edit = $1; &ex("profile_editor", $FORM{"username"}, "users.txt", $cgiurl, 1, "profile_user", "password_user", $edit, $FORM{'group'}, "User Editor: \u$edit", 1); exit(0); } } if ($FORM{'action'} eq "profile_user") { &check_passwd; &verify_owner($FORM{'group'},$FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to remove or edit users in this group!"); foreach $key (keys(%FORM)) { $FORM{$key} =~ s/[:<>;]//g; } @notifyoptions = split(/,/, $FORM{'notify'}); $tally = 0; foreach $num (@notifyoptions) { $tally += $num; } &ex("change_profile", "users", $FORM{"user"}, $FORM{"email"}, $FORM{"fullname"}, $FORM{"profile"}, $tally, "*", $FORM{"group"}); &ex("profile_editor", $FORM{"username"}, "users.txt", $cgiurl, 1, "profile_user", "password_user", $FORM{"user"}, $FORM{'group'}, "User Editor: \u$FORM{'user'}", 1); exit(0); } if ($FORM{'action'} eq "password_user") { &check_passwd; &verify_owner($FORM{'group'},$FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to remove or edit users in this group!"); &ex("change_password", "users", $FORM{"user"}, $FORM{"pass1"}, $FORM{"pass2"}, $FORM{"group"}); &ex("profile_editor", $FORM{"username"}, "users.txt", $cgiurl, 1, "profile_user", "password_user", $FORM{"user"}, $FORM{'group'}, "User Editor: \u$FORM{'user'}", 1); exit(0); } if ($FORM{'action'} eq "special_user") { &check_passwd; &verify_owner($FORM{'group'},$FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to edit special permissions in this group!"); &ex("special_user", $FORM{"group"}, "PUBLIC", $FORM{"public"}); &ex("special_user", $FORM{"group"}, "USERS", $FORM{"users"}); &ex("special_user", $FORM{"group"}, "MODERATORS", $FORM{"moderators"}); &ex("special_user", $FORM{"group"}, "DISABLE", $FORM{"disable"}); &ex('user_mgr_2', $FORM{"username"}, $FORM{"group"}); exit(0); } if ($FORM{'action'} eq "profile_perm") { &check_passwd; &verify_owner($FORM{'group'},$FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to edit special permissions in this group!"); @process = ("anon", "email", "stamp"); foreach $process (@process) { if ($FORM{$process} eq "on") { $FORM{$process} = ""; } else { $FORM{$process} = "on"; } } &ex("special_user", $FORM{"group"}, "DISABLEANON", $FORM{"anon"}); &ex("special_user", $FORM{"group"}, "DISABLEEMAIL", $FORM{"email"}); &ex("special_user", $FORM{"group"}, "DISABLESTAMP", $FORM{"stamp"}); &ex('user_mgr_2', $FORM{"username"}, $FORM{"group"}); exit(0); } ########################################################################## # GENERAL FUNCTIONS ########################################################################## if ($diagnostic == 0) { &error_message("Unexplained Error", "The script form values passed to the board administration program produced an unexplained error."); } else { print "Content-type: text/html\n\n"; print "Script administration error - invalid query\n"; print "-" x 50, "\n"; print "FORM keys and values:\n"; foreach $key (sort(keys(%FORM))) { print "\t'$key' = '$FORM{$key}'\n"; } print "-" x 50, "\n"; print "ENV keys and values:\n"; foreach $key (sort(keys(%ENV))) { print "\t'$key' = '$ENV{$key}'\n"; } print "-" x 50, "\n"; exit(0); } sub check_passwd { $username = $FORM{'username'}; $username =~ tr/A-Z/a-z/; $guess = $FORM{'password'}; $guess =~ tr/A-Z/a-z/; open(PASSWD,"$admin_dir/passwd.txt") || &error_message("Verify Password Error", "Cannot open password file (passwd.txt) for reading!"); @passwd_line = ; close(PASSWD); $ok = ""; foreach $line (@passwd_line) { ($user, $pass) = split(/:/, $line); if ($user eq $username) { $test_pass = crypt($guess, $pass); $ok = "Yes" if $test_pass eq $pass; $ok = "No" if $pass eq ""; $ok = "Yes" if $username eq $superuser && $pass eq "" && $guess eq ""; $ok = "No" if $username ne $superuser && $pass eq ""; $ok = "No" if $username eq $superuser && $pass ne "" && $guess eq ""; $ok = "Yes" if $COOKIE{'pass'} eq crypt($pass, "cookie") && $guess eq ""; return $test_pass if $ok eq "Yes"; } } if ($ok ne "Yes") { open (LOG, ">>$admin_dir/admin.log"); print LOG "$user\"$host\"$addr\"$ts\"WRONG\n"; close (LOG); &error_message("Bad Login", "Your username/password combination was invalid to access the administration program!"); } } sub verify_owner { local ($owner, $username) = @_; local (@group_data, $group, $usernames, @username, $groupname); open (GROUP, "$admin_dir/groups.txt") || &error_message("File Error", "Cannot open group file (groups.txt)!"); @group_data = ; close (GROUP); foreach $group (@group_data) { chop ($group) if $group =~ /\n$/; ($groupname, $usernames) = split(/:/, $group); if ($groupname eq $owner) { @username = split(/,/, $usernames); if (grep (/^$username$/, @username)) { return 1; } else { return 0; } } } return 0; }