#Discus board administration (menu only) script
#-------------------------------------------------------------------------------
#This script is copyright (c) 1997-98 by Kevin W. Paulisse and William F. Polik,
#all rights reserved.  You may not modify or delete this copyright header.
#The use of this product is subject to a license agreement.  Contact Kevin
#Paulisse (paulisse@mulliken.chem.hope.edu) for further information.
#-------------------------------------------------------------------------------

if (open (FILE, "$discus_conf")) {
	@file = <FILE>;
	close (FILE);
	$evals = "";
	foreach $line (@file) {
	    if ($line =~ /^(\w+)=(.*)/) {
	        $varname = $1;
	        $value = $2;
	        $value =~ s/'/\\'/g;
	        $evals .= "\$$varname='$value'; ";
	    }
	}
	eval($evals);
	$titlej = $title;
	$titlej =~ s/['"<>]//g;
} else {
	if ($CGI_EXTENSION) {
		print "Content-type: text/html\n\n";
		print "<HTML><HEAD><TITLE>Setup Error</TITLE></HEAD>\n";
		print "<BODY><H2 Align=Center>Setup Error</H2>\n";
		print "In the FTP installation form, you did not specify the correct\n";
		print "directory paths.  However, you can use the diagnostic script\n";
		print "to troubleshoot and perhaps even fix the problem!<P>\n";
		print "<CENTER><A HREF=\"diagnose.$CGI_EXTENSION\">Click here to continue!</A>";
		print "</CENTER>\n</BODY></HTML>\n";
		exit(0);
	} else {
		print "Content-type: text/plain\n\n";
		print "Script execution error!\nCannot open 'discus.conf' file.\n";
		exit(0);
	}
}

require "$admin_dir/source/src-board-subs-common";

&parse_form;
&read_cookie;

if ($ENV{'HTTP_REFERER'} =~ /\.$cgi_extension/i) {
	$_ = $FORM{'HTTP_REFERER'};
	s/#(.*)//g;
} else {
	$_ = $ENV{'HTTP_REFERER'};
	s/#(.*)//g;
}

if ($FORM{'action'} eq 'mgr_1') {
	&check_passwd;
	&ex('page_mgr_1', $FORM{"username"});
	exit(0);
}

if ($FORM{'action'} eq "page_editor") {
	&check_passwd;
	&extract($FORM{'HTTP_REFERER'});
	&verify_owner($owner,$FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to edit the selected topic!");
	$refer = "//$FORM{'HTTP_REFERER'}";
	&ex("page_mgr_2", $refer,$FORM{"username"});
}

if ($FORM{'action'} eq "graphic_browser") {
	&check_passwd;
	&extract ($FORM{'HTTP_REFERER'});
	&ex('graphic_browser_select', $topic_number, $me_number, $FORM{'username'});
	exit(0);
}

if ($FORM{'cmd'} eq "board_mgr") {
	&check_passwd;
	&error_message("Permissions Error", "Only the superuser may access the board manager!") if $FORM{'username'} ne $superuser;
	&ex('board_manager', $FORM{"username"}); exit(0);
}

if ($FORM{'cmd'} eq "moderator_mgr") {
	&check_passwd;
	&error_message("Permissions Error", "Only the superuser may access the moderator manager!") if $FORM{'username'} ne $superuser;
	&ex('moderator_mgr', $FORM{"username"});
	exit(0);
}

if ($FORM{'action'} eq "viewmessage") {
	&check_passwd;
	&extract ($FORM{'HTTP_REFERER'});
	&verify_owner($owner,$FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to view messages in this topic!");
	$file = "$message_dir/$topic_number/$me_number.$ext";
	$post = $FORM{'num'};
	&ex('viewmessage', $topic_number, $me_number, $post);
	exit(0);
}

if ($FORM{'action'} eq 'menu' || $FORM{'cmd'} eq 'menu') {
	$pass = &check_passwd;
	$flag = 1 if $pass eq "* BLANK *";
	&ex('admin_main_menu',$FORM{"username"}, $pass, $flag);
	exit(0);
}

if ($FORM{'action'} eq 'first_pass') {
	$pass = &check_passwd;
	&ex('first_pass', $FORM{"username"});
	exit(0);
}

if ($FORM{'cmd'} eq "group_mgr") {
	&check_passwd;
	&error_message("Permissions Error", "Only the superuser may access the group manager!") if $FORM{'username'} ne $superuser;
   &ex('group_mgr', $FORM{"username"}); exit(0);
}

if ($FORM{'cmd'} eq "profile_mgr") {
	&check_passwd;
	&ex("profile_editor", $FORM{"username"}, "passwd.txt", $cgiurl, 0, "profile", "password", "", "", "Profile Manager", 0);
	exit(0);
}

if ($FORM{'cmd'} eq "user_mgr") {
	&check_passwd;
	&ex('user_mgr_1', $FORM{"username"});
	exit(0);
}

if ($FORM{'cmd'} eq "user_mgr_2") {
	&check_passwd;
	&verify_owner($FORM{'group'},$FORM{'username'}) || &error_message("Permissions Error", "You do not have permission to edit users in this group!");
	&ex('user_mgr_2', $FORM{"username"}, $FORM{"group"});
	exit(0);
}

if ($FORM{'cmd'} eq "version_mgr") {
	&check_passwd;
	&error_message("Permissions Error", "Only the superuser may access the version manager!") if $FORM{'username'} ne $superuser;
	&ex('version_manager', 1);
	exit(0);
}

&ex("front_page", 1);

exit(0);

sub check_passwd {
	$FORM{'username'} =~ tr/A-Z/a-z/;
	$username = $FORM{'username'}; $username =~ tr/A-Z/a-z/;
	$guess = $FORM{'password'}; $guess =~ tr/A-Z/a-z/;
	open(PASSWD,"$admin_dir/passwd.txt") || &error_message("Verify Password Error", "Cannot open password file (passwd.txt) for reading!");
	@passwd_line = <PASSWD>;
	close(PASSWD);
	$ok = "";
	foreach $line (@passwd_line) {
		($user, $pass) = split(/:/, $line);
		if ($user eq $username) {
			$test_pass = crypt($guess, $pass);
			$ok = "Yes" if $test_pass eq $pass;
			$ok = "No" if $pass eq "";
			$ok = "Yes" if $username eq $superuser && $pass eq "" && $guess eq "";
			return "* BLANK *" if $username eq $superuser && $pass eq "" && $guess eq "";
			$ok = "No" if $username ne $superuser && $pass eq "";
			$ok = "No" if $username eq $superuser && $pass ne "" && $guess eq "";
			$ok = "Yes" if $COOKIE{'pass'} eq crypt($pass, "cookie") && $guess eq "";
			return $test_pass if $ok eq "Yes";
		}
	}
	if ($ok ne "Yes") {
		($ts) = &ex('get_date_time', "short");
		$host = $ENV{'REMOTE_HOST'};
		$addr = $ENV{'REMOTE_ADDR'};
		open (LOG, ">>$admin_dir/admin.log");
		print LOG "$FORM{'username'}\"$ENV{'REMOTE_HOST'}\"$ENV{'REMOTE_ADDR'}\"$ts\"WRONG\n";
		close (LOG);
		&error_message("Bad Login", "Your username/password combination was invalid to access the administration program!<P>This may occur if you have cookies disabled on your browser -- the administration program stores your password as a cookie.<P>");
	}
}

sub verify_owner {
	local ($owner, $username) = @_;
	local (@group_data, $group, $usernames, @username, $groupname);
	open (GROUP, "$admin_dir/groups.txt") || &error_message("File Error", "Cannot open group file (groups.txt)!");
	@group_data = <GROUP>;
	close (GROUP);
	foreach $group (@group_data) {
		chop ($group) if $group =~ /\n$/;
		($groupname, $usernames) = split(/:/, $group);
		if ($groupname eq $owner) {
			@username = split(/,/, $usernames);
			if (grep (/^$username$/, @username)) {
				return 1;
			} else {
				return 0;
			}
		}
	}
	return 0;
}