#!/usr/local/bin/perl $discus_conf = '/usr/u/web/estarc/discus_admin_1969/discus.conf'; #Discus user profile editor script (board-profile.cgi) #------------------------------------------------------------------------------- # This script is copyright (c) 1998 by DiscusWare, LLC, all rights reserved. # Its use is subject to the license agreement that can be found at the following # URL: http://www.chem.hope.edu/discus/license #------------------------------------------------------------------------------- if (open (FILE, "$discus_conf")) { @file = ; close (FILE); $evals = ""; foreach $line (@file) { if ($line =~ /^(\w+)=(.*)/) { $varname = $1; $value = $2; $value =~ s/'/\\'/g; $value =~ s/\r//g; $evals .= "\$$varname='$value'; "; } } eval($evals); require "$admin_dir/source/src-board-subs-common"; } else { print "Content-type: text/html\n\n"; print "Script Execution Error\n"; print "\n"; print "

Script Execution Error

\n"; print "Discus scripts could not execute because the discus.conf file\n"; print "could not be opened."; print "

Reason: $!" if $!; print "

This generally indicates a setup error of some kind.\n"; print "Consult the Discus "; print "Resource Center for troubleshooting information.\n"; exit(0); } &parse_form; &read_cookie; #------------------------------------------------------------------------------- $FORM{'username'} =~ tr/A-Z/a-z/; $FORM{'password'} =~ tr/A-Z/a-z/; if ($FORM{'action'} eq "clear_cookie") { print "Set-Cookie: user$COOKIE_ID=nobody; expires=Sunday, 06-Sep-1998 00:00:00 GMT; path=/\n"; print "Set-Cookie: cpwd$COOKIE_ID=nobody; expires=Sunday, 06-Sep-1998 00:00:00 GMT; path=/\n"; print "Set-Cookie: rpwd$COOKIE_ID=nobody; expires=Sunday, 06-Sep-1998 00:00:00 GMT; path=/\n"; print "Set-Cookie: pass$COOKIE_ID=nobody; expires=Sunday, 06-Sep-1998 00:00:00 GMT; path=/\n"; $COOKIE{'user' . $COOKIE_ID} = ""; $COOKIE{'cpwd' . $COOKIE_ID} = ""; $COOKIE{'rpwd' . $COOKIE_ID} = ""; $FORM{'action'} = ""; $script_url =~ m|^http://([^/]+)|; $aft = $'; foreach $key (keys(%COOKIE)) { if ($key =~ m|^auth(\d+)|) { print "Set-Cookie: $key=none; expires=Sunday, 06-Sep-1998 00:00:00 GMT; path=$aft\n"; $COOKIE{$key} = ""; } } } if ($FORM{'action'} eq "") { &header; ($bg, $tx, $li, $vl, $al, $face, $size, $image) = &ex('extract_colorsonly', 1); &ex('printuntil', 1, 1, 0, $L{PROFEDIT_TITLE}); print "

$L{PROFEDIT_TITLE}
\n"; print $L{PROFILE_LOGIN}; $ucid = "user$COOKIE_ID"; print "
\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "
$L{PROFILE_USERNAME}
$L{PROFILE_PASSWORD}

\n"; print "\n"; print "

\n"; if ($COOKIE{$ucid} ne "") { $ts = $L{LOGIN_YOUARELOGGEDIN}; $cu = $COOKIE{$ucid}; $ts =~ s/\%user/$cu/g; print "
\n"; print "
\n"; print $ts; print "

\n"; print "\n"; print "

\n"; } if ($GLOBAL_OPTIONS{'allow_selfreg'}) { print "
\n"; print "
$L{REG_FRONTSCREEN}

\n"; print "\n"; print "\n"; print "

\n"; } &ex('printuntil', 3, 17, 0, "", 0, 1); exit(0); } if ($FORM{'action'} eq "display_profile") { $profile = $FORM{'profile'}; if ($pro) { &ex('display_profile', $profile); } else { &error_message("$L{FEATURE_NOT_SUPPORTED}", "$L{FEATURE_NOT_SUPPORTED_DESCR}"); } exit(0); } if ($FORM{'action'} eq "register") { &ex('register_1', 1); } if ($FORM{'action'} eq "register_2") { &ex('register_2', 1); } if ($FORM{'action'} eq "display_picture") { $profile = $FORM{'picture'}; &ex('display_picture', $profile); exit(0); } if ($FORM{'action'} eq "sync") { ($result) = &ex('verify_user_password', $FORM{'username'}, $FORM{'password'}, 1); @result = split(/\n/, $result); @result_save = @result; foreach $line (@result) { $line =~ s/\s+$//; ($file, $user, $pass, $email, $full, $edit) = split(/:/, $line); $line = "" if $edit == 0; } @result = grep(/\S/, @result); $s = join("\n", @result); foreach $line (@result) { ($file, $user, $pass, $email, $full, $edit, $notify, $last, $group) = split(/:/, $line); if ($edit == 2 || $edit == 4) { $EMAIL_FORCE = $email; } } foreach $line (@result) { ($file, $user, $pass, $email, $full, $edit, $notify, $last, $group) = split(/:/, $line); if ($file eq $FORM{'file'}) { if ($group eq $FORM{'group'}) { $email = $EMAIL_FORCE if $EMAIL_FORCE; $notify = "*" if $notify eq ""; &ex('save_profile_information', $pass, $email, $full, "", $notify, $last, "", @result_save); &ex('synchronize_PRO', $file, $user, $s) if $pro; last; } } } $FORM{'action'} = "profile_editor_screen"; } if ($FORM{'action'} eq "profile_editor_screen") { ($result) = &ex('verify_user_password', $FORM{'username'}, $FORM{'password'}, 1); @result = split(/\n/, $result); foreach $line (@result) { ($file, $user, $pass, $email, $full, $edit) = split(/:/, $line); $line = "" if $edit == 0; $LINE_FORCE = $line if ($edit == 2 || $edit == 4); } @result = grep(/\S/, @result); if (scalar(@result) == 0) { &error_message($L{PROFILE_AUTHERROR}, $L{PROFILE_AUTHERROR_DESCR}, 0, 1); } $r = $result[0]; $r = $LINE_FORCE if $LINE_FORCE; $r =~ s/\n$//; $s = join("\n", @result); @result_save = @result; ($differences) = &ex('compare_profiles', $s) if !$pro; ($differences) = &ex('compare_profiles_PRO', $s) if $pro; &ex('display_profile_differences', $FORM{'username'}, $FORM{'password'}, $s) if ($differences && !$pro); &ex('display_profile_differences_PRO', $FORM{'username'}, $FORM{'password'}, $s) if ($differences && $pro); ($file, $user, $pass, $email, $full, $edit, $notify, $last, $group) = split(/:/, $r); $file =~ tr/A-Z/a-z/; &ex("profile_editor_screen", $file, $FORM{"username"}, $group, $FORM{"username"}, "$script_url/board-profile.$cgi_extension", "profile_editor") if !$pro; &ex("profile_editor_screen_PRO", $file, $FORM{"username"}, $group, $FORM{"username"}, "$script_url/board-profile.$cgi_extension", "profile_editor") if $pro; exit(0); } if ($FORM{'action'} eq "register_info") { $user = $FORM{'username'}; $user =~ s/://g; @group = split(/,/, $FORM{'group'}); undef @result; open (USERS, "$admin_dir/users.txt"); @users = ; close (USERS); @u = grep(/^$user:/, @users); foreach $line (@u) { chop $line if $line =~ m|\n|; ($u, $p, $e, $f, $d, $n, $l, $g) = split(/:/, $line); if (grep(/^$g$/, @group) || $p eq "*Q*") { push (@result, "USERS:$line\n"); } } @result_save = @result; &ex('info_save_pro', 1); &ex('register_thanks', 1); } if ($FORM{'action'} eq "profile_editor") { ($result) = &ex('verify_user_password', $FORM{'username'}, $FORM{'password'}, 1); @result = split(/\n/, $result); foreach $line (@result) { ($file, $user, $pass, $email, $full, $edit) = split(/:/, $line); $EMAIL_FORCE = $email if ($edit == 2 || $edit == 4); $line = "" if $edit == 0; } @result = grep(/\S/, @result); @result_save = @result; if (scalar(@result) == 0) { &error_message($L{PROFILE_AUTHERROR}, $L{PROFILE_AUTHERROR_DESCR}, 0, 1); } if ($FORM{'action2'} eq "infosave") { $email = $FORM{'profile_email'}; $email = substr($email, 0, 40) if length($email) > 40; $full = $FORM{'profile_fullname'}; $full = substr($full, 0, 40) if length($full) > 40; if ($email =~ m|^([\w\-\+\.]+)\@([\w\-\+\.]+)$|) { $email_new = $email; } else { $email_new = "email"; } if ($full eq "") { $full = "fullname"; } else { $full =~ s/\n//g; $full =~ s/[:<>]//g; } $email_new = $EMAIL_FORCE if $EMAIL_FORCE; &ex('save_profile_information', "", $email_new, $full, "", "", "", "", @result); } if ($FORM{'action2'} eq "notifysave") { if (!$pro) { undef @em; foreach $key (keys(%FORM)) { if ($key =~ m|^notify_(\d+)|) { push (@em, $1); } } $emr = join(",", @em); $emr = "*" if $emr eq ""; &ex('save_profile_information', "", "", "", "", $emr, "", "", @result); } else { &ex('notify_save_pro', 1) if $FORM{'submit'} ne $L{PRED_FIRSTLEVEL}; &ex('select_by_subtopics', $file, $FORM{"username"}, $group, $FORM{"username"}, "$script_url/board-profile.$cgi_extension", "profile_editor") if $FORM{'submit'} eq $L{PRED_FIRSTLEVEL}; } } if ($FORM{'action2'} eq "preferences") { &ex('prefs_save_pro', 1); } if ($FORM{'action2'} eq "infosection") { &ex('info_save_pro', 1); } if ($FORM{'action2'} eq "changepass") { $p1 = $FORM{'pass_1'}; $p2 = $FORM{'pass_2'}; $p1 =~ tr/A-Z/a-z/; $p2 =~ tr/A-Z/a-z/; while ($p1 =~ m|(\W)|g) { $o = ord($1); $m = $1; &error_message($L{PROFILE_CHPASS_ERROR}, $L{PROFILE_CHPASS_ERROR_ALPHA}) if $o < 126; } &error_message($L{PROFILE_CHPASS_ERROR}, $L{PROFILE_CHPASS_ERROR_MATCH}) if $p1 ne $p2; &error_message($L{PROFILE_CHPASS_ERROR}, $L{PROFILE_CHPASS_ERROR_LENGTH}) if (length($p1) < 1 || length($p2) > 20); srand(time); undef (@salt); for ($i=1; $i<=4; $i++) { push (@salt, int(rand(26))+65); } $salt = pack('c4', @salt); $new_password = crypt($p1, $salt); &ex('save_profile_information', $new_password, "", "", "", "", "", "", @result); if ($FORM{'password'} eq "adminlogin" && $COOKIE{'pass' . $COOKIE_ID} ne "") { print "Set-Cookie: pass", $COOKIE_ID, "=", crypt($new_password, "cookie"), "; path=/\n"; &seturl("$script_url/board-profile.$cgi_extension?action=profile_editor_screen&password=adminlogin&username=$FORM{'username'}"); exit(0); } &header; &ex('printuntil', 1, 1, 0, $L{PROFILE_CHANGEDPASSWORD}); print "
$L{PROFILE_CHANGEDPASSWORD}
\n"; $l = $L{PROFILE_CHANGEDPASSWORD_DESCR}; print $l if $FORM{'password'} ne "adminlogin"; $l = $L{BPCLICKCONTINUE}; print "

$l
\n"; &ex('printuntil', 3, 17, 0, "", 0, 1); exit(0); } if ($FORM{'action2'} eq "editpost") { ($key) = grep(/^(\d+)$/, keys(%FORM)); &ex('edit_post_form', 0, 0, $key, "", "", $FORM{'username'}); exit(0); } ($result) = &ex('verify_user_password', $FORM{'username'}, $FORM{'password'}, 1); @result = split(/\n/, $result); foreach $line (@result) { ($file, $user, $pass, $email, $full, $edit, $email, $time, $group) = split(/:/, $line); $line = "" if $edit == 0; } foreach $line (@result) { ($file, $user, $pass, $email, $full, $edit, $email, $time, $group) = split(/:/, $line); if ($edit == 2) { last; } } @result = grep(/\S/, @result); @result_save = @result; &ex("profile_editor_screen", $file, $FORM{"username"}, $group, $FORM{"username"}, "$script_url/board-profile.$cgi_extension", "profile_editor") if !$pro; &ex("profile_editor_screen_PRO", $file, $FORM{"username"}, $group, $FORM{"username"}, "$script_url/board-profile.$cgi_extension", "profile_editor") if $pro; } if ($FORM{'action'} eq "edit_message") { ($result) = &ex('verify_user_password', $FORM{'username'}, $FORM{'password'}, 1); @result = split(/\n/, $result); foreach $line (@result) { ($file, $user, $pass, $email, $full, $edit) = split(/:/, $line); $line = "" if $edit == 0; } @result = grep(/\S/, @result); @result_save = @result; if (scalar(@result) == 0) { &error_message($L{PROFILE_AUTHERROR}, $L{PROFILE_AUTHERROR_DESCR}, 0, 1); } &ex('edit_message_action', 1); $file =~ tr/A-Z/a-z/; &ex("profile_editor_screen_PRO", $file, $FORM{"username"}, $group, $FORM{"username"}, "$script_url/board-profile.$cgi_extension", "profile_editor"); } &error_message("Unrecognized action");