#! /usr/bin/perl # ========================================================================= # # /////apeboard+ for webmaster Ver.1.02 (Shift_JIS)///// # # Copyright (C) 2000,by 2apes.com # All rights reserved # Script written by Taishi Yokoyama # web site : http://www.2apes.com # mail : support@2apes.com # # ========================================================================= #程式設定------------------------------------------------ #require './jcode.pl'; require './boardini.cgi'; require './skinini.cgi'; #設定結束---------------------------------------------------------------- # ------------------------------------------------------------------------- # {?? # ------------------------------------------------------------------------- &form_decord; &get_cookie($mt_cookiename); $ck_pwd = $cookie{'pwd'}; $command = $FORMDATA{'command'}; $tgtid = $FORMDATA{'target'}; $pwd = $FORMDATA{'pwd'}; $msgnum = $FORMDATA{'msgnum'}; $old_pwd = $FORMDATA{'old_pwd'}; $new_pwd = $FORMDATA{'new_pwd'}; $cknew_pwd=$FORMDATA{'cknew_pwd'}; if ($msgnum eq ''){ $msgnum = 0; } if ($command eq 'read' || $command eq 'f_read'){ &read_mes_res; } elsif ($command eq 'res_mes'){ &res_message; &read_mes_res; } elsif ($command eq 'remove'){ &remove_message; &read_mes_res; } elsif ($command eq 'cg_mtpwd'){ &shw_chpwd; } elsif ($command eq 'cg_and_ck'){ &check_change; &mt_login; } else { &mt_login; } exit(0); # ------------------------------------------------------------------------- # tH[?f[^fR[hTu?[`? # ------------------------------------------------------------------------- sub form_decord{ local($query,@assocarray,$assoc,$property,$value); if ($ENV{'REQUEST_METHOD'} eq "POST") { read(STDIN, $query, $ENV{'CONTENT_LENGTH'}); } else { $query= $ENV{'QUERY_STRING'}; } @assocarray = split(/&/, $query); foreach (@assocarray) { ($property, $value) = split(/=/); $value =~ tr/+/ /; $value =~ s/%([\dA-Fa-f][\dA-Fa-f])/pack("C", hex($1))/eg; $value =~ s/\r\n/\r/g; $value =~ s/\n/\r/g; $value =~ s/ \r \r//g; $value =~ s/\@\r\@\r//g; $value =~ s/ \r/\r/g; $value =~ s/\@\r/\r/g; $value =~ s/\r\r\r\r//g; #$value =~ s/&/&/g; $value =~ s//>/g; $value =~ s/,/\0/g; if ($tagset eq 'off') { $value =~ s/"/"/g; } # nbV?i[ ------------------------------------------------ if ($property eq 'target'){ push(@RM,$value); } else { $FORMDATA{$property} = $value; } } } # ------------------------------------------------------------------------- # ?Xp?bZ[W\ # ------------------------------------------------------------------------- sub read_mes_res { # f[^t@C?? -------------------------------------- &lock_open(TXT, "+<$datafile"); @txt = ; &unlock_close(TXT); ($encoded_pass) = splice(@txt, 0, 1); chop($encoded_pass); if ($command ne 'f_read') { &get_cookie($mt_cookiename); $pwd = $cookie{'pwd'}; } if ($encoded_pass eq '' || &mismatch_password($pwd, $encoded_pass)) { &print_error("管理者密碼錯誤! 請重新輸入!"); } # f[^? -------------------------------------------- $volume = scalar(@txt); # \ ------------------------------------------------ $msgstart = $msgnum; if ($msgstart < 0) { $msgstart = 0; } $msgend = $msgnum + $data_out; if ($msgend > $volume) { $msgend = $volume; } # \O ---------------------------------------- if ($command eq 'f_read') { undef %cookie; $cookie{'pwd'} = $pwd; &print_cookie($mt_cookiename, 1); } print "Content-type: text/html; charset=big5\n\n"; # wb_? ---------------------------------------- print "\n"; print "\n"; print "\n"; print "For Webmaster\n"; print "\n"; print "\n"; print "\n"; print "
\n"; print "
\n"; print "For Webmaster
\n"; print "
\n"; print "管理者專區只屬管理者進入!其他訪客進行禁止!
\n"; print "
\n"; print "管理完畢/回到留言板

\n"; # ?e\ ---------------------------------------------------- for ($i = $msgstart; $i < $msgend; $i++) { ($dispid,$dispname,$dispicon,$dispmail,$dispurl,$dispdate,$disppwd,$dispsubject,$dispmsg,$disphost,$dispres) = split(/,/, $txt[$i]); $dispname =~ s/\0/,/g; $dispicon =~ s/\0/,/g; $dispmail =~ s/\0/,/g; $dispurl =~ s/\0/,/g; $disppwd =~ s/\0/,/g; $dispsubject =~ s/\0/,/g; $dispmsg =~ s/\0/,/g; $disphost=~ s/\0/,/g; $dispres =~ s/\0/,/g; chomp($dispres); $dat_tmp = $dateline; ($d_year,$d_mon,$d_day,$d_weekstr,$d_hour,$d_min) = split(/&/, $dispdate); if ($addzero_md eq 'on') { if ($d_mon < 10) { $d_mon = "0$d_mon"; } if ($d_day <10) { $d_day = "0$d_day"; } if ($d_hour < 10) { $d_hour = "0$d_hour"; } if ($d_min < 10) { $d_min = "0$d_min"; } } $dat_tmp =~ s/year/$d_year/i; $dat_tmp =~ s/month/$d_mon/i; $dat_tmp =~ s/day/$d_day/i; $dat_tmp =~ s/week/$d_weekstr/i; $dat_tmp =~ s/hour/$d_hour/i; $dat_tmp =~ s/minute/$d_min/i; # O?[?Ah?X??N ---------------------------- if($dispmail ne '') { $dispname = '' . $dispname . ''; } # URL??N --------------------------------------------- if($dispurl ne '') { $dispurl = '- ' . Website . ''; } # ?C??ie?j ------------------------------------ print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "
\n"; print "\n"; print "[$dispid]  $dispsubject
內容\n"; print "Time:$dat_tmp  IP:$disphost
\n"; print "$dispsubject by $dispname $dispurl
\n"; print "

$dispmsg

\n"; print "\n"; # ?C??iq?j ------------------ open(RES, $res_file) || &print_error('開啟檔案出錯!不能回覆!'); $reshtml = join('',); close(RES); @part_res = split(/:&:/, $dispres); $res_volume = scalar(@part_res); for ($j = 0; $j < $res_volume; $j++) { ($dresnum,$dresname,$dresicon,$dresmail,$dresurl,$dresdate,$drespwd,$dressubject,$dresmsg,$dreshost) = split(/<>/, $part_res[$j]); $res_dat_tmp = $dateline; ($dres_year,$dres_mon,$dres_day,$dres_weekstr,$dres_hour,$dres_min) = split(/&/, $dresdate); if ($addzero_md eq 'on') { if ($dres_mon < 10) { $dres_mon = "0$dres_mon"; } if ($dres_day <10) { $dres_day = "0$dres_day"; } } if($addzero_hm eq 'on') { if ($dres_hour < 10) { $dres_hour = "0$dres_hour"; } if ($dres_min < 10) { $dres_min = "0$dres_min"; } } $res_dat_tmp =~ s/year/$dres_year/i; $res_dat_tmp =~ s/month/$dres_mon/i; $res_dat_tmp =~ s/day/$dres_day/i; $res_dat_tmp =~ s/week/$dres_weekstr/i; $res_dat_tmp =~ s/hour/$dres_hour/i; $res_dat_tmp =~ s/minute/$dres_min/i; # O?[?Ah?X??N ---------------------------- if($dresmail ne '') { $dresname = '' . $dresname . ''; }; # URL??N --------------------------------------------- if($dresurl ne '') { $dresurl = '- ' . Website . ''; } print "
\n"; print "<$res_dat_tmp>[$dreshost]刪除
\n"; print "$dressubject by $dresname $dresurl
\n"; print "
\n"; print "

$dresmsg

\n"; print "
\n"; } if ($reshtml =~ /ressubject/i){ print "
主旨\n"; print "\n"; } print "
回覆\n"; print "\n"; print "

\n"; } # tb^? ------------------------------------ $nextmsg = $msgend ; print "\n"; print "\n"; print "\n"; print "\n"; print "
\n"; print "\n"; print "\n"; print "
\n"; print "
\n"; print ""; print "\n"; print "\n"; if ($data_out + $msgnum + 1 > $volume) { print "\n"; print "
< TopLog\n"; } else { print "OldLog >\n"; } print "
\n"; print "
\n"; print "

@

\n"; print "\n"; print "\n"; exit(0); } # ------------------------------------------------------------------------- # ?Xf[^t@C???Tu?[`? # ------------------------------------------------------------------------- sub res_message { if (!@RM) { &print_error('請先選擇要回覆的留言!'); } # f[^t@C?? -------------------------------------- &get_cookie($mt_cookiename); $ck_pwd = $cookie{'pwd'}; &lock_open(TXT, "+<$datafile"); @txt = ; ($encoded_pass) = splice(@txt, 0, 1); chop($encoded_pass); if (&mismatch_password($ck_pwd, $encoded_pass)) { &unlock_close(TXT); &print_error("密碼錯誤,無法執行"); } # ?X?e? ------------------------------------ @tmp = @RM; foreach $tgtid(@tmp){ if ($tgtid =~ /_/i){ &print_error("沒有這篇留言存在"); } $index = &find_msg; if ($index < 0) { &unlock_close(TXT); &print_error("沒有這篇留言存在"); } ($dispid,$dispname,$dispicon,$dispmail,$dispurl,$dispdate,$disppwd,$dispsubject,$dispmsg,$disphost,$dispres) = split(/,/, $txt[$index]); chomp($dispres); # ?Xf[^ ------------------------------------------ $respnum = 'resp' . "$dispid"; $subjnum = 'subject' . "$dispid"; $resp = $FORMDATA{"$respnum"}; $r_subj=$FORMDATA{"$subjnum"}; $resp =~ s/\r/
/g; # ^Ogps?iURL ??Nj -------------------- if ($tagset eq 'off') { if ($autolink ne '') { $resp =~ s/(http:\/\/[\w\.\/\~\-\+\=\#\%\&\?\(\)]+)/$autolink<\/a>/ig; } else { $resp =~ s/(http:\/\/[\w\.\/\~\-\+\=\#\%\&\?\(\)]+)/$1<\/a>/ig; } } # ^Ogp?e?? ------------------------------------ if ($tagset eq 'on') { $resp =~ s/(<[^&]*)
([^&]*>)/$1$2/gi; if ($tagimg eq 'on') { $resp =~ s/(<(img([^&]+))>)/$1/gi; } $resp .= "" x ( ($resp =~ s/(<(a href=([^&]+))>)//gi) - ($resp =~ s/<\/a>/<\/a>/gi) ); if ($tagfnt eq 'on') { $resp .= "" x ( ($resp =~ s/(<(font([^&]*))>)//gi) - ($resp =~ s/<\/font>/<\/font>/gi) ); } $resp .= "" x ( ($resp =~ s/<b>//gi) - ($resp =~ s/<\/b>/<\/b>/gi) ); $resp .= "" x ( ($resp =~ s/<i>//gi) - ($resp =~ s/<\/i>/<\/i>/gi) ); $resp =~ s/("[^ "<>]+)>/$1">/gi; } # ---------------------------------------------------- @part_res = split(/:&:/, $dispres); # t ---------------------------------------------------- $datestr = &get_date_string; # L?? ------------------------------------------------ $id = 1; for ($i = 0; $i < @part_res; $i++) { ($thisid) = split(/<>/, $part_res[$i]); ($pnum,$cnum) = split(/_/,$thisid); if ($cnum >= $id) { $id = $cnum + 1; } } $id = "$dispid" . '_' . "$id"; # host ----------------------------------------------- $host = $ENV{'REMOTE_HOST'}; $addr = $ENV{'REMOTE_ADDR'}; if ($host eq $addr) { $host = gethostbyaddr(pack('C4',split(/\./,$host)),2) || $addr; } # ?? -------------------------------------------- $oneline = "$dispid,$dispname,$dispicon,$dispmail,$dispurl,$dispdate,$disppwd,$dispsubject,$dispmsg,$disphost,$dispres$id<>$master_name<>master<>$admin<>$indexurl<>$datestr<>$ckpwd<>$r_subj<>$resp<>$host:&:\n"; if ($res_sort eq 'on'){ splice(@txt, $index, 1); seek(TXT, 0, 0); print TXT "$encoded_pass\n"; unshift(@txt, $oneline); } else { splice(@txt, $index, 1, $oneline); seek(TXT, 0, 0); print TXT "$encoded_pass\n"; } } print TXT @txt; &unlock_close(TXT); } # ------------------------------------------------------------------------- # ?bZ[W?Tu?[`? # ------------------------------------------------------------------------- sub remove_message { if (!@RM) { &print_error('請先指定要刪除的留言!'); } &get_cookie($mt_cookiename); $ck_pwd = $cookie{'pwd'}; &lock_open(TXT, "+<$datafile"); @txt = ; ($encoded_pass) = splice(@txt, 0, 1); chop($encoded_pass); if (&mismatch_password($ck_pwd, $encoded_pass)) { &unlock_close(TXT); &print_error("pX?[hLB
x?OC?B"); } @tmp = @RM; foreach $tgtid(@tmp){ if ($tgtid =~ m/\d+_\d+/) { ($pnum,$cnum) = split (/_/, $tgtid); $tgtid = $pnum; } $index = &find_msg; if ($index < 0) { &unlock_close(TXT); &print_error("對不起!沒有這篇留言存在!"); } ($dispid,$dispname,$dispicon,$dispmail,$dispurl,$dispdate,$disppwd,$dispsubject,$dispmsg,$disphost,$dispres) = split(/,/, $txt[$index]); if ($cnum) { $tgtrsid = "$tgtid" . '_' ."$cnum"; chomp($dispres); @part_res = split(/:&:/, $dispres); for ($i = 0; $i < @part_res; $i++) { ($dresnum,$dresname,$dresicon,$dresmail,$dresurl,$dresdate,$drespwd,$dressubject,$dresmsg,$dreshost) = split(/<>/, $part_res[$i]); if ($tgtrsid eq $dresnum) { splice(@part_res, $i, 1); $dispres = join(':&:',@part_res); $oneline = "$dispid,$dispname,$dispicon,$dispmail,$dispurl,$dispdate,$disppwd,$dispsubject,$dispmsg,$dreshost,$dispres:&:\n"; $oneline =~ s/,:&:/,/i; splice(@txt, $index, 1, $oneline); last; } } } else { splice(@txt, $index, 1); } } unshift(@txt, ("$encoded_pass\n")); seek(TXT, 0, 0); print TXT @txt; truncate(TXT, tell(TXT)); &unlock_close(TXT); } # ------------------------------------------------------------------------- # ?ppX?[h\ # ------------------------------------------------------------------------- sub mt_login { print "Content-type: text/html; charset=big5\n"; print "\n"; print "\n"; print "\n"; print "apeboard for webmaster\n"; print "\n"; print "\n"; print "\n"; print "
\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "
\n"; print "
\n"; print "\n"; print "For Webmaster only!

\n"; print " 請輸入管理者密碼!

\n"; print "  "; print "\n"; print "
"; print "


\n"; print "
\n"; print "\n"; print "\n"; exit(0); } # ------------------------------------------------------------------------- # ?ppX?[hX\ # ------------------------------------------------------------------------- sub shw_chpwd { print "Content-type: text/html; charset=big5\n"; print "\n"; print "\n"; print "\n"; print "修改密碼!\n"; print "\n"; print "\n"; print "\n"; print "
\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "
\n"; print "
\n"; print "\n"; print "For Webmaster only!

\n"; print "密碼必須位4位以上的英文或數字!

\n"; print "現在的管理者密碼\n"; print "

"; print "新的管理者密碼!\n"; print "

"; print "重新確認新的密碼!

\n"; print "新的管理者密碼!\n"; print "

"; print "\n"; print "
"; print "


\n"; print "
\n"; print "\n"; print "\n"; exit(0); } # ------------------------------------------------------------------------- # ?ppX?[h`FbNX # ------------------------------------------------------------------------- sub check_change { &lock_open(TXT, "+<$datafile"); @txt = ; ($encoded_pass) = splice(@txt, 0, 1); chop($encoded_pass); if ($encoded_pass eq '' || &mismatch_password($old_pwd, $encoded_pass)) { &unlock_close(TXT); &print_error("現在的密碼輸入錯誤!不能更改密碼!"); } if ($new_pwd ne $cknew_pwd) { &unlock_close(TXT); &print_error('新的密碼兩次輸入不一樣!請重新輸入!'); } if ($new_pwd eq '' || length($new_pwd) < 4) { &unlock_close(TXT); &print_error('新的密碼字數過少!請重新輸入!'); } $encmaster = &encode_pwd($new_pwd); seek(TXT, 0, 0); print TXT "$encmaster\n"; &unlock_close(TXT); print "Content-type: text/html; charset=big5\n"; print "\n"; print "\n"; print "\n"; print "-設定完成-\n"; print "\n"; print "\n"; print "\n"; print "
\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "
\n"; print "
\n"; print "\n"; print "Password has changed.

\n"; print "  "; print "\n"; print "
"; print "


\n"; print "
\n"; print "\n"; print "\n"; exit(0); } # ------------------------------------------------------------------------- # ?bZ[WTTu?[`? # ------------------------------------------------------------------------- sub find_msg { local($i, $foundindex, $dispid); $foundindex = -1; for ($i = 0; $i < @txt; $i++) { ($dispid) = split(/,/, $txt[$i]); if ($tgtid == $dispid) { $foundindex = $i; last; } } return $foundindex; } # ------------------------------------------------------------------------- # t@C??bNTu?[`? # ------------------------------------------------------------------------- sub lock_open { local(*FILE, $lk_name) = @_; if (!open(FILE, $lk_name)) { &print_error("$lk_nameI[v?B"); } if ($lock) { eval("flock(FILE, 2)"); # 2=LOCK_EX if ($@) { &print_error("$@ - flock gB\$uselock = 0 B"); } } seek(FILE, 0, 0); } # ------------------------------------------------------------------------- #t@C?A??bNTu?[`? # ------------------------------------------------------------------------- sub unlock_close { local(*FILE) = @_; if ($lock) { eval("flock(FILE, 8)"); # 8=LOCK_UN } close(FILE); } # ------------------------------------------------------------------------- # pX?[h? # ------------------------------------------------------------------------- sub encode_pwd { local($sec, $min, $hour, $day, $mon, $year, $weekday) = localtime(time); local(@token) = ('0'..'9', 'A'..'Z', 'a'..'z'); local($pass) = @_; local($encpass, $salt1, $salt2); $salt1 = $token[(time | $$) % scalar(@token)]; $salt2 = $token[($sec + $min*60 + $hour*60*60) % scalar(@token)]; $encpass = crypt($pass, "$salt1$salt2"); return $encpass; } # ------------------------------------------------------------------------- # pX?[h? # ------------------------------------------------------------------------- sub mismatch_password { local($pass, $encodedpass) = @_; if ($encodedpass ne crypt($pass, $encodedpass)) { return 1; } else { return 0; } } # ------------------------------------------------------------------------- # NbL[Tu?[`? # ------------------------------------------------------------------------- sub get_cookie { local($mt_cookiename) = @_; local($key, $value, @pairs, $pair); @sqpairs = split(/;\s/, $ENV{'HTTP_COOKIE'}); foreach $sqpair (@sqpairs) { ($sqkey, $sqvalue) = split(/=/, $sqpair); if ($sqkey eq $mt_cookiename) { $sqvalue =~ s/:/; /g; $sqvalue =~ s/_/=/g; @pairs = split(/;\s/, $sqvalue); foreach $pair (@pairs) { ($key, $value) = split(/=/, $pair); $value =~ tr/+/ /; $key =~ s/%([A-Fa-f0-9][A-Fa-f0-9])/pack("C", hex($1))/eg; $value =~ s/%([A-Fa-f0-9][A-Fa-f0-9])/pack("C", hex($1))/eg; $cookie{$key} = $value; } last; } } } # ------------------------------------------------------------------------- # NbL[Tu?[`? # ------------------------------------------------------------------------- sub make_cookie { local($mt_cookiename) = @_; local(@sqcookie, $sqstr); local($encode) = '\%\+\;\,\=\&\_\:'; while (($key, $value) = each %cookie) { $key =~ s/([$encode])/'%'.unpack("H2", $1)/eg; $value =~ s/([$encode])/'%'.unpack("H2", $1)/eg; $key =~ s/\s/\+/g; $value =~ s/\s/\+/g; push(@sqcookie, "${key}_${value}"); } $sqstr = join(':', @sqcookie); return "$mt_cookiename=$sqstr; "; } # ------------------------------------------------------------------------- # NbL[\Tu?[`? # ------------------------------------------------------------------------- sub print_cookie { local($mt_cookiename, $hours, $domain) = @_; local($cookiestr) = &make_cookie($mt_cookiename); print "Set-Cookie: $cookiestr;"; if ($domain) { print " domain=$domain;"; } print "\n"; } # ------------------------------------------------------------------------- # ?Tu?[`? # ------------------------------------------------------------------------- sub get_date_string { local(@week) = ("Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"); local($sec, $min, $hour, $day, $mon, $year, $weekday) = localtime(time); $year += 1900; $mon++; # ? -------------------------------------------------- $weekstr = $week[$weekday]; # return "$year/$mon/$day ($weekstr) $hour:$min"; return "$year&$mon&$day&$weekstr&$hour&$min"; } # ------------------------------------------------------------------------- # G?[\Tu?[`? # ------------------------------------------------------------------------- sub print_error { local($msg) = @_; print "Content-type: text/html; charset=big5\n"; print "\n"; print "\n"; print "\n"; print "$msg\n"; print "\n"; print "\n"; print "\n"; print "
\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "
\n"; print "$msg
\n"; print "程式發生錯誤!請再度嘗試或詢問作者"; print "$admin"; print "


\n"; print "
\n"; print "\n"; print "\n"; exit(0); } # End of Script