#!/usr/bin/perl ############################################################################## # WWWBoard Version 2.0 ALPHA 2 # # Copyright 1996 Matt Wright mattw@worldwidemart.com # # Created 10/21/95 Last Modified 3/14/06 by Walt Bilofsky # # Scripts Archive at: http://www.worldwidemart.com/scripts/ # # Installed as Cape Dory bboard http://www.toolworks.com/capedory/bboard # # Mods Copr. 1996-1999 Walt Bilofsky bilofsky@toolworks.com # ############################################################################## # COPYRIGHT NOTICE # # Copyright 1996 Matthew M. Wright All Rights Reserved. # # # # WWWBoard may be used and modified free of charge by anyone so long as # # this copyright notice and the comments above remain intact. By using this # # code you agree to indemnify Matthew M. Wright from any liability that # # might arise from it's use. # # # # Selling the code for this program without prior written consent is # # expressly forbidden. In other words, please ask first before you try and # # make money off of my program. # # # # Obtain permission before redistributing this software over the Internet or # # in any other medium. In all cases copyright and header must remain intact.# ############################################################################## # Modifications: (by Walt Bilofsky - bilofsky@toolworks.com) # 10/22/16 - root is memories.treasureislandmuseum.org # 7/22/08 - Spammer mods - Gibberish subject, and friendlier message # 6.21.07 - Spammer mod. Check text with and without 0 and 1 substitutions. # 11/15/06 - Spammer mods. Remove image if parameterized to do so. # 8/8/06 - Spammer mods. Banned IP addresses. # 3/20/06 - Spammer mods. Banned word list; ban html. # 3/14/06 - Add log of post to both logfile and message # 11/17/05 - add Light Pollution board # 1/14/05 - Add TIMA Guestbook # 11/2/01 - add picture and link icons # 12/15/00 - add TYC race board. # 4/11/99 - Check for no added text in reply, and FS/WTB messages. # 4/10/99 - Add file locking, and checking for stutter on the Post button. # 4/3/99 - Add message display from packed database file # 3/27/99 - Change to to save space # (backwards compatible to old files) # 12/19/98 - add counter to CD post (now commented out) # 1/15/98 - add TYC race board # 9/24/97 - email address in header # Preview before posting # Mail subscription # Quoted text in italics # List most recent messages # Support multiple boards # Search messages for keywords # Allow splitting large message index files ########################################################################### # Configure Options $show_faq = 1; # 1 - YES; 0 = NO $allow_html = 1; # 1 = YES; 0 = NO; -1 = Block attempt to post. $allow_image = 1; # 1 = YES; 0 = NO; -1 = Block attempt to post. $quote_text = 1; # 1 = YES; 0 = NO $subject_line = 0; # 0 = Quote Subject Editable; 1 = Quote Subject # UnEditable; 2 = Don't Quote Subject, Editable. $use_time = 0; # 1 = YES; 0 = NO $mail_posts = 0; # 1 = Mail to subscribers, 2 = just mail summary, 0 = don't mail $body_wrap = "ON"; # Word wrap in message body input window: ON or OFF $body_width = 70; # Width of message body input window $debugargs = 0; # 1 = Print args to form when debugging $num_to_show = 30; # Nr arguments for "Show recent posts" $titles_only = 0; # Message titles only in index file (for read-only board) $short_tags = 1; # Abbreviates tags in message list - saves about 12% of space in index file $use_logfile = 0; # &1 = Record poster in logfile; &2 do not put in the message itself. $webmaster = "bilofsky\@toolworks.com"; # Done ########################################################################### # Define Variables $board = $ENV{'QUERY_STRING'}; #$board = "localtest"; #### For debugging on local machine only! if ($board =~ s/&(\d+)//) { # If called with boardname&argument $msg_to_disp = $1; # the argument is the number of a message to display } # Defaults - may be changed for a particular board. $cgi_url = "http://www.toolworks.com/cgi-bin/wwboard.cgi"; $background = $fbackground = ""; $mesgdir = "messages"; $datafile = "data.txt"; @mesgfiles = ( "index.html" ); $mesglink = "index.html"; # Where mesgfile is referenced from baseurl $faqfile = "faq.htm"; $posturl = "post.htm"; # URL for posting new messages, from baseurl $domain = "toolworks.com"; # for email return address $subscurl = "subscribe.htm"; # Web page for subscribing to email $logfile = "findlog.txt"; $bannedwords = ""; # File containing banned words $dbasefile = "msgdbase.txt"; # Packed database files for displaying a message $indexfile = "index.bin"; $FS = "\275"; # Field separator $SS = "\274"; # Section separator $basedir = "/home/toolwo5/public_html"; $baseurl = "http://www.toolworks.com"; ($top, $responses, $insert, $end) = ("top", "responses", "insert", "end"); ($top, $responses, $insert, $end) = ("t", "r", "i", "e") if ($short_tags); $ext = "html"; $LOCK_EX = 2; $LOCK_UN = 8; if ($board eq "cd") { $basedir = "/home/toolwo5/public_html/cdsoa"; $baseurl = "http://www.capedory.org"; @mesgfiles = ( "index.html", "oldmsgs.html" ); $dir = "bboard"; $title = "The Cape Dory Board"; $background = " bgcolor=\"#FFFFFF\" text=\"#000066\" "; $fbackground = "$background background=\"/cgi-bin/rand_image.cgi\""; $posturl = "cdbbpost.htm"; # URL for posting new messages, from baseurl $num_to_show = 40; # $counterfile = "/home/httpd/vhosts/toolworks.com/httpdocs/counters/data/cdbboard"; $screen_for_sale = "#forsale"; # Indicates no replies to for-sale/wtb allowed. $use_logfile = 1; $pixicon = "pic.gif"; $linkicon = "link.gif"; } elsif ($board eq "tyc") { $baseurl = "http://www.tyc.org"; $domain = "tyc.org"; # for email return address $basedir = "/home/httpd/vhosts/toolworks.com/httpdocs/tyc"; $dir = "raceresults"; $title = "TYC Race Results"; $background = " bgcolor=\"#FFFFFF\" background=\"http://www.tyc.org/images/bg.gif\""; $fbackground = $background; $titles_only = 1; # Message titles only in index file (for read-only board) } elsif ($board eq "tyccrew") { $baseurl = "http://www.tyc.org"; $domain = "tyc.org"; # for email return address $basedir = "/home/httpd/vhosts/toolworks.com/httpdocs/tyc"; $dir = "racecrew"; $title = "TYC Crew Finder"; $background = " bgcolor=\"#FFFFFF\" background=\"http://www.tyc.org/images/bg.gif\""; $fbackground = $background; $mail_posts = 1; } elsif ($board eq "test") { @mesgfiles = ( "index.html", "oldmsgs.html" ); $dir = "testboard"; $cgi_url = "/cgi-bin/testboard.cgi"; $background = $fbackground = " BGCOLOR=\"#FFFFE8\""; $title = "TEST Message Board"; $pixicon = "pic.gif"; $linkicon = "link.gif"; $bannedwords = "/home/toolwo5/etc/wwboard_banned_words.txt"; $use_logfile = 1; $allow_html = -1; # Block HTML messages $allow_image = -1; # Block images } elsif ($board eq "tide") { $dir = "bilofsky/tidetool/board"; $title = "French Tide Tool Message Board"; $background = $fbackground = " BGCOLOR=\"#D5EBF0\""; $mail_posts = 1; } elsif ($board eq "localtest") { # This option is for testing on your own machine, not an Internet host. # Get the argument list by running testboard on the ISP, paste it in here, # add the $FORM{ "action" } you want, duplicate your board directory on your home # machine, and run this script using PERL. Should work ... $basedir = "."; $dir = ""; $title = "TEST Message Board"; $background = $fbackground = " BGCOLOR=\"#FFFFE8\""; } elsif ($board eq "wvbr") { $dir = "wvbr/board"; $title = "WVBR Alumni Message Board"; $background = $fbackground = " BGCOLOR=\"#FFFFE8\""; $mail_posts = 2; } elsif ($board eq "night") { $dir = "night/board"; $title = "Starry Night Marin Message Board"; $background = $fbackground = "BGCOLOR=\"#000000\" text=\"#E6E6E6\" link=\"#F0F8FF\" vlink=\"#DCD3FE\" alink=\"#FFAEAE\""; $mail_posts = 2; } elsif ($board eq "tima") { $cgi_url = "http://memories.treasureislandmuseum.org/cgi-bin/wwboard.cgi"; $domain = "treasureislandmuseum.org"; # for email return address $basedir = "/home/toolwo5/public_html/treasureisland/memories"; $baseurl = "http://memories.treasureislandmuseum.org"; $dir = ""; $title = "Treasure Island Memory Book"; $nbtitle = "Index of Messages"; $background = $fbackground = " background=\"http://memories.treasureislandmuseum.org/background.gif\" link=\"#0600f8\" vlink=\"#531d99\" alink=\"#f80000\" style=\"font-family: arial, helvetica\""; $mail_posts = 2; $use_logfile = 1; $bannedwords = "/home/toolwo5/etc/wwboard_banned_words.txt"; $bannedips = "/home/toolwo5/etc/wwboard_banned_ips.txt"; $allow_html = -1; # Block HTML messages } else { &fatal_error("Unknown Message Board: $board", "Internal error: Please notify the Webmaster. Error code <$board>."); } # $basedir = "$basedir/$dir"; # $baseurl = "$baseurl/$dir"; if (!$nbtitle) { $nbtitle = $title; } $nbtitle =~ s/ / /g; $tried_to_use_html = $tried_to_use_image = 0; # filenames for mailer program $mailprog = '/usr/lib/sendmail'; $subscribe = 'email.txt'; $user_ID = "$ENV{'REMOTE_HOST'}; $ENV{'REMOTE_ADDR'}"; # To ID multiple consecutive posts. # For gibberish detector - allowable English digraphs %digraphs = ('A' => 25100287, 'B' => 18766609, 'C' => 22969789, 'D' => 25164799, 'E' => 67107839, 'F' => 22993277, 'G' => 6224893, 'H' => 23066943, 'I' => 45022335, 'J' => 1064977, 'K' => 272661, 'L' => 25098751, 'M' => 18796991, 'N' => 25165823, 'O' => 33488895, 'P' => 25098687, 'Q' => 1183744, 'R' => 25100287, 'S' => 25099775, 'T' => 56621567, 'U' => 3078527, 'V' => 540945, 'W' => 17197457, 'X' => 975293, 'Y' => 6224383, 'Z' => 16657 ); # Done ########################################################################### &get_date_time; if ($msg_to_disp) { # If displaying a message from packed database if (&get_packed_variables) { # Fetch variables from the packed file &new_file; } # Print out in HTML else { # If msg still in file, display it line by line open(MSG,"$basedir/$mesgdir/$msg_to_disp.$ext") || fatal_error("File not found","The message you requested ($msg_to_disp\.$ext) is no longer available."); print "Content-type: text/html\n\n"; while ($i = ) { # except make local hrefs refer to $basedir since we're in cgi-bin $i =~ s/(href|src)=\"(?!(\/|#|http:|ftp:|mailto:))/$1=\"$baseurl\/$mesgdir\//ig; print $i; } } exit; } # Get the Data Number &get_number; # Get Form Information &parse_form; # Put items into nice variables &get_variables; # View recently posted messages 2/97 WB if ($FORM{'action'} eq "View Recent Posts") { &viewrecent; } #Don't allow posting a blank body. if ($errorflag == 2) { &fatal_error("No Message", "Sorry - you can't post a blank message.

Use the [Back] button in your browser to return to the previous page, and enter your message in the "Message" field."); } # View Before Posting Modification if ($FORM{'action'} ne "post") { if ($tried_to_use_html) { # Check for use of HTML if it is banned log_message("$long_date: MESSAGE BLOCKED - HTML. $ENV{'REMOTE_ADDR'}; Subject: $subject"); &fatal_error("HTML Not Permitted", "Sorry - use of HTML is not permitted on this board.

Use the [Back] button in your browser to return to the previous page, and remove the '<' and '>' characters from your message."); } if ($tried_to_use_image) { # Check for use of HTML if it is banned log_message("$long_date: MESSAGE BLOCKED - IMAGE. $ENV{'REMOTE_ADDR'}; Subject: $subject"); &fatal_error("Images Not Permitted", "Sorry - images are not permitted on this board.

Use the [Back] button in your browser to return to the previous page, and remove the '<' and '>' characters from your message."); } &view_post; } # If an error got past the preview, tell the user now. if ($errorflag) { &error; } # Get the Data Number flock(NUMBER,$LOCK_EX); # Lock the data file. &get_number_again; # Refresh the data (in case we slept through a post) if ($last_user == $user_ID # If the post is by the same user (suspicious) && $last_post_time > time - 15) { # within the last 15 seconds (VERY suspicious) &fatal_error("Itchy Finger","Looks like you hit the \"Post\" button more than once.\ Your message posted successfully the first time, so please don't hit it again.\n\

\n\
[ $title ]
\n\
\n"); } # Open the new file and write information to it. &new_file; # Open the Main WWWBoard File to add link &main_page; # Now Add Thread to Individual Pages if ($num_followups >= 1) { &thread_pages; } # Increment Number &increment_num; # Email the post to subscribers if ($mail_posts != 0) { &email_post; } # Return the user HTML &return_html; ############################ # Get Data Number Subroutine sub get_number { open(NUMBER,"+<$basedir/$datafile") || die $!; $num = ; $numnum = ++$num; } sub get_number_again { seek(NUMBER,0,0); $num = ; $last_user = ; $last_post_time = || time - 1000; $num++; } sub increment_num { seek(NUMBER,0,0); print NUMBER "$num\n"; # Put most recent poster's ID info on number file. $i = time; # and posting time. print NUMBER "$user_ID\n$i\n\n\n"; close(NUMBER); # This unlocks the file. } ####################### # Parse Form Subroutine sub parse_form { # Get the input if ($debugargs != 2) { read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); # $buffer = $ENV{'QUERY_STRING'}; } # Split the name-value pairs @pairs = split(/&/, $buffer); foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair); # Un-Webify plus signs and %-encoding $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $value =~ s///g; if ($FORM{'action'} ne "post") { # If parsing original input, don't permit HTML if ($allow_html != 1) { if ($value =~ s/<([^>]|\n)*>//g && $allow_html == -1) { $tried_to_use_html = 1; } } else { unless ($name eq 'body') { $value =~ s/<([^>]|\n)*>//g; } } } if ($debugargs != 2) { $FORM{$name} = $value; } else { $value =~ s/\n/\\n/g; $value =~ s/\@/\\\@/g; print "\$FORM\{ "$name" \} = "$value";
\n"; } } } ############### # Get Packed Variables # Retrieves information to display a message from a packed file # Returns 1 for success, 0 if message is still in a text file. sub get_packed_variables { $dbasefile = "$basedir/$dbasefile"; $indexfile = "$basedir/$indexfile"; if (!open(INDEX,"$indexfile") || read(INDEX,$last_packed_msg,4) != 4 # Read last file number || !($last_packed_msg = unpack("l",$last_packed_msg))) { return 0; # Bug fix 3-19-06 # &fatal_error("File Missing", # "The database file $indexfile is missing or bad. Please notify the system administrator."); } open(DATA,"$dbasefile") || &fatal_error("File Missing", "The database file $dbasefile is missing. Please notify the system administrator."); binmode(INDEX); return 0 if ($msg_to_disp > $last_packed_msg); $last_packed_msg = &packed_msg_error if &get_packed_message($msg_to_disp); # Get variables from the main message $num = $m_number; $long_date = $m_date; $name = $m_name; $email = $m_email; $subject = $m_subject; $body = $m_body; $followup_list = $m_followups; $body =~ # Fix URLs as best we can away from cgi-bin s/(href|src)=\"(?!(\/|#|http:|ftp:|mailto:))/$1=\"$baseurl\/$mesgdir\//ig; if ($followup = $m_replyto) { $last_message = $followup; &packed_msg_error if &get_packed_message($followup); # Get variables from the reply-to message $origdate = $m_date; $origname = $m_name; $origemail = $m_email; $origsubject = $m_subject; } $body =~ s/$FS/\n/g; # Put newlines back in the body $followup_list =~ s/$FS/\n/g; # and followup list $hidden_body = "$body"; # For formatting in the printout $hidden_body =~ s//>/g; $hidden_body =~ s/"/"/g; return 1; } sub get_packed_message { ($msg_num) = @_; if (!seek(INDEX,4*$msg_num,0) # Seek to the position of the message number || read(INDEX,$offset,4) != 4 # Read the offset || !($offset = unpack("l",$offset)) # and it better be there. || !seek(DATA, $offset ,0) # Seek to the actual message text || !( $msg_line = )) { # and it better be there. return ($m_errcode = 1); # Or return 1 = missing } if (! ($msg_line =~ /(\d+):(.*?)$FS(.*?)$FS(.*?)$FS(.*?)$FS(.*?)$SS(.*?)$SS(.*)/o)) { return ($m_errcode = 2); # Bad format - return 2 } $m_number = $1; $m_subject = $2; $m_name = $3; $m_email = $4; $m_replyto = $5; $m_date = $6; $m_body = $7; $m_followups = $8; return 0; } sub packed_msg_error { if ($m_errcode == 1) { &fatal_error("Message Missing", "Message number $msg_num is missing from $indexfile in the database. Please notify the system administrator."); } elsif ($m_errcode == 2) { &fatal_error("Bad Message Format", "Message number $msg_num is garbled in the database. Please notify the system administrator.

Message text: $msg_line"); } } ############### # Get Variables sub get_variables { $errorflag = 0; if ($FORM{'followup'}) { $followup = "1"; @followup_num = split(/,/,$FORM{'followup'}); $num_followups = @followups = @followup_num; $last_message = pop(@followups); $origdate = "$FORM{'origdate'}"; $origname = "$FORM{'origname'}"; $origsubject = "$FORM{'origsubject'}"; $origemail = "$FORM{'origemail'}"; } else { $followup = "0"; } check_banned( $FORM{name} ); if ($FORM{'name'}) { $name = "$FORM{'name'}"; $name =~ s/"//g; $name =~ s///g; $name =~ s/\&//g; &check_arglen($name,"Your name",30); } else { if ($titles_only == 0) { $errorflag = 1; } $name = ""; } if ($FORM{'email'} =~ /.*\@.*\..*/) { $email = "$FORM{'email'}"; &check_arglen($email,"Your email address",60); } if ($FORM{'subject'}) { $subject = "$FORM{'subject'}"; check_gibberish( ); $subject =~ s/\&/\&\;/g; $subject =~ s/"/\"\;/g; &check_arglen($subject,"The subject",75); check_banned( $subject ); } else { $errorflag = 1; $subject = ""; } if ($allow_html != 1) { $FORM{'url'} = $FORM{'url_title'} = 0; } if ($FORM{'url'} && !($FORM{'url_title'})) { $FORM{'url_title'} = $FORM{'url'}; } if ($FORM{'url'} =~ /.*\:.*\..*/ && $FORM{'url_title'}) { $message_url = "$FORM{'url'}"; $message_url_title = "$FORM{'url_title'}"; } elsif ($FORM{'url'}) { &fatal_error("Bad Link URL","There appears to be an error in your link URL. Please use the [Back] button on your browser to check it.

If you receive this message in error, please notify the webmaster."); } if ($FORM{'img'} =~ /.*tp:\/\/.*\..*/) { if ($allow_image == -1) { $tried_to_use_image = 1; &fatal_error("Images Not Permitted", "Sorry - images are not permitted on this board.

Use the [Back] button in your browser to return to the previous page, and remove the '<' and '>' characters from your message."); } elsif ($allow_image == 1) { $message_img = "$FORM{'img'}"; } } elsif ($FORM{'img'}) { &fatal_error("Bad Image URL","There appears to be an error in your image URL. Please use the [Back] button on your browser to check it.

If you receive this message in error, please notify the webmaster."); } if ($FORM{'body'}) { $body = "$FORM{'body'}"; $body =~ s/\cM//g; $body =~ s/\n\n/

/g; $body =~ s/\n/
/g; # Bug fix - 1/23/97 - restore quotes to get past WebSurfer $body =~ s/~qq~/"/g; $body =~ s/<//g; $body =~ s/"/"/g; check_banned( $body ); } else { $errorflag = 2; $body = ""; } $hidden_body = "$body"; $hidden_body =~ s//>/g; $hidden_body =~ s/"/"/g; } ############################### # View Post Subroutine Add-On # ############################### sub log_message { my ($message) = @_; if ($logfile ne "") { $logfile = ">>$basedir/$logfile"; open(LOG,$logfile); $logfile = ""; } print LOG "$message\n"; } sub view_post { # Don't allow the hacker to post. # $remote_addr = $ENV{'REMOTE_ADDR'}; # if ( $remote_addr =~ /205\.130\.32\./) { # open_log(); # print LOG "Forbidden poster access at $long_date from host: $ENV{'REMOTE_HOST'} Address: $ENV{'REMOTE_ADDR'}\n"; # print LOG "$body\n"; # die(); } $preview_title = "Review Your Message"; if ($errorflag) { $preview_title = "Please Enter Missing Information"; } # Screen message for things to object to, like no text entered in reply, or # violation of for-sale/want-to-buy posting netiquette. if ($followup) { if ($body =~ /^(?!:)/ || $body =~ /<(p|br)>(?!(:|$))/ ) { } else { $no_reply_text = 1; $preview_title = "No Text Entered"; } } if ($screen_for_sale) { if ($followup) { if ($origsubject =~ /(for sale|wanted|want to buy)/i && $origemail) { $preview_title = "Can You Email This Instead?"; $for_sale_text = "Is this a reply to a For Sale or Want to Buy message? \ To conserve resources, our rules suggest that you\ reply to such messages by mailing to the poster instead."; } } elsif ($subject =~ /(for sale|wanted|want to buy)/i && !$email) { $preview_title = "Please Include Email Address"; $for_sale_text = "Is this a For Sale or Want to Buy message? \ According to our rules, we'd really like you to include an \ email address so people don't have to post messages to reply.\n"; } } print "Content-type: text/html\n\n"; # Bug fix - 1/23/97 - replace quotes to get past WebSurfer $diddled_body = $hidden_body; $diddled_body =~ s/"/~qq~/g; print "$preview_title\n"; print "\n"; # Debug - print the form args now if ($debugargs == 1) { $debugargs = 2; &parse_form; } print "

$preview_title

\n"; if ($for_sale_text) { print "

$for_sale_text
\n"; } if ($no_reply_text) { print "

You didn't enter any text in your reply.\n"; print "
You may use your browser's [Back] button to do that now.\n"; print "

(If you did enter text, make sure there wasn't a ':' at the start of your lines - that's used to indicate the original message text.

\n"; } elsif ($errorflag) { print "

You may use your browser's [Back] button to make changes,\n"; print "or fill in the missing data below before you
\n"; } else { print "

You may use your browser's [Back] button to make changes, or
\n"; } print "
\n"; print "\n"; if ($name ne "") { print "\n"; } if ($email ne "") { print "\n"; } if ($subject ne "") { print "\n"; } print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; if (!$no_reply_text) { # If we're letting them post print "

\n"; print "

(Please wait for post to complete - stopping and restarting can cause multiple posts.)
\n"; } print "
\n"; print "

$subject

\n"; if ($titles_only == 0) { print "
  • Name: "; if ($name ne "") { print $name; } else { print "Missing - Fill in: "; } print "
    • \n
  • E-Mail: "; if ($email ne "") { print $email; } else { print "(Missing or incorrect; you may fill in (optional): )"; } print "
    • \n"; print "
  • Subject: "; if ($subject ne "") { print $subject; } else { print "Missing - Fill in: "; } print "
    • \n"; if ($followup != 0) { print "
  • In Reply to: $origsubject posted by "; if ($origemail) { print "$origname on $origdate:
    • \n"; } else { print "$origname on $origdate:\n"; } } print "

\n"; if ($message_img) { print "

\n"; } } # End if titles_only # print "$body

\n"; &print_message_body; if ($message_url) { print "Link: $message_url_title\n"; } print "

\n"; exit; } ##################### # New File Subroutine # Modified 4/99 Walt Bilofsky to also reconstruct and display a message # from the packed database (when $msg_to_dsp is the message number). sub new_file { if (!$msg_to_disp) { # Writing a file - open it open(NEWFILE,">$basedir/$mesgdir/$num\.$ext") || die $!; } else { # Displaying from database - prepare it open(NEWFILE,'>-'); # Write to STDOUT. print NEWFILE "Content-type: text/html\n\n"; } print NEWFILE "\n"; print NEWFILE " \n"; print NEWFILE " $subject\n"; # Modify to include the poster's broswer. print NEWFILE " \n"; # Following line prints info on poster, unless ($use_logfile & 2). if (!($use_logfile & 2)) { print NEWFILE "\n"; } # Hack to put counter into message file. # if ( $board eq "cd" && open(DATA,"$counterfile")) { # $counter = ; # print NEWFILE "\n"; # } print NEWFILE " \n"; print NEWFILE " \n"; print NEWFILE "
\n"; print NEWFILE "

$subject

\n"; print NEWFILE "
\n"; print NEWFILE "
\n"; if ($titles_only == 0) { print NEWFILE "
"; if (!msg_to_disp) { print NEWFILE "[ Post a Reply ]\n"; } print NEWFILE "[ $nbtitle ]\n"; if ($show_faq == 1) { print NEWFILE "[ How to Use This Board ]\n"; } print NEWFILE "
\n"; print NEWFILE "

\n

    \n"; } # End if titles_only if ($titles_only == 0) { print NEWFILE "
  • Posted by: "; if ($email) { print NEWFILE "$name ($email) on $long_date"; } else { print NEWFILE "$name on $long_date"; } if ($followup != 0) { print NEWFILE "
    • \n
  • In Reply to: $origsubject posted by "; if ($origemail) { print NEWFILE "$origname on $origdate\n"; } else { print NEWFILE "$origname on $origdate\n"; } } print NEWFILE "

\n"; if ($message_img) { print NEWFILE "

\n"; } } # End if titles_only # print NEWFILE "$body\n"; # Modification to put old message in italics @chunks_of_body = split(/\<\;p\>\;/,$hidden_body); foreach $chunk_of_body (@chunks_of_body) { @lines_of_body = split(/\<\;br\>\;/,$chunk_of_body); foreach $line_of_body (@lines_of_body) { # Walt 2/97: Restore punctuation (to allow HTML again) $line_of_body =~ s/<//g; $line_of_body =~ s/"/"/g; if (index($line_of_body,":") == 0) { print NEWFILE "$line_of_body"; } else { print NEWFILE $line_of_body; } print NEWFILE "
\n"; } print NEWFILE "

"; } print NEWFILE "\n"; if ($titles_only == 0) { if ($message_url) { print NEWFILE "

\n"; } print NEWFILE "
\n"; print NEWFILE "Follow-ups:
\n"; #### Reconstruct and display followup from packed database. if ($msg_to_disp) { # If displaying from database while ($followup_list =~ />(\d+)(Deleted message)"; } else { # Otherwise replace number with complete reference $fup = "$m_subject $m_name $m_date\n"; } $followup_list =~ s/>$m_num$fup

\n"; print NEWFILE "

This is an archived message, so no more followups can be posted.\n"; print NEWFILE "Post a new message instead.\n

\n"; } else { # If building a file, do ALL this stuff print NEWFILE "

    \n"; # (matching '}' is WAY down) print NEWFILE "
\n"; print NEWFILE "

\n"; print NEWFILE "Post a Follow-up:

\n"; print NEWFILE "

\n"; print NEWFILE "\n"; print NEWFILE "\n"; if ($email) { print NEWFILE "\n"; } print NEWFILE "\n"; print NEWFILE "\n"; print NEWFILE "Name:
\n"; print NEWFILE "E-Mail:

\n"; if ($subject_line == 1) { if ($subject_line =~ /^Re:/) { print NEWFILE "\n"; print NEWFILE "Subject: $subject

\n"; } else { print NEWFILE "\n"; print NEWFILE "Subject: Re: $subject

\n"; } } elsif ($subject_line == 2) { print NEWFILE "Subject:

\n"; } else { if ($subject =~ /^Re:/) { print NEWFILE "Subject:

\n"; } else { print NEWFILE "Subject:

\n"; } } print NEWFILE "Comments:
\n"; print NEWFILE "\n"; print NEWFILE "

\n"; if ($allow_html == 1) { print NEWFILE "Optional Link URL:
\n"; print NEWFILE "Optional Link Title:
\n"; } if ($allow_image == 1) { print NEWFILE "Optional Image URL:

\n"; } print NEWFILE " \n"; print NEWFILE "

\n"; print NEWFILE "

\n"; } # End the code for writing a file, not screen print NEWFILE "
"; if (!$msg_to_disp) { print NEWFILE "[ Post a Reply ]\n"; } print NEWFILE "[ $nbtitle ]\n"; if ($show_faq == 1) { print NEWFILE "[ How to Use This Board ]\n"; } } # End if titles_only print NEWFILE "\n"; if (!$msg_to_disp) { close(NEWFILE); if ($use_logfile & 1) { log_message("$long_date: Message $num posted from $ENV{'REMOTE_ADDR'}; Subject: $subject"); } } } ############################### # Email the new Post Subroutine sub email_post { open(EMAIL,"$basedir/$subscribe") || &fatal_error("System error (mailing list)", "Your post has been added. But there was an error emailing it to email subscribers. Don\'t worry - but please notify the message board's administrator.\n"); @recipient = ; close(EMAIL); $recipient = "@recipient"; $recipient =~ s/\n/ /g; # Now send mail to $recipient open (MAIL, "|$mailprog $recipient") || &fatal_error("System error (mail program)", "Your post has been added. But there was an error emailing it to email subscribers. Don\'t worry - but please notify the message board's administrator.\n"); print MAIL "To: mailinglist\@toolworks.com\n"; print MAIL "From: $title\@$domain\n"; print MAIL "Subject: Message Posted - $subject\n"; if ($mail_posts == 1) { # If only printing summaries, don't allow reply-to print MAIL "Reply-To: $email\n"; } print MAIL "This is in response to your request to be notified of new messages posted on the $title\n"; print MAIL " \n"; print MAIL "$name posted "; print MAIL ($mail_posts == 1 ? "the following" : "a"); print MAIL " message with the subject \"$subject\".\n"; if ($mail_posts == 1) { print MAIL " \n"; $body = $FORM{'body'}; $body =~ s/

/\n\n/g; $body =~ s/
/\n/g; $body =~ s/~qq~/\"/g; print MAIL "$body\n\n"; if ($email) { print MAIL "Reply to: $email\n\n"; } } else { print MAIL "\nTo view the message, browse to: $baseurl/$mesgdir/$num\.$ext.\n\n"; } # print MAIL "# Entered from $ENV{'REMOTE_HOST'} ($ENV{'REMOTE_ADDR'}) with $ENV{'SERVER_PROTOCOL'}.\n"; print MAIL "\nTo unsubscribe to these mailings, browse to: $baseurl/$subscurl.\n"; close (MAIL); } ############################### # Email error to webmaster. sub email_error { my ($message) = @_; open (MAIL, "|$mailprog $webmaster") || return; print MAIL "To: $webmaster\n"; print MAIL "From: $title\@$domain\n"; print MAIL "Subject: Automatic Notice: Problem with $title\n"; print MAIL "Message board: $board\n"; print MAIL "Board name: $title\n"; print MAIL "Error message: $message\n"; close (MAIL); } ############################### # Main WWWBoard Page Subroutine sub main_page { $diddit = 0; foreach $mesgfile (@mesgfiles) { open(MAIN,"$basedir/$mesgfile") || die $!; @main =

; close(MAIN); open(MAIN,">$basedir/$mesgfile") || die $!; if ($followup == 0) { foreach $main_line (@main) { if ($main_line =~ //) { print MAIN "\n"; print MAIN "
  • $subject"; if ($titles_only == 0) { print MAIN " - $name"; if ($FORM{'img'} && $pixicon) { print MAIN " "; } if ($FORM{'url'} && $linkicon) { print MAIN " "; } print MAIN " $date\n"; print MAIN "(0)\n"; } else { print MAIN "\n";} print MAIN "
      \n"; print MAIN "
    \n"; $diddit = 1; } else { print MAIN "$main_line"; } } } else { foreach $main_line (@main) { $work = 0; if ($main_line =~ /
      /) { print MAIN "
        \n"; print MAIN "
      • $subject - $name"; if ($FORM{'img'} && $pixicon) { print MAIN " "; } if ($FORM{'url'} && $linkicon) { print MAIN " "; } print MAIN " $date\n"; print MAIN "(0)\n"; print MAIN "
          \n"; print MAIN "
        \n"; $diddit = 2; } elsif ($main_line =~ /(.*)/) { $response_num = $2; $num_responses = $3; $num_responses++; foreach $followup_num (@followup_num) { if ($followup_num == $response_num) { print MAIN "($num_responses)\n"; $work = 1; } } if ($work != 1) { print MAIN "$main_line"; } } else { print MAIN "$main_line"; } } } close(MAIN); # Also unlocks if ($diddit != 0) { return; } } } ############################################ # Add Followup Threading to Individual Pages sub thread_pages { foreach $followup_num (@followup_num) { #Sanitize file name components for security purposes. $followup_num =~ m/^(\S+)$/ || die $!; $followup_num = $1; open(FOLLOWUP,"$basedir/$mesgdir/$followup_num\.$ext"); @followup_lines = ; close(FOLLOWUP); open(FOLLOWUP,">$basedir/$mesgdir/$followup_num\.$ext"); foreach $followup_line (@followup_lines) { $work = 0; if ($followup_line =~ /
          /) { print FOLLOWUP "
            \n"; print FOLLOWUP "
          • $subject $name"; if ($FORM{'img'} && $pixicon) { print FOLLOWUP " "; } if ($FORM{'url'} && $linkicon) { print FOLLOWUP " "; } print FOLLOWUP " $date\n"; print FOLLOWUP "(0)\n"; print FOLLOWUP "
              \n"; print FOLLOWUP "
            \n"; } elsif ($followup_line =~ /(.*)/) { $response_num = $2; $num_responses = $3; $num_responses++; foreach $followup_num (@followup_num) { if ($followup_num == $response_num) { print FOLLOWUP "($num_responses)\n"; $work = 1; } } if ($work != 1) { print FOLLOWUP "$followup_line"; } } else { print FOLLOWUP "$followup_line"; } } close(FOLLOWUP); } } ############################################ # View recently posted messages ############################################ sub viewrecent { if ($FORM{'nposts'}) { $num_to_show = $FORM{'nposts'}; } print "Content-type: text/html\n\n"; print "$title - $num_to_show Recent Messages\n"; print "\n"; print "

            $title

            \n"; if ($show_faq == 1) { print "
            [ Post a New Message ] [ $title ] [ How to Use This Board ]
            \n"; } else { print "
            [ Post a New Message ] [ $title ]
            \n"; } print "

            \n"; print "

            Recent Messages

            \n"; $messages = 0; print "
              \n"; srchfiles: foreach $mesgfile (@mesgfiles) { open(MSGS,"$basedir/$mesgfile"); @lines = ; close(MSGS); foreach $line (@lines) { if ($line =~ /^ $line"); if (($messages += 1) >= $num_to_show) { last srchfiles; } } } } } if ($messages == 0) { print "

              No Messages Posted Recently

              \n"; } else { print sort @mlines; } print "
            \n"; print ""; exit; } sub return_html { print "Content-type: text/html\n\n"; print "Message Added: $subject\n"; print "\n"; # Debug - print the form args now if ($debugargs == 1) { $debugargs = 2; &parse_form; } print "

            Message Added: $subject

            \n"; print "The following information was added to the message board:

            \n"; print "

            • Name: $name
              • \n"; print "
            • E-Mail: $email
              • \n"; print "
            • Subject: $subject
              • \n"; if ($followup != 0) { print "
            • In Reply to: $origsubject posted by "; if ($origemail) { print "$origname on $origdate
              • \n"; } else { print "$origname on $origdate\n"; } } print "

            \n"; print "Body of Message:

            \n"; &print_message_body; if ($message_url) { print "Link: $message_url_title
            \n"; } if ($message_img) { print "Image:
            \n"; } print "Added on Date: $date

            \n"; print "

            \n"; print "
            [ Go to Your Message* ] [ $title ]
            \n"; print "
            \n"; print "

            * - When you return to the main page, if you don't see your message header in the list of messages,\n"; print "try clicking the Reload button on your Web browser.\n"; print "\n"; } sub fatal_error { ($why, $longwhy) = @_; print "Content-type: text/html\n\n"; print "$title ERROR: $why\n"; print "

            ERROR: $why

            \n"; print "

            $longwhy

            \n"; print "\n"; exit; } sub check_arglen { ($avar, $aname, $alen) = @_; if (length($avar) > $alen) { &fatal_error("$aname is Too Long", "Sorry - $aname can't be longer than $alen characters.

            Use the [Back] button in your browser to return to the previous page and make it shorter."); } } sub error { print "Content-type: text/html\n\n"; print "$title ERROR: Required field missing\n"; if ($FORM{'name'} eq "") { print "

            ERROR: No Name

            \n"; print "You forgot to fill in the 'Name' field in your posting.

            \n"; } if ($FORM{'subject'} eq "") { print "$title ERROR: No Subject\n"; print "

            ERROR: No Subject

            \n"; print "You forgot to fill in the 'Subject' field in your posting.

            \n"; } print "The necessary fields are: Name, Subject and Message.

            \n"; print "Use the [Back] button in your browser to return to the previous form and fill in the missing information.

            \n"; print "\n"; exit; } sub print_message_body { @chunks_of_body = split(/\<\;p\>\;/,$hidden_body); foreach $chunk_of_body (@chunks_of_body) { @lines_of_body = split(/\<\;br\>\;/,$chunk_of_body); foreach $line_of_body (@lines_of_body) { # Walt 2/97: Restore punctuation (to allow HTML again) $line_of_body =~ s/<//g; $line_of_body =~ s/"/"/g; if (index($line_of_body,":") == 0) { print "$line_of_body"; } else { print $line_of_body; } print "
            \n"; } print "

            "; } } sub get_date_time { ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); if ($sec < 10) { $sec = "0$sec"; } if ($min < 10) { $min = "0$min"; } if ($hour < 10) { $hour = "0$hour"; } if ($mon < 10) { $mon = "0$mon"; } if ($mday < 10) { $mday = "0$mday"; } $year += 1900; $year =~ s/^\d\d//; $month = ($mon + 1); if ($use_time == 1) { $date = "$hour\:$min\:$sec $month/$mday/$year"; } else { $date = "$month/$mday/$year"; } chop($date) if ($date =~ /\n$/); $long_date = "$month/$mday/$year at $hour\:$min"; # Switch to shorter format } sub check_banned { my ($temp) = @_; check_banned1($temp); # Check original text $temp =~ s/0/o/g; # Common spammer trick $temp =~ s/1/i/g; check_banned1($temp); # Check again with 0 and 1 substitution } sub check_banned1 { my ($temp) = @_; my $word; if ( $bannedwords ) { if (!@bannedwords) { if (! (-s $bannedwords) || !open BANNED, "<$bannedwords") { &email_error("Can't open banned word file $bannedwords"); return 1; } chomp(@bannedwords = ); } foreach $word (@bannedwords) { if ( lc($temp) =~ /$word/ ) { log_message("$long_date: MESSAGE BLOCKED - Banned word <$word> $ENV{'REMOTE_ADDR'}; Subject: $subject"); &fatal_error("Banned Word in Message", "This message board is, unfortunately, under constant attack by automatic spammers who try to post hundreds of bogus messages a day.

            To protect legitimate users, messages are not allowed to contain certain words that almost always indicate a spam message.

            If you tried to post a legitimate message, please accept our apology and try again, or notify the Webmaster."); } } } if ($bannedips) { if ( !@bannediplist ) { if (! (-s $bannedips) || !open BANNED, "<$bannedips") { &email_error("Can't open banned word file $bannedips"); return 1; } chomp( @bannediplist = ); } $remaddr = $ENV{'REMOTE_ADDR'}; foreach $bannedip (@bannediplist) { if ( $bannedip == $remaddr ) { log_message("$long_date: MESSAGE BLOCKED - Banned IP address $ENV{'REMOTE_ADDR'}; Subject: $subject"); &fatal_error("Spammer Protection Activated", "This message board is, unfortunately, under constant attack by automatic spammers who try to post hundreds of bogus messages a day.

            Something in your message makes it look like you may be a spammer.

            If you tried to post a legitimate message, please accept our apology and try again, or notify the Webmaster."); } } } } # Decide whether a subject line is long and gibberish (score over 35) sub check_gibberish { my (@line, $i, $word); @line = split(/ /,$subject); $i = 0; foreach $word (@line) { $i += strange_word_score($word); } if ( $i >= 30 ) { log_message("$long_date: MESSAGE BLOCKED - Subject Line Bad (Score $i) $ENV{'REMOTE_ADDR'}; Subject: $subject"); &fatal_error("Spammer Protection Activated", "This message board is, unfortunately, under constant attack by automatic spammers who try to post hundreds of bogus messages a day.

            Something in your message makes it look like you may be a spammer.

            If you tried to post a legitimate message, please accept our apology and try again, or notify the Webmaster."); } if ( $i >= 10 ) { log_message("$long_date: WARNING - Subject Line Suspicious (Score $i) $ENV{'REMOTE_ADDR'}; Subject: $subject"); } } sub strange_word_score { my (@word, $score, $i, $j, $c1, $c2); ($i) = @_; @word = split(//,$i); if ($#word <=1) { return 0; } # print "<"; print @word; print ">$#word\n"; $score = 0; # if ($#word < 5) { return $score; } # Pass anything under 7 chars if (!(uc(@word[0]) =~ /[A-Z\d]/)) { $score += 5; # Initial non-alphanumeric - don't look at rest #print "Initial non-alpha @word\n"; return $score; } for ($i = 0; $i < $#word; ++$i) { $c1 = @word[$i]; $c2 = @word[$i+1]; if (uc($c1) =~ /[A-Z]/ && $c2 eq '.') { ++$i; # Alpha followed by period - ignore abbr. #print "$c1$c2 - ignore abbr at $i\n"; next; } if ($c1 =~ /\d/) { #print "$c1 - skip numeric at $i\n"; next; # Ignore numerics } if (!(uc($c1) =~ /[A-Z]/)) { #print "$c1 - non-alphabetic at $i\n"; next; } # Skip non-alphabetic if (!(uc($c2) =~ /[A-Z]/)) { #print "$c2 - second char non-alphabetic at $i\n"; next; } # Second char non-alpha - skip next tests. if ($c1 =~ /[a-z]/ && $c2 =~ /[A-Z]/) { #print "$c1$c2 - lower followed by upper at $i\n"; $score += 5; } # Add for lc followed by uc $c1 = uc($c1); $c2 = uc($c2); if (0 == ($digraphs{$c1} & (1 << (ord($c2) - ord('A'))))) { #print "$c1$c2 - unlikely digraph at $i\n"; $score += 8; } # Add for unlikely digraph } return $score; }