#!/usr/bin/perl # csPoller - 2.03 - 02-06-06 # 2.01 - Add Text field, not required # - Results shown by date entered # - Fixed IP for multiple vote submissions # - fixed bug on number of days to allow another vote use CGI::Carp qw(fatalsToBrowser); use strict; use vars qw(@bad $rw $puser $ppass $module %puid %ip $bycookie $flock %in %cookie $basepath $cgipath $cgiurl $htmlpath $htmlurl $imageurl $imagepath $username $password $nosetup $imageurl); @bad = ('badword1','badword2','badword3','badword3'); #word to replace the bad words with $rw = '&^#$%'; ##################################################################### # # Copyright 1999-2002 CGISCRIPT.NET - All Rights Reserved # ##################################################################### # # THIS COPYRIGHT INFORMATION MUST REMAIN INTACT # AND MAY NOT BE MODIFIED IN ANY WAY # ##################################################################### # # When you downloaded this script you agreed to accept the terms # of this Agreement. This Agreement is a legal contract, which # specifies the terms of the license and warranty limitation between # you and CGISCRIPT.NET. You should carefully read the following # terms and conditions before installing or using this software. # Unless you have a different license agreement obtained from # CGISCRIPT.NET, installation or use of this software indicates # your acceptance of the license and warranty limitation terms # contained in this Agreement. If you do not agree to the terms of this # Agreement, promptly delete and destroy all copies of the Software. # # Versions of the Software # Only one copy of the registered version of CGISCRIPT.NET # may used on one web site. # # License to Redistribute # Distributing the software and/or documentation with other products # (commercial or otherwise) or by other than electronic means without # CGISCRIPT.NET's prior written permission is forbidden. # All rights to the CGISCRIPT.NET software and documentation not expressly # granted under this Agreement are reserved to CGISCRIPT.NET. # # Disclaimer of Warranty # THIS SOFTWARE AND ACCOMPANYING DOCUMENTATION ARE PROVIDED "AS IS" AND # WITHOUT WARRANTIES AS TO PERFORMANCE OF MERCHANTABILITY OR ANY OTHER # WARRANTIES WHETHER EXPRESSED OR IMPLIED. BECAUSE OF THE VARIOUS HARDWARE # AND SOFTWARE ENVIRONMENTS INTO WHICH CGISCRIPT.NET MAY BE USED, NO WARRANTY # OF FITNESS FOR A PARTICULAR PURPOSE IS OFFERED. THE USER MUST ASSUME THE # ENTIRE RISK OF USING THIS PROGRAM. ANY LIABILITY OF CGISCRIPT.NET WILL BE # LIMITED EXCLUSIVELY TO PRODUCT REPLACEMENT OR REFUND OF PURCHASE PRICE. # IN NO CASE SHALL CGISCRIPT.NET BE LIABLE FOR ANY INCIDENTAL, SPECIAL OR # CONSEQUENTIAL DAMAGES OR LOSS, INCLUDING, WITHOUT LIMITATION, LOST PROFITS # OR THE INABILITY TO USE EQUIPMENT OR ACCESS DATA, WHETHER SUCH DAMAGES ARE # BASED UPON A BREACH OF EXPRESS OR IMPLIED WARRANTIES, BREACH OF CONTRACT, # NEGLIGENCE, STRICT TORT, OR ANY OTHER LEGAL THEORY. THIS IS TRUE EVEN IF # CGISCRIPT.NET IS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO CASE WILL # CGISCRIPT.NET' LIABILITY EXCEED THE AMOUNT OF THE LICENSE FEE ACTUALLY PAID # BY LICENSEE TO CGISCRIPT.NET. # # Credits: # Jason Hinkle - Programmer - jason@cgiscript.net # Andy Angrick - Programmer - angrick@cgiscript.net # Mike Barone - Design - mbarone@cgiscript.net # # For information about this script or other scripts see # http://www.cgiscript.net # # Thank you for trying out our script. # If you have any suggestions or ideas for a new innovative script # please direct them to suggest@cgiscript.net. Thanks. # ######################################################################## # Start Config Variables # ######################################################################## $basepath = './'; $in{'cinfo'} = '
Powered by: CGIScript.net){ $buff .= $_; } close DB; if($^O !~ /win/i){ $encpass = crypt($in{'mpassword'},'CS'); } else{ $encpass = $in{'mpassword'}; } $buff =~ s/\$username='.*'/\$username='$in{'musername'}'/; $buff =~ s/\$password='.*'/\$password='$encpass'/; open(DB,">$basepath/setup.cgi"); print DB $buff; close DB; print <<"EOF"; EOF exit; } sub DoExport{ ($module)?(&GetLoginMod):(&GetLogin); &CheckAccess; my(%q,%a,@h,$buffer); open(DB,"<$cgipath/data/$in{'pid'}.cgi"); my($c); while(){ chomp; $c++; my($id,$uid,$qu,@r) = split("\t",$_); $c = sprintf("%.5d",$c); $q{$c.'-'.$id} = $qu; } close DB; print "Content-type: application/msexcel\n"; print "Content-disposition: attachment; filename=\"$in{'pid'}.csv\"\n"; foreach my $i (sort keys %q){ $q{$i} = &reverseHTML($q{$i}); $q{$i} =~ s/"/""/g; push(@h,qq|"$q{$i}"|); } $buffer = qq|"Date","IP",|.join(",",@h)."\n"; open(DB,"<$cgipath/data/$in{'pid'}.dat.cgi"); while(){ chomp; my($date,$ip,@r) = split("\t",$_); my($x,@l); for($x=0;$x<$#r;$x+=2){ $r[$x+1] =~ s/\\0/-/g; $a{$r[$x]} = $r[$x+1]; } foreach my $i (sort keys %q){ my($c,$id) = split("-",$i); $a{$id} =~ s/"/""/g; push(@l,qq|"$a{$id}"|); } $buffer .= "\"".&ctime($date)."\",\"$ip\",".join(",",@l)."\n"; undef @l; } close DB; print "Content-length: ".length($buffer)."\n\n"; print $buffer; exit; } sub MoreComments{ (! -e "$cgipath/data/$in{'pid'}-comments.cgi")&&($in{'vcomments'} ='No comments'); $/="\n\n"; open(CMT,"<$cgipath/data/$in{'pid'}-comments.cgi"); ($flock)&&(flock(CMT,2)); my($c); while(){ $c++; $_ = &htmlspecialchars($_); $_ =~ s/^(.*?): /$1: <\/b>/g; $_ =~ s/\r*\n/
\n/g; $_ =~ s/(\S{40,41})/$1 /g; $in{'vcomments'} .= $_; } close CMT; undef $/; $in{'vcomments'} =~ s/\n\n/\n
\n/g; if(-e "$imagepath/$in{'pid'}.css"){ $in{'css'} = "$imageurl/$in{'pid'}.css"; } else{ $in{'css'} = "$imageurl/default.css"; } &PageOut("$cgipath/t_comments.htm"); exit; } sub SubmitVote{ my(@v,$responses,@f,$UserName); my($file) = &CheckSafe("$cgipath/data/polls.cgi"); open(DB,"<$file"); while(){ chomp; (@f) = split("\t",$_); if ($in{'pid'} == $f[0]){ last; } } close DB; $in{'PollName'} = $f[3]; $in{'PollDesc'} = $f[6]; if($f[8] eq 'Hold'){ $in{'responses'} = 'This poll is on hold'; } if($f[7] eq 'checked'){ my($mon,$day,$year) = $f[4] =~ /(.*)[^\d](.*)[^\d](.*)/;$mon+=0;$day+=0;$year+=0; my $pollSStamp = timelocal(0,0,0,$day,$mon-1,$year); ($mon,$day,$year) = $f[5] =~ /(.*)[^\d](.*)[^\d](.*)/;$mon+=0;$day+=0;$year+=0; my $pollEStamp = timelocal(0,0,0,$day,$mon-1,$year); if((time < $pollSStamp)||(time > $pollEStamp)){ $in{'responses'} = 'This poll is closed'; } } if($f[16] != 3){ &GetCookies; if(($f[18] eq 'checked')&&($cookie{'V'.$in{'pid'}})){ $in{'vmessage'} = '
You have already voted
'; &ShowResults($in{'pid'}); exit; } if(($f[19] eq 'checked')&&(&GetIP($f[16],$f[17],$f[0]))){ $in{'vmessage'} = '
You have already voted
'; &ShowResults($in{'pid'}); exit; } } my($file) = &CheckSafe("$cgipath/data/$in{'pid'}.cgi"); open(DB,"<$file"); while(){ chomp; my(@f) = split("\t",$_); push(@v,$f[0]); } close DB; my(@rp); foreach my $i (sort @v){ my($nr)=0; if(defined($in{$i.'-R'})){ $nr = 1; } if($in{$i} =~ /\\0/){ ($in{$i.'-O'})&&($in{$i} =~ s/\\0$i\-O/\\0$in{$i.'-O'}/); ($in{$i.'-R'})&&($in{$i} =~ s/\\0$i\-R/\\0$in{$i.'-R'}/); } else{ ($in{$i.'-O'})&&($in{$i} = $in{$i.'-O'}); ($in{$i.'-R'})&&($in{$i} = $in{$i.'-R'}); } (!$nr)&&(!$in{$i})&&(&PError("Please answer all the questions.")); push(@rp,"$i\t$in{$i}"); } $responses = join("\t",@rp); my($file) = &CheckSafe("$cgipath/data/$in{'pid'}.dat.cgi"); my($time) = time; open(DB,">>$file"); ($flock)&&(flock(DB,8)); print DB "$time\t$ENV{'REMOTE_ADDR'}\t$responses\n"; ($flock)&&(flock(DB,2)); close DB; if(($in{'comments'})&&($in{'name'})){ foreach my $i (@bad){ $i =~ s/([\\\|\(\)\[\{\}\^\$\*\+\?\.])/\\$1/g; $in{'comments'} =~ s/$i/$rw/gi; $in{'name'} =~ s/$i/$rw/gi; } if(($f[13])&&(-e "$cgipath/data/$in{'pid'}-comments.cgi")){ $in{'comments'} = &reverseHTML($in{'comments'}); $in{'name'} = &reverseHTML($in{'name'}); open(CMT,"+<$cgipath/data/$in{'pid'}-comments.cgi"); ($flock)&&(flock(CMT,2)); my(@l); while(){ push(@l,$_); } seek(CMT,0,0); my($d) = &ctime(time); print CMT "$d - $in{'name'}: $in{'comments'}\n\n"; foreach my $i (@l){ print CMT $i; } truncate(CMT, tell(CMT)); ($flock)&&(flock(CMT,8)); close CMT; } if(($f[13])&&(! -e "$cgipath/data/$in{'pid'}-comments.cgi")){ $in{'comments'} = &reverseHTML($in{'comments'}); $in{'name'} =~ s/&#(\d+);/pack("c",$1)/ge; $in{'name'} = &reverseHTML($in{'name'}); open(CMT,">$cgipath/data/$in{'pid'}-comments.cgi"); ($flock)&&(flock(CMT,2)); my($d) = &ctime(time); print CMT "$d - $in{'name'}: $in{'comments'}\n\n"; ($flock)&&(flock(CMT,8)); close CMT; } } &DoResults; } sub DoResults{ if($in{'t'} == 1){ &ShowResults($in{'pid'}); } elsif($in{'t'} == 2){ print <<"EOF"; EOF } else{ my($url); if($in{'tpl'}){ $url = $in{'tpl'}; } else{ $url = $in{'referer'}; } my($data,$results); if($@){ &ShowResults($in{'pid'}); exit; } if($url =~ /csPoller\.cgi/){ &ShowResults($in{'pid'}); exit; } require("$basepath/geturl.cgi"); $data = &GetURL($url); $results = &GetURL("$in{'cgiurl'}?command=sr&pid=$in{'pid'}"); if($in{'tpl'}){ $data =~ s//$results/i; } else{ $data =~ s/.*?<\/span>/$results/s; } my(@f) = split("/",$url); pop(@f); my($baseref) = join("/",@f); if($data =~ //i){ $data =~ s///i; } else{ $data = "".$data; } if($in{'js'} == 1){ DataOutJS($data); } else{ print $data; } } exit; } sub ShowResults{ my($pid) = @_; my($future,@f,$UserName,%tv,$count); my($file) = &CheckSafe("$cgipath/data/polls.cgi"); open(DB,"<$file"); while(){ chomp; (@f) = split("\t",$_); if ($pid == $f[0]){ last; } } close DB; if($f[18] eq 'checked'){ ($f[16] eq '1')&&($future = '999'); ($f[16] eq '2')&&($future = $f[17]); if(($f[16] eq '1')||($f[16] eq '2')){ $in{'pmessage'} = " "; } } if($f[19] eq 'checked'){ eval("use DB_File"); dbmopen(%ip,"$cgipath/data/ip",0644); my($time) = time; $ip{$ENV{'REMOTE_ADDR'}.'-'.$f[0]} = $time; dbmclose %ip; } if($in{'atype'} ne 'admin'){ if($f[10]){ if($in{'vmessage'}){ #$in{'responses'} = $in{'vmessage'}; } else{ $in{'responses'} = '
Thank you for your vote
'; } if(-e "$imagepath/$in{'pid'}.css"){ $in{'css'} = "$imageurl/$in{'pid'}.css"; } else{ $in{'css'} = "$imageurl/default.css"; } &PageOut("$cgipath/t_poll_results.htm"); exit; } } my(%response); my($file) = &CheckSafe("$cgipath/data/$in{'pid'}.dat.cgi"); open(DB,"<$file"); while(){ chomp; my($time,$ip,@r) = split("\t",$_); my($x); for($x=0;$x<$#r;$x+=2){ my(@z) = split(/\\0/,$r[$x+1]); foreach my $i (@z){ $response{$i."\t".$r[$x]}++ unless (($i eq "$r[$x]-R")||($i eq "$r[$x]-O")); $tv{$r[$x]}++; } } } close DB; my($file) = &CheckSafe("$cgipath/data/$in{'pid'}.cgi"); open(DB,"<$file"); while(){ chomp; my(@f) = split("\t",$_); next if ($f[3] eq 'Text2'); next if ($f[3] eq 'Text3'); $f[2] = &reverseHTML($f[2]); $f[1] =~ s/\\n/\n/g; $f[2] =~ s/(\S{40,41})/$1 /g; $f[2] =~ s/<\/form>/<\/form>/g; $f[4] = &reverseHTML($f[4]); $count++; $in{'responses'} .= qq|$f[2]|; my(@z) = split("~",$f[4]); my($c)=0; foreach my $i (@z){ next if ($i =~ /<.*>/); next if (!$i); $response{$i."\t".$f[0]}='0' unless($response{$i."\t".$f[0]}); $c++; $c = sprintf("%.6d",$c); $response{$c."-".$i."\t".$f[0]} = $response{$i."\t".$f[0]}; delete($response{$i."\t".$f[0]}); } my($tc)=0; foreach my $i (sort keys %response){ my($e,$r) = split("\t",$i); $e =~ s/^\d\d\d\d\d\d\-//; next if ($r ne $f[0]); my($per) = sprintf("%.1f",($response{$i}/$tv{$r})*100) unless ($tv{$r}==0); my($class) = int($tc % 5)+1; $tc++; my($width) = int($per); my($bar); if($width > 0){ #$bar = qq|
|; $bar = qq|
|; } else{ $bar = qq|
|; } $e = &htmlspecialchars($e); $e =~ s/(\S{20,21})/$1 /g; $in{'responses'} .= qq|$e$bar  $per% ($response{$i})\n|; } $in{'responses'} .= "
"; } close DB; if($f[13]){ (!$f[14])&&($f[14] = 5); $/="\n\n"; open(CMT,"<$cgipath/data/$in{'pid'}-comments.cgi"); ($flock)&&(flock(CMT,2)); my($c); while(){ chomp; $_ =~ s/\r//g; $c++; last if ($c > $f[14]); $_ = &htmlspecialchars($_); $_ =~ s/^(.*?): /$1: <\/b>/g; $_ =~ s/\n/
\n/g; $_ =~ s/(\S{40,41})/$1 /g; $in{'vcomments'} .= $_."\n
\n"; } close CMT; undef $/; if($in{'vcomments'}){ $in{'vcomments'} .= qq||; } else{ $in{'vcomments'} = qq|
No comments submitted
|; } } $in{'responses'} = qq|\n$in{'responses'}\n
|; if($f[13]){ $in{'responses'} .= qq|
User Comments
$in{'vcomments'}
|; } if(-e "$imagepath/$in{'pid'}.css"){ $in{'css'} = "$imageurl/$in{'pid'}.css"; } else{ $in{'css'} = "$imageurl/default.css"; } if(($in{'cid'})&&($f[11])){ $in{'parchives'} = qq|
Previous Polls
|; } if($in{'t'} == 2){ $in{'closebutton'} = qq|
|; } &PageOut("$cgipath/t_poll_results.htm"); exit; } sub ShowPoll{ use Time::Local; my($pid,$count,@f,$UserName,$r); srand; $in{'rnd'} = int(rand(1000)); if($in{'pid'} eq 'r'){ my(@rpid); my($file) = &CheckSafe("$cgipath/data/polls.cgi"); open(DB,"<$file"); while(){ (@f) = split("\t",$_); next if($f[2] != $in{'cid'}); if($f[7] eq 'checked'){ my($mon,$day,$year) = $f[4] =~ /(.*)[^\d](.*)[^\d](.*)/;$mon+=0;$day+=0;$year+=0; my $pollSStamp = timelocal(0,0,0,$day,$mon-1,$year); ($mon,$day,$year) = $f[5] =~ /(.*)[^\d](.*)[^\d](.*)/;$mon+=0;$day+=0;$year+=0; my $pollEStamp = timelocal(11,59,0,$day,$mon-1,$year); if((time < $pollSStamp)||(time > $pollEStamp)){ next; } } push(@rpid,$f[0]) unless ($f[8] eq 'Hold'); } close DB; srand; my($r) = int(rand($#rpid+1)); $pid = $rpid[$r]; $in{'pid'} = $pid; } elsif($in{'pid'} eq 'd'){ my($file) = &CheckSafe("$cgipath/data/polls.cgi"); open(DB,"<$file"); while(){ (@f) = split("\t",$_); next if($f[2] != $in{'cid'}); next if($f[8] eq 'Hold'); my($mon,$day,$year) = $f[4] =~ /(\d*)[^\d](\d*)[^\d](\d*)/;$mon+=0;$day+=0;$year+=0; my($pollSStamp,$pollEStamp); eval("\$pollSStamp = timelocal(0,0,0,$day,$mon-1,$year);"); ($mon,$day,$year) = $f[5] =~ /(\d*)[^\d](\d*)[^\d](\d*)/;$mon+=0;$day+=0;$year+=0; eval("\$pollEStamp = timelocal(11,59,0,$day,$mon-1,$year);"); if((time > $pollSStamp)&&(time < $pollEStamp)){ $pid = $f[0]; $in{'pid'} = $f[0]; last; } } close DB; } else{ $pid = $in{'pid'}; } if(!$pid){ $in{'vmessage'} = "There are no polls to display"; if(-e "$imagepath/$pid.css"){ $in{'css'} = "$imageurl/$in{'pid'}.css"; } else{ $in{'css'} = "$imageurl/default.css"; } &PageOut("$cgipath/t_poll.htm"); exit; } my($file) = &CheckSafe("$cgipath/data/polls.cgi"); open(DB,"<$file"); while(){ chomp; (@f) = split("\t",$_); if ($pid == $f[0]){ last; } } close DB; $in{'PollName'} = $f[3]; $in{'PollName'} = &reverseHTML($in{'PollName'}); $in{'PollName'} =~ s/\\n/\n
/g; $in{'PollDesc'} = $f[6]; $in{'PollDesc'} = &reverseHTML($in{'PollDesc'}); $in{'PollDesc'} =~ s/\\n/\n
/g; $in{'PollName'} =~ s/<\/form>//g; $in{'PollDesc'} =~ s/<\/form>//g; if($f[8] eq 'Hold'){ $in{'responses'} = 'This poll is on hold'; if(-e "$imagepath/$pid.css"){ $in{'css'} = "$imageurl/$in{'pid'}.css"; } else{ $in{'css'} = "$imageurl/default.css"; } &PageOut("$cgipath/t_poll.htm"); exit; } if($f[7] eq 'checked'){ my($mon,$day,$year) = $f[4] =~ /(.*)[^\d](.*)[^\d](.*)/;$mon+=0;$day+=0;$year+=0; my $pollSStamp = timelocal(0,0,0,$day,$mon-1,$year); ($mon,$day,$year) = $f[5] =~ /(.*)[^\d](.*)[^\d](.*)/;$mon+=0;$day+=0;$year+=0; my $pollEStamp = timelocal(11,59,0,$day,$mon-1,$year); if((time < $pollSStamp)||(time > $pollEStamp)){ $in{'responses'} = 'This poll is currently not available'; if(-e "$imagepath/$pid.css"){ $in{'css'} = "$imageurl/$in{'pid'}.css"; } else{ $in{'css'} = "$imageurl/default.css"; } &PageOut("$cgipath/t_poll.htm"); exit; } } if($f[16] != 3){ &GetCookies; if(($f[18] eq 'checked')&&($cookie{'V'.$in{'pid'}})){ $in{'vmessage'} = '
You have already voted
'; &ShowResults($pid); exit; } if(($f[19] eq 'checked')&&(&GetIP($f[16],$f[17],$f[0]))){ $in{'vmessage'} = '
You have already voted
'; &ShowResults($pid); exit; } } my($file) = &CheckSafe("$cgipath/data/$pid.cgi"); open(DB,"<$file"); while(){ chomp; my(@f) = split("\t",$_); $f[1] =~ s/\\n/\n/g; $f[2] = &reverseHTML($f[2]); $f[4] =~ s/~/\n/g; $f[3] =~ s/&#(\d+);/pack("c",$1)/ge; $f[3] = &reverseHTML($f[3]); $f[2] =~ s/<\/form>/<\/form>/g; $f[4] =~ s/<\/form>/<\/form>/g; my(@r) = split("\r*\n",$f[4]); $count++; $f[2] =~ s/<\/form>/<\/form>/g; $in{'responses'} .= "$count) $f[2]
"; my($t); if($f[3] eq "Radio"){ foreach my $i (@r){ $i = &reverseHTML($i); $i =~ s/"/"e;/g; my($r) = $i =~ /^<(.*)>$/; my($obj)=''; if($r){ $t = qq|$r: |; $i="$f[0]-O"; $obj = 'id=obj'.$f[0]; } else{ $t=$i; } $in{'responses'} .= qq|$t
|; } } if($f[3] eq "Check"){ foreach my $i (@r){ $i = &reverseHTML($i); $i =~ s/"/"e;/g; my($obj)=''; my($r) = $i =~ /^<(.*)>$/; if($r){ $t = qq|$r: |; $i="$f[0]-O"; $obj = 'id=obj'.$f[0]; } else{ $t=$i; } $in{'responses'} .= qq|$t
|; } } if($f[3] eq "List1"){ $in{'responses'} .= qq|
\n|; } if($f[3] eq "List2"){ $in{'responses'} .= qq|
\n|; } if($f[3] eq "Text"){ $in{'responses'} .= qq|
|; } if($f[3] eq "Text2"){ $in{'responses'} .= qq|
|; } if($f[3] eq "Text3"){ $in{'responses'} .= qq|
|; } $in{'responses'} .= '
'; } close DB; if(-e "$imagepath/$pid.css"){ $in{'css'} = "$imageurl/$in{'pid'}.css"; } else{ $in{'css'} = "$imageurl/default.css"; } $in{'SubmitButton'} = qq||; if((!$f[10])&&($f[9])){ $in{'ResultsButton'} = qq||; } if($f[11]){ $in{'pp'} = qq|
Previous Polls
|; } if($f[13]){ $in{'commentform'} = qq| Name:

Comments:
|; } ($in{'PollDesc'} =~ /\w/)&&($in{'PollDesc'} = '
'.$in{'PollDesc'}); ($in{'vmessage'} =~ /\w/)&&($in{'PollDesc'} = '
'.$in{'vmessage'}); &PageOut("$cgipath/t_poll.htm"); exit; } sub ClearIP{ eval("use DB_File"); dbmopen(%ip,"$cgipath/data/ip",0644); foreach my $i (keys %ip){ if($i =~ /^$in{'ip'}/){ delete($ip{$i}); } } dbmclose %ip; print "IP: $in{'ip'} cleared!
"; exit; } sub GetIP{ my($vt,$va,$id) = @_; my ($x) = 0; eval("use DB_File"); dbmopen(%ip,"$cgipath/data/ip",0644); foreach my $i (keys %ip){ my $numdays=(time-$ip{$i})/86400; if( $numdays > $va ){ delete($ip{$i}) unless ($vt==1); } if(($ip{$i})&&($i eq "$ENV{'REMOTE_ADDR'}-$id")){ $x=1; } } dbmclose %ip; return $x; } sub ShowLinksWizard { $in{'categoryname'} = &GetCatName($in{'cid'}); $in{'sslurl'} = $in{'cgiurl'}; $in{'sslurl'} =~ s/http:\/\/.*?\//\//i; my ($catId) = $in{'cid'}; my($selected,%polls,$pollStamp); my($file) = &CheckSafe("$cgipath/data/categories.cgi"); open(DB,"<$file"); while(){ chomp; my($id,$uid,$catname) = split("\t",$_); ($module)&&($in{'atype'} ne 'admin')&&($uid ne $in{'UserName'})&&(next); (!$in{'cid'})&&($in{'cid'} = $id)&&($catId = $id); if ($id == $catId) { $selected = 'selected'; } else{ $selected = ''; } $in{'categories'} .= qq|document.write('');\n|; } close DB; my($file) = &CheckSafe("$cgipath/data/polls.cgi"); open(DB,"<$file"); my($found); while () { my($id,$uid,$cid,$pollname,@rest) = split("\t",$_); ($module)&&($in{'atype'} ne 'admin')&&($uid ne $in{'UserName'})&&(next); if($cid == $in{'cid'}){ $in{'polls'} .= ""; $found=1; } } close DB; if(!$found){ $in{'generror'} = qq| alert("Please create a poll in this category before generating the link wizard code."); return; |; } $in{'categoryname'} =~ s/"/\\"/g; &PageOut("$cgipath/t_links_wizard.htm"); exit; } sub Reset{ if(-f "$cgipath/data/$in{'pid'}.dat.cgi"){ unlink("$cgipath/data/$in{'pid'}.dat.cgi"); } if(-f "$cgipath/data/$in{'pid'}-comments.cgi"){ unlink("$cgipath/data/$in{'pid'}-comments.cgi"); } if(!$in{'t'}){ &Redirect($in{'cgiurl'} . "?command=modify&pid=$in{'pid'}&cid=$in{'cid'}","Poll Reset"); } else{ &Redirect($in{'cgiurl'} . "?command=manage&pid=$in{'pid'}&cid=$in{'cid'}","Poll Reset"); } exit; } sub SaveConfig{ if($in{'ignoredate'} eq 'checked'){ my($pollSStamp); my($mon,$day,$year) = $in{'sdate'} =~ /(\d*)[^\d](\d*)[^\d](\d*)/; if((!$mon)||(!$day)||(!$year)){ &PError("Error. Invalid start date format"); } ($mon,$day,$year) = $in{'edate'} =~ /(\d*)[^\d](\d*)[^\d](\d*)/; if((!$mon)||(!$day)||(!$year)){ &PError("Error. Invalid start date format"); } } ($in{'cpp'} =~ /[^\d]/)&&(&PError("Error. Comments per page has to be a number")); ($in{'voteagaindays'} =~ /[^\d\.]/)&&(&PError("Error. Invalid number of days to vote again")); if(!$in{'pid'}){ &PError("Error. Please save the poll before changing the configuration"); } else{ my(@p); my($file) = &CheckSafe("$cgipath/data/polls.cgi"); open(DB,"+<$file"); ($flock)&&(flock(DB,2)); while(){ chomp; my(@f) = split("\t",$_); if($f[0] eq $in{'pid'}){ $f[4] = $in{'sdate'}; $f[5] = $in{'edate'}; $f[7] = $in{'ignoredate'}; $f[8] = $in{'Status'}; $f[9] = $in{'viewresults'}; $f[10] = $in{'private'}; $f[11] = $in{'previouspolls'}; $f[12] = $in{'export'}; $f[13] = $in{'acomments'}; $f[14] = $in{'cpp'}; $f[15] = $in{'sdefault'}; if((!$f[15])&&($in{'style'})){ $in{'style'} = &reverseHTML($in{'style'}); open(STYLE,">$imagepath/$in{'pid'}.css"); print STYLE $in{'style'}; close STYLE; } if($f[15]){ my($file) = &CheckSafe("$imagepath/$in{'pid'}.css"); unlink($file); } $f[16] = $in{'votetype'}; $f[17] = $in{'voteagaindays'}; $f[18] = $in{'cookies'}; $f[19] = $in{'ip'}; my($nv) = join("\t",@f); push(@p,$nv); } else{ push(@p,$_); } } seek(DB,0,0); foreach my $i (@p){ print DB "$i\n"; } truncate(DB, tell(DB)); ($flock)&&(flock(DB,8)); close DB; } &Redirect($in{'cgiurl'} . "?command=manage&cid=$in{'cid'}","Configuration Updated"); exit; } sub ShowCalendar{ &PageOut("$cgipath/popcalendar.js"); exit; } sub SaveQuestion { (!$in{'QuestionDesc'})&&(&PError("Error. Please enter a question")); (length($in{'QuestionDesc'}) > 255)&&(&PError("Error. Question has to be 255 characters or less")); $in{'QuestionDesc'} =~ s/\r*\n/\\n/g; $in{'QuestionDesc'} = &htmlspecialchars($in{'QuestionDesc'}); if(($in{'QuestionType'} ne 'Radio')&&($in{'QuestionType'} ne 'Check')){ $in{'allresponses'} =~ s/[<>]//g; } my(@c) = split(/\r*\n/,$in{'allresponses'}); foreach my $x (@c){ (length($x) > 75)&&(&PError("Error. Response has to be 75 characters or less")); } $in{'allresponses'} = &htmlspecialchars($in{'allresponses'}); $in{'allresponses'} =~ s/\r*\n/~/g; my(@p); my($file) = &CheckSafe("$cgipath/data/$in{'pid'}.cgi"); open(DB,"+<$file"); ($flock)&&(flock(DB,2)); while(){ my($id,$uid,@rest) = split("\t",$_); if($id ne $in{'qid'}){ push(@p,$_); } else{ push(@p,"$id\t$in{'UserName'}\t$in{'QuestionDesc'}\t$in{'QuestionType'}\t$in{'allresponses'}\n"); } } seek(DB,0,0); foreach my $i (@p){ print DB $i; } truncate(DB, tell(DB)); ($flock)&&(flock(DB,8)); close DB; &Redirect($in{'cgiurl'} . "?command=modify&cid=$in{'cid'}&pid=$in{'pid'}","Question Saved"); #&ShowModifyPoll; } sub EditQuestion{ my($file) = &CheckSafe("$cgipath/data/$in{'pid'}.cgi"); open(DB,"<$file"); while(){ my(@f) = split("\t",$_); if ($f[0] == $in{'id'}){ $in{'QuestionDesc'} = $f[2]; $in{'QuestionDesc'} = &reverseHTML($in{'QuestionDesc'}); $in{'QuestionDesc'} =~ s/\\n/\n/g; $in{'QuestionType'} = $f[3]; $in{'allresponses'} = $f[4]; $in{'allresponses'} =~ s/~/\n/g; $in{'allresponses'} = &reverseHTML($in{'allresponses'}); ($in{'QuestionType'} eq "Radio")&&($in{'QTypeRadio'} = 'selected'); ($in{'QuestionType'} eq "Check")&&($in{'QTypeCheck'} = 'selected'); ($in{'QuestionType'} eq "List1")&&($in{'QTypeList1'} = 'selected'); ($in{'QuestionType'} eq "List2")&&($in{'QTypeList2'} = 'selected'); ($in{'QuestionType'} eq "Text")&&($in{'QTypeText'} = 'selected'); ($in{'QuestionType'} eq "Text2")&&($in{'QTypeText2'} = 'selected'); ($in{'QuestionType'} eq "Text3")&&($in{'QTypeText3'} = 'selected'); } } close DB; $in{'command'} = 'saveq'; $in{'qid'}=$in{'id'}; &PageOut("$cgipath/t_add_edit_q.htm"); exit; } sub Move{ my($t) =@_; my(%p,$of,$y,$q); ($t eq 'u')?($of=-3):($of=3); my($file) = &CheckSafe("$cgipath/data/$in{'pid'}.cgi"); open(DB,"+<$file"); ($flock)&&(flock(DB,2)); while(){ my($id,$uid,@rest) = split("\t",$_); $y +=2; ($id ne $in{'id'})?($q=0):($q=$of); my($z) = $y + $q; $z = sprintf("%.5d",$z); $p{$z.'-'.$id} = $_; } seek(DB,0,0); foreach my $i (sort keys %p){ print DB $p{$i}; } truncate(DB, tell(DB)); ($flock)&&(flock(DB,8)); close DB; &ShowModifyPoll; } sub AddQuestion{ (!$in{'QuestionDesc'})&&(&PError("Error. Please enter a question")); (length($in{'QuestionDesc'}) > 255)&&(&PError("Error. Question has to be 255 characters or less")); my(@c) = split(/\r*\n/,$in{'allresponses'}); foreach my $x (@c){ (length($x) > 75)&&(&PError("Error. Response has to be 75 characters or less")); } $in{'QuestionDesc'} =~ s/\r*\n/\\n/g; $in{'QuestionDesc'} = &htmlspecialchars($in{'QuestionDesc'}); $in{'allresponses'} = &htmlspecialchars($in{'allresponses'}); $in{'allresponses'} =~ s/\r*\n/~/g; my($file) = &CheckSafe("$cgipath/data/$in{'pid'}.cgi"); my($id) = &GetID; open(DB,">>$file"); ($flock)&&(flock(DB,2)); print DB "$id\t$in{'UserName'}\t$in{'QuestionDesc'}\t$in{'QuestionType'}\t$in{'allresponses'}\n"; ($flock)&&(flock(DB,8)); close DB; &Redirect($in{'cgiurl'} . "?command=modify&cid=$in{'cid'}&pid=$in{'pid'}","Question Saved"); } sub ShowConfig{ if(!$in{'pid'}){ &PError("Error. Please save the poll before changing the configuration"); } $in{'categoryname'} = &GetCatName($in{'cid'}); my($file) = &CheckSafe("$cgipath/data/polls.cgi"); open(DB,"<$file"); while(){ my(@f) = split("\t",$_); if ($in{'pid'} == $f[0]){ $in{'puid'} = $f[1]; $in{'PollName'} = $f[3]; $in{'sdate'} = $f[4]; $in{'edate'} = $f[5]; $in{'ignoredate'} = $f[7]; $in{'Status'.$f[8]} = 'selected'; $in{'viewresults'} = $f[9]; $in{'private'} = $f[10]; $in{'previouspolls'} = $f[11]; $in{'export'} = $f[12]; if($in{'export'}){ $in{'exportfile'} = qq|[ download ]|; } $in{'acomments'} = $f[13]; $in{'cpp'} = $f[14]; $in{'sdefault'} = $f[15]; $in{'votetype'.$f[16]} = 'checked'; $in{'voteagaindays'} = $f[17]; $in{'cookies'} = $f[18]; $in{'ip'} = $f[19]; if($f[15]){ $in{'sdefault'} = 'checked'; open(DB,"<$imagepath/default.css")||print "$!:$imagepath/default.css
"; while(){ $in{'style'} .= $_; } close DB; $in{'style'} = &htmlspecialchars($in{'style'}); } else{ open(DB,"<$imagepath/$in{'pid'}.css"); while(){ $in{'style'} .= $_; } close DB; $in{'style'} = &htmlspecialchars($in{'style'}); } if(($f[13])&&(-e "$cgipath/data/$in{'pid'}-comments.cgi")){ open(DB,"<$cgipath/data/$in{'pid'}-comments.cgi"); while(){ $in{'comments'} .= $_; } close DB; $in{'comments'} = &htmlspecialchars($in{'comments'}); } } } close DB; &PageOut("$cgipath/t_config.htm"); exit; } sub SavePoll{ $in{'PollDesc'} =~ s/<\/(.*)>/$1/gi; $in{'PollName'} =~ s/<\/(.*)>/$1/gi; (length($in{'PollName'}) > 50)&&(&PError("Error. Poll name has to be 50 characters or less")); if(!$in{'pid'}){ &SaveNewPoll; } else{ my(@p); my($file) = &CheckSafe("$cgipath/data/polls.cgi"); open(DB,"+<$file"); ($flock)&&(flock(DB,2)); while(){ my(@f) = split("\t",$_); if($f[0] eq $in{'pid'}){ $in{'PollDesc'} =~ s/\r*\n/\\n/g; $in{'PollDesc'} = &htmlspecialchars($in{'PollDesc'}); $f[3] = $in{'PollName'}; $f[6] = $in{'PollDesc'}; my($nv) = join("\t",@f); push(@p,$nv); } else{ push(@p,$_); } } seek(DB,0,0); foreach my $i (@p){ print DB $i; } truncate(DB, tell(DB)); ($flock)&&(flock(DB,8)); close DB; } &Redirect($in{'cgiurl'} . "?command=manage&cid=$in{'cid'}","Poll Saved"); exit; } sub ShowAddQuestion{ $in{'command'} = 'addq'; (!$in{'PollName'})&&(&PError("Error. Please enter a name for your poll before adding questions")); (!$in{'pid'})&&(&SaveNewPoll); &PageOut("$cgipath/t_add_edit_q.htm"); exit; } sub SaveNewPoll{ my($id) = &GetID; my($file) = &CheckSafe("$cgipath/data/polls.cgi"); open(DB,">>$file"); ($flock)&&(flock(DB,2)); $in{'PollDesc'} =~ s/\r*\n/\\n/g; $in{'PollDesc'} = &htmlspecialchars($in{'PollDesc'}); print DB "$id\t$in{'UserName'}\t$in{'cid'}\t$in{'PollName'}\t\t\t$in{'PollDesc'}\t\t\t\t\t\tchecked\t\t\t\t1\t\tchecked\tchecked\n"; ($flock)&&(flock(DB,8)); close DB; $in{'pid'} = $id; } sub ShowModifyPoll{ $in{'categoryname'} = &GetCatName($in{'cid'}); my($file) = &CheckSafe("$cgipath/data/polls.cgi"); open(DB,"<$file"); while(){ my($id,$uid,$cid,$pollName,$pollSDate,$pollEDate,$pollDesc,@rest) = split("\t",$_); ($module)&&($in{'atype'} ne 'admin')&&($uid ne $in{'UserName'})&&(next); if ($id == $in{'pid'}){ $in{'PollName'} = $pollName; $in{'PollDesc'} = $pollDesc; $in{'PollDesc'} = &reverseHTML($in{'PollDesc'}); $in{'PollDesc'} =~ s/\\n/\n/g; } } close DB; my($file) = &CheckSafe("$cgipath/data/$in{'pid'}.cgi"); open(DB,"<$file"); while(){ my(@f) = split("\t",$_); $f[1] = &reverseHTML($f[1]); $f[1] =~ s/\\n/
\n/g; $in{'line'} .= qq| edit :: delete :: move up :: move down $f[2] |; } close DB; (!$in{'line'})&&($in{'line'} = 'No questions configured'); &PageOut("$cgipath/t_add_edit_poll.htm"); exit; } sub ShowAddPoll{ (!$in{'cid'})&&(&PError("Error. Please create a category first.")); $in{'categoryname'} = &GetCatName($in{'cid'}); (!$in{'line'})&&($in{'line'} = 'No questions configured'); &PageOut("$cgipath/t_add_edit_poll.htm"); exit; } sub GetCatName{ my($cid) =@_; my($id,$uid,$name,@rest,$name); my($file) = &CheckSafe("$cgipath/data/categories.cgi"); open(DB,"<$file"); while(){ chomp; ($id,$uid,$name,@rest) = split("\t",$_); last if ($id == $cid); } close DB; return $name; } sub ShowArchive{ use Time::Local; my ($catId) = $in{'cid'}; my(%polls,$pollStamp); my($file) = &CheckSafe("$cgipath/data/polls.cgi"); open(DB,"<$file"); while(){ chomp; my($id,$uid,$cid,$pollName,$pollSDate,$pollEDate,$pollDesc,$ignoredate,$status,@rest) = split("\t",$_); ($module)&&($in{'atype'} ne 'admin')&&($uid ne $in{'UserName'})&&(next); ($status eq 'Hold')&&(next); if(($ignoredate)&&($pollSDate)){ my($mon,$day,$year) = $pollSDate =~ /(.*)[^\d](.*)[^\d](.*)/; $pollStamp = timelocal(0,0,0,$day,$mon-1,$year); if($pollStamp > time){ next; } } my($pdate); (($pollSDate)&&($ignoredate))?($pdate = "$pollSDate - $pollEDate"):($pdate = 'N/A'); $polls{$pollStamp.'-'.$id} = qq~ $pollName $pdate ~ unless ($cid != $catId); } close DB; foreach my $i (sort keys %polls){ $in{'parchive'} .= $polls{$i}; } if(!$in{'parchive'}){ $in{'parchive'} = qq|No previous polls available.|; } if(-e "$imagepath/$in{'pid'}.css"){ $in{'css'} = "$imageurl/$in{'pid'}.css"; } else{ $in{'css'} = "$imageurl/default.css"; } &PageOut("$cgipath/t_archives.htm"); exit; } sub ShowManage{ use Time::Local; my ($catId) = $in{'cid'}; my($selected,%polls,$pollStamp); my($file) = &CheckSafe("$cgipath/data/categories.cgi"); open(DB,"<$file"); while(){ chomp; my($id,$uid,$catname) = split("\t",$_); ($module)&&($in{'atype'} ne 'admin')&&($uid ne $in{'UserName'})&&(next); (!$in{'cid'})&&($in{'cid'} = $id)&&($catId = $id); if ($id == $catId) { $selected = 'selected'; $in{"CatName"} = $catname; } else{ $selected = ''; } $in{'categories'} .= qq|\n|; } close DB; #(!$in{'categories'})&&($catId=1)&&($in{'categories'} = ""); my($file) = &CheckSafe("$cgipath/data/polls.cgi"); open(DB,"<$file"); while(){ chomp; my($id,$uid,$cid,$pollName,$pollSDate,$pollEDate,$pollDesc,$ignoredate,$status,@rest) = split("\t",$_); ($module)&&($in{'atype'} ne 'admin')&&($uid ne $in{'UserName'})&&(next); ($status ne 'Hold')&&($status = 'Active'); if($status eq 'Hold'){ $status = "Hold"; } if($ignoredate){ if($pollSDate){ my($mon,$day,$year) = $pollSDate =~ /(.*)[^\d](.*)[^\d](.*)/; $pollStamp = timelocal(0,0,0,$day,$mon-1,$year); if($pollStamp > time){ $status = "Pending"; } } if($pollEDate){ my($mon,$day,$year) = $pollEDate =~ /(.*)[^\d](.*)[^\d](.*)/; $pollStamp = timelocal(0,0,0,$day,$mon-1,$year); if($pollStamp < time){ $status = "Expired"; } } } my($pdate); (($pollSDate)&&($ignoredate))?($pdate = "$pollSDate - $pollEDate"):($pdate = 'N/A'); my(@ls); my($vt) = 0; open(CNT,"<$cgipath/data/$id.dat.cgi"); while(){ (@ls) = stat(CNT); $vt++ } close CNT; $ls[7] = sprintf("%.2f",$ls[7]/1000).'KB'; $polls{$pollStamp.'-'.$id} = qq~   Modify  |  View Results  |  Delete  |  Configure  $pollName $pdate $status $vt ($ls[7]) ~ unless ($cid != $catId); } close DB; foreach my $i (sort keys %polls){ $in{'polls'} .= $polls{$i}; } (!$in{'polls'})&&($in{'polls'} = qq|No polls in this category|); if($in{'atype'} eq 'admin'){ require("$cgipath/t_cp.htm"); } &PageOut("$cgipath/t_manage.htm"); exit; } sub ShowAddCategory{ &PageOut("$cgipath/t_add_edit_category.htm"); exit; } sub AddCategory{ my($id) = &GetID; ($in{'catname'} =~ /([<>])/)&&(&PError("Error. $1 characters are not allowed in category name.")); (length($in{'catname'}) > 50)&&(&PError("Error. Category name has to be 50 characters or less")); my($file) = &CheckSafe("$cgipath/data/categories.cgi"); open(DB,">>$file"); print DB "$id\t$in{'UserName'}\t$in{'catname'}\n"; close DB; print qq| |; exit; } sub GetID{ my($id); open(DB,"<$cgipath/data/_gcount.cgi"); $id = ; close DB; $id++; open(DB,">$cgipath/data/_gcount.cgi"); print DB $id; close DB; return $id; } sub DeleteCategory { my ($catId) = $in{'cid'} || &cgierr("fatal error: DeleteCategory - no id specified"); my(@c,@p); my($file) = &CheckSafe("$cgipath/data/categories.cgi"); open(DB,"+<$file"); ($flock)&&(flock(DB,2)); while(){ my($id,$uid,$name) = split("\t",$_); push(@c,$_) unless ($id eq $catId); } seek(DB,0,0); foreach my $i (@c){ print DB $i; } truncate(DB, tell(DB)); ($flock)&&(flock(DB,8)); close DB; undef(@c); my($file) = &CheckSafe("$cgipath/data/polls.cgi"); open(DB,"+<$file"); ($flock)&&(flock(DB,2)); while(){ my($id,$uid,$cid,@rest) = split("\t",$_); ($cid eq $catId)?(&DeletePoll($id)):(push(@p,$_)); } seek(DB,0,0); foreach my $i (@p){ print DB $i; } truncate(DB, tell(DB)); ($flock)&&(flock(DB,8)); close DB; &Redirect($in{'cgiurl'} . "?command=manage","Category Deleted"); } sub DeletePoll2 { my(@p,$d); my($file) = &CheckSafe("$cgipath/data/polls.cgi"); open(DB,"+<$file"); ($flock)&&(flock(DB,2)); while(){ my($id,$uid,$cid,@rest) = split("\t",$_); ($id ne $in{'pid'})&&(push(@p,$_)); } seek(DB,0,0); foreach my $i (@p){ print DB $i; } truncate(DB, tell(DB)); ($flock)&&(flock(DB,8)); close DB; my($file) = &CheckSafe("$cgipath/data/$in{'pid'}.cgi"); unlink($file); &Redirect($in{'cgiurl'} . "?command=manage&cid=$in{'cid'}","Poll Deleted"); } sub DeleteQuestion { my(@p); my($file) = &CheckSafe("$cgipath/data/$in{'pid'}.cgi"); open(DB,"+<$file"); ($flock)&&(flock(DB,2)); while(){ my($id,$uid,@rest) = split("\t",$_); ($id ne $in{'id'})&&(push(@p,$_)); } seek(DB,0,0); foreach my $i (@p){ print DB $i; } truncate(DB, tell(DB)); ($flock)&&(flock(DB,8)); close DB; &ShowModifyPoll; } sub DeletePoll{ my($pid) = @_; my($file) = &CheckSafe("$cgipath/data/$pid.cgi"); unlink($file); } sub CheckAccess{ return if (!$module); return if ($in{'atype'} eq 'admin'); my($filename,$tid,$ac); if($in{'qid'}){ $filename = "$cgipath/data/$in{'pid'}.cgi"; $tid = $in{'qid'}; } elsif($in{'id'}){ $filename = "$cgipath/data/$in{'pid'}.cgi"; $tid = $in{'id'}; } elsif($in{'pid'}){ $filename = "$cgipath/data/polls.cgi"; $tid = $in{'pid'}; } elsif($in{'cid'}){ $filename = "$cgipath/data/categories.cgi"; $tid = $in{'cid'}; } else{ return; } my($file) = &CheckSafe($filename); open(DB,"<$file"); while(){ my($id,$uid,@rest) = split("\t",$_); ($id == $tid)&&($uid eq $in{'UserName'})&&($ac=1)&&(last); } close DB; (!$ac)&&(&PError("Error. Access denied")); } # _____________________________________________________________________________ sub GetLogin{ &GetCookies; $in{'UserName'} = $cookie{'UserName'}; $in{'PassWord'} = $cookie{'PassWord'}; # if no password, then output the login screen if(!$in{'UserName'}){ &PageOut("$cgipath/t_login.htm"); exit; } if(($^O =~ /win/i)){ if(($in{'UserName'} eq $username)&&($in{'PassWord'} eq $password)){ #good to go. $in{'atype'} = 'admin'; return 1; } } else{ if(($in{'UserName'} eq $username)&&(crypt($in{'PassWord'},'CS') eq $password)){ #good to go. $in{'atype'} = 'admin'; return 1; } } # password failed &PError("Error. Invalid username or password"); } sub Login{ &PageOut("$cgipath/t_login.htm"); exit; } sub Setup{ use Cwd; $in{'cgipath'} = Cwd::cwd(); $in{'cgiurl'} = "$ENV{'HTTP_HOST'}/$ENV{'SCRIPT_NAME'}"; $in{'cgiurl'} =~ s/\/\//\//g; $in{'cgiurl'} = "http://".$in{'cgiurl'}; $in{'cgiurl'} =~ s/\/csPoller\.$in{'ext'}//i; $in{'imageurl'} = $in{'cgiurl'}.'/images'; $in{'imagepath'} = $in{'cgipath'}.'/images'; &PageOut("$basepath/t_setup.htm"); exit; } sub SaveSetup{ (-e "$basepath/setup.cgi")&&(&PError("Error. Access Denied")); $in{'setup'} =~ s/\r*\n/\n/g; my $sfile = &CheckSafe("$basepath/setup.cgi"); if($^O !~ /win/i){ $in{'mpassword'} = crypt($in{'mpassword'},'CS'); } open(SETUP,">$sfile"); ($flock)&&(flock(SETUP,2)); print SETUP "\$cgiurl='$in{'mcgiurl'}';\n"; print SETUP "\$cgipath='$in{'mcgipath'}';\n"; print SETUP "\$imageurl='$in{'mimageurl'}';\n"; print SETUP "\$imagepath='$in{'mimagepath'}';\n"; print SETUP "\$username='$in{'musername'}';\n"; print SETUP "\$password='$in{'mpassword'}';\n"; print SETUP "1;\n"; ($flock)&&(flock(SETUP,8)); &Redirect("$ENV{'SCRIPT_NAME'}?command=login","Setup.cgi reconfigured"); exit; } # _____________________________________________________________________________ sub PageOut{ my ($file) = @_; if($in{'js'} == 1){ &PageOutJS($file); } open(OUT,"$file")||print "$!: $file
"; while(){ $_ =~ s/in\((\w+)\)/$in{$1}/g; print; } close OUT; } sub DataOutJS{ my($data) = @_; $data =~ s/\r//g; $data =~ s/\"/\\"/g; $data =~ s/\\n/\\\\n/g; $data =~ s/(scr)(ipt)/$1\"\+\"$2/gsi; my @mylines = split(/\r*\n/,$data); foreach my $q (@mylines){ print qq|document.write("$q\\n");\n|; } exit; } sub PageOutJS{ my($file) = @_; open(OUT,"$file")||print "$!: $file
"; while(){ my $o = $_; $o =~ s/\r//g; $o =~ s/in\((\w+)\)/$in{$1}/g; $o =~ s/\"/\\"/g; $o =~ s/\\n/\\\\n/g; $o =~ s/(scr)(ipt)/$1\"\+\"$2/gsi; my @mylines = split(/\r*\n/,$o); foreach my $q (@mylines){ print qq|document.write("$q\\n");\n|; } } close OUT; exit; } sub CheckSafe { # private fuction for checking filenames to open my $this = shift; ($this =~ /\.\./)&&(print "Invalid filename.")&&(exit); ($this =~ /\|/)&&(print "Invalid filename.")&&(exit); ($this =~ /\>/)&&(print "Invalid filename.")&&(exit); ($this =~ /\/\>/g; $buffer =~ s/\"/\"/g; return $buffer; } sub reverseHTML{ my($text) = @_; $text =~ s/\>/>/g; $text =~ s/\<///gi; $text =~ s///gi; return $text; }