#!/usr/bin/perl
###########################
## AutoRank Pro v5.0.x ##
###################################################################
## accounts.cgi - Handle user account creation and maintenance ##
###################################################################
use Fcntl qw(:DEFAULT :flock);
eval
{
require 'common.pl';
require 'arp.pl';
require 'http.pl';
require 'size.pl';
Header("Content-type: text/html\n\n");
main();
};
if( $@ )
{
Error("$@", 'accounts.cgi');
}
sub main
{
ParseRequest(1);
$T{'Name_Field_1'} = $NAME_FIELD_1;
$T{'Name_Field_2'} = $NAME_FIELD_2;
$T{'Name_Field_3'} = $NAME_FIELD_3;
if( !$ENV{'QUERY_STRING'} && !$F{'Run'} )
{
DisplayAddAccount();
}
elsif( $ENV{'QUERY_STRING'} eq 'login' )
{
DisplayLogin();
}
elsif( $ENV{'QUERY_STRING'} eq 'remind' )
{
DisplayRemind();
}
else
{
my %run = ('DisplayEdit', '1', 'DisplayStatistics', '1', 'DisplayLinks', '1', 'EditAccount', '1', 'CreateAccount', '1', 'SendReminder', '1');
if( exists $run{$F{'Run'}} )
{
&{$F{'Run'}}();
}
else
{
FormError('E_BAD_FUNCTION');
}
}
}
sub DisplayAddAccount
{
for( split(/,/, $CATEGORIES) )
{
my $H = {};
$H->{'Category'} = $_;
TemplateAdd('Categories', $H);
}
ParseTemplate('accounts_add.tpl');
}
sub DisplayRemind
{
ParseTemplate('accounts_remind.tpl');
}
sub DisplayLogin
{
ParseTemplate('accounts_login.tpl');
}
sub DisplayEdit
{
my $member = VerifyLogin();
if( $member->{'Locked'} )
{
FormError('E_LOCKED');
}
if( $member->{'Suspended'} )
{
FormError('E_SUSPENDED');
}
HashToTemplate($member);
for( split(/,/, $CATEGORIES) )
{
my $H = {};
$H->{'Category'} = $_;
$H->{'Selected'} = ($H->{'Category'} eq $member->{'Category'});
TemplateAdd('Categories', $H);
}
ParseTemplate('accounts_edit.tpl');
}
sub DisplayStatistics
{
my $member = VerifyLogin();
HashToTemplate($member);
$T{'Last_Rebuild'} = Date($DATE_FORMAT, $TIME_FORMAT, $TIMES->{'Rebuild'} + 3600 * $TIME_ZONE);
$T{'Last_Reset'} = Date($DATE_FORMAT, $TIME_FORMAT, $TIMES->{'Reset'} + 3600 * $TIME_ZONE);
$T{'Total_Reset'} = Date($DATE_FORMAT, $TIME_FORMAT, $TIMES->{'Total_Reset'} + 3600 * $TIME_ZONE);
## Load historical stats
for( @{FileReadArray("$DDIR/stats/$member->{'Username'}")} )
{
my $line = $_;
my $H = {};
chomp($line);
@$H{@{$DB_FORMAT{'memstats'}}} = split(/\|/, $line);
$H->{'Date'} = Date($DATE_FORMAT, '%q', $H->{'Time'} + 3600 * $TIME_ZONE);
TemplateAdd('Stats', $H);
}
ParseTemplate('accounts_statistics.tpl');
}
sub DisplayLinks
{
VerifyLogin();
$T{'Username'} = $F{'Username'};
$T{'Tracking_URL'} = "$IN_URL?id=$F{'Username'}";
ParseTemplate('accounts_links.tpl');
}
##########################################################################################################################################
##########################################################################################################################################
##########################################################################################################################################
sub VerifyLogin
{
my $member = undef;
if( !$F{'Username'} || !$F{'Password'} )
{
FormError('E_USER_PASS');
}
$member = ReadMember($F{'Username'});
if( !$member || $member->{'Password'} ne $F{'Password'} )
{
FormError('E_BAD_LOGIN');
}
return $member;
}
#digihax Wed Sep 15 12:06:28 2004 68.66.80.253
sub EditAccount
{
my $member = VerifyLogin();
my @locked = qw(Current_In Current_Out Total_In Total_Out In_Weight Out_Weight Icons Signup Suspended
Locked Inactive Last_Sort Last_Hits_In Last_Hits_Out Last_Overall Last_Category Comments);
if( $member->{'Locked'} )
{
FormError('E_LOCKED');
}
if( $member->{'Suspended'} )
{
FormError('E_SUSPENDED');
}
if( $F{'New_Password'} )
{
$F{'Password'} = $F{'New_Password'};
}
CheckInput();
for( @locked )
{
delete($F{$_});
}
if( $O_REVIEW_EDIT )
{
DBReplace("$DDIR/dbs/reviewedit", $member->{'Username'}, \%F);
}
else
{
## Make sure they have not provided any database fields that they are not allowed to edit
UpdateMember($member->{'Username'}, $member, \%F);
}
HashToTemplate(\%F);
if( $O_EMAIL_EDIT )
{
$T{'Script_URL'} = $CGI_URL;
$T{'To'} = $ADMIN_EMAIL;
$T{'From'} = $ADMIN_EMAIL;
Mail("$TDIR/email_adminedit.tpl");
}
ParseTemplate('accounts_edited.tpl');
}
sub CreateAccount
{
CheckInput();
HashToTemplate(\%F);
$T{'To'} = $F{'Email'};
$T{'From'} = $ADMIN_EMAIL;
$T{'Script_URL'} = $CGI_URL;
$T{'Tracking_URL'} = "$IN_URL?id=$F{'Username'}";
if( $O_REVIEW_NEW )
{
DBInsert("$DDIR/dbs/reviewnew");
if( $O_EMAIL_CONFIRM )
{
Mail("$TDIR/email_review.tpl");
}
}
else
{
$T{'Current_In'} = 0;
$T{'Current_Out'} = 0;
$T{'Total_In'} = 0;
$T{'Total_Out'} = 0;
$T{'In_Weight'} = 1.000;
$T{'Out_Weight'} = 1.000;
$T{'Signup'} = time;
$T{'Suspended'} = 0;
$T{'Locked'} = 0;
$T{'Inactive'} = 0;
$T{'Last_Sort'} = 'NA';
$T{'Last_Hits_In'} = 'NA';
$T{'Last_Hits_Out'} = 'NA';
$T{'Last_Overall'} = 'NA';
$T{'Last_Category'} = 'NA';
WriteMember($F{'Username'}, \%T);
FileWrite("$DDIR/stats/$F{'Username'}", undef);
if( $O_EMAIL_CONFIRM )
{
Mail("$TDIR/email_added.tpl");
}
}
if( $O_EMAIL_ADD )
{
$T{'To'} = $ADMIN_EMAIL;
Mail("$TDIR/email_adminadd.tpl");
}
ParseTemplate('accounts_added.tpl');
}
sub CheckInput
{
my $new_account = ($F{'Run'} eq 'CreateAccount');
my $banner = 'test.test';
## Make sure an account with this username doesn't already exist
if( $new_account && (-e "$DDIR/members/$F{'Username'}" || DBSelect("$DDIR/dbs/reviewnew", $F{'Username'})) )
{
FormError('E_USERNAME_TAKEN');
}
## Check the blacklist
my $blacklisted = IsBlacklisted(\%F);
if( $blacklisted )
{
FormError('E_BLACKLISTED', $blacklisted);
}
## Check for duplicate account information
if( $new_account && $O_CHECK_DUPS )
{
CheckForDuplicate();
}
## Verify e-mail address format
if( $F{'Email'} !~ /^[\w\d][\w\d\,\.\-]*\@([\w\d\-]+\.)+([a-zA-Z]+)$/ )
{
FormError('E_BAD_EMAIL');
}
## Verify site URL format
if( $F{'Site_URL'} !~ /^http:\/\/[\w\d\-\.]+\.[\w\d\-\.]+/ )
{
FormError('E_BAD_URL', 'SITE_URL');
}
## Verify banner URL format
if( $F{'Banner_URL'} && $F{'Banner_URL'} !~ /^http:\/\/[\w\d\-\.]+\.[\w\d\-\.]+/ )
{
FormError('E_BAD_URL', 'BANNER_URL');
}
## Verify recip URL format
if( ($F{'Recip_URL'} || $O_REQ_RECIP) && $F{'Recip_URL'} !~ /^http:\/\/[\w\d\-\.]+\.[\w\d\-\.]+/ )
{
FormError('E_BAD_URL', 'RECIP_URL');
}
## Verify site title length
if( length($F{'Title'}) > $MAX_TITLE )
{
FormError('E_TOO_LONG', 'TITLE');
}
## Verify site description length
if( length($F{'Description'}) > $MAX_DESC )
{
FormError('E_TOO_LONG', 'DESC');
}
## Verify username length
if( $new_account && (length($F{'Username'}) < 4 || length($F{'Username'}) > 8) )
{
FormError('E_USER_LENGTH');
}
## Verify password length
if( length($F{'Password'}) < 4 )
{
FormError('E_PASS_LENGTH');
}
## Verify username contains only letters and numbers
if( $new_account && $F{'Username'} !~ m/^[a-zA-Z0-9]+$/gi )
{
FormError('E_USER_CHARS');
}
## Verify that the site title and description were provided
if( !$F{'Title'} || !$F{'Description'} )
{
FormError('E_TITLE_DESC');
}
## Verify user defined fields were provided if they are required
FormError('E_REQUIRED', $NAME_FIELD_1) if( $O_REQ_FIELD_1 && !$F{'Field_1'} );
FormError('E_REQUIRED', $NAME_FIELD_2) if( $O_REQ_FIELD_2 && !$F{'Field_2'} );
FormError('E_REQUIRED', $NAME_FIELD_3) if( $O_REQ_FIELD_3 && !$F{'Field_3'} );
## Verify that a valid category was selected
if( $CATEGORIES && index(",$CATEGORIES,", $F{'Category'}) == -1 )
{
FormError('E_INVALID_CAT');
}
## Check URLs to make sure they are working
if( $O_CHECK_URLS )
{
my @urls = ($F{'Site_URL'}, $F{'Banner_URL'}, $F{'Recip_URL'});
for( @urls )
{
my $url = $_;
if( $url )
{
my $http = new HTTP(URL=>$url);
if( !$http->GET() )
{
FormError('E_BAD_URL', "
$url [$http->{'Errstr'}]");
}
}
}
}
## Download member banner
if( ($O_CHECK_DIMS || $O_SERVE_BANNERS) && $F{'Banner_URL'} )
{
my $extension = undef;
my $http = new HTTP(URL=>$F{'Banner_URL'}, Referrer=>$F{'Site_URL'});
if( !$http->GET() )
{
FormError('E_BAD_URL', "
$F{'Banner_URL'} [$http->{'Errstr'}]");
}
($F{'Banner_Width'}, $F{'Banner_Height'}, $extension) = imgsize(\$http->{'Data'});
if( !$F{'Banner_Width'} )
{
FormError('E_BAD_IMAGE');
}
if( $http->{'BodyBytes'} > $BANNER_SIZE )
{
FormError('E_SIZE_BANNER', $BANNER_SIZE);
}
if( $O_SERVE_BANNERS )
{
$extension = lc($extension);
FileWrite("$BANNER_DIR/$F{'Username'}.$extension", $http->{'Data'});
$F{'Banner_URL'} = "$BANNER_URL/$F{'Username'}.$extension";
$banner = "$F{'Username'}.$extension";
}
}
## Force all banners to set dimensions
if( $O_FORCE_DIMS )
{
$F{'Banner_Height'} = $BANNER_HEIGHT;
$F{'Banner_Width'} = $BANNER_WIDTH;
}
## Verify banner height and width
if( $F{'Banner_Width'} > $BANNER_WIDTH || $F{'Banner_Height'} > $BANNER_HEIGHT )
{
if( -e $banner )
{
unlink("$BANNER_DIR/$banner");
}
FormError('E_DIMS_BANNER', "$BANNER_WIDTH x $BANNER_HEIGHT");
}
## Remove any |, \r and \n characters from input
for( keys %F )
{
$F{$_} =~ s/\||\r|\n//g;
}
}
sub CheckForDuplicate
{
if( $O_REVIEW_NEW )
{
my %member = ();
sopen(REVIEW, "$DDIR/dbs/reviewnew");
for( )
{
@member{@{$DB_FORMAT{'member'}}} = split(/\|/, $_);
if( $member{'Site_URL'} eq $F{'Site_URL'} || $member{'Title'} eq $F{'Title'} )
{
FormError('E_DUPLICATE');
}
}
close(REVIEW);
}
for( @{DirRead("$DDIR/members", '^[^.]')} )
{
my $member = ReadMember($_);
if( $member->{'Site_URL'} eq $F{'Site_URL'} || $member->{'Title'} eq $F{'Title'} )
{
FormError('E_DUPLICATE');
}
}
}
sub SendReminder
{
my $member = undef;
if( !$F{'Input'} )
{
FormError('E_EMAIL_NOT_FOUND');
}
for( @{DirRead("$DDIR/members", '^[^.]')} )
{
$member = ReadMember($_);
if( $member->{'Email'} eq $F{'Input'} )
{
$T{'Found'} = 1;
last;
}
}
$T{'Email'} = $F{'Input'};
if( $T{'Found'} )
{
HashToTemplate($member);
$T{'To'} = $F{'Input'};
$T{'From'} = $ADMIN_EMAIL;
$T{'Tracking_URL'} = "$IN_URL?id=$member->{'Username'}";
$T{'Login_URL'} = "$CGI_URL/accounts.cgi?login";
Mail("$TDIR/email_remind.tpl");
ParseTemplate('accounts_remind.tpl');
}
else
{
FormError('E_EMAIL_NOT_FOUND');
}
}