#!/usr/bin/perl
#####################################################################
#
# *** W a y - B O A R D ***
# Version 1.2
#--------------------------------------------------------------------
# Developed by Lim, Dae-Ho
# http://way.co.kr
#
#####################################################################
# 1999/04/07-04/08 by lawwal Ver 0.8
# 1999/04/09-04/11 by lawwal Ver 0.9
# 1999/04/14-04/19 by lawwal Ver 1.0
# 1999/04/19 by lawwal Ver 1.0a
# 1999/04/23 by lawwal Ver 1.1
# 1999/04/27 by lawwal Ver 1.2 Plus WinNT/98/95
# 2001/03/13 by lawwal Ver 1.2p2 Security bug fix
#####################################################################
&set_data;
&rw_deny_user_ck;
if(!$job || $job eq "lv")
{ require "./lib/list_view.cgi"; &list_view; }
if($job eq "v") { require "./lib/art_view.cgi"; &art_view; }
if($job eq "dv") { require "./lib/direct_view.cgi"; &direct_view; }
if($job eq "w") { require "./lib/input_html.cgi"; &write; }
if($job eq "wr") { require "./lib/mail.cgi";
require "./lib/board_run.cgi"; &write_run; }
if($job eq "tw") { require "./lib/input_html.cgi"; &t_write; }
if($job eq "twr") { require "./lib/mail.cgi";
require "./lib/board_run.cgi"; &t_write_run; }
if($job eq "m") { require "./lib/input_html.cgi"; &modify; }
if($job eq "mr") { require "./lib/board_run.cgi"; &modify_run; }
if($job eq "d") { require "./lib/input_html.cgi"; &delete; }
if($job eq "dr") { require "./lib/board_run.cgi"; &delete_run; }
if($job eq "tm") { require "./lib/input_html.cgi"; &t_write("mailer"); }
if($job eq "tmr") { require "./lib/mail.cgi";
require "./lib/board_run.cgi"; &t_mail; }
if($job eq "s") { require "./lib/list_view.cgi";
require "./lib/search.cgi"; &search; }
exit;
#####################################################################
sub set_data {
# Way-BOARD ±âº»¼³Á¤
require "./conf-board.cgi";
umask 000;
&init;
# db ¼±ÅÃ
if($Field{'db'}) { $DB = $Field{'db'}; } else { $DB = "Free"; }
#====================================================================
# Security bug fix
#====================================================================
if ($DB =~ /\0/) {
print "Content-type: text/html\n\n
Error !
"; exit;
}
#====================================================================
# Way-BOARD DB¼³Á¤
if(-d "$DB_DIR/$DB") { require "$DB_DIR/$DB/.conf.cgi"; }
else { require "./lib/.conf.cgi";
$RIB_B && ($RIB_B = "BGCOLOR=$RIB_B");
$FLD_B && ($FLD_B = "BGCOLOR=$FLD_B");
&error_not_db; }
# ÆÄÀÏÅ©±â ÃÊ°úÇÒ °æ¿ì
if($FILE_S < length($FILES{'file'}->{data})) {
$FILES{'file'}->{name} = '';
$FILES{'file'}->{data} = ''; }
&db_name_info;
# ÀÏÀÚÁ¤º¸
require "./lib/get_date.cgi";
# File Locking
require "./lib/locking.cgi";
# Åõ¸í ¹è°æ»ö °í·Á
$FD_B && ($FD_B = "BGCOLOR=$FD_B");
$LS_B && ($LS_B = "BGCOLOR=$LS_B");
$LS_BI && ($LS_BI = "BGCOLOR=$LS_BI");
$FLD_B && ($FLD_B = "BGCOLOR=$FLD_B");
$AV_MSG_B && ($AV_MSG_B = "BGCOLOR=$AV_MSG_B");
$RIB_B && ($RIB_B = "BGCOLOR=$RIB_B");
# ÇÑ±Û ±æÀÌ Á¦ÇÑ
if($LEN_CK eq "Y") {
($Field{'name'}, $CUT_YN_NA) = &hangul_cut($Field{'name'}, $MAX_NA);
$dot_cnt_tmp = $Field{'on'} =~ s/\./\./g;
$dot = ($dot_cnt_tmp + 1) * 2;
($Field{'title'}, $CUT_YN_TT) = &hangul_cut($Field{'title'}, ($MAX_TT-$dot));
$CUT_YN_NA && ($Field{'name'} = $Field{'name'} . $LEN_CR);
$CUT_YN_TT && ($Field{'title'} = $Field{'title'} . $LEN_CR);
}
# page ¼±ÅÃ
$PAGE = $Field{'pg'};
$PAGE || ($PAGE=1);
$P_s = ($PAGE - 1) * $PAGE_L + 1;
$P_e = $PAGE * $PAGE_L;
# cgi ¸íĪ ½Àµæ
$cgi_name = $ENV{"SCRIPT_NAME"};
@cgi_name = split(/\/+/, $cgi_name);
$cgi_name_index = $#cgi_name;
$cgi_name = $cgi_name[$cgi_name_index];
# ÀÚ·á º¯Çü
$job = $Field{'j'};
$Field{'mail'} =~ s/^ +| +$//g;
$Field{'msg'} =~ s/\cM//g;
$Field{'msg'} =~ s/\r\n/\n/g; # Windows(CR,LF) -> LF
$Field{'msg'} =~ s/\r/\n/g; # Mac(CR) -> LF
$Field{'name'} =~ s/\r\n|\n|\|/ /g;
$Field{'mail'} =~ s/\r\n|\n|\|/ /g;
$Field{'title'} =~ s/\r\n|\n|\|/ /g;
$Field{'add1'} =~ s/\r\n|\n|\|/ /g;
$Field{'add2'} =~ s/\r\n|\n|\|/ /g;
$Field{'add3'} =~ s/\r\n|\n|\|/ /g;
$Field{'add4'} =~ s/\r\n|\n|\|/ /g;
$Field{'add5'} =~ s/\r\n|\n|\|/ /g;
# NULLÀԷ°ª º¸Á¤
if($job eq "wr" || $job eq "twr") {
if(!$Field{'name'}) {
if($NONAME) { $Field{'name'}=$NONAME; }
else { push(@null_field, $NAME); } }
if(!$Field{'title'}) {
if($NOTITLE) { $Field{'title'}=$NOTITLE; }
else { push(@null_field, $TITLE); } }
if(!$Field{'msg'}) {
if($NOMSG) { $Field{'msg'}=$NOMSG; }
else { push(@null_field, $MSG); } }
if(@null_field) {
$null_field_name = join(", ", @null_field);
&error("ÇʼöÇ׸ñ ÀÔ´Ï´Ù.($null_field_name)"); }
}
$Field{'title'} || ($Field{'title'} = $NOTITLE);
$Field{'msg'} || ($Field{'msg'} = $NOMSG);
$acc_ip = $ENV{'REMOTE_ADDR'};
# ºê¶ó¿ìÀúº° ÀÔ·Ââ Å©±â Á¶Àý
$browser = $ENV{'HTTP_USER_AGENT'};
# 100 : 64 (IE : ETC)
if($browser =~/MSIE/i) {
$BASE_COLS = 15; # À̸§, ºñ¹Ð¹øÈ£, E-mail, °Ë»ö
$BASE2_COLS = 24; # ÷ºÎÆÄÀÏ
$TITLE_COLS = 50; # Á¦¸ñ
$TEXT_COLS = 72; # ³»¿ë
$ADD1_S = int($ADD1_S / 0.64);
$ADD2_S = int($ADD2_S / 0.64);
$ADD3_S = int($ADD3_S / 0.64);
$ADD4_S = int($ADD4_S / 0.64);
$ADD5_S = int($ADD5_S / 0.64);
}
else {
$BASE_COLS = 10;
$BASE2_COLS = 15;
$TITLE_COLS = 32;
$TEXT_COLS = 46;
}
# ¸ñ·Ï Å×ÀÌºí ³ÐÀÌ°ª ȹµæ
foreach $ls_tmp (split(/\ +/, $PRINT_LS)) {
if($ls_tmp eq "NO") { $LT_W += $FD_W_NO; }
if($ls_tmp eq "NAME") { $LT_W += $FD_W_NA; }
if($ls_tmp eq "TITLE") { $LT_W += $FD_W_TT; }
if($ls_tmp eq "DATE") { $LT_W += $FD_W_DA; }
if($ls_tmp eq "DISP") { $LT_W += $FD_W_DI; }
if($ls_tmp eq "ADD1") { $LT_W += $FD_W_A1; }
if($ls_tmp eq "ADD2") { $LT_W += $FD_W_A2; }
if($ls_tmp eq "ADD3") { $LT_W += $FD_W_A3; }
if($ls_tmp eq "ADD4") { $LT_W += $FD_W_A4; }
if($ls_tmp eq "ADD5") { $LT_W += $FD_W_A5; }
}
# Ver 1.0 -> 1.2 upgrade °í·Á
if(!defined $SRC_INDEX) { $SRC_INDEX = 'Y'; }
if(!defined $LAST_VIEW) { $LAST_VIEW = 'Y'; }
if(!defined $COOKIE_EXP) { $COOKIE_EXP = '7'; }
}
#####################################################################
sub msg_conv {
$msg_data = "";
open(FILE, "$FILE") || &error_file_open($FILE);
while() {
if($HTML_ALLOW eq "Y") {
if($LINK_URL_ALLOW eq "Y") {
$_ =~ s/(http:\/\/\S+)/$1<\/A>/g; }
if($LINK_MAIL_ALLOW eq "Y") {
#$_ =~ s/(\S+\@[a-zA-Z0-9\-]&[\.]+)/$1<\/A>/g; }
$_ =~ s/\s{1}(.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,3}|[0-9]{1,3})(\]?))/ $1<\/A>/g; }
$_ =~ s/\n/
\n/g;
$_ =~ s/ / /g; }
$msg_data .= $_;
}
if($HTML_ALLOW eq "Y") { $msg_data .= "
\n"; }
close(FILE);
if($HTML_ALLOW eq "Y") {
$msg_data = "
\n$msg_data\n
\n"; }
else { $msg_data = "\n$msg_data\n\n"; }
}
#####################################################################
sub rw_deny_user_ck {
if($RW_DENY_USER eq "Y") {
&deny_file_search("$DB_DIR/.rw_deny.cgi", "Á¢±ÙÀÌ Çã¿ëµÇÁö ¾Ê½À´Ï´Ù.($acc_ip)"); }
}
sub w_deny_user_ck {
if($W_DENY_USER eq "Y") {
&deny_file_search("$DB_DIR/.w_deny.cgi", "¾²±â°¡ Çã¿ëµÇÁö ¾Ê½À´Ï´Ù.($acc_ip)"); }
}
sub deny_file_search {
local($FILE_D, $err_msg) = @_;
if(-e $FILE_D) {
open(FILE_D, "$FILE_D") || &error_file_open($FILE_D);
while() { $deny_user .= $_; }
close(FILE_D);
$deny_user =~ s/^ +| +$//g;
$deny_user =~ s/\cM/ /g;
$deny_user =~ s/\r\n/ /g;
$deny_user =~ s/\r/ /g;
$deny_user =~ s/\n/ /g;
@deny_user_arr = split(/\s+/, $deny_user);
foreach $tmp(@deny_user_arr) {
if($acc_ip =~ /^$tmp/) { &error($err_msg); }
}
}
}
#####################################################################
sub crazy_user_ck {
if($W_ALLOW_TIME <= 0 ) { return ; }
$FILE_C = "$DB_DIR/.last_info.cgi";
if(!-e $FILE_C) {
open(FILE_C, ">$FILE_C") || &error_file_open($FILE_C);
close(FILE_C);
}
open(FILE_C, "$FILE_C") || &error_file_open($FILE_C);
while() {
($c_time, $c_ip) = split(/\|/, $_);
if(time < ($c_time + $W_ALLOW_TIME)) {
if($acc_ip eq $c_ip) {
$crazy_error = "deny";
$crazy_data .= time . "|$acc_ip|\n"; }
else { $crazy_data .= $_; }
}
}
close(FILE_C);
open(FILE_C, ">$FILE_C") || &error_file_open($FILE_C);
print FILE_C $crazy_data;
close(FILE_C);
if($crazy_error eq "deny") { &error("¿¬¼Ó°Ô½Ã°¡ Çã¿ëµÇÁö ¾Ê½À´Ï´Ù.($acc_ip)"); }
}
#####################################################################
sub crazy_user_save {
if($W_ALLOW_TIME <= 0 ) { return ; }
$FILE_C = "$DB_DIR/.last_info.cgi";
open(FILE_C, ">>$FILE_C") || &error_file_open($FILE_C);
print FILE_C time . "|$acc_ip|\n";
close(FILE_C);
}
#####################################################################
sub icon_display {
local($divi, $no, $on, $tn, $file) = @_;
@tmp = split(/\_/, $tn); $tn_cnt = $#tmp + 1;
if($file) { $ALT_F = ", ÷ºÎÆÄÀÏ($file)ÀÌ ÀÖ½À´Ï´Ù."; $file_img = "f"; }
else { $ALT_F = ""; $file_img = "";}
$ALT_1 = "$no¹ø °Ô½Ã¹° ¹Ù·Îº¸±â$ALT_F";
$ALT_2 = "$no¹ø °Ô½Ã¹° ¹Ù·Îº¸±â$ALT_F";
$ALT_3 = "$on¹øÀÇ °ü·Ã°Ô½Ã¹°ÀÔ´Ï´Ù.";
$ALT_4 = "$tn_cnt°³ÀÇ °ü·Ã°Ô½Ã¹°ÀÌ ÀÖ½À´Ï´Ù.";
$Direct_View = "";
$no =~ /\./ ? ($no_tmp = "") : ($no_tmp = $no);
$dot_cnt = $no =~ s/\./\./g;
if($divi eq "search" ||
$divi eq "art") { $space = ""; }
else { $space = "" x $dot_cnt; }
if($tn) { $space .= ""; }
else { $space .= ""; }
if($on) { $space .= "$Direct_View"; }
else { $space .= "$Direct_View"; }
return $no_tmp, $space;
}
#####################################################################
sub icon {
local($icon) = @_;
return "";
}
#####################################################################
sub check_mail {
local($check_mail) = @_;
if ($check_mail =~ /(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)/ ||
$check_mail !~ /^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,3}|[0-9]{1,3})(\]?)$/)
{ return 0; }
return 1;
}
#####################################################################
sub comma {
local ($comma) = @_;
1 while $comma =~ s/(\d+)(\d{3})/$1,$2/;
return $comma;
}
#####################################################################
sub hangul_cut {
local ($data, $len) = @_;
local $check;
if (length $data > $len) {
$data = substr $data, 0, $len;
chop $data if ($data =~ y/[\xA1-\xFE]//) %2 != 0;
$check = 1; }
return $data, $check;
}
#####################################################################
sub pass_make {
local($pass) = @_;
if($pass) { $make_pass = crypt($pass, $PASS_SALT); }
return $make_pass;
}
#####################################################################
sub pass_check {
local($pass, $in_pass, $divi, $lock) = @_;
# ºñ¹Ð¹øÈ£ ¸®½ºÆ® ÃßÃâ
if($divi =~ "U") { push(@pass_list, $pass); }
if($divi =~ "A") {
foreach $admin_passwd ("./lib/.conf-p.cgi") {
$FILE_PASS = $admin_passwd;
if(-e $admin_passwd) {
open(FILE_PASS, "$FILE_PASS") || &error_file_open($FILE_PASS, $lock);
$pass_tmp = ; chomp $pass_tmp;
push(@pass_list, $pass_tmp);
close(FILE_PASS); }
}
}
# ´ëÁ¶
foreach $pass_tmp (@pass_list) {
if($pass_tmp) {
if(crypt($in_pass, $PASS_SALT) eq $pass_tmp) { return 1; }
}
}
return 0;
}
#####################################################################
sub db_name_info {
$FILE_DB = "$DB_DIR/.db_idx.cgi";
if(!-e "$FILE_DB") {
open(FILE_DB, ">$FILE_DB") || &error_file_open($FILE_DB);
close(FILE_DB); }
open(FILE_DB, "$FILE_DB") || &error_file_open($FILE_DB);
while() {
($db_name_tmp, $db_dir_tmp) = split(/\|/, $_);
push(@db_name, $db_name_tmp);
$db_dir{$db_name_tmp} = $db_dir_tmp;
$db_name{$db_dir_tmp} = $db_name_tmp;
}
close(FILE_DB);
}
#####################################################################
sub cookie_read {
$buffer=$ENV{'HTTP_COOKIE'};
@strings = split(/; /,$buffer);
foreach $strs (@strings) {
local ($name, $value) = split(/=/,$strs);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
$COOKIE{$name} = $value; }
}
#####################################################################
sub cookie_set {
local($name, $value, $expires) = @_;
$expires = scalar localtime(time + (24*60*60) * $expires);
print "Content-type: text/html\n";
print "Set-Cookie: $name=;\n";
print "Set-Cookie: $name=$value;expires=$expires;\n";
}
#####################################################################
sub search_html {
print <<"__HTML__";
__HTML__
}
########°Ô½ÃÆÇ_html ½ÃÀÛÀº 9¹ø°ÁÙ ¹ØÀÇ ºÎÅÍ ¤»¤».#####
sub html_head {
local($title, $html_title) = @_;
print "Content-type: text/html\n\n";
print <<"__HTML__";
$title
__HTML__
print "\n";
$FILE_HEAD = "$DB_DIR/$DB/.conf.head.cgi";
if(!-e $FILE_HEAD) { $FILE_HEAD = "./lib/.conf.head.cgi"; }
open(FILE_HEAD, $FILE_HEAD) || &error_file_open($FILE_HEAD);;
while() { print $_; }
close(FILE_HEAD);
print "\n\n";
print <<"__HTML__";
__HTML__
if($html_title) {
print <<"__HTML__";
$html_title
|
__HTML__
}
print <<"__HTML__";
__HTML__
}
#####################################################################
sub html_tail {
print <<"__HTML__";
|
__HTML__
print "\n";
$FILE_TAIL = "$DB_DIR/$DB/.conf.tail.cgi";
if(!-e $FILE_TAIL) { $FILE_TAIL = "./lib/.conf.tail.cgi"; }
open(FILE_TAIL, $FILE_TAIL) || &error_file_open($FILE_TAIL);
while() { print $_; }
close(FILE_TAIL);
print "\n\n";
print <<"__HTML__";
__HTML__
exit;
}
#####################################################################
sub error_file_open {
local($FILE, $lock) = @_;
if($lock) {
(&unlock ($lock) eq "OK") || &error_lock("UNLOCK ERROR", $er_msg); }
die print "Content-type: text/html\n\n
Error !
FILE OPEN ERROR. (FILE NAME : $FILE)
";
}
#####################################################################
sub error_not_db {
&error("°Ô½ÃÆÇÁ¤º¸°¡ Á¸ÀçÇÏÁö ¾Ê½À´Ï´Ù.($DB)");
}
#####################################################################
sub error_not_art {
&error("°Ô½Ã¹°ÀÌ »èÁ¦µÇ¾ú°Å³ª À߸øµÈ ¹øÈ£ÀÔ´Ï´Ù.");
}
#####################################################################
sub error {
local ($msg) = @_;
&html_head($B_TITLE, "ÀÔ·Â(ó¸®) ¿À·ù");
print <<"__HTML__";
__HTML__
print "
\n";
$icon_img = &icon("home");
print "$icon_img\n";
$icon_img = &icon("back");
print "$icon_img\n";
&html_tail;
}
#####################################################################
sub init {
my $buffer;
if ($ENV{'REQUEST_METHOD'} eq "POST") {
binmode STDIN;
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
}
else { $buffer = $ENV{'QUERY_STRING'}; }
my ($name, $value);
if ($buffer !~ /\n/) {
for (split /&/, $buffer) {
($name, $value) = split /=/;
$name =~ y/+/ /; $name =~ s/%(..)/chr hex $1/ge;
$value =~ y/+/ /; $value =~ s/%(..)/chr hex $1/ge;
$Field{$name} = $value;
}
}
else { # ÆÄÀÏ ¾÷·Îµå
my ($name, $value);
my ($border) = ($buffer =~ /^(.+?)\r?\n/);
$buffer =~ s/${border}--$//;
my $bad_char = '`~!@#%^&*()|,<>?;:\'"[]{}';
for (split /$border/, $buffer) {
next if $_ eq '';
s/^\r?\n//;
if (/name="file(\d)?"; filename="(.+?)"/i) {
next if $2 eq '';
my ($FILE_NAME) = $2 =~ m{([^\\^/]+)$};
$FILE_NAME =~ s/[$bad_char]//g;
$FILES{'file'}->{name} = $FILE_NAME;
s/^.+?\r?\n\r?\n//s;
s/\r?\n$//s;
if($_ eq '') {
$FILES{'file'}->{name} = '';
next; }
$FILES{'file'}->{data} = $_;
} else {
s/^.+?name\=\"(\S+?)\"\r?\n\r?\n(.+?)\r?\n$//s;
($name = $1) =~ tr/\r//d;
($value = $2) =~ tr/\r//d;
$Field{$name} = $value;
}
}
}
}
#####################################################################