###############################################################################
# Greymatter 1.7.2
# Copyright (c)2000-2007, The Greymatter team
# http://greymatterforum.proboards82.com/
# By possessing this software, you agree not to hold the author responsible for
# any problems that may arise from your installation or usage of Greymatter
# itself, or from any content generated by yourself or others through the use of
# this program. You may freely modify and redistribute this program, so
# long as every copyright notice (including in this manual and in the Greymatter
# code) remains fully intact. Finally, you may not sell or in any way
# make a financial profit from this program, either in original or modified form.
# Your possession of this software signifies that you agree to these terms;
# please delete your copy of this software if you don't agree to these terms.
# Original Creators Noah Grey
###############################################################################
use lib 'libs';
use Gm_Constants;
use Gm_Utils qw( println );
use Gm_Web;
use Gm_Storage;
# PF
use Gm_Trace;
### GLOBAL VARS
my $newTemplates = (); # init to empty
my $newConfigs = (); # init to empty
$cookiename = "gm_password";
# -----------------
# program variables
# -----------------
# NOTE that the version is MAJOR NUMBER.YEAR.NO_OF_REL_THAT_YEAR
# e.g. a major refactoring is done in 2007 the release would be 2.7.1
# later that year a security fix comes out so release would be 2.7.2
$gmversion = Gm_Constants::GM_VERSION;
$gmfonttag = qq();
## Todo, make this seperate file, doesn't need to be in code to change
$gmadmincss = qq#
#;
$gmheadtag = qq#
Greymatter
$gmadmincss
#;
$gmheadtagtwo .= qq#
function gmshortcutkeys() {
if ((parseInt(navigator.appVersion) >= 4) && (navigator.appName == "Microsoft Internet Explorer")) {
if (event.ctrlKey != true) return;
gmselection = document.selection.createRange().text;
if (window.event.keyCode == 1) {
gminsertlink = prompt("What do you want to link to?", "http://")
if (gminsertlink == null) return;
document.selection.createRange().text = '' + gmselection + '';
return;
}
if (window.event.keyCode == 2) {
document.selection.createRange().text = '' + gmselection + '';
return;
}
if (window.event.keyCode == 9) {
document.selection.createRange().text = '' + gmselection + '';
return;
}
if (window.event.keyCode == 21) {
document.selection.createRange().text = '' + gmselection + '';
return;
}
}
}
//-->
#;
$gmframetop = qq(
"; }
$countfromhere++;
} until $countfromhere > $maxdaysinthismonth;
$endofcaldisplay = 6 - $calendardataday[$maxdaysinthismonth];
$calendarfull .= "$gmcalendarblankcelltemplate" x $endofcaldisplay;
$calendarfull .= $gmcalendartableendingtemplate;
$calendarfull =~ s/{{month}}/$usethisentrymonth/g;
$calendarfull =~ s/{{monthmonth}}/$usethisentrymonthmonth/g;
$calendarfull =~ s/{{year}}/$usethisentryyear/g;
$calendarfull =~ s/{{yearyear}}/$usethisentryyearyear/g;
$calendarfull =~ s/{{monthword}}/$usethisentrymonthword/g;
$calendarfull =~ s/{{monthwordupper}}/$usethisentrymonthwordupper/g;
$calendarfull =~ s/{{monthwordlower}}/$usethisentrymonthwordlower/g;
$calendarfull =~ s/{{monthwordshort}}/$usethisentrymonthwordshort/g;
$calendarfull =~ s/{{monthworduppershort}}/$usethisentrymonthworduppershort/g;
$calendarfull =~ s/{{monthwordlowershort}}/$usethisentrymonthwordlowershort/g;
}
# -----------------
# log the author in
# -----------------
sub gm_login {
## TODO PERHAPS THIS SHOULD USE CUSTOM ERRORHANDLER TO GIVE USER OPTION TO FIX FILES?
## DIAGNOSITICS CHMODS, BUT COULD GET TO IT IF IT DIDN'T ALREADY WORK, REALLY NEED
## TO RESTRICT DIAGNOSITIC ACCESS?
Gm_Storage::validateResources( errHandler=>\&Gm_Web::displayAdminErrorExit );
if ($loginnotice eq Gm_Constants::EMPTY) { $loginnotice = qq(Login Prompt
); }
&gm_readconfig;
if ($cookiesallowed eq Gm_Constants::NO) {
$getnameandpwcookie = Gm_Constants::EMPTY;
} else {
$getnameandpwcookie = "";
}
## TODO HEADER SHOULD BE PRINT OUT HERE, SO THAT WE DON'T HAVE FUNKY LOOKING ERROR MESSAGE
## TODO THIS SHOULD UTILIZE A PRINT_ADMIN_SCREEN TYPE FUNCTION
print<
$gmfonttag Author:
$gmfonttag
$gmfonttag Password:
$gmfonttag
$getnameandpwcookie
$gmframebottom
GMLOGIN
exit;
}
# ------------------
# validate the login
# ------------------
sub gm_validate {
&gm_readconfig; ## TODO COORDINATE SO ONLY DONE ONCE PER CALL
&gm_bancheck; ## works off of some configs
$gmvalidated = Gm_Constants::NO;
$gmentryaccess = Gm_Constants::NO;
$gmentryeditaccess = Gm_Constants::NO;
$gmconfigurationaccess = Gm_Constants::NO;
$gmtemplateaccess = Gm_Constants::NO;
$gmauthoraccess = Gm_Constants::NO;
$gmcplogaccess = Gm_Constants::NO;
$gmrebuildaccess = Gm_Constants::NO;
$gmbookmarkletaccess = Gm_Constants::NO;
$gmuploadaccess = Gm_Constants::NO;
$gmloginaccess = Gm_Constants::NO;
$IN{'authorname'} =~ s/\|//g;
$IN{'authorpassword'} =~ s/\|//g;
$IN{'authorname'} =~ s/^\s+//;
$IN{'authorname'} =~ s/\s+$//;
$IN{'authorpassword'} =~ s/^\s+//;
$IN{'authorpassword'} =~ s/\s+$//;
########################################################################
## gm_validate extension to allow a rebuild operation without a password
## by passing a token reference instead. added by linear 9/3/2003
########################################################################
# merged in 1.3
if (($IN{'authorname'} eq Gm_Constants::EMPTY) || ($IN{'authorpassword'} eq Gm_Constants::EMPTY)) {
unless($IN{'gmtoken'}) {
$loginnotice = qq(You left one or more of the fields blank. Please try again.
);
gm_writetocplog("Invalid login attempt: One or more fields left blank ($IN{'authorname'} $IN{'authorpassword'})");
&gm_login;
}
}
if ($IN{'gmtoken'} && $IN{'rebuilding'}) {
# read the token from the file where we persisted it
open (TOKENPLEASE, "<$EntriesPath/gm-token.cgi") || &gm_dangermouse("Can't read the token file.");
@gmtoken = ;
$gmtoken = $gmtoken[0];
chomp ($gmtoken);
$gmtokenauthor = $gmtoken[1];
chomp ($gmtokenauthor);
$gmtokenpass = $gmtoken[2];
chomp ($gmtokenpass);
close (TOKENPLEASE);
# examine the token for validity
if ($IN{'gmtoken'} eq $gmtoken) {
$IN{'authorname'} = $gmtokenauthor;
$IN{'authorpassword'} = $gmtokenpass;
}
}
my $gmauthors = Gm_Storage::getAuthors( errHandler=>\&Gm_Web::displayAdminErrorExit );
my $selectedauthor = $gmauthors->{$IN{'authorname'}};
if ($selectedauthor->{'author'} eq $IN{'authorname'}) {
$gmvalidated = "foundname";
## WTF THIS LINE IS SERIOUSLY MESSED. THE STORED PASSWORD IS BEING PASSED AS SALT
my $crypted = crypt($IN{'authorpassword'}, $selectedauthor->{'password'});
if ( ($selectedauthor->{'password'} eq $crypted) ||
($selectedauthor->{'password'} eq $IN{'authorpassword'}) ) {
$gmvalidated = Gm_Constants::YES;
if ($selectedauthor->{'postnew'} eq 'Y') { $gmentryaccess = Gm_Constants::YES; }
if ($selectedauthor->{'editentries'} eq 'Y') { $gmentryeditaccess = Gm_Constants::YES; }
if ($selectedauthor->{'editentries'} eq 'O') { $gmentryeditaccess = "mineonly"; }
if ($selectedauthor->{'editconfigs'} eq 'Y') { $gmconfigurationaccess = Gm_Constants::YES; }
if ($selectedauthor->{'edittemplates'} eq 'Y') { $gmtemplateaccess = Gm_Constants::YES; }
if ($selectedauthor->{'edittemplates'} eq 'O') { $gmtemplateaccess = "hfsonly"; }
if ($selectedauthor->{'editauthors'} eq 'Y') { $gmauthoraccess = Gm_Constants::YES; }
if ($selectedauthor->{'rebuild'} eq 'Y') { $gmrebuildaccess = Gm_Constants::YES; }
if ($selectedauthor->{'viewcplog'} eq 'Y') { $gmcplogaccess = Gm_Constants::YES; }
if ($selectedauthor->{'bookmarklets'} eq 'Y') { $gmbookmarkletaccess = Gm_Constants::YES; }
if ($selectedauthor->{'upload'} eq 'Y') { $gmuploadaccess = Gm_Constants::YES; }
if ($selectedauthor->{'viewadmin'} eq 'Y') { $gmloginaccess = Gm_Constants::YES; }
}
}
if ($gmvalidated eq "foundname") {
$loginnotice = qq(The password you entered for that author is incorrect. Please try again.
);
gm_writetocplog("Invalid login attempt: Incorrect password ($IN{'authorpassword'}) for $IN{'authorname'}");
&gm_login;
}
if ($gmvalidated ne Gm_Constants::YES) {
$loginnotice = qq(No such author is registered. Please try again.
);
gm_writetocplog("Invalid login attempt: No such author as $IN{'authorname'} ($IN{'authorpassword'}) registered");
&gm_login;
}
}
# --------------------------
# check if this IP is banned
# --------------------------
# TODO MOVE THIS TO CORE
sub gm_bancheck {
my $gmbanlist = Gm_Storage::getBanlist( errHandler=>\&Gm_Web::displayAdminErrorExit );
$currentip = $ENV{'REMOTE_ADDR'};
if ( scalar( keys(%$gmbanlist)) > 0 ) {
foreach my $gmbanlistline ( keys(%$gmbanlist)) {
($checkthisip, $checkthisiphost, $checkthisperson) =
($gmbanlist->{$gmbanlistline}{'ip'}, $gmbanlist->{$gmbanlistline}{'host'},
$gmbanlist->{$gmbanlistline}{'label'} );
if (($currentip =~ m/$checkthisip/) && ($checkthisip ne Gm_Constants::EMPTY)) {
#cp log will check if should actually log
my $cpMsg = "A banned IP ($checkthisip";
if ($checkthisperson ne Gm_Constants::EMPTY) {
$cpMsg .= ", \"$checkthisperson\"";
}
$cpMsg .= ") attempted to access this program";
gm_writetocplog( $cpMsg );
## Tell them why
&gm_dangermouse("You have been banned from accessing this program. (IP: $currentip)");
}
}
}
}
# ---------------
# write to cp log
# ---------------
## Write to Control Panel Log
# shorthand to write to the control panel log
# ARGS1 = message to write to control panel
# DEPRECATED: Gm_Core::writeToCplog()
sub gm_writetocplog {
my $writetologtext = shift;
if ($keeplog eq Gm_Constants::YES) {
my ($gmdate) = Gm_Utils::getStdDate( $serveroffset );
if( Gm_Utils::hackWebTest( $writetologtext ) ){
$writetologtext = '[Aborted log - Hack Attempt] by '.$ENV{'REMOTE_ADDR'};
}
Gm_Storage::addLogMessage( msg=>"[$gmdate] [$authorIP]".
" $writetologtext",
errHandler=>\&Gm_Web::displayAdminErrorExit );
}
}
# -----------------------------
# danger will robinson, danger!
# -----------------------------
### DEPRICATED, USE Gm_Web::displayAdminErrorExit INSTEAD
sub gm_dangermouse {
my $dangerwarning = shift(@_);
Gm_Web::displayAdminErrorExit( $dangerwarning );
}
1;
# ------------------------
# front page - log options
# ------------------------
sub gm_frontpage {
&gm_readconfig;
if (($cgilocalpath eq Gm_Constants::EMPTY) || ($cgiwebpath eq Gm_Constants::EMPTY) || ($LogPath eq Gm_Constants::EMPTY) || ($EntriesPath eq Gm_Constants::EMPTY) || ($LogWebPath eq Gm_Constants::EMPTY) || ($EntriesWebPath eq Gm_Constants::EMPTY)) {
if (($cgilocalpath eq Gm_Constants::EMPTY) && ($LogPath ne Gm_Constants::EMPTY)) { $cgilocalpath = $LogPath; }
if (($cgiwebpath eq Gm_Constants::EMPTY) && ($LogWebPath ne Gm_Constants::EMPTY)) { $cgiwebpath = $LogWebPath; }
if ($cgilocalpath eq Gm_Constants::EMPTY) {
if ($ENV{'SCRIPT_FILENAME'}) { $cgilocalpath = $ENV{'SCRIPT_FILENAME'}; }
elsif ($ENV{'PATH_TRANSLATED'}) {
$cgilocalpath = $ENV{'PATH_TRANSLATED'};
$cgilocalpath =~ s/\\/\//g;
}
@cgilocalpathtemp = split(/\//, $cgilocalpath);
pop(@cgilocalpathtemp);
$cgilocalpath = join("\/", @cgilocalpathtemp);
# added 1.3.1 - 1/20/05 flipped cracker
$loglocalpath = $cgilocalpath;
$loglocalpath =~ s/\/cgi-bin//g;
# end additions
}
@cgipath = split(/\//, $cgilocalpath);
$cgiwebpathextension = pop(@cgipath);
# added 1.3.1 - 1/20/05 flipped cracker
@logpath = split(/\//, $loglocalpath);
$logwebpathextension = pop(@logpath);
if ($logwebpathextension eq "public_html") { $logwebpathextensionnew = Gm_Constants::EMPTY; }
else {
$logwebpathextensionnew = "/";
$logwebpathextensionnew .= $logwebpathextension;
}
# end additions
if ($cgiwebpath eq Gm_Constants::EMPTY) { $cgiwebpath = "http://$ENV{'HTTP_HOST'}/$cgiwebpathextension"; }
if ($LogPath eq Gm_Constants::EMPTY) { $LogPath = $loglocalpath; }
if ($EntriesPath eq Gm_Constants::EMPTY) { $EntriesPath = ("$loglocalpath" . "/archives"); }
if ($LogWebPath eq Gm_Constants::EMPTY) { $LogWebPath = "http://$ENV{'HTTP_HOST'}$logwebpathextensionnew"; }
if ($EntriesWebPath eq Gm_Constants::EMPTY) { $EntriesWebPath = "http://$ENV{'HTTP_HOST'}$logwebpathextensionnew/archives"; }
&gm_writeconfig;
}
&gm_validate;
if ($gmloginaccess ne Gm_Constants::YES) {
gm_writetocplog("$IN{'authorname'} attempted to log in without authorization");
$loginnotice = qq(You don't have access to log in.
);
&gm_login;
}
if ($statusnote eq Gm_Constants::EMPTY) { $statusnote = qq(Main Menu
); }
if (($IN{'authorname'} eq "Alice") && ($IN{'authorpassword'} eq "wonderland")) {
$setnameandpwcookie = Gm_Constants::EMPTY;
} else {
$setnameandpwcookie = "";
}
if ($cookiesallowed eq Gm_Constants::NO) {
$setnameandpwcookie = Gm_Constants::EMPTY;
}
$visityoursitelink = Gm_Constants::EMPTY;
## TODO GET RID OF THIS! NO OPEN FILE HANDLES AND CALL OTHER, ITS JUST CHECKING THE FILE
# THIS SHOULD BE LINK THAT LOOKS LIKE BUTTON, SEE MULTIEDIT
unless (!(open(CHECKMATE,"<$LogPath/$indexfilename"))) {
&gm_readcounter;
unless ($newentrynumber eq "0") {
$indexfilenamesmartcheck = "/$indexfilename";
$indexfilenameprefix = substr($indexfilename, 0, 6);
if ($indexfilenameprefix eq "index.") { $indexfilenamesmartcheck = "/"; }
$visityoursitelink = qq(
);
}
}
close(CHECKMATE);
print<
$gmfonttag Post a new entry to your weblog/journal.
$gmfonttag Your site's settings and options.
$gmfonttag Edit entries and edit/delete comments.
$gmfonttag Change your site's layout and appearance.
$gmfonttag Edit or add authors to post to your site.
$gmfonttag Regenerate part or all of your site.
$gmfonttag A record of how your site's been used.
$gmfonttag Post entries with one click (IE 5+ only).
$gmfonttag Upload images or other files to your site.