bbs problem

[Robin]

what I'm trying to do is get this bbs.cgi to work better. So when someone
types in spaces as their name it will work to reply to them and on the
"Reply to..." screen will actually stop showing the %A or whatever it is,
what is that btw? Any help would be great.

#!/usr/bin/perl

#bbs v.1.1.4

#Copyright Robin - (e-mail address removed)

require ('lib.cgi');
&data_cgivars;
$" = "";
$, = "";

&begin;
if ($PARAMS{'action'} eq "reply" && $PARAMS{'name'} ne "" && $PARAMS{'name'}
ne "post")
{ &reply; exit; }
if ($PARAMS{'action'} eq "replied")
{ &reply; &post (1); }
&post;

sub begin
{
mkdir ("BBSFILES/", 0755) if (! -e "BBSFILES/");
}

sub post
{
my ($action) = @_;
if ($action)
{
&mainoutput ("Your reply has been posted");
exit;
}

if ($FORM{'submit'})
{
if ($FORM{'name'} && $FORM{'email'} && $FORM{'post'} && $FORM{'name1'} !~
/\./ && $FORM{'name'} !~ /<.*>/ && $FORM{'email'} !~ /<.*>/ && $FORM{'post'}
!~ /<.*>/ && $FORM{'name'} !~ /^\s*$/ && $FORM{'email'} !~ /^\s*$/ &&
$FORM{'post'} !~ /^\s*$/)
{
if (-e "BBSFILES/$FORM{'name'}.post")
{
&mainoutput ("Name already in use.");
exit;
}
open (DBASE, ">>dbase.txt");
print DBASE ("$FORM{'name'}\n");
close (DBASE);
open (POSTFILE, ">>BBSFILES/$FORM{'name'}.post");
print POSTFILE ("Name - $FORM{'name'}<br>Email - $FORM{'email'}<br>Post -
<br>$FORM{'post'}<br>[ <a
href=\"$0?action=reply&name=$FORM{'name'}\">Reply</a> ]<br><br>\n");
close (POSTFILE);
&mainoutput ("Your post has been posted");
}
else
{
&mainoutput ("Error! You did not fill out all of the fields or you used
HTML tags which are invalid for this system or you used a period on your
name field which is also invalid. Please try again.");
}
}
elsif (! $FORM{'submit'})
{
&mainoutput ("Welcome to the BBS");
}

}

sub reply
{
if ($FORM{'submit1'})
{
if ($FORM{'name1'} && $FORM{'email1'} && $FORM{'post1'} && $FORM{'name1'}
!~ /\./ && $FORM{'name1'} !~ /<.*>/ && $FORM{'email1'} !~ /<.*>/ &&
$FORM{'post1'} !~ /<.*>/ && $FORM{'name1'} !~ /^\s*$/ && $FORM{'email1'} !~
/^\s*$/ && $FORM{'post1'} !~ /^\s*$/)
{
if (-e "BBSFILES/$FORM{'name1'}.$PARAMS{'name'}")
{
print ("Content-type:text/html\n\n");
print ("Name already in use.");
exit;
}
open (POSTFILE, ">>BBSFILES/$FORM{'name1'}.$PARAMS{'name'}");
print POSTFILE ("<BLOCKQUOTE>Name - $FORM{'name1'}<br>Email -
$FORM{'email1'}<br>Post - <br>$FORM{'post1'}<br></BLOCKQUOTE>\n");
close (POSTFILE);
}
else
{
print ("Content-type:text/html\n\n");
print ("Error! You did not fill out all of the fields or you used HTML
tags which are invalid for this system or you used a period on your name
field which is also invalid. Please try again.");
exit;
}
}
else
{
&replyoutput ("Reply to $PARAMS{'name'}");
exit;
}

sub replyoutput
{
my ($replyoutput) = @_;
print ("Content-type:text/html\n\n");
print <<END;
<html><body>
<b>BBS</b> - $replyoutput
<form name="form2" method="post"
action="$0?action=replied&name=$PARAMS{'name'}">
<p>Name:
<br>
<input name="name1" type="text" id="name">
</p>
<p>Email:
<br>
<input name="email1" type="text" id="email">
</p>
<p>Your Post:</p>
<p>
<textarea name="post1" cols="30" rows="6" id="post"></textarea>
</p>
<input name="submit1" type="submit" id="submit" value="Submit">
<input type="reset" name="Submit2" value="Reset">
</form>
<hr>
</body></html>
END
}
}

sub mainoutput
{
my ($output) = @_;
print ("Content-type:text/html\n\n");
print <<END;
<html><body>
<b>BBS</b> - $output
<form name="form1" method="post" action="bbs.cgi">
<p>Name:
<br>
<input name="name" type="text" id="name">
</p>
<p>Email:
<br>
<input name="email" type="text" id="email">
</p>
<p>Your Post:</p>
<p>
<textarea name="post" cols="30" rows="6" id="post"></textarea>
</p>
<p>
<input name="submit" type="submit" id="submit" value="Submit">
<input type="reset" name="Submit2" value="Reset">
</p>
</form>
<p><hr></p>
<b>Current Posts - Most recent are on bottom:</b><br><br>
END
opendir (BBSFILES, "BBSFILES/");
@files = readdir (BBSFILES);
closedir (BBSFILES);
chomp (@files);
foreach $tmp (@files)
{
if ($tmp ne "." && $tmp ne "..")
{
open (FILE, "BBSFILES/$tmp") || die "can't open file $!.";
@file = <FILE>;
close (FILE);
@file2 = split (/\./, $tmp);
#print @file2;
if ($file2[1] eq "post")
{
opendir (BBSFILES, "BBSFILES/");
@files1 = readdir (BBSFILES);
closedir (BBSFILES);
chomp (@files1);
print (@file);
print ("<b>Replies:</b><BR><br>");
foreach $tmp2 (@files1)
{
open (FILE, "BBSFILES/$tmp2") || die "can't open file $!.";
@secfile = <FILE>;
close (FILE);
@secfilesecs = split (/\./, $tmp2);
#print @secfilesecs;
if ($secfilesecs[1] eq $file2[0])
{
print (@secfile);
}
else
{
next;
}
}
}
else
{
next;
}
}
}
print ("</body></html>");
}

 

[Robin]

%A's meaning the representation of spaces when it transferes through http -
I still dunno what those are. ASCII chars?

Peace,
RObin

 

[A. Sinan Unur]

what I'm trying to do is get this bbs.cgi to work better. So when
someone types in spaces as their name it will work to reply to them
and on the "Reply to..." screen will actually stop showing the %A or
whatever it is, what is that btw? Any help would be great.

#!/usr/bin/perl

#bbs v.1.1.4

#Copyright Robin - (e-mail address removed)

Copyright is a legal concept with which you are not familiar I am afraid.

require ('lib.cgi');
&data_cgivars;
$" = "";
$, = "";

This is obviously not your code. You have just started learning Perl, yet
your code looks the same as a variety of other junk that has been out
there for 10 years.

#! /usr/bin/perl -T

use warnings;
use strict;

use CGI;
my $q = CGI->new();

$CGI:OST_MAX=1024 * 100; # max 100K posts
$CGI:ISABLE_UPLOADS = 1; # no uploads

Take it from here ...

Sinan.

 

[Robin]

require ('lib.cgi');

This is obviously not your code. You have just started learning Perl, yet
your code looks the same as a variety of other junk that has been out
there for 10 years.

Actually it is my code...

use warnings;
use strict;

use CGI;
my $q = CGI->new();

$CGI:OST_MAX=1024 * 100; # max 100K posts
$CGI:ISABLE_UPLOADS = 1; # no uploads

Take it from here ...

How would I do this without using cgi?

Thanks,
-Robin

 

[Robin]

Also, how would I do this w/ out using CGI.pm

Peace,
-Robin

 

[Tony Curtis]

Also, how would I do this w/ out using CGI.pm

Why would you want to hamstring yourself like that?

It's the right solution.

 

[Gunnar Hjalmarsson]

use CGI;
my $q = CGI->new();

$CGI:OST_MAX=1024 * 100; # max 100K posts
$CGI:ISABLE_UPLOADS = 1; # no uploads

Aren't those variables supposed to be set before the CGI object is
created?

 

[John J. Trammell]

what I'm trying to do is get this bbs.cgi to work better. So when someone
types in spaces as their name it will work to reply to them and on the
"Reply to..." screen will actually stop showing the %A or whatever it is,
what is that btw? Any help would be great.

#!/usr/bin/perl

use strict;
use warnings;

 

[Tad McClellan]

How would I do this without using cgi?

Why do you think that you want to do it without using CGI.pm?

 

[A. Sinan Unur]

Aren't those variables supposed to be set before the CGI object is
created?

Yes. Thank you very much for the correction.

Sinan.

 

[Rocco Caputo]

Also, how would I do this w/ out using CGI.pm

You would write your own CGI.pm equivalent from scratch.

The existing module is the robust and complete result of several years
of effort from many different people. As I see it, you have two means
to achieve the same level of quality in your own version:

1. Start reading CGI specifications and writing code.
You've got a lot of catching up to do.

2.

package Robin::CGI;

use base qw(CGI);

1;

 

[Robin]

Here's what it looks like now, why isn't it printing it to the files...?

Thanks,
-Robin

#!/usr/bin/perl

#bbs v.1.1.4

$CGI:OST_MAX=1024 * 100; # max 100K posts
$CGI:ISABLE_UPLOADS = 1; # no uploads
use CGI qwstandard);
require ('lib.cgi');
&data_cgivars;
$" = "";
$, = "";

&begin;
if ($PARAMS{'action'} eq "reply" && $PARAMS{'name'} ne "" && $PARAMS{'name'}
ne "post")
{ &reply; exit; }
if ($PARAMS{'action'} eq "replied")
{ &reply; &post (1); }
&post;

sub begin
{
mkdir ("BBSFILES/", 0755) if (! -e "BBSFILES/");
}

sub post
{
my ($action) = @_;
if ($action)
{
&mainoutput ("Your reply has been posted");
exit;
}

if (param('submit'))
{
if (param('name') && param('email') && param('post') && param('name1') !~
/\./ && param('name') !~ /<.*>/ && param('email') !~ /<.*>/ && param('post')
!~ /<.*>/ && param('name') !~ /^\s*$/ && param('email') !~ /^\s*$/ &&
param('post') !~ /^\s*$/)
{
if (-e "BBSFILES/" . param('name') . ".post")
{
&mainoutput ("Name already in use.");
exit;
}
#open (DBASE, ">>dbase.txt");
#print DBASE ("param{'name'}\n");
#close (DBASE);
open (POSTFILE, ">>BBSFILES/" . param('name') . ".post");
print POSTFILE ("Name - ", param('name') ,"<br>Email -
",param('email'),"<br>Post - <br>", param('post') ,"<br>[ <a
href=\"$0?action=reply&name=", param('name'),"\">Reply</a> ]<br><br>\n");
close (POSTFILE);
&mainoutput ("Your post has been posted");
}
else
{
&mainoutput ("Error! You did not fill out all of the fields or you used
HTML tags which are invalid for this system or you used a period on your
name field which is also invalid. Please try again.");
}
}
elsif (! param('submit'))
{
&mainoutput ("Welcome to the BBS");
}

}

sub reply
{
if (param('submit1'))
{
if (param('name1') && param('email1') && param('post1') && param('name1')
!~ /\./ && param('name1') !~ /<.*>/ && param('email1') !~ /<.*>/ &&
param('post1') !~ /<.*>/ && param('name1') !~ /^\s*$/ && param('email1') !~
/^\s*$/ && param('post1') !~ /^\s*$/)
{
if (-e "BBSFILES/" . param('name1') . ".$PARAMS{'name'}")
{
print ("Content-type:text/html\n\n");
print ("Name already in use.");
exit;
}
open (POSTFILE, ">>BBSFILES/" . param('name1') . ".$PARAMS{'name'}");
print POSTFILE ("<BLOCKQUOTE>Name - ", param('name1'), "<br>Email - ",
param('email1'), "<br>Post - <br>", param('post1'), "<br></BLOCKQUOTE>\n");
close (POSTFILE);
}
else
{
print ("Content-type:text/html\n\n");
print ("Error! You did not fill out all of the fields or you used HTML
tags which are invalid for this system or you used a period on your name
field which is also invalid. Please try again.");
exit;
}
}
else
{
&replyoutput ("Reply to $PARAMS{'name'}");
exit;
}

sub replyoutput
{
my ($replyoutput) = @_;
print ("Content-type:text/html\n\n");
print <<END;
<html><body>
<b>BBS</b> - $replyoutput
<form name="form2" method="post"
action="$0?action=replied&name=$PARAMS{'name'}">
<p>Name:
<br>
<input name="name1" type="text" id="name">
</p>
<p>Email:
<br>
<input name="email1" type="text" id="email">
</p>
<p>Your Post:</p>
<p>
<textarea name="post1" cols="30" rows="6" id="post"></textarea>
</p>
<input name="submit1" type="submit" id="submit" value="Submit">
<input type="reset" name="Submit2" value="Reset">
</form>
<hr>
</body></html>
END
}
}

sub mainoutput
{
my ($output) = @_;
print ("Content-type:text/html\n\n");
print <<END;
<html><body>
<b>BBS</b> - $output
<form name="form1" method="post" action="bbs.cgi">
<p>Name:
<br>
<input name="name" type="text" id="name">
</p>
<p>Email:
<br>
<input name="email" type="text" id="email">
</p>
<p>Your Post:</p>
<p>
<textarea name="post" cols="30" rows="6" id="post"></textarea>
</p>
<p>
<input name="submit" type="submit" id="submit" value="Submit">
<input type="reset" name="Submit2" value="Reset">
</p>
</form>
<p><hr></p>
<b>Current Posts - Most recent are on bottom:</b><br><br>
END
opendir (BBSFILES, "BBSFILES/");
@files = readdir (BBSFILES);
closedir (BBSFILES);
chomp (@files);
foreach $tmp (@files)
{
if ($tmp ne "." && $tmp ne "..")
{
open (FILE, "BBSFILES/$tmp") || die "can't open file $!.";
@file = <FILE>;
close (FILE);
@file2 = split (/\./, $tmp);
#print @file2;
if ($file2[1] eq "post")
{
opendir (BBSFILES, "BBSFILES/");
@files1 = readdir (BBSFILES);
closedir (BBSFILES);
chomp (@files1);
print (@file);
print ("<b>Replies:</b><BR><br>");
foreach $tmp2 (@files1)
{
open (FILE, "BBSFILES/$tmp2") || die "can't open file $!.";
@secfile = <FILE>;
close (FILE);
@secfilesecs = split (/\./, $tmp2);
#print @secfilesecs;
if ($secfilesecs[1] eq $file2[0])
{
print (@secfile);
}
else
{
next;
}
}
}
else
{
next;
}
}
}
print ("</body></html>");
}

 

[Gunnar Hjalmarsson]

$CGI:OST_MAX=1024 * 100; # max 100K posts
$CGI:ISABLE_UPLOADS = 1; # no uploads
use CGI qwstandard);
require ('lib.cgi');
&data_cgivars;

Why don't you just drop this programming thing and start collecting
stamps or something instead.

 

[Robin]

Why don't you just drop this programming thing and start collecting

stamps or something instead.

ooh, stamps... haha, so do u know why it's not printing to the files?
-Robin

 

[Walter Roberson]

:what I'm trying to do is get this bbs.cgi to work better.

:&begin;

Is there something restricting you to Perl4? Your style is archaic,
and if that is because of an external constraint then we need to
know that before we recommend code changes.

 

[Gunnar Hjalmarsson]

ooh, stamps... haha, so do u know why it's not printing to the
files?

No, but I suppose there are quite a few reasons. The script should
better be completely rewritten, and I have no interest in doing that.

 

[Walter Roberson]

:Here's what it looks like now, why isn't it printing it to the files...?

:if ($PARAMS{'action'} eq "reply" && $PARAMS{'name'} ne "" && $PARAMS{'name'}

: if (param('submit'))

Where is param() defined, and why do you sometimes use param() and
sometimes use $PARAMS{} ?

: open (POSTFILE, ">>BBSFILES/" . param('name') . ".post");

You never test to see if your opens are successful. Could be for
any of a number of reasons.

 

[Matt Garrish]

%A's meaning the representation of spaces when it transferes through http -
I still dunno what those are. ASCII chars?

Yes, you dolt, both % and A are in the ascii character set...

Matt

 

[Walter Roberson]

:%A's meaning the representation of spaces when it transferes through http -
:I still dunno what those are. ASCII chars?

Ah, I think I understand. It's probably not %A, it is probably %0A
which is the encoded representation of linefeed... used by many
systems to indicate newline. Is the appropriate layer doing a
chomp() on the input lines?

 

[Walter Roberson]

:what I'm trying to do is get this bbs.cgi to work better.

I do not see at the moment how you are protecting against the
possibility that someone might deliberately include html in their
posting. You seem to take in whatever the user sent, and output it
directly. So if someone puts in <blink>Hi, mom!</blink> then you'd
output exactly that and the browsers are going to react to it.
Even if it's javascript or if the user included </form> and
started a new <form> and so on.

: if ($FORM{'name'} && $FORM{'email'} && $FORM{'post'} && $FORM{'name1'} !~
:/\./ && $FORM{'name'} !~ /<.*>/ && $FORM{'email'} !~ /<.*>/ && $FORM{'post'}
:!~ /<.*>/ && $FORM{'name'} !~ /^\s*$/ && $FORM{'email'} !~ /^\s*$/ &&
:$FORM{'post'} !~ /^\s*$/)

I see there that you do match $FORM{'post'} against /<.*>/ but
that is not going to work if the string has embeded newlines.
You would need /<.*>/s for that case. (The s modifier is not
available in perl4 though.)

Are the contents already encoded, newlines represented as %0A or
something like that? If so then are the < and > characters being
encoded as well? If they are then those pattern matches are
going to be redundant. And if they are, your matches on the name
fields before constructing the storage file name are going to
be missing some cases too.