bbs problem

Discussion in 'Perl Misc' started by Robin, Jan 20, 2004.

  1. Robin

    Robin Guest

    what I'm trying to do is get this bbs.cgi to work better. So when someone
    types in spaces as their name it will work to reply to them and on the
    "Reply to..." screen will actually stop showing the %A or whatever it is,
    what is that btw? Any help would be great.

    #!/usr/bin/perl

    #bbs v.1.1.4

    #Copyright Robin -

    require ('lib.cgi');
    &data_cgivars;
    $" = "";
    $, = "";

    &begin;
    if ($PARAMS{'action'} eq "reply" && $PARAMS{'name'} ne "" && $PARAMS{'name'}
    ne "post")
    { &reply; exit; }
    if ($PARAMS{'action'} eq "replied")
    { &reply; &post (1); }
    &post;

    sub begin
    {
    mkdir ("BBSFILES/", 0755) if (! -e "BBSFILES/");
    }

    sub post
    {
    my ($action) = @_;
    if ($action)
    {
    &mainoutput ("Your reply has been posted");
    exit;
    }

    if ($FORM{'submit'})
    {
    if ($FORM{'name'} && $FORM{'email'} && $FORM{'post'} && $FORM{'name1'} !~
    /\./ && $FORM{'name'} !~ /<.*>/ && $FORM{'email'} !~ /<.*>/ && $FORM{'post'}
    !~ /<.*>/ && $FORM{'name'} !~ /^\s*$/ && $FORM{'email'} !~ /^\s*$/ &&
    $FORM{'post'} !~ /^\s*$/)
    {
    if (-e "BBSFILES/$FORM{'name'}.post")
    {
    &mainoutput ("Name already in use.");
    exit;
    }
    open (DBASE, ">>dbase.txt");
    print DBASE ("$FORM{'name'}\n");
    close (DBASE);
    open (POSTFILE, ">>BBSFILES/$FORM{'name'}.post");
    print POSTFILE ("Name - $FORM{'name'}<br>Email - $FORM{'email'}<br>Post -
    <br>$FORM{'post'}<br>[ <a
    href=\"$0?action=reply&name=$FORM{'name'}\">Reply</a> ]<br><br>\n");
    close (POSTFILE);
    &mainoutput ("Your post has been posted");
    }
    else
    {
    &mainoutput ("Error! You did not fill out all of the fields or you used
    HTML tags which are invalid for this system or you used a period on your
    name field which is also invalid. Please try again.");
    }
    }
    elsif (! $FORM{'submit'})
    {
    &mainoutput ("Welcome to the BBS");
    }

    }

    sub reply
    {
    if ($FORM{'submit1'})
    {
    if ($FORM{'name1'} && $FORM{'email1'} && $FORM{'post1'} && $FORM{'name1'}
    !~ /\./ && $FORM{'name1'} !~ /<.*>/ && $FORM{'email1'} !~ /<.*>/ &&
    $FORM{'post1'} !~ /<.*>/ && $FORM{'name1'} !~ /^\s*$/ && $FORM{'email1'} !~
    /^\s*$/ && $FORM{'post1'} !~ /^\s*$/)
    {
    if (-e "BBSFILES/$FORM{'name1'}.$PARAMS{'name'}")
    {
    print ("Content-type:text/html\n\n");
    print ("Name already in use.");
    exit;
    }
    open (POSTFILE, ">>BBSFILES/$FORM{'name1'}.$PARAMS{'name'}");
    print POSTFILE ("<BLOCKQUOTE>Name - $FORM{'name1'}<br>Email -
    $FORM{'email1'}<br>Post - <br>$FORM{'post1'}<br></BLOCKQUOTE>\n");
    close (POSTFILE);
    }
    else
    {
    print ("Content-type:text/html\n\n");
    print ("Error! You did not fill out all of the fields or you used HTML
    tags which are invalid for this system or you used a period on your name
    field which is also invalid. Please try again.");
    exit;
    }
    }
    else
    {
    &replyoutput ("Reply to $PARAMS{'name'}");
    exit;
    }

    sub replyoutput
    {
    my ($replyoutput) = @_;
    print ("Content-type:text/html\n\n");
    print <<END;
    <html><body>
    <b>BBS</b> - $replyoutput
    <form name="form2" method="post"
    action="$0?action=replied&name=$PARAMS{'name'}">
    <p>Name:
    <br>
    <input name="name1" type="text" id="name">
    </p>
    <p>Email:
    <br>
    <input name="email1" type="text" id="email">
    </p>
    <p>Your Post:</p>
    <p>
    <textarea name="post1" cols="30" rows="6" id="post"></textarea>
    </p>
    <input name="submit1" type="submit" id="submit" value="Submit">
    <input type="reset" name="Submit2" value="Reset">
    </form>
    <hr>
    </body></html>
    END
    }
    }

    sub mainoutput
    {
    my ($output) = @_;
    print ("Content-type:text/html\n\n");
    print <<END;
    <html><body>
    <b>BBS</b> - $output
    <form name="form1" method="post" action="bbs.cgi">
    <p>Name:
    <br>
    <input name="name" type="text" id="name">
    </p>
    <p>Email:
    <br>
    <input name="email" type="text" id="email">
    </p>
    <p>Your Post:</p>
    <p>
    <textarea name="post" cols="30" rows="6" id="post"></textarea>
    </p>
    <p>
    <input name="submit" type="submit" id="submit" value="Submit">
    <input type="reset" name="Submit2" value="Reset">
    </p>
    </form>
    <p><hr></p>
    <b>Current Posts - Most recent are on bottom:</b><br><br>
    END
    opendir (BBSFILES, "BBSFILES/");
    @files = readdir (BBSFILES);
    closedir (BBSFILES);
    chomp (@files);
    foreach $tmp (@files)
    {
    if ($tmp ne "." && $tmp ne "..")
    {
    open (FILE, "BBSFILES/$tmp") || die "can't open file $!.";
    @file = <FILE>;
    close (FILE);
    @file2 = split (/\./, $tmp);
    #print @file2;
    if ($file2[1] eq "post")
    {
    opendir (BBSFILES, "BBSFILES/");
    @files1 = readdir (BBSFILES);
    closedir (BBSFILES);
    chomp (@files1);
    print (@file);
    print ("<b>Replies:</b><BR><br>");
    foreach $tmp2 (@files1)
    {
    open (FILE, "BBSFILES/$tmp2") || die "can't open file $!.";
    @secfile = <FILE>;
    close (FILE);
    @secfilesecs = split (/\./, $tmp2);
    #print @secfilesecs;
    if ($secfilesecs[1] eq $file2[0])
    {
    print (@secfile);
    }
    else
    {
    next;
    }
    }
    }
    else
    {
    next;
    }
    }
    }
    print ("</body></html>");
    }
     
    Robin, Jan 20, 2004
    #1
    1. Advertisements

  2. Robin

    Robin Guest

    %A's meaning the representation of spaces when it transferes through http -
    I still dunno what those are. ASCII chars?

    Peace,
    RObin
     
    Robin, Jan 20, 2004
    #2
    1. Advertisements

  3. Copyright is a legal concept with which you are not familiar I am afraid.
    This is obviously not your code. You have just started learning Perl, yet
    your code looks the same as a variety of other junk that has been out
    there for 10 years.

    #! /usr/bin/perl -T

    use warnings;
    use strict;

    use CGI;
    my $q = CGI->new();

    $CGI::pOST_MAX=1024 * 100; # max 100K posts
    $CGI::DISABLE_UPLOADS = 1; # no uploads

    Take it from here ...

    Sinan.
     
    A. Sinan Unur, Jan 20, 2004
    #3
  4. Robin

    Robin Guest

    require ('lib.cgi');
    Actually it is my code...
    How would I do this without using cgi?

    Thanks,
    -Robin
     
    Robin, Jan 20, 2004
    #4
  5. Robin

    Robin Guest

    Also, how would I do this w/ out using CGI.pm

    Peace,
    -Robin
     
    Robin, Jan 20, 2004
    #5
  6. Robin

    Tony Curtis Guest

    Why would you want to hamstring yourself like that?

    It's the right solution.
     
    Tony Curtis, Jan 20, 2004
    #6
  7. Aren't those variables supposed to be set before the CGI object is
    created?
     
    Gunnar Hjalmarsson, Jan 20, 2004
    #7
  8. use strict;
    use warnings;
     
    John J. Trammell, Jan 20, 2004
    #8

  9. Why do you think that you want to do it without using CGI.pm?
     
    Tad McClellan, Jan 20, 2004
    #9
  10. Yes. Thank you very much for the correction.

    Sinan.
     
    A. Sinan Unur, Jan 20, 2004
    #10
  11. Robin

    Rocco Caputo Guest

    You would write your own CGI.pm equivalent from scratch.

    The existing module is the robust and complete result of several years
    of effort from many different people. As I see it, you have two means
    to achieve the same level of quality in your own version:

    1. Start reading CGI specifications and writing code.
    You've got a lot of catching up to do.

    2.

    package Robin::CGI;

    use base qw(CGI);

    1;

    :)
     
    Rocco Caputo, Jan 20, 2004
    #11
  12. Robin

    Robin Guest

    Here's what it looks like now, why isn't it printing it to the files...?

    Thanks,
    -Robin

    #!/usr/bin/perl

    #bbs v.1.1.4

    $CGI::pOST_MAX=1024 * 100; # max 100K posts
    $CGI::DISABLE_UPLOADS = 1; # no uploads
    use CGI qw:)standard);
    require ('lib.cgi');
    &data_cgivars;
    $" = "";
    $, = "";

    &begin;
    if ($PARAMS{'action'} eq "reply" && $PARAMS{'name'} ne "" && $PARAMS{'name'}
    ne "post")
    { &reply; exit; }
    if ($PARAMS{'action'} eq "replied")
    { &reply; &post (1); }
    &post;

    sub begin
    {
    mkdir ("BBSFILES/", 0755) if (! -e "BBSFILES/");
    }

    sub post
    {
    my ($action) = @_;
    if ($action)
    {
    &mainoutput ("Your reply has been posted");
    exit;
    }

    if (param('submit'))
    {
    if (param('name') && param('email') && param('post') && param('name1') !~
    /\./ && param('name') !~ /<.*>/ && param('email') !~ /<.*>/ && param('post')
    !~ /<.*>/ && param('name') !~ /^\s*$/ && param('email') !~ /^\s*$/ &&
    param('post') !~ /^\s*$/)
    {
    if (-e "BBSFILES/" . param('name') . ".post")
    {
    &mainoutput ("Name already in use.");
    exit;
    }
    #open (DBASE, ">>dbase.txt");
    #print DBASE ("param{'name'}\n");
    #close (DBASE);
    open (POSTFILE, ">>BBSFILES/" . param('name') . ".post");
    print POSTFILE ("Name - ", param('name') ,"<br>Email -
    ",param('email'),"<br>Post - <br>", param('post') ,"<br>[ <a
    href=\"$0?action=reply&name=", param('name'),"\">Reply</a> ]<br><br>\n");
    close (POSTFILE);
    &mainoutput ("Your post has been posted");
    }
    else
    {
    &mainoutput ("Error! You did not fill out all of the fields or you used
    HTML tags which are invalid for this system or you used a period on your
    name field which is also invalid. Please try again.");
    }
    }
    elsif (! param('submit'))
    {
    &mainoutput ("Welcome to the BBS");
    }

    }

    sub reply
    {
    if (param('submit1'))
    {
    if (param('name1') && param('email1') && param('post1') && param('name1')
    !~ /\./ && param('name1') !~ /<.*>/ && param('email1') !~ /<.*>/ &&
    param('post1') !~ /<.*>/ && param('name1') !~ /^\s*$/ && param('email1') !~
    /^\s*$/ && param('post1') !~ /^\s*$/)
    {
    if (-e "BBSFILES/" . param('name1') . ".$PARAMS{'name'}")
    {
    print ("Content-type:text/html\n\n");
    print ("Name already in use.");
    exit;
    }
    open (POSTFILE, ">>BBSFILES/" . param('name1') . ".$PARAMS{'name'}");
    print POSTFILE ("<BLOCKQUOTE>Name - ", param('name1'), "<br>Email - ",
    param('email1'), "<br>Post - <br>", param('post1'), "<br></BLOCKQUOTE>\n");
    close (POSTFILE);
    }
    else
    {
    print ("Content-type:text/html\n\n");
    print ("Error! You did not fill out all of the fields or you used HTML
    tags which are invalid for this system or you used a period on your name
    field which is also invalid. Please try again.");
    exit;
    }
    }
    else
    {
    &replyoutput ("Reply to $PARAMS{'name'}");
    exit;
    }

    sub replyoutput
    {
    my ($replyoutput) = @_;
    print ("Content-type:text/html\n\n");
    print <<END;
    <html><body>
    <b>BBS</b> - $replyoutput
    <form name="form2" method="post"
    action="$0?action=replied&name=$PARAMS{'name'}">
    <p>Name:
    <br>
    <input name="name1" type="text" id="name">
    </p>
    <p>Email:
    <br>
    <input name="email1" type="text" id="email">
    </p>
    <p>Your Post:</p>
    <p>
    <textarea name="post1" cols="30" rows="6" id="post"></textarea>
    </p>
    <input name="submit1" type="submit" id="submit" value="Submit">
    <input type="reset" name="Submit2" value="Reset">
    </form>
    <hr>
    </body></html>
    END
    }
    }

    sub mainoutput
    {
    my ($output) = @_;
    print ("Content-type:text/html\n\n");
    print <<END;
    <html><body>
    <b>BBS</b> - $output
    <form name="form1" method="post" action="bbs.cgi">
    <p>Name:
    <br>
    <input name="name" type="text" id="name">
    </p>
    <p>Email:
    <br>
    <input name="email" type="text" id="email">
    </p>
    <p>Your Post:</p>
    <p>
    <textarea name="post" cols="30" rows="6" id="post"></textarea>
    </p>
    <p>
    <input name="submit" type="submit" id="submit" value="Submit">
    <input type="reset" name="Submit2" value="Reset">
    </p>
    </form>
    <p><hr></p>
    <b>Current Posts - Most recent are on bottom:</b><br><br>
    END
    opendir (BBSFILES, "BBSFILES/");
    @files = readdir (BBSFILES);
    closedir (BBSFILES);
    chomp (@files);
    foreach $tmp (@files)
    {
    if ($tmp ne "." && $tmp ne "..")
    {
    open (FILE, "BBSFILES/$tmp") || die "can't open file $!.";
    @file = <FILE>;
    close (FILE);
    @file2 = split (/\./, $tmp);
    #print @file2;
    if ($file2[1] eq "post")
    {
    opendir (BBSFILES, "BBSFILES/");
    @files1 = readdir (BBSFILES);
    closedir (BBSFILES);
    chomp (@files1);
    print (@file);
    print ("<b>Replies:</b><BR><br>");
    foreach $tmp2 (@files1)
    {
    open (FILE, "BBSFILES/$tmp2") || die "can't open file $!.";
    @secfile = <FILE>;
    close (FILE);
    @secfilesecs = split (/\./, $tmp2);
    #print @secfilesecs;
    if ($secfilesecs[1] eq $file2[0])
    {
    print (@secfile);
    }
    else
    {
    next;
    }
    }
    }
    else
    {
    next;
    }
    }
    }
    print ("</body></html>");
    }
     
    Robin, Jan 20, 2004
    #12
  13. Why don't you just drop this programming thing and start collecting
    stamps or something instead.
     
    Gunnar Hjalmarsson, Jan 20, 2004
    #13
  14. Robin

    Robin Guest

    Why don't you just drop this programming thing and start collecting
    ooh, stamps... haha, so do u know why it's not printing to the files?
    -Robin
     
    Robin, Jan 20, 2004
    #14
  15. :what I'm trying to do is get this bbs.cgi to work better.

    :&begin;

    Is there something restricting you to Perl4? Your style is archaic,
    and if that is because of an external constraint then we need to
    know that before we recommend code changes.
     
    Walter Roberson, Jan 20, 2004
    #15
  16. No, but I suppose there are quite a few reasons. The script should
    better be completely rewritten, and I have no interest in doing that.
     
    Gunnar Hjalmarsson, Jan 21, 2004
    #16
  17. :Here's what it looks like now, why isn't it printing it to the files...?

    :if ($PARAMS{'action'} eq "reply" && $PARAMS{'name'} ne "" && $PARAMS{'name'}

    : if (param('submit'))

    Where is param() defined, and why do you sometimes use param() and
    sometimes use $PARAMS{} ?

    : open (POSTFILE, ">>BBSFILES/" . param('name') . ".post");

    You never test to see if your opens are successful. Could be for
    any of a number of reasons.
     
    Walter Roberson, Jan 21, 2004
    #17
  18. Robin

    Matt Garrish Guest

    Yes, you dolt, both % and A are in the ascii character set...

    Matt
     
    Matt Garrish, Jan 21, 2004
    #18
  19. :%A's meaning the representation of spaces when it transferes through http -
    :I still dunno what those are. ASCII chars?

    Ah, I think I understand. It's probably not %A, it is probably %0A
    which is the encoded representation of linefeed... used by many
    systems to indicate newline. Is the appropriate layer doing a
    chomp() on the input lines?
     
    Walter Roberson, Jan 21, 2004
    #19
  20. :what I'm trying to do is get this bbs.cgi to work better.

    I do not see at the moment how you are protecting against the
    possibility that someone might deliberately include html in their
    posting. You seem to take in whatever the user sent, and output it
    directly. So if someone puts in <blink>Hi, mom!</blink> then you'd
    output exactly that and the browsers are going to react to it.
    Even if it's javascript or if the user included </form> and
    started a new <form> and so on.

    : if ($FORM{'name'} && $FORM{'email'} && $FORM{'post'} && $FORM{'name1'} !~
    :/\./ && $FORM{'name'} !~ /<.*>/ && $FORM{'email'} !~ /<.*>/ && $FORM{'post'}
    :!~ /<.*>/ && $FORM{'name'} !~ /^\s*$/ && $FORM{'email'} !~ /^\s*$/ &&
    :$FORM{'post'} !~ /^\s*$/)

    I see there that you do match $FORM{'post'} against /<.*>/ but
    that is not going to work if the string has embeded newlines.
    You would need /<.*>/s for that case. (The s modifier is not
    available in perl4 though.)

    Are the contents already encoded, newlines represented as %0A or
    something like that? If so then are the < and > characters being
    encoded as well? If they are then those pattern matches are
    going to be redundant. And if they are, your matches on the name
    fields before constructing the storage file name are going to
    be missing some cases too.
     
    Walter Roberson, Jan 21, 2004
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.