#!/usr/bin/perl # # http://secunia.com/advisories/28235 # To fix this, (backup your script first) edit the code with your favourite editor, # look for the line that reads: # # if (length($searchkey) < 3) { # dienice("Search key must contain at least 3 characters

$lang_back"); } # # and add a line underneath (this should be all one line): # # if (length($searchkey) > 15) { # dienice("Search key must be no longer than 15 characters

$lang_back"); } # # I've chosen 15 characters as enough for a standard search, you may want to alter this for your forum. # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # SimpleForum Pro # # ~ ~ ~ ~ ~ ~ ~ ~ # # # # Name: SimpleForum Pro # # Filename: simpleforum_pro.cgi # # Version: 4.6.2 # # Author: Daan Deconinck # # E-mail: daan@simpleforum.net # # Website: http://www.simpleforum.net # # Date: 10/12/2002 (DD/MM/YYYY) # # Last Update: 07/09/2007 (DD/MM/YYYY) # # # # This script is made to work on all HTTP # # servers supporting CGI, and requires no # # modules to be installed. # # # # This software cannot be edited, modified or # # distributed by anyone without the explicit # # permission from the author. # # # # Terms of use: see 'Terms of use.txt' # # Version history: see 'readme.pdf' # # # # SimpleForum Pro # # 2005 Daan Deconinck # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # S I M P L E F O R U M P R O # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # CONFIGURATION # # # # # # # # # # # # # # # # # # # # # # # # # Installation is very simple. Just place the script along with the "simpleforum_files" directory # in a folder that is configured to execute cgi-scripts. Set the permissions of simpleforum_pro.cgi # to 755 and access the script with a browser. # If you choose to place the simpleforum_files directory somewhere else, or if you want to rename it, # set the path to the simpleforum_files directory here. Likely you won't want to change this line. # (example: $simpleforum_dir = "simpleforum_files";) $simpleforum_dir = "simpleforum_files"; # If your forum is having trouble with logging in, scroll down to the very bottom of this script and # uncomment the last line by removing the # sign at the beginning of the last line. # The rest of the configurations can be done through the Admin area on the forum. Time to start 'r up. :) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # MAIN # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # Do not change anything below # See "Terms of use.txt" that came with the download for more info use CGI; use CGI qw(:standard); use CGI::Carp qw(fatalsToBrowser); use lib "."; &start; if ($qs) { if ($qs =~ /login/ and !$logged_in) { # log in &login; } elsif ($qs eq "logout") { #log out &logout; } elsif (param('pmsg')) { #private messaging &user_settings; } elsif (param('user_settings') and $logged_in) { # user preferences &user_settings; } elsif (param('pid')) { # print profiles &page_start; print_profile(param('pid')); &page_end; } elsif ($qs =~ /topic_id=(\d*)(.*?)edit=(\d*)/s and $forum_id) { #edit a post $topic_id = $1; $edit_id = $3; &edit; } elsif ($qs =~ /topic_id=(\d*)(.*?)quickdel=(\d*)/s and $forum_id) { # quickdelete a post $topic_id = $1; $dele_id = $3; &quick_delete; } elsif ($qs =~ /fid=(\d*)&move_topic=(\d*)&topic_id=(\d*)/s and $forum_id) { # move a post $topic_id = $3; $move_topic_from = $1; $move_topic_to = $2; &move_topic; } elsif ($qs =~ /topic_id=(\d*)(.*?)reply=(\d*)/s and $forum_id) { # reply to a specific message in a topic $topic_id = $1; $msg_id = $3; # msg_id is the specific post (not topic!) which we want to quote and reply to &page_start; &post_form("reply_id=$topic_id"); &page_end; } elsif ($qs =~ /topic_id=(\d*)/s and $forum_id) { # print a topic $topic_id = $1; &page_start; &print_topic; &page_end; } elsif ($qs =~ /reply_id=(\d*)/s and $forum_id) { $topic_id = $1; if (param('preview')) { # Preview of the reply &verify_content; &page_start; &post_preview; &post_form("reply_id=$topic_id"); &page_end; } else { #reply to a topic &verify_content; &write_to_topic; print redirect("$script_name?fid=$forum_id"); } } elsif ($qs =~ /post/ and $forum_id) { #post a new message if (!param('posted')) { #print the form &page_start; &post_form('post'); &page_end; } elsif (param('preview')) { # print the preview of the post &verify_content; &page_start; &post_preview; &post_form('post'); &page_end; } else { #"post-new-topic" form is submitted &verify_content; &write_to_topic; print redirect("$script_name?fid=$forum_id"); } } elsif ($qs =~ /admin/) { &admin; &page_end; } elsif (param('moderate')) { &moderate_forum; &page_end; } elsif ($qs =~ /search/) { &page_start; &search; &page_end; } elsif ($qs =~ /help/) { &help; } elsif (param('unsubscribe') and param('unsubscribe') =~ /^(\d*)$/ and $forum_id) { subscribe("unsubscribe","forum_$forum_id/".param('unsubscribe').".topic"); print redirect($ENV{'HTTP_REFERER'}); } elsif (param('folder')) { # print a user folder &page_start; &print_user_folder(param('folder')); &page_end; } elsif ($forum_id) { #print topic index for this forum section &page_start; &print_topic_index; &page_end; } elsif ($qs =~ /register/ and ($user eq "guest" or $admin_access)) { # register new user ®ister; } elsif ($qs eq "force_upgrade") { # force upgrade &upgrade; } else { #invalid query string print redirect("$script_name"); } } else { #index &page_start; &print_forum_index; &page_end; } # # # # # # SUBROUTINES # # # # # # # # # # # # # # # # # # # # # # # # # # sub page_start { #self-explanatory #Don't touch this line! if (!$header_printed) { print header; } $header_printed = 1; $referer = url(-path_info=>1,-query=>1); $qs_referer = $referer; $qs_referer =~ s/\&/\$/sg; # get custom header and footer if (-e "$config_dir/custom_header.sf") { open(HEAD, "< $config_dir/custom_header.sf"); flock HEAD, 2; $custom_header = join '', ; close HEAD; } if (-e "$config_dir/custom_footer.sf") { open(FOOT, "< $config_dir/custom_footer.sf"); flock FOOT, 2; $custom_footer = join '', ; close FOOT; } if ($menu_display eq "text") { if (!$logged_in) { $login_menu = "$lang_log_in | $lang_register"; } else { $login_menu = "$lang_personal | $lang_log_out ($user_name)"; } if ($admin_access) { $admin_menu = " | $lang_admin"; } if ($user_mark_read eq "manual") { $mark_read_menu = " | $lang_mark_read"; } if ($qs =~ /admin/) { if ($forum_id) { $menu = "$home_name | $lang_forum_index | $forum_name | $lang_new_topic | $lang_search | $lang_help$admin_menu | $login_menu"; $forum_subtitle = $forum_name; } else { $menu = "$home_name | $lang_forum_index | $lang_search | $lang_help$admin_menu | $login_menu"; $forum_subtitle = $subtitle; } } else { if ($forum_id) { $menu = "$home_name | $lang_new_topic | $lang_search$mark_read_menu | $lang_help$admin_menu | $login_menu"; $forum_subtitle = $forum_name; } else { $menu = "$home_name | $lang_search$mark_read_menu | $lang_help$admin_menu | $login_menu"; $forum_subtitle = $subtitle; } } } else { if (!$logged_in) { $login_menu = < HTML } else { $login_menu = < HTML } if ($admin_access) { $admin_menu = "\"\""; } if ($user_mark_read eq "manual") { $mark_read_menu = < Markread } if ($qs =~ /admin/) { if ($forum_id) { $forum_subtitle = $forum_name; $menu = < $admin_menu $login_menu HTML } else { $forum_subtitle = $subtitle; $menu = < $admin_menu $login_menu
HTML } } else { if ($forum_id) { $forum_subtitle = $forum_name; $menu = < $mark_read_menu $admin_menu $login_menu HTML } else { $forum_subtitle = $subtitle; $menu = < $mark_read_menu $admin_menu $login_menu HTML } } $menu_buttons_head_script = < SCRIPT $menu_buttons_body_script = < SCRIPT } # # # # HTML # # # # $backgroundimage_nospaces = $backgroundimage; $backgroundimage_nospaces =~ s/\ /\%20/sg; print < $meta_tags $title $menu_buttons_head_script $pmsg_popup_script $select_transfer_options_script HTML # check for new private messages if ($user_pmsg_popped eq "no" and $logged_in) { # there's a new message! #dienice("New private message"); $onload = "onLoad=\"if (confirm('$lang_new_private_message') == true) { location='$script_name?fid=$forum_id&pmsg=1'; }\""; open(PRF, "> $users_dir/$user.prf") or dienice("Could not open user profile"); flock PRF, 2; # we already got the file's contents from parsing its values, so we print them again here, yet modified ($user_pmsg_popped = "yes") $user_profile_content =~ s/no<\/user_pmsg_popped>\n/yes<\/user_pmsg_popped>\n/s; print PRF $user_profile_content; close PRF; } if (!$custom_header || $no_title) { # Default tag print < HTML } else { # CUSTOM HEADER (containing body tag) if ($onload) { $custom_header =~ s/\/\/sgi; } $custom_header =~ s/\$title/$title/sg; $custom_header =~ s/\$subtitle/$forum_subtitle/sg; $custom_header =~ s/\$images_dir/$images_dir/sg; print "\n\n\n".$custom_header."\n\n\n"; print "
<$smallfont>$menu

"; $no_title = 1; } print <$title
<$standardfont>$forum_subtitle

<$smallfont>$menu
HTML } # # # END HTML # # # } sub print_forum_index { open_dir($simpleforum_dir); print <

<$smallfont>» $lang_forum_index HTML print &select_a_forum; print <
HTML # we already got @forum_index_content from &select_a_forum, so we're not getting it again. If I ever remove select_a_forum, I'll need to create the array again foreach $findex(@forum_index_content) { $topic_amount = 0; if ($findex =~ /^(.*?)<\/group>$/) { # Forum Group Header print "\n"; } elsif ($findex =~ /^(forum_(\d*))<\/forum>$/ and -e "$simpleforum_dir/$1") { # Normal Forum - get info and print $forum_amount++; $forum_dir = $1; $fid = $2; open(INFO, "< $simpleforum_dir/$forum_dir/forum.info") or dienice("Couldn't open $simpleforum_dir/$forum_dir/forum.info: $!"); $forum_info = join '', ; close INFO; if ($forum_info =~ /(.*?)<\/forum_name>/s) { $forum_name = add_html($1); } else { $forum_name = "No Name"; } if ($forum_info =~ /(.*?)<\/forum_more>/s) { $forum_more = add_html($1); } else { $forum_more = ""; } if ($forum_info =~ /(.*?)<\/forum_perm>/s) { $forum_perm = $1; } else { $forum_perm = ""; } if ($forum_info =~ /(.*?)<\/forum_mods>/s) { $forum_mods = $1; } else { $forum_mods = ""; } if ($forum_info =~ /(.*?)<\/forum_hide>/s) { $forum_hide = $1; } else { $forum_hide = ""; } @forum_moderators = split(/\|/,$forum_mods); $forum_moderators = ""; $modcomma = ""; $moderator_link = ""; foreach $forum_moderator(sort @forum_moderators) { if ($forum_moderator eq $user) { $moderator_access = 1; } # for the moderator admin link $forum_moderators .= "$modcomma ".get_userparam($forum_moderator,"user_name"); $modcomma = ","; } if ($moderator_access or $admin_access) { $moderator_link = " » $lang_moderate"; $moderator_access = 0; } if ($forum_moderators) { $forum_moderators = "
\n<$smallfont>$lang_moderator: $forum_moderators$moderator_link"; } elsif ($admin_access) { $forum_moderators = "
\n<$smallfont>$moderator_link"; } opendir(FDIR, "$simpleforum_dir/$forum_dir") or dienice("Couldn't open FDIR: $!"); @forumdir_files = readdir FDIR; closedir FDIR; foreach $ffile(@forumdir_files) { if ($ffile =~ /^(\d*).topic$/) { $topic_amount++; ($mtime) = (stat("$simpleforum_dir/$forum_dir/$ffile")) [9]; push @topic_files, "$mtime\|$ffile"; } } @topic_files = reverse(sort(@topic_files)); $last_topic = $topic_files[0]; ($mtime,$last_topic) = split(/\|/, $last_topic); if ($last_topic) { open(LTOPIC, "< $simpleforum_dir/$forum_dir/$last_topic") or dienice("Couldn't open LTOPIC ($last_topic): $!"); $ltopic_content = join '', ; close LTOPIC; if ($ltopic_content =~ /.*(.*?(.*?)<\/name>.*?
HTML } $at_least_one_forum_printed = 1; $last_posted_time = ""; $last_posted_name = ""; $last_topic = ""; $set = ""; @topic_files = (); $new = ""; $forum_perm = "normal"; } } if (!$at_least_one_forum_printed) { print < HTML } print "
  $lang_forum $lang_topics $lang_last_post
".add_html($1)."
$forum_name
\n$forum_more$forum_moderators
$topic_amount $forum_index_date$last_posted_name
$lang_no_forums_yet_long
\n"; if ($forum_amount > 10) { print "
$select_a_forum
\n\n"; } #print statistics &statistics; } sub print_topic_index { #get all the topic files $page = param('page') or $page = 1; open_dir($topic_dir); # count the total amount of topics foreach (@files) { if (/^.*?\.topic$/) { $total_amount_of_topics++; } } # we'll need the sticky topics open (STICKY, "< $topic_dir/sticky_topics.sf"); while () { if (/(\d*?)<\/sticky_id>/) { if (-e "$topic_dir/$1\.topic") { push @available_topics, "$1.topic"; } } } # now we put all the sticky topics we got so far in a neat row, to compare with the other topics later # the row looks like: |sticky_id||sticky_id||...||sticky_id| $sticky_topics = join '||',@available_topics; $sticky_topics = '|'.$sticky_topics.'|'; close STICKY; # first we need to know in what order we want to list the topics if ($topic_order eq "creation-date") { # by creation date foreach $tpc(reverse(sort @files)) { if ($tpc =~ /^(.*?)\.topic$/s) { if ($sticky_topics !~ /\|\Q$1\E\.topic\|/s) { push @available_topics, $tpc; } else { $sticky_amount++; } } } } elsif ($topic_order eq "last-modified") { # by latest post $sticky_amount = $#available_topics+1; $amount_of_retrieved_topics = $sticky_amount; open(HIST, "< $topic_dir/forum.hist"); @hist_content = ; $i=0; while ($amount_of_retrieved_topics < $page*$topics_per_page and $i < $#hist_content+1) { if ($hist_content[$i] =~ /^(\d*?)\:/) { $retrieved_topic = $1; if ($sticky_topics !~ /\|\Q$retrieved_topic\E\.topic\|/ and -e "$topic_dir/$retrieved_topic\.topic") { push (@available_topics, "$retrieved_topic.topic"); $amount_of_retrieved_topics++; } } } continue { $i++; } close HIST; } # Old topic order algorithm (by lastmodified, not using the forumhistory) # } elsif ($topic_order eq "last-modified") { # # by last-modified # foreach $tpc(@files) { # if ($tpc =~ /^(.*?)\.topic$/s) { # if ($sticky_topics !~ /\|$1\.topic\|/s) { # ($mtime) = (stat("$topic_dir/$tpc")) [9]; # push @lastmodifiedtopics, "$mtime\|$tpc"; # } else { $sticky_amount++; } # } # } # foreach $lastmodifiedtopic(reverse(sort(@lastmodifiedtopics))) { # $lastmodifiedtopic =~ s/(.*?)\|(.*?).topic/$2.topic/s; # push @available_topics, $lastmodifiedtopic; # } # } #we only need a certain amount of topics to print on our index $startnumber = ($page - 1) * $topics_per_page; $less_than = $startnumber + $topics_per_page; for ($startnumber; $startnumber < $less_than; $startnumber++) { push(@topics,$available_topics[$startnumber]); } # print forum navigation and Select A Forum menu print <
<$smallfont>» $lang_forum_index » $forum_name HTML print &select_a_forum; print <
HTML # # # # print all the topics in subroutine print_topic_list &print_topic_list; # # # # end of topiclist $lastpage = $total_amount_of_topics / $topics_per_page; if ($lastpage != int($lastpage)) { $lastpage = int($lastpage) + 1; } #$lastpage = " last »»"; $amount_of_pages = $lastpage; @pages_to_display = ("1","2", $page - 2, $page - 1, $page, $page + 1, $page + 2, $lastpage - 1, $lastpage); # # # # HTML # # # # print < <$smallfont>$lang_go_to: HTML if ($page ne "1") { print "$lang_previous "; } $previouspagenumber = 0; foreach $pagenumber(@pages_to_display) { if ($pagenumber > $previouspagenumber and $pagenumber < $lastpage) { if (($pagenumber - $previouspagenumber) > 1) { print "... "; } print "$pagenumber, "; $previouspagenumber = $pagenumber; } elsif ($pagenumber > $previouspagenumber and $pagenumber == $lastpage) { print "$pagenumber "; $previouspagenumber = $pagenumber; } } if ($page ne $lastpage) { print "$lang_next"; } print < HTML if ($topics_per_page > 5) { print &select_a_forum; } print < HTML if ($topic_index_statistics eq "yes") { &statistics; } # # # END HTML # # # } sub print_topic_list { if ($qs =~ /search/) { $forum_name = "Search"; } # # # # HTML # # # # print < HTML # # # END HTML # # # #open, read and print topic content foreach $topic(@topics) { #initialise topic variables $closed_icon = 0; $topic_number_printing++; if ($topic =~ /^(forum_(\d*))\/(\d*\.topic)$/s) { #this only happens when you perform a search $topic_dir = "$simpleforum_dir/$1"; $forum_id = $2; $topic = $3; $highlight = "&highlight=$searchkey"; } if ($topic =~ /(.*?).topic$/sg) { $topic_id = $1; $topic_replies = 0; #open the topic open(TOPIC,"< $topic_dir/$topic") or dienice("Couldn't open $topic_dir/$topic: $!"); $topic_content = join '', ; close TOPIC; open(STATS,"< $config_dir/viewcount.sf"); $stats_content = join '', ; close STATS; # get necessary content if ($topic_content =~ /(.*?)<\/name>/s) { $topic_name = $1; # if this is a known user, get his real user name if (-e "$users_dir/$topic_name.prf") { open PRF, "$users_dir/$topic_name.prf"; while () { if (/(.*?)<\/user_name>/) { $topic_name = "$1"; } } close PRF; } } # get subject if ($topic_content =~ /(.*?)<\/subject>/s) { $topic_subject = $1; } # get views from stats if ($stats_content =~ /<\Q$topic_id\E>(.*?)\n/s) { $topic_views = $1; } else { $topic_views = 0; } # get last posted name and time if ($topic_content =~ /(.*)(.*?)<\/name>(.*?) HTML # # # END HTML # # # } } if (!$topic_id) { #no topics posted print < HTML } print "
  $lang_topic $lang_replies $lang_author $lang_views $lang_last_post
$topic_subject$page_navigation $unsubscribe_link $topic_replies $topic_name $topic_views <$smallfont>$date \@ $hour:$min $ampm
$lang_by $topic_lastpost_name
$lang_no_topics_yet_long
"; } sub print_topic { # close or re-open a topic if (param('action') eq "close" or param('action') eq "open" and ($admin_access or $moderator_access)) { open(TPC, "+>> $simpleforum_dir/forum_$forum_id/$topic_id.topic") or dienice("Couldn't open topic file: $!"); flock TPC, 2; seek TPC, 0, 0; $tpc_content = join '', ; truncate TPC, 0; if (param('action') eq "close") { print TPC "\n\n"; } else { $tpc_content =~ s/\n\n//sg; } print TPC $tpc_content; close TPC; } # sticky or unsticky a topic if (param('action') eq "sticky" and ($admin_access or $moderator_access)) { open(STICKY, "+>> $simpleforum_dir/forum_$forum_id/sticky_topics.sf") or dienice("Couldn't open sticky_topics.sf: $!"); flock STICKY, 2; seek STICKY, 0, 0; $sticky_content = join '', ; truncate STICKY, 0; if ($sticky_content !~ /\Q$topic_id\E<\/sticky_id>\n/s) { print STICKY "$topic_id<\/sticky_id>\n"; } else { $sticky_content =~ s/\Q$topic_id\E<\/sticky_id>\n//sg; } print STICKY $sticky_content; close STICKY; } # subscribe or unsubscribe to a topic if (param('action') eq "unsubscribe") { # unsubscribe subscribe("unsubscribe","forum_$forum_id/$topic_id.topic"); } elsif (param('action') eq "subscribe") { # subscribe subscribe("subscribe","forum_$forum_id/$topic_id.topic"); } #open the specific topic open(TOPIC,"< $topic_dir/$topic_id.topic") or dienice("Couldn't open $topic_dir/$topic_id.topic"); $topic_content = join '', ; close TOPIC; #write stats for the topic open (STATS, "+>> $config_dir/viewcount.sf") or dienice("Couldn't open viewcount file: $!"); flock STATS, 2; seek STATS, 0, 0; $stats_content = join '', ; seek STATS, 0, 0; truncate STATS, 0; if ($stats_content =~ /<\Q$topic_id\E>(\d*)\n/) { $views = $1 + 1; $stats_content =~ s/<\Q$topic_id\E>(\d*)\n/<$topic_id>$views\n/sg; } else { print STATS "<$topic_id>1\n"; } print STATS $stats_content; close STATS; #if this is a read-only forum, act as if the topic is a "CLOSED" topic, EXCEPT if you have admin access open (FORUMINFO, "< $simpleforum_dir/forum_$forum_id/forum.info") or dienice("Couldn't open forum.info file for reading: $!"); $forum_info = join '', ; close FORUMINFO; if ($forum_info =~ /(.*?)<\/forum_perm>/s) { $forum_perm = $1; } if ($forum_perm eq "read-only" and !$admin_access and !$moderator_access) { $topic_closed = 1; } if ($topic_content =~ /(.*?)<\/subject>/s) { $topic_title = $1; } $original_topic_title = $topic_title; $topic_title = add_html($topic_title); # # # # HTML # # # # print <
<$smallfont>» $lang_forum_index » $forum_name » $lang_topic: $topic_title HTML print &select_a_forum; print <
HTML # # # END HTML # # # # check if this is a closed topic if ($topic_content =~ //s) { $topic_closed = 1; } # check if the user is subscribed to this topic if ($topic_content =~ /(.*?)<\/subscribe>\n/ and $logged_in) { $subscribe = $1; if ($subscribe =~ /^\Q$user\E$/ or $subscribe =~ /^\Q$user\E\|(.*)/ or $subscribe =~ /(.*)\|\Q$user\E$/) { $user_subscribed = 1; } } # the subscribe link and subscribe info for admin and mods if (($admin_access or $moderator_access) and $subscribe) { $subscribe =~ s/^\|//; $show_users_subscribed = " ~ subscribed: ".(join ', ',split(/\|/,$subscribe)).""; } if ($user_subscriptions =~ /\|forum_\Q$forum_id\E\/\Q$topic_id\E.topic\|/s) { $subscribe_link = "<$smallfont>$lang_unsubscribe $show_users_subscribed"; } elsif ($logged_in) { $subscribe_link = "<$smallfont>$lang_subscribe_to_this_topic $show_users_subscribed"; } if ($qs =~ /page=(\d*)/s) { $page_start = $1; $topic_start = ($page_start * $posts_per_page) - ($posts_per_page - 1); } else { $topic_start = 1; } $topic_end = $posts_per_page + $topic_start; while ($topic_content =~ /(.*?)<\/post>/sg) { #reset vars $post_user = ""; $post_avatar = ""; $post_title = ""; $post_posts = ""; $post_status = ""; $poll_data = ""; $post_number++; #get necessary content and print it if ($post_number >= $topic_start and $post_number < $topic_end) { $post_amount++; $post_content = $1; if ($post_content =~ /(.*?)<\/name>/sg) { $post_name = $1; } if ($post_content =~ /(.*?)<\/status>/sg) { $post_status = $1; } if ($post_content =~ /(.*?)<\/email>/sg) { $post_email = $1; } if ($post_content =~ /(.*?)<\/subject>/sg) { $post_subject = $1; } if ($post_content =~ /