Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic

Re: UBB Ultimate Bulletin Board

by ghost (Beadle)
on Oct 04, 2001 at 19:12 UTC ( #116724=note: print w/replies, xml ) Need Help??

in reply to UBB Ultimate Bulletin Board

I altered a UBB bulletin board pretty significantly as a favor to a friend. They don't use any standard modules and they share a lot of tricks in common with Matt's Scripts. They also have an odd file-locking system where they open a separate "lock.file" before they open any file... you can figure out what the various pieces do without much difficulty by going through the code.

Verifying users is simple enough. Passwords are stored as plain text in username.cgi files in the "Members/" directory. You just have to parse those files.

But, since their code is only accidentally open source... i.e., they sell their program, I'm not sure how they feel about people digging around in there.

Replies are listed 'Best First'.
Re: Re: UBB Ultimate Bulletin Board
by earthboundmisfit (Chaplain) on Oct 04, 2001 at 19:33 UTC
    It truly is horrid code. No, no strict, no warnings. My guess is this will be a nightmare to hack.

    BTW, here's that locking sub lifted from the freeware version. Yikes!

    sub Lock { local ($lockname) = @_; local ($endtime); $endtime = 15; $endtime = time + $endtime; while (-e $lockname && time < $endtime) { open (LOCKFILE, ">$lockname"); }
      After reviewing some of their code I do totally agree. I thought that I would post something that I found interesting. It seems like the non-perlish way to do the task.
      sub GeneratePassword { @digit = ("A", "B", "C", "D", "E", "F", "G", "H", "J", "K", "L", "M", +"N", "P", "Q", "R", "S", "T", "U", "V", "W", "Y", "Z", "a", "b", "c", + "d", "e", "f", "g", "h", "j", "k", "m", "n", "p", "q", "r", "s", "t" +, "u", "v", "w", "y", "z", "2", "3", "4", "5", "6", "7", "8", "9"); srand(time); $num1 = rand(@digit); $num2 = rand(@digit); $num3 = rand(@digit); $num4 = rand(@digit); $num5 = rand(@digit); $num6 = rand(@digit); $RandomPassword = ("$digit[$num1]" . "$digit[$num2]" . "$digit[$num3]" + . "$digit[$num4]" . "$digit[$num5]" . "$digit[$num6]"); return($RandomPassword); }
      I also found how they are getting the cookies, which seems to be what I am going to do. I am going to just get the cookies and check the user to the assigned cookies information. Here is what they had to get the cookies.
      sub get_cookie { local($chip, $val); foreach (split(/; /, $ENV{'HTTP_COOKIE'})) { # split cookie at each ; (cookie format is name=value; name=va +lue; etc...) # Convert plus to space (in case of encoding (not necessary, b +ut recommended) s/\+/ /g; # Split into key and value. ($chip, $val) = split(/=/,$_,2); # splits on the first =. # Convert %XX from hex numbers to alphanumeric $chip =~ s/%([A-Fa-f0-9]{2})/pack("c",hex($1))/ge; $val =~ s/%([A-Fa-f0-9]{2})/pack("c",hex($1))/ge; # Associate key and value #undef($cookie{$chip}); next if (defined($cookie{$chip})); # \1 is the multiple separator #$cookie{$chip} .= "\1" if (defined($cookie{$chip})); # \1 is the +multiple separator $cookie{$chip} .= $val; } } # end SR NB - the other subroutines from this library [set-cookie, +split-cookie, delete-cookie] have not been included here.


      That's version 5.
      Take a look at 6. It's much more sane... the author learned from his mistakes, then placed someone else *cough*geeIwonderwhothatmightbe*cough* in charge of maintaining the thing.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://116724]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (4)
As of 2022-12-06 21:32 GMT
Find Nodes?
    Voting Booth?

    No recent polls found