http://qs1969.pair.com?node_id=116724


in reply to UBB Ultimate Bulletin Board

I altered a UBB bulletin board pretty significantly as a favor to a friend. They don't use any standard modules and they share a lot of tricks in common with Matt's Scripts. They also have an odd file-locking system where they open a separate "lock.file" before they open any file... you can figure out what the various pieces do without much difficulty by going through the code.

Verifying users is simple enough. Passwords are stored as plain text in username.cgi files in the "Members/" directory. You just have to parse those files.

But, since their code is only accidentally open source... i.e., they sell their program, I'm not sure how they feel about people digging around in there.

Replies are listed 'Best First'.
Re: Re: UBB Ultimate Bulletin Board
by earthboundmisfit (Chaplain) on Oct 04, 2001 at 19:33 UTC
    It truly is horrid code. No CGI.pm, no strict, no warnings. My guess is this will be a nightmare to hack.

    BTW, here's that locking sub lifted from the freeware version. Yikes! 

    sub Lock {
 local ($lockname) = @_;
 local ($endtime);
 $endtime = 15;
 $endtime = time + $endtime;
 while (-e $lockname && time < $endtime) {
 open (LOCKFILE, ">$lockname");
}

    [download]
[reply]
[d/l]
      After reviewing some of their code I do totally agree. I thought that I would post something that I found interesting. It seems like the non-perlish way to do the task. 
      sub GeneratePassword {
@digit = ("A", "B", "C", "D", "E", "F", "G", "H", "J", "K", "L", "M", 
+"N", "P", "Q", "R", "S", "T", "U", "V", "W", "Y", "Z", "a", "b", "c",
+ "d", "e", "f", "g", "h", "j", "k", "m", "n", "p", "q", "r", "s", "t"
+, "u", "v", "w", "y", "z", "2", "3", "4", "5", "6", "7", "8", "9");
srand(time);
$num1 = rand(@digit);
$num2 = rand(@digit); 
$num3 = rand(@digit);
$num4 = rand(@digit); 
$num5 = rand(@digit); 
$num6 = rand(@digit); 
$RandomPassword = ("$digit[$num1]" . "$digit[$num2]" . "$digit[$num3]"
+ . "$digit[$num4]" . "$digit[$num5]" . "$digit[$num6]");
return($RandomPassword); 
}

      [download]
      I also found how they are getting the cookies, which seems to be what I am going to do. I am going to just get the cookies and check the user to the assigned cookies information. Here is what they had to get the cookies. 
      sub get_cookie {
  local($chip, $val);
  foreach (split(/; /, $ENV{'HTTP_COOKIE'})) {
        # split cookie at each ; (cookie format is name=value; name=va
+lue; etc...)
        # Convert plus to space (in case of encoding (not necessary, b
+ut recommended)
    s/\+/ /g;
        # Split into key and value.  
    ($chip, $val) = split(/=/,$_,2); # splits on the first =.
        # Convert %XX from hex numbers to alphanumeric
    $chip =~ s/%([A-Fa-f0-9]{2})/pack("c",hex($1))/ge;
    $val =~ s/%([A-Fa-f0-9]{2})/pack("c",hex($1))/ge;
        # Associate key and value
    #undef($cookie{$chip});
    next if (defined($cookie{$chip})); # \1 is the multiple separator
    #$cookie{$chip} .= "\1" if (defined($cookie{$chip})); # \1 is the 
+multiple separator
    $cookie{$chip} .= $val;
  }
} # end SR  NB - the other subroutines from this library [set-cookie, 
+split-cookie, delete-cookie] have not been included here.

      [download]

      LeGo

[reply]
[d/l]
[select]
      That's version 5.
      Take a look at 6. It's much more sane... the author learned from his mistakes, then placed someone else *cough*geeIwonderwhothatmightbe*cough* in charge of maintaining the thing.
[reply]

In Section Seekers of Perl Wisdom