#!/usr/bin/perl -w
# NEEDED Variables
$basedir = "/home/**/**";
$linkscgi = "http://www.foo.cgi";
# use form to get the data
use CGI qw(:standard);
$query = new CGI;
# enable MySQL database
use DBI;
$dsn="DBI:mysql:database=foo";
$client_email = $query->param('email');
chomp($client_email);
$new_url = $query->param('url');
chomp($new_url);
$new_title = $query->param('title');
print "Content-Type: text/html\n\n";
$|++;
$mailprog = "/usr/sbin/sendmail";
$LOC = "ALL";
$TRACKER = $ENV{'HTTP_REFERER'};
if (!($TRACKER)) { $TRACKER = $ENV{'REMOTE_ADDR'}; }
####################################
# CHECK Entries
@LINE= split (/"/,$new_url);
$new_url = $LINE[0];
$new_title =~ s/<[^>]*>//g;
$new_title =~ s/\/[^>]*>//g;
$new_title = &convert_bad_chars($new_title);
$new_url = &convert_bad_chars($new_url);
if ($new_url eq 'http://' || $new_url !~ /^(f|ht)tp:\/\/(\w|\-)+\.\w+/
+) {
&no_url;
}
if (!($new_title)) {
&no_title;
}
if (!($client_email)) {
&no_emailid;
}
if ($client_email !~ /^[\w\d][\w\d\,\.\-]*\@([\w\d\-]+\.)+([a-zA-Z]{3}
+|[a-zA-Z]{2})$/) {
&no_emailid;
}
open (FILE, "badurls.txt");
flock (FILE, 2);
@banURL = grep{/$LINE[0]/} <FILE>;
flock (FILE, 8);
close (FILE);
if (@banURL) { ¬_allowed($LINE[0]); }
#check against 'bad-email' list
open (FILE, "bademails.txt");
flock (FILE, 2);
@banEMAIL = grep{/$client_email/}<FILE>;
flock (FILE, 8);
close (FILE);
if (@banEMAIL) { ¬_allowed($client_email); }
#check to see if code is unique
$flag = 1;
$dbh = DBI->connect($dsn,'foo','foo') or die "Can't connect to MyS
+QL database.";
while ($flag == 1) {
$CODE = &gen_code;
$cursor = $dbh->prepare("SELECT count(*) FROM s_table WHERE ID
+_Code = '$CODE'");
$cursor->execute();
while (my $get = $cursor->fetchrow_hashref()) {
$check = $get->{'count(*)'};
}
if ($check==0) { $flag = 0; }
}
$cursor->finish();
$dbh->disconnect;
# Enter MySQL and Add Entry....
$dbh = DBI->connect($dsn,'foo','foo') or die "Can't connect to MyS
+QL database.";
while ($flag == 1) {
$cursor = $dbh->prepare("INSERT INTO s_table (ID_Code,Email,Ur
+l,Title,Section,Location,Tracker,Date)
VALUES ('$CODE','$client_email','$new_url','$new_title','$
+where','$LOC','$TRACKER',
NOW())");
$cursor->execute();
#check to see if entry was accepted
$cursor = $dbh->prepare("SELECT count(*) FROM s_table WHERE ID
+_Code = '$CODE'");
$cursor->execute();
while (my $get = $cursor->fetchrow_hashref()) {
$check = $get->{'count(*)'};
}
if ($check) { $flag = 0; }
}
$cursor->finish();
$dbh->disconnect;
#######
# convert title,url
$new_title =~ s/\\//g;
$new_url =~ s/\\//g;
$date= localtime;
#Send Email...
open (MAIL, "|$mailprog -t") || die "Can't open $mailprog!\n";
print MAIL "To: $client_email\n";
print MAIL "From: foo\n";
print MAIL "Subject: Your entry\n\n";
print MAIL "Thank you for adding your entry.\n";
print MAIL "\n----------------------------------------------------
+--\n";
print MAIL "Your Link:\n\n";
print MAIL "$new_title\n";
print MAIL "$new_url\n";
print MAIL "Section: $where\n\n";
print MAIL "Submitted on $date\n";
print MAIL "\n";
close (MAIL);
print "<html><head><title>Output stuff...</title></head>\n";
print "Thanks!</body></html>";
exit(0);
sub no_url {
print "<html><head><title>ERROR: No URL</title></head>\n";
print "<body bgcolor=#FFFFFF text=#000000>";
print "<center><h1>No URL $new_url</h1></center>\n";
print "You forgot to enter a url you wanted added to the ";
print "link page. Another possible problem was that your link ";
print "was invalid.<p>\n";
print "<form method=POST action=\"$linkscgi\">\n";
&get_fields;
print "<input type=submit> * <input type=reset>\n";
print "<hr>\n";
print "</form></body></html>\n";
exit(0);
}
sub no_illegal_chars {
print "<html><head><title>ERROR: No URL</title></head>\n";
print "<body bgcolor=#FFFFFF text=#000000>";
print "<center><h1>No Illegal Characters</h1></center>\n";
print "Your entry contains characters that are illegal to use.";
print "<p>\n";
print "<form method=POST action=\"$linkscgi\">\n";
&get_fields;
print "<input type=submit> * <input type=reset>\n";
print "<hr>\n";
print "</form></body></html>\n";
exit(0);
}
sub no_title {
print "<html><head><title>ERROR: No Title</title></head>\n";
print "<body bgcolor=#FFFFFF text=#000000>";
print "<center><h1>No Title</h1></center>\n";
print "You forgot to enter a title you wanted added to the ";
print " link page. Another possible problem is that your title ";
print "contained illegal characters.<p>\n";
print "<form method=POST action=\"$linkscgi\">\n";
&get_fields;
print "<input type=submit> * <input type=reset>\n";
print "<hr>\n";
print "</form></body></html>\n";
exit(0);
}
sub no_emailid {
print "<html><head><title>ERROR: No EMail Id</title></head>\n";
print "<body bgcolor=#FFFFFF text=#000000>";
print "<center><h1>No E-mail ID</h1></center>\n";
print "You forgot to enter your e-mail id. ";
print "Another possible problem is that your e-mail id ";
print "contained illegal characters.<p>\n";
print "<form method=POST action=\"$linkscgi\">\n";
&get_fields;
print "<input type=submit> * <input type=reset>\n";
print "<hr>\n";
print "</form></body></html>\n";
exit(0);
}
sub get_fields {
print "\nEMail: <input type=text name=\"email\" value=\"$client_ema
+il\" size=30><br>";
print "\nTitle: <input type=text name=\"title\" value=\"$new_title\
+" size=40><br> ";
print "\nURL: <input type=text name=\"url\" value=\"$new_url\" size
+=55><br>";
print "<input type=hidden name=\"section\"";
print "value=\"$where\">\n";
if ($LOC ne "ALL") {
print "<input type=hidden name=\"lnkuser\"";
print "value=\"$LOC\">\n";
}
}
sub not_allowed {
$error = $_[0];
print "<html><head><title>ERROR: URL Entry Denied</title></head>\n"
+;
print "<body bgcolor=#FFFFFF text=#000000>";
print "<center><h1>URL Entry Denied</h1></center>\n";
print "<center>Sorry, $error\n";
print "You cannot add this URL to this page.<p>\n";
print "</center>";
print "</body></html>\n";
exit(0);
}
sub gen_code {
my ($sec,$min,$hour,$mday,$mon,$year,$wday) = (localtime(time))[0,
+1,2,3,4,5,6];
if ($sec<10) {$sec = "0".$sec;}
if ($min<10) {$min = "0".$min;}
if ($hour<10) {$hour = "0".$hour;}
if ($mday<10) {$mday = "0".$mday;}
my $RND = int(rand(1000));
my $CODE = "$mday$hour$min$sec$RND";
return $CODE;
}
sub convert_bad_chars {
my $string = $_[0];
$string =~ s/'/\\'/g;
$string =~ s/"/\\"/g;
return $string;
}
|