#!/usr/local/bin/perl # this line required for display to browser print "Content-type: text/html\n\n"; ######## REQUIRED FILES ########### require "cgi-lib.pl" || die "Error loading cgi-lib.pl"; require "db-common.sub" || die "Error loading db-common.sub"; require "all-common.sub" || die "Error loading all-common.sub"; require "build-albums.sub" || die "Error loading build-albums.sub"; require "build-content.sub" || die "Error loading build-content.sub"; ######## INPUT VARIABLES ########## # get input variables using this sub &Init_Common_Vars; $badword_file = "$rootpath/bad-words.txt"; # bad word file for filter - for all sites $thisfile = "$rooturl/cgi-bin/add-user-opinion.pl"; # this script &ReadParse; ######## MAIN SCRIPT ############ # get input variables from readparse $submit=$in{'submit'}; $preview=$in{'preview'}; $prodtype = $in{'prodtype'}; # hardware or software or article $prodID = $in{'prodID'}; # ID of item in database being reviewed $itemtitle = $in{'itemtitle'}; # title of sw or hw item for user's reference $itemlink = $in{'itemlink'}; # author of sw or hw item for user's reference $itemtitlefix = $itemtitle; $itemtitlefix =~ s/%20/ /gi; # setup links after top site link include if ($prodtype eq "album") { $top_site_links = "Albums: "; $title_tag = "Software:"; } elsif ($prodtype eq "article") { $top_site_links = "Articles: "; $title_tag = "Articles:"; } else { # error - no prodtype exit; } # end if ($prodtype eq "software") $title_tag = "$title_tag Add User Opinion"; $top_site_links = "$top_site_links Add User Opinion"; # print top of page in all cases &Print_Page_Top; if ($submit || $preview) { # get value of fields submitted by user & truncate lengths $name = substr($in{'name'}, 0, 100); $email = substr($in{'email'}, 0, 150); $location = substr($in{'location'}, 0, 150); $features = substr($in{'features'}, 0, 1); $usability = substr($in{'usability'}, 0, 1); $title = substr($in{'title'}, 0, 150); $body = substr($in{'body'}, 0, 4000); # get rid of repeating characters that attract attention $title =~ s/\#{3,}/\#/g; $title =~ s/!{3,}/!/g; $title =~ s/\?{3,}/\?/g; $title =~ s/-{3,}/\?/g; $title =~ s/\.{3,}/\?/g; $title =~ s/\*{3,}/\?/g; $name =~ s/\#{3,}/\#/g; $name =~ s/!{3,}/!/g; $name =~ s/\?{3,}/\?/g; $name =~ s/-{3,}/\?/g; $name =~ s/\.{3,}/\?/g; $name =~ s/\*{3,}/\?/g; # fix line feeds submitted by preview $body =~ s/

/\n\n/g; $body =~ s/
/\n/g; # strip out illegal characters and html @vars[0] = $name; @vars[1] = $email; @vars[2] = $location; @vars[3] = $title; @vars[4] = $body; for ($n=0; $n<=4; $n++) { # filter html and other illegal tags @vars[$n] =~ s///g; # take out SSI/Comment tags @vars[$n] =~ s///g; # take out end SSI/Comment tags @vars[$n] =~ s/<([^>]|\n)*>//g; # take out html tags @vars[$n] =~ s//>/g; # convert legit > to > @vars[$n] =~ s@(<|<?)\s?/?blink(>|>?)@ @gi; # kill blinks @vars[$n] =~ s@(<|<?)\s?/?script(>|>?)@ @gi; # kill scripts @vars[$n] =~ s@(<|<?)\s?/?meta@ @gi; # kill meta @vars[$n] =~ s@(<|<?)\s?/?ssi@ @gi; # kill ssi @vars[$n] =~ s@(<|<?)\s?/?form@ @gi; # kill forms } # end for ($n=0; $n<=4; $n++) $name = @vars[0]; $email = @vars[1]; $location = @vars[2]; $title = @vars[3]; $body = @vars[4]; # fix special characters in body $body =~ s/\n\n/

/g; $body =~ s/\n/
/g; $body =~ s/\&/\&\;/g; $body =~ s/<//g; $body =~ s/\cM//g; # filter bad words from bad words file, use same file for all boards and opinions &filter_badwords; # get current date to store in record ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); #year needs to have 1900 added $year = $year+1900; #month starts at 0 for Jan, so add 1 $mon = $mon+1; $dateadded=$year."-".$mon."-".$mday; # check for missing fields &error(missing_field) if (!$name || !$title || !$email || !$body); } # if ($submit || $preview) if ($submit) { # fix single quotes so SQL insert will work right $namefix = $name; $namefix =~ s/\'/\\'/g; $emailfix = $email; $emailfix =~ s/\'/\\'/g; $locationfix = $location; $locationfix =~ s/\'/\\'/g; $titlefix = $title; $titlefix =~ s/\'/\\'/g; $bodyfix = $body; $bodyfix =~ s/\'/\\'/g; # fix quotes back from hidden variables $namefix =~ s/\"\;/"/g; $emailfix =~ s/\"\;/"/g; $titlefix =~ s/"\;/"/g; $bodyfix =~ s/\"\;/"/g; $locationfix =~ s/\"\;/"/g; # check for same name or title for this product on this day to prevent multiposts &Conn_to_DB; $SQL = "SELECT * from $op_tbl WHERE (prodID='$prodID' AND dateadded='$dateadded' AND prodtype='$prodtype' AND (name='$namefix' OR title='$titlefix'))"; # run SQL against the DB &Do_SQL; &error(no_spam) if ($pointer = $sth->fetchrow_hashref); $SQL = "INSERT INTO $op_tbl (name,email,location,features,usability,title,body,dateadded,prodID,prodtype) VALUES ('$namefix','$emailfix','$locationfix','$features','$usability','$titlefix','$bodyfix','$dateadded','$prodID','$prodtype')"; # run SQL against the DB &Do_SQL; if ($prodtype eq "album") { $prod_table = $album_tbl; } elsif ($prodtype eq "article") { $prod_table = $cont_tbl; } # end if ($software) $quick_build=1; #$quick_ID = $prodID; # get record to match user opinion $SQL = "SELECT * from $prod_table WHERE ID=$prodID"; &Do_SQL; $pointer = $sth->fetchrow_hashref; $quick_build_type = "modify"; $quick_filename = $pointer->{'filename'}; $uo_filename = substr($quick_filename, 0, length($quick_filename)-5) . "-uo1.html"; if ($prodtype eq "album") { $opinions_url = $rooturl.$albumdir."/$uo_filename"; $details_url = $rooturl.$albumdir."/$quick_filename"; &Build_Albums; } elsif ($prodtype eq "article") { $contenttype = $pointer->{'contenttype'}; &Init_Content_Type; $articledir = "$rooturl$contentdir/$typedir"; $opinions_url = $articledir."/$uo_filename"; $details_url = $articledir."/$quick_filename"; &Build_Content; } # end if ($software) print <

Submission Confirmation for $itemtitlefix

Thank you for letting your opinion be heard at $sitename.

Return to [ Details Page | Opinions Page ]

If the above links do not show the opinion you added, click reload in your browser
after clicking either link.

HTML } elsif ($preview) { # fix quotes so " shows correctly in input variables $name =~ s/"/\"\;/g; $email =~ s/"/\"\;/g; $title =~ s/"/\"\;/g; $location =~ s/"/\"\;/g; $body =~ s/"/\"\;/g; $submitter = "Submitted by: $name"; $submitter = $submitter . "
Email: $email" if ($email); $submitter = $submitter . "
Location: $location" if ($location); $submitter = $submitter . "
Date Added: $dateadded"; $rating_img = " 1 2 3 4 5 "; $features_img = ""; $usability_img = ""; print <

HTML # fix quotes back $name =~ s/\"\;/"/g; $email =~ s/\"\;/"/g; $title =~ s/\"\;/"/g; $location =~ s/\"\;/"/g; $body =~ s/\"\;/"/g; print < Preview Opinion for $itemtitlefix
This opinion has NOT yet been submitted.

If this opinion is correct, press the Submit this Opinion button below to submit it. If you need to make changes, click your browser's back button and make changes on the previous page.

HTML if ($prodtype eq "album") { print < $rating_img
Rating $features_img
HTML } print < $title
$body

$submitter

HTML } else { # this part happens if we didn't press submit or preview, i.e. first load of file print <

HTML if ($prodtype eq "album") { print < HTML } else { print < HTML } print <

Submit Opinion for $itemtitlefix
HTML if ($prodtype eq "software") { print <If there is a problem with a download link or some other issue with the software listing, please let us know HERE. Please do not submit an opinion telling about a broken link, let us know HERE. HTML } print < Thank you for taking the time to share your opinion with other readers. Please fill in the blanks below and click preview to view your opinion.
Name:
Email:
Location (city, state):
Rating:
Opinion Title:
Opinion Body (~500 words or less):

HTML } # end if ($submit) # print bottom of page for all options &Print_Page_Bottom; $dbh->disconnect; exit; ## END of main script ## ############################# # filter_badwords subroutine sub filter_badwords { $badword_found = 0; open(BADWORDS,"$badword_file"); @badwords = ; close(BADWORDS); foreach $badword (@badwords) { # Strip any extra CR/LF's $badword =~ s/\n//g; $badword =~ s/\r//g; if (($name =~ /$badword/i) || ($title =~ /$badword/i) || ($body =~ /$badword/i)) { #print "found"; $badword_found = 1; # If a bad word is found, highlight all occurances of it $name =~ s/($badword)/$1<\/B>/ig; $email =~ s/($badword)/$1<\/B>/ig; $location =~ s/($badword)/$1<\/B>/ig; $title =~ s/($badword)/$1<\/B>/ig; $body =~ s/($badword)/$1<\/B>/ig; } # end if (($name =~ /$badword/i) || ($email =~ /$badword/i) } # end foreach $badword (@badwords) #print "anything"; &error(bad_words) if ($badword_found == 1); return; } # end filter_badwords subroutine ############################ # Error Messages Subroutine # sub error { $error = $_[0]; print "
"; if ($error eq 'missing_field') { print <

You forgot to fill in the name, title, email, or body field in your posting.

Please go back and correct this and resubmit. HTML } elsif ($error eq 'bad_words') { print <

Our script has read your post and has determined that it may contain banned words. The purpose of this site is for serious computing. We want to keep the quality of the site up while we save you from being flamed! If this warning has been triggered by accident, please go back and remove the offending words / comments / concepts from your post and re-send.
HTML } elsif ($error eq 'no_spam') { print <

To prevent spam a posting limit rule has been implemented. You cannot post more than one message per product per day. This error may occur if the submit button was clicked more than once.

If you feel you have reached this page in error, please try to post your message again later or try posting with a different name or title. HTML } else { print <

An undefined error has occurred.

Please go back and try to the post again. HTML } # end if ($error eq 'no_name') print "

\n"; &Print_Page_Bottom; exit; } 1; # below subs tag