# ----------------------------------------------------
# Configuration File for OpenJournal v2.07
# ----------------------------------------------------
# Installation Instructions:
# ----------------------------------------------------
# To get started, copy these files to your cgi-bin directory:
# oj.cgi
# oj.cfg
# auth.pl
#
# Remove ".txt" from filenames if you downloaded the files
# individually. Change "oj.txt" to "oj.cgi"
#
# Create two subdirectories in your cgi-bin directory called
# "ojauth" and "ojtemplates".
#
# Create a subdirectory called "oj"
# in your Web site's main HTML directory. Then create another
# subdirectory underneath "oj" called "story". (You can change
# the names of these defaults below if you want.)
#
# Chmod 777 your main /oj and /oj/story directories
# Chmod 777 your /cgi-bin/ojauth directory
# Chmod 755 your /cgi-bin/ojtemplates directory
#
# Note: You may need to better understand your Web host's
# directory permissions and how your Web host is running
# your Web server. In some cases, chmod'ing directories
# to just 755 will work fine. In other cases, it won't.
# Be careful with your directory security and do only
# the minimal necessary to get the program to work.
# Chmod'ing to 777 is a method of last resort.
#
# Copy all of the default template files into the /cgi-bin/ojtemplates
# directory. Edit these files to reflect your own site's look and feel.
# Read the "readme" file in the templates directory which describes
# the use of the variables.
#
# Then go through the rest of this configuration file and ensure
# all of the paths and directories are set to reflect your server
# layout. The program will try and create any additional files it
# needs to run properly. If it cannot, it will provide you with
# an error message, usually as a result of permissions not being
# properly set on a directory.
#
# The 2.x versions of OpenJournal make use of the auth.pl
# perl script to handle its authentication routines, written
# and copyrighted by Gossamer Threads (http://www.gossamer-threads.com/).
# It is used within OpenJournal by permission.
# ----------------------------------------------------
# Configuration Section for OpenJournal v2
# ----------------------------------------------------
# Path to your Web site's main HTML directory (where the oj subdirectory is;
# no trailing slash). This is also known to some people as their FTP directory.
$mydir = "/home/httpd/html";
# Complete path to your cgi-bin directory (no trailing slash). This is similar
# to what you put above, except it's to your site's program or cgi-bin directory.
$progdir = "/home/httpd/cgi-bin";
# Name of the OpenJournal directory (oj is default; no trailing slash). If you
# want OJ to manage your main homepage, put nothing between the quotes (like "")
# and edit the index file in the ojtemplates subdirectory to look like your
# homepage (keep the OJ HTML comments in the template file, though!).
$ojdir = "/oj";
# Web path to OpenJournal program (how you access your site's cgi-bin directory
# from your Web browser).
$cgi_url = "/cgi-bin/oj.cgi";
# Name of your Web server (no trailing slash):
$baseurl = "http://www.myserver.com";
# Name of your OpenJournal:
$title = "my open journal";
# Name of subdirectory in the oj directory where archives of old articles
# and indexes are kept (story is default):
$mesgdir = "story";
# Default extension of file names (htm is default):
$ext = "htm";
# Default name of your index file (index is default):
$mesgfile = "index." . $ext;
# Will this OpenJournal be used by more than one person contributing to
# the same journal? Multiple users are supported per journal.
# 1 = Multiuser on, 0 = Multiuser off (default)
$multiuser = 1; # 1 = On, 0 = Off
# Your OpenJournal will automatically archive itself if you want it to.
# This means the main index file will be saved as an archived index file
# and is then available in the /oj/story subdirectory.
# Automated indexing uses the day of the week to determine whether to
# archive the main index file and start a fresh page for you. It only
# works reliably if you log in every day.
# Day to archive: 0=Sun, 1=Mon, 2=Tues, etc.
# If you only want to archive once a month, set this to 30.
# If you want to turn this function off, set to 99999.
$daytoarchive = "5";
# Your local time zone:
$timezone = "EDT";
# User Interface Specifications
# -----------------------------
# The below customizations just change how the user interface to OJ appear.
# Most of them do not affect OJ's output to your Web page.
# Specify the HTML BODY colors and background image for the program to use:
# (be careful not to remove the qq or the tildes on either end)
$colors = qq~ bgcolor="#FFFFEE text="#000000" link="#000077" vlink="#884400" ~;
$background = qq~ background="" ~;
# Pick a default font face, size, and table color for the program to use:
$font = "arial,helvetica";
$size = "-1";
$tcolor = qq~ bgcolor="#CCCCAA" ~;
$tbcolor = qq~ bgcolor="#005544" ~;
$tbfontcolor = "#FFFFFF";
$tbfont = "verdana,ms sans serif";
$linebr = "
"; # What to use between entry title and entry blurb
$target_window = ""; # If you want to open an article link in a different window, just name it here
# The amount of time in seconds that user files are kept in the
# auth directory before the program removes them:
# (Setting this to too short a time will timeout the user before
# giving them the chance to write their entry.)
$auth_time = 3600; # 1 hour (in seconds)
# If you have troubles with file locking, set this to 0:
$db_use_flock = 1;
# If you want to keep the authorization or template files someplace other than in the cgi-bin
# directory, set this to something else (default is recommended):
# (Do not place the template files in the ojauth directory, or they will be deleted
# automatically by the program from time to time!)
$auth_dir = "$progdir/ojauth";
$tplt_dir = "$progdir/ojtemplates";
# If you want to change the name of the userfile, do so here (ojaccess.db is default):
$auth_pw_file = "$progdir/ojaccess.db";
# ---------- Probably nothing else you need to --------------
# ---------- configure below this point. --------------------
# For future use
$auth_no_authentication = 0;
$auth_logging = 0;
$auth_allow_default = 1;
@auth_default_permissions = (1,1,0,0,0);
$auth_signup = 1;
@auth_signup_permissions = (1,1,1,1,0);
$auth_modify_own = 1;
$auth_view_own = 0;
$auth_user_field = -1;
$auth_logoff = "$baseurl$cgi_url";
# Date functions now work cross-platform
($second, $minute, $hour, $date, $month, $year, $day) = (localtime)[0..6];
$year = $year + 1900;
@nameday=("Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday");
@namemonth=("January", "February", "March", "April", "May", "June", "July", "August", "September", "October", "November", "December"
);
$long_date="@nameday[$day], @namemonth[$month] $date, $year";
$w = (localtime)[6];
$today = (localtime)[3];
$lastmonth = $month;
# $nfn = sprintf("%2i%2i%2i%2i%2i",($month+1),$date,($year%100),$hour,$minute);
$nfn = sprintf("%02i%02i%02i%02i%02i",($month+1),$date,($year%100),$hour,$minute);
@weekago=localtime(time-604800);
$lastweek = "$namemonth[$weekago[4]] $weekago[3], $year";
if ($hour < 12) {$ampm = "AM"}
else {$hour = $hour - 12; $ampm = "PM"}
if ($hour == 0) {$hour = $hour + 12}
$ptime = sprintf("%02d:%02d:%02d %s %s",$hour,$minute,$second,$ampm,$timezone);
# $ngn = sprintf("%2i%2i",($month+1),$date);
$ngn = sprintf("%02i%02i",($month+1),$date);
@dayago=localtime(time-86400);
$nyn = sprintf("%02i%02i",($dayago[4]+1),$dayago[3]);
$blurbonly = 0; $pt = 1;
$basedir = $mydir . $ojdir;
$john = $baseurl . "/";
$idxurl = $baseurl . "$ojdir/";
$db_script_url = "$baseurl$cgi_url";
# ------------- End Configuration Area ----------------------
# -----------------------------------------------------------
# Misc Subroutines
# -----------------------------------------------------------
sub parse_form {
# --------------------------------------------------------
# Parses the form input and returns a hash with all the name
# value pairs. Removes SSI and any field with "---" as a value
# (as this denotes an empty SELECT field.
my (@pairs, %in);
my ($buffer, $pair, $name, $value);
if ($ENV{'REQUEST_METHOD'} eq 'GET') {
@pairs = split(/&/, $ENV{'QUERY_STRING'});
}
elsif ($ENV{'REQUEST_METHOD'} eq 'POST') {
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
}
else {
&cgierr ("This script must be called from the Web\nusing either GET or POST requests\n\n");
}
PAIR: foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$name =~ tr/+/ /;
$name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
# 2.07 --- patch start ---
$name =~ s/\0//g;
$value =~ s/\0//g;
# 2.07 --- patch end ---
(exists $in{$name}) ?
($in{$name} .= "~~$value") : # If we have multiple select, then we tack on
($in{$name} = $value); # using the ~~ as a seperator.
}
return %in;
}
sub cgierr {
# --------------------------------------------------------
# Displays any errors and prints out FORM and ENVIRONMENT
# information. Useful for debugging.
if (!$html_headers_printed) {
print "Content-type: text/html\n\n";
$html_headers_printed = 1;
}
print "\n\nCGI ERROR\n==========================================\n";
$_[0] and print "Error Message : $_[0]\n";
$0 and print "Script Location : $0\n";
$] and print "Perl Version : $]\n";
$db_setup and print "Setup File : $db_setup.cfg\n";
$db_userid and print "User ID : $db_userid\n";
$db_uid and print "Session ID : $db_uid\n";
print "\nForm Variables\n-------------------------------------------\n";
foreach $key (sort keys %in) {
my $space = " " x (20 - length($key));
print "$key$space: $in{$key}\n";
}
print "\nEnvironment Variables\n-------------------------------------------\n";
foreach $env (sort keys %ENV) {
my $space = " " x (20 - length($env));
print "$env$space: $ENV{$env}\n";
}
print "\n";
exit -1;
}
sub signup {
# --------------------------------------------------------
#
my $message;
unless ((length($in{'userid'}) >= 3) and (length($in{'userid'}) <= 12) and ($in{'userid'} =~ /^[a-zA-Z0-9]+$/)) {
$message = "Invalid userid: $in{'userid'}. Must only contain only letters and be less then 12 and greater then 3 characters.";
}
unless ((length($in{'pw'}) >= 3) and (length($in{'pw'}) <= 12)) {
$message = "Invalid pw: '$in{'pw'}'. Must be less then 12 and greater then 3 characters.";
}
open (PASS, "<$auth_pw_file") || &create_pass_file;
if ($db_use_flock) { flock(PASS, 1); }
while () {
/^\Q$in{'userid'}\E:/ and ($message = "userid already exists. Please try another.");
}
close PASS;
if ($message) {
&print_new_auth($message);
return;
}
# Add the userid into the file with default permissions.
open (PASS, ">>$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
srand( time() ^ ($$ + ($$ << 15)) ); # Seed Random Number
my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
my $salt = join '', @salt_chars[rand 64, rand 64];
my $encrypted = crypt($in{'pw'}, $salt);
# my $permissions = join (":", @auth_signup_permissions);
print PASS "$in{'userid'}:$encrypted\n";
close PASS;
&return_html("User added");
}
sub return_html {
$error = $_[0];
&header("$error");
print "$title: $error
\n";
print "\n";
&footer;
}
sub error {
$error = $_[0];
&header("$error");
print "
error: $error
\n";
print "Back to OpenJournal\n";
# v2.06 - 02/05/2004 - Log security issues
if ($error =~ /Hack/) {
open (LOG, ">>$mylog");
flock(LOG, LOCK_EX);
seek (LOG, 0,2);
print LOG "$ENV{'REMOTE_ADDR'}|$error|$long_date at $ptime\n";
close LOG;
} # ----------
&footer;
}
sub header {
$subtitle = $_[0];
print "Content-type: text/html\n\n";
print "$title: $subtitle\n";
}
sub footer {
print qq~ 
v2.0 open source software by J Grohol