#!/usr/bin/perl #----------------------------------------------- # OpenJournal (OJ) v2.07 # John M. Grohol # Released: 10 Oct 1999 # This version: 13 Jan 2005 # http://grohol.com/ #----------------------------------------------- # # Copyright 1999-2005 John M. Grohol. # Free to distribute or change, but you cannot charge for this work or any # derivatives thereof. No warranties on this program are made or implied. # # Contributors: # - Sam Clayton May 2001 (crypted passwords, bugfixes, cross-platform dates, multi-user) # # Description: # - Allows you to keep a weblog with minimal maintenance. # # http://www.yourserver.com/cgi-bin/oj.cgi # # The 2.x versions of OpenJournal make use of the auth.pl # perl script to handle its authentication routines, written # and copyrighted by Gossamer Threads (http://www.gossamer-threads.com/). # It is used within OpenJournal by permission. # ---------------------------------------------- # Configuration area # # Configuration variables are now in separate file called "oj.cfg" # Place this file in the same directory as OpenJournal (add full path before # filename below if you're having troubles). require "oj.cfg"; require "auth.pl"; local(%in) = &parse_form; $in{'db'} ? ($db_setup = $in{'db'}) : ($db_setup = 'default'); $in{'uid'} ? ($db_uid = $in{'uid'}): ($db_uid = ''); # ============================================== eval { &main; }; # Trap any fatal errors so the program hopefully if ($@) { &error("fatal error: $@"); } # never produces that nasty 500 server error page. exit(0); # ============================================== # ---------------------------------------------- # Main # ---------------------------------------------- sub main { $|++; # Flush Output Right Away $userid = $in{'username'}; $pw = $in{'password'}; $in{'userid'} = $userid; $in{'pw'} = $pw; # v2.06 - 02/05/2004 - Security fix if ((!($db_uid == "")) && ($db_uid !~ /^[\w .!?-]/)) { &error("Hacker attempt logged."); } # ----------- &auth_cleanup; # Remove old session files. ($status, $uid) = &auth_check_password; # Authenticate User, get permissions and userid. $script_link = "$db_script_url?db=default&uid=$db_uid"; if ($status eq "ok") { if (length($userid) < 3) { ($userid, $trashy) = split(/\./,$uid); } if ($userid) { $script_link = "$script_link&userid=$userid"; } if ($uid eq "default") { $db_userid = $uid; } else { ($db_userid) = $db_uid =~ /([A-Za-z0-9]+)\.\d+/; } if ($in{'edit'}) { $edit = $in{'edit'}; &verify; } elsif ($in{'logoff'}) { &auth_logging('logged off') if ($auth_logging); $auth_logoff ? (print "Location: $auth_logoff\n\n") : (print "Location: $db_script_url\n\n"); } elsif ($in{'addentry'} =~ /Add/) { &get_variables; if ($blurbonly eq 0) { &new_file; } #if there is not just a blurb, write a new news file &main_page; &return_html("entry added"); #show user added entry } elsif ($in{'addentry'} =~ /Preview/) { &get_variables; &preview; } elsif ($in{'auth'} eq "adduser") { &print_new_auth; } elsif ($in{'login'}) { &addform; } else { &error($status); } # End Edit } elsif ($in{'auth'} eq "newpass") { if ($in{'password'} eq $in{'verify'}) { &signup; } else { &print_new_auth("Sorry... Your passwords didn't match. Please try again."); } } elsif ($status eq "no login") { &print_auth($status); } else { &error($status); } exit(0); } # End Main # ------------------------------------------------ # Subroutines # ------------------------------------------------ sub get_variables { if ($in{'etitle'}) { $etitle = "$in{'etitle'}"; $headtitle = $etitle; $etitle =~ s///g; } if ($in{'bodyone'}) { $bodyone = "$in{'bodyone'}"; $bodyone =~ s/\cM//g; $bodyone =~ s/\n\n/

/g; $bodyone =~ s/<//g; } else { &error("No blurb"); } if ($in{'body'}) { $body = "$in{'body'}"; $body =~ s/\cM//g; $body =~ s/\n\n/

/g; $body =~ s/<//g; } if (length($body) < 5) { $blurbonly = 1; } if (length($etitle) < 2) { $etitle = ""; } } # -------------------------------------------- # Write a new article # -------------------------------------------- sub new_file { open(FILE,"$tplt_dir/article") || &error("Can't read Article template file at $tplt_dir/article"); @LINES=; close(FILE); $SIZE=@LINES; open(NEWFILE,">$basedir/$mesgdir/$nfn\.$ext") || &error("Error writing file $basedir/$mesgdir/$nfn\.$ext - Please check your permissions. Sorry."); &templates; close(NEWFILE); chmod 0755, "$basedir/$mesgdir/$nfn\.$ext"; } # ---------------------------------------------- # Add articles to archive index page # ---------------------------------------------- sub main_page { &lastupdate; $lastarchmon = substr($lastarch,0,2); if ( ($edit eq 2) || (($lastarch ne $ngn) && ( ( ($daytoarchive ne 30) && ($w eq ($daytoarchive+1)) ) || ( ($daytoarchive eq 30) && ( ($today eq 01) || ($lastarchmon eq $lastmonth)) ))) ) { $result = `mv $basedir/$mesgfile $basedir/$mesgdir/idx$nfn\.$ext`; $resultb = `cp $tplt_dir/index $basedir/$mesgfile`; open(AMAIN,"$basedir/$mesgdir/$mesgfile") || &try_file2 || open(MAIN,"$basedir/$mesgdir/$mesgfile") || &error("Error reading from the file $basedir/$mesgdir/$mesgfile ($result) - Please check your permissions."); @amain = ; close(AMAIN); open(AMAIN,">$basedir/$mesgdir/$mesgfile") || &error("Error writing to the file $basedir/$mesgdir/$mesgfile - Please check yourpermissions."); foreach $amain_line (@amain) { if ($amain_line =~ /Nothing to show yet/) { print AMAIN ""; } if ($amain_line =~ //) { print AMAIN "\n"; print AMAIN "Week of $lastweek
\n"; } else { print AMAIN "$amain_line"; } } close(AMAIN); $newday = 1; &update; } # ----------------------------------------------- # Add Entry to Main Index Page # ----------------------------------------------- if ($edit eq 2) { return; } &lastupdate; if ($lastupdate ne $ngn) { $newday = 1; } elsif (!($newday)) { $newday = 0; } open(MAIN,"$basedir/$mesgfile") || &try_file || open(MAIN,"$basedir/$mesgfile") || &error("Error opening the file $basedir/$mesgfile ($result) - Please check your permissions."); @main =
; close(MAIN); open(MAIN,">$basedir/$mesgfile") || &error("Error writing to the file $basedir/$mesgfile - Please check your permissions. Sorry."); foreach $main_line (@main) { if ($main_line =~ /Nothing to show yet/) { print MAIN ""; } if (($newday eq 1) && ($main_line =~ //)) { print MAIN "\n\n\n\n"; open(DATEBAR,"$tplt_dir/datebar") || &error("Error reading from the file $tplt_dir/datebar - Please check your permissions."); @datebar = ; close(DATEBAR); foreach $lline (@datebar) { $_ = $lline; $lline =~ s//$long_date/g; print MAIN "$lline\n"; } print MAIN "\n\n"; &print_blurb; } elsif (($newday eq 0) && ($main_line =~ //)) { print MAIN "\n\n\n\n"; &print_blurb; } else { print MAIN "$main_line"; } } close(MAIN); &update; } # --------------------------------------------------- # Add New Entry # --------------------------------------------------- sub addform { &header("Add new entry"); $num = ""; srand(time ^ $$); $num = int(rand(10000000000)); print qq~

$title: add new entry

System date: $long_date ~; if ($userid) { print qq~      Logged in as: $userid ~; } print qq~
Archive now | Edit your journal | My Journal | Add New User | Logoff
Title:
Blurb:
Story:
~; if ($userid) { print qq~ ~; } print qq~
~; &footer; } # ------------------------------------------------- # Preview Entry # ------------------------------------------------- sub preview { &header("Preview Entry"); $num = ""; srand(time ^ $$); $num = int(rand(10000000000)); print qq~

$title: preview entry

~; open(ENTRY,"$tplt_dir/entry") || &error("Error reading from the file $tplt_dir/entry - Please check your permissions."); @entry = ; close(ENTRY); foreach $pline (@entry) { $_ = $pline; if ($etitle) { $pline =~ s//$etitle$linebr/g; } $pline =~ s//$ptime/g; $pline =~ s//$bodyone/g; if ($body) { $pline =~ s//
$body
/g; } if ($multiuser) { $pline =~ s//by $userid/g; } $pline =~ s//$title/g; print "$pline\n"; } print qq~
Title:
Blurb:
Story:
~; if ($userid) { print qq~ ~; } print qq~
~; &footer; } # ------------------------------------------------- # Edit an Entry # ------------------------------------------------- sub verify { $v = $in{'v'}; if (!($v)) { $v = $in{'v'}; } $ct = $in{'ct'}; if ($edit eq 2) { &main_page; $blurbonly = 1; &update("2"); &return_html("index successfully archived"); } elsif (!($ct)) { &header("Choose a directory to edit"); print qq~

$title: choose a directory to edit

Directories:
~; if ($userid) { print qq~ ~; } print qq~
~; &footer; } elsif ($ct eq 1) { &header("Choose a directory to edit"); $dir = $in{'dir'}; print qq~

$title: choose a file to edit
$dir

~; opendir(DIR,"$dir") || &error("in get1 I could not open the directory $basedir"); @ls=readdir(DIR); closedir(DIR); $_ = $line; $files = "\.$ext"; foreach $dfile(@ls) { $dfile =~ s/[\s]+//g; if ($dfile =~ /$files/ && $dfile !~ /[ ]+/ && $dfile !~ /\n|\r/) { # next if $dfile =~ /index.html?/i; next if $dfile =~ /.txt?/i; next if $dfile =~ /<|>/; open(T,"$dir/$dfile") ||&error("in get1 I could not open the file $basedir$dfile"); URL: { while() { if (/([\S\s]+)<\/title>/i) { next if $1 =~ /\$/i; push(@urls,"<option value=\"$dir/$dfile\">$dfile - $1\n"); last URL; close(T); } else { next; } } } } } print qq~ <form method="post" action="$script_link"> <select name="go" size="10"> ~; foreach(@urls) { print; } print qq~ </select> <input type=hidden name=v value="$v"> <input type=hidden name=edit value="1"> ~; if ($userid) { print qq~ <input type=hidden name="username" value="$userid"> ~; } print qq~ <input type=hidden name="uid" value="$db_uid"> <input type=hidden name=ct value="2"><br><br><input type="submit" value="Edit this File"></form>\n ~; &footer; } elsif ($ct eq 2) { $eiei = rindex($in{'go'},"/") +1; $editedfn = substr($in{'go'},$eiei); $fileBeingUpdated = $in{'go'}; $pathToDbase = "$fileBeingUpdated"; open(INFILE,"$pathToDbase") || open(INFILE,">$pathToDbase") || &error("Cannot open $pathToDbase in INFILE"); @infile = (<INFILE>); close(INFILE); $size_all = (@infile + 10); &header("Editing $editedfn"); print qq~ <center><div align=center> <h3><font face="$font">$title: edit a file: $editedfn</font></h3> <blockquote> <p align="center"> <font face="$font" size="$size"> Press the <b>Publish the Page</b> button when you're ready to publish it. </font></p> <form method="post" action="$script_link"> <input type=hidden name="go" value="$fileBeingUpdated"> <TEXTAREA NAME="body" ROWS="30" COLS="65" wrap="physical"> ~; foreach(@infile) { print "$_"; } print qq~ </textarea> <input type=hidden name=v value="$v"> <input type=hidden name=edit value="1"> <input type=hidden name=ct value="3"> ~; if ($userid) { print qq~ <input type=hidden name="username" value="$userid"> ~; } print qq~ <input type=hidden name="uid" value="$db_uid"> <p><center><input type="submit" name="submit" value="Publish the Page"></center></form> </blockquote> ~; &footer; } elsif ($ct eq 3) { $eiei = rindex($in{'go'},"/") +1; $editedfn = substr($in{'go'},$eiei); $eoeo = rindex($in{'go'},"/",$eiei-2); $editeddir = substr($in{'go'},$eoeo); $pathToDbase = "$in{'go'}"; &header("File Successfully Updated"); print qq~ <center><div align=center> <h3><font face="$font">$title: successfully edited<br>$dir</font></h3> ~; local(@temp) = split(/\n/,$in{'body'}); foreach (@temp) { $_ =~ s/\cM//; # $_ =~ s/^[\s]+//g; $infile .= "$_\n"; push(@toprint,"$_\n"); } open(BINFILE,">$pathToDbase") || &error("Cannot open $pathToDbase in INFILE"); print BINFILE "@toprint"; close(BINFILE); print qq~ <p><font face="$font" size="$size">Go to ~; if ($editeddir =~ /$mesgdir/) { print " <a href=\"$idxurl$mesgdir/$editedfn\">$editedfn</a> "; } else { print " <a href=\"$idxurl$editedfn\">$editedfn</a> "; } print qq~ to view the changes <br><br>or add a <a href="$script_link&v=$v&auth=login">New entry</a>.<br><br> <b>Note:</b> You may have to Reload the page when you get there to see your changes. </font> ~; &footer; } } # endsub # ------------------------------------------- # Crypt pass routines # ------------------------------------------- sub print_auth { $error = $_[0]; open (PASSFILE, "$auth_pw_file") || &print_new_auth("First time user... Please enter a username and password to get started"); #check for password file close(PASSFILE); &header(Login); print qq~ <p> <p><center><div align=center> <h3><font face="$font">$title: login</font></h3> ~; if ($error) { print "<font face=\"arial\" size=\"-1\" color=\"#CC0000\"><b>$error</b></font><br><br>"; } print qq~ <form action="$db_script_url" method="post"> <table border=1 cellspacing=0 cellpadding=4><tr><td align=right> <font face="$font" size="$size">Username:</font></td><td><input type=text name=username size=10> </td></tr><tr><td align=right> <font face="$font" size="$size">Password:</font></td><td><input type=password name=password size=10> </td></tr><tr><td $tcolor colspan=2><center> <input type=hidden name=auth value=login> <input type=hidden name=login value=1> <input type=submit value="Login"> </td></tr></table> </form></div></center> ~; &footer; } sub print_new_auth { $error = $_[0]; &header("New user"); print qq~ <p> <p><center><div align=center> <h3><font face="$font">Create a New User Acount<br>$title: login</font></h3> ~; if ($error) { print "<font face=\"arial\" size=\"-1\" color=\"#CC0000\"><b>$error</b></font><br><br>"; } print qq~ <form action="$db_script_url" method="post"> <table border=1 cellspacing=0 cellpadding=4><tr><td align=right> <font face="$font" size="$size">Username:</font></td><td><input type=text name=username size=10> </td></tr><tr><td align=right> <font face="$font" size="$size">Password:</font></td><td><input type=password name=password size=10> </td></tr><tr><td align=right> <font face="$font" size="$size">Verify:</font></td><td><input type=password name=verify size=10> </td></tr><tr><td $tcolor colspan=2><center> <input type=hidden name="auth" value="newpass"> <input type=submit value="Add"> </td></tr></table> </form></div></center> ~; &footer; } # ------------------------------------------------- sub lastupdate { open(FILE,"$progdir/ojlastupdate.txt") || &update; $lasttimes=<FILE>; ($lastarch, $lastupdate) = split (/:/, $lasttimes); close(FILE); } sub update { $edit = $_[0]; if ($edit eq "2") { $gfy = "9999"; } else { $gfy = $ngn; } open DEX,">$progdir/ojlastupdate.txt"; print DEX "$ngn:$gfy"; close(DEX); } sub try_file { $newday = 1; $result = `cp $tplt_dir/index $basedir/$mesgfile`; &try_file2; } sub try_file2 { $result = `cp $tplt_dir/index $basedir/$mesgdir/$mesgfile`; } # ------------------------------------------------- sub print_blurb { open(ENTRY,"$tplt_dir/entry") || &error("Error reading from the file $tplt_dir/entry - Please check your permissions."); @entry = <ENTRY>; close(ENTRY); foreach $line (@entry) { $_ = $line; if (($blurbonly eq 1) && ($etitle)) { $line =~ s/<!-- TITLE -->/$etitle$linebr/g; } elsif ($etitle) { $line =~ s/<!-- TITLE -->/<a href=\"$ojdir\/$mesgdir\/$nfn\.$ext\" target=\"$target_window\">$etitle<\/a>$linebr/g; } $line =~ s/<!-- PTIME -->/$ptime/g; $line =~ s/<!-- BLURB -->/$bodyone/g; $line =~ s/<!-- BODY -->/$body/g; if ($multiuser) { $line =~ s/<!-- USERNAME -->/by $userid/g; } $line =~ s/<!-- OJNAME -->/$title/g; $line =~ s/<!-- BODYPREVIEW -->//g; printf MAIN "$line\n"; } } # End Sub sub templates { foreach $line (@LINES) { $_ = $line; if ($etitle) { $line =~ s/<!-- TITLE -->/$etitle/g; } $line =~ s/<!-- PTIME -->/$ptime/g; $line =~ s/<!-- BLURB -->/$bodyone/g; if ($body) { $line =~ s/<!-- BODY -->/$body/g; } if ($multiuser) { $line =~ s/<!-- USERNAME -->/by $userid/g; } $line =~ s/<!-- OJNAME -->/$title/g; $line =~ s/<!-- BODYPREVIEW -->//g; print NEWFILE "$line\n"; } } # End Sub