diff --git a/cgi-bin/coposys b/cgi-bin/coposys new file mode 100644 index 0000000000..f18262369d --- /dev/null +++ b/cgi-bin/coposys @@ -0,0 +1,446 @@ +#!/usr/bin/perl -w + +# Copyright (C) 2001 Cyril Bouthors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA. +# +# $Id: coposys,v 1.3 2003-02-01 15:23:34 jonas Exp $ +# + +use integer; +use diagnostics; +use sigtrap qw(SEGV BUS); +use strict qw(subs vars refs); +use subs qw(afunc blurfl); + +use CGI qw/:standard/; + +# people in the database +my %people; + +# directory containing the marker files for xplanet +# named thecommunity.mark +my $markerdir='/var/www/coposys'; + +# markerfile +# format : +# latitude longitude "name" #password, date, email +my $filename; + +# +# Syntax of CGI calls : +# +# coposys?community='thecommunity' : displays main form +# coposys?add&name=&password=&password2=&latitude=&longitude=&email=&community= +# coposys?update&name=&password=&latitude=&longitude=&email=&community= +# coposys?delete&name=&del_password=&community= +# + +print header; + +if (param('community')) { + + $filename = $markerdir . '/' . param('community') . '.mark'; + + print 'Coposys $Revision: 1.3 $ ' , "\n\n", + "Manage members of a community \n\n"; + + # form for adding a new member of the community + display_add_update_forms(); + + # display a refresh button + display_list_form(); + + treat_args(); + + # displays a list of members of the community, with a password field next to each to allow modifications + display_community(); + +} +else { + print start_html('error'), 'You need the community argument'; +} + +print end_html; + +################################################################ + +sub display_add_update_forms { + my $date = localtime(); + + print start_html('Coposys.'); + + # Add part of the form + print "\n"; + print " "; + + + # Update part of the form + print "\n", + + "
", + + "Use this form to register in the community ". + param('community'). " \n", + + start_form, + + " Full Name ", textfield('name'), "\n ", p, + + "Password ", + password_field({name=>'password',size=>'8',maxlength=>8}), "\n ", p, + + "Password (again) ", + password_field({name=>'password2',size=>8,maxlength=>8}), "\n ", p, + + "Latitude ", textfield('latitude'), "\n ", p, + + "Longitude ", textfield('longitude'), "\n ", p, + + hidden({name=>'community'}), "\n ", + + hidden({name=>'date',default=>$date}), "\n", + + " Email ", textfield('email'), "\n ", p, + + submit({name=>'add'}), "\n", + end_form, "\n\n"; + + print "", + + "Use this form to update your registration in the community ". + param('community'), " \n", + + start_form, + + " Full Name ", textfield('name'), "\n ", p, + + "Password ", + password_field({name=>'password',size=>'8',maxlength=>8}), "\n ", p, + + "Latitude ", textfield('latitude'), "\n ", p, + + "Longitude ", textfield('longitude'), "\n ", p, + + hidden({name=>'community'}), "\n ", + + hidden({name=>'date',default=>$date}), "\n", + + " Email ", textfield('email'), "\n ", p, + + submit({name=>'update'}), "\n", + + "
\n"; + +} + +# displays an HTML form containing the refresh button +sub display_list_form { + print start_form, "\n ", + hidden({name=>'community'}), "\n ", + # displays a refresh button + submit({name=>'refresh'}), "\n", + end_form, "\n"; +} + +# execute actions depending on the form called +sub treat_args { + if ( param('add') ) { + if ( + param('name') && + param('password') && + param('password2') && + param('latitude') && + param('longitude') && + param('email') && + param('community') + ) + { + add_name(); + } + else { + html_error('Missing argument !'); + } + } + elsif ( param('update') ) { + if ( + param('name') && + param('password') && + param('latitude') && + param('longitude') && + param('email') && + param('community') + ) + { + update_name(); + } + else { + html_error('Missing argument or password entered twice for update !'); + } + } + elsif ( param('delete') ) { + delete_name(); + } +} + +sub update_name { + my ($latitude, $longitude, $name, $password, $date, $email); + + load_data(); + + # check if the name already exists.. + if (!defined $people{param('name')} ) { + html_error(param('name') . ' I don\'t know you. ' . + 'Please register first.'); + } + + # Check if password is correct... + my $crypted_passwd = (split /,/ , $people{param('name')})[3]; + + # get the salt from crypted_passwd + my $salt = $crypted_passwd; + $salt =~ s/^(..).*/$1/; + + # and check for good pass... + if (crypt (param('password'), $salt) ne $crypted_passwd) { + html_error('Incorrect password !'); + return; + } + + # check if latitude is valid + unless ( param('latitude') =~ /^[\d\+\-\.]+$/ ) { + html_error('Invalid latitude: The format is +-DDD.DDDDDDDDDDDDDDD. ' . + 'This is the format programs like xearth use and the ' . + 'format that many positioning web sites use. However ' . + 'typically the precision is limited to 4 or 5 decimals.'); + return; + } + + # check if longitude is valid + unless ( param('longitude') =~ /^[\d\+\-\.]+$/ ) { + html_error('Invalid longitude: The format is +-DDD.DDDDDDDDDDDDDDD. ' . + 'This is the format programs like xearth use and the ' . + 'format that many positioning web sites use. However ' . + 'typically the precision is limited to 4 or 5 decimals.'); + return; + } + + # Now, write marker file with modifications + unless (open (CFG, ">$filename")) { + html_error("Unable to open marker file ($filename) !"); + print end_html; + die; + } + + foreach my $name (keys %people) { + + if ($name eq param('name')) { + # the new value... No check is made, but it's not a good idea... + print CFG param('latitude') . ' ' . + param('longitude') .' "' . $name . '" #' . + $crypted_passwd . ',' . localtime() . ',' . param('email') . "\n"; + next; + } + + ($latitude, $longitude, $crypted_passwd, $date, $email) = + (split /,/ , $people{$name})[0,1,3,4,5]; + + print CFG $latitude . ' ' + . $longitude . ' "' + . $name . '" #' . + $crypted_passwd . ',' . + $date . ',' . + $email . "\n"; + + } + close CFG; + +} + +sub add_name { + + load_data(); + + # check if we don't already have it + if ( defined $people{param('name')} ) { + html_error(param('name') . ' already exists !'); + return; + } + + # check if passwords match + if (param('password') ne param('password2')) { + html_error('Password mismatch !'); + return; + } + + # check if password is valid + unless ( param('password') =~ /^[\w\d]+$/ ) { + html_error('Invalid password: it should only contain alphanumerics !'); + return; + } + + # crypt password + my $randletter = "(int (rand (26)) + (int (rand (1) + .5) % 2 ? 65 : 97))"; + my $salt = sprintf ("%c%c", eval $randletter, eval $randletter); + + my $crypted_passwd = crypt (param('password'), $salt); + + my $name=param('name'); + $name=~s/"//g; #" + + # check if latitude is valid + unless ( param('latitude') =~ /^[\d\+\-\.]+$/ ) { + html_error('Invalid latitude: The format is +-DDD.DDDDDDDDDDDDDDD. ' . + 'This is the format programs like xearth use and the ' . + 'format that many positioning web sites use. However ' . + 'typically the precision is limited to 4 or 5 decimals.'); + return; + } + + # check if longitude is valid + unless ( param('longitude') =~ /^[\d\+\-\.]+$/ ) { + html_error('Invalid longitude: The format is +-DDD.DDDDDDDDDDDDDDD. ' . + 'This is the format programs like xearth use and the ' . + 'format that many positioning web sites use. However ' . + 'typically the precision is limited to 4 or 5 decimals.'); + return; + } + + unless (open (CFG, ">>$filename")) { + html_error("Unable to open marker file ($filename) !"); + print end_html; + die; + } + + print CFG param('latitude') . ' ' . param('longitude') . + ' "' . $name . '" #' . + $crypted_passwd . + ',' . param('date') . + ',' . param('email') . "\n"; + close CFG; +} + +sub display_community { + my ($latitude, $longitude, $name, $password, $date, $email); + + load_data(); + + Delete('name'); + + print "Members of the community ". param('community'). " : \n"; + + print "\n"; + print " " ; + print "\n"; + + foreach my $key (sort keys %people) { + ($latitude, $longitude, $name, $password, $date, $email) = + split /,/ , $people{$key}; + $email =~ s/\@/ AT /g; + $email =~ s/\./ DOT /g; + + + print " \n"; + print " \n"; + print " \n"; + print " \n"; + print " \n"; + print " \n"; + + # print the piece of form allowing deletion of the name + print " \n"; + + print " \n"; + } + print "
NameLatitudeLongitudeLast updateEmail
$key$latitude$longitude$date$email\n " . start_form, " ", + "password: ", + password_field({name=>'del_password',size=>8,maxlength=>8}), "\n ", + hidden({name=>'community'}), "\n ", + hidden({name=>'name', default=>$key}), "\n ", + submit({name=>'delete'}), "\n ", + end_form, "\n
\n"; + +} + +sub load_data { + my ($latitude, $longitude, $name, $password, $date, $email); + + unless (open (CFG, $filename)) { + html_error("Unable to open marker file ($filename)!"); + print end_html; + die; + } + + while () { + s/^(.*) (.*) "(.*)" #(.*),(.*),(.*)$//; + ($latitude, $longitude, $name, $password, $date, $email) + =($1,$2,$3,$4,$5,$6); + $people{$name}="$latitude,$longitude,$name,$password,$date,$email"; + } + + close CFG; + +} + +sub delete_name { + my ($latitude, $longitude, $name, $crypted_passwd, $date, $email); + + load_data(); + + # check if password match + ($crypted_passwd) = (split /,/ , $people{param('name')})[3]; + + # get the salt from crypted_passwd + my $salt = $crypted_passwd; + $salt =~ s/^(..).*/$1/; + + if (crypt (param('del_password'), $salt) ne $crypted_passwd) { + html_error('Password mismatch when trying to delete !'); + return; + } + + unless (open (CFG, ">$filename")) { + html_error("Unable to open marker file ($filename) !"); + print end_html; + die; + } + + foreach my $name (keys %people) { + + if ($name eq param('name')) { + delete $people{$name}; + next; + } + + ($latitude, $longitude, $crypted_passwd, $date, $email) = + (split /,/ , $people{$name})[0,1,3,4,5]; + + print CFG $latitude . ' ' + . $longitude . ' "' + . $name . '" #' . + $crypted_passwd . ',' . + $date . ',' . + $email . "\n"; + + } + close CFG; +} + +sub html_error { + my $message = shift; + + print '

' . $message . "\n"; +}