#!/usr/bin/perl $top = '..'; require "$top/site.pl"; require 'cgi-util.pl'; require 'db.pl'; use Mail::Sendmail; my $siteEmail = "Minnesota Club DSM <$email>"; #%form = CGIReadGet(); $q = $ENV{'QUERY_STRING'}; $noMake = 12; $defaultState = 24; sub DefineIfPresent { my ($v) = @_; my $r = 'NULL'; $r = $dbh->quote($v) if($v ne ''); return $r; } sub DefineTextBlock { my ($v) = @_; $v =~ s/
/\n/g; $v =~ s/&/&/g; $v =~ s/>/>/g; $v =~ s//g; $v = $dbh->quote($v); return $v; } sub GetDefaults { my ($username) = @_; my %d; my $query = <<"EOF"; SELECT * FROM users, user_info WHERE users.user_id=user_info.user_id AND users.user_name='$username' EOF my $sth = $dbh->prepare($query); $sth->execute; return %d if($sth->rows < 1); my $ref = $sth->fetchrow_hashref(); foreach $key (keys %$ref) { $data{$key} = $ref->{$key}; } $sth->finish; $d{'first'} = $data{'first_name'}; $d{'last'} = $data{'last_name'}; $d{'city'} = $data{'city'}; $d{'state'} = $data{'state_id'}; $d{'email'} = $data{'email'}; $d{'hide_email'} = !$data{'disclose_email'}; $d{'url'} = $data{'url'}; $d{'aim'} = $data{'aim'}; $d{'icq'} = $data{'icq'}; $d{'irc'} = $data{'irc'}; $d{'yahoo'} = $data{'yahoo'}; $query = "SELECT * FROM vehicle WHERE user_id=$data{'user_id'}"; my $sth = $dbh->prepare($query); $sth->execute; if($sth->rows > 0) { my $ref = $sth->fetchrow_hashref(); my $value = $ref->{'description'}; $sth->finish; $value =~ s/
/\n/g; $value =~ s/&/&/g; $value =~ s/>/>/g; $value =~ s/</prepare($query); $sth->execute; if($sth->rows > 0) { my $ref = $sth->fetchrow_hashref(); my $value = $ref->{'description'}; $sth->finish; $value =~ s/
/\n/g; $value =~ s/&/&/g; $value =~ s/>/>/g; $value =~ s/</prepare($query); $sth->execute; if($sth->rows > 0) { my $ref = $sth->fetchrow_hashref(); my $value = $ref->{'mods'}; $sth->finish; $value =~ s/
/\n/g; $value =~ s/&/&/g; $value =~ s/>/>/g; $value =~ s/</prepare($query); $sth->execute; if($sth->rows > 0) { my $ref = $sth->fetchrow_hashref(); $sth->finish; $d{'color'} = $ref->{'color'}; $d{'make'} = $ref->{'make_id'}; $d{'year'} = $ref->{'year'}; $d{'year'} = '' if($d{'year'} == 0); } else { $d{'color'} = ''; $d{'year'} = ''; $d{'make'} = $noMake; } return %d; } sub GetStateID { my ($abbr) = @_; my $state = ''; my $sth = $dbh->prepare("SELECT state_id FROM states WHERE abbreviation='$abbr'"); $sth->execute; if($sth->rows > 0) { my $ref = $sth->fetchrow_hashref(); $state = $ref->{'state_id'}; } $sth->finish; return $state; } sub ReloadMembersIndex { my ($username) = @_; my $pid = fork(); if($pid == 0) { open(STDOUT, '>/dev/null'); exec './members.pl', $username; exit -1; } else { wait(); } } sub GetImageList { my ($user) = @_; my $dir = "$top/$imageDir/$user"; my @files = (); return @files if(!-d $dir); opendir DIR, $dir; my @tmp = readdir DIR; closedir DIR; foreach my $file (@tmp) { next if($file =~ /^\./); next if($file eq $thumbnailsDir); push @files, $file if(-f "$dir/$file" && -f "$dir/$thumbnailsDir/$file"); } return reverse @files; } CGIHeader(); OpenDB(); BeginPage("Edit Member Database"); BeginContent(); if($q =~ /^add/i) { Banner("

Add new member"); print <<"EOF";

Enter a user name and password for your new account. The user name will be required to return to modify your information later. Choose something that is easy to remember, there is no way to change it. It must be alpha-numeric, no punctuation, spaces, et c., and it is case-sensitive.

EOF } elsif($q =~ /^edit/i) { Banner("

Member Login"); print <<"EOF"; EOF } elsif($q =~ /^username/i || $q =~ /^password/i) { Banner("

Forgotten password"); %form = CGIReadGet(); if(!UserExists($form{'username'})) { print <<"EOF";

You don't exist. Try again.

EOF goto END; } print <<"EOF";

You can request that your password be mailed to you.

EOF goto END; } else { %form = CGIReadPost(); if($form{'submit'} eq 'Add') { $badness = 0; if($form{'password'} ne $form{'confirm'}) { print <<"EOF";

Your passwords do not match.

EOF $badness++; } if($form{'username'} eq '') { print <<"EOF";

You entered an empty username.

EOF $badness++; } if(length $form{'password'} < 4) { print <<"EOF";

That password is too short.

EOF $badness++; } my $tmp = $form{'username'}; $tmp =~ s/[^\d\w]*//g; if($form{'username'} ne $tmp) { print <<"EOF";

You entered a bad username.

EOF $badness++; } if(UserExists($form{'username'})) { print <<"EOF";

Sorry, the user name $form{'username'} has already been taken.

EOF $badness++; } if($badness) { print "Please go back and try again.\n"; goto END; } # fall through to edit code below } if($form{'submit'} eq 'Send Password') { my $password = '***'; my $query = "SELECT password FROM users WHERE user_name='$form{'username'}'"; my $sth = $dbh->prepare($query); $sth->execute; if($sth->rows > 0) { my $ref = $sth->fetchrow_hashref(); $password = $ref->{'password'}; } $sth->finish; $mail{From} = $siteEmail; $mail{To} = $form{'email'}; $mail{Subject} = "Your mn-dsm membership"; $mail{Message} = <<"EndMail"; Hello, Someone requested that an email be sent to this address to tell you what your password is for the mn-dsm web site. Web site: http://mn.dsm.org/ User name: $form{'username'} Password: $password Bye bye. EndMail sendmail %mail; print <<"EOF";

Your password has been mailed to $form{'email'}. When you receive the message, you can try again.

EOF goto END; } if($form{'submit'} eq 'Submit Changes') { # check input $badness = 0; if($form{'last'} eq '') { print "You must specify a last name
\n"; $badness++; } if($form{'email'} eq '') { print "You must specify an email address
\n"; $badness++; } if($form{'email'} ne '' && $form{'email'} !~ /.+@.+\..+/) { print "You must specify a valid email address
\n"; $badness++; } my $tmp = $form{'icq'}; $tmp =~ s/[\d+]*//g; if($form{'icq'} ne '' && $tmp ne '') { print "An ICQ number must be a number
\n"; $badness++; } $tmp = $form{'year'}; $tmp =~ s/[\d+]*//g; if($form{'year'} ne '' && ($tmp ne '' || length $form{'year'} != 4)) { print "The year $form{'year'} is not valid
\n"; $badness++; } if($badness) { print "Try Again\n"; goto END; } my $uid = 0; if(defined($form{'newuser'})) { $dbh->do("INSERT INTO users VALUES ('$form{'username'}','$form{'password'}',NULL)"); $uid = GetUserID($form{'username'}); $dbh->do("INSERT INTO changes VALUES ($uid, CURRENT_DATE, CURRENT_DATE)"); } $uid = GetUserID($form{'username'}) if($uid == 0); # add or change all remaining fields as necessary my $state_id = GetStateID($form{'state'}); my $de = 1; $de = 0 if(defined($form{'hideemail'})); my $ln = DefineIfPresent($form{'last'}); my $fn = DefineIfPresent($form{'first'}); my $city = DefineIfPresent($form{'city'}); my $email = DefineIfPresent($form{'email'}); my $url = DefineIfPresent($form{'url'}); my $aim = DefineIfPresent($form{'aim'}); my $icq = DefineIfPresent($form{'icq'}); my $irc = DefineIfPresent($form{'irc'}); my $yahoo = DefineIfPresent($form{'yahoo'}); $dbh->do("DELETE FROM user_info WHERE user_id=$uid"); $dbh->do("INSERT INTO user_info (user_id, last_name, first_name, city, state_id, email, disclose_email, url, aim, icq, irc, yahoo) VALUES ($uid,$ln,$fn,$city,$state_id,$email,$de,$url,$aim,$icq,$irc,$yahoo)"); # always a dsm entry, even if it's make=None my $color = DefineIfPresent($form{'color'}); my $year = DefineIfPresent($form{'year'}); $color = 'NULL' if($form{'make'} == $noMake); $year = 0 if($form{'make'} == $noMake || $year eq 'NULL'); $dbh->do("DELETE FROM dsm WHERE user_id=$uid"); $dbh->do("INSERT INTO dsm (user_id, color, year, make_id, mod_id) VALUES ($uid,$color,$year,$form{'make'},NULL)"); $dbh->do("DELETE FROM description WHERE user_id=$uid"); if($form{'desc'} ne '') { $value = DefineTextBlock($form{'desc'}); $dbh->do("INSERT INTO description (user_id, description) VALUES ($uid,$value)"); } $dbh->do("DELETE FROM modifications WHERE user_id=$uid"); if($form{'mods'} ne '') { $value = DefineTextBlock($form{'mods'}); $dbh->do("INSERT INTO modifications (user_id, mods, mod_id) VALUES ($uid,$value,NULL)"); } $dbh->do("DELETE FROM vehicle WHERE user_id=$uid"); if($form{'vehicles'} ne '') { $value = DefineTextBlock($form{'vehicles'}); $dbh->do("INSERT INTO vehicle (user_id, year, type, description) VALUES ($uid,NULL,NULL,$value)"); } # update changes.modified $dbh->do("UPDATE changes SET modified=CURRENT_DATE WHERE user_id=$uid"); ReloadMembersIndex($form{'username'}); print "Profile for $form{'username'} has been saved
\n"; print "View profile
\n"; goto END; } if($form{'submit'} eq 'Delete Profile') { my @images = GetImageList($form{'username'}); foreach my $image (@images) { unlink "images/$form{'username'}/$image"; unlink "images/$form{'username'}/$thumbnailsDir/$image"; } rmdir "images/$form{'username'}/$thumbnailsDir"; rmdir "images/$form{'username'}"; unlink "$top/$profileDir/$form{'username'}.html"; $uid = GetUserID($form{'username'}); $dbh->do("DELETE FROM vehicle WHERE user_id=$uid"); $dbh->do("DELETE FROM modifications WHERE user_id=$uid"); $dbh->do("DELETE FROM dsm WHERE user_id=$uid"); $dbh->do("DELETE FROM changes WHERE user_id=$uid"); $dbh->do("DELETE FROM description WHERE user_id=$uid"); $dbh->do("DELETE FROM user_info WHERE user_id=$uid"); $dbh->do("DELETE FROM users WHERE user_id=$uid"); ReloadMembersIndex(); print "Your profile has been removed.
\n"; print "Home\n"; goto END; } if($form{'submit'} eq 'Change Password') { if($form{'newpassword'} ne $form{'confirm'}) { print "Your new passwords didn't match.
\n"; print "Try again\n"; goto END; } if(length $form{'newpassword'} < 4) { print "Your new password is too short.
\n"; print "Try again\n"; goto END; } if(!Validate($form{'username'}, $form{'oldpassword'})) { print "Your old password was incorrect.
\n"; print "Try again\n"; goto END; } $dbh->do("UPDATE users SET password='$form{'newpassword'}' WHERE user_name='$form{'username'}'"); print "Your password has been changed.
\n"; print "View profile
\n"; print "Return to editor\n"; goto END; } if($form{'submit'} eq 'Delete Images') { foreach my $image (keys %form) { next if($image eq 'submit'); next if($image eq 'username'); unlink "images/$form{'username'}/$image"; unlink "images/$form{'username'}/$thumbnailsDir/$image"; print "Deleted $image
\n"; } ReloadMembersIndex($form{'username'}); BlockBreak(); print "View profile
\n"; print "Return to editor - you may need to reload to display any changes\n"; goto END; } if($form{'submit'} eq 'Login') { if(!UserExists($form{'username'})) { print <<"EOF";

Sorry, the user name $form{'username'} does not exist. If you don't know your user name, select your name from the list. If you aren't there, you will need to first add yourself an account before you can change it.

\n"; goto END; } if(!Validate($form{'username'}, $form{'password'})) { print <<"EOF";

You entered an incorrect password. You can go back to try again.

If you don't remember your password go here.

EOF goto END; } } # handling adding and editing here # the user is all validated and happy my $str = "

Editing profile for "; if($form{'submit'} eq 'Add') { $str .= "$form{'username'}"; } else { $str .= "$form{'username'}"; } Banner($str); print "

\n"; if($form{'submit'} eq 'Add') { print "\n"; $default{'first'} = ''; $default{'last'} = $form{'username'}; $default{'city'} = ''; $default{'state'} = $defaultState; $default{'email'} = ''; $default{'hide_email'} = 0; $default{'url'} = ''; $default{'aim'} = ''; $default{'icq'} = ''; $default{'irc'} = ''; $default{'yahoo'} = ''; $default{'color'} = ''; $default{'year'} = ''; $default{'make'} = $noMake; $default{'desc'} = ''; $default{'mods'} = ''; $default{'vehicles'} = ''; } else { %default = GetDefaults($form{'username'}); } print <<"EOF";

Enter as much information as you feel comfortable providing. You must provide your name at a minimum and an email address in case you forget your password. Entering your email here does not subscribe you to our mailing list. The list of addresses on this site will not be willfully disclosed to anyone, however if you wish that your email not be listed on the site, you can choose Hide Email.

\n"; } else { print "Hide Email\n"; } print <<"EOF";

Full Name:

First	Last

Location:

Email:

EOF if($default{'hide_email'}) { print "Hide Email

Home Page:

Chat:

AOL Instant Messenger:
ICQ #:
IRC Nickname:
Yahoo! Instant Messenger:

DSM:

Color:	e.g. Black
Year:	e.g. 1992
Make:

Description:

Modifications:

Other Vehicles:

EOF if($form{'submit'} ne 'Add') { my @images = GetImageList($form{'username'}); if($#images >= 0) { BlockBreak(); Banner("

Delete Images"); print <<"EOF";

Choose an image below if you wish to delete it.

EOF } BlockBreak(); Banner("

Image Upload"); print <<"EOF";

Choose an image on your local computer to upload to the site. You may upload any .jpg, .gif or .png file, and avoid any weird characters (spaces, punctuation, etc.) in the file name.

Do not upload inappropriate images. Your profile will be deleted and you will not be welcome back if you violate this. Period.

EOF BlockBreak(); Banner("

Change Password"); print <<"EOF"; EOF BlockBreak(); Banner("

Delete Profile"); print <<"EOF";

If you don't want to be listed anymore, delete your profile. Warning: this is permanent.

EOF } } END: EndContent(); EndPage();

Email address:	$email

File:

Old Password:
New Password:
Again: