# FILE: src-board-subs-admin # Administration program routines #------------------------------------------------------------------------------- # DISCUS VERSION 3.10 COPYRIGHT NOTICE # # Discus 3.10 is copyright (c) 2000 by DiscusWare, LLC, all rights reserved. # The use of Discus is governed by the Discus License Agreement which is # available from the Discus WWW site at: # http://www.discusware.com/discus/license # # Pursuant to the Discus License Agreement, this copyright notice may not be # removed or altered in any way. #------------------------------------------------------------------------------- sub check_passwd { my ($nocookies, $accept_blank_pw, $return_val) = @_; $FORM{'username'} =~ tr/A-Z/a-z/; $username = $FORM{'username'}; $username =~ tr/A-Z/a-z/; $guess = $FORM{'password'}; $guess =~ tr/A-Z/a-z/; $username =~ s/^\s+//; $username =~ s/\s+$//; $guess =~ s/^\s+//; $guess =~ s/\s+$//; open(PASSWD,"$admin_dir/passwd.txt") || &error_message("Verify Password Error", "Cannot open password file (passwd.txt) for reading!"); @passwd_line = ; close(PASSWD); $ok = ""; foreach $line (@passwd_line) { ($user, $pass, $EMAIL_MOD, $FULLNAME_MOD) = split(/:/, $line); if ($user eq $username) { $test_pass = crypt($guess, $pass); $ok = "Yes" if $test_pass eq $pass; $ok = "No" if $pass eq ""; $ok = "Yes" if ($username eq $superuser && $pass eq "" && $guess eq ""); return "* BLANK *" if ($username eq $superuser && $pass eq "" && $guess eq "" && $accept_blank_pw); $ok = "No" if ($username eq $superuser && $pass ne "" && $guess eq ""); $ok = "Yes" if ($COOKIE{"pass$COOKIE_ID"} eq crypt($pass, "cookie") && $guess eq "" && !$nocookies); $ok = "No" if ($username ne $superuser && $pass eq ""); $ok = "No" if ($pass eq "" && !$accept_blank_pw); &error_message($L{FILELOCKERROR}, $L{NOTICE_MAINTENANCEMODE}, 0, 1, 1) if ($GLOBAL_OPTIONS{'maintenance'} && $username ne $superuser); return $pass if $ok eq "Yes"; } } return -1 if $return_val == 592; if ($ok ne "Yes") { $ts = time; $host = $ENV{'REMOTE_HOST'}; $addr = $ENV{'REMOTE_ADDR'}; open (LOG, ">>$admin_dir/adminlog.txt"); print LOG "$username;$host;$addr;$ts;WRONG\n"; close (LOG); $rh = $host; $rh = $addr if $rh eq ""; &log_error("src-board-subs-admin", "check_passwd", "Failed administration login for user $username from $ENV{'REMOTE_ADDR'}"); &error_message("Bad Login", "Your username/password combination was invalid to access the administration program! Your intrusion has been logged.

You are browsing from $rh. Note that this error could also occur if you do not have cookies enabled on your browser; cookies are required to access administration.", 0, 1, 1); } } sub verify_owner { my ($owner, $username) = @_; $username =~ tr/A-Z/a-z/; my (@group_data, $group, $usernames, @username, $groupname); open (GROUP, "$admin_dir/groups.txt") || &error_message("File Error", "Cannot open group file (groups.txt)!"); @group_data = ; close (GROUP); foreach $group (@group_data) { chop ($group) if $group =~ /\n$/; ($groupname, $usernames) = split(/:/, $group); if ($groupname eq $owner) { @username = split(/,/, $usernames); if (grep (/^$username$/, @username)) { return 1; } else { return 0; } } } return 0; } if ($GLOBAL_OPTIONS{'admin_actionlog'} == 1 && $FORM{'username'} ne "") { if (open(LOG, ">>$admin_dir/msg_index/admin-actionlog.txt")) { print LOG "$FORM{'username'}\t$ENV{'REMOTE_ADDR'}\t", time, "\t"; if ($0 =~ m|([\w\-]+)\.$cgi_extension|) { print LOG $1, "\t"; } else { print LOG "?\t"; } foreach $key (keys(%FORM)) { print LOG &escape($key), "="; if ($key =~ m|^pass|) { print LOG &escape("*") if $FORM{$key} ne ""; print LOG "BLANK" if $FORM{$key} eq ""; } else { print LOG &escape($FORM{$key}); } print LOG ","; } print LOG "\n"; close (LOG); } else { &log_error("src-board-subs-admin", "log_admin_action", "Could not append action log file: $!"); } } 1; # END - FILE IS CORRECTLY UPLOADED #