int main( int argc, char *argv[] ) { char *ContentBuffer; char *PasswordBuffer; int n; int msgno; int maxno; int errno; ContentBuffer = GetContent( &n ); PasswordBuffer = GetPasswordToDelete( ContentBuffer ); strcpy( (char*)gs_password, PasswordBuffer ); msgno = atoi( argv[ 1 ] ); maxno = GetNewRefNumber(); if( !msgno || msgno > maxno ) { DisplayError( _NOMOREARTICLES ); ReleaseContent( ContentBuffer ); exit( 0 ); } errno = DeleteArticle( msgno ); if( errno == _PASSWORDMISSMATCH ) { DisplayError( _PASSWORDMISSMATCH ); memset( (char*)gs_backurl, 0x00, _URL_MAX_STRING ); sprintf( (char*)gs_backurl, "view.cgi?%d", msgno ); ReleaseContent( ContentBuffer ); exit( 0 ); } else if( errno == _NOPASSWORD ) { DisplayError( _NOPASSWORD ); memset( (char*)gs_backurl, 0x00, _URL_MAX_STRING ); sprintf( (char*)gs_backurl, "view.cgi?%d", msgno ); ReleaseContent( ContentBuffer ); exit( 0 ); } else if( !errno ) { DisplayError( _FAILTODELETEDB ); memset( (char*)gs_backurl, 0x00, _URL_MAX_STRING ); sprintf( (char*)gs_backurl, "view.cgi?%d", msgno ); ReleaseContent( ContentBuffer ); exit( 0 ); } else { memset( gs_infomessage, 0x00, _MESSAGE_MAX_STRING ); strcpy( gs_infomessage, "Deleting completed successfully" ); DisplayMessageAndRedirect( (char*)gs_infomessage, (char*)gs_urldeletesuccess ); } ReleaseContent( ContentBuffer ); return 0; }
int main(int argc, char *argv[]){ if(argc < 2) Usage(argv[0]); if(argc > 2) zb_port = atoi(argv[2]); else zb_port = 80; // http://host/bbs/zboard.php?id=test ParseZbHost(argv[1]); ConnectZboard(zb_host, zb_port); WriteZboard(); ExploitZboard(); ConfirmPHPScript(); DeleteArticle(); }
/******************************************************************* * 根據 URLParaType 執行 POST 的要求 * * return HttpRespondType *******************************************************************/ int DoPostRequest(REQUEST_REC * r, BOARDHEADER * board, POST_FILE * pf) { int result, URLParaType; char *form_data, *boardname; result = WEB_ERROR; URLParaType = r->URLParaType; boardname = board->filename; /* Get FORM data */ if ((form_data = GetFormBody(r->content_length, WEBBBS_ERROR_MESSAGE)) == NULL) return WEB_ERROR; #ifdef DEBUG weblog_line(server->debug_log, form_data); fflush(server->debug_log); #endif if (PSCorrect == nLogin && URLParaType == PostSend) { /* PostSend allow username&password in form body without login */ char pass[PASSLEN * 3]; GetPara2(username, "Name", form_data, IDLEN, ""); /* get userdata from form */ GetPara2(pass, "Password", form_data, PASSLEN * 3, ""); Convert(pass, password); PSCorrect = CheckUserPassword(username, password); } if (URLParaType == PostSend || URLParaType == TreaSend || URLParaType == PostEdit || URLParaType == TreaEdit || URLParaType == PostForward || URLParaType == TreaForward || URLParaType == PostDelete || URLParaType == TreaDelete || URLParaType == SkinModify || URLParaType == AccessListModify ) { int perm; /* boardname should set in advance, now in ParseURI() */ if (get_board(board, boardname) <= 0 || board->filename[0] == '\0') return WEB_BOARD_NOT_FOUND; if ((perm = CheckBoardPerm(board, &curuser)) != WEB_OK) return perm; } if (PSCorrect == Correct || (PSCorrect == gLogin && (URLParaType == PostSend || URLParaType == TreaSend)) || URLParaType == UserNew) { int start, end; char path[PATHLEN]; switch (URLParaType) { case PostSend: case TreaSend: if ((result = PostArticle(form_data, board, pf))) { #if 1 if (URLParaType == TreaSend) { if (strlen(pf->POST_NAME)) sprintf(skin_file->filename, "/%streasure/%s/%s/$", BBS_SUBDIR, boardname, pf->POST_NAME); else sprintf(skin_file->filename, "/%streasure/%s/$", BBS_SUBDIR, boardname); } else { sprintf(skin_file->filename, "/%sboards/%s/", BBS_SUBDIR, boardname); } #endif if (PSCorrect == Correct) UpdateUserRec(URLParaType, &curuser, board); } break; case MailSend: if ((result = PostArticle(form_data, board, pf))) { sprintf(skin_file->filename, "/%smail/", BBS_SUBDIR); UpdateUserRec(URLParaType, &curuser, NULL); } break; case PostEdit: case TreaEdit: if ((result = EditArticle(form_data, board, pf))) { sprintf(skin_file->filename, "/%s%s.html", BBS_SUBDIR, pf->POST_NAME); } break; case PostForward: case TreaForward: case MailForward: if ((result = ForwardArticle(form_data, board, pf))) { find_list_range(&start, &end, pf->num, DEFAULT_PAGE_SIZE, pf->total_rec); setdotfile(path, pf->POST_NAME, NULL); sprintf(skin_file->filename, "/%s%s%d-%d", BBS_SUBDIR, path, start, end); } break; case PostDelete: case TreaDelete: case MailDelete: if ((result = DeleteArticle(form_data, board, pf))) { if (URLParaType == PostDelete) { find_list_range(&start, &end, pf->num, DEFAULT_PAGE_SIZE, pf->total_rec); sprintf(skin_file->filename, "/%sboards/%s/%d-%d", BBS_SUBDIR, boardname, start, end); } else if (URLParaType == TreaDelete) { setdotfile(path, pf->POST_NAME, NULL); sprintf(skin_file->filename, "/%s%s", BBS_SUBDIR, path); } else /* MailDelete */ { sprintf(skin_file->filename, "/%smail/", BBS_SUBDIR); } } break; case UserNew: if ((result = NewUser(form_data, &curuser))) sprintf(skin_file->filename, "%s%s%s", HTML_PATH, BBS_SUBDIR, HTML_UserNewOK); break; case UserIdent: if ((result = DoUserIdent(form_data, &curuser))) sprintf(skin_file->filename, "%s%s%s", HTML_PATH, BBS_SUBDIR, HTML_UserIdentOK); break; case UserData: if ((result = UpdateUserData(form_data, &curuser))) sprintf(skin_file->filename, "/%susers/%s", BBS_SUBDIR, HTML_UserData); break; case UserPlan: if ((result = UpdateUserPlan(form_data, &curuser))) sprintf(skin_file->filename, "/%susers/%s", BBS_SUBDIR, HTML_UserPlan); break; case UserSign: if ((result = UpdateUserSign(form_data, &curuser))) sprintf(skin_file->filename, "/%susers/%s", BBS_SUBDIR, HTML_UserSign); break; case UserFriend: if ((result = UpdateUserFriend(form_data, &curuser))) sprintf(skin_file->filename, "/%susers/%s", BBS_SUBDIR, HTML_UserFriend); break; #ifdef WEB_ADMIN case BoardModify: /* admin function */ if (!HAS_PERM(PERM_SYSOP) #ifdef NSYSUBBS || !strstr(request_rec->fromhost, "140.17.12.") #endif ) { sprintf(WEBBBS_ERROR_MESSAGE, "%s 沒有權限修改看板設定", username); result = WEB_ERROR; } else if ((result = ModifyBoard(form_data, board))) sprintf(skin_file->filename, "/%sboards/%s/%s", BBS_SUBDIR, boardname, HTML_BoardModify); break; #endif case SkinModify: /* customize board skins */ if (strcmp(username, board->owner) && !HAS_PERM(PERM_SYSOP)) { sprintf(WEBBBS_ERROR_MESSAGE, "%s 沒有權限修改討論區介面", username); result = WEB_ERROR; } else if (!(board->brdtype & BRD_WEBSKIN)) { sprintf(WEBBBS_ERROR_MESSAGE, "討論區 [%s] 尚未打開自定介面功\能", board->filename); result = WEB_ERROR; } else if ((result = ModifySkin(form_data, board, pf)))