int main( int argc, char *argv[] )
{
char *ContentBuffer;
char *PasswordBuffer;
int n;
int msgno;
int maxno;
int errno;
ContentBuffer = GetContent( &n );
PasswordBuffer = GetPasswordToDelete( ContentBuffer );
strcpy( (char*)gs_password, PasswordBuffer );
msgno = atoi( argv[ 1 ] );
maxno = GetNewRefNumber();
if( !msgno || msgno > maxno ) {
DisplayError( _NOMOREARTICLES );
ReleaseContent( ContentBuffer );
exit( 0 );
}
errno = DeleteArticle( msgno );
if( errno == _PASSWORDMISSMATCH ) {
DisplayError( _PASSWORDMISSMATCH );
memset( (char*)gs_backurl, 0x00, _URL_MAX_STRING );
sprintf( (char*)gs_backurl, "view.cgi?%d", msgno );
ReleaseContent( ContentBuffer );
exit( 0 );
}
else if( errno == _NOPASSWORD ) {
DisplayError( _NOPASSWORD );
memset( (char*)gs_backurl, 0x00, _URL_MAX_STRING );
sprintf( (char*)gs_backurl, "view.cgi?%d", msgno );
ReleaseContent( ContentBuffer );
exit( 0 );
}
else if( !errno ) {
DisplayError( _FAILTODELETEDB );
memset( (char*)gs_backurl, 0x00, _URL_MAX_STRING );
sprintf( (char*)gs_backurl, "view.cgi?%d", msgno );
ReleaseContent( ContentBuffer );
exit( 0 );
}
else {
memset( gs_infomessage, 0x00, _MESSAGE_MAX_STRING );
strcpy( gs_infomessage, "Deleting completed successfully" );
DisplayMessageAndRedirect( (char*)gs_infomessage, (char*)gs_urldeletesuccess );
}
ReleaseContent( ContentBuffer );
return 0;
}
int main(int argc, char *argv[]){
if(argc < 2) Usage(argv[0]);
if(argc > 2) zb_port = atoi(argv[2]);
else zb_port = 80;
// http://host/bbs/zboard.php?id=test
ParseZbHost(argv[1]);
ConnectZboard(zb_host, zb_port);
WriteZboard();
ExploitZboard();
ConfirmPHPScript();
DeleteArticle();
}
/*******************************************************************
* 根據 URLParaType 執行 POST 的要求
*
* return HttpRespondType
*******************************************************************/
int
DoPostRequest(REQUEST_REC * r, BOARDHEADER * board, POST_FILE * pf)
{
int result, URLParaType;
char *form_data, *boardname;
result = WEB_ERROR;
URLParaType = r->URLParaType;
boardname = board->filename;
/* Get FORM data */
if ((form_data = GetFormBody(r->content_length, WEBBBS_ERROR_MESSAGE)) == NULL)
return WEB_ERROR;
#ifdef DEBUG
weblog_line(server->debug_log, form_data);
fflush(server->debug_log);
#endif
if (PSCorrect == nLogin && URLParaType == PostSend)
{
/* PostSend allow username&password in form body without login */
char pass[PASSLEN * 3];
GetPara2(username, "Name", form_data, IDLEN, ""); /* get userdata from form */
GetPara2(pass, "Password", form_data, PASSLEN * 3, "");
Convert(pass, password);
PSCorrect = CheckUserPassword(username, password);
}
if (URLParaType == PostSend
|| URLParaType == TreaSend
|| URLParaType == PostEdit
|| URLParaType == TreaEdit
|| URLParaType == PostForward
|| URLParaType == TreaForward
|| URLParaType == PostDelete
|| URLParaType == TreaDelete
|| URLParaType == SkinModify
|| URLParaType == AccessListModify
)
{
int perm;
/* boardname should set in advance, now in ParseURI() */
if (get_board(board, boardname) <= 0 || board->filename[0] == '\0')
return WEB_BOARD_NOT_FOUND;
if ((perm = CheckBoardPerm(board, &curuser)) != WEB_OK)
return perm;
}
if (PSCorrect == Correct
|| (PSCorrect == gLogin && (URLParaType == PostSend || URLParaType == TreaSend))
|| URLParaType == UserNew)
{
int start, end;
char path[PATHLEN];
switch (URLParaType)
{
case PostSend:
case TreaSend:
if ((result = PostArticle(form_data, board, pf)))
{
#if 1
if (URLParaType == TreaSend)
{
if (strlen(pf->POST_NAME))
sprintf(skin_file->filename, "/%streasure/%s/%s/$",
BBS_SUBDIR, boardname, pf->POST_NAME);
else
sprintf(skin_file->filename, "/%streasure/%s/$",
BBS_SUBDIR, boardname);
}
else
{
sprintf(skin_file->filename, "/%sboards/%s/",
BBS_SUBDIR, boardname);
}
#endif
if (PSCorrect == Correct)
UpdateUserRec(URLParaType, &curuser, board);
}
break;
case MailSend:
if ((result = PostArticle(form_data, board, pf)))
{
sprintf(skin_file->filename, "/%smail/", BBS_SUBDIR);
UpdateUserRec(URLParaType, &curuser, NULL);
}
break;
case PostEdit:
case TreaEdit:
if ((result = EditArticle(form_data, board, pf)))
{
sprintf(skin_file->filename, "/%s%s.html",
BBS_SUBDIR, pf->POST_NAME);
}
break;
case PostForward:
case TreaForward:
case MailForward:
if ((result = ForwardArticle(form_data, board, pf)))
{
find_list_range(&start, &end, pf->num, DEFAULT_PAGE_SIZE, pf->total_rec);
setdotfile(path, pf->POST_NAME, NULL);
sprintf(skin_file->filename, "/%s%s%d-%d",
BBS_SUBDIR, path, start, end);
}
break;
case PostDelete:
case TreaDelete:
case MailDelete:
if ((result = DeleteArticle(form_data, board, pf)))
{
if (URLParaType == PostDelete)
{
find_list_range(&start, &end, pf->num, DEFAULT_PAGE_SIZE, pf->total_rec);
sprintf(skin_file->filename, "/%sboards/%s/%d-%d",
BBS_SUBDIR, boardname, start, end);
}
else if (URLParaType == TreaDelete)
{
setdotfile(path, pf->POST_NAME, NULL);
sprintf(skin_file->filename, "/%s%s",
BBS_SUBDIR, path);
}
else
/* MailDelete */
{
sprintf(skin_file->filename, "/%smail/", BBS_SUBDIR);
}
}
break;
case UserNew:
if ((result = NewUser(form_data, &curuser)))
sprintf(skin_file->filename, "%s%s%s",
HTML_PATH, BBS_SUBDIR, HTML_UserNewOK);
break;
case UserIdent:
if ((result = DoUserIdent(form_data, &curuser)))
sprintf(skin_file->filename, "%s%s%s",
HTML_PATH, BBS_SUBDIR, HTML_UserIdentOK);
break;
case UserData:
if ((result = UpdateUserData(form_data, &curuser)))
sprintf(skin_file->filename, "/%susers/%s",
BBS_SUBDIR, HTML_UserData);
break;
case UserPlan:
if ((result = UpdateUserPlan(form_data, &curuser)))
sprintf(skin_file->filename, "/%susers/%s",
BBS_SUBDIR, HTML_UserPlan);
break;
case UserSign:
if ((result = UpdateUserSign(form_data, &curuser)))
sprintf(skin_file->filename, "/%susers/%s",
BBS_SUBDIR, HTML_UserSign);
break;
case UserFriend:
if ((result = UpdateUserFriend(form_data, &curuser)))
sprintf(skin_file->filename, "/%susers/%s",
BBS_SUBDIR, HTML_UserFriend);
break;
#ifdef WEB_ADMIN
case BoardModify: /* admin function */
if (!HAS_PERM(PERM_SYSOP)
#ifdef NSYSUBBS
|| !strstr(request_rec->fromhost, "140.17.12.")
#endif
)
{
sprintf(WEBBBS_ERROR_MESSAGE,
"%s 沒有權限修改看板設定", username);
result = WEB_ERROR;
}
else if ((result = ModifyBoard(form_data, board)))
sprintf(skin_file->filename, "/%sboards/%s/%s",
BBS_SUBDIR, boardname, HTML_BoardModify);
break;
#endif
case SkinModify: /* customize board skins */
if (strcmp(username, board->owner) && !HAS_PERM(PERM_SYSOP))
{
sprintf(WEBBBS_ERROR_MESSAGE,
"%s 沒有權限修改討論區介面", username);
result = WEB_ERROR;
}
else if (!(board->brdtype & BRD_WEBSKIN))
{
sprintf(WEBBBS_ERROR_MESSAGE,
"討論區 [%s] 尚未打開自定介面功\能", board->filename);
result = WEB_ERROR;
}
else if ((result = ModifySkin(form_data, board, pf)))
