Пример #1
0
/*******************************************************************
 *	顯示佈告相關 TAG (一般區 & 精華區 & 信件 通用)
 *
 *
 *******************************************************************/
void
ShowPost(char *tag, BOARDHEADER * board, POST_FILE * pf)
{
	char *p, *para = NULL;
	int pagesize, start, end;
	char value[256];

	if (request_rec->URLParaType != PostRead
	    && request_rec->URLParaType != TreaRead
	    && request_rec->URLParaType != MailRead
	    && request_rec->URLParaType != SkinModify)
	{
		return;
	}

	if ((p = strchr(tag, ' ')) != NULL)
	{
		*p = '\0';
		para = p + 1;
	}

#if 0
	fprintf(fp_out, "<%d>, tag=[%s], \n", request_rec->URLParaType, tag);
	fflush(fp_out);
#endif

	if (!strcasecmp(tag, "Num"))
	{
		fprintf(fp_out, "%d", pf->num);
	}
	else if (!strcasecmp(tag, "Date"))
	{
		fprintf(fp_out, "%s", pf->date);
	}
	else if (!strcasecmp(tag, "Sender"))
	{
		fprintf(fp_out, "%s", pf->fh.owner);
	}
	else if (!strcasecmp(tag, "BackList"))
	{
#ifdef TORNADO_OPTIMIZE
		if (isTORNADO)
			return;
#endif

		GetPara3(value, "PAGE", para, 4, "-1");
		pagesize = atoi(value);
		find_list_range(&start, &end, pf->num, pagesize, pf->total_rec);

		GetPara3(value, "VALUE", para, sizeof(value), MSG_PostBackList);
		fprintf(fp_out, "<A HREF=\"%d-%d\">%s</A>", start, end, value);
	}
	else if (!strcasecmp(tag, "BackListNum"))
	{
		GetPara3(value, "PAGE", para, 3, "-1");
		pagesize = atoi(value);
		find_list_range(&start, &end, pf->num, pagesize, pf->total_rec);

		fprintf(fp_out, "%d-%d", start, end);
	}
	else if (!strcasecmp(tag, "Last"))
	{
#if 0
		if (isTORNADO)
			return;
#endif
		GetPara3(value, "VALUE", para, sizeof(value), MSG_PostLast);

		if (!strcmp(pf->lfname, "-1"))
		{
			fprintf(fp_out, "%s", value);
		}
		else
		{
			if (pf->type & LAST_POST_IS_HTML)
				fprintf(fp_out, "<A HREF=\"%s/PostHtml.html\" target=\"new\">%s</A>", pf->lfname, value);
			else
				fprintf(fp_out, "<A HREF=\"%s.html\">%s</A>", pf->lfname, value);
		}
	}
	else if (!strcasecmp(tag, "Next"))
	{
#if 0
		if (isTORNADO)
			return;
#endif
		GetPara3(value, "VALUE", para, sizeof(value), MSG_PostNext);

		if (!strcmp(pf->nfname, "-1"))
		{
			fprintf(fp_out, "%s", value);
		}
		else
		{
			if (pf->type & NEXT_POST_IS_HTML)
				fprintf(fp_out, "<A HREF=\"%s/PostHtml.html\" Target=\"new\">%s</A>", pf->nfname, value);
			else
				fprintf(fp_out, "<A HREF=\"%s.html\">%s</A>", pf->nfname, value);
		}
	}
#ifdef TTT
	else if (!strcasecmp(tag, "LastRelated"))
	{
		GetPara3(value, "VALUE", para, sizeof(value), MSG_PostLastRelated);

		if (!strcmp(pf->lrfname, "-1"))
		{
			fprintf(fp_out, "%s", value);
		}
		else
		{
			fprintf(fp_out, "<A HREF=\"%s.html\">%s</A>", pf->lrfname, value);
		}
	}
	else if (!strcasecmp(tag, "NextRelated"))
	{
		GetPara3(value, "VALUE", para, sizeof(value), MSG_PostNextRelated);

		if (!strcmp(pf->nrfname, "-1"))
		{
			fprintf(fp_out, "%s", value);
		}
		else
		{
			fprintf(fp_out, "<A HREF=\"%s.html\">%s</A>", pf->nrfname, value);
		}
	}
#endif
	else if (!strcasecmp(tag, "Reply"))
	{
#ifdef TORNADO_OPTIMIZE
		if (isTORNADO)
			return;
#endif
		GetPara3(value, "VALUE", para, sizeof(value), MSG_PostReply);

		fprintf(fp_out, "<A HREF=\"%s/%s\">%s</A>",
			pf->fh.filename,
			(request_rec->URLParaType == MailRead) ? HTML_MailReply : HTML_PostReply,
			value);
	}
	else if (!strcasecmp(tag, "Send"))
	{
#ifdef TORNADO_OPTIMIZE
		if (isTORNADO)
			return;
#endif
		GetPara3(value, "VALUE", para, sizeof(value), MSG_PostSend);
		fprintf(fp_out, "<A HREF=\"%s\">%s</A>", HTML_PostSend, value);
	}
	else if (!strcasecmp(tag, "Edit"))
	{
#ifdef TORNADO_OPTIMIZE
		if (isTORNADO)
			return;
#endif
		if (PSCorrect != Correct)
			return;

		GetPara3(value, "VALUE", para, sizeof(value), MSG_PostEdit);
		fprintf(fp_out, "<A HREF=\"%s/%s\">%s</A>",
			pf->fh.filename, HTML_PostEdit, value);
	}
	else if (!strcasecmp(tag, "Forward"))
	{
#ifdef TORNADO_OPTIMIZE
		if (isTORNADO)
			return;
#endif
		if (request_rec->URLParaType != MailRead && PSCorrect != Correct)
			return;

		GetPara3(value, "VALUE", para, sizeof(value), MSG_PostForward);

		fprintf(fp_out, "<A HREF=\"%s/%s\">%s</A>",
			pf->fh.filename,
			(request_rec->URLParaType == MailRead) ? HTML_MailForward : HTML_PostForward,
			value);
	}
	else if (!strcasecmp(tag, "Delete"))
	{
#ifdef TORNADO_OPTIMIZE
		if (isTORNADO)
			return;
#endif
		if (request_rec->URLParaType != MailRead && PSCorrect != Correct)
			return;

		GetPara3(value, "VALUE", para, sizeof(value), MSG_PostDelete);

		fprintf(fp_out, "<A HREF=\"%s/%s\">%s</A>",
			pf->fh.filename,
			(request_rec->URLParaType == MailRead) ? HTML_MailDelete : HTML_PostDelete,
			value);
	}
	else if (!strcasecmp(tag, "Content"))
	{
		if (request_rec->URLParaType == MailRead && PSCorrect != Correct)
			return;

		if (request_rec->URLParaType == SkinModify)
			ShowArticle(pf->POST_NAME, FALSE, FALSE);
		else
			ShowArticle(pf->POST_NAME, FALSE, TRUE);
	}
	else if (!strcasecmp(tag, "Title") || !strcasecmp(tag, "Subject"))
	{
#ifdef QP_BASE64_DECODE
		if (strstr(pf->fh.title, "=?"))		/* title maybe encoded */
		{
			char source[STRLEN];

			strcpy(source, pf->fh.title);
			decode_line(pf->fh.title, source);
		}
#endif
		souts(pf->fh.title, STRLEN);
		fprintf(fp_out, "%s", pf->fh.title);
	}
	else if (!strcasecmp(tag, "ReplyContent"))
	{
		if (request_rec->URLParaType == MailRead && PSCorrect != Correct)
			return;

		include_ori(pf->POST_NAME, NULL);	/* lthuang */
	}
	else if (!strcasecmp(tag, "ReplyTitle") || !strcasecmp(tag, "ReplySubject"))
	{
#ifdef QP_BASE64_DECODE
		if (strstr(pf->fh.title, "=?"))		/* title maybe encoded */
		{
			strcpy(value, pf->fh.title);
			decode_line(pf->fh.title, value);
		}
#endif
		souts(pf->fh.title, STRLEN);
		if (strncmp(pf->fh.title, STR_REPLY, REPLY_LEN))
			fprintf(fp_out, "%s", STR_REPLY);

		fprintf(fp_out, "%s", pf->fh.title);
	}
	else if (!strcasecmp(tag, "Body"))
	{
		if (request_rec->URLParaType == MailRead && PSCorrect != Correct)
			return;

		if (strstr(skin_file->filename, "PostHtml.html")
		    || strstr(skin_file->filename, HTML_PostEdit))
		{
			ShowArticle(pf->POST_NAME, TRUE, FALSE);
		}
		else
			ShowArticle(pf->POST_NAME, TRUE, TRUE);

	}
	else if (!strcasecmp(tag, "FileName"))
	{
		fprintf(fp_out, "%s", pf->fh.filename);
	}
	else if (!strcasecmp(tag, "LastFileName"))
	{
		fprintf(fp_out, "%s.html", pf->lfname);
	}
	else if (!strcasecmp(tag, "NextFileName"))
	{
		fprintf(fp_out, "%s.html", pf->nfname);
	}
}
Пример #2
0
/*******************************************************************
 *	根據 URLParaType 執行 POST 的要求
 *
 *	return HttpRespondType
 *******************************************************************/
int 
DoPostRequest(REQUEST_REC * r, BOARDHEADER * board, POST_FILE * pf)
{
	int result, URLParaType;
	char *form_data, *boardname;

	result = WEB_ERROR;
	URLParaType = r->URLParaType;
	boardname = board->filename;

	/* Get FORM data */
	if ((form_data = GetFormBody(r->content_length, WEBBBS_ERROR_MESSAGE)) == NULL)
		return WEB_ERROR;

#ifdef DEBUG
	weblog_line(server->debug_log, form_data);
	fflush(server->debug_log);
#endif

	if (PSCorrect == nLogin && URLParaType == PostSend)
	{
		/* PostSend allow username&password in form body without login */
		char pass[PASSLEN * 3];

		GetPara2(username, "Name", form_data, IDLEN, "");	/* get userdata from form */
		GetPara2(pass, "Password", form_data, PASSLEN * 3, "");
		Convert(pass, password);
		PSCorrect = CheckUserPassword(username, password);
	}

	if (URLParaType == PostSend
	    || URLParaType == TreaSend
	    || URLParaType == PostEdit
	    || URLParaType == TreaEdit
	    || URLParaType == PostForward
	    || URLParaType == TreaForward
	    || URLParaType == PostDelete
	    || URLParaType == TreaDelete
	    || URLParaType == SkinModify
	    || URLParaType == AccessListModify
		)
	{
		int perm;
		/* boardname should set in advance, now in ParseURI() */
		if (get_board(board, boardname) <= 0 || board->filename[0] == '\0')
			return WEB_BOARD_NOT_FOUND;
		if ((perm = CheckBoardPerm(board, &curuser)) != WEB_OK)
			return perm;
	}

	if (PSCorrect == Correct
	    || (PSCorrect == gLogin && (URLParaType == PostSend || URLParaType == TreaSend))
	    || URLParaType == UserNew)
	{
		int start, end;
		char path[PATHLEN];

		switch (URLParaType)
		{
			case PostSend:
			case TreaSend:
				if ((result = PostArticle(form_data, board, pf)))
				{
#if 1
					if (URLParaType == TreaSend)
					{
						if (strlen(pf->POST_NAME))
							sprintf(skin_file->filename, "/%streasure/%s/%s/$",
								BBS_SUBDIR, boardname, pf->POST_NAME);
						else
							sprintf(skin_file->filename, "/%streasure/%s/$",
								BBS_SUBDIR, boardname);
					}
					else
					{
						sprintf(skin_file->filename, "/%sboards/%s/",
						     BBS_SUBDIR, boardname);
					}
#endif

					if (PSCorrect == Correct)
						UpdateUserRec(URLParaType, &curuser, board);
				}
				break;

			case MailSend:
				if ((result = PostArticle(form_data, board, pf)))
				{
					sprintf(skin_file->filename, "/%smail/", BBS_SUBDIR);
					UpdateUserRec(URLParaType, &curuser, NULL);
				}
				break;

			case PostEdit:
			case TreaEdit:
				if ((result = EditArticle(form_data, board, pf)))
				{
					sprintf(skin_file->filename, "/%s%s.html",
						BBS_SUBDIR, pf->POST_NAME);
				}
				break;

			case PostForward:
			case TreaForward:
			case MailForward:
				if ((result = ForwardArticle(form_data, board, pf)))
				{
					find_list_range(&start, &end, pf->num, DEFAULT_PAGE_SIZE, pf->total_rec);
					setdotfile(path, pf->POST_NAME, NULL);
					sprintf(skin_file->filename, "/%s%s%d-%d",
					      BBS_SUBDIR, path, start, end);
				}
				break;

			case PostDelete:
			case TreaDelete:
			case MailDelete:
				if ((result = DeleteArticle(form_data, board, pf)))
				{
					if (URLParaType == PostDelete)
					{
						find_list_range(&start, &end, pf->num, DEFAULT_PAGE_SIZE, pf->total_rec);
						sprintf(skin_file->filename, "/%sboards/%s/%d-%d",
							BBS_SUBDIR, boardname, start, end);
					}
					else if (URLParaType == TreaDelete)
					{
						setdotfile(path, pf->POST_NAME, NULL);
						sprintf(skin_file->filename, "/%s%s",
							BBS_SUBDIR, path);
					}
					else
						/* MailDelete */
					{
						sprintf(skin_file->filename, "/%smail/", BBS_SUBDIR);
					}
				}
				break;

			case UserNew:
				if ((result = NewUser(form_data, &curuser)))
					sprintf(skin_file->filename, "%s%s%s",
						HTML_PATH, BBS_SUBDIR, HTML_UserNewOK);
				break;

			case UserIdent:
				if ((result = DoUserIdent(form_data, &curuser)))
					sprintf(skin_file->filename, "%s%s%s",
						HTML_PATH, BBS_SUBDIR, HTML_UserIdentOK);
				break;

			case UserData:
				if ((result = UpdateUserData(form_data, &curuser)))
					sprintf(skin_file->filename, "/%susers/%s",
						BBS_SUBDIR, HTML_UserData);
				break;

			case UserPlan:
				if ((result = UpdateUserPlan(form_data, &curuser)))
					sprintf(skin_file->filename, "/%susers/%s",
						BBS_SUBDIR, HTML_UserPlan);
				break;

			case UserSign:
				if ((result = UpdateUserSign(form_data, &curuser)))
					sprintf(skin_file->filename, "/%susers/%s",
						BBS_SUBDIR, HTML_UserSign);
				break;

			case UserFriend:
				if ((result = UpdateUserFriend(form_data, &curuser)))
					sprintf(skin_file->filename, "/%susers/%s",
						BBS_SUBDIR, HTML_UserFriend);
				break;

#ifdef WEB_ADMIN
			case BoardModify:	/* admin function */
				if (!HAS_PERM(PERM_SYSOP)
#ifdef NSYSUBBS
				    || !strstr(request_rec->fromhost, "140.17.12.")
#endif
					)
				{
					sprintf(WEBBBS_ERROR_MESSAGE,
					"%s 沒有權限修改看板設定", username);
					result = WEB_ERROR;
				}
				else if ((result = ModifyBoard(form_data, board)))
					sprintf(skin_file->filename, "/%sboards/%s/%s",
						BBS_SUBDIR, boardname, HTML_BoardModify);
				break;
#endif

			case SkinModify:	/* customize board skins */
				if (strcmp(username, board->owner) && !HAS_PERM(PERM_SYSOP))
				{
					sprintf(WEBBBS_ERROR_MESSAGE,
						"%s 沒有權限修改討論區介面", username);
					result = WEB_ERROR;
				}
				else if (!(board->brdtype & BRD_WEBSKIN))
				{
					sprintf(WEBBBS_ERROR_MESSAGE,
						"討論區 [%s] 尚未打開自定介面功\能", board->filename);
					result = WEB_ERROR;
				}
				else if ((result = ModifySkin(form_data, board, pf)))