#!/usr/bin/perl -Tw use CGI qw/:standard/; use Digest::MD5 qw(md5_hex); use LWP::UserAgent; #use Tie::File; use Time::localtime; require "/home/ericll75/www/common/dbcommon.sub"; require "/home/ericll75/www/common/eltaint.sub"; BEGIN { use CGI::Carp qw(carpout); open(LOG, ">>/home/ericll75/www/steepturns.com/badcams/members/index.log") or die("Unable to open index.log: $!\n"); carpout(LOG); } use CGI::Carp qw(fatalsToBrowser); $CGI::DISABLE_UPLOADS = 1; # Disable uploads $CGI::POST_MAX = 1024; # limit posts to 1K max my $UserName = $ENV{'REMOTE_USER'}; local $LastAction; my $WhatChange = param('change'); if ($WhatChange =~ /^(sitename|sitedesc|siteurl|camurl|siterating|username|realname|useremail|userbday|sexorient|location|userpw|activestatus)$/) { &ChangePrompt; } elsif ($WhatChange =~ /^(postsitename|postsitedesc|postsiteurl|postcamurl|postsiterating|postusername|postrealname|postuseremail|postuserbday|postsexorient|postlocation|postuserpw|postactivestatus)$/) { &ChangePost; } else { $WhatChange = ''; } &DispUserInfo; sub DispUserInfo { my @CurrUserInfo; @CurrUserInfo = &GetAllUserInfo; my $FileErr = substr(param('FileErr'),0,80); if ($FileErr) { if ($FileErr =~ /[^A-Za-z0-9\s\-\'\;\:\!\.\ \(\)]/) { $FileErr = ''; } } else { $FileErr = &escapify($FileErr); } my $BdayMonth = int(substr($CurrUserInfo[18],0,2)); my $BdayDate = int(substr($CurrUserInfo[18],2,2)); my $BdayYear = substr($CurrUserInfo[18],4,4); my $LastCamTime; my $LastLogin; my $LastUpdated; my $SignDate; if ($CurrUserInfo[11] > $CurrUserInfo[10]) { #They are not online now. $LastCamTime = sprintf("%02d",localtime($CurrUserInfo[10])->mon()+1) . "-" . sprintf("%02d",localtime($CurrUserInfo[10])->mday()) . "-" . sprintf("%04d",localtime($CurrUserInfo[10])->year()+1900) . " at "; $LastCamTime .= sprintf("%02d",localtime($CurrUserInfo[10])->hour()) . ":" . sprintf("%02d",localtime($CurrUserInfo[10])->min()); } else { $LastCamTime = "Currently online"; } if ($CurrUserInfo[21]) { $LastLogin = int(substr($CurrUserInfo[21],4,2))."-".int(substr($CurrUserInfo[21],6,2))."-".substr($CurrUserInfo[21],0,4); } if ($CurrUserInfo[22]) { $LastUpdated = int(substr($CurrUserInfo[22],4,2))."-".int(substr($CurrUserInfo[22],6,2))."-".substr($CurrUserInfo[22],0,4); } if ($CurrUserInfo[23]) { $SignDate = int(substr($CurrUserInfo[23],4,2))."-".int(substr($CurrUserInfo[23],6,2))."-".substr($CurrUserInfo[23],0,4); } if ($CurrUserInfo[1] eq 'IN') { $ActiveStatus = "Active"; } elsif ($CurrUserInfo[1] eq 'nu') { $ActiveStatus = "New User, awaiting review"; } elsif ($CurrUserInfo[1] eq 'ci') { $ActiveStatus = "Cam Info changed, awaiting review"; } elsif ($CurrUserInfo[1] eq 'py') { $ActiveStatus = "Rejected - your cam MUST be free of charge to be on this portal."; } elsif ($CurrUserInfo[1] eq 'wp') { $ActiveStatus = "Rejected - your cam url MUST be the actual cam .gif or .jpg!.  This is the SAME image that your site automatically refreshes when you are online."; } elsif ($CurrUserInfo[1] eq 'rj') { $ActiveStatus = "Rejected - please make sure all your info is correct and legitimate."; } &DispHeader; print qq` $FileErr

Current Cam Image:

Last time on cam: $LastCamTime

Last login to BadCams: $LastLogin
Last update to profile: $LastUpdated
Cam Profile Created: $SignDate

UserName:$UserName ($CurrUserInfo[16])
Real Name: $CurrUserInfo[14] $CurrUserInfo[15]
Email Address: $CurrUserInfo[13]
Birth Date: $BdayMonth-$BdayDate-$BdayYear
Sexual Orientation: $CurrUserInfo[17]
Location: $CurrUserInfo[19]
Password: (not shown)
Status: $ActiveStatus
Site ID: $CurrUserInfo[0]
Site/Webcam Name: $CurrUserInfo[2]
Site/Webcam Description: $CurrUserInfo[3]
Site URL
(main page):		 $CurrUserInfo[4]
Cam URL: $CurrUserInfo[5]
Site Rating: $CurrUserInfo[6]
`; &DispFooter; } #-------------------------------- Displays header up to the table. sub DispHeader { print "Content-type: text/html\n\n"; print qq` BadCams User Data

Edit your account

[ Return to Portal ]

\n`; } #-------------------------- Displays footer after the table. sub DispFooter { print qq`



[ Questions/Comments ]

©2001 Steep Turns(SM) Web Design

Steep Turns(SM) Web Design
`; exit; } sub GetAllUserInfo { my @CurrUserInfo; $SQL = qq`SELECT SiteID,ActiveStatus,SiteName,SiteDesc,SiteURL,CamURL,SiteRating,VisitorsIn,VisitorsOut,LastCamMD5,LastCamTime,LastOffTime, UserName,UserEmail,FirstName,LastName,UserGender,SexOrient,UserBday,UserLocation,LastAction,LastLogin,LastUpdated,SignDate FROM CamUsers1 WHERE UserName='$UserName'`; &CreateDBConnection; &DoSQL; @CurrUserInfo = $sth->fetchrow_array; $dbh->disconnect; return @CurrUserInfo; } #----------------------- sub ChangePrompt { my @CurrUserInfo; @CurrUserInfo = &GetAllUserInfo; &DispHeader; print qq`
`; if ($WhatChange eq 'sitename') { print qq` Enter your new site/webcam name:

`; } elsif ($WhatChange eq 'sitedesc') { print qq` Enter your new site/webcam description:


(This field is optional and may be left blank)`; } elsif ($WhatChange eq 'siteurl') { print qq` Enter your new website URL:

`; } elsif ($WhatChange eq 'camurl') { print qq` Enter your new webcam URL (this must be the direct .jpg URL):

`; } elsif ($WhatChange eq 'siterating') { print qq` Enter your new site rating:

`; } elsif ($WhatChange eq 'username') { print qq` Enter your new username:




You must also enter your password:
`; } elsif ($WhatChange eq 'realname') { print qq` Enter your real name:

First Name
Last Name
`; } elsif ($WhatChange eq 'useremail') { print qq` Enter your new email address:

`; } elsif ($WhatChange eq 'userbday') { $BdayMonth = substr($CurrUserInfo[18],0,2); $BdayDate = substr($CurrUserInfo[18],2,2); $BdayYear = substr($CurrUserInfo[18],4,4); print qq` Enter your birthdate:

/ / `; } elsif ($WhatChange eq 'sexorient') { print qq` Enter your sexual orientation:

`; } elsif ($WhatChange eq 'location') { print qq` Enter your new state/province (if living the the U.S. or Canada), otherwise enter your country:

State/Province:
Country:
(if outside U.S. or Canada)
`; } elsif ($WhatChange eq 'userpw') { print qq` Enter your new password:

Verify OLD Password

NEW Password
Verify new Password
`; } print qq`


 
`; &DispFooter; } #---------------------------------- sub ChangePost { if ($WhatChange eq 'postsitename') { my $SiteName = substr(param('SiteName'),0,80); $SiteName = &elokphrase($SiteName); if (length($SiteName) < 4 || length($SiteName) > 80) { &NewErr('You did not enter your site/webcam name!  Nothing Done!'); } elsif (&NeedsReview) { &WriteUpdate('SiteName',$SiteName,'string'); &NewErr('Your site/webcam name has been successfully changed.'); } } elsif ($WhatChange eq 'postsitedesc') { my $SiteDesc = substr(param('SiteDesc'),0,200); $SiteDesc = &elokphrase($SiteDesc); if (length($SiteDesc) > 200) { &NewErr('Illegal site/webcam description! Nothing Done!'); } elsif (&NeedsReview) { &WriteUpdate('SiteDesc',$SiteDesc,'string'); &NewErr('Your site description has been successfully changed.'); } } elsif ($WhatChange eq 'postsiteurl') { my $SiteURL = &escapify(param('SiteURL')); if (!&ValidURL($SiteURL) || length($SiteURL) < 7 || length($SiteURL) > 200) { &NewErr('Invalid Website URL!  Nothing done.'); } elsif (!&CheckURLExists($SiteURL)) { &NewErr('That website URL does not exist!  Nothing done.'); } elsif (&NeedsReview) { &WriteUpdate('SiteURL',$SiteURL,'string'); &NewErr('Your site URL has been successfully changed.'); } } elsif ($WhatChange eq 'postcamurl') { my $CamURL = &escapify(param('CamURL')); if (!&ValidURL($CamURL) || length($CamURL) < 7 || length($CamURL) > 200) { &NewErr('Invalid webcam URL!  Nothing done.'); } elsif (&NeedsReview) { &WriteUpdate('CamURL',$CamURL,'string'); &NewErr('Your webcam URL has been successfully changed.'); } } elsif ($WhatChange eq 'postsiterating') { my $SiteRating = &escapify(param('SiteRating')); if ($SiteRating !~ /^PG|R|X$/) { &NewErr('You must select your site\'s rating!  Nothing done.'); } elsif (&NeedsReview) { &WriteUpdate('SiteRating',$SiteRating,'string'); &NewErr('Your site\'s rating has been successfully changed.'); } } elsif ($WhatChange eq 'postusername') { my $NewUserName = param('UserName'); my $UserPW = param('UserPW'); if (length($NewUserName) < 4 || length($NewUserName) > 20) { &NewErr('Your username must be 4-20 characters long!  Nothing done.'); } elsif ($NewUserName =~ /[^A-Za-z0-9]/) { &NewErr('That username contains invalid characters!  Nothing done.'); } elsif ($UserPW =~ /[^A-Za-z0-9]/ || length($UserPW) < 6 || length($UserPW) > 20) { &NewErr('Incorrect password! Your username has NOT been changed.'); } else { my $OldHashedPW = crypt($UserPW,$UserName); my $NewHashedPW = crypt($UserPW,$NewUserName); my $UserChangedFlag = 0; my @AllUsers; open (PWDAT, "/home/ericll75/www/steepturns.com/badcams/Data/.htpasswd") or croak("Unable to open user data file! $!\n"); flock(PWDAT,1) || croak("Unable to flock user data file!"); @AllUsers = ; close (PWDAT); foreach (@AllUsers) { if ($_ =~ /^$NewUserName:/) { &NewErr('That username is already being used; please choose another name and try again.'); } } foreach (@AllUsers) { if ($_ =~ s/^$UserName:$OldHashedPW/$NewUserName:$NewHashedPW/) { $UserChangedFlag = 1; last; } } if ($UserChangedFlag == 0) { &NewErr('Incorrect password!  Your username has NOT been changed.'); } else { &WriteUpdate('UserName',$NewUserName,'newuser'); open (PWDAT, ">/home/ericll75/www/steepturns.com/badcams/Data/.htpasswd") or croak("Unable to open user data file! $!\n"); flock(PWDAT,1) || croak("Unable to flock user data file!"); print PWDAT @AllUsers; close (PWDAT); &NewErr('Your username has been successfully changed.',$NewUserName,$UserPW); } } } elsif ($WhatChange eq 'postrealname') { my $FirstName = &escapify(param('FirstName')); my $LastName = &escapify(param('LastName')); if (length($FirstName) < 1 || length($LastName) < 1) { &NewErr('You must enter both your first and last name!  Nothing done.'); } elsif (length($FirstName) > 20 || $FirstName =~ /[^A-Za-z\s]/) { &NewErr('Illegal characters in your first name!  Nothing done.'); } elsif (length($LastName) > 30 || $LastName =~ /[^A-Za-z\s]/) { &NewErr('Illegal characters in your last name!  nothing done.'); } else { &WriteUpdate('FirstName',$FirstName,'string'); &WriteUpdate('LastName',$LastName,'string'); &NewErr('Your name has been successfully changed.'); } } elsif ($WhatChange eq 'postuseremail') { my $UserEmail = substr(param('UserEmail'),0,60); if (length($UserEmail) < 6) { &NewErr('You must enter your email address!  Nothing done.'); } elsif (!&CheckEmail($UserEmail)) { &NewErr('Invalid email address!  Nothing done.'); } else { &WriteUpdate('UserEmail',&escapify($UserEmail),'string'); &NewErr('Your email address has been successfully changed.'); } } elsif ($WhatChange eq 'postuserbday') { my $BdayMonth = param('BdayMonth'); my $BdayDate = param('BdayDate'); my $BdayYear = param('BdayYear'); if ($BdayMonth !~ /^\d\d?$/ || $BdayMonth < 1 || $BdayMonth > 12) { &NewErr('You must select your birth month!  Nothing done.'); } elsif ($BdayDate !~ /^\d\d?$/ || $BdayDate < 1 || $BdayDate > 31 || ($BdayMonth == 2 && $BdayDate > 29) || ($BdayMonth =~ /^4|6|9|11$/ && $BdayDate > 30)) { &NewErr('You must select your birth date!  Nothing done.'); } elsif ($BdayYear !~ /^\d\d\d\d$/ || $BdayYear < 1900) { &NewErr('Invalid birth year!  Nothing done.'); } elsif ($BdayYear > 1986) { &NewErr('Sorry, that age is too young!  Nothing done.'); } else { my $Bday = sprintf("%02d", $BdayMonth) . sprintf("%02d", $BdayDate) . $BdayYear; &WriteUpdate('UserBday',$Bday,'string'); &NewErr('Your birthdate has been successfully changed.'); } } elsif ($WhatChange eq 'postsexorient') { my $SexOrient = &escapify(param('SexOrient')); if (length($SexOrient) < 1 || length($SexOrient) > 21 || $SexOrient =~ /[^A-Za-z\s\/]/) { &NewErr('You did not enter your sexual orientation!  Nothing Done.'); } else { @CurrUserInfo = &GetAllUserInfo; if ($SexOrient eq "Gay/Lesbian" && $CurrUserInfo[16] eq 'F') { $SexOrient = "Lesbian"; } elsif ($SexOrient eq "Gay/Lesbian") { $SexOrient = "Gay"; } &WriteUpdate('SexOrient',$SexOrient,'string'); &NewErr('Your sexual orientation has been successfully changed.'); } } elsif ($WhatChange eq 'postlocation') { my $UserState = &escapify(param('UserState')); my $UserCountry = &escapify(param('UserCountry')); if ((length($UserState) < 3 && length($UserCountry) < 2) || length($UserState) > 20 || $UserState =~ /[^A-Za-z\.\s]/ || $UserCountry =~ /[^A-Za-z\.\s]/) { &NewErr('You must enter your state, or if not living in the U.S.
or Canada, you must enter your country.  Nothing done.'); } elsif (length($UserState) < 3 && ($UserCountry =~ /united states/i || $UserCountry =~ /u\.s\./i || $UserCountry =~ /canada/i)) { &NewErr('If you live in the U.S. or Canada, you must enter your state.  Nothing done.'); } else { my $UserLocation; if (length($UserState) > 2) { $UserLocation = $UserState; } else { $UserLocation = $UserCountry; } &WriteUpdate('UserLocation',$UserLocation,'string'); &NewErr('Your location has been successfully changed.'); } } elsif ($WhatChange eq 'postuserpw') { my $OldUserPW = param('UserPOld'); my $UserP1 = param('UserP1'); my $UserP2 = param('UserP2'); if (length($UserP1) < 6 || length($UserP2) < 6 || length($UserP1) > 20 || length($UserP2) > 20) { &NewErr('Your new password must be 6-20 characters long!  Nothing done.'); } elsif ($UserP1 =~ /[^A-Za-z0-9]/) { &NewErr('Your new password contains invalid characters!  Nothing done.'); } elsif ($UserP1 ne $UserP2) { &NewErr('Those passwords do not match!  Nothing done.'); } elsif ($OldUserPW =~ /[^A-Za-z0-9]/ || length($OldUserPW) < 6 || length($OldUserPW) > 20) { &NewErr("The original password is incorrect!  Your password has NOT been changed."); } else { my $OldHashedPW = crypt($OldUserPW,$UserName); my $NewHashedPW = crypt($UserP1,$UserName); my $UserChangedFlag = 0; my @AllUsers; open (PWDAT, "/home/ericll75/www/steepturns.com/badcams/Data/.htpasswd") or croak("Unable to open user data file! $!\n"); flock(PWDAT,1) || croak("Unable to flock user data file!"); @AllUsers = ; close (PWDAT); foreach (@AllUsers) { if ($_ =~ s/^$UserName:$OldHashedPW$/$UserName:$NewHashedPW/) { $UserChangedFlag = 1; last; } } if ($UserChangedFlag == 0) { &NewErr('The original password is incorrect!  Your password has NOT been changed.'); } else { open (PWDAT, ">/home/ericll75/www/steepturns.com/badcams/Data/.htpasswd") or croak("Unable to open user data file! $!\n"); flock(PWDAT,1) || croak("Unable to flock user data file!"); print PWDAT @AllUsers; close (PWDAT); my $PostDate .= sprintf("%04d",localtime->year()+1900) . sprintf("%02d",localtime->mon()+1) . sprintf("%02d",localtime->mday()); $PostDate .= sprintf("%02d",localtime->hour()) . sprintf("%02d",localtime->min()) . sprintf("%02d",localtime->sec()); $SQL = qq`SELECT LastAction FROM CamUsers1 WHERE UserName='$UserName'`; &CreateDBConnection; &DoSQL; my ($LastAction) = $sth->fetchrow_array; $SQL = qq`UPDATE CamUsers1 SET LastAction='$LastAction\/\/UserPW^$PostDate' WHERE UserName='$UserName'`; &DoSQL; $dbh->disconnect; &NewErr('Your password has been successfully changed.',$UserName,$UserP1); } } } } #------------------------- Write update to CamUsers1 table. sub WriteUpdate { my $PostDate .= sprintf("%04d",localtime->year()+1900) . sprintf("%02d",localtime->mon()+1) . sprintf("%02d",localtime->mday()); $PostDate .= sprintf("%02d",localtime->hour()) . sprintf("%02d",localtime->min()) . sprintf("%02d",localtime->sec()); my $FieldCheck; my $WhatField = shift; my $WhatValue = shift; my $StringOrInt = shift; if ($StringOrInt eq 'string') { $SQL1 = qq`UPDATE CamUsers1 SET $WhatField='`.&escapify($WhatValue).qq`' WHERE UserName='$UserName'`; $SQL2 = qq`SELECT $WhatField FROM CamUsers1 WHERE UserName='$UserName'`; } elsif ($StringOrInt eq 'newuser') { #This is only used if we are changing the username. $SQL1 = qq`UPDATE CamUsers1 SET $WhatField='$WhatValue' WHERE UserName='$UserName'`; $SQL2 = qq`SELECT $WhatField FROM CamUsers1 WHERE UserName='$WhatValue'`; } else { $SQL1 = qq`UPDATE CamUsers1 SET $WhatField=$WhatValue WHERE UserName='$UserName'`; $SQL2 = qq`SELECT $WhatField FROM CamUsers1 WHERE UserName='$UserName'`; } $SQL = qq`SELECT LastAction FROM CamUsers1 WHERE UserName='$UserName'`; &CreateDBConnection; &DoSQL; my ($LastAction) = $sth->fetchrow_array; $SQL = qq`UPDATE CamUsers1 SET LastAction='$LastAction\/\/$WhatField^$PostDate' WHERE UserName='$UserName'`; &DoSQL; $SQL = $SQL1; &DoSQL; $SQL = $SQL2; #This was assigned up above. &DoSQL; ($FieldCheck) = $sth->fetchrow_array; $dbh->disconnect; if ($FieldCheck eq $WhatValue) { return 1; } else { &NewErr("Error saving changes, nothing done."); } } #------------------------- Sets ActiveStatus to let moderator review. sub NeedsReview { &CreateDBConnection; $SQL = qq`UPDATE CamUsers1 SET ActiveStatus='ci' WHERE UserName='$UserName'`; &DoSQL; $SQL = qq`SELECT ActiveStatus FROM CamUsers1 WHERE UserName='$UserName'`; &DoSQL; ($FieldCheck) = $sth->fetchrow_array; $dbh->disconnect; if ($FieldCheck eq 'ci') { return 1; } else { &NewErr("Error saving changes, nothing done."); } } sub escapify { $_[0] =~ s/([^\/]?)\'/$1\\\'/g; $_[0] =~ s/([^\/]?)\"/$1\\\"/g; return $_[0]; } sub sql2html { $_[0] =~ s/\\\'/\&\#39;/g; $_[0] =~ s/\\\"/\&\#34;/g; return $_[0]; } sub htmlify { $_[0] =~ s/\'/\&\#39;/g; $_[0] =~ s/\"/\&\#34;/g; return $_[0]; } #---------------------------- End of most error/taint checks. my $SiteID; my $IDList; my $CurrCamMD5; my @PrevUserList; my $UserLocation; my $CurrTimeStamp = time; #--------------------- Get cam checksum. my $ua = LWP::UserAgent->new; # Create a user agent object $ua->agent("Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)"); my $req = HTTP::Request->new(GET => "$CamURL"); $req->content('match=www&errors=0'); my $res = $ua->request($req); #Pass request to user agent, get response. unless ($res->is_success) { #If cam image doesn't exist, return w/error. &NewErr('NoCSU'); } else { $CurrCamMD5 = md5_hex($res->content); } #--------------------- Check/write to password file. $UserName = &escapify($UserName); #Since we did not encrypt UserName up above. if (length($UserState) > 2) { $UserLocation = $UserState; } else { $UserLocation = $UserCountry; } my $Bday = sprintf("%02d", $BdayMonth) . sprintf("%02d", $BdayDate) . $BdayYear; my $PostDate .= sprintf("%04d",localtime->year()+1900) . sprintf("%02d",localtime->mon()+1) . sprintf("%02d",localtime->mday()); $PostDate .= sprintf("%02d",localtime->hour()) . sprintf("%02d",localtime->min()) . sprintf("%02d",localtime->sec()); sub NewErr { my $LoginCred = ''; if ($_[1] && $_[2]) { $LoginCred = $_[1].":".$_[2]."\@"; } #This will log them in with the new username/password. print "Content-type: text/html\n\n"; print qq` `; exit; } sub escapify { $_[0] =~ s/([^\/]?)\'/$1\\\'/g; $_[0] =~ s/([^\/]?)\"/$1\\\"/g; return $_[0]; } sub sql2html { $_[0] =~ s/\\\'/\&\#39;/g; $_[0] =~ s/\\\"/\&\#34;/g; return $_[0]; } #--------------------------- See if the URL exists. sub CheckURLExists { use LWP::Simple (); #Don't import anything... *LWPhead = \&LWP::Simple::head; #...then import head as LWPhead() if (!LWPhead($_[0])) { #Checks if URL actually exists. return 0; } else { return 1; } }