#!/usr/bin/perl
$discus_conf = '/usr/local/www/www.acheron.org/discus_admin_116439176/discus.conf';
#Discus board image upload script
#-------------------------------------------------------------------------------
# This script is copyright (c) 1998 by DiscusWare, LLC, all rights reserved.
# Its use is subject to the license agreement that can be found at the following
# URL:  http://www.chem.hope.edu/discus/license
#-------------------------------------------------------------------------------
if (open (FILE, "$discus_conf")) {
	@file = <FILE>;
	close (FILE);
	$evals = "";
	foreach $line (@file) {
		if ($line =~ /^(\w+)=(.*)/) {
			$varname = $1;
			$value = $2;
			$value =~ s/'/\\'/g; $value =~ s/\r//g;
			$evals .= "\$$varname='$value'; ";
		}
	}
	eval($evals);
	require "$admin_dir/source/src-board-subs-common";
} else {
	print "Content-type: text/html\n\n";
	print "<HTML><HEAD><TITLE>Script Execution Error</TITLE></HEAD>\n";
	print "<BODY BGCOLOR=#ffffff TEXT=#000000>\n";
	print "<H1>Script Execution Error</H1>\n";
	print "Discus scripts could not execute because the discus.conf file\n";
	print "could not be opened.";
	print "<P>Reason: <FONT COLOR=#ff0000><B>$!</B></FONT>" if $!;
	print "<P>This generally indicates a setup error of some kind.\n";
	print "Consult the <A HREF=\"http://www.chem.hope.edu/discus/rc\">Discus ";
	print "Resource Center</A> for troubleshooting information.</BODY></HTML>\n";
	exit(0);
}
require "$admin_dir/source/src-board-subs-admin";
###################### MIME TYPES FOR ACCEPTABLE IMAGES ######################
$extension{"image/gif"} = "gif"; $tag{"image/gif"} = "image_alreadyuploaded";
$extension{"image/jpeg"} = "jpg"; $tag{"image/jpeg"} = "jpeg_alreadyuploaded";
$extension{"image/pjpeg"} = "jpg"; $tag{"image/pjpeg"} = "jpeg_alreadyuploaded";
################################################
#	Script Starts Here
################################################
&parse_multipart;
&read_cookie;
if ($FORM{'action'} =~ /profile/) {
	&ex('image_handler_PRO', 1);
	exit(0);
}
&extract($FORM{'HTTP_REFERER'});
$FORM{'name'} = $FORM{'username'} if $FORM{'username'} ne "";
$FORM{'number'} = $FORM{'passwd'} if $FORM{'passwd'} ne "";
$name2 = $FORM{'name'}; $name2 =~ tr/A-Z/a-z/;
$number2 = $FORM{'number'}; $number2 =~ tr/A-Z/a-z/;
($auth, $passwordline, $poster_type) = &ex('verify_postread_privileges', $topic_number, $name2, $password_input, $number2, "posting");
if ($ENV{'HTTP_REFERER'} ne "$script_url/board-post.$cgi_extension" && $ENV{'HTTP_REFERER'} ne "$script_url/board-image.$cgi_extension") {
	&error_message("Invalid Referer", "You are not accessing this page from an acceptable referring page.  What are you trying to do?");
}
if ($FORM{'queue'}) {
	$FORM{'queue'} =~ s/\D//g;
	if (!-e "$admin_dir/queue/$FORM{'queue'}.txt") {
		&error_message("Message Queue Error", "The message you are attempting to access is no longer in the queue.");
	}
}
$formpostindex = $FORM{'postindex'}; $formpostindex =~ s/\D//g;
if (!$FORM{'queue'} ) {
	&lock("$message_dir/$topic_number/$me_number.$ext");
	$filename = "$topic_number/$me_number.$ext";
	($head, $color, $lm, $ann, $ann_src, $sublist, $about, $about_src, $message_in, $message_src) = &get_page($topic_number,$me_number);
	if (-e "$message_dir/$filename") {
		$secure = 0;
	} else {
		$secure = 1;
	}
	@src = split(/\n/,$message_src); $flag = 0;
	foreach $line (@src) {
		if ($line =~ m|<!-Source: $formpostindex-|) {
			$flag = 1;
		} elsif ($line =~ m|<!-/Source: $formpostindex-|) {
			$flag = 0;
		} elsif ($flag == 1) {
			$srcline = $line;
		}
	}
} else {
	$filename = "$admin_dir/queue/$FORM{'queue'}.txt";
	&lock($filename);
	open (QUEUE, $filename); @queue = <QUEUE>; close (QUEUE);
	($message_src) = grep(/^SOURCE: /, @queue); $message_src =~ s/^(\w+): (.*)/$2/;
	$srcline = $message_src;
	$queue = 1;
	&unlock($filename);
}
$adminappend = "?username=$FORM{'name'}";
$adminappend .= "&HTTP_REFERER=$FORM{'HTTP_REFERER'}&action=page_editor";
($bgcolor, $text, $link, $vlink, $alink, $face, $size, $image) = &ex('extract_colorsonly', 1);
undef %status; undef %statuscode; undef @statusorder; undef %descr;
$srcline = &unescape($srcline);
while ($srcline =~ m|\\image_notuploaded\{(\d+),([^\}]*)\}|) {
	($counter, $description, $before, $after) = ($1, $2, $`, $');
	$descr{$counter} = $description;
	$FORMNAME{$counter} = "Image$counter";
	push (@statusorder, $counter);
	$formname = "Image$counter"; $content = $CONTENT{$formname};
	if ($content =~ m|mac/unknown|) {
		$content = "image/gif" if $FILE{$formname} =~ m|^GIF|i;
		$content = "image/jpeg" if $FILE{$formname} !~ m|^GIF|i;
	}	
	if ($FILE{$formname} eq "") {
		$status{$counter} = $FILENAME{$formname};
		$statuscode{$counter} = 2;
		$srcline = join("", $before, "\\image_notuploaded*{$counter,$description}", $after);
	} elsif (!grep(/^$content$/, keys(%tag))) {
		$status{$counter} = $content;
		$statuscode{$counter} = 1;
		$srcline = join("", $before, "\\image_notuploaded*{$counter,$description}", $after);
	} elsif ($poster_type == 8 && length($FILE{$formname}) > ($GLOBAL_OPTIONS{'public_maxsize'} * 1000) && $GLOBAL_OPTIONS{'public_maxsize'} != 0) {
		$statuscode{$counter} = 3;
		$srcline = join("", $before, "\\image_notuploaded*{$counter,$description}", $after);
	} elsif ($poster_type != 8 && length($FILE{$formname}) > ($GLOBAL_OPTIONS{'registered_maxsize'} * 1000) && $GLOBAL_OPTIONS{'registered_maxsize'} != 0) {
		$statuscode{$counter} = 3;
		$srcline = join("", $before, "\\image_notuploaded*{$counter,$description}", $after);
	} else {
		$newtag = $tag{$content}; $newext = $extension{$content};
		($num) = &ex('get_number', 1);
		$srcline = join("", $before, "\\", $newtag, "{$num,$description}", $after);
		$filename = "$message_dir/$topic_number/$num.$newext" if (!$queue && -e "$message_dir/$topic_number");
		$filename = "$secdir/$topic_number/$num.$newext" if (!$queue && !-e "$message_dir/$topic_number");
		$filename = "$admin_dir/queue/$num.$newext" if $queue;
		open (FILE, ">$filename");
		eval 'binmode(FILE);';
		print FILE $FILE{$formname};
		close (FILE);
		chmod(0644, $filename);
		$status{$counter} = length($FILE{$formname});
		$statuscode{$counter} = 0;
		$redoflag = 1;
	}
}
while ($srcline =~ m|\\image_notuploaded\*\{(\d+),([^\}]*)\}|) {
	($counter, $description, $before, $after) = ($1, $2, $`, $');
	$srcline = join("", $before, "\\image_notuploaded{$counter,$description}", $after);
}
if ($pro) {
	($srcline) = &ex('attachment_upload', $srcline, $topic_number, $queue, $poster_type);
}
$srcline =~ s/\&quot;/"/g;
$srcline =~ s/\&lt;/</g;
$srcline =~ s/\&gt;/>/g;
$srcline =~ s/\&amp;/&/g;
$srcline_new = $srcline;
$srcline = &escape($srcline_new);
($lint, $message_var_replace) = &ex('webtags', $srcline_new, 0, 1);
if (!$queue) {
	@msg = split(/\n/, $message_in); $flag = 0; $ctr = 0;
	foreach $line (@msg) {
		$ctr += 1;
		if ($line =~ m|<!-/Post: $formpostindex-!>|) {
			$flag = ($ctr-1);
		}
	}
	if ($flag) {
		$msg[$flag-1] = $message_var_replace;
	}
	@src = split(/\n/, $message_src); $flag = 0;
	foreach $line (@src) {
		if ($line =~ m|<!-Source: $formpostindex-|) {
			$flag = 1;
		} elsif ($line =~ m|<!-/Source: $formpostindex-|) {
			$flag = 0;
		} elsif ($flag == 1) {
			$line = $srcline;
		}
	}
	$message_var = join("\n", @msg);
	$new_source = join("\n", @src);
	&set_page($topic_number, $me_number, $head, $color, $lm, $ann, $ann_src, $sublist, $about, $about_src, $message_var, $new_source) if !$queue;
	&unlock("$message_dir/$topic_number/$me_number.$ext");
} else {
	$filename = "$admin_dir/queue/$FORM{'queue'}.txt";
	&lock($filename);
	open (QUEUE, "$filename"); @queue = <QUEUE>; close (QUEUE);
	@queue = grep(!/^TEXT:/, @queue);
	@queue = grep(!/^SOURCE:/, @queue);
	push (@queue, "TEXT: " . &escape($message_var_replace) . "\n");
	push (@queue, "SOURCE: " . $srcline . "\n");
	open (QUEUE, ">$filename"); print QUEUE @queue; close (QUEUE);
	&unlock($filename);
}
$error = 0;
foreach $key (keys(%statuscode)) {
	$error = 1 if $statuscode{$key} != 0;
}
if ($error == 0) {
	if ($queue) {
		&ex('queue_submitted', $topic_number, $me_number, $adminappend, $FORM{'isitok'});
	} elsif ($FORM{'isitok'} eq "okiedokie") {
		&seturl("$cgiurlm$adminappend");
	} else {
		if (-e "$message_dir/$topic_number/$me_number.$ext") {
			$lmstuff = "?$lm" if !$noqm;
			&seturl("$message_url/$topic_number/$me_number.$ext$lmstuff");
		} else {
			&seturl("$script_url/board-auth.$cgi_extension?file=/$topic_number/$me_number.$ext&lm=$lm");
		}
	}
}
&header;
&ex('printuntil', 1, 1, 0, $L{BI_UPLOAD_ERROR_TITLE});
print "<CENTER><FONT SIZE=+1><B>$L{BI_UPLOAD_ERROR_TITLE}</B></FONT></CENTER><HR>\n";
print $L{BI_UPLOAD_ERROR_MESSAGE};
print "<P><HR>\n";
&ex('printuntil', 3, 11, 0, "", 0, 1);
print "<FORM ACTION=\"$script_url/board-image.$cgi_extension\" METHOD=POST ENCTYPE=\"multipart/form-data\">\n";
foreach $num (@statusorder) {
	next if $statuscode{$num} == 0;
	print "$L{BPPROVIDEFILE} <B>$descr{$num}</B>:<P>\n";
	$formname = $FORMNAME{$num};
	if ($statuscode{$num} == 1) {
		$fmt = $CONTENT{"Image$num"};
		$fmtstr = $L{BI_UPLOAD_ERROR_BADFORMAT};
		$fmtstr =~ s/\%format/$fmt/g;
		print "<UL>$fmtstr</UL>\n";
		print "<P>\n";
	} elsif ($statuscode{$num} == 2) {
		print "<UL>$L{BI_UPLOAD_ERROR_NODATA}</UL>\n";
		print "<P>\n";
	} elsif ($statuscode{$num} == 3) {
		$fmtstr = $L{BI_UPLOAD_EXCEEDED_MAXLENGTH};
		$maxsize = $GLOBAL_OPTIONS{'public_maxsize'} if $poster_type == 8;
		$maxsize = $GLOBAL_OPTIONS{'registered_maxsize'} if $poster_type != 8;
		$yoursize = length($FILE{$formname}); $yoursize = ($yoursize / 1000);
		if ($yoursize =~ m|\.|) { $yoursize = $`; }
		$fmtstr =~ s/\%maxsize/$maxsize/g;
		$fmtstr =~ s/\%yoursize/$yoursize/g;
		print "<UL>$fmtstr</UL>\n";
		print "<P>\n";
	}
	$ctr++;
	print "<TABLE><TR><TD><INPUT TYPE=FILE NAME=\"Attachment$num\" SIZE=40></TD></TR></TABLE>\n" if $formname =~ m|Attachment|;
	print "<TABLE><TR><TD><INPUT TYPE=FILE NAME=\"Image$num\" SIZE=40></TD></TR></TABLE>\n" if $formname =~ m|Image|;
	print "<HR>\n";
}
print "<INPUT TYPE=SUBMIT VALUE=\"$L{BPIMGUPLOADBUTTON}\">\n";
print "<INPUT TYPE=HIDDEN NAME=name VALUE=\"$FORM{'name'}\">\n";
print "<INPUT TYPE=HIDDEN NAME=number VALUE=\"$FORM{'number'}\">\n";
print "<INPUT TYPE=HIDDEN NAME=HTTP_REFERER VALUE=\"$FORM{'HTTP_REFERER'}\">\n";
print "<INPUT TYPE=HIDDEN NAME=postindex VALUE=\"$FORM{'postindex'}\">\n";
print "<INPUT Type=hidden name=\"isitok\" value=\"okiedokie\">\n" if $FORM{'isitok'} eq "okiedokie";
print "<INPUT TYPE=HIDDEN NAME=queue VALUE=\"$FORM{'queue'}\">\n";
print "<HR></FORM>\n";
&extract($FORM{'HTTP_REFERER'});
$secure = 0;
$secure = 1 if !-e "$message_dir/$topic_number";
$url = "$message_url/$topic_number/$me_number.$ext" if !$secure;
$url = "$script_url/board-auth.$cgi_extension?file=/$topic_number/$me_number.$ext&lm=$ts" if $secure;
if ($FORM{'isitok'} ne "okiedokie") {
	print "$L{BPIMGUPLOADCANCEL13_00} <A HREF=\"$url\">\n";
} else {
	print "$L{BPIMGUPLOADCANCEL13_00} <A HREF=\"$cgiurlm$adminappend\">\n";
}
print "$L{BPIMGUPLOADCANCEL2}</A>. ";
print "$L{BPIMGUPLOADCANCEL33_00}\n";
&ex('printuntil', 13, 17, 0, "", 0, 1);
exit(0);
sub parse_multipart {
	&ex('default_mime_types', 1) if $pro;
	$type = $ENV{'CONTENT_TYPE'};
	($boundary) = ($type =~ /boundary=(.*)/);
	$boundary = "--" . $boundary;
	$length = $ENV{'CONTENT_LENGTH'}; $len = 0; $input = "";
	eval 'binmode(STDIN);';
	while ($len < $length) {
		$buf = ""; $len += sysread(STDIN, $buf, $length); $input .= $buf;
	}
	@input_pairs = split(/$boundary/, $input);
	foreach $line (@input_pairs) {
		($header, $body) = split(/\r\n\r\n|\n\n/, $line, 2);
		$body =~ s/\r\n$//;
		$header =~ /name="([^"]+)"/;
		$formname = $1;
		$header =~ /filename="([^"]+)"/;
		$filename = $1;
		if ($header =~ /Type: (.*)/) {
			$content = $1;
			$FILE{$formname} = $body;
			$CONTENT{$formname} = $content;
			($FILENAME{$formname}) = &ex('parse_filename', $filename);
		} elsif ($header =~ m|filename="|) {
			$content = "mac/unknown";
			$FILE{$formname} = $body;
			$CONTENT{$formname} = $content;
			($FILENAME{$formname}) = &ex('parse_filename', $filename);
		} elsif ($formname =~ /^(\w+)$/) {
			$FORM{$formname} = $body if $FORM{$formname} eq "";
			$FORM{$formname} =~ s/\r//g;
		}
	}
}