1 ###RUN_PERL: #!/usr/bin/perl
4 # opomba is generated from opomba.1.pl.
6 # The comment posting interface
8 # Copyright (C) 2024 Balthasar SzczepaĆski
10 # This program is free software: you can redistribute it and/or modify
11 # it under the terms of the GNU Affero General Public License as
12 # published by the Free Software Foundation, either version 3 of the
13 # License, or (at your option) any later version.
15 # This program is distributed in the hope that it will be useful,
16 # but WITHOUT ANY WARRANTY; without even the implied warranty of
17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 # GNU Affero General Public License for more details.
20 # You should have received a copy of the GNU Affero General Public License
21 # along with this program. If not, see <http://www.gnu.org/licenses/>.
25 # use Encode::Locale ('decode_argv');
26 use Encode ('encode', 'decode');
28 ###PERL_LIB: use lib /botm/lib/bsta
31 'fail_method', 'fail_content_type',
33 'read_header_env', 'url_query_decode',
35 'html_entity_encode_dec',
45 'print_html_start', 'print_html_end',
46 'print_html_head_start', 'print_html_head_end',
47 'print_html_body_start', 'print_html_body_end',
48 'bb_to_html', 'eval_bb',
50 'write_index', 'write_static_viewer_page',
51 'read_settings', 'read_state',
52 'read_words', 'write_words',
53 'read_words_list', 'write_words_list'
56 ###PERL_PATH_SEPARATOR: PATH_SEPARATOR = /
58 ###PERL_CGI_VIEWER_PATH: CGI_VIEWER_PATH = /bsta/v
59 ###PERL_CGI_WORDS_PATH: CGI_WORDS_PATH = /bsta/w
61 ###PERL_DATA_WORDS_PATH: DATA_WORDS_PATH = /botm/data/bsta/words/
63 ###PERL_LOG_SPAM_PATH: LOG_SPAM_PATH = /botm/log/bsta/words_spam.log
64 ###PERL_LOG_WORDS_PATH: LOG_WORDS_PATH = /botm/log/bsta/words.log
66 ###PERL_WEBSITE_NAME: WEBSITE_NAME = Bicycles on the Moon
68 ###PERL_COMMENT_PAGE_LENGTH:COMMENT_PAGE_LENGTH= 16
70 binmode STDIN, ':encoding(UTF-8)';
71 binmode STDOUT, ':encoding(UTF-8)';
72 binmode STDERR, ':encoding(UTF-8)';
108 delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
109 ###PERL_SET_PATH: $ENV{'PATH'} = /usr/local/bin:/usr/bin:/bin;
111 if ($ENV{'REQUEST_METHOD'} =~ /^(HEAD|GET|POST)$/) {
115 exit fail_method($ENV{'REQUEST_METHOD'}, ['GET', 'POST', 'HEAD']);
118 %http = read_header_env(\%ENV);
119 %cgi = url_query_decode($ENV{'QUERY_STRING'});
121 if ($method eq 'POST') {
122 if ($http{'content-type'} eq 'application/x-www-form-urlencoded') {
123 my %cgi_post = url_query_decode( <STDIN> );
124 %cgi = merge_settings(\%cgi, \%cgi_post);
126 # multipart not supported
128 exit fail_content_type($method, $http{'content-type'});
132 if ($ENV{'PATH_INFO'} =~ /^\/([0-9]+)$/) {
135 elsif ($ENV{'PATH_INFO'} =~ /^\/(.+)$/) {
138 if ($cgi{'f'} =~ /^.+$/) {
141 if ($cgi{'i'} =~ /^.+$/) {
144 $password = get_password(\%cgi);
146 %settings = read_settings();
147 %state = read_state();
148 $ong_state = int($state{'state'});
149 $last_frame = int($state{'last'});
151 $password_ok = ($password eq $settings{'password'});
153 if ($cgi{'post'} ne '') {
156 elsif ($cgi{'edit'} ne '') {
162 elsif ($cgi{'remove'} ne '') {
165 $ID = $cgi{'remove'};
170 if ($cgi{'quote'} ne '') {
171 $quote = $cgi{'quote'};
176 %post_data = read_words($ID);
177 if ($post_data{'frame'} ne '') {
178 $frame = int($post_data{'frame'});
182 unless ($frame ne '') {
183 exit output(0, HTTP_STATUS->{'bad_request'}, 'Frame ID not specified.');
187 ($ong_state >= STATE->{'waiting'}) &&
188 ($frame <= $last_frame)
192 exit output(0, HTTP_STATUS->{'forbidden'}, 'Not allowed to post this here now');
195 $words_data_path = join_path(PATH_SEPARATOR(), DATA_WORDS_PATH(), $frame);
197 unless (open_encoded($fh, "+<:encoding(UTF-8)", $words_data_path)) {
198 unless (open_encoded($fh, "+>:encoding(UTF-8)", $words_data_path)) {
199 exit output(0, '500 Internal Server Error', 'Failed opening data file.', 1);
202 unless (flock($fh, 2)) {
203 exit output(0, HTTP_STATUS->{'internal_server_error'}, 'Failed locking data file.', 1);
206 %words_data = read_words_list(
211 @post_list = @{$words_data{'content'}};
213 for (my $i=0; $i< scalar(@post_list); $i +=1) {
214 if ($post_list[$i] eq $ID) {
216 $page = int($index / COMMENT_PAGE_LENGTH());
221 if ($remove || ($ID ne '')) {
222 unless ($index ne '') {
224 exit output(0, HTTP_STATUS->{'not_found'}, $remove ? 'Nothing to remove.' : 'No such message.');
226 unless ($cgi{'key'} eq $post_data{'key'}) {
228 exit output(0, HTTP_STATUS->{'bad_request'}, 'Invalid request.');
232 unless (($method eq 'POST') && ($cgi{'i'} ne '')) { # followed a link, not confirmed yet
234 exit output(0, '', '', 1);
238 unless (($method eq 'POST') && $post) { # followed a link, not confirmed yet
240 exit output(0, '', '', 1);
244 unless ($cgi{'words'} ne '') {
245 exit output(0, HTTP_STATUS->{'bad_request'}, 'Where are your words?', 1);
248 unless ($cgi{'username'} ne '') {
250 exit output(0, HTTP_STATUS->{'bad_request'}, 'Missing user name.', 1);
252 if ($remove || ($ID ne '')) {
253 unless ($cgi{'username'} eq $post_data{'name'}) {
255 exit output(0, HTTP_STATUS->{'forbidden'}, 'Wrong user name.', 1);
258 if ($remove || ($ID ne '')) {
259 unless ($cgi{'password'} ne '') {
261 exit output(0, HTTP_STATUS->{'bad_request'}, 'Missing password.', 1);
264 ($cgi{'password'} eq $post_data{'password'}) || (
265 ($cgi{'password'} eq $settings{'password'}) &&
270 exit output(0, HTTP_STATUS->{'forbidden'}, 'Wrong password.', 1);
273 $cgi{'password'} = $post_data{'password'};
276 unless ($cgi{'password2'} eq '') {
278 # no error code to confuse spambot :)
279 output(0, '', 'Please don\'t write anything in the place which should remain empty.', 1);
280 if (open_encoded($fh, ">>:encoding(UTF-8)", LOG_SPAM_PATH())) {
281 $cgi{'content'} = $cgi{'words'};
282 $cgi{'empty'} = $cgi{'password2'};
283 delete($cgi{'words'});
284 delete ($cgi{'password'});
285 delete ($cgi{'password2'});
286 print $fh "$time SPAM $ID\n";
298 # all conditions fulfilled
301 splice @post_list, $index, 1;
302 $words_data{'posts'} = scalar(@post_list);
303 $words_data{'content'} = \@post_list;
305 $r = write_words_list($fh, \%words_data);
308 exit output(0, HTTP_STATUS->{'internal_server_error'}, 'Failed writing data file.');
313 if (open_encoded($fh, ">>:encoding(UTF-8)", LOG_WORDS_PATH())) {
314 delete ($post_data{'password'});
315 print $fh "$time REMOVE $ID\n";
317 $fh, \%post_data, '',
330 $ID = make_id($frame, 1);
333 $index = scalar(@post_list);
334 $page = int($index / COMMENT_PAGE_LENGTH());
336 $last_ID = $post_list[-1];
337 %last_post_data = read_words($last_ID);
339 ($cgi{'username'} eq $last_post_data{'name' }) &&
340 ($cgi{'words' } eq $last_post_data{'content'})
343 $page = int($index / COMMENT_PAGE_LENGTH());
349 push @post_list, $ID;
351 $words_data{'posts'} = scalar(@post_list);
352 $words_data{'content'} = \@post_list;
354 $post_data{'frame'} = $frame;
355 $post_data{'name'} = $cgi{'username'};
356 $post_data{'password'} = $cgi{'password'};
357 if ($post_data{'posttime'} eq '') {
358 $post_data{'posttime'} = $time;
361 $post_data{'edittime'} = $time;
363 if ($post_data{'key'} eq '') {
365 for (my $i=1; $i<16; $i+=1) {
366 $new_key .= sprintf('%02X', int(rand(0x100)));
368 $post_data{'key'} = $new_key;
370 $post_data{'content'} = $cgi{'words'};
372 $r = write_words($ID, \%post_data);
375 exit output(0, HTTP_STATUS->{'internal_server_error'}, 'Failed writing post file.', 1, 0);
378 $r = write_words_list($fh, \%words_data);
381 exit output(0, HTTP_STATUS->{'internal_server_error'}, 'Failed writing data file.', 1, 0);
386 if (($frame == 0) && ($ong_state > STATE->{'inactive'})) {
387 write_index(\%state, \%settings);
389 elsif ($frame >= 1) {
390 write_static_viewer_page(
396 '', # prev frame data
397 '', # next frame data
402 if (open_encoded($fh, ">>:encoding(UTF-8)", LOG_WORDS_PATH())) {
403 delete ($post_data{'password'});
404 print $fh "$time POST $ID\n";
406 $fh, \%post_data, '',
418 (my $done, my $status, my $message, my $show_content) = @_;
420 my $return_url = merge_url(
421 {'path' => CGI_VIEWER_PATH()},
425 'b' => TEXT_MODE->{'words'},
427 'p' => ($password_ok ? $settings{'password'} : '')
433 return redirect($method, $return_url, HTTP_STATUS->{'see_other'});
437 print http_header_status($status);
439 print "Content-type: text/html; charset=UTF-8\n\n";
440 if ($method eq 'HEAD') {
449 $title = 'Remove message "'.$ID.'"';
452 $title = 'Edit message "'.$ID.'"';
458 $title = $frame.'. '.$title;
461 if ($cgi{'username'} ne '') {
462 $name = $cgi{'username'}
464 elsif ($post_data{'name'} ne '') {
465 $name = $post_data{'name'}
471 if ($cgi{'words'} ne '') {
472 $content = $cgi{'words'};
474 elsif ($quote ne '') {
475 my %quote_data = read_words($quote);
476 $content = '[quote="'.$quote_data{'name'}.'"]'.$quote_data{'content'}.'[/quote]';
478 elsif (($cgi{'edit'} ne '') || $remove) {
479 $content = $post_data{'content'};
485 my $_password = $password_ok ? html_entity_encode_dec($settings{'password'}, 1) : '';
486 my $_key = html_entity_encode_dec($post_data{'key'}, 1);
487 my $_ID = html_entity_encode_dec($ID, 1);
488 my $_title = html_entity_encode_dec($title, 1);
489 my $_message = html_entity_encode_dec($message, 1);
490 my $_story = html_entity_encode_dec($settings{'story'}, 1);
491 my $_name = html_entity_encode_dec($name, 1);
492 my $_content = html_entity_encode_dec($content, 1);
493 my $_empty = html_entity_encode_dec($cgi{'password2'}, 1);
494 my $_website_name = html_entity_encode_dec(WEBSITE_NAME(), 1);
495 my $_post_url = html_entity_encode_dec(CGI_WORDS_PATH(), 1);
496 my $_return_url = html_entity_encode_dec($return_url, 1);
498 print_html_start(\*STDOUT);
499 print_html_head_start(\*STDOUT);
501 print ' <title>'.$_title.' • '.$_story.' • '.$_website_name.'</title>';
503 print_html_head_end(\*STDOUT);
504 print_html_body_start(\*STDOUT);
506 print ' <div id="inst" class="ins">'."\n";
508 print ' <div id="title">'."\n";
509 print ' <h1 id="titletext">'.$_title.'</h1>'."\n";
510 print ' </div>'."\n";
512 print ' </div>'."\n";
514 if ($message ne '') {
515 print ' <div id="insb" class="ins">'."\n";
517 print ' <div id="command">'."\n";
518 print ' <span class="br">'.$_message.'</span>'."\n";
519 print ' </div>'."\n";
521 print ' </div>'."\n";
524 print ' <div id="insw" class="ins">'."\n";
527 print ' <div class="undertext" id="words">'."\n";
528 print ' <form method="post" action="'.$_post_url.'">'."\n";
530 print ' <b>Your words:</b>'."\n";
531 print ' <textarea class="inta" name="words" rows="4">'.$_content.'</textarea>'."\n";
533 print ' <table cellpadding="0" cellspacing="0" border="0"><tr>'."\n";
534 print ' <td><b>Your name: </b></td>'."\n";
535 print ' <td><input class="intx" type="text" name="username" value="'.$_name.'"></td>'."\n";
536 print ' <td></td>'."\n";
537 print ' </tr><tr>'."\n";
538 print ' <td><b>'.(($ID ne '') ? 'Password' : 'Optional password').': </b></td>'."\n";
539 print ' <td><input class="intx" type="password" name="password" value=""></td>'."\n";
540 print ' <td>'.(($ID ne '') ? '' : '(if you want to edit later)').'</td>'."\n";
541 print ' </tr><tr>'."\n";
542 print ' <td><b>Leave this empty: </b></td>'."\n";
543 print ' <td><input class="intx" type="text" name="password2" value="'.$_empty.'"></td>'."\n";
545 print ' <td><input class="inbt" type="submit" name="remove" value="Remove"></td>'."\n";
549 print ' <input class="inbt" type="submit" name="post" value="'.(($ID ne '') ? 'Update' : 'Send').'">'."\n";
550 print ' <input class="inbt" type="submit" name="preview" value="Preview">'."\n";
553 print ' </tr></table>'."\n";
554 print ' <input type="hidden" name="f" value="'.$frame.'">'."\n";
556 print ' <input type="hidden" name="i" value="'.$_ID.'">'."\n";
558 print ' <input type="hidden" name="key" value="'.$_key.'">'."\n";
560 print ' <input type="hidden" name="p" value="'.$_password.'">'."\n";
562 print ' </form>'."\n";
565 print ' <div id="preview"class="opomba">'."\n";
566 print ' <div class="opomba_info">'."\n";
567 print ' Preview:'."\n";
568 print ' </div>'."\n";
569 print ' <div class="opomba_text">'."\n";
574 $password_ok ? $settings{'password'} : ''
577 print ' </div>'."\n";
578 print ' </div>'."\n";
580 print ' </div>'."\n";
582 print ' <div id="underlinks">'."\n";
583 print ' <a href="'.$_return_url.'">Return</a>'."\n";
584 print ' </div>'."\n";
586 print ' </div>'."\n";
588 print_html_body_end(\*STDOUT, $ong_state == STATE->{'inactive'});
589 print_html_end(\*STDOUT);