1 ###RUN_PERL: #!/usr/bin/perl
4 # opomba is generated from opomba.1.pl.
6 # The comment posting interface
8 # Copyright (C) 2024 Balthasar SzczepaĆski
10 # This program is free software: you can redistribute it and/or modify
11 # it under the terms of the GNU Affero General Public License as
12 # published by the Free Software Foundation, either version 3 of the
13 # License, or (at your option) any later version.
15 # This program is distributed in the hope that it will be useful,
16 # but WITHOUT ANY WARRANTY; without even the implied warranty of
17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 # GNU Affero General Public License for more details.
20 # You should have received a copy of the GNU Affero General Public License
21 # along with this program. If not, see <http://www.gnu.org/licenses/>.
25 # use Encode::Locale ('decode_argv');
26 use Encode ('encode', 'decode');
28 ###PERL_LIB: use lib /botm/lib/bsta
30 'read_header_env', 'url_query_decode',
31 'read_data_file', 'write_data_file',
32 'html_entity_encode_dec',
41 'fail_method', 'fail_content_type',
43 'print_html_start', 'print_html_end',
44 'print_html_head_start', 'print_html_head_end',
45 'print_html_body_start', 'print_html_body_end',
46 'bb_to_html', 'eval_bb',
50 ###PERL_PATH_SEPARATOR: PATH_SEPARATOR = /
52 ###PERL_CGI_VIEWER_PATH: CGI_VIEWER_PATH = /bsta/v
53 ###PERL_CGI_WORDS_PATH: CGI_WORDS_PATH = /bsta/w
55 ###PERL_DATA_SETTINGS_PATH: DATA_SETTINGS_PATH = /botm/data/bsta/settings
56 ###PERL_DATA_WORDS_PATH: DATA_WORDS_PATH = /botm/data/bsta/words/
58 ###PERL_LOG_WORDS_PATH: LOG_WORDS_PATH = /botm/log/bsta/words.log
60 ###PERL_WEBSITE_NAME: WEBSITE_NAME = Bicycles on the Moon
62 ###PERL_COMMENT_PAGE_LENGTH:COMMENT_PAGE_LENGTH= 16
64 binmode STDIN, ':encoding(UTF-8)';
65 binmode STDOUT, ':encoding(UTF-8)';
66 binmode STDERR, ':encoding(UTF-8)';
97 delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
98 ###PERL_SET_PATH: $ENV{'PATH'} = /usr/local/bin:/usr/bin:/bin;
100 if ($ENV{'REQUEST_METHOD'} =~ /^(HEAD|GET|POST)$/) {
104 exit fail_method($ENV{'REQUEST_METHOD'}, 'GET, POST, HEAD');
107 %http = read_header_env(\%ENV);
108 %cgi = url_query_decode($ENV{'QUERY_STRING'});
110 if ($method eq 'POST') {
111 if ($http{'content-type'} eq 'application/x-www-form-urlencoded') {
112 my %cgi_post = url_query_decode( <STDIN> );
113 %cgi = merge_settings(\%cgi, \%cgi_post);
115 # multipart not supported
117 exit fail_content_type($method, $http{'content-type'});
121 if ($ENV{'PATH_INFO'} =~ /^\/([0-9]+)$/) {
124 elsif ($ENV{'PATH_INFO'} =~ /^\/(.+)$/) {
127 if ($cgi{'f'} =~ /^.+$/) {
130 if ($cgi{'i'} =~ /^.+$/) {
133 $password = get_password(\%cgi);
135 %settings = read_data_file(DATA_SETTINGS_PATH());
137 $password_ok = ($password eq $settings{'password'});
139 if ($cgi{'post'} ne '') {
142 elsif ($cgi{'edit'} ne '') {
148 elsif ($cgi{'remove'} ne '') {
151 $ID = $cgi{'remove'};
156 if ($cgi{'quote'} ne '') {
157 $quote = $cgi{'quote'};
162 $post_data_path = join_path(PATH_SEPARATOR(), DATA_WORDS_PATH(), $ID);
163 %post_data = read_data_file($post_data_path);
164 if ($post_data{'frame'} ne '') {
165 $frame = int($post_data{'frame'});
170 exit output(0, '400 Bad Request', 'Frame ID not specified.');
173 $words_data_path = join_path(PATH_SEPARATOR(), DATA_WORDS_PATH(), $frame);
175 unless (open_encoded($fh, "+<:encoding(UTF-8)", $words_data_path)) {
176 unless (open_encoded($fh, "+>:encoding(UTF-8)", $words_data_path)) {
177 exit output(0, '500 Internal Server Error', 'Failed opening data file.', 1);
180 unless (flock($fh, 2)) {
181 exit output(0, '500 Internal Server Error', 'Failed locking data file.', 1);
184 %words_data = read_data_file(
192 @post_list = @{$words_data{'content'}};
194 for (my $i=0; $i< scalar(@post_list); $i +=1) {
195 if ($post_list[$i] eq $ID) {
197 $page = int($index / COMMENT_PAGE_LENGTH());
202 if ($remove || ($ID ne '')) {
203 unless ($index ne '') {
205 exit output(0, '404 Not Found', $remove ? 'Nothing to remove.' : 'No such message.');
207 unless ($cgi{'key'} eq $post_data{'key'}) {
209 exit output(0, '400 Bad Request', 'Invalid request.');
213 if ($cgi{'i'} eq '') { # followed a link, not confirmed yet
215 exit output(0, '', '', 1);
219 unless ($post) { # followed a link, not confirmed yet
221 exit output(0, '', '', 1);
225 unless ($cgi{'words'} ne '') {
226 exit output(0, '400 Bad Request', 'Where are your words?', 1);
229 unless ($cgi{'username'} ne '') {
231 exit output(0, '400 Bad Request', 'Missing user name.', 1);
233 if ($remove || ($ID ne '')) {
234 unless ($cgi{'username'} eq $post_data{'name'}) {
236 exit output(0, '403 Forbidden', 'Wrong user name.', 1);
239 if ($remove || ($ID ne '')) {
240 unless ($cgi{'password'} ne '') {
242 exit output(0, '400 Bad Request', 'Missing password.', 1);
245 ($cgi{'password'} eq $post_data{'password'}) || (
246 ($cgi{'password'} eq $settings{'password'}) &&
251 exit output(0, '403 Forbidden', 'Wrong password.', 1);
254 $cgi{'password'} = $post_data{'password'};
257 unless ($cgi{'password2'} eq '') {
259 exit output(0, '', 'Please don\'t write anything in the place which should remain empty.', 1);
260 # no error code to confuse spambot :)
263 # all conditions fulfilled
266 splice @post_list, $index, 1;
267 $words_data{'posts'} = scalar(@post_list);
268 $words_data{'content'} = \@post_list;
270 $r = write_data_file(
280 exit output(0, '500 Internal Server Error', 'Failed writing data file.');
285 if (open_encoded($fh, ">>:encoding(UTF-8)", LOG_WORDS_PATH())) {
286 delete ($post_data{'password'});
287 print $fh "$time REMOVE $ID\n";
289 $fh, \%post_data, '',
302 $ID = make_id($frame, 1);
305 $index = scalar(@post_list);
306 $page = int($index / COMMENT_PAGE_LENGTH());
307 push @post_list, $ID;
309 $words_data{'posts'} = scalar(@post_list);
310 $words_data{'content'} = \@post_list;
312 $post_data_path = join_path(PATH_SEPARATOR(), DATA_WORDS_PATH(), $ID);
314 $post_data{'frame'} = $frame;
315 $post_data{'name'} = $cgi{'username'};
316 $post_data{'password'} = $cgi{'password'};
317 if ($post_data{'posttime'} eq '') {
318 $post_data{'posttime'} = $time;
321 $post_data{'edittime'} = $time;
323 if ($post_data{'key'} eq '') {
325 for (my $i=1; $i<16; $i+=1) {
326 $new_key .= sprintf('%02X', int(rand(0x100)));
328 $post_data{'key'} = $new_key;
330 $post_data{'content'} = $cgi{'words'};
332 $r = write_data_file($post_data_path, \%post_data);
335 exit output(0, '500 Internal Server Error', 'Failed writing post file.', 1, 0);
338 $r = write_data_file(
348 exit output(0, '500 Internal Server Error', 'Failed writing data file.', 1, 0);
353 if (open_encoded($fh, ">>:encoding(UTF-8)", LOG_WORDS_PATH())) {
354 delete ($post_data{'password'});
355 print $fh "$time POST $ID\n";
357 $fh, \%post_data, '',
369 (my $done, my $status, my $message, my $show_content) = @_;
372 my $return_url = merge_url(
373 {'path' => CGI_VIEWER_PATH()},
377 'b' => TEXT_MODE->{'words'},
379 'p' => ($password_ok ? $settings{'password'} : '')
385 return redirect ($method, $return_url, 303);
388 print "Content-type: text/html\n";
390 print 'Status: '.$status."\n";
393 if ($method eq 'HEAD') {
402 $title = 'Remove message "'.$ID.'"';
405 $title = 'Edit message "'.$ID.'"';
411 if ($cgi{'username'} ne '') {
412 $name = $cgi{'username'}
414 elsif ($post_data{'name'} ne '') {
415 $name = $post_data{'name'}
421 if ($cgi{'words'} ne '') {
422 $content = $cgi{'words'};
424 elsif ($quote ne '') {
425 my $quote_data_path = join_path(PATH_SEPARATOR(), DATA_WORDS_PATH(), $quote);
426 my %quote_data = read_data_file($quote_data_path);
427 $content = '[quote="'.$quote_data{'name'}.'"]'.$quote_data{'content'}.'[/quote]';
429 elsif (($cgi{'edit'} ne '') || $remove) {
430 $content = $post_data{'content'};
436 my $_key = html_entity_encode_dec($post_data{'key'}, 1);
437 my $_ID = html_entity_encode_dec($ID, 1);
438 my $_title = html_entity_encode_dec($title, 1);
439 my $_message = html_entity_encode_dec($message, 1);
440 my $_password = html_entity_encode_dec($settings{'password'}, 1);
441 my $_story = html_entity_encode_dec($settings{'story'}, 1);
442 my $_name = html_entity_encode_dec($name, 1);
443 my $_content = html_entity_encode_dec($content, 1);
444 my $_empty = html_entity_encode_dec($cgi{'password2'}, 1);
445 my $_website_name = html_entity_encode_dec(WEBSITE_NAME(), 1);
446 my $_post_url = html_entity_encode_dec(CGI_WORDS_PATH(), 1);
447 my $_return_url = html_entity_encode_dec($return_url, 1);
449 print_html_start(\*STDOUT);
450 print_html_head_start(\*STDOUT);
452 print ' <title>'.$_title.' • '.$_story.' • '.$_website_name.'</title>';
454 print_html_head_end(\*STDOUT);
455 print_html_body_start(\*STDOUT);
457 print ' <div id="inst" class="ins">'."\n";
459 print ' <div id="title">'."\n";
460 print ' <h1 id="titletext">'.$_title.'</h1>'."\n";
461 print ' </div>'."\n";
463 print ' </div>'."\n";
465 if ($message ne '') {
466 print ' <div id="insb" class="ins">'."\n";
468 print ' <div id="command">'."\n";
469 print ' <span class="br">'.$_message.'</span>'."\n";
470 print ' </div>'."\n";
472 print ' </div>'."\n";
476 print ' <div id="insw" class="ins">'."\n";
478 print ' <div class="undertext" id="words">'."\n";
479 print ' <form method="post" action="'.$_post_url.'">'."\n";
481 print ' <b>Your words:</b>'."\n";
482 print ' <textarea class="inta" name="words" rows="4">'.$_content.'</textarea>'."\n";
484 print ' <table cellpadding="0" cellspacing="0" border="0"><tr>'."\n";
485 print ' <td><b>Your name: </b></td>'."\n";
486 print ' <td><input class="intx" type="text" name="username" value="'.$_name.'"></td>'."\n";
487 print ' <td></td>'."\n";
488 print ' </tr><tr>'."\n";
489 print ' <td><b>'.(($ID ne '') ? 'Password' : 'Optional password').': </b></td>'."\n";
490 print ' <td><input class="intx" type="password" name="password" value=""></td>'."\n";
491 print ' <td>'.(($ID ne '') ? '' : '(if you want to edit later)').'</td>'."\n";
492 print ' </tr><tr>'."\n";
493 print ' <td><b>Leave this empty: </b></td>'."\n";
494 print ' <td><input class="intx" type="text" name="password2" value="'.$_empty.'"></td>'."\n";
496 print ' <td><input class="inbt" type="submit" name="remove" value="Remove"></td>'."\n";
500 print ' <input class="inbt" type="submit" name="post" value="'.(($ID ne '') ? 'Update' : 'Send').'">'."\n";
501 print ' <input class="inbt" type="submit" name="preview" value="Preview">'."\n";
504 print ' </tr></table>'."\n";
505 print ' <input type="hidden" name="f" value="'.$frame.'">'."\n";
507 print ' <input type="hidden" name="i" value="'.$_ID.'">'."\n";
509 print ' <input type="hidden" name="key" value="'.$_key.'">'."\n";
511 print ' <input type="hidden" name="p" value="'.$_password.'">'."\n";
513 print ' </form>'."\n";
516 print ' <div id="preview"class="opomba">'."\n";
517 print ' <div class="opomba_info">'."\n";
518 print ' Preview:'."\n";
519 print ' </div>'."\n";
520 print ' <div class="opomba_text">'."\n";
521 print bb_to_html(eval_bb($content, 0))."\n";
522 print ' </div>'."\n";
523 print ' </div>'."\n";
525 print ' </div>'."\n";
526 print ' <div id="underlinks">'."\n";
527 print ' <a href="'.$_return_url.'">Return</a>'."\n";
528 print ' </div>'."\n";
530 print ' </div>'."\n";
533 print_html_body_end(\*STDOUT); # , $ong_state == STATE->{'inactive'}
534 print_html_end(\*STDOUT);