1 ###RUN_PERL: #!/usr/bin/perl
4 # opomba is generated from opomba.1.pl.
6 # The comment posting interface
8 # Copyright (C) 2024 Balthasar SzczepaĆski
10 # This program is free software: you can redistribute it and/or modify
11 # it under the terms of the GNU Affero General Public License as
12 # published by the Free Software Foundation, either version 3 of the
13 # License, or (at your option) any later version.
15 # This program is distributed in the hope that it will be useful,
16 # but WITHOUT ANY WARRANTY; without even the implied warranty of
17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 # GNU Affero General Public License for more details.
20 # You should have received a copy of the GNU Affero General Public License
21 # along with this program. If not, see <http://www.gnu.org/licenses/>.
25 # use Encode::Locale ('decode_argv');
26 use Encode ('encode', 'decode');
28 ###PERL_LIB: use lib /botm/lib/bsta
31 'read_header_env', 'url_query_decode',
32 'read_data_file', 'write_data_file',
33 'html_entity_encode_dec',
43 'fail_method', 'fail_content_type',
45 'print_html_start', 'print_html_end',
46 'print_html_head_start', 'print_html_head_end',
47 'print_html_body_start', 'print_html_body_end',
48 'bb_to_html', 'eval_bb',
53 ###PERL_PATH_SEPARATOR: PATH_SEPARATOR = /
55 ###PERL_CGI_VIEWER_PATH: CGI_VIEWER_PATH = /bsta/v
56 ###PERL_CGI_WORDS_PATH: CGI_WORDS_PATH = /bsta/w
58 ###PERL_DATA_SETTINGS_PATH: DATA_SETTINGS_PATH = /botm/data/bsta/settings
59 ###PERL_DATA_STATE_PATH: DATA_STATE_PATH = /botm/data/bsta/state
60 ###PERL_DATA_WORDS_PATH: DATA_WORDS_PATH = /botm/data/bsta/words/
62 ###PERL_LOG_SPAM_PATH: LOG_SPAM_PATH = /botm/log/bsta/words_spam.log
63 ###PERL_LOG_WORDS_PATH: LOG_WORDS_PATH = /botm/log/bsta/words.log
65 ###PERL_WEBSITE_NAME: WEBSITE_NAME = Bicycles on the Moon
67 ###PERL_COMMENT_PAGE_LENGTH:COMMENT_PAGE_LENGTH= 16
69 binmode STDIN, ':encoding(UTF-8)';
70 binmode STDOUT, ':encoding(UTF-8)';
71 binmode STDERR, ':encoding(UTF-8)';
100 my $last_post_data_path;
109 delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
110 ###PERL_SET_PATH: $ENV{'PATH'} = /usr/local/bin:/usr/bin:/bin;
112 if ($ENV{'REQUEST_METHOD'} =~ /^(HEAD|GET|POST)$/) {
116 exit fail_method($ENV{'REQUEST_METHOD'}, ['GET', 'POST', 'HEAD']);
119 %http = read_header_env(\%ENV);
120 %cgi = url_query_decode($ENV{'QUERY_STRING'});
122 if ($method eq 'POST') {
123 if ($http{'content-type'} eq 'application/x-www-form-urlencoded') {
124 my %cgi_post = url_query_decode( <STDIN> );
125 %cgi = merge_settings(\%cgi, \%cgi_post);
127 # multipart not supported
129 exit fail_content_type($method, $http{'content-type'});
133 if ($ENV{'PATH_INFO'} =~ /^\/([0-9]+)$/) {
136 elsif ($ENV{'PATH_INFO'} =~ /^\/(.+)$/) {
139 if ($cgi{'f'} =~ /^.+$/) {
142 if ($cgi{'i'} =~ /^.+$/) {
145 $password = get_password(\%cgi);
147 %settings = read_data_file(DATA_SETTINGS_PATH());
148 %state = read_data_file(DATA_STATE_PATH());
149 $ong_state = int($state{'state'});
150 $last_frame = int($state{'last'});
152 $password_ok = ($password eq $settings{'password'});
154 if ($cgi{'post'} ne '') {
157 elsif ($cgi{'edit'} ne '') {
163 elsif ($cgi{'remove'} ne '') {
166 $ID = $cgi{'remove'};
171 if ($cgi{'quote'} ne '') {
172 $quote = $cgi{'quote'};
177 $post_data_path = join_path(PATH_SEPARATOR(), DATA_WORDS_PATH(), $ID);
178 %post_data = read_data_file($post_data_path);
179 if ($post_data{'frame'} ne '') {
180 $frame = int($post_data{'frame'});
184 unless ($frame ne '') {
185 exit output(0, HTTP_STATUS->{'bad_request'}, 'Frame ID not specified.');
189 ($ong_state >= STATE->{'waiting'}) &&
190 ($frame <= $last_frame)
194 exit output(0, HTTP_STATUS->{'forbidden'}, 'Not allowed to post this here now');
197 $words_data_path = join_path(PATH_SEPARATOR(), DATA_WORDS_PATH(), $frame);
199 unless (open_encoded($fh, "+<:encoding(UTF-8)", $words_data_path)) {
200 unless (open_encoded($fh, "+>:encoding(UTF-8)", $words_data_path)) {
201 exit output(0, '500 Internal Server Error', 'Failed opening data file.', 1);
204 unless (flock($fh, 2)) {
205 exit output(0, HTTP_STATUS->{'internal_server_error'}, 'Failed locking data file.', 1);
208 %words_data = read_data_file(
216 @post_list = @{$words_data{'content'}};
218 for (my $i=0; $i< scalar(@post_list); $i +=1) {
219 if ($post_list[$i] eq $ID) {
221 $page = int($index / COMMENT_PAGE_LENGTH());
226 if ($remove || ($ID ne '')) {
227 unless ($index ne '') {
229 exit output(0, HTTP_STATUS->{'not_found'}, $remove ? 'Nothing to remove.' : 'No such message.');
231 unless ($cgi{'key'} eq $post_data{'key'}) {
233 exit output(0, HTTP_STATUS->{'bad_request'}, 'Invalid request.');
237 unless (($method eq 'POST') && ($cgi{'i'} ne '')) { # followed a link, not confirmed yet
239 exit output(0, '', '', 1);
243 unless (($method eq 'POST') && $post) { # followed a link, not confirmed yet
245 exit output(0, '', '', 1);
249 unless ($cgi{'words'} ne '') {
250 exit output(0, HTTP_STATUS->{'bad_request'}, 'Where are your words?', 1);
253 unless ($cgi{'username'} ne '') {
255 exit output(0, HTTP_STATUS->{'bad_request'}, 'Missing user name.', 1);
257 if ($remove || ($ID ne '')) {
258 unless ($cgi{'username'} eq $post_data{'name'}) {
260 exit output(0, HTTP_STATUS->{'forbidden'}, 'Wrong user name.', 1);
263 if ($remove || ($ID ne '')) {
264 unless ($cgi{'password'} ne '') {
266 exit output(0, HTTP_STATUS->{'bad_request'}, 'Missing password.', 1);
269 ($cgi{'password'} eq $post_data{'password'}) || (
270 ($cgi{'password'} eq $settings{'password'}) &&
275 exit output(0, HTTP_STATUS->{'forbidden'}, 'Wrong password.', 1);
278 $cgi{'password'} = $post_data{'password'};
281 unless ($cgi{'password2'} eq '') {
283 # no error code to confuse spambot :)
284 output(0, '', 'Please don\'t write anything in the place which should remain empty.', 1);
285 if (open_encoded($fh, ">>:encoding(UTF-8)", LOG_SPAM_PATH())) {
286 $cgi{'content'} = $cgi{'words'};
287 $cgi{'empty'} = $cgi{'password2'};
288 delete($cgi{'words'});
289 delete ($cgi{'password'});
290 delete ($cgi{'password2'});
291 print $fh "$time SPAM $ID\n";
303 # all conditions fulfilled
306 splice @post_list, $index, 1;
307 $words_data{'posts'} = scalar(@post_list);
308 $words_data{'content'} = \@post_list;
310 $r = write_data_file(
320 exit output(0, HTTP_STATUS->{'internal_server_error'}, 'Failed writing data file.');
325 if (open_encoded($fh, ">>:encoding(UTF-8)", LOG_WORDS_PATH())) {
326 delete ($post_data{'password'});
327 print $fh "$time REMOVE $ID\n";
329 $fh, \%post_data, '',
342 $ID = make_id($frame, 1);
345 $index = scalar(@post_list);
346 $page = int($index / COMMENT_PAGE_LENGTH());
348 $last_ID = $post_list[-1];
349 $last_post_data_path = join_path(PATH_SEPARATOR(), DATA_WORDS_PATH(), $last_ID);
350 %last_post_data = read_data_file($last_post_data_path);
352 ($cgi{'username'} eq $last_post_data{'name' }) &&
353 ($cgi{'words' } eq $last_post_data{'content'})
356 $page = int($index / COMMENT_PAGE_LENGTH());
362 push @post_list, $ID;
364 $words_data{'posts'} = scalar(@post_list);
365 $words_data{'content'} = \@post_list;
367 $post_data_path = join_path(PATH_SEPARATOR(), DATA_WORDS_PATH(), $ID);
369 $post_data{'frame'} = $frame;
370 $post_data{'name'} = $cgi{'username'};
371 $post_data{'password'} = $cgi{'password'};
372 if ($post_data{'posttime'} eq '') {
373 $post_data{'posttime'} = $time;
376 $post_data{'edittime'} = $time;
378 if ($post_data{'key'} eq '') {
380 for (my $i=1; $i<16; $i+=1) {
381 $new_key .= sprintf('%02X', int(rand(0x100)));
383 $post_data{'key'} = $new_key;
385 $post_data{'content'} = $cgi{'words'};
387 $r = write_data_file($post_data_path, \%post_data);
390 exit output(0, HTTP_STATUS->{'internal_server_error'}, 'Failed writing post file.', 1, 0);
393 $r = write_data_file(
403 exit output(0, HTTP_STATUS->{'internal_server_error'}, 'Failed writing data file.', 1, 0);
408 if (($frame == 0) && ($ong_state > STATE->{'inactive'})) {
409 write_index(\%state, \%settings);
412 if (open_encoded($fh, ">>:encoding(UTF-8)", LOG_WORDS_PATH())) {
413 delete ($post_data{'password'});
414 print $fh "$time POST $ID\n";
416 $fh, \%post_data, '',
428 (my $done, my $status, my $message, my $show_content) = @_;
430 my $return_url = merge_url(
431 {'path' => CGI_VIEWER_PATH()},
435 'b' => TEXT_MODE->{'words'},
437 'p' => ($password_ok ? $settings{'password'} : '')
443 return redirect($method, $return_url, HTTP_STATUS->{'see_other'});
447 print http_header_status($status);
449 print "Content-type: text/html; charset=UTF-8\n\n";
450 if ($method eq 'HEAD') {
459 $title = 'Remove message "'.$ID.'"';
462 $title = 'Edit message "'.$ID.'"';
468 $title = $frame.'. '.$title;
471 if ($cgi{'username'} ne '') {
472 $name = $cgi{'username'}
474 elsif ($post_data{'name'} ne '') {
475 $name = $post_data{'name'}
481 if ($cgi{'words'} ne '') {
482 $content = $cgi{'words'};
484 elsif ($quote ne '') {
485 my $quote_data_path = join_path(PATH_SEPARATOR(), DATA_WORDS_PATH(), $quote);
486 my %quote_data = read_data_file($quote_data_path);
487 $content = '[quote="'.$quote_data{'name'}.'"]'.$quote_data{'content'}.'[/quote]';
489 elsif (($cgi{'edit'} ne '') || $remove) {
490 $content = $post_data{'content'};
496 my $_key = html_entity_encode_dec($post_data{'key'}, 1);
497 my $_ID = html_entity_encode_dec($ID, 1);
498 my $_title = html_entity_encode_dec($title, 1);
499 my $_message = html_entity_encode_dec($message, 1);
500 my $_password = html_entity_encode_dec($settings{'password'}, 1);
501 my $_story = html_entity_encode_dec($settings{'story'}, 1);
502 my $_name = html_entity_encode_dec($name, 1);
503 my $_content = html_entity_encode_dec($content, 1);
504 my $_empty = html_entity_encode_dec($cgi{'password2'}, 1);
505 my $_website_name = html_entity_encode_dec(WEBSITE_NAME(), 1);
506 my $_post_url = html_entity_encode_dec(CGI_WORDS_PATH(), 1);
507 my $_return_url = html_entity_encode_dec($return_url, 1);
509 print_html_start(\*STDOUT);
510 print_html_head_start(\*STDOUT);
512 print ' <title>'.$_title.' • '.$_story.' • '.$_website_name.'</title>';
514 print_html_head_end(\*STDOUT);
515 print_html_body_start(\*STDOUT);
517 print ' <div id="inst" class="ins">'."\n";
519 print ' <div id="title">'."\n";
520 print ' <h1 id="titletext">'.$_title.'</h1>'."\n";
521 print ' </div>'."\n";
523 print ' </div>'."\n";
525 if ($message ne '') {
526 print ' <div id="insb" class="ins">'."\n";
528 print ' <div id="command">'."\n";
529 print ' <span class="br">'.$_message.'</span>'."\n";
530 print ' </div>'."\n";
532 print ' </div>'."\n";
535 print ' <div id="insw" class="ins">'."\n";
538 print ' <div class="undertext" id="words">'."\n";
539 print ' <form method="post" action="'.$_post_url.'">'."\n";
541 print ' <b>Your words:</b>'."\n";
542 print ' <textarea class="inta" name="words" rows="4">'.$_content.'</textarea>'."\n";
544 print ' <table cellpadding="0" cellspacing="0" border="0"><tr>'."\n";
545 print ' <td><b>Your name: </b></td>'."\n";
546 print ' <td><input class="intx" type="text" name="username" value="'.$_name.'"></td>'."\n";
547 print ' <td></td>'."\n";
548 print ' </tr><tr>'."\n";
549 print ' <td><b>'.(($ID ne '') ? 'Password' : 'Optional password').': </b></td>'."\n";
550 print ' <td><input class="intx" type="password" name="password" value=""></td>'."\n";
551 print ' <td>'.(($ID ne '') ? '' : '(if you want to edit later)').'</td>'."\n";
552 print ' </tr><tr>'."\n";
553 print ' <td><b>Leave this empty: </b></td>'."\n";
554 print ' <td><input class="intx" type="text" name="password2" value="'.$_empty.'"></td>'."\n";
556 print ' <td><input class="inbt" type="submit" name="remove" value="Remove"></td>'."\n";
560 print ' <input class="inbt" type="submit" name="post" value="'.(($ID ne '') ? 'Update' : 'Send').'">'."\n";
561 print ' <input class="inbt" type="submit" name="preview" value="Preview">'."\n";
564 print ' </tr></table>'."\n";
565 print ' <input type="hidden" name="f" value="'.$frame.'">'."\n";
567 print ' <input type="hidden" name="i" value="'.$_ID.'">'."\n";
569 print ' <input type="hidden" name="key" value="'.$_key.'">'."\n";
571 print ' <input type="hidden" name="p" value="'.$_password.'">'."\n";
573 print ' </form>'."\n";
576 print ' <div id="preview"class="opomba">'."\n";
577 print ' <div class="opomba_info">'."\n";
578 print ' Preview:'."\n";
579 print ' </div>'."\n";
580 print ' <div class="opomba_text">'."\n";
585 $password_ok ? $settings{'password'} : ''
588 print ' </div>'."\n";
589 print ' </div>'."\n";
591 print ' </div>'."\n";
593 print ' <div id="underlinks">'."\n";
594 print ' <a href="'.$_return_url.'">Return</a>'."\n";
595 print ' </div>'."\n";
597 print ' </div>'."\n";
599 print_html_body_end(\*STDOUT, $ong_state == STATE->{'inactive'});
600 print_html_end(\*STDOUT);