Source Code -

addbadname.pl

Copying Source is Forbidden

208 lines of code

#!/usr/local/bin/perl

($<,$>) = (getpwnam('nobody'), getpwnam('nobody')) or die $!;

binmode(STDIN, ":utf8");

binmode(STDOUT, ":utf8");

# must have's!

use strict;

use warnings;

use CGI::Carp qw(fatalsToBrowser);

use DBI;

use URI::Escape;

use lib "/var/www/html/Pm";

use Html qw(pre_html_header header html_end debug_banner);

use Html2 qw(tag br hr embolden);

use Bc_chef qw(cookie_get);

use Bc_misc qw(get_param referrer get_params_asHash);

use Bc_sql qw(sql_execute

get_constant

user_exists

$QUERY_PAGE

$QUERY_UID

$LOGGEDIN

$DB

);

use Redir qw(notice_redir error_redir);

use User qw(isUserModerator $USER_DATA);

use Security qw(banned);

my $output;

my $DEBUG = 0;

my $DEBUG_STR = "";

my %params = get_params_asHash();

# valid params are:

# d (delete)

# ID

# name

# newbad

my $failure = 0;

if (not user_exists($LOGGEDIN) or banned($LOGGEDIN) or not isUserModerator($LOGGEDIN)) {

my $msg = "Access Denied";

if ($DEBUG) { $msg .= " (addbadname.pl)"; }

$output = error_redir("/", $msg);

$failure = 1;

} else {

############################################################

### YOUR CONTENT HERE

my $url = "/?$QUERY_PAGE=" . get_constant("ADMIN_PAGE") . "&" .

get_constant("QUERY_ADMIN_PAGE") . "=" . get_constant("ADMIN_SYSTEM_PAGE") . "&" .

"t=badnames";

# rt = redirection type (admins, or moderators)

if ($params{rt} eq "mod") {

$url = "/?$QUERY_PAGE=" . get_constant("MOD_PAGE");

}

$output = pre_html_header();

$output .= header(

"Add Bad Name",

"?nobg_img=1&nogrid=1",

"setTimeout(removeMsg, " . get_constant("REMOVE_MSG_TIMEOUT") . ");",

"",

"style=\"padding: 2px;\""

);

if (keys %params) {

foreach my $key (sort keys %params) {

$params{$key} =~ s/^ *//;

$params{$key} =~ s/ *$//;

$DEBUG_STR .= "$key = $params{$key}" . br;

}

} else {

{ my %str;

$str{tag} = "div";

$str{class} = "red-panel";

$str{innerHTML} = "No Params Given!";

$DEBUG_STR .= tag(\%str);

}

$DEBUG_STR .= br;

}

$DEBUG_STR .= hr;

if ($params{d}) {

my %div;

$div{tag} = "div";

$div{class} = "yellow-panel";

$div{innerHTML} = "Delete Bad Word Requested";

$DEBUG_STR .= tag(\%div) . hr;

my $delsql = "delete from badnames where ID=" . $DB->quote($params{ID});

100

$DEBUG_STR .= "Delete SQL: " . embolden($delsql) . br;

101

102

my $deleted = sql_execute($delsql);

103

if ($deleted) {

104

$DEBUG_STR .= embolden($params{ID}) . " Deleted!" . br;

105

} else {

106

$DEBUG_STR .= embolden($params{ID}) . " Failed to Delete!" . br;

107

$failure = 2;

108

}

109

}

110

elsif ($params{ID} and $params{name}) {

111

my %div;

112

$div{tag} = "div";

113

$div{class} = "yellow-panel";

114

$div{innerHTML} = "Update Bad Word Requested";

115

$DEBUG_STR .= tag(\%div) . hr;

116

117

my $checksql = "select * from badnames where ID=" . $DB->quote($params{ID});

118

$DEBUG_STR .= "Check SQL: " . embolden($checksql) . br;

119

120

my $exists = sql_execute($checksql, "", 1);

121

if (@$exists == 1) {

122

$DEBUG_STR .= "Bad Word Exists" . br;

123

my $updatesql = "update badnames set name=" . $DB->quote($params{name}) . " where ID=" . $DB->quote($params{ID});

124

$DEBUG_STR .= "Update SQL: " . embolden($updatesql) . br;

125

126

my $updated = sql_execute($updatesql);

127

if ($updated) {

128

$DEBUG_STR .= embolden($params{ID}) . " Updated!" . br;

129

} else {

130

$DEBUG_STR .= embolden($params{ID}) . " Failed to Update!" . br;

131

$failure = 3;

132

}

133

} else {

134

$DEBUG_STR .= "Bad Name does not Exist" . br;

135

$failure = 4;

136

}

137

}

138

elsif ($params{newbad}) {

139

my %div;

140

$div{tag} = "div";

141

$div{class} = "yellow-panel";

142

$div{innerHTML} = "Add Bad Word Requested";

143

$DEBUG_STR .= tag(\%div) . hr;

144

145

my $checksql = "select * from badnames where name like " . $DB->quote($params{newbad});

146

$DEBUG_STR .= "Check SQL: " . embolden($checksql) . br;

147

148

my $exists = sql_execute($checksql, "", 1);

149

if (@$exists == 1) {

150

$DEBUG_STR .= "Bad Word Exists" . br;

151

} else {

152

$DEBUG_STR .= "Bad Word does not Exist" . br;

153

my $insert = "insert into badnames values (NULL, " .

154

$DB->quote($params{newbad}) .

155

")";

156

$DEBUG_STR .= "Insert SQL: " . embolden($insert) . br;

157

158

my $inserted = sql_execute($insert);

159

if ($inserted) {

160

$DEBUG_STR .= embolden($params{newbad}) . " Inserted!" . br;

161

} else {

162

$DEBUG_STR .= embolden($params{newbad}) . " Failed to Insert!" . br;

163

$failure = 5;

164

}

165

}

166

} else {

167

my %div;

168

$div{tag} = "div";

169

$div{class} = "red-panel";

170

$div{innerHTML} = "Invalid Request";

171

$DEBUG_STR .= tag(\%div) . hr;

172

$failure = 6;

173

}

174

175

{ my %url;

176

$url{tag} = "a";

177

$url{href} = $url;

178

$url{innerHTML} = $url;

179

180

$DEBUG_STR .= hr . tag(\%url) . br;

181

}

182

$output .= debug_banner("Add Bad Word", $DEBUG_STR, 1);

183

184

if (not $DEBUG) {

185

if ($failure) {

186

my $msg = "Failed to Update Bad Names List!";

187

if ($failure == 1) { $msg = "Access Denied"; }

188

elsif ($failure == 2) { $msg = "Failed to Delete Bad Word (SQL Failure)"; }

189

elsif ($failure == 3) { $msg = "Failed to Update Bad Word (SQL Failure)"; }

190

elsif ($failure == 4) { $msg = "Requested Word doesn't Exist"; }

191

elsif ($failure == 5) { $msg = "Failed to Add Bad Word (SQL Failure)"; }

192

elsif ($failure == 6) { $msg = "Bad Word Already Exists"; }

193

print error_redir($url, $msg);

194

} else {

195

print notice_redir($url, "Bad Words Updated!");

196

}

197

198

exit 1;

199

}

200

201

### END YOUR CONTENT

202

$output .= html_end();

203

############################################################

204

}

205

206

print $output;

207

208

exit 1;