#!/usr/bin/perl ##### PLEASE MODIFY THE HEADER ABOVE TO POINT TO YOUR PERL ENGINE! ################################# ##################### Created by Sergy Stouk, me@stouk.com ########################################## ##################################################################################################### package Secure; $VERSION_NUMBER="3.0"; use CGI qw(:strict); my($cgi) = new CGI; ###################################################################################################### ############### PLEASE DO NOT MAKE ANY MODIFICATIONS TO VARIABLES OTHER THAN IN THIS BLOCK ########### # Default Password, when you reset a user account ############# my($DefPassword) = "123"; ############################################################### # Minimum Timeout, when Security Token will need regeneration. # Do not make it too small (in seconds), or creating new users # could be difficult. Administrator looses session when idle for minimum time. my($MinTimeout) = 900; # Maximum timout - If you do not do any actions for a specified number of seconds - Security # token will timout and you will be prompted to Login again. (Regular user looses session) my($MaxTimeout) = 1800; # Turn On or Off the Autoredirection feature after a successfull Login. my($AutoRedirect) = 1; # SPECIFY A LEVEL OF LOG REPORTING (0 - 3) my($REPORT_LEVEL) = 1; ########################## ENCODING PORTION ####################################################### # Encoding Channels are like security channels on Your Walky-Talky. # EXPLANATION: This software encodes and decodes your password with two different schemes: # 1 - This module uses the standard Perl encoding ability, which does not have a decoder, however # the hacker could obtain your encoded password and try to run same encoding function and compair # the results with millions of automated hits. So this IS Crackable if your source files would be # obtained by the cracker. To make this task more difficult, there is an $ENC_CHANNEL03 variable # implimented here, which could be a number or a short word to change the behaviour of the # Perl encoder. # Can be a number or a short word without spaces. my($ENC_CHANNEL03) = "OkkM"; # 2 - This module has a custom Encoding and Decoding routine with simple algirithm, which encodes and # decodes the already Encrypted password (including User Name and Full Name). # To make the cracking of the resulting file more difficult - I introduce the $ENC_CHANEL01 and # $ENC_CHANNEL02 variables, which are only numbers. # Can Be Any Number from 0 to 256. my($ENC_CHANNEL01) = 4; # Can be any number from 1 to 256. CANNOT BE ZERO! Or you will have a division by ZERO Error Message! my($ENC_CHANNEL02) = 5; # With these two encoding mechanizms and you being in control of their behaviours someone # should be pretty determined to crack your password, although I always state that there's # nothing impossible, but It should be pretty hard to do it (Unless they get ahold of this module :(. # so keep it secure as you would a key from your house where the money is. :).... cheers. ############### END OF THE BLOCK. NOTHING TO MODIFY BELOW, OR SCRIPT WILL NOT WORK PROPERLY ########## ###################################################################################################### my($USER_TOKEN) = undef; my(@USERDATA,@PROFILE_UPDATE) = undef; my($EncLevel) = undef; my($IPRestrict) = ""; my($NetRestrics) = ""; my($INSERT_DATA) =""; my($PATH_TRANSLATED) = &GET_SCRIPT_PATH_TRANSLATED; my($CURRENT_PATH) = &GET_SCRIPT_PATH_TRANSLATED; my($DataFile) = $CURRENT_PATH."access.cgi"; my($ActiveFile) = $CURRENT_PATH."active.cgi"; my($WebConfigFile) = $CURRENT_PATH."config.cgi"; my($CURRENT_TIME) = GET_DATE(0); my($ATTACH_DATE) = GET_DATE(8); my($SCRIPT_MAINLOG) = $CURRENT_PATH ."/logs/sec_". $ATTACH_DATE ."-".$REMOTE_ADDR. ".txt"; my($SuccessFile) = $CURRENT_PATH."/logs/ok_".$ATTACH_DATE.".txt"; my($INSERT_DATA) = ""; my($HTML_INDEX) = "$CURRENT_PATH"."tmp.htm"; my($Manage_par) = "manage"; my($Password_par) = "word"; my($Passconf_par) = "wordconfirm"; my($Fullname_par) = "fname"; my($ResPass_par) = "ResetP"; my($DelProf_par) = "DeleteP"; my($MaxProf_par) = "MaxP"; my($Passupdate) = "wordupdate"; my($DataSeparator) = "<:>"; my($Active_Login) = undef; my($AdminAccess) = undef; my($SOLT) = "$ENC_CHANNEL03"; my(%FULLNAME_H,%PASSWORD_H,%TIME_H,%REMOTE_H,%sechash) = undef; my($AdminAccess) = undef; $REMOTE_ADDR = $ENV{"REMOTE_ADDR"}; $HTTP_USER_AGENT = $ENV{"HTTP_USER_AGENT"}; $Newuser_par = "newuser"; $Login_par = "login"; $Token_par = "t"; $Pchange_par = "pchange"; $AdminUser = "administrator"; ########################################################################################### BEGIN { use Exporter(); @ISA = qw(Exporter); @EXPORT = qw ($USER_TOKEN &CHECK_TOKEN $Token_par $ACCESS_PATH &GET_ACTIVE_LOGIN $Newuser_par $Pchange_par $Login_par $AdminUser ); @EXPORT_OK = qw(); } ########################################################################################### sub LOG_ACTION { my($Token) = $_[0]; unless ($Token) {$Token = $USER_TOKEN}; my($Action) = $_[1]; $Expired = undef; if ($Token) { if (CHECK_TOKEN($Token,1)) { if ($REPORT_LEVEL > 2) {SAVE_REPORT("$SCRIPT_MAINLOG","Action: $Token = $Action\n")}; $Expired = $Token; } else { if ($REPORT_LEVEL > 2) {SAVE_REPORT("$SCRIPT_MAINLOG","Token $Token has expired and could not be renewed.\n")}; $Expired = 0; }; } else { if ($REPORT_LEVEL > 0) {SAVE_REPORT("$SCRIPT_MAINLOG","ERROR: Loggin Action was attempted by $REMOTE_ADDR without a valid Token - $Token.\n")}; $Expired = 0; }; return $Expired; }; sub PROCESS_SECURITY_PAGE { my($Redirect) = $_[0]; $sechash{"$Login_par"} = $cgi->param("$Login_par"); $sechash{"$Password_par"} = $cgi->param("$Password_par"); $sechash{"$Passconf_par"} = $cgi->param("$Passconf_par"); $sechash{"$Token_par"} = $cgi->param("$Token_par"); $sechash{"$Newuser_par"} = $cgi->param("$Newuser_par"); $sechash{"$Manage_par"} = $cgi->param("$Manage_par"); $sechash{"$Fullname_par"} = $cgi->param("$Fullname_par"); $sechash{"$Pchange_par"} = $cgi->param("$Pchange_par"); $sechash{"$Passupdate_par"} = $cgi->param("$Passupdate_par"); $sechash{"$ResPass_par"} = $cgi->param("$ResPass_par"); $sechash{"$DelProf_par"} = $cgi->param("$DelProf_par"); $sechash{"$MaxProf_par"} = $cgi->param("$MaxProf_par"); unless (-e $DataFile) {RECREATE_DATAFILE($DataFile)}; unless (-e $ActiveFile) { SAVE_FILE($ActiveFile,""); if ($REPORT_LEVEL > 0) {SAVE_REPORT($SCRIPT_MAINLOG,"Re-Creating accounts with $ActiveFile...\n")}; }; #print "
\$MaxProf_par = ",$sechash{"$MaxProf_par"},"-",$sechash{"$DelProf_par"},"-",$sechash{"$ResPass_par"},"."; my($profcount) = 1; my($updcount) = undef; while ($profcount < $sechash{"$MaxProf_par"}) { $temp = undef; $temp = $cgi->param("Prof_$profcount"); if ($temp) { $PROFILE_UPDATE[$updcount] = "$temp"; $updcount++; }; $profcount++; }; @USERDATA = READ_DATA_FILE($DataFile); $Active_Login = GET_ACTIVE_LOGIN($sechash{"$Token_par"}); if (($TOKEN = CHECK_PASSWORD($sechash{"$Login_par"},$sechash{"$Password_par"})) && ($sechash{"$Login_par"} eq $AdminUser)) { $AdminAccess = 1; ADD_ACTIVE($sechash{"$Login_par"},$TOKEN); }; if($sechash{"$Newuser_par"}) { unless ($sechash{"$Login_par"}) { @INSERT_DATA = SET_NEW_USER("No Login Name Selected...",$sechash{"$Login_par"},$sechash{"$Fullname_par"},$sechash{"$Token_par"}); } else { unless ($sechash{"$Password_par"}) { @INSERT_DATA = SET_NEW_USER("No Password Selected...",$sechash{"$Login_par"},$sechash{"$Fullname_par"},$sechash{"$Token_par"}); } else { unless ($sechash{"$Fullname_par"}) { @INSERT_DATA = SET_NEW_USER("Please provide your Full Name.",$sechash{"$Login_par"},$sechash{"$Fullname_par"},$sechash{"$Token_par"}); } else { if (CHECK_PASSWORD_MATCH($sechash{"$Password_par"},$sechash{"$Passconf_par"})) { if ($USER_TOKEN = CHECK_TOKEN($sechash{"$Token_par"}),1) { } else { $Login_taken_check = CHECK_LOGIN_TAKEN($sechash{"$Login_par"}) }; if ( ($login_taken_check) && ($sechash{"$Login_par"} ne $AdminUser) ) { $tempmessage = "Error: ".$sechash{"$Login_par"}.""; @INSERT_DATA = SET_NEW_USER("ERROR: This Login is already in use.","",$sechash{"$Fullname_par"},$sechash{"$Token_par"}); } else { if ($sechash{"$Token_par"}) { if ($USER_TOKEN = CHECK_TOKEN($sechash{"$Token_par"}),1) { if (($Active_Login eq $AdminUser) && ($sechash{"$Login_par"} ne $AdminUser)) { $AdminAccess = 1; CREATE_NEW_USER($sechash{"$Login_par"},$sechash{"$Password_par"},$sechash{"$Fullname_par"}); @INSERT_DATA = SET_LOGIN_SCREEN("New User Created - OK","$AdminUser","$AdminAccess",$USER_TOKEN); } else { UPDATE_USER($sechash{"$Login_par"},$sechash{"$Password_par"},$sechash{"$Fullname_par"}); @INSERT_DATA = SET_LOGIN_SCREEN("Update - OK.","$Active_Login"); }; } else { CREATE_NEW_USER($sechash{"$Login_par"},$sechash{"$Password_par"},$sechash{"$Fullname_par"},$sechash{"$Token_par"}); }; } else { CREATE_NEW_USER($sechash{"$Login_par"},$sechash{"$Password_par"},$sechash{"$Fullname_par"},$sechash{"$Token_par"}); }; }; } else { @INSERT_DATA = SET_NEW_USER("ERROR: Password does not match confirmation!",$sechash{"$Login_par"},$sechash{"$Fullname_par"}); }; }; }; }; } elsif ($sechash{"$Login_par"}) { $TOKEN = CHECK_PASSWORD($sechash{"$Login_par"},$sechash{"$Password_par"}); if (($TOKEN) || ($AdminAccess)) { LOGIN_SUCCESS($TOKEN,$Redirect,$sechash{"$Login_par"},$sechash{"$Pchange_par"},$FULLNAME_H{$sechash{"$Login_par"}}); } else { @INSERT_DATA = SET_LOGIN_SCREEN("ERROR: Password Incorrect..."); }; } else { @INSERT_DATA = SET_LOGIN_SCREEN(""); }; FORM_INSERT($HTML_INDEX); }; sub CHECK_PASSWORD { my($Token) = undef; my($Login) = $_[0]; my($Password) = $_[1]; $Login = LOWER_CASE($Login); $Login = REMOVE_SPACE($Login); $Password = LOWER_CASE($Password); $Password = REMOVE_SPACE($Password); if (crypt($Password,$SOLT) eq $PASSWORD_H{$Login}) {$Token = &GENERATE_NEW_TOKEN}; return $Token }; sub CHECK_LOGIN_TAKEN { my($Login) = $_[0]; my($Taken) = undef; if ($TIME_H{$Login}) {print "ERROR: Login is already taken!"; $Taken = 1;} else {$Taken = 0}; return $Taken; }; sub CHECK_PASSWORD_FIT { }; sub CHECK_PASSWORD_MATCH { my($Pass1) = $_[0]; my($Pass2) = $_[1]; if ($Pass1 eq $Pass2) {return 1} else {return 0}; }; sub UPDATE_PASSWORD { my($Login) = $_[0]; my($Password) = $_[1]; $Password = LOWER_CASE($Password); $Password = REMOVE_SPACE($Password); $Login = LOWER_CASE($Login); $Login = REMOVE_SPACE($Login); $Password = crypt($Password,$SOLT); my($count) = undef; my(@UPDATED_DATA) = undef; unless ($Login eq $AdminUser) { foreach (@USERDATA) { (@temp) = split (/$DataSeparator/,$_); if ($temp[0] eq $Login) { print "Updating Password for: $Login.
"; $UPDATED_DATA[$count] = "$Login"."$DataSeparator"."$temp[1]"."$DataSeparator"."$Password"."$DataSeparator"."$temp[3]"."$DataSeparator"."$temp[4]"; } else { $UPDATED_DATA[$count] = $_; }; $count++; }; @USERDATA = @UPDATED_DATA; SAVE_DATA_FILE("$DataFile",@USERDATA); } else { print "Cannot reset $AdminUser password. Access Denied.
"; }; return 1; }; sub CHECK_LOGIN_FIT { my($Login) = $_[0]; my($error) = undef; $Login = LOWER_CASE($Login); $Login = REMOVE_SPACE($Login); unless (length($Login) < 3) {$error = "Password Length is less than 3 characters. Please correct.";}; return $error; }; sub J_LOCATION { print qq{ }; }; sub READ_DATA_FILE { my($DataFile) = $_[0]; my(@raw) = READ_FILE($DataFile); my($count) = undef; my(@result) = undef; foreach $line (@raw) { chomp($line); if ($line) { #DECODE NEXT LINE $result[$count] = $line; $result[$count] = DECODE($line); @DATARAW = split(/$DataSeparator/,$result[$count]); ($LOGIN_H{$DATARAW[0]},$FULLNAME_H{$DATARAW[0]},$PASSWORD_H{$DATARAW[0]},$TIME_H{$DATARAW[0]},$REMOTE_H{$DATARAW[0]}) = @DATARAW; $count++; }; }; return @result; }; sub SAVE_DATA_FILE { my($DataFile) = $_[0]; my(@raw) = @_[1..@_-1]; my(@result) = undef; my($count) = undef; foreach $line (@raw) { if ($line) { $result[$count] = $line; $result[$count] = ENCODE($line); $result[$count] = $result[$count]."\n"; $count++; }; }; SAVE_FILE("$DataFile",@result); return 1; }; sub LOGIN_SUCCESS { my($Token) = $_[0]; my($Redirect) = $_[1]; my($Login) = $_[2]; my($Pchange) = $_[3]; my($Fullname) = $_[4]; my($DelProf) = $sechash{"$DelProf_par"}; my($Respass) = $sechash{"$ResPass_par"}; my($TokenPar) = $TokenPar; $Login = LOWER_CASE($Login); $Login = REMOVE_SPACE($Login); my($reportline) = undef; my($count) = undef; my($repfile) = $SuccessFile; my($activefile) = $ActiveFile; my($Time) = time; $reportline = "$Login"."$DataSeparator"."$Token"."$DataSeparator"."$Time"."$DataSeparator"."$Redirect"."$DataSeparator"."$REMOTE_ADDR"."\n"; if ($REPORT_LEVEL > 2) {SAVE_REPORT("$SCRIPT_MAINLOG",$reportline)}; if ($REPORT_LEVEL > 2) {SAVE_REPORT("$repfile",$reportline)}; ADD_ACTIVE($Login,$Token); unless (($Pchange) || ($AdminAccess) ) { $Redirect = "$Redirect"."?"."$Token_par="."$_[0]"; print "Login - OK.
If not redirected Automatically, please click HERE."; LOG_ACTION($Token,"Success in Loggin In - Redirecting to $Redirect.\n"); if ($AutoRedirect) { J_LOCATION($Redirect)}; } else { if ($Pchange) { @INSERT_DATA = SET_NEW_USER("Changing Your Profile. Password is required.",$Login,$Fullname,$Token); } else { foreach (@PROFILE_UPDATE) { if ($_) { if ($sechash{"$DelProf_par"}) { DELETE_USER($_); } else { if ($sechash{"$ResPass_par"}) { UPDATE_PASSWORD($_,$DefPassword); }; }; }; }; @INSERT_DATA = SET_LOGIN_SCREEN("Administrative Function.","$AdminUser","$AdminAccess",$Token); }; }; }; sub CREATE_NEW_USER { my($Login) = $_[0]; my($Password) = $_[1]; my($Fullname) = $_[2]; my($DefPassword) = $DefPassword; my($Time) = time; $Login = LOWER_CASE($Login); $Login = REMOVE_SPACE($Login); $Password = LOWER_CASE($Password); $Password = REMOVE_SPACE($Password); if (CHECK_LOGIN_TAKEN($Login)) { print "
Username: $Login already exist. will not ovewrite."; } else { if ($Active_Login eq $AdminUser) { $Password = $sechash{"$Password_par"}; } else { print "
Error: only Administrator can create new user. Access denied!
"; exit; }; $Password = crypt($Password,$SOLT); my($UserCount) = $#USERDATA + 1; $USERDATA[$UserCount] = "$Login"."$DataSeparator"."$Fullname"."$DataSeparator"."$Password"."$DataSeparator"."$Time"."$DataSeparator"."$REMOTE_ADDR"; SAVE_DATA_FILE("$DataFile",@USERDATA); }; return 1; }; sub UPDATE_USER { my($Login) = $_[0]; my($Password) = $_[1]; my($Fullname) = $_[2]; my($Time) = time; my(@UPDATED_DATA) = undef; $Login = LOWER_CASE($Login); $Login = REMOVE_SPACE($Login); $Password = LOWER_CASE($Password); $Password = REMOVE_SPACE($Password); $Password = crypt($Password,$SOLT); foreach (@USERDATA) { (@temp) = split (/$DataSeparator/,$_); if ($temp[0] eq $Login) { print "Updated: $Login.
"; $UPDATED_DATA[$count] = "$Login"."$DataSeparator"."$Fullname"."$DataSeparator"."$Password"."$DataSeparator"."$Time"."$DataSeparator"."$REMOTE_ADDR"; } else { $UPDATED_DATA[$count] = $_; }; $count++; }; @USERDATA = @UPDATED_DATA; SAVE_DATA_FILE("$DataFile",@USERDATA); return 1; }; sub DELETE_USER { my($Login) = $_[0]; my($Time) = time; $Login = LOWER_CASE($Login); $Login = REMOVE_SPACE($Login); $Password = crypt($Password,$SOLT); my($count) = undef; my(@UPDATED_DATA) = undef; foreach (@USERDATA) { (@temp) = split (/$DataSeparator/,$_); if ($temp[0] eq $Login) { print "Deleted $Login.
"; } else { $UPDATED_DATA[$count] = $_; }; $count++; }; @USERDATA = @UPDATED_DATA; SAVE_DATA_FILE("$DataFile",@USERDATA); return 1; }; sub GENERATE_NEW_TOKEN { my($Time) = time; my($rand_min) = 100000; my($rand_max) = 999999; my($random) = undef; my($left,$mid,$right) = undef; my($revTime) = join("",reverse split("",$Time)); $random = int( rand( $rand_max-$rand_min+1 ) ) + $rand_min; $right = substr($revTime,0,6); $mid = $random; $NewToken = $mid.$right; return $NewToken; }; sub CHECK_TOKEN { my($Token) = $_[0]; my($Renew) = $_[1]; my($Time) = time; my($MinTimeout) = $MinTimeout; my($MaxTimeout) = $MaxTimeout; my($revTime) = join("",reverse split("",$Time)); $revTime = substr($revTime,0,6); $revTime = join("",reverse split("",$revTime)); my($TokenTime) = substr($Token,6); my($revTokenTime) = join("",reverse split("",$TokenTime)); $Time = substr($revTime,0,6); my($Difference) = $Time - $revTokenTime; my($Expired) = undef; if ($REPORT_LEVEL > 2) {SAVE_REPORT($SCRIPT_MAINLOG,"$MinTimeout-$MaxTimeout, \$Difference = $Difference...\n")}; if ($REPORT_LEVEL > 2) {SAVE_REPORT($SCRIPT_MAINLOG,"checking if $MinTimeout > $Difference\n")}; if ($MinTimeout > $Difference) { if ($REPORT_LEVEL > 2) {SAVE_REPORT($SCRIPT_MAINLOG,"$Token is not expired.\n")}; $Expired = $Token; } else { if ($REPORT_LEVEL > 2) {SAVE_REPORT($SCRIPT_MAINLOG,"checking if $MaxTimeout > $Difference\n")}; if ($MaxTimeout > $Difference) { if ($REPORT_LEVEL > 2) {SAVE_REPORT($SCRIPT_MAINLOG,"$Token - Token Expired but renewable...\n")}; if ($Renew) { $NewToken = RENEW_TOKEN($_[0]); $USER_TOKEN = $NewToken; $Expired = $NewToken; if ($REPORT_LEVEL > 1) {SAVE_REPORT($SCRIPT_MAINLOG,"Renewed token $Token to $NewToken.\n")}; UPDATE_ACTIVE($Token,$NewToken); } else { $Expired = $Token; }; } else { if ($REPORT_LEVEL > 1) {SAVE_REPORT($SCRIPT_MAINLOG,"$Token - Token is completely expired...\n")}; $Expired = 0; }; }; &PURGE_ACTIVE; $USER_TOKEN = $Expired; return $Expired; }; sub GET_ACTIVE_LOGIN { my($Token) = $_[0]; my(@RAW) = undef; @RAW = READ_FILE($ActiveFile); foreach (@RAW) { if (/$Token/) { @temp = split(/$DataSeparator/,$_); $result = $temp[0]; }; }; unless ($result) {$result = "unknown"}; return $result; }; sub RENEW_TOKEN { my($Token) = $_[0]; my($NewToken) = $_[1]; $NewToken = &GENERATE_NEW_TOKEN; }; sub UPDATE_ACTIVE { my($Token) = $_[0]; my($NewToken) = $_[1]; my(@RAW) = undef; my($count) = undef; @RAW = READ_FILE($ActiveFile); while ($count < @RAW) { if ($RAW[$count] =~ /$Token/) { $_ = $RAW[$count]; $RAW[$count] =~ s/$Token/$NewToken/; }; $count++; }; SAVE_FILE($ActiveFile,@RAW); }; sub ADD_ACTIVE { my($ActiveFile) = $ActiveFile; my($Login) = $_[0]; my($Token) = $_[1]; my($Time) = time; my($ClearTime) = GET_DATE(1); my($ActiveLine) = "$Login"."$DataSeparator"."$Token"."$DataSeparator"."$Time"."$DataSeparator"."$Token"."$DataSeparator"."$REMOTE_ADDR"."$DataSeparator"."$HTTP_USER_AGENT"."\n"; if ($REPORT_LEVEL > 0) {SAVE_REPORT("$SCRIPT_MAINLOG","Adding Active - $ActiveLine\n")}; SAVE_REPORT("$ActiveFile","$ActiveLine"); }; sub PURGE_ACTIVE { my($ActiveFile) = $ActiveFile; my($count) = undef; my(@AcriveRaw) = undef; @ActiveRaw = READ_FILE($ActiveFile); my($MaxTimeout) = $MaxTimeout; my(@ActiveResult) = undef; my($line) = undef; foreach $line (@ActiveRaw) { chomp($line); if ($line) { @TEMP = split(/$DataSeparator/,$line); if ((time - $TEMP[2]) > $MaxTimeout) {SAVE_REPORT("$SCRIPT_MAINLOG",("Purged $TEMP[0]: ".(time - $TEMP[2])." > $MaxTimeout\n"));} else {$ActiveResult[$count] = "$line"."\n";$count++}; }; }; SAVE_FILE($ActiveFile,@ActiveResult); }; sub PURGE_TOKEN { my($ActiveFile) = $ActiveFile; my($count) = undef; my($Token) = $_[0]; my(@AcriveRaw) = READ_FILE($ActiveFile); my(@ActiveResult) = undef; my($line) = undef; if ($REPORT_LEVEL > 2) {SAVE_REPORT("$SCRIPT_MAINLOG","Purging Expired Token: $Token\n")}; foreach $line (@ActiveRaw) { chomp($line); if ($REPORT_LEVEL > 2) {SAVE_REPORT("$SCRIPT_MAINLOG","Check Purge Active line: $line\n")}; if ($line) { @TEMP = split(/$DataSeparator/,$line); if ($REPORT_LEVEL > 2) { SAVE_REPORT("$SCRIPT_MAINLOG","Checking Purge: @TEMP \n")}; if ((time - $TEMP[2]) > $MaxTimeout) {} else {$ActiveResult[$count] = "$line"."\n";$count++}; }; }; SAVE_FILE($ActiveFile,@ActiveResult); }; sub LOWER_CASE { my($string)= $_[0]; $string =~ tr/A-Z/a-z/; return $string; }; sub REMOVE_SPACE { my($string) = $_[0]; $string =~ s/\s+//g; return $string; }; sub FORM_INSERT { my($template_file) = $_[0]; my(@TEMPLATE) = READ_FILE("$template_file"); foreach (@TEMPLATE) { $left = undef; $right = undef; $printed = 0; if ($_ =~ /$INSERT_DATA/) {($left,$right) = /(.*)$INSERT_DATA(.*)/; print "$left"; print @INSERT_DATA ; print "$right";$printed = 1}; unless ($printed){print "$_"}; }; }; sub LOG_VISIT { my(@visitlog) = undef; my($count) = undef; $REMOTE_USER= $ENV{"REMOTE_USER"}; $REMOTE_HOST = $ENV{"REMOTE_HOST"}; $LOGON_USER= $ENV{"LOGON_USER"}; $PATH_INFO= $ENV{"PATH_INFO"}; $LOCAL_ADDR= $ENV{"LOCAL_ADDR"}; $SERVER_NAME= $ENV{"SERVER_NAME"}; $SCRIPT_PATH = &GET_SCRIPT_PATH; $URL= $ENV{"URL"}; $O_SYSTEM = $^O; if ($REPORT_LEVEL > 0) { $visitlog[$count] = "Access Log: $CURRENT_TIME\n"; $count++; $visitlog[$count] = "\tRemote Address: $REMOTE_ADDR\n"; $count++; }; if ($REPORT_LEVEL > 1) { $visitlog[$count] = "\tHTTP_USER_AGENT - $HTTP_USER_AGENT\n"; $count++; }; if ($REPORT_LEVEL > 2) { $visitlog[$count] = "\tRemote Host: $REMOTE_HOST\n"; $count++; $visitlog[$count] = "\tCurrent Path: $CURRENT_PATH\n"; $count++; }; SAVE_REPORT("$SCRIPT_MAINLOG",@visitlog); }; sub SAVE_REPORT { my($filename) = $_[0]; my(@send) = @_[1..@_-1]; my($count) = 0; my($totallines) = 0; if ($filename) { open (FILE, ">>$filename") || die "Can’t write to $filename: error $!\n"; while ($count < @_) { print FILE $send[$count]; $count++ }; close FILE; }; return $count; }; sub SAVE_FILE { my($filename) = $_[0]; my(@send) = @_[1..@_-1]; my($count) = 0; open (FILE, ">$filename") || warn "Can’t write to $filename: error $!\n"; while ($count < @_) { print FILE $send[$count]; $count++ }; close FILE; return $count; }; sub READ_FILE { my($filename) = $_[0]; my($count) = 0; my(@result) = undef; if (-e $filename) { open (INPUT, "$filename") || warn "Could not open file $filename : $!\n"; while () { ($result[$count]) =$_; $count++; }; close (INPUT); } else {print "ERROR - Cannot open $filename!"}; return @result; }; sub GET_SCRIPT_PATH { my($temp) = undef; my($LOCAL_ADDR) = undef; my($SCRIPT_NAME) = undef; my($SCRIPT_PATH) = undef; $LOCAL_ADDR= $ENV{"SERVER_NAME"}; $SCRIPT_NAME= $ENV{"SCRIPT_NAME"}; $_ = $SCRIPT_NAME; ($SCRIPT_PATH,$right) = /(.*)\/(.*)$/; $SCRIPT_PATH = "http://$LOCAL_ADDR"."$SCRIPT_PATH"."/"; return $SCRIPT_PATH; }; sub PRINT_WEB_PAGE { $template_file = $_[0]; @TEMPLATE = Stouk::READ_FILE("$template_file"); foreach (@TEMPLATE) { $left = undef; $right = undef; $printed = 0; if ($_ =~ /$INSERT_DATA/) {($left,$right) = /(.*)$INSERT_DATA(.*)/; print "$left"; &INSERT_DATA ; print "$right";$printed = 1}; unless ($printed){print "$_"}; }; }; sub GET_SCRIPT_PATH_TRANSLATED { my($temp) = undef; my($PATH_TRANSLATED) = undef; $PATH_TRANSLATED= $ENV{"PATH_TRANSLATED"}; $_ = $PATH_TRANSLATED; if ($PATH_TRANSLATED =~ /\//) { ($PATH_TRANSLATED,$temp) = /(.*)\/(.*)$/; $PATH_TRANSLATED = "$PATH_TRANSLATED"."/"; } else { ($PATH_TRANSLATED,$temp) = /(.*)\\(.*)$/; $PATH_TRANSLATED = "$PATH_TRANSLATED"."\\"; }; $PATH_TRANSLATED =~ s/\\/\//g; if ($PATH_TRANSLATED eq "/") {$PATH_TRANSLATED = "./";}; return $PATH_TRANSLATED; }; sub GET_DATE { my($date_format) = "$_[0]"; my($SECONDS) = 0; my($MINUTES) = 0; my($HOUR) = 0; my($MONTHDAY)= 0; my($WEEKDAY) = 0; my($YEARDAY) = 0; my($YEAR) = 0; my($MONTH) = 0; my($DAY) = 0; my($result) = ""; ($SECONDS,$MINUTES,$HOUR,$MONTHDAY,$MONTH,$YEAR,$WEEKDAY,$YEARDAY,$DST_FLAG)=localtime(time); $YEAR = $YEAR + 1900; $MONTH = $MONTH + 1; $NOWHOUR = $HOUR; if ($HOUR > 11 ){$HOUR_ID = "PM"} else {$HOUR_ID = "AM"}; if ($MONTHDAY < 10 ) {$MONTHDAY = "0"."$MONTHDAY"}; if ($MONTH < 10 ) {$MONTH = "0"."$MONTH"}; if ($HOUR < 10 ) {$HOUR = "0"."$HOUR"}; if ($MINUTES < 10 ) {$MINUTES = "0"."$MINUTES"}; if ($SECONDS < 10 ) {$SECONDS = "0"."$SECONDS"}; if ($WEEKDAY < 10 ) {$WEEKDAY = "0"."$WEEKDAY"}; if ($date_format == 0) {$result = localtime(time)}; if ($date_format == 1) { $HOUR = GET_12_HOUR_TIME($HOUR); $result = "$MONTH"."/"."$MONTHDAY"."/"."$YEAR"." "."$HOUR".":"."$MINUTES".":"."$SECONDS"." $HOUR_ID" }; if ($date_format == 2) { $WEEKDAY = GET_WEEKDAY_LONG_NAME($WEEKDAY); $MONTH = GET_MONTH_LONG_NAME($MONTH); $result = "$WEEKDAY".", "."$MONTH"." "."$MONTHDAY".", "."$YEAR"}; if ($date_format == 3) { $MONTH = GET_MONTH_SHORT_NAME($MONTH); $result = "$MONTHDAY"."-"."$MONTH"."-"."$YEAR"}; if ($date_format == 4) { $result = "$MONTH"."/"."$MONTHDAY"."/"."$YEAR"}; if ($date_format == 5) { $result = "$HOUR".":"."$MINUTES".":"."$SECONDS"}; if ($date_format == 6) { $HOUR = GET_12_HOUR_TIME($HOUR); $result = "$HOUR".":"."$MINUTES"." $HOUR_ID"}; if ($date_format == 7) { $result = "$HOUR".":"."$MINUTES"}; if ($date_format == 8) { $MONTH = GET_MONTH_SHORT_NAME($MONTH); $result = "$MONTH"."$MONTHDAY"."-"."$YEAR"}; return $result; sub GET_12_HOUR_TIME { my($HOUR) = $_[0]; if ($HOUR == 0) {$HOUR = 12}; if ($HOUR > 12) {$HOUR = $HOUR - 12}; return $HOUR; }; sub GET_WEEKDAY_LONG_NAME { my($WEEKDAY) = $_[0]; if ($WEEKDAY == 0) {$WEEKDAY = "Sunday"}; if ($WEEKDAY == 1) {$WEEKDAY = "Monday"}; if ($WEEKDAY == 2) {$WEEKDAY = "Tuesday"}; if ($WEEKDAY == 3) {$WEEKDAY = "Wednsday"}; if ($WEEKDAY == 4) {$WEEKDAY = "Thursday"}; if ($WEEKDAY == 5) {$WEEKDAY = "Friday"}; if ($WEEKDAY == 6) {$WEEKDAY = "Saturday"}; return $WEEKDAY; }; sub GET_WEEKDAY_SHORT_NAME { my($WEEKDAY) = $_[0]; if ($WEEKDAY == 0) {$WEEKDAY = "Sun"}; if ($WEEKDAY == 1) {$WEEKDAY = "Mon"}; if ($WEEKDAY == 2) {$WEEKDAY = "Tue"}; if ($WEEKDAY == 3) {$WEEKDAY = "Wed"}; if ($WEEKDAY == 4) {$WEEKDAY = "Thu"}; if ($WEEKDAY == 5) {$WEEKDAY = "Fri"}; if ($WEEKDAY == 6) {$WEEKDAY = "Sat"}; return $WEEKDAY; }; sub GET_MONTH_LONG_NAME { my($MONTH) = $_[0]; if ($MONTH == 1) {$MONTH = "January"}; if ($MONTH == 2) {$MONTH = "February"}; if ($MONTH == 3) {$MONTH = "March"}; if ($MONTH == 4) {$MONTH = "April"}; if ($MONTH == 5) {$MONTH = "May"}; if ($MONTH == 6) {$MONTH = "June"}; if ($MONTH == 7) {$MONTH = "July"}; if ($MONTH == 8) {$MONTH = "August"}; if ($MONTH == 9) {$MONTH = "September"}; if ($MONTH == 10) {$MONTH = "October"}; if ($MONTH == 11) {$MONTH = "November"}; if ($MONTH == 12) {$MONTH = "December"}; return $MONTH; }; sub GET_MONTH_SHORT_NAME { my($MONTH) = $_[0]; if ($MONTH == 1) {$MONTH = "Jan"}; if ($MONTH == 2) {$MONTH = "Feb"}; if ($MONTH == 3) {$MONTH = "Mar"}; if ($MONTH == 4) {$MONTH = "Apr"}; if ($MONTH == 5) {$MONTH = "May"}; if ($MONTH == 6) {$MONTH = "Jun"}; if ($MONTH == 7) {$MONTH = "Jul"}; if ($MONTH == 8) {$MONTH = "Aug"}; if ($MONTH == 9) {$MONTH = "Sep"}; if ($MONTH == 10) {$MONTH = "Oct"}; if ($MONTH == 11) {$MONTH = "Nov"}; if ($MONTH == 12) {$MONTH = "Dec"}; return $MONTH; }; }; sub GET_DIR { $0 = $^X unless ($^X =~ m%(^|[/\\])(perl)|(perl.exe)$%i); my ($program_dir) = $0 =~ m%^(.*)[/\\]%; $program_dir ||= "."; if ($program_dir=~ /\//) { $program_dir = $program_dir . "/"; } else { $program_dir = $program_dir . "\\"; }; $program_dir = "./"; return $program_dir; }; sub RECREATE_DATAFILE { my($DataFile) = $_[0]; my($Password) = $DefPassword; my($Login) = "administrator"; my($Fullname) = "User Manager Administration Account"; my(@USERDATA) = undef; my($Time) = time; my(@TEMP,@RAW) = undef; my($count) = undef; $Password = crypt($Password,$SOLT); $USERDATA[0] = "$Login"."$DataSeparator"."$Fullname"."$DataSeparator"."$Password"."$DataSeparator"."$Time"."$DataSeparator"."$REMOTE_ADDR"; $Login = "admin"; $Fullname = "Database Manager Administration Account"; $USERDATA[1] = "$Login"."$DataSeparator"."$Fullname"."$DataSeparator"."$Password"."$DataSeparator"."$Time"."$DataSeparator"."$REMOTE_ADDR"; $Login = "guest"; $Fullname = "Regular User Account"; $USERDATA[2] = "$Login"."$DataSeparator"."$Fullname"."$DataSeparator"."$Password"."$DataSeparator"."$Time"."$DataSeparator"."$REMOTE_ADDR"; SAVE_DATA_FILE("$DataFile",@USERDATA); if (-e $WebConfigFile) { @RAW = READ_FILE($WebConfigFile); while ($count < @RAW) { if ($RAW[$count] =~ "ADMIN_USER=" ) {$RAW[$count]=~ s/\n//; $TEMP[$count] = $RAW[$count].",admin\n";} else {$TEMP[$count] = $RAW[$count]}; $count++; }; SAVE_FILE($WebConfigFile,@TEMP); }; }; sub ENCODE {my($c) = undef; my($lcounter) = $STATPOS; my($result) = undef; my($element) = $STARTPOS; foreach (split(//,$_[0])){$c = ord($_);if ($lcounter == 0) {$c = $c + $CCODE_LENGTH}; if ($lcounter == 1) {$c = $c + ord($CODE[$element])}; if ($lcounter == 2) {$c = $c * $ENC_CHANNEL02}; if ($lcounter == 4) {$c = $c * ord(($CODE[$element] + $ENC_CHANNEL01))}; if ($lcounter > $CCODE_LENGTH) {$lcounter = 0;};$element++; if ($element > $#CODE) {$element = 0;};$lcounter++;$result = "$result".","."$c"; };return $result;}; sub DECODE { my($result) = undef; my(@elem) = undef; my($f) = $_[0]; my($lcounter) = $STATPOS; my($element) = $STARTPOS; @elem = split(/,/,$_[0]);$lng = @elem; foreach (@elem){ if ($_){if ($lcounter == 0) {$_ = $_ - $CCODE_LENGTH};if ($lcounter == 1) {$_ = $_ - ord($CODE[$element])}; if ($lcounter == 2) {$_ = $_ / $ENC_CHANNEL02};if ($lcounter == 4) {$_ = $_ / ord(($CODE[$element] + $ENC_CHANNEL01))}; if ($lcounter > $CCODE_LENGTH) {$lcounter = 0;};$element++;if ($element > $#CODE) {$element = 0;}; $f = chr($_);$lcounter++;$result = "$result"."$f";};};return $result;}; sub SET_LOGIN_SCREEN { my(@scrarr) = undef; my($count) = undef; my($StatusMessage) = $_[0]; my($Login) = $_[1]; my($AdminAccess) = $_[2]; my($Token) = $_[3]; my($FontFace)= "Arial"; my($ScreenName) = "Security Screen"; my($TableWidth) = "400"; my($TableBorder) = "0"; my($CellSpacing) = "0"; my($CellPadding) = "0"; my($FormAction) = "$ACCESS_PATH"; my($FormBorder) = "1"; my($NewUserLink) = undef; if ($AdminAccess) { $NewUserLink = "$ACCESS_PATH"."?$Newuser_par=1;$Token_par=$Token"; } else { $NewUserLink = "$ACCESS_PATH"."?$Newuser_par=1"; }; $scrarr[$count] = "

$ScreenName

\n"; $count++; $scrarr[$count] = "

$StatusMessage

\n"; $count++; $scrarr[$count] = "
"; $count++; $scrarr[$count] = "\n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = "
\n"; $count++; $scrarr[$count] = "
\n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = "
\n"; $count++; $scrarr[$count] = "
\n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = "
\n"; $count++; $scrarr[$count] = "
\n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; }; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = "
\n"; $count++; $scrarr[$count] = "

Login Name:

\n"; $count++; $scrarr[$count] = "

Password:

\n"; $count++; if ($AdminAccess) { $scrarr[$count] = "

New Login Name Registration.

\n"; $count++; $scrarr[$count] = " Change Profile:
\n"; $count++; if ($AdminAccess) { print " [Help] "; $scrarr[$count] = "
\n"; $count++; $usercount = 1; foreach (@USERDATA) { @temp = split(/$DataSeparator/,$_); if ($temp[0]) { unless ($temp[0] eq $AdminUser) { $scrarr[$count] = "\n"; $count++; $usercount++; } else { $scrarr[$count] = "\n"; $count++; $usercount++; }; }; }; $scrarr[$count] = "

\n

$temp[0]$temp[1]$temp[4]$temp[3]$temp[2]

\n

$temp[0]$temp[1]$temp[4]$temp[3]$temp[2]
\n"; $count++; $scrarr[$count] = " Reset Password:\n"; $count++; $scrarr[$count] = " Delete Profile:\n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = "
\n"; $count++; }; $scrarr[$count] = "
\n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = "
\n"; $count++; return @scrarr; }; sub SET_NEW_USER { my(@scrarr) = undef; my($count) = undef; my($FontFace)= "Arial"; my($ScreenName) = "Security Screen"; my($StatusMessage) = $_[0]; my($Login) = $_[1]; my($FName) = $_[2]; my($Token) = $_[3]; my($TableWidth) = "400"; my($TableBorder) = "0"; my($CellSpacing) = "0"; my($CellPadding) = "0"; my($FormAction) = "$ACCESS_PATH"; my($FormBorder) = "1"; $scrarr[$count] = "

$ScreenName

\n"; $count++; $scrarr[$count] = "

$StatusMessage

\n"; $count++; $scrarr[$count] = "
\n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = "
\n"; $count++; $scrarr[$count] = "
\n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = "
\n"; $count++; $scrarr[$count] = "
\n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = "
\n"; $count++; $scrarr[$count] = "
\n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = "
\n"; $count++; $scrarr[$count] = "
\n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = "
\n"; $count++; $scrarr[$count] = "
\n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = "
\n"; $count++; $scrarr[$count] = "

Select New Login Name:

 
\n"; $count++; $scrarr[$count] = "

Password:

\n"; $count++; $scrarr[$count] = "

Confirm Password:

\n"; $count++; $scrarr[$count] = "
\n"; $count++; $scrarr[$count] = "

Your Full Name:

\n"; $count++; $scrarr[$count] = "
\n"; $count++; $scrarr[$count] = "

\n"; $count++; $scrarr[$count] = "
\n"; $count++; $scrarr[$count] = " \n"; $count++; $scrarr[$count] = "
\n"; $count++; return @scrarr; }; 1;