# FILE: src-board-subs-admin #------------------------------------------------------------------------------- # This script is copyright (c) 1998 by DiscusWare, LLC, all rights reserved. # Its use is subject to the license agreement that can be found at the following # URL: http://www.chem.hope.edu/discus/license #------------------------------------------------------------------------------- sub check_passwd { local ($nocookies, $accept_blank_pw) = @_; $FORM{'username'} =~ tr/A-Z/a-z/; $username = $FORM{'username'}; $username =~ tr/A-Z/a-z/; $guess = $FORM{'password'}; $guess =~ tr/A-Z/a-z/; open(PASSWD,"$admin_dir/passwd.txt") || &error_message("Verify Password Error", "Cannot open password file (passwd.txt) for reading!"); @passwd_line = ; close(PASSWD); $ok = ""; foreach $line (@passwd_line) { ($user, $pass) = split(/:/, $line); if ($user eq $username) { $test_pass = crypt($guess, $pass); $ok = "Yes" if $test_pass eq $pass; $ok = "No" if $pass eq ""; $ok = "Yes" if ($username eq $superuser && $pass eq "" && $guess eq ""); return "* BLANK *" if ($username eq $superuser && $pass eq "" && $guess eq "" && $accept_blank_pw); $ok = "No" if ($username eq $superuser && $pass ne "" && $guess eq ""); $ok = "Yes" if ($COOKIE{'pass' . $COOKIE_ID} eq crypt($pass, "cookie") && $guess eq "" && !$nocookies); $ok = "No" if ($username ne $superuser && $pass eq ""); $ok = "No" if ($pass eq "" && !$accept_blank_pw); return $test_pass if $ok eq "Yes"; } } if ($ok ne "Yes") { $ts = time; $host = $ENV{'REMOTE_HOST'}; $addr = $ENV{'REMOTE_ADDR'}; open (LOG, ">>$admin_dir/adminlog.txt"); print LOG "$username;$host;$addr;$ts;WRONG\n"; close (LOG); &error_message("Bad Login", "Your username/password combination was invalid to access the administration program! Your intrusion has been logged.

You are browsing from $ENV{'REMOTE_HOST'}.", 0, 1); } } sub verify_owner { local ($owner, $username) = @_; $username =~ tr/A-Z/a-z/; local (@group_data, $group, $usernames, @username, $groupname); open (GROUP, "$admin_dir/groups.txt") || &error_message("File Error", "Cannot open group file (groups.txt)!"); @group_data = ; close (GROUP); foreach $group (@group_data) { chop ($group) if $group =~ /\n$/; ($groupname, $usernames) = split(/:/, $group); if ($groupname eq $owner) { @username = split(/,/, $usernames); if (grep (/^$username$/, @username)) { return 1; } else { return 0; } } } return 0; } 1;