Authorization required

#!/util/perl/bin/perl # # roster v1.0 by Joe Testa [08.19.2001 9:30PM] # # This is the structure of the data file. # # name(0)|language(1)|e-mail address(2)|public address(3)|public phone number(4)|office hours(5)| # URLs(6)|additional info(7)|private street(8)|private city(9)|private phone(10)|encrypted password(11)| require( 'config.pl' ); # Open & read the data file. open( hDataFile, "<$DATA_FILE" ) || die; flock( hDataFile, LOCK_SH ); @dataFile = ; flock( hDataFile, LOCK_UN ); close( hDataFile ); # Parse the %encoded characters; build the %FORM hash table. &parse; # If these two fields are not defined in the form input, then # the user should be presented with the entire public database. if ( defined $FORM{'record'} && defined $FORM{'pwp'} ) { # If the 'pwp' ([p]ass[w]ord [p]resent) variable is 0, then the user should be # prompted for a password. If it is not 0, then the private data for the # specified record should be displayed. if ( $FORM{'pwp'} eq 0 ) { &promptForPassword( $FORM{'record'} ); } else { &checkPasswordAndShowInfo( $FORM{'password'}, $FORM{'record'} ); } } else { &showPublicRecords; } exit( 0 ); sub showPublicRecords { # Open & read the template header. open( hTemplateHeader, "<$TEMPLATE_HEADER" ); @templateHeader = ; close( hTemplateHeader ); # Open & read the template body. open( hTemplateBody, "<$TEMPLATE_BODY" ); @templateBody = ; close( hTemplateBody ); # Open & read the template footer. open( hTemplateFooter, "<$TEMPLATE_FOOTER" ); @templateFooter = ; close( hTemplateFooter ); # Save the number of lines in the data file for use later. Looping starts # at 1 because line 0 contains only the administrator password. $i = 1; # Loop through the database and construct field arrays. for( ; $i < scalar @dataFile; $i++ ) { @fields = split( /\|/, $dataFile[ $i ] ); # use shift $names[ $i ] = $fields[ 0 ]; $language[ $i ] = $fields[ 1 ]; $emails[ $i ] = $fields[ 2 ]; $address[ $i ] = $fields[ 3 ]; $phone[ $i ] = $fields[ 4 ]; $office_hours[ $i ] = $fields[ 5 ]; $urls[ $i ] = $fields[ 6 ]; $additional_info[ $i ] = $fields[ 7 ]; $dataFile[ $i ] = ""; } # Save the template body into a scalar variable. for( $j = 0; $j < scalar @templateBody; $j++ ) { $originalTemplateBody = $originalTemplateBody . $templateBody[ $j ]; } # Loop from index 1 to the length of the database ($k). for( $k = 1; $k < $i; $k++ ) { # Make a copy of the template, then substitute in the apropriate information. $temp = $originalTemplateBody; # Split up the address field to retrieve the building name & office number. @tempArray = split( /\%/, $address[ $k ] ); $public_address = $tempArray[ 0 ] . ' ' . $tempArray[ 1 ]; # Split up the public phone field to retrieve the last four digits of the # phone number & the extension. @tempArray = $phone[ $k ]; $public_phone = $tempArray[ 0 ]; ### # Split up the public phone field to retrieve the last four digits of the # phone number & the extension. #@tempArray = split( /\%/, $phone[ $k ] ); #$public_phone = '645-' . $tempArray[ 0 ] . ' x' . $tempArray[ 1 ]; ### # Handle the office times... $office_times = ''; @tempArray = split( /\!/, $office_hours[ $k ] ); for ( $b = 0; $b < scalar @tempArray; $b++ ) { @tempArray2 = split( /\%/, $tempArray[ $b ] ); $office_times .= $tempArray2[ 0 ] . ' - ' . $tempArray2[ 1 ] . ':'; $office_times .= ( $tempArray2[ 2 ] . ' to ' . $tempArray2[ 3 ] . ':' ); $office_times .= ( $tempArray2[ 4 ] . '
' ); } # Handle the URLs... $urlLinks = ''; @tempArray = split( /\!/, $urls[ $k ] ); for ( $b = 0; $b < scalar @tempArray; $b++ ) { @tempArray2 = split( /\%/, $tempArray[ $b ] ); # If there is no address, then do not try to make a link. if ( $tempArray2[ 2 ] eq '' ) { $urlLinks .= ( $tempArray2[ 0 ] . ' ' . $tempArray2[ 1 ] . '
' ); } else { $urlLinks .= ( '' ); $urlLinks .= ( $tempArray2[ 0 ] . ' ' . $tempArray2[ 1 ] . '
' ); } } $temp =~ s/\$NAME\$/$names[ $k ]/gi; $temp =~ s/\$EMAIL\$/$emails[ $k ]/gi; $temp =~ s/\$PHONE\$/$public_phone/gi; $temp =~ s/\$ADDRESS\$/$public_address/gi; $temp =~ s/\$LANGUAGE\$/$language[ $k ]/gi; $temp =~ s/\$OFFICE_HOURS\$/$office_times/gi; $temp =~ s/\$URLS\$/$urlLinks/gi; # Parse out the two integers specifying if translating and tutoring is # available. $stuff = "

"; @addInfo = split( /\%/, $additional_info[ $k ] ); if (( $addInfo[ 0 ] eq '1' ) && ( $addInfo[ 1 ] eq '1' )) { $stuff .= "available for translating, tutoring"; } elsif ( $addInfo[ 0 ] eq '1' ) { $stuff .= "available for translating"; } elsif ( $addInfo[ 1 ] eq '1' ) { $stuff .= "available for tutoring"; } else { $stuff .= "not available for translating or tutoring"; } $stuff .= ( "
" . $addInfo[ 2 ] ); $temp =~ s/\$ADDITIONAL_INFO\$/$stuff/gi; $temp =~ s/\$RECORD_NUMBER\$/$k/gi; $temp =~ s/\$PROTO\$/$PROTOCOL/gi; $temp =~ s/\$HOST\$/$HOSTNAME/gi; $temp =~ s/\$EDITPATH\$/$EDIT_SCRIPT/gi; $temp =~ s/\$VIEWPATH\$/$VIEW_SCRIPT/gi; $newTemplateBody = $newTemplateBody . $temp; } # Save the template body into a scalar variable. for( $j = 0; $j < scalar @templateFooter; $j++ ) { $newTemplateFooter = $newTemplateFooter . $templateFooter[ $j ]; } $newTemplateFooter =~ s/\$PROTO\$/$PROTOCOL/gi; $newTemplateFooter =~ s/\$HOST\$/$HOSTNAME/gi; $newTemplateFooter =~ s/\$ADMINPATH\$/$ADMIN_SCRIPT/gi; print "Content-type: text/html\n\n"; print @templateHeader; print $newTemplateBody; print $newTemplateFooter; } sub promptForPassword { print "Content-type: text/html\n\n"; print "Authorization required

"; print "A password is required to access the private information associated with this record."; print ""; } sub checkPasswordAndShowInfo { # Retrieve the hash of the password that was sent. $sentpw = crypt( $_[ 0 ], $SALT_CHARS ); $record = $_[ 1 ]; $authorized = 0; # First, check to see if the sent password is equal to the stored administrator # password... $adminpw = $dataFile[ 0 ]; chomp( $adminpw ); if ( $sentpw eq $adminpw ) { $authorized = 1; } undef( $adminpw ); # Loop through the data file and check each stored password with the one provided. If # any match, then the user is authorized to view the private content. for ( $p = 1; $p < scalar @dataFile && authorized == 0; $p++ ) { $dataLine = $dataFile[ $p ]; @dataFields = split( /\|/, $dataLine ); if ( $sentpw eq $dataFields[ 11 ] ) { $authorized = 1; } } $dataLine = $dataFile[ $record ]; @dataFields = split( /\|/, $dataLine ); $private_street = $dataFields[ 8 ]; $private_city = $dataFields[ 9 ]; $private_phone = $dataFields[ 10 ]; print "Content-type: text/html\n\n"; if ( $authorized eq 1 ) { print "

$dataFields[ 0 ]
"; print "$private_street"; print "$private_city"; print "$private_phone"; print "
Back"; } else { print "

Incorrect password."; } }