#!/usr/bin/perl -w use strict; use CGI ":standard"; #use CGI::Compress::Gzip; use DBI qw(:sql_types); use Time::Local; use Pagemill; #my $cgi = new CGI::Compress::Gzip; my $SCRIPT_NAME = 'pagemill.cgi'; # Connect to the database. my $dbh = DBI->connect_cached(Pagemill::getBlogDatabase(), Pagemill::getBlogUser(), Pagemill::getBlogPassword()) or die("Could not connect to the database!"); open (STDERR, ">>errfile.txt"); &addToTheLog(); if (&checkForBlocked() ne "blocked") { &manageCounter(); if (defined param('postcomment')) { if ($ENV{'REMOTE_ADDR'} =~ m/^(\d+)\.(\d+)\.(\d+)\.(\d+)$/) { my $xblresult = qx!/usr/bin/host $4.$3.$2.$1.xbl.spamhaus.org!; unless ($xblresult =~ m/\b127\.0\.0\.\d+\b/) { my $postIndex = param('postcomment'); my $name = param('name'); my $email = param('email'); my $website = param('site'); my $ip = (defined $ENV{'REMOTE_ADDR'} ? $ENV{'REMOTE_ADDR'} : '0.0.0.0'); my $entry = param('commententry'); $entry =~ s{&}{"&"}ge; $entry =~ s{"}{"""}ge; #" $entry =~ s{<}{"<"}ge; $entry =~ s{>}{">"}ge; $entry =~ s{\n}{"
"}ge; $entry =~ s{<a href="(.*)">(.+)</a>}{"$2"}ge; #" $entry =~ s{<b>(.+)</b>}{"$1"}ge; #" $entry =~ s{<i>(.+)</i>}{"$1"}ge; #" $entry =~ s{<u>(.+)</u>}{"$1"}ge; #" $entry =~ s{<li>(.+)</li>}{"
  • $1
  • "}ge; #" $entry =~ s{<ol>(.+)</ol>}{"
      $1
    "}ge; #" $entry =~ s{<ul>(.+)</ul>}{""}ge; #" $entry =~ s{^\s+$}{" "}; my $sth = $dbh->prepare("INSERT INTO blog_comments (comment_postindex, comment_time, comment_author, comment_email, comment_link, comments_ip, comment_entry) VALUES (?, NOW(), ?, ?, ?, ?, ?)"); $sth->bind_param(1, $postIndex, SQL_INTEGER); $sth->bind_param(2, $name, SQL_VARCHAR); $sth->bind_param(3, $email, SQL_VARCHAR); $sth->bind_param(4, $website, SQL_VARCHAR); $sth->bind_param(5, $ip, SQL_VARCHAR); $sth->bind_param(6, $entry, SQL_VARCHAR); $sth->execute(); $sth->finish(); if (defined param("rememberme")) { my $bakery = new CGI; my $cookie = $bakery->cookie(-name=>'PagemillCommentData', -value=>[$name, $website, $email], -expires=>'+10y'); print header(-cookie=>$cookie); } else { print header(); } print ' ' . "\n"; } } } else { print header(); chdir '../CGI-Executables/modules/' or chdir 'modules'; print `perl ./header.pl`; print `perl ./content.pl`; print `perl ./sidebar.pl`; chdir '../../Documents' or chdir '..'; print "\n\n"; } } close STDERR; $dbh->disconnect(); ################################################################################ # addToTheLog # ################################################################################ sub addToTheLog { return; open THE_LOG, ">>logfile.txt"; my @details; $details[0] = (defined $ENV{"REMOTE_ADDR"} ? $ENV{"REMOTE_ADDR"} : "Unknown REMOTE_ADDR"); $details[1] = (defined $ENV{"REQUEST_METHOD"} ? $ENV{"REQUEST_METHOD"} : "Unknown REQUEST_METHOD"); $details[2] = (defined $ENV{"REQUEST_URI"} ? $ENV{"REQUEST_URI"} : "Unknown REQUEST_URI"); $details[3] = (defined $ENV{"QUERY_STRING"} ? $ENV{"QUERY_STRING"} : "Unknown QUERY_STRING"); $details[4] = (defined $ENV{"HTTP_USER_AGENT"} ? $ENV{"HTTP_USER_AGENT"} : "Unknown HTTP_USER_AGENT"); (my $sec, my $min, my $hour, my $mday, my $month, my $year) = localtime(time); $month++; $year += 1900; print THE_LOG "$month/$mday/$year $hour:"; print THE_LOG '0' if ($min < 10); print THE_LOG "$min:"; print THE_LOG '0' if ($sec < 10); print THE_LOG "$sec ==> Sighting from " . $details[0] . "\n RequestMethod: " . $details[1] . "\n RequestURI: " . $details[2] . "\n QueryString: " . $details[3] . "\n HTTPUserAgent: " . $details[4]; print THE_LOG "\n HTTPReferer: " . $ENV{"HTTP_REFERER"} if (defined $ENV{"HTTP_REFERER"}); print THE_LOG "\n"; close THE_LOG; } ################################################################################ # checkForBlocked # ################################################################################ sub checkForBlocked { my $thisuser = $ENV{REMOTE_ADDR}; $thisuser = "unknown" unless ($thisuser); my $sth = $dbh->prepare("SELECT blocked_visits FROM blog_blocked WHERE blocked_ip = '$thisuser'"); $sth->execute(); my $visits; $sth->bind_columns(undef, \$visits); if ($sth->rows() == 1) { print header(); print start_html(); print "

    This IP address ($thisuser) has been blocked from this website.

    "; print "Please email the webmaster if you think this has been done in error. Thank you."; print end_html(); $visits++; my $sth2 = $dbh->prepare("UPDATE blog_blocked SET blocked_visits = $visits, blocked_time = NOW() WHERE blocked_ip = '$thisuser'"); $sth2->execute(); $sth2->finish(); return 1; } $sth->finish(); return 0; } ################################################################################ # archiveTheLog # ################################################################################ sub archiveTheLog { open THE_LOG, "; chomp $input; close THE_LOG; $input =~ m\$([0-9]{1, 2}/[0-9]{1, 2}/[0-9]{4})\; my $startDate = $1; $startDate =~ s{/}{-}g; system 'mv logfile.txt logarchives/log-' . $startDate . '.txt'; } ################################################################################ # manageCounter # ################################################################################ sub manageCounter { my $thisuser = $ENV{REMOTE_ADDR}; $thisuser = "0.0.0.0" unless (defined $thisuser and $thisuser ne ''); my $sth = $dbh->prepare("SELECT counter_visits FROM blog_counter WHERE counter_ip = '$thisuser'"); $sth->execute(); if ($sth->rows() == 1) { my ($visits) = $sth->fetchrow_array(); $visits++; my $sth2 = $dbh->prepare("UPDATE blog_counter SET counter_visits = $visits WHERE counter_ip = '$thisuser'"); $sth2->execute(); $sth2->finish(); } else { my $sth2 = $dbh->prepare("INSERT INTO blog_counter (counter_ip) VALUES ('$thisuser')"); $sth2->execute(); $sth2->finish(); } $sth->finish(); }