#!/usr/bin/perl
use CGI::Carp qw(fatalsToBrowser);
#
# csBanner - v2.5 - 030603
#
# Set this variable if installing on a windows server
$basepath = './';
#
# Some Windows based servers required the following.
# push(@INC,"/path/to/csBanner/directory");
#####################################################################
# #
# Copyright © 1999-2003 CGISCRIPT.NET - All Rights Reserved #
# #
#####################################################################
# #
# THIS COPYRIGHT INFORMATION MUST REMAIN INTACT #
# AND MAY NOT BE MODIFIED IN ANY WAY #
# #
#####################################################################
#
# When you downloaded this script you agreed to accept the terms
# of this Agreement. This Agreement is a legal contract, which
# specifies the terms of the license and warranty limitation between
# you and CGISCRIPT.NET. You should carefully read the following
# terms and conditions before installing or using this software.
# Unless you have a different license agreement obtained from
# CGISCRIPT.NET, installation or use of this software indicates
# your acceptance of the license and warranty limitation terms
# contained in this Agreement. If you do not agree to the terms of this
# Agreement, promptly delete and destroy all copies of the Software.
#
# Versions of the Software
# Only one copy of the registered version of CGISCRIPT.NET
# may used on one web site.
#
# License to Redistribute
# Distributing the software and/or documentation with other products
# (commercial or otherwise) or by other than electronic means without
# CGISCRIPT.NET's prior written permission is forbidden.
# All rights to the CGISCRIPT.NET software and documentation not expressly
# granted under this Agreement are reserved to CGISCRIPT.NET.
#
# Disclaimer of Warranty
# THIS SOFTWARE AND ACCOMPANYING DOCUMENTATION ARE PROVIDED "AS IS" AND
# WITHOUT WARRANTIES AS TO PERFORMANCE OF MERCHANTABILITY OR ANY OTHER
# WARRANTIES WHETHER EXPRESSED OR IMPLIED. BECAUSE OF THE VARIOUS HARDWARE
# AND SOFTWARE ENVIRONMENTS INTO WHICH CGISCRIPT.NET MAY BE USED, NO WARRANTY
# OF FITNESS FOR A PARTICULAR PURPOSE IS OFFERED. THE USER MUST ASSUME THE
# ENTIRE RISK OF USING THIS PROGRAM. ANY LIABILITY OF CGISCRIPT.NET WILL BE
# LIMITED EXCLUSIVELY TO PRODUCT REPLACEMENT OR REFUND OF PURCHASE PRICE.
# IN NO CASE SHALL CGISCRIPT.NET BE LIABLE FOR ANY INCIDENTAL, SPECIAL OR
# CONSEQUENTIAL DAMAGES OR LOSS, INCLUDING, WITHOUT LIMITATION, LOST PROFITS
# OR THE INABILITY TO USE EQUIPMENT OR ACCESS DATA, WHETHER SUCH DAMAGES ARE
# BASED UPON A BREACH OF EXPRESS OR IMPLIED WARRANTIES, BREACH OF CONTRACT,
# NEGLIGENCE, STRICT TORT, OR ANY OTHER LEGAL THEORY. THIS IS TRUE EVEN IF
# CGISCRIPT.NET IS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO CASE WILL
# CGISCRIPT.NET' LIABILITY EXCEED THE AMOUNT OF THE LICENSE FEE ACTUALLY PAID
# BY LICENSEE TO CGISCRIPT.NET.
#
# Credits:
# Andy Angrick - Programmer - angrick@cgiscript.net
# Mike Barone - Design - mbarone@cgiscript.net
#
# For information about this script or other scripts see
# http://www.cgiscript.net
#
# Thank you for trying out our script.
# If you have any suggestions or ideas for a new innovative script
# please direct them to suggest@cgiscript.net. Thanks.
#
########################################################################
# Config Variables #
########################################################################
(! -e "$basepath/setup.cgi")?($nosetup=1):(require("$basepath/setup.cgi"));
$flock=1;
$in{'ext'} = 'cgi';
$sendmail = '/usr/sbin/sendmail';
$sideshowtype = 2;
$epp = 25;
$sslimit=50;
########################################################################
# End Config Variables #
########################################################################
require("$basepath/libs.cgi");
$in{'cgiurl'} = $cgiurl."/csBanner.$in{'ext'}";
$in{'bannerurl'} = $bannerurl;
$in{'cinfo'} = qq|
Powered
by csBanner - © 2000-2003 CGIScript.net ){
my(@f) = split("\t",$_);
push(@dbfiles,$f[0]);
}
close DB;
foreach my $catId (@dbfiles){
undef %imp;
undef %clk;
undef %per;
&GetLogs($catId);
next if($catId =~ /[^\d]/);
open(DB,"$datapath/data-$catId/banner-$catId.cgi");
while($line=){
chomp $line;
$count++;
(@fields) = split(/\~/,$line);
next if (($in{'UserName'} ne $fields[9])||($in{'PassWord'} ne $fields[10]));
foreach $i (0..$#fields){
$fields[$i] =~ s/&#(\d+);/pack("c",$1)/ge;
$fields[$i] =~ s/([<>"])/'&#'.ord($1).';'/ge;
}
($flip==1)?($bgc='#CCCCCC'):($bgc='#FFFFFF');
$flip=$flip * -1;
(!$imp{$fields[0]})&&($imp{$fields[0]}='0');
(!$clk{$fields[0]})&&($clk{$fields[0]}='0');
(!$per{$fields[0]})&&($per{$fields[0]}='0');
$desc = $fields[1];
$desc =~ s/([^\w])/'%'.sprintf("%.2x",ord($1))/ge;
if($fields[8]){
$fields[8] =~ s/&#(\d+);/pack("c",$1)/ge;
$fields[8] =~ s/\\n/\n/g;
$html = $fields[8];
}
else{
$html = "
Statistics
Impressions
Click-Thru
Percent
$imp{$fields[0]}
$clk{$fields[0]}
$per{$fields[0]}
Remaining Quota Limits
Impressions
Click-Thru
Day Limit
$impremain
$clkremain
$dayremain
$html
|;
$in{'rowsel'}='';
}
}
(!$in{'line'})&&($in{'line'} = 'no banners configured');
&PageOut("$cgipath/t_pub_manage.htm");
exit;
}
sub ShowLinks{
&GetDatabases;
$ssi = $in{'cgiurl'};
$ssi =~ s/http:\/\/.*?\//\//i;
my(@opts);
($in{'rows'})&&(push(@opts, "rows=$in{'rows'}"));
($in{'cols'})&&(push(@opts, "cols=$in{'cols'}"));
($in{'cellpadding'})&&(push(@opts, "cellpadding=$in{'cellpadding'}"));
($in{'cellspacing'})&&(push(@opts, "cellspacing=$in{'cellspacing'}"));
($in{'width'})&&(push(@opts, "width=$in{'width'}"));
($in{'height'})&&(push(@opts, "height=$in{'height'}"));
my $opt='';
if(@opts){
$opt = '&'.join("&",@opts);
}
$in{'ssiurl'} = qq|
|;
$in{'jsurl'} = qq|
|;
$in{'ssiurls'} = qq|
|;
$in{'jsurls'} = qq|
|;
if($in{'command'} eq 'slw'){
srand;
$in{'rand'} = int(rand(1000));
&PageOut("$cgipath/t_show_links_mod.htm");
}
else{
&PageOut("$cgipath/t_show_links.htm");
}
exit;
}
sub ClickThrough{
my($catId) = $in{'g'};
my($id) = $in{'id'};
(!$id)&&(exit);
(!$catId)&&(exit);
($id =~ /[^\d]/)&&(exit);
($catId =~ /[^\d]/)&&(exit);
open(DB,"$datapath/data-$catId/banner-$catId.cgi");
$found = 0;
while(){
chomp;
(@fields) = split(/\~/,$_);
($fields[0] eq $in{'id'})&&($found = 1)&&(last);
}
close DB;
if($found){
$fields[2] =~ s/&#(\d+);/pack("c",$1)/ge;
&LogMe(2,$catId,$id);
print "Location: $fields[2]\n\n";
}
else{
print "Content-type: text/html\n\n no record found";
}
exit;
}
sub SlideShow{
my($catId) = $in{'g'};
(!$catId)&&(exit);
($catId =~ /[^\d]/)&&(exit);
(-e "$datapath/data-$catId/$catId-style")?(require "$datapath/data-$catId/$catId-style"):(require "$cgipath/styles.pl");
$delay = $in{'d'}*1000;
srand(time|$$);
$rnd = int(rand(1000))+1;
my($bcode) = &ShowBanners(1);
$o = qq|
){
chomp;
(@fields) = split(/\~/,$_);
foreach $i (0..$#fields){
$fields[$i] =~ s/&#(\d+);/pack("c",$1)/ge;
}
($fields[7] eq 'SP')&&($fields[3] = '_self');
($fields[7] eq 'NW')&&($fields[3] = '_blank');
if($fields[8]){
$fields[8] =~ s/\\n//g;
$ohtml = $fields[8];
$fields[8] =~ s/"/\\\\"/g;
$html = $fields[8];
}
else{
$html = qq||;
$eurl = ' ';
$surl2 = "";
}
push(@mtmp,"$surl2$ohtml ");
push(@tmp,qq|"$surl$html$eurl";\n|);
$ac++;
&LogMe(1,$catId,$fields[0]);
}
close DBO;
my (@tmp2);
foreach my $i (0..$#tmp){
$finished=0;
$c=0;
do{
$r = int(rand($#tmp+2)-1);
if(!$tmp2[$r]){
$tmp2[$r] = $tmp[$i];
$finished = 1;
}
($c++)&&($c > 5000)&&($finished=1);
}until($finished);
}
@tmp = @tmp2;
my ($mc) = 0;
for my $i (@tmp){
$ab .= "bannerArray${rnd}[$mc] = $i";
$mc++;
}
(!$fb)&&($fb=$mtmp[int(rand($#mtmp))]);
if($in{'js'} ne 'Y'){
$ab =~ s/\\\\/\\/g;
}
$o = qq|
){
chomp $line;
(@fields) = split(/\~/,$line);
next if ($fields[6] ne 'Y');
for (1..$fields[5]){
$tcount++;
push(@pool,$line);
}
}
if(!@pool){
exit;
}
close DB;
($in{'num'} > $tcount)&&($in{'num'} = $tcount);
srand;
for $i (1..$in{'num'}){
do{
my $c;
$num = int(rand($tcount));
(!$use{$num})&&($tc++);
($tc > $tcount)&&(last);
($c++)&&($c > 1000)&&(last);
}until(!$use{$num});
$use{$num} = 1;
(@fields) = split(/\~/,$pool[$num]);
$in{'banner'.$i} = &GetBannerHTML($catId);
}
my $tmpl;
($in{'t'} =~ /[^\w]/)&&($in{'t'} = '');
if(($in{'t'})&&(-e "$datapath/data-$catId/$in{'t'}.htm")){
open(TMP,"<$datapath/data-$catId/$in{'t'}.htm");
while(){
$tmpl .= $_;
}
close TMP;
$tmpl =~ s/in\((\w+)\)/$in{$1}/g;
}
else{
($in{'cellpadding'} =~ /[^\d]/)&&($in{'cellpadding'}='');
($in{'cellspacing'} =~ /[^\d]/)&&($in{'cellspacing'}='');
(!$in{'cellpadding'})&&($in{'cellpadding'} = '0');
(!$in{'cellspacing'})&&($in{'cellspacing'} = '0');
$tmpl = "\n";
for (1..$in{'rows'}){
$tmpl .= "\n";
for (1..$in{'cols'}){
$t++;
$tmpl .= "$in{'banner'.$t} \n";
}
$tmpl .= " \n";
}
$tmpl .= "
\n";
}
if($in{'command'} eq 'gbc'){
#print "Content-type: text/html\n\n";
$tmpl =~ s/([^\w])/'%'.sprintf("%.2x",ord($1))/ge;
print "Set-Cookie: bc=$tmpl\n";
print "Content-type: image/gif\n\n";
print "\0";
exit;
}
if($codeonly == 1){
return $tmpl;
exit;
}
if($in{'js'}){
&OutJS($tmpl);
}
else{
print $tmpl;
}
exit;
}
sub GetBannerHTML{
my($catId) = @_;
my $o;
foreach $i (0..$#fields){
$fields[$i] =~ s/&#(\d+);/pack("c",$1)/ge;
$fields[$i] =~ s/\\n/\n/g;
}
($fields[7] eq 'SP')&&($fields[3] = '_self');
($fields[7] eq 'NW')&&($fields[3] = '_blank');
&LogMe(1,$catId,$fields[0]) unless (!$fields[0]);
if($fields[8]){
$html = $fields[8];
}
else{
($in{'height'} =~ /[^\d]/)&&($in{'height'}='');
($in{'width'} =~ /[^\d]/)&&($in{'width'}='');
($in{'height'})&&($height = "height=\"$in{'height'}\"");
($in{'width'})&&($width = "width=\"$in{'width'}\"");
$html = "";
$eurl = ' ';
if($in{'position'} eq 'TOP'){
$top = "$surl$fields[1] $eurl";
$bottom = "$surl$html$eurl";
}
elsif($in{'position'} eq 'BOTTOM'){
$bottom = "$surl$fields[1] $eurl";
$top = "$surl$html$eurl";
}
else{
$top = "$surl$html$eurl";
}
$o = "";
return $o;
}
sub GetLogin{
&GetCookies;
$in{'UserName'} = $cookie{'UserName'};
$in{'PassWord'} = $cookie{'PassWord'};
# if no password, then output the login screen
if(!$in{'UserName'}){
&PageOut("$cgipath/t_login.htm");
exit;
}
if(($^O =~ /win/i)){
if(($in{'UserName'} eq $username)&&($in{'PassWord'} eq $password)){
#good to go.
$admin = 1;
return 1;
}
}
else{
if(($in{'UserName'} eq $username)&&(crypt($in{'PassWord'},'CS') eq $password)){
#good to go.
$admin = 1;
return 1;
}
}
# password failed
&PError("Error. Invalid username or password");
}
sub Login{
&PageOut("$cgipath/t_login.htm");
exit;
}
sub AddDB{
(!$in{'groupdb'})&&(&PError("Error. Please Enter a Group Name."));
($in{'groupdb'} =~ /([<>])/)&&(&PError("Error. $1 characters are not allowed in category name."));
(length($in{'groupdb'}) > 50)&&(&PError("Error. Category name has to be 50 characters or less"));
my($id) = &GetID;
&CheckSafe("$datapath/categories.cgi");
open(DB,">>$datapath/categories.cgi");
print DB "$id\t$in{'UserName'}\t$in{'groupdb'}\n";
close DB;
mkdir "$datapath/data-$id",0777;
mkdir "$bannerpath/b-$id",0777;
print qq|
|;
exit;
}
sub Setup{
use Cwd;
$in{'cgipath'} = Cwd::cwd();
$in{'cgiurl'} = "$ENV{'HTTP_HOST'}/$ENV{'SCRIPT_NAME'}";
$in{'cgiurl'} =~ s/\/\//\//g;
$in{'cgiurl'} = "http://".$in{'cgiurl'};
$in{'cgiurl'} =~ s/\/csBanner\.$in{'ext'}//i;
$in{'datapath'} = $in{'cgipath'}.'/data';
$in{'bannerurl'} = $in{'cgiurl'}.'/banners';
$in{'bannerpath'} = $in{'cgipath'}.'/banners';
&PageOut("$basepath/t_setup.htm");
exit;
}
sub SaveSetup{
(-e "$basepath/setup.cgi")&&(&PError("Error. Access Denied"));
if($^O !~ /win/i){
$in{'mpassword'} = crypt($in{'mpassword'},'CS');
}
&CheckSafe("$basepath/setup.cgi");
open(SETUP,">$basepath/setup.cgi");
print SETUP "\$cgiurl='$in{'mcgiurl'}';\n";
print SETUP "\$cgipath='$in{'mcgipath'}';\n";
print SETUP "\$datapath='$in{'mdatapath'}';\n";
print SETUP "\$bannerpath='$in{'mbannerpath'}';\n";
print SETUP "\$bannerurl='$in{'mbannerurl'}';\n";
print SETUP "\$username='$in{'musername'}';\n";
print SETUP "\$password='$in{'mpassword'}';\n";
print SETUP "1;\n";
&Redirect("$ENV{'SCRIPT_NAME'}?command=login","Setup.cgi reconfigured");
exit;
}
sub DeleteDB {
my ($catId) = $in{'cid'} || PError("No id specified");
($in{'cid'} =~ /[^\d]/)&&(PError("Error. Invalid group id"));
&CheckAccess($catId);
my(@c,@b);
open(DB,"+<$datapath/categories.cgi");
($flock)&&(flock(DB,2));
while(){
my($id,$uid,$name) = split("\t",$_);
push(@c,$_) unless ($id eq $catId);
}
seek(DB,0,0);
foreach my $i (@c){
print DB $i;
}
truncate(DB, tell(DB));
($flock)&&(flock(DB,8));
close DB;
opendir(DIR,"$datapath/data-$catId");
(@b) = readdir(DIR);
closedir(DIR);
foreach my $i (@b){
next if ($i eq '.');
next if ($i eq '..');
unlink("$datapath/data-$catId/$i");
}
rmdir("$datapath/data-$catId/");
opendir(DIR,"$bannerpath/b-$catId");
(@b) = readdir(DIR);
closedir(DIR);
foreach my $i (@b){
next if ($i =~ /^\./);
unlink("$bannerpath/b-$catId/$i");
}
rmdir("$bannerpath/b-$catId");
&Redirect($in{'cgiurl'} . "?command=manage","Banner Group Deleted");
}
sub Refresh{
&SetStyle;
&ShowAdv;
exit;
}
sub ShowUpload{
&PageOut("$cgipath/t_upload.htm");
exit;
}
sub Upload{
my($catId) = $in{'database'};
(-e "$datapath/data-$catId/$catId-style")?(require "$datapath/data-$catId/$catId-style"):(require "$cgipath/styles.pl");
(!$catId)&&(&PError("Invalid Group"));
($catId =~ /[^\d]/)&&(&PError("Invalid Group"));
&CheckAccess($catId);
&CheckSafe($in{'file'});
$rn = &GetRealName($in{'file'});
&CheckSafe($rn);
&CheckExt($rn);
$orn = &GetRealName($in{'oldf'});
&CheckSafe($orn);
unlink("$bannerpath/b-$catId/$orn");
($ext) = $rn =~ /.*\.(\w*)$/;
&SaveFile($in{'file'},"$bannerpath/b-$catId/$rn");
print qq|
|;
exit;
}
sub ShowColor{
$in{'c'.$in{'cc'}} = 'checked';
&PageOut("$cgipath/color_selector.htm");
exit;
}
sub SetColor{
my($catId) = $in{'database'};
(!$catId)&&(&PError("Invalid Group"));
($catId =~ /[^\d]/)&&(&PError("Invalid Group"));
(-e "$datapath/data-$catId/$catId-style")?($dbs = "$datapath/data-$catId/$catId-style"):($dbs = "$cgipath/styles.pl");
open(ADV,"${dbs}")||die print "$! - ${dbs}";
($in{'colorselect'} =~ /[^A-Fa-f0-9]/)&&(&PError("Error. Invalid Color"));
($in{'fieldname'} =~ /[^A-Za-z0-9]/)&&(&PError("Error. Invalid Field"));
open(TMP,">$datapath/data-$catId/$catId-style.tmp");
while(){
(!/'\$in{'$in{'fieldname'}'}'/)&&(!/1;/)&&(print TMP $_);
}
print TMP "\$in{'$in{'fieldname'}'} = \"$in{'colorselect'}\";\n1;\n";
close ADV;
close TMP;
rename("$datapath/data-$catId/${catId}-style.tmp","$datapath/data-$catId/${catId}-style");
print <<"EOF";
EOF
}
sub ShowAddDB{
&PageOut("$cgipath/t_adddb.htm");
exit;
}
sub SetStyle{
my($catId) = $in{'database'};
(!$catId)&&(&PError("Invalid Group"));
($catId =~ /[^\d]/)&&(&PError("Invalid Group"));
&CheckAccess($catId);
($in{'fta'})&&($in{'fta'} =~ /[^a-zA-Z, ]/)&&(&PError("Error. Invalid character in file type to allow"));
($in{'ftr'})&&($in{'ftr'} =~ /[^a-zA-Z, ]/)&&(&PError("Error. Invalid character in file type to reject"));
($in{'maxsize'})&&($in{'maxsize'} =~ /[^\d]/)&&(&PError("Error. Invalid max size"));
($in{'imgBorder'})&&($in{'imgBorder'} =~ /[^\d]/)&&(&PError("Error. Invalid image border"));
($in{'position'})&&($in{'position'} ne 'TOP')&&($in{'position'} ne 'BOTTOM')&&($in{'position'} ne 'NONE')&&(&PError("Error. Invalid position"));
($in{'TitleTableText'})&&($in{'TitleTableText'} =~ /[^a-fA-F0-9]/)&&(&PError("Error. Invalid title color"));
($in{'TitleFace'})&&($in{'TitleFace'} =~ /[^a-zA-Z, ]/)&&(&PError("Error. Invalid title font"));
($in{'TitleSize'})&&($in{'TitleSize'} =~ /[^\d]/)&&(&PError("Error. Invalid title size"));
($in{'d'})&&($in{'d'} =~ /[^\d]/)&&(&PError("Error. Invalid title size"));
($in{'dl'})&&($in{'dl'} ne 'checked')&&(&PError("Error. Invalid checkbox"));
($in{'rl'})&&($in{'rl'} =~ /[^\d]/)&&(&PError("Error. Invalid log reset size"));
($in{'ipnotlog'})&&($in{'ipnotlog'} =~ /[^\d\.\ \r\n]/)&&(&PError("Error. IP Address"));
($in{'sel'})&&($in{'sel'} ne 'checked')&&(&PError("Error. Invalid send email on limits"));
($in{'selemail'})&&($in{'selemail'} !~ /^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$/)&&(&PError("Error. Invalid email address"));
open(STYLE,">$datapath/data-$catId/$catId-style");
print STYLE "\$in{'fta'}='$in{'fta'}';\n";
print STYLE "\$in{'ftr'}='$in{'ftr'}';\n";
print STYLE "\$in{'maxsize'}='$in{'maxsize'}';\n";
print STYLE "\$in{'imgBorder'}='$in{'imgBorder'}';\n";
print STYLE "\$in{'position'}='$in{'position'}';\n";
print STYLE "\$in{'TitleTableText'}='$in{'TitleTableText'}';\n";
print STYLE "\$in{'TitleFace'}='$in{'TitleFace'}';\n";
print STYLE "\$in{'TitleSize'}='$in{'TitleSize'}';\n";
print STYLE "\$in{'d'}='$in{'d'}';\n";
print STYLE "\$in{'dl'}='$in{'dl'}';\n";
print STYLE "\$in{'rl'}='$in{'rl'}';\n";
print STYLE "\$in{'ipnotlog'}='$in{'ipnotlog'}';\n";
print STYLE "\$in{'sel'}='$in{'sel'}';\n";
print STYLE "\$in{'selemail'}='$in{'selemail'}';\n";
print STYLE "1;\n";
close STYLE;
}
sub SetStyles{
&SetStyle;
print <<"EOF";
EOF
exit;
}
sub ShowAd{
my($catId) = $in{'database'};
(!$catId)&&(&PError("Invalid Group"));
($catId =~ /[^\d]/)&&(&PError("Invalid Group"));
(-e "$datapath/data-$catId/$catId-style")?(require "$datapath/data-$catId/$catId-style"):(require "$cgipath/styles.pl");
$in{"selfTitleText$in{'fTitleText'}"}='selected';
(!$in{'position'})&&($in{'BOTTOM'} = 'checked');
(!$in{'imgBorder'})&&($in{'imgBorder'} = '0');
$in{$in{'position'}} = "checked";
$in{'description'} =~ s/([<>"])/'&#'.ord($1).';'/ge;
$in{'URL'} =~ s/([<>"])/'&#'.ord($1).';'/ge;
$in{'target'} =~ s/([<>"])/'&#'.ord($1).';'/ge;
$in{'BannerURL'} =~ s/([<>"])/'&#'.ord($1).';'/ge;
}
sub ShowAdv{
&ShowAd;
&PageOut("$cgipath/t_banner_advanced_settings.htm");
exit;
}
sub ShowList{
$flip=1;
&GetDatabases;
my($catId) = $in{'database'};
($catId)&&($catId =~ /[^\d]/)&&(&PError("Invalid Group"));
&CheckAccess($catId);
&GetLogs($catId);
open(DB,"<$datapath/data-$catId/banner-$catId.cgi");
while($line=){
$tc++;
}
close DB;
(!$in{'page'})&&($in{'page'} = 1);
$start = ($in{'page'}*$epp)-$epp;
$end = $start + $epp;
open(DB,"<$datapath/data-$catId/banner-$catId.cgi");
while($line=){
$count++;
if(($count > $start) & ($count <= $end)){
chomp $line;
(@fields) = split("~",$line);
foreach $i (0..$#fields){
$fields[$i] =~ s/&#(\d+);/pack("c",$1)/ge;
$fields[$i] =~ s/([<>"])/'&#'.ord($1).';'/ge;
}
##make select
for $i (1..$tc){
($i == $count)?($sel = 'selected'):($sel='');
$in{'rowsel'} .= "$i ";
}
($flip==1)?($bgc='#CCCCCC'):($bgc='#FFFFFF');
$flip=$flip * -1;
(!$imp{$fields[0]})&&($imp{$fields[0]}='0');
(!$clk{$fields[0]})&&($clk{$fields[0]}='0');
(!$per{$fields[0]})&&($per{$fields[0]}='0');
$desc = $fields[1];
$desc =~ s/([^\w])/'%'.sprintf("%.2x",ord($1))/ge;
if($fields[8]){
$fields[8] =~ s/&#(\d+);/pack("c",$1)/ge;
$fields[8] =~ s/\\n/\n/g;
$html = $fields[8];
}
else{
$html = "
$in{'rowsel'}
Statistics
Impressions
Click-Thru
Percent
$imp{$fields[0]}
$clk{$fields[0]}
$per{$fields[0]}
Remaining Quota Limits
Impressions
Click-Thru
Day Limit
$impremain
$clkremain
$dayremain
$html
|;
$in{'rowsel'}='';
}
}
close DB;
if($in{'line'}){
&GetNlinks;
}
(!$in{'line'})&&($in{'line'}="No banners configured ){
chomp;
$seldb='';
my($cid,$uid,$cname) = split("\t",$_);
if(!$admin){
if($in{'UserName'} ne $uid){
next;
}
}
(!$in{'database'})&&($seldb='selected')&&($in{'database'} = $cid);
($cid eq $in{'database'})&&($seldb = 'selected');
$in{'databases'} .= "$cname \n";
}
(!$in{'databases'})&&($in{'databases'} = 'No categories created ');
close DB;
}
sub Delete{
$id = $in{'id'};
my($catId) = $in{'database'};
(!$catId)&&(&PError("Invalid Group"));
($catId =~ /[^\d]/)&&(&PError("Invalid Group"));
&CheckAccess($catId);
open(DB,"+<$datapath/data-$catId/banner-$catId.cgi");
($flock)&&(flock(DB,2));
while(){
(@fields) = split(/\~/,$_);
($fields[0] eq $id)&&($myfile = $fields[4]);
push(@l,$_) unless ($fields[0] eq $id);
}
seek(DB, 0, 0);
foreach (@l) {
print DB $_;
}
truncate(DB, tell(DB));
($flock)&&(flock(TMP,8));
close DB;
$myfile =~ s/&#(\d+);/pack("c",$1)/ge;
$myrn = &GetRealName($myfile);
($myrn)&&(unlink("$bannerpath/b-$catId/$myrn"));
dbmopen(%timp,"$datapath/data-$catId/imp",0666);
delete($timp{$id});
dbmclose %timp;
dbmopen(%tclk,"$datapath/data-$catId/clk",0666);
delete($tclk{$id});
dbmclose %tclk;
dbmopen(%timplimit,"$datapath/data-$catId/implimit",0666);
delete($timplimit{$id});
dbmclose %timplimit;
dbmopen(%tclklimit,"$datapath/data-$catId/clklimit",0666);
delete($tclklimit{$id});
dbmclose %tclklimit;
dbmopen(%tdaylimit,"$datapath/data-$catId/daylimit",0666);
delete($tdaylimit{$id});
dbmclose %tdaylimit;
print qq|
|;
exit;
}
sub SaveChanges{
&CheckVars;
my($catId) = $in{'database'};
(!$catId)&&(&PError("Invalid Group"));
($catId =~ /[^\d]/)&&(&PError("Invalid Group"));
&CheckAccess($catId);
(-e "$datapath/data-$catId/$catId-style")?(require "$datapath/data-$catId/$catId-style"):(require "$cgipath/styles.pl");$id = $in{'id'};
foreach $i (keys(%in)){
$in{$i} =~ s/&#(\d+);/pack("c",$1)/ge;
}
&GetOutVars;
open(DB,"+<$datapath/data-$catId/banner-$catId.cgi");
($flock)&&(flock(DB,2));
while(){
(@fields) = split(/\~/,$_);
($fields[0] eq $id)?(push(@l,"$newentry\n")):(push(@l,$_));
}
if (@l) {
seek(DB, 0, 0);
foreach (@l) {
print DB $_;
}
truncate(DB, tell(DB));
}
($flock)&&(flock(TMP,8));
close DB;
print qq|
|;
exit;
}
sub ShowEdit{
my($catId) = $in{'database'};
(!$catId)&&(&PError("Invalid Group"));
($catId =~ /[^\d]/)&&(&PError("Invalid Group"));
&CheckAccess($catId);
open(DB,"<$datapath/data-$catId/banner-$catId.cgi");
$found = 0;
while(){
chomp;
(@fields) = split(/\~/,$_);
($fields[0] eq $in{'id'})&&($found = 1)&&(last);
}
close DB;
if($found){
foreach $i (0..$#fields){
$fields[$i] =~ s/&#(\d+);/pack("c",$1)/ge;
$fields[$i] =~ s/\\n/\n/g;
}
foreach $i (0..$#fields){
$fields[$i] =~ s/([<>"])/'&#'.ord($1).';'/ge;
}
$in{'id'} = $fields[0];
$in{'description'} = $fields[1];
$in{'URL'} = $fields[2];
$in{'target'} = $fields[3];
$in{'BannerURL'} = $fields[4];
$in{'BannerHTML'} = $fields[8];
$in{'BannerHTML'} =~ s/\\n/\n/g;
$in{'weight'} = $fields[5];
$authorization = $fields[6];
$in{"a$authorization"} = 'checked';
$in{'sbutton'} = ' Save Changes ';
$in{'command'} = 'savechanges';
(!$authorization)&&($in{'aY'} = 'checked');
$in{$fields[7]} = 'checked';
(!$in{$fields[7]})&&($in{'SP'} = 'checked');
$in{'busername'} = $fields[9];
$in{'bpassword'} = $fields[10];
$in{'implimit'} = $fields[11];
$in{'clklimit'} = $fields[12];
$in{'daylimit'} = $fields[13];
&PageOut("$cgipath/t_add_banner.htm");
}
else{
print "Error. No record found.";
}
exit;
}
sub Add{
&CheckVars;
my($catId) = $in{'database'};
(!$catId)&&(&PError("Invalid Group"));
($catId =~ /[^\d]/)&&(&PError("Invalid Group"));
&CheckAccess($catId);
(-e "$datapath/data-$catId/$catId-style")?(require "$datapath/data-$catId/$catId-style"):(require "$cgipath/styles.pl");
$id = &GetID();
&GetOutVars;
if(! -e "$datapath/data-$catId/banner-$catId.cgi"){
open(DB,">$datapath/data-$catId/banner-$catId.cgi");
($flock)&&(flock(DB,2));
print DB "$newentry\n";
($flock)&&(flock(DB,8));
close DB;
}
else{
my(@l);
open(DB,"+<$datapath/data-$catId/banner-$catId.cgi");
($flock)&&(flock(DB,2));
while(){
push(@l,$_);
}
seek(DB,0,0);
print DB "$newentry\n";
foreach my $i (@l){
print DB $i;
}
truncate(DB, tell(DB));
($flock)&&(flock(DB,8));
close DB;
}
dbmopen(%tdaylimit,"$datapath/data-$catId/daylimit",0666);
$tdaylimit{$id}=time;
dbmclose %tdaylimit;
&Redirect("$in{'cgiurl'}?command=manage&database=$catId","Banner successfully added");
exit;
}
sub GetOutVars{
$description = $in{'description'};
$description =~ s/([^\w\s])/'&#'.ord($1).';'/ge;
$url = $in{'URL'};
$url =~ s/([^\w\s])/'&#'.ord($1).';'/ge;
$target = $in{'target'};
$target =~ s/([^\w\s])/'&#'.ord($1).';'/ge;
$BannerURL = $in{'BannerURL'};
$BannerURL =~ s/([^\w\s])/'&#'.ord($1).';'/ge;
$BannerHTML = $in{'BannerHTML'};
$BannerHTML =~ s/([^\w\s])/'&#'.ord($1).';'/ge;
$BannerHTML =~ s/\r*\n/\\n/g;
$weight = $in{'weight'};
(!$weight)&&($weight=1);
$weight =~ s/([^\w\s])/'&#'.ord($1).';'/ge;
$ptarg = $in{'ptarg'};
$authorization = $in{'authorization'};
$busername = $in{'busername'};
$bpassword = $in{'bpassword'};
$implimit = $in{'implimit'};
$clklimit = $in{'clklimit'};
$daylimit = $in{'daylimit'};
$newentry = "$id~$description~$url~$target~$BannerURL~$weight~$authorization~$ptarg~$BannerHTML~$busername~$bpassword~$implimit~$clklimit~$daylimit";
$newentry =~ s/\r\n/\\n/g;
$newentry =~ s/\n/\\n/g;
}
sub ShowAdd{
$in{'sbutton'} = ' Add Banner ';
$in{'command'} = 'add';
(!$in{'authorization'})?($in{'aY'} = 'checked'):($in{'a'.$in{'authorization'}} = 'checked');
(!$in{'ptarg'})?($in{'SP'} = 'checked'):($in{$in{'ptarg'}} = 'checked');
&PageOut("$cgipath/t_add_banner.htm");
exit;
}
sub Reorder{
my($catId) = $in{'database'};
(!$catId)&&(&PError("Invalid Group"));
($catId =~ /[^\d]/)&&(&PError("Invalid Group"));
&CheckAccess($catId);
##get total count
open(DB,"<$datapath/data-$catId/banner-$catId.cgi");
while($line=){
$tc++;
@f=split("~",$line);
(!$in{'order_'.$tc})&&($in{'order_'.$tc} = $tc);
($in{'order_'.$tc} > $tc)&&($pre='2');
($in{'order_'.$tc} < $tc)&&($pre='0');
($in{'order_'.$tc} == $tc)&&($pre='1');
$o = sprintf("%.3d",$in{'order_'.$tc});
$l{$o.$pre.'-'.$f[0]} = $line;
}
close DB;
open(OUT,">$datapath/data-$catId/banner-$catId.cgi");
for $i (sort keys %l){
print OUT $l{$i};
}
close OUT;
$tc=0;
$in{'w'} = 'lowform';
&ShowList;
}
sub GetRealName{
my($filename) = @_;
if ($filename =~ /\//) {
@array = split(/\//, $filename);
$real_name = pop(@array);
} elsif ($filename =~ /\\/) {
@array = split(/\\/, $filename);
$real_name = pop(@array);
} else {
$real_name = "$filename";
}
return $real_name;
}
sub SaveFile {
my($filename,$outfile)=@_;
&CheckExt($outfile);
&CheckSafe($outfile);
if (!open(OUTFILE, ">$outfile")) {
&PError("Error. There was an error saving your attachment.");
}
binmode(OUTFILE);
while ($bytesread = read($filename,$buffer,1024)) {
$totalbytes += $bytesread;
if(($in{'maxsize'})&&($totalbytes > ($in{'maxsize'} * 1000))){
close OUTFILE;
unlink("$outfile");
&PError("Error. Maximum filesize exceeded.");
}
print OUTFILE $buffer;
}
close($filename);
close(OUTFILE);
}
sub CheckExt{
my($rn) = @_;
#check file extension.
if($in{'fta'}){
($ext) = $rn =~ /.*\.(\w*)$/;
(@fx) = split(",",$in{'fta'});
foreach $i (@fx){
($i =~ /$ext/i)&&($found=1);
}
(!$found)&&(&PError("Error. Only $in{'fta'} types are permitted"));
}
$found=0;
if($in{'ftr'}){
($ext) = $rn =~ /.*\.(\w*)$/;
(@fx) = split(",",$in{'ftr'});
foreach $i (@fx){
($i =~ /$ext/i)&&($found=1);
}
($found)&&(&PError("Error. $in{'ftr'} types are NOT permitted"));
}
}
sub OutJS{
my($o) = @_;
$o =~ s/\r*\n/\n/g;
(@lines) = split("\n",$o);
foreach $i (@lines){
$i =~ s/\"/\\"/g;
$i =~ s/\(/\\(/g;
$i =~ s/\)/\\)/g;
$i =~ s/script/scr\"\+\"ipt/gsi;
print "document.write(\"$i\\n\");\n";
}
exit;
}
sub LogMe{
local($t,$catId,$id) = @_;
(!$catId)&&(return);
($catId =~ /[^\d]/)&&(return);
open(LCK,">$htmlpath/lock");
($flock)&&(flock(LCK,2));
(-e "$datapath/data-$catId/$catId-style")?(require "$datapath/data-$catId/$catId-style"):(require "$cgipath/styles.pl");
&GetNoIP;
if($np{$ENV{'REMOTE_ADDR'}}){
return;
}
if($in{'dl'}){
open(DB,">>$datapath/data-$catId/log.cgi");
($flock)&&(flock(DB,2));
$mt = time;
print DB "$mt\t$fields[0]\t$ENV{'HTTP_REFERER'}\t$ENV{'REMOTE_ADDR'}\t$t\n";
close DB;
($flock)&&(flock(DB,8));
close DB;
}
if($t==1){
dbmopen(%imp,"$datapath/data-$catId/imp",0666);
$imp{$id}++;
dbmclose %imp;
}
else{
dbmopen(%clk,"$datapath/data-$catId/clk",0666);
$clk{$id}++;
dbmclose %clk;
}
($flock)&&(flock(LCK,8));
close LCK;
&DoLimit($t,$catId,$id);
&AutoResetLogs($catId);
}
sub ResetMyStats{
my ($id) = @_;
my($catId) = $in{'database'};
(!$catId)&&(&PError("No group specified"));
($catId =~ /[^\d]/)&&(&PError("No group specified"));
&CheckAccess($catId);
dbmopen(%timplimit,"$datapath/data-$catId/implimit",0666);
$timplimit{$id}=0;
dbmclose %timplimit;
dbmopen(%tclklimit,"$datapath/data-$catId/clklimit",0666);
$tclklimit{$id}=0;
dbmclose %tclklimit;
dbmopen(%tdaylimit,"$datapath/data-$catId/daylimit",0666);
$tdaylimit{$id}=time;
dbmclose %tdaylimit;
dbmopen(%timp,"$datapath/data-$catId/imp",0666);
$timp{$id}=0;
dbmclose %timp;
dbmopen(%tclk,"$datapath/data-$catId/clk",0666);
$tclk{$id}=0;
dbmclose %tclk;
&Deactivate('Y','',$catId,$id);
unlink("$datapath/data-$catId/log.cgi");
}
sub ResetStats{
&ResetMyStats($in{'id'});
print qq|
|;
exit;
}
sub ResetLimits{
my($catId) = $in{'database'};
(!$catId)&&(&PError("No group specified"));
($catId =~ /[^\d]/)&&(&PError("No group specified"));
&CheckAccess($catId);
my($id) = $in{'id'};
dbmopen(%timplimit,"$datapath/data-$catId/implimit",0666);
$timplimit{$id}=0;
dbmclose %timplimit;
dbmopen(%tclklimit,"$datapath/data-$catId/clklimit",0666);
$tclklimit{$id}=0;
dbmclose %tclklimit;
dbmopen(%tdaylimit,"$datapath/data-$catId/daylimit",0666);
$tdaylimit{$id}=time;
dbmclose %tdaylimit;
&Deactivate('Y','',$catId,$id);
print qq|
|;
exit;
}
sub DoLimit{
my($t,$catId,$id) = @_;
(!$catId)&&(return);
($catId =~ /[^\d]/)&&(return);
(!$id)&&(return);
($id =~ /[^\d]/)&&(return);
($t =~ /[^\d]/)&&(return);
(!$fields[11])&&(!$fields[12])&&(!$fields[13])&&(return);
($flock)&&(open(LCK,">$htmlpath/lock"))&&(flock(LCK,2));
if($t == 1){
dbmopen(%timplimit,"$datapath/data-$catId/implimit",0666);
$timplimit{$fields[0]}++;
if(($fields[11])&&($timplimit{$fields[0]} > $fields[11])){
&Deactivate('N','IMPRESSION LIMIT',$catId,$fields[0]);
}
dbmclose %timplimit;
}
else{
dbmopen(%tclklimit,"$datapath/data-$catId/clklimit",0666);
$tclklimit{$fields[0]}++;
if(($fields[12])&&($tclklimit{$fields[0]} > $fields[12])){
&Deactivate('N','CLICK LIMIT',$catId,$fields[0]);
}
dbmclose %tclklimit;
}
$now = time;
dbmopen(%tdaylimit,"$datapath/data-$catId/daylimit",0666);
my $d = $tdaylimit{$fields[0]};
dbmclose %tdaylimit;
if(($fields[13])&&($now > ($d+($fields[13]*86400)))){
&Deactivate('N','DAY LIMIT',$catId,$fields[0]);
}
($flock)&&(close LCK)&&(flock(LCK,8));
}
sub Deactivate{
my ($w,$limit,$catId,$id) = @_;
(!$catId)&&(return);
($catId =~ /[^\d]/)&&(return);
(!$id)&&(return);
($id =~ /[^\d]/)&&(return);
($w =~ /[^YN]/)&&($w='N');
open(DB,"+<$datapath/data-$catId/banner-$catId.cgi");
($flock)&&(flock(DB,2));
while(){
chomp;
(@fields) = split(/\~/,$_);
if($fields[0] eq $id){
$fields[6] = $w;
push(@l,"$fields[0]~$fields[1]~$fields[2]~$fields[3]~$fields[4]~$fields[5]~$fields[6]~$fields[7]~$fields[8]~$fields[9]~$fields[10]~$fields[11]~$fields[12]~$fields[13]\n");
($w eq 'N')&&($in{'sel'} eq 'checked')&&(&SendNotify($limit,$catId));
}
else{
push(@l,"$_\n");
}
}
if (@l) {
seek(DB, 0, 0);
foreach (@l) {
print DB $_;
}
truncate(DB, tell(DB));
}
close DB;
($flock)&&(flock(TMP,8));
}
sub SendNotify{
my ($limit,$catId) = @_;
return if (!$in{'selemail'});
open(MAIL,"|$sendmail -t");
$fields[1] =~ s/&#(\d+);/pack("c",$1)/ge;
$fields[2] =~ s/&#(\d+);/pack("c",$1)/ge;
my($cid,$uid,$cname);
open(CAT,"<$datapath/categories.cgi");
while(){
chomp;
($cid,$uid,$cname) = split("\t",$_);
($cid eq $catId)&&(last);
}
close CAT;
print MAIL <<"EOF";
To: $in{'selemail'}
From: $in{'selemail'}
Subject: Banner Limit Reached
Limit: $limit
Database: $cname
Description: $fields[1]
URL: $fields[2]
Imp Limit: $fields[11]
Clk Limit: $fields[12]
Day Limit: $fields[13]
EOF
close MAIL;
}
sub GetLogs{
my($catId) = @_;
(-e "$datapath/data-$catId/$catId-style")?(require "$datapath/data-$catId/$catId-style"):(require "$cgipath/styles.pl");
dbmopen(%timp,"$datapath/data-$catId/imp",0666);
foreach $i (keys %timp){
$imp{$i} = $timp{$i};
}
dbmclose %timp;
dbmopen(%tclk,"$datapath/data-$catId/clk",0666);
foreach $i (keys %tclk){
$clk{$i} = $tclk{$i};
}
dbmclose %tclk;
foreach $t (keys %imp){
($clk{$t})&&($per{$t} = sprintf("%.2f",($clk{$t}/$imp{$t}*100)));
}
}
sub ViewLogDetail{
my($catId) = $in{'database'};
(!$catId)&&(&PError("No group specified"));
($catId =~ /[^\d]/)&&(&PError("No group specified"));
&CheckAccess($catId);
(-e "$datapath/data-$catId/$catId-style")?(require "$datapath/data-$catId/$catId-style"):(require "$cgipath/styles.pl");
$id = $in{'id'};
$type = $in{'type'};
$desc = $in{'desc'};
&GetNoIP;
&GetLogs($catId);
print <<"EOF";
Lifetime Stats Impressions $imp{$id} Click-throughs $clk{$id}
$title (current log file)Date IP Address Referrer ){
chomp;
($ts,$myid,$referer,$ipaddr,$mytype) = split("\t",$_);
next if ($myid != $id);
next if ($mytype != $type);
next if ($np{$ipaddr});
(!$referer)&&($referer = 'none');
$ipz{$ipaddr}++;
$refz{$referer}++;
$date = &ctime($ts);
$mytotal++;
print qq|$date $ipaddr $referer Total: $mytotal
";
close DB;
foreach $i (keys %ipz){
$idx = sprintf("%.9d",$ipz{$i});
$ipzt{$idx."\t".$i}=1;
}
foreach $i (keys %refz){
$idx = sprintf("%.9d",$refz{$i});
$refzt{$idx."\t".$i}=1;
}
print <<"EOF";
Top 10 Referrers (current log file)Referrer $r $i
";
print <<"EOF";
Top 10 IP Addresses (current log file)IP $r $i
Log file size: $s[7] bytes
;
close DB;
$id++;
open(DB,">$datapath/_gcount.cgi");
print DB $id;
close DB;
return $id;
}
sub CheckSafe{
my ($file) = @_;
($file =~ /\.\./)&&(&PError("Error. Invalid filename"));
($file =~ /\|/)&&(&PError("Error. Invalid filename"));
}
sub Redirect{
my ($url) = shift || $ENV{'SCRIPT_NAME'};
my ($alert) = shift || "";
print "\n";
exit;
}
sub CheckAccess{
my($catId) = @_;
if($admin){
return;
}
open(DB,"<$datapath/categories.cgi");
while(){
chomp;
my($cid,$uid,$cname) = split("\t",$_);
if(!$admin){
if(($cid == $catId)&&($in{'UserName'} ne $uid)){
&PError("Access Denied");
exit;
}
}
}
close DB;
return;
}
sub ChangePass{
my($buff,$encpass);
(!$in{'musername'})&&(&PError("Error. Please enter a username"));
(!$in{'mpassword'})&&(&PError("Error. Please enter a password"));
($in{'mpassword'} ne $in{'mpassword2'})&&(&PError("Error. Please retype passwords"));
($in{'musername'} =~ /[\%\s\|\$\*\.\']/)&&(&PError("Error. Invalid character in username"));
($in{'mpassword'} =~ /[\%\s\|\$\*\.\']/)&&(&PError("Error. Invalid character in password"));
open(DB,"<$basepath/setup.cgi");
while(){
$buff .= $_;
}
close DB;
if($^O !~ /win/i){
$encpass = crypt($in{'mpassword'},'CS');
}
else{
$encpass = $in{'mpassword'};
}
$buff =~ s/\$username='.*'/\$username='$in{'musername'}'/;
$buff =~ s/\$password='.*'/\$password='$encpass'/;
open(DB,">$basepath/setup.cgi");
print DB $buff;
close DB;
print <<"EOF";
EOF
exit;
}
sub GetNlinks{
((!$in{'page'})||($in{'lpage'} < 0))&&($in{'lpage'} = 1);
$nstart = ($in{'lpage'}+10)-10;
$nend = $nstart + 10;
$sstring = "command=$in{'command'}&database=$in{'database'}";
$sstring =~ s/([^\w&=])/'%'.sprintf("%.2x",ord($1))/ge;
$npages = int($count/$epp);
(($count/$epp) > $npages)&&($npages++);
for $i (1..$npages){
if(($i > $nstart) & ($i <= $nend)){
($i eq $in{'page'})?($link .= " $i "):($link .= " $i ");
}
}
$nend;
$pend = $nend - 20;
($npages > $nend)&&($link .= " [Next] ");
($nend > 11)&&($link = " [Prev] " . $link);
$link .= "";
$link = "Result Pages: " . $link;
$in{'link'} = $link;
}
