#! /usr/bin/perl ############################################ ## ## ## Auction Weaver Lite ## ## by CGI Script Center ## ## (e-mail cgi@elitehost.com) ## ## ## ## version: 1.06 ## ## last modified: 11/08/2000 ## ## copyright (c) 2000 ## ## ## ## latest version is available from ## ## The CGI Script Center ## ## http://www.cgiscriptcenter.com ## ## ## ############################################ # COPYRIGHT NOTICE: # # Copyright Elite Web Design and Marketing, Inc., and Diran Alemshah 2000 # All Rights Reserved. # # This program may be used in accorance with the steps outlined # in this copyright notice. # Selling the code for this program without prior written consent # is expressly forbidden, and at no time can this copyright notice # be removed. # DO NO redistribute this program over the Internet or in any other # medium. In all cases copyright and header must remain intact. # LICENSOR'S PROGRAM IS COPYRIGHTED AND LICENSED (NOT SOLE). # LICENSOR DOES NOT SELL OR TRANSFER TITLE TO THE LICENSED # PROGRAM TO YOU. YOUR LICENSE OF THE LICENSED PROGRAM WILL # NOT COMMENCE UNTIL YOU HAVE EXECUTED THIS AGREEMENT AND AN # AUTHORIZED REPRESENTATIVE OF LICENSOR HAS RECEIVED, APPROVED, # AND EXECUTED A COPY OF IT AS EXECUTED BY YOU. # 1. License Grant. Licensor hereby grants to you, and you # accept, a nonexclusive license to use the downloaded computer # programs, object code form only (collectively referred to as # the "Software"), and any accompanying User Documentation, # only as authorized in this License Agreement. The Software may be # used on any website owned by Licensee, or if Licensee is a company # or corporation, any website owned by Licensee company or corporation. # You agree that you will not assign, sublicense, transfer, pledge, # lease, rent, or share your rights under this License Agreement. # You agree that you may not reverse assemble, reverse compile, or # otherwise translate the Software. Upon loading the Software # into your computer, you may make a copy of the Software for # backup purposes. You may make one copy of any User's Manual # provided for backup purposes. Any such copies of the Software # or the User's Manual shall include Licensor's copyright and other # proprietary notices. Except as authorized under this paragraph, # no copies of the Program or any portions thereof may be made by # you or any person under your authority or control. # # EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, LICENSOR # DISCLAIMS ANY AND ALL PROMISES, REPRESENTATIONS, AND WARRANTIES # WITH RESPECT TO THE LICENSED PROGRAM, INCLUDING ITS CONDITION, # ITS CONFORMITY TO ANY REPRESENTATION OR DESCRIPTION, THE EXISTENCE # OF ANY LATENT OR PATENT DEFECTS, ANY NEGLIGENCE, AND ITS # MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. # 5. Limitation of Liability. Licensor's cumulative liability # to you or any other party for any loss or damages resulting # from any claims, demands, or actions arising out of or relating # to this Agreement shall not exceed the license fee paid to Licensor # for the use of the Program (Free - $0.00). In no event shall # Licensor be liable for any indirect, incidental, consequential, # special, or exemplary damages or lost profits, even if Licensor # has been advised of the possibility of such damages. # 6. Proprietary Protection. Licensor shall have sole and exclusive # ownership of all right, title, and interest in and to the Licensed # Program and all modifications and enhancements thereof (including # ownership of all trade secrets and copyrights pertaining thereto), # subject only to the rights and privileges expressly granted to you # herein by Licensor. This Agreement does not provide you with title # or ownership of the Licensed Program, but only a right of limited # use. You must keep the Licensed Program free and clear of all claims, # liens, and encumbrances. # 7. Restrictions. You may not use, copy, modify, or distribute the # Licensed Program (electronically or otherwise), or any copy, # adaptation, transcription, or merged portion thereof, except as # expressly authorized by Licensor. You may not reverse assemble, # reverse compile, or otherwise translate the Licensed Program. # Your rights may not be transferred, leased, assigned, or sublicensed # except for a transfer of the Licensed Program in its entirety to # (1) a successor in interest of your entire business who assumes # the obligations of this Agreement or (2) any other party who is # reasonably acceptable to Licensor, enters into a substitute # version of this Agreement, and pays an administrative fee intended # to cover attendant costs. No service bureau work, multiple-user # license, or time-sharing arrangement is permitted, except as # expressly authorized by Licensor. If you use, copy, or modify # the Licensed Program or if you transfer possession of any copy, # adaptation, transcription, or merged portion of the Licensed # Program to any other party in any way not expressly authorized # by Licensor, your license is automatically terminated. # 8. Licensor's Right Of Entry. You hereby authorize Licensor # to enter your premises in order to inspect the Licensed Program # in any reasonable manner during regular business hours to verify # your compliance with the terms hereof. # 9. Injunctive Relief. You acknowledge that, in the event # of your breach of any of the foregoing provisions, Licensor # will not have an adequate remedy in money or damages. Licensor # shall therefore be entitled to obtain an injunction against such # breach from any court of competent jurisdiction immediately upon # request. Licensor's right to obtain injunctive relief shall not # limit its right to seek further remedies. # 10. Trademark. COMMISSION CART(TM), ACCOUNT MANAGER(TM), PICLINK # ADVERTISER(TM), BANDWIDTH PROTECTOR(TM), PC CONFIGURATOR(TM), # Auction Weaver(TM) are all trademarks of Licensor. No right, # license, or interest to such trademark is granted hereunder, # and you agree that no such right, license, or interest shall # be asserted by you with respect to such trademark. # 11. Governing Law. This License Agreement shall be construed # and governed in accordance with the laws of the State of California, # USA. # 12. Costs of Litigation. If any action is brought by either party # to this License Agreement against the other party regarding the # subject matter hereof, Lincensor shall be entitled # to recover, in addition to any other relief granted, reasonable # attorney fees and expenses of litigation. # 13. Severability. Should any term of this License Agreement be # declared void or unenforceable by any court of competent # jurisdiction, such declaration shall have no effect on the # remaining terms hereof. # 14. No Waiver. The failure of either party to enforce any # rights granted hereunder or to take action against the other # party in the event of any breach hereunder shall not be deemed # a waiver by that party as to subsequent enforcement of rights # or subsequent actions in the event of future breaches. # 15. Integration. THIS AGREEMENT IS THE COMPLETE AND EXCLUSIVE # STATEMENT OF LICENSOR'S OBLIGATIONS AND RESPONSIBILITIES TO YOU # AND SUPERSEDES ANY OTHER PROPOSAL, REPRESENTATION, OR OTHER # COMMUNICATION BY OR ON BEHALF OF LICENSOR RELATING TO THE # SUBJECT MATTER HEREOF # PROGRAM DESCRIPTION: # Whew! That was a mouthful! :) On to the configurations! ################################################################## #CONFIGURABLE OPTIONS START HERE ################################################################# # Here you can specify the text color, link colors, $bodyspec = "BGCOLOR=\"#FFFFFF\" TEXT=\"#000000\" LINK=\"#000060\" VLINK=\"#800000\" ALINK=\"#FF0000\" BACKGROUND=\"\""; # Choose your Administration Username $adminlogin = "mitama"; # Choose your Administration Password $adminpass = "0080859"; # Choose your Administration E-mail address # Be sure to place a backslash before the \@ symbol. # The backslash is required by Perl. # Example: webmaster\@mitama.it $from_email_address = "webmaster\@mitama.it"; # If you are using Sendmail (most Unix servers do) # be sure to type set this variable to: # $mailusing = 'sendmail' # If you are using Sockets SMTP mail, set this variable to: # $mailusing = 'sockets' $mailusing = 'sendmail'; # If you are using Sendmail, type the full directory path # to your Sendmail here. # Example: $mailprog = "/usr/sbin/senmail"; # If you are using Sockets(SMTP) mail, leave this blank: # Example: $mailprog = ""; $mailprog = "/usr/sbin/sendmail"; # Auction Weaver will check to make sure your above # $mailprog path is correct. Every once in a while, # the server will say the path you have given is incorrect # when it is actually correct. If you receive an Incorrect # Path error message on the screen, and you're SURE the path # is corect, place a 1 between the quotes below # Example $mailprog_ok "1"; # Otherwise, do not edit this variable. $mailprog_ok = ""; # If you use the Sockets mail routine, you'll need to define # an SMTP mail server path here. # Example: $smtp_addr = "mail.yourserver.com"; $smtp_addr = "mail.mitama.it"; # the data_path is the directory path to the directory where you would like # your Auction Weaver data files stored. # A protected directory would be advisable. # Example: $data_path = "/full/directory/path/to/data"; # where "data" is a directory you have created. # Leave it empty for default settings or add your own path here. $data_path = "/home/sites/site81/web/auction"; # Leave it empty for NO templates. If you wish to use your own e-mail templates, # use the ones provided with the Auction Weaver .zip file. DO NOT alter the # actual template file names, but feel free to modify the contents of each file, # then upload those templates to the directory name you provide here. # If you leave this path blank, Auction Weaver will include its own pre-defined # e-mails in place of the template e-mails. $email_templates_dir = "/home/sites/site81/web/auction/templates"; # ALTERNATING TABLE COLORS @colors = ('#CCCC99','#FFFFFF'); # If you wish Auction Weaver to maintain an archieve of "Closed Auctions", be # sure to keep this set to "1", which is the default setting. # Otherwise, remove the 1 or replace it with a 0 (Zero). # Example: $keep_closed_auctions = ""; $keep_closed_auctions = "1"; # If you would like your users to register prior to allowing them # the ability to post a new item, leave this default setting of "1". # If you would like to give anyone the ability to post items or bids # without registering, remove the "1" from between the quotes or # replace it with a "0". # Example: $require_user_reg = ""; $require_user_reg = "1"; # If you would like to set a maximum time that any auction # remains active, after the most recent bid, set the number # of minutes here. For example, a user might post an item for # bid and set a 365 day auction. You, the administrator, might # not want any auction available that long. Here you can set # the number of minutes after the most recent bid before the # auction closes. # Example - for 1 day, set 1440 minutes: $howmany = "1440"; $howmany = ""; # If you have problems with FILE LOCKING (example: Win95/98 servers) # set this to 0 (Zero), otherwise, leave the default value of "1". $flock = "1"; $LOCK_EX = "2"; # Place the name of your website here. $sitename = "Aste Online"; # You shouldn't need to modify this path. If, however, your server # does not give this information to Auction Weaver, you may have # to set the path manually. Your server path would appears something # like: $server_name = "www.yourserver.com"; # If you need to set this variable manually, do not use an http:// # in the $server_name variable. $server_name = "www.mitama.it"; # Congratulations. You have completed the basic configuration # options. You are ready to install your Auction Weaver Lite. ## Optional Configurations below ## # If you have Auction Weaver create your DATA directory for you, it # will set the permissions of the directory for you, in the setting # below: $datapermissions = "0755"; # Auction Weaver will create a directory called REGISTER for you. It # will set the permissions of the directory for you, in the setting # below: $registerpermissions = '0755'; # Auction Weaver will create a directory called CLOSED for you, if # you choose to keep closed auction informtion. It # will set the permissions of the directory for you, in the setting # below: $closedpermissions = '0755'; # Auction Weaver will create individual CATEGORY directories for you. # It will set the permissions of the directory for you, in the setting # below: $categorypermissions = '0755'; ## DO NOT EDIT BELOW THIS LINE! ### ################################### $|++; use CGI; $q = new CGI; ## END - DO NOT EDIT ABOVE THIS LINE ## ####################################### $server_name = $ENV{'SERVER_NAME'} if ($server_name eq ""); $script_url = $ENV{'SCRIPT_NAME'};#Url of your auctionweaver.pl script ######################## # If $email_templates_dir points to a valid directory .. # upload the following fi#les --- open each file to find the appropriate variables in a sample template $dutch_auction_status_message = "dastatus.tlt" ;#dutch auction status message $bid_passed_message = "bpassed.tlt";#message to be passed to the next lower bidder for normal auction $winner_message = "wmessage.tlt";#winner message for top bidder-normal auction $winner_message_rb = "wmessagerb.tlt";#winner message for top bidder who has bid less than reserve bid $seller_message = "smessage.tlt";#seller messgae for normal auction $winners_message_da = "wmessageda.tlt";#winners message for ALL dutch auction winners $seller_message_da = "smessageda.tlt";#seller message for dutch auction $login_message = "lmessage.tlt";#initial login info ######################## if ($ENV{'SCRIPT_FILENAME'}) { $script_filename = $ENV{'SCRIPT_FILENAME'}; $script_filename =~ s/\\/\//g; } elsif ($ENV{'PATH_TRANSLATED'}) { $script_filename = $ENV{'PATH_TRANSLATED'}; $script_filename =~ s/\\/\//g; } @all = split(/\// , $script_filename); $cgifile = $all[$#all]; if ($data_path eq "") { ($data_path = $script_filename) =~ s/\/$cgifile$// ; $data_path .= "/DATA"; } umask(000); $datapermissions = oct($datapermissions); $registerpermissions = oct($registerpermissions); $closedpermissions = oct($closedpermissions); $categorypermissions = oct($categorypermissions); mkdir ("$data_path" , $datapermissions); chmod ($datapermissions, "$data_path"); if ($require_user_reg == 1) { $register_path = $data_path."/register"; mkdir ("$register_path" , $registerpermissions); chmod ($registerpermissions, "$register_path"); } #^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ #CONFIGURABLE OPTIONS END HERE #^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ $f = 0; $version = "1.06"; $links = <<12345;

Cerca || Categorie || Categorie Admin || Add Articolo 12345 $links .= <<12345 if ($require_user_reg == 1); || Registrati || Edita Utente || Chiudi Articolo 12345 # $links .= <<12345 if ($keep_closed_auctions == 1); # 12345 &get_cat; &get_numberof_items; $flag1 = $q->param('flag1'); &first if ($flag1 eq ""); $addcat = $q->param('addcat'); &formcat if ($addcat eq "1"); @pnames = $q->param; foreach $pp(@pnames) { if ($q->param($pp) eq 'Delete' && $addcat ne "") { &delete_cat($pp); exit(1); } } if ($addcat eq "2") { &addcat; &get_cat; &get_numberof_items; &formcat; } $catdir = $q->param('catdir'); ## Added 105 ## if (($catdir) && (!($catdir =~ /^cat[0-9]+$/))) { print "Content-type: text/html\n\n"; print "$catdir is not an Auction Weaver category directory
"; exit; } $catdir =~ s/\.\.\\//g; $catdir =~ s/\.\.//g; $catdir =~ s/\///g; ## Added 105 ## ## Added 105 ## $item = $q->param('item'); $additem = $q->param('additem'); $additemflag = $q->param('additemflag'); $preview = $q->param('preview'); $addregister = $q->param('addregister'); $register = $q->param('register'); $edit = $q->param('edit'); $editactual = $q->param('editactual'); $fromfile = $q->param('fromfile'); ## Added 105 ## &fromcheck; $fromfile =~ s/\.\.\///g; $fromfile =~ s/\.\.//g; $fromfile =~ s/\///g; ## Added 105 ## $placebid = $q->param('placebid'); $closed = $q->param('closed'); $closed1 = $q->param('closed1'); $closed2 = $q->param('closed2'); $search = $q->param('search'); $fromsearch = $q->param('fromsearch'); $adminsection = $q->param('adminsection'); $logged = $q->param('logged'); &admin_login if ($adminsection ne ""); &admin_check if ($logged ne ""); &expand_cat($catdir) if ($catdir ne "" && $item eq "" && $fromfile eq ""); &form_item if ($additem ne "" && $additemflag eq ""); &preview if ($preview ne ""); &add_item if ($additemflag ne ""); &form_register if ($register ne "" && $addregister eq ""); &add_user if ($addregister ne ""); &form_edit if ($edit ne "" && $editactual eq ""); &edit if ($editactual ne ""); &show_item if ($fromfile ne "" && $placebid eq ""); &place_bid if ($placebid ne ""); &form_closed if ($closed ne ""); &closed1 if ($closed1 ne ""); &closed2 if ($closed2 ne ""); &form_search if ($search ne ""); &search if ($fromsearch ne ""); exit(1); sub search { &print_header; # print <<"12345"; #
$links #12345 &theader2; print<
EOF &theader3; $words = $q->param('words'); $radio = $q->param('radio'); &form_search if ($words eq ""); open(CATFILE , "<$data_path/category.file") || &error("$data_path/category.file $!"); @catyboys = ; chomp(@catyboys); close(CATFILE); $matched = 0; for ($xx = 0; $xx <= $#catyboys ; $xx++) { next if ($catyboys[$xx] eq ""); ($catdir , $caty) = split(/:/ , $catyboys[$xx]); opendir(CATDIR , "$data_path/$catdir") || &error("$data_path/$catdir"); @allfiles = readdir(CATDIR); close(CATDIR); @truefiles = grep(/\.dat/ , @allfiles); foreach $file(@truefiles) { if (-T "$data_path/$catdir/$file") { open (FILE, "<$data_path/$catdir/$file") || &error("$data_path/$catdir/$file $!"); ($itemname, $reservebid, $bidinc, $desc, $image, @bids) = ; close FILE; chomp ($itemname, $reservebid, $bidinc, $desc, $image, @bids); @lastbid = split(/####/,$bids[$#bids]); ($timy = $file) =~ s/\.dat//; @closetime = localtime($timy); $closetime[4] = $closetime[4] + 1; if ((($itemname =~ /$words/i) || ($desc =~ /$words/i) || ($words =~ /$itemname/i) || ($words =~ /$desc/i)) && ($radio eq 'keyword')) { $matched++; #print < EOF } print <<"12345";
$caty $itemname $closetime[3]/$closetime[4] $#bids $lastbid[2]
12345 $num++; if ($num == 2) { $num =0; } }#actualsearchif elsif ($radio eq 'username') { @temp = grep(/$words/i , @bids); if ($temp[0] ne "") { $matched++; # print <<"12345" if ($matched == 1); if ($matched == 1) { $num = 0; print< CATEGORIA ARTICOLO CHIUDI N° OFFERTE OFFERTA MAGGIORE EOF } #matched print <<"12345"; 12345 $num++; if ($num == 2) { $num =0; } }#tempif }#actualsearchover }#test text file if }#foreach truefiles }#catyboy for print <<"12345" if ($matched > 0);
$caty $itemname $closetime[3]/$closetime[4] $#bids $lastbid[2]
12345 print <<"12345" if ($matched == 0); Spiacente dati non trovati 12345 &print_footer; exit(1); }#supysubdupy sub sub form_search { &print_header; print < EOF &theader2; print< EOF &theader3; print<
CERCA

CERCA USERNAME
CERCA PAROLA
EOF &print_footer; exit(1); } sub closed2 { $bidfile = $q->param('bidfile'); ## Added 105 ## $bidfile =~ s/\.\.\///g; $bidfile =~ s/\.\.//g; $bidfile =~ s/\///g; if (! ($bidfile =~ /^[0-9]+$/)) { print "ERROR: bad filename\n"; exit; } ## Added 105 ## $username = $q->param('username'); ## Added 105 ## $username =~ s/\.\.\///g; $username =~ s/\///g; ## Added 105 ## open (FILE, "<$data_path/closed/$bidfile.dat") || &error("$data_path/closed/$bidfile.dat $!"); ($itemname, $reservebid, $bidinc, $desc, $image, @bids) = ; close (FILE); chomp($itemname, $reservebid, $bidinc, $desc, $image, @bids); $oldimage = $image; @firstbid = split(/####/,$bids[0]); @lastbid = split(/####/,$bids[$#bids]); &print_header; &theader2; print< EOF &theader3; $image = "
" if ($image); print <<"12345";
$itemname
$image
$desc
Offerte
Username
Offerta inserita su
 Valore Offerta
12345 foreach $bid (@bids) { @linebid = split(/####/,$bid); $bidtime = localtime($linebid[3]); print< $linebid[0] $bidtime \€$linebid[2] EOF } $dtt = localtime($firstbid[3]); print <<"12345";

Username : $firstbid[0]
Email : $firstbid[1]
Item placed in auction $dtt
Nome : $firstbid[4]
Indirizzo : $firstbid[5]
Città : $firstbid[6]
Stato : $firstbid[7]
Zip : $firstbid[8]


12345 $dtt = localtime($lastbid[3]); print <<"12345";

INFORMAZIONI OFFERTA MAGGIORE
Username : $lastbid[0]
Email : $lastbid[1]
Offerta inserita il $dtt
Nome : $lastbid[4]
Indirizzo : $lastbid[5]
Città : $lastbid[6]
Stato : $lastbid[7]
Zip : $lastbid[8]
12345 print <<"12345";
Offerta Più Alta : \€$lastbid[2]
Altre Offerte
12345 for ($xx = 1; $xx < $#bids ; $xx++) { @linebid = split(/####/,$bids[$xx]); print <<"12345";
$linebid[0]
12345 } print "

"; print <<"12345";
12345 &print_footer; exit(1); } sub closed1 { $username = $q->param('username'); ## Added 105 ## $username =~ s/\.\.\///g; $username =~ s/\.\.//g; $username =~ s/\///g; ## Added 105 ## $password = $q->param('password'); $return = 0; $return = &check_username_password($username , $password) ; if ($return == 0) { &form_closed; exit(1); } $userfile = $register_path."/$username".".dat"; open(USERFILE, "<$userfile") || &error ("$userfile $!"); ($password, $email, $name, $staddress, $city, $state , $zip , @userbids) = ; chomp ($password, $email, $name, $staddress, $city, $state , $zip , @userbids); close (USERFILE); &print_header; &theader2; print< Nessun Articolo Chiuso EOF &theader3; print <<"12345";
Le Aste chiuse per $name
12345 $found = 0; foreach $bidfile(@userbids) { $file = $data_path."/closed/"."$bidfile.dat"; if (-T "$file") { $found = 1; open (FILE, "<$file") || &error ("$file $!"); ($itemname, $reservebid, $bidinc, $desc, $image, @bids) = ; close (FILE); chomp($itemname, $reservebid, $bidinc, $desc, $image,@bids); print <<"12345"; $itemname
12345 } } print "Nessun aticolo chiuso per te" if ($found == 0); print "
"; &print_footer; exit(1); } sub form_closed { &print_header; print < EOF &theader2; print< EOF &theader3; if ($error_message) { print<
$error_message
EOF } print<
Username
Password
EOF &print_footer; } sub place_bid { $username = $q->param('username'); ## Added 105 ## $username =~ s/\.\.\///g; $username =~ s/\.\.//g; $username =~ s/\///g; ## Added 105 ## $passwordin = $q->param('password'); $bid = $q->param('bid'); $bid = sprintf ("%.2f",$bid); $catdir = $q->param('catdir'); ## Add 105 ## if (!($catdir =~ /^cat[0-9]+$/)) { print "Content-type: text/html\n\n"; print "$catdir is not an Auction Weaver category directory.
"; exit; } $catdir =~ s/\.\.\///g; $catdir =~ s/\.\.//g; $catdir =~ s/\///g; unless ($catdir) { print "Content-type: text/html\n\n"; print "You have not chosen a category.
"; exit; } ## Add 105 ## $nobiditem = $q->param('nobiditem'); $nobiditem = 1 if ($nobiditem eq ""); if ($require_user_reg == 1) { $userfile = $register_path."/$username".".dat"; unless (open(USERFILE, "<$userfile")) { $error_message = "Invalid Username"; &show_item; exit(1); } ($password, $email, $name, $staddress, $city, $state , $zip , @userbids) = ; chomp ($password, $email, $name, $staddress, $city, $state , $zip , @userbids); close (USERFILE); $salt = "#x"; $crypty = crypt($passwordin , $salt); if ($crypty ne $password) { $error_message = "Invalid Password"; &show_item; exit(1); } } else { $email = $q->param('email'); $name = $q->param('name'); $staddress = $q->param('staddress'); $city = $q->param('city'); $state = $q->param('state'); $zip = $q->param('zip'); if ($username eq "" || $email eq "") { $error_message = "Obbligatorio inserire i dati nei campi con il simbolo *"; &show_item; exit(1); } if ($email =~ /(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)/ || $email !~ /^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,3}|[0-9]{1,3})(\]?)$/ && $email ne "") { $error_message = "Email invalida !!"; &show_item; exit(1); } } ## MODIFIED BY DIRAN #$data_path =~ s/..\///g; ## Added 105 ## if (!($catdir =~ /^cat[0-9]+$/)) { print "Content-type: text/html\n\n"; print "$catdir non è una direttori di Aste Online.
"; exit; } ## Added 105 ## $catdir =~ s/\.\.\\//g; $catdir =~ s/\.\.//g; $catdir =~ s/\///g; ## Added 105 ## unless ($catdir) { print "Content-type: text/html\n\n"; print "Non hai scelto una categoria.
"; exit; } $fromfile =~ s/\.\.\///g; $fromfile =~ s/\.\.//g; $fromfile =~ s/\///g; &fromcheck; ## MODIFIED BY DIRAN open (FROMFILE, "<$data_path/$catdir/$fromfile") || &error("$data_path/$catdir/$fromfile $!"); ($itemname, $reservebid, $bidinc, $desc, $image, $noitems , @bids) = ; chomp ($itemname, $reservebid, $bidinc, $desc, $image, $noitems , @bids); close FROMFILE; $nb = $#bids; @firstbid = split(/####/ , $bids[0]); @lastbid = split(/####/ , $bids[$#bids]); $cbid = $lastbid[2] + $bidinc; $vbid = $cbid if ($noitems == 1); # $vbid = $firstbid[2] if ($noitems > 1); $vbid = $firstbid[2] + $bidinc if ($noitems > 1); ## MODIFIED BY DIRAN if ($bid < $vbid) ## MODIFIED BY DIRAN { $error_message = "Offerta Invalida"; &show_item; exit(1); } if ($nobiditem =~ /[^0-9]/ || $nobiditem > $noitems) { $error_message = "Invalido numero di Aste"; &show_item; exit(1); } open (FROMFILE, ">>$data_path/$catdir/$fromfile") || &error("$data_path/$catdir/$fromfile $!"); if ($flock == 1) { flock (FROMFILE, 2); seek(FROMFILE, 0, 2); } $currenttime = time; $line2 = "$username####$email####$bid####$currenttime####$name####$staddress####$city####$state####$zip####$nobiditem\n"; print FROMFILE $line2; flock (FROMFILE , 8) if ($flock == 1); close(FROMFILE); ($itemno = $fromfile) =~ s/\.dat//gi; $haveflag = 0; if ($require_user_reg == 1) { foreach $bbids(@userbids) { $ity = "$catdir$itemno"; if ( $ity eq $bbids) { $haveflag = 1; } } if ($haveflag == 0) { unless (open(USERFILE, ">>$userfile")) { &error("$userfile $!"); } print USERFILE $ity."\n"; close (USERFILE); } } open (FROMFILE, "<$data_path/$catdir/$fromfile") || &error("$data_path/$catdir/$fromfile $!"); ($itemname, $reservebid, $bidinc, $desc, $image, $noitems , @bids) = ; chomp ($itemname, $reservebid, $bidinc, $desc, $image, $noitems , @bids); close FROMFILE; ($iitem = $fromfile ) =~ s/\.dat//gi; if ($noitems == 1) { $subject = "Attualmente è inserita una offerta migliore"; if ($email_templates_dir ne "" && $bid_passed_message ne "") { $gbid = $bid; $gauction = $iitem; $gurl = "http://$server_name$script_url?flag1=1&catdir=$catdir&fromfile=$itemno%2Edat"; $message = ""; $message = &email_parser("$bid_passed_message"); } else { $message = <<12345; Your bid on $iitem has been passed , If you want to place a higher bid, please visit\:\n\n\t http://$server_name$script_url?flag1=1&catdir=$catdir&fromfile=$itemno%2Edat\n\nThe current high bid is \€$bid 12345 } $from = $from_email_address; $to = $lastbid[1]; ; &sendmail($to , $from , $subject , $message); wait; } else { for ($ty = 0; $ty <= $#bids ; $ty++) { @templine = split (/####/ , $bids[$ty]); #####$line2 = "$username####$email####$bid####$currenttime####$name####$staddress####$city####$state####$zip####$nobiditem\n"; $result[$ty] = $ty; $bid1[$ty] = $templine[2]; $nobid1[$ty] = $templine[9]; $time1[$ty] = $templine[3]; $username1[$ty] = $templine[0]; $email1[$ty] = $templine[1]; } &dutch_auction; $subject = "Current status of Dutch auction."; $message = <<12345; The TOP $noitems Bids are shown here in that order..\n 12345 $act = $noitems - 1 ; if ($email_templates_dir ne "" && $dutch_auction_status_message ne "") { for ($ac = 0 ; $ac <= $act ; $ac++) { $ldtime = localtime($time1[$newresult[$ac]]); $gusername = $username1[$newresult[$ac]]; $gbid = $bid1[$newresult[$ac]]; $gnitems = $nobid1[$newresult[$ac]]; $gbidtime = $ldtime; $message .= &email_parser("$dutch_auction_status_message" , 1); } $message = $gtop.$message.$gbottom; $gtop = ""; $gbottom = ""; } else { for ($ac = 0 ; $ac <= $act ; $ac++) { $ldtime = localtime($time1[$newresult[$ac]]); $message .= <<12345 USERNAME: $username1[$newresult[$ac]] \n BID: $bid1[$newresult[$ac]] \n NUMBER OF ITEMS BIDDED : $nobid1[$newresult[$ac]] \n BID TIME : $ldtime \n\n ------------------------------------------------- \n\n 12345 } } for ($tyt = 0 ; $tyt <= $#newresult ; $tyt++) { $from = $from_email_address; $to = $email1[$newresult[$tyt]]; &sendmail($to , $from , $subject , $message); wait; } } unless ($err) { &print_header; } $dtime = localtime($currenttime); &theader2; print< Offerta Ricevuta EOF &theader3; print <<"12345";
$username , La vostra offerta per \€$bid è stata inserita su $itemname ( $itemno ) esattamente a $dtime.
12345 &print_footer; return 1; } sub show_item { ## Added 105 ## ## MODIFIED BY DIRAN $data_path =~ s/\.\.\///g; ## Added 105 ## if (!($catdir =~ /^cat[0-9]+$/)) { print "Content-type: text/html\n\n"; print "$catdir non è una direttori di Aste Online.
"; exit; } ## Added 105 ## $catdir =~ s/\.\.\\//g; $catdir =~ s/\.\.//g; $catdir =~ s/\///g; ## Added 105 ## unless ($catdir) { print "Content-type: text/html\n\n"; print "Non hai scelto una categoria.
"; exit; } $fromfile =~ s/\.\.\///g; $fromfile =~ s/\.\.//g; &fromcheck; ## Added 105 ## ## MODIFIED BY DIRAN ####$line1 = "$itemname\n$reservebid\n$bidinc\n$desc\n$image\n"; #######$line2 = "$username####$email####$startbid####$currenttime####$name####$staddress####$city####$state####$zip\n"; ($endtime = $fromfile) =~ s/\.dat//gi; open(CATFILE , "<$data_path/category.file"); if ($LOCK_EX) { flock (CATFILE, $LOCK_EX); } @content = ; close(CATFILE); @temp = grep(/$catdir:/i , @content); ($dummy , $cattitle) = split(/:/ , $temp[0]); open (FROMFILE, "<$data_path/$catdir/$fromfile") || &error("$data_path/$catdir/$fromfile $!"); if ($LOCK_EX) { flock (FLOCKFILE, $LOCK_EX); } ($itemname, $reservebid, $bidinc, $desc, $image,$noitems, @bids) = ; close FROMFILE; chomp($itemname, $reservebid, $bidinc, $desc, $image,$noitems, @bids); @firstbid = split(/####/,$bids[0]); @lastbid = split(/####/,$bids[$#bids]); $thistime = localtime(time); $closetime = localtime($endtime); # $image = "
" if ($image); ## Added version 1.06 foreach $line($desc) { #chomp($line); #$desc =~ s/\r//g; #$line =~ s/\r//g; $line =~ s/\\n/\n/g; } ## &print_header; &theader2; print<    $itemname EOF &theader3; #
$links

$itemname

$image
if ($image) { print <<"12345";
12345 } #if ($noitems > 1); if ($noitems > 1) { print <

Scheda Articolo
EOF } print <
Categoria $cattitle
Asta offerta da $firstbid[0]
Numero di Aste $noitems
N° Offerte $#bids
Ultima Offerta \€$lastbid[2]
Ora Corrente $thistime
Chiusura Offerta $closetime
EOF if ($howmany) { $hsec = $howmany * 60; $hsec = $lastbid[3] + $hsec; $dhsec = localtime($hsec); print <

(or at) $dhsec
EOF } print <<"12345";

$desc
USERNAME OFFERTA INSERITA IL VALORE N° DI ASTE
12345 #
#
$desc

#
Anteprima Offerte
#
$num=0; foreach $bid (@bids) { @linebid = split(/####/,$bid); $bidtime = localtime($linebid[3]); print <
Username
Offerta inserita il
Valore OffertaNumero Di Annunci
$linebid[0] $bidtime \€$linebid[2] $linebid[9]
EOF $num++; if ($num == 2) { $num =0; } } # print "
"; $time = time; if (($time > $endtime) || ($time > $hsec && $howmany >= 1)) { print<
ITEM CLOSED FOR BIDDING
EOF #print "Content-type: text/html\n\n"; #print "In Show Item
"; #exit; &item_closed; } else { &form_for_placing_bid; &print_footer; } } sub form_for_placing_bid { ## MODIFIED BY DIRAN #$data_path =~ s/..\///g; ## Added 105 ## if (!($catdir =~ /^cat[0-9]+$/)) { print "Content-type: text/html\n\n"; print "$catdir non è una direttori di Aste Online.
"; exit; } ## Added 105 ## $catdir =~ s/\.\.\\//g; $catdir =~ s/\.\.//g; $catdir =~ s/\///g; ## Added 105 ## unless ($catdir) { print "Content-type: text/html\n\n"; print "Non hai scelto una categoria.
"; exit; } $fromfile =~ s/\.\.\///g; $fromfile =~ s/\.\.//g; $fromfile =~ s/\///g; &fromcheck; ## MODIFIED BY DIRAN $atleast = $lastbid[2] + $bidinc; if ($noitems > 1) { # $firstbid[2] = sprintf ("%.2f",$firstbid[2]); $vbid = $firstbid[2] + $bidinc if ($noitems > 1); $vbid = sprintf ("%.2f",$vbid); print <<"12345";

Offerta Attuale

Ultima Offerta : \€$lastbid[2] La vostra offerta deve superare il minimo stabilito \€$vbid
12345 } else { $atleast = sprintf ("%.2f",$atleast); print <<"12345";

Offerta Attuale

Ultima Offerta : \€$lastbid[2] La Vostra Offerta Minima \€$atleast
12345 } print <<"12345";

$error_message
*Username
12345 if ($require_user_reg == 1) { print <<"12345";
Password
12345 } else { print <<"12345";
*Email
Nome
Indirizzo Attuale
Città
Stato
Zip
12345 } #if ($atleast) { #$lowestbid = "$atleast"; #} else { #$lowestbid = "$firstbid[2]"; #} if ($noitems > 1) { # $lowestbid = "$firstbid[2]"; $lowestbid = "$vbid"; } else { $lowestbid = "$atleast"; } print <<"12345";
Valore Offerta
Numero di Aste
12345 } sub copyfile { ($sourcefile, $destfile) = @_; open (SOURCE , "<$sourcefile") || &error("$sourcefile $!"); open (DEST , ">$destfile") || &error("$destfile $!"); while($com = ) { print DEST $com; } close (SOURCE); close(DEST); return 1; } sub item_closed { if ($keep_closed_auctions == 1) { ## MODIFIED BY DIRAN #$data_path =~ s/..\///g; ## Added 105 ## if (!($catdir =~ /^cat[0-9]+$/)) { print "Content-type: text/html\n\n"; print "$catdir non è una direttori di Aste Online.
"; exit; } ## Added 105 ## $catdir =~ s/\.\.\\//g; $catdir =~ s/\.\.//g; $catdir =~ s/\///g; ## Added 105 ## unless ($catdir) { print "Content-type: text/html\n\n"; print "non hai scelto una categoria.
"; exit; } $fromfile =~ s/\.\.\///g; $fromfile =~ s/\.\.//g; $fromfile =~ s/\///g; &fromcheck; ## MODIFIED BY DIRAN $closed_dir = "closed"; #print "$data_path
"; #print "$closed_dir
"; #print "$catdir
"; #print "$fromfile
"; mkdir ("$data_path/$closed_dir" , $closedpermissions) unless ( -d "$data_path/$closed_dir"); chmod ($closedpermissions, "$data_path/$closed_dir"); ©file("$data_path/$catdir/$fromfile" , "$data_path/$closed_dir/$catdir$fromfile"); } unlink($sourcefile) || &error("$sourcefile $!"); wait; if ($noitems == 1) { if ($lastbid[2] >= $reservebid) { $to = $lastbid[1]; $subject = "Auction Close: $itemname"; $from = $from_email_address; if ($email_templates_dir ne "" && $winner_message ne "") { $gbidtime = $endtime; $gbid = $lastbid[2]; $gname = $firstbid[4]; $gstaddress = $firstbid[5]; $gcity = $firstbid[6]; $gstate = $firstbid[7]; $gzip = $firstbid[8]; $message = &email_parser ("$winner_message"); } else { $message= <<12345; You have WON the AUCTION $endtime .\nYour winning bid was \€$lastbid[2].\n\nSeller Info\n-----------------------\nName : $firstbid[4]\nStreet Address : $firstbid[5]\nCity : $firstbid[6]\nState : $firstbid[7]\nZip : $firstbid[8]\n\n 12345 } &sendmail($to , $from , $subject , $message); } else { $to = $lastbid[1]; $from = $from_email_address; $subject = "Auction Close: $itemname"; if ($email_templates_dir ne "" && $winner_message_rb ne "") { $gbidtime = $endtime; $gbid = $lastbid[2]; $gname = $firstbid[4]; $gstaddress = $firstbid[5]; $gcity = $firstbid[6]; $gstate = $firstbid[7]; $gzip = $firstbid[8]; $gauction = $endtime; $message = &email_parser ("$winner_message"); } else { $message= <<12345; Your bid for Auction $endtime was the best one even though .\nYour bid (\€$lastbid[2]) was less than the RESERVE BID \n\nSeller Info\n-----------------------\nName : $firstbid[4]\nStreet Address : $firstbid[5]\nCity : $firstbid[6]\nState : $firstbid[7]\nZip : $firstbid[8]\n\n 12345 } &sendmail($to , $from , $subject , $message , $winner_message_rb); } $to = $firstbid[1]; $from = $from_email_address; $subject = "Auction Close: $itemname"; if ($email_templates_dir ne "" && $seller_message ne "") { $gbidtime = $endtime; $gbid = $lastbid[2]; $gname = $lastbid[4]; $gstaddress = $lastbid[5]; $gcity = $lastbid[6]; $gstate = $lastbid[7]; $gzip = $lastbid[8]; $gauction = $endtime; $grbid = $reservebid; $message = &email_parser ("$seller_message"); } else { $message = <<12345; Auction $endtime Is Now Closed.\nThe highest bid was \€$lastbid[2] (Your reserve was: \€$reservebid).\n\nBidder Info\n---------------\nName : $lastbid[4]\nStreet Address : $lastbid[5]\nCity : $lastbid[6]\nState : $lastbid[7]\nZip : $lastbid[8]\n\n 12345 } &sendmail($to , $from , $subject , $message ); } else { for ($ty = 0; $ty <= $#bids ; $ty++) { @templine = split (/####/ , $bids[$ty]); #####$line2 = "$username####$email####$bid####$currenttime####$name####$staddress####$city####$state####$zip####$nobiditem\n"; $result[$ty] = $ty; $bid1[$ty] = $templine[2]; $nobid1[$ty] = $templine[9]; $time1[$ty] = $templine[3]; $username1[$ty] = $templine[0]; $email1[$ty] = $templine[1]; } &dutch_auction; @templine = ""; $lastgood = $newresult[$#newresult]; @templine = split (/####/ , $bids[$lastgood]); $goodbid = $templine[2]; $ai = $noitems; for ($yyt = 0; $yyt <= $#newresult ; $yyt++) { next if ($ai < 1); $from = $from_email_address; $to = $email1[$newresult[$yyt]]; $subject = "Auction closed"; $bidyboy = $newresult[$yyt]; @templine = ""; @templine = split (/####/ , $bids[$bidyboy]); if ($email_templates_dir ne "" && $winners_message_da ne "") { $gbid = $goodbid; $gname = $firstbid[4]; $gstaddress = $firstbid[5]; $gcity = $firstbid[6]; $gstate = $firstbid[7]; $gzip = $firstbid[8]; $gauction = $endtime; $gnitems = $templine[9]; $gaitems = $ai; $message = &email_parser ("$winners_message_da"); } else { $message = <<12345; You have WON the DUTCH AUCTION $endtime .\nYour winning bid was \€$goodbid for $templine[9] Items \nAvailable Items $ai\nSeller Info\n-----------------------\nName : $firstbid[4]\nStreet Address : $firstbid[5]\nCity : $firstbid[6]\nState : $firstbid[7]\nZip : $firstbid[8]\n\n 12345 } &sendmail($to , $from , $subject , $message); if ($email_templates_dir ne "" && $seller_message_da ne "") { $gbid = $templine[2]; $gname = $templine[4]; $gstaddress = $templine[5]; $gcity = $templine[6]; $gstate = $templine[7]; $gzip = $templine[8]; $gauction = $endtime; $gnitems = $templine[9]; $bidder_info .= &email_parser ("$seller_message_da"); } else { $bidder_info .= "---------------------------\nName : $templine[4]\nStreet Address : $templine[5]\nCity : $templine[6]\nState : $templine[7]\nZip : $templine[8]\nBid Value : $templine[2]\nNumber of Items : $templine[9] \n\n"; } $ai = $ai - $templine[9]; } $to = $firstbid[1]; $from = $from_email_address; $subject = "Auction Close"; if ($email_templates_dir ne "" && $seller_message_da ne "") { $message = $gtop.$bidder_info.$gbottom; } else { $message = <<12345; Auction $endtime Is Now Closed.\n\nBidders Info $bidder_info 12345 } &sendmail($to , $from , $subject , $message); } } sub edit { &get_form_register_param; &check_form_edit; $userfile = $register_path."/$username".".dat"; open(USERFILE, "<$userfile") || &error("$userfile $!"); ($password8, $email8, $name8, $staddress8, $city8, $state8 , $zip8 , @userbids8) = ; chomp ($password8, $email8, $name8, $staddress8, $city8, $state8 , $zip8 , @userbids8); close (USERFILE); $email = $email8 if ($email eq ""); $name = $name8 if ($name eq ""); $staddress = $staddress8 if ($staddress eq ""); $city = $city8 if ($city eq ""); $state = $state8 if ($state eq ""); $zip = $zip8 if ($zip eq ""); $salt = "#x"; $crypty = crypt($newpass1, $salt); open (USERFILE , ">$register_path/$username.dat") || &error("$register_path/$username.dat $!"); $line = "$crypty\n$email\n$name\n$staddress\n$city\n$state\n$zip\n"; print USERFILE $line; print @userbids8; close(USERFILE); ## MODIFIED BY DIRAN print "Content-type: text/html\n\n"; ## MODIFIED BY DIRAN &theader2; print< Modifica dati utente EOF &theader3; print <<"12345";
I tuoi dati sono stati modificati con successo
12345 &print_footer; exit(1); } sub check_form_edit { $userfile = $register_path."/$username".".dat"; unless (open(USERFILE, "<$userfile")) { $error_message = "Invalid login"; &form_edit; } ($password8, $email8, $name8, $staddress8, $city8, $state8 , $zip8 , @userbids8) = ; chomp ($password8, $email8, $name8, $staddress8, $city8, $state8 , $zip8 , @userbids8); close (USERFILE); $salt = "#x"; $crypty = crypt($oldpass, $salt); if ($crypty ne $password8) { $error_message = "Invalid login"; &form_edit; } if ($newpass1 ne $newpass2) { $error_message = "New passwords DONT match !!"; &form_edit; } if ($email =~ /(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)/ || $email !~ /^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,3}|[0-9]{1,3})(\]?)$/ && $email ne "") { $error_message = "Email invalida !!"; &form_edit; } } sub form_edit { &print_header; print < EOF if ($error_message) { print<
$error_message
EOF } &theader2; print<
EOF &theader3; print< *Username *Vecchia Password Nuova Password Nuova Password (ripeti) *Email *Nome Completo Indirizzo Attuale Città Stato Zip EOF &print_footer; exit(1); } sub add_user { &check_form_register; $newpassword = &password_making; $salt = "#x"; $crypty = crypt($newpassword , $salt); open (USERFILE , ">$register_path/$username.dat") || &error("$register_path/$username.dat $!"); $line = "$crypty\n$email\n$name\n$staddress\n$city\n$state\n$zip\n"; print USERFILE $line; close (USERFILE); &print_header; &theader2; print< Informazioni Utente Inviate EOF &theader3; print <
I vostri dati sono stati inviati per posta a: $email
EOF &print_footer; $to = $email; $from = $from_email_address; $subject = "DATI REGISTRAZIONE"; if ($email_templates_dir ne "" && $login_message ne "") { $gusername = $username; $gpassword = $newpassword; $message = &email_parser ("$login_message"); } else { $message = "\nyour login details are as follows:-\n\nUsername : $username\nPassword : $newpassword \n"; } &sendmail($to , $from , $subject , $message ); exit(1); } sub send_mail { $to = $_[0]; $from = $_[1]; $subject = $_[2]; $message = $_[3]; ## MODIFIED BY DIRAN #open(MAIL,"| $MAIL") ; open (MAIL, "|$MAIL -t") || print ("Can't open $MAIL!\n"); ## MODIFIED BY DIRAN print MAIL "To: $to\n"; print MAIL "From: $from\n"; print MAIL "Subject: $subject\n"; print MAIL <<"12345"; $message 12345 close(MAIL); } sub sendmail { my($to, $from, $subject, $message, $tempfile) = @_; if (lc $mailusing eq 'sendmail') { if (-e $mailprog) { open (MAIL, "|$mailprog -t"); } else { unless ($mailprog_ok) { print "Content-type: text/html\n\n"; print "The path to your Sendmail: $mailprog doesn't seem to be correct
"; $err = "1"; } } print MAIL "To: $to\n"; print MAIL "From: $from\n"; print MAIL "Subject: $subject\n"; print MAIL "$message\n"; close MAIL; } else { $err = &sockets_mail($to, $from, $subject, $message); if ($err < 1) { print "Content-type: text/html\n\n"; print "
\nSendmail error # $err
\n";} } } sub sockets_mail { my ($to, $from, $subject, $message) = @_; my ($replyaddr) = $from; if (!$to) { return -8; } my ($proto, $port, $smptaddr); my ($AF_INET) = 2; my ($SOCK_STREAM) = 1; $proto = (getprotobyname('tcp'))[2]; $port = 25; $smtpaddr = ($smtp_addr =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/) ? pack('C4',$1,$2,$3,$4) : (gethostbyname($smtp_addr))[4]; if (!defined($smtpaddr)) { return -1; } if (!socket(S, $AF_INET, $SOCK_STREAM, $proto)) { return -2; } if (!connect(S, pack('Sna4x8', $AF_INET, $port, $smtpaddr))) { return -3; } # my($oldfh) = select(S); $| = 1; select($oldfh); select(S); $| = 1; select(STDOUT); $_ = ; if (/^[45]/) { close S; return -4; } print S "helo localhost\r\n"; $_ = ; if (/^[45]/) { close S; return -5; } print S "mail from: $from\r\n"; $_ = ; if (/^[45]/) { close S; return -5; } print S "rcpt to: $to\r\n"; $_ = ; if (/^[45]/) { close S; return -6; } print S "data\r\n"; $_ = ; if (/^[45]/) { close S; return -5; } print S "Content-Type: text/plain; charset=us-ascii\r\n"; print S "To: $to\r\n"; print S "From: $from\r\n"; print S "Reply-to: $replyaddr\r\n" if $replyaddr; print S "Subject: $subject\r\n\r\n"; print S "$message"; print S "\r\n.\r\n"; $_ = ; if (/^[45]/) { close S; return -7; } print S "quit\r\n"; $_ = ; close S; return 1; } sub password_making { srand; $ena = ""; $digits = int(rand(2)); $limit = $digits + 4; for ($xx = 0 ; $xx <= $limit ; $xx =$xx + 2) { srand; $retval = rand(25); $retval = $retval + 97; $t = chr($retval); $ena = $ena.$t; $f = int(rand(10)) + 1; $ena = $ena.$f; } $ena =~ s/[o0ijl]/$digits/g; return $ena; } sub get_form_register_param { $username = $q->param('username'); ## Added 105 ## $username =~ s/\.\.\///g; ## Added 105 ## #$password1 = $q->param('password1'); #$password2 = $q->param('password2'); $email = $q->param('email'); $name = $q->param('name'); $staddress = $q->param('staddress'); $city = $q->param('city'); $state = $q->param('state'); $zip = $q->param('zip'); $oldpass = $q->param('oldpass'); $newpass1 = $q->param('newpass1'); $newpass2 = $q->param('newpass2'); return 1; } sub check_form_register { &get_form_register_param; $username =~ s/ //g; ## Added 105 ## $username =~ s/\.\.\///g; ## Added 105 ## $return = &check_duplicate_username($username); if ($return == 1) { $error_message = "Questa username già esiste"; &form_register; } if ($username eq "" || $email eq "" || $name eq "") { $error_message = "Obbligatorio riempire i campi con il simbolo *"; &form_register; } #if ($password1 ne $password2) #{ #$error_message = "Passwords DONT match !!"; #&form_register; #} if ($email =~ /(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)/ || $email !~ /^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,3}|[0-9]{1,3})(\]?)$/ && $email ne "") { $error_message = "Invalid email !!"; &form_register; } } sub check_duplicate_username { $c = $_[0]; if (-f "$register_path/$c.dat") { return 1; } else { return 0 ; } } sub form_register { &print_header; print < EOF &theader2; print< EOF &theader3; if ($error_message) { print<
$error_message
EOF } print<
*Username
*Email
*Nome Completo
Indirizzo Attuale
Città
Stato
Zip
EOF &print_footer; exit(1); } sub add_item { &get_item_param; if ($require_user_reg == 1) { $userfile = $register_path."/$username".".dat"; open(USERFILE, "<$userfile") || &error("$userfile $!"); ($password, $email, $name, $staddress, $city, $state , $zip , @userbids) = ; chomp ($password, $email, $name, $staddress, $city, $state , $zip , @userbids); close (USERFILE); } $line1 = "$itemname\n$reservebid\n$bidinc\n$desc\n$image\n$noitems\n"; $line2 = "$username####$email####$startbid####$currenttime####$name####$staddress####$city####$state####$zip####1\n"; $dltime = localtime($currenttime); $lookfile = $endtime.".dat"; $itemfile = $data_path."/".$formdirname."/".$endtime.".dat"; open(ITEMFILE , ">$itemfile"); print ITEMFILE $line1; print ITEMFILE $line2; close(ITEMFILE); &print_header; &theader2; print< Aste Offerte EOF &theader3; print <<"12345";
Caro $name, anche il vostro $itemname è stato aggiunto con successo nelle categorie $formtitle su $dltime . Ti auguriamo una buona vendita.
12345 &print_footer; exit(1); } sub preview { &check_preview; &print_header; $time = time; $currenttime = localtime($time); $endtime = $days * 86400 + $time; $closetime = localtime($endtime); ## MODIFIED BY DIRAN $desc =~ s///g; $desc =~ s/\.\.\///g; $desc =~ s/\.\.//g; $desc =~ s/\///g; ## MODIFIED BY DIRAN ## Added version 1.06 $desc1 = $desc; foreach $line($desc1) { #chomp($line); #$desc =~ s/\r//g; $line =~ s/\r//g; $line =~ s/\n/\\n/g; } ## print< EOF &theader2; print< Anteprima Aste EOF &theader3; print< Articolo $itemname Categoria $formtitle Url Immagine $image Descrizione $desc Articolo Inserito Alle $currenttime Chiusura Dopo $days Giorni (ie on $closetime) Username $username Offerta Iniziale \€$startbid Offerta di Riserva \€$reservebid Incremento offerta \€$bidinc Numero di Aste $noitems EOF # print $matterboy; if ($noitems > 1) { print <Stile Asta Olandese
EOF } print <<"12345";
12345 &print_footer; exit(1); } sub get_item_param { $itemname = $q->param('itemname'); $category = $q->param('category'); ($formdirname , $formtitle) = split(/:/ , $category); $image = $q->param('image'); $days = $q->param('days'); $desc = $q->param('desc'); $username = $q->param('username'); ## Added 105 ## $username =~ s/\.\.\///g; $username =~ s/\.\.//g; $username =~ s/\///g; ## Added 105 ## $password = $q->param('password'); $startbid = $q->param('startbid'); $reservebid = $q->param('reservebid'); $bidinc = $q->param('bidinc'); $endtime = $q->param('endtime'); $currenttime = $q->param('currenttime'); $noitems = $q->param('noitems'); if ($require_user_reg != 1) { $email = $q->param('email'); $name = $q->param('name'); $staddress = $q->param('staddress'); $city = $q->param('city'); $state = $q->param('state'); $zip = $q->param('zip'); } return 1; } sub check_preview { &get_item_param; $days = 14 if ($days eq ""); $startbid = 1 if ($startbid eq ""); ## MODIFIED BY DIRAN unless ($startbid =~ /^[0-9]+(\.[0-9]*)?$/) { $error_message = "USI solo numeri standard"; &form_item ; exit; } $startbid = sprintf("%1.2f",$startbid); $reservebid =~ s/\,//g; ## MODIFIED BY DIRAN $reservebid = $startbid if ($reservebid eq "" || $reservebid < $startbid); ## MODIFIED BY DIRAN unless ($reservebid =~ /^[0-9]+(\.[0-9]*)?$/) { $error_message = "USI solo numeri nelle offerte"; &form_item ; exit; } $reservebid = sprintf("%1.2f",$reservebid); ## MODIFIED BY DIRAN $bidinc = 1 if ($bidinc eq ""); # if ($itemname eq "" || $username eq "" || $password eq "") if ($itemname eq "" || $username eq "") { $error_message = "Obbligatorio riempire i campi con il simbolo *"; &form_item; } if ($require_user_reg == 1) { $result = &check_username_password($username , $password); &form_item if ($result == 0); } ### INVALID NUMBER ## MODIFIED BY DIRAN if ($noitems ne "" && $noitems < 1 ) ####################################### { $error_message = "Numero Aerticolo INVALIDO"; &form_item; } if ($noitems ne "") { unless($noitems =~ /^[0-9]+(\.[0-9]*)?$/) { $error_message = "Enter ONLY numbers in number of items"; &form_item; } } $noitems = 1 if ($noitems eq ""); if ($email =~ /(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)/ || $email !~ /^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,3}|[0-9]{1,3})(\]?)$/ && $email ne "") { $error_message = "Email Invalida"; &form_item; } } sub check_username_password { $username = $_[0]; ## Added 105 ## $username =~ s/\.\.\///g; $username =~ s/\.\.//g; $username =~ s/\///g; ## Added 105 ## $passwordin = $_[1]; $userfile = $register_path."/$username".".dat"; unless (open(USERFILE, "<$userfile")) { $error_message = "Invalid username"; return 0; } ($password, $email, $name, $staddress, $city, $state , $zip , @userbids) = ; chomp ($password, $email, $name, $staddress, $city, $state , $zip , @userbids); close (USERFILE); $error_message = "Password Invalida"; $salt = "#x"; $crypty = crypt($passwordin , $salt); return 0 if ($crypty ne $password); return 1; } sub form_item { &get_item_param; &get_cat; &print_header; if ($dirname[0] eq "" && $#dirname == 0) { print <<"12345";
$linksCATEGORIE NON DEFINITE ..

Entri e definisca le categorie , entri in Aste
12345 &print_footer; exit(1); } print < EOF &theader2; print < EOF &theader3; if ($error_message) { print "
$error_message
"; } print<*ArticoloCategoria Url Immagine Chiusura dopo GiorniDescrizione *Username 12345 if ($require_user_reg == 1) { print <<"12345"; *Password 12345 } else { print <<"12345"; *Email> Nome Indirizzo Attuale Città Stato Zip 12345 } print <<"12345"; Offerta InizialeOfferta RiservaIncremento offertaNumero Di Annunci (almeno 2)
(Stile Aste)
12345 #&theader3; &print_footer; exit(1); } sub addcat { @dirname1 = @dirname; @dummy = map( s/cat//gi , @dirname1); @sorted = sort num_last (@dirname1); $lastused = $sorted[$#sorted]; $tobeused = $lastused + 1; if ($q->param('sbutton') eq 'Add') { $newcat = $q->param('newcat'); $newcat =~ s///g; $newcat =~ s/\.\.\///g; $newcat =~ s/\.\.//g; $newcat =~ s/\///g; $newdir = "cat$tobeused"; $line = join(":" , $newdir , $newcat); if (-e "$data_path/category.file") { open (CATEGORYFILE , ">>$data_path/category.file") || &error("$data_path/category.file $!"); } else { open (CATEGORYFILE , ">$data_path/category.file") || &error("$data_path/category.file $!"); } print CATEGORYFILE $line."\n"; close(CATEGORYFILE); $newcat = ""; } } sub formcat { $num = 0; &print_header; &theader2; print < Amministra Categorie EOF &theader3; ## Added 105 ## $alogin = $q->param('alogin'); $apass = $q->param('apass'); ## Added 105 ## print< EOF print <<"12345" if ($error_message ne "");

$error_message
12345 print <<"12345"; 12345 for ($xx = 0 ; $xx <= $#dirname ; $xx++) { next if ($dirname[0] eq "" && $#dirname == 0); print <<"12345";
$dirname[$xx] $title[$xx]
12345 $num++; if ($num == 2) { $num =0; } } print <<"12345";
Nuova Categoria
12345 &print_footer; exit(0); } sub expand_cat { &print_header; &print_cat_head1; $dirname = $_[0]; chomp($dirname); ## MODIFIED BY DIRAN $dirname =~ s/\.\.\///g; $dirname =~ s/\.\.//g; $dirname =~ s/\///g; if (!($dirname) || ($dirname eq '')) { print "Nessuna direttori fu data
"; exit; } $fromfile =~ s/\.\.\///g; $fromfile =~ s/\.\.//g; $fromfile =~ s/\///g; &fromcheck; ## MODIFIED BY DIRAN @totalfiles = ""; @actualitemfiles = ""; opendir (CATDIR , "$data_path/$dirname") || &error("$data_path/$dirname $!"); @totalfiles = readdir (CATDIR); closedir(CATDIR); @actualitemfiles = grep (/^[^\.]/ , @totalfiles); $num = 0; ## MODIFIED BY DIRAN foreach $fromfile(@actualitemfiles) { open (FROMFILE , "<$data_path/$dirname/$fromfile"); ($name , $rprice , $binc , $desc , $image , @bids) = ; chomp($name , $rprice , $binc , $desc , $image , @bids); @lastbid = split(/####/,$bids[$#bids]); $file =~ s/\.dat//; @finishtime = localtime($fromfile); $finishtime[4]++; $extra = ""; $extra = "*" if ($image ne ""); $fromfile =~ s/\./%2E/g; print< $name $extra $finishtime[3]/$finishtime[4] $#bids \€$lastbid[2] EOF $num++; if ($num == 2) { $num =0; } } print< * Immagine Disponibile
EOF &print_cat_foot1; &print_footer; exit(0); } sub print_cat_head1 { &theader2; print <<"12345";
12345 &theader3; } sub print_cat_foot1 { ## print <<"12345"; ##
## * --- questo Articolo ha una immagine
# 12345 } sub get_numberof_items { for ($xx = 0 ; $xx <= $#dirname ; $xx++) { next if ($dirname[$xx] eq ""); opendir (CATDIR , "$data_path/$dirname[$xx]") || &error("$data_path/$dirname[$xx] $! "); @totalfiles = readdir(CATDIR); closedir(CATDIR); @actualitemfiles = grep (/^[^\.]/ , @totalfiles); $nitems = $#actualitemfiles + 1; $nitems = 0 if ($actualitemfiles[0] eq ""); $noi{$dirname[$xx]} = $nitems; } } sub get_cat { $f = 0; @dirname = ""; @title = ""; return 1 if( !(-e "$data_path/category.file")); open(CATEGORYFILE , "<$data_path/category.file") || &error("$data_path/category.file $!"); ############ # 0 1 2 3 4 5 6 7 8 # ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) =localtime(time); ########### while ($data = ) { chomp($data); ($dirname[$f] , $title[$f]) = split(/:/ , $data); unless (-d "$data_path/$dirname[$f]") { mkdir("$data_path/$dirname[$f]", $categorypermissions) || &error("$data_path/$dirname[$f] $! "); chmod ($categorypermissions , "$data_path/$dirname[$f]"); } $f = $f + 1; } close(CATEGORYFILE); } sub first { $flag1 = 1; &print_header; &first_part1; &first_matter; &first_part2; &print_footer; exit(0); } sub first_part1 { print <<"12345";
12345 print $links; print <<"12345";


12345 } sub first_matter { $num = 0; for ($xx = 0 ; $xx<=$#title ; $xx++) { ## ADDED TODAY if ($title[$xx]) { print <<"12345";
$title[$xx] $noi{$dirname[$xx]}
12345 $num++; if ($num == 2) { $num =0; } } ## ADDED TODAY } } sub first_part2 { print <<"12345";

12345 } sub print_header { print $q->header; # print $q->start_html; open (FILE,"<$data_path/header.txt"); #### Full path name from root. if ($LOCK_EX){ flock(FILE, $LOCK_EX); #Locks the file } @headerfile = ; close(FILE); print< EOF foreach $line(@headerfile) { print "$line"; } } sub print_footer { # print $q->end_html; print ""; open (FILE,"<$data_path/footer.txt"); #### Full path name from root. if ($LOCK_EX){ flock(FILE, $LOCK_EX); #Locks the file } @footerfile = ; close(FILE); foreach $line(@footerfile) { print "$line"; } print<
$sitename servizio gratuito offerto da Mitama.it
N.B. Lo staff di Mitama non svolge nessuna funzione di intermediariato nelle compra/vendite di questa sezione. Per tanto lo staff di Mitama non è responsabile della veridicità degli annunci e tanto meno del corretto comportamento degli utenti in fase di transazione.
 
Partner 88x31
EOF } sub error { &print_header; print $_[0]; &print_footer; exit(0); } sub num_last { my ($num_a , $num_b); $num_a = $a =~ /^[0-9]/; $num_b = $b =~ /^[0-9]/; if ($num_a && $num_b) { $retval = $a <=> $b; } elsif ($num_a) { $retval = 1; } elsif ($num_b) { $retval = -1; } else { $retval = $a cmp $b; } $retval; } sub dutch_auction { $yy = $#bid; @tbid = ""; @tnobid = ""; @ttime = ""; @tbid = @bid1; @tnobid = @nobid1; @ttime = @time1; @result = ""; for ($zz = 0 ; $zz <= $yy ; $zz++) { $bb = $yy - $zz; for ($dd = 0 ; $dd < $bb ; $dd++) { if ($tbid[$dd] < $tbid[$dd + 1]) { $temp = $tbid[$dd]; $tbid[$dd] = $tbid[$dd + 1]; $tbid[$dd + 1] = $temp; $temp = $tnobid[$dd]; $tnobid[$dd] = $tnobid[$dd + 1]; $tnobid[$dd + 1] = $temp; $temp = $ttime[$dd]; $ttime[$dd] = $ttime[$dd + 1]; $ttime[$dd + 1] = $temp; $temp = $result[$dd]; $result[$dd] = $result[$dd + 1]; $result[$dd + 1] = $temp; $temp = ""; } elsif ($tbid[$dd] == $tbid[$dd + 1]) { if ($tnobid[$dd] < $tnobid[$dd + 1]) { $temp = $tbid[$dd]; $tbid[$dd] = $tbid[$dd + 1]; $tbid[$dd + 1] = $temp; $temp = $tnobid[$dd]; $tnobid[$dd] = $tnobid[$dd + 1]; $tnobid[$dd + 1] = $temp; $temp = $ttime[$dd]; $ttime[$dd] = $ttime[$dd + 1]; $ttime[$dd + 1] = $temp; $temp = $result[$dd]; $result[$dd] = $result[$dd + 1]; $result[$dd + 1] = $temp; $temp = ""; } elsif ($tnobid[$dd] == $tnobid[$dd + 1]) { if ($ttime[$dd] > $ttime[$dd + 1]) { $temp = $tbid[$dd]; $tbid[$dd] = $tbid[$dd + 1]; $tbid[$dd + 1] = $temp; $temp = $tnobid[$dd]; $tnobid[$dd] = $tnobid[$dd + 1]; $tnobid[$dd + 1] = $temp; $temp = $ttime[$dd]; $ttime[$dd] = $ttime[$dd + 1]; $ttime[$dd + 1] = $temp; $temp = $result[$dd]; $result[$dd] = $result[$dd + 1]; $result[$dd + 1] = $temp; $temp = ""; } } } } } $vcx = 0; @newresult = ""; for ($xy = 0; $xy <= $#result ; $xy++) { $temp = $username1[$result[$cc]]; if ($temp ne "") { $newresult[$vcx] = $result[$cc]; @dummy = map (s/$temp//ig , @username1); $vcx++; } } } sub email_parser { local($filename , $flag , $middle , $aall , @all ,$nall , $xx); $filename = $_[0]; $flag = $_[1]; open(EPFILE , "<$email_templates_dir/$filename") || &error("$email_templates_dir/$filename $!"); @all = ; close(EPFILE); if ($flag == 1) { $nall = join("#a#b" , @all); ($gtop , $middle , $gbottom) = split(/%%BREAK%%/ , $nall); @all = ""; @all = split(/#a#b/ , $middle); } for ($xx = 0 ; $xx <= $#all ; $xx++) { $all[$xx] =~ s/%%USERNAME%%/$gusername/gi; $all[$xx] =~ s/%%BID%%/$gbid/gi; $all[$xx] =~ s/%%NITEMS%%/$gnitems/gi; $all[$xx] =~ s/%%BIDTIME%%/$gbidtime/gi; $all[$xx] =~ s/%%AUCTION%%/$gauction/gi; $all[$xx] =~ s/%%NAME%%/$gname/gi; $all[$xx] =~ s/%%STADDRESS%%/$gstaddress/gi; $all[$xx] =~ s/%%CITY%%/$gcity/gi; $all[$xx] =~ s/%%STATE%%/$gstate/gi; $all[$xx] =~ s/%%ZIP%%/$gzip/gi; $all[$xx] =~ s/%%RBID%%/$grbid/gi; $all[$xx] =~ s/%%AITEMS%%/$gaitems/gi; $all[$xx] =~ s/%%PASSWORD%%/$gpassword/gi; $all[$xx] =~ s/%%URL%%/$gurl/gi; } $aall = join("" , @all); return $aall; } sub theader2 { print<
EOF print $links; print <
EOF } sub theader3 { print<

EOF } sub delete_cat { &blindcheck; $cc = 0; $cat = $_[0]; if (($cat) && (!($cat =~ /^cat[0-9]+$/)) || ($cat eq "")) { print "Content-type: text/html\n\n"; print "$cat non è una direttori di Aste Online.
"; exit; } $cat =~ s/\.\.\\//g; $cat =~ s/\.\.//g; $cat =~ s/\///g; open (CATFILE , "<$data_path/category.file") || &error("$data_path/category.file $!"); @allcats = ; close(CATFILE); chomp(@allcats); for ($xx = 0 ; $xx <= $#allcats ; $xx++) { ($catid , $catname) = split(/:/ , $allcats[$xx]); if ($catid eq $cat) { next; } $newcats[$cc] = $allcats[$xx]."\n"; $cc++; } open (CATFILE , ">$data_path/category.file") || &error("$data_path/category.file $!"); print CATFILE @newcats; close(CATFILE); opendir (CATDIR , "$data_path/$cat") || &error("$data_path/$cat $!"); @totalfiles = readdir (CATDIR); closedir(CATDIR); @actualitemfiles = grep (/^[^\.]/ , @totalfiles); foreach $file(@actualitemfiles) { unlink("$data_path/$cat/$file") || &error("$data_path/$cat/$file $!"); wait; } rmdir("$data_path/$cat") || &error("$data_path/$cat $!"); wait; &get_cat; &get_numberof_items; &formcat; } sub admin_login { &print_header; &theader2; print<
EOF &theader3; if ($error_message) { print "

$error_message

"; } print <<"12345";
Login
Password
12345 &print_footer; } ## Added 105 ## sub blindcheck { $alogin = $q->param('alogin'); $apass = $q->param('apass'); if ($adminlogin eq "admin" || $adminpass eq "pass") { $error_message = "Cambi la Password e Admin di Default"; &admin_login; exit; } if ($adminlogin ne $alogin || $adminpass ne $apass) { $error_message = "Invalida Admin login"; &admin_login; exit; } } sub fromcheck { $tempfrom = $fromfile; $tempfrom =~ s/.dat//g; if (($tempfrom) && ($tempfrom !~ /^[0-9]+$/)) { print "Content-type: text/html\n\n"; print "File non valido
"; exit; } } ## Added 105 ## sub admin_check { $alogin = $q->param('alogin'); $apass = $q->param('apass'); if ($adminlogin eq "admin" || $adminpass eq "pass") { $error_message = "Cambi la Password e Admin di Default"; &admin_login; exit; } if ($adminlogin ne $alogin || $adminpass ne $apass) { $error_message = "Invalida Admin login"; &admin_login; } else { &formcat ; } exit(1); }