#!/usr/bin/perl ####################################################### # Locked Area Lite Version 3.2 Linux Stable # http://www.lockedarea.com/ # Originally Released: 1st September 1999 (v1.0) # Latest Release: 29th September 2003 (v3.2) ####################################################### # # COPYRIGHT NOTE: # Locked Area Lite may be used and modified by anyone so # long as they have a fully registered copy and this # copyright notice and the comments above remain intact. # By using this code you agree to indemnify Neil Skirrow # and LockedArea.com from any liability that might arise # from its use. Selling the code for this program without # prior written consent is expressly forbidden. In other # words, please ask first before you try and make money # off of our program. Obtain permission before # redistributing this software over the Internet or in # any other medium. In all cases copyright and header # must remain intact. We cannot be held responsible # for any harm this may cause. # ####################################################### use CGI qw(:standard); # Calls CGI.pm Library $query = new CGI; use Fcntl qw(:flock); # Calls File Locking Library ####################################################### # The above three lines are essential to the script, if # they are causing you an error, you don't have the # required modules to use Locked Area Lite v3.2 Linux. # Contact your web host and ask them to install them as # they are essential modules. ####################################################### # THIS FILE REQUIRES NO MANUAL MODIFICATION TO BE USED # WITH THE EXCEPTION OF THE PATH TO PERL ON THE TOP # LINE OTHERWISE ALL CONFIGURATION IS DONE FROM THE # ADMIN PANEL. ####################################################### require "variables.pl"; # Go and get the variables. print "Content-type: text/html\n\n"; &print_edit if ($ENV{'QUERY_STRING'} eq "passwd"); &print_edit if ($ENV{'QUERY_STRING'} eq "edit"); &print_delete if ($ENV{'QUERY_STRING'} eq "delete"); &print_findpass if ($ENV{'QUERY_STRING'} eq "find"); $go_delete = $query->param('go_delete'); &go_delete if ($go_delete && $ENV{'REQUEST_METHOD'} eq "POST"); $go_edit = $query->param('go_edit'); &go_edit if ($go_edit && $ENV{'REQUEST_METHOD'} eq "POST"); $go_acctedit = $query->param('go_acctedit'); &go_acctedit if ($go_acctedit && $ENV{'REQUEST_METHOD'} eq "POST"); $go_pass = $query->param('go_pass'); &go_pass if ($go_pass && $ENV{'REQUEST_METHOD'} eq "POST"); &print_form if ($ENV{'REQUEST_METHOD'} eq "GET"); &user_join if ($ENV{'REQUEST_METHOD'} eq "POST"); $membersdb = $membersdb; # First thing you see when loading locked.cgi. Main registration form. sub print_form { if ($signup_status eq "Online") { &get_date; &header; print qq~

Membership Sign-Up

$sitename: Account Signup Form

Please enter your details below,
you will be emailed your login details immediately.

Full Name:

Email Address:

Desired Username:

Desired Password:

Confirm Password:

$extra_field_name:

$terms


I agree to the above terms and conditions -->

Edit Account Information : Request New Password : Cancel Membership

$date

~; &footer; } else { # Displays if registration form is closed. $signup_status not set to Online. &get_date; &header; print qq~

$sitename: Account Signup Form
I'm afraid we're currently not accepting any new signups, please come back later. Locked Area Note This is appearing because you have set the signup status to offline. To change this please login to the Locked Area Lite v3.2 administration panel, then select the Configuration section. Now, scroll to the bottom and tick the signup status tick box, then click Update. Your registration form should now be accessible.
Edit Account Information : Request New Password : Cancel Membership

~; &footer; } } # User tries to register. sub user_join { if ($signup_status eq "Online") { $username = $query->param('username'); $password = $query->param('password'); $password2 = $query->param('password2'); $email1 = $query->param('email1'); $name = $query->param('name'); $extra1 = $query->param('extra'); $agree = $query->param('agree'); $password1 = $password; $usernameok = $username if (length($username) > 6); $passwordok = $password if (($password eq $password2) && (length($password) > 6)); $emailok = $email1; if ($extra_url eq "1") { $extra = $extra1 if (substr($extra1,0,7) eq 'http://'); # URL validation check if wanted. } else { $extra = $extra1 } # This checks all fields have been filled in. if ($extra_required eq "1") { unless ($usernameok && $passwordok && $emailok && $name && $extra && $agree) { &header; print qq~

$sitename: Account Signup Form Error

Sorry, but we found some problems with your submission. Please make the following corrections:

Either you didn't enter a username or it was less than 6 characters in length.
" unless ($usernameok); print "" unless ($usernameok && $emailok); print "
Either you didn't enter a password or it was less than 6 characters in length.
" unless ($passwordok); print "" unless ($usernameok && $emailok); print "
Either you didn't enter a email address or the email address you entered didn't match your confirm email address
" unless ($emailok); print "" unless ($emailok && $agree); print "
You did not enter your full name.
" unless ($name); print "" unless ($emailok && $agree); print "
You did not enter your $extra_field_name.
" unless ($extra); print "" unless ($emailok && $agree); print "
You did not agree to the terms and conditions.
" unless ($agree); print qq~

Full Name

Email Address.

Desired Username.

Desired Password.

Confirm Password.

$extra_field_name.

$terms


I agree to the above terms and conditions -->

~; &footer; exit; } } else { unless ($usernameok && $passwordok && $emailok && $name && $agree) { &header; print qq~

$sitename: Account Signup Form Error

Sorry, but we found some problems with your submission. Please make the following corrections:

Either you didn't enter a username or it was less than 6 characters in length.
" unless ($usernameok); print "" unless ($usernameok && $emailok); print "
Either you didn't enter a password or it was less than 6 characters in length.
" unless ($passwordok); print "" unless ($usernameok && $emailok); print "
Either you didn't enter a email address or the email address you entered didn't match your confirm email address
" unless ($emailok); print "" unless ($emailok && $agree); print "
You did not enter your full name.
" unless ($name); print "" unless ($emailok && $agree); print "
You did not agree to the terms and conditions.
" unless ($agree); print qq~

Full Name

Email Address.

Desired Username.

Desired Password.

Confirm Password.

$extra_field_name.

$terms


I agree to the above terms and conditions -->

~; &footer; exit; } } # This checks if email address is in correct format. if ($emailok =~ /(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)/ || $emailok !~ /^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$/) { &header; print qq~ ~; &footer; exit; } # Removes vetical pipes and colons from fields if their are any. This will ruin the database structure if they do get into the database. $usernameok =~ s/\|//g; $passwordok =~ s/\|//g; $emailok =~ s/\|//g; $name =~ s/\|//g; $extra =~ s/\|//g; $usernameok =~ s/\://g; $passwordok =~ s/\://g; # Check is email address already has account. open (DATABASEM, "$membersdb"); @wholebasem = ; close (DATABASEM); foreach $olduserm (@wholebasem) { chomp ($olduserm); # db looks like username|password|email|etc... @userm = split(/\|/, $olduserm); # check for duplicate email address in members db if ($emailok eq $userm[1]) { &header; print qq~

$sitename: Account Signup Form Error
Sorry, but you already have an account with the username, $userm[2]. Please click here if you've lost your password.
Edit Account Information : Request New Password : Cancel Membership

~; &footer; exit; } # Checks for duplicate username in members db if ($usernameok eq $userm[2]) { &header; print qq~ ~; &footer; exit; } } &get_date; # Encrypts password, opens db, locks it, writes to it, closes it. Adds user to members.db basically. $db_password = crypt($passwordok, "La"); open (DATABASE, ">>$membersdb") || warn "Locked Area Error: Cannot open database file: $!"; flock (DATABASE, LOCK_EX) || warn "Locked Area Error: Cannot flock database. $!"; print DATABASE "$name|$emailok|$usernameok|$db_password|$extra|$date\n"; close (DATABASE); # Encrypts password, opens password file, locks it, writes to it, closes it. Adds user to password file basically. $lasalt = &salt; $enc_password = crypt($passwordok, "$lasalt"); open (HTPASSWD, ">>$htpasswd") || warn "Locked Area Error: Cannot open htpasswd file: $!"; flock (HTPASSWD, LOCK_EX) || warn "Locked Area Error: Cannot flock htpasswd file. $!"; print HTPASSWD "$usernameok:$enc_password\n"; close (HTPASSWD); # Send welcome email. require "mails.pl"; # Display registration complete page. &header; print qq~

$sitename: Account Signup Complete
Thank you for joining $sitename. Your account has now been fully created and you may now login. Your account information and log-in details have now been emailed to you. You entered the following details: Desired Username: $usernameok Email Address: $emailok Full Name: $name $extra_field_name: $extra You should receive your login details via email within a few minutes.
Edit Account Information : Request New Password : Cancel Membership

~; &footer; exit; } else { # Displays if registration form is closed. $signup_status not set to Online. &get_date; &header; print qq~

$sitename: Account Signup Form
I'm afraid we're currently not accepting any new signups, please come back later. Locked Area Note This is appearing because you have set the signup status to offline. To change this please login to the Locked Area Lite v3.2 administration panel, then select the Configuration section. Now, scroll to the bottom and tick the signup statis tick box, then click Update. Your registration form should now be accessible.
Edit Account Information : Request New Password : Cancel Membership

~; &footer; } } sub print_delete { &header; print qq~

$sitename: Delete Account

To delete your $sitename account, please enter your username and password below.
This will permanently delete your account!

Edit Account Information : Request New Password : Cancel Membership

~; &footer; exit; } sub go_delete { $user = $query->param('username'); $pass = $query->param('password'); $db_password = crypt($pass, "La"); open (DATA, "$membersdb"); @indata = ; close (DATA); foreach $entries (@indata){ ($name, $email, $username, $password, $url, $date) = split(/\|/, $entries); if ($username eq $user) { $found = 1; if ($db_password eq $password) { $rightpass = 1; } last; } } unless ($rightpass) { unless ($found) { &header; print qq~

$sitename: Delete Account Error

The username, $user was not found in the members database.

Edit Account Information : Request New Password : Cancel Membership

~; &footer; exit; } &header; print qq~

$sitename: Delete Account Error

You did not enter a password so the account $user could not be deleted.

Edit Account Information : Request New Password : Cancel Membership

~; &footer; exit; } open (WRITEDATA, ">$membersdb") || warn "Locked Area Error: Cannot open database file: $!"; flock (WRITEDATA, LOCK_EX) || warn "Locked Area Error: Cannot flock database. $!";; foreach $memberline (@indata) { ($name, $email, $username, $password, $extra, $date) = split(/\|/, $memberline); if ($username eq $user) { if ($removeemail eq '1') { open (MAIL2, "|$mailprog -t") || die "Locked Area Error: Cannot open sendmail: $!"; print MAIL2 "To: $adminmail\n"; print MAIL2 "From: $adminmail\n"; print MAIL2 "Subject: Locked Area, Account Removed\n\n"; print MAIL2 "The user, $user has removed their account from your member's area.\n"; print MAIL2 "\n"; print MAIL2 "Their details were as follows:\n"; print MAIL2 " Username: $username\n"; print MAIL2 " Password: $password\n"; print MAIL2 " Name: $name\n"; print MAIL2 " Email: $email\n"; print MAIL2 " $extra_field_name: $extra\n"; print MAIL2 "\n"; print MAIL2 "Powered by Locked Area Lite v3.2, a product of LockedArea.com.\n"; print MAIL2 " http://www.lockedarea.com/\n"; close(MAIL2); } } else { print WRITEDATA $memberline; } } close (WRITEDATA); open (READHT, "$htpasswd") || warn "Locked Area Error: Cannot open password file: $!"; @htpw = ; close (READHT); open (WRITEHT, ">$htpasswd") || warn "Locked Area Error: Cannot open password file: $!"; flock (WRITEHT, LOCK_EX)|| warn "Locked Area Error: Cannot flock password file. $!"; foreach $passline (@htpw) { ($htuser, $htpass) = split(/\:/, $passline); if ($htuser eq $user) { } else { print WRITEHT $passline; } } close (WRITEHT); &header; print qq~

$sitename: Account Deleted
Your account, $user has now been removed from the members database. You will no longer be able to access the member's area.

~; &footer; exit; } sub print_edit { &header; print qq~

$sitename: Edit Account Details

Please login to modify your account details.

Edit Account Information : Request New Password : Cancel Membership

~; &footer; exit; } sub go_edit { $username = $query->param('username'); $password = $query->param('password'); $db_password = crypt($password, "La"); open (DATA, "$membersdb") || warn "Locked Area Error: Cannot open database file: $!"; @indata = ; close (DATA); foreach $entries (@indata){ ($name, $email, $user, $pass, $extra, $date) = split(/\|/, $entries); if ($user eq $username) { $found = 1; if ($pass eq $db_password) { last; } else { &header; print qq~

$sitename: Edit Account Details Error

The password you entered was incorrect.

Edit Account Information : Request New Password : Cancel Membership

~; &footer; exit; } } } unless ($found) { &header; print qq~

$sitename: Edit Account Details Error

The username you entered was not found in the member's database.

Edit Account Information : Request New Password : Cancel Membership

~; &footer; exit; } &header; print qq~

$sitename: Edit Account Details

To update your account information, modify the information below. You must enter your current password. If you wish to change your password, please enter your current password and complete the new and confirm password fields.

Edit Account Information : Request New Password : Cancel Membership

~; &footer; exit; } sub go_acctedit { $username = $query->param('username'); $password = $query->param('password'); if ($password eq "") { &header; print qq~

$sitename: Update Account Details Error
Your account details have not been updated because you did not enter your current password.

~; &footer; exit; } $newpassword = $query->param('newpassword'); $newpassword2 = $query->param('newpassword2'); $name = $query->param('name'); $email = $query->param('email'); $extra = $query->param('extra'); # This checks if email address is in correct format. if ($email =~ /(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)/ || $email !~ /^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$/) { $email = ""; } unless ($username && $newpassword && $newpassword2 && $email && $name && $extra) { &header; print qq~

$sitename: Update Account Details Error

Sorry, but we found some problems with your submission. Please make the following corrections:

Either you didn't enter a username or it was less than 6 characters in length.
" unless ($username); print "" unless ($usernameok && $emailok); print "
Either you didn't enter a new password or it was less than 6 characters in length.
" unless ($newpassword); print "" unless ($newpassword && $emailok); print "
Either you didn't comfirm your password or it was less than 6 characters in length.
" unless ($newpassword2); print "" unless ($newpassword && $newpassword2); print "
Either you didn't enter a email address or the email address you entered didn't match your confirm email address
" unless ($email); print "" unless ($emailok && $agree); print "
You did not enter your full name.
" unless ($name); print "" unless ($emailok && $agree); print "
You did not enter your $extra_field_name.
" unless ($extra); print qq~

Edit Account Information : Request New Password : Cancel Membership

~; &footer; exit; } $passwordcheck = "Yes"; $passwordcheck = "No" if (length($newpassword) < "6"); if (($newpassword eq "") && ($newpassword2 eq "")) { $passchange=2; $passwordcheck = "No"; } $db_password = crypt($password, "La"); open (DATA, "$membersdb") || warn "Locked Area Error: Cannot open database file: $!"; @indata = ; close (DATA); open (WRITEDATA, ">$membersdb") || warn "Locked Area Error: Cannot open database file: $!"; flock (WRITEDATA, LOCK_EX) || warn "Locked Area Error: Cannot flock database. $!"; foreach $entries (@indata){ ($oname, $oemail, $ousername, $opassword, $oextra, $date) = split(/\|/, $entries); if ($ousername eq $username) { if ($db_password eq $opassword) { chomp ($date); if ($newpassword eq $newpassword2) { if ($passwordcheck eq "Yes") { $lasalt = &salt; $enc_password = crypt($newpassword, "$lasalt"); $changepassword = crypt($newpassword, "La"); print WRITEDATA "$name|$email|$username|$changepassword|$extra|$date\n"; open (DATA1, "$htpasswd") || warn "Locked Area Error: Cannot open database file: $!"; @indata1 = ; close (DATA1); open (WRITEDATA1, ">$htpasswd") || warn "Locked Area Error: Cannot open htpasswd file: $!"; flock (WRITEDATA1, LOCK_EX) || warn "Locked Area Error: Cannot flock htpasswd file. $!"; foreach $entries1 (@indata1){ ($huser, $hpass) = split(/\:/, $entries1); if ($username eq $huser) { chomp ($huser); print WRITEDATA1 "$ousername:$enc_password\n"; } else { print WRITEDATA1 $entries1; } } close (WRITEDATA1); $passchange = 1; } else { if (($newpassword eq "") && ($newpassword2 eq "")) { $passchange = 2; } print WRITEDATA "$name|$email|$ousername|$opassword|$extra|$date\n"; } } else { if (($newpassword eq "") && ($newpassword2 eq "")) { $passchange = 2; } print WRITEDATA "$name|$email|$ousername|$opassword|$extra|$date\n"; } } else { print WRITEDATA $entries; } } else { print WRITEDATA $entries; } } close (WRITEDATA); &header; print qq~

$sitename: Account Details Updated

Your account details have now been updated. They are now as follows:

Username: $username

Name: $name

Email: $email

$extra_field_name: $extra

~; if ($passchange eq 1) { print "Your password was changed as per your request.\n"; } elsif ($passchange eq 2) { print "\n"; } else { print "Their was a problem with your password change request so you're password was not changed, this may be because it was less than 5 character long or because the confirmation password did not match your new password.\n"; } print qq~

Edit Account Information : Request New Password : Cancel Membership

~; &footer; exit; } sub print_findpass { &header; print qq~

$sitename: Request New Password

To be sent a new password, please enter your email address below.
You must use the email address you registered your account with.

Edit Account Information : Request New Password : Cancel Membership

~; &footer; exit; } sub go_pass { $email = $query->param('email'); open (DATA, "$membersdb") || warn "Locked Area Error: Cannot open database file: $!"; @indata = ; close (DATA); open (WRITEDATA, ">$membersdb") || warn "Locked Area Error: Cannot open database file: $!"; flock (WRITEDATA, LOCK_EX) || warn "Locked Area Error: Cannot flock database. $!"; foreach $entries (@indata){ ($oname, $oemail, $ousername, $opassword, $oextra, $odate) = split(/\|/, $entries); if ($oemail eq $email) { $email_found = 1; $genpassword = &salt(8); $lasalt = &salt(2); $enc_password = crypt($genpassword, "$lasalt"); $db_password = crypt($genpassword, "La"); chomp ($date); print WRITEDATA "$oname|$oemail|$ousername|$db_password|$oextra|$odate"; open (DATA1, "$htpasswd") || warn "Locked Area Error: Cannot open htpasswd file: $!"; @indata1 = ; close (DATA1); open (WRITEDATA1, ">$htpasswd") || warn "Locked Area Error: Cannot open htpasswd file: $!"; flock (WRITEDATA1, LOCK_EX) || warn "Locked Area Error: Cannot flock htpasswd file. $!"; foreach $entries1 (@indata1){ ($huser, $hpass) = split(/\:/, $entries1); if ($ousername eq $huser) { chomp ($huser); print WRITEDATA1 "$ousername:$enc_password\n"; } else { print WRITEDATA1 $entries1; } } close (WRITEDATA1); open (MAIL2, "|$mailprog -t") || warn "Locked Area Error: Cannot open sendmail: $!"; print MAIL2 "To: $oemail\n"; print MAIL2 "From: $adminmail\n"; print MAIL2 "Subject: $sitename: Your New Password\n\n"; print MAIL2 "\n"; print MAIL2 "Your new login details for $sitename as per your request are:\n"; print MAIL2 "\n"; print MAIL2 "Username: $ousername\n"; print MAIL2 "Password: $genpassword\n"; print MAIL2 "\n"; print MAIL2 "Best Regards,\n"; print MAIL2 " $adminname\n"; print MAIL2 "\n"; print MAIL2 "Powered by Locked Area Lite v3.2, a product of LockedArea.com.\n"; print MAIL2 " http://www.lockedarea.com/\n"; close(MAIL2); } else { print WRITEDATA $entries; } } close (WRITEDATA); if ($email_found eq 1) { &header; print qq~

$sitename: New Password Sent
A new password has been emailed to your email address, $email.
Edit Account Information : Request New Password : Cancel Membership

~; &footer; exit; } else { &header; print qq~

$sitename: Request Password Error

The email address $email was not found in the database so a new password could not be sent. Please feel free to try again.
You must use the email address you registered your account with.

Edit Account Information : Request New Password : Cancel Membership

~; &footer; exit; } } # Generates random salt. sub salt { my ($maxlen) = $_[0] || 2; my (@vowel) = (qw (a a 2 e e e 3 i i i o o o u u 6 ai au ay ea ee eu ia ie io oa oi oo oy)); my (@consonant) = (qw (b c d f 2 h j k l m 6 p qu 8 s t v w x 9 th st sh ph ng nd)); my ($salt) = ""; srand; my ($vowelnext) = int(rand(2)); # Initialise to 0 or 1 (ie true or false) do { if ($vowelnext) { $salt .= $vowel[rand(@vowel)]; } else { $salt .= $consonant[rand(@consonant)]; } $vowelnext = !$vowelnext; } until length($salt) >= $maxlen; return $salt; } # Generates the date for database use specifically. sub get_date { ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); @months = ("01","02","03","04","05","06","07","08","09","10","11","12"); @digits = split(//,$sec); $size = @digits; if ($size == 1) { $sec = "0$sec"; } @digits = split(//,$min); $size = @digits; if ($size == 1) { $min = "0$min"; } $year=$year+1900; @digits = split(//,$mday); $size = @digits; if ($size == 1) { $mday = "0$mday"; } $date = "@months[$mon]/$mday/$year"; } sub header { # Please do not remove the below. It causes not harm to you. print ""; open(HEADER,"header.inc"); while(

) { print $_; } } sub footer { # The below copyright notice may not be modified in anyway! It is too remain at all times and be visible in all HTML generated by Locked Area Lite. print qq~

To Login to "The OC Home Finder" click here

Powered by Locked Area Lite v3.2 Linux Stable, a product of LockedArea.com.
Copyright © 1999 - 2003 Neil Skirrow and LockedArea.com, All Rights Reserved.

~; # The above copyright notice may not be modified in anyway! It is too remain at all times and be visible in all HTML generated by Locked Area Lite. # Removing the copyright note, text and link back is a criminal offence and a breech of the contract you have with LockedArea.com. Doing so will result in legal action! open(FOOTER,"footer.inc"); while(