## DO NOT EDIT BELOW THIS LINE! ### ################################### $|++; use CGI; $q = new CGI; ## END - DO NOT EDIT ABOVE THIS LINE ## ####################################### $server_name = $ENV{'SERVER_NAME'} if ($server_name eq ""); $script_url = $ENV{'SCRIPT_NAME'};#Url of your auctionweaver.pl script ######################## # If $email_templates_dir points to a valid directory .. # upload the following fi#les --- open each file to find the appropriate variables in a sample template $dutch_auction_status_message = "dastatus.tlt" ;#dutch auction status message $bid_passed_message = "bpassed.tlt";#message to be passed to the next lower bidder for normal auction $winner_message = "wmessage.tlt";#winner message for top bidder-normal auction $winner_message_rb = "wmessagerb.tlt";#winner message for top bidder who has bid less than reserve bid $seller_message = "smessage.tlt";#seller messgae for normal auction $winners_message_da = "wmessageda.tlt";#winners message for ALL dutch auction winners $seller_message_da = "smessageda.tlt";#seller message for dutch auction $login_message = "lmessage.tlt";#initial login info ######################## if ($ENV{'SCRIPT_FILENAME'}) { $script_filename = $ENV{'SCRIPT_FILENAME'}; $script_filename =~ s/\\/\//g; } elsif ($ENV{'PATH_TRANSLATED'}) { $script_filename = $ENV{'PATH_TRANSLATED'}; $script_filename =~ s/\\/\//g; } @all = split(/\// , $script_filename); $cgifile = $all[$#all]; if ($data_path eq "") { ($data_path = $script_filename) =~ s/\/$cgifile$// ; $data_path .= "/DATA"; } umask(000); $datapermissions = oct($datapermissions); $registerpermissions = oct($registerpermissions); $closedpermissions = oct($closedpermissions); $categorypermissions = oct($categorypermissions); mkdir ("$data_path" , $datapermissions); chmod ($datapermissions, "$data_path"); if ($require_user_reg == 1) { $register_path = $data_path."/register"; mkdir ("$register_path" , $registerpermissions); chmod ($registerpermissions, "$register_path"); } #^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ #CONFIGURABLE OPTIONS END HERE #^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ $f = 0; $version = "1.08"; $links = <<12345; Search || Categories || Category Admin || Add Item 12345 $links .= <<12345 if ($require_user_reg == 1); || Register || Edit User Info || View Closed Auctions 12345 # $links .= <<12345 if ($keep_closed_auctions == 1); # 12345 &get_cat; &get_numberof_items; $flag1 = $q->param('flag1'); &first if ($flag1 eq ""); $addcat = $q->param('addcat'); &formcat if ($addcat eq "1"); @pnames = $q->param; foreach $pp(@pnames) { if ($q->param($pp) eq 'Delete' && $addcat ne "") { &delete_cat($pp); exit(1); } } if ($addcat eq "2") { &addcat; &get_cat; &get_numberof_items; &formcat; } $catdir = $q->param('catdir'); ## Added 105 ## if (($catdir) && (!($catdir =~ /^cat[0-9]+$/))) { print "Content-type: text/html\n\n"; print "$catdir is not an Auction Weaver category directory
"; exit; } $catdir =~ s/\.\.\\//g; $catdir =~ s/\.\.//g; $catdir =~ s/\///g; ## Added 105 ## ## Added 105 ## $item = $q->param('item'); $additem = $q->param('additem'); $additemflag = $q->param('additemflag'); $preview = $q->param('preview'); $addregister = $q->param('addregister'); $register = $q->param('register'); $edit = $q->param('edit'); $editactual = $q->param('editactual'); $fromfile = $q->param('fromfile'); ## Added 105 ## &fromcheck; $fromfile =~ s/\.\.\///g; $fromfile =~ s/\.\.//g; $fromfile =~ s/\///g; ## Added 105 ## $placebid = $q->param('placebid'); $closed = $q->param('closed'); $closed1 = $q->param('closed1'); $closed2 = $q->param('closed2'); $search = $q->param('search'); $fromsearch = $q->param('fromsearch'); $adminsection = $q->param('adminsection'); $logged = $q->param('logged'); &admin_login if ($adminsection ne ""); &admin_check if ($logged ne ""); &expand_cat($catdir) if ($catdir ne "" && $item eq "" && $fromfile eq ""); &form_item if ($additem ne "" && $additemflag eq ""); &preview if ($preview ne ""); &add_item if ($additemflag ne ""); &form_register if ($register ne "" && $addregister eq ""); &add_user if ($addregister ne ""); &form_edit if ($edit ne "" && $editactual eq ""); &edit if ($editactual ne ""); &show_item if ($fromfile ne "" && $placebid eq ""); &place_bid if ($placebid ne ""); &form_closed if ($closed ne ""); &closed1 if ($closed1 ne ""); &closed2 if ($closed2 ne ""); &form_search if ($search ne ""); &search if ($fromsearch ne ""); exit(1); sub search { &print_header; # print <<"12345"; #
$links #12345 &theader2; print<
Search Results
EOF &theader3; $words = $q->param('words'); $radio = $q->param('radio'); &form_search if ($words eq ""); open(CATFILE , "<$data_path/category.file") || &error("$data_path/category.file $!"); @catyboys = ; chomp(@catyboys); close(CATFILE); $matched = 0; for ($xx = 0; $xx <= $#catyboys ; $xx++) { next if ($catyboys[$xx] eq ""); ($catdir , $caty) = split(/:/ , $catyboys[$xx]); opendir(CATDIR , "$data_path/$catdir") || &error("$data_path/$catdir"); @allfiles = readdir(CATDIR); close(CATDIR); @truefiles = grep(/\.dat/ , @allfiles); foreach $file(@truefiles) { if (-T "$data_path/$catdir/$file") { open (FILE, "<$data_path/$catdir/$file") || &error("$data_path/$catdir/$file $!"); ($itemname, $reservebid, $bidinc, $desc, $image, @bids) = ; close FILE; chomp ($itemname, $reservebid, $bidinc, $desc, $image, @bids); @lastbid = split(/####/,$bids[$#bids]); ($timy = $file) =~ s/\.dat//; @closetime = localtime($timy); $closetime[4] = $closetime[4] + 1; if ((($itemname =~ /$words/i) || ($desc =~ /$words/i) || ($words =~ /$itemname/i) || ($words =~ /$desc/i)) && ($radio eq 'keyword')) { $matched++; #print <
Category Item Closes # Bids Highest Bid
EOF } print <<"12345";
$caty $itemname $closetime[4]/$closetime[3] $#bids $lastbid[2]
12345 $num++; if ($num == 2) { $num =0; } }#actualsearchif elsif ($radio eq 'username') { @temp = grep(/$words/i , @bids); if ($temp[0] ne "") { $matched++; # print <<"12345" if ($matched == 1); if ($matched == 1) { $num = 0; print< Category Item Closes # Bids Highest Bid EOF } #matched print <<"12345"; 12345 $num++; if ($num == 2) { $num =0; } }#tempif }#actualsearchover }#test text file if }#foreach truefiles }#catyboy for print <<"12345" if ($matched > 0);
$caty $itemname $closetime[4]/$closetime[3] $#bids $lastbid[2]
12345 print <<"12345" if ($matched == 0); Sorry no match found 12345 &print_footer; exit(1); }#supysubdupy sub sub form_search { &print_header; print < EOF &theader2; print< Auction Search EOF &theader3; print<
SEARCH

USERNAME SEARCH
KEYWORD SEARCH
EOF &print_footer; exit(1); } sub closed2 { $bidfile = $q->param('bidfile'); ## Added 105 ## $bidfile =~ s/\.\.\///g; $bidfile =~ s/\.\.//g; $bidfile =~ s/\///g; #if (! ($bidfile =~ /^[0-9]+$/)) { if (!($bidfile =~ /^cat[0-9]+$/)) { print "Content-type: text/html\n\n ERROR: bad filename\n"; exit; } ## Added 105 ## $username = $q->param('username'); ## Added 105 ## $username =~ s/\.\.\///g; $username =~ s/\///g; ## Added 105 ## open (FILE, "<$data_path/closed/$bidfile.dat") || &error("$data_path/closed/$bidfile.dat $!"); ($itemname, $reservebid, $bidinc, $desc, $image, @bids) = ; close (FILE); chomp($itemname, $reservebid, $bidinc, $desc, $image, @bids); $oldimage = $image; @firstbid = split(/####/,$bids[0]); @lastbid = split(/####/,$bids[$#bids]); &print_header; &theader2; print< Closed Items EOF &theader3; $image = "
" if ($image); print <<"12345";
$itemname
$image
$desc
Bids
Username
Bid placed on
 Bid value
12345 foreach $bid (@bids) { @linebid = split(/####/,$bid); $bidtime = localtime($linebid[3]); print< $linebid[0] $bidtime $currency$linebid[2] EOF } $dtt = localtime($firstbid[3]); print <<"12345";

Seller Information
Username : $firstbid[0]
Email : $firstbid[1]
Item placed in auction $dtt
Name : $firstbid[4]
Street address : $firstbid[5]
City : $firstbid[6]
State : $firstbid[7]
Zip : $firstbid[8]


12345 $dtt = localtime($lastbid[3]); print <<"12345";

Highest Bidder Info
Username : $lastbid[0]
Email : $lastbid[1]
Bid placed on $dtt
Name : $lastbid[4]
Street address : $lastbid[5]
City : $lastbid[6]
State : $lastbid[7]
Zip : $lastbid[8]
12345 print <<"12345";
Highest Bid : $currency$lastbid[2]
Other bids
12345 for ($xx = 1; $xx < $#bids ; $xx++) { @linebid = split(/####/,$bids[$xx]); print <<"12345";
$linebid[0]
12345 } print "
"; print <<"12345";
12345 &print_footer; exit(1); } sub closed1 { $username = $q->param('username'); ## Added 105 ## $username =~ s/\.\.\///g; $username =~ s/\.\.//g; $username =~ s/\///g; ## Added 105 ## $password = $q->param('password'); $return = 0; $return = &check_username_password($username , $password) ; if ($return == 0) { &form_closed; exit(1); } $userfile = $register_path."/$username".".dat"; open(USERFILE, "<$userfile") || &error ("$userfile $!"); ($password, $email, $name, $staddress, $city, $state , $zip , @userbids) = ; chomp ($password, $email, $name, $staddress, $city, $state , $zip , @userbids); close (USERFILE); &print_header; &theader2; print< No Closed Items EOF &theader3; print <<"12345";
Closed Items for $name
12345 $found = 0; foreach $bidfile(@userbids) { $file = $data_path."/closed/"."$bidfile.dat"; if (-T "$file") { $found = 1; open (FILE, "<$file") || &error ("$file $!"); ($itemname, $reservebid, $bidinc, $desc, $image, @bids) = ; close (FILE); chomp($itemname, $reservebid, $bidinc, $desc, $image,@bids); print <<"12345"; $itemname
12345 } } print "No closed items for you" if ($found == 0); print "
"; &print_footer; exit(1); } sub form_closed { &print_header; print < EOF &theader2; print< View Closed Auctions EOF &theader3; if ($error_message) { print<
$error_message
EOF } print<
Username
Password
EOF &print_footer; } sub place_bid { $username = $q->param('username'); ## Added 105 ## $username =~ s/\.\.\///g; $username =~ s/\.\.//g; $username =~ s/\///g; ## Added 105 ## $passwordin = $q->param('password'); $bid = $q->param('bid'); $bid = sprintf ("%.2f",$bid); $catdir = $q->param('catdir'); ## Add 105 ## if (!($catdir =~ /^cat[0-9]+$/)) { print "Content-type: text/html\n\n"; print "$catdir is not an Auction Weaver category directory.
"; exit; } $catdir =~ s/\.\.\///g; $catdir =~ s/\.\.//g; $catdir =~ s/\///g; unless ($catdir) { print "Content-type: text/html\n\n"; print "You have not chosen a category.
"; exit; } ## Add 105 ## $nobiditem = $q->param('nobiditem'); $nobiditem = 1 if ($nobiditem eq ""); if ($require_user_reg == 1) { $userfile = $register_path."/$username".".dat"; unless (open(USERFILE, "<$userfile")) { $error_message = "Invalid Username"; &show_item; exit(1); } ($password, $email, $name, $staddress, $city, $state , $zip , @userbids) = ; chomp ($password, $email, $name, $staddress, $city, $state , $zip , @userbids); close (USERFILE); $salt = "#x"; $crypty = crypt($passwordin , $salt); if ($crypty ne $password) { $error_message = "Invalid Password"; &show_item; exit(1); } } else { $email = $q->param('email'); $name = $q->param('name'); $staddress = $q->param('staddress'); $city = $q->param('city'); $state = $q->param('state'); $zip = $q->param('zip'); if ($username eq "" || $email eq "") { $error_message = "Enter the fields marked with *"; &show_item; exit(1); } if ($email =~ /(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)/ || $email !~ /^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,3}|[0-9]{1,3})(\]?)$/ && $email ne "") { $error_message = "Invalid email !!"; &show_item; exit(1); } } ## MODIFIED BY DIRAN #$data_path =~ s/..\///g; ## Added 105 ## if (!($catdir =~ /^cat[0-9]+$/)) { print "Content-type: text/html\n\n"; print "$catdir is not an Auction Weaver category directory.
"; exit; } ## Added 105 ## $catdir =~ s/\.\.\\//g; $catdir =~ s/\.\.//g; $catdir =~ s/\///g; ## Added 105 ## unless ($catdir) { print "Content-type: text/html\n\n"; print "You have not chosen a category.
"; exit; } $fromfile =~ s/\.\.\///g; $fromfile =~ s/\.\.//g; $fromfile =~ s/\///g; &fromcheck; ## MODIFIED BY DIRAN open (FROMFILE, "<$data_path/$catdir/$fromfile") || &error("$data_path/$catdir/$fromfile $!"); ($itemname, $reservebid, $bidinc, $desc, $image, $noitems , @bids) = ; chomp ($itemname, $reservebid, $bidinc, $desc, $image, $noitems , @bids); close FROMFILE; $nb = $#bids; @firstbid = split(/####/ , $bids[0]); @lastbid = split(/####/ , $bids[$#bids]); $cbid = $lastbid[2] + $bidinc; $vbid = $cbid if ($noitems == 1); # $vbid = $firstbid[2] if ($noitems > 1); $vbid = $firstbid[2] + $bidinc if ($noitems > 1); ## MODIFIED BY DIRAN if ($bid < $vbid) ## MODIFIED BY DIRAN { $error_message = "Invalid Bid"; &show_item; exit(1); } if ($nobiditem =~ /[^0-9]/ || $nobiditem > $noitems) { $error_message = "Invalid number of items"; &show_item; exit(1); } open (FROMFILE, ">>$data_path/$catdir/$fromfile") || &error("$data_path/$catdir/$fromfile $!"); if ($flock == 1) { flock (FROMFILE, 2); seek(FROMFILE, 0, 2); } $currenttime = time; $line2 = "$username####$email####$bid####$currenttime####$name####$staddress####$city####$state####$zip####$nobiditem\n"; print FROMFILE $line2; flock (FROMFILE , 8) if ($flock == 1); close(FROMFILE); ($itemno = $fromfile) =~ s/\.dat//gi; $haveflag = 0; if ($require_user_reg == 1) { foreach $bbids(@userbids) { $ity = "$catdir$itemno"; if ( $ity eq $bbids) { $haveflag = 1; } } if ($haveflag == 0) { unless (open(USERFILE, ">>$userfile")) { &error("$userfile $!"); } print USERFILE $ity."\n"; close (USERFILE); } } open (FROMFILE, "<$data_path/$catdir/$fromfile") || &error("$data_path/$catdir/$fromfile $!"); ($itemname, $reservebid, $bidinc, $desc, $image, $noitems , @bids) = ; chomp ($itemname, $reservebid, $bidinc, $desc, $image, $noitems , @bids); close FROMFILE; ($iitem = $fromfile ) =~ s/\.dat//gi; if ($noitems == 1) { $subject = "There was a better bid"; if ($email_templates_dir ne "" && $bid_passed_message ne "") { $gbid = $bid; $gauction = $iitem; $gurl = "http://$server_name$script_url?flag1=1&catdir=$catdir&fromfile=$itemno%2Edat"; $message = ""; $message = &email_parser("$bid_passed_message"); } else { $message = <<12345; Your bid on $iitem has been passed , If you want to place a higher bid, please visit\:\n\n\t http://$server_name$script_url?flag1=1&catdir=$catdir&fromfile=$itemno%2Edat\n\nThe current high bid is $currency$bid 12345 } $from = $from_email_address; $to = $lastbid[1]; ; &sendmail($to , $from , $subject , $message); wait; } else { for ($ty = 0; $ty <= $#bids ; $ty++) { @templine = split (/####/ , $bids[$ty]); #####$line2 = "$username####$email####$bid####$currenttime####$name####$staddress####$city####$state####$zip####$nobiditem\n"; $result[$ty] = $ty; $bid1[$ty] = $templine[2]; $nobid1[$ty] = $templine[9]; $time1[$ty] = $templine[3]; $username1[$ty] = $templine[0]; $email1[$ty] = $templine[1]; } &dutch_auction; $subject = "Current status of Dutch auction."; $message = <<12345; The TOP $noitems Bids are shown here in that order..\n 12345 $act = $noitems - 1 ; if ($email_templates_dir ne "" && $dutch_auction_status_message ne "") { for ($ac = 0 ; $ac <= $act ; $ac++) { $ldtime = localtime($time1[$newresult[$ac]]); $gusername = $username1[$newresult[$ac]]; $gbid = $bid1[$newresult[$ac]]; $gnitems = $nobid1[$newresult[$ac]]; $gbidtime = $ldtime; $message .= &email_parser("$dutch_auction_status_message" , 1); } $message = $gtop.$message.$gbottom; $gtop = ""; $gbottom = ""; } else { for ($ac = 0 ; $ac <= $act ; $ac++) { $ldtime = localtime($time1[$newresult[$ac]]); $message .= <<12345 USERNAME: $username1[$newresult[$ac]] \n BID: $bid1[$newresult[$ac]] \n NUMBER OF ITEMS BIDDED : $nobid1[$newresult[$ac]] \n BID TIME : $ldtime \n\n ------------------------------------------------- \n\n 12345 } } for ($tyt = 0 ; $tyt <= $#newresult ; $tyt++) { $from = $from_email_address; $to = $email1[$newresult[$tyt]]; &sendmail($to , $from , $subject , $message); wait; } } unless ($err) { &print_header; } $dtime = localtime($currenttime); &theader2; print< Bid Received EOF &theader3; print <<"12345";
$username , Your bid for $currency$bid has been placed on $itemname ( $itemno ) exactly at $dtime.
12345 &print_footer; return 1; } sub show_item { ## Added 105 ## ## MODIFIED BY DIRAN $data_path =~ s/\.\.\///g; ## Added 105 ## if (!($catdir =~ /^cat[0-9]+$/)) { print "Content-type: text/html\n\n"; print "$catdir is not an Auction Weaver category directory.
"; exit; } ## Added 105 ## $catdir =~ s/\.\.\\//g; $catdir =~ s/\.\.//g; $catdir =~ s/\///g; ## Added 105 ## unless ($catdir) { print "Content-type: text/html\n\n"; print "You have not chosen a category.
"; exit; } $fromfile =~ s/\.\.\///g; $fromfile =~ s/\.\.//g; &fromcheck; ## Added 105 ## ## MODIFIED BY DIRAN ####$line1 = "$itemname\n$reservebid\n$bidinc\n$desc\n$image\n"; #######$line2 = "$username####$email####$startbid####$currenttime####$name####$staddress####$city####$state####$zip\n"; ($endtime = $fromfile) =~ s/\.dat//gi; open(CATFILE , "<$data_path/category.file"); if ($LOCK_EX) { flock (CATFILE, $LOCK_EX); } @content = ; close(CATFILE); @temp = grep(/$catdir:/i , @content); ($dummy , $cattitle) = split(/:/ , $temp[0]); open (FROMFILE, "<$data_path/$catdir/$fromfile") || &error("$data_path/$catdir/$fromfile $!"); if ($LOCK_EX) { flock (FLOCKFILE, $LOCK_EX); } ($itemname, $reservebid, $bidinc, $desc, $image,$noitems, @bids) = ; close FROMFILE; chomp($itemname, $reservebid, $bidinc, $desc, $image,$noitems, @bids); @firstbid = split(/####/,$bids[0]); @lastbid = split(/####/,$bids[$#bids]); $thistime = localtime(time); $closetime = localtime($endtime); # $image = "
" if ($image); ## Added version 1.06 foreach $line($desc) { #chomp($line); #$desc =~ s/\r//g; #$line =~ s/\r//g; $line =~ s/\\n/\n/g; } ## &print_header; &theader2; print< $itemname EOF &theader3; #
$links

$itemname

$image
if ($image) { print <<"12345";
12345 } #if ($noitems > 1); if ($noitems > 1) { print <Dutch Auction Style
EOF } print <
Category $cattitle
Item posted by $firstbid[0]
Number of items $noitems
Bids $#bids
Last bid $currency$lastbid[2]
Current time $thistime
Bid closes at $closetime
EOF if ($howmany) { $hsec = $howmany * 60; $hsec = $lastbid[3] + $hsec; $dhsec = localtime($hsec); print <

(or at) $dhsec
EOF } print <<"12345";
Description
$desc
Previous Bids
Username Bid placed on Bid Value # of Items
12345 #
#
$desc

#
Previous Bids
#
$num=0; foreach $bid (@bids) { @linebid = split(/####/,$bid); $bidtime = localtime($linebid[3]); print <
Username
Bid placed on
Bid valueNumber of Items
$linebid[0] $bidtime $currency$linebid[2] $linebid[9]
EOF $num++; if ($num == 2) { $num =0; } } # print "
"; $time = time; if (($time > $endtime) || ($time > $hsec && $howmany >= 1)) { print<
ITEM CLOSED FOR BIDDING
EOF #print "Content-type: text/html\n\n"; #print "In Show Item
"; #exit; &item_closed; } else { &form_for_placing_bid; &print_footer; } } sub form_for_placing_bid { ## MODIFIED BY DIRAN #$data_path =~ s/..\///g; ## Added 105 ## if (!($catdir =~ /^cat[0-9]+$/)) { print "Content-type: text/html\n\n"; print "$catdir is not an Auction Weaver category directory.
"; exit; } ## Added 105 ## $catdir =~ s/\.\.\\//g; $catdir =~ s/\.\.//g; $catdir =~ s/\///g; ## Added 105 ## unless ($catdir) { print "Content-type: text/html\n\n"; print "You have not chosen a category.
"; exit; } $fromfile =~ s/\.\.\///g; $fromfile =~ s/\.\.//g; $fromfile =~ s/\///g; &fromcheck; ## MODIFIED BY DIRAN $atleast = $lastbid[2] + $bidinc; if ($noitems > 1) { # $firstbid[2] = sprintf ("%.2f",$firstbid[2]); $vbid = $firstbid[2] + $bidinc if ($noitems > 1); $vbid = sprintf ("%.2f",$vbid); print <<"12345";

Place Bid

Last Bid : $currency$lastbid[2] Your Bid must be at least Start bid $currency$vbid
12345 } else { $atleast = sprintf ("%.2f",$atleast); print <<"12345";

Place Bid

Last Bid : $currency$lastbid[2] Your Bid must be at least $currency$atleast
12345 } print <<"12345";

$error_message
*Username
12345 if ($require_user_reg == 1) { print <<"12345";
Password
12345 } else { print <<"12345";
*Email
Name
Street Address
City
State
Zip
12345 } #if ($atleast) { #$lowestbid = "$atleast"; #} else { #$lowestbid = "$firstbid[2]"; #} if ($noitems > 1) { # $lowestbid = "$firstbid[2]"; $lowestbid = "$vbid"; } else { $lowestbid = "$atleast"; } print <<"12345";
Bid Value
Number of items
12345 } sub copyfile { ($sourcefile, $destfile) = @_; open (SOURCE , "<$sourcefile") || &error("$sourcefile $!"); open (DEST , ">$destfile") || &error("$destfile $!"); while($com = ) { print DEST $com; } close (SOURCE); close(DEST); return 1; } sub item_closed { if ($keep_closed_auctions == 1) { ## MODIFIED BY DIRAN #$data_path =~ s/..\///g; ## Added 105 ## if (!($catdir =~ /^cat[0-9]+$/)) { print "Content-type: text/html\n\n"; print "$catdir is not an Auction Weaver category directory.
"; exit; } ## Added 105 ## $catdir =~ s/\.\.\\//g; $catdir =~ s/\.\.//g; $catdir =~ s/\///g; ## Added 105 ## unless ($catdir) { print "Content-type: text/html\n\n"; print "You have not chosen a category.
"; exit; } $fromfile =~ s/\.\.\///g; $fromfile =~ s/\.\.//g; $fromfile =~ s/\///g; &fromcheck; ## MODIFIED BY DIRAN $closed_dir = "closed"; #print "$data_path
"; #print "$closed_dir
"; #print "$catdir
"; #print "$fromfile
"; mkdir ("$data_path/$closed_dir" , $closedpermissions) unless ( -d "$data_path/$closed_dir"); chmod ($closedpermissions, "$data_path/$closed_dir"); ©file("$data_path/$catdir/$fromfile" , "$data_path/$closed_dir/$catdir$fromfile"); } unlink($sourcefile) || &error("$sourcefile $!"); wait; if ($noitems == 1) { if ($lastbid[2] >= $reservebid) { $to = $lastbid[1]; $subject = "Auction Close: $itemname"; $from = $from_email_address; if ($email_templates_dir ne "" && $winner_message ne "") { $gbidtime = $endtime; $gbid = $lastbid[2]; $gname = $firstbid[4]; $gstaddress = $firstbid[5]; $gcity = $firstbid[6]; $gstate = $firstbid[7]; $gzip = $firstbid[8]; $message = &email_parser ("$winner_message"); } else { $message= <<12345; You have WON the AUCTION $endtime .\nYour winning bid was $currency$lastbid[2].\n\nSeller Info\n-----------------------\nName : $firstbid[4]\nStreet Address : $firstbid[5]\nCity : $firstbid[6]\nState : $firstbid[7]\nZip : $firstbid[8]\n\n 12345 } &sendmail($to , $from , $subject , $message); } else { $to = $lastbid[1]; $from = $from_email_address; $subject = "Auction Close: $itemname"; if ($email_templates_dir ne "" && $winner_message_rb ne "") { $gbidtime = $endtime; $gbid = $lastbid[2]; $gname = $firstbid[4]; $gstaddress = $firstbid[5]; $gcity = $firstbid[6]; $gstate = $firstbid[7]; $gzip = $firstbid[8]; $gauction = $endtime; $message = &email_parser ("$winner_message"); } else { $message= <<12345; Your bid for Auction $endtime was the best one even though .\nYour bid ($currency$lastbid[2]) was less than the RESERVE BID \n\nSeller Info\n-----------------------\nName : $firstbid[4]\nStreet Address : $firstbid[5]\nCity : $firstbid[6]\nState : $firstbid[7]\nZip : $firstbid[8]\n\n 12345 } &sendmail($to , $from , $subject , $message , $winner_message_rb); } $to = $firstbid[1]; $from = $from_email_address; $subject = "Auction Close: $itemname"; if ($email_templates_dir ne "" && $seller_message ne "") { $gbidtime = $endtime; $gbid = $lastbid[2]; $gname = $lastbid[4]; $gstaddress = $lastbid[5]; $gcity = $lastbid[6]; $gstate = $lastbid[7]; $gzip = $lastbid[8]; $gauction = $endtime; $grbid = $reservebid; $message = &email_parser ("$seller_message"); } else { $message = <<12345; Auction $endtime Is Now Closed.\nThe highest bid was $currency$lastbid[2] (Your reserve was: $currency$reservebid).\n\nBidder Info\n---------------\nName : $lastbid[4]\nStreet Address : $lastbid[5]\nCity : $lastbid[6]\nState : $lastbid[7]\nZip : $lastbid[8]\n\n 12345 } &sendmail($to , $from , $subject , $message ); } else { for ($ty = 0; $ty <= $#bids ; $ty++) { @templine = split (/####/ , $bids[$ty]); #####$line2 = "$username####$email####$bid####$currenttime####$name####$staddress####$city####$state####$zip####$nobiditem\n"; $result[$ty] = $ty; $bid1[$ty] = $templine[2]; $nobid1[$ty] = $templine[9]; $time1[$ty] = $templine[3]; $username1[$ty] = $templine[0]; $email1[$ty] = $templine[1]; } &dutch_auction; @templine = ""; $lastgood = $newresult[$#newresult]; @templine = split (/####/ , $bids[$lastgood]); $goodbid = $templine[2]; $ai = $noitems; for ($yyt = 0; $yyt <= $#newresult ; $yyt++) { next if ($ai < 1); $from = $from_email_address; $to = $email1[$newresult[$yyt]]; $subject = "Auction closed"; $bidyboy = $newresult[$yyt]; @templine = ""; @templine = split (/####/ , $bids[$bidyboy]); if ($email_templates_dir ne "" && $winners_message_da ne "") { $gbid = $goodbid; $gname = $firstbid[4]; $gstaddress = $firstbid[5]; $gcity = $firstbid[6]; $gstate = $firstbid[7]; $gzip = $firstbid[8]; $gauction = $endtime; $gnitems = $templine[9]; $gaitems = $ai; $message = &email_parser ("$winners_message_da"); } else { $message = <<12345; You have WON the DUTCH AUCTION $endtime .\nYour winning bid was $currency$goodbid for $templine[9] Items \nAvailable Items $ai\nSeller Info\n-----------------------\nName : $firstbid[4]\nStreet Address : $firstbid[5]\nCity : $firstbid[6]\nState : $firstbid[7]\nZip : $firstbid[8]\n\n 12345 } &sendmail($to , $from , $subject , $message); if ($email_templates_dir ne "" && $seller_message_da ne "") { $gbid = $templine[2]; $gname = $templine[4]; $gstaddress = $templine[5]; $gcity = $templine[6]; $gstate = $templine[7]; $gzip = $templine[8]; $gauction = $endtime; $gnitems = $templine[9]; $bidder_info .= &email_parser ("$seller_message_da"); } else { $bidder_info .= "---------------------------\nName : $templine[4]\nStreet Address : $templine[5]\nCity : $templine[6]\nState : $templine[7]\nZip : $templine[8]\nBid Value : $templine[2]\nNumber of Items : $templine[9] \n\n"; } $ai = $ai - $templine[9]; } $to = $firstbid[1]; $from = $from_email_address; $subject = "Auction Close"; if ($email_templates_dir ne "" && $seller_message_da ne "") { $message = $gtop.$bidder_info.$gbottom; } else { $message = <<12345; Auction $endtime Is Now Closed.\n\nBidders Info $bidder_info 12345 } &sendmail($to , $from , $subject , $message); } } sub edit { &get_form_register_param; &check_form_edit; $userfile = $register_path."/$username".".dat"; open(USERFILE, "<$userfile") || &error("$userfile $!"); ($password8, $email8, $name8, $staddress8, $city8, $state8 , $zip8 , @userbids8) = ; chomp ($password8, $email8, $name8, $staddress8, $city8, $state8 , $zip8 , @userbids8); close (USERFILE); $email = $email8 if ($email eq ""); $name = $name8 if ($name eq ""); $staddress = $staddress8 if ($staddress eq ""); $city = $city8 if ($city eq ""); $state = $state8 if ($state eq ""); $zip = $zip8 if ($zip eq ""); $salt = "#x"; $crypty = crypt($newpass1, $salt); open (USERFILE , ">$register_path/$username.dat") || &error("$register_path/$username.dat $!"); $line = "$crypty\n$email\n$name\n$staddress\n$city\n$state\n$zip\n"; print USERFILE $line; print @userbids8; close(USERFILE); ## MODIFIED BY DIRAN print "Content-type: text/html\n\n"; ## MODIFIED BY DIRAN &theader2; print< User Details Edited EOF &theader3; print <<"12345";
Your details have been succesfully edited
12345 &print_footer; exit(1); } sub check_form_edit { $userfile = $register_path."/$username".".dat"; unless (open(USERFILE, "<$userfile")) { $error_message = "Invalid login"; &form_edit; } ($password8, $email8, $name8, $staddress8, $city8, $state8 , $zip8 , @userbids8) = ; chomp ($password8, $email8, $name8, $staddress8, $city8, $state8 , $zip8 , @userbids8); close (USERFILE); $salt = "#x"; $crypty = crypt($oldpass, $salt); if ($crypty ne $password8) { $error_message = "Invalid login"; &form_edit; } if ($newpass1 ne $newpass2) { $error_message = "New passwords DONT match !!"; &form_edit; } if ($email =~ /(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)/ || $email !~ /^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,3}|[0-9]{1,3})(\]?)$/ && $email ne "") { $error_message = "Invalid email !!"; &form_edit; } } sub form_edit { &print_header; print < EOF if ($error_message) { print<
$error_message
EOF } &theader2; print<
Edit User Information
EOF &theader3; print< *Username *Old Password New Password New Password (again) *Email *Full Name Street Address City State Zip EOF &print_footer; exit(1); } sub add_user { &check_form_register; $newpassword = &password_making; $salt = "#x"; $crypty = crypt($newpassword , $salt); open (USERFILE , ">$register_path/$username.dat") || &error("$register_path/$username.dat $!"); $line = "$crypty\n$email\n$name\n$staddress\n$city\n$state\n$zip\n"; print USERFILE $line; close (USERFILE); &print_header; &theader2; print< User Information Received EOF &theader3; print <
Your login details have been mailed to $email
EOF &print_footer; $to = $email; $from = $from_email_address; $subject = "YOUR LOGIN DETAILS"; if ($email_templates_dir ne "" && $login_message ne "") { $gusername = $username; $gpassword = $newpassword; $message = &email_parser ("$login_message"); } else { $message = "\nyour login details are as follows:-\n\nUsername : $username\nPassword : $newpassword \n"; } &sendmail($to , $from , $subject , $message ); exit(1); } sub send_mail { $to = $_[0]; $from = $_[1]; $subject = $_[2]; $message = $_[3]; ## MODIFIED BY DIRAN #open(MAIL,"| $MAIL") ; open (MAIL, "|$MAIL -t") || print ("Can't open $MAIL!\n"); ## MODIFIED BY DIRAN print MAIL "To: $to\n"; print MAIL "From: $from\n"; print MAIL "Subject: $subject\n"; print MAIL <<"12345"; $message 12345 close(MAIL); } sub sendmail { my($to, $from, $subject, $message, $tempfile) = @_; if (lc $mailusing eq 'sendmail') { if (-e $mailprog) { open (MAIL, "|$mailprog -t"); } else { unless ($mailprog_ok) { print "Content-type: text/html\n\n"; print "The path to your Sendmail: $mailprog doesn't seem to be correct
"; $err = "1"; } } print MAIL "To: $to\n"; print MAIL "From: $from\n"; print MAIL "Subject: $subject\n"; print MAIL "$message\n"; close MAIL; } else { $err = &sockets_mail($to, $from, $subject, $message); if ($err < 1) { print "Content-type: text/html\n\n"; print "
\nSendmail error # $err
\n";} } } sub sockets_mail { my ($to, $from, $subject, $message) = @_; my ($replyaddr) = $from; if (!$to) { return -8; } my ($proto, $port, $smptaddr); my ($AF_INET) = 2; my ($SOCK_STREAM) = 1; $proto = (getprotobyname('tcp'))[2]; $port = 25; $smtpaddr = ($smtp_addr =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/) ? pack('C4',$1,$2,$3,$4) : (gethostbyname($smtp_addr))[4]; if (!defined($smtpaddr)) { return -1; } if (!socket(S, $AF_INET, $SOCK_STREAM, $proto)) { return -2; } if (!connect(S, pack('Sna4x8', $AF_INET, $port, $smtpaddr))) { return -3; } # my($oldfh) = select(S); $| = 1; select($oldfh); select(S); $| = 1; select(STDOUT); $_ = ; if (/^[45]/) { close S; return -4; } print S "helo localhost\r\n"; $_ = ; if (/^[45]/) { close S; return -5; } print S "mail from: $from\r\n"; $_ = ; if (/^[45]/) { close S; return -5; } print S "rcpt to: $to\r\n"; $_ = ; if (/^[45]/) { close S; return -6; } print S "data\r\n"; $_ = ; if (/^[45]/) { close S; return -5; } print S "Content-Type: text/plain; charset=us-ascii\r\n"; print S "To: $to\r\n"; print S "From: $from\r\n"; print S "Reply-to: $replyaddr\r\n" if $replyaddr; print S "Subject: $subject\r\n\r\n"; print S "$message"; print S "\r\n.\r\n"; $_ = ; if (/^[45]/) { close S; return -7; } print S "quit\r\n"; $_ = ; close S; return 1; } sub password_making { srand; $ena = ""; $digits = int(rand(2)); $limit = $digits + 4; for ($xx = 0 ; $xx <= $limit ; $xx =$xx + 2) { srand; $retval = rand(25); $retval = $retval + 97; $t = chr($retval); $ena = $ena.$t; $f = int(rand(10)) + 1; $ena = $ena.$f; } $ena =~ s/[o0ijl]/$digits/g; return $ena; } sub get_form_register_param { $username = $q->param('username'); ## Added 105 ## $username =~ s/\.\.\///g; ## Added 105 ## #$password1 = $q->param('password1'); #$password2 = $q->param('password2'); $email = $q->param('email'); $name = $q->param('name'); $staddress = $q->param('staddress'); $city = $q->param('city'); $state = $q->param('state'); $zip = $q->param('zip'); $oldpass = $q->param('oldpass'); $newpass1 = $q->param('newpass1'); $newpass2 = $q->param('newpass2'); return 1; } sub check_form_register { &get_form_register_param; $username =~ s/ //g; ## Added 105 ## $username =~ s/\.\.\///g; ## Added 105 ## $return = &check_duplicate_username($username); if ($return == 1) { $error_message = "Username is already taken"; &form_register; } if ($username eq "" || $email eq "" || $name eq "") { $error_message = "Enter all required fields marked with *"; &form_register; } #if ($password1 ne $password2) #{ #$error_message = "Passwords DONT match !!"; #&form_register; #} if ($email =~ /(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)/ || $email !~ /^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,3}|[0-9]{1,3})(\]?)$/ && $email ne "") { $error_message = "Invalid email !!"; &form_register; } } sub check_duplicate_username { $c = $_[0]; if (-f "$register_path/$c.dat") { return 1; } else { return 0 ; } } sub form_register { &print_header; print < EOF &theader2; print< Auction Registration EOF &theader3; if ($error_message) { print<
$error_message
EOF } print<
*Username
*Email
*Full Name
Street Address
City
State
Zip
EOF &print_footer; exit(1); } sub add_item { &get_item_param; if ($require_user_reg == 1) { $userfile = $register_path."/$username".".dat"; open(USERFILE, "<$userfile") || &error("$userfile $!"); ($password, $email, $name, $staddress, $city, $state , $zip , @userbids) = ; chomp ($password, $email, $name, $staddress, $city, $state , $zip , @userbids); close (USERFILE); } $line1 = "$itemname\n$reservebid\n$bidinc\n$desc\n$image\n$noitems\n"; $line2 = "$username####$email####$startbid####$currenttime####$name####$staddress####$city####$state####$zip####1\n"; $dltime = localtime($currenttime); $lookfile = $endtime.".dat"; $itemfile = $data_path."/".$formdirname."/".$endtime.".dat"; open(ITEMFILE , ">$itemfile"); print ITEMFILE $line1; print ITEMFILE $line2; close(ITEMFILE); &print_header; &theader2; print< Item Posted EOF &theader3; print <<"12345";
Dear $name, your Item $itemname has been succesfully added to the category $formtitle on $dltime . Wishing you a good sale.
12345 &print_footer; exit(1); } sub preview { &check_preview; &print_header; $time = time; $currenttime = localtime($time); $endtime = $days * 86400 + $time; $closetime = localtime($endtime); ## MODIFIED BY DIRAN $desc =~ s///g; $desc =~ s/\.\.\///g; $desc =~ s/\.\.//g; $desc =~ s/\///g; ## MODIFIED BY DIRAN ## Added version 1.06 $desc1 = $desc; foreach $line($desc1) { #chomp($line); #$desc =~ s/\r//g; $line =~ s/\r//g; $line =~ s/\n/\\n/g; } ## print< EOF &theader2; print< Item Preview EOF &theader3; print< Item $itemname Category $formtitle Image Url $image Description $desc Item Placed At $currenttime Close After $days days (ie on $closetime) Username $username Starting Bid $currency$startbid Reserve Bid $currency$reservebid Bid Increment $currency$bidinc
BACK
Hosted by www.Geocities.ws

1