portrait.cgi

--黑客防线-精华奉献本(攻册)

#!/usr/bin/perl
#------------------------------------------------------#
#　　　　　　　　　本程序为Yuzi工作室提供　  　　　　　#
#　　　　　　　　Yuzi论坛3000(BBS3000)v4.00　　　　　　#
#------------------------------------------------------#
$cgipa=".";  # CGI程序文件的绝对路径
$maxphoto = 2000;  #上传头像文件大小限制
######################
## 以下部分不需修改 ##
######################
require "$cgipa/setup.cgi";
&GetCookies;
if($Cookies{username}){open(PSD,"$filepath/yhzl/$Cookies{username}.cgi")||&errorview("对不起，此用户名还没有注册!");$liness=<PSD>;close(PSD);($password)=split(/\t/,$liness);if($password ne $Cookies{password}){&errorview("对不起，您的密码错误!");}}
if($Cookies{username} eq ""){print "Content-type: text/html\n\n<SCRIPT>document.location='login.cgi?url=portrait.cgi'</SCRIPT>";exit;}
if ($username eq ""){$username=$Cookies{username}};
open(PSD,"$filepath/yhzl/$username.cgi");
$line=<PSD>;
close(PSD);
($rdpassword,$rdname,$rdmail,$rdhome,$rlast,$rdqm,$rdsex,$rdwork,$rdcity,$rdlove,$rfy,$rhf,$tu,$jiao,$iewin,$QQ,$photo)=split(/\t/,$line);
if($photo eq ""){
print "Content-type: text/html\n\n";
print <<EOF;
<html><META HTTP-EQUIV=Refresh CONTENT="0;url=photo2.cgi?laiyuan=2"></html>
EOF
}else{
if (-e "$ImgDir/portrait/$username.gif") {$ttt="$ImgurlDir/$tu.gif"}else{$ttt="$imagurl/face/$tu.gif"}}
binmode(STDIN);
read (STDIN,$postinfo,$ENV{'CONTENT_LENGTH'});
$temps=substr($postinfo,0,80);
$temps=~/(.*)\n/;
$bound=$1;
@fields=split(/$bound/,$postinfo);
foreach $field(@fields)
{
($name,$value)=split(/\x0d\n\x0d\n/,$field);
if (($name=~/Content-Disposition/)&&($value ne ''))
{chomp($value);
$value=~s/(\x0d)$//g;
$name=~s/Content-Disposition: form-data; //g;
($formdata,$filedata)=split(/ /,$name);
($formvalue,$formname)=split(/=/,$formdata);
$formname=~s/^\"//;
$formname=~s/\;$//;
$formname=~s/\"$//;
if ($filedata ne '')
{
($filetitle,$filename)=split(/=/,$filedata);
$filename=~s/\n+Content-Type://g;
$filename=~s/^\"//;
$filename=~s/\"//;
$filevalue = $value;
$FORMFILE{$filename}=$value;
}
else {
$value=~s/(.*)\n(.*)/$1/;
$value=~s/\r//;
$FORM{$formname}=$value;
}}
}
@querys = split(/&/, $ENV{'QUERY_STRING'});
foreach $query (@querys) {
($name, $value) = split(/=/, $query);
$FORM{$name} = $value;
}
if ($FORM{'work'} ne "")
{
$work=$FORM{'work'};
$name=$FORM{'name'};
}
if ($work eq "posted")
{
&posted;
exit;
}
&css;
print "
<BODY background=$imagurl/bg.gif><SCRIPT>
var i=0;
function formCheck()
{
i++;
if (i>1) {alert('正在上传中，请耐心等待！'); return false;}
return true;
}
</SCRIPT><br><br><br><br><center><table border=0 cellpadding=0 cellspacing=0 width=378>
<tr><td align=center><span class=p9><span class=p12><font color=6666FF><b>个人头像上传处</b></font></span></span>
<hr noshade size=1 width=500><form  method=POST enctype=multipart/form-data onSubmit='return formCheck()' action=portrait.cgi?work=posted>
<table width=530 border=1><tr><td width=310 height=54><p class=p9 align=center><font color=blue>一</font>、请点取下面的“浏览”按键选择您要上传的图片<br><span class=p9>(图片尺寸：<b><font color=red>32</font></b> X <b><font color=red>32</font></b>象素 <font color=red><b>GIF、JPG</b></font>格式)：</span></p>
<p align=center><input type=file name=upfile></p></td><td width=204 rowspan=2><div align=center><br>
<img src=$ttt width=32 height=32><br><br><span class=p9>您目前的头像</span></div></td>
</tr><tr><td width=310><div align=center><span class=p9><font color=blue>二</font>、选择好您要上传的图片后，请按下面的确认键开<br>
始上传... <br></span><input type=submit name=Submit value='确 认'></div></td><tr>
<td width=310><div align=center><span class=p9><font color=blue>三</font>、对已上传头像不满意的用户，可以重新上传新照<br>片覆盖原照，具体操作与首次
上传一致。
</div></span></td><td align=center class=p12 width=204> <a href=list.cgi?menu=show><b>返 回</b></a></table></form>\n\n";
sub posted
{
$photo=&uploadfiles($filename);
print "Content-type: text/html\n\n";
print "<HTML><head><META HTTP-EQUIV=Content-Type CONTENT=text/html; charset=gb2312>
<meta HTTP-EQUIV=REFRESH CONTENT=3;URL=portrait.cgi><LINK href=$imagurl/bbs.css rel=stylesheet>
</head>
您已经成功地将您的头像上传到服务器中，请稍候，系统将自动返回.....
<BR><BR><A HREF=portrait.cgi>如果系统没有反应，请点击这里返回！</A></html>\n\n";
}
sub uploadfiles
{
$photo =1;
local($uploadfile)=$_[0];
if ($uploadfile=~ /([^\/\\]+)$/)
{
$Filename = $1;
$Filename =~s/^\.+//;
}
$filelen=length($filevalue);
$Filename=~tr/A-Z/a-z/;
($lujin,$jpg)=split(/\./,$Filename);
$jpg =~s/\r//g;
if(($jpg ne "jpeg")&&($jpg ne "jpg")&&($jpg ne "")&&($jpg ne "gif")){&errorview("对不起，您的头像必须是GIF或者JPG格式的文件！");}
if ($filelen > $maxphoto){&errorview("上传头像文件超长！您上传的头像文件长度是 $filelen byte, 本站接受的头像最大长度是 $maxphoto byte!");exit;}
if ($photo)
{
open(OUTFILE, ">$ImgDir/portrait/$username.gif") || &errorview("上传文件错误，不能创建文件。<BR><BR>1、请检查存放图片文件目录的绝对路径！<BR>2、请把image目录属性改成777。");
binmode (OUTFILE);
print OUTFILE $filevalue;
close(OUTFILE);
chmod("$ImgDir/portrait/$username.gif",0777);
open(PSD,"$filepath/yhzl/$username.cgi");
$line=<PSD>;
close(PSD);
($rdpassword,$rusername,$rdmail,$rdhome,$rlast,$rdqm,$rdsex,$rdwork,$rdcity,$rdlove,$rfy,$rhf,$tu,$jiao,$iewin,$QQ,$photo,$rating,$levelname,$level,$levelstar,$lastlytime,$lastlytopic,$realname,$birthday,$shengxiao,$blood,$constellation,$character,$belief,$marital,$education,$college)=split(/\t/,$line);
$tu="../portrait/$photo";
open(PSD,">$filepath/yhzl/$username.cgi");
print PSD $rdpassword."\t".$username."\t".$rdmail."\t".$rdhome."\t".$rlast."\t".$rdqm."\t".$rdsex."\t".$rdwork."\t".$rdcity."\t".$rdlove."\t".$rfy."\t".$rhf."\t".$tu."\t".$jiao."\t".$ENV{'HTTP_USER_AGENT'}."\t".$QQ."\t".$photo."\t".$rating."\t".$levelname."\t".$level."\t".$levelstar."\t".$lastlytime."\t"."$lastlytopic\t".$realname."\t".$birthday."\t".$shengxiao."\t".$blood."\t".$constellation."\t".$character."\t".$belief."\t".$marital."\t".$education."\t".$college;
close(PSD);
}
return $filelen;
}
######################### END OF SCRIPT #########################