#!/usr/bin/perl use lib qw( ../../lib ); use Dbdata; ################################################################# # Banner Rotator 3.0 MySQL (beta) # # This program is distributed as a beta ware. We are not # responsible for any damages that the program causes # to your system or business. You are using this software at your # own risk. Modifications are not allowed # without the premissions from SiliconSoup.com LLC. # If you find any bugs in this software, please report it to us at # cgifactory@cgi-factory.com. # However, that email address above is only for bugs reporting. # We will not respond to the messages that are sent to that # address. If you have any trouble installing this program. # Please feel free to post a message on our CGI Support Forum. # Selling this script is absolutely forbidden and illegal. ################################################################## # # COPYRIGHT NOTICE: # # Copyright 1999-2001 CGI-Factory.com TM # A subsidiary of SiliconSoup.com LLC # # # Web site: http://www.cgi-factory.com # E-Mail: cgifactory@cgi-factory.com # Released Date: August 21, 2001 # # Banner Rotator 3.0 MySQL (beta) is protected by the copyright # laws and international copyright treaties, as well as other # intellectual property laws and treaties. ################################################################### print "Content-type:text/html\n\n"; $fullpath="./"; push(@INC, $fullpath); #load in the required settings $superuser="superuser.db"; my %vals = db_data; $host="$vals{host}"; $database="$vals{addb}"; $sql_user="$vals{user}"; $sql_pass="$vals{password}"; $ad_table="$vals{adtable}"; $default_banner_image="$vals{addefaultban}"; $default_banner_forward="$vals{addefurl}"; $redirect="$vals{adredirect}"; #load in Main.pm $mainPM="Main.pm"; eval { require "$mainPM"; }; if ($@) { print "unable to load $mainPM. $@"; exit; } #initialize $software="Banner Rotator 3.0 MySQL"; #user's ip if (!$ENV{'REMOTE_HOST'}) { $IP=$ENV{'REMOTE_ADDR'}; } else { $IP=$ENV{'REMOTE_HOST'}; } $time=time; $mainAdmin="ad-admin.pl"; $dsn = "DBI:mysql:database=$database;host=$host;user=$sql_user;password=$sql_pass"; ############################################################################# # read the html form inputs and store the inputs into the $buffer variable # ############################################################################# read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); ################################################################################## # since each input is separated by a &. We can separate all inputs into a array # ################################################################################## @pairs = split(/&/, $buffer); foreach $pair (@pairs) { ######################################################################################### # since each input is presented as name=value. We can separate them into two variables # ######################################################################################### ($name, $value) = split(/=/, $pair); ################## # URL decoding # ################## $name =~ tr/+/ /; $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $input{$name} = $value; } #check the action to perform #check if the password file exist, if not ask for the new password open (DETECT,"<$fullpath/$superuser") or &decide; if ($flock==1) { flock DETECT, 2; } @detect=; close (DETECT); if (!@detect) { &decide; } sub decide { if ($input{'action'} eq "firsttime") { &firsttime; exit; } else { &setup; exit; } } #print out the login page if admin name and password is not provoided if (!$input{'admin'} or !$input{'password'}) { print < Banner Administration Area




The Kyngdoms BaD Admin Area
   Welcome to The Kyngdoms™ Log In area.   
Name:
  

Password:


Copyright © The Kyngdoms ™ 2005 All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.
EOF exit; } #verify the admin password &vpassword; if ($input{'action'} eq "add_new_banner") { $description="Add a new banner"; &add_new_banner; exit; } if ($input{'action'} eq "view_stats") { $description="Banner Stats"; &view_stats; exit; } if ($input{'action'} eq "modify_entry") { $description="Modify an entry"; &modify_entry; exit; } if ($input{'action'} eq "do_modify_entry") { $description="Modify and entry"; &do_modify_entry; exit; } if ($input{'action'} eq "delete_entry") { $description="Delete an entry"; &delete_entry; exit; } if ($input{'action'} eq "do_delete_entry") { $description="Delete an entry"; &do_delete_entry; exit; } #print out the main page &admin_header; &new_banner; &display_all_banners; &admin_footer; #html tags for adding a new banner sub new_banner { print <
Add a new banner  
Username:
Password:
Forward URL: Must start with http://
Display: User HTML tags.
If it is a banner image, use with:
<img src="/images/adverts/IMAGE.gif" alt="" width="468" height="60" border="0">
Contact Person:
Email:
Phone:
Status: Activated Deactivated
Advertising Option: Exposoures Click-throughs
Initial Credit:
Default Banner Size: 468 x 60 pixels
 
EOF } #insert the new banner into the sql database sub add_new_banner { $time=time; #check the advertising option if ($input{'adverOpt'} eq "exp") { $exp=$input{'initial_credit'}; $click=0; } else { $click=$input{'initial_credit'}; $exp=0; } #check if the banner url and link is submitted. if (!$input{'forwardURL'} or !$input{'display'}) { &admin_header; print "Displaying Tags or forwarding URL missing."; &backToMain; &admin_footer; exit; } use DBI; $dbh=DBI->connect($dsn) or &sql_error(DBI->errstr,1); $sth = $dbh->prepare("INSERT INTO $ad_table (user,pass,forwardURL,display,exp,click,contact,email,phone,status,adverOpt,totalExp,totalClick,createdOn) VALUES('$input{'user'}','$input{'user_password'}','$input{'forwardURL'}','$input{'display'}','$exp','$click','$input{'contact'}','$input{'email'}','$input{'phone'}','$input{'status'}','$input{'adverOpt'}','0','0','$time')"); $sth->execute or &sql_error($dbh->errstr,2); #rebuild the banner index file $sth = $dbh->prepare("Select ID from $ad_table where status='activated'"); $sth->execute or &sql_error($dbh->errstr,2); $i = 0; @banner_index=""; while ((@results=$sth->fetchrow) != NULL) { @banner_index[$i]=@results[0]."\n"; $i++; } open (banner_index, ">$fullpath/banners.index") or Main::error("unable to write to $fullpath/banners.index."); print banner_index @banner_index; close(banner_index); #close sql connections $sth->finish; $dbh->disconnect; &admin_header; print "New banner added."; &backToMain; &admin_footer; } sub display_all_banners { use DBI; $dbh=DBI->connect($dsn) or &sql_error(DBI->errstr,1); #$sth = $dbh->prepare("SELECT ID,user,forwardURL,display,exp,click,contact,email,phone,status,adverOpt,totalExp,totalClick,createdOn FROM $ad_table"); $sth = $dbh->prepare("SELECT ID,user,forwardURL,display, status, createdOn FROM $ad_table ORDER BY ID"); $sth->execute or &sql_error($dbh->errstr,2); #print out the titles for each field print " "; while ((@results=$sth->fetchrow) != NULL) { #convert the unix time in array index 5 as account created date ($sec,$min,$hour,$mday,$mon,$year,$wday) = (localtime(@results[5]))[0,1,2,3,4,5,6]; $mon+=1; $mday = sprintf("%.02d",$mday); $year += 1900; @results[5]="$mon/$mday/$year"; print ""; #convert < > and " to < > and " so we can put the content into a text field without creating errors @results[2]=~ s//>/g; @results[3]=~ s//>/g; @results[2]=~ s/"/"/g; @results[3]=~ s/"/"/g; #print out the action option dropdown menu print ""; print ""; } print "
ID Username Display Status Created on Action
@results[0]@results[1]@results[3]@results[4]@results[5]
"; #close sql connections $sth->finish; $dbh->disconnect; } #display individual banner stats sub view_stats { use DBI; $dbh=DBI->connect($dsn) or &sql_error(DBI->errstr,1); $sth = $dbh->prepare("Select * from $ad_table where ID='$input{'ID'}'"); $sth->execute or &sql_error($dbh->errstr,2); @results=$sth->fetchrow; #some variables need for the stats page # #advertising option if (@results[11] eq "click") { $option="Click-throughs"; } else { $option="Exposures"; } #click-throughs ratio if (@results[12]==0) { $ratio="0.00"; } else { $ratio=sprintf("%.2f",(@results[13]/@results[12])*100); } #account created date ($sec,$min,$hour,$mday,$mon,$year,$wday) = (localtime(@results[14]))[0,1,2,3,4,5,6]; $mon+=1; $mday = sprintf("%.02d",$mday); $year += 1900; $date="$mon/$mday/$year"; &admin_header; #start to print out the stats page print " "; if (@results[11] eq "exp") { print " "; } else { print " "; } print "
ID: @results[0]
Username: @results[1]
Forwarding URL: @results[3]
Display @results[4]
Exposures remaining @results[5]
Click-throughs remaining @results[6]
Contact person: @results[7]
Contact email: @results[8]
Contact phone number: @results[9]
Status: @results[10]
Advertising option: $option
Exposures: @results[12]
Click-throughs: @results[13]
Click-throughs ratio: $ratio%
Account created on: $date
"; &backToMain; &admin_footer; #disconnect from the database $sth->finish; $dbh->disconnect; exit; } #input form for modifying the banner sub modify_entry { use DBI; $dbh=DBI->connect($dsn) or &sql_error(DBI->errstr,1); $sth = $dbh->prepare("Select * from $ad_table where ID='$input{'ID'}'"); $sth->execute or &sql_error($dbh->errstr,2); @results=$sth->fetchrow; $act_checked=""; $deact_checked="checked"; if (@results[10] eq "activated") { $act_checked="checked"; $deact_checked=""; } $exp_checked=""; $click_checked="checked"; if (@results[11] eq "exp") { $exp_checked="checked"; $click_checked=""; } #convert < > and " to < > and " so we can put the content into a text field without creating errors @results[3]=~ s//>/g; @results[4]=~ s//>/g; @results[3]=~ s/"/"/g; @results[4]=~ s/"/"/g; &admin_header; print <
Username:
Password:
Forward URL:
Display:
Exposure credits:
Click-through credits:
Contact person:
Email:
Phone:
Status: Activated Deactivated
Advertising Option: Exposoures Click-throughs
Total Exposures:
Total Click-throughs:
EOF &backToMain; &admin_footer; } sub do_modify_entry { use DBI; $dbh=DBI->connect($dsn) or &sql_error(DBI->errstr,1); $sth = $dbh->prepare("UPDATE $ad_table SET user='$input{'user'}', pass='$input{'user_password'}', forwardURL='$input{'forwardURL'}', display='$input{'display'}', exp='$input{'exp'}', click='$input{'click'}', contact='$input{'contact'}', email='$input{'email'}', phone='$input{'phone'}', status='$input{'status'}', adverOpt='$input{'adverOpt'}', totalExp='$input{'totalExp'}', totalClick='$input{'totalClick'}' where ID = '$input{'ID'}'"); $sth->execute or &sql_error($dbh->errstr,2); #rebuild the banner index file $sth = $dbh->prepare("Select ID from $ad_table where status='activated'"); $sth->execute or &sql_error($dbh->errstr,2); $i = 0; @banner_index=""; while ((@results=$sth->fetchrow) != NULL) { @banner_index[$i]=@results[0]."\n"; $i++; } open (banner_index, ">$fullpath/banners.index") or Main::error("unable to write to banners.index."); print banner_index @banner_index; close(banner_index); #close sql connections $sth->finish; $dbh->disconnect; &admin_header; print "Entry modified."; &backToMain; &admin_footer; } #ask if the user really want to delete this entry sub delete_entry { &admin_header; print "Delete the following entry?

$input{'display'}
"; &backToMain; &admin_footer; } #actually delte an entry sub do_delete_entry { use DBI; $dbh=DBI->connect($dsn) or &sql_error(DBI->errstr,1); $sth = $dbh->prepare("DELETE FROM $ad_table where ID ='$input{'ID'}'"); $sth->execute or &sql_error($dbh->errstr,2); #rebuild the banner index file $sth = $dbh->prepare("Select ID from $ad_table where status='activated'"); $sth->execute or &sql_error($dbh->errstr,2); $i = 0; @banner_index=""; while ((@results=$sth->fetchrow) != NULL) { @banner_index[$i]=@results[0]."\n"; $i++; } open (banner_index, ">$fullpath/banners.index") or Main::error("unable to write to $fullpath/banners.index."); print banner_index @banner_index; close(banner_index); #close sql connections $sth->finish; $dbh->disconnect; &admin_header; print "Entry deleted."; &backToMain; &admin_footer; } #verify admin password subroutine sub vpassword { $input{'admin'}=~ tr/A-Z/a-z/; $input{'admin'}=~ tr/\s//; $input{'password'}=~ tr/A-Z/a-z/; $input{'password'}=~ tr/\s//; my $status=Main::verifyAdmin("$fullpath/$superuser","$input{'admin'}","$input{'password'}","YL","\\|","$fullpath/errorlog.txt","Incorrect Admin logging in attempt|$input{'admin'}|$input{'password'}|$IP|$time"); if ($status!=1) { &admin_header; print "

Incorrect admin name or password

\n"; $time=localtime(); print "Warning: Your informatoin has been logged for security reasons.
\n"; print "Your IP Address: $IP
"; print "Date: $time
\n"; &admin_footer; exit; } } #admin header and footer sub admin_header { print < The Kyngdoms BaD Administration Area
The Kyngdoms BaD Administration Area
$description  

    EOF } sub admin_footer { print <
Copyright © The Kyngdoms™ 2005 All rights reserved.
EOF $description=""; } #### back to the main page button sub backToMain() { print qq|
|; } #sql query error handling sub sql_error ($errorMessage,$errorType) { #disconnect from the database my ($errorMessage,$errorType) = @_; #QUERY error if ($errorType==2) { $sth->finish; $dbh->disconnect; } print qq|
Login Denied


    SQL Error message:
    $errorMessage

    \n Reason/Debugging message:
    $!

    \n Contact Info:
    Please contact admin@thekyngdoms.com if you are experience problems.
    \n

|; exit; } exit;