--- BBS.cgi.OLD Sat May 12 18:21:26 2001 +++ BBS.cgi Sat May 12 18:13:18 2001 @@ -4,12 +4,12 @@ BBS.cgi - a sample BBS script for the CGI_Board class library - Version: 0.69 (beta test version) - Date: Tue May 16 00:24:19 JST 2000 + Version: 0.70 (beta test version) + Date: Sat May 12 04:29:40 JST 2001 =head1 Copyright - Copyright (c) 1998 1999 KUROKI Gen + Copyright (c) 1998 1999 2000 2001 KUROKI Gen Permission to use, copy, and distribute is hereby granted, only providing that the above copyright notice and this permission appear in all copies @@ -20,7 +20,7 @@ #============================================================================== # Location of CGI_Board -my $Version_of_CGI_Board = "0.69"; +my $Version_of_CGI_Board = "0.70"; my $URL_of_CGI_Board = "http://www.math.tohoku.ac.jp/~kuroki/pub/CGI_Board/"; my $Link_to_CGI_Board = qq!CGI_Board $Version_of_CGI_Board!; @@ -1288,6 +1288,8 @@ unless (match_cgi_password($admin_userid, $admin_passwd)) { print_and_die("Invalid user-id or wrong password"); } + my $inputform_passwd + = inputform_passwd("", "", "", $cgi_userid, $cgi_passwd); unlink $file; @@ -1320,6 +1322,8 @@ unless (match_cgi_password($admin_userid, $admin_passwd)) { print_and_die("Invalid user-id or wrong password"); } + my $inputform_passwd + = inputform_passwd("", "", "", $cgi_userid, $cgi_passwd); print_syslog("admin_config_change"); @@ -1384,6 +1388,8 @@ unless (match_cgi_password($admin_userid, $admin_passwd)) { print_and_die("Invalid user-id or wrong password"); } + my $inputform_passwd + = inputform_passwd("", "", "", $cgi_userid, $cgi_passwd); my $cgi_new_board_userid = $cgi_value{'new_board_userid'}; my $cgi_new_board_passwd = $cgi_value{'new_board_passwd'}; @@ -1492,6 +1498,8 @@ ----------END; return undef; } + my $inputform_passwd + = inputform_passwd("", "", "", $cgi_userid, $cgi_passwd); print_syslog("admin_form"); @@ -2230,6 +2238,8 @@ ----------END; return undef; } + my $inputform_passwd + = inputform_passwd("", "", "", $cgi_userid, $cgi_passwd); print_syslog("board_config_form"); @@ -2579,6 +2589,8 @@ { print_and_die("Invalid user-id or wrong password"); } + my $inputform_passwd + = inputform_passwd("", "", "", $cgi_userid, $cgi_passwd); print_syslog("board_article_replace"); @@ -2695,6 +2707,8 @@ { print_and_die("Invalid user-id or wrong password"); } + my $inputform_passwd + = inputform_passwd("", "", "", $cgi_userid, $cgi_passwd); print_syslog("board_article_edit"); @@ -2839,6 +2853,8 @@ { print_and_die("Invalid user-id or wrong password"); } + my $inputform_passwd + = inputform_passwd("", "", "", $cgi_userid, $cgi_passwd); print_syslog("board_article_delete"); @@ -2968,6 +2984,8 @@ ----------END; return undef; } + my $inputform_passwd + = inputform_passwd("", "", "", $cgi_userid, $cgi_passwd); if ($filename !~ /^\Q$board_id\E[0-9]{$board_seqlen}\./) { print_and_die("$filename: forbidden access"); @@ -3932,20 +3950,20 @@ sub match_cgi_password { my ($userid, $passwd) = @_; - return undef if $cgi_value{'userid'} ne $userid; - return passwdmatch($cgi_value{'passwd'}, $passwd); + return undef if $cgi_userid ne $userid; + return passwdmatch($cgi_passwd, $passwd); } #------------------------------------------------------------------------------ sub inputform_passwd { - my ($opta, $optb, $retype) = @_; + my ($opta, $optb, $retype, $userid, $passwd) = @_; my $inputform_passwd = <<"----------END;"; ${opta}User-ID: - + ${opta}Password: - + ----------END; chomp $inputform_passwd;