continue = FAIL => Abbruchmeldung und Schlußverarbeitung + Prüfung auf gültige Authentifizierung = OK => continue = FAIL => Abbruchmeldung und Schlußverarbeitung + Prüfung auf Wartungsstatus = OK => continue = FAIL => Abbruchmeldung und Schlußverarbeitung + Verarbeitung der Submit-Aktionen (POST), Anzeige der einzelnen Orga-Formulare */ // this script needs following additional server modules for PHP // - (none) // write HTTP header (anti-cache) header('Expires: Sun, 31 Dec 1989 23:59:59 GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Cache-Control: no-store, no-cache, must-revalidate'); header('Cache-Control: post-check=0, pre-check=0'); header('Pragma: no-cache'); // define general server constants define( "SERVER_SITE_MAINTENANCE", false ); // maintenance state, set to TRUE to lock this page temporarily define( "SERVER_LOCALHOST_IP", "127.0.0.1" ); // localhost IP, which does not need authentication define( "SERVER_PROTOCOL_HTTPS", "HTTPS" ); // HTTPS protocol name // define server file constants define( "SERVER_FILE_MYSELF", "announce.php" ); // submit target of forms = this file itself define( "SERVER_FILE_ANNOUNCE", "index.shtml" ); // announcement file; e.g. index file define( "SERVER_FILE_RSS09", "rss09.rdf" ); // RSS 0.91 file; e.g. *.rdf define( "SERVER_FILE_HEADER", "ssi_site_header.html" ); // SSI file for site header define( "SERVER_FILE_INTRO", "ssi_site_intro.html" ); // SSI file for site intro define( "SERVER_FILE_EXTRO", "ssi_site_extro.html" ); // SSI file for site extro // define auth constants define( "AUTH_SERVER_PASS", "?!?!BunnY2007!?!" ); // auth password, [todo:] should be outsourced to an external, secured data file // init references to $_POST variables ($pxxx) $pstrauth = & $_POST['txtauth']; $pstrtitle = & $_POST['txttitle']; $pstrannouncement = & $_POST['txtannouncement']; $pbolannouncement = & $_POST['cmdannouncement']; // init post variables (only for mandatory variables, ignore variables submitted by special forms!) if ( !isset($pstrauth) ) $pstrauth = ''; if ( !isset($pstrtitle) ) $pstrtitle = ''; if ( !isset($pstrannouncement) ) $pstrannouncement = ''; // init instance variables $intnow = time(); $strmsg = ''; // (status/error/etc.) message to user $strauth = ''; $strinput = ''; $stroutput = ''; $intfileid = 0; $strtitle = ''; $strannouncement = ''; $strauth = ''; $bolannouncement = false; $bolauthabort= false; $bolok = false; // action feedback, triggers confirmation if true or warning if false // function library function addmsg ($straddmsg) { // adds $straddmsg to $strmsg global $strmsg; if ( $straddmsg != '' ) { $strmsg = $strmsg . '
  • ' . $straddmsg . '
    • '; } } function showmsg () { // shows messages in $strmsg if available global $strmsg, $bolok; if ( $strmsg != '' ) { echo '

    Feedback

    '; $strmsg = ''; } } // check input variables //$bolannouncement = isset( $pbolannouncement ); // does not work in IE when submitted from within a text field by pressing Return key, reason unknown $bolannouncement = ( isset( $pbolannouncement ) || $pstrannouncement != '' ); //workaround for IE problem, see line above $intwsid = $pintwsid; $strtitle = $pstrtitle; $strannouncement = $pstrannouncement; $strauth = $pstrauth; // defuse input variables $strtitle = trim( htmlentities( $pstrtitle, ENT_QUOTES )); // leave announcement html'ed //$strannouncement = trim( htmlentities( $pstrannouncement, ENT_QUOTES )); $strauth = trim( htmlentities( $pstrauth, ENT_QUOTES )); // shorten input variables if ( strlen( $strauth ) > 255 ) $strauth = substr( $strauth, 0, 4095 ); //cut it, do not modify if ( strlen( $strtitle ) > 255 ) $strtitle = substr( $strtitle, 0, 252 ) . "..."; if ( strlen( $strannouncement ) > 4095 ) $strannouncement = substr( $strannouncement, 0, 4092 ) . "..."; if ( // localhost access ( // direkter Aufruf von localhost htmlspecialchars( $_SERVER['HTTP_X_FORWARDED_FOR'], ENT_QUOTES ) == '' && htmlspecialchars( $_SERVER['REMOTE_ADDR'], ENT_QUOTES ) == constant("SERVER_LOCALHOST_IP") ) || ( // indirekter Aufruf (z.B. transparenter SSL-Proxy) mit übergebenem localhost htmlspecialchars( $_SERVER['HTTP_X_FORWARDED_FOR'], ENT_QUOTES ) == constant("SERVER_LOCALHOST_IP") ) ) { // localhost ist immer eingeloggt // -> continue } else { // check protocol and timeout // check secure connection // possible results: // - secure => continue // - insecure => force logout ($bolauthlogoutnow), show error page and prepare message ($strmsg) if ( ( // direct connection without HTTPS $_SERVER['HTTPS'] == '' && $_SERVER['HTTP_X_FORWARDED_PROTO'] == '' ) || ( // indirect connection without local HTTPS proxy, e.g. orenosp strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) != strtolower(constant("SERVER_PROTOCOL_HTTPS")) && $_SERVER['HTTP_X_FORWARDED_PROTO'] != '' ) ) { // insecure connection -> abort addmsg ( 'Dein Verbindungsprotokoll ist HTTP. Bitte verwende für die Announce-Seite Verschlüsselung mittels HTTPS.' ); $bolauthabort = true; } } // check maintenance state if ( constant("SERVER_SITE_MAINTENANCE") ) { // cancel because of maintenance addmsg ( 'Die Announce-Seite ist zurzeit wegen Wartungsarbeiten deaktiviert. Bitte später wiederkommen. Danke.' ); $bolauthabort = true; } // prepare announce page // assume that all ssi files are there. No, I won't check _that_ explicitely. // If they ain't there, the user gets a partial page. ...so what? ;o) readfile( constant("SERVER_FILE_HEADER") ); echo ' Easterhegg 2007 - Announce '; readfile( constant("SERVER_FILE_INTRO") ); echo '
    '; // show msg, if available if ( $strmsg != '' ) { echo '

    Authentifizierungshinweis:

    '; $strmsg = ''; $bolauthabort = true; } showmsg(); if ( $bolauthabort ) { // close page and stoprun. echo ' '; readfile( constant("SERVER_FILE_EXTRO") ); die(); } // Well, Checkpoint. // Now a defined and normal state of checking has been reached. // Possible states are now: // - $bolauthabort = false: user is authenticated to see this page // - $bolauthabort = true: user is not authenticated to see this page // If there were any messages on the way up to here, they are stored as list items (
  • ) in variable $strmsg. // check auth phrase if user tries to login if ( $bolannouncement ) { if ( $strauth == htmlentities( constant("AUTH_SERVER_PASS") , ENT_QUOTES )) { // auth accepted if ( $strannouncement != '' ) { // announcement accepted if ( $strtitle != '' ) { // title accepted // -> continue $bolok = true; // this feature has been deactivated on the production machine due to security reasons // to use it on your own machine just delete or uncomment the following lines // addmsg ( 'Diese Funktion wurde aus Sicherheitsgründen deaktiviert.
    Um sie auf Deiner Umgebung zu reaktivieren, entferne die Sperre in der Datei "announce.php".' ); // $bolok = false; } else { // title empty addmsg ( 'Bitte gib noch einen griffigen Titel an! Danke :-)' ); } } else { // announcement empty addmsg ( 'Das Announcement funktioniert besser, wenn Du etwas zum Announcen einträgst... ;-)' ); } } else { // auth failed addmsg ( 'Das klappt so nicht. Vermutlich hast Du Dich beim Passwort vertippt.' ); } } if ( $bolok && $bolannouncement ) { $bolok = false; //announce it now to WWW $strinput = file_get_contents( constant("SERVER_FILE_ANNOUNCE") ); $stroutput = '

    ' . date( "d.m.Y", $intnow ) . ' - ' . $strtitle . '

    ' . $strannouncement . '

    ^ TOP '; $stroutput = str_replace( " [%announcement%] ", ' [%announcement%] ' . $stroutput, $strinput ); if ( is_writable( constant("SERVER_FILE_ANNOUNCE") )) { // file_put_contents does not work with PHP 4.x, so use instead: fopen, fwrite, fclose // file_put_contents( constant("SERVER_FILE_ANNOUNCE"), $stroutput ); $intfileid = fopen( constant("SERVER_FILE_ANNOUNCE"), "w" ); fwrite( $intfileid, $stroutput ); fclose( $intfileid ); $bolok = true; } else { addmsg ( 'Die Announcementdatei "' . constant("SERVER_FILE_ANNOUNCE") . '" konnte nicht geschrieben werden. (Rechteproblem?)'); $bolok = false; } } if ( $bolannouncement ) { if ( $bolok ) { addmsg ( 'Das Announcement wurde gesetzt.' ); } else { addmsg ( 'Das Announcement wurde nicht gesetzt.' ); } } if ( $bolok && $bolannouncement ) { $bolok = false; //announce it now as RSS $strinput = file_get_contents( constant("SERVER_FILE_RSS09") ); $stroutput = ' ' . date( "d.m.Y", $intnow ) . ' - ' . html_entity_decode( strip_tags( $strtitle ) ) . ' https://' . $_SERVER['HTTP_HOST'] . '/' . constant("SERVER_FILE_ANNOUNCE") . ' ' . html_entity_decode( strip_tags( $strannouncement ) ) . ' '; $stroutput = str_replace( "" . chr(13) . chr(10), '' . chr(13) . chr(10) . $stroutput, $strinput ); if ( is_writable( constant("SERVER_FILE_RSS09") )) { // file_put_contents does not work with PHP 4.x, so use instead: fopen, fwrite, fclose // file_put_contents( constant("SERVER_FILE_ANNOUNCE"), $stroutput ); $intfileid = fopen( constant("SERVER_FILE_RSS09"), "w" ); fwrite( $intfileid, $stroutput ); fclose( $intfileid ); $bolok = true; } else { addmsg ( 'Die RSS 0.91-Datei "' . constant("SERVER_FILE_RSS09") . '" konnte nicht geschrieben werden. (Rechteproblem?)'); $bolok = false; } } if ( $bolannouncement ) { if ( $bolok ) { addmsg ( 'Das Announcement wurde per RSS 0.91 veröffentlicht.' ); } else { addmsg ( 'Das Announcement wurde nicht per RSS 0.91 veröffentlicht.' ); } } showmsg(); // show announce page echo '

    Announce

    Hier können Announcements abgegeben werden, die anschließend auf der Startseite erscheinen.
    HTML ist nicht nur erlaubt, sondern auch präferiert. Es wird darum gebeten, XHTML-konform zu bleiben.
    Achtung:Abgegebene Announcements können hier nicht mehr zurückgenommen oder korrigiert werden!

    Authentifizierung:

    Titel:

    Announcement: (HTML accepted)

    • '; // close page and stoprun. echo ' '; readfile( constant("SERVER_FILE_EXTRO") ); die(); ?>