===================================================================
RCS file: /home/cvsd/home/cvs/wolboard/wolboard.php,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -p -r1.12 -r1.13
--- wolboard/wolboard.php	2002/05/31 08:29:09	1.12
+++ wolboard/wolboard.php	2002/06/10 14:23:45	1.13
@@ -5,7 +5,7 @@
 	Author:	Martin Karas a.k.a. Wolcano
 	Date:	24.04.2002
 	Mail:	wolcano@pobox.sk
-	Version:	v5.4
+	Version:	v5.2
 	License:	not chosen yet - this file is strictly private,
 		you may not copy/change/distribute it without authors
 		explicit premission.
@@ -55,9 +55,11 @@
 		$archive_no	- index of archived file
 		$submit_type	- submit button type
 		$reply_to	- index of message you want to reply (inserts quoted message)
+		$rootlogin	- wether should display the root login dialog
 
 		CHANGE LOG:
-		* 5.4	- fixed <form action> <-> <input> conflicts
+		* 5.4	- "fixed" adduser bug (now ignoring result of flock() :()
+		     	- added root login for viewing deleted messages
 		* 5.3	- external CSS file
 		* 5.2	- added "reply" link
 		* 5.1   - updated SQL queries
@@ -80,7 +82,7 @@
 
 
 	// IMPORTANT CONSTANTS (change if needed)
-	$WB_version = "5.4";
+	$WB_version = "5.2";
 	$WB_name = "Wol's Message Board";
 	$strip_slashes = 1;
 	$DEFAULT_HEAD_FRAME = "";
@@ -91,8 +93,8 @@
 	$root_md5_password = "896ae34257056a6edb7643e3db85bb21";
 
 	// Filesystem defaults
-	$message_file = "board_messages.txt";
-	$user_file = "board_emails.txt";
+	$message_file = "messages.dat";
+	$user_file = "users.dat";
 	$move_old_mesages = 1;
 	$old_messages_folder = "history/";
 	$hist_file_prefix = "board_hist_file_"; // used in REGEXPs! alphabeticals only
@@ -255,14 +257,14 @@
 		$start = time();
 		while ((!flock($f, 1)) && ($start + $max_wait < time()))
 			sleep(1);
-		return ($start + $max_wait < time())?
-			1:0;
+		return ($start + $max_wait < time());
 	} // wait_read_lock($f, $max_wait = 9999)
 
 	function wait_write_lock($f, $max_wait = 9999) {
 		$start = time();
 		while ((!flock($f, 2)) && ($start + $max_wait < time()))
 			sleep(1);
+		return ($start + $max_wait < time());
 	} // wait_write_lock($f, $max_wait = 9999)
 
 	function release_lock($f) {
@@ -364,13 +366,20 @@
 			return "";
 	} // get_email($str)
 
-	function write_mail($usr_file, $user, $mail = "", $pass = "", $use_db = 0, $db_conn) {
+	function write_mail($usr_file, $user, $mail = '', $pass = '', $root_name = '', $use_db = 0, $db_conn) {
 		$pass = md5(rawurlencode($pass));
+		if ($user == $root_name)
+			return false;
 		if (!$use_db) {
 			// Working with files
 			$fp = fopen($usr_file, "a");
+			wait_write_lock($fp);
+			/*
+			// this should work, but doesn't :(((
+			// won't use this shitty file locking mechanism
 			if (!wait_write_lock($fp))
 				return false;
+			*/
 			fwrite($fp, strtr($user, ":", ";") . ":" . strtr($mail, ":", ";") .
 				":" . $pass . "\n");
 			release_lock($fp);
@@ -850,6 +859,21 @@
 		}
 	}
 
+	function show_root_login_form($rootnick, $user_nick = '') {
+		global $self;
+		echo "\n<center><h3><b>Admin login</b></h3><br><br>";
+		echo "\n<center>\n<form name=rootlogin method=get action=$self>\n";
+		echo create_hidden_inputs(split_url_vars(link_replace(link_replace(create_link(), 'nick', $rootnick), 'newnick', $user_nick)));
+		echo "<table align=center>\n";
+		echo "\t\n<tr>\n\t\t<td>Password:</td><td><input type=password name=pass></td></tr>\n";
+		echo "\t\n<tr>\n\t\t<td colspan=2 align=center><input type=submit name=submit_type value=Login>\n</td></tr>\n";
+		echo "\t<tr><td align=center colspan=2><a href=$self?" .
+			create_link() .
+			">cancel</a></td></tr>\n";
+		echo "</table>\n";
+		echo "</form>\n</center>\n";
+	} // show_root_login_form($rootnick, $user_nick)
+	
 	function show_data_form($user_file, $self, $nick, $message,
 		$style, $WB_name, $autorefresh, $pagesize, $use_db = 0, $db_conn = 0) {
 		// TODO !!!!!!
@@ -859,7 +883,7 @@
 		global $frameset;
 ?>
 <center>
-<font color="#C0C0C0" face="Courier" size=5><b><?echo $WB_name?></b></font><br>
+<h3><?echo $WB_name?></h3>
 Current time is <?echo format_time(time())?>.
 <br>
 <table border=0>
@@ -872,9 +896,9 @@ Current time is <?echo format_time(time(
 ?>
 <tr>
 	<td align=center valign=middle rowspan=3>
-		<textarea name="message" cols=30 rows=<?
+		<textarea name="message" cols=40 rows=<?
 	echo (sizeof(explode("\n",$message)) + 5)?>><?echo $message?></textarea></td>
-	<td align=center valign=middle><font face="Arial" color=#ffcc00 size=3>Nick</font></td>
+	<td align=center valign=middle>Nick</td>
 	<td align=left valign=middle>
 		<select name="nick">
 			<option value="Anonym">&lt;choose&gt;</option>
@@ -940,7 +964,7 @@ Current time is <?echo format_time(time(
 		<a href="<?
 		echo "$self?" . link_replace(link_replace(create_link(), "setframes", 1), "disablepart", 3);
 ?>" target=_top>Switch to frames</a> <font size=-3><a href="<?
-		echo $self . '?' . link_replace(create_link(), 'nick', 'root');
+		echo $self . '?' . link_replace(create_link(), 'rootlogin', '1');
 ?>">&pi;</a></font>
 	</td>
 </tr>
@@ -1009,13 +1033,13 @@ Current time is <?echo format_time(time(
 <title><?echo "$WB_name v$WB_version"?></title>
 <link rel="stylesheet" href="<?echo $css_file?>" type="text/css">
 </head>
-<body bgcolor="black" text="#C0C0C0" link="#8888ff" alink="#8888ff" vlink="#8888ff">
+<body>
 <?
 	} // show_nonrefresh_head()
 
 	function show_delete_dialog($nick, $time) {
 		global $self;
-		echo "\n<center><font color=#C0C0C0 face=Courier size=4><b>Delete message</font></b><br><br>";
+		echo "\n<center><h3><b>Delete message</b></h3><br><br>";
 		echo "\n<center>\n<form name=deletemessage method=get action=$self>\n";
 		echo create_hidden_inputs(split_url_vars(link_replace(link_replace(create_link(), "deleteok", 1), "time", $time)));
 		echo "<table align=center>\n";
@@ -1032,7 +1056,7 @@ Current time is <?echo format_time(time(
 
 	function show_createuser_dialog($newnick, $email) {
 		global $self;
-		echo "\n<center><font color=#C0C0C0 face=Courier size=4><b>Create new user</font></b><br><br>";
+		echo "\n<center><h3><b>Create new user</b></h3><br><br>";
 		echo "<table size=90% align=center>\n";
 
 		echo "\n<form name=createuser method=get action=$self>";
@@ -1235,6 +1259,24 @@ Current time is <?echo format_time(time(
 	if (!good($page))
 		$page = 0;
 
+	// check for superuser view
+	if ($nick == $root_name) {
+		if (md5($pass) == $root_md5_password)
+			$superuser = 1;
+		else {
+			unset($nick);
+			$superuser = 0;
+		}
+	}
+	
+	// SHOW ROOT LOGIN FORM
+	if ($rootlogin) {
+		show_nonrefresh_head();
+		show_root_login_form($root_name, $nick);
+		$show_body = false;
+		$show_head = false;
+	}
+
 	if (!isset($nick) && good($newnick))
 		$nick = $newnick;
 
@@ -1247,12 +1289,6 @@ Current time is <?echo format_time(time(
 	if (good($archive_no) && !$use_db)
 		$message_file = $old_messages_folder . $hist_file_prefix . $archive_no;
 
-	// check for superuser view
-	if (($nick == $root_name) && (md5($pass) == $root_md5_password))
-		$superuser = 1;
-	else
-		$superuser = 0;
-
 	if ($use_db) {
 		require_once "DB.php";
 
@@ -1300,15 +1336,13 @@ Current time is <?echo format_time(time(
 	// CREATE NEW USER
 	if ($createuser) {
 		$mails = get_emails($user_file, $use_db, $db_handle);
-		echo "1";
 		if ((!($mails === false)) &&
 			good($newnick) &&
 			($mails[$newnick] == "") &&
 			good($createok) &&
 			($createok == 1)) {
-		echo "1";
-			if (write_mail($user_file, $newnick, $mail, $pass, $use_db, $db_handle)) {
-				echo "drblo to"; // something failed, ignoring for now
+			if (!write_mail($user_file, $newnick, $mail, $pass, $root_name, $use_db, $db_handle)) {
+				//echo "drblo to"; // something failed, ignoring for now
 				die();
 			}
 
@@ -1340,6 +1374,8 @@ Current time is <?echo format_time(time(
 	// DELETE MESSAGE FROM DB
 	if (good($time)) {
 		if (good($deleteok) && ($deleteok == 1)){
+			header('HTTP/1.0 302 Found');
+			header("Location: $abs_self?" . create_link());
 			switch(delete_message($message_file, $user_file, $nick,
 				$time, $pass, $use_virtual_delete, $use_db, $db_handle)) {
 				case 0: // All OK
@@ -1358,9 +1394,6 @@ Current time is <?echo format_time(time(
 					echo "<center>Fatal Error while deleting: unknown error code!</center><br>\n";
 					break;
 			}
-			//die();
-			header('HTTP/1.0 302 Found');
-			header("Location: $abs_self?" . create_link());
 			die();
 		} else {
 			show_nonrefresh_head();
@@ -1378,6 +1411,8 @@ Current time is <?echo format_time(time(
 <head>
 <title><?echo "$WB_name v$WB_version"?></title>
 <link rel="stylesheet" href="<?echo $css_file?>" type="text/css">
+</head>
+<body>
 <?
 	/*
 		If set, do nothing, just create frames and recursively call self
@@ -1406,10 +1441,6 @@ Current time is <?echo format_time(time(
 	}
 
 	if ($show_head) {
-?>
-</head>
-<body bgcolor=black text=#C0C0C0 link=#888ff alink=#888ff vlink=#888ff>
-<?
 		show_data_form($user_file, $self, $nick, $message, $style,
 			$WB_name, $autorefresh, $pagesize, $use_db, $db_handle);
 	}
@@ -1417,10 +1448,6 @@ Current time is <?echo format_time(time(
 	if ($show_body) {
 		echo "<meta HTTP-EQUIV=\"Refresh\" CONTENT=\"$autorefresh URL=$self?" .
 			create_link() . "\">\n";
-?>
-</head>
-<body bgcolor=black text=#C0C0C0 link=#888ff alink=#888ff vlink=#888ff>
-<?
 		show_messages($message_file, $user_file, $page, $pagesize,
 			$style, $superuser, $use_db, $db_handle);
 	}