User Account Request

This script is used to take a users request for an account and process it. It checks the requested user name against the existing user names to see if there is a conflict. If there is a conflict it check the second and third requests. If all are used, the user will receive a message indicating their choices have all been used.

#!/usr/bin/perl
$home=$ENV{"HOME"};
require "$home/lib/cgi-lib.pl";
$trip = 0;
&ReadParse;
# Check the inputed data
foreach $key (sort keys %in)
{

if($in{$key} =~ /[+=#!;><&\*`\|]|exec|Exec|EXEC|cmd|Cmd|CMD/)
{

# checking for extranious, possibly dangerous text.
# If found, the program is terminated and mail is sent
# to the admin, w/ all provided information from the user.
$trip = 1;
$i = 1;
open (FINGER, "-|") || exec "finger",$in{"email"};
@finger = <FINGER>;
close (FINGER); # If provided with an e-mail addy look it up with this.
open (MAIL, "|smtpsend");
print MAIL <<end_of_text;

To: scot\@vquill.com
From: "Request.cgi" <scot\@vquill.com>
Subject: Possible Hack Alert

The person at : $in{"email"}
May be attempting to hack into the system.
---------------------
Finger information returns:
end_of_text

while (@finger && $i < 15)
{

# step through the finger data, but only
# so much is needed ... Worst case, if it does return
# too much data, someone can always run it manually later
print MAIL @finger[$i];
$i++;

}
print MAIL " ---------------------\n\n";
foreach $key (sort keys %ENV)
{
print MAIL <<end_of_text;

$key - $ENV{$key}
end_of_text

}
print MAIL " ---------------------\n\n";
foreach $key (sort keys %in)
{
print MAIL <<end_of_text;

$key - $in{$key}
end_of_text

}
&printERRORDoc(); # This will generate a generic error page

}
elsif(!($in{$key}) && $key ne "usrid2" && $key ne "usrid3")
{
&printMISSINGDoc(); # This generates a page if a field is missing
}

}
if($trip < 1) # If nothing has been tripped, proceed
{

$usrid1 = "pwtxtfls/" . $in{"usrid1"};
$usrid1 =~ s/\s//g;
$usrid2 = "pwtxtfls/" . $in{"usrid2"};
$usrid2 =~ s/\s//g;
$usrid3 = "pwtxtfls/" . $in{"usrid3"};
$usrid3 =~ s/\s//g;
$pass1 = $in{"pass1"};
$pass2 = $in{"pass2"};
$dirname = $in{"firstname"} . $in{"lastname"};
$dirname =~ s/\s//g;
$end = 1;
$num = 0;
while (-e $dirname)
{

# Check to see if the directory already exists for the 3 choices
$num = $end + 1;
if(!($dirname =~ /\d/))
{$dirname = $dirname . "1";}
else
{$dirname =~ s/$end/$num/;$end++;}

}
# Make sure passwords match each other
# If not, generate an error and have them
# Resubmit the form w/ good passwords
if($pass1 eq $pass2)
{$pass = $pass1;}
else
{
&wrongpwMAILDoc();
}
&printHTMLDoc(); # This is a successful submission
if(! (-e $usrid1) && $usrid1 =~/\w+/)
{

open (ACCOUNT, ">>" . $usrid1);
print ACCOUNT <<end_of_text;

pw4lgn
$pass
drid4usr
$dirname
usrname
$in{"firstname"} $in{"lastname"}
end_of_text

close (ACCOUNT);
$loginid = $in{"usrid1"};
&printMAILDoc();
&createDIR();

}
elsif(! (-e $usrid2) && $usrid1 =~/\w+/)
{

open (ACCOUNT, ">>" . $usrid2);
print ACCOUNT <<end_of_text;

pw4lgn
$pass
drid4usr
$dirname
usrname
$in{"firstname"} $in{"lastname"}
end_of_text

close (ACCOUNT);
$loginid = $in{"usrid2"};
&printMAILDoc();
&createDIR();

}
elsif(! (-e $usrid3) && $usrid1 =~/\w+/)
{

open (ACCOUNT, ">>" . $usrid3);
print ACCOUNT <<end_of_text;

pw4lgn
$pass
drid4usr
$dirname
usrname
$in{"firstname"} $in{"lastname"}
end_of_text

close (ACCOUNT);
$loginid = $in{"usrid3"};
&printMAILDoc();
&createDIR();

}
else
{
&rejectMAILDoc();
}

}

# If all goes well, this sub will print an email with the winning entry
sub printMAILDoc
{

open (MAIL, "|smtpsend");
print MAIL <<end_of_text;

To: $in{"email"}
BCC: scot\@vquill.com
From: scot\@vquill.com
Subject: User Account

end_of_text

print MAIL <<end_of_text;

Thank you for your request for an account.

You have been assigned the user ID: $loginid
Your directory name is: $dirname
Please make note of both of these as well as your
password as you will need them to log into the system.
The log-in URL is http://generic.com/pchart/login.html
If there are any further questions or comments,
please direct them to scot\@vquill.com

Thank you,
Your frielndly Request team
end_of_text

close (MAIL);

}

# This sub sends a mail message to the user indicating that all 3 choices for an ID are used.
sub rejectMAILDoc
{

open (MAIL, "|smtpsend");
print MAIL <<end_of_text;

To: $in{"email"}
BCC: scot\@vquill.com
From: scot\@vquill.com
Subject: User Account

end_of_text

print MAIL <<end_of_text;

Thank you for your request for an account.
The user IDs you have requested are already in use by another account.
These requested ids, $in{"usrid1"}, $in{"usrid2"} and $in{"usrid3"} are not able to be used.
Please visit our site again and request different user ids.

Thank you,
Your frielndly Request team
end_of_text

close (MAIL);

}

# This sub emails the user when the passwords entered don't match
sub wrongpwMAILDoc
{

open (MAIL, "|smtpsend");
print MAIL <<end_of_text;

To: $in{"email"}
BCC: scot\@vquill.com
From: scot\@vquill.com
Subject: User Account

end_of_text

print MAIL <<end_of_text;

Thank you for your request for an account.
The user passwords you have requested are not equal to each other.
Please visit our site again and be sure to enter the same password
in both password fields.
We use this to ensure that you will know the password you use.
http://generic.com/pchart/request.html

Thank you,
Your frielndly Request team
end_of_text

close (MAIL);

}

# This sub is used to create a directory for the valid user ID
sub createDIR
{

$playername = $in{"firstname"} . " " . $in{"lastname"};
$file_name = $dirname . "/index.html";
if($dirname =~ /s$/){$ending = "'";}
else{$ending = "'s";}
if(! (-e $dirname))
{

mkdir("$dirname", 0777);
system("chmod 777 $dirname");
open (TEXT, ">>" . $file_name);
print TEXT <<end_of_text;

<html><head><title>$playername$ending Golf Stats</title></head>
<body bgcolor=#ffffff text=#000000 link=#005500 vlink=#000055>

<h1 align=center>$playername$ending Course Stats</h1>
<HR size= "1" noshadow>
Select a link to view those stats <br>

</body></html>
end_of_text

close (TEXT);
open (INDEX, "index.html");
@index = <INDEX>;
$szof = "" . @index;
$line = 0;
close (INDEX);
open (INDEX, ">" . "index.html");
while (@index)
{

if($index[$line] =~ /address/){}
elsif($index[$line] =~ /\/body/){}
else{print INDEX $index[$line];}
if($line > $szof){last;}else{$line++;}

}
print INDEX <<end_of_text;

<A HREF= $dirname>$playername</A>,

</body></html>
end_of_text

close (INDEX)

}

}

# If everything goes right, this sub will print out an HTML document informing them it was successful
sub printHTMLDoc
{

print &PrintHeader;
print <<end_of_text;

<head>
<title>Submitted!</title>
</head>
<body bgcolor=#ffffff text=#000000 link=#005500 vlink=#000055>
end_of_text

&navad;
print "<h1>Thank you for your interest.</h1>\n";
print "<bold><h3>Your request has been Received.</h3>\n";
print "Please allow a few minutes for the computer to process the data.<br>\n";
print "When you receive the e-mail, be sure to <a href= http://generic.com/pchart/login.html>Login</a>\n";
print "</bold>\n\n";
&address;
print "</body></html>";
print "</body></html>\n\n";

}

# This sub is used to inform the customer they have entered an illegal command.
sub printERRORDoc
{

print &PrintHeader;
print "<head><title>SERVER ERROR</title></head>\n";
print "<body bgcolor=#ffffff text=#000000 link=#005500 vlink=#000055>\n";
print "<body><center><h1>A script error has occured.</h1></center>\n";
print "<h3><bold>ERROR: Illegal commands encountered.<br></bold></h3>\n";
print "</body></html>\n";
exit(0);

}

# This sub is used to inform the customer they have left something out.
sub printMISSINGDoc
{

print &PrintHeader;
print "<head><title>MISSING INFORMATION</title></head>\n";
print "<body bgcolor=#ffffff text=#000000 link=#005500 vlink=#000055>\n";
&navad;
print "<body><center><h1>Missing Information Encountered</h1></center>\n";
print "<h3><bold>One or more of the fields was left blank on your request.<br>Please re-enter the data and be sure to fill in all of the fields.<br></bold></h3>\n\n";
&address;
print "</center></html>\n";
exit(0);

}