#!/usr/local/bin/perl
use strict;

# TITLE   : Moving Target
# BY      : CIRT.net
# VERSION : 1.0
# DATE    : 08/01/200
# CONTACT : webmaster@CIRT.net 
# PURPOSE :
# Build form names on the fly to stop automated submissions
# and other abuses. 
# This should have come with an instruction file, if not see:
# http://www.cirt.net/ for a new program with instructions

###################################################################
#(c) 2001 CIRT.net, All Rights Reserved
#Permission to use, copy, modify, and distribute this software and its documentation for educational,
#research and non-profit purposes, without fee, and without a written agreement is hereby granted,
#provided that the above copyright notice, this paragraph and the following two paragraphs appear 
#in all copies. This software program and documentation are copyrighted by CIRT.net
#
#      THE SOFTWARE PROGRAM AND DOCUMENTATION ARE SUPPLIED "AS IS,"
#      WITHOUT ANY ACCOMPANYING SERVICES FROM CIRT.NET.
#      FURTHERMORE, CIRT.NET DOES NOT
#      WARRANT THAT THE OPERATION OF THE PROGRAM WILL BE
#      UNINTERRUPTED OR ERROR-FREE. THE END-USER UNDERSTANDS THAT
#      THE PROGRAM WAS DEVELOPED FOR RESEARCH PURPOSES AND IS
#      ADVISED NOT TO RELY EXCLUSIVELY ON THE PROGRAM FOR ANY
#      REASON.
#
#      IN NO EVENT SHALL CIRT.NET BE LIABLE TO ANY
#      PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL
#      DAMAGES, INCLUDING LOST PROFITS, ARISING OUT OF THE USE OF THIS
#      SOFTWARE AND ITS DOCUMENTATION, EVEN IF THE CIRT.NET
#      HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
#      CIRT.NET SPECIFICALLY DISCLAIMS ANY
#      WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
#      WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
#      PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS ON AN "AS IS" BASIS,
#      AND CIRT.NET HAS NO OBLIGATIONS TO PROVIDE
#      MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
###################################################################

# DO NOT PUT THIS SCRIPT IN YOUR CGI DIRECTORY

#The following variables must be set:
#@HTMFILES	Files to have the CGI file name replaced in. This can be either the old CGI file name
#               (previous MT run), or <!--MTID-->. Add files as standard 'qw' syntax, i.e. qw(file1.html file2.html)
#$HTMDIR	Where files in @HTMFILES are located. This must be a full path and contain the trailing slash.
#$IDFILE	File where current MTID is kept
#$ASOLDFILE	This file will be used to replace the previous CGI file name generated by MT. This will allow you
#               to send a message to the entity which submitted the old form. A simple PERL redirect can be used to
#               send them to the new form page. This should not redirect them to the new MT generated CGI name and
#               submit the data, as that would defeat the purpose of MT. Leave blank for none.
#$CHMODCMD	Command to execute if you need to make ASOLDFILE executable as cgi
#$FPATH	This is the directory where the CGI file that we're renaming lives. This must be a full path and contain the trailing slash.
#$FNAMESTART	This is the start to the CGI's file name (before where MTID is put)
#$FNAMEEND	This is the end to the CGI's file name (after where MTID is put)

## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ##
use vars qw/@HTMFILES $HTMDIR $IDFILE $ASOLDFILE $CHMODCMD $FPATH $FNAMESTART $FNAMEEND/;
use vars qw/$CUR_ID $NEW_ID $OLD_ID $CURFILENAME $NEWFILENAME $OLDERFILENAME/;
## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ##

## ## user defined variables:
# the files in @HTMFILES will have the old CGI file name (or <!--MTID--> replaced) at run time
# the template dir must be accurate for all files
@HTMFILES = qw(add.shtml);                     # HTM files to replace CGI file name in
$HTMDIR   = "/www/";                           # where @HTMFILES are located

$IDFILE="mt_current_id";                       # current id file name/path
$ASOLDFILE="/www/redir";                       # this file will replace the previous CGI, so it can be a message, or a redir
$CHMODCMD="/bin/chmod 755";                    # cmd to execute if you need to make ASOLDFILE executable as cgi
$FPATH="/www/cgi-bin/";                        # where CGI file is which will be renamed
$FNAMESTART="myscriptname\_";                  # start to CGI's file name (before ID)
$FNAMEEND="\.cgi";                             # end to CGI's file name (after ID)
## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ##

## ## ## start program
# set up current/old ids, file names, etc
&get_saved_id;
&get_new_id;

$CURFILENAME="$FNAMESTART$CUR_ID$FNAMEEND"; 
$NEWFILENAME="$FNAMESTART$NEW_ID$FNAMEEND"; 
$OLDERFILENAME="$FNAMESTART$OLD_ID$FNAMEEND";

&save_new_id;
&rename_files;
&make_redirect;
&process_templates; 

exit;
## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ##

## FUNCTIONS
## ## Create the fake 'redirect' file for the old CGI location, delete older one
sub make_redirect
{
 my ($R)="";
 # delete oldest file
 unlink("$FPATH$OLDERFILENAME");

 # open redirect template
 open(MSGF,"<$ASOLDFILE");
 my @MSG=<MSGF>;
 close(MSGF);

 # create 'new' old file
 open(OUT,">$FPATH$CURFILENAME");
 print OUT @MSG;
 close(OUT);
 if ($CHMODCMD ne "") { $R=`$CHMODCMD $FPATH$CURFILENAME`; }

 return;
}
## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ##
## ## Process HTML or other templates
sub process_templates
{
 my ($f,$template) = "";
 foreach $f (@HTMFILES) 
  {
   # open file
   open(TEMPL,"<$HTMDIR$f") || die print "Couldn't open template file $HTMDIR$f:$!\n";
   my @TEMPLATE=<TEMPL>; 
   close(TEMPL); 
   $template=join("",@TEMPLATE);
   # replace <!--MTID--> entry OR old CGI name
   $template =~ s/<!--MTID-->/$NEWFILENAME/gs;
   $template =~ s/$CURFILENAME/$NEWFILENAME/gs;
   # save over old file
   open(OUT,">$HTMDIR$f");
   print OUT $template;
   close(OUT);
  }
}
## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ##
## ## save new ID to the $IDFILE 
sub save_new_id
{
 open(OUT,">$IDFILE") || die print "Unable to open $IDFILE for write. Exiting.\n";
 print OUT "$NEW_ID\n";  # new id
 print OUT "$CUR_ID\n";  # old id
 close(OUT);
 return;
}
## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ##
## ## Rename CGI files
sub rename_files
{
 my ($RNRES) = "";

 if (-e "$FPATH$NEWFILENAME") # make sure new file doesn't exist!
  {
   &get_new_id;  # try again...
   $NEWFILENAME="$FNAMESTART$NEW_ID$FNAMEEND"; 
   if (-e "$FPATH$NEWFILENAME")  # still no good, give up
    { print "Cannot get a file name that doesn't exist. Exiting.\n"; exit; }
  }

 # actually rename file
 $RNRES=rename("$FPATH$CURFILENAME","$FPATH$NEWFILENAME"); 
 if (!$RNRES)
  {
   print "Error renaming file.  Exiting.\n"; 
   exit;
  }
 return;
}
## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ##
## ## Open current ID file & return the ID contained
sub get_saved_id
{
 if ($IDFILE eq "") { return; }

 open(FILE,"<$IDFILE") || print "Cannot open $IDFILE for read, but moving on ($!)\n";
 my @LINES=<FILE>;
 close(FILE);

 $CUR_ID=@LINES[0];
 $OLD_ID=@LINES[1];
 chomp($CUR_ID);
 chomp($OLD_ID);

 return;
}
## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ##
## ## Generate a new random ID
sub get_new_id
{
 my ($i, $length, $pos) = "";
 $length=int(rand 10) +5;   # get id length, 6-16 chars 
 my @CHARSET = ("a".."z","A".."Z","0".."9");
 for ($i=0;$i<=$length;$i++) { $NEW_ID.= @CHARSET[int(rand $#CHARSET)]; }
 return;
}
## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ##