#!/usr/bin/perl #use File::Copy; ##Custom Scripting for Hospital verification and payment on account numbers only. BEGIN { $SIG{'__DIE__'} = sub { print <<__WARN__ and exit 1 } } Content-Type: text/html; charset=ISO-8859-1\n Fatal Error in @{[(caller(2))[1]||__FILE__]} at ${\ scalar localtime } while responding to request from ${\ $ENV{'REMOTE_ADDR'} || 'localhost +' } ${\ join("\n",$!,$@,@_) } __WARN__ use strict; require 5.003; #require 'test03.cgi'; use accutil; use Time::Local; use File::stat; use Time::localtime; # print "Content-type: text/html\n\n"; my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime; $year += 1900; $mon += 1; my $datetime = sprintf "%04d%02d%02d%02d%02d%02d", $year, $mon, $mday, $hour, $min, $sec; my $version = '09.2012'; my $package = "Pro"; my $file='data007/WEB.TXT'; #this is the name of the datafile uploaded my $date_string = ctime(stat($file)->mtime); my $cfgfile = accutil::cfgfile(); my $accautoprefix = "CUS1"; my $plsseltag = "--- Please Select ---"; my $basedir; my $singleuser; my $adminemail; my $mailer; my $debug = 0; my $LOCK_EX; my ($payname, $payemail); my $cmpladdr; my $reqemail; my ($mbrdir, $mbrurl); my $hostaddr; my $cgidir; my %VARS; my $original_file; my $new_file; my $starttime = time(); my $headeron = 0; my $accid; my $acc1bal; my $accnum_02; my $acc2bal; my $accnum_03; my $acc3bal; my $siddir; my ($cmd, @pairs, $pair); my %INPUT; my $cgiurl = $ENV{'SCRIPT_NAME'}; my $ip_address_file = $ENV{'REMOTE_ADDR'}; my $sid; my $sid2; my $sid3; my $buffer; my (@statusline, @cmdline, @bodylines); @pairs = split(/&/, $ENV{'QUERY_STRING'}); foreach $pair (@pairs) { my ($name, $value); ($name, $value) = split(/=/, $pair); $value =~ s/%0D%0A/ /g; $value =~ s/%0A%0D/ /g; $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; if ($INPUT{$name}) { $INPUT{$name} = $INPUT{$name}."::::".$value; } else { $INPUT{$name} = $value; } } read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); @pairs = split(/&/, $buffer); foreach $pair (@pairs) { my ($name, $value); ($name, $value) = split(/=/, $pair); $value =~ s/%0D%0A/ /g; $value =~ s/%0A%0D/ /g; $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; if ($INPUT{$name}) { $INPUT{$name} = $INPUT{$name}.":".$value; } else { $INPUT{$name} = $value; } } $cmd = $INPUT{'cmd'}; $accid = $INPUT{'accid'}; $acc1bal = $INPUT{'acc1bal'}; $accnum_02 = $INPUT{'accnum_02'}; $acc2bal = $INPUT{'acc2bal'}; $accnum_03 = $INPUT{'accnum_03'}; $acc3bal = $INPUT{'acc3bal'}; findcgidir(); if (!loadcfg()) { errexit("Failed to read config file"); } if ($singleuser eq 'on') { loginform("Database shot down for maintenance, please try login later"); exit; } if ($cmd eq 'lostpasswd') { lostpasswd(); exit; } if ($cmd eq 'register') { formaccntopen(); exit; } if ($cmd eq 'formaccntopen') { formaccntopen(); exit; } if ($cmd eq 'formlostpasswd') { formlostpasswd(); exit; } if ($cmd eq 'accntopen') { accntopen(); exit; } $sid = $INPUT{'sid'}; $sid2 = $INPUT{'sid2'}; if ($cmd eq 'payform') { payform(); exit; } #if ($cmd eq 'delivery_form') { payform(); exit; } #if ($cmd eq 'service_call_request') { payform(); exit; } if ($cmd eq 'activate') { activate(); exit; } if ($cmd eq 'login') { login(); } if ($sid eq undef) { loginform(); exit; } if ($sid2 eq undef) { loginform(); exit; } if (!checksid()) { loginform(); exit; } if ($cmd eq 'gomain') { formmain(); exit; } if ($cmd eq 'gomain2') { formmain2(); exit; } if ($cmd eq 'accedit') { accedit(); exit; } if ($INPUT{'cmdmain.x'} ne undef) { formmain(); exit; } if ($INPUT{'cmdlogoff.x'} ne undef) { logoff(); exit; } if ($INPUT{'cmdview.x'} ne undef) { formviewaccnt(); exit; } if ($INPUT{'cmdedit.x'} ne undef) { formeditaccnt(); exit; } if ($INPUT{'cmdactivate.x'} ne undef) { formactivate(); exit; } &header; print "unknown command"; &footer; exit; ########################################sub pay form########################### sub payform { ########This is actually part of the verification screen hidden fields print<"); cmlprint(""); cmlprint(""); cmlprint(""); cmlprint(""); cmlprint(""); if ($debug) { my $tm = time() - $starttime; my ($utm, $stm) = (times())[0, 1]; print "Run time = $tm, user = $utm, system = $stm
"; foreach my $key (sort keys (%INPUT)) { print "$key: $INPUT{$key}
\n"; } print "

VARS:
\n"; foreach my $key (sort keys (%VARS)) { print "$key: $VARS{$key}
\n"; } accutil::debug(); print ""; } my %r = accutil::getaccnt($accid); my %ra = accutil::getaccnt($acc1bal); my %r1 = accutil::getaccnt($accnum_02); my %r1a = accutil::getaccnt($acc2bal); my %r2 = accutil::getaccnt($accnum_03); my %r2a = accutil::getaccnt($acc3bal); if ($cmd eq "payform") { if (-e $payform) { #4282014 jts; #lookup the accounts fresh. my $acctdbfile=accutil::getaccdbname(); my %accounts=accutil::getAccounts($acctdbfile); #get the balance for one. $acc1bal=accutil::getAccountBalance($accid,\%accounts); $acc2bal=accutil::getAccountBalance($accnum_02,\%accounts); $acc3bal=accutil::getAccountBalance($accnum_03,\%accounts); open(TEMPL, "$payform"); my $template = ""; while() { $template .= $_; $template =~ s/\$accid/$accid/gm; $template =~ s/\$accnum_02/$accnum_02/gm; ## Makes id dissapear $template =~ s/\$accnum_03/$accnum_03/gm; ## Makes id dissapear #4282014 jtsreplace balances $template =~ s/\$acc1bal/$acc1bal/gm; $template =~ s/\$acc2bal/$acc2bal/gm; ## Makes id dissapear $template =~ s/\$acc3bal/$acc3bal/gm; ## Makes id dissapear } close(TEMPL); for my $ikey (keys(%r)) { my ($value) = $r{$ikey}; $template =~ s/\$$ikey/$value/gm; } print "$template\n"; } } if ($cmd eq "delivery_form") { if (-e $delivery_form) { open(TEMPL, "$delivery_form"); my $template = ""; while() { $template .= $_; $template =~ s/\$accid/$accid/gm; $template =~ s/\$acc1bal/acc1bal/gm; $template =~ s/\$accnum_02/$accnum_02/gm; $template =~ s/\$$acc2bal/$acc2bal/gm; $template =~ s/\$accnum_03/$accnum_03/gm; $template =~ s/\$$acc3bal/$acc3bal/gm; } close(TEMPL); for my $ikey (keys(%r)) { my ($value) = $r{$ikey}; $template =~ s/\$$ikey/$value/gm; } print "$template\n"; &footertwo; } } if ($cmd eq "service_call_request") { if (-e $service_call_request) { open(TEMPL, "$service_call_request"); my $template = ""; while() { $template .= $_; $template =~ s/\$accid/$accid/gm; } close(TEMPL); for my $ikey (keys(%r)) { my ($value) = $r{$ikey}; $template =~ s/\$$ikey/$value/gm; } print "$template\n"; } }else { print "

Custom script © Coreave Design & Hosting
"; print "\n"; } } #============================================================================ formmain sub formmain { my $msg = $_[0]; if ($msg ne undef) { $msg = "$msg

"; } &header; my %r = accutil::getaccnt($accid); my %ra = accutil::getaccnt($acc1bal); my %r_1 = accutil::getaccnt($accnum_02); my %r_2 = accutil::getaccnt($acc2bal); my %r_3 = accutil::getaccnt($accnum_03); my %r_4 = accutil::getaccnt($acc3bal); if (!%r_2) { errorpage(accutil::error()); &footer;} if (!%r_1) { errorpage(accutil::error()); &footer; } ##############This is the Account verification Verified Screen##################### stlprint("\n\n"); stlprint("\n\n"); stlprint("\n\n"); stlprint("\n\n"); stlprint("\n\n"); stlprint("\n\n"); stlprint("
Account Number(s):
\n\n"); stlprint("\n"); stlprint("\n"); stlprint("\n"); stlprint("\n\n"); stlprint("
1.$accid
2.$accnum_02
3.$accnum_03

Verified OK

\n\n"); cmlprint(""); cmlprint("
"); cmlprint("\n"); cmlprint("\n"); cmlprint("\n"); cmlprint("\n"); cmlprint("\n"); cmlprint("\n"); cmlprint("\n"); cmlprint("\n"); cmlprint("\n"); if (!accutil::verifiednew(%r)) { my $type = 'Verify Email Address'; $type = 'Activate an Account' if $VARS{'manual'} eq undef && !accutil::enabled(%r); cmlprint("\n"); } cmlprint("
\n\n"); bodyprint("\n"); bodyprint("

$msg"); if (accutil::enabled(%r)) { } elsif ($r{'banby'} ne undef) { bodyprint("Your account disabled"); if ($r{'banreason'} ne undef) { bodyprint("
Reason: $r{'banreason'}

\n"); } bodyprint("

Please contact $VARS{'payname'} for more info.

\n"); } else { bodyprint(""); if ($VARS{'reqemail'} ne undef && !accutil::verifiednew(%r)) { bodyprint("\n"); } elsif ($VARS{'manual'} ne undef) { bodyprint(""); } bodyprint("\n"); } &footer; } #============================================================================ logoff sub logoff { if ($accid ne undef) { my $f = "$siddir/$accid"; if (-e $f) { unlink($f); } } loginform(); } #============================================================================ login sub retry_before_fail { my ( $maxtries , $coderef , @args ) = @_ ; while( $maxtries ) { if( my $result = $coderef->( @args ) ) { return $result ; } $maxtries-- ; } # Failure now either return or die return ; } sub login { if ($accid eq undef) { loginform("Missing Account Number"); exit; } if ($accnum_02 eq undef) { $accnum_02 = "none"; # if no second account number entered prints none. } if ($accnum_03 eq undef) { $accnum_03 = "none"; # if no third account number entered prints none. } my %r = accutil::getaccnt($accid); my %ra = accutil::getaccnt($acc1bal); my %r1 = accutil::getaccnt($accnum_02); my %r1a = accutil::getaccnt($acc2bal); my %r2 = accutil::getaccnt($accnum_03); my %r2a = accutil::getaccnt($acc3bal); if (!%r || ($r{'passwd'} ne $INPUT{':'})) { use warnings; my( $arg ); my( $count ); $count = 0; foreach $arg ( @ARGV ) { $count++; print( STDOUT "Argument $count is '$arg'.\n" ); } loginform("Sorry, we couldn't locate that account.
You have a Maximum of 4 trys
You have used One of them."); ############################################ max_attempts ############################ if (-e "$siddir/log/$ip_address_file") { print "Two trys left!\n"; if (-e "$siddir/log/$ip_address_file.02") { print "
This is your Last Try
YOU WILL BE LOCKED OUT OF OUR SYSTEM.
Contact our Customer Service at 928-757-0627 \n"; if (-e "$siddir/log/$ip_address_file.03") { print "
LOCKED OUT OF OUR SYSTEM.
Contact our Customer Service at (888) 898-9090\n"; &max_attempts; } # Creates file for third account number attempt my $g = "$siddir/log/$ip_address_file.03"; if (!open(SIDF, ">$g")) { errexit("Unable create customer session"); } flock(SIDF, $LOCK_EX) if $LOCK_EX; print SIDF "\n$accid\n"; close(SIDF); } # Creates file for second account number attempt my $g = "$siddir/log/$ip_address_file.02"; if (!open(SIDF, ">$g")) { errexit("Unable create customer session"); } flock(SIDF, $LOCK_EX) if $LOCK_EX; print SIDF "\n$accid\n"; close(SIDF); } #Creates file for first account number attempt my $g = "$siddir/log/$ip_address_file"; if (!open(SIDF, ">$g")) { errexit("Unable create customer session"); } flock(SIDF, $LOCK_EX) if $LOCK_EX; print SIDF "\n$accid\n"; close(SIDF); exit; } srand(time()); $sid = int(rand(1000000)); #Creates a coded sid for validation of first account number valitations against what is successfully entered. my $f = "$siddir/$accid"; if (!open(SIDF, ">$f")) { errexit("Unable create customer session"); } flock(SIDF, $LOCK_EX) if $LOCK_EX; print SIDF "$sid\n"; close(SIDF); $sid2 = int(rand(100000)); #Creates a coded sid for validation of second account number valitations against what is successfully entered. my $f2 = "$siddir/$accnum_02"; if (!open(SIDF, ">$f2")) { errexit("Unable create customer session"); } flock(SIDF, $LOCK_EX) if $LOCK_EX; print SIDF "$sid2\n"; close(SIDF); #Creates a file in data007.sid/log 0000000 account id (accid) with ip address of client. then unlinks them unlink("$siddir/log/$ip_address_file"); unlink("$siddir/log/$ip_address_file.02"); unlink("$siddir/log/$ip_address_file.03"); $cmd='gomain'; } #============================================================================ checksid sub checksid { my $f = "$siddir/$accid"; if (! -e $f) { return 0; } if (!open(SIDF, $f)) { return 0; } flock(SIDF, $LOCK_EX) if $LOCK_EX; my $s = ; close(SIDF); chop($s); if ($s eq $sid) { return 1; } return 0; my $f2 = "$siddir/$accnum_02"; ## SECOND SID2 if (! -e $f2) { return 0; } if (!open(SIDF, $f2)) { return 0; } flock(SIDF, $LOCK_EX) if $LOCK_EX; my $s2 = ; close(SIDF); chop($s2); if ($s2 eq $sid2) { return 1; } return 0; my $f3 = "$siddir/$accnum_03"; ## SECOND SID3 if (! -e $f3) { return 0; } if (!open(SIDF, $f3)) { return 0; } flock(SIDF, $LOCK_EX) if $LOCK_EX; my $s3 = ; close(SIDF); chop($s3); if ($s3 eq $sid3) { return 1; } return 0; } #============================================================================ header sub header { if ($headeron) { return; } print<\n EOF $headeron=1; my $header_file = "$basedir/tmpl/header.html"; if (-e $header_file) { if (open(HDR, "<$header_file")) { my @lines = ; close(HDR); print "\n"; print @lines; return; print "\n"; } } } #============================================================================ footer sub footer { my $footer_file = "$basedir/tmpl/footer.txt"; #$accid = formaccntopen&template=payform.html&$accid; if ($debug) { print ""; my $tm = time() - $starttime; my ($utm, $stm) = (times())[0, 1]; print "Run time = $tm, user = $utm, system = $stm
"; foreach my $key (sort keys (%INPUT)) { print "$key: $INPUT{$key}
\n"; } print "

VARS:
\n"; foreach my $key (sort keys (%VARS)) { print "$key: $VARS{$key}
\n"; } accutil::debug(); print ""; } if (-e $footer_file) { open(TEMPL, "$footer_file"); my $template = ""; while() { $template .= $_; $template =~ s/\$accid/$accid/gm; ## These are what is allowed in the footer post to make it to the payform $template =~ s/\$acc1bal/$acc1bal/gm; ## These are what is allowed in the footer post to make it to the payform $template =~ s/\$accnum_02/$accnum_02/gm; ## These are what is allowed in the footer post to make it to the payform $template =~ s/\$acc2bal/acc2bal/gm; ## These are what is allowed in the footer post to make it to the payform $template =~ s/\$accnum_03/$accnum_03/gm; ## These are what is allowed in the footer post to make it to the payform $template =~ s/\$acc3bal/acc3bal/gm; ## These are what is allowed in the footer post to make it to the payform } close(TEMPL); print "$template\n"; return; } else { print "
"; print "
©$payname

"; #print "Support: $adminemail
"; print "Custom script © Coreave Design & Hosting"; print "
\n"; } } #============================================================================ sub bodyprint { my $line = $_[0]; $line =~ s/\"; } push @bodylines, $line; if ($line =~ /\n\n/) { while (@bodylines) { print shift @bodylines; } print ""; } } #============================================================================ cmlprint sub cmlprint { my $line = $_[0]; $line =~ s/\"; } push @cmdline, $line; if ($line =~ /\n\n/) { while (@cmdline) { print shift @cmdline; } print ""; } } #============================================================================ stlprint sub stlprint { my $line = $_[0]; $line =~ s/\"; } push @statusline, $line; if ($line =~ /\n\n/) { while (@statusline) { print shift @statusline; } print ""; } } #============================================================================ errexit sub errexit { print <


Fatal Error: $_[0]. Execution aborted...
EOT exit; } #============================================================================Max attempts reached sub max_attempts { print <

You have Exceeded the number of Account attempts $_[0]. This you have been locked.
EOT &sleepy_timer; exit; } #=======================================================File deletion timer sub sleepy_timer { sleep (30); # LENGTH OF SECONDS TO LOCK OUT IP ADDRESS FROM SEARCHING FOR ACCOUNTS.. unlink("$siddir/log/$ip_address_file"); unlink("$siddir/log/$ip_address_file.02"); unlink("$siddir/log/$ip_address_file.03"); #exit; } ##################GET ACCOUNT BALANCES######################## $file='/var/www/vhosts/esofva.com/cgi-bin/best2/data007/WEB.TXT'; #============================================================================ findcgidir sub findcgidir { my $scriptfilename = $ENV{'SCRIPT_FILENAME'}; $scriptfilename = $ENV{'PATH_TRANSLATED'} if $ENV{'PATH_TRANSLATED'} ne undef; if ($scriptfilename eq undef) { if ($ENV{'PWD'} ne undef) { my @parts = split(/\//, $ENV{'SCRIPT_NAME'}); my $f = pop @parts; $scriptfilename = "$ENV{'PWD'}/$f"; } } my @cgipath = split(/\//, $scriptfilename); pop(@cgipath); $cgidir = join("\/", @cgipath); } #============================================================================ loadcgf sub loadcfg { my @buff; my $line; if (! open(CFG, $cfgfile)) { return 0; } @buff = ; close(CFG); chomp(@buff); foreach $line (@buff) { my $name; my $value; ($name, $value) = split(/=/, $line); if ($value ne undef) { $VARS{$name} = $value; } } $basedir = $VARS{'basedir'}; $siddir = $VARS{'siddir'}; $adminemail = $VARS{'adminemail'}; $mailer = $VARS{'mailer'}; my $uselock = $VARS{'uselock'}; $payname = $VARS{'payname'}; $singleuser = $VARS{'singleuser'}; $payemail = $VARS{'payemail'}; $cmpladdr = $VARS{'cmpladdr'}; $reqemail = $VARS{'reqemail'}; $mbrdir = $VARS{'mbrdir'}; $mbrurl = $VARS{'mbrurl'}; $hostaddr = $VARS{'hostaddr'}; $VARS{'bodycolor'} = '#ffffff' if $VARS{'bodycolor'} eq undef; $VARS{'cmdcolor'} = '#ffffff' if $VARS{'cmdcolor'} eq undef; $VARS{'stlcolor'} = '#ffffff' if $VARS{'stlcolor'} eq undef; &accutil::init(%VARS); if ($uselock) { $LOCK_EX = "2"; } return 1; } ########################################sub pay form########################### #============================================================================ loginform sub loginform { my $msg = $_[0]; if ($msg ne undef) { $msg = "$msg

"; } #&header; ###stlprint("
\n\n"); stlprint(" \n"); stlprint(" \n"); stlprint(" \n"); stlprint(" \n"); stlprint(" \n"); stlprint(" \n"); stlprint(" \n"); stlprint("
Account Number Verifications
\n\n"); stlprint("
In order to make online payments, we must verify account number(s).
Leave Unused fields Blank. Please follow the instructions.
Testing Numbers: 9068347 - 30548796 - 0007000000006792
\n\n"); bodyprint("

$msg
"); my $idtitle = 'Enter Account Number '; $idtitle = 'Email Address' if $VARS{'emailid'} ne undef; bodyprint("
"); bodyprint("
Enter Account Number:
 "); bodyprint(""); bodyprint("
Account Number Two:
"); bodyprint("
 
"); bodyprint("
Account Number Three:
 "); bodyprint("
"); bodyprint("

"); if ($VARS{'nonewlink'} eq undef) { bodyprint("Register Now!
\n"); } bodyprint("\n\n"); } #============================================================================ errorpage sub errorpage { my $e = $_[0]; cmlprint("
\n"); cmlprint(""); cmlprint(""); cmlprint(""); stlprint("
"); bodyprint("

Error: $e
Go
and correct the Account Number

\n\n"); bodyprint("Go Back and correct the Account Number\n"); exit; }