Software: Apache/2.0.54 (Fedora). PHP/5.0.4 uname -a: Linux mina-info.me 2.6.17-1.2142_FC4smp #1 SMP Tue Jul 11 22:57:02 EDT 2006 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /home/mnnews/public_html/cgi-bin/news/ drwxr-xr-x | |
| Viewing file: Select action/file-type: If you're upgrading from a previous version, see the upgrade instructions on the
NewsPro web site.
Readme - NewsPro 3.6.1
http://amphibian.gagames.com/
NewsPro is a full-featured news updating script. Some of the things it can do
include:
- Support for multiple users
- Web-based configuration
- Edit or remove previously posted news
- Auto-archiving or deletion
- News style is completely configurable
- Cookie-based login
- Has an easy, simple interface
- Headline support
- Built-in e-mail news list feature
- Online help
- Show new files on your site
- Allows searching of news
- My Netscape Channel support
- Supports a variety of addons
- Much more...
****************************************************
SYNOPSIS
****************************************************
Already *very* experienced with Perl scripts? Then follow these instructions:
Copy all files into a world-writable directory. Make all files world-writable,
and .cgi files executable. Launch newspro.cgi from browser. Once set up, news
will be written to news.txt, which can be included into an HTML page via any
method which can include a normal text file.
If you have any problems, read the full instructions, which are about 20 times
longer and more detailed.
****************************************************
INSTALLATION
****************************************************
Installation is a simple, 4-step procedure, but you should read these
instructions carefully. Make sure that you CHMOD all files as necessary.
Before requesting support, make sure that you have read through this whole
document.
While I have tried to make this script easy enough to be used by relatively
inexperienced users, it is impossible to make a powerful CGI program which can
be used by someone with little to no computer experience. You must be familiar
with the basics of the Web, know how to FTP files to your web server, and have
basic knowledge of HTML. These are all things which anyone who makes a web page
should know. Also, please make sure that your web host supports CGI scripts
before trying to install this: many, in particular just about all free hosts, do
not.
# Parts of these instructions which most users will not have to read are
# labelled with # signs, like this paragraph.
###
# STEP 1
###
First, change the first line in newspro.cgi and viewnews.cgi. It should be #!
followed by the path to Perl 5 on your server. If you're unsure, it is almost
always one of the following:
#!/usr/bin/perl
#!/usr/bin/perl5
#!/usr/local/bin/perl
#!/usr/local/bin/perl5
# Some servers also have Perl 4, an older version, installed. If you have
# problems, make sure you're pointing at Perl 5.001 or higher, as NewsPro will
# not work at all with Perl 4.
#
# Users of the HyperMart web service should use #!/usr/local/bin/perl
For most users, this is all the text file editing that you have to do.
###
# STEP 2
###
Next, FTP all the files to your server IN ASCII MODE (*not* binary mode, or
auto-detect). Your FTP program should have this as an option; if not, download
WS_FTP LE (free) from http://www.wsftp.com/. They should all go in the same
directory.
# Most servers require that CGI scripts have a .cgi extension. All the NewsPro
# CGI scripts have a .cgi extension. Many of NewsPro's files have a .pl
# extension; these SHOULD NOT be renamed, as they are NOT CGI scripts. If your
# server requires that CGI/Perl scripts have a .pl extension, you can rename
# newspro.cgi and viewnews.cgi to newspro.pl and viewnews.pl.
On UNIX servers, you must CHMOD the NewsPro directory 777 (some servers use 755
instead; only try 755 if you have problems. Other servers use 666. Other servers
are just weird.). If you're unsure whether you're on a UNIX server, chances are
you are (UNIX includes FreeBSD, Linux (operating systems called RedHat, Caldera,
Debian, etc. are all Linux), Solaris, etc.). Remember, your server is
NOT your computer; while your computer may be running Windows 98, no decent web
server runs Windows 98 (though a few run Windows NT).
# If you're using WS_FTP, use the following guide to translate CHMOD numbers
# to the boxes in the CHMOD dialog box:
# 666 = Read & Write for all,
# 755 = Read, Write & Execute for Owner, Read & Execute for Group & Other,
# 777 = Read, Write & Execute for all.
Then, you must chmod certain files:
- newspro.cgi CHMOD 755 (or 777)
- viewnews.cgi CHMOD 755 (or 777)
- ndisplay.pl CHMOD 666 (or 777)
- npconfig.dat CHMOD 666 (or 777)
- newsdat.txt CHMOD 666 (or 777)
- news.txt CHMOD 666 (or 777)
# NOTE: Some ISPs use something called "CGIwrap" or "suEXEC" which changes the
# way CGI scripts run. If you are certain that your web server uses this,
# you may use a CHMOD of 710 where the instructions above call for 755, and a
# CHMOD of 644 where instructions above call for 666. If you're not
# certain, follow the standard instructions above.
###
# STEP 3
###
Now, access newspro.cgi via your web browser, i.e. at
http://www.yoursite.com/newspro/newspro.cgi. It should display a login page.
# IF IT DOES NOT DISPLAY A LOGIN PAGE:
# - If it simply displays the source of the script, ensure that you have
# CHMODded all the files correctly, and that if your server requires you to
# place CGI scripts in a cgi-bin directory, you have done so.
# - If you get the dreaded 500 Internal Server error, look at the instructions
# at the top of newspro.cgi, and try setting the "workaround" and $IIS
# settings. If you still have problems, then:
# plenty at http://cgi.resourceindex.com/). If it doesn't work, then
# something is wrong in your setup; contact your system administrator.
# - E-mail newspro-help@amphibian.hypermart.net for help. Provide as many
# details as possible; if you simple send an e-mail that says "I'm getting
# a 500 server error!", it's impossible to help you. If you have telnet
# (shell) access to your server, telnet in, switch to the newspro
# directory, and type:
# /path/to/perl/as/at/the/top/of/newspro newspro.cgi
# (omit the #! from the path to perl in newspro.cgi)
# and then e-mail the results to the address mentioned above.
At the login screen, type in 'setup' (no quotes) as the username, and leave
password blank. Click Submit. The web-based setup procedure will begin, and
instructions will be provided as you go along.
You will be asked whether your site is commercial or non-commercial. Answer
this honestly! Not doing so is a violation of the license that you agree to by
using NewsPro, and by violating the license you can be barred from using this
script at all. In particular, remember that sites with any paid advertising
placed by the owner (i.e. not required by the hosting service) are considered
commercial. NewsPro is still free for commercial sites, however they do have to
display a small link to the script on their news page.
# One note for the web-based procedure: you will be asked for absolute paths
# to three different NewsPro directories, the Admin path, the News File path,
# and the Archive path. The Admin path is the directory where you just copied
# all the files. If that admin path is NOT a cgi-bin directory, it is
# generally best to make all three paths the same. If, however, it is a
# cgi-bin directory, you may have server problems if you keep your news files
# in it. Create another directory, outside your cgi-bin, and CHMOD it 777. Set
# the News File and Archive paths to that directory.
###
# STEP 4
###
At this point, the NewsPro script will have been installed. Next, you need to
set up your pages to work with NewsPro. NewsPro will write your news to the file
news.txt, in the directory you specified as your HTML directory during setup.
You must make sure this file exists and is CHMOD 666 or 777 (you should have
done this during file copying). This file must be "included" in your pages via
Server Side Includes. Your server may require you to name files with Server Side
Includes .shtml. To include your news in your page, insert the following code
into your page where you want the news to be:
<!--#include virtual="news.txt" -->
This assumes that news.txt is in the same directory as your page. If news.txt
is, for instance, located at
http://www.mysite.com/mypage/cgi-bin/newspro/news.txt, and the file you're
including it in is in any other directory on your site, use:
<!--#include virtual="/mypage/cgi-bin/newspro/news.txt" -->
NOTE: When using server-side includes and "#include virtual", do not use
absolute paths. Simply use the URL of the page, minus http://www.mysite.com, as
in the example above. If you do need to use absolute paths, use "#include file"
instead.
# TROUBLESHOOTING: If you've added news, built news, and followed these
# instructions and you still don't see the news on your page...
# - If you don't see ANYTHING where the news should be, your server is not
# looking for server-side includes in that file. Try giving the file a
# .shtml extension. If that doesn't work, contact your system
# administrator. If you can't use server side includes, you can use some
# of the features of the script via viewnews.cgi; replace your news page
# with a link to viewnews.cgi?news. You can also use any other method of
# including a text file into a page. For instance, try renaming your news
# HTML file news.php3 and inserting the line
# <?php include("/absolute/path/to/news.txt"); ?>
# where you want the news to be.
#
# - If you see [an error occurred while processing this directive] or
# something similar, the server can't find the file it's trying to
# include. Try using <!--#include file="/absolute/path/to/news.txt" -->.
# If that doesn't work, make sure that your news files directory is not
# inside your cgi-bin.
That's it! NewsPro is now set up for basic operation. For more advanced
information, visit the NewsPro web site at
http://amphibian.gagames.com/.
****************************************************
USAGE
****************************************************
This program was designed so that basic usage (adding, building, and deleting
news) wouldn't require any explanation. If that's all you need to do, and you
don't need any extensive customizations to the news style, you can probably stop
reading here. An explanation of more advanced features follows.
One important note is to be very cautious when creating new users and giving
them Webmaster privileges. A user with Webmaster privileges cannot be deleted,
and they can change all the settings. Be careful!
To edit your news style, you can simply edit via the text box in Change
Settings. Any editing of news style requires basic knowledge of HTML, by the
way; this is a prerequisite to making a decent web page in any case. Many
tutorials are available on the web if you'd like to learn.
More advanced editing - anything other than raw HTML - can by done by
editing ndisplay.pl. The box in Change Settings is a simplified interface to
the ndisplay.pl file; once you have edited it manually, you can no longer
use Change Settings to change the style. For examples of editing
ndisplay.pl, see the Advanced section below.
In NewsPro, all news is kept in a database (newsdat.txt). News is never
automatically deleted from that file, even if you have auto-hide or
auto-archive enabled. If you have auto-hide enabled, that simply means that
old news will not be displayed to viewers of your page. If you later disable
auto-hide, that news will reappear.
The feature which needs the most explanation is archiving. It works as follows:
- If you choose to archive in one single file, your archive will be created in a
file in your archive directory called archive.txt. You must include this in a
page as with news.txt.
- If you choose to archive in monthly files, things get a little more
complicated. Because it would be extremely inconvenient to have to create a new
HTML file and include a text file in it each month, NewsPro will create HTML
files as well as text files.
It will create, for each month's archive, both a HTML file (arcmonth_year.html)
and a text file (arcmonth_year.txt). The text file will be like the news.txt
file: just the news. The HTML file will be based on the file archive.tmpl. You
can customize archive.tmpl to suit the look and feel of your site. Simply insert
<InsertDate> into archive.tmpl where you want the month of the archive to
appear, and <InsertNews> to insert the archived news for that month.
As well, it will create a page that links to all the different monthly archives.
This file is called, by default, archive.html. It is based on arclink.tmpl:
<InsertLinks> in this file will be replaced by the links to the monthly archive
files.
Also, remember that this archiving will ONLY be done when you choose Build News
from NewsPro.
****************************************************
ADVANCED
****************************************************
For much more information, and examples of customization (i.e. how to make the
date appear once above all the news for a day, how to add your own fields),
visit the following URL:
http://amphibian.gagames.com/newspro/advanced.html
The best source for information about customizations is the NewsPro forum at:
http://amphibian.gagames.com/newspro/forum/forum.cgi
Search through previous messages, and if you don't find an answer, post your
own.
***************************************************
VIEWNEWS.CGI
***************************************************
Viewnews.cgi is a separate script that allows your users to interact with your
news database. It is completely optional, and many users don't even install it
on their servers. While it shouldn't be too difficult, it is not
self-explanatory like newspro.cgi. It is not very well documented, but here is a
brief run-down of what it can do.
GENERAL: The script must be in the same directory as newspro.cgi, npconfig.dat,
etc. By default, the script generates very plain-looking and fairly ugly pages.
To configure the style of script pages, edit the file viewnews.tmpl. It contains
brief instructions as a comment inside; basically, it is just a HTML file with
<InsertTitle> and <InsertContent> in the appropriate places. The viewnews.tmpl
file applies to every page OTHER than the one generated when viewnews.cgi is
called directly, without any parameters. Viewnews.cgi is intended to be called
directly only when including it into a page via server-side includes, and of
course when including it into another page there is no need for a template file.
SEARCHING: The most-used function of viewnews.cgi is to allow users to search
through your news. The search function is fairly primitive, but... it works.
There are two ways of accessing it. The first is via a simple search form. The
easiest way to set up this form on your page is to access
viewnews.cgi?dispsearchform from your web browser, and cut-and-paste the HTML
code it produces. Note that the searchfield list box is completely optional, and
in fact most of the time it's better left out. The second way to access the
search function is by calling the script with ?search followed by the search
term. For instance, if you want to search for the word "strawberry", you would
use URL http://your.server/viewnews.cgi?searchstrawberry This is useful mainly
for links from your page; for instance, you could set up your news so that when
a user clicked on the name of the news author, every news item which included
that author's name would be displayed.
DYNAMICALLY GENERATED NEWS: Viewnews.cgi can be included via SSI (<!-#include
virtual="viewnews.cgi"-->) to display the latest news on your page. This behaves
almost exactly like news.txt, except it generates the news every time from
newsdat.txt (news therefore shows up as soon as it's submitted, you don't need
to build news). In general, using the standard news.txt is faster, more secure,
and easier on your server. The main feature which viewnews.cgi has and the
standard method doesn't, though, is that viewnews.cgi can use cookies to display
only news items posted after the user's last visit. To be precise, it displays
news items posted after 5 hours before the user's last visit, so that news items
will not disappear if the user reloads the page seconds after their first visit.
To enable this, just make sure UseCookies in Advanced Settings is set to 1, and
include it in your pages using a server-side include.
E-MAIL NOTIFICATION LIST: Users can add or remove themselves from your e-mail
notification list (provided you have installed the e-mail notification addon).
For a cut-and-paste example of the form used to do this, visit
http://your.server/viewnews.cgi?emaillistform
VIEWING SPECIFIC NEWS ITEMS: Viewnews.cgi can be called in the following way to
display only certain news items: http://your.server/viewnews.cgi?newsstart0end6
which would display news items 0 through 6. Your first news item is number 0.
viewnews.cgi?newsall will display every single news item.
viewnews.cgi?newsid9278987,4563, will display the news item with ID
9278987,4563,
VIEWING NEWS ITEMS BY DATE/TIME: viewnews.cgi?archivestart1998-12-20to1999-5-13
will display items in that date range (December 20, 1998 to May 13, 1999)
viewnews.cgi?archivepast3days will display items from the last 3 days (actually,
news items posted within the last 72 hours) The same results can also be
achieved using a form. For cut-and-paste examples of these forms, go to
viewnews.cgi?disparchiveform
****************************************************
VERSION INFO
****************************************************
v3.6.1 - Augut 29, 1999
FIXED: Change Settings would not work during the setup procedure.
v3.6 - August 28, 1999
FIXED: Search bug where the first news item would always be included (often
multiple times) in search results.
ADDED: Language support. All messages visible to standard- or high-level users
are now in a file called nplang.pl which can easily be edited. Translated
versions of NewsPro will now be made available.
CHANGED: No longer requires the Perl Time::Local module. While this is supposed
to be a standard module, many servers appear not to have it.
CHANGED: Speed tweaks in news loading routine. Building news should be slightly
faster, modifying should be considerably faster. As well, less memory is
used.
FIXED: Bugs when modifying news and using the DisableHTML option.
FIXED: Problem when adding users with the ~ character in their names.
v3.05 - August 4, 1999
FIXED: Endless loop when viewnews.cgi couldn't open viewnews.tmpl.
FIXED: (hopefully) Intermittent bug where NewsPro suddenly decided it was
upgrading from version 1.0.
CHANGED: Whenever news is filtered by a number of days, the definition used is
no longer the current time minus (days times 24 hours) but all of today
and the last (number) days.
CHANGED: Settings now use dropdown menus rather than radio buttons.
ADDED: MaxSearchResults setting (control the maximum number of search
results displayed)
CHANGED: Search results are now sorted first by how many words in the search
string were matched, then by date.
CHANGED: The installation instructions in this readme have been rewritten to
deal with common installation problems.
CHANGED: Script colours. Figured it was time.
CHANGED: URLs updated to reflect new address for NewsPro site.
CHANGED: The news category is no longer part of the news ID number. This means
that news ID numbers have changed since the last version; you will have
to update any static links that you may have.
ADDED: Server problems workaround sections in newspro.cgi and viewnews.cgi; some
variables to set in the scripts themselves to get around some relatively
common server problems.
v3.04 - July 6, 1999
CHANGED: Now uses a new file, nplib.pl, which contains functions that various
modules of the script use. Having them in one central file saves
duplication.
CHANGED: When searching using viewnews.cgi, a "phrase in quotes" will match only
that whole phrase, rather than any of the words.
ADDED: Viewnews.cgi can now display news items in a particular date range, i.e.
viewnews.cgi?archive1999-4-12to1999-6-2 will show items from April 12,
1999 to June 2, 1999.
ADDED: Viewnews.cgi can now display news items from the past few days:
viewnews.cgi?archivepast8days shows news from the last 8 days.
ADDED: Viewnews.cgi?disparchiveform will now produce HTML forms that can be used
on your pages to view archived news.
v3.03 - July 2, 1999
FIXED: Bug where removing the most recent news item would cause the previous
news item to be repeated until news was rebuilt.
FIXED: Bug with isNewDate modification and viewnews.cgi.
FIXED: Search results in viewnews.cgi are now ordered from most to least recent.
v3.02 - June 28, 1999
FIXED: Bug where viewnews.cgi, when called to view by news ID, would not display
the oldest item.
FIXED: Very rare bug where the correct news would not be displayed when using
ArchiveNumber.
CHANGED: Readme changed, some unnecessary files removed from ZIP.
ADDED: EnableAddons variable in viewnews.cgi. Viewnews.cgi must now be edited
before it will look for addons; this increases speed.
ADDED: isNewDate subroutine to assist in displaying one date above a day's news
items.
v3.01 - June 24, 1999
FIXED: Bug in the upgrade procedure.
v3.0 - June 21, 1999
ADDED: CreateAnchors option - ability to disable creating of <a name> tags.
CHANGED: Automatically created <a name> tags now use a new unique ID number.
While NewsPro will try and modify ndisplay.pl to reflect this, you may need to
manually change uses of $newsnum to $newsid in your news style settings.
ADDED: DisableHTML option - remove all HTML from submitted news.
ADDED: viewnews.cgi will now work with <!--#include
file="/absolute/path/to/file"--> SSI tags in viewnews.tmpl (include virtual tags
will still not work).
ADDED: BasicLayout option - use a very simple HTML layout for script pages.
FIXED: HTML bug when displaying error messages.
CHANGED: Some details of addon support changed - while all older addons will
still work, new addons may not work on older versions.
CHANGED: Some security improvements.
v3.0_beta1 - June 17, 1999
ADDED: Addon support. Simply copy addon files into your NewsPro directory and
they will be loaded.
ADDED: Addon Manager addon is now included.
CHANGED: The E-Mail Notification, Netcenter Channel, and NewFiles features have
been removed from newspro.cgi (resulting in about a 20KB decrease in file size).
These features are now available as addons - click the link in the Addon Manager
to download.
ADDED: New DoSearchHTML and DoArchiveHTML subroutines in ndisplay.pl allow
specific customization of search and archive formatting.
REMOVED: Search Results As Headlines option. This can now be accomplished by
editing DoSearchHTML in ndisplay.pl.
CHANGED: Completely rewritten news database routine, which allows for more
complex functions. Technical info: all news is now stored in @NewsData.
FIXED: HTML in fields other than newstext will no longer mess up Modify News.
FIXED: Every release fixes minor bugs, OK?
v2.1a - May 12, 1999
FIXED: ndisplay.pl wasn't included in the ZIP file. Sorry!
FIXED: HTML error when generating <a name> tags.
FIXED: Slashes appearing on archive links page.
Version history deleted - do you really care what was in version 1.1a?
Requirements:
- Perl 5.001 or higher. 99% of web servers which support CGI scripts have this.
- Server Side Includes (SSI). 99% of web servers which support Perl have this.
You may have to enable it, though only if it doesn't work at first; if you
use an Apache server (60% of Web servers are Apache), create a file called
.htaccess in your main directory and add the lines below (if it already
exists, add these lines to the bottom):
AddHandler server-parsed .html .htm .shtml
(if it still doesn't work, then add the following below:)
Options Includes
Now, all .html, .htm, and .shtml files will support Server Side Includes.
- Browser that supports Cookies. Any recent browser will support Cookies, just
make sure you didn't disable them.
****************************************************
SECURITY
****************************************************
This is a quick note on the security of this script. Basically, a warning: I
have made no attempts at security for "Webmaster"-level users. In fact, there is
most likely a way that webmaster users can gain access to places they shouldn't,
especially since they specify path names that the script later uses.
Obey the following rule: do not give Webmaster access to anyone whom you
wouldn't give your FTP password.
Standard and High level users are not allowed to change any settings. I've made
certain that the script never opens and files or runs any commands which include
values set by these user levels. As well, server side includes are filtered from
the news when it is submitted. Viewers of your web site should never access your
script in the first place, and no-one without a password CAN access it.
Finally, it is possible for any user to view your configuration if they know
where to look. This includes user passwords, but IN ENCRYPTED FORM. This script
uses standard Unix crypt() encryption, which I believe is based on the DES
encryption standard. So: if you've got a committed cracker with time and
processing power after you... well, they'll probably find a way to get in
anyway. If you are paranoid, though, you can add the following lines to
.htaccess on Apache servers to make the encrypted passwords inaccessible:
<Files "npconfig.dat">
order deny, allow
deny from all
</Files>
****************************************************
THE END
**************************************************** |
:: Command execute :: | |
--[ c99shell v. 1.0 pre-release build #16 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0033 ]-- |