The script was written for perl 4.036, so if you have perl 5.0 you may 
need to make some changes.  it was tested on linux running httpd 1.4.  
Things like the "date" command may need changed, along with a few other 
minor things.  It's very difficult to write a completely portable perl 
script for things like this.  If you aren't sure of what you're doing 
when it comes to perl or CGI scripts, you may have some problems.  

   I've received mail from some people saying it doesnt work on their 
system, or they can't figure out how to use it, etc.  All I can say is 
that I don't guarantee that it will work for you, since you don't have to 
pay for it unless you actually put it to use.  My motto is: "If it's 
cool, it's probably not easy" :)

#!/usr/bin/perl
#
#  COMMENTS.CGI                             
#     by Matt Kruse (mkruse@saunix.sau.edu) 
#
# It was written for and tested under perl 4.036 and NCSA httpd 1.4.
# It may need some hacking to convert to perl 5.0 or another server type.
#
# Using this script is easy!  Here's what you'll want to do:
#   1.  put the script in the directory where your comments will be
#   2.  name it comments.cgi
#   3.  make it executable (chmod 755 comments.cgi)
#   4.  make sure the directory is writable (chmod 777 .)
#   5.  Load up the comments.cgi in your browser!
#
#   You can then create the main questions.html page from there, and it will
# immediately be ready to use.  you can go back and edit the questions.html
# file to make it fancy if you want.
#   WARNING:  the comments are stored on single lines to make it easier 
# search, delete, etc.  Loading up the questions.html file in an editor like
# pico will wrap the lines and possibly cause errors.  Use vi or emacs.
# But you shouldn't need to edit the html file anyway (that's the point!)
#
# NOTE:  the default password to begin with is "password".  Change this 
# immediately to a more secure password.
# 
# HAVE FUN! :)

# Some subroutines from CGI-LIB.PL were used, so here is what I am supposed
# to include in my script:

# (from cgi-lib.pl)
# Copyright 1994 Steven E. Brenner
# Unpublished work.
# Permission granted to use and modify this library so long as the
# copyright above is maintained, modifications are documented, and
# credit is given for any use of the library.
# Thanks are due to many people for reporting bugs and suggestions
# especially Meng Weng Wong, Maki Watanabe, Bo Frese Rasmussen,
# Andrew Dalke, Mark-Jason Dominus and Dave Dittrich.
sub MethGet { return ($ENV{'REQUEST_METHOD'} eq "GET"); }
sub ReadParse {  local (*in) = @_ if @_;
  local ($i, $loc, $key, $val);
  if ($ENV{'REQUEST_METHOD'} eq "GET") { $in = $ENV{'QUERY_STRING'}; } 
  elsif ($ENV{'REQUEST_METHOD'} eq "POST") { 
      read(STDIN,$in,$ENV{'CONTENT_LENGTH'});}
  @in = split(/&/,$in);
  foreach $i (0 .. $#in) {
    $in[$i] =~ s/\+/ /g;
    ($key, $val) = split(/=/,$in[$i],2); # splits on the first =.
    $key =~ s/%(..)/pack("c",hex($1))/ge;
    $val =~ s/%(..)/pack("c",hex($1))/ge;
    $in{$key} .= "\0" if (defined($in{$key})); # \0 is the multiple separator
    $in{$key} .= $val;
  }
  return 1; # just for fun
}
sub PrintHeader { return "Content-type: text/html\n\n"; }

# Owner-changeable options
# ------------------------
$OWNERPASSWORD="chem106";
$PAGENAME="questions.html";
@badwords=("fuck","shit","damn","pussy","dick","cock","bitch","asshole");

&ReadParse(*input);
print &PrintHeader;

$DATE=`date`; $DATE=substr($DATE,0,16);

# Subroutine to read comments page into @LINES
# --------------------------------------------
sub ReadPage {
open (INDEX,"$PAGENAME");
@LINES=<INDEX>;
close(INDEX);
}

# Subroutine to print out all of comments page
# --------------------------------------------
sub PrintPage {
open (INDEX,"$PAGENAME");
while (<INDEX>) {print; }
close (INDEX);
}

# Subroutine for Bad Password Input
# ---------------------------------
sub BadPassword {
print <<EOF;
<H1>Bad Password</H1>
The password you have entered is incorrect.  Your username, IP address, 
and the current time have been logged for possible review later.  If this 
was an accident, please try again.  If you are trying to break a 
password, please don't.<P>
<HR>
EOF
exit(0);
}

# Subroutine to check for empty responses
# ---------------------------------------
sub BadResponse {
print <<EOF;
<H1>Response Error</H1>
You have left some of the entries blank which must be filled in.<P>
Please go back and fill in all the fields correctly.<P>
<HR>
EOF
exit(0);
}

# Subroutine to check for inappropriate responses
# -----------------------------------------------
sub CheckText {
$TEXTTOCHECK=$_[0];
# Check for offensive words
foreach $badword (@badwords) {
   if ($TEXTTOCHECK=~ /$badword/i) {
   print <<EOF;
<H1>Grow Up!</H1>
Your text contains a word that others may find offensive.  Please 
re-enter your text and make it suitable for everyone.<BR>
<A HREF="http:$PAGENAME">Return to Comments Section</A>
<HR>
The unacceptable words are in bold below:<P>
EOF
foreach $badword (@badwords) { $TEXTTOCHECK =~ s/($badword)/<B>$1<\/B>/g; }
print "$TEXTTOCHECK<P>\n<HR>\n";
   exit(0); 
   }
} #end of foreach

# Check for html markup
   if ( ($TEXTTOCHECK=~ /</) || ($TEXTTOCHECK=~ />/) ) {
   print <<EOF;
<H1>HTML Markup not allowed</H1>
You have entered text that appeared to have HTML markup tags in it.  This 
page is specially formatted to appear correctly, so please do not try to 
put markup or links in your text.  In fact, any text including the 
characters '<' or '>' is not allowed, so please use something else.  
Thanks.<P>
<HR>
EOF
   exit(0);
   }
} # end of sub


# Start with the main program
# ---------------------------
$COMMAND=$input{'COMMAND'};
$PASSWORD=$input{'PASSWORD'};
$NAME=$input{'NAME'};
$COMMENTS=$input{'COMMENTS'};
$SEARCHTEXT=$input{'SEARCHTEXT'};
$EMAIL=$input{'EMAIL'};

# Utilities for Page Owner
# ------------------------
if ($COMMAND eq '') {
print <<EOF;
<H1>Page Setup and Owner's Utilities</H1>
<HR>
Welcome to the utilities section of the comments page.  This allows the 
owner of the page to start the comments page for the first time, 
change the parameters of the page, delete entries that are old, or 
delete entries that contain certain words or characters.<P>

<H3>Select an action:</H3>
<FORM METHOD=POST ACTION="http:comments.cgi">
<DL>
<DT><INPUT TYPE=RADIO NAME=COMMAND VALUE=CREATEINDEX><B> Create Index 
Page</B>
<DD>Choose this option when running this script for the first time.  It 
creates a basic comments page that is all set up and ready to run for 
you.  You can then go back and manually change the words or layout if you 
want to.<BR>

<DT><INPUT TYPE=RADIO NAME=COMMAND VALUE=CHANGEPASSWORD><B> Change your 
Password</B>
<DD>This option allows you to change your password.  To update the page 
from now on, you will need to enter your password, and you should choose 
one of your own <B>immediatly</B> after setting up the page.<BR>

<DT><INPUT TYPE=RADIO NAME=COMMAND VALUE=UPDATEINDEX><B> Update the 
comments page</B><BR> 
<DD>This is the option you'll be using on a regular basis.  It lets you 
delete comments on your page that are older thn a certain date, or 
comments that contain a certain string.  This means there is no need to 
edit the actual file itself - everything can be done from here.<BR>

<DT><INPUT TYPE=RADIO NAME=COMMAND VALUE=BADWORDS><B> Change the list of 
unusable words</B>
<DD>There are certain words that most people find offensive, and they are 
not allowed to be put onto the comments page.  You can edit this list of 
words if you want to add more, or if you don't want to have any at all.<BR>
</DL>

<INPUT TYPE=SUBMIT VALUE="Do Action">
</FORM>
<HR>
EOF
exit(0);
}

# Create Main Index Page (OWNER ONLY)
# -----------------------------------
if ($COMMAND eq 'CREATEINDEX') {
print <<EOF;
<H1>Create Index Page</H1>
This form allows you to automatically create a correctly-formatted index
page to begin with.<BR>
Several things you should keep in mind:
<OL>
<LI>The comments page <B>MUST</B> be in the same directory as this 
script.  This script cannot be used in the /cgi-bin directory.  Not all 
WWW sites alow users to have scripts in their own directories, but most do.
<LI>The directory that this script and the comments page is in must be 
world-writable.  This is so both this script and the page itself can be 
written to by you and other people leaving comments.
<LI>Filling in the information below and creating the page will actually 
change this script itself to your specifications.
<LI>If you want to start over, you can run this section again and create 
a new index file.
<LI>This will <B>NOT</B> check to see if the filename you give it already 
exists.  If you tell it to make "questions.html" and that page already 
exists, it will be overwritten.
</OL>

<FORM METHOD=POST ACTION="http:comments.cgi">
<INPUT TYPE=HIDDEN NAME=COMMAND VALUE=DOCREATEINDEX>
<B>Current Passwrd:</B> <INPUT NAME=PASSWORD SIZE=15 MAXLENGTH=15><BR>
<B>Name of comments page:</B> <INPUT NAME=PAGENAME SIZE=30 MAXLENGTH=30 
   VALUE=$PAGENAME><BR>
<B>Page Title:</B> <INPUT NAME=TITLE SIZE=30 MAXLENGTH=30 
   VALUE="Comments Page" ><BR> <INPUT TYPE=SUBMIT VALUE="Create Index"> 
</FORM>
EOF
exit(0);
}

# Actually Create Index (OWNER ONLY)
# ----------------------------------
if ($COMMAND eq 'DOCREATEINDEX') {
if ($PASSWORD ne $OWNERPASSWORD) {&BadPassword;}
#update script with new info
open (SCRIPT,"comments.cgi");  $PAGENAME=$input{'PAGENAME'};
@LINES=<SCRIPT>;
close(SCRIPT);

open (SCRIPT,"> comments.cgi");
foreach (@LINES) {
  if (/^\$PAGENAME/) {print SCRIPT "\$PAGENAME=\"$PAGENAME\";\n";}
  else { print SCRIPT "$_"; }
  }
close(SCRIPT);

#create index
$TITLE=$input{'TITLE'};
open (INDEX,"> $PAGENAME") || die print "Can't Open New Index";
print INDEX <<EOF;
<TITLE>$TITLE</TITLE>
<H1>$TITLE</H1>
[ 
<A HREF="http:comments.cgi?COMMAND=ENTERCOMMENT">Add A Comment</A> | 
<A HREF="http:comments.cgi?COMMAND=SEARCH">Search</A> 
]
<P>
This page is a place for you to enter your comments.  Just select "Add A 
Comment" above! 
<HR>

<DL>

</DL>

<HR>
<ADDRESS>
This script was written in PERL my Matt Kruse (mkruse@saunix.sau.edu).  
It is roughly 500 lines long and creates and maintains functioning 
comments pages easily and quickly.  Mail me for more information.
</ADDRESS>
<HR>
EOF

close(INDEX);
&PrintPage;
chmod(0766,"$PAGENAME");
exit(0);
}

# Update Comments Page (OWNER ONLY)
# ---------------------------------
if ($COMMAND eq 'UPDATEINDEX') {
%MONTH=('1','Jan','2','Feb','3','Mar','4','Apr','5','May','6','Jun',
        '7','Jul','8','Aug','9','Sep','10','Oct','11','Nov','12','Dec');
print <<EOF;
<H1>Update Comments Page</H1>
This allows you to delete comments that are older than a certain date, or 
those that contain a certain string.  This lets you easily keep the page 
up-to-date, and also easily kill all comments with a certain person's 
name, or that contain a word you don't like.<P>

<FORM METHOD=POST ACTION="http:comments.cgi">
<INPUT TYPE=HIDDEN NAME=COMMAND VALUE=DOUPDATEINDEX>
<B>Select Delete Method:</B><BR>
<INPUT TYPE=RADIO NAME=NAME VALUE=DATE CHECKED> Delete By Date<BR>
<INPUT TYPE=RADIO NAME=NAME VALUE=STRING> Delete By String<P>

If you are deleting by date, choose the date to search by.  Any date 
<B>equal to or past</B> the date you specify will stay - all the rest 
will be deleted.  So, if you select May 9, any comments up through May 
8th will be deleted.<BR>
<SELECT NAME=MONTH SIZE=3>
<OPTION SELECTED>Jan
EOF
for ($i=2;$i<13;$i++) { print "<OPTION>$MONTH{$i}\n"; }
print "</SELECT>\n";
print "<SELECT NAME=DAY SIZE=3>\n";
print "<OPTION SELECTED>1\n";
for ($i=2;$i<32;$i++) { print "<OPTION>$i\n"; }

print <<EOF;
</SELECT>
<P>

If you are deleting comments that contain a certain string, fill it in 
here:<BR> 
<INPUT NAME=STRING SIZE=20><P>
<B>Owner's Password:</B> <INPUT NAME=PASSWORD SIZE=15 MAXLENGTH=15><BR>
<INPUT TYPE=SUBMIT VALUE=Update Now>
</FORM>
<HR>
EOF
exit(0);
}

# Update the Index Now
# --------------------
if ($COMMAND eq 'DOUPDATEINDEX') {
if ($PASSWORD ne $OWNERPASSWORD) {&BadPassword; exit(0); }
$STRING=$input{'STRING'};
if (($NAME eq 'STRING') && ($STRING eq '')) {&BadResponse; exit(0); }
$MONTH=$input{'MONTH'};
$DAY=$input{'DAY'};
# Delete by date
if ($NAME eq 'DATE') {
   %MONTHS=('Jan','1','Feb','2','Mar','3','Apr','4','May','5','Jun','6',
            'Jul','7','Aug','8','Sep','9','Oct','10','Nov','11','Dec','12');
   $MONTH=$MONTHS{$MONTH}*100;
   $LASTDATE=$MONTH+$DAY;
   &ReadPage;
   open (INDEX,"> $PAGENAME");
   foreach (@LINES) {
      if (/^<!--/) { 
         $MONTH=substr($_,8,3); $MONTH=$MONTHS{$MONTH}*100;
         $DAY=substr($_,12,2);
         $DATE=$MONTH+$DAY;
         if ($DATE >=  $LASTDATE) { print INDEX "$_"; print "$_"; }
         }
      else { print INDEX "$_"; print "$_"; }
      } #end of foreach
   close(INDEX);
   }

#delete by string      
if ($NAME eq 'STRING') { 
   &ReadPage;
   open (INDEX,"> $PAGENAME");
   foreach (@LINES) {
      if ( (/^<!--/) && (/$STRING/i)) {;}
      else {print INDEX "$_"; print "$_"; }
      }
   close(INDEX);
   } #end of string if

exit(0);
}

# Change Owner's Password
# -----------------------
if ($COMMAND eq 'CHANGEPASSWORD') {
   print <<EOF;
<H1>Change Password</H1>
This changes the Page Owner's password.  Of course, you must enter the 
current password in order to do this.<P>
<FORM METHOD=POST ACTION="http:comments.cgi">
<INPUT TYPE=HIDDEN NAME=COMMAND VALUE=DOCHANGEPASSWORD>
<B>Current Password:</B><INPUT NAME=PASSWORD SIZE=15 MAXLENGTH=15><BR>
<B>New Password:</B><INPUT NAME=NEWPASSWORD SIZE=15 MAXLENGTH=15><BR>
<INPUT TYPE=SUBMIT VALUE="Change Password"><P>
<HR>
EOF
exit(0);
}

# Actually change owner's password
# --------------------------------
if ($COMMAND eq 'DOCHANGEPASSWORD') {
   if ($PASSWORD ne $OWNERPASSWORD) {&BadPassword; exit(0); }
   $NEWPASSWORD=$input{'NEWPASSWORD'};
   open (SCRIPT,"comments.cgi");
   @LINES=<SCRIPT>;
   close(SCRIPT);

   open (SCRIPT,"> comments.cgi");
   foreach (@LINES) {
   if (/^\$OWNERPASSWORD/) {print SCRIPT "\$OWNERPASSWORD=\"$NEWPASSWORD\";\n";}
     else { print SCRIPT "$_"; }
     }
   close(SCRIPT);

   &PrintPage;   
exit(0);
}

# Change list of badwords
# -----------------------
if ($COMMAND eq 'BADWORDS') {
print <<EOF;
<H1>Change Word List</H1>
<HR>
The current word list is in the text entry area below.  All words must be 
separated by a space.  You can add more, get rid of some, etc, and the 
script will be updated to reflect those changes.  If you delete al the 
words, the script will not check for any offensive words.<P>
You should also note that these words are <B>not</B> case-sensitive.  They 
can also be matched anywhere inside of a word.  That is, if you put the 
word "ass" in your list, anyone trying to use the word "assume" will be 
told that it is unacceptable.<P>
<FORM METHOD=POST ACTION="comments.cgi">
<INPUT TYPE=HIDDEN NAME=COMMAND VALUE=DOBADWORDS>
<INPUT NAME=WORDLIST SIZE=65 VALUE="@badwords"><BR>
<B>Owner's Password:</B> <INPUT NAME=PASSWORD SIZE=15 MAXLENGTH=15><BR>
<INPUT TYPE=SUBMIT VALUE=\"Change Word List\"<BR>
</FORM><BR>\n<HR>
EOF
exit(0);
}

# Change the badword list
# -----------------------
if ($COMMAND eq 'DOBADWORDS') {
if ($PASSWORD ne $OWNERPASSWORD) {&BadPassword; exit(0); }
@WORDS=split(' ',$input{'WORDLIST'});
$WORDLIST=join("\",\"",@WORDS);
open (SCRIPT,"comments.cgi");
@LINES=<SCRIPT>;
close(SCRIPT);

open (SCRIPT, "> comments.cgi");
foreach (@LINES) {
   if (/^\@badwords/) { print SCRIPT "\@badwords=(\"$WORDLIST\");\n"; }
   else { print SCRIPT "$_"; }
   } #end of foreach
close (SCRIPT);

&PrintPage;
exit(0);
}

# Generate form for adding new entry
# -----------------------------------
if ($COMMAND eq 'ENTERCOMMENT') {
print <<EOF;
<H1>Add A Comment</H1>
Please fill out the information below to add your comment.<P>
<HR>
<FORM METHOD=POST ACTION="http:comments.cgi">
<INPUT TYPE=HIDDEN NAME=COMMAND VALUE=ADDCOMMENT>
Your Name: <INPUT NAME=NAME SIZE=30><BR>
E-mail Address: <INPUT NAME=EMAIL SIZE=40><BR>
Comments (<B>NOTE</B>: The characters '>' and '<' are not allowed):<BR>
<INPUT NAME=COMMENTS SIZE=75><BR>
<INPUT TYPE=SUBMIT VALUE="Click here to add your comments"><P> 
</FORM> 
<HR> 
EOF
exit(0);
}

# ADD THE ENTRY TO THE MAIN INDEX
#--------------------------------
if ($COMMAND eq 'ADDCOMMENT') {
if (($NAME eq '') || ($COMMENTS eq '') || ($EMAIL eq '') )
   {&BadResponse; exit(0); }
&CheckText($COMMENTS);
&CheckText($NAME);
&CheckText($EMAIL);

&ReadPage;
open (COMMENTS,"> $PAGENAME");
foreach (@LINES) {
   if (/^<\/DL>/) {
      print COMMENTS "<!--$DATE-->";
      print COMMENTS "<DT>Date: $DATE<BR>";
      print COMMENTS "<B>$NAME</B> <I>($EMAIL)</I>:";
      print COMMENTS "<DD>$COMMENTS<P>\n";
      print COMMENTS "</DL>\n";
      }
   else {print COMMENTS "$_";}
   }
close(COMMENTS);

&PrintPage;
exit(0);
}

# Create the form for a search
#-----------------------------
if ($COMMAND eq 'SEARCH') {
print <<EOF;
<H1>Search the Index</H1>
Doing a search will find a match for your entry in the comments only.<P>

What would you like to search for?<BR>
<FORM METHOD=POST ACTION="http:comments.cgi">
<INPUT TYPE=HIDDEN NAME=COMMAND VALUE=DOSEARCH>
<INPUT NAME=SEARCHTEXT SIZE=20>
<INPUT TYPE=SUBMIT VALUE="Perform the Search">
</FORM>
<HR>
EOF
exit(0);
}

# Perform the search and report the results
#------------------------------------------
if ($COMMAND eq 'DOSEARCH') {
if ($SEARCHTEXT eq '') { &BadResponse; exit(0); }

print "<H1>Search Results</H1>\n";
print "<HR>\n";
print "The following entries match your search request:<P>\n";

open (PAGE,"$PAGENAME");
while (<PAGE>) {
   $COMMENTS=(split('<DD>'))[1];
   if ($COMMENTS=~/$SEARCHTEXT/i) { 
      $temp=$COMMENTS;  $temp=~s+($SEARCHTEXT)+<B>$1</B>+ig;  
      s/$COMMENTS/$temp/g;
      print; $FOUND=1;}
   }
close (PAGE);
if ($FOUND != 1) {print "<B>NO MATCHES FOUND</B><P>\n";}
print "<HR>\n";
print "<A HREF=\"http:$PAGENAME\">Return to Comments</A>\n";
exit(0);
}


# CATCH-ALL
# ---------
print <<EOF;
<H1>ERROR</H1>
Either an error has occurred in the script or you have tried to take an 
action that is not complete yet.  Oops.<P>
<HR>
EOF
exit(0);