10 Jan 2000. BBS ver 1.02m: A bulletin board system for the World Wide Web. BBS, version 1.02k, is a freeware OS/2 bulletin board system for the World Wide Web (WWW). It requires the freeware SRE-Http WWW Server for OS/2; and the free, IBM EWS GoServe Internet Server. You can obtain GoServe from http://www2.hursley.ibm.com/goserve/ SRE-http, and the latest version of BBS, can be obtained from http://www.srehttp.org/bbs/. INTRODUCTION BBS is designed to offer a rich array of features in a relatively simple to configure package. Some of the more basic features include: * Y2k compliant (as of ver 1.02k) * A flexible access control mechanism allows explicit controls on which directories (file-areas) a user can peruse. * Directory specific inclusion files (i.e.; FILES.BBS) can be used to control file and sub-directory display. * Alternatively, directory specific headers, footers, "description files" and "exclusion lists" can be used. * Individual file descriptions can be displayed, along with file size and creation date. If desired, you can suppress any of these fields. * Optional "automatic descriptions" can be generated for HTML, .ZIP, and text files. * .ZIP files can be "opened and displayed", with subsequent retrieval of a specific file from within the .ZIP archive * Netscape 2.0 + (and other HTML 3.2 compliant browsers), can upload files to your bulletin board (with several forms of notification). * Uploads and downloads can be recorded on a per user basis. * Downloads can be disallowed if a user's "download to upload" ratio grows too large. * Multiple links per file (text-download, binary-download, and "mime type" download) can be displayed. * You can create a "latest submissions" index that spans multiple directories. * You can create user specific upload and download directory (trees). For a quick start, you should read the installation notes (section 1), and the "hints and suggestions" (section 1a). **** IMPORTANT INSTALLATION NOTES *** * For BBS downloads to work, the following entries MUST be present in your SRE-http "alias" file: bbs/download/* bbs?download=* bbs/zipdownload/* bbs?zipdownload=* To add these entries, you can either run the SRE-http configurator, or edit ALIASES.IN or ATTRIBS.CFG in the /CFGS subdirectory of the GoServe working directory. Note: by default, SRE-http is shipped with these entries included in ALIASES.IN. So don't be suprised if they are already there! * Make sure that a copy of UNZIPAPI.DLL is either in your GoServe working directory, or in you LIBPATH (say, in C:\os2\dll). Since SRE-http comes with a copy of UNZIPAPI.DLL, you will probably find a copy of UNZIPAPI.DLL in the GoServe working directory. If for some odd reason you do not have a copy, you can download it from: http://www.srehttp.org/pubfiles/unzipapi.dll. Note: UNZIPAPI.DLL is courtesy of the Info-Zip project: http://quest.jpl.nasa.gov/Info-ZIP/ ftp://ftp.uu.net/pub/archiving/zip/ . * BBS uploads may require tweaking GoServe (see section V). * Recent history: Changes introduced in ver 1.02g: * Version 1.2g is optimized to work with http/1.1 compliant SRE-http ver 1.3. It will still work (but not as well) with version 1.2n (or below). * A few bugs were fixed in BBSCACHE (it will now work with auto describe). * In the upgrade from 1.2e to 1.2f, the most substanative change was the use of alternative "root directories" (in BBS.CTL), as described in section IV below. Changes introduced in 1.02h: * A bug that effected BBS1A.HTM "redirection" ability, when run under SRE-http ver 1.3, has been fixed * You can how specify alternating colors when displaying file results in a table. See the ROWCOLORS. parameters in BBS.CMD. * You can include a simple "mouseover" in the alternative links. See the BIN_TEXT_MOUSEOVER option and DEF_BIN_TEXT_MOUSEOVER parameter. Changes introduced in 1.02i * Removed some coding errors Changes introduced in 1.02j * Fixed several coding errors: /../ will NO longer bring up a subdirectory a / * entry in BBS.CTL will now work properly fix a bug with username/password storage using cookies * Added DEF_USE_WINDOW parameter, and a USE_WINDOW option -- if enabled, files will be displayed in a separate window. Changes introduced in 1.02k * A new parameter, CHECK_DIR_ACCESS, is used to suppress display of directories that a client does not have access to. Changes introduced in 1.02m * Fixed a Y2k bug in BBSRECNT. * TR_COLOR parameter added to BBS.INI (overrides TRCOLOR.0 in BBS.CMD) ================================================== Table of Contents: I) Installation Instructions 1a) Hints and suggestions II) Choosing Authentication Mode or User Mode IIa) Using INCLUSION_MODE_FILE for refined control IIb) Using BBSRECNT.CMD to display recent submissions III) The User Log Files. IV) Controlling access to selected directories. V) Notes on file uploads, and a note on configuring GoServe VI) Determining the user's required download/upload ratio. VII) BBS and Caching VIII) Descriptions of request-string options to BBS. IX) Description of BBS initialization parameters X) Creating use statistics XI) Notes on the BBS caching daemon. XII) Notes on the use of "own" download and upload directories =============================================================== I) Installation Instructions The first thing you should do is unzip the BBS .ZIP file (BBS102I.zip) to an EMPTY temporary directory. You then install the files, modify some parameters, test it, and let the world know! I.1) --- Installing BBS files: Most people will probably want to use the BBS installer. It's the INSTALL.CMD file that is shipped in the BBS .ZIP file (you did unzip BBS to an empty temporary directory?). To use it: a) create (or determine) the "root directory" of your BBS b) type INSTALL at an OS/2 command prompt (make sure your default directory is this "empty temporary directory" that you unzipped BBS102I into). For those who want finer control, or if you are curious as to what INSTALL will do: please read the following step-by-step instructions. 1) Copy: BBS.CMD, BBSNEWU.CMD, and BBSUP.CMD BBSCONFG.CMD to your SRE-http "addon" directory (i.e.; D:\GOSERVE\ADDON). 1a) Copy: BBSRECNT.CMD BBSCACHE.CMD BBS.INI to your GoServe "working" directory (i.e.; D:\GOSERVE) 2) Copy: BBSHELLO.HTM, BBSLOGON.HTM, BBSPLAY.HTM, BBS1A.HTM, BBS1B.HTM, BBSUP.HTM and BBSNEWU.HTM to your GoServe "data directory" (say, D:\WWW). 2a) Copy: *.GIF to the /IMGS/ subdirectory of your GoServe data directory. Note that the /IMGS/ subdirectory should contain the small .GIF files installed by SRE-http. 3a) Create a "BBS parameters directory". For example, D:\GOSERVE\BBSDATA 3b) Create a "BBS files directory". For example, D:\BBSFILES. This is where the contents of your bulletin board (the file area) is located. 3c) Create several BBS working directories: i) Create a "BBS user log directory". For example, D:\GOSERVE\BBSDATA\USERLOG ii) Create a "BBS upload directory". For example, D:\GOSERVE\BBSDATA\UPLOAD iii) Create a "BBS cache directory". For example, D:\GOSERVE\BBSDATA\CACHE. 4a) Copy: BBS.HDR (the default "HEADER" file) BBS.FTR (the default "footer" file) BBSZIP.HDR (the default "ZIP HEADER" file) BBS.CTL (the default "access control" file) BBS.DSC (the default "descriptor" file) BBS.EXC (the default "exclusion" file) FILES.BBS (the sample "inclusion mode" file) to your BBS parameters directory (that you created in step 3a). 4b) Copy: BBSSTAT.CMD (the statistics generator) to your BBS user log directory (that you created in step 3c.i). I.2) -- Modifying parameters To set/modify the various BBS parameters, most people will probably want to use the BBS configurator. To use the BBS configurator, (after installing BBS) just point your browser at http://your.server/bbsconfg? (make sure you include the trailing ?, with nothing after it). You will be given a lightly documented form that allows you to change almost all the BBS parameters. Alternatively, if you aren't afraid of getting personal with a text editor, you can edit the BBS.INI file (look in your GoServe working directory). In either case, the following steps are recommended. If you are an undemanding bbs-master, they will be enough to get you started. You'll probably want to read the "hint and suggestions" (section 1a) to get some ideas on what can be done with BBS. If you like to tinker, then you should read the volumunious descriptions contained in the latter portion of this document. In particular, section IX describes the various and sundry BBS initialization parameters. 1) Set the following "BBS directories" parameters: BBS_PARAM_DIR : The "BBS parameters directory" (set in I.1.3a above) FILE_DIR : The "BBS files directory" (set in I.1.3b above) USERLOG_DIR: The "BBS user log directory" (set in I.1.3c.1 above) INCOMING_DIR: The "BBS upload directory" (set in I.1.3c.ii above) BBSCACHE_DIR: The "BBS cache directory" (set in I.1.3c.iii above) *** If you used INSTALL.CMD to install BBS, you can use skip this step (INSTALL will have made the modifications for you) *** 1a) If you do NOT want a HEADER and FOOTER added to your directory displays, set the HEADER_FILE, FOOTER_FILE, and ZIP_HEADER_FILE variables to ' '. If you do want HEADERs and FOOTERs displayed, you SHOULD EDIT THESE FILES! 1b) The HEADER_FILE, FOOTER_FILE, and ZIP_HEADER_FILE can be "directory specific". BBS will first look for these files in the requested directory, and if not found it will then look in the BBS_PARAM_DIR directory. 1c) If you want newly registered users to be assigned an "own" upload and download directory, set the OWN_DOWNLOAD_DIRECTORY and OWN_UPLOAD_DIRECTORY parameters (see section XII for details). 2) Edit the BBS.EXC "exclusion" file (in your BBS_PARAM_DIR). As with HEADER_FILE, etc.; the BBS.EXC file can be "directory specific". Note that exclusions are not additive -- the version of the exclusion file located in the BBS_PARAM_DIR directory is used ONLY if there is no "directory specific" exclusion file. If you do NOT want to use an exclusion file, set the EXCLUSION_FILE variable to ' '. 3) Edit the BBS.DSC "descriptors file" (in your BBS_PARAM_DIR directory). As with the HEADER_FILE, etc.; the BBS.DSC file can be directory specific. However, it is cumulative: descriptions from the version of BBS.DSC located in your BBS_PARAM_DIR directory are added to an "own directory" version of BBS.DSC (if an entry occurs in both files, the "own directory" version is used). 4) Edit the BBS.CTL "access control" file (in your BBS_PARAM_DIR directory). If you do NOT need to control access to specific directories, you can skip this step. 5) If you want to use the "FILES.BBS" emulator, then set the INCLUSION_MODE_FILE variable to the name of your directory listing file (i.e.; FILES.BBS). ** Use this ONLY if you have (or are willing to create) ** a complete set of "FILES.BBS" files. I.3) Give it a try You are now ready to go (assuming you also read the "IMPORTANT INSTALLATION NOTES" at the top of this document). You can use BBSHELLO.HTM as your "welcome" screen. Feel free to modify it, but please do pay attention to the embedded comments. Or, to get a hang of what BBS can do, you can try BBSPLAY.HTM. Note that you may want to "register" a few users right away, such as yourself! Advanced users note: if you like to customize, you should look at BBS1A.HTM and BBS1B.HTM. I.4) Tell the world If I knew how to do that well, I'ld be a happier software developer. I.5) Notes: * To disable caching, set the CACHE_FILES parameter to 0. Alternatively, you can include a "NOCACHE=1" option in the request string. * BBS will attempt to send pieces of the response as they become available. This speeds up perceived throughput (since something is displayed almost immediately), at the expense of slightly increasing server load. If you wish, you can turn this off by setting the SEND_PIECE parameter in BBS.CMD (that's right, it's NOT in BBS.INI). * To select "authorization" mode, set the AUTHORIZATION_MODE parameter (in BBS.CMD) to 1. See the next section for a discussion of authorization mode. * To use alternating background colors in tables, set the TRCOLORS. parameters in BBS.CMD, or set TR_COLOR in BBS.INI. * You may want to customize the various BBS*.HTM files (that you copied in step 2 above). If you do, please pay attention to the embedded comments. For example, the BBSHELLO.HTM file points to several other BBS*.HTM files -- make sure those links aren't broken. * If you wish to name your "request username" response file to something other then BBSLOGON.HTM, change the BBS_LOGON_FILE variable. Note that the BBS_LOGON_FILE is assumed to be relative to the GoServe data directory, or to a virtual directory -- you should NOT specify a fully qualified directory. * We HIGHLY recommend that you customize the BBS.HDR, BBS.FTR, BBSZIP.HDR, and BBS.EXC files. You can use the versions that come with BBS as a template. * FILES.BBS files can be used as a BBS descriptor file (if use a differentfile name, you will need to change the value of the DESCRIPTION_FILE variable in BBS.INI). You may also want to change the value of the CONTINUATION_FLAG variable. * If you choose to use an INCLUSION_MODE_FILE, be aware that the "descriptor file (BBS.DSC) will be ignored, sorting of files is not attempted (since the order of display is strictly controlled by the INCLUSION_MODE_FILE). However, most other parameters and options (including display options, caching, HEADER, and FOOTER files) remain valid. * If you use the OWN_UPLOAD_DIRECTORY and OWN_DOWNLOAD_DIRECTORY parameters, be aware that BBS will create subdirectories (under these directories) when a new user registers. =============================================================== Ia) Some Hints and Suggestions * The following parameters will be of greatest interest. For details, see section IX. FILE_DIR The location of your "main file area". DEF_BIN_TEXT_LINKS (enabled by default) If DEF_BIN_TEXT_LINKS is enabled (and you do NOT include a NOICONS=1 option in the request string), each entry will contain 3 links: 1) A "text icon" to "download as text" 2) A "binary icon" to "download as binary" 3) An "underlined file name" to download using SRE-http's mime-type resolution algorithim (i.e.; .HTM files are downloaded as text/html documents). If this is too crowded, you can set DEF_BIN_TEXT_LINKS=0 (in BBS.INI). DEF_USE_WINDOW If 1 (the default) BBS will use a target="viewer" element in href= links. This will cause files to be viewed in a separate window. WRITE_DETAILS (enabled by default) If WRITE_DETAILS is enabled, then transactions are recorded in the user's log file. By default, these files are in the BBSDATA\USERLOG directory, and have names of the form USERNAME.IN (i.e.; someone with a user name of JOE will have JOE.IN file). You might want to keep an eye on these files to make sure they don't get too big. TABLE_BORDER and CELL_SPACING (default values are 0 pixels, and 2 pixels) These can increased to help offset each entry (each row/column of the table of entries). DEFFAULT_DATEFMT (default value is 10 Mar 1997). You can set this to one of several styles; such as 10/3/97 or 3/10/97. USE_SERVERNAME (default: your server's IP name) You might want to set this to be a "colloquial" name, such as "The Fabulous BBS at FOO.BAR.NET". DEFAULT_RATIO and DEFAULT_BYTE_RATIO (default= ignore) If you want to encourage uploads from your BBS members, you should set these values (and read section VI). OWN_DOWNLOAD_DIR and OWN_UPLOAD_DIR (default: disabled) If you want to grant new users a "personal" upload and download directory, you should set these values. * If you want to experiment with the various "request string" options, you can play with BBSPLAY.HTM. * The BBSCACHE.CMD "caching daemon" can help keep your cache up to date. See section XI for details. * BBSSTAT.CMD (in the USERLOG directory) can be used to create use statistics. * Instead of BBSHELLO.HTM, you may wish to modify BBS1A.HTM and BBS1B.HTM -- they allow you to customize the BBS front end (i.e.; you can set up a table of "file areas", each of which will be handled by BBS). See BBS1A.HTM and BBS1B.HTM for details. =============================================================== II) Choosing Authentication Mode or Native Mode BBS has two modes: a native mode, and an "authentication mode". In general, we recommend the native mode; but in some circumstances the authentication mode may be preferred. Roughly speaking, "authentication mode" is similar to using "cookies" to identify username and passwords, with the difference being in how the BBS requests (and reads) the username and password. The main advantage of "authentication mode" is that older browsers (that do not understand cookies) will work. The major disadvantage is that BBS "logon" must be more closely coordinated with SRE-http's access control facilities. More specifically, authentication mode has the following features: a) Browser authentication tools are used to ascertain who the users is. In particular, when an unknown user attempts to access BBS, she is then "challenged" with the username/password screen (that her browser displays when it recieves a '401 Unauthorized' response). b) If you are using the SRE-http logon or selector-specific access controls, the BBS username must be the same as the "SRE-http" username (as set in SRE-http's USERS.IN file). c) BBS Registration is granted automatically to everyone with "server" logon rights (new BBS users will automatically be given a simple "user log" file). In contrast, the native mode has the following features: a) Username and password information is built into the request string. Alternatively, if the client's browser understand cookies (i.e.; Netscape 1.3 and above), it's passed in an unencoded "cookie". b) SRE-http's user list (USERS.IN0 is not needed (though it may still be used by SRE-http for general access controls). c) If a user is not found, a customizable HTML document (set in the BBS_LOGON_FILE parameter) is returned, which asks for a username and password, or allows one to "register" as a new user. d) Anyone with access to your site, whether or not they have an explicit entry in SRE-http's user list, can register as a BBS user (you can suppress this auto-registration feature). Basically, authentication mode is similar to the use of "cookies", and can be handled by most browsers. On the other hand, it is a little less flexible (you can't customize the "logon" prompt, and you have to be careful about coordinating BBS usernames with SRE-http usernames). ============================================================== II.a) Using INCLUSION_MODE_FILE for refined control Introduction: The INCLUSION_MODE_FILE parameter is used when you already have an extensive list of "FILES.BBS-style" directory descriptor files, or if you are willing to create such a set of files (one per directory). INCLUSION_MODE_FILE is similar to the EXCLUSION_FILE; except rather then listing files to exlude, it lists files and sub-directories that may be included -- if a file appears in the directory and is not explicitily listed in the "own directory" INCLUSION_MODE_FILE, then it will NOT be shown to the user. Note that unlike the EXCLUSION_FILE, wildcard matches are NOT used. In addition, use of the INCLUSION_MODE_FILE gives one a few additional options: i) The order of display is controlled by the order of appearance in the INCLUSION_MODE_FILE. ii) You can include "comment lines" that will be displayed (in the order of appearance). iii) You can specify a "preview mode" -- only the INCLUSION_MODE_FILE will be sent to the user; with an optional "link" back to the regular file listing. This is useful for quick review of site contents. Of course, the downside is that you MUST create an INCLUSION_MODE_FILE in EACH directory (though you may be able to use tools from other BBS packages to assist in this task). AND REMEMBER: Files, and subdirectories not explicitily listed in a directory's INCLUSION_MODE_FILE will NOT be displayed. Basic structure: There are 3 types of entries in the INCLUSION_MODE_FILE. i) If the first character is a non-space, it is ALWAYS interpreted as a filename or a directory name. Directory names are signified by using a / as the first character. Following the file or directory name (seperated by at least one space) is the (first line of the) description. ii) If the first character is a space, and the next NON-SPACE character is the "continuation flag" (stripped of spaces), then the line is treated as a "continuation" of a previous file (or directory) description. iii) If the first character is a space, and the next NON-SPACE character is NOT the "continuation flag", the line is treated as a comment. Comments are displayed as seperate lines in the document (they will span the entire width of the table). It is likely that the INCLUSION_MODE_FILE will occasionally reference a non-existent file or directory. Should this happen, a "not available" entry will be included in the file listing. This listing will contain the name of the file (without a link associated), and the first line of the description (as pulled from the INCLUSION_MODE_FILE). Notes: * There is NO generic inclusion mode file -- you must have one for each directory of your BBS. * A single character "continuation flag" (as set in the CONTINUATION_FLAG parameter) should not be used. * The EXCLUSION_FILE is still used -- it is checked AFTER the INCLUSION_MODE_FILE. * The DESCRIPTION_FILE is ignored -- the descriptions are all pulled from the INCLUSION_MODE_FILE. Similarly, AUTO_DESCRIBE is not available. * Sorting is ignored -- files are displayed in the order of appearance (in the INCLUSION_MODE_FILE). * HEADER, FOOTER, and comments found in the INCLUSION_MODE_FILE, are all displayed. * When using BBS's "table mode": comments written before the first file entry are written above the table header (but below the document HEADER). Notes on Preview Mode: * To indicate a "preview mode", just include a &PREVIEW=1 in the request string. You could do this by adding a "hidden" form element to BBSHELLO.HTM. For example: http://your.server/bbs?dir=/foo1&preview=1 * To suppress the "link back" to the regular file listing (the listing that contains links to the actual files), use &PREVIEW=2. * When the user selects a "link back", all sub directories of the selected directory will have "preview" links. * If you want to display a directory with a full listing of files (including links), but a "preview" listing of subdirectories, use &PREVIEWDIRS=1. For example: http://your.server/bbs?dir=/foo1&previewdirs=1 * Note that to return to the page from which a "preview link" was initiated, the user must use her browsers "back" button. That is, the only explicit link included in a "preview link" invoked document is the link to the "regular listing" represented by the displayed INCLUSION_MODE_FILE. Notes on directory entries in the INCLUSION_MODE_FILE: * Directory entries MUST be placed in the INCLUSION_MODE_FILE. If not explicitily included, links to subdirectories will NOT be displayed. * Directory entries should start with a /, and should be relative to the "own directory". Thus, an entry of /SUBDIR1 is valid, but an entry of D:\BBSFILES\SUBDIR1 is not allowed. * Directories are ALWAYS displayed at the end of the document, regardless of where the directory entry occurs in the INCLUSION_MODE_FILE. * Comments can NOT be interspersed with directory entries (since the directory entries are moved to the end of the document, but comments are not). Examples: INCLUSION_MODE_FILE='FILES.BBS' INCLUSION_MODE_FILE=0 Note that INCLUSION_MODE=0 means "do NOT use an INCLUSION_MODE file". For a very simple sample of an INCLUSION_MODE_FILE, see the FILES.BBS file that comes with BBS. =============================================================== II.b) Using BBSRECNT to display recent files The BBSRECNT.CMD facility allows you to create an index of "recently added" files. This index will contain file names, and descriptive information, that BBS can use to display "a list of recent files". Note that this list can span several directories (but it can not contain links to other directories). The following outlines how one might use BBSRECNT: 1) From an OS/2 prompt (in your GoServe working directory), run BBSRECNT.CMD 2) BBSRECNT will ask you several questions. Let's assume you use the defaults. 3) Create a link that you put in your BBSHELLO.HTM file. For example: See the latest additions? Alternatively, if everyone is using Netscape, and you have BBS's cookie-mode enabled, you could put the following link in a footer file: See the latest additions? In either cases when this link is selected, the files chosen by BBSRECNT.CMD will be displayed. NOTES: * By default, BBSRECNT.CMD is written to the GoServe working directory. * INDEX_LIST files are assumed to be relative to the Goserve working directory (i.e.; D:\GOSERVE). * When BBS uses an index, it first checks that the client has privileges for EACH file contained in the index. Files for which the client does NOT have privileges are NOT displayed (files for which a client DOES have privileges ARE displayed). * When BBSRECNT is run, it will check the various (possibly directory specific) EXCLUSION_FILES (and drop all files that appear in an appropriate exclusion file). * If you use a "cookie" (no explicit mention of user or pwd) link to an "index list", and a non-cookie browser is being used; BBS will use the BBS_LOGON_FILE to request a user/pwd from the client. * BBSRECNT.CMD will look in the DESCRIPTOR (.DSC) files for descriptions -- it will NOT attempt auto_descriptions. * These indices are NOT dynamic -- BBS uses them as is. So, if things change on your site, you have to re-run BBSRECNT.CMD * When displaying an INDEX_LIST, BBS will use most of the request and BBS.INI options (but sorting can only be set when you create the index list). * A special option, INDEX_DAYS, can be included to further narrow the set of files displayed. For example: BBS?INDEX_LIST=BBS1.IDX&INDEX_DAYS=20 where BBS1.IDX may contain files added in the past 30 days. * You can create as many different "index lists" as you want -- just be sure to use different links (that is, different values for the INDEX_LIST option). * Ambitious programmers may wish to create their own "index list" generators, that may use criteria other then file dates. You can see BBSRECNT.CMD for a description of what is expected in these "index list" files. * As a complement to BBSRECNT, you may also want to create a "search index" of your BBS site. This can be easily done with SRE-http's GoSwish add-on (http://www.srehttp.org/apps/goswish/) =============================================================== III) The User Log Files The User Log files, which are located in the USERLOG_DIR directory, are used to store user specific information. These files are first created when an individual "registers" -- typically by invoking the BBSNEWU.HTM document, or indirectly from BBSLOGON.HTM. They contain various information, some of which you may wish to change on a fairly frequent basis. User Log files are named as username.IN, where username is the "username" an individual "registered" with. Thus, a user with the name KAREN will have a KAREN.IN user log (in the USERLOG_DIR directory). --- Example of a User Log file. Lines beginning with a ; are comments. ; User file for : daniel ; The status: line contains information on downloads and uploads: ; Dwnld_files Upld_files Dwnld_bytes Upld_bytes time_last_dwnld Status: 5 0 79959 0 729000.658 ; the User: line contains the username and password (unencoded) User: daniel purple ; The Privilege: line contains his privileges. ; !! YOU WILL WANT TO MODIFY THIS LINE IF YOU WISH TO USE BBS.CTL ; FOR ACCESS CONTROL !! Privileges: NEWUSER group1 group3 ; The ratio: line contains the user's upload ratio -- you may ; want to change this for favored (or unfavored) users ; In extreme cases, setting a ratio of -1 means "no downloads permitted" ; Alternatively, a ratio of 0 means "unlimited" (assuming no other ratios apply) ; Note that the DEFAULT_RATIO and DEFAULT_BYTE_RATIO variables are used ; to initialize this "Ratio". Ratio : 8 100 ; The "real name" of the user. Name: danny h ; The user's E-mail address Email: dhm@nowhere.org ; (optional) A (set of) user specific download & upload directories. ; These both contain: ; a "prefix", and ; a fully qualified directory ; Upload_dir entries may contain an (optional) "weight factor" ; Download_dir entries may contain an (optional) "privilege list" ; Note that the OWN_DOWNLOAD_DIRECTORY, OWN_UPLOAD_DIRECTORY, and OWN_FLAG ; variables are (optionally) used to initialize these entries. Upload_Dir: myup dmh/ Download_Dir: personal d:\bbs2\danielh ; ; other, miscellaneous variables (not currently used by BBS) SENDNOTES: 1 ; ; the Messages: line signals the end of the main section. ; Entries recording individual transactions are written below here. ; These entries are created if write_details=1 (set in BBS.INI) Messages: DIR1/ ADDHITC.SRF 15:44:58 8 Dec 1996 DIR1/ Extract from SREFPRC1.ZIP makelib.cmd 15:45:38 8 Dec 1996 DIR3/ SHOWDIR.DOC 15:46:03 8 Dec 1996 ----- End of example. Notes: * In "authentication mode", the User Log files are based on the SRE-http username. They will be created automatically upon an individual's first access to BBS -- the individual is not informed of it's creation. * The PRIVILEGES parameter contains the "privileges" assigned to this user. These privileges can use used (in conjunction with BBS.CTL) to control access. * For efficiency reasons, there should NOT be more then 40 lines before the MESSAGE: line -- you should remove comment lines if you are above this limit (say, if you have several miscellaneous variables, or several UPLOAD_DIR and DOWNLOAD_DIR entries). * The User Log files can be used to track all download requests made by an individual (these entrires are placed at the end of the file). To enable this, set WRITE_DETAILS=1. * BBS also maintains a count of all downloads, on a "file specific" basis. This record is contained in the BBS.CNT file in your BBS_PARAM_DIR directory. * The DOWNLOAD_DIR and UPLOAD_DIR parameters must contain a "prefix" and a fully-qualified directory name. See Section XII for further discusssion. =============================================================== IV) Using BBS.CTL to control access to selected directories. If you want to control access to selected directories, the BBS.CTL file can be used. BBS.CTL can also be used to assign which "root directory" the "requested directory" is relative to. For details on how to add entries to BBS.CTL, please read the version of BBS.CTL that is shipped with BBS. Briefly, each entry should have the structure: dir priv_list , root_dir where: dir is a possible "requested directory", priv_list is a list of "required privileges" root_dir is an (optional) "alternative root directory" Examples: 1) /DIR1 (of your FILE_DIR directory), and it's subdirectories, are open to everyone. /dir1/* * Note the use of an asterisk (a *): i) as a wildcard for "all subdirectories", and ii) as an "everyone has access" privilege. 2) /DIR2 (and it's subdirectories) are available only to users with a CATS privilege. /dir2/* CATS 3) /DIR3 is available only to users with a DOGS privilege. Also, /DIR3 is relative to d:\others, and not to the default FILE_DIR. Lastly, subdirectories of d:\others\dir3 are NOT available (since no * appears after the /dir3). /dir3 DOGS , d:\others 4) FDRIVE is available to everyone, and refers to F:\ and all it's subdirectories FDRIVE/* * , F:\.. Example: If FILE_DIR = 'D:\BBSFILES: Example 1 refers to all files in D:\BBSFILES\DIR1 and it's subdirectories. Example 2 refers to all files in D:\BBSFILES\DIR2 and it's subdirectories. Example 3 refers to all files in D:\OTHERS\DIR3. Example 4 refers to all files in F:\ and it's subdirectories **** CAUTION: **** In general, the "root_dir" is NOT a replacement for the "dir". **** Instead, it replaces the default FILE_DIR, with the "dir" appended **** to it. **** However, the /.. syntax (as shown in example 4) can be used to **** modify this "use as root directory" logic (see below for details) Notes: * In order to use privileges, you'll have to add appropriate privileges to the lucky user(s) "user log" file(s). See the section III, "The User Log Files", for details. * BBS.CTL is part of the "setting a user's download/upload ratio" puzzle. See the section VI, "Determining the user's required download/upload ratio", for details. * See the discussion of "own" download and upload directories (in section XII) for an alternative means of dictating "root directories". * Using a "root_dir" of "xx\yy\.." (where xx\yy\ is any fully qualified directory name) has a special meaning. Instead of "appending" the "dir" (and possible subdirectories of "dir") to the root_dir, the first subdirectory in "dir" is removed, and then thew remaining portion of "dir" (and possibly it's subdirectories) are appended. For example: if BBS.CTL has: /FDRIVE/* *, F:\PUBLIC\.. Then a request for bbs?dir=fdrive/recent resolves to F:\PUBLIC\RECENT That is, FDRIVE (the "first" subdirectory in the dir=fdrive/recent request string argument) is removed. =============================================================== V) Notes on file uploads. File uploads are achieved through the use of the "multipart/form-data" variant of html FORMS. Specifically, HTML 3.2 compliant browsers (such as NetScape 2.01) will transfer a file to the server when an element appears in an html FORM. BBSUP.HTM is an example of such an html form -- it can be used as-is to provide access to the BBS uploader. Feel free to modify BBSUP.HTM, but do pay attention to the embedded comments). BBSUP.HTM calls the BBSUP.CMD component of BBS. When BBSUP.CMD gets a request, it will: 1) Check the http syntax. If the syntax is not correct, an error message is returned. 2) Determine the upload directory. By default, uploads are to the INCOMING_DIR directory (or are relative to it). This can be changed by the use of UPLOAD_DIR entries in the user log file(s) (see section XII for details) 3) Check to see if the name that the file will be saved to (in the upload directory) already exists. If a file with the desired name already exists, an error message will be returned. Hint: if you don't care about exact names, you can instruct the user to include ? characters in the file name. These will be filled in with characters that should yield a unique name. 4) Save the uploaded file. 5) Return a short status message. 6) Record the upload in the user's user log file. 7) Write a note to the UPLOAD.LOG file (which is located in your BBS_PARAM_DIR directory) describing the details (user name, original filename, filename saved as, etc.) of the upload. 8) Optionally, send an E-mail not to the BBS-administrator informing her of this upload (see the ADMIN_EMAIL, BBS_SMTP_GATEWAY, and SEND_ALERT variables for details). Example: INCOMING_DIR = 'b:\upfiles' BBS_PARAM_DIR = 'D:\BBS' the users UPLOAD_DIR parameter = 'myup d:\private\bobj' the uploaded file is to be saved as 'myup\simple\minds.htm' then BBS will write the uploaded data to d:\private\bobj\simple\minds.htm ** A Note on Configuring GoServe GoServe (especially earlier versions) seems to have intermittent problems when processing these multipart requests. These settings sometimes help: 1) Double click on the GoServe icon 2) Select the OPTIONS menu 3) Select the LIMITS tab 3) Change the Connection Maintain to some relatively large positive value. The proper value should be determined by experimentation, and may depend on the size of files being transfered. 4) You may also want to go to page 2 of this tab, and change the "body data size" variable (to the largest size you expect to recieve). NOTE THAT GOSERVE SEEMS TO HAVE A 1M LIMIT ON UPLOADS. ================================================================ VI) Determining the user's required download/upload ratio. To encourage active participation by users of your bulletin board, you can require that each user maintains a satisfactory download to upload ratio. BBS offers a number of mechanisms to enforce this; including options to set different requirements per directory, or per user. The client's required upload download/upload ratio is determined using the maximum of: #1) The value of the RATIO: entry in her user log file. #2) The "privilege specific" ratios associated with a directory. #1 (which is initialized with the DEFAULT_RATIO and DEFAULT_BYTE_RATIO parameters) is designed to provide "user specific" ratios. #2 is designed to provide ratios to "groups of users". In order to provide flexibility, BBS uses the following (slightly complicated) method of determining which "group" the user falls into. The basic logic is: i) If the requested directory matches an entry in the BBS.CTL file (or a matching DOWNLOAD_DIR entry in the .IN file), the "privileges" associated with this entry are read. ii) If there is no matching entry, the following steps are skipped -- only #1 above is used to determine the user's download to upload ratio. iii) These "directory privileges" are compared to the "user's privileges". The matches (the privileges in both lists) are then extracted. Notes on matches: * If there are no matches (and a BBS.CTL entry is being used), the client is denied access to this directory (in which case, the ratio is irrelevant). * For matches to a DOWNLOAD_DIR entry, privileges are NOT used to control access. * The user's privileges are read from the Privileges: entry in her user log file. iv) For each element (of this set of matching privileges), a "privilege specific" ratio is read from a PRIV_RATIO.! parameter. If such a PRIV_RATIO.! entry has not been defined, this element is skipped. Notes: * PRIV_RATIO.! parameters are set in the BBS.INI file * there is NO requirement that you specify a PRIV_RATIO.! parameter for all the privileges you might use. Summarizing: The maximum of the "privilege specific" ratios (from step iv) and the user specific ratio (from #1) is used as the required download to upload ratio. Important note: A ratio of "0" means unlimited, BUT if a ratio of 0 and a non-0 ratio are found, the non-zero ratio is used! That is, "0 means unlimited" is ONLY used if NO other information is available. Example: Assume: a) The BBS.CTL File contains: /dir1 GROUP1 /dir2 GROUP2 /dir12 GROUP1 GROUP2 /dir34 GROUP3 GROUP4 /dir35 GROUP3 GROUP5 b) The clients user log file contains: Privileges: GROUP1 GROUP3 GROUP5 NEWUSER Ratio: 20 100 c) The BBS.INI file contains: PRIV_RATIO.!GROUP2='50 1000' PRIV_RATIO.!GROUP3='75 800' PRIV_RATIO.!GROUP4='10 4000 ' PRIV_RATIO.!GROUP5='0 400 ' Requests for files in the following directories will yield: /DIR1 --- the ratio is 20 and 100 * no matching PRIV_RATIO entry, so use the Ratio: values /DIR2 --- the client is not allowed access to /DIR2 * she does not have a GROUP2 privilege /DIR3 --- the ratio is 20 and 100 * no matching entry in BBS.CTL, so use the Ratio: values /DIR34 -- the ratio is 75 and 800 * RATIO: and PRIV_RATIO.!GROUP3 are used, with: max(20,75)=75 and max(100,800)=800. * PRIV_RATIO.!GROUP4 is not used (for this user), since she does not have a GROUP4 privilege. /DIR35 -- the ratio is 75 800 * RATIO:, PRIV_RATIO.!GROUP3, and PRIV_RATIO.!GROUP5 are used, with: 75=max(20,75,0) and 800=max(100,800,400). Note that the 0 (file) ratio for GROUP5 is NOT used as infinity (however, if all relevant ratios had been been 0, then an "unlimited" download ratio is assumed). Note: To suppress downloads on a "per-user" basis (but allow the user to view the contents of a directory), you can use -1 as a file ratio in one of your PRIV_RATIO.! variables. However, if a non "-1" ratio also applies to a given user, this suppression will not be invoked (that is, ratios of -1 and 0 are both subject to the "greater values dominate" rule). Advanced Note: You might want to fine tune the "significance" of downloads from selected directories. That is, in addition to relaxing (or tightening) the requirements for downloading from a given directory, you may want to state that downloads from this directory effect your TOTAL byte (and file) counts less then (or more then) usual. In other words, you may want to "weight" the bytes by some factor. You can do this by setting the appropriate PRIV_WEIGHT.! variables. ================================================================ VII) BBS and Caching To improve throughput, BBS supports a form of "dynamic caching" of the listings of directories and .ZIP file expansions. This involves "partial compilation of HTML" files, with these partially compiled files used to honor sufficiently similar requests. Basically, after BBS has constructed a document displaying a directory, or a .ZIP file expansion, it "caches" a copy of it to the BBSCACHE_DIR directory. Since the actual listing may contain user and password information (as may the request string that invoked this listing), BBS first strips out username and password information. When a similar request comes in, that differs only in the username and password (that is, the same request from a different user), BBS will use this "cached" copy (after possibly substituting the current username and password). Although this can greatly improve throughput, there are a few potential drawbacks. First and foremost, unless otherwise instructed, BBS does NOT attempt to verify the listing against the current contents of the directory. Thus, if one removes files from a directory that has been "cached", these deletions will not be reflected (to the next user requesting a listing of the directory). Similarly, changes to the header or footer file will not be displayed. BBS provides several mechanisms for mitigating this problem. 1) The CACHE_DURATION parameter. CACHE_DURATION should be set to number of days (where 0.5 yields 12 hours) a "cached file" is valid. After this time has elapsed (measured from the moment the temporary file was created), a request will create a new listing (and overwrite the current one). The best value of this parameter will depend on how busy the BBS is, both in terms of user requests, and in terms of addition or deletion of files. 2) The INIT option of BBS. If a BBS?INIT=1 request is issued (by a SUPERUSER), BBS will reset the cache (all cached files are deleted). This is especially useful after the BBS administrator has made substantial changes to the file structure. ! 3) For greatest efficiency in caching, we highly recommend using the BBS caching daemon (BBSCACHE.CMD). This is described in section XI! 4) If you enable the CACHE_CHECK variable, file stamps will be checked. Another concern is the size of the cache. This can be controlled with the CACHE_FILES parameter. Large values will lead to a larger cache; while small values save disk space. As a very rough example, if an average "listing" takes 10-20k, then a CACHE_FILE=100 may lead to a cache of 1 to 2 megabytes. Miscellaneous Notes: * When the CACHE_FILES limit is hit, BBS will delete the "oldest" listing first; no attempt is made to gauge which cached listing is the "busiest". * The cached listing is unique for all possible combination of options. That is (ignoring user and password infomation), a request of BBS?dir=/dir1 and a request of BBS?dir=/dir1&nosize=1 will lead to seperate listing files. Thus, if you let users easily modify their requests, you may need to substantially increase the value of CACHE_FILES. * If you have a .ZIP file, or a directory, that contains the & character in it's name; caching will not work (for convoluted reasons having to with the HTML character encoding rules). However, normal (non-cached) retrieval will work. In other words, for efficiency sake, you should avoid the use of the & character in file and directory names. * If you have enabled the use of "cookies" (by setting USE_COOKIES=1), then a seperate cache file is saved for "cookies responses" and "non-cookies" responses. ================================================================ VIII) Descriptions of request-string options to BBS. Note: A GET method request will consist of: BBS?option1=value&option2=value2&.... The following "options" are recognized (we exclude a few options that are designed for internal use by BBS): ALTSTART : Instead of displaying BBS, redirect to ALTSTART (used by BBS1A.HTM) BIN_TEXT_LINKS : Display multiple "links" to the document BIN_TEXT_MOUSEOVER : Include a mouseover javascript in these links. DATEFMT : The date display format DIR : The directory to view DIRCOLS : Number of columns to use when displaying directory links FORCETEXT : Transfer all files as "text/plain" FORCEBINARY : Transfer all files as "application/octet-stream" (binary) INIT : Initialize NOICONS : Do NOT display icons NODIR : Do NOT display parent and child directories NOTIME : Dos NOT display file creation time NODATE : Do NOT display file creation time and date NODESC : Do NOT display file description NOSIZE : Do NOT display file size NOCACHE : Do NOT cache this directory listing ROOTDIR : Do NOT provide link to parent directory SHORT : Use a short display format SIZEFMT : The file-size display format SORTBY : The sorting criteria (date, name, etc.) TIMEFMT : The time format USE_WINDOW : Display files in a "viewer" window ZIPFILE : The .ZIP file to view. ------------------------------------------------------ ALTSTART: Redirect to an "alternative" startup document ALTSTART should be equal to an absolute or relative URL. It is typically used by BBS1A.HTM (or your own equivalent) to provide an "alternative" startup document. For example, you could point to a complicated table, with each cell corresponding to the root of some directory tree -- with BBS handling each of these trees. Example: ALTSTART="/BBS1B.HTM" Note: for "cookies" to work properly, the ALTSTART URL should be relative to the document that invokes it. BIN_TEXT_LINKS: If 1, then include a "text" link and a "binary" link. This is a convenient way of allowing the client to choose how the file should be "requested". Example: BBS?DIR=SpotDog/Files&bin_text_links=1 If BIN_TEXT_LINKS=1, three choices are displayed: i) a "download at text" link (displaying a text icon) ii) a "download as binary" link (displaying a binary icon) iii) a "download as mime type" link (displaying the file name) Note that if NOICONS is set, then i and ii will be displayed as text. If BIN_TEXT_LINKS=0, two choices are displayed: i) a "download as mime type" link (using an appropriate icon) ii) a "download as mime type" link (displaying the file name) Note that if NOICONS is set, then i will NOT be displayed. Notes: * See the DEF_BIN_TEXT_LINKS parameter for an alternative to the use of BIN_TEXT_LINKS. * If you use BIN_TEXT_LINKS (or DEF_BIN_TEXT_LINKS), you should NOT use FORCETEXT and FORCEBINARY. BIN_TEXT_MOUSEOVER: If 1, then include a simple mouseover javascript in the above links A simple "mouseover" javascript will be included in the text and binary link displayed when BIN_TEXT_LINKS is enabled. This script will write a message to the status window stating "Download xxx as binary" or "Download xxx as text" This does increase the size of the download file, but clarifies what these "force as binary or text" download links are meant to do. DATEFMT: Can take several values (see REXX Date function documentation for details): default: 27 Aug 1988 B: 725975 D: 240 E: 27/08/88 L: 27 August 1988 M: August N: 27 Aug 1988 O: 88/08/27 S: 19880827 U: 08/27/88 W: Saturday Example: BBS?DIR=SpotDog/Files&datefmt=N Example: BBS?DIR=SpotDog/Files&datefmt=U DIR: This is the "requested directory" to be displayed. Example: BBS?DIR=SpotDog/Fires The "requested directory" is SpotDot/Files The "prefix" is SpotDog Note that the actual directory pointed to by the "requested directory" should be: i) relative to the FILE_DIR directory, ii) relative to a directory specified in BBS.CTL. iii) specified (using the "prefix") by a DOWNLOAD_DIR entry. See section XII for further details. DIRCOLS: Number of table columns used to display directories. Example: BBS?DIR=SpotDog/Files&dircols=4 Notes: * If you have directory descriptions, you probably should set DIRCOLS=1. * The default is 2. * DIRCOLS is ignored if NOTABLE=1 FORCETEXT: If =1, asume all files are "text/plain" MIME type. This is a convenient way to force the client's browser to display all files (such as .LST files), without the need to run a "helper app". Of course, if a binary file is chosen, this will yield ugly and inappropriate results! Example: BBS?DIR=SpotDog/Files&forcetext=1 When FORCETEXT is used: with icons: A text icon (that links to a "text download") and a file name (that links to a "mime-type download") are displayed. without icons: A file name (that links to a "text download") is displayed. Notes: * You should not use both FORCETEXT and FORCEBINARY (the results will be unpredictable, but not disasterous). * See BIN_TEXT_LINKS for an alternative to FORCETEXT and FORCEBINARY FORCEBINARY: If =1, asume all files are "application/octet-stream" MIME type. This is a convenient way to force the client's browser to save all files to disk (octet-stream is longhand for "binary"). Example: BBS?DIR=SpotDog/Files&forcebinary=1 When FORCETEXT is used: with icons: A binary icon (that links to a "binary download") and a file name (that links to a "mime-type download") are displayed. without icons: A file name (that links to a "binary download") is displayed. Notes: * You should not use both FORCETEXT and FORCEBINARY (the results will be unpredictable, but not disasterous). * See BIN_TEXT_LINKS for an alternative to FORCETEXT and FORCEBINARY INIT: If =1, then initialize (clear) the BBS cache. Example: BBS?INIT=1 NOTABLE : Use
, not