Context Navigation

source: trunk/dns.cgi@ 375

Last change on this file since 375 was 375, checked in by Kris Deugau, 12 years ago

/trunk

Checkpoint adding locations/views. See #10.

Tweak new locations table again with an internal serial for sorting and finding the "highest" previous location
Complete "Add location" stub
Fill in initial display page for "Edit location"
Tweak location add/edit/update template a little, add new comments field to match new field in table
Tweak location import so we don't end up with great long space-free fields similar to what can't be avoided with TXT (usually SPF/DomainKeys) records
Fill in addLoc() stub
Add getLoc()
Tweak location export to strip commas and whitespace properly

Property svn:executable set to *
Property svn:keywords set to Date Rev Author Id

File size: 85.5 KB

Line
1	#!/usr/bin/perl -w -T
2	# Main web UI script for DeepNet DNS Administrator
3	##
4	# $Id: dns.cgi 375 2012-08-08 22:04:47Z kdeugau $
5	# Copyright 2008-2012 Kris Deugau <kdeugau@deepnet.cx>
6	#
7	# This program is free software: you can redistribute it and/or modify
8	# it under the terms of the GNU General Public License as published by
9	# the Free Software Foundation, either version 3 of the License, or
10	# (at your option) any later version.
11	#
12	# This program is distributed in the hope that it will be useful,
13	# but WITHOUT ANY WARRANTY; without even the implied warranty of
14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15	# GNU General Public License for more details.
16	#
17	# You should have received a copy of the GNU General Public License
18	# along with this program. If not, see <http://www.gnu.org/licenses/>.
19	##
20
21	use strict;
22	use warnings;
23
24	use CGI::Carp qw (fatalsToBrowser);
25	use CGI::Simple;
26	use HTML::Template;
27	use CGI::Session;
28	use Crypt::PasswdMD5;
29	use Digest::MD5 qw(md5_hex);
30	use Net::DNS;
31	use DBI;
32	use Data::Dumper;
33
34	#sub is_tainted {
35	# # from perldoc perlsec
36	# return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1 };
37	#}
38	#use Cwd 'abs_path';
39	#use File::Basename;
40	#use lib dirname( abs_path $0 );
41	#die "argh! tainted!" if is_tainted($0);
42	#die "argh! \@INC got tainted!" if is_tainted(@INC);
43
44	# don't remove! required for GNU/FHS-ish install from tarball
45	use lib '.'; ##uselib##
46
47	use DNSDB qw(:ALL);
48
49	my @debugbits; # temp, to be spit out near the end of processing
50	my $debugenv = 0;
51
52	# Let's do these templates right...
53	my $templatedir = "templates";
54
55	# Set up the CGI object...
56	my $q = new CGI::Simple;
57	# ... and get query-string params as well as POST params if necessary
58	$q->parse_query_string;
59
60	# This is probably excessive fiddling, but it puts the parameters somewhere my fingers know about...
61	my %webvar = $q->Vars;
62
63	# shut up some warnings, in case we arrive somewhere we forgot to set this
64	$webvar{defrec} = 'n' if !$webvar{defrec}; # non-default records
65	$webvar{revrec} = 'n' if !$webvar{revrec}; # non-reverse (domain) records
66
67	# load some local system defaults (mainly DB connect info)
68	# note this is not absolutely fatal, since there's a default dbname/user/pass in DNSDB.pm
69	# we'll catch a bad DB connect string once we get to trying that
70	##fixme: pass params to loadConfig, and use them there, to allow one codebase to support multiple sites
71	if (!loadConfig()) {
72	warn "Using default configuration; unable to load custom settings: $DNSDB::errstr";
73	}
74
75	# persistent stuff needed on most/all pages
76	my $sid = ($webvar{sid} ? $webvar{sid} : undef);
77	my $session = new CGI::Session("driver:File", $sid, {Directory => $config{sessiondir}})
78	or die CGI::Session->errstr();
79	#$sid = $session->id() if !$sid;
80	if (!$sid) {
81	# init stuff. can probably axe this down to just above if'n'when user manipulation happens
82	$sid = $session->id();
83	$session->expire($config{timeout});
84	# need to know the "upper" group the user can deal with; may as well
85	# stick this in the session rather than calling out to the DB every time.
86	$session->param('logingroup',1);
87	$session->param('curgroup',1); # yes, we do need to track this too. er, probably.
88	$session->param('domlistsortby','domain');
89	$session->param('domlistorder','ASC');
90	$session->param('revzonessortby','revnet');
91	$session->param('revzonesorder','ASC');
92	$session->param('useradminsortby','user');
93	$session->param('useradminorder','ASC');
94	$session->param('grpmansortby','group');
95	$session->param('grpmanorder','ASC');
96	$session->param('reclistsortby','host');
97	$session->param('reclistorder','ASC');
98	$session->param('logsortby','stamp');
99	$session->param('logorder','DESC');
100	}
101
102	# Just In Case. Stale sessions should not be resurrectable.
103	if ($sid ne $session->id()) {
104	$sid = '';
105	changepage(page=> "login", sessexpired => 1);
106	}
107
108	# normal expiry, more or less
109	if ($session->is_expired) {
110	$sid = '';
111	changepage(page=> "login", sessexpired => 1);
112	}
113
114	my $logingroup = ($session->param('logingroup') ? $session->param('logingroup') : 1);
115	my $curgroup = ($session->param('curgroup') ? $session->param('curgroup') : $logingroup);
116
117	# decide which page to spit out...
118	# also set $webvar{page} before we try to use it.
119	$webvar{page} = 'login' if !$webvar{page};
120
121	# per-page startwith, filter, searchsubs
122
123	##fixme: complain-munge-and-continue with non-"[a-z0-9-.]" filter and startwith
124	$webvar{startwith} =~ s/^(0-9\|[a-z]).*/$1/ if $webvar{startwith};
125	# not much call for chars not allowed in domain names
126	$webvar{filter} =~ s/[^a-zA-Z0-9_.:\@-]//g if $webvar{filter};
127	## only set 'y' if box is checked, no other values legal
128	## however, see https://secure.deepnet.cx/trac/dnsadmin/ticket/31
129	# first, drop obvious fakes
130	delete $webvar{searchsubs} if $webvar{searchsubs} && $webvar{searchsubs} !~ /^[ny]/;
131	# strip the known "turn me off!" bit.
132	$webvar{searchsubs} =~ s/^n\s?// if $webvar{searchsubs};
133	# strip non-y/n - note this legitimately allows {searchsubs} to go empty
134	$webvar{searchsubs} =~ s/[^yn]//g if $webvar{searchsubs};
135
136	$session->param($webvar{page}.'startwith', $webvar{startwith}) if defined($webvar{startwith});
137	$session->param($webvar{page}.'filter', $webvar{filter}) if defined($webvar{filter});
138	$session->param($webvar{page}.'searchsubs', $webvar{searchsubs}) if defined($webvar{searchsubs});
139
140	my $startwith = $session->param($webvar{page}.'startwith');
141	my $filter = $session->param($webvar{page}.'filter');
142	my $searchsubs = $session->param($webvar{page}.'searchsubs');
143
144	# ... and assemble the args
145	my @filterargs;
146	push @filterargs, "^[$startwith]" if $startwith;
147	push @filterargs, $filter if $filter;
148
149	# nrgh, can't handle login here because we don't have a database handle to check the user/pass with yet
150
151	my $header = HTML::Template->new(filename => "$templatedir/header.tmpl");
152	my $footer = HTML::Template->new(filename => "$templatedir/footer.tmpl");
153	$header->param(orgname => $config{orgname}) if $config{orgname} ne 'Example Corp';
154	$footer->param(version => $DNSDB::VERSION);
155
156	## set up "URL to self"
157	# @#$%@%@#% XHTML - & in a URL must be escaped. >:(
158	my $uri_self = $ENV{REQUEST_URI};
159	$uri_self =~ s/\&([a-z])/\&amp\;$1/g;
160
161	# le sigh. and we need to strip any previous action
162	$uri_self =~ s/\&action=[^&]+//g;
163
164	# and search filter options. these get stored in the session, but discarded
165	# as soon as you switch to a different page.
166	##fixme: think about retaining these on a per-page basis, as well as offset; same as the sort-order bits
167	no warnings qw(uninitialized);
168	$uri_self =~ s/\&startwith=[a-z09-]*(\&)?/$1/g;
169	$uri_self =~ s/\&searchsubs=[a-z09-]*(\&)?/$1/g;
170	$uri_self =~ s/\&filter=[a-z09-]*(\&)?/$1/g;
171	use warnings qw(uninitialized);
172
173	# Fix up $uri_self so we don't lose the session/page
174	$uri_self .= "?sid=$sid&page=$webvar{page}" if $uri_self =~ m{/dns.cgi$};
175	$uri_self = "$ENV{SCRIPT_NAME}?sid=$sid&page=$webvar{page}$1" if $uri_self =~ m{/dns.cgi\&(.+)$};
176
177	# pagination
178	my $perpage = 15;
179	$perpage = $config{perpage} if $config{perpage};
180	my $offset = ($webvar{offset} ? $webvar{offset} : 0);
181
182	# NB: these must match the field name and SQL ascend/descend syntax respectively
183	my $sortby = "domain";
184	my $sortorder = "ASC";
185
186	##fixme: quit throwing the database handle around, and put all the SQL and direct DB fiddling into DNSDB.pm
187	# dbname, user, pass, host (optional)
188	my ($dbh,$msg) = connectDB($config{dbname}, $config{dbuser}, $config{dbpass}, $config{dbhost});
189
190	if (!$dbh) {
191	print "Content-type: text/html\n\n";
192	print $header->output;
193	my $errpage = HTML::Template->new(filename => "$templatedir/dberr.tmpl");
194	$errpage->param(errmsg => $msg);
195	print $errpage->output;
196	print $footer->output;
197	exit;
198	}
199
200	# Load config pieces from the database. Ideally all but the DB user/pass/etc should be loaded here.
201	initGlobals($dbh);
202
203	# security check - does the user have permission to view this entity?
204	# this is a prep step used "many" places
205	my @viewablegroups;
206	getChildren($dbh, $logingroup, \@viewablegroups, 'all');
207	push @viewablegroups, $logingroup;
208
209	my $page;
210	eval {
211	# sigh. can't set loop_context_vars or global_vars once instantiated.
212	$page = HTML::Template->new(filename => "$templatedir/$webvar{page}.tmpl",
213	loop_context_vars => 1, global_vars => 1);
214	};
215	if ($@) {
216	my $msg = $@;
217	$page = HTML::Template->new(filename => "$templatedir/badpage.tmpl");
218	if (-e "$templatedir/$webvar{page}.tmpl") {
219	$page->param(badtemplate => $q->escapeHTML($msg));
220	} else {
221	warn "Bad page $webvar{page} requested";
222	$page->param(badpage => $q->escapeHTML($webvar{page}));
223	}
224	$webvar{page} = 'badpage';
225	}
226
227	# handle login redirect
228	if ($webvar{action}) {
229	if ($webvar{action} eq 'login') {
230	# Snag ACL/permissions here too
231
232	my $userdata = login($dbh, $webvar{username}, $webvar{password});
233
234	if ($userdata) {
235
236	# set session bits
237	$session->param('logingroup',$userdata->{group_id});
238	$session->param('curgroup',$userdata->{group_id});
239	$session->param('uid',$userdata->{user_id});
240	$session->param('username',$webvar{username});
241
242	changepage(page => "domlist");
243
244	} else {
245	$webvar{loginfailed} = 1;
246	} # user data fetch check
247
248	} elsif ($webvar{action} eq 'logout') {
249	# delete the session
250	$session->delete();
251	$session->flush();
252
253	my $newurl = "http://$ENV{HTTP_HOST}$ENV{SCRIPT_NAME}";
254	$newurl =~ s\|/[^/]+$\|/\|;
255	print "Status: 302\nLocation: $newurl\n\n";
256	exit;
257
258	} elsif ($webvar{action} eq 'chgroup') {
259	# fiddle session-stored group data
260	# magic incantation to... uhhh...
261
262	# ... and the "change group" bits...
263	$uri_self =~ s/\&group=[^&]*//g;
264
265	# security check - does the user have permission to view this entity?
266	my $errmsg;
267	if (!(grep /^$webvar{group}$/, @viewablegroups)) {
268	# hmm. Reset the current group to the login group? Yes. Prevents confusing behaviour elsewhere.
269	$session->param('curgroup',$logingroup);
270	$webvar{group} = $logingroup;
271	$curgroup = $logingroup;
272	$errmsg = "You are not permitted to view or make changes in the requested group";
273	$page->param(errmsg => $errmsg);
274	}
275
276	$session->param('curgroup', $webvar{group});
277	$curgroup = ($webvar{group} ? $webvar{group} : $session->param('curgroup'));
278
279	# I hate special cases.
280	##fixme: probably need to handle webvar{revrec}=='y' too
281	if ($webvar{page} eq 'reclist' && $webvar{defrec} eq 'y') {
282	my %args = (page => $webvar{page}, id => $curgroup, defrec => $webvar{defrec}, revrec => $webvar{revrec});
283	$args{errmsg} = $errmsg if $errmsg;
284	changepage(%args);
285	}
286
287	}
288	} # handle global webvar{action}s
289
290	# finally check if the user was disabled. we could just leave this for logout/session expiry,
291	# but if they keep the session active they'll continue to have access long after being disabled. :/
292	# Treat it as a session expiry.
293	if ($session->param('uid') && !userStatus($dbh, $session->param('uid')) ) {
294	$sid = '';
295	$session->delete; # force expiry of the session Right Away
296	$session->flush; # make sure it hits storage
297	changepage(page=> "login", sessexpired => 1);
298	}
299
300	# Misc Things To Do on most pages
301	initPermissions($dbh, $session->param('uid'));
302	initActionLog($dbh, $session->param('uid'));
303
304	$page->param(sid => $sid) unless $webvar{page} eq 'login'; # no session ID on the login page
305
306	if ($webvar{page} eq 'login') {
307
308	$page->param(loginfailed => 1) if $webvar{loginfailed};
309	$page->param(sessexpired => 1) if $webvar{sessexpired};
310	$page->param(version => $DNSDB::VERSION);
311
312	} elsif ($webvar{page} eq 'domlist' or $webvar{page} eq 'index') {
313
314	$page->param(domlist => 1);
315
316	# hmm. seeing problems in some possibly-not-so-corner cases.
317	# this currently only handles "domain on", "domain off"
318	if (defined($webvar{zonestatus})) {
319	# security check - does the user have permission to access this entity?
320	my $flag = 0;
321	foreach (@viewablegroups) {
322	$flag = 1 if isParent($dbh, $_, 'group', $webvar{id}, 'domain');
323	}
324	if ($flag && ($permissions{admin} \|\| $permissions{domain_edit})) {
325	my $stat = zoneStatus($dbh,$webvar{id},'n',$webvar{zonestatus});
326	$page->param(resultmsg => $DNSDB::resultstr);
327	} else {
328	$page->param(errmsg => "You are not permitted to view or change the requested domain");
329	}
330	$uri_self =~ s/\&zonestatus=[^&]*//g; # clean up URL for stuffing into templates
331	}
332
333	if ($session->param('resultmsg')) {
334	$page->param(resultmsg => $session->param('resultmsg'));
335	$session->clear('resultmsg');
336	}
337	if ($session->param('errmsg')) {
338	$page->param(errmsg => $session->param('errmsg'));
339	$session->clear('errmsg');
340	}
341
342	$page->param(curpage => $webvar{page});
343
344	listdomains();
345
346	} elsif ($webvar{page} eq 'newdomain') {
347
348	changepage(page => "domlist", errmsg => "You are not permitted to add domains")
349	unless ($permissions{admin} \|\| $permissions{domain_create});
350
351	$webvar{group} = $curgroup if !$webvar{group};
352	fill_grouplist("grouplist", $webvar{group});
353
354	if ($session->param('add_failed')) {
355	$session->clear('add_failed');
356	$page->param(add_failed => 1);
357	$page->param(errmsg => $session->param('errmsg'));
358	$session->clear('errmsg');
359	$page->param(domain => $webvar{domain});
360	$page->param(addinactive => $webvar{makeactive} eq 'n');
361	}
362
363	} elsif ($webvar{page} eq 'adddomain') {
364
365	changepage(page => "domlist", errmsg => "You are not permitted to add domains")
366	unless ($permissions{admin} \|\| $permissions{domain_create});
367
368	# security check - does the user have permission to access this entity?
369	if (!check_scope(id => $webvar{group}, type => 'group')) {
370	$session->param('add_failed', 1);
371	##fixme: domain a security risk for XSS?
372	changepage(page => "newdomain", domain => $webvar{domain},
373	errmsg => "You do not have permission to add a domain to the requested group");
374	}
375
376	$webvar{makeactive} = 0 if !defined($webvar{makeactive});
377
378	my ($code,$msg) = addDomain($dbh,$webvar{domain},$webvar{group},($webvar{makeactive} eq 'on' ? 1 : 0),
379	(username => $session->param("username"), id => $session->param("uid")));
380
381	if ($code eq 'OK') {
382	mailNotify($dbh, "New ".($webvar{makeactive} eq 'on' ? 'Active' : 'Inactive')." Domain Created",
383	($webvar{makeactive} eq 'on' ? 'Active' : 'Inactive').qq( domain "$webvar{domain}" added by ).
384	$session->param("username"));
385	changepage(page => "reclist", id => $msg);
386	} else {
387	$session->param('add_failed', 1);
388	##fixme: domain a security risk for XSS?
389	changepage(page => "newdomain", domain => $webvar{domain}, errmsg => $msg,
390	makeactive => ($webvar{makeactive} ? 'y' : 'n'), group => $webvar{group});
391	}
392
393	} elsif ($webvar{page} eq 'deldom') {
394
395	changepage(page => "domlist", errmsg => "You are not permitted to delete domains")
396	unless ($permissions{admin} \|\| $permissions{domain_delete});
397
398	# security check - does the user have permission to access this entity?
399	if (!check_scope(id => $webvar{id}, type => 'domain')) {
400	changepage(page => "domlist", errmsg => "You do not have permission to delete the requested domain");
401	}
402
403	$page->param(id => $webvar{id});
404
405	# first pass = confirm y/n (sorta)
406	if (!defined($webvar{del})) {
407
408	$page->param(del_getconf => 1);
409	$page->param(domain => domainName($dbh,$webvar{id}));
410
411	} elsif ($webvar{del} eq 'ok') {
412	my $pargroup = parentID($dbh, (id => $webvar{id}, type => 'domain', revrec => $webvar{revrec}));
413	my ($code,$msg) = delZone($dbh, $webvar{id}, $webvar{revrec});
414	if ($code eq 'OK') {
415	changepage(page => "domlist", resultmsg => $msg);
416	} else {
417	changepage(page => "domlist", errmsg => $msg);
418	}
419
420	} else {
421	# cancelled. whee!
422	changepage(page => "domlist");
423	}
424
425	} elsif ($webvar{page} eq 'revzones') {
426
427	$webvar{revrec} = 'y';
428
429	if (defined($webvar{zonestatus})) {
430	# security check - does the user have permission to access this entity?
431	my $flag = 0;
432	foreach (@viewablegroups) {
433	$flag = 1 if isParent($dbh, $_, 'group', $webvar{id}, 'revzone');
434	}
435	if ($flag && ($permissions{admin} \|\| $permissions{domain_edit})) {
436	my $stat = zoneStatus($dbh,$webvar{id},'y',$webvar{zonestatus});
437	$page->param(resultmsg => $DNSDB::resultstr);
438	} else {
439	$page->param(errmsg => "You are not permitted to view or change the requested reverse zone");
440	}
441	$uri_self =~ s/\&zonestatus=[^&]*//g; # clean up URL for stuffing into templates
442	}
443
444	if ($session->param('resultmsg')) {
445	$page->param(resultmsg => $session->param('resultmsg'));
446	$session->clear('resultmsg');
447	}
448	if ($session->param('errmsg')) {
449	$page->param(errmsg => $session->param('errmsg'));
450	$session->clear('errmsg');
451	}
452
453	$page->param(curpage => $webvar{page});
454	listzones();
455
456	} elsif ($webvar{page} eq 'newrevzone') {
457
458	## scope/access check - use domain settings? invent new (bleh)
459	changepage(page => "revzones", errmsg => "You are not permitted to add reverse zones")
460	unless ($permissions{admin} \|\| $permissions{domain_create});
461
462	fill_grouplist("grouplist");
463
464	# prepopulate revpatt with the matching default record
465	# getRecByName($dbh, (revrec => $webvar{revrec}, defrec => $webvar{defrec}, host => 'string'));
466
467	if ($session->param('add_failed')) {
468	$session->clear('add_failed');
469	$page->param(errmsg => $session->param('errmsg'));
470	$session->clear('errmsg');
471	$page->param(revzone => $webvar{revzone});
472	$page->param(revpatt => $webvar{revpatt});
473	}
474
475	} elsif ($webvar{page} eq 'addrevzone') {
476
477	changepage(page => "revzones", errmsg => "You are not permitted to add reverse zones")
478	unless ($permissions{admin} \|\| $permissions{domain_create});
479
480	# security check - does the user have permission to access this entity?
481	if (!check_scope(id => $webvar{group}, type => 'group')) {
482	changepage(page => "newrevzone", add_failed => 1, revzone => $webvar{revzone}, revpatt => $webvar{revpatt},
483	errmsg => "You do not have permission to add a reverse zone to the requested group");
484	}
485
486	my ($code,$msg) = addRDNS($dbh, $webvar{revzone}, $webvar{revpatt}, $webvar{group},
487	($webvar{makeactive} eq 'on' ? 1 : 0));
488
489	if ($code eq 'OK') {
490	changepage(page => "reclist", id => $msg, revrec => 'y');
491	} elsif ($code eq 'WARN') {
492	changepage(page => "reclist", id => $msg, revrec => 'y', warnmsg => $DNSDB::resultstr);
493	} else {
494	$session->param('add_failed', 1);
495	changepage(page => "newrevzone", revzone => $webvar{revzone}, revpatt => $webvar{revpatt}, errmsg => $msg);
496	}
497
498	} elsif ($webvar{page} eq 'delrevzone') {
499
500	changepage(page => "revzones", errmsg => "You are not permitted to delete reverse zones")
501	unless ($permissions{admin} \|\| $permissions{domain_delete});
502
503	# security check - does the user have permission to access this entity?
504	if (!check_scope(id => $webvar{id}, type => 'revzone')) {
505	changepage(page => "revzones", errmsg => "You do not have permission to delete the requested reverse zone");
506	}
507
508	$page->param(id => $webvar{id});
509
510	# first pass = confirm y/n (sorta)
511	if (!defined($webvar{del})) {
512
513	$page->param(del_getconf => 1);
514	$page->param(revzone => revName($dbh,$webvar{id}));
515
516	} elsif ($webvar{del} eq 'ok') {
517	my $pargroup = parentID($dbh, (id => $webvar{id}, type => 'revzone', revrec => $webvar{revrec}));
518	my $zone = revName($dbh, $webvar{id});
519	my ($code,$msg) = delZone($dbh, $webvar{id}, 'y');
520	if ($code eq 'OK') {
521	changepage(page => "revzones", resultmsg => $msg);
522	} else {
523	changepage(page => "revzones", errmsg => $msg);
524	}
525
526	} else {
527	# cancelled. whee!
528	changepage(page => "revzones");
529	}
530
531	} elsif ($webvar{page} eq 'reclist') {
532
533	# security check - does the user have permission to view this entity?
534	if (!check_scope(id => $webvar{id}, type =>
535	($webvar{defrec} eq 'y' ? 'group' : ($webvar{revrec} eq 'y' ? 'revzone' : 'domain')))) {
536	$page->param(errmsg => "You are not permitted to view or change the requested ".
537	($webvar{defrec} eq 'y' ? "group's default records" :
538	($webvar{revrec} eq 'y' ? "reverse zone's records" : "domain's records")));
539	$page->param(perm_err => 1); # this causes the template to skip the record listing output.
540	goto DONERECLIST; # and now we skip filling in the content which is not printed due to perm_err above
541	}
542
543	# hmm. where do we send them?
544	if ($webvar{defrec} eq 'y' && !$permissions{admin}) {
545	$page->param(errmsg => "You are not permitted to edit default records");
546	$page->param(perm_err => 1);
547	} else {
548
549	$page->param(mayeditsoa => $permissions{admin} \|\| $permissions{domain_edit});
550	##fixme: ACL needs pondering. Does "edit domain" interact with record add/remove/etc?
551	# Note this seems to be answered "no" in Vega.
552	# ACLs
553	$page->param(record_create => ($permissions{admin} \|\| $permissions{record_create}) );
554	# we don't have any general edit links on the page; they're all embedded in the TMPL_LOOP
555	# $page->param(record_edit => ($permissions{admin} \|\| $permissions{record_edit}) );
556	$page->param(record_delete => ($permissions{admin} \|\| $permissions{record_delete}) );
557
558	# Handle record list for both default records (per-group) and live domain records
559
560	$page->param(defrec => $webvar{defrec});
561	$page->param(revrec => $webvar{revrec});
562	$page->param(id => $webvar{id});
563	$page->param(curpage => $webvar{page});
564
565	my $count = getRecCount($dbh, $webvar{defrec}, $webvar{revrec}, $webvar{id}, $filter);
566
567	$sortby = 'host';
568	# sort/order
569	$session->param($webvar{page}.'sortby', $webvar{sortby}) if $webvar{sortby};
570	$session->param($webvar{page}.'order', $webvar{order}) if $webvar{order};
571
572	$sortby = $session->param($webvar{page}.'sortby') if $session->param($webvar{page}.'sortby');
573	$sortorder = $session->param($webvar{page}.'order') if $session->param($webvar{page}.'order');
574
575	# set up the headers
576	my @cols;
577	my %colheads;
578	if ($webvar{revrec} eq 'n') {
579	@cols = ('host', 'type', 'val', 'distance', 'weight', 'port', 'ttl');
580	%colheads = (host => 'Name', type => 'Type', val => 'Address',
581	distance => 'Distance', weight => 'Weight', port => 'Port', ttl => 'TTL');
582	} else {
583	@cols = ('val', 'type', 'host', 'ttl');
584	%colheads = (val => 'IP Address', type => 'Type', host => 'Hostname', ttl => 'TTL');
585	}
586	my %custom = (id => $webvar{id}, defrec => $webvar{defrec}, revrec => $webvar{revrec});
587	fill_colheads($sortby, $sortorder, \@cols, \%colheads, \%custom);
588
589	# fill the page-count and first-previous-next-last-all details
590	fill_pgcount($count,"records",
591	($webvar{defrec} eq 'y' ? "group ".groupName($dbh,$webvar{id}) :
592	($webvar{revrec} eq 'y' ? revName($dbh,$webvar{id}) : domainName($dbh,$webvar{id}))
593	));
594	fill_fpnla($count); # should put some params on this sub...
595
596	$page->param(defrec => $webvar{defrec});
597	showzone($webvar{defrec}, $webvar{revrec}, $webvar{id});
598	if ($webvar{defrec} eq 'n') {
599	if ($webvar{revrec} eq 'n') {
600	$page->param(logdom => 1);
601	} else {
602	$page->param(logrdns => 1);
603	}
604	}
605
606	if ($session->param('resultmsg')) {
607	$page->param(resultmsg => $session->param('resultmsg'));
608	$session->clear('resultmsg');
609	}
610	if ($session->param('warnmsg')) {
611	$page->param(warnmsg => $session->param('warnmsg'));
612	$session->clear('warnmsg');
613	}
614	if ($session->param('errmsg')) {
615	$page->param(errmsg => $session->param('errmsg'));
616	$session->clear('errmsg');
617	}
618
619	} # close "you can't edit default records" check
620
621	# Yes, this is a GOTO target. PTBHTTT.
622	DONERECLIST: ;
623
624	} elsif ($webvar{page} eq 'record') {
625
626	# security check - does the user have permission to access this entity?
627	if (!check_scope(id => $webvar{id}, type =>
628	($webvar{defrec} eq 'y' ? ($webvar{revrec} eq 'y' ? 'defrevrec' : 'defrec') : 'record'))) {
629	$page->param(perm_err => "You are not permitted to edit the requested record");
630	goto DONEREC;
631	}
632	# round 2, check the parent.
633	if (!check_scope(id => $webvar{parentid}, type =>
634	($webvar{defrec} eq 'y' ? 'group' : ($webvar{revrec} eq 'y' ? 'revzone' : 'domain')))) {
635	my $msg = ($webvar{defrec} eq 'y' ?
636	"You are not permitted to add or edit default records in the requested group" :
637	"You are not permitted to add or edit records in the requested domain/zone");
638	$page->param(perm_err => $msg);
639	goto DONEREC;
640	}
641
642	$page->param(defrec => $webvar{defrec});
643	$page->param(revrec => $webvar{revrec});
644	$page->param(fwdzone => $webvar{revrec} eq 'n');
645
646	if ($webvar{recact} eq 'new') {
647
648	changepage(page => "reclist", errmsg => "You are not permitted to add records", id => $webvar{parentid})
649	unless ($permissions{admin} \|\| $permissions{record_create});
650
651	$page->param(todo => "Add record");
652	$page->param(recact => "add");
653	$page->param(parentid => $webvar{parentid});
654
655	fill_recdata();
656
657	} elsif ($webvar{recact} eq 'add') {
658
659	changepage(page => "reclist", errmsg => "You are not permitted to add records", id => $webvar{parentid})
660	unless ($permissions{admin} \|\| $permissions{record_create});
661
662	my @recargs = ($dbh,$webvar{defrec},$webvar{revrec},$webvar{parentid},
663	\$webvar{name},\$webvar{type},\$webvar{address},$webvar{ttl});
664	if ($webvar{type} == $reverse_typemap{MX} or $webvar{type} == $reverse_typemap{SRV}) {
665	push @recargs, $webvar{distance};
666	if ($webvar{type} == $reverse_typemap{SRV}) {
667	push @recargs, $webvar{weight};
668	push @recargs, $webvar{port};
669	}
670	}
671
672	my ($code,$msg) = addRec(@recargs);
673
674	if ($code eq 'OK' \|\| $code eq 'WARN') {
675	my %pageparams = (page => "reclist", id => $webvar{parentid},
676	defrec => $webvar{defrec}, revrec => $webvar{revrec});
677	$pageparams{warnmsg} = $msg."<br><br>\n".$DNSDB::resultstr if $code eq 'WARN';
678	$pageparams{resultmsg} = $DNSDB::resultstr if $code eq 'OK';
679	changepage(%pageparams);
680	} else {
681	$page->param(failed => 1);
682	$page->param(errmsg => $msg);
683	$page->param(wastrying => "adding");
684	$page->param(todo => "Add record");
685	$page->param(recact => "add");
686	$page->param(parentid => $webvar{parentid});
687	$page->param(id => $webvar{id});
688	fill_recdata(); # populate the form... er, mostly.
689	}
690
691	} elsif ($webvar{recact} eq 'edit') {
692
693	changepage(page => "reclist", errmsg => "You are not permitted to edit records", id => $webvar{parentid})
694	unless ($permissions{admin} \|\| $permissions{record_edit});
695
696	$page->param(todo => "Update record");
697	$page->param(recact => "update");
698	$page->param(parentid => $webvar{parentid});
699	$page->param(id => $webvar{id});
700	my $recdata = getRecLine($dbh, $webvar{defrec}, $webvar{revrec}, $webvar{id});
701	$page->param(name => $recdata->{host});
702	$page->param(address => $recdata->{val});
703	$page->param(distance => $recdata->{distance});
704	$page->param(weight => $recdata->{weight});
705	$page->param(port => $recdata->{port});
706	$page->param(ttl => $recdata->{ttl});
707	$page->param(typelist => getTypelist($dbh, $webvar{revrec}, $recdata->{type}));
708
709	} elsif ($webvar{recact} eq 'update') {
710
711	changepage(page => "reclist", errmsg => "You are not permitted to edit records", id => $webvar{parentid})
712	unless ($permissions{admin} \|\| $permissions{record_edit});
713
714	my ($code,$msg) = updateRec($dbh,$webvar{defrec},$webvar{revrec},$webvar{id},$webvar{parentid},
715	\$webvar{name},\$webvar{type},\$webvar{address},$webvar{ttl},
716	$webvar{distance},$webvar{weight},$webvar{port});
717
718	if ($code eq 'OK' \|\| $code eq 'WARN') {
719	my %pageparams = (page => "reclist", id => $webvar{parentid},
720	defrec => $webvar{defrec}, revrec => $webvar{revrec});
721	$pageparams{warnmsg} = $msg."<br><br>\n".$DNSDB::resultstr if $code eq 'WARN';
722	$pageparams{resultmsg} = $DNSDB::resultstr if $code eq 'OK';
723	changepage(%pageparams);
724	} else {
725	$page->param(failed => 1);
726	$page->param(errmsg => $msg);
727	$page->param(wastrying => "updating");
728	$page->param(todo => "Update record");
729	$page->param(recact => "update");
730	$page->param(parentid => $webvar{parentid});
731	$page->param(id => $webvar{id});
732	fill_recdata();
733	}
734	}
735
736	if ($webvar{defrec} eq 'y') {
737	$page->param(dohere => "default records in group ".groupName($dbh,$webvar{parentid}));
738	} else {
739	$page->param(dohere => domainName($dbh,$webvar{parentid})) if $webvar{revrec} eq 'n';
740	$page->param(dohere => revName($dbh,$webvar{parentid})) if $webvar{revrec} eq 'y';
741	}
742
743	# Yes, this is a GOTO target. PTBHTTT.
744	DONEREC: ;
745
746	} elsif ($webvar{page} eq 'delrec') {
747
748	# This is a complete separate segment since it uses a different template from add/edit records above
749
750	changepage(page => "reclist", errmsg => "You are not permitted to delete records", id => $webvar{parentid},
751	defrec => $webvar{defrec}, revrec => $webvar{revrec})
752	unless ($permissions{admin} \|\| $permissions{record_delete});
753
754	if (!check_scope(id => $webvar{id}, type =>
755	($webvar{defrec} eq 'y' ? ($webvar{revrec} eq 'y' ? 'defrevrec' : 'defrec') : 'record'))) {
756	# redirect to domlist because we don't have permission for the entity requested
757	changepage(page => 'domlist', revrec => $webvar{revrec},
758	errmsg => "You do not have permission to delete records in the requested ".
759	($webvar{defrec} eq 'y' ? 'group' : 'domain'));
760	}
761
762	$page->param(id => $webvar{id});
763	$page->param(defrec => $webvar{defrec});
764	$page->param(revrec => $webvar{revrec});
765	$page->param(parentid => $webvar{parentid});
766	# first pass = confirm y/n (sorta)
767	if (!defined($webvar{del})) {
768	$page->param(del_getconf => 1);
769	my $rec = getRecLine($dbh, $webvar{defrec}, $webvar{revrec}, $webvar{id});
770	$page->param(host => $rec->{host});
771	$page->param(ftype => $typemap{$rec->{type}});
772	$page->param(recval => $rec->{val});
773	} elsif ($webvar{del} eq 'ok') {
774	my ($code,$msg) = delRec($dbh, $webvar{defrec}, $webvar{revrec}, $webvar{id});
775	if ($code eq 'OK') {
776	changepage(page => "reclist", id => $webvar{parentid}, defrec => $webvar{defrec},
777	revrec => $webvar{revrec}, resultmsg => $msg);
778	} else {
779	## need to find failure mode
780	changepage(page => "reclist", id => $webvar{parentid}, defrec => $webvar{defrec},
781	revrec => $webvar{revrec}, errmsg => $msg);
782	}
783	} else {
784	changepage(page => "reclist", id => $webvar{parentid}, defrec => $webvar{defrec}, revrec => $webvar{revrec});
785	}
786
787	} elsif ($webvar{page} eq 'editsoa') {
788
789	# security check - does the user have permission to view this entity?
790	# id is domain/revzone/group id
791	if (!check_scope(id => $webvar{id}, type =>
792	($webvar{defrec} eq 'y' ? 'group' : ($webvar{revrec} eq 'y' ? 'revzone' : 'domain')))) {
793	changepage(page => 'domlist', errmsg => "You do not have permission to edit the ".
794	($webvar{defrec} eq 'y' ? 'default ' : '')."SOA record for the requested ".
795	($webvar{defrec} eq 'y' ? 'group' : 'domain'));
796	}
797
798	if ($webvar{defrec} eq 'y') {
799	changepage(page => "domlist", errmsg => "You are not permitted to edit default records")
800	unless $permissions{admin};
801	} else {
802	changepage(page => "reclist", errmsg => "You are not permitted to edit domain SOA records", id => $webvar{id})
803	unless ($permissions{admin} \|\| $permissions{domain_edit});
804	}
805
806	fillsoa($webvar{defrec},$webvar{revrec},$webvar{id});
807
808	} elsif ($webvar{page} eq 'updatesoa') {
809
810	# security check - does the user have permission to view this entity?
811	# pass 1, record ID
812	if (!check_scope(id => $webvar{recid}, type =>
813	($webvar{defrec} eq 'y' ? ($webvar{revrec} eq 'y' ? 'defrevrec' : 'defrec') : 'record'))) {
814	##fixme: should we redirect to the requested record list page instead of the domain list?
815	changepage(page => 'domlist', errmsg => "You do not have permission to edit the requested SOA record");
816	}
817	# pass 2, parent (group or domain) ID
818	if (!check_scope(id => $webvar{id}, type =>
819	($webvar{defrec} eq 'y' ? 'group' : ($webvar{revrec} eq 'y' ? 'revzone' : 'domain')))) {
820	changepage(page => ($webvar{revrec} eq 'y' ? 'revzones' : 'domlist'),
821	errmsg => "You do not have permission to edit the ".
822	($webvar{defrec} eq 'y' ? 'default ' : '')."SOA record for the requested ".
823	($webvar{defrec} eq 'y' ? 'group' : ($webvar{revrec} eq 'y' ? 'reverse zone' : 'domain')) );
824	}
825
826	changepage(page => "reclist", errmsg => "You are not permitted to edit domain SOA records", id => $webvar{id})
827	unless ($permissions{admin} \|\| $permissions{domain_edit});
828
829	my ($code, $msg) = updateSOA($dbh, $webvar{defrec}, $webvar{revrec},
830	(contact => $webvar{contact}, prins => $webvar{prins}, refresh => $webvar{refresh},
831	retry => $webvar{retry}, expire => $webvar{expire}, minttl => $webvar{minttl},
832	ttl => $webvar{ttl}, id => $webvar{id}) );
833	if ($code eq 'OK') {
834	changepage(page => "reclist", id => $webvar{id}, defrec => $webvar{defrec}, revrec => $webvar{revrec},
835	resultmsg => "SOA record updated");
836	} else {
837	$page->param(update_failed => 1);
838	$page->param(msg => $msg);
839	fillsoa($webvar{defrec}, $webvar{revrec}, $webvar{id}, 'w');
840	}
841
842	} elsif ($webvar{page} eq 'grpman') {
843
844	listgroups();
845
846	# Permissions!
847	$page->param(addgrp => $permissions{admin} \|\| $permissions{group_create});
848	$page->param(edgrp => $permissions{admin} \|\| $permissions{group_edit});
849	$page->param(delgrp => $permissions{admin} \|\| $permissions{group_delete});
850
851	if ($session->param('resultmsg')) {
852	$page->param(resultmsg => $session->param('resultmsg'));
853	$session->clear('resultmsg');
854	}
855	if ($session->param('warnmsg')) {
856	$page->param(warnmsg => $session->param('warnmsg'));
857	$session->clear('warnmsg');
858	}
859	if ($session->param('errmsg')) {
860	$page->param(errmsg => $session->param('errmsg'));
861	$session->clear('errmsg');
862	}
863	$page->param(curpage => $webvar{page});
864
865	} elsif ($webvar{page} eq 'newgrp') {
866
867	changepage(page => "grpman", errmsg => "You are not permitted to add groups")
868	unless ($permissions{admin} \|\| $permissions{group_create});
869
870	# do.. uhh.. stuff.. if we have no webvar{grpaction}
871	if ($webvar{grpaction} && $webvar{grpaction} eq 'add') {
872
873	# security check - does the user have permission to access this entity?
874	if (!check_scope(id => $webvar{pargroup}, type => 'group')) {
875	changepage(page => "grpman", errmsg => "You are not permitted to add a group to the requested parent group");
876	}
877
878	my %newperms;
879	my $alterperms = 0;
880	foreach (@permtypes) {
881	$newperms{$_} = 0;
882	if ($permissions{admin} \|\| $permissions{$_}) {
883	$newperms{$_} = (defined($webvar{$_}) && $webvar{$_} eq 'on' ? 1 : 0);
884	} else {
885	$alterperms = 1;
886	}
887	}
888	# not gonna provide the 4th param: template-or-clone flag, just yet
889	my ($code,$msg) = addGroup($dbh, $webvar{newgroup}, $webvar{pargroup}, \%newperms);
890	if ($code eq 'OK') {
891	if ($alterperms) {
892	changepage(page => "grpman", warnmsg =>
893	"You can only grant permissions you hold. New group $webvar{newgroup} added with reduced access.");
894	} else {
895	changepage(page => "grpman", resultmsg => "Added group $webvar{newgroup}");
896	}
897	} # fallthrough else
898	# no point in doing extra work
899	fill_permissions($page, \%newperms);
900	$page->param(add_failed => 1);
901	$page->param(errmsg => $msg);
902	$page->param(newgroup => $webvar{newgroup});
903	fill_grouplist('pargroup',$webvar{pargroup});
904	} else {
905	fill_grouplist('pargroup',$curgroup);
906	# fill default permissions with immediate parent's current ones
907	my %parperms;
908	getPermissions($dbh, 'group', $curgroup, \%parperms);
909	fill_permissions($page, \%parperms);
910	}
911
912	} elsif ($webvar{page} eq 'delgrp') {
913
914	changepage(page => "grpman", errmsg => "You are not permitted to delete groups", id => $webvar{parentid})
915	unless ($permissions{admin} \|\| $permissions{group_delete});
916
917	# security check - does the user have permission to access this entity?
918	if (!check_scope(id => $webvar{id}, type => 'group')) {
919	changepage(page => "grpman", errmsg => "You are not permitted to delete the requested group");
920	}
921
922	$page->param(id => $webvar{id});
923	# first pass = confirm y/n (sorta)
924	if (!defined($webvar{del})) {
925	$page->param(del_getconf => 1);
926
927	##fixme
928	# do a check for "group has stuff in it", and splatter a big warning
929	# up along with an unchecked-by-default check box to YES DAMMIT DELETE THE WHOLE THING
930
931	} elsif ($webvar{del} eq 'ok') {
932	my ($code,$msg) = delGroup($dbh, $webvar{id});
933	if ($code eq 'OK') {
934	##fixme: need to clean up log when deleting a major container
935	changepage(page => "grpman", resultmsg => $msg);
936	} else {
937	# need to find failure mode
938	changepage(page => "grpman", errmsg => $msg);
939	}
940	} else {
941	# cancelled. whee!
942	changepage(page => "grpman");
943	}
944	$page->param(delgroupname => groupName($dbh, $webvar{id}));
945
946	} elsif ($webvar{page} eq 'edgroup') {
947
948	changepage(page => "grpman", errmsg => "You are not permitted to edit groups")
949	unless ($permissions{admin} \|\| $permissions{group_edit});
950
951	# security check - does the user have permission to access this entity?
952	if (!check_scope(id => $webvar{gid}, type => 'group')) {
953	changepage(page => "grpman", errmsg => "You are not permitted to edit the requested group");
954	}
955
956	if ($webvar{grpaction} && $webvar{grpaction} eq 'updperms') {
957	# extra safety check; make sure user can't construct a URL to bypass ACLs
958	my %curperms;
959	getPermissions($dbh, 'group', $webvar{gid}, \%curperms);
960	my %chperms;
961	my $alterperms = 0;
962	foreach (@permtypes) {
963	$webvar{$_} = 0 if !defined($webvar{$_});
964	$webvar{$_} = 1 if $webvar{$_} eq 'on';
965	if ($permissions{admin} \|\| $permissions{$_}) {
966	$chperms{$_} = $webvar{$_} if $curperms{$_} ne $webvar{$_};
967	} else {
968	$alterperms = 1;
969	$chperms{$_} = 0;
970	}
971	}
972	my ($code,$msg) = changePermissions($dbh, 'group', $webvar{gid}, \%chperms);
973	if ($code eq 'OK') {
974	if ($alterperms) {
975	changepage(page => "grpman", warnmsg =>
976	"You can only grant permissions you hold. Default permissions in group ".
977	groupName($dbh, $webvar{gid})." updated with reduced access");
978	} else {
979	changepage(page => "grpman", resultmsg => $msg);
980	}
981	} # fallthrough else
982	# no point in doing extra work
983	fill_permissions($page, \%chperms);
984	$page->param(errmsg => $msg);
985	}
986	$page->param(gid => $webvar{gid});
987	$page->param(grpmeddle => groupName($dbh, $webvar{gid}));
988	my %grpperms;
989	getPermissions($dbh, 'group', $webvar{gid}, \%grpperms);
990	fill_permissions($page, \%grpperms);
991
992	} elsif ($webvar{page} eq 'bulkdomain') {
993	# Bulk operations on domains. Note all but group move are available on the domain list.
994	##fixme: do we care about bulk operations on revzones? Move-to-group, activate, deactivate,
995	# and delete should all be much rarer for revzones than for domains.
996
997	changepage(page => "domlist", errmsg => "You are not permitted to make bulk domain changes")
998	unless ($permissions{admin} \|\| $permissions{domain_edit} \|\| $permissions{domain_create} \|\| $permissions{domain_delete});
999
1000	fill_grouplist("grouplist");
1001
1002	my $count = getZoneCount($dbh, (revrec => 'n', curgroup => $curgroup) );
1003
1004	$page->param(curpage => $webvar{page});
1005	fill_pgcount($count,'domains',groupName($dbh,$curgroup));
1006	fill_fpnla($count);
1007	$page->param(perpage => $perpage);
1008
1009	my $domlist = getZoneList($dbh, (revrec => 'n', curgroup => $curgroup) );
1010	my $rownum = 0;
1011	foreach my $dom (@{$domlist}) {
1012	delete $dom->{status};
1013	delete $dom->{group};
1014	$dom->{newrow} = (++$rownum) % 5 == 0;
1015	}
1016
1017	$page->param(domtable => $domlist);
1018	# ACLs
1019	$page->param(maymove => ($permissions{admin} \|\| ($permissions{domain_edit} && $permissions{domain_create} && $permissions{domain_delete})));
1020	$page->param(maystatus => $permissions{admin} \|\| $permissions{domain_edit});
1021	$page->param(maydelete => $permissions{admin} \|\| $permissions{domain_delete});
1022
1023	} elsif ($webvar{page} eq 'bulkchange') {
1024
1025	# security check - does the user have permission to access this entity?
1026	if (!check_scope(id => $webvar{destgroup}, type => 'group')) {
1027	$page->param(errmsg => "You are not permitted to make bulk changes in the requested group");
1028	goto DONEBULK;
1029	}
1030
1031	# per-action scope checks
1032	if ($webvar{bulkaction} eq 'move') {
1033	changepage(page => "domlist", errmsg => "You are not permitted to bulk-move domains")
1034	unless ($permissions{admin} \|\| ($permissions{domain_edit} && $permissions{domain_create} && $permissions{domain_delete}));
1035	my $newgname = groupName($dbh,$webvar{destgroup});
1036	$page->param(action => "Move to group $newgname");
1037	} elsif ($webvar{bulkaction} eq 'deactivate' \|\| $webvar{bulkaction} eq 'activate') {
1038	changepage(page => "domlist", errmsg => "You are not permitted to bulk-$webvar{bulkaction} domains")
1039	unless ($permissions{admin} \|\| $permissions{domain_edit});
1040	$page->param(action => "$webvar{bulkaction} domains");
1041	} elsif ($webvar{bulkaction} eq 'delete') {
1042	changepage(page => "domlist", errmsg => "You are not permitted to bulk-delete domains")
1043	unless ($permissions{admin} \|\| $permissions{domain_delete});
1044	$page->param(action => "$webvar{bulkaction} domains");
1045	} else {
1046	# unknown action, bypass actually doing anything. it should not be possible in
1047	# normal operations, and anyone who meddles with the URL gets what they deserve.
1048	goto DONEBULK;
1049	} # move/(de)activate/delete if()
1050
1051	my @bulkresults;
1052	# nngh. due to alpha-sorting on the previous page, we can't use domid-numeric
1053	# order here, and since we don't have the domain names until we go around this
1054	# loop, we can't alpha-sort them here. :(
1055	foreach (keys %webvar) {
1056	my %row;
1057	next unless $_ =~ /^dom_\d+$/;
1058	# second security check - does the user have permission to meddle with this domain?
1059	if (!check_scope(id => $webvar{$_}, type => 'domain')) {
1060	$row{domerr} = "You are not permitted to make changes to the requested domain";
1061	$row{domain} = $webvar{$_};
1062	push @bulkresults, \%row;
1063	next;
1064	}
1065	$row{domain} = domainName($dbh,$webvar{$_});
1066
1067	# Do the $webvar{bulkaction}
1068	my ($code, $msg);
1069	($code, $msg) = changeGroup($dbh, 'domain', $webvar{$_}, $webvar{destgroup})
1070	if $webvar{bulkaction} eq 'move';
1071	if ($webvar{bulkaction} eq 'deactivate' \|\| $webvar{bulkaction} eq 'activate') {
1072	my $stat = zoneStatus($dbh,$webvar{$_},'n',($webvar{bulkaction} eq 'activate' ? 'domon' : 'domoff'));
1073	$code = (defined($stat) ? 'OK' : 'FAIL');
1074	$msg = (defined($stat) ? $DNSDB::resultstr : $DNSDB::errstr);
1075	}
1076	($code, $msg) = delZone($dbh, $webvar{$_}, 'n')
1077	if $webvar{bulkaction} eq 'delete';
1078
1079	# Set the result output from the action
1080	if ($code eq 'OK') {
1081	$row{domok} = $msg;
1082	} elsif ($code eq 'WARN') {
1083	$row{domwarn} = $msg;
1084	} else {
1085	$row{domerr} = $msg;
1086	}
1087	push @bulkresults, \%row;
1088
1089	} # foreach (keys %webvar)
1090	$page->param(bulkresults => \@bulkresults);
1091
1092	# Yes, this is a GOTO target. PTHBTTT.
1093	DONEBULK: ;
1094
1095	} elsif ($webvar{page} eq 'useradmin') {
1096
1097	if (defined($webvar{userstatus})) {
1098	# security check - does the user have permission to access this entity?
1099	my $flag = 0;
1100	foreach (@viewablegroups) {
1101	$flag = 1 if isParent($dbh, $_, 'group', $webvar{id}, 'user');
1102	}
1103	if ($flag && ($permissions{admin} \|\| $permissions{user_edit} \|\|
1104	($permissions{self_edit} && $webvar{id} == $session->param('uid')) )) {
1105	my $stat = userStatus($dbh,$webvar{id},$webvar{userstatus});
1106	$page->param(resultmsg => $DNSDB::resultstr);
1107	} else {
1108	$page->param(errmsg => "You are not permitted to view or change the requested user");
1109	}
1110	$uri_self =~ s/\&userstatus=[^&]*//g; # clean up URL for stuffing into templates
1111	}
1112
1113	list_users();
1114
1115	# Permissions!
1116	$page->param(adduser => $permissions{admin} \|\| $permissions{user_create});
1117	# should we block viewing other users? Vega blocks "editing"...
1118	# NB: no "edit self" link as with groups here. maybe there should be?
1119	# $page->param(eduser => $permissions{admin} \|\| $permissions{user_edit});
1120	$page->param(deluser => $permissions{admin} \|\| $permissions{user_delete});
1121
1122	if ($session->param('resultmsg')) {
1123	$page->param(resultmsg => $session->param('resultmsg'));
1124	$session->clear('resultmsg');
1125	}
1126	if ($session->param('warnmsg')) {
1127	$page->param(warnmsg => $session->param('warnmsg'));
1128	$session->clear('warnmsg');
1129	}
1130	if ($session->param('errmsg')) {
1131	$page->param(errmsg => $session->param('errmsg'));
1132	$session->clear('errmsg');
1133	}
1134	$page->param(curpage => $webvar{page});
1135
1136	} elsif ($webvar{page} eq 'user') {
1137
1138	# All user add/edit actions fall through the same page, since there aren't
1139	# really any hard differences between the templates
1140
1141	#fill_actypelist($webvar{accttype});
1142	fill_clonemelist();
1143	my %grpperms;
1144	getPermissions($dbh, 'group', $curgroup, \%grpperms);
1145
1146	my $grppermlist = new HTML::Template(filename => "$templatedir/permlist.tmpl");
1147	my %noaccess;
1148	fill_permissions($grppermlist, \%grpperms, \%noaccess);
1149	$grppermlist->param(info => 1);
1150	$page->param(grpperms => $grppermlist->output);
1151
1152	$page->param(is_admin => $permissions{admin});
1153
1154	$webvar{useraction} = '' if !$webvar{useraction};
1155
1156	if ($webvar{useraction} eq 'add' or $webvar{useraction} eq 'update') {
1157
1158	$page->param(add => 1) if $webvar{useraction} eq 'add';
1159
1160	# can't re-use $code and $msg for update if we want to be able to identify separate failure states
1161	my ($code,$code2,$msg,$msg2) = ('OK','OK','OK','OK');
1162
1163	my $alterperms = 0; # flag iff we need to force custom permissions due to user's current access limits
1164
1165	my %newperms; # we're going to prefill the existing permissions, so we can change them.
1166	getPermissions($dbh, 'user', $webvar{uid}, \%newperms);
1167
1168	if ($webvar{pass1} ne $webvar{pass2}) {
1169	$code = 'FAIL';
1170	$msg = "Passwords don't match";
1171	} else {
1172
1173	# assemble a permission string - far simpler than trying to pass an
1174	# indeterminate set of permission flags individually
1175
1176	# But first, we have to see if the user can add any particular
1177	# permissions; otherwise we have a priviledge escalation. Whee.
1178
1179	if (!$permissions{admin}) {
1180	my %grpperms;
1181	getPermissions($dbh, 'group', $curgroup, \%grpperms);
1182	my $ret = comparePermissions(\%permissions, \%grpperms);
1183	if ($ret eq '<' \|\| $ret eq '!') {
1184	# User's permissions are not a superset or equivalent to group. Can't inherit
1185	# (and include access user doesn't currently have), so we force custom.
1186	$webvar{perms_type} = 'custom';
1187	$alterperms = 1;
1188	}
1189	}
1190
1191	my $permstring;
1192	if ($webvar{perms_type} eq 'custom') {
1193	$permstring = 'C:';
1194	foreach (@permtypes) {
1195	if ($permissions{admin} \|\| $permissions{$_}) {
1196	$permstring .= ",$_" if defined($webvar{$_}) && $webvar{$_} eq 'on';
1197	$newperms{$_} = (defined($webvar{$_}) && $webvar{$_} eq 'on' ? 1 : 0);
1198	}
1199	}
1200	$page->param(perm_custom => 1);
1201	} elsif ($permissions{admin} && $webvar{perms_type} eq 'clone') {
1202	$permstring = "c:$webvar{clonesrc}";
1203	getPermissions($dbh, 'user', $webvar{clonesrc}, \%newperms);
1204	$page->param(perm_clone => 1);
1205	} else {
1206	$permstring = 'i';
1207	}
1208	if ($webvar{useraction} eq 'add') {
1209	changepage(page => "useradmin", errmsg => "You do not have permission to add new users")
1210	unless $permissions{admin} \|\| $permissions{user_create};
1211	# no scope check; user is created in the current group
1212	($code,$msg) = addUser($dbh, $webvar{uname}, $curgroup, $webvar{pass1},
1213	($webvar{makeactive} eq 'on' ? 1 : 0), $webvar{accttype}, $permstring,
1214	$webvar{fname}, $webvar{lname}, $webvar{phone});
1215	} else {
1216	changepage(page => "useradmin", errmsg => "You do not have permission to edit users")
1217	unless $permissions{admin} \|\| $permissions{user_edit} \|\|
1218	($permissions{self_edit} && $session->param('uid') == $webvar{uid});
1219	# security check - does the user have permission to access this entity?
1220	if (!check_scope(id => $webvar{user}, type => 'user')) {
1221	changepage(page => "useradmin", errmsg => "You do not have permission to edit the requested user");
1222	}
1223	# User update is icky. I'd really like to do this in one atomic operation,
1224	# but that gets hairy by either duplicating a lot of code in DNSDB.pm
1225	# or self-torture trying to not commit the transaction until we're really done.
1226	# Allowing for changing group, but not coding web support just yet.
1227	($code,$msg) = updateUser($dbh, $webvar{uid}, $webvar{uname}, $webvar{gid}, $webvar{pass1},
1228	($webvar{makeactive} eq 'on' ? 1 : 0), $webvar{accttype},
1229	$webvar{fname}, $webvar{lname}, $webvar{phone});
1230	if ($code eq 'OK') {
1231	$newperms{admin} = 1 if $webvar{accttype} eq 'S';
1232	($code2,$msg2) = changePermissions($dbh, 'user', $webvar{uid}, \%newperms, ($permstring eq 'i'));
1233	}
1234	}
1235	}
1236
1237	if ($code eq 'OK' && $code2 eq 'OK') {
1238	my %pageparams = (page => "useradmin");
1239	if ($alterperms) {
1240	$pageparams{warnmsg} = "You can only grant permissions you hold.\nUser ".
1241	($webvar{useraction} eq 'add' ? "$webvar{uname} added" : "info updated for $webvar{uname}").
1242	".\nPermissions ".($webvar{useraction} eq 'add' ? 'added' : 'updated')." with reduced access.";
1243	} else {
1244	$pageparams{resultmsg} = "$msg".($webvar{useraction} eq 'add' ? '' : "\n$msg2");
1245	}
1246	changepage(%pageparams);
1247
1248	# add/update failed:
1249	} else {
1250	$page->param(add_failed => 1);
1251	$page->param(action => $webvar{useraction});
1252	$page->param(set_permgroup => 1);
1253	if ($webvar{perms_type} eq 'inherit') { # set permission class radio
1254	$page->param(perm_inherit => 1);
1255	} elsif ($webvar{perms_type} eq 'clone') {
1256	$page->param(perm_clone => 1);
1257	} else {
1258	$page->param(perm_custom => 1);
1259	}
1260	$page->param(uname => $webvar{uname});
1261	$page->param(fname => $webvar{fname});
1262	$page->param(lname => $webvar{lname});
1263	$page->param(pass1 => $webvar{pass1});
1264	$page->param(pass2 => $webvar{pass2});
1265	$page->param(errmsg => "User info updated but permissions update failed: $msg2") if $code eq 'OK';
1266	$page->param(errmsg => $msg) if $code ne 'OK';
1267	fill_permissions($page, \%newperms);
1268	fill_actypelist($webvar{accttype});
1269	fill_clonemelist();
1270	}
1271
1272	} elsif ($webvar{useraction} eq 'edit') {
1273
1274	changepage(page => "useradmin", errmsg => "You do not have permission to edit users")
1275	unless $permissions{admin} \|\| $permissions{user_edit} \|\|
1276	($permissions{self_edit} && $session->param('uid') == $webvar{user});
1277
1278	# security check - does the user have permission to access this entity?
1279	if (!check_scope(id => $webvar{user}, type => 'user')) {
1280	changepage(page => "useradmin", errmsg => "You do not have permission to edit the requested user");
1281	}
1282
1283	$page->param(set_permgroup => 1);
1284	$page->param(action => 'update');
1285	$page->param(uid => $webvar{user});
1286	fill_clonemelist();
1287
1288	my $userinfo = getUserData($dbh,$webvar{user});
1289	fill_actypelist($userinfo->{type});
1290	# not using this yet, but adding it now means we can much more easily do so later.
1291	$page->param(gid => $userinfo->{group_id});
1292
1293	my %curperms;
1294	getPermissions($dbh, 'user', $webvar{user}, \%curperms);
1295	fill_permissions($page, \%curperms);
1296
1297	$page->param(uname => $userinfo->{username});
1298	$page->param(fname => $userinfo->{firstname});
1299	$page->param(lname => $userinfo->{lastname});
1300	$page->param(set_permgroup => 1);
1301	if ($userinfo->{inherit_perm}) {
1302	$page->param(perm_inherit => 1);
1303	} else {
1304	$page->param(perm_custom => 1);
1305	}
1306	} else {
1307	changepage(page => "useradmin", errmsg => "You are not allowed to add new users")
1308	unless $permissions{admin} \|\| $permissions{user_create};
1309	# default is "new"
1310	$page->param(add => 1);
1311	$page->param(action => 'add');
1312	fill_permissions($page, \%grpperms);
1313	fill_actypelist();
1314	}
1315
1316	} elsif ($webvar{page} eq 'deluser') {
1317
1318	changepage(page=> "useradmin", errmsg => "You are not allowed to delete users")
1319	unless $permissions{admin} \|\| $permissions{user_delete};
1320
1321	# security check - does the user have permission to access this entity?
1322	if (!check_scope(id => $webvar{id}, type => 'user')) {
1323	changepage(page => "useradmin", errmsg => "You are not permitted to delete the requested user");
1324	}
1325
1326	$page->param(id => $webvar{id});
1327	# first pass = confirm y/n (sorta)
1328	if (!defined($webvar{del})) {
1329	$page->param(del_getconf => 1);
1330	$page->param(user => userFullName($dbh,$webvar{id}));
1331	} elsif ($webvar{del} eq 'ok') {
1332	my ($code,$msg) = delUser($dbh, $webvar{id});
1333	if ($code eq 'OK') {
1334	# success. go back to the user list, do not pass "GO"
1335	changepage(page => "useradmin", resultmsg => $msg);
1336	} else {
1337	changepage(page => "useradmin", errmsg => $msg);
1338	}
1339	} else {
1340	# cancelled. whee!
1341	changepage(page => "useradmin");
1342	}
1343
1344	} elsif ($webvar{page} eq 'loclist') {
1345
1346	changepage(page => "domlist", errmsg => "You are not allowed access to this function")
1347	unless $permissions{admin} \|\| $permissions{location_view};
1348
1349	# security check - does the user have permission to access this entity?
1350	# if (!check_scope(id => $webvar{id}, type => 'loc')) {
1351	# changepage(page => "loclist", errmsg => "You are not permitted to <foo> the requested location/view");
1352	# }
1353	list_locations();
1354
1355	# Permissions!
1356	$page->param(addloc => $permissions{admin} \|\| $permissions{location_create});
1357	$page->param(delloc => $permissions{admin} \|\| $permissions{location_delete});
1358
1359	} elsif ($webvar{page} eq 'location') {
1360
1361	changepage(page => "domlist", errmsg => "You are not allowed access to this function")
1362	unless $permissions{admin} \|\| $permissions{location_view};
1363
1364	# security check - does the user have permission to access this entity?
1365	# if (!check_scope(id => $webvar{id}, type => 'loc')) {
1366	# changepage(page => "loclist", errmsg => "You are not permitted to <foo> the requested location/view");
1367	# }
1368
1369	if ($webvar{locact} eq 'new') {
1370	# uuhhmm....
1371	} elsif ($webvar{locact} eq 'add') {
1372	changepage(page => "loclist", errmsg => "You are not permitted to add locations/views", id => $webvar{parentid})
1373	unless ($permissions{admin} \|\| $permissions{location_create});
1374
1375	my ($code,$msg) = addLoc($dbh, $curgroup, $webvar{locname}, $webvar{comments}, $webvar{iplist});
1376
1377	if ($code eq 'OK' \|\| $code eq 'WARN') {
1378	my %pageparams = (page => "loclist", id => $webvar{parentid},
1379	defrec => $webvar{defrec}, revrec => $webvar{revrec});
1380	$pageparams{warnmsg} = $msg."<br><br>\n".$DNSDB::resultstr if $code eq 'WARN';
1381	$pageparams{resultmsg} = $DNSDB::resultstr if $code eq 'OK';
1382	changepage(%pageparams);
1383	} else {
1384	$page->param(failed => 1);
1385	$page->param(errmsg => $msg);
1386	$page->param(wastrying => "adding");
1387	$page->param(todo => "Add location/view");
1388	$page->param(locact => "add");
1389	$page->param(id => $webvar{id});
1390	$page->param(locname => $webvar{locname});
1391	$page->param(comments => $webvar{comments});
1392	$page->param(iplist => $webvar{iplist});
1393	}
1394
1395	} elsif ($webvar{locact} eq 'edit') {
1396	changepage(page => "loclist", errmsg => "You are not permitted to edit locations/views", id => $webvar{parentid})
1397	unless ($permissions{admin} \|\| $permissions{location_edit});
1398
1399	my $loc = getLoc($dbh, $webvar{loc});
1400	$page->param(wastrying => "adding");
1401	$page->param(todo => "Edit location/view");
1402	$page->param(locact => "update");
1403	$page->param(id => $webvar{loc});
1404	$page->param(locname => $loc->{description});
1405	$page->param(comments => $loc->{comments});
1406	$page->param(iplist => $loc->{iplist});
1407
1408	} elsif ($webvar{locact} eq 'update') {
1409	changepage(page => "loclist", errmsg => "You are not permitted to edit locations/views", id => $webvar{parentid})
1410	unless ($permissions{admin} \|\| $permissions{location_edit});
1411	##work
1412	} else {
1413	changepage(page => "loclist", errmsg => "You are not permitted to add locations/views", id => $webvar{parentid})
1414	unless ($permissions{admin} \|\| $permissions{location_create});
1415
1416	$page->param(todo => "Add location/view");
1417	$page->param(locact => "add");
1418	$page->param(locname => ($webvar{locname} ? $webvar{locname} : ''));
1419	$page->param(iplist => ($webvar{iplist} ? $webvar{iplist} : ''));
1420	}
1421
1422	} elsif ($webvar{page} eq 'dnsq') {
1423
1424	$page->param(qfor => $webvar{qfor}) if $webvar{qfor};
1425	$page->param(typelist => getTypelist($dbh, 'l', ($webvar{type} ? $webvar{type} : undef)));
1426	$page->param(nrecurse => $webvar{nrecurse}) if $webvar{nrecurse};
1427	$page->param(resolver => $webvar{resolver}) if $webvar{resolver};
1428
1429	if ($webvar{qfor}) {
1430	my $resolv = Net::DNS::Resolver->new;
1431	$resolv->tcp_timeout(5); # make me adjustable!
1432	$resolv->udp_timeout(5); # make me adjustable!
1433	$resolv->recurse(0) if $webvar{nrecurse};
1434	$resolv->nameservers($webvar{resolver}) if $webvar{resolver};
1435	my $query = $resolv->query($webvar{qfor}, $typemap{$webvar{type}});
1436	if ($query) {
1437
1438	$page->param(showresults => 1);
1439
1440	my @answer;
1441	foreach my $rr ($query->answer) {
1442	# next unless $rr->type eq "A" or $rr->type eq 'NS';
1443	my %row;
1444	my ($host,$ttl,$class,$type,$data) =
1445	($rr->string =~ /^([0-9a-zA-Z_.-]+)\s+(\d+)\s+([A-Za-z]+)\s+([A-Za-z]+)\s+(.+)$/s);
1446	$row{host} = $host;
1447	$row{ftype} = $type;
1448	$row{rdata} = ($type eq 'SOA' ? "<pre>$data</pre>" : $data);
1449	push @answer, \%row;
1450	}
1451	$page->param(answer => \@answer);
1452
1453	my @additional;
1454	foreach my $rr ($query->additional) {
1455	# next unless $rr->type eq "A" or $rr->type eq 'NS';
1456	my %row;
1457	my ($host,$ttl,$class,$type,$data) =
1458	($rr->string =~ /^([0-9a-zA-Z_.-]+)\s+(\d+)\s+([A-Za-z]+)\s+([A-Za-z]+)\s+(.+)$/);
1459	$row{host} = $host;
1460	$row{ftype} = $type;
1461	$row{rdata} = $data;
1462	push @additional, \%row;
1463	}
1464	$page->param(additional => \@additional);
1465
1466	my @authority;
1467	foreach my $rr ($query->authority) {
1468	# next unless $rr->type eq "A" or $rr->type eq 'NS';
1469	my %row;
1470	my ($host,$ttl,$class,$type,$data) =
1471	($rr->string =~ /^([0-9a-zA-Z_.-]+)\s+(\d+)\s+([A-Za-z]+)\s+([A-Za-z]+)\s+(.+)$/);
1472	$row{host} = $host;
1473	$row{ftype} = $type;
1474	$row{rdata} = $data;
1475	push @authority, \%row;
1476	}
1477	$page->param(authority => \@authority);
1478
1479	$page->param(usedresolver => $resolv->answerfrom);
1480	$page->param(frtype => $typemap{$webvar{type}});
1481
1482	} else {
1483	$page->param(errmsg => $resolv->errorstring);
1484	}
1485	}
1486	## done DNS query
1487
1488	} elsif ($webvar{page} eq 'axfr') {
1489
1490	changepage(page => "domlist", errmsg => "You are not permitted to import domains")
1491	unless ($permissions{admin} \|\| $permissions{domain_create});
1492
1493	# don't need this while we've got the dropdown in the menu. hmm.
1494	fill_grouplist("grouplist");
1495
1496	$page->param(ifrom => $webvar{ifrom}) if $webvar{ifrom};
1497	$page->param(rwsoa => $webvar{rwsoa}) if $webvar{rwsoa};
1498	$page->param(rwns => $webvar{rwns}) if $webvar{rwns};
1499	# This next one is arguably better on by default, but Breaking Things Is Bad, Mmmkay?
1500	$page->param(mergematching => $webvar{mergematching}) if $webvar{mergematching};
1501	$page->param(dominactive => 1) if (!$webvar{domactive} && $webvar{doit}); # eww.
1502	$page->param(importdoms => $webvar{importdoms}) if $webvar{importdoms};
1503
1504	# shut up warning about uninitialized variable
1505	$webvar{doit} = '' if !defined($webvar{doit});
1506
1507	if ($webvar{doit} eq 'y' && !$webvar{ifrom}) {
1508	$page->param(errmsg => "Need to set host to import from");
1509	} elsif ($webvar{doit} eq 'y' && !$webvar{importdoms}) {
1510	$page->param(errmsg => "Need domains to import");
1511	} elsif ($webvar{doit} eq 'y') {
1512
1513	# security check - does the user have permission to access this entity?
1514	if (!check_scope(id => $webvar{group}, type => 'group')) {
1515	$page->param(errmsg => "You are not permitted to import domains into the requested group");
1516	goto DONEAXFR;
1517	}
1518
1519	# Bizarre Things Happen when you AXFR a null-named zone.
1520	$webvar{importdoms} =~ s/^\s+//;
1521	my @domlist = split /\s+/, $webvar{importdoms};
1522	my @results;
1523	foreach my $domain (@domlist) {
1524	my %row;
1525	my ($code,$msg) = importAXFR($dbh, $webvar{ifrom}, $domain, $webvar{group},
1526	$webvar{zonestatus}, $webvar{rwsoa}, $webvar{rwns}, $webvar{mergematching});
1527	$row{domok} = $msg if $code eq 'OK';
1528	if ($code eq 'WARN') {
1529	$msg =~ s\|\n\|<br />\|g;
1530	$row{domwarn} = $msg;
1531	}
1532	if ($code eq 'FAIL') {
1533	$msg =~ s\|\n\|<br />\n\|g;
1534	$row{domerr} = $msg;
1535	}
1536	$msg = "<br />\n".$msg if $msg =~ m\|<br />\|;
1537	$row{domain} = $domain;
1538	push @results, \%row;
1539	}
1540	$page->param(axfrresults => \@results);
1541	}
1542
1543	# Yes, this is a GOTO target. PTBHTTT.
1544	DONEAXFR: ;
1545
1546	} elsif ($webvar{page} eq 'whoisq') {
1547
1548	if ($webvar{qfor}) {
1549	use Net::Whois::Raw;
1550	use Text::Wrap;
1551
1552	# caching useful?
1553	#$Net::Whois::Raw::CACHE_DIR = "/var/spool/pwhois/";
1554	#$Net::Whois::Raw::CACHE_TIME = 60;
1555
1556	my ($dominfo, $whois_server) = whois($webvar{qfor});
1557	##fixme: if we're given an IP, try rwhois as well as whois so we get the real final data
1558
1559	# le sigh. idjits spit out data without linefeeds...
1560	$Text::Wrap::columns = 88;
1561
1562	# &%$@%@# high-bit crap. We should probably find a way to properly recode these
1563	# instead of one-by-one. Note CGI::Simple's escapeHTML() doesn't do more than
1564	# the bare minimum. :/
1565	# Mainly an XHTML validation thing.
1566	$dominfo = $q->escapeHTML($dominfo);
1567	$dominfo =~ s/\xa9/\©/g;
1568	$dominfo =~ s/\xae/\®/g;
1569
1570	$page->param(qfor => $webvar{qfor});
1571	$page->param(dominfo => wrap('','',$dominfo));
1572	$page->param(whois_server => $whois_server);
1573	} else {
1574	$page->param(errmsg => "Missing host or domain to query in WHOIS") if $webvar{askaway};
1575	}
1576
1577	} elsif ($webvar{page} eq 'log') {
1578
1579	my $id = $curgroup; # we do this because the group log may be called from (almost) any page,
1580	# but the others are much more limited. this is probably non-optimal.
1581
1582	if ($webvar{ltype} && $webvar{ltype} eq 'user') {
1583	##fixme: where should we call this from?
1584	$id = $webvar{id};
1585	if (!check_scope(id => $id, type => 'user')) {
1586	$page->param(errmsg => "You are not permitted to view log entries for the requested user");
1587	goto DONELOG;
1588	}
1589	$page->param(logfor => 'user '.userFullName($dbh,$id));
1590	} elsif ($webvar{ltype} && $webvar{ltype} eq 'dom') {
1591	$id = $webvar{id};
1592	if (!check_scope(id => $id, type => 'domain')) {
1593	$page->param(errmsg => "You are not permitted to view log entries for the requested domain");
1594	goto DONELOG;
1595	}
1596	$page->param(logfor => 'domain '.domainName($dbh,$id));
1597	} elsif ($webvar{ltype} && $webvar{ltype} eq 'rdns') {
1598	$id = $webvar{id};
1599	if (!check_scope(id => $id, type => 'revzone')) {
1600	$page->param(errmsg => "You are not permitted to view log entries for the requested reverse zone");
1601	goto DONELOG;
1602	}
1603	$page->param(logfor => 'reverse zone '.revName($dbh,$id));
1604	} else {
1605	# Default to listing curgroup log
1606	$page->param(logfor => 'group '.groupName($dbh,$id));
1607	# note that scope limitations are applied via the change-group check;
1608	# group log is always for the "current" group
1609	}
1610	$webvar{ltype} = 'group' if !$webvar{ltype};
1611	my $lcount = getLogCount($dbh, (id => $id, logtype => $webvar{ltype})) or push @debugbits, $DNSDB::errstr;
1612
1613	$page->param(id => $id);
1614	$page->param(ltype => $webvar{ltype});
1615
1616	fill_fpnla($lcount);
1617	fill_pgcount($lcount, "log entries", '');
1618	$page->param(curpage => $webvar{page}.($webvar{ltype} ? "&ltype=$webvar{ltype}" : ''));
1619
1620	$sortby = 'stamp';
1621	$sortorder = 'DESC'; # newest-first; although filtering is probably going to be more useful than sorting
1622	# sort/order
1623	$session->param($webvar{page}.'sortby', $webvar{sortby}) if $webvar{sortby};
1624	$session->param($webvar{page}.'order', $webvar{order}) if $webvar{order};
1625
1626	$sortby = $session->param($webvar{page}.'sortby') if $session->param($webvar{page}.'sortby');
1627	$sortorder = $session->param($webvar{page}.'order') if $session->param($webvar{page}.'order');
1628
1629	# Set up the column headings with the sort info
1630	my @cols = ('fname','username','entry','stamp');
1631	my %colnames = (fname => 'Name', username => 'Username/Email', entry => 'Log Entry', stamp => 'Date/Time');
1632	fill_colheads($sortby, $sortorder, \@cols, \%colnames);
1633
1634	##fixme: increase per-page limit or use separate limit for log? some ops give lots of entries...
1635	my $logentries = getLogEntries($dbh, (id => $id, logtype => $webvar{ltype},
1636	offset => $webvar{offset}, sortby => $sortby, sortorder => $sortorder));
1637	$page->param(logentries => $logentries);
1638
1639	##fixme:
1640	# - filtering
1641	# - show reverse zone column?
1642	# - on log record creation, bundle "parented" log actions (eg, "AXFR record blah for domain foo",
1643	# or "Add record bar for new domain baz") into one entry (eg, "AXFR domain foo", "Add domain baz")?
1644	# need a way to expand this into the complete list, and to exclude "child" entries
1645
1646	# scope check fail target
1647	DONELOG: ;
1648
1649	} # end $webvar{page} dance
1650
1651
1652	# start output here so we can redirect pages.
1653	print "Content-type: text/html\n\n", $header->output;
1654
1655	##common bits
1656	# mostly things in the menu
1657	if ($webvar{page} ne 'login' && $webvar{page} ne 'badpage') {
1658	$page->param(username => $session->param("username"));
1659
1660	$page->param(group => $curgroup);
1661	$page->param(groupname => groupName($dbh,$curgroup));
1662	$page->param(logingrp => groupName($dbh,$logingroup));
1663	$page->param(logingrp_num => $logingroup);
1664
1665	##fixme
1666	$page->param(mayrdns => 1);
1667
1668	$page->param(mayloc => ($permissions{admin} \|\| $permissions{loc_view}));
1669
1670	$page->param(maydefrec => $permissions{admin});
1671	$page->param(mayimport => $permissions{admin} \|\| $permissions{domain_create});
1672	$page->param(maybulk => $permissions{admin} \|\| $permissions{domain_edit} \|\| $permissions{domain_create} \|\| $permissions{domain_delete});
1673
1674	$page->param(chggrps => ($permissions{admin} \|\| $permissions{group_create} \|\| $permissions{group_edit} \|\| $permissions{group_delete}));
1675
1676	# group tree. should go elsewhere, probably
1677	my $tmpgrplist = fill_grptree($logingroup,$curgroup);
1678	$page->param(grptree => $tmpgrplist);
1679	$page->param(subs => ($tmpgrplist ? 1 : 0)); # probably not useful to pass gobs of data in for a boolean
1680	$page->param(inlogingrp => $curgroup == $logingroup);
1681
1682	# fill in the URL-to-self
1683	$page->param(whereami => $uri_self);
1684	}
1685
1686	if (@debugbits) {
1687	print "<pre>\n";
1688	foreach (@debugbits) { print; }
1689	print "</pre>\n";
1690	}
1691
1692	# spit it out
1693	print $page->output;
1694
1695	if ($debugenv) {
1696	print "<div id=\"debug\">webvar keys: <pre>\n";
1697	foreach my $key (keys %webvar) {
1698	print "key: $key\tval: $webvar{$key}\n";
1699	}
1700	print "</pre>\nsession:\n<pre>\n";
1701	my $sesdata = $session->dataref();
1702	foreach my $key (keys %$sesdata) {
1703	print "key: $key\tval: ".$sesdata->{$key}."\n";
1704	}
1705	print "</pre>\nENV:\n<pre>\n";
1706	foreach my $key (keys %ENV) {
1707	print "key: $key\tval: $ENV{$key}\n";
1708	}
1709	print "</pre></div>\n";
1710	}
1711
1712	print $footer->output;
1713
1714	# as per the docs, Just In Case
1715	$session->flush();
1716
1717	exit 0;
1718
1719
1720	sub fill_grptree {
1721	my $root = shift;
1722	my $cur = shift;
1723	my $indent = shift \|\| ' ';
1724
1725	my @childlist;
1726
1727	my $grptree = HTML::Template->new(filename => 'templates/grptree.tmpl');
1728	getChildren($dbh,$root,\@childlist,'immediate');
1729	return if $#childlist == -1;
1730	my @grouplist;
1731	foreach (@childlist) {
1732	my %row;
1733	$row{grpname} = groupName($dbh,$_);
1734	$row{grpnum} = $_;
1735	$row{whereami} = $uri_self;
1736	$row{curgrp} = ($_ == $cur);
1737	$row{expanded} = isParent($dbh, $_, 'group', $cur, 'group');
1738	$row{expanded} = 1 if $_ == $cur;
1739	$row{subs} = fill_grptree($_,$cur,$indent.' ');
1740	$row{indent} = $indent;
1741	push @grouplist, \%row;
1742	}
1743	$grptree->param(indent => $indent);
1744	$grptree->param(treelvl => \@grouplist);
1745	return $grptree->output;
1746	}
1747
1748	sub changepage {
1749	my %params = @_; # think this works the way I want...
1750
1751	# cross-site scripting fixup. instead of passing error messages by URL/form
1752	# variable, put them in the session where the nasty user can't meddle.
1753	# these are done here since it's far simpler to pass them in from wherever
1754	# than set them locally everywhere.
1755	foreach my $sessme ('resultmsg','warnmsg','errmsg') {
1756	if (my $tmp = $params{$sessme}) {
1757	$tmp =~ s/^\n//;
1758	$tmp =~ s\|\n\|<br />\n\|g;
1759	$session->param($sessme, $tmp);
1760	delete $params{$sessme};
1761	}
1762	}
1763
1764	# handle user check
1765	my $newurl = "http://$ENV{HTTP_HOST}$ENV{SCRIPT_NAME}?sid=$sid";
1766	foreach (sort keys %params) {
1767	$newurl .= "&$_=".$q->url_encode($params{$_});
1768	}
1769
1770	# Just In Case
1771	$session->flush();
1772
1773	print "Status: 302\nLocation: $newurl\n\n";
1774	exit;
1775	} # end changepage
1776
1777	sub fillsoa {
1778	my $defrec = shift;
1779	my $revrec = shift;
1780	my $id = shift;
1781	my $preserve = shift \|\| 'd'; # Flag to use webvar fields or retrieve from database
1782
1783	my $domname = ($defrec eq 'y' ? '' : "DOMAIN");
1784
1785	$page->param(defrec => $defrec);
1786	$page->param(revrec => $revrec);
1787
1788	# i had a good reason to do this when I wrote it...
1789	# $page->param(domain => $domname);
1790	# $page->param(group => $DNSDB::group);
1791	$page->param(isgrp => 1) if $defrec eq 'y';
1792	$page->param(parent => ($defrec eq 'y' ? groupName($dbh, $id) :
1793	($revrec eq 'n' ? domainName($dbh, $id) : revName($dbh, $id)) ) );
1794
1795	# defaults
1796	$page->param(defcontact => $DNSDB::def{contact});
1797	$page->param(defns => $DNSDB::def{prins});
1798	$page->param(defsoattl => $DNSDB::def{soattl});
1799	$page->param(defrefresh => $DNSDB::def{refresh});
1800	$page->param(defretry => $DNSDB::def{retry});
1801	$page->param(defexpire => $DNSDB::def{expire});
1802	$page->param(defminttl => $DNSDB::def{minttl});
1803
1804	$page->param(id => $id);
1805
1806	if ($preserve eq 'd') {
1807	# there are probably better ways to do this. TMTOWTDI.
1808	my $soa = getSOA($dbh,$defrec,$revrec,$id);
1809
1810	$page->param(prins => ($soa->{prins} ? $soa->{prins} : $DNSDB::def{prins}));
1811	$page->param(contact => ($soa->{contact} ? $soa->{contact} : $DNSDB::def{contact}));
1812	$page->param(refresh => ($soa->{refresh} ? $soa->{refresh} : $DNSDB::def{refresh}));
1813	$page->param(retry => ($soa->{retry} ? $soa->{retry} : $DNSDB::def{retry}));
1814	$page->param(expire => ($soa->{expire} ? $soa->{expire} : $DNSDB::def{expire}));
1815	$page->param(minttl => ($soa->{minttl} ? $soa->{minttl} : $DNSDB::def{minttl}));
1816	$page->param(ttl => ($soa->{ttl} ? $soa->{ttl} : $DNSDB::def{soattl}));
1817	} else {
1818	$page->param(prins => ($webvar{prins} ? $webvar{prins} : $DNSDB::def{prins}));
1819	$page->param(contact => ($webvar{contact} ? $webvar{contact} : $DNSDB::def{contact}));
1820	$page->param(refresh => ($webvar{refresh} ? $webvar{refresh} : $DNSDB::def{refresh}));
1821	$page->param(retry => ($webvar{retry} ? $webvar{retry} : $DNSDB::def{retry}));
1822	$page->param(expire => ($webvar{expire} ? $webvar{expire} : $DNSDB::def{expire}));
1823	$page->param(minttl => ($webvar{minttl} ? $webvar{minttl} : $DNSDB::def{minttl}));
1824	$page->param(ttl => ($webvar{ttl} ? $webvar{ttl} : $DNSDB::def{soattl}));
1825	}
1826	}
1827
1828	sub showzone {
1829	my $def = shift;
1830	my $rev = shift;
1831	my $id = shift;
1832
1833	# get the SOA first
1834	my $soa = getSOA($dbh,$def,$rev,$id);
1835
1836	$page->param(contact => $soa->{contact});
1837	$page->param(prins => $soa->{prins});
1838	$page->param(refresh => $soa->{refresh});
1839	$page->param(retry => $soa->{retry});
1840	$page->param(expire => $soa->{expire});
1841	$page->param(minttl => $soa->{minttl});
1842	$page->param(ttl => $soa->{ttl});
1843
1844	my $foo2 = getDomRecs($dbh,$def,$rev,$id,$perpage,$webvar{offset},$sortby,$sortorder,$filter);
1845
1846	my $row = 0;
1847	foreach my $rec (@$foo2) {
1848	$rec->{type} = $typemap{$rec->{type}};
1849	$rec->{row} = $row % 2;
1850	$rec->{defrec} = $def;
1851	$rec->{revrec} = $rev;
1852	$rec->{sid} = $webvar{sid};
1853	$rec->{id} = $id;
1854	$rec->{fwdzone} = $rev eq 'n';
1855	$rec->{distance} = 'n/a' unless ($rec->{type} eq 'MX' \|\| $rec->{type} eq 'SRV');
1856	$rec->{weight} = 'n/a' unless ($rec->{type} eq 'SRV');
1857	$rec->{port} = 'n/a' unless ($rec->{type} eq 'SRV');
1858	$row++;
1859	# ACLs
1860	$rec->{record_edit} = ($permissions{admin} \|\| $permissions{record_edit});
1861	$rec->{record_delete} = ($permissions{admin} \|\| $permissions{record_delete});
1862	}
1863	$page->param(reclist => $foo2);
1864	}
1865
1866	sub fill_recdata {
1867	$page->param(typelist => getTypelist($dbh, $webvar{revrec}, $webvar{type}));
1868
1869	# le sigh. we may get called with many empty %webvar keys
1870	no warnings qw( uninitialized );
1871
1872	##todo: allow BIND-style bare names, ASS-U-ME that the name is within the domain?
1873	# prefill <domain> or DOMAIN in "Host" space for new records
1874	if ($webvar{revrec} eq 'n') {
1875	my $domroot = ($webvar{defrec} eq 'y' ? 'DOMAIN' : domainName($dbh,$webvar{parentid}));
1876	$page->param(name => ($webvar{name} ? $webvar{name} : $domroot));
1877	$page->param(address => $webvar{address});
1878	$page->param(distance => $webvar{distance})
1879	if ($webvar{type} == $reverse_typemap{MX} or $webvar{type} == $reverse_typemap{SRV});
1880	$page->param(weight => $webvar{weight}) if $webvar{type} == $reverse_typemap{SRV};
1881	$page->param(port => $webvar{port}) if $webvar{type} == $reverse_typemap{SRV};
1882	} else {
1883	my $domroot = ($webvar{defrec} eq 'y' ? 'ADMINDOMAIN' : ".$config{domain}");
1884	$page->param(name => ($webvar{name} ? $webvar{name} : $domroot));
1885	my $zname = ($webvar{defrec} eq 'y' ? 'ZONE' : revName($dbh,$webvar{parentid}));
1886	$zname =~ s\|\d*/\d+$\|\|;
1887	$page->param(address => ($webvar{address} ? $webvar{address} : $zname));
1888	}
1889	# retrieve the right ttl instead of falling (way) back to the hardcoded system default
1890	my $soa = getSOA($dbh,$webvar{defrec},$webvar{revrec},$webvar{parentid});
1891	$page->param(ttl => ($webvar{ttl} ? $webvar{ttl} : $soa->{minttl}));
1892	}
1893
1894	sub fill_actypelist {
1895	my $curtype = shift \|\| 'u';
1896
1897	my @actypes;
1898
1899	my %row1 = (actypeval => 'u', actypename => 'user');
1900	$row1{typesel} = 1 if $curtype eq 'u';
1901	push @actypes, \%row1;
1902
1903	my %row2 = (actypeval => 'S', actypename => 'superuser');
1904	$row2{typesel} = 1 if $curtype eq 'S';
1905	push @actypes, \%row2;
1906
1907	$page->param(actypelist => \@actypes);
1908	}
1909
1910	sub fill_clonemelist {
1911	# shut up some warnings, but don't stomp on caller's state
1912	local $webvar{clonesrc} = 0 if !defined($webvar{clonesrc});
1913
1914	my $clones = getUserDropdown($dbh, $curgroup, $webvar{clonesrc});
1915	$page->param(clonesrc => $clones);
1916	}
1917
1918	sub fill_fpnla {
1919	my $count = shift;
1920	if ($offset eq 'all') {
1921	$page->param(perpage => $perpage);
1922	# uhm....
1923	} else {
1924	# all these bits only have sensible behaviour if offset is numeric. err, probably.
1925	if ($count > $perpage) {
1926	# if there are more results than the default, always show the "all" link
1927	$page->param(navall => 1);
1928
1929	if ($offset > 0) {
1930	$page->param(navfirst => 1);
1931	$page->param(navprev => 1);
1932	$page->param(prevoffs => $offset-1);
1933	}
1934
1935	# show "next" and "last" links if we're not on the last page of results
1936	if ( (($offset+1) * $perpage - $count) < 0 ) {
1937	$page->param(navnext => 1);
1938	$page->param(nextoffs => $offset+1);
1939	$page->param(navlast => 1);
1940	$page->param(lastoffs => int (($count-1)/$perpage));
1941	}
1942	} else {
1943	$page->param(onepage => 1);
1944	}
1945	}
1946	} # end fill_fpnla()
1947
1948	sub fill_pgcount {
1949	my $pgcount = shift;
1950	my $pgtype = shift;
1951	my $parent = shift;
1952
1953	# Fix display/UI bug where if you are not on the first page of the list, and
1954	# you add a search term or click one of the "starts with" links, you end up
1955	# on a page showing nothing.
1956	# For bonus points, this reverts to the original offset on clicking the "All" link (mostly)
1957	if ($offset ne 'all') {
1958	$offset-- while ($offset * $perpage) >= $pgcount;
1959	}
1960
1961	$page->param(ntot => $pgcount);
1962	$page->param(nfirst => (($offset eq 'all' ? 0 : $offset)*$perpage+1));
1963	$page->param(npglast => ($offset eq 'all' ? $pgcount :
1964	( (($offset+1)$perpage) > $pgcount ? $pgcount : (($offset+1)$perpage) )
1965	));
1966	$page->param(pgtype => $pgtype);
1967	$page->param(parent => $parent);
1968	$page->param(filter => $filter);
1969	} # end fill_pgcount()
1970
1971
1972	sub listdomains { listzones(); } # temp
1973
1974	sub listzones {
1975	# ACLs
1976	$page->param(domain_create => ($permissions{admin} \|\| $permissions{domain_create}) );
1977	$page->param(domain_edit => ($permissions{admin} \|\| $permissions{domain_edit}) );
1978	$page->param(domain_delete => ($permissions{admin} \|\| $permissions{domain_delete}) );
1979
1980	my @childgroups;
1981	getChildren($dbh, $curgroup, \@childgroups, 'all') if $searchsubs;
1982	my $childlist = join(',',@childgroups);
1983
1984	my $count = getZoneCount($dbh, (childlist => $childlist, curgroup => $curgroup, revrec => $webvar{revrec},
1985	filter => ($filter ? $filter : undef), startwith => ($startwith ? $startwith : undef) ) );
1986
1987	# fill page count and first-previous-next-last-all bits
1988	fill_pgcount($count,($webvar{revrec} eq 'n' ? 'domains' : 'revzones'),groupName($dbh,$curgroup));
1989	fill_fpnla($count);
1990
1991	# sort/order
1992	$session->param($webvar{page}.'sortby', $webvar{sortby}) if $webvar{sortby};
1993	$session->param($webvar{page}.'order', $webvar{order}) if $webvar{order};
1994
1995	$sortby = $session->param($webvar{page}.'sortby') if $session->param($webvar{page}.'sortby');
1996	$sortorder = $session->param($webvar{page}.'order') if $session->param($webvar{page}.'order');
1997
1998	# set up the headers
1999	my @cols = (($webvar{revrec} eq 'n' ? 'domain' : 'revnet'), 'status', 'group');
2000	my %colheads = (domain => 'Domain', revnet => 'Reverse Zone', status => 'Status', group => 'Group');
2001	fill_colheads($sortby, $sortorder, \@cols, \%colheads);
2002
2003	# hack! hack! pthbttt. have to rethink the status column storage,
2004	# or inactive comes "before" active. sigh
2005	$sortorder = ($sortorder eq 'ASC' ? 'DESC' : 'ASC') if $sortby eq 'status';
2006
2007	# waffle, waffle - keep state on these as well as sortby, sortorder?
2008	##fixme: put this higher so the count doesn't get munched?
2009	$page->param("start$startwith" => 1) if $startwith && $startwith =~ /^(?:[a-z]\|0-9)$/;
2010
2011	$page->param(filter => $filter) if $filter;
2012	$page->param(searchsubs => $searchsubs) if $searchsubs;
2013
2014	$page->param(group => $curgroup);
2015
2016	my $zonelist = getZoneList($dbh, (childlist => $childlist, curgroup => $curgroup,
2017	revrec => $webvar{revrec},
2018	filter => ($filter ? $filter : undef), startwith => ($startwith ? $startwith : undef),
2019	offset => $webvar{offset}, sortby => $sortby, sortorder => $sortorder
2020	) );
2021	# probably don't need this, keeping for reference for now
2022	# foreach (@$zonelist) {
2023	# }
2024	$page->param(domtable => $zonelist);
2025	} # end listdomains()
2026
2027
2028	sub listgroups {
2029
2030	# security check - does the user have permission to view this entity?
2031	if (!(grep /^$curgroup$/, @viewablegroups)) {
2032	# hmm. Reset the current group to the login group? Yes. Prevents confusing behaviour elsewhere.
2033	$session->param('curgroup',$logingroup);
2034	$page->param(errmsg => "You are not permitted to view the requested group");
2035	$curgroup = $logingroup;
2036	}
2037
2038	my @childgroups;
2039	getChildren($dbh, $curgroup, \@childgroups, 'all') if $searchsubs;
2040	my $childlist = join(',',@childgroups);
2041
2042	my ($count) = getGroupCount($dbh, (childlist => $childlist, curgroup => $curgroup,
2043	filter => ($filter ? $filter : undef), startwith => ($startwith ? $startwith : undef) ) );
2044
2045	# fill page count and first-previous-next-last-all bits
2046	fill_pgcount($count,"groups",'');
2047	fill_fpnla($count);
2048
2049	$page->param(gid => $curgroup);
2050
2051	$sortby = 'group';
2052	# sort/order
2053	$session->param($webvar{page}.'sortby', $webvar{sortby}) if $webvar{sortby};
2054	$session->param($webvar{page}.'order', $webvar{order}) if $webvar{order};
2055
2056	$sortby = $session->param($webvar{page}.'sortby') if $session->param($webvar{page}.'sortby');
2057	$sortorder = $session->param($webvar{page}.'order') if $session->param($webvar{page}.'order');
2058
2059	# set up the headers
2060	my @cols = ('group','parent','nusers','ndomains','nrevzones');
2061	my %colnames = (group => 'Group', parent => 'Parent Group', nusers => 'Users', ndomains => 'Domains', nrevzones => 'Reverse Zones');
2062	fill_colheads($sortby, $sortorder, \@cols, \%colnames);
2063
2064	# waffle, waffle - keep state on these as well as sortby, sortorder?
2065	$page->param("start$startwith" => 1) if $startwith && $startwith =~ /^(?:[a-z]\|0-9)$/;
2066
2067	$page->param(filter => $filter) if $filter;
2068	$page->param(searchsubs => $searchsubs) if $searchsubs;
2069
2070	# munge sortby for columns in database
2071	$sortby = 'g.group_name' if $sortby eq 'group';
2072	$sortby = 'g2.group_name' if $sortby eq 'parent';
2073
2074	my $glist = getGroupList($dbh, (childlist => $childlist, curgroup => $curgroup,
2075	filter => ($filter ? $filter : undef), startwith => ($startwith ? $startwith : undef),
2076	offset => $webvar{offset}, sortby => $sortby, sortorder => $sortorder) );
2077
2078	$page->param(grouptable => $glist);
2079	} # end listgroups()
2080
2081
2082	sub fill_grouplist {
2083	my $template_var = shift;
2084	my $cur = shift \|\| $curgroup;
2085
2086	# little recursive utility sub-sub
2087	sub getgroupdrop {
2088	my $root = shift;
2089	my $cur = shift; # to tag the selected group
2090	my $grplist = shift;
2091	my $indent = shift \|\| '    ';
2092
2093	my @childlist;
2094	getChildren($dbh,$root,\@childlist,'immediate');
2095	return if $#childlist == -1;
2096	foreach (@childlist) {
2097	my %row;
2098	$row{groupval} = $_;
2099	$row{groupactive} = ($_ == $cur);
2100	$row{groupname} = $indent.groupName($dbh, $_);
2101	push @{$grplist}, \%row;
2102	getgroupdrop($_, $cur, $grplist, $indent.'    ');
2103	}
2104	}
2105
2106	my @grouplist;
2107	push @grouplist, { groupval => $logingroup, groupactive => $logingroup == $curgroup,
2108	groupname => groupName($dbh, $logingroup) };
2109	getgroupdrop($logingroup, $curgroup, \@grouplist);
2110
2111	$page->param("$template_var" => \@grouplist);
2112	} # end fill_grouplist()
2113
2114
2115	sub list_users {
2116
2117	my @childgroups;
2118	getChildren($dbh, $curgroup, \@childgroups, 'all') if $searchsubs;
2119	my $childlist = join(',',@childgroups);
2120
2121	my $count = getUserCount($dbh, (childlist => $childlist, curgroup => $curgroup,
2122	filter => ($filter ? $filter : undef), startwith => ($startwith ? $startwith : undef) ) );
2123
2124	# fill page count and first-previous-next-last-all bits
2125	fill_pgcount($count,"users",'');
2126	fill_fpnla($count);
2127
2128	$sortby = 'user';
2129	# sort/order
2130	$session->param($webvar{page}.'sortby', $webvar{sortby}) if $webvar{sortby};
2131	$session->param($webvar{page}.'order', $webvar{order}) if $webvar{order};
2132
2133	$sortby = $session->param($webvar{page}.'sortby') if $session->param($webvar{page}.'sortby');
2134	$sortorder = $session->param($webvar{page}.'order') if $session->param($webvar{page}.'order');
2135
2136	# set up the headers
2137	my @cols = ('user','fname','type','group','status');
2138	my %colnames = (user => 'Username', fname => 'Full Name', type => 'Type', group => 'Group', status => 'Status');
2139	fill_colheads($sortby, $sortorder, \@cols, \%colnames);
2140
2141	# waffle, waffle - keep state on these as well as sortby, sortorder?
2142	$page->param("start$startwith" => 1) if $startwith && $startwith =~ /^(?:[a-z]\|0-9)$/;
2143
2144	$page->param(filter => $filter) if $filter;
2145	$page->param(searchsubs => $searchsubs) if $searchsubs;
2146
2147	my $ulist = getUserList($dbh, (childlist => $childlist, curgroup => $curgroup,
2148	filter => ($filter ? $filter : undef), startwith => ($startwith ? $startwith : undef),
2149	offset => $webvar{offset}, sortby => $sortby, sortorder => $sortorder) );
2150	# Some UI things need to be done to the list (unlike other lists)
2151	foreach my $u (@{$ulist}) {
2152	$u->{eduser} = ($permissions{admin} \|\|
2153	($permissions{user_edit} && $u->{type} ne 'S') \|\|
2154	($permissions{self_edit} && $u->{user_id} == $session->param('uid')) );
2155	$u->{deluser} = ($permissions{admin} \|\| ($permissions{user_delete} && $u->{type} ne 'S'));
2156	$u->{type} = ($u->{type} eq 'S' ? 'superuser' : 'user');
2157	}
2158	$page->param(usertable => $ulist);
2159	} # end list_users()
2160
2161
2162	sub list_locations {
2163
2164	my @childgroups;
2165	getChildren($dbh, $curgroup, \@childgroups, 'all') if $searchsubs;
2166	my $childlist = join(',',@childgroups);
2167
2168	my $count = getLocCount($dbh, (childlist => $childlist, curgroup => $curgroup,
2169	filter => ($filter ? $filter : undef), startwith => ($startwith ? $startwith : undef) ) );
2170
2171	# fill page count and first-previous-next-last-all bits
2172	fill_pgcount($count,"locations/views",'');
2173	fill_fpnla($count);
2174
2175	$sortby = 'user';
2176	# sort/order
2177	$session->param($webvar{page}.'sortby', $webvar{sortby}) if $webvar{sortby};
2178	$session->param($webvar{page}.'order', $webvar{order}) if $webvar{order};
2179
2180	$sortby = $session->param($webvar{page}.'sortby') if $session->param($webvar{page}.'sortby');
2181	$sortorder = $session->param($webvar{page}.'order') if $session->param($webvar{page}.'order');
2182
2183	# set up the headers
2184	my @cols = ('description', 'iplist', 'group');
2185	my %colnames = (description => 'Location/View Name', iplist => 'Permitted IPs/Ranges', group => 'Group');
2186	fill_colheads($sortby, $sortorder, \@cols, \%colnames);
2187
2188	# waffle, waffle - keep state on these as well as sortby, sortorder?
2189	$page->param("start$startwith" => 1) if $startwith && $startwith =~ /^(?:[a-z]\|0-9)$/;
2190
2191	$page->param(filter => $filter) if $filter;
2192	$page->param(searchsubs => $searchsubs) if $searchsubs;
2193
2194	my $loclist = getLocList($dbh, (childlist => $childlist, curgroup => $curgroup,
2195	filter => ($filter ? $filter : undef), startwith => ($startwith ? $startwith : undef),
2196	offset => $webvar{offset}, sortby => $sortby, sortorder => $sortorder) );
2197	# Some UI things need to be done to the list
2198	foreach my $l (@{$loclist}) {
2199	$l->{edloc} = ($permissions{admin} \|\| $permissions{loc_edit});
2200	$l->{delloc} = ($permissions{admin} \|\| $permissions{loc_delete});
2201	}
2202	$page->param(loctable => $loclist);
2203	} # end list_locations()
2204
2205
2206	# Generate all of the glop necessary to add or not the appropriate marker/flag for
2207	# the sort order and column in domain, user, group, and record lists
2208	# Takes an array ref and hash ref
2209	sub fill_colheads {
2210	my $sortby = shift;
2211	my $sortorder = shift;
2212	my $cols = shift;
2213	my $colnames = shift;
2214	my $custom = shift;
2215
2216	my @headings;
2217
2218	foreach my $col (@$cols) {
2219	my %coldata;
2220	$coldata{firstcol} = 1 if $col eq $cols->[0];
2221	$coldata{sid} = $sid;
2222	$coldata{page} = $webvar{page};
2223	$coldata{offset} = $webvar{offset} if $webvar{offset};
2224	$coldata{sortby} = $col;
2225	$coldata{colname} = $colnames->{$col};
2226	if ($col eq $sortby) {
2227	$coldata{order} = ($sortorder eq 'ASC' ? 'DESC' : 'ASC');
2228	$coldata{sortorder} = $sortorder;
2229	} else {
2230	$coldata{order} = 'ASC';
2231	}
2232	if ($custom) {
2233	foreach my $ckey (keys %$custom) {
2234	$coldata{$ckey} = $custom->{$ckey};
2235	}
2236	}
2237	push @headings, \%coldata;
2238	}
2239
2240	$page->param(colheads => \@headings);
2241
2242	} # end fill_colheads()
2243
2244
2245	# we have to do this in a variety of places; let's make it consistent
2246	sub fill_permissions {
2247	my $template = shift; # may need to do several sets on a single page
2248	my $permset = shift; # hashref to permissions on object
2249	my $usercan = shift \|\| \%permissions; # allow alternate user-is-allowed permission block
2250
2251	foreach (@permtypes) {
2252	$template->param("may_$_" => ($usercan->{admin} \|\| $usercan->{$_}));
2253	$template->param($_ => $permset->{$_});
2254	}
2255	}
2256
2257	# so simple when defined as a sub instead of inline. O_o
2258	sub check_scope {
2259	my %args = @_;
2260	my $entity = $args{id} \|\| 0; # prevent the shooting of feet with SQL "... intcolumn = '' ..."
2261	my $entype = $args{type} \|\| '';
2262
2263	if ($entype eq 'group') {
2264	return 1 if grep /^$entity$/, @viewablegroups;
2265	} else {
2266	foreach (@viewablegroups) {
2267	return 1 if isParent($dbh, $_, 'group', $entity, $entype);
2268	}
2269	}
2270	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/dns.cgi@ 375

Download in other formats: