source: branches/htmlform/cgi-bin/search.cgi@ 460

Last change on this file since 460 was 451, checked in by Kris Deugau, 14 years ago


Move Javascript from the header into its own file
Convert index page (master block summary) to template
Convert header to template, use template header in main.cgi
and search.cgi - going to leave admin.cgi out for now
Update HTML in header, index, footer to HTML 4.01 strict
See #3.

  • Property svn:executable set to *
  • Property svn:keywords set to Date Rev Author
File size: 18.0 KB
2# ipdb/cgi-bin/search.cgi
3# Started splitting search functions (quick and otherwise) from
4# main IPDB interface 03/11/2005
6# SVN revision info
7# $Date: 2010-07-28 20:46:21 +0000 (Wed, 28 Jul 2010) $
8# SVN revision $Rev: 451 $
9# Last update by $Author: kdeugau $
[417]11# Copyright 2005-2010 - Kris Deugau
13use strict;
14use warnings;
15use CGI::Carp qw(fatalsToBrowser);
[447]16use CGI::Simple;
[449]17use HTML::Template;
[197]18use DBI;
19use CommonWeb qw(:ALL);
20use POSIX qw(ceil);
21use NetAddr::IP;
[417]23# don't remove! required for GNU/FHS-ish install from tarball
[417]26use MyIPDB;
[439]28# Don't formally need a username or syslog here. syslog left active for debugging.
29use Sys::Syslog;
30openlog "IPDBsearch","pid","$IPDB::syslog_facility";
32# ... but we do *use* the username on ACLs now.
33# Collect the username from HTTP auth. If undefined, we're in
34# a test environment, or called without a username.
35my $authuser;
36if (!defined($ENV{'REMOTE_USER'})) {
37 $authuser = '__temptest';
38} else {
39 $authuser = $ENV{'REMOTE_USER'};
[197]42# Why not a global DB handle? (And a global statement handle, as well...)
43# Use the connectDB function, otherwise we end up confusing ourselves
44my $ip_dbh;
45my $sth;
46my $errstr;
47($ip_dbh,$errstr) = connectDB_My;
48if (!$ip_dbh) {
49 printAndExit("Failed to connect to database: $errstr\n");
54# Global variables
[351]55my $RESULTS_PER_PAGE = 25;
[449]56##fixme - need to autofill this somehow
57$ENV{HTML_TEMPLATE_ROOT} = '/home/kdeugau/dev/ipdb/trunk/templates';
[447]59# Set up the CGI object...
60my $q = new CGI::Simple;
61# ... and get query-string params as well as POST params if necessary
64# Convenience; saves changing all references to %webvar
65##fixme: tweak for handling <select multiple='y' size=3> (list with multiple selection)
66my %webvar = $q->Vars;
[370]68if (defined($webvar{rpp})) {
69 ($RESULTS_PER_PAGE) = ($webvar{rpp} =~ /(\d+)/);
[197]72if (!defined($webvar{stype})) {
73 $webvar{stype} = "<NULL>"; #shuts up the warnings.
[451]76my $header = HTML::Template->new(filename => "header.tmpl");
77$header->param(version => $IPDB::VERSION);
78$header->param(addperm => $IPDBacl{$authuser} =~ /a/);
79print "Content-type: text/html\n\n", $header->output;
81if ($webvar{stype} eq 'q') {
82 # Quick search.
84 if (!$webvar{input}) {
85 # No search term. Display everything.
86 viewBy('all', '');
87 } else {
88 # Search term entered. Display matches.
89 # We should really sanitize $webvar{input}, no?
90 my $searchfor;
91 # Chew up leading and trailing whitespace
92 $webvar{input} =~ s/^\s+//;
93 $webvar{input} =~ s/\s+$//;
[285]94 if ($webvar{input} =~ /^\d+$/) {
95 # All-digits, new custID
96 $searchfor = "cust";
97 } elsif ($webvar{input} =~ /^[\d\.]+(\/\d{1,3})?$/) {
[201]98 # IP addresses should only have numbers, digits, and maybe a slash+netmask
[197]99 $searchfor = "ipblock";
100 } else {
101 # Anything else.
102 $searchfor = "desc";
103 }
104 viewBy($searchfor, $webvar{input});
105 }
107} elsif ($webvar{stype} eq 'c') {
108 # Complex search.
[201]110 # Several major cases, and a whole raft of individual cases.
111 # -> Show all types means we do not need to limit records retrieved by type
112 # -> Show all cities means we do not need to limit records retrieved by city
113 # Individual cases are for the CIDR/IP, CustID, Description, Notes, and individual type
114 # requests.
[207]116 my $sqlconcat;
117 if ($webvar{which} eq 'all') {
118 # Must match *all* specified criteria. ## use INTERSECT or EXCEPT
119 $sqlconcat = "INTERSECT";
120 } elsif ($webvar{which} eq 'any') {
121 # Match on any specified criteria ## use UNION
122 $sqlconcat = "UNION";
123 } else {
124 # We can't get here. PTHBTT!
125 printAndExit "PTHBTT!! Your search has been rejected due to Microsoft excuse #4432: ".
126 "Not enough mana";
127 }
[202]129# We actually construct a monster SQL statement for all criteria.
130# Iff something has been entered, it will be used as a filter.
[208]131# Iff something has NOT been entered, we still include it but in
132# such a way that it does not actually filter anything out.
[207]134 # Columns actually returned. Slightly better than hardcoding it
135 # in each (sub)select
136 my $cols = "cidr,custid,type,city,description";
[207]138 # First chunk of SQL. Filter on custid, description, and notes as necessary.
[351]139 my $sql = "(select $cols from searchme where".
140 " $webvar{custexclude} (custid ilike '%$webvar{custid}%'".
141 " OR $webvar{custexclude} oldcustid ilike '%$webvar{custid}%'))".
[201]142 " $sqlconcat (select $cols from searchme where $webvar{descexclude} description ilike '%$webvar{desc}%')".
143 " $sqlconcat (select $cols from searchme where $webvar{notesexclude} notes ilike '%$webvar{notes}%')";
[207]145 # If we're not supposed to search for all types, search for the selected types.
146 if ($webvar{alltypes} ne 'on') {
147 $sql .= " $sqlconcat (select $cols from searchme where $webvar{typeexclude} type in (";
148 foreach my $key (keys %webvar) {
149 $sql .= "'$1'," if $key =~ /type\[(..)\]/;
150 }
151 chop $sql;
152 $sql .= "))";
[201]153 }
[207]155 # If we're not supposed to search for all cities, search for the selected cities.
156 # This could be vastly improved with proper foreign keys in the database.
157 if ($webvar{allcities} ne 'on') {
158 $sql .= " $sqlconcat (select $cols from searchme where $webvar{cityexclude} city in (";
159 $sth = $ip_dbh->prepare("select city from cities where id=?");
160 foreach my $key (keys %webvar) {
161 if ($key =~ /city\[(\d+)\]/) {
162 $sth->execute($1);
163 my $city;
164 $sth->bind_columns(\$city);
165 $sth->fetch;
166 $city =~ s/'/''/;
167 $sql .= "'$city',";
168 }
[201]169 }
[207]170 chop $sql;
171 $sql .= "))";
[201]172 }
[207]174 ## CIDR query options.
175 $webvar{cidr} =~ s/\s+//; # Hates the nasty spaceseseses we does.
[351]176 if ($webvar{cidr} eq '') { # We has a blank CIDR. Ignore it.
[285]177 } elsif ($webvar{cidr} =~ /\//) {
[427]178 # 192.168.179/26 should show all /26 subnets in 192.168.179
[207]179 my ($net,$maskbits) = split /\//, $webvar{cidr};
180 if ($webvar{cidr} =~ /^(\d{1,3}\.){3}\d{1,3}\/\d{2}$/) {
181 # /0->/9 are silly to worry about right now. I don't think
182 # we'll be getting a class A anytime soon. <g>
183 $sql .= " $sqlconcat (select $cols from searchme where ".
[351]184 "$webvar{cidrexclude} cidr<<='$webvar{cidr}')";
[207]185 } else {
186 # Partial match; beginning of subnet and maskbits are provided
187 # Show any blocks with the leading octet(s) and that masklength
[351]188 # Need some more magic for bare /nn searches:
189 my $condition = ($net eq '' ?
190 "masklen(cidr)=$maskbits" : "text(cidr) like '$net%' and masklen(cidr)=$maskbits");
[207]191 $sql .= " $sqlconcat (select $cols from searchme where $webvar{cidrexclude} ".
[351]192 "($condition))";
[207]193 }
194 } elsif ($webvar{cidr} =~ /^(\d{1,3}\.){3}\d{1,3}$/) {
195 # Specific IP address match. Will show either a single netblock,
196 # or a static pool plus an IP.
197 $sql .= " $sqlconcat (select $cols from searchme where $webvar{cidrexclude} ".
198 "cidr >>= '$webvar{cidr}')";
199 } elsif ($webvar{cidr} =~ /^\d{1,3}(\.(\d{1,3}(\.(\d{1,3}\.?)?)?)?)?$/) {
200 # Leading octets in CIDR
201 $sql .= " $sqlconcat (select $cols from searchme where $webvar{cidrexclude} ".
202 "text(cidr) like '$webvar{cidr}%')";
203 } else {
204 # This shouldn't happen, but if it does, whoever gets it deserves what they get...
205 printAndExit("Invalid netblock query.");
206 } # done with CIDR query options.
[207]208 # Find the offset for multipage results
209 my $offset = ($webvar{page}-1)*$RESULTS_PER_PAGE;
[207]211 # Find out how many rows the "core" query will return.
212 my $count = countRows($sql);
[207]214 if ($count == 0) {
215 printError "No matches found. Try eliminating one of the criteria,".
216 " or making one or more criteria more general.";
217 } else {
218 # Add the limit/offset clauses
[370]219 $sql .= " order by cidr";
220 $sql .= " limit $RESULTS_PER_PAGE offset $offset" if $RESULTS_PER_PAGE != 0;
[207]221 # And tell the user.
222 print "<div class=heading>Searching...............</div>\n";
223 queryResults($sql, $webvar{page}, $count);
224 }
[397]226} elsif ($webvar{stype} eq 'n') {
227 # Node search.
229 my $sql = "SELECT cidr,custid,type,city,description FROM searchme".
230 " WHERE cidr IN (SELECT block FROM noderef WHERE node_id=$webvar{node})";
232 # Find the offset for multipage results
233 my $offset = ($webvar{page}-1)*$RESULTS_PER_PAGE;
235 # Find out how many rows the "core" query will return.
236 my $count = countRows($sql);
238 if ($count == 0) {
239 printError "No customers currently listed as connected through this node.";
240 } else {
241 # Add the limit/offset clauses
242 $sql .= " order by cidr";
243 $sql .= " limit $RESULTS_PER_PAGE offset $offset" if $RESULTS_PER_PAGE != 0;
244 # And tell the user.
245 print "<div class=heading>Searching...............</div>\n";
246 queryResults($sql, $webvar{page}, $count);
247 }
[207]249} else { # how script was called. General case is to show the search criteria page.
[197]251 # Display search page. We have to do this here, because otherwise
252 # we can't retrieve data from the database for the types and cities. >:(
253 my $html;
254 open HTML,"<../compsearch.html";
255 $html = join('',<HTML>);
256 close HTML;
258# Generate table of types
259 my $typetable = "<table class=regular cellspacing=0>\n<tr>";
260 $sth = $ip_dbh->prepare("select type,dispname from alloctypes where listorder <500 ".
261 "order by listorder");
262 $sth->execute;
263 my $i=0;
264 while (my @data = $sth->fetchrow_array) {
265 $typetable .= "<td><input type=checkbox name=type[$data[0]]>$data[1]</td>";
266 $i++;
267 $typetable .= "</tr>\n<tr>"
268 if ($i % 4 == 0);
269 }
270 if ($i %4 == 0) {
271 $typetable =~ s/<tr>$//;
272 } else {
273 $typetable .= "</tr>\n";
274 }
275 $typetable .= "</table>\n";
277# Generate table of cities
278 my $citytable = "<table class=regular cellspacing=0>\n<tr>";
279 $sth = $ip_dbh->prepare("select id,city from cities order by city");
280 $sth->execute;
281 my $i=0;
282 while (my @data = $sth->fetchrow_array) {
283 $citytable .= "<td><input type=checkbox name=city[$data[0]]>$data[1]</td>";
284 $i++;
285 $citytable .= "</tr>\n<tr>"
286 if ($i % 5 == 0);
287 }
288 if ($i %5 == 0) {
289 $citytable =~ s/<tr>$//;
290 } else {
291 $citytable .= "</tr>\n";
292 }
293 $citytable .= "</table>\n";
295 $html =~ s/\$\$TYPELIST\$\$/$typetable/;
296 $html =~ s/\$\$CITYLIST\$\$/$citytable/;
298 print $html;
301# Shut down and clean up.
304# We print the footer here, so we don't have to do it elsewhere.
305my $footer = HTML::Template->new(filename => "footer.tmpl");
306# include the admin tools link in the output?
307$footer->param(adminlink => ($IPDBacl{$authuser} =~ /A/));
309print $footer->output;
[197]311# We shouldn't need to directly execute any code below here; it's all subroutines.
312exit 0;
315# viewBy()
316# The quick search
317# Takes a category descriptor and a query string
318# Creates appropriate SQL to run the search and display the results
319# with queryResults()
[197]320sub viewBy($$) {
321 my ($category,$query) = @_;
323 # Local variables
324 my $sql;
326 # Calculate start point for LIMIT clause
327 my $offset = ($webvar{page}-1)*$RESULTS_PER_PAGE;
329# Possible cases:
[207]330# 1) Partial IP/subnet. Treated as "octet-prefix".
331# 2a) CIDR subnet. Exact match.
332# 2b) CIDR netmask. YMMV but it should be octet-prefix-with-netmask
333# (ie, all matches with the octet prefix *AND* that netmask)
334# 3) Customer ID. "Match-any-segment"
335# 4) Description. "Match-any-segment"
[197]336# 5) Invalid data which might be interpretable as an IP or something, but
337# which probably shouldn't be for reasons of sanity.
[371]339 my $cols = "cidr,custid,type,city,description";
[197]341 if ($category eq 'all') {
343 print qq(<div class="heading">Showing all netblock and static-IP allocations</div><br>\n);
[371]344 $sql = "select $cols from searchme";
[202]345 my $count = countRows($sql);
[197]346 $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
347 queryResults($sql, $webvar{page}, $count);
349 } elsif ($category eq 'cust') {
351 print qq(<div class="heading">Searching for Customer IDs containing '$query'</div><br>\n);
353 # Query for a customer ID. Note that we can't restrict to "numeric-only"
354 # as we have non-numeric custIDs in the legacy data. :/
[402]355 $sql = "select $cols from searchme where custid ilike '%$query%' or oldcustid ilike '%$query%' or description like '%$query%'";
[202]356 my $count = countRows($sql);
[197]357 $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
358 queryResults($sql, $webvar{page}, $count);
360 } elsif ($category eq 'desc') {
362 print qq(<div class="heading">Searching for descriptions containing '$query'</div><br>\n);
363 # Query based on description (includes "name" from old DB).
[371]364 $sql = "select $cols from searchme where description ilike '%$query%'".
[285]365 " or custid ilike '%$query%'";
[202]366 my $count = countRows($sql);
[197]367 $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
368 queryResults($sql, $webvar{page}, $count);
370 } elsif ($category =~ /ipblock/) {
372 # Query is for a partial IP, a CIDR block in some form, or a flat IP.
373 print qq(<div class="heading">Searching for IP-based matches on '$query'</div><br>\n);
375 $query =~ s/\s+//g;
376 if ($query =~ /\//) {
[427]377 # 192.168.179/26 should show all /26 subnets in 192.168.179
[197]378 my ($net,$maskbits) = split /\//, $query;
379 if ($query =~ /^(\d{1,3}\.){3}\d{1,3}\/\d{2}$/) {
380 # /0->/9 are silly to worry about right now. I don't think
381 # we'll be getting a class A anytime soon. <g>
[371]382 $sql = "select $cols from searchme where cidr='$query'";
[197]383 queryResults($sql, $webvar{page}, 1);
384 } else {
[289]385 #print "Finding all blocks with netmask /$maskbits, leading octet(s) $net<br>\n";
[197]386 # Partial match; beginning of subnet and maskbits are provided
[371]387 $sql = "select $cols from searchme where text(cidr) like '$net%' and ".
[197]388 "text(cidr) like '%$maskbits'";
[202]389 my $count = countRows($sql);
[197]390 $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
391 queryResults($sql, $webvar{page}, $count);
392 }
393 } elsif ($query =~ /^(\d{1,3}\.){3}\d{1,3}$/) {
394 # Specific IP address match
[289]395 #print "4-octet pattern found; finding netblock containing IP $query<br>\n";
[197]396 my ($net,$ip) = ($query =~ /(\d{1,3}\.\d{1,3}\.\d{1,3}\.)(\d{1,3})/);
397 my $sfor = new NetAddr::IP $query;
[371]398 $sth = $ip_dbh->prepare("select $cols from searchme where text(cidr) like '$net%'");
[197]399 $sth->execute;
400 while (my @data = $sth->fetchrow_array()) {
401 my $cidr = new NetAddr::IP $data[0];
402 if ($cidr->contains($sfor)) {
[371]403 queryResults("select $cols from searchme where cidr='$cidr'", $webvar{page}, 1);
[197]404 }
405 }
[202]406 } elsif ($query =~ /^(\d{1,3}\.){1,3}\d{1,3}\.?$/) {
[289]407 #print "Finding matches with leading octet(s) $query<br>\n";
[371]408 $sql = "select $cols from searchme where text(cidr) like '$query%'";
[202]409 my $count = countRows($sql);
[197]410 $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
411 queryResults($sql, $webvar{page}, $count);
412 } else {
413 # This shouldn't happen, but if it does, whoever gets it deserves what they get...
414 printError("Invalid query.");
415 }
416 } else {
417 # This shouldn't happen, but if it does, whoever gets it deserves what they get...
418 printError("Invalid searchfor.");
419 }
420} # viewBy
423# args are: a reference to an array with the row to be printed and the
424# class(stylesheet) to use for formatting.
425# if ommitting the class - call the sub as &printRow(\@array)
426sub printRow {
427 my ($rowRef,$class) = @_;
429 if (!$class) {
430 print "<tr>\n";
431 } else {
432 print "<tr class=\"$class\">\n";
433 }
435ELEMENT: foreach my $element (@$rowRef) {
436 if (!defined($element)) {
437 print "<td></td>\n";
438 next ELEMENT;
439 }
440 $element =~ s|\n|</br>|g;
441 print "<td>$element</td>\n";
442 }
443 print "</tr>";
444} # printRow
[207]447# queryResults()
448# Display search queries based on the passed SQL.
449# Takes SQL, page number (for multipage search results), and a total count.
[197]450sub queryResults($$$) {
451 my ($sql, $pageNo, $rowCount) = @_;
452 my $offset = 0;
453 $offset = $1 if($sql =~ m/.*limit\s+(.*),.*/);
455 my $sth = $ip_dbh->prepare($sql);
456 $sth->execute();
458 startTable('Allocation','CustID','Type','City','Description/Name');
459 my $count = 0;
461 while (my @data = $sth->fetchrow_array) {
[197]463 # cidr,custid,type,city,description,notes
[202]464 # Another bit of HairyPerl(TM) to prefix subblocks with "Sub"
465 my @row = (($data[2] =~ /^.r$/ ? 'Sub ' : '').
466 qq(<a href="/ip/cgi-bin/main.cgi?action=edit&block=$data[0]">$data[0]</a>),
[197]467 $data[1], $disp_alloctypes{$data[2]}, $data[3], $data[4]);
468 # Allow listing of pool if desired/required.
469 if ($data[2] =~ /^.[pd]$/) {
470 $row[0] .= ' &nbsp; <a href="/ip/cgi-bin/main.cgi?action=listpool'.
471 "&pool=$data[0]\">List IPs</a>";
472 }
473 printRow(\@row, 'color1', 1) if ($count%2==0);
474 printRow(\@row, 'color2', 1) if ($count%2!=0);
475 $count++;
476 }
478 # Have to think on this call, it's primarily to clean up unfetched rows from a select.
479 # In this context it's probably a good idea.
480 $sth->finish();
482 my $upper = $offset+$count;
[202]483 print "<tr><td colspan=10 bgcolor=white class=regular>Records found: $rowCount<br><i>Displaying: ".($offset+1)." - $upper</i></td></tr>\n";
[197]484 print "</table></center>\n";
486 # print the page thing..
[370]487 if ($RESULTS_PER_PAGE > 0 && $rowCount > $RESULTS_PER_PAGE) {
[197]488 my $pages = ceil($rowCount/$RESULTS_PER_PAGE);
489 print qq(<div class="center"> Page: );
490 for (my $i = 1; $i <= $pages; $i++) {
491 if ($i == $pageNo) {
492 print "<b>$i&nbsp;</b>\n";
493 } else {
[202]494 print qq(<a href="/ip/cgi-bin/search.cgi?page=$i&stype=$webvar{stype}&);
495 if ($webvar{stype} eq 'c') {
496 print "cidr=$webvar{cidr}&custid=$webvar{custid}&desc=$webvar{desc}&".
497 "notes=$webvar{notes}&which=$webvar{which}&alltypes=$webvar{alltypes}&".
498 "allcities=$webvar{allcities}&";
499 foreach my $key (keys %webvar) {
[351]500 if ($key =~ /^(?:type|city)\[/ || $key =~ /exclude$/) {
[202]501 print "$key=$webvar{$key}&";
502 }
503 }
504 } else {
505 print "input=$webvar{input}&";
506 }
507 print qq(">$i</a>&nbsp;\n);
[197]508 }
509 }
510 print "</div>";
511 }
512} # queryResults
515# Prints table headings. Accepts any number of arguments;
516# each argument is a table heading.
517sub startTable {
518 print qq(<center><table width="98%" cellspacing="0" class="center"><tr>);
520 foreach(@_) {
521 print qq(<td class="heading">$_</td>);
522 }
523 print "</tr>\n";
524} # startTable
[202]527# Return count of rows to be returned in a "real" query
528# with the passed SQL statement
[197]529sub countRows($) {
[202]530 # Note that the "as foo" is required
531 my $sth = $ip_dbh->prepare("select count(*) from ($_[0]) as foo");
[197]532 $sth->execute();
533 my @a = $sth->fetchrow_array();
534 $sth->finish();
535 return $a[0];
Note: See TracBrowser for help on using the repository browser.