source: trunk/cgi-bin/access-pwd-update.pl@ 940

Last change on this file since 940 was 932, checked in by Kris Deugau, 2 years ago

/trunk

Update header/copyright
Update "add the directory the script is in to @INC" library-finder based on

discussion and links from https://www.perlmonks.org/?node_id=585299 and
https://www.perlmonks.org/?node_id=41213

Pull some refinements from production upstream

  • Add arguments to cause add/delete actions, rather than just always doing both
  • Add a framework to exclude users from autodelete
  • Fix up the SQL to match style and use prepared statements
  • Property svn:executable set to *
  • Property svn:keywords set to Id
File size: 3.0 KB
Line 
1#!/usr/bin/perl
2# Update IPDB users table with user/password data from 5-minute cron'ed
3# push from billing
4##
5# $Id: access-pwd-update.pl 932 2022-12-07 22:11:28Z kdeugau $
6# Copyright (C) 2007-2010,2017,2022 - Kris Deugau <kdeugau@deepnet.cx>
7#
8# This program is free software: you can redistribute it and/or modify
9# it under the terms of the GNU General Public License as published by
10# the Free Software Foundation, either version 3 of the License, or
11# (at your option) any later version.
12#
13# This program is distributed in the hope that it will be useful,
14# but WITHOUT ANY WARRANTY; without even the implied warranty of
15# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16# GNU General Public License for more details.
17#
18# You should have received a copy of the GNU General Public License
19# along with this program. If not, see <http://www.gnu.org/licenses/>.
20##
21
22use strict;
23use warnings;
24use DBI;
25use Getopt::Long;
26
27# don't remove! required for GNU/FHS-ish install from tarball
28##uselib##
29
30# Taint-safe (ish) voodoo to push "the directory the script is in" into @INC.
31use File::Spec ();
32use File::Basename ();
33my $path;
34BEGIN {
35 $path = File::Basename::dirname(File::Spec->rel2abs($0));
36 if ($path =~ /(.*)/) {
37 $path = $1;
38 }
39}
40use lib $path;
41
42# Watch for longstanding senior staff deletes; these should make waves when removed
43my %seniorstaff = map { $_ => 1 } qw ();
44
45my $doadd = 0;
46my $dodel = 0;
47GetOptions(
48 "add|a" => \$doadd,
49 "delete|d" => \$dodel,
50);
51
52use MyIPDB;
53
54my $ip_dbh;
55my $errstr;
56($ip_dbh,$errstr) = connectDB_My;
57if (!$ip_dbh) {
58 die "Database error: $errstr\n";
59}
60initIPDBGlobals($ip_dbh);
61
62my %userhash;
63my $passfile = "/var/www/ipdb.example.com/ip/.htpasswd";
64
65die ".htpasswd error: file is empty!\n"
66 if -z $passfile;
67
68die ".htpasswd error: file seems too small: ".(-s $passfile)."\n"
69 if (-s $passfile <500);
70
71open HTPASS, "<$passfile";
72
73my $sth = $ip_dbh->prepare("SELECT count(*) FROM users WHERE username = ?");
74my $insert_user = $ip_dbh->prepare("INSERT INTO users (username) VALUES (?)");
75my $del_user = $ip_dbh->prepare("DELETE FROM users WHERE username = ?");
76
77while (<HTPASS>) {
78 chomp;
79 my ($user,undef) = split /:/;
80 $sth->execute($user);
81 my @data = $sth->fetchrow_array();
82 if ($data[0] == 0) {
83 if ($doadd) {
84 $insert_user->execute($user) or print "error inserting $user: ".$DBI::errstr."\n";
85 print "new user: $user\n";
86 } else {
87 print "pending new user: $user\n";
88 }
89 }
90 $userhash{$user} = '!';
91}
92
93# and now to delete users that have been removed
94$sth = $ip_dbh->prepare("SELECT username,acl FROM users ORDER BY username");
95$sth->execute;
96while (my @data = $sth->fetchrow_array()) {
97 if (!$userhash{$data[0]}) {
98 # safety net for senior key staff
99 if ($seniorstaff{$data[0]}) {
100 print "skipping delete of $data[0], update access-pwd-update.pl if they've really left\n";
101 next;
102 }
103 if ($dodel) {
104 $del_user->execute($data[0]) or print "error deleting $data[0]: ".$DBI::errstr."\n";
105 print "deleting $data[0] (acl $data[1])\n";
106 } else {
107 print "pending user delete '$data[0]'\n";
108 }
109 }
110}
Note: See TracBrowser for help on using the repository browser.