[197] | 1 | #!/usr/bin/perl
|
---|
[935] | 2 | # IPDB search for users
|
---|
| 3 | ##
|
---|
| 4 | # $Id: search.cgi 953 2024-08-02 17:03:48Z kdeugau $
|
---|
[953] | 5 | # Copyright 2005-2010,2012,2015-2017,2022,2024 - Kris Deugau <kdeugau@deepnet.cx>
|
---|
[935] | 6 | #
|
---|
| 7 | # This program is free software: you can redistribute it and/or modify
|
---|
| 8 | # it under the terms of the GNU General Public License as published by
|
---|
| 9 | # the Free Software Foundation, either version 3 of the License, or
|
---|
| 10 | # (at your option) any later version.
|
---|
| 11 | #
|
---|
| 12 | # This program is distributed in the hope that it will be useful,
|
---|
| 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
|
---|
| 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
---|
| 15 | # GNU General Public License for more details.
|
---|
| 16 | #
|
---|
| 17 | # You should have received a copy of the GNU General Public License
|
---|
| 18 | # along with this program. If not, see <http://www.gnu.org/licenses/>.
|
---|
| 19 | ##
|
---|
[197] | 20 |
|
---|
| 21 | use strict;
|
---|
| 22 | use warnings;
|
---|
| 23 | use CGI::Carp qw(fatalsToBrowser);
|
---|
[517] | 24 | use CGI::Simple;
|
---|
| 25 | use HTML::Template;
|
---|
[197] | 26 | use DBI;
|
---|
| 27 | use POSIX qw(ceil);
|
---|
| 28 | use NetAddr::IP;
|
---|
| 29 |
|
---|
[417] | 30 | # don't remove! required for GNU/FHS-ish install from tarball
|
---|
| 31 | ##uselib##
|
---|
[197] | 32 |
|
---|
[935] | 33 | # Taint-safe (ish) voodoo to push "the directory the script is in" into @INC.
|
---|
| 34 | use File::Spec ();
|
---|
| 35 | use File::Basename ();
|
---|
| 36 | my $path;
|
---|
| 37 | BEGIN {
|
---|
| 38 | $path = File::Basename::dirname(File::Spec->rel2abs($0));
|
---|
| 39 | if ($path =~ /(.*)/) {
|
---|
| 40 | $path = $1;
|
---|
| 41 | }
|
---|
| 42 | }
|
---|
| 43 | use lib $path;
|
---|
[906] | 44 |
|
---|
[417] | 45 | use MyIPDB;
|
---|
| 46 |
|
---|
[439] | 47 | # Don't formally need a username or syslog here. syslog left active for debugging.
|
---|
| 48 | use Sys::Syslog;
|
---|
| 49 | openlog "IPDBsearch","pid","$IPDB::syslog_facility";
|
---|
| 50 |
|
---|
| 51 | # ... but we do *use* the username on ACLs now.
|
---|
| 52 | # Collect the username from HTTP auth. If undefined, we're in
|
---|
| 53 | # a test environment, or called without a username.
|
---|
| 54 | my $authuser;
|
---|
| 55 | if (!defined($ENV{'REMOTE_USER'})) {
|
---|
| 56 | $authuser = '__temptest';
|
---|
| 57 | } else {
|
---|
| 58 | $authuser = $ENV{'REMOTE_USER'};
|
---|
| 59 | }
|
---|
| 60 |
|
---|
[517] | 61 | # Global variables
|
---|
| 62 | my $RESULTS_PER_PAGE = 25;
|
---|
| 63 |
|
---|
| 64 | # anyone got a better name? :P
|
---|
| 65 | my $thingroot = $ENV{SCRIPT_FILENAME};
|
---|
| 66 | $thingroot =~ s|cgi-bin/search.cgi||;
|
---|
| 67 |
|
---|
| 68 | # Set up the CGI object...
|
---|
| 69 | my $q = new CGI::Simple;
|
---|
| 70 | # ... and get query-string params as well as POST params if necessary
|
---|
| 71 | $q->parse_query_string;
|
---|
| 72 |
|
---|
| 73 | # Convenience; saves changing all references to %webvar
|
---|
| 74 | ##fixme: tweak for handling <select multiple='y' size=3> (list with multiple selection)
|
---|
| 75 | my %webvar = $q->Vars;
|
---|
[935] | 76 | $webvar{cidrexclude} = '' if !$webvar{cidrexclude};
|
---|
[517] | 77 |
|
---|
| 78 | if (defined($webvar{rpp})) {
|
---|
| 79 | ($RESULTS_PER_PAGE) = ($webvar{rpp} =~ /(\d+)/);
|
---|
| 80 | }
|
---|
| 81 |
|
---|
[197] | 82 | # Why not a global DB handle? (And a global statement handle, as well...)
|
---|
| 83 | # Use the connectDB function, otherwise we end up confusing ourselves
|
---|
| 84 | my $ip_dbh;
|
---|
| 85 | my $sth;
|
---|
| 86 | my $errstr;
|
---|
| 87 | ($ip_dbh,$errstr) = connectDB_My;
|
---|
[517] | 88 | if ($ip_dbh) {
|
---|
| 89 | checkDBSanity($ip_dbh);
|
---|
| 90 | initIPDBGlobals($ip_dbh);
|
---|
[197] | 91 | }
|
---|
| 92 |
|
---|
[517] | 93 | # Set up some globals
|
---|
[801] | 94 | $ENV{HTML_TEMPLATE_ROOT} = $thingroot;
|
---|
| 95 | my @templatepath = [ "localtemplates", "templates" ];
|
---|
[197] | 96 |
|
---|
[823] | 97 | ## FIXME!
|
---|
| 98 | ## Pretty much everything from here on down is one giant FIXME
|
---|
| 99 | ## FIXME!
|
---|
| 100 |
|
---|
[517] | 101 | my $page;
|
---|
[197] | 102 | if (!defined($webvar{stype})) {
|
---|
| 103 | $webvar{stype} = "<NULL>"; #shuts up the warnings.
|
---|
[801] | 104 | $page = HTML::Template->new(filename => "search/compsearch.tmpl", path => @templatepath);
|
---|
[896] | 105 | $page->param(webpath => $IPDB::webpath);
|
---|
[517] | 106 | } else {
|
---|
[801] | 107 | $page = HTML::Template->new(filename => "search/sresults.tmpl", global_vars => 1, path => @templatepath);
|
---|
[670] | 108 | $page->param(webpath => $IPDB::webpath);
|
---|
[197] | 109 | }
|
---|
| 110 |
|
---|
[801] | 111 | my $header = HTML::Template->new(filename => "header.tmpl", path => @templatepath);
|
---|
[517] | 112 | $header->param(version => $IPDB::VERSION);
|
---|
| 113 | $header->param(addperm => $IPDBacl{$authuser} =~ /a/);
|
---|
[670] | 114 | $header->param(webpath => $IPDB::webpath);
|
---|
[517] | 115 | print "Content-type: text/html\n\n", $header->output;
|
---|
[197] | 116 |
|
---|
[670] | 117 | # Columns actually returned. Slightly better than hardcoding it
|
---|
| 118 | # in each (sub)select
|
---|
[823] | 119 | my $cols = "s.cidr, s.custid, s.type, s.city, s.description, s.id, s.parent_id, s.available, a.vrf";
|
---|
[930] | 120 | # Common base select. JOIN provides the VRF which may not be noted on individual allocations
|
---|
| 121 | my $sqlbase = "SELECT $cols FROM searchme s JOIN allocations a ON s.master_id=a.id";
|
---|
[670] | 122 |
|
---|
[517] | 123 | # Handle the DB error first
|
---|
| 124 | if (!$ip_dbh) {
|
---|
[801] | 125 | $page = HTML::Template->new(filename => "dberr.tmpl", path => @templatepath);
|
---|
[517] | 126 | $page->param(errmsg => $errstr);
|
---|
| 127 | } elsif ($webvar{stype} eq 'q') {
|
---|
[197] | 128 | # Quick search.
|
---|
| 129 |
|
---|
| 130 | if (!$webvar{input}) {
|
---|
| 131 | # No search term. Display everything.
|
---|
| 132 | viewBy('all', '');
|
---|
| 133 | } else {
|
---|
| 134 | # Search term entered. Display matches.
|
---|
| 135 | # We should really sanitize $webvar{input}, no?
|
---|
| 136 | my $searchfor;
|
---|
| 137 | # Chew up leading and trailing whitespace
|
---|
| 138 | $webvar{input} =~ s/^\s+//;
|
---|
| 139 | $webvar{input} =~ s/\s+$//;
|
---|
[285] | 140 | if ($webvar{input} =~ /^\d+$/) {
|
---|
| 141 | # All-digits, new custID
|
---|
| 142 | $searchfor = "cust";
|
---|
| 143 | } elsif ($webvar{input} =~ /^[\d\.]+(\/\d{1,3})?$/) {
|
---|
[201] | 144 | # IP addresses should only have numbers, digits, and maybe a slash+netmask
|
---|
[197] | 145 | $searchfor = "ipblock";
|
---|
[930] | 146 | } elsif ($webvar{input} =~ /(?:^\d{6}\-|[A-Z][A-Z]\d\d\d)/) {
|
---|
| 147 | # Looks like part of a circuit ID
|
---|
| 148 | $searchfor = "circuitid";
|
---|
[197] | 149 | } else {
|
---|
| 150 | # Anything else.
|
---|
| 151 | $searchfor = "desc";
|
---|
| 152 | }
|
---|
| 153 | viewBy($searchfor, $webvar{input});
|
---|
| 154 | }
|
---|
| 155 |
|
---|
| 156 | } elsif ($webvar{stype} eq 'c') {
|
---|
| 157 | # Complex search.
|
---|
| 158 |
|
---|
[201] | 159 | # Several major cases, and a whole raft of individual cases.
|
---|
| 160 | # -> Show all types means we do not need to limit records retrieved by type
|
---|
| 161 | # -> Show all cities means we do not need to limit records retrieved by city
|
---|
| 162 | # Individual cases are for the CIDR/IP, CustID, Description, Notes, and individual type
|
---|
| 163 | # requests.
|
---|
| 164 |
|
---|
[207] | 165 | my $sqlconcat;
|
---|
| 166 | if ($webvar{which} eq 'all') {
|
---|
| 167 | # Must match *all* specified criteria. ## use INTERSECT or EXCEPT
|
---|
| 168 | $sqlconcat = "INTERSECT";
|
---|
| 169 | } elsif ($webvar{which} eq 'any') {
|
---|
| 170 | # Match on any specified criteria ## use UNION
|
---|
| 171 | $sqlconcat = "UNION";
|
---|
| 172 | } else {
|
---|
[517] | 173 | # sum-buddy tryn'a game the system. Match "all"
|
---|
| 174 | $sqlconcat = "INTERSECT";
|
---|
[207] | 175 | }
|
---|
[197] | 176 |
|
---|
[202] | 177 | # We actually construct a monster SQL statement for all criteria.
|
---|
| 178 | # Iff something has been entered, it will be used as a filter.
|
---|
[208] | 179 | # Iff something has NOT been entered, we still include it but in
|
---|
| 180 | # such a way that it does not actually filter anything out.
|
---|
[201] | 181 |
|
---|
[521] | 182 | # hack fix for undefined variables
|
---|
| 183 | $webvar{custid} = '' if !$webvar{custid};
|
---|
| 184 | $webvar{desc} = '' if !$webvar{desc};
|
---|
| 185 | $webvar{notes} = '' if !$webvar{notes};
|
---|
| 186 | $webvar{custexclude} = '' if !$webvar{custexclude};
|
---|
| 187 | $webvar{descexclude} = '' if !$webvar{descexclude};
|
---|
| 188 | $webvar{notesexclude} = '' if !$webvar{notesexclude};
|
---|
| 189 |
|
---|
[207] | 190 | # First chunk of SQL. Filter on custid, description, and notes as necessary.
|
---|
[930] | 191 | # Putting newlines in the SQL so that any SQL logging is somewhat more readable
|
---|
| 192 | # than a gigantic long line of conditions.
|
---|
| 193 | my $sql = "$sqlbase\n";
|
---|
| 194 | my @bindargs;
|
---|
| 195 | if ($webvar{custid}) {
|
---|
| 196 | $sql .= " WHERE $webvar{custexclude} (s.custid ~ ?)\n";
|
---|
| 197 | push @bindargs, $webvar{custid};
|
---|
| 198 | }
|
---|
| 199 | if ($webvar{desc}) {
|
---|
| 200 | $sql .= " $sqlconcat ($sqlbase WHERE $webvar{descexclude} s.description ~* ?)\n";
|
---|
| 201 | push @bindargs, $webvar{desc};
|
---|
| 202 | }
|
---|
| 203 | if ($webvar{notes}) {
|
---|
| 204 | $sql .= " $sqlconcat ($sqlbase WHERE $webvar{notesexclude} s.notes ~ ?)";
|
---|
| 205 | push @bindargs, $webvar{notes};
|
---|
| 206 | }
|
---|
[201] | 207 |
|
---|
[207] | 208 | # If we're not supposed to search for all types, search for the selected types.
|
---|
[522] | 209 | $webvar{alltypes} = '' if !$webvar{alltypes};
|
---|
| 210 | $webvar{typeexclude} = '' if !$webvar{typeexclude};
|
---|
[207] | 211 | if ($webvar{alltypes} ne 'on') {
|
---|
[930] | 212 | $sql .= " $sqlconcat ($sqlbase WHERE $webvar{typeexclude} s.type IN (";
|
---|
[207] | 213 | foreach my $key (keys %webvar) {
|
---|
[930] | 214 | $sql .= "'$1'," if $key =~ /type\[(\w\w)\]/;
|
---|
[207] | 215 | }
|
---|
| 216 | chop $sql;
|
---|
| 217 | $sql .= "))";
|
---|
[201] | 218 | }
|
---|
| 219 |
|
---|
[207] | 220 | # If we're not supposed to search for all cities, search for the selected cities.
|
---|
| 221 | # This could be vastly improved with proper foreign keys in the database.
|
---|
[522] | 222 | $webvar{allcities} = '' if !$webvar{allcities};
|
---|
| 223 | $webvar{cityexclude} = '' if !$webvar{cityexclude};
|
---|
[207] | 224 | if ($webvar{allcities} ne 'on') {
|
---|
[930] | 225 | $sql .= " $sqlconcat ($sqlbase WHERE $webvar{cityexclude} s.city IN (";
|
---|
[823] | 226 | $sth = $ip_dbh->prepare("SELECT city FROM cities WHERE id=?");
|
---|
[207] | 227 | foreach my $key (keys %webvar) {
|
---|
| 228 | if ($key =~ /city\[(\d+)\]/) {
|
---|
| 229 | $sth->execute($1);
|
---|
| 230 | my $city;
|
---|
| 231 | $sth->bind_columns(\$city);
|
---|
| 232 | $sth->fetch;
|
---|
| 233 | $city =~ s/'/''/;
|
---|
| 234 | $sql .= "'$city',";
|
---|
| 235 | }
|
---|
[201] | 236 | }
|
---|
[207] | 237 | chop $sql;
|
---|
| 238 | $sql .= "))";
|
---|
[201] | 239 | }
|
---|
| 240 |
|
---|
[207] | 241 | ## CIDR query options.
|
---|
| 242 | $webvar{cidr} =~ s/\s+//; # Hates the nasty spaceseseses we does.
|
---|
[351] | 243 | if ($webvar{cidr} eq '') { # We has a blank CIDR. Ignore it.
|
---|
[285] | 244 | } elsif ($webvar{cidr} =~ /\//) {
|
---|
[427] | 245 | # 192.168.179/26 should show all /26 subnets in 192.168.179
|
---|
[207] | 246 | my ($net,$maskbits) = split /\//, $webvar{cidr};
|
---|
| 247 | if ($webvar{cidr} =~ /^(\d{1,3}\.){3}\d{1,3}\/\d{2}$/) {
|
---|
| 248 | # /0->/9 are silly to worry about right now. I don't think
|
---|
| 249 | # we'll be getting a class A anytime soon. <g>
|
---|
[930] | 250 | $sql .= " $sqlconcat ($sqlbase WHERE $webvar{cidrexclude} s.cidr <<= ?)";
|
---|
| 251 | push @bindargs, $webvar{cidr};
|
---|
[207] | 252 | } else {
|
---|
| 253 | # Partial match; beginning of subnet and maskbits are provided
|
---|
| 254 | # Show any blocks with the leading octet(s) and that masklength
|
---|
[351] | 255 | # Need some more magic for bare /nn searches:
|
---|
[931] | 256 | $sql .= " $sqlconcat ($sqlbase WHERE $webvar{cidrexclude} (masklen(s.cidr)) = ?";
|
---|
[930] | 257 | push @bindargs, $maskbits;
|
---|
| 258 | if ($net ne '') {
|
---|
| 259 | $sql .= " AND text(s.cidr) LIKE ?";
|
---|
[931] | 260 | push @bindargs, "$net%";
|
---|
[930] | 261 | }
|
---|
[931] | 262 | $sql .= ")";
|
---|
[207] | 263 | }
|
---|
| 264 | } elsif ($webvar{cidr} =~ /^(\d{1,3}\.){3}\d{1,3}$/) {
|
---|
| 265 | # Specific IP address match. Will show either a single netblock,
|
---|
| 266 | # or a static pool plus an IP.
|
---|
[930] | 267 | $sql .= " $sqlconcat ($sqlbase WHERE $webvar{cidrexclude} s.cidr >>= ?)";
|
---|
| 268 | push @bindargs, $webvar{cidr};
|
---|
[207] | 269 | } elsif ($webvar{cidr} =~ /^\d{1,3}(\.(\d{1,3}(\.(\d{1,3}\.?)?)?)?)?$/) {
|
---|
| 270 | # Leading octets in CIDR
|
---|
[930] | 271 | $sql .= " $sqlconcat ($sqlbase WHERE $webvar{cidrexclude} text(s.cidr) LIKE ?)";
|
---|
| 272 | push @bindargs, "$webvar{cidr}%";
|
---|
[207] | 273 | } else {
|
---|
[517] | 274 | # do nothing.
|
---|
| 275 | ##fixme we'll ignore this to clear out the references to legacy code.
|
---|
[207] | 276 | } # done with CIDR query options.
|
---|
[201] | 277 |
|
---|
[207] | 278 | # Find the offset for multipage results
|
---|
| 279 | my $offset = ($webvar{page}-1)*$RESULTS_PER_PAGE;
|
---|
[201] | 280 |
|
---|
[207] | 281 | # Find out how many rows the "core" query will return.
|
---|
[930] | 282 | my $count = countRows($sql, @bindargs);
|
---|
[201] | 283 |
|
---|
[207] | 284 | if ($count == 0) {
|
---|
[517] | 285 | $page->param(errmsg => "No matches found. Try eliminating one of the criteria,".
|
---|
| 286 | " or making one or more criteria more general.");
|
---|
[207] | 287 | } else {
|
---|
| 288 | # Add the limit/offset clauses
|
---|
[931] | 289 | # note ORDER BY needs to NOT reference the table alias s as in $sqlbase because Reasons
|
---|
| 290 | $sql .= " ORDER BY cidr";
|
---|
[930] | 291 | $sql .= " LIMIT $RESULTS_PER_PAGE OFFSET $offset" if $RESULTS_PER_PAGE != 0;
|
---|
[207] | 292 | # And tell the user.
|
---|
| 293 | print "<div class=heading>Searching...............</div>\n";
|
---|
[930] | 294 | queryResults($sql, $webvar{page}, $count, @bindargs);
|
---|
[207] | 295 | }
|
---|
[201] | 296 |
|
---|
[397] | 297 | } elsif ($webvar{stype} eq 'n') {
|
---|
| 298 | # Node search.
|
---|
| 299 |
|
---|
[930] | 300 | my $sql = "$sqlbase JOIN noderef nr ON nr.block=s.cidr WHERE nr.node_id = ?";
|
---|
[397] | 301 |
|
---|
| 302 | # Find the offset for multipage results
|
---|
| 303 | my $offset = ($webvar{page}-1)*$RESULTS_PER_PAGE;
|
---|
| 304 |
|
---|
| 305 | # Find out how many rows the "core" query will return.
|
---|
[930] | 306 | my $count = countRows($sql, $webvar{node});
|
---|
[397] | 307 |
|
---|
[930] | 308 | my $nodename = getNodeName($ip_dbh, $webvar{node});
|
---|
| 309 |
|
---|
[397] | 310 | if ($count == 0) {
|
---|
[930] | 311 | $page->param(errmsg => "No customers currently listed as connected through $nodename.");
|
---|
[517] | 312 | ##fixme: still get the results table header
|
---|
[397] | 313 | } else {
|
---|
| 314 | # Add the limit/offset clauses
|
---|
[930] | 315 | $sql .= " ORDER BY cidr";
|
---|
| 316 | $sql .= " LIMIT $RESULTS_PER_PAGE OFFSET $offset" if $RESULTS_PER_PAGE != 0;
|
---|
[397] | 317 | # And tell the user.
|
---|
[930] | 318 | print "<div class=heading>Searching for assignments terminating on $nodename...</div>\n";
|
---|
| 319 | queryResults($sql, $webvar{page}, $count, $webvar{node});
|
---|
[397] | 320 | }
|
---|
| 321 |
|
---|
[207] | 322 | } else { # how script was called. General case is to show the search criteria page.
|
---|
[201] | 323 |
|
---|
[197] | 324 | # Generate table of types
|
---|
| 325 | $sth = $ip_dbh->prepare("select type,dispname from alloctypes where listorder <500 ".
|
---|
| 326 | "order by listorder");
|
---|
| 327 | $sth->execute;
|
---|
| 328 | my $i=0;
|
---|
[517] | 329 | my @typelist;
|
---|
| 330 | while (my ($type,$dispname) = $sth->fetchrow_array) {
|
---|
| 331 | my %row = (
|
---|
| 332 | newrow => ($i % 4 == 0),
|
---|
| 333 | type => $type,
|
---|
| 334 | dispname => $dispname,
|
---|
| 335 | endrow => ($i++ % 4 == 3)
|
---|
| 336 | );
|
---|
| 337 | push @typelist, \%row;
|
---|
[197] | 338 | }
|
---|
[517] | 339 | $page->param(typelist => \@typelist);
|
---|
[197] | 340 |
|
---|
| 341 | # Generate table of cities
|
---|
| 342 | $sth = $ip_dbh->prepare("select id,city from cities order by city");
|
---|
| 343 | $sth->execute;
|
---|
[517] | 344 | $i=0;
|
---|
| 345 | my @citylist;
|
---|
| 346 | while (my ($id, $city) = $sth->fetchrow_array) {
|
---|
| 347 | my %row = (
|
---|
| 348 | newrow => ($i % 4 == 0),
|
---|
| 349 | id => $id,
|
---|
| 350 | city => $city,
|
---|
| 351 | endrow => ($i++ % 4 == 3)
|
---|
| 352 | );
|
---|
| 353 | push @citylist, \%row;
|
---|
[197] | 354 | }
|
---|
[517] | 355 | $page->param(citylist => \@citylist);
|
---|
[197] | 356 |
|
---|
| 357 | }
|
---|
| 358 |
|
---|
[517] | 359 | print $page->output;
|
---|
| 360 |
|
---|
[935] | 361 | $sth->finish;
|
---|
| 362 |
|
---|
[197] | 363 | # Shut down and clean up.
|
---|
| 364 | finish($ip_dbh);
|
---|
[517] | 365 |
|
---|
| 366 | # We print the footer here, so we don't have to do it elsewhere.
|
---|
[801] | 367 | my $footer = HTML::Template->new(filename => "footer.tmpl", path => @templatepath);
|
---|
[517] | 368 | # include the admin tools link in the output?
|
---|
| 369 | $footer->param(adminlink => ($IPDBacl{$authuser} =~ /A/));
|
---|
| 370 |
|
---|
| 371 | print $footer->output;
|
---|
| 372 |
|
---|
[197] | 373 | # We shouldn't need to directly execute any code below here; it's all subroutines.
|
---|
| 374 | exit 0;
|
---|
| 375 |
|
---|
[207] | 376 |
|
---|
| 377 | # viewBy()
|
---|
| 378 | # The quick search
|
---|
| 379 | # Takes a category descriptor and a query string
|
---|
| 380 | # Creates appropriate SQL to run the search and display the results
|
---|
| 381 | # with queryResults()
|
---|
[520] | 382 | sub viewBy {
|
---|
[197] | 383 | my ($category,$query) = @_;
|
---|
| 384 |
|
---|
| 385 | # Local variables
|
---|
| 386 | my $sql;
|
---|
| 387 |
|
---|
| 388 | # Calculate start point for LIMIT clause
|
---|
| 389 | my $offset = ($webvar{page}-1)*$RESULTS_PER_PAGE;
|
---|
[930] | 390 | ##fixme: squeeze ORDER BY etc out into somewhere common, or at least an
|
---|
| 391 | # includeable bit instead of hardcoding in each block
|
---|
[197] | 392 |
|
---|
| 393 | if ($category eq 'all') {
|
---|
| 394 |
|
---|
[930] | 395 | # Sort of pointless, just horks up everything.
|
---|
| 396 | $sql = "$sqlbase";
|
---|
[202] | 397 | my $count = countRows($sql);
|
---|
[930] | 398 | $sql .= " ORDER BY s.cidr LIMIT $RESULTS_PER_PAGE OFFSET $offset";
|
---|
[197] | 399 | queryResults($sql, $webvar{page}, $count);
|
---|
| 400 |
|
---|
| 401 | } elsif ($category eq 'cust') {
|
---|
| 402 |
|
---|
[517] | 403 | ##fixme: this and other quick-search areas; fix up page heading title similar to first grouping above
|
---|
[197] | 404 | print qq(<div class="heading">Searching for Customer IDs containing '$query'</div><br>\n);
|
---|
| 405 |
|
---|
| 406 | # Query for a customer ID. Note that we can't restrict to "numeric-only"
|
---|
| 407 | # as we have non-numeric custIDs in the legacy data. :/
|
---|
[930] | 408 | $sql = "$sqlbase WHERE s.custid ~* ? OR s.description ~* ?";
|
---|
| 409 | my $count = countRows($sql, $query, $query);
|
---|
| 410 | $sql .= " ORDER BY s.cidr LIMIT $RESULTS_PER_PAGE OFFSET $offset";
|
---|
| 411 | queryResults($sql, $webvar{page}, $count, $query, $query);
|
---|
[197] | 412 |
|
---|
| 413 | } elsif ($category eq 'desc') {
|
---|
| 414 |
|
---|
[930] | 415 | print qq(<div class="heading">Searching for description, customer ID, or circuit ID matching '$query'</div><br>\n);
|
---|
[953] | 416 | ##fixme: suppress regex handling of ()[]
|
---|
| 417 | $query =~ s/([()\[\]])/\\$1/g;
|
---|
[197] | 418 | # Query based on description (includes "name" from old DB).
|
---|
[930] | 419 | $sql = "$sqlbase WHERE s.description ~* ? OR s.custid ~* ? OR s.circuitid ~* ?";
|
---|
| 420 | my $count = countRows($sql, $query, $query, $query);
|
---|
| 421 | $sql .= " ORDER BY s.cidr LIMIT $RESULTS_PER_PAGE OFFSET $offset";
|
---|
| 422 | queryResults($sql, $webvar{page}, $count, $query, $query, $query);
|
---|
[197] | 423 |
|
---|
[930] | 424 | } elsif ($category eq 'circuitid') {
|
---|
| 425 |
|
---|
| 426 | print qq(<div class="heading">Searching for allocations with circuit ID matching '$query'</div><br>\n);
|
---|
| 427 | # Pretty similar to description and cust searches above, but focus on circuit ID
|
---|
| 428 | # JOIN needed for VRF field
|
---|
| 429 | $sql = "$sqlbase WHERE s.circuitid ~* ? OR s.description ~* ?";
|
---|
| 430 | my $count = countRows($sql, $query, $query);
|
---|
| 431 | $sql .= " ORDER BY s.cidr LIMIT $RESULTS_PER_PAGE OFFSET $offset";
|
---|
| 432 | queryResults($sql, $webvar{page}, $count, $query, $query);
|
---|
| 433 |
|
---|
[197] | 434 | } elsif ($category =~ /ipblock/) {
|
---|
| 435 |
|
---|
| 436 | # Query is for a partial IP, a CIDR block in some form, or a flat IP.
|
---|
| 437 | print qq(<div class="heading">Searching for IP-based matches on '$query'</div><br>\n);
|
---|
| 438 |
|
---|
| 439 | $query =~ s/\s+//g;
|
---|
| 440 | if ($query =~ /\//) {
|
---|
[427] | 441 | # 192.168.179/26 should show all /26 subnets in 192.168.179
|
---|
[197] | 442 | my ($net,$maskbits) = split /\//, $query;
|
---|
| 443 | if ($query =~ /^(\d{1,3}\.){3}\d{1,3}\/\d{2}$/) {
|
---|
| 444 | # /0->/9 are silly to worry about right now. I don't think
|
---|
| 445 | # we'll be getting a class A anytime soon. <g>
|
---|
[930] | 446 | $sql = "$sqlbase WHERE s.cidr = ?";
|
---|
| 447 | queryResults($sql, $webvar{page}, 1, $query);
|
---|
[197] | 448 | } else {
|
---|
[289] | 449 | #print "Finding all blocks with netmask /$maskbits, leading octet(s) $net<br>\n";
|
---|
[197] | 450 | # Partial match; beginning of subnet and maskbits are provided
|
---|
[930] | 451 | $sql = "$sqlbase WHERE text(s.cidr) LIKE ? AND text(s.cidr) LIKE ?";
|
---|
| 452 | my $count = countRows($sql, "$net%", "%$maskbits");
|
---|
| 453 | $sql .= " ORDER BY s.cidr LIMIT $RESULTS_PER_PAGE OFFSET $offset";
|
---|
| 454 | queryResults($sql, $webvar{page}, $count, "$net%", "%$maskbits");
|
---|
[197] | 455 | }
|
---|
[930] | 456 |
|
---|
[197] | 457 | } elsif ($query =~ /^(\d{1,3}\.){3}\d{1,3}$/) {
|
---|
| 458 | # Specific IP address match
|
---|
[289] | 459 | #print "4-octet pattern found; finding netblock containing IP $query<br>\n";
|
---|
[197] | 460 | my ($net,$ip) = ($query =~ /(\d{1,3}\.\d{1,3}\.\d{1,3}\.)(\d{1,3})/);
|
---|
| 461 | my $sfor = new NetAddr::IP $query;
|
---|
[930] | 462 | $sql = "$sqlbase WHERE s.cidr >>= ? AND s.type <> 'mm'";
|
---|
| 463 | my $count = countRows($sql, $sfor);
|
---|
| 464 | $sql .= " ORDER BY masklen(s.cidr) DESC";
|
---|
| 465 | queryResults($sql, $webvar{page}, $count, $sfor);
|
---|
[823] | 466 |
|
---|
[202] | 467 | } elsif ($query =~ /^(\d{1,3}\.){1,3}\d{1,3}\.?$/) {
|
---|
[289] | 468 | #print "Finding matches with leading octet(s) $query<br>\n";
|
---|
[930] | 469 | $sql = "$sqlbase WHERE text(s.cidr) LIKE ?";
|
---|
| 470 | my $count = countRows($sql, "$query%");
|
---|
| 471 | $sql .= " ORDER BY s.cidr LIMIT $RESULTS_PER_PAGE OFFSET $offset";
|
---|
| 472 | queryResults($sql, $webvar{page}, $count, "$query%");
|
---|
[197] | 473 | } else {
|
---|
| 474 | # This shouldn't happen, but if it does, whoever gets it deserves what they get...
|
---|
[517] | 475 | $page->param(errmsg => "Invalid query.");
|
---|
[197] | 476 | }
|
---|
| 477 | } else {
|
---|
| 478 | # This shouldn't happen, but if it does, whoever gets it deserves what they get...
|
---|
[517] | 479 | $page->param(errmsg => "Invalid searchfor.");
|
---|
[197] | 480 | }
|
---|
| 481 | } # viewBy
|
---|
| 482 |
|
---|
| 483 |
|
---|
| 484 |
|
---|
[207] | 485 | # queryResults()
|
---|
| 486 | # Display search queries based on the passed SQL.
|
---|
| 487 | # Takes SQL, page number (for multipage search results), and a total count.
|
---|
[520] | 488 | sub queryResults {
|
---|
[930] | 489 | my $sql = shift;
|
---|
| 490 | my $pageNo = shift;
|
---|
| 491 | my $rowCount = shift;
|
---|
| 492 | my @bindargs = @_;
|
---|
| 493 |
|
---|
[197] | 494 | my $offset = 0;
|
---|
[930] | 495 | $offset = $1 if($sql =~ m/.*LIMIT\s+(.*),.*/);
|
---|
[197] | 496 |
|
---|
| 497 | my $sth = $ip_dbh->prepare($sql);
|
---|
[930] | 498 | $sth->execute(@bindargs);
|
---|
[197] | 499 |
|
---|
[517] | 500 | $page->param(searchtitle => "Showing all netblock and static-IP allocations");
|
---|
| 501 |
|
---|
[197] | 502 | my $count = 0;
|
---|
[517] | 503 | my @sresults;
|
---|
[823] | 504 | while (my ($block, $custid, $type, $city, $desc, $id, $parent, $avail, $vrf) = $sth->fetchrow_array) {
|
---|
[517] | 505 | my %row = (
|
---|
| 506 | rowclass => $count++ % 2,
|
---|
[823] | 507 | vrf => $vrf,
|
---|
[517] | 508 | issub => ($type =~ /^.r$/ ? 1 : 0),
|
---|
[670] | 509 | ispool => ($type =~ /^.[pd]$/ ? 1 : 0),
|
---|
| 510 | basetype => ($type =~ /^.i/ ? 'i' : 'b'),
|
---|
| 511 | freeip => ($avail eq 'y'),
|
---|
| 512 | parent => $parent,
|
---|
[517] | 513 | block => $block,
|
---|
| 514 | custid => $custid,
|
---|
| 515 | disptype => $disp_alloctypes{$type},
|
---|
| 516 | city => $city,
|
---|
[670] | 517 | desc => $desc,
|
---|
| 518 | id => $id,
|
---|
[517] | 519 | );
|
---|
| 520 | push @sresults, \%row;
|
---|
[197] | 521 | }
|
---|
[517] | 522 | $page->param(sresults => \@sresults);
|
---|
[197] | 523 |
|
---|
| 524 | # Have to think on this call, it's primarily to clean up unfetched rows from a select.
|
---|
| 525 | # In this context it's probably a good idea.
|
---|
| 526 | $sth->finish();
|
---|
| 527 |
|
---|
| 528 | my $upper = $offset+$count;
|
---|
| 529 |
|
---|
[517] | 530 | $page->param(resfound => $rowCount);
|
---|
| 531 | $page->param(resstart => $offset+1);
|
---|
| 532 | $page->param(resstop => $upper);
|
---|
| 533 |
|
---|
[197] | 534 | # print the page thing..
|
---|
[370] | 535 | if ($RESULTS_PER_PAGE > 0 && $rowCount > $RESULTS_PER_PAGE) {
|
---|
[517] | 536 | $page->param(multipage => 1);
|
---|
[197] | 537 | my $pages = ceil($rowCount/$RESULTS_PER_PAGE);
|
---|
[517] | 538 | my @pagelist;
|
---|
[197] | 539 | for (my $i = 1; $i <= $pages; $i++) {
|
---|
[517] | 540 | my %row;
|
---|
| 541 | $row{pgnum} = $i;
|
---|
[197] | 542 | if ($i == $pageNo) {
|
---|
[517] | 543 | $row{thispage} = 1;
|
---|
[197] | 544 | } else {
|
---|
[517] | 545 | $row{stype} = $webvar{stype};
|
---|
[202] | 546 | if ($webvar{stype} eq 'c') {
|
---|
[517] | 547 | $row{extraopts} = "cidr=$webvar{cidr}&custid=$webvar{custid}&desc=$webvar{desc}&".
|
---|
[202] | 548 | "notes=$webvar{notes}&which=$webvar{which}&alltypes=$webvar{alltypes}&".
|
---|
| 549 | "allcities=$webvar{allcities}&";
|
---|
| 550 | foreach my $key (keys %webvar) {
|
---|
[351] | 551 | if ($key =~ /^(?:type|city)\[/ || $key =~ /exclude$/) {
|
---|
[517] | 552 | $row{extraopts} .= "$key=$webvar{$key}&";
|
---|
[202] | 553 | }
|
---|
| 554 | }
|
---|
| 555 | } else {
|
---|
[517] | 556 | $row{extraopts} = "input=$webvar{input}&";
|
---|
[202] | 557 | }
|
---|
[197] | 558 | }
|
---|
[517] | 559 | push @pagelist, \%row;
|
---|
[197] | 560 | }
|
---|
[517] | 561 | $page->param(pgnums => \@pagelist);
|
---|
[197] | 562 | }
|
---|
[517] | 563 |
|
---|
[197] | 564 | } # queryResults
|
---|
| 565 |
|
---|
| 566 |
|
---|
| 567 |
|
---|
[202] | 568 | # Return count of rows to be returned in a "real" query
|
---|
| 569 | # with the passed SQL statement
|
---|
[520] | 570 | sub countRows {
|
---|
[930] | 571 | my $sql = shift;
|
---|
| 572 |
|
---|
[202] | 573 | # Note that the "as foo" is required
|
---|
[930] | 574 | my @a = $ip_dbh->selectrow_array("SELECT count(*) FROM ($sql) AS foo", undef, @_);
|
---|
[197] | 575 | return $a[0];
|
---|
| 576 | }
|
---|