Changeset 233 for trunk


Ignore:
Timestamp:
04/15/05 18:11:39 (20 years ago)
Author:
Kris Deugau
Message:

/trunk

Merge /branches/acl r221, 222, 223, 225, 226 back to trunk

Location:
trunk
Files:
1 deleted
8 edited
1 copied

Legend:

Unmodified
Added
Removed
  • trunk/cgi-bin/CommonWeb.pm

    r105 r233  
    5353}
    5454
    55 sub printHeader($) #(cgiurl)
    56 {
    57         my $cgiURL = $_[0];
    58         print "Content-type: text/html\n\n";
    59         open(FILE, "../header.inc") || die $!;
    60         while (<FILE>)
    61         {
    62                 $_ =~ s/\$\$CGIURL\$\$/$cgiURL/g;
    63                 print $_;
    64         }
    65         close(FILE);
     55
     56sub printHeader {
     57  my $title = shift;
     58  print "Content-type: text/html\n\n";
     59# This doesn't work well.  Must investigate.
     60#  my $realm = shift;
     61#  print qq(WWW-Authenticate: Basic realm="$realm"\n) if $realm;
     62  open FILE, "../header.inc"
     63        or carp $!;
     64  my $html = join('',<FILE>);
     65  close FILE;
     66
     67  $html =~ s/\$\$TITLE\$\$/$title/;
     68# Necessary for mangling arbitrary bits of the header
     69  my $i=0;
     70  while (defined(my $param = shift)) {
     71    $html =~ s/\$\$EXTRA$i\$\$/$param/g;
     72    $i++;
     73  }
     74  print $html;
    6675}
    6776
  • trunk/cgi-bin/IPDB.pm

    r189 r233  
    2323@EXPORT_OK    = qw(
    2424        %disp_alloctypes %list_alloctypes %def_custids @citylist @poplist @masterblocks
    25         %allocated %free %routed %bigfree
     25        %allocated %free %routed %bigfree %IPDBacl
    2626        &initIPDBGlobals &connectDB &finish &checkDBSanity &allocateBlock &deleteBlock
    2727        &mailNotify
     
    3131%EXPORT_TAGS    = ( ALL => [qw(
    3232                %disp_alloctypes %list_alloctypes %def_custids @citylist @poplist
    33                 @masterblocks %allocated %free %routed %bigfree
     33                @masterblocks %allocated %free %routed %bigfree %IPDBacl
    3434                &initIPDBGlobals &connectDB &finish &checkDBSanity &allocateBlock
    3535                &deleteBlock &mailNotify
     
    5050our %routed;
    5151our %bigfree;
     52our %IPDBacl;
    5253
    5354# Let's initialize the globals.
     
    8384  $sth = $dbh->prepare("select cidr from masterblocks order by cidr");
    8485  $sth->execute;
     86  return (undef,$sth->errstr) if $sth->err;
    8587  for (my $i=0; my @data = $sth->fetchrow_array(); $i++) {
    8688    $masterblocks[$i] = new NetAddr::IP $data[0];
     
    9193    $routed{"$masterblocks[$i]"} = 0;
    9294  }
     95
     96  # Load ACL data.  Specific username checks are done at a different level.
     97  $sth = $dbh->prepare("select username,acl from users");
     98  $sth->execute;
    9399  return (undef,$sth->errstr) if $sth->err;
     100  while (my @data = $sth->fetchrow_array) {
     101    $IPDBacl{$data[0]} = $data[1];
     102  }
    94103
    95104  return (1,"OK");
  • trunk/cgi-bin/admin.cgi

    r214 r233  
    3333}
    3434
    35 if ($authuser !~ /^(kdeugau|jodyh|jipp)$/) {
    36   print "Content-Type: text/html\n\n".
    37         "<html><head><title>Access denied</title></head><body>\n".
    38         'Access to this tool is restricted.  Contact <a href="mailto:kdeugau@vianet.ca">Kris</a> '.
    39         "for more information.</body></html>\n";
    40   exit;
    41 }
    42 
    4335syslog "debug", "$authuser active";
    4436
     
    5345}
    5446initIPDBGlobals($ip_dbh);
     47
     48if ($IPDBacl{$authuser} !~ /A/) {
     49  print "Content-Type: text/html\n\n".
     50        "<html><head><title>Access denied</title></head><body>\n".
     51        'Access to this tool is restricted.  Contact <a href="mailto:kdeugau@vianet.ca">Kris</a> '.
     52        "for more information.</body></html>\n";
     53  exit;
     54}
    5555
    5656my %webvar = parse_post();
     
    9090</form>
    9191<hr><a href="admin.cgi?action=showpools">List IP Pools</a> for manual tweaking and updates
     92<hr><a href="admin.cgi?action=showACL">Change ACLs</a> (change internal access controls -
     93note that this does NOT include IP-based limits)
    9294);
    9395} else {
     
    267269    syslog "notice", "$authuser updated pool IP $webvar{ip}";
    268270  }
    269 #  showPool("$data[0]");
    270 #} else {
    271 #  print "webvar{action} check failed: $webvar{action}";
     271} elsif ($webvar{action} eq 'showACL') {
     272  print "Notes:<br>\n".
     273        "<li>Users must be added to .htpasswd from the shell, for the time being.\n".
     274        "<li>New accounts will be added to the ACL here every time this page is loaded.\n".
     275        "<li>Old accounts will NOT be automatically deleted;  they must be removed via shell.\n".
     276        "<li>Admin users automatically get all other priviledges.\n";
     277# open .htpasswd, and snag the userlist.
     278  $sth = $ip_dbh->prepare("select count (*) from users where username=?");
     279  open HTPASS, "<../../.htpasswd" or carp "BOO! No .htpasswd file!";
     280  while (<HTPASS>) {
     281    my ($username,$encpwd) = split /:/;
     282    $sth->execute($username);
     283    my @data = $sth->fetchrow_array;
     284    if ($data[0] eq '0') {
     285      my $sth2 = $ip_dbh->prepare("insert into users (username,password) values ('$username','$encpwd')");
     286      $sth2->execute;
     287      print "$username added with read-only privs to ACL<br>\n";
     288    }
     289  }
     290
     291  print "<hr>Users with access:\n<table border=1>\n";
     292  print "<tr><td>Username</td><td>Add new</td><td>Change</td>".
     293        "<td>Delete</td><td>Admin user</td></tr>\n".
     294        "<form action=admin.cgi method=POST>\n";
     295  $sth = $ip_dbh->prepare("select username,acl from users order by username");
     296  $sth->execute;
     297  while (my @data = $sth->fetchrow_array) {
     298    print "<form action=admin.cgi method=POST><input type=hidden name=action value=updacl>".
     299        qq(<tr><td>$data[0]<input type=hidden name=username value="$data[0]"></td><td>).
     300    # Now for the fun bit.  We have to pull apart the ACL field and
     301    # output a bunch of checkboxes.
     302        "<input type=checkbox name=add".($data[1] =~ /a/ ? ' checked=y' : '').
     303        "></td><td><input type=checkbox name=change".($data[1] =~ /c/ ? ' checked=y' : '').
     304        "></td><td><input type=checkbox name=del".($data[1] =~ /d/ ? ' checked=y' : '').
     305        "></td><td><input type=checkbox name=admin".($data[1] =~ /A/ ? ' checked=y' : '').
     306        qq(></td><td><input type=submit value="Update"></td></tr></form>\n);
     307
     308  }
     309  print "</table>\n";
     310} elsif ($webvar{action} eq 'updacl') {
     311  print "Updating ACL for $webvar{username}:<br>\n";
     312  my $acl = 'b';
     313  if ($webvar{admin} eq 'on') {
     314    $acl .= "acdA";
     315  } else {
     316    $acl .= ($webvar{add} eq 'on' ? 'a' : '').
     317        ($webvar{change} eq 'on' ? 'c' : '').
     318        ($webvar{del} eq 'on' ? 'd' : '');
     319  }
     320  print "New ACL: $acl<br>\n";
     321
     322  $sth = $ip_dbh->prepare("update users set acl='$acl' where username='$webvar{username}'");
     323  $sth->execute;
     324  print "OK\n" if !$sth->err;
     325
     326  print qq(<hr><a href="admin.cgi?action=showACL">Back</a> to ACL listing\n);
     327
     328} else {
     329  print "webvar{action} check failed: Don't know how to $webvar{action}";
    272330}
    273331
  • trunk/cgi-bin/ipdb.psql

    r219 r233  
    204204CREATE TRIGGER up_modtime BEFORE UPDATE ON poolips
    205205    FOR EACH ROW EXECUTE PROCEDURE up_modtime();
     206
     207--
     208-- User data table - required for proper ACLs
     209--
     210
     211CREATE TABLE "users" (
     212        "user" varchar(16) NOT NULL PRIMARY KEY,
     213        "password" varchar(16) DEFAULT '',
     214        "acl" varchar(16) DEFAULT 'b'
     215);
  • trunk/cgi-bin/main.cgi

    r231 r233  
    2222openlog "IPDB","pid","local2";
    2323
    24 # Collect the username from HTTP auth.  If undefined, we're in a test environment.
     24# Collect the username from HTTP auth.  If undefined, we're in
     25# a test environment, or called without a username.
    2526my $authuser;
    2627if (!defined($ENV{'REMOTE_USER'})) {
     
    3940($ip_dbh,$errstr) = connectDB_My;
    4041if (!$ip_dbh) {
    41   printAndExit("Database error: $errstr\n");
     42  exitError("Database error: $errstr\n");
    4243}
    4344initIPDBGlobals($ip_dbh);
     45
     46# Headerize!  Make sure we replace the $$EXTRA0$$ bit as needed.
     47printHeader('', ($IPDBacl{$authuser} =~ /a/ ?
     48        '<a href="/ip/cgi-bin/main.cgi?action=assign">Add new assignment</a>' : ''
     49        ));
     50
    4451
    4552#prototypes
     
    6471if($webvar{action} eq 'index') {
    6572  showSummary();
     73} elsif ($webvar{action} eq 'addmaster') {
     74  if ($IPDBacl{$authuser} !~ /a/) {
     75    printError("You shouldn't have been able to get here.  Access denied.");
     76  } else {
     77    open HTML, "<../addmaster.html";
     78    print while <HTML>;
     79  }
    6680} elsif ($webvar{action} eq 'newmaster') {
    67   printHeader('');
    68 
    69   my $cidr = new NetAddr::IP $webvar{cidr};
    70 
    71   print "<div type=heading align=center>Adding $cidr as master block....</div>\n";
    72 
    73   # Allow transactions, and raise an exception on errors so we can catch it later.
    74   # Use local to make sure these get "reset" properly on exiting this block
    75   local $ip_dbh->{AutoCommit} = 0;
    76   local $ip_dbh->{RaiseError} = 1;
    77 
    78   # Wrap the SQL in a transaction
    79   eval {
    80     $sth = $ip_dbh->prepare("insert into masterblocks values ('$webvar{cidr}')");
    81     $sth->execute;
     81
     82  if ($IPDBacl{$authuser} !~ /a/) {
     83    printError("You shouldn't have been able to get here.  Access denied.");
     84  } else {
     85
     86    my $cidr = new NetAddr::IP $webvar{cidr};
     87
     88    print "<div type=heading align=center>Adding $cidr as master block....</div>\n";
     89
     90    # Allow transactions, and raise an exception on errors so we can catch it later.
     91    # Use local to make sure these get "reset" properly on exiting this block
     92    local $ip_dbh->{AutoCommit} = 0;
     93    local $ip_dbh->{RaiseError} = 1;
     94
     95    # Wrap the SQL in a transaction
     96    eval {
     97      $sth = $ip_dbh->prepare("insert into masterblocks values ('$webvar{cidr}')");
     98      $sth->execute;
    8299
    83100# Unrouted blocks aren't associated with a city (yet).  We don't rely on this
     
    85102# Thus the "routed" flag.
    86103
    87     $sth = $ip_dbh->prepare("insert into freeblocks (cidr,maskbits,city,routed)".
     104      $sth = $ip_dbh->prepare("insert into freeblocks (cidr,maskbits,city,routed)".
    88105        " values ('$webvar{cidr}',".$cidr->masklen.",'<NULL>','n')");
    89     $sth->execute;
    90 
    91     # If we get here, everything is happy.  Commit changes.
    92     $ip_dbh->commit;
    93   }; # end eval
    94 
    95   if ($@) {
    96     carp "Transaction aborted because $@";
    97     eval { $ip_dbh->rollback; };
    98     syslog "err", "Could not add master block '$webvar{cidr}' to database: '$@'";
    99     printError("Could not add master block $webvar{cidr} to database: $@");
    100   } else {
    101     print "<div type=heading align=center>Success!</div>\n";
    102     syslog "info", "$authuser added master block $webvar{cidr}";
    103   }
     106      $sth->execute;
     107
     108      # If we get here, everything is happy.  Commit changes.
     109      $ip_dbh->commit;
     110    }; # end eval
     111
     112    if ($@) {
     113      carp "Transaction aborted because $@";
     114      eval { $ip_dbh->rollback; };
     115      syslog "err", "Could not add master block '$webvar{cidr}' to database: '$@'";
     116      printError("Could not add master block $webvar{cidr} to database: $@");
     117    } else {
     118      print "<div type=heading align=center>Success!</div>\n";
     119      syslog "info", "$authuser added master block $webvar{cidr}";
     120    }
     121
     122  } # ACL check
    104123
    105124} # end add new master
     
    115134}
    116135elsif($webvar{action} eq 'search') {
    117   printHeader('');
    118136  if (!$webvar{input}) {
    119137    # No search term.  Display everything.
     
    153171# which is not in any way guaranteed to provide anything useful.
    154172else {
    155   printHeader('');
    156173  my $rnd = rand 500;
    157174  my $boing = sprintf("%.2f", rand 500);
     
    171188print qq(<div align=right style="position: absolute; right: 30px;">).
    172189        qq(<a href="/ip/cgi-bin/admin.cgi">Admin tools</a></div><br>\n)
    173         if $authuser =~ /kdeugau|jodyh|jipp/;
     190        if $IPDBacl{$authuser} =~ /A/;
    174191
    175192# We print the footer here, so we don't have to do it elsewhere.
     
    392409# Initial display:  Show master blocks with total allocated subnets, total free subnets
    393410sub showSummary {
    394   # this is horrible-ugly-bad and will Go Away real soon now(TM)
    395   print "Content-type: text/html\n\n";
    396411
    397412  startTable('Master netblock', 'Routed netblocks', 'Allocated netblocks',
     
    450465  }
    451466  print "</table>\n";
    452   print qq(<a href="/ip/addmaster.shtml">Add new master block</a><br><br>\n);
     467  if ($IPDBacl{$authuser} =~ /a/) {
     468    print qq(<a href="/ip/cgi-bin/main.cgi?action=addmaster">Add new master block</a><br><br>\n);
     469  }
    453470  print "Note:  Free blocks noted here include both routed and unrouted blocks.\n";
    454471
     
    462479# else should follow.  YMMV.)
    463480sub showMaster {
    464   printHeader('');
    465481
    466482  print qq(<center><div class="heading">Summarizing routed blocks for ).
     
    538554    print qq(<hr width="60%"><center><div class="heading">No allocations in ).
    539555        qq($master.</div>\n).
    540         qq(<form action="/ip/cgi-bin/main.cgi" method=POST>\n).
    541         qq(<input type=hidden name=action value="delete">\n).
    542         qq(<input type=hidden name=block value="$master">\n).
    543         qq(<input type=hidden name=alloctype value="mm">\n).
    544         qq(<input type=submit value=" Remove this master ">\n).
    545         qq(</form></center>\n);
     556        ($IPDBacl{$authuser} =~ /d/ ?
     557                qq(<form action="/ip/cgi-bin/main.cgi" method=POST>\n).
     558                qq(<input type=hidden name=action value="delete">\n).
     559                qq(<input type=hidden name=block value="$master">\n).
     560                qq(<input type=hidden name=alloctype value="mm">\n).
     561                qq(<input type=submit value=" Remove this master ">\n).
     562                qq(</form></center>\n) :
     563                '');
    546564
    547565  } # end check for existence of routed blocks in master
     
    577595# not have anything useful to spew.
    578596sub showRBlock {
    579   printHeader('');
    580597
    581598  my $master = new NetAddr::IP $webvar{block};
     
    625642    print qq(<hr width="60%"><center><div class="heading">No allocations in ).
    626643        qq($master.</div></center>\n).
    627         qq(<form action="/ip/cgi-bin/main.cgi" method=POST>\n).
    628         qq(<input type=hidden name=action value="delete">\n).
    629         qq(<input type=hidden name=block value="$master">\n).
    630         qq(<input type=hidden name=alloctype value="rm">\n).
    631         qq(<input type=submit value=" Remove this block ">\n).
    632         qq(</form>\n);
     644        ($IPDBacl{$authuser} =~ /d/ ?
     645                qq(<form action="/ip/cgi-bin/main.cgi" method=POST>\n).
     646                qq(<input type=hidden name=action value="delete">\n).
     647                qq(<input type=hidden name=block value="$master">\n).
     648                qq(<input type=hidden name=alloctype value="rm">\n).
     649                qq(<input type=submit value=" Remove this block ">\n).
     650                qq(</form>\n) :
     651                '');
    633652  }
    634653
     
    649668    # Include some HairyPerl(TM) to prefix subblocks with "Sub "
    650669    my @row = ((($data[1] ne 'y' && $data[1] ne 'n') ? 'Sub ' : '').
    651         qq(<a href="/ip/cgi-bin/main.cgi?action=assign&block=$cidr&fbtype=$data[1]">$cidr</a>),
     670        ($IPDBacl{$authuser} =~ /a/ ? qq(<a href="/ip/cgi-bin/main.cgi?action=assign&block=$cidr&fbtype=$data[1]">$cidr</a>) : $cidr),
    652671        $cidr->range);
    653672    printRow(\@row, 'color1') if ($count%2 == 0);
     
    662681# List the IPs used in a pool
    663682sub listPool {
    664   printHeader('');
    665683
    666684  my $cidr = new NetAddr::IP $webvar{pool};
     
    708726    my @row = ( qq(<a href="/ip/cgi-bin/main.cgi?action=edit&block=$data[0]">$data[0]</a>),
    709727        $data[1],$data[2],$data[3],
    710         ( ($data[2] eq 'n') ?
     728        ( (($data[2] eq 'n') && ($IPDBacl{$authuser} =~ /d/)) ?
    711729          ("<a href=\"/ip/cgi-bin/main.cgi?action=delete&block=$data[0]&".
    712730           "alloctype=$data[4]\">Unassign this IP</a>") :
     
    725743# be one of two templates, and the lists come from the database.
    726744sub assignBlock {
    727   printHeader('');
     745
     746  if ($IPDBacl{$authuser} !~ /a/) {
     747    printError("You shouldn't have been able to get here.  Access denied.");
     748    return;
     749  }
    728750
    729751  my $html;
     
    803825# Take info on requested IP assignment and see what we can provide.
    804826sub confirmAssign {
    805   printHeader('');
     827  if ($IPDBacl{$authuser} !~ /a/) {
     828    printError("You shouldn't have been able to get here.  Access denied.");
     829    return;
     830  }
    806831
    807832  my $cidr;
     
    962987# Do the work of actually inserting a block in the database.
    963988sub insertAssign {
     989  if ($IPDBacl{$authuser} !~ /a/) {
     990    printError("You shouldn't have been able to get here.  Access denied.");
     991    return;
     992  }
    964993  # Some things are done more than once.
    965   printHeader('');
    966994  return if !validateInput();
    967995
     
    10611089# action=edit
    10621090sub edit {
    1063   printHeader('');
    10641091
    10651092  my $sql;
     
    10811108  $data[2] =~ s/\s//;
    10821109
    1083 ##fixme LEGACY CODE
    1084   # Postfix "i" on pool IP types
    1085   if ($data[2] =~ /^[cdsmw]$/) {
    1086     $data[2] .= "i";
    1087   }
    1088 
    10891110  open (HTML, "../editDisplay.html")
    10901111        or croak "Could not open editDisplay.html :$!";
     
    10971118# Needs thinking.  Have to allow changes to city to correct errors, no?
    10981119  $html =~ s/\$\$BLOCK\$\$/$webvar{block}/g;
    1099   $html =~ s/\$\$CITY\$\$/$data[3]/g;
     1120
     1121  if ($IPDBacl{$authuser} =~ /c/) {
     1122    $html =~ s/\$\$CUSTID\$\$/<input type=text name=custid value="$data[1]" maxlength=15 class="regular">/;
    11001123
    11011124# Screw it.  Changing allocation types gets very ugly VERY quickly- especially
     
    11061129
    11071130##fixme The check here should be built from the database
    1108   if ($data[2] =~ /^.[ne]$/) {
    1109     # Block that can be changed
    1110     my $blockoptions = "<select name=alloctype><option".
     1131    if ($data[2] =~ /^.[ne]$/) {
     1132      # Block that can be changed
     1133      my $blockoptions = "<select name=alloctype><option".
    11111134        (($data[2] eq 'me') ? ' selected' : '') ." value='me'>Dialup netblock</option>\n<option".
    11121135        (($data[2] eq 'de') ? ' selected' : '') ." value='de'>Dynamic DSL netblock</option>\n<option".
     
    11171140        (($data[2] eq 'in') ? ' selected' : '') ." value='in'>Internal netblock</option>\n".
    11181141        "</select>\n";
    1119     $html =~ s/\$\$TYPESELECT\$\$/$blockoptions/g;
     1142      $html =~ s/\$\$TYPESELECT\$\$/$blockoptions/g;
     1143    } else {
     1144      $html =~ s/\$\$TYPESELECT\$\$/$disp_alloctypes{$data[2]}<input type=hidden name=alloctype value="$data[2]">/g;
     1145    }
     1146    $html =~ s/\$\$CITY\$\$/<input type=text name=city value="$data[3]">/g;
     1147    $html =~ s/\$\$CIRCID\$\$/<input type="text" name="circid" value="$data[4]" maxlength=64 size=64 class="regular">/g;
     1148    $html =~ s/\$\$DESC\$\$/<input type="text" name="desc" value="$data[5]" maxlength=64 size=64 class="regular">/g;
     1149    $html =~ s|\$\$NOTES\$\$|<textarea rows="8" cols="64" name="notes" class="regular">$data[6]</textarea>|g;
    11201150  } else {
    1121     $html =~ s/\$\$TYPESELECT\$\$/$disp_alloctypes{$data[2]}<input type=hidden name=alloctype value="$data[2]">/g;
    1122   }
    1123 
    1124   # These can be modified, although CustID changes may get ignored.
    1125   $html =~ s/\$\$CUSTID\$\$/$data[1]/g;
    1126   $html =~ s/\$\$TYPE\$\$/$data[2]/g;
    1127   $html =~ s/\$\$CIRCID\$\$/$data[4]/g;
    1128   $html =~ s/\$\$DESC\$\$/$data[5]/g;
    1129   $html =~ s/\$\$NOTES\$\$/$data[6]/g;
     1151    $html =~ s/\$\$CUSTID\$\$/$data[1]/g;
     1152    $html =~ s/\$\$TYPESELECT\$\$/$disp_alloctypes{$data[2]}/g;
     1153    $html =~ s/\$\$CITY\$\$/$data[3]/g;
     1154    $html =~ s/\$\$CIRCID\$\$/$data[4]/g;
     1155    $html =~ s/\$\$DESC\$\$/$data[5]/g;
     1156    $html =~ s/\$\$NOTES\$\$/$data[6]/g;
     1157  }
     1158
     1159  # More ACL trickery - we can live with forms that don't submit,
     1160  # but we can't leave the extra table rows there, and we *really*
     1161  # can't leave the submit buttons there.
     1162  my $updok = '';
     1163  my $i=2;
     1164  if ($IPDBacl{$authuser} =~ /c/) {
     1165    $updok = qq(<tr class="color$i"><td colspan=2 class=regular><div class="center">).
     1166        qq(<input type="submit" value=" Update this block " class="regular">).
     1167        "</div></td></tr></form>\n";
     1168    $i--;
     1169  }
     1170  $html =~ s/\$\$UPDOK\$\$/$updok/g;
     1171
     1172  my $delok = '';
     1173  if ($IPDBacl{$authuser} =~ /d/) {
     1174    $delok = qq(<form method="POST" action="main.cgi">
     1175        <tr class="color$i"><td colspan=2 class="regular"><div class=center>
     1176        <input type="hidden" name="action" value="delete">
     1177        <input type="hidden" name="block" value="$webvar{block}">
     1178        <input type="hidden" name="alloctype" value="$data[2]">
     1179        <input type=submit value=" Delete this block ">
     1180        </div></td></tr>);
     1181  }
     1182  $html =~ s/\$\$DELOK\$\$/$delok/;
    11301183
    11311184  print $html;
     
    11371190# action=update
    11381191sub update {
    1139   printHeader('');
    11401192
    11411193  # Make sure incoming data is in correct format - custID among other things.
     
    11961248# Delete an allocation.
    11971249sub remove {
    1198   printHeader('');
     1250  if ($IPDBacl{$authuser} !~ /d/) {
     1251    printError("You shouldn't have been able to get here.  Access denied.");
     1252    return;
     1253  }
     1254
    11991255  #show confirm screen.
    12001256  open HTML, "../confirmRemove.html"
     
    12861342# Remove IPs from pool listing if necessary
    12871343sub finalDelete {
    1288   printHeader('');
     1344  if ($IPDBacl{$authuser} !~ /d/) {
     1345    printError("You shouldn't have been able to get here.  Access denied.");
     1346    return;
     1347  }
    12891348
    12901349  my ($code,$msg) = deleteBlock($ip_dbh, $webvar{block}, $webvar{alloctype});
     
    13091368
    13101369
     1370sub exitError {
     1371  my $errStr = $_[0];
     1372  printHeader('','');
     1373  print qq(<center><p class="regular"> $errStr </p>
     1374<input type="button" value="Back" onclick="history.go(-1)">
     1375</center>
     1376);
     1377  printFooter();
     1378  exit;
     1379} # errorExit
     1380
     1381
    13111382# Just in case we manage to get here.
    13121383exit 0;
  • trunk/editDisplay.html

    r74 r233  
    88<tr class="color1"><td class=heading>IP block:</td><td class="regular">$$BLOCK$$</td></tr>
    99
    10 <tr class="color2"><td class=heading>City:</td><td class="regular">
    11 <input type=text name=city value="$$CITY$$"></td></tr>
     10<tr class="color2"><td class=heading>City:</td><td class="regular">$$CITY$$</td></tr>
    1211
    1312<tr class="color1"><td class=heading>Type:</td><td class=regular>$$TYPESELECT$$</td></tr>
    1413
    15 <tr class="color2"><td class=heading>CustID:</td><td class="regular">
    16 <input type=text name=custid value="$$CUSTID$$" maxlength=15 class="regular"></td></tr>
     14<tr class="color2"><td class=heading>CustID:</td><td class="regular">$$CUSTID$$</td></tr>
    1715
    18 <tr class="color1"><td class="heading">Circuit ID:</td><td class="regular">
    19 <input type="text" name="circid" value="$$CIRCID$$" maxlength=64 size=64 class="regular"></td></tr>
     16<tr class="color1"><td class="heading">Circuit ID:</td><td class="regular">$$CIRCID$$</td></tr>
    2017
    21 <tr class="color2"><td class="heading">Description/Name:</td><td class="regular">
    22 <input type="text" name="desc" value="$$DESC$$" maxlength=64 size=64 class="regular"></td></tr>
     18<tr class="color2"><td class="heading">Description/Name:</td><td class="regular">$$DESC$$</td></tr>
    2319
    24 <tr class="color1"><td class="heading" valign="top">Notes:</td><td class="regular">
    25 <textarea rows="8" cols="64" name="notes" class="regular">$$NOTES$$</textarea></td></tr>
     20<tr class="color1"><td class="heading" valign="top">Notes:</td><td class="regular">$$NOTES$$</td></tr>
    2621
    27 <tr class="color2"><td colspan=2 class=regular><div class="center">
    28 <input type="submit" value=" Update this block " class="regular">
    29 </div></td></tr></form>
    30 <form method="POST" action="main.cgi">
    31 <tr class="color1"><td colspan=2 class="regular"><div class=center>
    32 <input type="hidden" name="action" value="delete">
    33 <input type="hidden" name="block" value="$$BLOCK$$">
    34 <input type="hidden" name="alloctype" value="$$TYPE$$">
    35 <input type=submit value=" Delete this block ">
    36 </div></td></tr>
     22$$UPDOK$$
     23$$DELOK$$
    3724</form>
    3825
  • trunk/header.inc

    r87 r233  
    5151<input type="button" value=" Help? " onclick="openHelp()" class="regular">
    5252&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
    53 <a href="/ip/cgi-bin/main.cgi?action=assign">Add new assignment</a>
     53$$EXTRA0$$
    5454</td>
    5555</form>
  • trunk/index.shtml

    r111 r233  
    1 <!--#include file="header.inc"-->
    21<!--#include virtual="/ip/cgi-bin/main.cgi?action=index" -->
Note: See TracChangeset for help on using the changeset viewer.