Changeset 280 for branches/privdata
- Timestamp:
- 09/16/05 17:21:57 (19 years ago)
- Location:
- branches/privdata
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/privdata/cgi-bin/admin.cgi
r259 r280 285 285 286 286 print "<hr>Users with access:\n<table border=1>\n"; 287 print "<tr><td></td><td align=center colspan=3>General access</td></tr>\n"; 287 288 print "<tr><td>Username</td><td>Add new</td><td>Change</td>". 288 "<td>Delete</td><td> Admin user</td></tr>\n".289 "<td>Delete</td><td>Systems/Networking</td><td>Admin user</td></tr>\n". 289 290 "<form action=admin.cgi method=POST>\n"; 290 291 $sth = $ip_dbh->prepare("select username,acl from users order by username"); … … 298 299 "></td><td><input type=checkbox name=change".($data[1] =~ /c/ ? ' checked=y' : ''). 299 300 "></td><td><input type=checkbox name=del".($data[1] =~ /d/ ? ' checked=y' : ''). 301 "></td><td><input type=checkbox name=sysnet".($data[1] =~ /s/ ? ' checked=y' : ''). 300 302 "></td><td><input type=checkbox name=admin".($data[1] =~ /A/ ? ' checked=y' : ''). 301 303 qq(></td><td><input type=submit value="Update"></td></form>\n). … … 310 312 my $acl = 'b'; 311 313 if ($webvar{admin} eq 'on') { 312 $acl .= "acd A";314 $acl .= "acdsA"; 313 315 } else { 314 316 $acl .= ($webvar{add} eq 'on' ? 'a' : ''). 315 317 ($webvar{change} eq 'on' ? 'c' : ''). 316 ($webvar{del} eq 'on' ? 'd' : ''); 318 ($webvar{del} eq 'on' ? 'd' : ''). 319 ($webvar{sysnet} eq 'on' ? 's' : ''); 317 320 } 318 321 print "New ACL: $acl<br>\n"; -
branches/privdata/cgi-bin/ipdb.psql
r257 r280 71 71 "description" character varying(64) DEFAULT '' NOT NULL, 72 72 "circuitid" character varying(128) DEFAULT '' NOT NULL, 73 "privdata" text DEFAULT '' NOT NULL, 73 74 "newcustid" integer, 74 75 "createstamp" timestamp DEFAULT now(), … … 92 93 "createstamp" timestamp DEFAULT now(), 93 94 "modifystamp" timestamp DEFAULT now(), 95 "privdata" text DEFAULT '' NOT NULL, 94 96 "newcustid" integer 95 97 ); -
branches/privdata/cgi-bin/main.cgi
r261 r280 904 904 # because I'm lazy, we'll try to make the SELECT's bring out identical)ish) data 905 905 if ($webvar{block} =~ /\/32$/) { 906 $sql = "select ip,custid,type,city,circuitid,description,notes,modifystamp from poolips where ip='$webvar{block}'";906 $sql = "select ip,custid,type,city,circuitid,description,notes,modifystamp,privdata from poolips where ip='$webvar{block}'"; 907 907 } else { 908 $sql = "select cidr,custid,type,city,circuitid,description,notes,modifystamp from allocations where cidr='$webvar{block}'"908 $sql = "select cidr,custid,type,city,circuitid,description,notes,modifystamp,privdata from allocations where cidr='$webvar{block}'" 909 909 } 910 910 … … 971 971 my $i=1; 972 972 973 # Check to see if we can display sensitive data 974 my $privdata = ''; 975 if ($IPDBacl{$authuser} =~ /s/) { 976 $privdata = qq(<tr class="color).($i%2).qq("><td class=heading>Restricted data:</td>). 977 qq(<td class=regular><textarea rows="3" cols="64" name="privdata" class="regular">). 978 qq($data[8]</textarea></td></tr>\n); 979 $i++; 980 } 981 $html =~ s/\$\$PRIVDATA\$\$/$privdata/g; 982 973 983 # More ACL trickery - we can live with forms that don't submit, 974 984 # but we can't leave the extra table rows there, and we *really* … … 976 986 my $updok = ''; 977 987 if ($IPDBacl{$authuser} =~ /c/) { 978 $updok = qq(<tr class="color $i"><td colspan=2><div class="center">).988 $updok = qq(<tr class="color).($i%2).qq("><td colspan=2><div class="center">). 979 989 qq(<input type="submit" value=" Update this block " class="regular">). 980 990 "</div></td></tr></form>\n"; … … 986 996 if ($IPDBacl{$authuser} =~ /d/) { 987 997 $delok = qq(<form method="POST" action="main.cgi"> 988 <tr class="color $i"><td colspan=2 class="regular"><div class=center>998 <tr class="color).($i%2).qq("><td colspan=2 class="regular"><div class=center> 989 999 <input type="hidden" name="action" value="delete"> 990 1000 <input type="hidden" name="block" value="$webvar{block}"> … … 1003 1013 # action=update 1004 1014 sub update { 1015 if ($IPDBacl{$authuser} !~ /c/) { 1016 printError("You shouldn't have been able to get here. Access denied."); 1017 return; 1018 } 1019 1020 # Check to see if we can update restricted data 1021 my $privdata = ''; 1022 if ($IPDBacl{$authuser} =~ /s/) { 1023 $privdata = ",privdata='$webvar{privdata}'"; 1024 } 1005 1025 1006 1026 # Make sure incoming data is in correct format - custID among other things. … … 1013 1033 if (my $pooltype = ($webvar{alloctype} =~ /^(.)i$/) ) { 1014 1034 $sql = "update poolips set custid='$webvar{custid}',notes='$webvar{notes}',". 1015 "circuitid='$webvar{circid}',description='$webvar{desc}',city='$webvar{city}' 1016 " where ip='$webvar{block}'";1035 "circuitid='$webvar{circid}',description='$webvar{desc}',city='$webvar{city}'". 1036 "$privdata where ip='$webvar{block}'"; 1017 1037 } else { 1018 1038 $sql = "update allocations set custid='$webvar{custid}',". 1019 1039 "description='$webvar{desc}',notes='$webvar{notes}',city='$webvar{city}',". 1020 "type='$webvar{alloctype}',circuitid='$webvar{circid}' where cidr='$webvar{block}'"; 1040 "type='$webvar{alloctype}',circuitid='$webvar{circid}'$privdata ". 1041 "where cidr='$webvar{block}'"; 1021 1042 } 1022 1043 # Log the details of the change. … … 1054 1075 $html =~ s/\$\$NOTES\$\$/$webvar{notes}/g; 1055 1076 1077 if ($IPDBacl{$authuser} =~ /s/) { 1078 $privdata = qq(<tr class="color2"><td valign="top">Restricted data:</td>). 1079 qq(<td class="regular">).desanitize($webvar{privdata}).qq(</td></tr>\n); 1080 } 1081 $html =~ s/\$\$PRIVDATA\$\$/$privdata/g; 1082 1056 1083 print $html; 1057 1084 -
branches/privdata/editDisplay.html
r255 r280 22 22 <tr class="color2"><td class="heading" valign="top">Notes:</td><td class="regular">$$NOTES$$</td></tr> 23 23 24 $$PRIVDATA$$ 24 25 $$UPDOK$$ 25 26 $$DELOK$$ -
branches/privdata/updated.html
r74 r280 9 9 <tr class="color2"><td valign="top">Description/Name:</td><td>$$DESC$$</td></tr> 10 10 <tr class="color1"><td valign="top">Notes:</td><td>$$NOTES$$</td></tr> 11 $$PRIVDATA$$ 11 12 </table> 12 13 </div>
Note:
See TracChangeset
for help on using the changeset viewer.