Changeset 284
- Timestamp:
- 09/21/05 16:30:31 (19 years ago)
- Location:
- trunk
- Files:
-
- 10 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/assign.html
r144 r284 36 36 </tr><tr class="color1"> 37 37 <td>Notes: </td><td><textarea name="notes" rows="3" cols="40"></textarea></td> 38 </tr><tr class="color2"> 38 </tr> 39 $$PRIVDATA$$ 40 <tr class="$$BUTTONROWCOLOUR$$"> 39 41 <td class="center" colspan="2"><input type="submit" value=" Assign "></td> 40 42 <input type="hidden" name="action" value="confirm"> -
trunk/cgi-bin/IPDB.pm
r256 r284 184 184 # Does all of the magic of actually allocating a netblock 185 185 # Requires database handle, block to allocate, custid, type, city, 186 # description, notes, circuit ID, block to allocate from, 186 # description, notes, circuit ID, block to allocate from, private data 187 187 # Returns a success code and optional error message. 188 188 sub allocateBlock { 189 my ($dbh,undef,undef,$custid,$type,$city,$desc,$notes,$circid ) = @_;190 189 my ($dbh,undef,undef,$custid,$type,$city,$desc,$notes,$circid,$privdata) = @_; 190 191 191 my $cidr = new NetAddr::IP $_[1]; 192 192 my $alloc_from = new NetAddr::IP $_[2]; … … 220 220 $sth = $dbh->prepare("update poolips set custid='$custid',". 221 221 "city='$city',available='n',description='$desc',notes='$notes',". 222 "circuitid='$circid' ".222 "circuitid='$circid',privdata='$privdata'". 223 223 " where ip='$cidr'"); 224 224 $sth->execute; … … 263 263 } 264 264 $sth = $dbh->prepare("insert into allocations". 265 " (cidr,custid,type,city,description,notes,maskbits,circuitid )".265 " (cidr,custid,type,city,description,notes,maskbits,circuitid,privdata)". 266 266 " values ('$cidr','$custid','$type','$city','$desc','$notes',". 267 $cidr->masklen.",'$circid' )");267 $cidr->masklen.",'$circid','$privdata')"); 268 268 $sth->execute; 269 269 … … 361 361 # Insert the allocations entry 362 362 $sth = $dbh->prepare("insert into allocations (cidr,custid,type,city,". 363 "description,notes,maskbits,circuitid )".363 "description,notes,maskbits,circuitid,privdata)". 364 364 " values ('$cidr','$custid','$type','$city','$desc','$notes',". 365 $cidr->masklen.",'$circid' )");365 $cidr->masklen.",'$circid','$privdata')"); 366 366 $sth->execute; 367 367 -
trunk/cgi-bin/admin.cgi
r259 r284 285 285 286 286 print "<hr>Users with access:\n<table border=1>\n"; 287 print "<tr><td></td><td align=center colspan=3>General access</td></tr>\n"; 287 288 print "<tr><td>Username</td><td>Add new</td><td>Change</td>". 288 "<td>Delete</td><td> Admin user</td></tr>\n".289 "<td>Delete</td><td>Systems/Networking</td><td>Admin user</td></tr>\n". 289 290 "<form action=admin.cgi method=POST>\n"; 290 291 $sth = $ip_dbh->prepare("select username,acl from users order by username"); … … 298 299 "></td><td><input type=checkbox name=change".($data[1] =~ /c/ ? ' checked=y' : ''). 299 300 "></td><td><input type=checkbox name=del".($data[1] =~ /d/ ? ' checked=y' : ''). 301 "></td><td><input type=checkbox name=sysnet".($data[1] =~ /s/ ? ' checked=y' : ''). 300 302 "></td><td><input type=checkbox name=admin".($data[1] =~ /A/ ? ' checked=y' : ''). 301 303 qq(></td><td><input type=submit value="Update"></td></form>\n). … … 310 312 my $acl = 'b'; 311 313 if ($webvar{admin} eq 'on') { 312 $acl .= "acd A";314 $acl .= "acdsA"; 313 315 } else { 314 316 $acl .= ($webvar{add} eq 'on' ? 'a' : ''). 315 317 ($webvar{change} eq 'on' ? 'c' : ''). 316 ($webvar{del} eq 'on' ? 'd' : ''); 318 ($webvar{del} eq 'on' ? 'd' : ''). 319 ($webvar{sysnet} eq 'on' ? 's' : ''); 317 320 } 318 321 print "New ACL: $acl<br>\n"; -
trunk/cgi-bin/ipdb.psql
r257 r284 71 71 "description" character varying(64) DEFAULT '' NOT NULL, 72 72 "circuitid" character varying(128) DEFAULT '' NOT NULL, 73 "privdata" text DEFAULT '' NOT NULL, 73 74 "newcustid" integer, 74 75 "createstamp" timestamp DEFAULT now(), … … 92 93 "createstamp" timestamp DEFAULT now(), 93 94 "modifystamp" timestamp DEFAULT now(), 95 "privdata" text DEFAULT '' NOT NULL, 94 96 "newcustid" integer 95 97 ); -
trunk/cgi-bin/main.cgi
r261 r284 626 626 } 627 627 $html =~ s|\$\$ALLCITIES\$\$|$cities|g; 628 629 my $i = 0; 630 $i++ if $webvar{fbtype} eq 'y'; 631 # Check to see if user is allowed to do anything with sensitive data 632 my $privdata = ''; 633 if ($IPDBacl{$authuser} =~ /s/) { 634 $privdata = qq(<tr class="color).($i%2).qq("><td>Restricted data:</td>). 635 qq(<td class=regular><textarea rows="3" cols="64" name="privdata" class="regular">). 636 qq(</textarea></td></tr>\n); 637 $i++; 638 } 639 $html =~ s/\$\$PRIVDATA\$\$/$privdata/g; 640 641 $i = $i % 2; 642 $html =~ s/\$\$BUTTONROWCOLOUR\$\$/color$i/; 628 643 629 644 print $html; … … 789 804 $html =~ s|\$\$ACTION\$\$|insert|g; 790 805 806 my $i=1; 807 # Check to see if user is allowed to do anything with sensitive data 808 my $privdata = ''; 809 if ($IPDBacl{$authuser} =~ /s/) { 810 $privdata = qq(<tr class="color).($i%2).qq("><td>Restricted data:</td>). 811 qq(<td class=regular>$webvar{privdata}). 812 qq(<input type=hidden name=privdata value="$webvar{privdata}"></td></tr>\n); 813 $i++; 814 } 815 $html =~ s/\$\$PRIVDATA\$\$/$privdata/g; 816 817 $i = $i % 2; 818 $html =~ s/\$\$BUTTONROWCOLOUR\$\$/color$i/; 819 791 820 print $html; 792 821 … … 803 832 return if !validateInput(); 804 833 834 if (!defined($webvar{privdata})) { 835 $webvar{privdata} = ''; 836 } 805 837 # $code is "success" vs "failure", $msg contains OK for a 806 838 # successful netblock allocation, the IP allocated for static … … 808 840 my ($code,$msg) = allocateBlock($ip_dbh, $webvar{fullcidr}, $webvar{alloc_from}, 809 841 $webvar{custid}, $webvar{alloctype}, $webvar{city}, $webvar{desc}, $webvar{notes}, 810 $webvar{circid} );842 $webvar{circid}, $webvar{privdata}); 811 843 812 844 if ($code eq 'OK') { … … 904 936 # because I'm lazy, we'll try to make the SELECT's bring out identical)ish) data 905 937 if ($webvar{block} =~ /\/32$/) { 906 $sql = "select ip,custid,type,city,circuitid,description,notes,modifystamp from poolips where ip='$webvar{block}'";938 $sql = "select ip,custid,type,city,circuitid,description,notes,modifystamp,privdata from poolips where ip='$webvar{block}'"; 907 939 } else { 908 $sql = "select cidr,custid,type,city,circuitid,description,notes,modifystamp from allocations where cidr='$webvar{block}'"940 $sql = "select cidr,custid,type,city,circuitid,description,notes,modifystamp,privdata from allocations where cidr='$webvar{block}'" 909 941 } 910 942 … … 971 1003 my $i=1; 972 1004 1005 # Check to see if we can display sensitive data 1006 my $privdata = ''; 1007 if ($IPDBacl{$authuser} =~ /s/) { 1008 $privdata = qq(<tr class="color).($i%2).qq("><td class=heading>Restricted data:</td>). 1009 qq(<td class=regular><textarea rows="3" cols="64" name="privdata" class="regular">). 1010 qq($data[8]</textarea></td></tr>\n); 1011 $i++; 1012 } 1013 $html =~ s/\$\$PRIVDATA\$\$/$privdata/g; 1014 973 1015 # More ACL trickery - we can live with forms that don't submit, 974 1016 # but we can't leave the extra table rows there, and we *really* … … 976 1018 my $updok = ''; 977 1019 if ($IPDBacl{$authuser} =~ /c/) { 978 $updok = qq(<tr class="color $i"><td colspan=2><div class="center">).1020 $updok = qq(<tr class="color).($i%2).qq("><td colspan=2><div class="center">). 979 1021 qq(<input type="submit" value=" Update this block " class="regular">). 980 1022 "</div></td></tr></form>\n"; … … 986 1028 if ($IPDBacl{$authuser} =~ /d/) { 987 1029 $delok = qq(<form method="POST" action="main.cgi"> 988 <tr class="color $i"><td colspan=2 class="regular"><div class=center>1030 <tr class="color).($i%2).qq("><td colspan=2 class="regular"><div class=center> 989 1031 <input type="hidden" name="action" value="delete"> 990 1032 <input type="hidden" name="block" value="$webvar{block}"> … … 1003 1045 # action=update 1004 1046 sub update { 1047 if ($IPDBacl{$authuser} !~ /c/) { 1048 printError("You shouldn't have been able to get here. Access denied."); 1049 return; 1050 } 1051 1052 # Check to see if we can update restricted data 1053 my $privdata = ''; 1054 if ($IPDBacl{$authuser} =~ /s/) { 1055 $privdata = ",privdata='$webvar{privdata}'"; 1056 } 1005 1057 1006 1058 # Make sure incoming data is in correct format - custID among other things. … … 1013 1065 if (my $pooltype = ($webvar{alloctype} =~ /^(.)i$/) ) { 1014 1066 $sql = "update poolips set custid='$webvar{custid}',notes='$webvar{notes}',". 1015 "circuitid='$webvar{circid}',description='$webvar{desc}',city='$webvar{city}' 1016 " where ip='$webvar{block}'";1067 "circuitid='$webvar{circid}',description='$webvar{desc}',city='$webvar{city}'". 1068 "$privdata where ip='$webvar{block}'"; 1017 1069 } else { 1018 1070 $sql = "update allocations set custid='$webvar{custid}',". 1019 1071 "description='$webvar{desc}',notes='$webvar{notes}',city='$webvar{city}',". 1020 "type='$webvar{alloctype}',circuitid='$webvar{circid}' where cidr='$webvar{block}'"; 1072 "type='$webvar{alloctype}',circuitid='$webvar{circid}'$privdata ". 1073 "where cidr='$webvar{block}'"; 1021 1074 } 1022 1075 # Log the details of the change. … … 1054 1107 $html =~ s/\$\$NOTES\$\$/$webvar{notes}/g; 1055 1108 1109 if ($IPDBacl{$authuser} =~ /s/) { 1110 $privdata = qq(<tr class="color2"><td valign="top">Restricted data:</td>). 1111 qq(<td class="regular">).desanitize($webvar{privdata}).qq(</td></tr>\n); 1112 } 1113 $html =~ s/\$\$PRIVDATA\$\$/$privdata/g; 1114 1056 1115 print $html; 1057 1116 … … 1078 1137 } 1079 1138 1080 my ($cidr, $custid, $type, $city, $circid, $desc, $notes, $alloctype );1139 my ($cidr, $custid, $type, $city, $circid, $desc, $notes, $alloctype, $privdata); 1081 1140 1082 1141 if ($webvar{alloctype} eq 'rm') { … … 1107 1166 1108 1167 # Unassigning a static IP 1109 my $sth = $ip_dbh->prepare("select ip,custid,city,type,notes,circuitid from poolips".1110 " where ip='$webvar{block}'");1168 my $sth = $ip_dbh->prepare("select ip,custid,city,type,notes,circuitid,privdata". 1169 " from poolips where ip='$webvar{block}'"); 1111 1170 $sth->execute(); 1112 1171 # croak $sth->errstr() if($sth->errstr()); 1113 1172 1114 $sth->bind_columns(\$cidr, \$custid, \$city, \$alloctype, \$notes, \$circid); 1173 $sth->bind_columns(\$cidr, \$custid, \$city, \$alloctype, \$notes, \$circid, 1174 \$privdata); 1115 1175 $sth->fetch() || croak $sth->errstr; 1116 1176 1117 1177 } else { # done with alloctype=~ /^.i$/ 1118 1178 1119 my $sth = $ip_dbh->prepare("select cidr,custid,type,city,circuitid,description,notes from".1120 " allocations where cidr='$webvar{block}'");1179 my $sth = $ip_dbh->prepare("select cidr,custid,type,city,circuitid,description,notes,privdata". 1180 " from allocations where cidr='$webvar{block}'"); 1121 1181 $sth->execute(); 1122 1182 # croak $sth->errstr() if($sth->errstr()); 1123 1183 1124 $sth->bind_columns(\$cidr, \$custid, \$alloctype, \$city, \$circid, \$desc, \$notes); 1184 $sth->bind_columns(\$cidr, \$custid, \$alloctype, \$city, \$circid, \$desc, 1185 \$notes, \$privdata); 1125 1186 $sth->fetch() || carp $sth->errstr; 1126 1187 } # end cases for different alloctypes … … 1145 1206 $html =~ s|<!--warn-->|<tr bgcolor="black"><td colspan="2"><div class="red">Warning: clicking confirm will remove this record entirely.</div></td></tr>|; 1146 1207 } 1208 1209 my $i = 1; 1210 # Check to see if user is allowed to do anything with sensitive data 1211 if ($IPDBacl{$authuser} =~ /s/) { 1212 $privdata = qq(<tr class="color).($i%2).qq("><td>Restricted data:</td>). 1213 qq(<td class=regular>$privdata</td></tr>\n); 1214 $i++; 1215 } 1216 $html =~ s/\$\$PRIVDATA\$\$/$privdata/g; 1217 1218 $i = ++$i % 2; 1219 $html =~ s/\$\$BUTTONROWCOLOUR\$\$/color$i/; 1147 1220 1148 1221 print $html; -
trunk/confirm.html
r74 r284 21 21 <td valign="top">Notes: </td><td> $$NOTES$$<input type="hidden" name="notes" value="$$NOTES$$"></td> 22 22 </tr> 23 $$PRIVDATA$$ 23 24 <!-- warn --> 24 25 <input type="hidden" name="alloctype" value="$$ALLOC_TYPE$$"> 25 26 <input type="hidden" name="action" value="$$ACTION$$"> 26 <tr class=" color1">27 <tr class="$$BUTTONROWCOLOUR$$"> 27 28 <td class="center" colspan="2"> 28 29 <input type="button" value="Back" onclick="history.go(-1)"><input type="submit" value="Confirm"> -
trunk/confirmRemove.html
r74 r284 10 10 <tr class="color1"><td valign="top">Description/Name:</td><td>$$DESC$$</td></tr> 11 11 <tr class="color2"><td valign="top">Notes:</td><td>$$NOTES$$</td></tr> 12 $$PRIVDATA$$ 12 13 <!--warn--> 13 14 <input type="hidden" name="action" value="$$ACTION$$"> 14 <tr class=" color1"><td class="center" colspan=2>15 <tr class="$$BUTTONROWCOLOUR$$"><td class="center" colspan=2> 15 16 <input type="button" value="Back" onclick="history.go(-1)"><input type="submit" value="Confirm"> 16 17 </td></tr> -
trunk/editDisplay.html
r255 r284 22 22 <tr class="color2"><td class="heading" valign="top">Notes:</td><td class="regular">$$NOTES$$</td></tr> 23 23 24 $$PRIVDATA$$ 24 25 $$UPDOK$$ 25 26 $$DELOK$$ -
trunk/fb-assign.html
r187 r284 22 22 </tr><tr class="color2"> 23 23 <td>Notes: </td><td><textarea name="notes" rows="3" cols="40"></textarea></td> 24 </tr><tr class="color1"> 24 </tr> 25 $$PRIVDATA$$ 26 <tr class="$$BUTTONROWCOLOUR$$"> 25 27 <td class="center" colspan="2"><input type="submit" value=" Assign "></td> 26 28 <input type="hidden" name="action" value="confirm"> -
trunk/updated.html
r74 r284 9 9 <tr class="color2"><td valign="top">Description/Name:</td><td>$$DESC$$</td></tr> 10 10 <tr class="color1"><td valign="top">Notes:</td><td>$$NOTES$$</td></tr> 11 $$PRIVDATA$$ 11 12 </table> 12 13 </div>
Note:
See TracChangeset
for help on using the changeset viewer.