Changeset 284 for trunk/cgi-bin/main.cgi

Timestamp:

09/21/05 16:30:31 (19 years ago)

Author:

Kris Deugau

Message:

/trunk

Merge /branches/privdata r278:283 (with notable exception of
281, already committed to trunk) to /trunk
Merge is clean.

File:

• trunk/cgi-bin/main.cgi (modified) (14 diffs)

trunk/cgi-bin/main.cgi

@@ -626 +626 @@
   }
   $html =~ s|\$\$ALLCITIES\$\$|$cities|g;
+
+  my $i = 0;
+  $i++ if $webvar{fbtype} eq 'y';
+  # Check to see if user is allowed to do anything with sensitive data
+  my $privdata = '';
+  if ($IPDBacl{$authuser} =~ /s/) {
+    $privdata = qq(<tr class="color).($i%2).qq("><td>Restricted data:</td>).
+        qq(<td class=regular><textarea rows="3" cols="64" name="privdata" class="regular">).
+        qq(</textarea></td></tr>\n);
+    $i++;
+  }
+  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
+
+  $i = $i % 2;
+  $html =~ s/\$\$BUTTONROWCOLOUR\$\$/color$i/;
 
   print $html;
@@ -789 +804 @@
   $html =~ s|\$\$ACTION\$\$|insert|g;
 
+  my $i=1;
+  # Check to see if user is allowed to do anything with sensitive data
+  my $privdata = '';
+  if ($IPDBacl{$authuser} =~ /s/) {
+    $privdata = qq(<tr class="color).($i%2).qq("><td>Restricted data:</td>).
+        qq(<td class=regular>$webvar{privdata}).
+        qq(<input type=hidden name=privdata value="$webvar{privdata}"></td></tr>\n);
+    $i++;
+  }
+  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
+
+  $i = $i % 2;
+  $html =~ s/\$\$BUTTONROWCOLOUR\$\$/color$i/;
+
   print $html;
 
@@ -803 +832 @@
   return if !validateInput();
 
+  if (!defined($webvar{privdata})) {
+    $webvar{privdata} = '';
+  }
   # $code is "success" vs "failure", $msg contains OK for a
   # successful netblock allocation, the IP allocated for static
@@ -808 +840 @@
   my ($code,$msg) = allocateBlock($ip_dbh, $webvar{fullcidr}, $webvar{alloc_from},
         $webvar{custid}, $webvar{alloctype}, $webvar{city}, $webvar{desc}, $webvar{notes},
-        $webvar{circid});
+        $webvar{circid}, $webvar{privdata});
 
   if ($code eq 'OK') {
@@ -904 +936 @@
   # because I'm lazy, we'll try to make the SELECT's bring out identical)ish) data
   if ($webvar{block} =~ /\/32$/) {
-    $sql = "select ip,custid,type,city,circuitid,description,notes,modifystamp from poolips where ip='$webvar{block}'";
+    $sql = "select ip,custid,type,city,circuitid,description,notes,modifystamp,privdata from poolips where ip='$webvar{block}'";
   } else {
-    $sql = "select cidr,custid,type,city,circuitid,description,notes,modifystamp from allocations where cidr='$webvar{block}'"
+    $sql = "select cidr,custid,type,city,circuitid,description,notes,modifystamp,privdata from allocations where cidr='$webvar{block}'"
   }
 
@@ -971 +1003 @@
   my $i=1;
 
+  # Check to see if we can display sensitive data
+  my $privdata = '';
+  if ($IPDBacl{$authuser} =~ /s/) {
+    $privdata = qq(<tr class="color).($i%2).qq("><td class=heading>Restricted data:</td>).
+        qq(<td class=regular><textarea rows="3" cols="64" name="privdata" class="regular">).
+        qq($data[8]</textarea></td></tr>\n);
+    $i++;
+  }
+  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
+
   # More ACL trickery - we can live with forms that don't submit,
   # but we can't leave the extra table rows there, and we *really*
@@ -976 +1018 @@
   my $updok = '';
   if ($IPDBacl{$authuser} =~ /c/) {
-    $updok = qq(<tr class="color$i"><td colspan=2><div class="center">).
+    $updok = qq(<tr class="color).($i%2).qq("><td colspan=2><div class="center">).
         qq(<input type="submit" value=" Update this block " class="regular">).
         "</div></td></tr></form>\n";
@@ -986 +1028 @@
   if ($IPDBacl{$authuser} =~ /d/) {
     $delok = qq(<form method="POST" action="main.cgi">
-        <tr class="color$i"><td colspan=2 class="regular"><div class=center>
+        <tr class="color).($i%2).qq("><td colspan=2 class="regular"><div class=center>
         <input type="hidden" name="action" value="delete">
         <input type="hidden" name="block" value="$webvar{block}">
@@ -1003 +1045 @@
 # action=update
 sub update {
+  if ($IPDBacl{$authuser} !~ /c/) {
+    printError("You shouldn't have been able to get here.  Access denied.");
+    return;
+  }
+
+  # Check to see if we can update restricted data
+  my $privdata = '';
+  if ($IPDBacl{$authuser} =~ /s/) {
+    $privdata = ",privdata='$webvar{privdata}'";
+  }
 
   # Make sure incoming data is in correct format - custID among other things.
@@ -1013 +1065 @@
     if (my $pooltype = ($webvar{alloctype} =~ /^(.)i$/) ) {
       $sql = "update poolips set custid='$webvar{custid}',notes='$webvar{notes}',".
-        "circuitid='$webvar{circid}',description='$webvar{desc}',city='$webvar{city}' ".
-        "where ip='$webvar{block}'";
+        "circuitid='$webvar{circid}',description='$webvar{desc}',city='$webvar{city}'".
+        "$privdata where ip='$webvar{block}'";
     } else {
       $sql = "update allocations set custid='$webvar{custid}',".
         "description='$webvar{desc}',notes='$webvar{notes}',city='$webvar{city}',".
-        "type='$webvar{alloctype}',circuitid='$webvar{circid}' where cidr='$webvar{block}'";
+        "type='$webvar{alloctype}',circuitid='$webvar{circid}'$privdata ".
+        "where cidr='$webvar{block}'";
     }
     # Log the details of the change.
@@ -1054 +1107 @@
   $html =~ s/\$\$NOTES\$\$/$webvar{notes}/g;
 
+  if ($IPDBacl{$authuser} =~ /s/) {
+    $privdata = qq(<tr class="color2"><td valign="top">Restricted data:</td>).
+        qq(<td class="regular">).desanitize($webvar{privdata}).qq(</td></tr>\n);
+  }
+  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
+
   print $html;
 
@@ -1078 +1137 @@
   }
 
-  my ($cidr, $custid, $type, $city, $circid, $desc, $notes, $alloctype);
+  my ($cidr, $custid, $type, $city, $circid, $desc, $notes, $alloctype, $privdata);
 
   if ($webvar{alloctype} eq 'rm') {
@@ -1107 +1166 @@
 
     # Unassigning a static IP
-    my $sth = $ip_dbh->prepare("select ip,custid,city,type,notes,circuitid from poolips".
-        " where ip='$webvar{block}'");
+    my $sth = $ip_dbh->prepare("select ip,custid,city,type,notes,circuitid,privdata".
+        " from poolips where ip='$webvar{block}'");
     $sth->execute();
 #  croak $sth->errstr() if($sth->errstr());
 
-    $sth->bind_columns(\$cidr, \$custid, \$city, \$alloctype, \$notes, \$circid);
+    $sth->bind_columns(\$cidr, \$custid, \$city, \$alloctype, \$notes, \$circid,
+        \$privdata);
     $sth->fetch() || croak $sth->errstr;
 
   } else { # done with alloctype=~ /^.i$/
 
-    my $sth = $ip_dbh->prepare("select cidr,custid,type,city,circuitid,description,notes from ".
-        "allocations where cidr='$webvar{block}'");
+    my $sth = $ip_dbh->prepare("select cidr,custid,type,city,circuitid,description,notes,privdata".
+        " from allocations where cidr='$webvar{block}'");
     $sth->execute();
 #       croak $sth->errstr() if($sth->errstr());
 
-    $sth->bind_columns(\$cidr, \$custid, \$alloctype, \$city, \$circid, \$desc, \$notes);
+    $sth->bind_columns(\$cidr, \$custid, \$alloctype, \$city, \$circid, \$desc,
+        \$notes, \$privdata);
     $sth->fetch() || carp $sth->errstr;
   } # end cases for different alloctypes
@@ -1145 +1206 @@
     $html =~ s|<!--warn-->|<tr bgcolor="black"><td colspan="2"><div class="red">Warning: clicking confirm will remove this record entirely.</div></td></tr>|;
   }
+
+  my $i = 1;
+  # Check to see if user is allowed to do anything with sensitive data
+  if ($IPDBacl{$authuser} =~ /s/) {
+    $privdata = qq(<tr class="color).($i%2).qq("><td>Restricted data:</td>).
+        qq(<td class=regular>$privdata</td></tr>\n);
+    $i++;
+  }
+  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
+
+  $i = ++$i % 2;
+  $html =~ s/\$\$BUTTONROWCOLOUR\$\$/color$i/;
 
   print $html;