Changeset 286

Timestamp:

09/23/05 15:54:31 (19 years ago)

Author:

Kris Deugau

Message:

/branches/stable

Merge changes from /trunk revisions:

234
237
254 (ipdb.css only)
261
279
284
285

This merges the new search system (234, 237, 254), cleans up
some display CSS (254, 279), cleans up some leftover code (r261),
and merges the "private data" code (284, 285 - note SWIP hacks conflict).

/trunk should now be almost identical to /branches/stable.

Location:

branches/stable

Files:

• assign.html (modified) (1 diff)
• cgi-bin/IPDB.pm (modified) (4 diffs)
• cgi-bin/admin.cgi (modified) (3 diffs)
• cgi-bin/ipdb.psql (modified) (3 diffs)
• cgi-bin/main.cgi (modified) (19 diffs)
• cgi-bin/search.cgi (copied) (copied from trunk/cgi-bin/search.cgi ) (3 diffs)
• compsearch.html (copied) (copied from trunk/compsearch.html )
• confirm.html (modified) (1 diff)
• confirmRemove.html (modified) (1 diff)
• editDisplay.html (modified) (1 diff)
• fb-assign.html (modified) (1 diff)
• header.inc (modified) (1 diff)
• help.html (modified) (2 diffs)
• ipdb.css (modified) (1 diff)
• updated.html (modified) (1 diff)

branches/stable/assign.html

@@ -38 +38 @@
 </tr><tr class="color1">
 <td>Notes:&nbsp;</td><td><textarea name="notes" rows="3" cols="40"></textarea></td>
-</tr><tr class="color2">
+</tr>
+$$PRIVDATA$$
+<tr class="$$BUTTONROWCOLOUR$$">
 <td class="center" colspan="2"><input type="submit" value="  Assign  "></td>
 <input type="hidden" name="action" value="confirm">

branches/stable/cgi-bin/IPDB.pm

@@ -184 +184 @@
 # Does all of the magic of actually allocating a netblock
 # Requires database handle, block to allocate, custid, type, city,
-#       description, notes, circuit ID, block to allocate from, 
+#       description, notes, circuit ID, block to allocate from, private data
 # Returns a success code and optional error message.
 sub allocateBlock {
-  my ($dbh,undef,undef,$custid,$type,$city,$desc,$notes,$circid) = @_;
-  
+  my ($dbh,undef,undef,$custid,$type,$city,$desc,$notes,$circid,$privdata) = @_;
+
   my $cidr = new NetAddr::IP $_[1];
   my $alloc_from = new NetAddr::IP $_[2];
@@ -220 +220 @@
       $sth = $dbh->prepare("update poolips set custid='$custid',".
         "city='$city',available='n',description='$desc',notes='$notes',".
-        "circuitid='$circid'".
+        "circuitid='$circid',privdata='$privdata'".
         " where ip='$cidr'");
       $sth->execute;
@@ -263 +263 @@
           }
           $sth = $dbh->prepare("insert into allocations".
-                " (cidr,custid,type,city,description,notes,maskbits,circuitid)".
+                " (cidr,custid,type,city,description,notes,maskbits,circuitid,privdata)".
                 " values ('$cidr','$custid','$type','$city','$desc','$notes',".
-                $cidr->masklen.",'$circid')");
+                $cidr->masklen.",'$circid','$privdata')");
           $sth->execute;
 
@@ -361 +361 @@
           # Insert the allocations entry
           $sth = $dbh->prepare("insert into allocations (cidr,custid,type,city,".
-                "description,notes,maskbits,circuitid)".
+                "description,notes,maskbits,circuitid,privdata)".
                 " values ('$cidr','$custid','$type','$city','$desc','$notes',".
-                $cidr->masklen.",'$circid')");
+                $cidr->masklen.",'$circid','$privdata')");
           $sth->execute;
 

branches/stable/cgi-bin/admin.cgi

@@ -301 +301 @@
 
   print "<hr>Users with access:\n<table border=1>\n";
+  print "<tr><td></td><td align=center colspan=3>General access</td></tr>\n";
   print "<tr><td>Username</td><td>Add new</td><td>Change</td>".
-        "<td>Delete</td><td>Admin user</td></tr>\n".
+        "<td>Delete</td><td>Systems/Networking</td><td>Admin user</td></tr>\n".
         "<form action=admin.cgi method=POST>\n";
   $sth = $ip_dbh->prepare("select username,acl from users order by username");
@@ -314 +315 @@
         "></td><td><input type=checkbox name=change".($data[1] =~ /c/ ? ' checked=y' : '').
         "></td><td><input type=checkbox name=del".($data[1] =~ /d/ ? ' checked=y' : '').
+        "></td><td><input type=checkbox name=sysnet".($data[1] =~ /s/ ? ' checked=y' : '').
         "></td><td><input type=checkbox name=admin".($data[1] =~ /A/ ? ' checked=y' : '').
         qq(></td><td><input type=submit value="Update"></td></form>\n).
@@ -326 +328 @@
   my $acl = 'b';
   if ($webvar{admin} eq 'on') {
-    $acl .= "acdA";
+    $acl .= "acdsA";
   } else {
     $acl .= ($webvar{add} eq 'on' ? 'a' : '').
         ($webvar{change} eq 'on' ? 'c' : '').
-        ($webvar{del} eq 'on' ? 'd' : '');
+        ($webvar{del} eq 'on' ? 'd' : '').
+        ($webvar{sysnet} eq 'on' ? 's' : '');
   }
   print "New ACL: $acl<br>\n";

branches/stable/cgi-bin/ipdb.psql

@@ -69 +69 @@
         "description" character varying(64) DEFAULT '' NOT NULL,
         "circuitid" character varying(128) DEFAULT '' NOT NULL,
+        "privdata" text DEFAULT '' NOT NULL,
         "newcustid" integer,
         CHECK (((available = 'y'::bpchar) OR (available = 'n'::bpchar)))
@@ -86 +87 @@
         "maskbits" integer DEFAULT 128,
         "circuitid" character varying(128) DEFAULT '',
+        "privdata" text DEFAULT '' NOT NULL,
         "newcustid" integer
 );
@@ -93 +95 @@
 GRANT ALL on "allocations" to "ipdb";
 
-CREATE VIEW "searchme" as SELECT allocations.cidr, allocations.custid, allocations."type", allocations.city, allocations.description FROM allocations UNION SELECT poolips.ip, poolips.custid, poolips.type, poolips.city, poolips.description FROM poolips;
+CREATE VIEW "searchme" as SELECT allocations.cidr, allocations.custid, allocations."type", allocations.city, allocations.description, allocations.notes FROM allocations UNION SELECT poolips.ip, poolips.custid, poolips.type, poolips.city, poolips.description, poolips.notes FROM poolips;
 
 REVOKE ALL on "searchme" from PUBLIC;

branches/stable/cgi-bin/main.cgi

@@ -47 +47 @@
 # Headerize!  Make sure we replace the $$EXTRA0$$ bit as needed.
 printHeader('', ($IPDBacl{$authuser} =~ /a/ ?
-        '<a href="/ip/cgi-bin/main.cgi?action=assign">Add new assignment</a>' : ''
+        '<td align=right><a href="/ip/cgi-bin/main.cgi?action=assign">Add new assignment</a>' : ''
         ));
 
 
-#prototypes
-sub viewBy($$);         # feed it the category and query
-sub queryResults($$$);  # args is the sql, the page# and the rowCount
-# Needs rewrite/rename
-sub countRows($);       # returns first element of first row of passed SQL
-                        # Only usage passes "select count(*) ..."
-
 # Global variables
-my $RESULTS_PER_PAGE = 50;
 my %webvar = parse_post();
 cleanInput(\%webvar);
@@ -134 +126 @@
 elsif($webvar{action} eq 'listpool') {
   listPool();
-}
-elsif($webvar{action} eq 'search') {
-  if (!$webvar{input}) {
-    # No search term.  Display everything.
-    viewBy('all', '');
-  } else {
-    # Search term entered.  Display matches.
-    # We should really sanitize $webvar{input}, no?
-    viewBy($webvar{searchfor}, $webvar{input});
-  }
 }
 
@@ -200 +182 @@
 
 
-sub viewBy($$) {
-  my ($category,$query) = @_;
-
-  # Local variables
-  my $sql;
-
-#print "<pre>\n";
-
-#print "start querysub: query '$query'\n";
-# this may happen with more than one subcategory.  Unlikely, but possible.
-
-  # Calculate start point for LIMIT clause
-  my $offset = ($webvar{page}-1)*$RESULTS_PER_PAGE;
-
-# Possible cases:
-# 1) Partial IP/subnet.  Treated as "first-three-octets-match" in old IPDB,
-#    I should be able to handle it similarly here.
-# 2a) CIDR subnet.  Treated more or less as such in old IPDB.
-# 2b) CIDR netmask.  Not sure how it's treated.
-# 3) Customer ID.  Not handled in old IPDB
-# 4) Description.
-# 5) Invalid data which might be interpretable as an IP or something, but
-#    which probably shouldn't be for reasons of sanity.
-
-  if ($category eq 'all') {
-
-    print qq(<div class="heading">Showing all netblock and static-IP allocations</div><br>\n);
-
-    # Need to assemble SQL query in this order to avoid breaking things.
-    $sql = "select cidr,custid,type,city,description from searchme";
-    my $count = countRows("select count(*) from ($sql) foo");
-    $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
-    queryResults($sql, $webvar{page}, $count);
-
-  } elsif ($category eq 'cust') {
-
-    print qq(<div class="heading">Searching for Customer IDs containing '$query'</div><br>\n);
-
-    # Query for a customer ID.  Note that we can't restrict to "numeric-only"
-    # as we have non-numeric custIDs in the legacy data.  :/
-    $sql = "select cidr,custid,type,city,description from searchme where custid ilike '%$query%'";
-    my $count = countRows("select count(*) from ($sql) foo");
-    $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
-    queryResults($sql, $webvar{page}, $count);
-
-  } elsif ($category eq 'desc') {
-
-    print qq(<div class="heading">Searching for descriptions containing '$query'</div><br>\n);
-    # Query based on description (includes "name" from old DB).
-    $sql = "select cidr,custid,type,city,description from searchme where description ilike '%$query%'";
-    my $count = countRows("select count(*) from ($sql) foo");
-    $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
-    queryResults($sql, $webvar{page}, $count);
-
-  } elsif ($category =~ /ipblock/) {
-
-    # Query is for a partial IP, a CIDR block in some form, or a flat IP.
-    print qq(<div class="heading">Searching for IP-based matches on '$query'</div><br>\n);
-
-    $query =~ s/\s+//g;
-    if ($query =~ /\//) {
-      # 209.91.179/26 should show all /26 subnets in 209.91.179
-      my ($net,$maskbits) = split /\//, $query;
-      if ($query =~ /^(\d{1,3}\.){3}\d{1,3}\/\d{2}$/) {
-        # /0->/9 are silly to worry about right now.  I don't think
-        # we'll be getting a class A anytime soon.  <g>
-        $sql = "select cidr,custid,type,city,description from searchme where cidr='$query'";
-        queryResults($sql, $webvar{page}, 1);
-      } else {
-        print "Finding all blocks with netmask /$maskbits, leading octet(s) $net<br>\n";
-        # Partial match;  beginning of subnet and maskbits are provided
-        $sql = "select cidr,custid,type,city,description from searchme where ".
-                "text(cidr) like '$net%' and text(cidr) like '%$maskbits'";
-        my $count = countRows("select count(*) from ($sql) foo");
-        $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
-        queryResults($sql, $webvar{page}, $count);
-      }
-    } elsif ($query =~ /^(\d{1,3}\.){3}\d{1,3}$/) {
-      # Specific IP address match
-      my $sfor = new NetAddr::IP $query;
-# We do this convoluted roundabout way of finding things in order
-# to bring up matches for single IPs that are within a static block;
-# we want to show both the "container" block and the static IP itself.
-      $sth = $ip_dbh->prepare("select cidr from searchme where cidr >>= '$sfor'");
-      $sth->execute;
-      while (my @data = $sth->fetchrow_array()) {
-        my $cidr = new NetAddr::IP $data[0];
-        queryResults("select cidr,custid,type,city,description from searchme where ".
-                "cidr='$cidr'", $webvar{page}, 1);
-      }
-    } elsif ($query =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.?$/) {
-      print "Finding matches where the first three octets are $query<br>\n";
-      $sql = "select cidr,custid,type,city,description from searchme where ".
-                "text(cidr) like '$query%'";
-      my $count = countRows("select count(*) from ($sql) foo");
-      $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
-      queryResults($sql, $webvar{page}, $count);
-    } else {
-      # This shouldn't happen, but if it does, whoever gets it deserves what they get...
-      printError("Invalid query.");
-    }
-  } else {
-    # This shouldn't happen, but if it does, whoever gets it deserves what they get...
-    printError("Invalid searchfor.");
-  }
-} # viewBy
-
-
 # args are: a reference to an array with the row to be printed and the 
 # class(stylesheet) to use for formatting.
@@ -332 +206 @@
 
 
-# Display certain types of search query.  Note that this can't be
-# cleanly reused much of anywhere else as the data isn't neatly tabulated.
-# This is tied to the search sub tightly enough I may just gut it and provide
-# more appropriate tables directly as needed.
-sub queryResults($$$) {
-  my ($sql, $pageNo, $rowCount) = @_;
-  my $offset = 0;
-  $offset = $1 if($sql =~ m/.*limit\s+(.*),.*/);
-
-  my $sth = $ip_dbh->prepare($sql);
-  $sth->execute();
-
-  startTable('Allocation','CustID','Type','City','Description/Name');
-  my $count = 0;
-
-  while (my @data = $sth->fetchrow_array) {
-    # cidr,custid,type,city,description
-    # Prefix subblocks with "Sub "
-    my @row = ( (($data[2] =~ /^.r$/) ? 'Sub ' : '').
-        qq(<a href="/ip/cgi-bin/main.cgi?action=edit&block=$data[0]">$data[0]</a>),
-        $data[1], $disp_alloctypes{$data[2]}, $data[3], $data[4]);
-    # Allow listing of pool if desired/required.
-    if ($data[2] =~ /^.[pd]$/) {
-      $row[0] .= ' &nbsp; <a href="/ip/cgi-bin/main.cgi?action=listpool'.
-        "&pool=$data[0]\">List IPs</a>";
-    }
-    printRow(\@row, 'color1', 1) if ($count%2==0); 
-    printRow(\@row, 'color2', 1) if ($count%2!=0);
-    $count++;
-  }
-
-  # Have to think on this call, it's primarily to clean up unfetched rows from a select.
-  # In this context it's probably a good idea.
-  $sth->finish();
-
-  my $upper = $offset+$count;
-  print "<tr><td colspan=10 bgcolor=white class=regular>Records found: $rowCount<br><i>Displaying: $offset - $upper</i></td></tr>\n";
-  print "</table></center>\n";
-
-  # print the page thing..
-  if ($rowCount > $RESULTS_PER_PAGE) {
-    my $pages = ceil($rowCount/$RESULTS_PER_PAGE);
-    print qq(<div class="center"> Page: );
-    for (my $i = 1; $i <= $pages; $i++) {
-      if ($i == $pageNo) {
-        print "<b>$i&nbsp;</b>\n";
-      } else {
-        print qq(<a href="/ip/cgi-bin/main.cgi?page=$i&input=$webvar{input}&action=search&searchfor=$webvar{searchfor}">$i</a>&nbsp;\n);
-      }
-    }
-    print "</div>";
-  }
-} # queryResults
-
-
 # Prints table headings.  Accepts any number of arguments;
 # each argument is a table heading.
@@ -397 +216 @@
   print "</tr>\n";
 } # startTable
-
-
-# Return first element of passed SQL query
-sub countRows($) {
-  my $sth = $ip_dbh->prepare($_[0]);
-  $sth->execute();
-  my @a = $sth->fetchrow_array();
-  $sth->finish();
-  return $a[0];
-}
 
 
@@ -820 +629 @@
   }
   $html =~ s|\$\$ALLCITIES\$\$|$cities|g;
+
+  my $i = 0;
+  $i++ if $webvar{fbtype} eq 'y';
+  # Check to see if user is allowed to do anything with sensitive data
+  my $privdata = '';
+  if ($IPDBacl{$authuser} =~ /s/) {
+    $privdata = qq(<tr class="color).($i%2).qq("><td>Restricted data:</td>).
+        qq(<td class=regular><textarea rows="3" cols="64" name="privdata" class="regular">).
+        qq(</textarea></td></tr>\n);
+    $i++;
+  }
+  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
+
+  $i = $i % 2;
+  $html =~ s/\$\$BUTTONROWCOLOUR\$\$/color$i/;
 
   print $html;
@@ -994 +818 @@
   $html =~ s|\$\$ACTION\$\$|insert|g;
 
+  my $i=1;
+  # Check to see if user is allowed to do anything with sensitive data
+  my $privdata = '';
+  if ($IPDBacl{$authuser} =~ /s/) {
+    $privdata = qq(<tr class="color).($i%2).qq("><td>Restricted data:</td>).
+        qq(<td class=regular>$webvar{privdata}).
+        qq(<input type=hidden name=privdata value="$webvar{privdata}"></td></tr>\n);
+    $i++;
+  }
+  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
+
+  $i = $i % 2;
+  $html =~ s/\$\$BUTTONROWCOLOUR\$\$/color$i/;
+
   print $html;
 
@@ -1008 +846 @@
   return if !validateInput();
 
+  if (!defined($webvar{privdata})) {
+    $webvar{privdata} = '';
+  }
   # $code is "success" vs "failure", $msg contains OK for a
   # successful netblock allocation, the IP allocated for static
@@ -1013 +854 @@
   my ($code,$msg) = allocateBlock($ip_dbh, $webvar{fullcidr}, $webvar{alloc_from},
         $webvar{custid}, $webvar{alloctype}, $webvar{city}, $webvar{desc}, $webvar{notes},
-        $webvar{circid});
+        $webvar{circid}, $webvar{privdata});
 
   if ($code eq 'OK') {
@@ -1127 +968 @@
   # because I'm lazy, we'll try to make the SELECT's bring out identical)ish) data
   if ($webvar{block} =~ /\/32$/) {
-    $sql = "select ip,custid,type,city,circuitid,description,notes,modifystamp from poolips where ip='$webvar{block}'";
+    $sql = "select ip,custid,type,city,circuitid,description,notes,modifystamp,privdata from poolips where ip='$webvar{block}'";
   } else {
-    $sql = "select cidr,custid,type,city,circuitid,description,notes,modifystamp,swip from allocations where cidr='$webvar{block}'"
+    $sql = "select cidr,custid,type,city,circuitid,description,notes,modifystamp,privdata,swip from allocations where cidr='$webvar{block}'"
   }
 
@@ -1203 +1044 @@
   my $i=1;
 
+  # Check to see if we can display sensitive data
+  my $privdata = '';
+  if ($IPDBacl{$authuser} =~ /s/) {
+    $privdata = qq(<tr class="color).($i%2).qq("><td class=heading>Restricted data:</td>).
+        qq(<td class=regular><textarea rows="3" cols="64" name="privdata" class="regular">).
+        qq($data[8]</textarea></td></tr>\n);
+    $i++;
+  }
+  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
+
   # More ACL trickery - we can live with forms that don't submit,
   # but we can't leave the extra table rows there, and we *really*
@@ -1208 +1059 @@
   my $updok = '';
   if ($IPDBacl{$authuser} =~ /c/) {
-    $updok = qq(<tr class="color$i"><td colspan=2 class=regular><div class="center">).
+    $updok = qq(<tr class="color).($i%2).qq("><td colspan=2><div class="center">).
         qq(<input type="submit" value=" Update this block " class="regular">).
         "</div></td></tr></form>\n";
@@ -1218 +1069 @@
   if ($IPDBacl{$authuser} =~ /d/) {
     $delok = qq(<form method="POST" action="main.cgi">
-        <tr class="color$i"><td colspan=2 class="regular"><div class=center>
+        <tr class="color).($i%2).qq("><td colspan=2 class="regular"><div class=center>
         <input type="hidden" name="action" value="delete">
         <input type="hidden" name="block" value="$webvar{block}">
@@ -1235 +1086 @@
 # action=update
 sub update {
+  if ($IPDBacl{$authuser} !~ /c/) {
+    printError("You shouldn't have been able to get here.  Access denied.");
+    return;
+  }
+
+  # Check to see if we can update restricted data
+  my $privdata = '';
+  if ($IPDBacl{$authuser} =~ /s/) {
+    $privdata = ",privdata='$webvar{privdata}'";
+  }
 
   # Make sure incoming data is in correct format - custID among other things.
@@ -1245 +1106 @@
     if (my $pooltype = ($webvar{alloctype} =~ /^(.)i$/) ) {
       $sql = "update poolips set custid='$webvar{custid}',notes='$webvar{notes}',".
-        "circuitid='$webvar{circid}',description='$webvar{desc}',city='$webvar{city}' ".
-        "where ip='$webvar{block}'";
+        "circuitid='$webvar{circid}',description='$webvar{desc}',city='$webvar{city}'".
+        "$privdata where ip='$webvar{block}'";
     } else {
       $sql = "update allocations set custid='$webvar{custid}',".
         "description='$webvar{desc}',notes='$webvar{notes}',city='$webvar{city}',".
-        "type='$webvar{alloctype}',circuitid='$webvar{circid}',".
+        "type='$webvar{alloctype}',circuitid='$webvar{circid}'$privdata ".
         "swip='".($webvar{swip} eq 'on' ? 'y' : 'n')."' ".
-        " where cidr='$webvar{block}'";
+        "where cidr='$webvar{block}'";
     }
     # Log the details of the change.
@@ -1290 +1151 @@
   $html =~ s/\$\$NOTES\$\$/$webvar{notes}/g;
 
+  if ($IPDBacl{$authuser} =~ /s/) {
+    $privdata = qq(<tr class="color2"><td valign="top">Restricted data:</td>).
+        qq(<td class="regular">).desanitize($webvar{privdata}).qq(</td></tr>\n);
+  }
+  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
+
   print $html;
 
@@ -1314 +1181 @@
   }
 
-  my ($cidr, $custid, $type, $city, $circid, $desc, $notes, $alloctype);
+  my ($cidr, $custid, $type, $city, $circid, $desc, $notes, $alloctype, $privdata);
 
   if ($webvar{alloctype} eq 'rm') {
@@ -1343 +1210 @@
 
     # Unassigning a static IP
-    my $sth = $ip_dbh->prepare("select ip,custid,city,type,notes,circuitid from poolips".
-        " where ip='$webvar{block}'");
+    my $sth = $ip_dbh->prepare("select ip,custid,city,type,notes,circuitid,privdata".
+        " from poolips where ip='$webvar{block}'");
     $sth->execute();
 #  croak $sth->errstr() if($sth->errstr());
 
-    $sth->bind_columns(\$cidr, \$custid, \$city, \$alloctype, \$notes, \$circid);
+    $sth->bind_columns(\$cidr, \$custid, \$city, \$alloctype, \$notes, \$circid,
+        \$privdata);
     $sth->fetch() || croak $sth->errstr;
 
   } else { # done with alloctype=~ /^.i$/
 
-    my $sth = $ip_dbh->prepare("select cidr,custid,type,city,circuitid,description,notes from ".
-        "allocations where cidr='$webvar{block}'");
+    my $sth = $ip_dbh->prepare("select cidr,custid,type,city,circuitid,description,notes,privdata".
+        " from allocations where cidr='$webvar{block}'");
     $sth->execute();
 #       croak $sth->errstr() if($sth->errstr());
 
-    $sth->bind_columns(\$cidr, \$custid, \$alloctype, \$city, \$circid, \$desc, \$notes);
+    $sth->bind_columns(\$cidr, \$custid, \$alloctype, \$city, \$circid, \$desc,
+        \$notes, \$privdata);
     $sth->fetch() || carp $sth->errstr;
   } # end cases for different alloctypes
@@ -1381 +1250 @@
     $html =~ s|<!--warn-->|<tr bgcolor="black"><td colspan="2"><div class="red">Warning: clicking confirm will remove this record entirely.</div></td></tr>|;
   }
+
+  my $i = 1;
+  # Check to see if user is allowed to do anything with sensitive data
+  if ($IPDBacl{$authuser} =~ /s/) {
+    $privdata = qq(<tr class="color).($i%2).qq("><td>Restricted data:</td>).
+        qq(<td class=regular>$privdata</td></tr>\n);
+    $i++;
+  }
+  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
+
+  $i = ++$i % 2;
+  $html =~ s/\$\$BUTTONROWCOLOUR\$\$/color$i/;
 
   print $html;

branches/stable/cgi-bin/search.cgi

@@ -60 +60 @@
     $webvar{input} =~ s/^\s+//;
     $webvar{input} =~ s/\s+$//;
-    if ($webvar{input} =~ /^[\d\.]+(\/\d{1,3})?$/) {
+    if ($webvar{input} =~ /^\d+$/) {
+      # All-digits, new custID
+      $searchfor = "cust";
+    } elsif ($webvar{input} =~ /^[\d\.]+(\/\d{1,3})?$/) {
       # IP addresses should only have numbers, digits, and maybe a slash+netmask
       $searchfor = "ipblock";
-    } elsif ($webvar{input} =~ /^\d+$/) {
-      # All-digits, new custID
-      $searchfor = "cust";
     } else {
       # Anything else.
@@ -140 +140 @@
   ## CIDR query options.
   $webvar{cidr} =~ s/\s+//;     # Hates the nasty spaceseseses we does.
-  if ($webvar{cidr} =~ /\//) {
+  if ($webvar{cidr} == '') { # We has a blank CIDR.  Ignore it.
+  } elsif ($webvar{cidr} =~ /\//) {
     # 209.91.179/26 should show all /26 subnets in 209.91.179
     my ($net,$maskbits) = split /\//, $webvar{cidr};
@@ -291 +292 @@
     print qq(<div class="heading">Searching for descriptions containing '$query'</div><br>\n);
     # Query based on description (includes "name" from old DB).
-    $sql = "select * from searchme where description ilike '%$query%'";
+    $sql = "select * from searchme where description ilike '%$query%'".
+        " or custid ilike '%$query%'";
     my $count = countRows($sql);
     $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";

branches/stable/confirm.html

@@ -21 +21 @@
 <td valign="top">Notes:&nbsp;</td><td>&nbsp;$$NOTES$$<input type="hidden" name="notes" value="$$NOTES$$"></td>
 </tr>
+$$PRIVDATA$$
 <!-- warn -->
 <input type="hidden" name="alloctype" value="$$ALLOC_TYPE$$">
 <input type="hidden" name="action" value="$$ACTION$$">
-<tr class="color1">
+<tr class="$$BUTTONROWCOLOUR$$">
 <td class="center" colspan="2">
 <input type="button" value="Back" onclick="history.go(-1)"><input type="submit" value="Confirm">

branches/stable/confirmRemove.html

@@ -10 +10 @@
 <tr class="color1"><td valign="top">Description/Name:</td><td>$$DESC$$</td></tr>
 <tr class="color2"><td valign="top">Notes:</td><td>$$NOTES$$</td></tr>
+$$PRIVDATA$$
 <!--warn-->
 <input type="hidden" name="action" value="$$ACTION$$">
-<tr class="color1"><td class="center" colspan=2>
+<tr class="$$BUTTONROWCOLOUR$$"><td class="center" colspan=2>
 <input type="button" value="Back" onclick="history.go(-1)"><input type="submit" value="Confirm">
 </td></tr>

branches/stable/editDisplay.html

@@ -24 +24 @@
 <tr class="color2"><td class="heading" valign="top">Notes:</td><td class="regular">$$NOTES$$</td></tr>
 
+$$PRIVDATA$$
 $$UPDOK$$
 $$DELOK$$

branches/stable/fb-assign.html

@@ -22 +22 @@
 </tr><tr class="color2">
 <td>Notes:&nbsp;</td><td><textarea name="notes" rows="3" cols="40"></textarea></td>
-</tr><tr class="color1">
+</tr>
+$$PRIVDATA$$
+<tr class="$$BUTTONROWCOLOUR$$">
 <td class="center" colspan="2"><input type="submit" value="  Assign  "></td>
 <input type="hidden" name="action" value="confirm">

branches/stable/header.inc

@@ -40 +40 @@
 <tr class="color1">
 <td width=10></td>
-<form method="POST" action="/ip/cgi-bin/main.cgi">
-<td>Search:
+<form method="POST" action="/ip/cgi-bin/search.cgi">
+<td width=390>Quick Search:
 <input type="text" name="input" size="20" maxlength="50" class="regular">
-<input type=radio name="searchfor" value="ipblock">IP/IP block
-<input type=radio name="searchfor" value="desc" checked=yes>Description
-<input type=radio name="searchfor" value="cust">Customer ID
 <input type=hidden name=page value="1">
-<input type=hidden name=action value="search">
+<input type=hidden name=stype value="q">
 <input type=submit value="Go!" class="heading">
 <input type="button" value=" Help? " onclick="openHelp()" class="regular">
-&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
+</td><td width=10></td><td><a href="/ip/cgi-bin/search.cgi">Complex Search</a></td>
+<td width=60></td>
 $$EXTRA0$$
-</td>
 </form>
 </tr>

branches/stable/help.html

@@ -11 +11 @@
 <table class="regular">
 
-<tr><td class="heading">Searches:</td><tr>
+<tr><td class="heading">Quick Searches:</td><tr>
 
 <tr class="color1">
-<td>Class-C-sized IP blocks</td><td>209.91.128</td>
-<td>Lists all alloctions starting with that set of octets</td>
+<td>IP blocks</td><td>209.91.128 or 209.</td>
+<td>Lists all alloctions starting with that set of octets.  Note that matches on the
+first octet MUST include the period to be considered an IP search.</td>
 </tr>
 <tr class="color2">
 <td>CIDR blocks</td><td>209.92.128/30</br>or
-209.92.128.0/30</td><td>lists all /30's beginning with 209.91.128</td>
+209.92.128.0/30</td><td>Lists all /30's beginning with 209.91.128 or checks for an
+exact match for 209.92.128.0/30 respectively</td>
 </tr>
 <tr class="color1">
@@ -30 +32 @@
 Matches on prefix (area code, area code + exchange, etc).
 </td>
+</tr>
+<tr class="color1">
+<td>Description:</td><td>cable or efni</td><td>Find all allocations with the search term in
+the description.  Note that searches for CustIDs with letters will fall under this category
+until CustIDs are all-numeric.</td>
 </tr>
 

branches/stable/ipdb.css

@@ -17 +17 @@
   text-decoration: underline;
   color: #683080;
+}
+
+tr.color0 {
+        background-color: #A8C4D0;
+        font-family: Verdana, Arial, Helvetica, sans-serif;
+        font-size: 90%;
 }
 

branches/stable/updated.html

@@ -10 +10 @@
 <tr class="color2"><td valign="top">Description/Name:</td><td>$$DESC$$</td></tr>
 <tr class="color1"><td valign="top">Notes:</td><td>$$NOTES$$</td></tr>
+$$PRIVDATA$$
 </table>
 </div>