Ignore:
Timestamp:
09/23/05 15:54:31 (19 years ago)
Author:
Kris Deugau
Message:

/branches/stable

Merge changes from /trunk revisions:

234
237
254 (ipdb.css only)
261
279
284
285

This merges the new search system (234, 237, 254), cleans up
some display CSS (254, 279), cleans up some leftover code (r261),
and merges the "private data" code (284, 285 - note SWIP hacks conflict).

/trunk should now be almost identical to /branches/stable.

Location:
branches/stable/cgi-bin
Files:
4 edited
1 copied

Legend:

Unmodified
Added
Removed
  • branches/stable/cgi-bin/IPDB.pm

    r250 r286  
    184184# Does all of the magic of actually allocating a netblock
    185185# Requires database handle, block to allocate, custid, type, city,
    186 #       description, notes, circuit ID, block to allocate from,
     186#       description, notes, circuit ID, block to allocate from, private data
    187187# Returns a success code and optional error message.
    188188sub allocateBlock {
    189   my ($dbh,undef,undef,$custid,$type,$city,$desc,$notes,$circid) = @_;
    190  
     189  my ($dbh,undef,undef,$custid,$type,$city,$desc,$notes,$circid,$privdata) = @_;
     190
    191191  my $cidr = new NetAddr::IP $_[1];
    192192  my $alloc_from = new NetAddr::IP $_[2];
     
    220220      $sth = $dbh->prepare("update poolips set custid='$custid',".
    221221        "city='$city',available='n',description='$desc',notes='$notes',".
    222         "circuitid='$circid'".
     222        "circuitid='$circid',privdata='$privdata'".
    223223        " where ip='$cidr'");
    224224      $sth->execute;
     
    263263          }
    264264          $sth = $dbh->prepare("insert into allocations".
    265                 " (cidr,custid,type,city,description,notes,maskbits,circuitid)".
     265                " (cidr,custid,type,city,description,notes,maskbits,circuitid,privdata)".
    266266                " values ('$cidr','$custid','$type','$city','$desc','$notes',".
    267                 $cidr->masklen.",'$circid')");
     267                $cidr->masklen.",'$circid','$privdata')");
    268268          $sth->execute;
    269269
     
    361361          # Insert the allocations entry
    362362          $sth = $dbh->prepare("insert into allocations (cidr,custid,type,city,".
    363                 "description,notes,maskbits,circuitid)".
     363                "description,notes,maskbits,circuitid,privdata)".
    364364                " values ('$cidr','$custid','$type','$city','$desc','$notes',".
    365                 $cidr->masklen.",'$circid')");
     365                $cidr->masklen.",'$circid','$privdata')");
    366366          $sth->execute;
    367367
  • branches/stable/cgi-bin/admin.cgi

    r269 r286  
    301301
    302302  print "<hr>Users with access:\n<table border=1>\n";
     303  print "<tr><td></td><td align=center colspan=3>General access</td></tr>\n";
    303304  print "<tr><td>Username</td><td>Add new</td><td>Change</td>".
    304         "<td>Delete</td><td>Admin user</td></tr>\n".
     305        "<td>Delete</td><td>Systems/Networking</td><td>Admin user</td></tr>\n".
    305306        "<form action=admin.cgi method=POST>\n";
    306307  $sth = $ip_dbh->prepare("select username,acl from users order by username");
     
    314315        "></td><td><input type=checkbox name=change".($data[1] =~ /c/ ? ' checked=y' : '').
    315316        "></td><td><input type=checkbox name=del".($data[1] =~ /d/ ? ' checked=y' : '').
     317        "></td><td><input type=checkbox name=sysnet".($data[1] =~ /s/ ? ' checked=y' : '').
    316318        "></td><td><input type=checkbox name=admin".($data[1] =~ /A/ ? ' checked=y' : '').
    317319        qq(></td><td><input type=submit value="Update"></td></form>\n).
     
    326328  my $acl = 'b';
    327329  if ($webvar{admin} eq 'on') {
    328     $acl .= "acdA";
     330    $acl .= "acdsA";
    329331  } else {
    330332    $acl .= ($webvar{add} eq 'on' ? 'a' : '').
    331333        ($webvar{change} eq 'on' ? 'c' : '').
    332         ($webvar{del} eq 'on' ? 'd' : '');
     334        ($webvar{del} eq 'on' ? 'd' : '').
     335        ($webvar{sysnet} eq 'on' ? 's' : '');
    333336  }
    334337  print "New ACL: $acl<br>\n";
  • branches/stable/cgi-bin/ipdb.psql

    r268 r286  
    6969        "description" character varying(64) DEFAULT '' NOT NULL,
    7070        "circuitid" character varying(128) DEFAULT '' NOT NULL,
     71        "privdata" text DEFAULT '' NOT NULL,
    7172        "newcustid" integer,
    7273        CHECK (((available = 'y'::bpchar) OR (available = 'n'::bpchar)))
     
    8687        "maskbits" integer DEFAULT 128,
    8788        "circuitid" character varying(128) DEFAULT '',
     89        "privdata" text DEFAULT '' NOT NULL,
    8890        "newcustid" integer
    8991);
     
    9395GRANT ALL on "allocations" to "ipdb";
    9496
    95 CREATE VIEW "searchme" as SELECT allocations.cidr, allocations.custid, allocations."type", allocations.city, allocations.description FROM allocations UNION SELECT poolips.ip, poolips.custid, poolips.type, poolips.city, poolips.description FROM poolips;
     97CREATE VIEW "searchme" as SELECT allocations.cidr, allocations.custid, allocations."type", allocations.city, allocations.description, allocations.notes FROM allocations UNION SELECT poolips.ip, poolips.custid, poolips.type, poolips.city, poolips.description, poolips.notes FROM poolips;
    9698
    9799REVOKE ALL on "searchme" from PUBLIC;
  • branches/stable/cgi-bin/main.cgi

    r267 r286  
    4747# Headerize!  Make sure we replace the $$EXTRA0$$ bit as needed.
    4848printHeader('', ($IPDBacl{$authuser} =~ /a/ ?
    49         '<a href="/ip/cgi-bin/main.cgi?action=assign">Add new assignment</a>' : ''
     49        '<td align=right><a href="/ip/cgi-bin/main.cgi?action=assign">Add new assignment</a>' : ''
    5050        ));
    5151
    5252
    53 #prototypes
    54 sub viewBy($$);         # feed it the category and query
    55 sub queryResults($$$);  # args is the sql, the page# and the rowCount
    56 # Needs rewrite/rename
    57 sub countRows($);       # returns first element of first row of passed SQL
    58                         # Only usage passes "select count(*) ..."
    59 
    6053# Global variables
    61 my $RESULTS_PER_PAGE = 50;
    6254my %webvar = parse_post();
    6355cleanInput(\%webvar);
     
    134126elsif($webvar{action} eq 'listpool') {
    135127  listPool();
    136 }
    137 elsif($webvar{action} eq 'search') {
    138   if (!$webvar{input}) {
    139     # No search term.  Display everything.
    140     viewBy('all', '');
    141   } else {
    142     # Search term entered.  Display matches.
    143     # We should really sanitize $webvar{input}, no?
    144     viewBy($webvar{searchfor}, $webvar{input});
    145   }
    146128}
    147129
     
    200182
    201183
    202 sub viewBy($$) {
    203   my ($category,$query) = @_;
    204 
    205   # Local variables
    206   my $sql;
    207 
    208 #print "<pre>\n";
    209 
    210 #print "start querysub: query '$query'\n";
    211 # this may happen with more than one subcategory.  Unlikely, but possible.
    212 
    213   # Calculate start point for LIMIT clause
    214   my $offset = ($webvar{page}-1)*$RESULTS_PER_PAGE;
    215 
    216 # Possible cases:
    217 # 1) Partial IP/subnet.  Treated as "first-three-octets-match" in old IPDB,
    218 #    I should be able to handle it similarly here.
    219 # 2a) CIDR subnet.  Treated more or less as such in old IPDB.
    220 # 2b) CIDR netmask.  Not sure how it's treated.
    221 # 3) Customer ID.  Not handled in old IPDB
    222 # 4) Description.
    223 # 5) Invalid data which might be interpretable as an IP or something, but
    224 #    which probably shouldn't be for reasons of sanity.
    225 
    226   if ($category eq 'all') {
    227 
    228     print qq(<div class="heading">Showing all netblock and static-IP allocations</div><br>\n);
    229 
    230     # Need to assemble SQL query in this order to avoid breaking things.
    231     $sql = "select cidr,custid,type,city,description from searchme";
    232     my $count = countRows("select count(*) from ($sql) foo");
    233     $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
    234     queryResults($sql, $webvar{page}, $count);
    235 
    236   } elsif ($category eq 'cust') {
    237 
    238     print qq(<div class="heading">Searching for Customer IDs containing '$query'</div><br>\n);
    239 
    240     # Query for a customer ID.  Note that we can't restrict to "numeric-only"
    241     # as we have non-numeric custIDs in the legacy data.  :/
    242     $sql = "select cidr,custid,type,city,description from searchme where custid ilike '%$query%'";
    243     my $count = countRows("select count(*) from ($sql) foo");
    244     $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
    245     queryResults($sql, $webvar{page}, $count);
    246 
    247   } elsif ($category eq 'desc') {
    248 
    249     print qq(<div class="heading">Searching for descriptions containing '$query'</div><br>\n);
    250     # Query based on description (includes "name" from old DB).
    251     $sql = "select cidr,custid,type,city,description from searchme where description ilike '%$query%'";
    252     my $count = countRows("select count(*) from ($sql) foo");
    253     $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
    254     queryResults($sql, $webvar{page}, $count);
    255 
    256   } elsif ($category =~ /ipblock/) {
    257 
    258     # Query is for a partial IP, a CIDR block in some form, or a flat IP.
    259     print qq(<div class="heading">Searching for IP-based matches on '$query'</div><br>\n);
    260 
    261     $query =~ s/\s+//g;
    262     if ($query =~ /\//) {
    263       # 209.91.179/26 should show all /26 subnets in 209.91.179
    264       my ($net,$maskbits) = split /\//, $query;
    265       if ($query =~ /^(\d{1,3}\.){3}\d{1,3}\/\d{2}$/) {
    266         # /0->/9 are silly to worry about right now.  I don't think
    267         # we'll be getting a class A anytime soon.  <g>
    268         $sql = "select cidr,custid,type,city,description from searchme where cidr='$query'";
    269         queryResults($sql, $webvar{page}, 1);
    270       } else {
    271         print "Finding all blocks with netmask /$maskbits, leading octet(s) $net<br>\n";
    272         # Partial match;  beginning of subnet and maskbits are provided
    273         $sql = "select cidr,custid,type,city,description from searchme where ".
    274                 "text(cidr) like '$net%' and text(cidr) like '%$maskbits'";
    275         my $count = countRows("select count(*) from ($sql) foo");
    276         $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
    277         queryResults($sql, $webvar{page}, $count);
    278       }
    279     } elsif ($query =~ /^(\d{1,3}\.){3}\d{1,3}$/) {
    280       # Specific IP address match
    281       my $sfor = new NetAddr::IP $query;
    282 # We do this convoluted roundabout way of finding things in order
    283 # to bring up matches for single IPs that are within a static block;
    284 # we want to show both the "container" block and the static IP itself.
    285       $sth = $ip_dbh->prepare("select cidr from searchme where cidr >>= '$sfor'");
    286       $sth->execute;
    287       while (my @data = $sth->fetchrow_array()) {
    288         my $cidr = new NetAddr::IP $data[0];
    289         queryResults("select cidr,custid,type,city,description from searchme where ".
    290                 "cidr='$cidr'", $webvar{page}, 1);
    291       }
    292     } elsif ($query =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.?$/) {
    293       print "Finding matches where the first three octets are $query<br>\n";
    294       $sql = "select cidr,custid,type,city,description from searchme where ".
    295                 "text(cidr) like '$query%'";
    296       my $count = countRows("select count(*) from ($sql) foo");
    297       $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
    298       queryResults($sql, $webvar{page}, $count);
    299     } else {
    300       # This shouldn't happen, but if it does, whoever gets it deserves what they get...
    301       printError("Invalid query.");
    302     }
    303   } else {
    304     # This shouldn't happen, but if it does, whoever gets it deserves what they get...
    305     printError("Invalid searchfor.");
    306   }
    307 } # viewBy
    308 
    309 
    310184# args are: a reference to an array with the row to be printed and the
    311185# class(stylesheet) to use for formatting.
     
    332206
    333207
    334 # Display certain types of search query.  Note that this can't be
    335 # cleanly reused much of anywhere else as the data isn't neatly tabulated.
    336 # This is tied to the search sub tightly enough I may just gut it and provide
    337 # more appropriate tables directly as needed.
    338 sub queryResults($$$) {
    339   my ($sql, $pageNo, $rowCount) = @_;
    340   my $offset = 0;
    341   $offset = $1 if($sql =~ m/.*limit\s+(.*),.*/);
    342 
    343   my $sth = $ip_dbh->prepare($sql);
    344   $sth->execute();
    345 
    346   startTable('Allocation','CustID','Type','City','Description/Name');
    347   my $count = 0;
    348 
    349   while (my @data = $sth->fetchrow_array) {
    350     # cidr,custid,type,city,description
    351     # Prefix subblocks with "Sub "
    352     my @row = ( (($data[2] =~ /^.r$/) ? 'Sub ' : '').
    353         qq(<a href="/ip/cgi-bin/main.cgi?action=edit&block=$data[0]">$data[0]</a>),
    354         $data[1], $disp_alloctypes{$data[2]}, $data[3], $data[4]);
    355     # Allow listing of pool if desired/required.
    356     if ($data[2] =~ /^.[pd]$/) {
    357       $row[0] .= ' &nbsp; <a href="/ip/cgi-bin/main.cgi?action=listpool'.
    358         "&pool=$data[0]\">List IPs</a>";
    359     }
    360     printRow(\@row, 'color1', 1) if ($count%2==0);
    361     printRow(\@row, 'color2', 1) if ($count%2!=0);
    362     $count++;
    363   }
    364 
    365   # Have to think on this call, it's primarily to clean up unfetched rows from a select.
    366   # In this context it's probably a good idea.
    367   $sth->finish();
    368 
    369   my $upper = $offset+$count;
    370   print "<tr><td colspan=10 bgcolor=white class=regular>Records found: $rowCount<br><i>Displaying: $offset - $upper</i></td></tr>\n";
    371   print "</table></center>\n";
    372 
    373   # print the page thing..
    374   if ($rowCount > $RESULTS_PER_PAGE) {
    375     my $pages = ceil($rowCount/$RESULTS_PER_PAGE);
    376     print qq(<div class="center"> Page: );
    377     for (my $i = 1; $i <= $pages; $i++) {
    378       if ($i == $pageNo) {
    379         print "<b>$i&nbsp;</b>\n";
    380       } else {
    381         print qq(<a href="/ip/cgi-bin/main.cgi?page=$i&input=$webvar{input}&action=search&searchfor=$webvar{searchfor}">$i</a>&nbsp;\n);
    382       }
    383     }
    384     print "</div>";
    385   }
    386 } # queryResults
    387 
    388 
    389208# Prints table headings.  Accepts any number of arguments;
    390209# each argument is a table heading.
     
    397216  print "</tr>\n";
    398217} # startTable
    399 
    400 
    401 # Return first element of passed SQL query
    402 sub countRows($) {
    403   my $sth = $ip_dbh->prepare($_[0]);
    404   $sth->execute();
    405   my @a = $sth->fetchrow_array();
    406   $sth->finish();
    407   return $a[0];
    408 }
    409218
    410219
     
    820629  }
    821630  $html =~ s|\$\$ALLCITIES\$\$|$cities|g;
     631
     632  my $i = 0;
     633  $i++ if $webvar{fbtype} eq 'y';
     634  # Check to see if user is allowed to do anything with sensitive data
     635  my $privdata = '';
     636  if ($IPDBacl{$authuser} =~ /s/) {
     637    $privdata = qq(<tr class="color).($i%2).qq("><td>Restricted data:</td>).
     638        qq(<td class=regular><textarea rows="3" cols="64" name="privdata" class="regular">).
     639        qq(</textarea></td></tr>\n);
     640    $i++;
     641  }
     642  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
     643
     644  $i = $i % 2;
     645  $html =~ s/\$\$BUTTONROWCOLOUR\$\$/color$i/;
    822646
    823647  print $html;
     
    994818  $html =~ s|\$\$ACTION\$\$|insert|g;
    995819
     820  my $i=1;
     821  # Check to see if user is allowed to do anything with sensitive data
     822  my $privdata = '';
     823  if ($IPDBacl{$authuser} =~ /s/) {
     824    $privdata = qq(<tr class="color).($i%2).qq("><td>Restricted data:</td>).
     825        qq(<td class=regular>$webvar{privdata}).
     826        qq(<input type=hidden name=privdata value="$webvar{privdata}"></td></tr>\n);
     827    $i++;
     828  }
     829  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
     830
     831  $i = $i % 2;
     832  $html =~ s/\$\$BUTTONROWCOLOUR\$\$/color$i/;
     833
    996834  print $html;
    997835
     
    1008846  return if !validateInput();
    1009847
     848  if (!defined($webvar{privdata})) {
     849    $webvar{privdata} = '';
     850  }
    1010851  # $code is "success" vs "failure", $msg contains OK for a
    1011852  # successful netblock allocation, the IP allocated for static
     
    1013854  my ($code,$msg) = allocateBlock($ip_dbh, $webvar{fullcidr}, $webvar{alloc_from},
    1014855        $webvar{custid}, $webvar{alloctype}, $webvar{city}, $webvar{desc}, $webvar{notes},
    1015         $webvar{circid});
     856        $webvar{circid}, $webvar{privdata});
    1016857
    1017858  if ($code eq 'OK') {
     
    1127968  # because I'm lazy, we'll try to make the SELECT's bring out identical)ish) data
    1128969  if ($webvar{block} =~ /\/32$/) {
    1129     $sql = "select ip,custid,type,city,circuitid,description,notes,modifystamp from poolips where ip='$webvar{block}'";
     970    $sql = "select ip,custid,type,city,circuitid,description,notes,modifystamp,privdata from poolips where ip='$webvar{block}'";
    1130971  } else {
    1131     $sql = "select cidr,custid,type,city,circuitid,description,notes,modifystamp,swip from allocations where cidr='$webvar{block}'"
     972    $sql = "select cidr,custid,type,city,circuitid,description,notes,modifystamp,privdata,swip from allocations where cidr='$webvar{block}'"
    1132973  }
    1133974
     
    12031044  my $i=1;
    12041045
     1046  # Check to see if we can display sensitive data
     1047  my $privdata = '';
     1048  if ($IPDBacl{$authuser} =~ /s/) {
     1049    $privdata = qq(<tr class="color).($i%2).qq("><td class=heading>Restricted data:</td>).
     1050        qq(<td class=regular><textarea rows="3" cols="64" name="privdata" class="regular">).
     1051        qq($data[8]</textarea></td></tr>\n);
     1052    $i++;
     1053  }
     1054  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
     1055
    12051056  # More ACL trickery - we can live with forms that don't submit,
    12061057  # but we can't leave the extra table rows there, and we *really*
     
    12081059  my $updok = '';
    12091060  if ($IPDBacl{$authuser} =~ /c/) {
    1210     $updok = qq(<tr class="color$i"><td colspan=2 class=regular><div class="center">).
     1061    $updok = qq(<tr class="color).($i%2).qq("><td colspan=2><div class="center">).
    12111062        qq(<input type="submit" value=" Update this block " class="regular">).
    12121063        "</div></td></tr></form>\n";
     
    12181069  if ($IPDBacl{$authuser} =~ /d/) {
    12191070    $delok = qq(<form method="POST" action="main.cgi">
    1220         <tr class="color$i"><td colspan=2 class="regular"><div class=center>
     1071        <tr class="color).($i%2).qq("><td colspan=2 class="regular"><div class=center>
    12211072        <input type="hidden" name="action" value="delete">
    12221073        <input type="hidden" name="block" value="$webvar{block}">
     
    12351086# action=update
    12361087sub update {
     1088  if ($IPDBacl{$authuser} !~ /c/) {
     1089    printError("You shouldn't have been able to get here.  Access denied.");
     1090    return;
     1091  }
     1092
     1093  # Check to see if we can update restricted data
     1094  my $privdata = '';
     1095  if ($IPDBacl{$authuser} =~ /s/) {
     1096    $privdata = ",privdata='$webvar{privdata}'";
     1097  }
    12371098
    12381099  # Make sure incoming data is in correct format - custID among other things.
     
    12451106    if (my $pooltype = ($webvar{alloctype} =~ /^(.)i$/) ) {
    12461107      $sql = "update poolips set custid='$webvar{custid}',notes='$webvar{notes}',".
    1247         "circuitid='$webvar{circid}',description='$webvar{desc}',city='$webvar{city}' ".
    1248         "where ip='$webvar{block}'";
     1108        "circuitid='$webvar{circid}',description='$webvar{desc}',city='$webvar{city}'".
     1109        "$privdata where ip='$webvar{block}'";
    12491110    } else {
    12501111      $sql = "update allocations set custid='$webvar{custid}',".
    12511112        "description='$webvar{desc}',notes='$webvar{notes}',city='$webvar{city}',".
    1252         "type='$webvar{alloctype}',circuitid='$webvar{circid}',".
     1113        "type='$webvar{alloctype}',circuitid='$webvar{circid}'$privdata ".
    12531114        "swip='".($webvar{swip} eq 'on' ? 'y' : 'n')."' ".
    1254         " where cidr='$webvar{block}'";
     1115        "where cidr='$webvar{block}'";
    12551116    }
    12561117    # Log the details of the change.
     
    12901151  $html =~ s/\$\$NOTES\$\$/$webvar{notes}/g;
    12911152
     1153  if ($IPDBacl{$authuser} =~ /s/) {
     1154    $privdata = qq(<tr class="color2"><td valign="top">Restricted data:</td>).
     1155        qq(<td class="regular">).desanitize($webvar{privdata}).qq(</td></tr>\n);
     1156  }
     1157  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
     1158
    12921159  print $html;
    12931160
     
    13141181  }
    13151182
    1316   my ($cidr, $custid, $type, $city, $circid, $desc, $notes, $alloctype);
     1183  my ($cidr, $custid, $type, $city, $circid, $desc, $notes, $alloctype, $privdata);
    13171184
    13181185  if ($webvar{alloctype} eq 'rm') {
     
    13431210
    13441211    # Unassigning a static IP
    1345     my $sth = $ip_dbh->prepare("select ip,custid,city,type,notes,circuitid from poolips".
    1346         " where ip='$webvar{block}'");
     1212    my $sth = $ip_dbh->prepare("select ip,custid,city,type,notes,circuitid,privdata".
     1213        " from poolips where ip='$webvar{block}'");
    13471214    $sth->execute();
    13481215#  croak $sth->errstr() if($sth->errstr());
    13491216
    1350     $sth->bind_columns(\$cidr, \$custid, \$city, \$alloctype, \$notes, \$circid);
     1217    $sth->bind_columns(\$cidr, \$custid, \$city, \$alloctype, \$notes, \$circid,
     1218        \$privdata);
    13511219    $sth->fetch() || croak $sth->errstr;
    13521220
    13531221  } else { # done with alloctype=~ /^.i$/
    13541222
    1355     my $sth = $ip_dbh->prepare("select cidr,custid,type,city,circuitid,description,notes from ".
    1356         "allocations where cidr='$webvar{block}'");
     1223    my $sth = $ip_dbh->prepare("select cidr,custid,type,city,circuitid,description,notes,privdata".
     1224        " from allocations where cidr='$webvar{block}'");
    13571225    $sth->execute();
    13581226#       croak $sth->errstr() if($sth->errstr());
    13591227
    1360     $sth->bind_columns(\$cidr, \$custid, \$alloctype, \$city, \$circid, \$desc, \$notes);
     1228    $sth->bind_columns(\$cidr, \$custid, \$alloctype, \$city, \$circid, \$desc,
     1229        \$notes, \$privdata);
    13611230    $sth->fetch() || carp $sth->errstr;
    13621231  } # end cases for different alloctypes
     
    13811250    $html =~ s|<!--warn-->|<tr bgcolor="black"><td colspan="2"><div class="red">Warning: clicking confirm will remove this record entirely.</div></td></tr>|;
    13821251  }
     1252
     1253  my $i = 1;
     1254  # Check to see if user is allowed to do anything with sensitive data
     1255  if ($IPDBacl{$authuser} =~ /s/) {
     1256    $privdata = qq(<tr class="color).($i%2).qq("><td>Restricted data:</td>).
     1257        qq(<td class=regular>$privdata</td></tr>\n);
     1258    $i++;
     1259  }
     1260  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
     1261
     1262  $i = ++$i % 2;
     1263  $html =~ s/\$\$BUTTONROWCOLOUR\$\$/color$i/;
    13831264
    13841265  print $html;
  • branches/stable/cgi-bin/search.cgi

    r234 r286  
    6060    $webvar{input} =~ s/^\s+//;
    6161    $webvar{input} =~ s/\s+$//;
    62     if ($webvar{input} =~ /^[\d\.]+(\/\d{1,3})?$/) {
     62    if ($webvar{input} =~ /^\d+$/) {
     63      # All-digits, new custID
     64      $searchfor = "cust";
     65    } elsif ($webvar{input} =~ /^[\d\.]+(\/\d{1,3})?$/) {
    6366      # IP addresses should only have numbers, digits, and maybe a slash+netmask
    6467      $searchfor = "ipblock";
    65     } elsif ($webvar{input} =~ /^\d+$/) {
    66       # All-digits, new custID
    67       $searchfor = "cust";
    6868    } else {
    6969      # Anything else.
     
    140140  ## CIDR query options.
    141141  $webvar{cidr} =~ s/\s+//;     # Hates the nasty spaceseseses we does.
    142   if ($webvar{cidr} =~ /\//) {
     142  if ($webvar{cidr} == '') { # We has a blank CIDR.  Ignore it.
     143  } elsif ($webvar{cidr} =~ /\//) {
    143144    # 209.91.179/26 should show all /26 subnets in 209.91.179
    144145    my ($net,$maskbits) = split /\//, $webvar{cidr};
     
    291292    print qq(<div class="heading">Searching for descriptions containing '$query'</div><br>\n);
    292293    # Query based on description (includes "name" from old DB).
    293     $sql = "select * from searchme where description ilike '%$query%'";
     294    $sql = "select * from searchme where description ilike '%$query%'".
     295        " or custid ilike '%$query%'";
    294296    my $count = countRows($sql);
    295297    $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
Note: See TracChangeset for help on using the changeset viewer.