Changeset 286 for branches/stable/cgi-bin/main.cgi

Timestamp:

09/23/05 15:54:31 (19 years ago)

Author:

Kris Deugau

Message:

/branches/stable

Merge changes from /trunk revisions:

234
237
254 (ipdb.css only)
261
279
284
285

This merges the new search system (234, 237, 254), cleans up
some display CSS (254, 279), cleans up some leftover code (r261),
and merges the "private data" code (284, 285 - note SWIP hacks conflict).

/trunk should now be almost identical to /branches/stable.

File:

• branches/stable/cgi-bin/main.cgi (modified) (19 diffs)

branches/stable/cgi-bin/main.cgi

@@ -47 +47 @@
 # Headerize!  Make sure we replace the $$EXTRA0$$ bit as needed.
 printHeader('', ($IPDBacl{$authuser} =~ /a/ ?
-        '<a href="/ip/cgi-bin/main.cgi?action=assign">Add new assignment</a>' : ''
+        '<td align=right><a href="/ip/cgi-bin/main.cgi?action=assign">Add new assignment</a>' : ''
         ));
 
 
-#prototypes
-sub viewBy($$);         # feed it the category and query
-sub queryResults($$$);  # args is the sql, the page# and the rowCount
-# Needs rewrite/rename
-sub countRows($);       # returns first element of first row of passed SQL
-                        # Only usage passes "select count(*) ..."
-
 # Global variables
-my $RESULTS_PER_PAGE = 50;
 my %webvar = parse_post();
 cleanInput(\%webvar);
@@ -134 +126 @@
 elsif($webvar{action} eq 'listpool') {
   listPool();
-}
-elsif($webvar{action} eq 'search') {
-  if (!$webvar{input}) {
-    # No search term.  Display everything.
-    viewBy('all', '');
-  } else {
-    # Search term entered.  Display matches.
-    # We should really sanitize $webvar{input}, no?
-    viewBy($webvar{searchfor}, $webvar{input});
-  }
 }
 
@@ -200 +182 @@
 
 
-sub viewBy($$) {
-  my ($category,$query) = @_;
-
-  # Local variables
-  my $sql;
-
-#print "<pre>\n";
-
-#print "start querysub: query '$query'\n";
-# this may happen with more than one subcategory.  Unlikely, but possible.
-
-  # Calculate start point for LIMIT clause
-  my $offset = ($webvar{page}-1)*$RESULTS_PER_PAGE;
-
-# Possible cases:
-# 1) Partial IP/subnet.  Treated as "first-three-octets-match" in old IPDB,
-#    I should be able to handle it similarly here.
-# 2a) CIDR subnet.  Treated more or less as such in old IPDB.
-# 2b) CIDR netmask.  Not sure how it's treated.
-# 3) Customer ID.  Not handled in old IPDB
-# 4) Description.
-# 5) Invalid data which might be interpretable as an IP or something, but
-#    which probably shouldn't be for reasons of sanity.
-
-  if ($category eq 'all') {
-
-    print qq(<div class="heading">Showing all netblock and static-IP allocations</div><br>\n);
-
-    # Need to assemble SQL query in this order to avoid breaking things.
-    $sql = "select cidr,custid,type,city,description from searchme";
-    my $count = countRows("select count(*) from ($sql) foo");
-    $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
-    queryResults($sql, $webvar{page}, $count);
-
-  } elsif ($category eq 'cust') {
-
-    print qq(<div class="heading">Searching for Customer IDs containing '$query'</div><br>\n);
-
-    # Query for a customer ID.  Note that we can't restrict to "numeric-only"
-    # as we have non-numeric custIDs in the legacy data.  :/
-    $sql = "select cidr,custid,type,city,description from searchme where custid ilike '%$query%'";
-    my $count = countRows("select count(*) from ($sql) foo");
-    $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
-    queryResults($sql, $webvar{page}, $count);
-
-  } elsif ($category eq 'desc') {
-
-    print qq(<div class="heading">Searching for descriptions containing '$query'</div><br>\n);
-    # Query based on description (includes "name" from old DB).
-    $sql = "select cidr,custid,type,city,description from searchme where description ilike '%$query%'";
-    my $count = countRows("select count(*) from ($sql) foo");
-    $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
-    queryResults($sql, $webvar{page}, $count);
-
-  } elsif ($category =~ /ipblock/) {
-
-    # Query is for a partial IP, a CIDR block in some form, or a flat IP.
-    print qq(<div class="heading">Searching for IP-based matches on '$query'</div><br>\n);
-
-    $query =~ s/\s+//g;
-    if ($query =~ /\//) {
-      # 209.91.179/26 should show all /26 subnets in 209.91.179
-      my ($net,$maskbits) = split /\//, $query;
-      if ($query =~ /^(\d{1,3}\.){3}\d{1,3}\/\d{2}$/) {
-        # /0->/9 are silly to worry about right now.  I don't think
-        # we'll be getting a class A anytime soon.  <g>
-        $sql = "select cidr,custid,type,city,description from searchme where cidr='$query'";
-        queryResults($sql, $webvar{page}, 1);
-      } else {
-        print "Finding all blocks with netmask /$maskbits, leading octet(s) $net<br>\n";
-        # Partial match;  beginning of subnet and maskbits are provided
-        $sql = "select cidr,custid,type,city,description from searchme where ".
-                "text(cidr) like '$net%' and text(cidr) like '%$maskbits'";
-        my $count = countRows("select count(*) from ($sql) foo");
-        $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
-        queryResults($sql, $webvar{page}, $count);
-      }
-    } elsif ($query =~ /^(\d{1,3}\.){3}\d{1,3}$/) {
-      # Specific IP address match
-      my $sfor = new NetAddr::IP $query;
-# We do this convoluted roundabout way of finding things in order
-# to bring up matches for single IPs that are within a static block;
-# we want to show both the "container" block and the static IP itself.
-      $sth = $ip_dbh->prepare("select cidr from searchme where cidr >>= '$sfor'");
-      $sth->execute;
-      while (my @data = $sth->fetchrow_array()) {
-        my $cidr = new NetAddr::IP $data[0];
-        queryResults("select cidr,custid,type,city,description from searchme where ".
-                "cidr='$cidr'", $webvar{page}, 1);
-      }
-    } elsif ($query =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.?$/) {
-      print "Finding matches where the first three octets are $query<br>\n";
-      $sql = "select cidr,custid,type,city,description from searchme where ".
-                "text(cidr) like '$query%'";
-      my $count = countRows("select count(*) from ($sql) foo");
-      $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
-      queryResults($sql, $webvar{page}, $count);
-    } else {
-      # This shouldn't happen, but if it does, whoever gets it deserves what they get...
-      printError("Invalid query.");
-    }
-  } else {
-    # This shouldn't happen, but if it does, whoever gets it deserves what they get...
-    printError("Invalid searchfor.");
-  }
-} # viewBy
-
-
 # args are: a reference to an array with the row to be printed and the 
 # class(stylesheet) to use for formatting.
@@ -332 +206 @@
 
 
-# Display certain types of search query.  Note that this can't be
-# cleanly reused much of anywhere else as the data isn't neatly tabulated.
-# This is tied to the search sub tightly enough I may just gut it and provide
-# more appropriate tables directly as needed.
-sub queryResults($$$) {
-  my ($sql, $pageNo, $rowCount) = @_;
-  my $offset = 0;
-  $offset = $1 if($sql =~ m/.*limit\s+(.*),.*/);
-
-  my $sth = $ip_dbh->prepare($sql);
-  $sth->execute();
-
-  startTable('Allocation','CustID','Type','City','Description/Name');
-  my $count = 0;
-
-  while (my @data = $sth->fetchrow_array) {
-    # cidr,custid,type,city,description
-    # Prefix subblocks with "Sub "
-    my @row = ( (($data[2] =~ /^.r$/) ? 'Sub ' : '').
-        qq(<a href="/ip/cgi-bin/main.cgi?action=edit&block=$data[0]">$data[0]</a>),
-        $data[1], $disp_alloctypes{$data[2]}, $data[3], $data[4]);
-    # Allow listing of pool if desired/required.
-    if ($data[2] =~ /^.[pd]$/) {
-      $row[0] .= ' &nbsp; <a href="/ip/cgi-bin/main.cgi?action=listpool'.
-        "&pool=$data[0]\">List IPs</a>";
-    }
-    printRow(\@row, 'color1', 1) if ($count%2==0); 
-    printRow(\@row, 'color2', 1) if ($count%2!=0);
-    $count++;
-  }
-
-  # Have to think on this call, it's primarily to clean up unfetched rows from a select.
-  # In this context it's probably a good idea.
-  $sth->finish();
-
-  my $upper = $offset+$count;
-  print "<tr><td colspan=10 bgcolor=white class=regular>Records found: $rowCount<br><i>Displaying: $offset - $upper</i></td></tr>\n";
-  print "</table></center>\n";
-
-  # print the page thing..
-  if ($rowCount > $RESULTS_PER_PAGE) {
-    my $pages = ceil($rowCount/$RESULTS_PER_PAGE);
-    print qq(<div class="center"> Page: );
-    for (my $i = 1; $i <= $pages; $i++) {
-      if ($i == $pageNo) {
-        print "<b>$i&nbsp;</b>\n";
-      } else {
-        print qq(<a href="/ip/cgi-bin/main.cgi?page=$i&input=$webvar{input}&action=search&searchfor=$webvar{searchfor}">$i</a>&nbsp;\n);
-      }
-    }
-    print "</div>";
-  }
-} # queryResults
-
-
 # Prints table headings.  Accepts any number of arguments;
 # each argument is a table heading.
@@ -397 +216 @@
   print "</tr>\n";
 } # startTable
-
-
-# Return first element of passed SQL query
-sub countRows($) {
-  my $sth = $ip_dbh->prepare($_[0]);
-  $sth->execute();
-  my @a = $sth->fetchrow_array();
-  $sth->finish();
-  return $a[0];
-}
 
 
@@ -820 +629 @@
   }
   $html =~ s|\$\$ALLCITIES\$\$|$cities|g;
+
+  my $i = 0;
+  $i++ if $webvar{fbtype} eq 'y';
+  # Check to see if user is allowed to do anything with sensitive data
+  my $privdata = '';
+  if ($IPDBacl{$authuser} =~ /s/) {
+    $privdata = qq(<tr class="color).($i%2).qq("><td>Restricted data:</td>).
+        qq(<td class=regular><textarea rows="3" cols="64" name="privdata" class="regular">).
+        qq(</textarea></td></tr>\n);
+    $i++;
+  }
+  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
+
+  $i = $i % 2;
+  $html =~ s/\$\$BUTTONROWCOLOUR\$\$/color$i/;
 
   print $html;
@@ -994 +818 @@
   $html =~ s|\$\$ACTION\$\$|insert|g;
 
+  my $i=1;
+  # Check to see if user is allowed to do anything with sensitive data
+  my $privdata = '';
+  if ($IPDBacl{$authuser} =~ /s/) {
+    $privdata = qq(<tr class="color).($i%2).qq("><td>Restricted data:</td>).
+        qq(<td class=regular>$webvar{privdata}).
+        qq(<input type=hidden name=privdata value="$webvar{privdata}"></td></tr>\n);
+    $i++;
+  }
+  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
+
+  $i = $i % 2;
+  $html =~ s/\$\$BUTTONROWCOLOUR\$\$/color$i/;
+
   print $html;
 
@@ -1008 +846 @@
   return if !validateInput();
 
+  if (!defined($webvar{privdata})) {
+    $webvar{privdata} = '';
+  }
   # $code is "success" vs "failure", $msg contains OK for a
   # successful netblock allocation, the IP allocated for static
@@ -1013 +854 @@
   my ($code,$msg) = allocateBlock($ip_dbh, $webvar{fullcidr}, $webvar{alloc_from},
         $webvar{custid}, $webvar{alloctype}, $webvar{city}, $webvar{desc}, $webvar{notes},
-        $webvar{circid});
+        $webvar{circid}, $webvar{privdata});
 
   if ($code eq 'OK') {
@@ -1127 +968 @@
   # because I'm lazy, we'll try to make the SELECT's bring out identical)ish) data
   if ($webvar{block} =~ /\/32$/) {
-    $sql = "select ip,custid,type,city,circuitid,description,notes,modifystamp from poolips where ip='$webvar{block}'";
+    $sql = "select ip,custid,type,city,circuitid,description,notes,modifystamp,privdata from poolips where ip='$webvar{block}'";
   } else {
-    $sql = "select cidr,custid,type,city,circuitid,description,notes,modifystamp,swip from allocations where cidr='$webvar{block}'"
+    $sql = "select cidr,custid,type,city,circuitid,description,notes,modifystamp,privdata,swip from allocations where cidr='$webvar{block}'"
   }
 
@@ -1203 +1044 @@
   my $i=1;
 
+  # Check to see if we can display sensitive data
+  my $privdata = '';
+  if ($IPDBacl{$authuser} =~ /s/) {
+    $privdata = qq(<tr class="color).($i%2).qq("><td class=heading>Restricted data:</td>).
+        qq(<td class=regular><textarea rows="3" cols="64" name="privdata" class="regular">).
+        qq($data[8]</textarea></td></tr>\n);
+    $i++;
+  }
+  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
+
   # More ACL trickery - we can live with forms that don't submit,
   # but we can't leave the extra table rows there, and we *really*
@@ -1208 +1059 @@
   my $updok = '';
   if ($IPDBacl{$authuser} =~ /c/) {
-    $updok = qq(<tr class="color$i"><td colspan=2 class=regular><div class="center">).
+    $updok = qq(<tr class="color).($i%2).qq("><td colspan=2><div class="center">).
         qq(<input type="submit" value=" Update this block " class="regular">).
         "</div></td></tr></form>\n";
@@ -1218 +1069 @@
   if ($IPDBacl{$authuser} =~ /d/) {
     $delok = qq(<form method="POST" action="main.cgi">
-        <tr class="color$i"><td colspan=2 class="regular"><div class=center>
+        <tr class="color).($i%2).qq("><td colspan=2 class="regular"><div class=center>
         <input type="hidden" name="action" value="delete">
         <input type="hidden" name="block" value="$webvar{block}">
@@ -1235 +1086 @@
 # action=update
 sub update {
+  if ($IPDBacl{$authuser} !~ /c/) {
+    printError("You shouldn't have been able to get here.  Access denied.");
+    return;
+  }
+
+  # Check to see if we can update restricted data
+  my $privdata = '';
+  if ($IPDBacl{$authuser} =~ /s/) {
+    $privdata = ",privdata='$webvar{privdata}'";
+  }
 
   # Make sure incoming data is in correct format - custID among other things.
@@ -1245 +1106 @@
     if (my $pooltype = ($webvar{alloctype} =~ /^(.)i$/) ) {
       $sql = "update poolips set custid='$webvar{custid}',notes='$webvar{notes}',".
-        "circuitid='$webvar{circid}',description='$webvar{desc}',city='$webvar{city}' ".
-        "where ip='$webvar{block}'";
+        "circuitid='$webvar{circid}',description='$webvar{desc}',city='$webvar{city}'".
+        "$privdata where ip='$webvar{block}'";
     } else {
       $sql = "update allocations set custid='$webvar{custid}',".
         "description='$webvar{desc}',notes='$webvar{notes}',city='$webvar{city}',".
-        "type='$webvar{alloctype}',circuitid='$webvar{circid}',".
+        "type='$webvar{alloctype}',circuitid='$webvar{circid}'$privdata ".
         "swip='".($webvar{swip} eq 'on' ? 'y' : 'n')."' ".
-        " where cidr='$webvar{block}'";
+        "where cidr='$webvar{block}'";
     }
     # Log the details of the change.
@@ -1290 +1151 @@
   $html =~ s/\$\$NOTES\$\$/$webvar{notes}/g;
 
+  if ($IPDBacl{$authuser} =~ /s/) {
+    $privdata = qq(<tr class="color2"><td valign="top">Restricted data:</td>).
+        qq(<td class="regular">).desanitize($webvar{privdata}).qq(</td></tr>\n);
+  }
+  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
+
   print $html;
 
@@ -1314 +1181 @@
   }
 
-  my ($cidr, $custid, $type, $city, $circid, $desc, $notes, $alloctype);
+  my ($cidr, $custid, $type, $city, $circid, $desc, $notes, $alloctype, $privdata);
 
   if ($webvar{alloctype} eq 'rm') {
@@ -1343 +1210 @@
 
     # Unassigning a static IP
-    my $sth = $ip_dbh->prepare("select ip,custid,city,type,notes,circuitid from poolips".
-        " where ip='$webvar{block}'");
+    my $sth = $ip_dbh->prepare("select ip,custid,city,type,notes,circuitid,privdata".
+        " from poolips where ip='$webvar{block}'");
     $sth->execute();
 #  croak $sth->errstr() if($sth->errstr());
 
-    $sth->bind_columns(\$cidr, \$custid, \$city, \$alloctype, \$notes, \$circid);
+    $sth->bind_columns(\$cidr, \$custid, \$city, \$alloctype, \$notes, \$circid,
+        \$privdata);
     $sth->fetch() || croak $sth->errstr;
 
   } else { # done with alloctype=~ /^.i$/
 
-    my $sth = $ip_dbh->prepare("select cidr,custid,type,city,circuitid,description,notes from ".
-        "allocations where cidr='$webvar{block}'");
+    my $sth = $ip_dbh->prepare("select cidr,custid,type,city,circuitid,description,notes,privdata".
+        " from allocations where cidr='$webvar{block}'");
     $sth->execute();
 #       croak $sth->errstr() if($sth->errstr());
 
-    $sth->bind_columns(\$cidr, \$custid, \$alloctype, \$city, \$circid, \$desc, \$notes);
+    $sth->bind_columns(\$cidr, \$custid, \$alloctype, \$city, \$circid, \$desc,
+        \$notes, \$privdata);
     $sth->fetch() || carp $sth->errstr;
   } # end cases for different alloctypes
@@ -1381 +1250 @@
     $html =~ s|<!--warn-->|<tr bgcolor="black"><td colspan="2"><div class="red">Warning: clicking confirm will remove this record entirely.</div></td></tr>|;
   }
+
+  my $i = 1;
+  # Check to see if user is allowed to do anything with sensitive data
+  if ($IPDBacl{$authuser} =~ /s/) {
+    $privdata = qq(<tr class="color).($i%2).qq("><td>Restricted data:</td>).
+        qq(<td class=regular>$privdata</td></tr>\n);
+    $i++;
+  }
+  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
+
+  $i = ++$i % 2;
+  $html =~ s/\$\$BUTTONROWCOLOUR\$\$/color$i/;
 
   print $html;