mirror of https://github.com/tLDP/LDP
database security rewrite
This commit is contained in:
parent
57f5bdc4eb
commit
17232da14f
|
@ -7,22 +7,22 @@ $query = new CGI;
|
|||
|
||||
$dbmain = "ldp";
|
||||
$conn=Pg::connectdb("dbname=$dbmain");
|
||||
@row;
|
||||
|
||||
$username = $query->remote_user();
|
||||
if ( $username eq "guest") {
|
||||
print header;
|
||||
print "<html><head><title>No Permission</title>\n";
|
||||
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
|
||||
print "<body>\n";
|
||||
print "<h1>No Permission</h1>\n";
|
||||
print "You do not have permission to modify the database.\n";
|
||||
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
|
||||
print end_html;
|
||||
exit;
|
||||
$result=$conn->exec("SELECT username, admin FROM username WHERE username='$username'");
|
||||
@row = $result->fetchrow;
|
||||
if ($username ne $row[0]) {
|
||||
print $query->redirect("../newaccount.html");
|
||||
exit;
|
||||
} else {
|
||||
$admin = $row[1];
|
||||
if ($admin ne 't') {
|
||||
print $query->redirect("../wrongpermission.html");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
@row;
|
||||
|
||||
$caller = param('caller');
|
||||
|
||||
$sql = "SELECT max(doc_id) from document";
|
||||
|
@ -40,20 +40,7 @@ $pub_status = param('pub_status');
|
|||
$sql = "INSERT INTO document(doc_id, title, filename, class, format, dtd, dtd_version, version, last_update, url, isbn, pub_status, author_status, review_status, tickle_date, pub_date, ref_url, tech_review_status, maintained)";
|
||||
$sql = "$sql VALUES ($doc_id, '$title', NULL, '$class', '$format', '$dtd', NULL, NULL, NULL, NULL, NULL, '$pub_status', '$author_status', 'U', NULL, NULL, NULL, 'U', 't')";
|
||||
|
||||
#print header;
|
||||
#print start_html;
|
||||
#print "<p>doc_id:$doc_id";
|
||||
#print "<p>title:$title";
|
||||
#print "<p>pub_status:$pub_status";
|
||||
#print "<p>class:$class";
|
||||
#print "<p>format:$format";
|
||||
#print "<p>dtd:$dtd";
|
||||
#print "<p>sql:$sql";
|
||||
#print end_html;
|
||||
#exit;
|
||||
|
||||
$conn->exec($sql);
|
||||
|
||||
print $query->redirect("document_edit.pl?doc_id=$doc_id");
|
||||
#print $query->redirect($caller);
|
||||
|
||||
|
|
|
@ -4,7 +4,6 @@ use CGI qw(:standard);
|
|||
use Pg;
|
||||
|
||||
$query = new CGI;
|
||||
|
||||
$dbmain = "ldp";
|
||||
@row;
|
||||
|
||||
|
|
|
@ -4,19 +4,6 @@ use CGI qw(:standard);
|
|||
use Pg;
|
||||
|
||||
$query = new CGI;
|
||||
|
||||
$username = $query->remote_user();
|
||||
if ( $username eq "guest") {
|
||||
print header;
|
||||
print "<html><head><title>No Permission</title>\n";
|
||||
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
|
||||
print "<body>\n";
|
||||
print "<h1>No Permission</h1>\n";
|
||||
print "You do not have permission to modify the database.\n";
|
||||
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
|
||||
print end_html;
|
||||
exit;
|
||||
}
|
||||
$dbmain = "ldp";
|
||||
@row;
|
||||
|
||||
|
@ -29,6 +16,19 @@ $editor_role = param('editor_role');
|
|||
|
||||
$conn=Pg::connectdb("dbname=$dbmain");
|
||||
|
||||
$username = $query->remote_user();
|
||||
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
|
||||
@row = $result->fetchrow;
|
||||
if ($username ne $row[0]) {
|
||||
print $query->redirect("../newaccount.html");
|
||||
exit;
|
||||
} else {
|
||||
if (($row[1] ne 't') and ($row[2] != $doc_id)) {
|
||||
print $query->redirect("../wrongpermission.html");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
#print header;
|
||||
#print start_html;
|
||||
$sql = "INSERT INTO document_editor(doc_id, editor_id, active, editor_role) VALUES ($doc_id, $editor_id, '$active', '$editor_role')";
|
||||
|
|
|
@ -5,18 +5,6 @@ use Pg;
|
|||
|
||||
$query = new CGI;
|
||||
|
||||
$username = $query->remote_user();
|
||||
if ( $username eq "guest") {
|
||||
print header;
|
||||
print "<html><head><title>No Permission</title>\n";
|
||||
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
|
||||
print "<body>\n";
|
||||
print "<h1>No Permission</h1>\n";
|
||||
print "You do not have permission to modify the database.\n";
|
||||
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
|
||||
print end_html;
|
||||
exit;
|
||||
}
|
||||
$dbmain = "ldp";
|
||||
@row;
|
||||
|
||||
|
@ -30,6 +18,19 @@ $chkDel = param('chkDel');
|
|||
|
||||
$conn=Pg::connectdb("dbname=$dbmain");
|
||||
|
||||
$username = $query->remote_user();
|
||||
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
|
||||
@row = $result->fetchrow;
|
||||
if ($username ne $row[0]) {
|
||||
print $query->redirect("../newaccount.html");
|
||||
exit;
|
||||
} else {
|
||||
if (($row[1] ne 't') and ($row[2] != $doc_id)) {
|
||||
print $query->redirect("../wrongpermission.html");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
if ( $chkDel eq 'on' ) {
|
||||
$sql = "DELETE FROM document_editor WHERE doc_id = $doc_id and editor_id = $editor_id";
|
||||
$result=$conn->exec($sql);
|
||||
|
|
|
@ -4,19 +4,6 @@ use CGI qw(:standard);
|
|||
use Pg;
|
||||
|
||||
$query = new CGI;
|
||||
|
||||
$username = $query->remote_user();
|
||||
if ( $username eq "guest") {
|
||||
print header;
|
||||
print "<html><head><title>No Permission</title>\n";
|
||||
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
|
||||
print "<body>\n";
|
||||
print "<h1>No Permission</h1>\n";
|
||||
print "You do not have permission to modify the database.\n";
|
||||
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
|
||||
print end_html;
|
||||
exit;
|
||||
}
|
||||
$dbmain = "ldp";
|
||||
@row;
|
||||
|
||||
|
@ -30,6 +17,19 @@ $email = param('email');
|
|||
|
||||
$conn=Pg::connectdb("dbname=$dbmain");
|
||||
|
||||
$username = $query->remote_user();
|
||||
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
|
||||
@row = $result->fetchrow;
|
||||
if ($username ne $row[0]) {
|
||||
print $query->redirect("../newaccount.html");
|
||||
exit;
|
||||
} else {
|
||||
if (($row[1] ne 't') and ($row[2] != $doc_id)) {
|
||||
print $query->redirect("../wrongpermission.html");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
#print header;
|
||||
#print start_html;
|
||||
$sql = "INSERT INTO document_maintainer(doc_id, maintainer_id, active, role, email) VALUES ($doc_id, $maintainer_id, '$active', '$role', '$email' )";
|
||||
|
|
|
@ -4,19 +4,6 @@ use CGI qw(:standard);
|
|||
use Pg;
|
||||
|
||||
$query = new CGI;
|
||||
|
||||
$username = $query->remote_user();
|
||||
if ( $username eq "guest") {
|
||||
print header;
|
||||
print "<html><head><title>No Permission</title>\n";
|
||||
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
|
||||
print "<body>\n";
|
||||
print "<h1>No Permission</h1>\n";
|
||||
print "You do not have permission to modify the database.\n";
|
||||
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
|
||||
print end_html;
|
||||
exit;
|
||||
}
|
||||
$dbmain = "ldp";
|
||||
@row;
|
||||
|
||||
|
@ -31,6 +18,19 @@ $chkDel = param('chkDel');
|
|||
|
||||
$conn=Pg::connectdb("dbname=$dbmain");
|
||||
|
||||
$username = $query->remote_user();
|
||||
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
|
||||
@row = $result->fetchrow;
|
||||
if ($username ne $row[0]) {
|
||||
print $query->redirect("../newaccount.html");
|
||||
exit;
|
||||
} else {
|
||||
if (($row[1] ne 't') and ($row[2] != $doc_id)) {
|
||||
print $query->redirect("../wrongpermission.html");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
#print header;
|
||||
#print start_html;
|
||||
if ( $chkDel eq 'on' ) {
|
||||
|
|
|
@ -4,19 +4,6 @@ use CGI qw(:standard);
|
|||
use Pg;
|
||||
|
||||
$query = new CGI;
|
||||
|
||||
$username = $query->remote_user();
|
||||
if ( $username eq "guest") {
|
||||
print header;
|
||||
print "<html><head><title>No Permission</title>\n";
|
||||
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
|
||||
print "<body>\n";
|
||||
print "<h1>No Permission</h1>\n";
|
||||
print "You do not have permission to modify the database.\n";
|
||||
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
|
||||
print end_html;
|
||||
exit;
|
||||
}
|
||||
$dbmain = "ldp";
|
||||
@row;
|
||||
|
||||
|
@ -24,6 +11,12 @@ $dbmain = "ldp";
|
|||
$doc_id = param('doc_id');
|
||||
|
||||
$username = $query->remote_user();
|
||||
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
|
||||
@row = $result->fetchrow;
|
||||
if ($username ne $row[0]) {
|
||||
print $query->redirect("../newaccount.html");
|
||||
exit;
|
||||
}
|
||||
|
||||
$note = param('note');
|
||||
while ($note =~ /\'/) {
|
||||
|
|
|
@ -4,19 +4,6 @@ use CGI qw(:standard);
|
|||
use Pg;
|
||||
|
||||
$query = new CGI;
|
||||
|
||||
$username = $query->remote_user();
|
||||
if ( $username eq "guest") {
|
||||
print header;
|
||||
print "<html><head><title>No Permission</title>\n";
|
||||
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
|
||||
print "<body>\n";
|
||||
print "<h1>No Permission</h1>\n";
|
||||
print "You do not have permission to modify the database.\n";
|
||||
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
|
||||
print end_html;
|
||||
exit;
|
||||
}
|
||||
$dbmain = "ldp";
|
||||
@row;
|
||||
|
||||
|
@ -55,6 +42,19 @@ $version =~ s/\'/\'\'/;
|
|||
|
||||
$conn=Pg::connectdb("dbname=$dbmain");
|
||||
|
||||
$username = $query->remote_user();
|
||||
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
|
||||
@row = $result->fetchrow;
|
||||
if ($username ne $row[0]) {
|
||||
print $query->redirect("../newaccount.html");
|
||||
exit;
|
||||
} else {
|
||||
if (($row[1] ne 't') and ($row[2] != $doc_id)) {
|
||||
print $query->redirect("../wrongpermission.html");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
#This is horribly inefficient, but allows partial saves.
|
||||
#For our volume, it hardly matters.
|
||||
$sql = "UPDATE document SET title='$title' WHERE doc_id=$doc_id";
|
||||
|
|
|
@ -4,19 +4,6 @@ use CGI qw(:standard);
|
|||
use Pg;
|
||||
|
||||
$query = new CGI;
|
||||
|
||||
$username = $query->remote_user();
|
||||
if ( $username eq "guest") {
|
||||
print header;
|
||||
print "<html><head><title>No Permission</title>\n";
|
||||
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
|
||||
print "<body>\n";
|
||||
print "<h1>No Permission</h1>\n";
|
||||
print "You do not have permission to modify the database.\n";
|
||||
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
|
||||
print end_html;
|
||||
exit;
|
||||
}
|
||||
$dbmain = "ldp";
|
||||
@row;
|
||||
|
||||
|
@ -25,13 +12,27 @@ $caller = param('caller');
|
|||
$doc_id = param('doc_id');
|
||||
$topic = param('topic');
|
||||
|
||||
$conn=Pg::connectdb("dbname=$dbmain");
|
||||
|
||||
$username = $query->remote_user();
|
||||
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
|
||||
@row = $result->fetchrow;
|
||||
if ($username ne $row[0]) {
|
||||
print $query->redirect("../newaccount.html");
|
||||
exit;
|
||||
} else {
|
||||
if (($row[1] ne 't') and ($row[2] != $doc_id)) {
|
||||
print $query->redirect("../wrongpermission.html");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
@topic_subtopic_num = split /\./, $topic;
|
||||
$topic_num = $topic_subtopic_num[0];
|
||||
$subtopic_num = $topic_subtopic_num[1];
|
||||
|
||||
$sql = "INSERT INTO document_topic (doc_id, topic_num, subtopic_num) VALUES ($doc_id, $topic_num, $subtopic_num)";
|
||||
|
||||
$conn=Pg::connectdb("dbname=$dbmain");
|
||||
$result=$conn->exec($sql);
|
||||
|
||||
print $query->redirect($caller)
|
||||
|
|
|
@ -4,19 +4,6 @@ use CGI qw(:standard);
|
|||
use Pg;
|
||||
|
||||
$query = new CGI;
|
||||
|
||||
$username = $query->remote_user();
|
||||
if ( $username eq "guest") {
|
||||
print header;
|
||||
print "<html><head><title>No Permission</title>\n";
|
||||
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
|
||||
print "<body>\n";
|
||||
print "<h1>No Permission</h1>\n";
|
||||
print "You do not have permission to modify the database.\n";
|
||||
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
|
||||
print end_html;
|
||||
exit;
|
||||
}
|
||||
$dbmain = "ldp";
|
||||
@row;
|
||||
|
||||
|
@ -28,6 +15,19 @@ $caller = param('caller');
|
|||
|
||||
$conn=Pg::connectdb("dbname=$dbmain");
|
||||
|
||||
$username = $query->remote_user();
|
||||
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
|
||||
@row = $result->fetchrow;
|
||||
if ($username ne $row[0]) {
|
||||
print $query->redirect("../newaccount.html");
|
||||
exit;
|
||||
} else {
|
||||
if (($row[1] ne 't') and ($row[2] != $doc_id)) {
|
||||
print $query->redirect("../wrongpermission.html");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
$sql = "DELETE FROM document_topic WHERE doc_id=$doc_id AND topic_num=$topic_num AND subtopic_num=$subtopic_num";
|
||||
$result=$conn->exec($sql);
|
||||
|
||||
|
|
|
@ -4,24 +4,19 @@ use CGI qw(:standard);
|
|||
use Pg;
|
||||
|
||||
$query = new CGI;
|
||||
$username = $query->remote_user();
|
||||
if ( $username eq "guest") {
|
||||
print header;
|
||||
print "<html><head><title>No Permission</title>\n";
|
||||
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
|
||||
print "<body>\n";
|
||||
print "<h1>No Permission</h1>\n";
|
||||
print "You do not have permission to modify the database.\n";
|
||||
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
|
||||
print end_html;
|
||||
exit;
|
||||
}
|
||||
|
||||
$dbmain = "ldp";
|
||||
@row;
|
||||
|
||||
$conn=Pg::connectdb("dbname=$dbmain");
|
||||
|
||||
$username = $query->remote_user();
|
||||
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
|
||||
@row = $result->fetchrow;
|
||||
if ($username ne $row[0]) {
|
||||
print $query->redirect("../newaccount.html");
|
||||
exit;
|
||||
}
|
||||
|
||||
$doc_id = param('doc_id');
|
||||
$vote = param('vote');
|
||||
$username = $query->remote_user();
|
||||
|
|
|
@ -1,23 +1,37 @@
|
|||
#! /usr/bin/perl
|
||||
|
||||
$workpath = "/tmp";
|
||||
|
||||
use CGI qw(:standard);
|
||||
use Pg;
|
||||
|
||||
$query = new CGI;
|
||||
|
||||
$dbmain = "ldp";
|
||||
@row;
|
||||
|
||||
$workpath = "/tmp";
|
||||
|
||||
# Read parameters
|
||||
$doc_id = param('doc_id');
|
||||
|
||||
$conn=Pg::connectdb("dbname=$dbmain");
|
||||
die $conn->errorMessage unless PGRES_CONNECTION_OK eq $conn->status;
|
||||
|
||||
$username = $query->remote_user();
|
||||
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
|
||||
@row = $result->fetchrow;
|
||||
if ($username ne $row[0]) {
|
||||
print $query->redirect("../newaccount.html");
|
||||
exit;
|
||||
} else {
|
||||
if (($row[1] ne 't') and ($row[2] != $doc_id)) {
|
||||
print $query->redirect("../wrongpermission.html");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
$save = param('Save');
|
||||
$preview = param('Preview');
|
||||
$docbook = param('DocBook');
|
||||
|
||||
$wiki = param('wiki');
|
||||
while ($wiki =~ /\'/) {
|
||||
$wiki =~ s/\'/a1s2d3f4/;
|
||||
|
@ -71,7 +85,7 @@ die $conn->errorMessage unless PGRES_TUPLES_OK eq $result->resultStatus;
|
|||
$revisions = $row[0];
|
||||
|
||||
#if we're not previewing, load data from database and determine version
|
||||
unless ($preview) {
|
||||
unless ($preview or $docbook) {
|
||||
$result = $conn->exec("SELECT wiki FROM document_wiki WHERE doc_id = $doc_id ORDER BY revision DESC LIMIT 1, 0");
|
||||
die $conn->errorMessage unless PGRES_TUPLES_OK eq $result->resultStatus;
|
||||
@row = $result->fetchrow;
|
||||
|
@ -98,24 +112,20 @@ print "</table>\n";
|
|||
|
||||
print "<input type=submit value=Save name=Save>\n";
|
||||
print "<input type=submit value=Preview name=Preview>\n";
|
||||
print "<input type=submit value=DocBook name=DocBook>\n";
|
||||
print "</form>\n";
|
||||
|
||||
print end_html;
|
||||
|
||||
}
|
||||
|
||||
if ($preview) {
|
||||
if ($preview or $docbook) {
|
||||
$txtfile = "$workpath/foo.txt";
|
||||
$sgmlfile = $txtfile;
|
||||
$sgmlfile =~ s/\.txt/\.sgml/;
|
||||
$htmlfile = $txtfile;
|
||||
$htmlfile =~ s/\.txt/\.html/;
|
||||
|
||||
# print "<hr>Processing...\n";
|
||||
# print "<p>SGML: $sgmlfile\n";
|
||||
# print "<br>TXT: $txtfile\n";
|
||||
# print "<br>HTML: $htmlfile\n";
|
||||
|
||||
open(TXT, "> $txtfile");
|
||||
print TXT $wiki;
|
||||
close(TXT);
|
||||
|
@ -169,20 +179,32 @@ if ($preview) {
|
|||
}
|
||||
close(SGML);
|
||||
|
||||
# print "<p><hr>\n";
|
||||
# print "<p>$buf\n";
|
||||
|
||||
$sgml .= "</article>\n";
|
||||
|
||||
open(SGML, "> $sgmlfile");
|
||||
print SGML $sgml;
|
||||
close(SGML);
|
||||
}
|
||||
|
||||
if ($docbook) {
|
||||
&printheader;
|
||||
print "<p><hr>\n";
|
||||
print "<pre>\n";
|
||||
while ($sgml =~ /\</) {
|
||||
$sgml =~ s/\</</;
|
||||
}
|
||||
while ($sgml =~ /\>/) {
|
||||
$sgml =~ s/\>/>/;
|
||||
}
|
||||
print $sgml;
|
||||
print "</pre>\n";
|
||||
print "</html>\n";
|
||||
}
|
||||
|
||||
if ($preview) {
|
||||
$cmd = "xsltproc --docbook /usr/share/sgml/docbook/stylesheet/xsl/nwalsh/html/docbook.xsl $sgmlfile > $htmlfile";
|
||||
system($cmd);
|
||||
|
||||
# print "<p><hr>\n";
|
||||
|
||||
print header(-expires=>'now');
|
||||
open(HTML, "$htmlfile");
|
||||
$i = 0;
|
||||
|
|
|
@ -4,25 +4,24 @@ use CGI qw(:standard);
|
|||
use Pg;
|
||||
|
||||
$query = new CGI;
|
||||
|
||||
$username = $query->remote_user();
|
||||
if ( $username eq "guest") {
|
||||
print header;
|
||||
print "<html><head><title>No Permission</title>\n";
|
||||
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
|
||||
print "<body>\n";
|
||||
print "<h1>No Permission</h1>\n";
|
||||
print "You do not have permission to modify the database.\n";
|
||||
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
|
||||
print end_html;
|
||||
exit;
|
||||
}
|
||||
|
||||
$dbmain = "ldp";
|
||||
@row;
|
||||
|
||||
$conn=Pg::connectdb("dbname=$dbmain");
|
||||
|
||||
$username = $query->remote_user();
|
||||
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
|
||||
@row = $result->fetchrow;
|
||||
if ($username ne $row[0]) {
|
||||
print $query->redirect("../newaccount.html");
|
||||
exit;
|
||||
} else {
|
||||
if (($row[1] ne 't') and ($row[2] != $doc_id)) {
|
||||
print $query->redirect("../wrongpermission.html");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
# Read parameters
|
||||
$caller = param('caller');
|
||||
$editor_name = param('editor_name');
|
||||
|
|
|
@ -2,8 +2,8 @@
|
|||
|
||||
use CGI qw(:standard);
|
||||
use Pg;
|
||||
$query = new CGI;
|
||||
|
||||
$query = new CGI;
|
||||
$dbmain = "ldp";
|
||||
@row;
|
||||
|
||||
|
@ -13,7 +13,6 @@ $editor_id = param('editor_id');
|
|||
# Load data from db and call edit form
|
||||
$conn=Pg::connectdb("dbname=$dbmain");
|
||||
|
||||
|
||||
$result = $conn->exec("SELECT editor_id, editor_name, email, notes from editor where editor_id = $editor_id");
|
||||
die $conn->errorMessage unless PGRES_TUPLES_OK eq $result->resultStatus;
|
||||
|
||||
|
|
|
@ -4,20 +4,6 @@ use CGI qw(:standard);
|
|||
use Pg;
|
||||
|
||||
$query = new CGI;
|
||||
|
||||
$username = $query->remote_user();
|
||||
if ( $username eq "guest") {
|
||||
print header;
|
||||
print "<html><head><title>No Permission</title>\n";
|
||||
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
|
||||
print "<body>\n";
|
||||
print "<h1>No Permission</h1>\n";
|
||||
print "You do not have permission to modify the database.\n";
|
||||
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
|
||||
print end_html;
|
||||
exit;
|
||||
}
|
||||
|
||||
$dbmain = "ldp";
|
||||
@row;
|
||||
|
||||
|
@ -30,6 +16,20 @@ $notes = param('notes');
|
|||
$notes =~ s/\'/\'\'/;
|
||||
|
||||
$conn=Pg::connectdb("dbname=$dbmain");
|
||||
|
||||
$username = $query->remote_user();
|
||||
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
|
||||
@row = $result->fetchrow;
|
||||
if ($username ne $row[0]) {
|
||||
print $query->redirect("../newaccount.html");
|
||||
exit;
|
||||
} else {
|
||||
if (($row[1] ne 't') and ($row[2] != $doc_id)) {
|
||||
print $query->redirect("../wrongpermission.html");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
$sql = "UPDATE editor SET editor_name='$editor_name', email='$email', notes='$notes' WHERE editor_id = $editor_id";
|
||||
$result=$conn->exec($sql);
|
||||
print $query->redirect("editor_edit.pl?editor_id=$editor_id");
|
||||
|
|
|
@ -8,7 +8,6 @@ $baseurl = "http://www.linuxdoc.org";
|
|||
$basesql = "SELECT doc_id, title, class, ref_url, version, format FROM document ";
|
||||
$dbmain='ldp';
|
||||
|
||||
|
||||
$conn=Pg::connectdb("dbname=$dbmain");
|
||||
|
||||
print header;
|
||||
|
|
|
@ -4,23 +4,7 @@ use CGI qw(:standard);
|
|||
use Pg;
|
||||
|
||||
$query = new CGI;
|
||||
|
||||
$username = $query->remote_user();
|
||||
if ( $username eq "guest") {
|
||||
print header;
|
||||
print "<html><head><title>No Permission</title>\n";
|
||||
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
|
||||
print "<body>\n";
|
||||
print "<h1>No Permission</h1>\n";
|
||||
print "You do not have permission to modify the database.\n";
|
||||
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
|
||||
print end_html;
|
||||
exit;
|
||||
}
|
||||
|
||||
$dbmain = "ldp";
|
||||
$conn=Pg::connectdb("dbname=$dbmain");
|
||||
|
||||
@row;
|
||||
|
||||
# Read parameters
|
||||
|
@ -29,6 +13,21 @@ $maintainer_name = param('maintainer_name');
|
|||
$maintainer_name =~ s/\'/\'\'/;
|
||||
$email = param('email');
|
||||
|
||||
$conn=Pg::connectdb("dbname=$dbmain");
|
||||
|
||||
$username = $query->remote_user();
|
||||
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
|
||||
@row = $result->fetchrow;
|
||||
if ($username ne $row[0]) {
|
||||
print $query->redirect("../newaccount.html");
|
||||
exit;
|
||||
} else {
|
||||
if (($row[1] ne 't') and ($row[2] != $doc_id)) {
|
||||
print $query->redirect("../wrongpermission.html");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
$sql = "SELECT max(maintainer_id) from maintainer";
|
||||
$result=$conn->exec($sql);
|
||||
@row = $result->fetchrow;
|
||||
|
|
|
@ -4,7 +4,6 @@ use CGI qw(:standard);
|
|||
use Pg;
|
||||
|
||||
$query = new CGI;
|
||||
|
||||
$dbmain = "ldp";
|
||||
@row;
|
||||
|
||||
|
@ -14,7 +13,6 @@ $maintainer_id = param('maintainer_id');
|
|||
# Load data from db and call edit form
|
||||
$conn=Pg::connectdb("dbname=$dbmain");
|
||||
|
||||
|
||||
$result = $conn->exec("SELECT maintainer_id, maintainer_name, email from maintainer where maintainer_id = $maintainer_id");
|
||||
die $conn->errorMessage unless PGRES_TUPLES_OK eq $result->resultStatus;
|
||||
|
||||
|
|
|
@ -4,33 +4,25 @@ use CGI qw(:standard);
|
|||
use Pg;
|
||||
|
||||
$query = new CGI;
|
||||
|
||||
$caller = param('caller');
|
||||
|
||||
$username = $query->remote_user();
|
||||
if ( $username eq "guest") {
|
||||
print header;
|
||||
print "<html><head><title>No Permission</title>\n";
|
||||
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
|
||||
print "<body>\n";
|
||||
print "<h1>No Permission</h1>\n";
|
||||
print "You do not have permission to modify the database.\n";
|
||||
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
|
||||
print end_html;
|
||||
exit;
|
||||
}
|
||||
$dbmain = "ldp";
|
||||
@row;
|
||||
|
||||
# Read parameters
|
||||
$caller = param('caller');
|
||||
$maintainer_id = param('maintainer_id');
|
||||
|
||||
$username = $query->remote_user();
|
||||
|
||||
$note = param('note');
|
||||
$note =~ s/\'/\'\'/;
|
||||
|
||||
$conn=Pg::connectdb("dbname=$dbmain");
|
||||
|
||||
$username = $query->remote_user();
|
||||
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
|
||||
@row = $result->fetchrow;
|
||||
if ($username ne $row[0]) {
|
||||
print $query->redirect("../newaccount.html");
|
||||
exit;
|
||||
}
|
||||
|
||||
$sql = "INSERT INTO maintainer_notes (maintainer_id, date_entered, username, notes) values ($maintainer_id, now(), '$username', '$note')";
|
||||
$result=$conn->exec($sql);
|
||||
|
||||
|
|
|
@ -4,19 +4,6 @@ use CGI qw(:standard);
|
|||
use Pg;
|
||||
|
||||
$query = new CGI;
|
||||
|
||||
$username = $query->remote_user();
|
||||
if ( $username eq "guest") {
|
||||
print header;
|
||||
print "<html><head><title>No Permission</title>\n";
|
||||
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
|
||||
print "<body>\n";
|
||||
print "<h1>No Permission</h1>\n";
|
||||
print "You do not have permission to modify the database.\n";
|
||||
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
|
||||
print end_html;
|
||||
exit;
|
||||
}
|
||||
$dbmain = "ldp";
|
||||
@row;
|
||||
|
||||
|
@ -27,6 +14,20 @@ $maintainer_name =~ s/\'/\'\'/;
|
|||
$email = param('email');
|
||||
|
||||
$conn=Pg::connectdb("dbname=$dbmain");
|
||||
|
||||
$username = $query->remote_user();
|
||||
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
|
||||
@row = $result->fetchrow;
|
||||
if ($username ne $row[0]) {
|
||||
print $query->redirect("../newaccount.html");
|
||||
exit;
|
||||
} else {
|
||||
if (($row[1] ne 't') and ($row[2] != $doc_id)) {
|
||||
print $query->redirect("../wrongpermission.html");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
$sql = "UPDATE maintainer SET maintainer_name='$maintainer_name', email='$email' WHERE maintainer_id = $maintainer_id";
|
||||
$result=$conn->exec($sql);
|
||||
print $query->redirect("maintainer_edit.pl?maintainer_id=$maintainer_id");
|
||||
|
|
Loading…
Reference in New Issue