LDP
/
LDP
mirror of https://github.com/tLDP/LDP
0
1
Fork 0
Code Releases Activity

database security rewrite

This commit is contained in:
david 2002-01-18 00:51:45 +00:00
parent 57f5bdc4eb
commit 17232da14f
20 changed files with 223 additions and 238 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
LDP/lampadas/www/document_add.pl
View File

@ -7,22 +7,22 @@ $query = new CGI;
$dbmain = "ldp";
$conn=Pg::connectdb("dbname=$dbmain");
@row;
$username = $query->remote_user();
if ( $username eq "guest") {
print header;
print "<html><head><title>No Permission</title>\n";
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
print "<body>\n";
print "<h1>No Permission</h1>\n";
print "You do not have permission to modify the database.\n";
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
print end_html;
exit;
$result=$conn->exec("SELECT username, admin FROM username WHERE username='$username'");
@row = $result->fetchrow;
if ($username ne $row[0]) {
print $query->redirect("../newaccount.html");
exit;
} else {
$admin = $row[1];
if ($admin ne 't') {
print $query->redirect("../wrongpermission.html");
exit;
}
}
@row;
$caller = param('caller');
$sql = "SELECT max(doc_id) from document";
@ -40,20 +40,7 @@ $pub_status = param('pub_status');
$sql = "INSERT INTO document(doc_id, title, filename, class, format, dtd, dtd_version, version, last_update, url, isbn, pub_status, author_status, review_status, tickle_date, pub_date, ref_url, tech_review_status, maintained)";
$sql = "$sql VALUES ($doc_id, '$title', NULL, '$class', '$format', '$dtd', NULL, NULL, NULL, NULL, NULL, '$pub_status', '$author_status', 'U', NULL, NULL, NULL, 'U', 't')";
#print header;
#print start_html;
#print "<p>doc_id:$doc_id";
#print "<p>title:$title";
#print "<p>pub_status:$pub_status";
#print "<p>class:$class";
#print "<p>format:$format";
#print "<p>dtd:$dtd";
#print "<p>sql:$sql";
#print end_html;
#exit;
$conn->exec($sql);
print $query->redirect("document_edit.pl?doc_id=$doc_id");
#print $query->redirect($caller);

1
LDP/lampadas/www/document_edit.pl
View File

@ -4,7 +4,6 @@ use CGI qw(:standard);
use Pg;
$query = new CGI;
$dbmain = "ldp";
@row;

26
LDP/lampadas/www/document_editor_add.pl
View File

@ -4,19 +4,6 @@ use CGI qw(:standard);
use Pg;
$query = new CGI;
$username = $query->remote_user();
if ( $username eq "guest") {
print header;
print "<html><head><title>No Permission</title>\n";
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
print "<body>\n";
print "<h1>No Permission</h1>\n";
print "You do not have permission to modify the database.\n";
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
print end_html;
exit;
}
$dbmain = "ldp";
@row;
@ -29,6 +16,19 @@ $editor_role = param('editor_role');
$conn=Pg::connectdb("dbname=$dbmain");
$username = $query->remote_user();
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
@row = $result->fetchrow;
if ($username ne $row[0]) {
print $query->redirect("../newaccount.html");
exit;
} else {
if (($row[1] ne 't') and ($row[2] != $doc_id)) {
print $query->redirect("../wrongpermission.html");
exit;
}
}
#print header;
#print start_html;
$sql = "INSERT INTO document_editor(doc_id, editor_id, active, editor_role) VALUES ($doc_id, $editor_id, '$active', '$editor_role')";

25
LDP/lampadas/www/document_editor_save.pl
View File

@ -5,18 +5,6 @@ use Pg;
$query = new CGI;
$username = $query->remote_user();
if ( $username eq "guest") {
print header;
print "<html><head><title>No Permission</title>\n";
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
print "<body>\n";
print "<h1>No Permission</h1>\n";
print "You do not have permission to modify the database.\n";
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
print end_html;
exit;
}
$dbmain = "ldp";
@row;
@ -30,6 +18,19 @@ $chkDel = param('chkDel');
$conn=Pg::connectdb("dbname=$dbmain");
$username = $query->remote_user();
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
@row = $result->fetchrow;
if ($username ne $row[0]) {
print $query->redirect("../newaccount.html");
exit;
} else {
if (($row[1] ne 't') and ($row[2] != $doc_id)) {
print $query->redirect("../wrongpermission.html");
exit;
}
}
if ( $chkDel eq 'on' ) {
$sql = "DELETE FROM document_editor WHERE doc_id = $doc_id and editor_id = $editor_id";
$result=$conn->exec($sql);

26
LDP/lampadas/www/document_maintainer_add.pl
View File

@ -4,19 +4,6 @@ use CGI qw(:standard);
use Pg;
$query = new CGI;
$username = $query->remote_user();
if ( $username eq "guest") {
print header;
print "<html><head><title>No Permission</title>\n";
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
print "<body>\n";
print "<h1>No Permission</h1>\n";
print "You do not have permission to modify the database.\n";
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
print end_html;
exit;
}
$dbmain = "ldp";
@row;
@ -30,6 +17,19 @@ $email = param('email');
$conn=Pg::connectdb("dbname=$dbmain");
$username = $query->remote_user();
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
@row = $result->fetchrow;
if ($username ne $row[0]) {
print $query->redirect("../newaccount.html");
exit;
} else {
if (($row[1] ne 't') and ($row[2] != $doc_id)) {
print $query->redirect("../wrongpermission.html");
exit;
}
}
#print header;
#print start_html;
$sql = "INSERT INTO document_maintainer(doc_id, maintainer_id, active, role, email) VALUES ($doc_id, $maintainer_id, '$active', '$role', '$email' )";

26
LDP/lampadas/www/document_maintainer_save.pl
View File

@ -4,19 +4,6 @@ use CGI qw(:standard);
use Pg;
$query = new CGI;
$username = $query->remote_user();
if ( $username eq "guest") {
print header;
print "<html><head><title>No Permission</title>\n";
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
print "<body>\n";
print "<h1>No Permission</h1>\n";
print "You do not have permission to modify the database.\n";
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
print end_html;
exit;
}
$dbmain = "ldp";
@row;
@ -31,6 +18,19 @@ $chkDel = param('chkDel');
$conn=Pg::connectdb("dbname=$dbmain");
$username = $query->remote_user();
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
@row = $result->fetchrow;
if ($username ne $row[0]) {
print $query->redirect("../newaccount.html");
exit;
} else {
if (($row[1] ne 't') and ($row[2] != $doc_id)) {
print $query->redirect("../wrongpermission.html");
exit;
}
}
#print header;
#print start_html;
if ( $chkDel eq 'on' ) {

19
LDP/lampadas/www/document_note_add.pl
View File

@ -4,19 +4,6 @@ use CGI qw(:standard);
use Pg;
$query = new CGI;
$username = $query->remote_user();
if ( $username eq "guest") {
print header;
print "<html><head><title>No Permission</title>\n";
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
print "<body>\n";
print "<h1>No Permission</h1>\n";
print "You do not have permission to modify the database.\n";
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
print end_html;
exit;
}
$dbmain = "ldp";
@row;
@ -24,6 +11,12 @@ $dbmain = "ldp";
$doc_id = param('doc_id');
$username = $query->remote_user();
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
@row = $result->fetchrow;
if ($username ne $row[0]) {
print $query->redirect("../newaccount.html");
exit;
}
$note = param('note');
while ($note =~ /\'/) {

26
LDP/lampadas/www/document_save.pl
View File

@ -4,19 +4,6 @@ use CGI qw(:standard);
use Pg;
$query = new CGI;
$username = $query->remote_user();
if ( $username eq "guest") {
print header;
print "<html><head><title>No Permission</title>\n";
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
print "<body>\n";
print "<h1>No Permission</h1>\n";
print "You do not have permission to modify the database.\n";
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
print end_html;
exit;
}
$dbmain = "ldp";
@row;
@ -55,6 +42,19 @@ $version =~ s/\'/\'\'/;
$conn=Pg::connectdb("dbname=$dbmain");
$username = $query->remote_user();
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
@row = $result->fetchrow;
if ($username ne $row[0]) {
print $query->redirect("../newaccount.html");
exit;
} else {
if (($row[1] ne 't') and ($row[2] != $doc_id)) {
print $query->redirect("../wrongpermission.html");
exit;
}
}
#This is horribly inefficient, but allows partial saves.
#For our volume, it hardly matters.
$sql = "UPDATE document SET title='$title' WHERE doc_id=$doc_id";

29
LDP/lampadas/www/document_topic_add.pl
View File

@ -4,19 +4,6 @@ use CGI qw(:standard);
use Pg;
$query = new CGI;
$username = $query->remote_user();
if ( $username eq "guest") {
print header;
print "<html><head><title>No Permission</title>\n";
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
print "<body>\n";
print "<h1>No Permission</h1>\n";
print "You do not have permission to modify the database.\n";
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
print end_html;
exit;
}
$dbmain = "ldp";
@row;
@ -25,13 +12,27 @@ $caller = param('caller');
$doc_id = param('doc_id');
$topic = param('topic');
$conn=Pg::connectdb("dbname=$dbmain");
$username = $query->remote_user();
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
@row = $result->fetchrow;
if ($username ne $row[0]) {
print $query->redirect("../newaccount.html");
exit;
} else {
if (($row[1] ne 't') and ($row[2] != $doc_id)) {
print $query->redirect("../wrongpermission.html");
exit;
}
}
@topic_subtopic_num = split /\./, $topic;
$topic_num = $topic_subtopic_num[0];
$subtopic_num = $topic_subtopic_num[1];
$sql = "INSERT INTO document_topic (doc_id, topic_num, subtopic_num) VALUES ($doc_id, $topic_num, $subtopic_num)";
$conn=Pg::connectdb("dbname=$dbmain");
$result=$conn->exec($sql);
print $query->redirect($caller)

26
LDP/lampadas/www/document_topic_del.pl
View File

@ -4,19 +4,6 @@ use CGI qw(:standard);
use Pg;
$query = new CGI;
$username = $query->remote_user();
if ( $username eq "guest") {
print header;
print "<html><head><title>No Permission</title>\n";
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
print "<body>\n";
print "<h1>No Permission</h1>\n";
print "You do not have permission to modify the database.\n";
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
print end_html;
exit;
}
$dbmain = "ldp";
@row;
@ -28,6 +15,19 @@ $caller = param('caller');
$conn=Pg::connectdb("dbname=$dbmain");
$username = $query->remote_user();
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
@row = $result->fetchrow;
if ($username ne $row[0]) {
print $query->redirect("../newaccount.html");
exit;
} else {
if (($row[1] ne 't') and ($row[2] != $doc_id)) {
print $query->redirect("../wrongpermission.html");
exit;
}
}
$sql = "DELETE FROM document_topic WHERE doc_id=$doc_id AND topic_num=$topic_num AND subtopic_num=$subtopic_num";
$result=$conn->exec($sql);

21
LDP/lampadas/www/document_vote_save.pl
View File

@ -4,24 +4,19 @@ use CGI qw(:standard);
use Pg;
$query = new CGI;
$username = $query->remote_user();
if ( $username eq "guest") {
print header;
print "<html><head><title>No Permission</title>\n";
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
print "<body>\n";
print "<h1>No Permission</h1>\n";
print "You do not have permission to modify the database.\n";
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
print end_html;
exit;
}
$dbmain = "ldp";
@row;
$conn=Pg::connectdb("dbname=$dbmain");
$username = $query->remote_user();
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
@row = $result->fetchrow;
if ($username ne $row[0]) {
print $query->redirect("../newaccount.html");
exit;
}
$doc_id = param('doc_id');
$vote = param('vote');
$username = $query->remote_user();

52
LDP/lampadas/www/document_wiki.pl
View File

@ -1,23 +1,37 @@
#! /usr/bin/perl
$workpath = "/tmp";
use CGI qw(:standard);
use Pg;
$query = new CGI;
$dbmain = "ldp";
@row;
$workpath = "/tmp";
# Read parameters
$doc_id = param('doc_id');
$conn=Pg::connectdb("dbname=$dbmain");
die $conn->errorMessage unless PGRES_CONNECTION_OK eq $conn->status;
$username = $query->remote_user();
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
@row = $result->fetchrow;
if ($username ne $row[0]) {
print $query->redirect("../newaccount.html");
exit;
} else {
if (($row[1] ne 't') and ($row[2] != $doc_id)) {
print $query->redirect("../wrongpermission.html");
exit;
}
}
$save = param('Save');
$preview = param('Preview');
$docbook = param('DocBook');
$wiki = param('wiki');
while ($wiki =~ /\'/) {
$wiki =~ s/\'/a1s2d3f4/;
@ -71,7 +85,7 @@ die $conn->errorMessage unless PGRES_TUPLES_OK eq $result->resultStatus;
$revisions = $row[0];
#if we're not previewing, load data from database and determine version
unless ($preview) {
unless ($preview or $docbook) {
$result = $conn->exec("SELECT wiki FROM document_wiki WHERE doc_id = $doc_id ORDER BY revision DESC LIMIT 1, 0");
die $conn->errorMessage unless PGRES_TUPLES_OK eq $result->resultStatus;
@row = $result->fetchrow;
@ -98,24 +112,20 @@ print "</table>\n";
print "<input type=submit value=Save name=Save>\n";
print "<input type=submit value=Preview name=Preview>\n";
print "<input type=submit value=DocBook name=DocBook>\n";
print "</form>\n";
print end_html;
}
if ($preview) {
if ($preview or $docbook) {
$txtfile = "$workpath/foo.txt";
$sgmlfile = $txtfile;
$sgmlfile =~ s/\.txt/\.sgml/;
$htmlfile = $txtfile;
$htmlfile =~ s/\.txt/\.html/;
# print "<hr>Processing...\n";
# print "<p>SGML: $sgmlfile\n";
# print "<br>TXT: $txtfile\n";
# print "<br>HTML: $htmlfile\n";
open(TXT, "> $txtfile");
print TXT $wiki;
close(TXT);
@ -169,20 +179,32 @@ if ($preview) {
}
close(SGML);
# print "<p><hr>\n";
# print "<p>$buf\n";
$sgml .= "</article>\n";
open(SGML, "> $sgmlfile");
print SGML $sgml;
close(SGML);
}
if ($docbook) {
&printheader;
print "<p><hr>\n";
print "<pre>\n";
while ($sgml =~ /\</) {
$sgml =~ s/\</&lt;/;
}
while ($sgml =~ /\>/) {
$sgml =~ s/\>/&gt;/;
}
print $sgml;
print "</pre>\n";
print "</html>\n";
}
if ($preview) {
$cmd = "xsltproc --docbook /usr/share/sgml/docbook/stylesheet/xsl/nwalsh/html/docbook.xsl $sgmlfile > $htmlfile";
system($cmd);
# print "<p><hr>\n";
print header(-expires=>'now');
open(HTML, "$htmlfile");
$i = 0;

27
LDP/lampadas/www/editor_add.pl
View File

@ -4,25 +4,24 @@ use CGI qw(:standard);
use Pg;
$query = new CGI;
$username = $query->remote_user();
if ( $username eq "guest") {
print header;
print "<html><head><title>No Permission</title>\n";
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
print "<body>\n";
print "<h1>No Permission</h1>\n";
print "You do not have permission to modify the database.\n";
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
print end_html;
exit;
}
$dbmain = "ldp";
@row;
$conn=Pg::connectdb("dbname=$dbmain");
$username = $query->remote_user();
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
@row = $result->fetchrow;
if ($username ne $row[0]) {
print $query->redirect("../newaccount.html");
exit;
} else {
if (($row[1] ne 't') and ($row[2] != $doc_id)) {
print $query->redirect("../wrongpermission.html");
exit;
}
}
# Read parameters
$caller = param('caller');
$editor_name = param('editor_name');

3
LDP/lampadas/www/editor_edit.pl
View File

@ -2,8 +2,8 @@
use CGI qw(:standard);
use Pg;
$query = new CGI;
$query = new CGI;
$dbmain = "ldp";
@row;
@ -13,7 +13,6 @@ $editor_id = param('editor_id');
# Load data from db and call edit form
$conn=Pg::connectdb("dbname=$dbmain");
$result = $conn->exec("SELECT editor_id, editor_name, email, notes from editor where editor_id = $editor_id");
die $conn->errorMessage unless PGRES_TUPLES_OK eq $result->resultStatus;

28
LDP/lampadas/www/editor_save.pl
View File

@ -4,20 +4,6 @@ use CGI qw(:standard);
use Pg;
$query = new CGI;
$username = $query->remote_user();
if ( $username eq "guest") {
print header;
print "<html><head><title>No Permission</title>\n";
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
print "<body>\n";
print "<h1>No Permission</h1>\n";
print "You do not have permission to modify the database.\n";
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
print end_html;
exit;
}
$dbmain = "ldp";
@row;
@ -30,6 +16,20 @@ $notes = param('notes');
$notes =~ s/\'/\'\'/;
$conn=Pg::connectdb("dbname=$dbmain");
$username = $query->remote_user();
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
@row = $result->fetchrow;
if ($username ne $row[0]) {
print $query->redirect("../newaccount.html");
exit;
} else {
if (($row[1] ne 't') and ($row[2] != $doc_id)) {
print $query->redirect("../wrongpermission.html");
exit;
}
}
$sql = "UPDATE editor SET editor_name='$editor_name', email='$email', notes='$notes' WHERE editor_id = $editor_id";
$result=$conn->exec($sql);
print $query->redirect("editor_edit.pl?editor_id=$editor_id");

1
LDP/lampadas/www/ldp_stats.pl
View File

@ -8,7 +8,6 @@ $baseurl = "http://www.linuxdoc.org";
$basesql = "SELECT doc_id, title, class, ref_url, version, format FROM document ";
$dbmain='ldp';
$conn=Pg::connectdb("dbname=$dbmain");
print header;

31
LDP/lampadas/www/maintainer_add.pl
View File

@ -4,23 +4,7 @@ use CGI qw(:standard);
use Pg;
$query = new CGI;
$username = $query->remote_user();
if ( $username eq "guest") {
print header;
print "<html><head><title>No Permission</title>\n";
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
print "<body>\n";
print "<h1>No Permission</h1>\n";
print "You do not have permission to modify the database.\n";
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
print end_html;
exit;
}
$dbmain = "ldp";
$conn=Pg::connectdb("dbname=$dbmain");
@row;
# Read parameters
@ -29,6 +13,21 @@ $maintainer_name = param('maintainer_name');
$maintainer_name =~ s/\'/\'\'/;
$email = param('email');
$conn=Pg::connectdb("dbname=$dbmain");
$username = $query->remote_user();
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
@row = $result->fetchrow;
if ($username ne $row[0]) {
print $query->redirect("../newaccount.html");
exit;
} else {
if (($row[1] ne 't') and ($row[2] != $doc_id)) {
print $query->redirect("../wrongpermission.html");
exit;
}
}
$sql = "SELECT max(maintainer_id) from maintainer";
$result=$conn->exec($sql);
@row = $result->fetchrow;

2
LDP/lampadas/www/maintainer_edit.pl
View File

@ -4,7 +4,6 @@ use CGI qw(:standard);
use Pg;
$query = new CGI;
$dbmain = "ldp";
@row;
@ -14,7 +13,6 @@ $maintainer_id = param('maintainer_id');
# Load data from db and call edit form
$conn=Pg::connectdb("dbname=$dbmain");
$result = $conn->exec("SELECT maintainer_id, maintainer_name, email from maintainer where maintainer_id = $maintainer_id");
die $conn->errorMessage unless PGRES_TUPLES_OK eq $result->resultStatus;

28
LDP/lampadas/www/maintainer_note_add.pl
View File

@ -4,33 +4,25 @@ use CGI qw(:standard);
use Pg;
$query = new CGI;
$caller = param('caller');
$username = $query->remote_user();
if ( $username eq "guest") {
print header;
print "<html><head><title>No Permission</title>\n";
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
print "<body>\n";
print "<h1>No Permission</h1>\n";
print "You do not have permission to modify the database.\n";
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
print end_html;
exit;
}
$dbmain = "ldp";
@row;
# Read parameters
$caller = param('caller');
$maintainer_id = param('maintainer_id');
$username = $query->remote_user();
$note = param('note');
$note =~ s/\'/\'\'/;
$conn=Pg::connectdb("dbname=$dbmain");
$username = $query->remote_user();
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
@row = $result->fetchrow;
if ($username ne $row[0]) {
print $query->redirect("../newaccount.html");
exit;
}
$sql = "INSERT INTO maintainer_notes (maintainer_id, date_entered, username, notes) values ($maintainer_id, now(), '$username', '$note')";
$result=$conn->exec($sql);

27
LDP/lampadas/www/maintainer_save.pl
View File

@ -4,19 +4,6 @@ use CGI qw(:standard);
use Pg;
$query = new CGI;
$username = $query->remote_user();
if ( $username eq "guest") {
print header;
print "<html><head><title>No Permission</title>\n";
print "<link rel=stylesheet href='../ldp.css' type='text/css'></head>\n";
print "<body>\n";
print "<h1>No Permission</h1>\n";
print "You do not have permission to modify the database.\n";
print "<p>You need to <a href='../'>get an account</a> before you can modify data.\n";
print end_html;
exit;
}
$dbmain = "ldp";
@row;
@ -27,6 +14,20 @@ $maintainer_name =~ s/\'/\'\'/;
$email = param('email');
$conn=Pg::connectdb("dbname=$dbmain");
$username = $query->remote_user();
$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'");
@row = $result->fetchrow;
if ($username ne $row[0]) {
print $query->redirect("../newaccount.html");
exit;
} else {
if (($row[1] ne 't') and ($row[2] != $doc_id)) {
print $query->redirect("../wrongpermission.html");
exit;
}
}
$sql = "UPDATE maintainer SET maintainer_name='$maintainer_name', email='$email' WHERE maintainer_id = $maintainer_id";
$result=$conn->exec($sql);
print $query->redirect("maintainer_edit.pl?maintainer_id=$maintainer_id");