You need to get an account before you can modify data.\n"; - print end_html; - exit; +$result=$conn->exec("SELECT username, admin FROM username WHERE username='$username'"); +@row = $result->fetchrow; +if ($username ne $row[0]) { + print $query->redirect("../newaccount.html"); + exit; +} else { + $admin = $row[1]; + if ($admin ne 't') { + print $query->redirect("../wrongpermission.html"); + exit; + } } -@row; - $caller = param('caller'); $sql = "SELECT max(doc_id) from document"; @@ -40,20 +40,7 @@ $pub_status = param('pub_status'); $sql = "INSERT INTO document(doc_id, title, filename, class, format, dtd, dtd_version, version, last_update, url, isbn, pub_status, author_status, review_status, tickle_date, pub_date, ref_url, tech_review_status, maintained)"; $sql = "$sql VALUES ($doc_id, '$title', NULL, '$class', '$format', '$dtd', NULL, NULL, NULL, NULL, NULL, '$pub_status', '$author_status', 'U', NULL, NULL, NULL, 'U', 't')"; -#print header; -#print start_html; -#print "
doc_id:$doc_id"; -#print "
title:$title"; -#print "
pub_status:$pub_status"; -#print "
class:$class"; -#print "
format:$format"; -#print "
dtd:$dtd"; -#print "
sql:$sql"; -#print end_html; -#exit; - $conn->exec($sql); print $query->redirect("document_edit.pl?doc_id=$doc_id"); -#print $query->redirect($caller); diff --git a/LDP/lampadas/www/document_edit.pl b/LDP/lampadas/www/document_edit.pl index 200792c1..e8a7704c 100755 --- a/LDP/lampadas/www/document_edit.pl +++ b/LDP/lampadas/www/document_edit.pl @@ -4,7 +4,6 @@ use CGI qw(:standard); use Pg; $query = new CGI; - $dbmain = "ldp"; @row; diff --git a/LDP/lampadas/www/document_editor_add.pl b/LDP/lampadas/www/document_editor_add.pl index be1ac85f..0cdb143e 100755 --- a/LDP/lampadas/www/document_editor_add.pl +++ b/LDP/lampadas/www/document_editor_add.pl @@ -4,19 +4,6 @@ use CGI qw(:standard); use Pg; $query = new CGI; - -$username = $query->remote_user(); -if ( $username eq "guest") { - print header; - print "
You need to get an account before you can modify data.\n"; - print end_html; - exit; -} $dbmain = "ldp"; @row; @@ -29,6 +16,19 @@ $editor_role = param('editor_role'); $conn=Pg::connectdb("dbname=$dbmain"); +$username = $query->remote_user(); +$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'"); +@row = $result->fetchrow; +if ($username ne $row[0]) { + print $query->redirect("../newaccount.html"); + exit; +} else { + if (($row[1] ne 't') and ($row[2] != $doc_id)) { + print $query->redirect("../wrongpermission.html"); + exit; + } +} + #print header; #print start_html; $sql = "INSERT INTO document_editor(doc_id, editor_id, active, editor_role) VALUES ($doc_id, $editor_id, '$active', '$editor_role')"; diff --git a/LDP/lampadas/www/document_editor_save.pl b/LDP/lampadas/www/document_editor_save.pl index 9ae1cb8d..4fb41369 100755 --- a/LDP/lampadas/www/document_editor_save.pl +++ b/LDP/lampadas/www/document_editor_save.pl @@ -5,18 +5,6 @@ use Pg; $query = new CGI; -$username = $query->remote_user(); -if ( $username eq "guest") { - print header; - print "
You need to get an account before you can modify data.\n"; - print end_html; - exit; -} $dbmain = "ldp"; @row; @@ -30,6 +18,19 @@ $chkDel = param('chkDel'); $conn=Pg::connectdb("dbname=$dbmain"); +$username = $query->remote_user(); +$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'"); +@row = $result->fetchrow; +if ($username ne $row[0]) { + print $query->redirect("../newaccount.html"); + exit; +} else { + if (($row[1] ne 't') and ($row[2] != $doc_id)) { + print $query->redirect("../wrongpermission.html"); + exit; + } +} + if ( $chkDel eq 'on' ) { $sql = "DELETE FROM document_editor WHERE doc_id = $doc_id and editor_id = $editor_id"; $result=$conn->exec($sql); diff --git a/LDP/lampadas/www/document_maintainer_add.pl b/LDP/lampadas/www/document_maintainer_add.pl index 0153f372..dbd23a16 100755 --- a/LDP/lampadas/www/document_maintainer_add.pl +++ b/LDP/lampadas/www/document_maintainer_add.pl @@ -4,19 +4,6 @@ use CGI qw(:standard); use Pg; $query = new CGI; - -$username = $query->remote_user(); -if ( $username eq "guest") { - print header; - print "
You need to get an account before you can modify data.\n"; - print end_html; - exit; -} $dbmain = "ldp"; @row; @@ -30,6 +17,19 @@ $email = param('email'); $conn=Pg::connectdb("dbname=$dbmain"); +$username = $query->remote_user(); +$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'"); +@row = $result->fetchrow; +if ($username ne $row[0]) { + print $query->redirect("../newaccount.html"); + exit; +} else { + if (($row[1] ne 't') and ($row[2] != $doc_id)) { + print $query->redirect("../wrongpermission.html"); + exit; + } +} + #print header; #print start_html; $sql = "INSERT INTO document_maintainer(doc_id, maintainer_id, active, role, email) VALUES ($doc_id, $maintainer_id, '$active', '$role', '$email' )"; diff --git a/LDP/lampadas/www/document_maintainer_save.pl b/LDP/lampadas/www/document_maintainer_save.pl index 51723579..90d350d5 100755 --- a/LDP/lampadas/www/document_maintainer_save.pl +++ b/LDP/lampadas/www/document_maintainer_save.pl @@ -4,19 +4,6 @@ use CGI qw(:standard); use Pg; $query = new CGI; - -$username = $query->remote_user(); -if ( $username eq "guest") { - print header; - print "
You need to get an account before you can modify data.\n"; - print end_html; - exit; -} $dbmain = "ldp"; @row; @@ -31,6 +18,19 @@ $chkDel = param('chkDel'); $conn=Pg::connectdb("dbname=$dbmain"); +$username = $query->remote_user(); +$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'"); +@row = $result->fetchrow; +if ($username ne $row[0]) { + print $query->redirect("../newaccount.html"); + exit; +} else { + if (($row[1] ne 't') and ($row[2] != $doc_id)) { + print $query->redirect("../wrongpermission.html"); + exit; + } +} + #print header; #print start_html; if ( $chkDel eq 'on' ) { diff --git a/LDP/lampadas/www/document_note_add.pl b/LDP/lampadas/www/document_note_add.pl index e67a7477..cf1f0e95 100755 --- a/LDP/lampadas/www/document_note_add.pl +++ b/LDP/lampadas/www/document_note_add.pl @@ -4,19 +4,6 @@ use CGI qw(:standard); use Pg; $query = new CGI; - -$username = $query->remote_user(); -if ( $username eq "guest") { - print header; - print "
You need to get an account before you can modify data.\n"; - print end_html; - exit; -} $dbmain = "ldp"; @row; @@ -24,6 +11,12 @@ $dbmain = "ldp"; $doc_id = param('doc_id'); $username = $query->remote_user(); +$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'"); +@row = $result->fetchrow; +if ($username ne $row[0]) { + print $query->redirect("../newaccount.html"); + exit; +} $note = param('note'); while ($note =~ /\'/) { diff --git a/LDP/lampadas/www/document_save.pl b/LDP/lampadas/www/document_save.pl index a51b2175..28241743 100755 --- a/LDP/lampadas/www/document_save.pl +++ b/LDP/lampadas/www/document_save.pl @@ -4,19 +4,6 @@ use CGI qw(:standard); use Pg; $query = new CGI; - -$username = $query->remote_user(); -if ( $username eq "guest") { - print header; - print "
You need to get an account before you can modify data.\n"; - print end_html; - exit; -} $dbmain = "ldp"; @row; @@ -55,6 +42,19 @@ $version =~ s/\'/\'\'/; $conn=Pg::connectdb("dbname=$dbmain"); +$username = $query->remote_user(); +$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'"); +@row = $result->fetchrow; +if ($username ne $row[0]) { + print $query->redirect("../newaccount.html"); + exit; +} else { + if (($row[1] ne 't') and ($row[2] != $doc_id)) { + print $query->redirect("../wrongpermission.html"); + exit; + } +} + #This is horribly inefficient, but allows partial saves. #For our volume, it hardly matters. $sql = "UPDATE document SET title='$title' WHERE doc_id=$doc_id"; diff --git a/LDP/lampadas/www/document_topic_add.pl b/LDP/lampadas/www/document_topic_add.pl index 8259faae..314d0a6f 100755 --- a/LDP/lampadas/www/document_topic_add.pl +++ b/LDP/lampadas/www/document_topic_add.pl @@ -4,19 +4,6 @@ use CGI qw(:standard); use Pg; $query = new CGI; - -$username = $query->remote_user(); -if ( $username eq "guest") { - print header; - print "
You need to get an account before you can modify data.\n"; - print end_html; - exit; -} $dbmain = "ldp"; @row; @@ -25,13 +12,27 @@ $caller = param('caller'); $doc_id = param('doc_id'); $topic = param('topic'); +$conn=Pg::connectdb("dbname=$dbmain"); + +$username = $query->remote_user(); +$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'"); +@row = $result->fetchrow; +if ($username ne $row[0]) { + print $query->redirect("../newaccount.html"); + exit; +} else { + if (($row[1] ne 't') and ($row[2] != $doc_id)) { + print $query->redirect("../wrongpermission.html"); + exit; + } +} + @topic_subtopic_num = split /\./, $topic; $topic_num = $topic_subtopic_num[0]; $subtopic_num = $topic_subtopic_num[1]; $sql = "INSERT INTO document_topic (doc_id, topic_num, subtopic_num) VALUES ($doc_id, $topic_num, $subtopic_num)"; -$conn=Pg::connectdb("dbname=$dbmain"); $result=$conn->exec($sql); print $query->redirect($caller) diff --git a/LDP/lampadas/www/document_topic_del.pl b/LDP/lampadas/www/document_topic_del.pl index eb3d54a2..8112361c 100755 --- a/LDP/lampadas/www/document_topic_del.pl +++ b/LDP/lampadas/www/document_topic_del.pl @@ -4,19 +4,6 @@ use CGI qw(:standard); use Pg; $query = new CGI; - -$username = $query->remote_user(); -if ( $username eq "guest") { - print header; - print "
You need to get an account before you can modify data.\n"; - print end_html; - exit; -} $dbmain = "ldp"; @row; @@ -28,6 +15,19 @@ $caller = param('caller'); $conn=Pg::connectdb("dbname=$dbmain"); +$username = $query->remote_user(); +$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'"); +@row = $result->fetchrow; +if ($username ne $row[0]) { + print $query->redirect("../newaccount.html"); + exit; +} else { + if (($row[1] ne 't') and ($row[2] != $doc_id)) { + print $query->redirect("../wrongpermission.html"); + exit; + } +} + $sql = "DELETE FROM document_topic WHERE doc_id=$doc_id AND topic_num=$topic_num AND subtopic_num=$subtopic_num"; $result=$conn->exec($sql); diff --git a/LDP/lampadas/www/document_vote_save.pl b/LDP/lampadas/www/document_vote_save.pl index 89539daf..b7665304 100755 --- a/LDP/lampadas/www/document_vote_save.pl +++ b/LDP/lampadas/www/document_vote_save.pl @@ -4,24 +4,19 @@ use CGI qw(:standard); use Pg; $query = new CGI; -$username = $query->remote_user(); -if ( $username eq "guest") { - print header; - print "
You need to get an account before you can modify data.\n"; - print end_html; - exit; -} - $dbmain = "ldp"; @row; $conn=Pg::connectdb("dbname=$dbmain"); +$username = $query->remote_user(); +$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'"); +@row = $result->fetchrow; +if ($username ne $row[0]) { + print $query->redirect("../newaccount.html"); + exit; +} + $doc_id = param('doc_id'); $vote = param('vote'); $username = $query->remote_user(); diff --git a/LDP/lampadas/www/document_wiki.pl b/LDP/lampadas/www/document_wiki.pl index a2c2fbaa..a48be496 100755 --- a/LDP/lampadas/www/document_wiki.pl +++ b/LDP/lampadas/www/document_wiki.pl @@ -1,23 +1,37 @@ #! /usr/bin/perl +$workpath = "/tmp"; + use CGI qw(:standard); use Pg; $query = new CGI; - $dbmain = "ldp"; @row; -$workpath = "/tmp"; - # Read parameters $doc_id = param('doc_id'); $conn=Pg::connectdb("dbname=$dbmain"); die $conn->errorMessage unless PGRES_CONNECTION_OK eq $conn->status; +$username = $query->remote_user(); +$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'"); +@row = $result->fetchrow; +if ($username ne $row[0]) { + print $query->redirect("../newaccount.html"); + exit; +} else { + if (($row[1] ne 't') and ($row[2] != $doc_id)) { + print $query->redirect("../wrongpermission.html"); + exit; + } +} + $save = param('Save'); $preview = param('Preview'); +$docbook = param('DocBook'); + $wiki = param('wiki'); while ($wiki =~ /\'/) { $wiki =~ s/\'/a1s2d3f4/; @@ -71,7 +85,7 @@ die $conn->errorMessage unless PGRES_TUPLES_OK eq $result->resultStatus; $revisions = $row[0]; #if we're not previewing, load data from database and determine version -unless ($preview) { +unless ($preview or $docbook) { $result = $conn->exec("SELECT wiki FROM document_wiki WHERE doc_id = $doc_id ORDER BY revision DESC LIMIT 1, 0"); die $conn->errorMessage unless PGRES_TUPLES_OK eq $result->resultStatus; @row = $result->fetchrow; @@ -98,24 +112,20 @@ print "\n"; print "\n"; print "\n"; +print "\n"; print "\n"; print end_html; } -if ($preview) { +if ($preview or $docbook) { $txtfile = "$workpath/foo.txt"; $sgmlfile = $txtfile; $sgmlfile =~ s/\.txt/\.sgml/; $htmlfile = $txtfile; $htmlfile =~ s/\.txt/\.html/; -# print "
SGML: $sgmlfile\n";
-# print "
TXT: $txtfile\n";
-# print "
HTML: $htmlfile\n";
-
open(TXT, "> $txtfile");
print TXT $wiki;
close(TXT);
@@ -169,20 +179,32 @@ if ($preview) {
}
close(SGML);
-# print "
$buf\n"; - $sgml .= "\n"; open(SGML, "> $sgmlfile"); print SGML $sgml; close(SGML); +} +if ($docbook) { + &printheader; + print "
\n";
+ while ($sgml =~ /\/) {
+ $sgml =~ s/\>/>/;
+ }
+ print $sgml;
+ print "\n";
+ print "\n";
+}
+
+if ($preview) {
$cmd = "xsltproc --docbook /usr/share/sgml/docbook/stylesheet/xsl/nwalsh/html/docbook.xsl $sgmlfile > $htmlfile";
system($cmd);
-# print "You need to get an account before you can modify data.\n"; - print end_html; - exit; -} - $dbmain = "ldp"; @row; $conn=Pg::connectdb("dbname=$dbmain"); +$username = $query->remote_user(); +$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'"); +@row = $result->fetchrow; +if ($username ne $row[0]) { + print $query->redirect("../newaccount.html"); + exit; +} else { + if (($row[1] ne 't') and ($row[2] != $doc_id)) { + print $query->redirect("../wrongpermission.html"); + exit; + } +} + # Read parameters $caller = param('caller'); $editor_name = param('editor_name'); diff --git a/LDP/lampadas/www/editor_edit.pl b/LDP/lampadas/www/editor_edit.pl index 767062d3..14dc38d4 100755 --- a/LDP/lampadas/www/editor_edit.pl +++ b/LDP/lampadas/www/editor_edit.pl @@ -2,8 +2,8 @@ use CGI qw(:standard); use Pg; -$query = new CGI; +$query = new CGI; $dbmain = "ldp"; @row; @@ -13,7 +13,6 @@ $editor_id = param('editor_id'); # Load data from db and call edit form $conn=Pg::connectdb("dbname=$dbmain"); - $result = $conn->exec("SELECT editor_id, editor_name, email, notes from editor where editor_id = $editor_id"); die $conn->errorMessage unless PGRES_TUPLES_OK eq $result->resultStatus; diff --git a/LDP/lampadas/www/editor_save.pl b/LDP/lampadas/www/editor_save.pl index 177ac8b4..f6834e4b 100755 --- a/LDP/lampadas/www/editor_save.pl +++ b/LDP/lampadas/www/editor_save.pl @@ -4,20 +4,6 @@ use CGI qw(:standard); use Pg; $query = new CGI; - -$username = $query->remote_user(); -if ( $username eq "guest") { - print header; - print "
You need to get an account before you can modify data.\n"; - print end_html; - exit; -} - $dbmain = "ldp"; @row; @@ -30,6 +16,20 @@ $notes = param('notes'); $notes =~ s/\'/\'\'/; $conn=Pg::connectdb("dbname=$dbmain"); + +$username = $query->remote_user(); +$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'"); +@row = $result->fetchrow; +if ($username ne $row[0]) { + print $query->redirect("../newaccount.html"); + exit; +} else { + if (($row[1] ne 't') and ($row[2] != $doc_id)) { + print $query->redirect("../wrongpermission.html"); + exit; + } +} + $sql = "UPDATE editor SET editor_name='$editor_name', email='$email', notes='$notes' WHERE editor_id = $editor_id"; $result=$conn->exec($sql); print $query->redirect("editor_edit.pl?editor_id=$editor_id"); diff --git a/LDP/lampadas/www/ldp_stats.pl b/LDP/lampadas/www/ldp_stats.pl index 31fc4d4f..5ac67ee8 100755 --- a/LDP/lampadas/www/ldp_stats.pl +++ b/LDP/lampadas/www/ldp_stats.pl @@ -8,7 +8,6 @@ $baseurl = "http://www.linuxdoc.org"; $basesql = "SELECT doc_id, title, class, ref_url, version, format FROM document "; $dbmain='ldp'; - $conn=Pg::connectdb("dbname=$dbmain"); print header; diff --git a/LDP/lampadas/www/maintainer_add.pl b/LDP/lampadas/www/maintainer_add.pl index abd2ce0a..f734e82a 100755 --- a/LDP/lampadas/www/maintainer_add.pl +++ b/LDP/lampadas/www/maintainer_add.pl @@ -4,23 +4,7 @@ use CGI qw(:standard); use Pg; $query = new CGI; - -$username = $query->remote_user(); -if ( $username eq "guest") { - print header; - print "
You need to get an account before you can modify data.\n"; - print end_html; - exit; -} - $dbmain = "ldp"; -$conn=Pg::connectdb("dbname=$dbmain"); - @row; # Read parameters @@ -29,6 +13,21 @@ $maintainer_name = param('maintainer_name'); $maintainer_name =~ s/\'/\'\'/; $email = param('email'); +$conn=Pg::connectdb("dbname=$dbmain"); + +$username = $query->remote_user(); +$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'"); +@row = $result->fetchrow; +if ($username ne $row[0]) { + print $query->redirect("../newaccount.html"); + exit; +} else { + if (($row[1] ne 't') and ($row[2] != $doc_id)) { + print $query->redirect("../wrongpermission.html"); + exit; + } +} + $sql = "SELECT max(maintainer_id) from maintainer"; $result=$conn->exec($sql); @row = $result->fetchrow; diff --git a/LDP/lampadas/www/maintainer_edit.pl b/LDP/lampadas/www/maintainer_edit.pl index e85f0717..a25fefa9 100755 --- a/LDP/lampadas/www/maintainer_edit.pl +++ b/LDP/lampadas/www/maintainer_edit.pl @@ -4,7 +4,6 @@ use CGI qw(:standard); use Pg; $query = new CGI; - $dbmain = "ldp"; @row; @@ -14,7 +13,6 @@ $maintainer_id = param('maintainer_id'); # Load data from db and call edit form $conn=Pg::connectdb("dbname=$dbmain"); - $result = $conn->exec("SELECT maintainer_id, maintainer_name, email from maintainer where maintainer_id = $maintainer_id"); die $conn->errorMessage unless PGRES_TUPLES_OK eq $result->resultStatus; diff --git a/LDP/lampadas/www/maintainer_note_add.pl b/LDP/lampadas/www/maintainer_note_add.pl index 4523a13b..f8788e91 100755 --- a/LDP/lampadas/www/maintainer_note_add.pl +++ b/LDP/lampadas/www/maintainer_note_add.pl @@ -4,33 +4,25 @@ use CGI qw(:standard); use Pg; $query = new CGI; - -$caller = param('caller'); - -$username = $query->remote_user(); -if ( $username eq "guest") { - print header; - print "
You need to get an account before you can modify data.\n"; - print end_html; - exit; -} $dbmain = "ldp"; @row; # Read parameters +$caller = param('caller'); $maintainer_id = param('maintainer_id'); - -$username = $query->remote_user(); - $note = param('note'); $note =~ s/\'/\'\'/; $conn=Pg::connectdb("dbname=$dbmain"); + +$username = $query->remote_user(); +$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'"); +@row = $result->fetchrow; +if ($username ne $row[0]) { + print $query->redirect("../newaccount.html"); + exit; +} + $sql = "INSERT INTO maintainer_notes (maintainer_id, date_entered, username, notes) values ($maintainer_id, now(), '$username', '$note')"; $result=$conn->exec($sql); diff --git a/LDP/lampadas/www/maintainer_save.pl b/LDP/lampadas/www/maintainer_save.pl index 4a243f46..83083e00 100755 --- a/LDP/lampadas/www/maintainer_save.pl +++ b/LDP/lampadas/www/maintainer_save.pl @@ -4,19 +4,6 @@ use CGI qw(:standard); use Pg; $query = new CGI; - -$username = $query->remote_user(); -if ( $username eq "guest") { - print header; - print "
You need to get an account before you can modify data.\n"; - print end_html; - exit; -} $dbmain = "ldp"; @row; @@ -27,6 +14,20 @@ $maintainer_name =~ s/\'/\'\'/; $email = param('email'); $conn=Pg::connectdb("dbname=$dbmain"); + +$username = $query->remote_user(); +$result=$conn->exec("SELECT username, admin, maintainer_id FROM username WHERE username='$username'"); +@row = $result->fetchrow; +if ($username ne $row[0]) { + print $query->redirect("../newaccount.html"); + exit; +} else { + if (($row[1] ne 't') and ($row[2] != $doc_id)) { + print $query->redirect("../wrongpermission.html"); + exit; + } +} + $sql = "UPDATE maintainer SET maintainer_name='$maintainer_name', email='$email' WHERE maintainer_id = $maintainer_id"; $result=$conn->exec($sql); print $query->redirect("maintainer_edit.pl?maintainer_id=$maintainer_id");