addlocation.pl
Copying Source is Forbidden
443 lines of code
1
#!/usr/local/bin/perl
2
3
($<,$>) = (getpwnam('nobody'), getpwnam('nobody')) or die $!;
4
5
binmode(STDIN, ":utf8");
6
binmode(STDOUT, ":utf8");
7
8
# must have's!
9
use strict;
10
use warnings;
11
use CGI::Carp qw(fatalsToBrowser);
12
use DBI;
13
use URI::Escape;
14
15
use lib "/var/www/html/Pm";
16
17
use Html qw(
18
pre_html_header
19
header html_end
20
debug_banner
21
);
22
use Html2 qw(
23
tag
24
br
25
hr
26
embolden
27
italicize
28
);
29
use Bc_chef qw(cookie_get);
30
use Bc_misc qw(
31
get_param
32
referrer
33
get_params_asHash
34
pluralize
35
);
36
use Bc_sql qw(
37
sql_execute
38
get_constant
39
get_country_cities
40
get_country_name
41
get_city_name
42
user_exists
43
$QUERY_PAGE
44
$QUERY_UID
45
$LOGGEDIN
46
47
$DB
48
);
49
use Redir qw(
50
notice_redir
51
error_redir
52
);
53
use User qw(
54
isUserSuperAdmin
55
$USER_DATA
56
);
57
use Security qw(banned);
58
59
my $DEBUG = 0;
60
my $DEBUG_STR = "";
61
62
my %params = get_params_asHash();
63
my $url = "/?$QUERY_PAGE=" . get_constant("ADMIN_PAGE") . "&" .
64
get_constant("QUERY_ADMIN_PAGE") . "=" . get_constant("ADMIN_SYSTEM_PAGE") . "&" .
65
"t=location";
66
67
my $output;
68
69
if (not user_exists($LOGGEDIN) or banned($LOGGEDIN) or not isUserSuperAdmin($LOGGEDIN)) {
70
my $msg = "Access Denied";
71
if ($DEBUG) { $msg .= " (addlocation.pl)"; }
72
$output = error_redir("/", $msg);
73
} else {
74
############################################################
75
### YOUR CONTENT HERE
76
$output = pre_html_header();
77
$output .= header(
78
"Add Location",
79
"?nobg_img=1&nogrid=1",
80
0,
81
"setTimeout(removeMsg, " . get_constant("REMOVE_MSG_TIMEOUT") . ");",
82
"",
83
"style=\"padding: 2px;\""
84
);
85
86
if ($DEBUG) {
87
if (keys %params) {
88
foreach my $key (sort keys %params) {
89
$params{$key} =~ s/^ *//;
90
$params{$key} =~ s/ *$//;
91
$DEBUG_STR .= "$key = " . embolden($params{$key}) . br;
92
}
93
$DEBUG_STR .= hr;
94
} else {
95
{ my %str;
96
$str{tag} = "div";
97
$str{class} = "red-panel";
98
$str{innerHTML} = "No Params Given!";
99
100
$DEBUG_STR .= tag(\%str);
101
}
102
$DEBUG_STR .= br;
103
}
104
}
105
106
# add new country
107
if ($params{newcountry}) {
108
{ my %div;
109
$div{tag} = "div";
110
$div{class} = "yellow-panel";
111
$div{innerHTML} = "Add Country Requested";
112
113
$DEBUG_STR .= tag(\%div) . hr;
114
}
115
# first, figure out the "last" country ID, and add one to it
116
my $sql = "select * from countries where ID=(select MAX(ID) from countries)";
117
my $lastidresult = sql_execute($sql, "", 1); # returns array ref
118
if (@$lastidresult == 1) {
119
my $r = $lastidresult->[0];
120
if (ref $r eq "HASH") {
121
my $nextid = $r->{ID} + 1;
122
$DEBUG_STR .= embolden($nextid) . " = $params{newcountry}" . br;
123
my $insert = "insert into countries values (" .
124
$DB->quote($nextid) . ", " .
125
$DB->quote($params{newcountry}) .
126
")";
127
$DEBUG_STR .= embolden($insert) . br;
128
129
my $url = "/?$QUERY_PAGE=" . get_constant("ADMIN_PAGE") . "&" .
130
get_constant("QUERY_ADMIN_PAGE") . "=" . get_constant("ADMIN_SYSTEM_PAGE") . "&" .
131
"t=location";
132
$DEBUG_STR .= embolden($insert) . br;
133
if (sql_execute($insert)) {
134
$DEBUG_STR .= "insert successful!" . br;
135
if (not $DEBUG) { print notice_redir($url, "Country Added"); }
136
} else {
137
$DEBUG_STR .= "insert failed!" . br;
138
if (not $DEBUG) { print error_redir($url, "Failed to Add Country!"); }
139
}
140
exit 1;
141
}
142
} else {
143
$DEBUG_STR .= "No stinkin results! (or too many)" . br;
144
}
145
} # end of if ($params{newcountry})
146
147
# add new city
148
elsif ($params{newcity} and $params{newcity_country}) {
149
{ my %div;
150
$div{tag} = "div";
151
$div{class} = "yellow-panel";
152
$div{innerHTML} = "Add City Requested";
153
154
$DEBUG_STR .= tag(\%div) . hr;
155
}
156
# first, is the country ID correct?
157
my @list = get_country_cities($params{newcity_country});
158
if (@list ne undef) {
159
my $countryname = get_country_name($params{newcity_country});
160
$DEBUG_STR .= "Add to " . embolden($countryname) . br;
161
162
# now, ensure city doesn't already exist
163
my $cityExists = 0;
164
my $highest = 0;
165
foreach my $city (@list) {
166
my ($coords, $name) = split("=", $city);
167
my ($countryid, $cityid) = split("-", $coords);
168
if ($cityid > $highest) { $highest = $cityid; }
169
170
if ($name eq $params{newcity}) { $cityExists = 1; }
171
}
172
$highest++;
173
174
if ($cityExists) {
175
{ my %div;
176
$div{tag} = "div";
177
$div{class} = "red-panel";
178
$div{innerHTML} = "City Already Exists!";
179
180
$DEBUG_STR .= tag(\%div) . br;
181
}
182
183
if (not $DEBUG) {
184
print error_redir($url, "City Already Exists");
185
exit 1;
186
}
187
} else {
188
{ my %div;
189
$div{tag} = "div";
190
$div{class} = "green-panel";
191
$div{innerHTML} = "City Does Not Already Exists!";
192
193
$DEBUG_STR .= tag(\%div) . br;
194
}
195
$DEBUG_STR .= "New City ID: " . embolden($highest) . br;
196
197
my $insert = "insert into cities values (NULL, " .
198
$DB->quote($params{newcity}) . ", " .
199
$DB->quote($params{newcity_country} . "-" . $highest) .
200
")";
201
202
$DEBUG_STR .= "Insert SQL: " . embolden($insert) . br;
203
204
my $inserted = sql_execute($insert);
205
if ($inserted) {
206
$DEBUG_STR .= "City Added!" . br;
207
208
if (not $DEBUG) {
209
print notice_redir($url, "City Added!");
210
exit 1;
211
}
212
} else {
213
$DEBUG_STR .= "Add City Failed!" . br;
214
215
if (not $DEBUG) {
216
print error_redir($url, "Adding City Failed!");
217
exit 1;
218
}
219
}
220
}
221
} else {
222
$DEBUG_STR .= "Invalid Country ID" . br;
223
224
if (not $DEBUG) {
225
print error_redir($url, "Invalid Country ID!");
226
exit 1;
227
}
228
}
229
} # end of elsif ($params{newcity} and $params{newcity_country})
230
231
# edit existing country/city
232
elsif ($params{city_input} and $params{country_input} and $params{coords_input}) {
233
my $updated_status = 0;
234
my $countryupdated = 1;
235
my $cityupdated = 2;
236
my $countryandcityupdated = 3;
237
238
{ my %div;
239
$div{tag} = "div";
240
$div{class} = "yellow-panel";
241
$div{innerHTML} = "Edit City Requested!";
242
243
$DEBUG_STR .= tag(\%div) . hr;
244
}
245
246
# is the given "country" valid?
247
my ($countryid, $cityid) = split("-", $params{coords_input});
248
my $checkcountrysql = "select * from countries where" .
249
" ID=" . $DB->quote($countryid);
250
$DEBUG_STR .= "Check Country SQL: " . embolden($checkcountrysql) . br;
251
252
my $countryexists = sql_execute($checkcountrysql, "", 1); # always returns array ref
253
if (@$countryexists == 1) {
254
$DEBUG_STR .= embolden("Country Exists") . br;
255
if ($params{country_input} eq $countryexists->[0]->{name}) {
256
{ my %div;
257
$div{tag} = "div";
258
$div{class} = "red-panel";
259
$div{innerHTML} = "Country Name Unchanged!";
260
261
$DEBUG_STR .= tag(\%div) . hr;
262
}
263
} else {
264
{ my %div;
265
$div{tag} = "div";
266
$div{class} = "yellow-panel";
267
$div{innerHTML} = "Country Name Change Requested";
268
269
$DEBUG_STR .= tag(\%div) . hr;
270
}
271
$DEBUG_STR .= " to " . embolden($params{country_input}) . " from " . embolden($countryexists->[0]->{name}) . br;
272
my $updatesql = "update countries set name=" . $DB->quote($params{country_input}) .
273
" where ID=" . $DB->quote($countryexists->[0]->{ID});
274
$DEBUG_STR .= "Country Name Update SQL: " . embolden($updatesql) . br;
275
276
my $updated = sql_execute($updatesql);
277
if ($updated) {
278
$DEBUG_STR .= "Country Name Updated" . br;
279
$updated_status = $countryupdated;
280
} else {
281
$DEBUG_STR .= "Failed to Update Country Name" . br;
282
}
283
}
284
} else {
285
$DEBUG_STR .= embolden("Country does not Exist at all!") . br;
286
}
287
288
$DEBUG_STR .= hr;
289
290
# did any values change?
291
my $checkcitysql = "select * from cities where" .
292
" name=" . $DB->quote($params{city_input}) . " and" .
293
" coords=" . $DB->quote($params{coords_input});
294
$DEBUG_STR .= "Check City SQL: " . embolden($checkcitysql) . br;
295
296
my $cityexists = sql_execute($checkcitysql, "", 1); # always returns array ref
297
if (@$cityexists == 1) {
298
{ my %div;
299
$div{tag} = "div";
300
$div{class} = "red-panel";
301
$div{innerHTML} = "City name Unchanged";
302
303
$DEBUG_STR .= tag(\%div) . br;
304
}
305
if ($updated_status < 1) { $updated_status = -3; }
306
} else {
307
{ my %div;
308
$div{tag} = "div";
309
$div{class} = "yellow-panel";
310
$div{innerHTML} = "City Name Change Requested!";
311
312
$DEBUG_STR .= tag(\%div) . hr;
313
}
314
315
my $updatesql = "update cities set name=" . $DB->quote($params{city_input}) .
316
" where coords=" . $DB->quote($params{coords_input});
317
$DEBUG_STR .= "Update SQL: " . embolden($updatesql) . br;
318
319
my $updated = sql_execute($updatesql);
320
if ($updated) {
321
{ my %div;
322
$div{tag} = "div";
323
$div{class} = "green-panel";
324
$div{innerHTML} = "City Name Updated!";
325
326
$DEBUG_STR .= tag(\%div) . br;
327
}
328
if ($updated_status == $countryupdated) { $updated_status = $countryandcityupdated; } else { $updated_status = $cityupdated; }
329
} else {
330
{ my %div;
331
$div{tag} = "div";
332
$div{class} = "red-panel";
333
$div{innerHTML} = "Failed to Update City Name!";
334
335
$DEBUG_STR .= tag(\%div) . br;
336
}
337
$updated_status = -4;
338
}
339
}
340
341
$DEBUG_STR .= "update status: " . embolden($updated_status) . br;
342
343
# now to redirect the client according to what we updated
344
if ($updated_status > 0) {
345
$DEBUG_STR .= "redir with notice msg" . br;
346
347
if (not $DEBUG) {
348
my $msg = "Country/City Modifications Successful ($updated_status)";
349
if ($updated_status == $countryupdated) { $msg = "Country Renamed Successfully"; }
350
elsif ($updated_status == $cityupdated) { $msg = "City Renamed Successfully"; }
351
elsif ($updated_status == $countryandcityupdated) { $msg = "Country and City Renamed Successfully"; }
352
353
print notice_redir($url, $msg);
354
exit 1;
355
}
356
} else {
357
$DEBUG_STR .= "redir with error msg" . br;
358
359
if (not $DEBUG) {
360
print error_redir($url, "Error Making Modifications ($updated_status)");
361
exit 1;
362
}
363
}
364
} elsif ($params{d} == 1 and $params{coords}) {
365
{ my %div;
366
$div{tag} = "div";
367
$div{class} = "yellow-panel";
368
$div{innerHTML} = "Delete City Requested!";
369
370
$DEBUG_STR .= tag(\%div) . hr;
371
}
372
373
# check if requested coords actually exist (which they should, since...i'm just THAT good, right? but you still gotta! lol)
374
my $checksql = "select * from cities where coords=" . $DB->quote($params{coords});
375
my $cityfound = sql_execute($checksql, "", 1); # always returns an array ref
376
if (@$cityfound == 1) {
377
$DEBUG_STR .= "Delete City" . ": " . embolden(get_city_name($params{coords})) . " ($params{coords})" . br;
378
379
my $delsql = "delete from cities where coords=" . $DB->quote($params{coords});
380
$DEBUG_STR .= "Delete City SQL: " . embolden($delsql) . br;
381
my $deleted = sql_execute($delsql);
382
if ($deleted) {
383
{ my %div;
384
$div{tag} = "div";
385
$div{class} = "yellow-panel";
386
$div{innerHTML} = "City Deleted!";
387
388
$DEBUG_STR .= tag(\%div) . br;
389
}
390
391
if (not $DEBUG) {
392
print notice_redir($url, "City Deleted");
393
exit 1;
394
}
395
} else {
396
{ my %div;
397
$div{tag} = "div";
398
$div{class} = "red-panel";
399
$div{innerHTML} = "Failed to Delete City!";
400
401
$DEBUG_STR .= tag(\%div) . br;
402
}
403
404
if (not $DEBUG) {
405
print error_redir($url, "Failed to Delete City");
406
exit 1;
407
}
408
}
409
} else {
410
{ my %div;
411
$div{tag} = "div";
412
$div{class} = "red-panel";
413
$div{innerHTML} = "City not Found!";
414
415
$DEBUG_STR .= tag(\%div) . hr;
416
}
417
418
if (not $DEBUG) {
419
print error_redir($url, "City not Found");
420
exit 1;
421
}
422
}
423
}
424
425
### END YOUR CONTENT
426
if ($DEBUG) {
427
{ my %url;
428
$url{tag} = "a";
429
$url{href} = $url;
430
$url{innerHTML} = $url;
431
432
$DEBUG_STR .= hr . "Redir to: " . tag(\%url) . br;
433
}
434
435
$output .= debug_banner("Add Location", $DEBUG_STR, 1);
436
}
437
$output .= html_end();
438
############################################################
439
}
440
441
print $output;
442
443
exit 1;