edit_constant.pl
Copying Source is Forbidden
237 lines of code
1
#!/usr/local/bin/perl
2
3
# must have's!
4
use strict;
5
use warnings;
6
use CGI::Carp qw(fatalsToBrowser);
7
use DBI;
8
use URI::Escape;
9
10
use lib "/var/www/html/Pm";
11
12
use Html qw(pre_html_header header);
13
use Html2 qw(hr br embolden);
14
use Bc_chef qw(cookie_get);
15
use Bc_misc qw(get_param get_params_asHash referrer remove_param);
16
use Bc_sql qw(
17
get_constant
18
sql_execute
19
sql_execute_multi
20
user_exists
21
$QUERY_PAGE
22
$QUERY_UID
23
$LOGGEDIN
24
%CONSTANTS
25
$CONSTANTS_LOADED
26
27
$DB
28
);
29
30
use User qw(isUserAdmin $USER_DATA);
31
use Redir qw(error_redir notice_redir);
32
use Security qw(banned);
33
34
my $DEBUG = 0;
35
# let's establish some basic "rules" to abide by
36
#
37
# #1 - there are certain constants that should never be deleted
38
# a) BEGINNING_OF_TIME
39
# b) END_OF_TIME
40
# c) SITE_NAME
41
# d) IMAGE_SERVER
42
# e) SITE_DESIGNER
43
# f) SITE_DESCRIPTION
44
# z) and others?
45
46
# #2 - names of constants must:
47
# a) be in CAPS and must have 4+ characters
48
# b) not begin with a digit, but may contain digits
49
# c) not have special chars (like ! or ?), except for underscores
50
51
# #3 - values may:
52
# a) have underscores
53
# b) not have spaces or other special characters
54
55
56
if (not user_exists($LOGGEDIN) or banned($LOGGEDIN) or not isUserAdmin($LOGGEDIN)) {
57
my $msg = "Access Denied";
58
if ($DEBUG) { $msg .= " (edit_constant.pl)"; }
59
print error_redir("/", $msg);
60
61
exit 1;
62
}
63
64
my $referrer = referrer();
65
$referrer = remove_param("t", $referrer);
66
67
my $output = "";
68
if ($DEBUG) {
69
$output = pre_html_header();
70
$output .= header("constants editor", "", "", "", "", "");
71
$output .= "DEBUG MODE ENABLED" . hr . br;
72
}
73
74
############################################################
75
76
my %params = get_params_asHash(); # each key name is the name of the constant.
77
78
# if we're being asked to add a new constant, ensure the "new" name is all in upper casing
79
if ($params{n}) { $params{n} = uc($params{n}); }
80
if ($params{DELETE_CONSTANT}) { $params{DELETE_CONSTANT} = uc($params{DELETE_CONSTANT}); }
81
82
my $all_good = 0;
83
84
# we are either adding a new constant, deleting a constant, or the input is invalid
85
if ($params{DELETE_CONSTANT}) {
86
if ($DEBUG) {
87
$output .= "delete constant" . br;
88
$output .= "params: " . embolden($params{DELETE_CONSTANT}) . br;
89
$output .= hr;
90
} else {
91
}
92
93
$all_good = 1;
94
95
} elsif ($params{n}) {
96
97
if ($DEBUG) {
98
$output .= "add/edit constant" . br;
99
$output .= "params: n=" . embolden($params{n}) . " and v=" . embolden($params{v}) . br;
100
$output .= hr;
101
}
102
103
$all_good = 1;
104
105
} else {
106
107
if ($DEBUG) {
108
foreach my $key (keys %params) {
109
$output .= "$key is \"$params{$key}\"" . br;
110
}
111
} else {
112
}
113
}
114
115
# so. let's see what we're being asked to do
116
# the params we expect are as follows:
117
# $params{n} (maybe, eg: n=FAQ_PAGE)
118
# $params{v} (maybe, eg: v=faq)
119
# $params{DELETE_CONSTANT} (maybe, eg: DELETE_CONSTANT=FQA_PAGE)
120
# if none of the above keys exist, then perhaps we are
121
# updating one or more constants?
122
# this is a little more tricky to confirm.
123
# we must check the constants in the database against the constants we
124
# are being asked to change. if any of the ones being asked for don't exist,
125
# then we (add it? ignore it? abort the operation with an error or warning message?)
126
127
# k, here goes attempt 1
128
if ($all_good) {
129
130
# delete contant?
131
if ($params{DELETE_CONSTANT}) {
132
if ($DEBUG) { $output .= "delete constant " . embolden($params{DELETE_CONSTANT}) . br; }
133
134
# delete constant
135
# ensure it exists first.
136
# if not redir back with an error msg
137
if ($CONSTANTS{$params{DELETE_CONSTANT}}) {
138
# constant exists
139
my $del_sql = "delete from constants where name=" . $DB->quote($params{DELETE_CONSTANT});
140
if ($DEBUG) {
141
$output .= "constant " . embolden($params{DELETE_CONSTANT}) . " exists" . br;
142
$output .= "sql: $del_sql" . br;
143
} else {
144
if (sql_execute($del_sql, "edit constant")) {
145
$output = notice_redir($referrer . "&t=" . get_param("t"), "constant deleted");
146
} else {
147
$output = error_redir($referrer . "&t=" . get_param("t"), "failed to delete constant!");
148
}
149
}
150
} else {
151
# constant does NOT exist
152
if ($DEBUG) {
153
$output .= "constant does NOT exist" . br;
154
} else {
155
$output = error_redir($referrer . "&t=" . get_param("t"), "could not delete non-existent constant");
156
}
157
}
158
159
# end elsif ($params{DELETE_CONSTANT})
160
} elsif ($params{n}) {
161
if ($CONSTANTS{$params{n}}) {
162
if ($DEBUG) {
163
$output .= "constant " . embolden($params{n}) . " exists and its current value is " . embolden($CONSTANTS{$params{n}}) . br;
164
}
165
166
if ($CONSTANTS{$params{n}} eq $params{v}) {
167
# no need to update constant
168
if ($DEBUG) {
169
$output .= "no change because constant value is already " . embolden($params{v}) . br;
170
} else {
171
$output = notice_redir($referrer . "&t=" . get_param("t"),
172
"constant " . embolden($params{n}) . " updated");
173
}
174
} else {
175
# update constant
176
my $sql = "update constants set value = " . $DB->quote($params{v}) . " where name=" . $DB->quote($params{n});
177
if ($DEBUG) {
178
$output .= "update constant \"" . embolden($params{n}) . "\" to \"" . embolden($params{v}) . "\"" . br;
179
$output .= "sql: " . embolden($sql) . br . br;
180
} else {
181
my $result = sql_execute($sql, "edit constant");
182
if ($result) {
183
$output = notice_redir($referrer . "&t=" . get_param("t"),
184
embolden($params{n}) . " added!");
185
} else {
186
$output = error_redir($referrer . "&t=" . get_param("t"),
187
"constant " . embolden($params{n}) . " value NOT updated to " . embolden($params{v}));
188
}
189
}
190
}
191
} else {
192
if ($DEBUG) {
193
$output .= "no constant named " . embolden($params{n}) . br;
194
} else {
195
# not an error. we are adding a new constant here.
196
# first, ensure the constant NAME gets converted to uppercase
197
# then, ensure VALUE has a value. if all is good, then
198
# add that shit to the db.
199
my $sql = "insert into constants values(NULL, " . $DB->quote($params{n}) . ", " . $DB->quote($params{v}) . ")";
200
if (sql_execute($sql, " (edit_constant.pl)")) {
201
$output = notice_redir($referrer . "&t=" . get_param("t"),
202
embolden($params{n}) . " added!");
203
} else {
204
$output = error_redir($referrer . "&t=" . get_param("t"),
205
"could not add constant " . embolden($params{n}) . "!");
206
}
207
}
208
}
209
# end elsif ($params{n} and $params{v})
210
} else {
211
# missing input
212
if ($DEBUG) {
213
$output .= "missing input" . br;
214
foreach my $key (keys %params) {
215
$output .= "$key = $params{$key}" . br;
216
}
217
} else {
218
$output = error_redir($referrer . "&t=" . get_param("t"), "Missing input!");
219
}
220
# end else of elsif ($params{n} and $params{v})
221
}
222
223
# end if ($all_good)
224
} else {
225
if ($DEBUG) {
226
$output .= "Something went awry" . br;
227
} else {
228
$output = error_redir($referrer . "&t=" . get_param("t"), "Something went awry!");
229
}
230
# end else of if ($all_good)
231
}
232
233
############################################################
234
235
print $output;
236
237
exit 1;