edit_error.pl
Copying Source is Forbidden
309 lines of code
1
#!/usr/local/bin/perl
2
3
# must have's!
4
use strict;
5
use warnings;
6
use CGI::Carp qw(fatalsToBrowser);
7
use DBI;
8
use URI::Escape;
9
10
use lib "/var/www/html/Pm";
11
12
use Html qw(pre_html_header header debug_banner);
13
use Html2 qw(tag hr br embolden italicize);
14
use Bc_chef qw(cookie_get);
15
use Bc_misc qw(get_param get_params_asHash referrer add_param remove_param);
16
use Bc_sql qw(
17
get_constant
18
get_error
19
sql_execute
20
sql_execute_multi
21
user_exists
22
$QUERY_PAGE
23
$QUERY_UID
24
$LOGGEDIN
25
@ERRORS
26
$ERRORS_LOADED
27
28
$DB
29
);
30
31
use User qw(isUserAdmin $USER_DATA);
32
use Redir qw(error_redir notice_redir);
33
use Security qw(banned);
34
35
my $DEBUG = 0;
36
# let's establish some basic "rules" to abide by
37
#
38
# #1 - there are certain constants that should never be deleted
39
# a) BEGINNING_OF_TIME
40
# b) END_OF_TIME
41
# c) SITE_NAME
42
# d) IMAGE_SERVER
43
# e) SITE_DESIGNER
44
# f) SITE_DESCRIPTION
45
# z) and others?
46
47
# #2 - names of constants must:
48
# a) be in CAPS and must have 4+ characters
49
# b) not begin with a digit, but may contain digits
50
# c) not have special chars (like ! or ?), except for underscores
51
52
# #3 - values may:
53
# a) have underscores
54
# b) not have spaces or other special characters
55
56
57
if (not user_exists($LOGGEDIN) or banned($LOGGEDIN) or not isUserAdmin($LOGGEDIN)) {
58
my $msg = "Access Denied";
59
if ($DEBUG) { $msg .= " (edit_constant.pl)"; }
60
print error_redir("/", $msg);
61
62
exit 1;
63
}
64
65
my $url = referrer();
66
$url = add_param("t", "err", $url);
67
my %params = get_params_asHash();
68
my $output = "";
69
if ($DEBUG) {
70
$output = pre_html_header() . header("errors editor", "", "", "", "", "");
71
$DEBUG = "Redir To: ";
72
my %link;
73
$link{tag} = "a";
74
$link{href} = $url;
75
$link{innerHTML} = $url;
76
$DEBUG .= tag(\%link) . br;
77
}
78
79
############################################################
80
81
my $db_errcode = get_error($params{name}, "c");
82
my $db_errname = get_error($params{code}, "n");
83
my $db_errdesc = get_error($params{desc}, "d");
84
85
############################################################
86
87
if ($DEBUG) {
88
my %div;
89
$div{tag} = "div";
90
$div{class} = "yellow-panel";
91
92
if ($params{add}) {
93
$div{innerHTML} = embolden("Add Error Code");
94
} elsif ($params{d}) {
95
$div{innerHTML} = embolden("Delete Error Code");
96
} else {
97
$div{innerHTML} = embolden("Update Error Code");
98
}
99
100
$DEBUG .= hr . tag(\%div) . br;
101
}
102
103
if ($params{add}) {
104
# check if requested NAME exists or not
105
my $checknamesql = "";
106
$checknamesql = "select * from errors where name=" . $DB->quote($params{name});
107
my $checknameresult = sql_execute($checknamesql, "edit_error.pl - check name sql", 1);
108
109
if ($DEBUG) { $DEBUG .= "Check Name SQL: " . embolden($checknamesql) . br; }
110
111
if (@$checknameresult) {
112
my %div;
113
$div{tag} = "div";
114
$div{innerHTML} = "Name already exists!";
115
$div{class} = "red-panel";
116
117
if ($DEBUG) {
118
$DEBUG .= tag(\%div) . br;
119
} else {
120
print error_redir($url, "Chosen Name Already Exists!");
121
exit 1;
122
}
123
} else {
124
{ my %div;
125
$div{tag} = "div";
126
$div{innerHTML} = "Name does not exist";
127
$div{class} = "green-panel";
128
129
if ($DEBUG) { $DEBUG .= tag(\%div) . br; }
130
}
131
132
my $checkcodesql = "select * from errors where code=" . $DB->quote($params{code});
133
if ($DEBUG) { $DEBUG .= "Check Code SQL: " . embolden($checkcodesql) . br; }
134
my $checkcoderesult = sql_execute($checkcodesql, "edit_error.pl - check code sql", 1);
135
136
if (@$checkcoderesult == 1) {
137
if ($DEBUG) {
138
my %div;
139
$div{tag} = "div";
140
$div{class} = "red-panel";
141
$div{innerHTML} = "Code Already Exists";
142
143
$DEBUG .= tag(\%div);
144
} else {
145
print error_redir($url, "Chosen Code Already Exists!");
146
exit 1;
147
}
148
} else {
149
{ my %div;
150
$div{tag} = "div";
151
$div{innerHTML} = "Code does not exist";
152
$div{class} = "green-panel";
153
154
if ($DEBUG) { $DEBUG .= tag(\%div) . br; }
155
}
156
157
my $insertsql = "insert into errors values (NULL," .
158
" " . $DB->quote($params{name}) . "," .
159
" " . $DB->quote($params{code}) . "," .
160
" " . $DB->quote($params{desc}) .
161
")";
162
163
if ($DEBUG) {
164
$DEBUG .= "Insert SQL: " . embolden($insertsql) . br;
165
} else {
166
# now, actually insert the data
167
my $inserted = sql_execute($insertsql);
168
if ($inserted == 1) {
169
print notice_redir($url, "New Error Created");
170
} else {
171
print error_redir($url, "New Error Could not be Created ($inserted)");
172
}
173
174
exit 1;
175
}
176
}
177
}
178
} elsif ($params{d}) {
179
# check if requested ID exists
180
my $sql = "select * from errors where ID=" . $DB->quote($params{ID});
181
if ($DEBUG) { $DEBUG .= "SQL: " . embolden($sql) . br; }
182
183
my $success = sql_execute($sql, "", 1);
184
if (@$success == 1) {
185
if ($DEBUG) {
186
my %div;
187
$div{tag} = "div";
188
$div{class} = "green-panel";
189
$div{innerHTML} = "ID is valid";
190
191
$DEBUG .= tag(\%div) . br;
192
}
193
194
my $delsql = "delete from errors where ID=" . $DB->quote($params{ID});
195
if ($DEBUG) {
196
$DEBUG .= "Delete SQL: " . embolden($delsql) . br;
197
} else {
198
if (sql_execute($delsql, "") == 1) {
199
print notice_redir($url, "Error Deleted");
200
} else {
201
print error_redir($url, "Could not Delete Error!");
202
}
203
204
exit 1;
205
}
206
} else {
207
if ($DEBUG) {
208
my %div;
209
$div{tag} = "div";
210
$div{class} = "red-panel";
211
$div{innerHTML} = "ID is NOT valid";
212
213
$DEBUG .= tag(\%div) . br;
214
} else {
215
print error_redir($url, "Chosen ID does not exist!");
216
exit 1;
217
}
218
}
219
} else {
220
# check if requested ID exists
221
my $sql = "select * from errors where ID=" . $DB->quote($params{ID});
222
if ($DEBUG) { $DEBUG .= "SQL: " . embolden($sql) . br; }
223
224
my $success = sql_execute($sql, "", 1);
225
if (@$success == 1) {
226
if ($DEBUG) {
227
my %div;
228
$div{tag} = "div";
229
$div{class} = "green-panel";
230
$div{innerHTML} = "ID is valid";
231
232
$DEBUG .= tag(\%div) . br;
233
}
234
235
# now, ensure a change was actually submitted
236
# is the name&/code&/desc different than the orig?
237
my $updatesql = "";
238
my $orig = %$success[0];
239
if ($orig->{name} ne $params{name}) {
240
$updatesql .= "name=" . $DB->quote($params{name});
241
}
242
243
if ($orig->{code} ne $params{code}) {
244
$updatesql .= "code=" . $DB->quote($params{code});
245
}
246
247
if ($orig->{desc} ne $params{desc}) {
248
$updatesql .= "desc=" . $DB->quote($params{desc});
249
}
250
251
if ($updatesql) {
252
if ($DEBUG) {
253
my %div;
254
$div{tag} = "div";
255
$div{class} = "green-panel";
256
$div{innerHTML} = "Changes Detected";
257
258
$DEBUG .= tag(\%div) . br;
259
}
260
261
$updatesql = "update errors set " . $updatesql . " where ID=" . $DB->quote($params{ID});
262
if ($DEBUG) {
263
$DEBUG .= "Update SQL: " . embolden($updatesql);
264
} else {
265
if (sql_execute($updatesql, "") == 1) {
266
print notice_redir($url, "Error Updated");
267
} else {
268
print error_redir($url, "Failed to Update Error");
269
}
270
271
exit 1;
272
}
273
} # end if ($updatesql)
274
else {
275
if ($DEBUG) {
276
my %div;
277
$div{tag} = "div";
278
$div{class} = "red-panel";
279
$div{innerHTML} = "No Changes Detected";
280
281
$DEBUG .= tag(\%div) . br;
282
} else {
283
print error_redir($url, "No Changes Detected");
284
exit 1;
285
}
286
} # end else of if ($updatesql)
287
} # end if (@$success == 1)
288
else {
289
if ($DEBUG) {
290
my %div;
291
$div{tag} = "div";
292
$div{class} = "red-panel";
293
$div{innerHTML} = "ID is NOT valid";
294
295
$DEBUG .= tag(\%div) . br;
296
} else {
297
print error_redir($url, "Chosen ID does not exist!");
298
exit 1;
299
}
300
} # end else of if (@$success == 1)
301
}
302
303
if ($DEBUG) {
304
$output .= debug_banner("edit_error.pl", $DEBUG, 1);
305
}
306
307
print $output;
308
309
exit 1;