summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorChristian Pointner <equinox@helsinki.at>2015-03-19 22:11:15 (GMT)
committerChristian Pointner <equinox@helsinki.at>2015-03-19 22:16:10 (GMT)
commit259e1c7a81ea9a096c227a6bc44114a7a9cf3a50 (patch)
tree051c708e449b5e5afb6ba25bce169b280045f254 /lib
parentd7795f99ed3fb52564fa6d2340d928ae9b191e5b (diff)
implemented a more secure directory structure
Diffstat (limited to 'lib')
-rwxr-xr-xlib/rddb.pm160
1 files changed, 160 insertions, 0 deletions
diff --git a/lib/rddb.pm b/lib/rddb.pm
new file mode 100755
index 0000000..34321d2
--- /dev/null
+++ b/lib/rddb.pm
@@ -0,0 +1,160 @@
+#!/usr/bin/perl
+
+use strict;
+use Config::IniFiles;
+use DBI;
+
+package rddb;
+
+
+sub opendb
+{
+ my $RD_CONF = "/etc/rd.conf";
+ my $cfg = Config::IniFiles->new(-file => $RD_CONF)
+ or return (undef , 'ERROR', "Config File Error: " . join("\n", @Config::IniFiles::errors));
+
+ my $dbhost = $cfg->val('mySQL', 'Hostname');
+ my $dbname = $cfg->val('mySQL', 'Database');
+ my $dbuser = $cfg->val('mySQL', 'Loginname');
+ my $dbpasswd = $cfg->val('mySQL', 'Password');
+
+ my $dbh = DBI->connect("DBI:mysql:$dbname:$dbhost","$dbuser","$dbpasswd")
+ or return (undef, 'ERROR', "Database Error: " . $DBI::errstr);
+
+ $dbh->do(qq{SET CHARACTER SET utf8;})
+ or return (undef, 'ERROR', "Database Error: " . $dbh->errstr);
+
+ return ($dbh, 'OK', 'success');
+}
+
+sub closedb
+{
+ my $dbh = shift;
+ $dbh->disconnect();
+}
+
+sub get_token
+{
+ my ($dbh, $username) = @_;
+
+ my $sql = qq{select PASSWORD from USERS where LOGIN_NAME = ?;};
+ my $sth = $dbh->prepare($sql)
+ or return (undef, 'ERROR', "Database Error: " . $dbh->errstr);
+
+ $sth->execute($username)
+ or return (undef, 'ERROR', "Database Error: " . $sth->errstr);
+
+ my ($token) = $sth->fetchrow_array;
+ $sth->finish();
+
+ unless(defined $token) {
+ return (undef, 'ERROR', "user '" . $username . "' not known by rivendell")
+ }
+ return ($token, 'OK', 'success');
+}
+
+sub check_token
+{
+ my ($dbh, $username, $token) = @_;
+
+ my $sql = qq{select PASSWORD from USERS where LOGIN_NAME = ?;};
+ my $sth = $dbh->prepare($sql)
+ or return (undef, 'ERROR', "Database Error: " . $dbh->errstr);
+
+ $sth->execute($username)
+ or return (undef, 'ERROR', "Database Error: " . $sth->errstr);
+
+ my ($token_result) = $sth->fetchrow_array;
+ $sth->finish();
+
+ unless(defined $token_result) {
+ return (undef, 'ERROR', "user '" . $username . "' not known by rivendell")
+ }
+
+ if($token_result eq $token) {
+ return (1, 'OK', 'success');
+ }
+ return (0, 'ERROR', "wrong password");
+}
+
+sub get_showtitle_and_log
+{
+ my ($dbh, $showid) = @_;
+
+ my $sql = qq{select TITLE,MACROS from CART where NUMBER = ?;};
+ my $sth = $dbh->prepare($sql)
+ or return (undef, undef, 'ERROR', "Database Error: " . $dbh->errstr);
+
+ $sth->execute($showid)
+ or return (undef, undef, 'ERROR', "Database Error: " . $sth->errstr);
+
+ my ($title, $macros) = $sth->fetchrow_array;
+ $sth->finish();
+
+ unless(defined $title) {
+ return (undef, undef, 'ERROR', "Show with ID=" . $showid . " not found!")
+ }
+ unless(defined $macros) {
+ return (undef, undef, 'ERROR', "Show with ID=" . $showid . " has no macro!");
+ }
+
+ unless($macros =~ /^LL 1 ([^ ]+) 0\!$/) {
+ return (undef, undef, 'ERROR', "Show with ID=" . $showid . " has invalid macro: '" . $macros . "'");
+ }
+ my $log = $1;
+
+ return ($title, $log, 'OK', 'success');
+}
+
+sub get_dropboxes
+{
+ my ($dbh, $username) = @_;
+
+ my $sql = qq{select USER_PERMS.GROUP_NAME,DROPBOXES.TO_CART,DROPBOXES.NORMALIZATION_LEVEL,DROPBOXES.AUTOTRIM_LEVEL,DROPBOXES.SET_USER_DEFINED,GROUPS.DEFAULT_LOW_CART,GROUPS.DEFAULT_HIGH_CART,GROUPS.DESCRIPTION from USER_PERMS, DROPBOXES, GROUPS where USER_PERMS.USER_NAME=? and DROPBOXES.GROUP_NAME=USER_PERMS.GROUP_NAME and DROPBOXES.GROUP_NAME=GROUPS.NAME and DROPBOXES.STATION_NAME=?;};
+
+ my $sth = $dbh->prepare($sql)
+ or return (undef, 'ERROR', "Database Error: " . $dbh->errstr);
+
+ $sth->execute($username, 'import-dropbox') # TODO: hardcoded value
+ or return (undef, 'ERROR', "Database Error: " . $sth->errstr);
+
+ my @allowed_dbs;
+ while(my ($group, $to_cart, $normlevel, $trimlevel, $params, $lowcart, $highcart, $groupdesc) = $sth->fetchrow_array()) {
+ my @p = split(';', $params);
+
+ my $entry = {};
+ $entry->{'GROUP'} = $group;
+ $entry->{'GROUPDESC'} = $groupdesc;
+ $entry->{'GROUPLOWCART'} = $lowcart;
+ $entry->{'GROUPHIGHCART'} = $highcart;
+ $entry->{'NORMLEVEL'} = $normlevel;
+ $entry->{'TRIMLEVEL'} = $trimlevel;
+ $entry->{'PARAM'} = $params;
+ if($p[0] eq "S") {
+ $entry->{'TYPE'} = 'show';
+ $entry->{'SHOWID'} = $to_cart;
+
+ my ($title, $log, $status, $errorstring) = get_showtitle_and_log($dbh, $to_cart);
+ unless (defined $title && defined $log) {
+ return (undef, $status, $errorstring);
+ }
+ $entry->{'SHOWTITLE'} = $title;
+ $entry->{'SHOWLOG'} = $log;
+
+ $entry->{'SHOWRHYTHM'} = $p[1];
+ $entry->{'SHOWDOW'} = int $p[2];
+ $entry->{'SHOWDOW'} = 0 unless $entry->{'SHOWDOW'} < 7;
+ substr($p[3], 2, 0) = ':';
+ $entry->{'SHOWSTARTTIME'} = $p[3];
+ $entry->{'SHOWLEN'} = int $p[4];
+ }
+
+ push @allowed_dbs, $entry;
+ }
+ $sth->finish();
+
+ return @allowed_dbs;
+}
+
+
+return 1;