diff options
author | Christian Pointner <equinox@helsinki.at> | 2015-03-19 22:11:15 (GMT) |
---|---|---|
committer | Christian Pointner <equinox@helsinki.at> | 2015-03-19 22:16:10 (GMT) |
commit | 259e1c7a81ea9a096c227a6bc44114a7a9cf3a50 (patch) | |
tree | 051c708e449b5e5afb6ba25bce169b280045f254 /rh-bin | |
parent | d7795f99ed3fb52564fa6d2340d928ae9b191e5b (diff) |
implemented a more secure directory structure
Diffstat (limited to 'rh-bin')
-rwxr-xr-x | rh-bin/listdropboxes.cgi | 2 | ||||
-rwxr-xr-x | rh-bin/rddb.pm | 160 |
2 files changed, 1 insertions, 161 deletions
diff --git a/rh-bin/listdropboxes.cgi b/rh-bin/listdropboxes.cgi index 14ecf11..8f2be64 100755 --- a/rh-bin/listdropboxes.cgi +++ b/rh-bin/listdropboxes.cgi @@ -3,7 +3,7 @@ use strict; use CGI; use File::Basename; -use lib dirname( __FILE__ ); +use lib dirname( __FILE__ ) . '../lib'; use rddb; my $status = 'ERROR'; diff --git a/rh-bin/rddb.pm b/rh-bin/rddb.pm deleted file mode 100755 index 34321d2..0000000 --- a/rh-bin/rddb.pm +++ /dev/null @@ -1,160 +0,0 @@ -#!/usr/bin/perl - -use strict; -use Config::IniFiles; -use DBI; - -package rddb; - - -sub opendb -{ - my $RD_CONF = "/etc/rd.conf"; - my $cfg = Config::IniFiles->new(-file => $RD_CONF) - or return (undef , 'ERROR', "Config File Error: " . join("\n", @Config::IniFiles::errors)); - - my $dbhost = $cfg->val('mySQL', 'Hostname'); - my $dbname = $cfg->val('mySQL', 'Database'); - my $dbuser = $cfg->val('mySQL', 'Loginname'); - my $dbpasswd = $cfg->val('mySQL', 'Password'); - - my $dbh = DBI->connect("DBI:mysql:$dbname:$dbhost","$dbuser","$dbpasswd") - or return (undef, 'ERROR', "Database Error: " . $DBI::errstr); - - $dbh->do(qq{SET CHARACTER SET utf8;}) - or return (undef, 'ERROR', "Database Error: " . $dbh->errstr); - - return ($dbh, 'OK', 'success'); -} - -sub closedb -{ - my $dbh = shift; - $dbh->disconnect(); -} - -sub get_token -{ - my ($dbh, $username) = @_; - - my $sql = qq{select PASSWORD from USERS where LOGIN_NAME = ?;}; - my $sth = $dbh->prepare($sql) - or return (undef, 'ERROR', "Database Error: " . $dbh->errstr); - - $sth->execute($username) - or return (undef, 'ERROR', "Database Error: " . $sth->errstr); - - my ($token) = $sth->fetchrow_array; - $sth->finish(); - - unless(defined $token) { - return (undef, 'ERROR', "user '" . $username . "' not known by rivendell") - } - return ($token, 'OK', 'success'); -} - -sub check_token -{ - my ($dbh, $username, $token) = @_; - - my $sql = qq{select PASSWORD from USERS where LOGIN_NAME = ?;}; - my $sth = $dbh->prepare($sql) - or return (undef, 'ERROR', "Database Error: " . $dbh->errstr); - - $sth->execute($username) - or return (undef, 'ERROR', "Database Error: " . $sth->errstr); - - my ($token_result) = $sth->fetchrow_array; - $sth->finish(); - - unless(defined $token_result) { - return (undef, 'ERROR', "user '" . $username . "' not known by rivendell") - } - - if($token_result eq $token) { - return (1, 'OK', 'success'); - } - return (0, 'ERROR', "wrong password"); -} - -sub get_showtitle_and_log -{ - my ($dbh, $showid) = @_; - - my $sql = qq{select TITLE,MACROS from CART where NUMBER = ?;}; - my $sth = $dbh->prepare($sql) - or return (undef, undef, 'ERROR', "Database Error: " . $dbh->errstr); - - $sth->execute($showid) - or return (undef, undef, 'ERROR', "Database Error: " . $sth->errstr); - - my ($title, $macros) = $sth->fetchrow_array; - $sth->finish(); - - unless(defined $title) { - return (undef, undef, 'ERROR', "Show with ID=" . $showid . " not found!") - } - unless(defined $macros) { - return (undef, undef, 'ERROR', "Show with ID=" . $showid . " has no macro!"); - } - - unless($macros =~ /^LL 1 ([^ ]+) 0\!$/) { - return (undef, undef, 'ERROR', "Show with ID=" . $showid . " has invalid macro: '" . $macros . "'"); - } - my $log = $1; - - return ($title, $log, 'OK', 'success'); -} - -sub get_dropboxes -{ - my ($dbh, $username) = @_; - - my $sql = qq{select USER_PERMS.GROUP_NAME,DROPBOXES.TO_CART,DROPBOXES.NORMALIZATION_LEVEL,DROPBOXES.AUTOTRIM_LEVEL,DROPBOXES.SET_USER_DEFINED,GROUPS.DEFAULT_LOW_CART,GROUPS.DEFAULT_HIGH_CART,GROUPS.DESCRIPTION from USER_PERMS, DROPBOXES, GROUPS where USER_PERMS.USER_NAME=? and DROPBOXES.GROUP_NAME=USER_PERMS.GROUP_NAME and DROPBOXES.GROUP_NAME=GROUPS.NAME and DROPBOXES.STATION_NAME=?;}; - - my $sth = $dbh->prepare($sql) - or return (undef, 'ERROR', "Database Error: " . $dbh->errstr); - - $sth->execute($username, 'import-dropbox') # TODO: hardcoded value - or return (undef, 'ERROR', "Database Error: " . $sth->errstr); - - my @allowed_dbs; - while(my ($group, $to_cart, $normlevel, $trimlevel, $params, $lowcart, $highcart, $groupdesc) = $sth->fetchrow_array()) { - my @p = split(';', $params); - - my $entry = {}; - $entry->{'GROUP'} = $group; - $entry->{'GROUPDESC'} = $groupdesc; - $entry->{'GROUPLOWCART'} = $lowcart; - $entry->{'GROUPHIGHCART'} = $highcart; - $entry->{'NORMLEVEL'} = $normlevel; - $entry->{'TRIMLEVEL'} = $trimlevel; - $entry->{'PARAM'} = $params; - if($p[0] eq "S") { - $entry->{'TYPE'} = 'show'; - $entry->{'SHOWID'} = $to_cart; - - my ($title, $log, $status, $errorstring) = get_showtitle_and_log($dbh, $to_cart); - unless (defined $title && defined $log) { - return (undef, $status, $errorstring); - } - $entry->{'SHOWTITLE'} = $title; - $entry->{'SHOWLOG'} = $log; - - $entry->{'SHOWRHYTHM'} = $p[1]; - $entry->{'SHOWDOW'} = int $p[2]; - $entry->{'SHOWDOW'} = 0 unless $entry->{'SHOWDOW'} < 7; - substr($p[3], 2, 0) = ':'; - $entry->{'SHOWSTARTTIME'} = $p[3]; - $entry->{'SHOWLEN'} = int $p[4]; - } - - push @allowed_dbs, $entry; - } - $sth->finish(); - - return @allowed_dbs; -} - - -return 1; |