summaryrefslogtreecommitdiff
path: root/rh-bin
diff options
context:
space:
mode:
authorChristian Pointner <equinox@helsinki.at>2015-03-19 22:11:15 (GMT)
committerChristian Pointner <equinox@helsinki.at>2015-03-19 22:16:10 (GMT)
commit259e1c7a81ea9a096c227a6bc44114a7a9cf3a50 (patch)
tree051c708e449b5e5afb6ba25bce169b280045f254 /rh-bin
parentd7795f99ed3fb52564fa6d2340d928ae9b191e5b (diff)
implemented a more secure directory structure
Diffstat (limited to 'rh-bin')
-rwxr-xr-xrh-bin/listdropboxes.cgi2
-rwxr-xr-xrh-bin/rddb.pm160
2 files changed, 1 insertions, 161 deletions
diff --git a/rh-bin/listdropboxes.cgi b/rh-bin/listdropboxes.cgi
index 14ecf11..8f2be64 100755
--- a/rh-bin/listdropboxes.cgi
+++ b/rh-bin/listdropboxes.cgi
@@ -3,7 +3,7 @@
use strict;
use CGI;
use File::Basename;
-use lib dirname( __FILE__ );
+use lib dirname( __FILE__ ) . '../lib';
use rddb;
my $status = 'ERROR';
diff --git a/rh-bin/rddb.pm b/rh-bin/rddb.pm
deleted file mode 100755
index 34321d2..0000000
--- a/rh-bin/rddb.pm
+++ /dev/null
@@ -1,160 +0,0 @@
-#!/usr/bin/perl
-
-use strict;
-use Config::IniFiles;
-use DBI;
-
-package rddb;
-
-
-sub opendb
-{
- my $RD_CONF = "/etc/rd.conf";
- my $cfg = Config::IniFiles->new(-file => $RD_CONF)
- or return (undef , 'ERROR', "Config File Error: " . join("\n", @Config::IniFiles::errors));
-
- my $dbhost = $cfg->val('mySQL', 'Hostname');
- my $dbname = $cfg->val('mySQL', 'Database');
- my $dbuser = $cfg->val('mySQL', 'Loginname');
- my $dbpasswd = $cfg->val('mySQL', 'Password');
-
- my $dbh = DBI->connect("DBI:mysql:$dbname:$dbhost","$dbuser","$dbpasswd")
- or return (undef, 'ERROR', "Database Error: " . $DBI::errstr);
-
- $dbh->do(qq{SET CHARACTER SET utf8;})
- or return (undef, 'ERROR', "Database Error: " . $dbh->errstr);
-
- return ($dbh, 'OK', 'success');
-}
-
-sub closedb
-{
- my $dbh = shift;
- $dbh->disconnect();
-}
-
-sub get_token
-{
- my ($dbh, $username) = @_;
-
- my $sql = qq{select PASSWORD from USERS where LOGIN_NAME = ?;};
- my $sth = $dbh->prepare($sql)
- or return (undef, 'ERROR', "Database Error: " . $dbh->errstr);
-
- $sth->execute($username)
- or return (undef, 'ERROR', "Database Error: " . $sth->errstr);
-
- my ($token) = $sth->fetchrow_array;
- $sth->finish();
-
- unless(defined $token) {
- return (undef, 'ERROR', "user '" . $username . "' not known by rivendell")
- }
- return ($token, 'OK', 'success');
-}
-
-sub check_token
-{
- my ($dbh, $username, $token) = @_;
-
- my $sql = qq{select PASSWORD from USERS where LOGIN_NAME = ?;};
- my $sth = $dbh->prepare($sql)
- or return (undef, 'ERROR', "Database Error: " . $dbh->errstr);
-
- $sth->execute($username)
- or return (undef, 'ERROR', "Database Error: " . $sth->errstr);
-
- my ($token_result) = $sth->fetchrow_array;
- $sth->finish();
-
- unless(defined $token_result) {
- return (undef, 'ERROR', "user '" . $username . "' not known by rivendell")
- }
-
- if($token_result eq $token) {
- return (1, 'OK', 'success');
- }
- return (0, 'ERROR', "wrong password");
-}
-
-sub get_showtitle_and_log
-{
- my ($dbh, $showid) = @_;
-
- my $sql = qq{select TITLE,MACROS from CART where NUMBER = ?;};
- my $sth = $dbh->prepare($sql)
- or return (undef, undef, 'ERROR', "Database Error: " . $dbh->errstr);
-
- $sth->execute($showid)
- or return (undef, undef, 'ERROR', "Database Error: " . $sth->errstr);
-
- my ($title, $macros) = $sth->fetchrow_array;
- $sth->finish();
-
- unless(defined $title) {
- return (undef, undef, 'ERROR', "Show with ID=" . $showid . " not found!")
- }
- unless(defined $macros) {
- return (undef, undef, 'ERROR', "Show with ID=" . $showid . " has no macro!");
- }
-
- unless($macros =~ /^LL 1 ([^ ]+) 0\!$/) {
- return (undef, undef, 'ERROR', "Show with ID=" . $showid . " has invalid macro: '" . $macros . "'");
- }
- my $log = $1;
-
- return ($title, $log, 'OK', 'success');
-}
-
-sub get_dropboxes
-{
- my ($dbh, $username) = @_;
-
- my $sql = qq{select USER_PERMS.GROUP_NAME,DROPBOXES.TO_CART,DROPBOXES.NORMALIZATION_LEVEL,DROPBOXES.AUTOTRIM_LEVEL,DROPBOXES.SET_USER_DEFINED,GROUPS.DEFAULT_LOW_CART,GROUPS.DEFAULT_HIGH_CART,GROUPS.DESCRIPTION from USER_PERMS, DROPBOXES, GROUPS where USER_PERMS.USER_NAME=? and DROPBOXES.GROUP_NAME=USER_PERMS.GROUP_NAME and DROPBOXES.GROUP_NAME=GROUPS.NAME and DROPBOXES.STATION_NAME=?;};
-
- my $sth = $dbh->prepare($sql)
- or return (undef, 'ERROR', "Database Error: " . $dbh->errstr);
-
- $sth->execute($username, 'import-dropbox') # TODO: hardcoded value
- or return (undef, 'ERROR', "Database Error: " . $sth->errstr);
-
- my @allowed_dbs;
- while(my ($group, $to_cart, $normlevel, $trimlevel, $params, $lowcart, $highcart, $groupdesc) = $sth->fetchrow_array()) {
- my @p = split(';', $params);
-
- my $entry = {};
- $entry->{'GROUP'} = $group;
- $entry->{'GROUPDESC'} = $groupdesc;
- $entry->{'GROUPLOWCART'} = $lowcart;
- $entry->{'GROUPHIGHCART'} = $highcart;
- $entry->{'NORMLEVEL'} = $normlevel;
- $entry->{'TRIMLEVEL'} = $trimlevel;
- $entry->{'PARAM'} = $params;
- if($p[0] eq "S") {
- $entry->{'TYPE'} = 'show';
- $entry->{'SHOWID'} = $to_cart;
-
- my ($title, $log, $status, $errorstring) = get_showtitle_and_log($dbh, $to_cart);
- unless (defined $title && defined $log) {
- return (undef, $status, $errorstring);
- }
- $entry->{'SHOWTITLE'} = $title;
- $entry->{'SHOWLOG'} = $log;
-
- $entry->{'SHOWRHYTHM'} = $p[1];
- $entry->{'SHOWDOW'} = int $p[2];
- $entry->{'SHOWDOW'} = 0 unless $entry->{'SHOWDOW'} < 7;
- substr($p[3], 2, 0) = ':';
- $entry->{'SHOWSTARTTIME'} = $p[3];
- $entry->{'SHOWLEN'} = int $p[4];
- }
-
- push @allowed_dbs, $entry;
- }
- $sth->finish();
-
- return @allowed_dbs;
-}
-
-
-return 1;