diff options
Diffstat (limited to 'editusers.cgi')
| -rwxr-xr-x | editusers.cgi | 583 |
1 files changed, 583 insertions, 0 deletions
diff --git a/editusers.cgi b/editusers.cgi new file mode 100755 index 000000000..552474339 --- /dev/null +++ b/editusers.cgi @@ -0,0 +1,583 @@ +#!/usr/bonsaitools/bin/perl -w +# -*- Mode: perl; indent-tabs-mode: nil -*- +# +# The contents of this file are subject to the Mozilla Public License +# Version 1.0 (the "License"); you may not use this file except in +# compliance with the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" +# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the +# License for the specific language governing rights and limitations +# under the License. +# +# +# Direct any questions on this source code to +# +# Holger Schurig <holgerschurig@nikocity.de> + +use diagnostics; +use strict; + +require "CGI.pl"; +require "globals.pl"; + + + + + +# TestUser: just returns if the specified user does exists +# CheckUser: same check, optionally emit an error text + +sub TestUser ($) +{ + my $user = shift; + + # does the product exist? + SendSQL("SELECT login_name + FROM profiles + WHERE login_name=" . SqlQuote($user)); + return FetchOneColumn(); +} + +sub CheckUser ($) +{ + my $user = shift; + + # do we have a product? + unless ($user) { + print "Sorry, you haven't specified a user."; + PutTrailer(); + exit; + } + + unless (TestUser $user) { + print "Sorry, user '$user' does not exist."; + PutTrailer(); + exit; + } +} + + + +# +# Displays the form to edit a user parameters +# + +sub EmitFormElements ($$$$) +{ + my ($user, $password, $realname, $groupset) = @_; + + print " <TH ALIGN=\"right\">Login name:</TH>\n"; + print " <TD><INPUT SIZE=64 MAXLENGTH=255 NAME=\"user\" VALUE=\"$user\"></TD>\n"; + + print "</TR><TR>\n"; + print " <TH ALIGN=\"right\">Real name:</TH>\n"; + print " <TD><INPUT SIZE=64 MAXLENGTH=255 NAME=\"realname\" VALUE=\"$realname\"></TD>\n"; + + print "</TR><TR>\n"; + print " <TH ALIGN=\"right\">Password:</TH>\n"; + print " <TD><INPUT SIZE=16 MAXLENGTH=16 NAME=\"password\" VALUE=\"$password\"></TD>\n"; + + + SendSQL("SELECT bit,name,description + FROM groups + ORDER BY name"); + while (MoreSQLData()) { + my($bit,$name,$description) = FetchSQLData(); + print "</TR><TR>\n"; + $bit = $bit+0; # this strange construct coverts a string to a number + print " <TH ALIGN=\"right\">", ucfirst($name), ":</TH>\n"; + my $checked = ($groupset & $bit) ? "CHECKED" : ""; + print " <TD><INPUT TYPE=CHECKBOX NAME=\"bit_$name\" $checked VALUE=\"$bit\"> $description</TD>\n"; + } + +} + + + +# +# Displays a text like "a.", "a or b.", "a, b or c.", "a, b, c or d." +# + +sub PutTrailer (@) +{ + my (@links) = ("Back to the <A HREF=\"index.html\">index</A>", @_); + + my $count = $#links; + my $num = 0; + print "<P>\n"; + foreach (@links) { + print $_; + if ($num == $count) { + print ".\n"; + } + elsif ($num == $count-1) { + print " or "; + } + else { + print ", "; + } + $num++; + } + print "</BODY></HTML>\n"; +} + + + +# +# Preliminary checks: +# + +confirm_login(); + +print "Content-type: text/html\n\n"; + +unless (UserInGroup("tweakparams")) { + PutHeader("Not allowed"); + print "Sorry, you aren't a member of the 'tweakparams' group.\n"; + print "And so, you aren't allowed to add, modify or delete users.\n"; + PutTrailer(); + exit; +} + + + +# +# often used variables +# +my $user = trim($::FORM{user} || ''); +my $action = trim($::FORM{action} || ''); +my $localtrailer = "<A HREF=\"editusers.cgi\">edit</A> more users"; + + + +# +# action='' -> Show nice list of users +# + +unless ($action) { + PutHeader("Select user"); + + SendSQL("SELECT login_name,realname + FROM profiles + ORDER BY login_name"); + my $count = 0; + my $header = "<TABLE BORDER=1 CELLPADDING=4 CELLSPACING=0><TR BGCOLOR=\"#6666FF\"> +<TH ALIGN=\"left\">Edit user ...</TH> +<TH ALIGN=\"left\">Real name</TH> +<TH ALIGN=\"left\">Action</TH>\n +</TR>"; + print $header; + while ( MoreSQLData() ) { + $count++; + if ($count % 100 == 0) { + print "</table>$header"; + } + my ($user, $realname) = FetchSQLData(); + $realname ||= "<FONT COLOR=\"red\">missing</FONT>"; + print "<TR>\n"; + print " <TD VALIGN=\"top\"><A HREF=\"editusers.cgi?action=edit&user=", url_quote($user), "\"><B>$user</B></A></TD>\n"; + print " <TD VALIGN=\"top\">$realname</TD>\n"; + print " <TD VALIGN=\"top\"><A HREF=\"editusers.cgi?action=del&user=", url_quote($user), "\">Delete</A></TD>\n"; + print "</TR>"; + } + print "<TR>\n"; + print " <TD VALIGN=\"top\" COLSPAN=2>Add a new user</TD>\n"; + print " <TD VALIGN=\"top\" ALIGN=\"middle\"><FONT SIZE =-1><A HREF=\"editusers.cgi?action=add\">Add</A></FONT></TD>\n"; + print "</TR></TABLE>\n"; + + PutTrailer(); + exit; +} + + + + +# +# action='add' -> present form for parameters for new user +# +# (next action will be 'new') +# + +if ($action eq 'add') { + PutHeader("Add user"); + + #print "This page lets you add a new product to bugzilla.\n"; + + print "<FORM METHOD=POST ACTION=editusers.cgi>\n"; + print "<TABLE BORDER=0 CELLPADDING=4 CELLSPACING=0><TR>\n"; + + EmitFormElements('', '', '', 0); + + print "</TR></TABLE>\n<HR>\n"; + print "<INPUT TYPE=SUBMIT VALUE=\"Add\">\n"; + print "<INPUT TYPE=HIDDEN NAME=\"action\" VALUE=\"new\">\n"; + print "</FORM>"; + + my $other = $localtrailer; + $other =~ s/more/other/; + PutTrailer($other); + exit; +} + + + +# +# action='new' -> add user entered in the 'action=add' screen +# + +if ($action eq 'new') { + PutHeader("Adding new user"); + + # Cleanups and valididy checks + my $realname = trim($::FORM{realname} || ''); + my $password = trim($::FORM{password} || ''); + + unless ($user) { + print "You must enter a name for the new user. Please press\n"; + print "<b>Back</b> and try again.\n"; + PutTrailer($localtrailer); + exit; + } + unless ($user =~ /^[^\@]+\@[^\@]+$/) { + print "The user name entered must be a valid e-mail address. Please press\n"; + print "<b>Back</b> and try again.\n"; + PutTrailer($localtrailer); + exit; + } + if (TestUser($user)) { + print "The user '$user' does already exist. Please press\n"; + print "<b>Back</b> and try again.\n"; + PutTrailer($localtrailer); + exit; + } + if ($password !~ /^[a-zA-Z0-9-_]*$/ || length($password) < 3 || length($password) > 16) { + print "The new user must have a password. The password must be between ", + "3 and 16 characters long and must contain only numbers, letters, ", + "hyphens and underlines. Press <b>Back</b> and try again.\n"; + PutTrailer($localtrailer); + exit; + } + + my $bits = 0; + foreach (keys %::FORM) { + next unless /^bit_/; + #print "$_=$::FORM{$_}<br>\n"; + $bits |= $::FORM{$_}; + } + + + sub x { + my $sc="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./"; + return substr($sc, int (rand () * 100000) % (length ($sc) + 1), 1); + } + + my $salt = x() . x(); + my $cryptpassword = crypt($password, $salt); + + # Add the new user + SendSQL("INSERT INTO profiles ( " . + "login_name, password, cryptpassword, realname, groupset" . + " ) VALUES ( " . + SqlQuote($user) . "," . + SqlQuote($password) . "," . + SqlQuote($cryptpassword) . "," . + SqlQuote($realname) . "," . + $bits . ")" ); + + #+++ send e-mail away + + print "OK, done.<p>\n"; + PutTrailer($localtrailer, + "<a href=\"editusers.cgi?action=add\">add</a> another user."); + exit; + +} + + + +# +# action='del' -> ask if user really wants to delete +# +# (next action would be 'delete') +# + +if ($action eq 'del') { + PutHeader("Delete user"); + CheckUser($user); + + # display some data about the product + SendSQL("SELECT realname, groupset, emailnotification, login_name + FROM profiles + WHERE login_name=" . SqlQuote($user)); + my ($realname, $groupset, $emailnotification) = FetchSQLData(); + $realname ||= "<FONT COLOR=\"red\">missing</FONT>"; + + print "<TABLE BORDER=1 CELLPADDING=4 CELLSPACING=0>\n"; + print "<TR BGCOLOR=\"#6666FF\">\n"; + print " <TH VALIGN=\"top\" ALIGN=\"left\">Part</TH>\n"; + print " <TH VALIGN=\"top\" ALIGN=\"left\">Value</TH>\n"; + + print "</TR><TR>\n"; + print " <TD VALIGN=\"top\">Login name:</TD>\n"; + print " <TD VALIGN=\"top\">$user</TD>\n"; + + print "</TR><TR>\n"; + print " <TD VALIGN=\"top\">Real name:</TD>\n"; + print " <TD VALIGN=\"top\">$realname</TD>\n"; + + print "</TR><TR>\n"; + print " <TD VALIGN=\"top\">E-Mail notification:</TD>\n"; + print " <TD VALIGN=\"top\">$emailnotification</TD>\n"; + + print "</TR><TR>\n"; + print " <TD VALIGN=\"top\">Group set:</TD>\n"; + print " <TD VALIGN=\"top\">"; + SendSQL("SELECT bit, name + FROM groups + ORDER BY name"); + my $found = 0; + while ( MoreSQLData() ) { + my ($bit,$name) = FetchSQLData(); + if ($bit & $groupset) { + print "<br>\n" if $found; + print ucfirst $name; + $found = 1; + } + } + print "none" unless $found; + print "</TD>\n</TR>"; + + + # Check if the user is an initialowner + my $nodelete = ''; + + SendSQL("SELECT program, value + FROM components + WHERE initialowner=" . SqlQuote($user)); + $found = 0; + while (MoreSQLData()) { + if ($found) { + print "<BR>\n"; + } else { + print "<TR>\n"; + print " <TD VALIGN=\"top\">Initial owner:</TD>\n"; + print " <TD VALIGN=\"top\">"; + } + my ($product, $component) = FetchSQLData(); + print "<a href=\"editcomponents.cgi?product=", url_quote($product), + "&component=", url_quote($component), + "&action=edit\">$product: $component</a>"; + $found = 1; + $nodelete = 'initial bug owner'; + } + print "</TD>\n</TR>" if $found; + + + # Check if the user is an initialqacontact + + SendSQL("SELECT program, value + FROM components + WHERE initialqacontact=" . SqlQuote($user)); + $found = 0; + while (MoreSQLData()) { + if ($found) { + print "<BR>\n"; + } else { + print "<TR>\n"; + print " <TD VALIGN=\"top\">Initial QA contact:</TD>\n"; + print " <TD VALIGN=\"top\">"; + } + my ($product, $component) = FetchSQLData(); + print "<a href=\"editcomponents.cgi?product=", url_quote($product), + "&component=", url_quote($component), + "&action=edit\">$product: $component</a>"; + $found = 1; + $nodelete = 'initial QA contact'; + } + print "</TD>\n</TR>" if $found; + + print "</TABLE>\n"; + + + if ($nodelete) { + print "<P>You can't delete this user because '$user' is an $nodelete ", + "for at least one product."; + PutTrailer($localtrailer); + exit; + } + + + print "<H2>Confirmation</H2>\n"; + print "<P>Do you really want to delete this user?<P>\n"; + + print "<FORM METHOD=POST ACTION=editusers.cgi>\n"; + print "<INPUT TYPE=SUBMIT VALUE=\"Yes, delete\">\n"; + print "<INPUT TYPE=HIDDEN NAME=\"action\" VALUE=\"delete\">\n"; + print "<INPUT TYPE=HIDDEN NAME=\"user\" VALUE=\"$user\">\n"; + print "</FORM>"; + + PutTrailer($localtrailer); + exit; +} + + + +# +# action='delete' -> really delete the user +# + +if ($action eq 'delete') { + PutHeader("Deleting user"); + CheckUser($user); + + SendSQL("SELECT userid + FROM profiles + WHERE login_name=" . SqlQuote($user)); + my $userid = FetchOneColumn(); + + SendSQL("DELETE FROM profiles + WHERE login_name=" . SqlQuote($user)); + SendSQL("DELETE FROM logincookies + WHERE userid=" . $userid); + print "User deleted.<BR>\n"; + + PutTrailer($localtrailer); + exit; +} + + + +# +# action='edit' -> present the user edit from +# +# (next action would be 'update') +# + +if ($action eq 'edit') { + PutHeader("Edit user"); + CheckUser($user); + + # get data of user + SendSQL("SELECT password, realname, groupset, emailnotification + FROM profiles + WHERE login_name=" . SqlQuote($user)); + my ($password, $realname, $groupset, $emailnotification) = FetchSQLData(); + + print "<FORM METHOD=POST ACTION=editusers.cgi>\n"; + print "<TABLE BORDER=0 CELLPADDING=4 CELLSPACING=0><TR>\n"; + + EmitFormElements($user, $password, $realname, $groupset); + + print "</TR></TABLE>\n"; + + print "<INPUT TYPE=HIDDEN NAME=\"userold\" VALUE=\"$user\">\n"; + print "<INPUT TYPE=HIDDEN NAME=\"passwordold\" VALUE=\"$password\">\n"; + print "<INPUT TYPE=HIDDEN NAME=\"realnameold\" VALUE=\"$realname\">\n"; + print "<INPUT TYPE=HIDDEN NAME=\"groupsetold\" VALUE=\"$groupset\">\n"; + print "<INPUT TYPE=HIDDEN NAME=\"emailnotificationold\" VALUE=\"$emailnotification\">\n"; + print "<INPUT TYPE=HIDDEN NAME=\"action\" VALUE=\"update\">\n"; + print "<INPUT TYPE=SUBMIT VALUE=\"Update\">\n"; + + print "</FORM>"; + + my $x = $localtrailer; + $x =~ s/more/other/; + PutTrailer($x); + exit; +} + +# +# action='update' -> update the user +# + +if ($action eq 'update') { + PutHeader("Update User"); + + my $userold = trim($::FORM{userold} || ''); + my $realname = trim($::FORM{realname} || ''); + my $realnameold = trim($::FORM{realnameold} || ''); + my $password = trim($::FORM{password} || ''); + my $passwordold = trim($::FORM{passwordold} || ''); + my $emailnotification = trim($::FORM{emailnotification} || ''); + my $emailnotificationold = trim($::FORM{emailnotificationold} || ''); + my $groupsetold = trim($::FORM{groupsetold} || ''); + + my $groupset = 0; + foreach (keys %::FORM) { + next unless /^bit_/; + #print "$_=$::FORM{$_}<br>\n"; + $groupset |= $::FORM{$_}; + } + + CheckUser($userold); + + # Note that the order of this tests is important. If you change + # them, be sure to test for WHERE='$product' or WHERE='$productold' + + if ($groupset != $groupsetold) { + SendSQL("UPDATE profiles + SET groupset=" . $groupset . " + WHERE login_name=" . SqlQuote($userold)); + print "Updated permissions.\n"; + } + +=for me + + if ($emailnotification ne $emailnotificationold) { + SendSQL("UPDATE profiles + SET emailnotification=" . $emailnotification . " + WHERE login_name=" . SqlQuote($userold)); + print "Updated email notification.<BR>\n"; + } + +=cut + + if ($password ne $passwordold) { + SendSQL("UPDATE profiles + SET password=" . SqlQuote($password) . " + WHERE login_name=" . SqlQuote($userold)); + print "Updated password.<BR>\n"; + } + if ($realname ne $realnameold) { + SendSQL("UPDATE profiles + SET realname=" . SqlQuote($realname) . " + WHERE login_name=" . SqlQuote($userold)); + print "Updated real name.<BR>\n"; + } + if ($user ne $userold) { + unless ($user) { + print "Sorry, I can't delete the user's name."; + PutTrailer($localtrailer); + exit; + } + if (TestUser($user)) { + print "Sorry, user name '$user' is already in use."; + PutTrailer($localtrailer); + exit; + } + + SendSQL("UPDATE profiles + SET login_name=" . SqlQuote($user) . " + WHERE login_name=" . SqlQuote($userold)); + + print "Updated user's name.<BR>\n"; + } + + PutTrailer($localtrailer); + exit; +} + + + +# +# No valid action found +# + +PutHeader("Error"); +print "I don't have a clue what you want.<BR>\n"; + +foreach ( sort keys %::FORM) { + print "$_: $::FORM{$_}<BR>\n"; +} |