Mercurial > ~darius > hgwebdir.cgi > SCS_DB

view edit.pl @ 2:791e87929f83 default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added tag RELENG_1_0 for changeset d95e74cd12f4
author darius@midget.dons.net.au
date Tue, 23 Oct 2007 10:07:21 +0930
parents d95e74cd12f4
children
line wrap: on
line source

#!/usr/local/bin/perl

require "cgi-lib.pl";
use DBI;

$user	= "";
$passwd	= "";
$dbname	= "scs";

MAIN:
{
# Read in all the variables set by the form
    &ReadParse(*input);

    print &PrintHeader;
	print "<BODY BGCOLOR=\"#00000\" TEXT=\"#CCCCCC\" LINK=\"#00EE20\" VLINK=\"#55FF8B\" ALINK=\"#FFFF00\">";
	print "<META HTTP-EQUIV=\"Pragma\" content=\"no-cache\">\n";
	print "<TITLE>Edit the SCS Database</TITLE>";
	print "<H2>Edit the SCS Database</H2>";

#    print &HtmlTop ("Edit the SCS Database");
	
    $id = $input{'id'};
    $type = $input{'type'};

# Is this a query?
    if ($type eq "edit") {

# Connect to the Database
		$dbh = DBI->connect("dbi:Pg:dbname=$dbname", $user, $passwd) || bad_exit($sth->errstr);

# Prepare the select statement
		$sth = $dbh->prepare("SELECT * FROM members WHERE memberid = $id") || bad_exit($sth->errstr);

# Execute it
		$numrows = $sth->execute || bad_exit($sth->errstr);

# Get one row. Only one.. if there is more than one, bad things have happened :)
		if (@array = $sth->fetchrow_array) {

# Check their password
			if (&dtrail(@array[4]) ne &dtrail($input{'passwd'})) {
				print "Bad password for Member ID $id<P>\n";
				print "<A HREF=\"/scs/games/edit.html\">Try again</A>\n";
			} else {
# Print out a form which allows the user to change fields
			    $memberid	= dtrail(@array[0]);
				$firstname	= dtrail(@array[1]);
				$lastname	= dtrail(@array[2]);
				$nickname	= dtrail(@array[3]);
				$pin		= dtrail(@array[4]);
				$age		= dtrail(@array[5]);
				$phone1		= dtrail(@array[6]);
				$ph1_pub	= dtrail(@array[7]);
				$phone2		= dtrail(@array[8]);
				$ph2_pub	= dtrail(@array[9]);
				$email		= dtrail(@array[10]);
				$email_pub	= dtrail(@array[11]);
				$address1	= dtrail(@array[12]);
				$address2	= dtrail(@array[13]);
				$address3	= dtrail(@array[14]);
				$addy_pub	= dtrail(@array[15]);
				$comments	= dtrail(@array[16]);
				$joined		= dtrail(@array[17]);
				$lstmemfee	= dtrail(@array[18]);
				$lstpddate	= dtrail(@array[19]);

				print  "<FORM METHOD=GET ACTION=\"/cgi-bin/scs/edit.pl\">\n";
				print  "<TABLE WIDTH=\"100%\">\n";
				print  "<TR><TD ALIGN=RIGHT>First Name<TD>";
				printf("<INPUT TYPE=TEXT NAME=fname VALUE=\"%s\" SIZE=\"50%\"></TR>\n",
					   $firstname);
				print  "<TR><TD ALIGN=RIGHT>Last Name<TD>";
				printf("<INPUT TYPE=TEXT NAME=lname VALUE=\"%s\" SIZE=\"50%\"></TR>\n", 
					   $lastname);
				print  "<TR><TD ALIGN=RIGHT>Member ID<TD>$id";
				printf("<INPUT TYPE=HIDDEN NAME=id VALUE=\"%d\"></TR>\n", $id);
				printf("<TR><TD ALIGN=RIGHT>Nickname<TD>");
				printf("<INPUT TYPE=TEXT NAME=nick VALUE=\"%s\" SIZE=\"50%\"></TR>\n",
					   $nickname);
				print  "<TR><TD ALIGN=RIGHT>Password<TD>";
				printf("<INPUT TYPE=PASSWORD NAME=pwd1 VALUE=\"%s\" SIZE=\"50%\">", $pin);
				printf("<INPUT TYPE=HIDDEN NAME=passwd VALUE=\"%s\"</TR>\n", $pin);
				print  "<TR><TD ALIGN=RIGHT>And Again<TD>";
				printf("<INPUT TYPE=PASSWORD NAME=pwd2 VALUE=\"%s\" SIZE=\"50%\"></TR>\n",
					   $pin);
				print  "<TR><TD ALIGN=RIGHT>Age<TD>";
				printf("<INPUT TYPE=TEXT NAME=age VALUE=\"%d\" SIZE=\"50%\"></TR>\n", 
					   $age);
				print  "<TR><TD ALIGN=RIGHT>Phone 1<TD>";
				printf("<INPUT TYPE=TEXT NAME=phone1 VALUE=\"%s\" SIZE=\"50%\"></TR>\n",
					   $phone1);
				print  "<TR><TD ALIGN=RIGHT>Public number<TD>";
				printf("<INPUT TYPE=CHECKBOX NAME=ph1_pub %s SIZE=\"50%\"></TR>\n",
					   (($ph1_pub eq "0") ? '' : 'CHECKED'));
				print  "<TR><TD ALIGN=RIGHT>Phone 2<TD>";
				printf("<INPUT TYPE=TEXT NAME=phone2 VALUE=\"%s\" SIZE=\"50%\"></TR>\n",
				    $phone2);
				print  "<TR><TD ALIGN=RIGHT>Public number<TD>";
				printf("<INPUT TYPE=CHECKBOX NAME=ph2_pub %s SIZE=\"50%\"></TR>\n",
					   (($ph2_pub eq "0") ? '' : 'CHECKED'));
				print  "<TR><TD ALIGN=RIGHT>Email<TD>";
				printf("<INPUT TYPE=TEXT NAME=email VALUE=\"%s\" SIZE=\"50%\"></TR>\n", 
				    $email);
				print  "<TR><TD ALIGN=RIGHT>Public Email<TD>";
				printf("<INPUT TYPE=CHECKBOX NAME=email_pub %s SIZE=\"50%\"></TR>\n",
					   (($email_pub eq "0") ? '' : 'CHECKED'));
				print  "<TR><TD ALIGN=RIGHT>Address 1<TD>";
				printf("<INPUT TYPE=TEXT NAME=addy1 VALUE=\"%s\" SIZE=\"50%\"></TR>\n",
				    $address1);
				print  "<TR><TD ALIGN=RIGHT>Address 2<TD>";
				printf("<INPUT TYPE=TEXT NAME=addy2 VALUE=\"%s\" SIZE=\"50%\"></TR>\n",
				    $address2);
				print  "<TR><TD ALIGN=RIGHT>Address 3<TD>";
				printf("<INPUT TYPE=TEXT NAME=addy3 VALUE=\"%s\" SIZE=\"50%\"></TR>\n",
				    $address3);
				print  "<TR><TD ALIGN=RIGHT>Public Address<TD>";
				printf("<INPUT TYPE=CHECKBOX NAME=addy_pub %s SIZE=\"50%\"></TR>\n",
					   (($addy_pub eq "0") ? '' : 'CHECKED'));
				print  "<TR><TD ALIGN=RIGHT>Comments<TD>";
				printf("<INPUT TYPE=TEXT NAME=comments VALUE=\"%s\" SIZE=\"50%\"></TR>\n",
				    $comments);
				printf("<TR><TD ALIGN=RIGHT>Joined on<TD>@array[13]</TR>\n", $joined);
				printf("<TR><TD ALIGN=RIGHT>Last Membership paid<TD>%s</TR>\n", $lstmemfee);
				printf("<TR><TD ALIGN=RIGHT>Last Membership date<TD>%s</TR>\n", $lstpddate);
				print  "</TABLE>\n";
				print  "<INPUT TYPE=HIDDEN NAME=\"type\" VALUE=\"adjust\">\n";
				print  "<INPUT TYPE=SUBMIT VALUE=\"Update information\"><P>\n";
				print  "Or <A HREF=\"/scs/games/edit.html\">Go back to the Edit page</A>\n";
				print  "<P>";
			}
		} else {
# Couldn't find the member ID given
			print "No such member ID $id<P>\n";
			print "<A HREF=\"/scs/games/edit.html\">Try again</A>\n";
		}

# Close down DB stuff
		$sth->finish || bad_exit($sth->errstr);

		$dbh->disconnect || bad_exit($sth->errstr);

# We are doing an adjust
    } elsif ($type eq "adjust") {
# Connect to the Database
		$dbh = DBI->connect("dbi:Pg:dbname=$dbname", $user, $passwd) || bad_exit($sth->errstr);

# Prepare the select statement
		$sth = $dbh->prepare("SELECT * FROM members WHERE memberid = $id") || bad_exit($sth->errstr);

# Execute it
		$numrows = $sth->execute || bad_exit($sth->errstr);

# Get one row. Only one.. if there is more than one, bad things have happened :)
		if (@array = $sth->fetchrow_array) {

# Check their password
			if (&dtrail(@array[4]) ne &dtrail($input{'passwd'})) {
				print "Bad password for Member ID $id<P>\n";
				print "Please report this error to <A HREF=\"mailto:darius\@dons.net.au\">\n";
				print "the administrator</A><P>\n";
				print "<A HREF=\"/scs/games/edit.html\">Try again</A>\n";
			} else {
				$fname		= san_str($input{'fname'});
				$lname		= san_str($input{'lname'});
				$nick		= san_str($input{'nick'});
				$pwd1		= san_str($input{'pwd1'});
				$pwd2		= san_str($input{'pwd2'});
				$age		= san_num($input{'age'});
				$phone1		= san_str($input{'phone1'});
				$ph1_pub	= (san_str($input{'ph1_pub'}) eq 'on') ? 't' : 'f';
				$phone2		= san_str($input{'phone2'});
				$ph2_pub	= (san_str($input{'ph2_pub'}) eq 'on') ? 't' : 'f';
				$email		= san_str($input{'email'});
				$email_pub	= (san_str($input{'email_pub'}) eq 'on') ? 't' : 'f';
				$address1	= san_str($input{'addy1'});
				$address2	= san_str($input{'addy2'});
				$address3	= san_str($input{'addy3'});
				$addy_pub	= (san_str($input{'addy_pub'}) eq 'on') ? 't' : 'f';
				$comments	= san_str($input{'comments'});
				
				if ($pwd1 ne $pwd2) {
					print "New password mismatch\n";
					print "<A HREF=\"/scs/games/edit.html\">Try again</A>\n";
				} else {
					$dbh->do("UPDATE members SET firstname=\'$fname\', lastname=\'$lname\', nickname=\'$nick\', pin=\'$pwd1\', age=\'$age\', phone1=\'$phone1\', ph1_pub=\'$ph1_pub', phone2=\'$phone2\', ph2_pub=\'$ph2_pub\', email=\'$email\', email_pub=\'$email_pub\', address1=\'$address1\',  address2=\'$address2\', address3=\'$address3\', addy_pub=\'$addy_pub\', comments=\'$comments\' WHERE memberid=$id;") || bad_exit($sth->errstr);
					print "Update finished!<P>\n";
					print "Go back to the <A HREF=\"/games/scs/edit.html\">Edit Page</A>";
				}
			}
		} else {
# Couldn't find the member ID given
			print "No such member ID $id<P>\n";
			print "<A HREF=\"/scs/games/edit.html\">Try again</A>\n";
		}

# Close down DB stuff
		$sth->finish || bad_exit($sth->errstr);

		$dbh->disconnect || bad_exit($sth->errstr);

# Something weird happened here
    } else {
		print "Unsupported action!<P>\n";
		print "Please email <A HREF=\"mailto:darius\@dons.net.au\">The Administrator</A> and<BR>\n";
		print "give a problem report. Thanks!<P>";
    }

    print &HtmlBot;
}

sub bad_exit
{
    print "<H2>An internal error has occurred</H2><BR>";
    print "Please mail <A HREF=\"mailto:darius\@dons.net.au\">The Administrator</A> and\n";
    print "say the following error occured - $_[0]<P>";
	print "<A HREF=\"/scs/games/edit.html\">Back to the Edit Page</A>\n";
    
    print &HtmlBot;

    exit(0);
}

sub dtrail
{
    $_[0] =~ s/(\ *)$//g;
    return $_[0];
}

sub san_str
{
	$_[0] =~ s/\\/\\\\/g;
    $_[0] =~ s/'/\\'/g;
	$_[0] =~ s/"/\\"/g;
    return $_[0];
}

sub san_num
{
#    $_[0] =~ s/'/\\'/g;
    return $_[0];
}