Mercurial > ~darius > hgwebdir.cgi > SCS_DB
view edit.pl @ 2:791e87929f83 default tip
Added tag RELENG_1_0 for changeset d95e74cd12f4
author | darius@midget.dons.net.au |
---|---|
date | Tue, 23 Oct 2007 10:07:21 +0930 (2007-10-23) |
parents | d95e74cd12f4 |
children |
line wrap: on
line source
#!/usr/local/bin/perl require "cgi-lib.pl"; use DBI; $user = ""; $passwd = ""; $dbname = "scs"; MAIN: { # Read in all the variables set by the form &ReadParse(*input); print &PrintHeader; print "<BODY BGCOLOR=\"#00000\" TEXT=\"#CCCCCC\" LINK=\"#00EE20\" VLINK=\"#55FF8B\" ALINK=\"#FFFF00\">"; print "<META HTTP-EQUIV=\"Pragma\" content=\"no-cache\">\n"; print "<TITLE>Edit the SCS Database</TITLE>"; print "<H2>Edit the SCS Database</H2>"; # print &HtmlTop ("Edit the SCS Database"); $id = $input{'id'}; $type = $input{'type'}; # Is this a query? if ($type eq "edit") { # Connect to the Database $dbh = DBI->connect("dbi:Pg:dbname=$dbname", $user, $passwd) || bad_exit($sth->errstr); # Prepare the select statement $sth = $dbh->prepare("SELECT * FROM members WHERE memberid = $id") || bad_exit($sth->errstr); # Execute it $numrows = $sth->execute || bad_exit($sth->errstr); # Get one row. Only one.. if there is more than one, bad things have happened :) if (@array = $sth->fetchrow_array) { # Check their password if (&dtrail(@array[4]) ne &dtrail($input{'passwd'})) { print "Bad password for Member ID $id<P>\n"; print "<A HREF=\"/scs/games/edit.html\">Try again</A>\n"; } else { # Print out a form which allows the user to change fields $memberid = dtrail(@array[0]); $firstname = dtrail(@array[1]); $lastname = dtrail(@array[2]); $nickname = dtrail(@array[3]); $pin = dtrail(@array[4]); $age = dtrail(@array[5]); $phone1 = dtrail(@array[6]); $ph1_pub = dtrail(@array[7]); $phone2 = dtrail(@array[8]); $ph2_pub = dtrail(@array[9]); $email = dtrail(@array[10]); $email_pub = dtrail(@array[11]); $address1 = dtrail(@array[12]); $address2 = dtrail(@array[13]); $address3 = dtrail(@array[14]); $addy_pub = dtrail(@array[15]); $comments = dtrail(@array[16]); $joined = dtrail(@array[17]); $lstmemfee = dtrail(@array[18]); $lstpddate = dtrail(@array[19]); print "<FORM METHOD=GET ACTION=\"/cgi-bin/scs/edit.pl\">\n"; print "<TABLE WIDTH=\"100%\">\n"; print "<TR><TD ALIGN=RIGHT>First Name<TD>"; printf("<INPUT TYPE=TEXT NAME=fname VALUE=\"%s\" SIZE=\"50%\"></TR>\n", $firstname); print "<TR><TD ALIGN=RIGHT>Last Name<TD>"; printf("<INPUT TYPE=TEXT NAME=lname VALUE=\"%s\" SIZE=\"50%\"></TR>\n", $lastname); print "<TR><TD ALIGN=RIGHT>Member ID<TD>$id"; printf("<INPUT TYPE=HIDDEN NAME=id VALUE=\"%d\"></TR>\n", $id); printf("<TR><TD ALIGN=RIGHT>Nickname<TD>"); printf("<INPUT TYPE=TEXT NAME=nick VALUE=\"%s\" SIZE=\"50%\"></TR>\n", $nickname); print "<TR><TD ALIGN=RIGHT>Password<TD>"; printf("<INPUT TYPE=PASSWORD NAME=pwd1 VALUE=\"%s\" SIZE=\"50%\">", $pin); printf("<INPUT TYPE=HIDDEN NAME=passwd VALUE=\"%s\"</TR>\n", $pin); print "<TR><TD ALIGN=RIGHT>And Again<TD>"; printf("<INPUT TYPE=PASSWORD NAME=pwd2 VALUE=\"%s\" SIZE=\"50%\"></TR>\n", $pin); print "<TR><TD ALIGN=RIGHT>Age<TD>"; printf("<INPUT TYPE=TEXT NAME=age VALUE=\"%d\" SIZE=\"50%\"></TR>\n", $age); print "<TR><TD ALIGN=RIGHT>Phone 1<TD>"; printf("<INPUT TYPE=TEXT NAME=phone1 VALUE=\"%s\" SIZE=\"50%\"></TR>\n", $phone1); print "<TR><TD ALIGN=RIGHT>Public number<TD>"; printf("<INPUT TYPE=CHECKBOX NAME=ph1_pub %s SIZE=\"50%\"></TR>\n", (($ph1_pub eq "0") ? '' : 'CHECKED')); print "<TR><TD ALIGN=RIGHT>Phone 2<TD>"; printf("<INPUT TYPE=TEXT NAME=phone2 VALUE=\"%s\" SIZE=\"50%\"></TR>\n", $phone2); print "<TR><TD ALIGN=RIGHT>Public number<TD>"; printf("<INPUT TYPE=CHECKBOX NAME=ph2_pub %s SIZE=\"50%\"></TR>\n", (($ph2_pub eq "0") ? '' : 'CHECKED')); print "<TR><TD ALIGN=RIGHT>Email<TD>"; printf("<INPUT TYPE=TEXT NAME=email VALUE=\"%s\" SIZE=\"50%\"></TR>\n", $email); print "<TR><TD ALIGN=RIGHT>Public Email<TD>"; printf("<INPUT TYPE=CHECKBOX NAME=email_pub %s SIZE=\"50%\"></TR>\n", (($email_pub eq "0") ? '' : 'CHECKED')); print "<TR><TD ALIGN=RIGHT>Address 1<TD>"; printf("<INPUT TYPE=TEXT NAME=addy1 VALUE=\"%s\" SIZE=\"50%\"></TR>\n", $address1); print "<TR><TD ALIGN=RIGHT>Address 2<TD>"; printf("<INPUT TYPE=TEXT NAME=addy2 VALUE=\"%s\" SIZE=\"50%\"></TR>\n", $address2); print "<TR><TD ALIGN=RIGHT>Address 3<TD>"; printf("<INPUT TYPE=TEXT NAME=addy3 VALUE=\"%s\" SIZE=\"50%\"></TR>\n", $address3); print "<TR><TD ALIGN=RIGHT>Public Address<TD>"; printf("<INPUT TYPE=CHECKBOX NAME=addy_pub %s SIZE=\"50%\"></TR>\n", (($addy_pub eq "0") ? '' : 'CHECKED')); print "<TR><TD ALIGN=RIGHT>Comments<TD>"; printf("<INPUT TYPE=TEXT NAME=comments VALUE=\"%s\" SIZE=\"50%\"></TR>\n", $comments); printf("<TR><TD ALIGN=RIGHT>Joined on<TD>@array[13]</TR>\n", $joined); printf("<TR><TD ALIGN=RIGHT>Last Membership paid<TD>%s</TR>\n", $lstmemfee); printf("<TR><TD ALIGN=RIGHT>Last Membership date<TD>%s</TR>\n", $lstpddate); print "</TABLE>\n"; print "<INPUT TYPE=HIDDEN NAME=\"type\" VALUE=\"adjust\">\n"; print "<INPUT TYPE=SUBMIT VALUE=\"Update information\"><P>\n"; print "Or <A HREF=\"/scs/games/edit.html\">Go back to the Edit page</A>\n"; print "<P>"; } } else { # Couldn't find the member ID given print "No such member ID $id<P>\n"; print "<A HREF=\"/scs/games/edit.html\">Try again</A>\n"; } # Close down DB stuff $sth->finish || bad_exit($sth->errstr); $dbh->disconnect || bad_exit($sth->errstr); # We are doing an adjust } elsif ($type eq "adjust") { # Connect to the Database $dbh = DBI->connect("dbi:Pg:dbname=$dbname", $user, $passwd) || bad_exit($sth->errstr); # Prepare the select statement $sth = $dbh->prepare("SELECT * FROM members WHERE memberid = $id") || bad_exit($sth->errstr); # Execute it $numrows = $sth->execute || bad_exit($sth->errstr); # Get one row. Only one.. if there is more than one, bad things have happened :) if (@array = $sth->fetchrow_array) { # Check their password if (&dtrail(@array[4]) ne &dtrail($input{'passwd'})) { print "Bad password for Member ID $id<P>\n"; print "Please report this error to <A HREF=\"mailto:darius\@dons.net.au\">\n"; print "the administrator</A><P>\n"; print "<A HREF=\"/scs/games/edit.html\">Try again</A>\n"; } else { $fname = san_str($input{'fname'}); $lname = san_str($input{'lname'}); $nick = san_str($input{'nick'}); $pwd1 = san_str($input{'pwd1'}); $pwd2 = san_str($input{'pwd2'}); $age = san_num($input{'age'}); $phone1 = san_str($input{'phone1'}); $ph1_pub = (san_str($input{'ph1_pub'}) eq 'on') ? 't' : 'f'; $phone2 = san_str($input{'phone2'}); $ph2_pub = (san_str($input{'ph2_pub'}) eq 'on') ? 't' : 'f'; $email = san_str($input{'email'}); $email_pub = (san_str($input{'email_pub'}) eq 'on') ? 't' : 'f'; $address1 = san_str($input{'addy1'}); $address2 = san_str($input{'addy2'}); $address3 = san_str($input{'addy3'}); $addy_pub = (san_str($input{'addy_pub'}) eq 'on') ? 't' : 'f'; $comments = san_str($input{'comments'}); if ($pwd1 ne $pwd2) { print "New password mismatch\n"; print "<A HREF=\"/scs/games/edit.html\">Try again</A>\n"; } else { $dbh->do("UPDATE members SET firstname=\'$fname\', lastname=\'$lname\', nickname=\'$nick\', pin=\'$pwd1\', age=\'$age\', phone1=\'$phone1\', ph1_pub=\'$ph1_pub', phone2=\'$phone2\', ph2_pub=\'$ph2_pub\', email=\'$email\', email_pub=\'$email_pub\', address1=\'$address1\', address2=\'$address2\', address3=\'$address3\', addy_pub=\'$addy_pub\', comments=\'$comments\' WHERE memberid=$id;") || bad_exit($sth->errstr); print "Update finished!<P>\n"; print "Go back to the <A HREF=\"/games/scs/edit.html\">Edit Page</A>"; } } } else { # Couldn't find the member ID given print "No such member ID $id<P>\n"; print "<A HREF=\"/scs/games/edit.html\">Try again</A>\n"; } # Close down DB stuff $sth->finish || bad_exit($sth->errstr); $dbh->disconnect || bad_exit($sth->errstr); # Something weird happened here } else { print "Unsupported action!<P>\n"; print "Please email <A HREF=\"mailto:darius\@dons.net.au\">The Administrator</A> and<BR>\n"; print "give a problem report. Thanks!<P>"; } print &HtmlBot; } sub bad_exit { print "<H2>An internal error has occurred</H2><BR>"; print "Please mail <A HREF=\"mailto:darius\@dons.net.au\">The Administrator</A> and\n"; print "say the following error occured - $_[0]<P>"; print "<A HREF=\"/scs/games/edit.html\">Back to the Edit Page</A>\n"; print &HtmlBot; exit(0); } sub dtrail { $_[0] =~ s/(\ *)$//g; return $_[0]; } sub san_str { $_[0] =~ s/\\/\\\\/g; $_[0] =~ s/'/\\'/g; $_[0] =~ s/"/\\"/g; return $_[0]; } sub san_num { # $_[0] =~ s/'/\\'/g; return $_[0]; }