summaryrefslogtreecommitdiff
path: root/cgi-bin/mat.cgi
blob: 427547894b0df0d11b62d4951eea09a051e76186 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
#!/usr/bin/perl

use strict;
use warnings;

use Config::Simple;
use CGI::Simple;
use CGI::Session;
use DBI;

tie my %Config, "Config::Simple", '/etc/mat.conf';

my $q = new CGI::Simple;
my $id = $q->param('id');
my $action = $q->param('action');
my $storage = $q->param('storage');
my $session = CGI::Session->new(undef, undef, {Directory =>
    $Config{'session_directory'}});

sub misconfigured
{
  print "Content-Type: text/plain; charset=utf-8\n\r\n\r";
  print "This system is misconfigured.\n";
  exit 1;
}

sub invalid_input()
{
  print "Content-Type: text/plain; charset=utf-8\n\r\n\r";
  print "Invalid input.\n";
  exit 1;
}

sub unauthorized()
{
  print "Content-Type: text/plain; charset=utf-8\n\r\n\r";
  print "Not authorized!\n";
  exit 1;
}

sub send_cookie()
{
  print $session->header(-type => 'text/plain', -charset => 'utf8');
}

sub cmd_view($)
{
  my ( $id ) = @_;

  my $db = DBI->connect($Config{'database'}, "", "",
      {HandleError => \&misconfigured, AutoCommit => 1});

  my $recipe_row = $db->selectrow_arrayref("SELECT name, storage, uri FROM ".
      "recipes AS r JOIN inventory AS i ON i.recipe_id=r.id WHERE i.id=".$id.
      ";");

  print $id, "\n", $$recipe_row[0], "\n", $$recipe_row[1], "\n",
      $$recipe_row[2], "\n";
}

sub cmd_relocate($$)
{
  my ( $id, $storage ) = @_;

  my $db = DBI->connect($Config{'database'}, "", "",
      {HandleError => \&misconfigured, AutoCommit => 1});

  $db->do('UPDATE inventory SET storage="'.$storage.'" WHERE id='.$id);

  cmd_view($id);
}

### MAIN PROGRAM ##############################################################

misconfigured unless ($Config{'database'});
misconfigured unless $session;
invalid_input unless ($id and $action);

invalid_input unless (($id =~ m/^[0-9]+$/) and ($action =~ m/^view|relocate$/) and
    ($storage =~ /^[a-z0-9]*$/));
send_cookie;

for ($action) {
  if    (/^view$/) {
    cmd_view($id);
  }
  elsif (/^relocate$/) {
    if ($session->param('authenticated') eq "yes") {
      cmd_relocate($id, $storage);
    } else {
      unauthorized();
    }
  }
  else {
    invalid_input;
  }
}