summaryrefslogtreecommitdiff
path: root/cgi-bin
diff options
context:
space:
mode:
Diffstat (limited to 'cgi-bin')
-rwxr-xr-xcgi-bin/mat.cgi73
1 files changed, 62 insertions, 11 deletions
diff --git a/cgi-bin/mat.cgi b/cgi-bin/mat.cgi
index 7b31e87..4275478 100755
--- a/cgi-bin/mat.cgi
+++ b/cgi-bin/mat.cgi
@@ -5,6 +5,7 @@ use warnings;
use Config::Simple;
use CGI::Simple;
+use CGI::Session;
use DBI;
tie my %Config, "Config::Simple", '/etc/mat.conf';
@@ -12,6 +13,9 @@ tie my %Config, "Config::Simple", '/etc/mat.conf';
my $q = new CGI::Simple;
my $id = $q->param('id');
my $action = $q->param('action');
+my $storage = $q->param('storage');
+my $session = CGI::Session->new(undef, undef, {Directory =>
+ $Config{'session_directory'}});
sub misconfigured
{
@@ -27,20 +31,67 @@ sub invalid_input()
exit 1;
}
+sub unauthorized()
+{
+ print "Content-Type: text/plain; charset=utf-8\n\r\n\r";
+ print "Not authorized!\n";
+ exit 1;
+}
+
+sub send_cookie()
+{
+ print $session->header(-type => 'text/plain', -charset => 'utf8');
+}
+
+sub cmd_view($)
+{
+ my ( $id ) = @_;
+
+ my $db = DBI->connect($Config{'database'}, "", "",
+ {HandleError => \&misconfigured, AutoCommit => 1});
+
+ my $recipe_row = $db->selectrow_arrayref("SELECT name, storage, uri FROM ".
+ "recipes AS r JOIN inventory AS i ON i.recipe_id=r.id WHERE i.id=".$id.
+ ";");
+
+ print $id, "\n", $$recipe_row[0], "\n", $$recipe_row[1], "\n",
+ $$recipe_row[2], "\n";
+}
+
+sub cmd_relocate($$)
+{
+ my ( $id, $storage ) = @_;
+
+ my $db = DBI->connect($Config{'database'}, "", "",
+ {HandleError => \&misconfigured, AutoCommit => 1});
+
+ $db->do('UPDATE inventory SET storage="'.$storage.'" WHERE id='.$id);
+
+ cmd_view($id);
+}
+
### MAIN PROGRAM ##############################################################
misconfigured unless ($Config{'database'});
+misconfigured unless $session;
invalid_input unless ($id and $action);
-invalid_input unless (($id =~ m/^[0-9]+$/) and ($action =~ m/^view$/));
-
-my $db = DBI->connect($Config{'database'}, "", "",
- {HandleError => \&misconfigured, AutoCommit => 1});
+invalid_input unless (($id =~ m/^[0-9]+$/) and ($action =~ m/^view|relocate$/) and
+ ($storage =~ /^[a-z0-9]*$/));
+send_cookie;
-my $recipe_row = $db->selectrow_arrayref("SELECT name, storage, uri FROM ".
- "recipes AS r JOIN inventory AS i ON i.recipe_id=r.id WHERE i.id=".$id.
- ";");
-
-print "Content-Type: text/plain; charset=utf-8\n\r\n\r";
-print $id, "\n", $$recipe_row[0], "\n", $$recipe_row[1], "\n",
- $$recipe_row[2], "\n";
+for ($action) {
+ if (/^view$/) {
+ cmd_view($id);
+ }
+ elsif (/^relocate$/) {
+ if ($session->param('authenticated') eq "yes") {
+ cmd_relocate($id, $storage);
+ } else {
+ unauthorized();
+ }
+ }
+ else {
+ invalid_input;
+ }
+}