#===================================================================== # SQL-Ledger ERP # Copyright (c) 2006 # # Author: DWS Systems Inc. # Web: http://www.sql-ledger.com # #====================================================================== # # setup module # add/edit/delete users # #====================================================================== use SL::Form; use SL::User; $form = new Form; $locale = new Locale $language, "admin"; $form->{charset} = $locale->{charset}; eval { require DBI; }; $form->error($locale->text('DBI not installed!')) if ($@); $form->{stylesheet} = "sql-ledger.css"; $form->{favicon} = "favicon.ico"; $form->{timeout} = 86400; $form->{"root login"} = 1; require "$form->{path}/pw.pl"; # customization if (-f "$form->{path}/custom_$form->{script}") { eval { require "$form->{path}/custom_$form->{script}"; }; $form->error($@) if ($@); } if ($form->{action}) { &check_password unless $form->{action} eq $locale->text('logout'); &{ $locale->findsub($form->{action}) }; } else { # if there are no drivers bail out $form->error($locale->text('Database Driver missing!')) unless (User->dbdrivers); # create memberfile if (! -f $memberfile) { &change_password; exit; } &adminlogin; } 1; # end sub adminlogin { $form->{title} = qq|SQL-Ledger |.$locale->text('Version').qq| $form->{version} |.$locale->text('Administration'); $form->header; print qq|

|.$locale->text('Version').qq| $form->{version}

|.$locale->text('Administration').qq|

{path}>
|.$locale->text('Password').qq|

Normal login

SQL-Ledger |.$locale->text('website').qq|
|; } sub create_config { $form->{sessionkey} = ""; $form->{sessioncookie} = ""; if ($form->{password}) { my $t = time + $form->{timeout}; srand( time() ^ ($$ + ($$ << 15)) ); $key = "root login$form->{password}$t"; my $i = 0; my $l = length $key; my $j = $l; my %ndx = (); my $pos; while ($j > 0) { $pos = int rand($l); next if $ndx{$pos}; $ndx{$pos} = 1; $form->{sessioncookie} .= substr($key, $pos, 1); $form->{sessionkey} .= substr("0$pos", -2); $j--; } } open(CONF, ">$userspath/root login.conf") or $form->error("root login.conf : $!"); print CONF qq|# configuration file for root login \%rootconfig = ( sessionkey => '$form->{sessionkey}' );\n\n|; close CONF; } sub login { &create_config; &list_datasets; } sub logout { $form->{callback} = "$form->{script}?path=$form->{path}"; $form->redirect($locale->text('You are logged out')); } sub edit { $form->{title} = "SQL-Ledger ".$locale->text('Administration'); if (-f "$userspath/$form->{dbname}.LCK") { open(FH, "$userspath/$form->{dbname}.LCK") or $form->error("$userspath/$form->{dbname}.LCK : $!"); $form->{lock} = ; close(FH); } &form_header; &form_footer; } sub form_footer { $nologin = qq| |; if (-f "$userspath/$form->{dbname}.LCK") { $nologin = qq| |; } $delete = qq||; $form->{callback} = "$form->{script}?action=list_datasets&path=$form->{path}"; $form->hide_form(qw(company dbname path callback)); print qq| $nologin $delete |; } sub list_datasets { # type=submit $locale->text('Pg') # type=submit $locale->text('PgPP') # type=submit $locale->text('Oracle') # type=submit $locale->text('Sybase') open(FH, "$memberfile") or $form->error("$memberfile : $!"); my @member = ; close(FH); $nologin = qq| |; if (-f "$userspath/nologin.LCK") { $nologin = qq| |; } $login = ""; while (@member) { $_ = shift @member; if (/^\[.*\]/) { %temp = (); do { if (/^(company|dbname|dbdriver|dbhost|dbuser)=/) { chop ($var = $&); ($null, $temp{$var}) = split /=/, $_, 2; } $_ = shift @member; } until /^\s+$/; chop $temp{dbname}; for (keys %temp) { $member{$temp{dbname}}{$_} = $temp{$_} } $member{$temp{dbname}}{locked} = "x" if -f "$userspath/$member{$temp{dbname}}{dbname}.LCK"; } } delete $member{""}; $column_data{company} = qq||.$locale->text('Company').qq||; $column_data{dbdriver} = qq||.$locale->text('Driver').qq||; $column_data{dbhost} = qq||.$locale->text('Host').qq||; $column_data{dbuser} = qq||.$locale->text('User').qq||; $column_data{dbname} = qq||.$locale->text('Dataset').qq||; $column_data{locked} = qq||.$locale->text('Locked').qq||; @column_index = qw(dbname company locked dbdriver dbuser dbhost); $dbdriver ||= "Pg"; $dbdriver{$dbdriver} = "checked"; for (User->dbdrivers) { $dbdrivers .= qq| |.$locale->text($_).qq| |; } $form->{title} = "SQL-Ledger ".$locale->text('Administration'); $form->header; print qq|
{script}>
$form->{title}
|; for (@column_index) { print "$column_data{$_}\n" } print qq| |; foreach $key (sort keys %member) { chomp $member{$key}{company}; $href = "$script?action=edit&dbname=$key&path=$form->{path}&company=$member{$key}{company}&locked=$member{$key}{locked}"; $href =~ s/ /%20/g; $member{$key}{dbname} = $member{$key}{dbuser} if ($member{$key}{dbdriver} eq 'Oracle'); $column_data{company} = qq||; $column_data{dbdriver} = qq||; $column_data{dbhost} = qq||; $column_data{dbuser} = qq||; $column_data{dbname} = qq||; $column_data{locked} = qq||; $i++; $i %= 2; print qq| |; for (@column_index) { print "$column_data{$_}\n" } print qq| |; } print qq|
$member{$key}{company}$member{$key}{dbdriver}$member{$key}{dbhost}$member{$key}{dbuser}$member{$key}{dbname}$member{$key}{locked}
{path}> $dbdrivers

$nologin

|; } sub add_dataset { &{ "$form->{dbdriver}" } } sub form_header { $form->header; if ($form->{locked}) { $locked = qq| $form->{lock}|; } else { $locked = qq| |; } print qq|
{script}>
$form->{title}
$locked
|.$locale->text('Company').qq| $form->{company}
|.$locale->text('Dataset').qq| $form->{dbname}
|.$locale->text('Lock Message').qq|
|; } sub delete { $form->{title} = $locale->text('Confirm!'); $form->header; print qq| {script}> |; $form->{nextsub} = "do_delete"; $form->{action} = "do_delete"; delete $form->{script}; $form->hide_form; print qq|

$form->{title}

|.$locale->text('Are you sure you want to delete dataset').qq| $form->{dbname}

|; } sub do_delete { $form->{db} = $form->{dbname}; $form->error("$memberfile : ".$locale->text('locked!')) if (-f ${memberfile}.LCK); open(FH, ">${memberfile}.LCK") or $form->error("${memberfile}.LCK : $!"); close(FH); if (! open(FH, "+<$memberfile")) { unlink "${memberfile}.LCK"; $form->error("$memberfile : $!"); } @db = ; for (@db) { last if /^\[/; push @member, $_; } # get variables for dbname while (@db) { $_ = shift @db; if (/^\[(.*)\]/) { $user = $+; %temp = (); do { chop; ($var, $value) = split /=/, $_, 2; if ($value) { $temp{$var} = $value; } $_ = shift @db; } until /^\s/; for (keys %temp) { $db{$temp{dbname}}{$_} = $temp{$_}; $member{$temp{dbname}}{$user}{$_} = $temp{$_}; } } } $form->{dbdriver} = $db{$form->{dbname}}{dbdriver}; &dbdriver_defaults; for (qw(dbconnect dbuser dbhost dbport)) { $form->{$_} = $db{$form->{dbname}}{$_} } $form->{dbpasswd} = unpack 'u', $db{$form->{dbname}}{dbpasswd}; # delete dataset User->dbdelete(\%$form); # delete conf for users for (keys %{ $member{$form->{dbname}} }) { unlink "$userspath/${_}.conf"; } delete $member{$form->{dbname}}; seek(FH, 0, 0); truncate(FH, 0); for (@member) { print FH $_; } for $db (sort keys %member) { for $user (sort keys %{ $member{$db} }) { print FH "\[$user\]\n"; for $var (sort keys %{ $member{$db}{$user} }) { print FH "${var}=$member{$db}{$user}{$var}\n"; } print FH "\n"; } } close(FH); unlink "${memberfile}.LCK"; unlink "$userspath/$form->{dbname}.LCK"; # delete spool and template directory for $dir ("$templates/$form->{dbname}", "$spool/$form->{dbname}") { if (-d "$dir") { opendir DIR, $dir; @all = grep !/^\./, readdir DIR; closedir DIR; for $subdir (@all) { if (-d "$dir/$subdir") { unlink <$dir/$subdir/*>; rmdir "$dir/$subdir"; } } unlink <$dir/*>; rmdir "$dir"; } } $form->redirect($locale->text('Dataset deleted!')); } sub change_password { $form->{title} = $locale->text('Change Password'); $form->header; print qq|
{script}>
$form->{title}
|.$locale->text('Password').qq|
|.$locale->text('Confirm').qq|
|; $form->{nextsub} = "do_change_password"; $form->hide_form(qw(path nextsub)); print qq|
|; } sub do_change_password { $form->error($locale->text('Passwords do not match!')) if $form->{new_password} ne $form->{confirm_password}; $root->{password} = $form->{new_password}; if (! -f $memberfile) { open(FH, ">$memberfile") or $form->error("$memberfile : $!"); print FH qq|# SQL-Ledger members [root login] |; close FH; } $root->{'root login'} = 1; $root->{login} = "root login"; $root->save_member($memberfile); $form->{password} = $form->{new_password}; &create_config; $form->{callback} = "$form->{script}?action=list_datasets&path=$form->{path}&password=$form->{password}"; $form->redirect($locale->text('Password changed!')); } sub check_password { $root = new User "$memberfile", "root login"; $rootname = "root login"; eval { require "$userspath/${rootname}.conf"; }; if ($root->{password}) { if ($form->{password}) { $form->{callback} .= "&password=$form->{password}" if $form->{callback}; if ($root->{password} ne crypt $form->{password}, 'ro') { &getpassword; exit; } # create config &create_config; } else { if ($ENV{HTTP_USER_AGENT}) { $ENV{HTTP_COOKIE} =~ s/;\s*/;/g; @cookies = split /;/, $ENV{HTTP_COOKIE}; %cookie = (); foreach (@cookies) { ($name,$value) = split /=/, $_, 2; $cookie{$name} = $value; } $cookie = ($form->{path} eq 'bin/lynx') ? $cookie{login} : $cookie{"SL-root login"}; if ($cookie) { $form->{sessioncookie} = $cookie; $s = ""; %ndx = (); $l = length $form->{sessioncookie}; for $i (0 .. $l - 1) { $j = substr($rootconfig{sessionkey}, $i * 2, 2); $ndx{$j} = substr($cookie, $i, 1); } for (sort keys %ndx) { $s .= $ndx{$_}; } $l = length 'root login'; $login = substr($s, 0, $l); $time = substr($s, -10); $password = substr($s, $l, (length $s) - ($l + 10)); if ((time > $time) || ($login ne 'root login') || ($root->{password} ne crypt $password, 'ro')) { &getpassword; exit; } } else { &getpassword; exit; } } else { &getpassword; exit; } } } } sub Pg { &dbselect_source } sub PgPP { &dbselect_source } sub Oracle { &dbselect_source } sub Sybase { &dbselect_source } sub dbdriver_defaults { # load some defaults for the selected driver %driverdefaults = ( 'Pg' => { dbport => '', dbuser => 'sql-ledger', dbdefault => 'template1', dbhost => '', connectstring => $locale->text('Connect to') }, 'Oracle' => { dbport => '1521', dbuser => 'oralin', dbdefault => $sid, dbhost => `hostname`, connectstring => 'SID' }, 'Sybase' => { dbport => '', dbuser => 'sql-ledger', dbdefault => '', dbhost => '', connectstring => $locale->text('Connect to') } ); $driverdefaults{PgPP} = $driverdefaults{Pg}; for (keys %{ $driverdefaults{Pg} }) { $form->{$_} = $driverdefaults{$form->{dbdriver}}{$_} } } sub dbselect_source { &dbdriver_defaults; $form->{title} = "SQL-Ledger / ".$locale->text('Add Dataset'); $form->{callback} = "$form->{script}?action=list_datasets&path=$form->{path}"; $form->header; print qq|
{script}>
$form->{title}
|.$locale->text('Host').qq| {dbhost}> |.$locale->text('Port').qq| {dbport}>
|.$locale->text('User').qq| {dbuser}> |.$locale->text('Password').qq| {dbpasswd}>
$form->{connectstring} {dbdefault}>

|; $form->{nextsub} = "create_dataset"; $form->hide_form(qw(dbdriver path nextsub callback)); print qq|
|; } sub continue { &{ $form->{nextsub} } } sub yes { &{ $form->{nextsub} } } sub create_dataset { @dbsources = sort User->dbsources(\%$form); opendir SQLDIR, "sql/." or $form->error($!); foreach $item (sort grep /-chart\.sql/, readdir SQLDIR) { next if ($item eq 'Default-chart.sql'); $item =~ s/-chart\.sql//; push @charts, qq|$item|; } closedir SQLDIR; # is there a template basedir if (! -d "$templates") { $form->error($locale->text('Directory').": $templates ".$locale->text('does not exist')); } opendir TEMPLATEDIR, "$templates/." or $form->error("$templates : $!"); @all = grep !/^\.\.?$/, readdir TEMPLATEDIR; closedir TEMPLATEDIR; @allhtml = sort grep /\.html/, @all; @allhtml = reverse grep !/Default/, @allhtml; push @allhtml, 'Default'; @allhtml = reverse @allhtml; for (sort @alldir) { $selectusetemplates .= qq|$_\n| } $lastitem = $allhtml[0]; $lastitem =~ s/-.*//g; $selectmastertemplates = qq|$lastitem\n|; for (@allhtml) { $_ =~ s/-.*//g; if ($_ ne $lastitem) { $selectmastertemplates .= qq|$_\n|; $lastitem = $_; } } # add Default at beginning unshift @charts, qq|Default|; $selectencoding{Pg} = qq|