#!/usr/bin/perl -wT #---------------------------------------------------------------------- # heading : Collaboration # description : Web Shares # navigation : 3000 3600 # # copyright (C) 2005 Darrell May, DMC myEZserver.com # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #---------------------------------------------------------------------- package esmith; use strict; use CGI ':all'; use CGI::Carp qw(fatalsToBrowser); use esmith::cgi; use esmith::config; use esmith::util; use esmith::db; sub showInitial ($$); sub createproject ($); sub performCreateShare ($); sub deleteProject ($); sub performDeleteProject ($); sub createUser ($); sub performCreateUser ($); sub deleteUser ($); sub performDeleteUser ($); BEGIN { # Clear PATH and related environment variables so that calls to # external programs do not cause results to be tainted. See # "perlsec" manual page for details. $ENV {'PATH'} = ''; $ENV {'SHELL'} = '/bin/bash'; delete $ENV {'ENV'}; } esmith::util::setRealToEffective (); $CGI::POST_MAX=1024 * 100; # max 100K posts $CGI::DISABLE_UPLOADS = 1; # no uploads my %conf; tie %conf, 'esmith::config'; my %projects; tie %projects, 'esmith::config', '/home/e-smith/db/WebShare'; #------------------------------------------------------------ # examine state parameter and display the appropriate form #------------------------------------------------------------ my $q = new CGI; if (! grep (/^state$/, $q->param)) { showInitial ($q, ''); } elsif ($q->param ('state') eq "create") { createproject ($q); } elsif ($q->param ('state') eq "deleteProject") { deleteProject ($q); } elsif ($q->param ('state') eq "createShare") { performCreateShare ($q); } elsif ($q->param ('state') eq "addUser") { createUser ($q); } elsif ($q->param ('state') eq "createUser") { performCreateUser ($q); } elsif ($q->param ('state') eq "viewUser") { deleteUser ($q); } elsif ($q->param ('state') eq "delUser") { performDeleteUser ($q); } elsif ($q->param ('state') eq "performDelete") { performDeleteProject ($q); } else { esmith::cgi::genStateError ($q, \%conf); } exit (0); #------------------------------------------------------------ # subroutine to display initial form #------------------------------------------------------------ sub showInitial ($$) { my ($q, $msg) = @_; my @WebShareProjects = (); foreach (sort keys %projects) { push (@WebShareProjects, $_) if (db_get_type(\%projects, $_) eq "WebShare"); } #------------------------------------------------------------ # If there's a message, we just finished an operation so show the # status report. If no message, this is a new list of accounts. #------------------------------------------------------------ if ($msg eq '') { esmith::cgi::genHeaderNonCacheable ($q, \%conf, 'Create or modify web shares and users'); } else { esmith::cgi::genHeaderNonCacheable ($q, \%conf, 'Web share Operation status report'); print $q->div ({-class => "sme-error"}, $msg); print $q->hr; } print $q->startform (-method => 'POST', -action => $q->url (-absolute => 1)); print $q->p ($q->a ({href => $q->url (-absolute => 1) . "?state=create"}, 'Click here'), 'to create a new web share.'); print $q->p ('Web shares are Internet accessible', 'file storage areas for securely sharing', ' documents with external share members.'); if (@WebShareProjects == 0) { print $q->p ($q->b ('There are no web shares currently defined.')); } else { print $q->table ({border => 1, cellspacing => 1, cellpadding => 4}); print $q->Tr (esmith::cgi::genSmallCell ($q, $q->b ('Name')), esmith::cgi::genSmallCell ($q, $q->b ('Description')), esmith::cgi::genSmallCell ($q, $q->b ('URL = https://yourdomain.com')), $q->td (' '), $q->td (' '), $q->td (' ')); my $projectname; foreach $projectname (sort @WebShareProjects) { my $description = db_get_prop(\%projects, $projectname, 'Description'); my $url = "/webshare/" . $projectname; print $q->Tr (esmith::cgi::genSmallCell ($q, $projectname), esmith::cgi::genSmallCell ($q, $description), esmith::cgi::genSmallCell ($q, $url), esmith::cgi::genSmallCell ($q, $q->a ({href => $q->url (-absolute => 1) . "?state=addUser&project=" . $projectname}, 'Add User..')), esmith::cgi::genSmallCell ($q, $q->a ({href => $q->url (-absolute => 1) . "?state=viewUser&project=" . $projectname}, 'View/Delete Users..')), esmith::cgi::genSmallCell ($q, $q->a ({href => $q->url (-absolute => 1) . "?state=deleteProject&project=" . $projectname}, 'Remove..'))); } } print ''; esmith::cgi::genFooter ($q); } sub createproject ($) { my ($q) = @_; my $info =<startform (-method => 'POST', -action => $q->url (-absolute => 1)); print $q->p ($q->a ({href => $q->url (-absolute => 1)}, 'Click here'), 'to return.'); print $q->p ($info); print $q->table ({border => 0, cellspacing => 0, cellpadding => 4}, esmith::cgi::genNameValueRow ($q, "Web share name", "sharename", ""), esmith::cgi::genNameValueRow ($q, "Brief Description", "description", ""), esmith::cgi::genTextRow ($q, $q->p ('Select your Web share indexer below. Your choices are either the default', 'apache (ModIndex if installed) indexer or PHP FileManager. In addition', 'PHP FileManager may be tailored to meet your needs by choicing the appropriate', 'selection below:')), esmith::cgi::genTextRow ($q, $q->p ('Default = default apache (ModIndex) indexer.
', 'View = permitting view/download only.
', 'UpDown = permitting view/upload/download.
', 'NoDelete = permitting view/upload/download/create/rename/edit.
', 'Full = permitting view/upload/download/create/rename/delete/edit
')), esmith::cgi::genWidgetRow ($q, "Indexer", $q->popup_menu (-name => "indexer", -values => ['Default', 'View', 'UpDown', ,'NoDelete', 'Full'], -default => 'Full')), esmith::cgi::genButtonRow ($q, $q->submit (-name => 'action', -value => 'Create'))); print $q->hidden (-name => 'state', -override => 1, -default => 'createShare'); print $q->endform; esmith::cgi::genFooter ($q); } sub performCreateShare ($) { my ($q) = @_; my $share = (); my $description = (); my $indexer = (); $share = $q->param ('sharename'); if ($share =~ /^([a-zA-Z0-9][\-\_\.a-zA-Z0-9]*)$/) { $share = $1; } else { showInitial ($q, "Error: unexpected characters in web share name \'$share\'."); return; } $indexer = $q->param ('indexer'); if ($indexer =~ /^([a-zA-Z0-9][\-\_\.a-zA-Z0-9]*)$/) { $indexer = $1; } else { showInitial ($q, "Error: unexpected characters in indexer \'$indexer\'."); return; } $description = $q->param ('description'); db_set(\%projects, $share, 'WebShare'); db_set_prop(\%projects, "$share", "Description", "$description"); system("/etc/e-smith/events/actions/webshare-create", "$share", "$indexer") == "0" or die("Error occured during webshare-create event.\n"); showInitial ($q, "Web share $share with $indexer indexer created."); } sub createUser ($) { my ($q) = @_; my $project = $q->param ('project'); my $userinfo =<startform (-method => 'POST', -action => $q->url (-absolute => 1)); print $q->p ($q->a ({href => $q->url (-absolute => 1)}, 'Click here'), 'to return.'); print $q->p ($userinfo); print $q->table ({border => 0, cellspacing => 0, cellpadding => 4}, esmith::cgi::genNameValueRow ($q, "Webshare", "project", "$project"), esmith::cgi::genNameValueRow ($q, "Login", "user", ""), esmith::cgi::genNameValueRow ($q, "Password", "passwd", ""), esmith::cgi::genButtonRow ($q, $q->submit (-name => 'action', -value => 'Add user'))); print $q->hidden (-name => 'state', -override => 1, -default => 'createUser'); print $q->endform; esmith::cgi::genFooter ($q); return; } sub performCreateUser ($) { my ($q) = @_; my $user = $q->param ('user'); if ($user =~ /^([a-zA-Z0-9][\-\@\_\.a-zA-Z0-9]*)$/) { $user = $1; } else { showInitial ($q, "Error: unexpected characters in web share name \'$user\'."); return; } my $passwd = $q->param ('passwd'); if ($passwd =~ /^([a-zA-Z0-9]*)$/) { $passwd = $1; } else { showInitial ($q, "Error: unexpected characters in web share password \'$passwd\'."); return; } my $project = $q->param ('project'); if ($project =~ /^([a-zA-Z0-9][\-\_\.a-zA-Z0-9]*)$/) { $project = $1; } else { showInitial ($q, "Error: unexpected characters in web share name \'$project\'."); return; } my $ProjectUsers = db_get_prop(\%projects, "$project", "Users"); #------------------------------------------------------------ # Update project users #------------------------------------------------------------ if ("$ProjectUsers" ne "") { db_set_prop(\%projects, "$project", "Users", "$ProjectUsers,$user:$passwd") or warn("Could not add user to WebShare database\n"); } else { db_set_prop(\%projects, "$project", "Users", "$user:$passwd") or warn("Could not add user to WebShare database\n"); } system("/etc/e-smith/events/actions/webshare-adduser", "$project", "$user", "$passwd") == "0" or die("Error occured while adding user $user.\n"); showInitial ($q, "Web share user $user created."); } sub deleteUser ($) { my ($q) = @_; my $project = $q->param ('project'); esmith::cgi::genHeaderNonCacheable ($q, \%conf, "View/Delete Web share users: $project"); print $q->startform (-method => 'POST', -action => $q->url (-absolute => 1)); print $q->p ($q->a ({href => $q->url (-absolute => 1)}, 'Click here'), 'to return.'); print $q->p ($q->b ('Current List of Users.')); print $q->table ({border => 1, cellspacing => 1, cellpadding => 4}); print $q->Tr (esmith::cgi::genSmallCell ($q, $q->b ('User Name')), esmith::cgi::genSmallCell ($q, $q->b ('Password')), $q->td (' ')); my %webshareUsers = split(/,/, db_get_prop(\%projects, "$project", "Users") || ''); foreach my $users (sort %webshareUsers) { my $shareusers = (); my @shareusers = split(/:/, $users); if ("$users" ne ""){ print $q->Tr (esmith::cgi::genSmallCell ($q, "$shareusers[0]"), esmith::cgi::genSmallCell ($q, "$shareusers[1]"), esmith::cgi::genSmallCell ($q, $q->a ({href => $q->url (-absolute => 1). "?state=delUser&webShareUser=$users&shareUser=$shareusers[0]&webShareProject=$project"}, 'Delete..'))); } } print ''; esmith::cgi::genFooter ($q); return; } sub performDeleteUser ($) { my ($q) = @_; my $project = $q->param ('webShareProject'); if ($project =~ /^([a-zA-Z0-9][\-\_\.a-zA-Z0-9]*)$/) { $project = $1; } else { showInitial ($q, "Error: unexpected characters in web share name \'$project\'."); return; } my @Users = (); my @UsersOut = (); my @USERlist = (); my $webShareUser = $q->param ('webShareUser'); my $ShareUser = $q->param ('shareUser'); if ($ShareUser =~ /^([a-zA-Z0-9][\-\_\@\.a-zA-Z0-9]*)$/) { $ShareUser = $1; } else { showInitial ($q, "Error: unexpected characters in web share name \'$ShareUser\'."); return; } my %webshareUsers = split(/,/, db_get_prop(\%projects, "$project", "Users") || ''); if ($webShareUser) { foreach my $users (sort %webshareUsers) { unless ($users eq $webShareUser) { push(@UsersOut, "$users") } @USERlist = join(',', @UsersOut); } db_set_prop(\%projects, "$project", "Users", "@USERlist") or warn("Error occured updating WebShare db.\n"); system("/etc/e-smith/events/actions/webshare-deluser", "$project", "$ShareUser") == "0" or die("Error occured while deleting user $ShareUser.\n"); } showInitial ($q, "Successfully deleted Web share user $ShareUser from $project."); return; } sub deleteProject ($) { my ($q) = @_; esmith::cgi::genHeaderNonCacheable ($q, \%conf, 'Delete Web share project'); print $q->startform (-method => 'POST', -action => $q->url (-absolute => 1)); print $q->p ($q->a ({href => $q->url (-absolute => 1)}, 'Click here'), 'to return.'); my $project = $q->param ('project'); my $description = $q->param ('description'); { print $q->p ("Are you sure you wish to delete the Web share $project ?"); print $q->submit (-name => 'action', -value => 'Delete'); print $q->hidden (-name => 'project', -override => 1, -default => $project); print $q->hidden (-name => 'state', -override => 1, -default => 'performDelete'); } print $q->endform; esmith::cgi::genFooter ($q); return; } sub performDeleteProject ($) { my ($q) = @_; my $project = $q->param ('project'); if ($project =~ /^([a-zA-Z0-9][\-\_\.a-zA-Z0-9]*)$/) { $project = $1; } else { showInitial ($q, 'Error: internal failure while removing web share '); return; } db_delete(\%projects, "$project"); system ("/etc/e-smith/events/actions/webshare-delete $project") == "0" or die("Error occured while deleting Webshare $project.\n"); showInitial ($q, "Successfully deleted Web share $project."); return; }