#!/usr/bin/perl use CGI; use POSIX; use MIME::Entity; use MIME::QuotedPrint; use Net::SMTP; use Carp; use DBI; use MIME::Base64; $version = "1.1.24.903"; %template_preloaded = (); $template_preloaded{"list.html"} = q|<$message$><$pages$> <$list_content$>

<$bottom_message$>
<$pages$> |; $template_preloaded{"global.html"} = q| <$title$> - КИС ДИАЛ-Электролюкс<$meta$>

<$menu2$>

<$title$>

<$content$> |; $template_preloaded{"plain.html"} = q|<$title$> <$title$><$meta$> <$head$> <$content$> |; $template_preloaded{"form.html"} = q| |; $module_name = "index"; $server_name = $ENV{SERVER_NAME}; $raw_path_info = $ENV{REDIRECT_URL} || $ENV{PATH_INFO}; $path_info = $raw_path_info; $path_info =~ s/\/+/\//g; $path_info =~ s/^\/?(.*?)\/?$/$1/; $query_string = $ENV{QUERY_STRING}; $document_root = $ENV{DOCUMENT_ROOT}; $module_arg = $path_info; $module_arg =~ s/^$module_name\/?(.*)$/$1/; $in_die_handler = 0; $SIG{__DIE__} = \&die_handler; $co = new CGI; $mod_perl = $ENV{MOD_PERL} ? 1 : 0; @cookies = (); %VAR = (); %headers = (-nph=>$mod_perl, -charset=>'utf-8', -expires=>'now', -cookie=>\@cookies); $tpl_path = "$document_root/templates"; $tpl_num = 1; $params = $VAR{"params"} = $co->param("params"); $access_loaded = 0; $global_html = 'global.html'; $error_html = 'error.html'; $plain_html = 'plain.html'; $VAR{bgcolor} = '#303030'; %object_cache = (); $db = DBI->connect('DBI:mysql:database=dblan;host=backend.int.dialelectrolux.ru;port=3306', 'dblan_customers', 'alsifnoloiw', { PrintError=>0, RaiseError=>1, AutoCommit=>1, ShowErrorStatement=>1, HandleError=>\&database_error }) or &dberror_ex(DBI->errstr); $db->do('set names utf8'); $VAR{form_action} = ''; $VAR{ok_title} = 'Сохранить'; $ok = $co->param('ok'); %form_error = (); $form_cols = 100; $authorized = undef; $authorized_login = undef; $sid = $co->cookie('cust_sid'); $q = $db->prepare('select client from customer_sessions where sid=?'); $q->execute($sid) or &dberror; ($authorized) = $q->fetchrow_array; if ($q->rows) { if ($authorized) { $q = $db->prepare('select name from clients where id=?'); $q->execute($authorized) or &dberror; ($authorized_login) = $q->fetchrow_array; } $db->do('update customer_sessions set lastused=now() where sid=?', undef, $sid); } elsif ($sid !~ /^\d{40,48}$/) { $sid = ''; for ($i = 0; $i < 8; $i++) { $sid .= sprintf '%05d', int rand(1000000); } } $headers{-cookie} = $co->cookie(-name=>'cust_sid', -value=>$sid); &require_login; &create_menu; sub access_module { $VAR{title} = 'Главная'; &redirect('/tickets'); } $access_data = &access_module; die "Не пройден контроль доступа" if ($access_loaded && !$access_checked); &html($access_data); sub die_handler { $msg = shift; chomp $msg; print STDERR "$msg\n"; return if $in_die_handler; $in_die_handler = 1; eval { $db->do('unlock tables') if $db; }; &error('syntax', $msg, 'Сбой в програмном обеспечении сервера. Приносим извинения за неудобства. Администратор получил отчет об ошибке.'); } sub error { my $realm = shift; my $msg = shift; my $usermsg = shift; $top = MIME::Entity->build( Type=>'text/plain', From=>'"Error" ', To=>'admin@dialelectrolux.ru', Subject=>'Error trap', Charset=>'utf-8', Data=>"Категория: $realm\nОписание ошибки: $msg\nДля пользователя: $usermsg\nПользователь: $ENV{REMOTE_ADDR}"); $smtp = Net::SMTP->new('127.0.0.1'); if ($smtp) { $smtp->mail('admin@dialelectrolux.ru'); $smtp->to('admin@dialelectrolux.ru'); $smtp->data; $smtp->datasend($top->as_string); $smtp->dataend; $smtp->quit; } $global_html = 'global.html'; eval { $db->do('unlock tables') if $db; }; $VAR{error} = $usermsg; &html(&template($error_html)); } sub html { my $data = shift; $VAR{content} = $data; $VAR{title} ||= $path_info; &http_reply(&template($global_html)); } sub http_reply { my $data = shift; print $co->header(%headers) . $data; $db->do('unlock tables') if $db; exit; } sub template { my $filename = shift; return &template_line($template_preloaded{$filename}) if defined $template_preloaded{$filename}; my $output = ""; my $line; $tpl_num++; my $file = "TPL$tpl_num"; open $file, "$tpl_path/$filename" or return undef; while ($line = <$file>) { chomp $line; chomp $line; $line = &template_line($line); $output .= "$line\n"; } close $file; $tpl_num--; return $output; } sub template_line { my $line = shift; while ($line =~ /(.*)\<\$([\- a-zA-Z_0-9\<\>\/\=\"\.]+?)\$\>(.*)/s) { my $before = $1; my $after = $3; $line = $before . &template_tag($2) . $after; } return $line; } sub template_tag { my $tag = shift; if ($tag =~ /\.html$/) { return &template($tag); } elsif ($tag =~ /\.wml$/) { return &template($tag); } elsif ($tag =~ /\.xml$/) { return &template($tag); } elsif ($tag =~ /(.+?)=(.+)/) { $VAR{$1} = $2; return ''; } else { return $VAR{$tag}; } } sub database_error { confess(shift); } sub dberror_ex { my $msg = shift; &error('database', $msg, 'Ошибка базы данных'); } sub dberror { &dberror_ex($db->errstr); } sub require_login { if (!$authorized && $path_info ne 'auth/login') { &show_login('Данные для входа в интерфейс для клиентов Вы можете получить у обслуживащего Вас менеджера ДИАЛ-Электролюкс.'); } } sub show_login { $VAR{message} = '' . (shift) . ''; &save_params; $form_cols = 20; $VAR{form_action} = '/auth/login'; &form_hidden('params', $VAR{params}); &form_input('Имя регистрации', 'login', $co->param('login')); &form_password('Пароль', 'password', ''); $VAR{title} = 'Интерфейс для клиентов ДИАЛ-Электролюкс'; $VAR{ok_title} = 'Вход'; &html(&template('form.html')); } sub save_params { return if $path_info eq 'auth/login' || $path_info eq 'auth/logout'; my @pmt = (); for $p ($co->param) { push @pmt, ("$p=" . $co->param($p)); } $redirect_to = "/$path_info"; if ($#pmt >= 0) { $redirect_to .= join '&', @pmt; } $VAR{params} ||= &encode_base64_plus($redirect_to); } sub encode_base64_plus { my $data = shift; $data = encode_base64($data); $data =~ s/[\n\r]+/|/g; return $data; } sub form_hidden { my $name = shift; my $value = shift; $value = &escape_html($value); $VAR{form_content} .= qq||; } sub escape_html { my $value = shift; $value =~ s/&/&/g; $value =~ s//>/g; $value =~ s/"/"/g; return $value; } sub form_input { my $desc = shift; my $name = shift; my $value = shift; $value = &escape_html($value); $form_error{$name} = qq|
$form_error{$name}| if $form_error{$name}; &form_control($desc, qq| $form_error{$name}|); } sub form_control { my $desc = shift; my $control = shift; $VAR{form_content} .= qq|$desc$control|; } sub form_password { my $desc = shift; my $name = shift; my $value = shift; $value = &escape_html($value); $form_error{$name} = qq|
$form_error{$name}| if $form_error{$name}; &form_control($desc, qq| $form_error{$name}|); } sub create_menu { return unless $authorized; &menu_item('/auth/logout', 'Выход'); &menu_item('/tickets', 'Запросы в ДИАЛ-Электролюкс'); } sub menu_item { my ($href, $title) = @_; $VAR{menu2} .= qq|[$title]|; } sub redirect { print $co->redirect(-uri=>shift); exit; }