#!/usr/bin/perl # MimerDesk # Web based groupware and eLearning environment # www.mimerdesk.org # # Copyright (C) 2001 Ionstream Ltd. # www.ionstream.fi # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the Free # Software Foundation; either version 2 of the License, or (at your option) # any later version. # # This program is distributed with a hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # # You should have received a copy of the GNU General Public License along # with this program; if not, write to the Free Software Foundation, Inc., # 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # $Id: addressbook_add.html ########################################### # # # MimerDesk: Addressbook editor # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # (c) Ionstream OY 1999 - 2001 # # # # Programmed by: Teemu Vainio # # # ########################################### use strict; use vars qw ($APPLICATION $ACTIVEGRP $ARTICLE $MONTH $USER $IP $LAST_ACT $FORWARDED $TIME_USED $IDLE $form $ref $sth $action $trans $submit_buttons $name $firstname $middlename $lastname $title $status $company $address $postal $city $phone $homephone $mobile $fax $email $webpage $category $description $categorybutton $ADDRESSBOOKUSER $ADDRESSBOOK $GROUPACTIVOR $admin_status $grouptoolize $buttons); use lib::MimerDesk; use CGI::Carp "fatalsToBrowser"; $APPLICATION = 'Personal - Contacts'; sub add_person; sub print_template; sub check_action; sub modify_person; sub remove_person; sub mega_html_escape; ################ # Main Program # ################ # # 1. Usual stuff # 2. Adds, modifies or removes person if form is filled # 3. Prepares template # 4. Prints template read_config('../config/mimerdesk.cfg'); initialize(); $form = decode_multipart(); $form->{'ID'} =~ tr/0-9//cd; $form->{'auth'} =~ tr/0-9a-z//cd; ($USER, $IP, $LAST_ACT, $FORWARDED, $TIME_USED, $IDLE, $ACTIVEGRP) = authenticate($form->{'ID'}, $form->{'auth'}, $form->{'changeGroup'}); $trans = lib::MimerDesk->new_gettext(program => 'contacts_add',language => $config{'language'}); $ADDRESSBOOK = 'addressbook'; $ADDRESSBOOKUSER = "USER = '$USER'"; $grouptoolize = undef; $buttons = 'Personal'; ### groups if ($form->{'grouptool'} =~ /^\d+$/) { $APPLICATION =~ s/Personal/Group/; $buttons = 'Group'; $grouptoolize = "&grouptool=$form->{'grouptool'}"; lock_tables('READ', 'groupusers'); db_list("SELECT RIGHTS,USER FROM groupusers where USER = '$USER' and GID = '$form->{'grouptool'}'"); while (my $ref = $sth->fetchrow_hashref()) { $admin_status = $ref->{'RIGHTS'}; $GROUPACTIVOR = $ref->{'USER'}; } db_end(); unlock_tables(); if (!$GROUPACTIVOR) { $admin_status = 'A0'; } else { $ADDRESSBOOK = "$form->{'grouptool'}_$ADDRESSBOOK"; $ADDRESSBOOKUSER = "GID = $form->{'grouptool'}"; } } else {$admin_status = 'A0';} $APPLICATION = $trans->gettext($APPLICATION); if ($form->{'number'} && !$GROUPACTIVOR) { lock_tables('READ', 'addressbook'); db_list("SELECT USER FROM addressbook WHERE ID = '".prepare_fordb($form->{'number'})."'"); my $ref = $sth->fetchrow_hashref(); db_end(); unlock_tables(); if ($ref->{'USER'} ne $USER) { write_log("$USER tried to access someone elses addressbook entry!",'warning'); redirect("addressbook.html?ID=$form->{'ID'}&auth=$form->{'auth'}"); exit; } } add_person() if ($form->{'ADD'} eq 'Add' && $admin_status =~ /A0/); remove_person() if ($form->{'DELETE'} eq 'Remove' && $admin_status =~ /A0/); modify_person() if ($form->{'UPDATE'} eq 'Modify' && $admin_status =~ /A0/); check_action(); print_template("$config{'theme'}_addressbook_view") unless $admin_status =~ /A0/; print_template("$config{'theme'}_addressbook_add"); ########################## # ___ # # ___ | | | \ ___ # # / \ | | | / / \ # # \___ | | |--< \___ # # \ | | | \ \ # # \___/ \__/ |___/ \___/ # # # ########################## ################ # check_action # ################ # # Modifies templatevalues # # 1. Checks if user is going to add or edit # 2. Changes $submit_buttons and $action # 3. If action isn't add or edit redirects to addressbook.html sub check_action { if ($form->{'action'} eq 'add' && $admin_status =~ /A0/) { $submit_buttons = hiddenfield('ADD',''). hiddenfield('SAVEADD',''). hiddenfield('action','add'). tagged('a',{href => 'javascript:ADD()', onMouseOver => 'doClock(); return true', content => image(src => "$config{'loc_pictures'}/add.gif", alt => 'Add')}). '  '. tagged('a',{href => 'javascript:ADDANOTHER()', onMouseOver => 'doClock(); return true', content => image(src => "$config{'loc_pictures'}/saveaddnew.gif", alt => 'Save changes & add new')}). '  '. tagged('a',{href => 'javascript:if(confirm(\''. html_escape($trans->gettext('Are you sure you want to reset?')). '\'))document.new_person.reset(); void(0);', onMouseOver => 'doClock(); return true', content => image(src => "$config{'loc_pictures'}/reset.gif")}). '  '. tagged('a',{href =>"addressbook.html?ID=$form->{'ID'}$grouptoolize&auth=$form->{'auth'}&order=".encodeurl($form->{'order'})."&viewcategory=".encodeurl($form->{'viewcategory'}), onMouseOver => 'doClock(); return true', content => image(src => "$config{'loc_pictures'}/back2.gif", alt => 'Back')}); $action = $trans->gettext('Add contact'); $firstname = $form->{'firstname'}; $middlename = $form->{'middlename'}; $lastname = $form->{'lastname'}; $title = $form->{'title'}; $status = $form->{'status'}; $company = $form->{'company'}; $address = $form->{'address'}; $postal = $form->{'postal'}; $city = $form->{'city'}; $phone = $form->{'phone'}; $homephone = $form->{'homephone'}; $mobile = $form->{'mobile'}; $fax = $form->{'fax'}; $email = $form->{'email'}; $webpage = $form->{'webpage'}; $description = $form->{'description'}; $category = $form->{'category'}; $categorybutton = tag('select',{name => 'categories'}). tagged('option',{value => '',content => $trans->gettext('Select category')}); lock_tables('READ', $ADDRESSBOOK); db_list("SELECT DISTINCT category FROM $ADDRESSBOOK WHERE USER = '$USER' order by category"); while (my $ref = $sth->fetchrow_hashref()) { next if ($ref->{'category'} eq ''); $categorybutton .= tagged('option',{value => html_escape($ref->{'category'}), content => html_escape($ref->{'category'})}); } $categorybutton .= endtag('select'); db_end(); unlock_tables(); } elsif ($form->{'action'} eq 'edit' && $admin_status =~ /A0/) { $submit_buttons = hiddenfield('UPDATE','Modify'). hiddenfield('DELETE','PERKELE'). hiddenfield('action','edit'). tagged('a',{href => 'javascript:MODIFY()', onMouseOver => 'doClock(); return true', content => image(src => "$config{'loc_pictures'}/savechanges.gif", alt => 'Save changes')}). '  '. tagged('a',{href => 'javascript:REMOVE()', onMouseOver => 'doClock(); return true', content => image(src => "$config{'loc_pictures'}/remove.gif")}). '  '. tagged('a',{href => 'javascript:if(confirm(\''. html_escape($trans->gettext('Are you sure you want to reset?')). '\'))document.new_person.reset(); void(0);', onMouseOver => 'doClock(); return true', content => image(src => "$config{'loc_pictures'}/reset.gif")}). '  '. tagged('a',{href =>"addressbook.html?ID=$form->{'ID'}$grouptoolize&auth=$form->{'auth'}&order=".encodeurl($form->{'order'})."&viewcategory=".encodeurl($form->{'viewcategory'}), onMouseOver => 'doClock(); return true', content => image(src => "$config{'loc_pictures'}/back2.gif", alt => 'Back')}); $action = $trans->gettext('Edit contact'); my (@row); lock_tables('READ',$ADDRESSBOOK); db_list("SELECT * FROM $ADDRESSBOOK WHERE ID = '".prepare_fordb($form->{'number'})."'"); while (my $ref = $sth->fetchrow_hashref()) { $name = $ref->{'NAME'}; $firstname = $ref->{'FIRSTNAME'}; $middlename = $ref->{'MIDDLENAME'}; $lastname = $ref->{'LASTNAME'}; $title = $ref->{'TITLE'}; $status = $ref->{'STATUS'}; $company = $ref->{'COMPANY'}; $address = $ref->{'ADDRESS'}; $postal = $ref->{'POSTAL'}; $city = $ref->{'CITY'}; $phone = $ref->{'PHONE'}; $homephone = $ref->{'HOMEPHONE'}; $mobile = $ref->{'MOBILE'}; $fax = $ref->{'FAX'}; $email = $ref->{'EMAIL'}; $webpage = $ref->{'WEBPAGE'}; $description = $ref->{'INFO'}; $category = $ref->{'CATEGORY'}; } db_end(); unlock_tables(); $categorybutton = tag('select',{name => 'categories'}). tagged('option',{value => '',content => $trans->gettext('Select category')}); lock_tables('READ', $ADDRESSBOOK); db_list("SELECT DISTINCT category FROM $ADDRESSBOOK WHERE USER = '$USER' order by category"); while (my $ref = $sth->fetchrow_hashref()) { if ($ref->{'category'} eq $category) { $categorybutton .= tagged('option',{value => html_escape($ref->{'category'}), content => html_escape($ref->{'category'})},'selected'); $category=''; } else { next if ($ref->{'category'} eq ''); $categorybutton .= tagged('option',{value => html_escape($ref->{'category'}), content => html_escape($ref->{'category'})}); } } $categorybutton .= tag('/select'); db_end(); unlock_tables(); } else { $submit_buttons = tagged('a',{href =>"addressbook.html?ID=$form->{'ID'}$grouptoolize&auth=$form->{'auth'}&order=".encodeurl($form->{'order'})."&viewcategory=".encodeurl($form->{'viewcategory'}), onMouseOver => 'doClock(); return true', content => image(src => "$config{'loc_pictures'}/back2.gif", alt => 'Back')}); $action = $trans->gettext('View contact'); my (@row); lock_tables('READ',$ADDRESSBOOK); db_list("SELECT * FROM $ADDRESSBOOK WHERE ID = '".prepare_fordb($form->{'number'})."'"); while (my $ref = $sth->fetchrow_hashref()) { $name = $ref->{'NAME'}; $firstname = $ref->{'FIRSTNAME'}; $middlename = $ref->{'MIDDLENAME'}; $lastname = $ref->{'LASTNAME'}; $title = $ref->{'TITLE'}; $status = $ref->{'STATUS'}; $company = $ref->{'COMPANY'}; $address = $ref->{'ADDRESS'}; $postal = $ref->{'POSTAL'}; $city = $ref->{'CITY'}; $phone = $ref->{'PHONE'}; $homephone = $ref->{'HOMEPHONE'}; $mobile = $ref->{'MOBILE'}; $fax = $ref->{'FAX'}; $email = $ref->{'EMAIL'}; $webpage = $ref->{'WEBPAGE'}; $description = $ref->{'INFO'}; $category = $ref->{'CATEGORY'}; } db_end(); unlock_tables(); lock_tables('READ', $ADDRESSBOOK); db_list("SELECT DISTINCT category FROM $ADDRESSBOOK WHERE USER = '$USER' order by category"); while (my $ref = $sth->fetchrow_hashref()) { if ($ref->{'category'} eq $category) { $categorybutton = html_escape($ref->{'category'}); $category=''; last; } } db_end(); unlock_tables(); } } ############## # add_person # ############## # # Adds new person into database # # 1. removes dangerous stuff from $form values # 2. inserts values into database # 3. redirects user to addressbook sub add_person { my $category_to_add; lock_tables('WRITE', $ADDRESSBOOK); if(!$form->{'firstname'} and !$form->{'lastname'}) { check_action(); print_template("$config{'theme'}_addressbook_add",$trans->gettext('You must write at least either first name or last name!'),'error'); } if ($form->{'category'}) { $category_to_add = $form->{'category'}; } else { $category_to_add = $form->{'categories'}; } db_insert($ADDRESSBOOK,{ USER => $USER, GID => $form->{'grouptool'}, NAME => prepare_fordb("$form->{'lastname'} $form->{'firstname'}"), FIRSTNAME => prepare_fordb($form->{'firstname'}), MIDDLENAME => prepare_fordb($form->{'middlename'}), LASTNAME => prepare_fordb($form->{'lastname'}), TITLE => prepare_fordb($form->{'title'}), STATUS => prepare_fordb($form->{'status'}), COMPANY => prepare_fordb($form->{'company'}), ADDRESS => prepare_fordb($form->{'address'}), POSTAL => prepare_fordb($form->{'postal'}), CITY => prepare_fordb($form->{'city'}), PHONE => prepare_fordb($form->{'phone'}), HOMEPHONE => prepare_fordb($form->{'homephone'}), MOBILE => prepare_fordb($form->{'mobile'}), FAX => prepare_fordb($form->{'fax'}), EMAIL => prepare_fordb($form->{'email'}), WEBPAGE => prepare_fordb($form->{'webpage'}), INFO => prepare_fordb($form->{'description'}), CATEGORY => prepare_fordb($category_to_add) }); db_end(); unlock_tables(); if ($form->{'ADD'} eq 'Addanother') { my $name = "$form->{'firstname'} $form->{'lastname'}"; $form->{'firstname'} = ''; $form->{'middlename'} = ''; $form->{'lastname'} = ''; $form->{'title'} = ''; $form->{'status'} = ''; $form->{'company'} = ''; $form->{'address'} = ''; $form->{'postal'} = ''; $form->{'city'} = ''; $form->{'phone'} = ''; $form->{'homephone'} = ''; $form->{'mobile'} = ''; $form->{'fax'} = ''; $form->{'email'} = ''; $form->{'webpage'} = ''; $form->{'description'} = ''; $form->{'category'} = ''; check_action(); print_template("$config{'theme'}_addressbook_add",sprintf($trans->gettext('%s added to your address book'),$name),'success'); # redirect("addressbook_add.html?ID=$form->{'ID'}$grouptoolize&auth=$form->{'auth'}&order=$form->{'order'}&viewcategory=$form->{'viewcategory'}&action=add"); } else { redirect("addressbook.html?ID=$form->{'ID'}$grouptoolize&auth=$form->{'auth'}&order=".encodeurl($form->{'order'})."&viewcategory=".encodeurl($form->{'viewcategory'})); } exit; } ################# # modify_person # ################# # # Modifies person # # 1. removes dangerous stuff from $form values # 2. updates values in database # 3. redirects user to addressbook sub modify_person { my(%db, $category_to_add); if(!$form->{'firstname'} and !$form->{'lastname'}) { check_action(); print_template("$config{'theme'}_addressbook_add",$trans->gettext('You must write at least either first name or last name!'),'error'); } if ($form->{'category'}) { $category_to_add = $form->{'category'}; } else { $category_to_add = $form->{'categories'}; } %db = ( 'NAME' => prepare_fordb("$form->{'lastname'} $form->{'firstname'}"), 'FIRSTNAME' => prepare_fordb($form->{'firstname'}), 'MIDDLENAME' => prepare_fordb($form->{'middlename'}), 'LASTNAME' => prepare_fordb($form->{'lastname'}), 'TITLE' => prepare_fordb($form->{'title'}), 'STATUS' => prepare_fordb($form->{'status'}), 'COMPANY' => prepare_fordb($form->{'company'}), 'ADDRESS' => prepare_fordb($form->{'address'}), 'POSTAL' => prepare_fordb($form->{'postal'}), 'CITY' => prepare_fordb($form->{'city'}), 'PHONE' => prepare_fordb($form->{'phone'}), 'HOMEPHONE' => prepare_fordb($form->{'homephone'}), 'MOBILE' => prepare_fordb($form->{'mobile'}), 'FAX' => prepare_fordb($form->{'fax'}), 'EMAIL' => prepare_fordb($form->{'email'}), 'WEBPAGE' => prepare_fordb($form->{'webpage'}), 'INFO' => prepare_fordb($form->{'description'}), 'CATEGORY' => prepare_fordb($category_to_add), ); lock_tables('WRITE',$ADDRESSBOOK); db_update($ADDRESSBOOK,\%db,"ID = '".prepare_fordb($form->{'number'})."'"); db_end(); unlock_tables(); redirect("addressbook.html?ID=$form->{'ID'}$grouptoolize&auth=$form->{'auth'}&order=".encodeurl($form->{'order'})."&viewcategory=".encodeurl($form->{'viewcategory'})); exit; } ################# # remove_person # ################# # # Removes person from database # sub remove_person { lock_tables('WRITE',$ADDRESSBOOK); db_delete($ADDRESSBOOK,"ID = '$form->{'number'}'"); db_end(); unlock_tables(); redirect("addressbook.html?ID=$form->{'ID'}$grouptoolize&auth=$form->{'auth'}&order=".encodeurl($form->{'order'})."&viewcategory=".encodeurl($form->{'viewcategory'})); exit; } #################### # mega_html_escape # #################### # # html_escapes all values # sub mega_html_escape { ( $name, $firstname, $middlename, $lastname, $title, $status, $company, $address, $postal, $city, $phone, $homephone, $mobile, $fax, $email, $webpage, $description, $category, ) = html_escape ( ( $name, $firstname, $middlename, $lastname, $title, $status, $company, $address, $postal, $city, $phone, $homephone, $mobile, $fax, $email, $webpage, $description, $category, )); } ################## # print_template # ################## # # Prints template # sub print_template { mega_html_escape(); my ($template, $ref, $fulltemplate); my ($template,$messagetext,$msgclass) = @_; print_header('pragma'); $ref = get_template('maintemplate',$template); $ref->{'maintemplate'} =~ s/<>/$ref->{$template}/m; $fulltemplate = $ref->{'maintemplate'}; $fulltemplate = create_buttons($fulltemplate, $buttons, 'Contacts', $form); $fulltemplate =~ s/<>/minea/gm; $ref = get_template('js_doClock', 'js_help', 'js_gotosite'); my $stuff = $ref->{'js_doClock'}.$ref->{'js_help'}.$ref->{'js_gotosite'}; $fulltemplate =~ s/<>/$stuff/ms; $fulltemplate =~ s/<>/MimerDesk\: $APPLICATION/ms; $fulltemplate =~ s/<>/$action/gm; $fulltemplate =~ s/<>/$submit_buttons/ms; $fulltemplate =~ s/<>/html_escape($form->{'number'})/mse; $fulltemplate =~ s/<>/$firstname/ms; $fulltemplate =~ s/<>/$middlename/ms; $fulltemplate =~ s/<>/$lastname/ms; $fulltemplate =~ s/<>/$title/ms; $fulltemplate =~ s/<<status>>/$status/ms; $fulltemplate =~ s/<<company>>/$company/ms; $fulltemplate =~ s/<<address>>/$address/ms; $fulltemplate =~ s/<<postal>>/$postal/ms; $fulltemplate =~ s/<<city>>/$city/ms; $fulltemplate =~ s/<<phone>>/$phone/ms; $fulltemplate =~ s/<<homephone>>/$homephone/ms; $fulltemplate =~ s/<<mobile>>/$mobile/ms; $fulltemplate =~ s/<<fax>>/$fax/ms; $fulltemplate =~ s/<<email>>/$email/ms; $fulltemplate =~ s/<<webpage>>/$webpage/ms; $fulltemplate =~ s/<<description>>/$description/ms; $fulltemplate =~ s/<<category>>/$category/ms; $fulltemplate =~ s/<<categories>>/$categorybutton/ms; $fulltemplate =~ s/<<order>>/html_escape($form->{'order'})/gme; $fulltemplate =~ s/<<viewcategory>>/html_escape($form->{'viewcategory'})/gme; my $the_message = tagged('div', {class => $msgclass, content => $messagetext}); $fulltemplate =~ s/<<generate_message>>/$the_message/gm; $fulltemplate =~ s/<<grouptool>>/$grouptoolize/gme; $fulltemplate =~ s/<<group>>/$form->{'grouptool'}/gme; $fulltemplate = replace_tags($fulltemplate, $USER, $form->{'auth'}, $form->{'ID'}, $TIME_USED); $fulltemplate = add_popups($fulltemplate, $USER, $form->{'auth'}, $form->{'ID'}); print $fulltemplate; db_end('disconnect'); exit; }