00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014 #include "cgi.h"
00015
00016 int CGImain(char * progname,CGINameValue* Params,STREAM htmlout)
00017 {
00018 char * date=GetFieldValue(Params,"DATE");
00019 char * time=GetFieldValue(Params,"TIME");
00020 char * trxid=GetFieldValue(Params,"TRXID");
00021 char * password = GetFieldValue(Params,"PASSWORD");
00022 char * file = GetFieldValue(Params,"FILE");
00023
00024
00025 CGINameValue* config;
00026
00027 LogMessage(",SCRIPT=DBADMIN");
00028
00029
00030 if (!*password || !*file)
00031 {
00032 SendCGIHeader(htmlout,"Content-type: text/html\n\n");
00033 HTMLWrite(htmlout,
00034 "<HTML>\n"
00035 "<BODY BGCOLOR=WHITE>\n"
00036 "<H3>EZSurvey Data File Download</H3>\n"
00037 "<PRE><FORM METHOD=\"GET\" ACCEPT-CHARSET=\"UTF-8\">\n"
00038 "Database <INPUT NAME=\"FILE\">\n"
00039 "Password <INPUT NAME=\"PASSWORD\" TYPE=\"PASSWORD\">\n"
00040 "<INPUT TYPE=\"SUBMIT\" VALUE=\"Download\">\n"
00041 "</PRE></FORM>\n"
00042 "</BODY>\n"
00043 "</HTML>\n");
00044
00045
00046
00047
00048
00049
00050
00051
00052
00053
00054
00055 return 0;
00056 }
00057 else
00058 {
00059 char fn[MAXPATH];
00060 ExpandLocalPath(progname,fn,"cgi",".ini");
00061 config = ReadINIFileSection(fn,"admin",0);
00062 }
00063
00064 if (config == 0)
00065 {
00066 SendCGIHeader(htmlout,"Content-type: text/html\n\n");
00067 HTMLWrite(htmlout,"This web site is not available");
00068 LogError("\nCould not open cgi.ini in DBADMIN");
00069 return 28;
00070 }
00071
00072 if (!*password)
00073 {
00074 DeleteNVP(config);
00075 SendCGIHeader(htmlout,"Content-type: text/html\n\n");
00076 HTMLWrite(htmlout,"This web site is not configured for remote administration. ");
00077 LogError("\nNo password in cgi.ini in DBADMIN");
00078 return 25;
00079 }
00080
00081 if (strcmp(GetFieldValue(config,"PASSWORD"),password))
00082 {
00083 SendCGIHeader(htmlout,"Content-type: text/html\n\n");
00084 DeleteNVP(config);
00085 return 101;
00086 }
00087
00088 DeleteNVP(config);
00089 config = NULL;
00090
00091 if (*file)
00092 if (strstr(file,"..")!=NULL || file[1] ==':' || file[0]=='/' || file[0] == '\\')
00093 return 101;
00094
00095 #ifdef XP_WIN
00096 swapchars(file,'/','\\');
00097 while (file[0] == '\\') file ++;
00098 #else
00099 swapchars(file,'\\','/');
00100 while (file[0] == '/') file ++;
00101 #endif
00102
00103 if (*file)
00104 {
00105 char fn[MAXPATH];
00106 ExpandLocalPath(progname,fn,file,".ini");
00107 config = ReadINIFileSection(fn,"DATABASE",0);
00108
00109
00110
00111 if (config == NULL)
00112 config = ReadINIFileSection(fn,"IFM",0);
00113
00114
00115 }
00116
00117 if (config != NULL)
00118 {
00119 char fname[MAXPATH];
00120 char* c;
00121
00122 SendCGIHeader(htmlout,"Content-type: application/ezs-dwnld\n"
00123 "Content-Disposition: filename=download.asc\n"
00124 "\n");
00125
00126 HTMLPrintf(htmlout,"Content-type: application/ezs-dwnld\n");
00127 HTMLPrintf(htmlout,"TRXID: %s\n",trxid);
00128 HTMLPrintf(htmlout,"Date: %s\n",date);
00129 HTMLPrintf(htmlout,"Time: %s\n",time);
00130
00131 c = GetSetting(config,"SAVEDATANAME",NULLSTR);
00132
00133 if (c[0] == 0)
00134 ExpandLocalPath(progname,fname,file,".asc");
00135 else
00136 ExpandLocalPath(progname,fname,c,NULLSTR);
00137
00138 LogMessage("\nDBADMIN: Downloading database ");
00139 LogMessage(file); LogMessage(" from "); LogMessage(fname);
00140
00141 HTMLWrite(htmlout,"Database: "); HTMLWrite(htmlout,file);
00142 HTMLWrite(htmlout,"\n\n");
00143 HTMLWriteFile(htmlout,fname);
00144
00145 DeleteNVP(config);
00146 return 0;
00147 }
00148 else
00149 {
00150 SendCGIHeader(htmlout,"Content-type: text/html\n\n");
00151 HTMLWrite(htmlout,"Unable to open the config file ");
00152 HTMLEscape(htmlout,file);
00153 HTMLWrite(htmlout,".ini");
00154 LogError("\nCould not open the config file in DBADMIN ");
00155 LogError(file);
00156 return 21;
00157 }
00158 }
00159
Raosoft EZReport, EZSurvey, InterForm, RapidReport, Raosoft, and SurveyWin
are registered trademarks of Raosoft, Inc.
Page contents © 1996-2007 by Raosoft, Inc.
You may use and modify this file for your own use, but may not distribute
it or derivative works without the prior written consent of Raosoft, Inc.
This software is provided "as is," and Raosoft makes no warranty, express
or implied, of fitness for a particular application. Every measure has been
taken to anticipate risks inherent to computer networks, but we cannot
guarantee safety or reliability of this program in every situation.
Tel: 206-525-4025 (US) Email: raosoft@raosoft.com
http://www.raosoft.com/