00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022 #include "cgi.h"
00023
00024 void PrintAdminForm(STREAM htmlout,char * db, char* pwd);
00025
00026 int GenerateReport(STREAM htmlout,DATABASE*db,
00027 CGINameValue* data, char* dbname,
00028 char* querytext, char * password,
00029 unsigned long range_count, unsigned long range_start);
00030
00031 int GenerateForm( STREAM htmlout, CGINameValue* data,
00032 char* dbname, int record, char* password);
00033
00034 int FormatHTML(char* progname,char* file);
00035
00036 int PrintPassword(STREAM htmlout,CGINameValue* Params);
00037
00038 unsigned long CharToUL(char* str,unsigned long defalt);
00039
00040
00041 #ifdef VPWSCGI
00042 int CGImainLIST(char * progname,CGINameValue* Params,STREAM htmlout)
00043 #else
00044 int CGImain(char * progname,CGINameValue* Params,STREAM htmlout)
00045 #endif
00046 {
00047 char * dbname = GetFieldValue(Params,"DATABASE");
00048 char * password = GetFieldValue(Params,"_PASSWORD");
00049 char * action = GetFieldValue(Params,"_ACTION");
00050 char * query = GetFieldValue(Params,"_QUERY");
00051 unsigned long range_count = CharToUL(GetFieldValue(Params,"_COUNT"),50);
00052 unsigned long range_start = CharToUL(GetFieldValue(Params,"_START"),0);
00053 int record = atoi(GetFieldValue(Params,"_ROWID"));
00054 int ret=0;
00055 int iaction=0;
00056 char databasefile[MAXPATH];
00057 char fn[MAXPATH];
00058 CGINameValue* config=0;
00059 int Security=0;
00060 DATABASE* db=0;
00061 CGINameValue * data=0;
00062
00063 #ifdef CGI_ALLOW
00064 Security = GetSecurityFlags(progname,GetFieldValue(Params,"HOST"),dbname,password);
00065 #else
00066 Security = GetSecurityFlags(progname,0,dbname,password);
00067 #endif
00068
00069 SendCGIHeader(htmlout,NULL);
00070
00071 if (!*action || !*dbname || !(Security & CGI_ALLOW_READ))
00072 {
00073 PrintAdminForm(htmlout,dbname,password);
00074 return 0;
00075 }
00076
00077 RenameField(Params,"DATABASE",0);
00078
00079 {
00080 ExpandLocalPath(progname,fn,dbname,".ini");
00081 config = ReadINIFileSection(fn,"DATABASE",0);
00082 if (config == NULL)
00083 {
00084 HTMLWrite(htmlout,progname);
00085 HTMLWrite(htmlout,": A configuration file was not found. "
00086 "Please check your server setup and try again.<P>\n");
00087 PrintAdminForm(htmlout,dbname,password);
00088 LogError("\nCould not open config file");
00089 LogError(fn);
00090 return 21;
00091 }
00092 }
00093
00094 {
00095 char * c;
00096 memset(databasefile,0,MAXPATH);
00097
00098 c = GetSetting(config,"SAVEDATANAME",NULLSTR);
00099
00100 if (c[0] == 0)
00101 ExpandLocalPath(progname,databasefile,dbname,".asc");
00102 else
00103 ExpandLocalPath(progname,databasefile,c,NULLSTR);
00104 }
00105
00106 ret = 0;
00107 if (!strnicmp(action,"VIEW",4)) iaction=4;
00108 else if (!strnicmp(action,"LIST",4)) iaction=7;
00109 else
00110 {
00111 HTMLWrite(htmlout,"Invalid command: ");
00112 HTMLEscape(htmlout,action);
00113 return 30;
00114 }
00115
00116 if (!DatabaseOpen(databasefile,&db,&data,0,0))
00117 {
00118 HTMLWrite(htmlout,"Unable to open the data file: ");
00119 HTMLEscape(htmlout,dbname);
00120 LogError("\nCould not open the data file in LIST ");
00121 LogError(databasefile);
00122 return 3;
00123 }
00124
00125 if (iaction == 7)
00126 {
00127 ret = GenerateReport(htmlout,db, data, dbname, query, password, range_count, range_start);
00128 }
00129 else if (iaction == 4 && record > 0)
00130 {
00131 DatabaseFFD(db,record-1);
00132
00133 if (DatabaseReadRecord(db,data,0))
00134 {
00135 ret = GenerateForm(htmlout, data, dbname, record, password);
00136 }
00137 else
00138 {
00139 HTMLPrintf(htmlout,"Row (%d) does not exist in the database.",record);
00140 ret = 8;
00141 }
00142 }
00143
00144 DatabaseClose(db,data);
00145 DeleteNVP(config);
00146 return ret;
00147 }
00148
00149
00150
00151
00152
00153
00154
00155
00156
00157
00158
00159
00160 int PrintPassword(STREAM htmlout,CGINameValue* Params)
00161 {
00162 int i;
00163 HTMLWrite(htmlout,"<FORM METHOD=POST ACCEPT-CHARSET=\"UTF-8\">\n");
00164 for (i=0; Params[i].name; i++)
00165 {
00166 if (!stricmp(Params[i].name,"_PASSWORD")) continue;
00167
00168 HTMLWrite(htmlout,"<INPUT TYPE=HIDDEN VALUE=\"");
00169 HTMLWrite(htmlout,Params[i].value);
00170 HTMLWrite(htmlout,"\">\n");
00171 }
00172
00173 HTMLWrite(htmlout,"Password: <INPUT NAME=_PASSWORD TYPE=PASSWORD>\n");
00174 HTMLWrite(htmlout,"<INPUT TYPE=SUBMIT>\n");
00175 HTMLWrite(htmlout,"</FORM>\n");
00176 return 0;
00177 }
00178
00179
00180
00181
00182
00183
00184 int PrintCSS(STREAM htmlout)
00185 {
00186
00187
00188 HTMLWrite(htmlout,"<style type=\"text/css\">\n");
00189
00190 HTMLWrite(htmlout,"BODY\n{\n");
00191 HTMLWrite(htmlout,"background-color: white;\n");
00192 HTMLWrite(htmlout,"font-family: courier;\n");
00193 HTMLWrite(htmlout,"font-size: 100%;\n");
00194 HTMLWrite(htmlout,"color: #000000;\n");
00195 HTMLWrite(htmlout,"}\n\n");
00196
00197 HTMLWrite(htmlout,"TABLE\n{\n");
00198 HTMLWrite(htmlout,"border-collapse: collapse;\n");
00199 HTMLWrite(htmlout,"}\n\n");
00200
00201 HTMLWrite(htmlout,"TR\n{\n");
00202 HTMLWrite(htmlout,"font-size: 100%;\n");
00203 HTMLWrite(htmlout,"border: thin solid #000000;\n");
00204 HTMLWrite(htmlout,"}\n\n");
00205
00206 HTMLWrite(htmlout,"TR.DARK\n{\n");
00207 HTMLWrite(htmlout,"background-color: lightcyan;\n");
00208 HTMLWrite(htmlout,"}\n\n");
00209
00210 HTMLWrite(htmlout,"TR.LIGHT\n{\n");
00211 HTMLWrite(htmlout,"background-color: lightyellow;\n");
00212 HTMLWrite(htmlout,"}\n\n");
00213
00214 HTMLWrite(htmlout,"TH\n{\n");
00215 HTMLWrite(htmlout,"font-size: 50%;\n");
00216 HTMLWrite(htmlout,"border-width: thin;\n");
00217 HTMLWrite(htmlout,"border-style: solid;\n");
00218 HTMLWrite(htmlout,"border-color: #000000;\n");
00219 HTMLWrite(htmlout,"padding: 3px;\n");
00220 HTMLWrite(htmlout,"}\n\n");
00221
00222 HTMLWrite(htmlout,"TD\n{\n");
00223 HTMLWrite(htmlout,"font-size: 50%;\n");
00224 HTMLWrite(htmlout,"border-width: thin;\n");
00225 HTMLWrite(htmlout,"border-style: solid;\n");
00226 HTMLWrite(htmlout,"border-color: slategray;\n");
00227 HTMLWrite(htmlout,"text-align: center;\n");
00228 HTMLWrite(htmlout,"}\n\n");
00229
00230 HTMLWrite(htmlout,"TD.INDEX\n{\n");
00231 HTMLWrite(htmlout,"color: #FF0000;\n");
00232 HTMLWrite(htmlout,"font-size: 30%;\n");
00233 HTMLWrite(htmlout,"font-weight: bold;\n");
00234 HTMLWrite(htmlout,"}\n\n");
00235
00236 HTMLWrite(htmlout,"TD.QUERY\n{\n");
00237 HTMLWrite(htmlout,"color: #000000;\n");
00238 HTMLWrite(htmlout,"border-color: #FFFFFF;\n");
00239 HTMLWrite(htmlout,"}\n\n");
00240
00241 HTMLWrite(htmlout,"TD.OPTION\n{\n");
00242 HTMLWrite(htmlout,"color: #000000;\n");
00243 HTMLWrite(htmlout,"border-color: #FFFFFF;\n");
00244 HTMLWrite(htmlout,"text-align: left;\n");
00245 HTMLWrite(htmlout,"}\n\n");
00246
00247 HTMLWrite(htmlout,"TABLE.LIST\n{\n");
00248 HTMLWrite(htmlout,"border-width: thin;\n");
00249 HTMLWrite(htmlout,"border-style: solid;\n");
00250 HTMLWrite(htmlout,"border-color: #000000;\n");
00251 HTMLWrite(htmlout,"}\n\n");
00252
00253 HTMLWrite(htmlout,"</style>\n");
00254
00255 return 0;
00256 }
00257
00258
00259
00260
00261
00262
00263 int PrintQueryForm(STREAM htmlout,char* dbname,char * password)
00264 {
00265
00266
00267
00268 HTMLWrite(htmlout, "<TABLE><TR><TD CLASS=\"QUERY\">");
00269
00270 HTMLPrintf(htmlout,"<FORM ACCEPT-CHARSET=\"UTF-8\"><INPUT TYPE=HIDDEN NAME=DATABASE VALUE=\"%s\">\n",dbname);
00271 HTMLPrintf(htmlout,"<INPUT TYPE=HIDDEN NAME=_PASSWORD VALUE=\"%s\">\n",password);
00272 HTMLWrite(htmlout, " Query: <INPUT NAME=_QUERY>");
00273 HTMLWrite(htmlout, "<INPUT TYPE=SUBMIT NAME=_ACTION VALUE=\"List records\">\n");
00274 HTMLWrite(htmlout, "</FORM>\n\n");
00275
00276 HTMLWrite(htmlout, "</TD><TD CLASS=\"QUERY\">");
00277
00278
00279 HTMLWrite(htmlout, "<FORM ACCEPT-CHARSET=\"UTF-8\">\n<INPUT TYPE=SUBMIT NAME=_ACTION VALUE=\"Start over\"></FORM>\n");
00280
00281
00282 HTMLWrite(htmlout, "</TD></TABLE>");
00283
00284 HTMLWrite(htmlout, "(<b>field</b>=<i>value</i>&<b>field</b>=<i>value</i>) wildcards are _ and %\n");
00285
00286
00287 return 0;
00288 }
00289
00290
00291
00292
00293
00294 int PrintRangeLinks(STREAM htmlout, char* dbname,char* password,
00295 unsigned long range_count, unsigned long range_start)
00296 {
00297
00298
00299 HTMLPrintf(htmlout,"<a href=\"?DATABASE=%s&_PASSWORD=%s&_ACTION=LIST&_COUNT=%i&_START=%i\">Back</a>",dbname,password,range_count,range_start-range_count);
00300 HTMLWrite(htmlout, " | ");
00301 HTMLPrintf(htmlout,"<a href=\"?DATABASE=%s&_PASSWORD=%s&_ACTION=LIST&_COUNT=%i&_START=%i\">Next</a>",dbname,password,range_count,range_start+range_count);
00302
00303 return 0;
00304 }
00305
00306
00307
00308
00309
00310
00311 unsigned long CharToUL(char* str,unsigned long defalt)
00312 {
00313
00314 long rslt = 0;
00315
00316 if(!str)
00317 return defalt;
00318
00319 if(*str)
00320 rslt = atol(str);
00321
00322 if(rslt <= 0)
00323 return defalt;
00324 else
00325 return (unsigned long)rslt;
00326 }
00327
00328
00329
00330
00331
00332 int PrintRecords(STREAM htmlout,DATABASE*db,
00333 CGINameValue* data, char* dbname,
00334 char* query, char* password,
00335 unsigned long range_count, unsigned long range_start,
00336 char* Comparison, char* lastfieldname, int flags)
00337 {
00338
00339 unsigned long record = 0;
00340 unsigned long row = 0;
00341 unsigned long i=0;
00342 unsigned long j=0;
00343 unsigned long range_max = range_start + range_count;
00344
00345
00346
00347
00348
00349
00350
00351
00352 char* format = "<a href=\"?_PASSWORD=%s&DATABASE=%s&_ROWID=%d&_ACTION=View\">View</a>";
00353
00354
00355 if(!data) return -1;
00356 if(!dbname) return -1;
00357
00358
00359 for(j=0; j<range_max; j++)
00360 {
00361 DatabaseReadRecord(db,data,&flags);
00362
00363
00364 record ++;
00365 if(j<range_start) continue;
00366 if (flags) continue;
00367
00368 strcpy(Comparison,query);
00369 if (!EvaluateLogic(Comparison,data,0)) continue;
00370
00371
00372
00373
00374
00375 if (++row%2)
00376 HTMLWrite(htmlout,"\n<TR CLASS=\"LIGHT\">\n");
00377 else
00378 HTMLWrite(htmlout,"\n<TR CLASS=\"DARK\">\n");
00379
00380
00381 HTMLWrite(htmlout,"<TD>");
00382 HTMLPrintf(htmlout,format,password,dbname,record);
00383 HTMLPrintf(htmlout,"</TD>\n",record);
00384
00385 HTMLPrintf(htmlout,"<TD CLASS=\"INDEX\">");
00386 HTMLPrintf(htmlout,"%d",record);
00387 HTMLPrintf(htmlout,"</TD>\n",record);
00388
00389
00390 for (i = 0 ; data[i].name; i++)
00391 {
00392 if (data[i].name[0] == 0) continue;
00393
00394
00395
00396 if(stricmp(lastfieldname,data[i].name))
00397 HTMLWrite(htmlout,"<TD>");
00398 else
00399 HTMLWrite(htmlout,",");
00400
00401
00402 if(data[i].value)
00403
00404 HTMLEscape(htmlout,data[i].value);
00405 else
00406 HTMLWrite(htmlout," ");
00407
00408
00409
00410
00411
00412
00413 lastfieldname = data[i].name;
00414 }
00415
00416 HTMLWrite(htmlout,"</TR>\n\n");
00417
00418 }
00419
00420 return 0;
00421 }
00422
00423
00424
00425
00426
00427
00428 int GenerateTableHeader(STREAM htmlout, CGINameValue* data, char* lastfieldname)
00429 {
00430 unsigned long i=0;
00431
00432 HTMLWrite(htmlout,"<TR><TH COLSPAN=2>Row Actions");
00433
00434 for (i=0; data[i].name; i++)
00435 {
00436 char * c;
00437 c=strchr(data[i].name,'_');
00438 if (c) *c = 0;
00439 if (data[i].name[0] == 0) continue;
00440
00441 if (stricmp(lastfieldname,data[i].name))
00442 {
00443 HTMLWrite(htmlout,"<TH>");
00444 HTMLWrite(htmlout,data[i].name);
00445 HTMLWrite(htmlout,"</TH>");
00446 }
00447
00448 lastfieldname = data[i].name;
00449
00450 }
00451 HTMLWrite(htmlout,"</TR>");
00452
00453
00454 return 0;
00455 }
00456
00457
00458
00459
00460
00461
00462 int GenerateReport(STREAM htmlout,DATABASE*db,
00463 CGINameValue* data, char* dbname,
00464 char* query, char * password,
00465 unsigned long range_count, unsigned long range_start)
00466 {
00467
00468
00469 char * lastfieldname = NULLSTR;
00470 int flags = 0;
00471
00472 char * Comparison = strdup(query);
00473
00474
00475 if(!data) return -1;
00476
00477
00478
00479
00480 HTMLWrite(htmlout,"<HTML>\n");
00481 HTMLWrite(htmlout,"<HEAD>\n");
00482
00483
00484 PrintCSS(htmlout);
00485
00486 HTMLWrite(htmlout,"</HEAD>\n\n");
00487
00488
00489 HTMLWrite(htmlout,"<BODY>\n");
00490
00491 HTMLWrite(htmlout,"<h3>EZSurvey Database List</h3>\n");
00492
00493
00494 PrintQueryForm(htmlout,dbname,password);
00495
00496 HTMLWrite(htmlout,"<HR>\n");
00497
00498
00499 PrintRangeLinks(htmlout, dbname, password, range_count, range_start);
00500
00501
00502 HTMLWrite(htmlout,"<TABLE CLASS=\"LIST\">\n");
00503 GenerateTableHeader(htmlout,data,lastfieldname);
00504
00505
00506 PrintRecords(htmlout,db,data,dbname,query,password,range_count,range_start,Comparison,lastfieldname,flags);
00507
00508 HTMLWrite(htmlout,"\n</TABLE>\n\n\n");
00509
00510
00511 PrintRangeLinks(htmlout, dbname, password, range_count, range_start);
00512
00513
00514
00515
00516
00517 HTMLWrite(htmlout,"</BODY>\n</HTML>\n\n");
00518
00519 CGIFREE(Comparison);
00520
00521 return 0;
00522 }
00523
00524
00525
00526
00527
00528
00529
00530 int GenerateForm(STREAM htmlout,CGINameValue* data, char* dbname,
00531 int record, char* password)
00532
00533 {
00534 unsigned long x = 0;
00535
00536
00537
00538 HTMLWrite(htmlout,"<HTML>\n");
00539 HTMLWrite(htmlout,"<HEAD>\n");
00540
00541
00542 PrintCSS(htmlout);
00543
00544 HTMLWrite(htmlout,"</HEAD>\n\n");
00545
00546
00547 HTMLWrite(htmlout,"<BODY>\n");
00548
00549 HTMLPrintf(htmlout,"<H2>Viewing record %d</H2>", record);
00550
00551
00552 PrintQueryForm(htmlout,dbname,password);
00553
00554
00555 HTMLWrite(htmlout,"<HR>\n");
00556
00557
00558 HTMLWrite(htmlout,"<TABLE>\n");
00559
00560 for(x=0; data[x].name; x++)
00561 {
00562 if (x%2)
00563 HTMLWrite(htmlout,"<TR CLASS=\"LIGHT\">\n");
00564 else
00565 HTMLWrite(htmlout,"<TR CLASS=\"DARK\">\n");
00566
00567
00568 HTMLWrite(htmlout,"<TD>");
00569 HTMLWrite(htmlout,data[x].name);
00570 HTMLWrite(htmlout,"</TD>\n");
00571
00572
00573 HTMLWrite(htmlout,"<TD>");
00574 if (data[x].value)
00575 HTMLEscape(htmlout,data[x].value);
00576 else
00577 HTMLWrite(htmlout," ");
00578 HTMLWrite(htmlout,"</TD>\n");
00579 }
00580
00581 HTMLWrite(htmlout,"</TABLE>\n\n");
00582
00583
00584
00585
00586
00587
00588
00589
00590
00591
00592
00593
00594
00595
00596
00597
00598
00599
00600
00601 HTMLWrite(htmlout,"</BODY>\n</HTML>\n\n");
00602
00603 return 0;
00604 }
00605
00606
00607
00608
00609
00610
00611 void PrintAdminForm(STREAM htmlout,char * db, char* pwd)
00612 {
00613 char* warning_color = "#FF0000";
00614
00615
00616
00617 HTMLWrite(htmlout,"<HTML>\n");
00618 HTMLWrite(htmlout,"<HEAD>\n");
00619
00620
00621
00622
00623 PrintCSS(htmlout);
00624
00625 HTMLWrite(htmlout,"</HEAD>\n\n");
00626
00627
00628 HTMLWrite(htmlout,"<BODY>\n");
00629
00630
00631 HTMLWrite(htmlout, "<FORM method=\"post\" ACCEPT-CHARSET=\"UTF-8\"><h4>To view a database or report, please choose an option:</h4>\n");
00632
00633 HTMLWrite(htmlout, "<TABLE>\n");
00634
00635 HTMLWrite(htmlout, "<TR><TD CLASS=\"OPTION\">");
00636 HTMLPrintf(htmlout, "Database:<font color=\"%s\">*</font>",warning_color);
00637 HTMLWrite(htmlout, "</TD><TD CLASS=\"OPTION\">");
00638 HTMLPrintf(htmlout,"<input name=\"DATABASE\" VALUE=\"%s\">\n",db);
00639 HTMLWrite(htmlout, "</TD></TR>\n");
00640
00641
00642 HTMLWrite(htmlout, "<TR><TD CLASS=\"OPTION\">");
00643 HTMLPrintf(htmlout,"Query:");
00644 HTMLWrite(htmlout, "</TD><TD CLASS=\"OPTION\">");
00645 HTMLWrite(htmlout, "<INPUT NAME=\"_QUERY\">");
00646 HTMLWrite(htmlout, " (<b>field</b>=<i>value</i>&<b>field</b>=<i>value</i>)");
00647 HTMLWrite(htmlout, "</TD></TR>\n");
00648
00649 HTMLWrite(htmlout, "<TR><TD CLASS=\"OPTION\">");
00650 HTMLPrintf(htmlout, "Password:<font color=\"%s\">*</font>",warning_color);
00651 HTMLWrite(htmlout, "</TD><TD CLASS=\"OPTION\">");
00652 HTMLPrintf(htmlout,"<INPUT TYPE=\"PASSWORD\" NAME=\"_PASSWORD\" VALUE=\"%s\">",pwd);
00653 HTMLWrite(htmlout, " (to use multiple passwords, separate them with commas)");
00654 HTMLWrite(htmlout, "</TD></TR>\n");
00655
00656 HTMLWrite(htmlout, "<TR><TD CLASS=\"OPTION\">");
00657 HTMLWrite(htmlout, "<INPUT TYPE=\"HIDDEN\" NAME=\"_ACTION\" VALUE=\"LIST\">");
00658 HTMLWrite(htmlout, "<INPUT TYPE=\"SUBMIT\" VALUE=\"List records\">");
00659 HTMLWrite(htmlout, "</TD></TR>\n");
00660
00661
00662 HTMLWrite(htmlout, "</TABLE>\n\n");
00663
00664
00665 HTMLWrite(htmlout, "</FORM>\n");
00666 HTMLWrite(htmlout, "<HR>© 2002 by Raosoft, Inc. All Rights Reserved.");
00667
00668
00669 HTMLWrite(htmlout,"</BODY>\n</HTML>\n\n");
00670 }