From 3104f69bd48bd7241a5ae1077f9f8f8720572bb3 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 3 Dec 2018 14:58:25 +0100 Subject: [dozmod] Networkshares: New DB scheme, error checks --- .../dozmod/pages/networkshares.inc.php | 89 ++++++++++++++++------ 1 file changed, 67 insertions(+), 22 deletions(-) (limited to 'modules-available/dozmod/pages/networkshares.inc.php') diff --git a/modules-available/dozmod/pages/networkshares.inc.php b/modules-available/dozmod/pages/networkshares.inc.php index d0bbe03a..659321b4 100644 --- a/modules-available/dozmod/pages/networkshares.inc.php +++ b/modules-available/dozmod/pages/networkshares.inc.php @@ -10,32 +10,51 @@ class SubPage if ($action === 'delete') { User::assertPermission('networkshares.save'); $shareid = Request::post('shareid', false, 'int'); - if ($shareid) { + if ($shareid !== false) { $res = Database::exec('DELETE FROM sat.presetnetworkshare WHERE shareid = :shareid', ['shareid' => $shareid]); - if ($res) Message::addSuccess('networkshare-deleted'); + if ($res !== false) { + Message::addSuccess('networkshare-deleted'); + } } } else if ($action === 'save') { User::assertPermission('networkshares.save'); - $shareid = Request::post('shareid', false, 'int'); - $sharename = Request::post('sharename', false, 'string'); + $shareid = Request::post('shareid', 0, 'int'); + $sharename = Request::post('sharename', '', 'string'); $path = Request::post('path', false, 'string'); - $target = Request::post('target', null, 'string'); - $username = Request::post('username', null, 'string'); - $password = Request::post('password', null, 'string'); - if ($sharename && $path) { - if ($shareid) { - Database::exec('UPDATE sat.presetnetworkshare SET sharename = :sharename, path = :path, target = :target, username = :username, password = :password' - .' WHERE shareid = :shareid', compact('shareid', 'sharename', 'path', 'target', 'username', 'password')); + $target = Request::post('target', '', 'string'); + $authType = Request::post('auth', '', 'string'); + $username = Request::post('username', '', 'string'); + $password = Request::post('password', '', 'string'); + if (!in_array($authType, ['LOGIN_USER', 'OTHER_USER'], true)) { + Message::addError('networkshare-invalid-auth-type', $authType); + } elseif (empty($path)) { + Message::addError('networkshare-missing-path'); + } else { + $data = json_encode([ + 'auth' => $authType, + 'path' => $path, + 'displayname' => $sharename, + 'mountpoint' => $target, + 'username' => $username, + 'password' => $password, + ]); + if ($shareid !== 0) { + Database::exec('UPDATE sat.presetnetworkshare SET sharename = :sharename, sharedata = :data' + .' WHERE shareid = :shareid', compact('shareid', 'sharename', 'data')); } else { - Database::exec('INSERT INTO sat.presetnetworkshare (sharename, path, target, username, password, active)' - .' VALUES (:sharename, :path, :target, :username, :password, 0)', compact('sharename', 'path', 'target', 'username', 'password')); + Database::exec('INSERT INTO sat.presetnetworkshare (sharename, sharedata, active)' + .' VALUES (:sharename, :data, 1)', compact('sharename', 'data')); } Message::addSuccess('networkshare-saved'); } - } else if ($action === 'toggleActive') { + } else if ($action === 'activate' || $action === 'deactivate') { User::assertPermission('networkshares.save'); $shareid = Request::post('shareid', false, 'int'); - Database::exec('UPDATE sat.presetnetworkshare SET active = !active WHERE shareid = :shareid', compact('shareid')); + $active = ($action === 'activate' ? 1 : 0); + Database::exec('UPDATE sat.presetnetworkshare SET active = :active WHERE shareid = :shareid', compact('active', 'shareid')); + } + if (Request::isPost()) { + Util::redirect('?do=dozmod§ion=networkshares'); } User::assertPermission('networkshares.view'); } @@ -44,18 +63,44 @@ class SubPage { $show = Request::get('show', 'list', 'string'); if ($show === 'list') { - $res = Database::simpleQuery('SELECT * FROM sat.presetnetworkshare;'); + $res = Database::simpleQuery('SELECT shareid, sharename, sharedata, active + FROM sat.presetnetworkshare ORDER BY sharename ASC'); $rows = array(); while ($row = $res->fetch(PDO::FETCH_ASSOC)) { - $row['specificUser'] = $row['username'] && $row['password']; - $rows[] = $row; + $dec = json_decode($row['sharedata'], true); + if (!is_array($dec)) { + $dec = []; + } + if ($dec['auth'] === 'LOGIN_USER') { + $row['loginAsUser'] = true; + } + $rows[] = $row + $dec; } - Render::addTemplate('networkshares', ['networkshares' => $rows, 'hasEditPermissions' => User::hasPermission('networkshares.save')]); + Render::addTemplate('networkshares', [ + 'networkshares' => $rows, + 'hasEditPermissions' => User::hasPermission('networkshares.save') + ]); } else if ($show === 'edit') { $shareid = Request::get('shareid', 0, 'int'); - $data = Database::queryFirst('SELECT * FROM sat.presetnetworkshare WHERE shareid = :shareid', ['shareid' => $shareid]); - if ($data['username'] && $data['password']) $data['specificUser'] = 'selected'; - else $data['loggedInUser'] = 'selected'; + if ($shareid === 0) { + $data = []; + } else { + $data = Database::queryFirst('SELECT shareid, sharename, sharedata + FROM sat.presetnetworkshare WHERE shareid = :shareid', ['shareid' => $shareid]); + if ($data === false) { + Message::addError('networkshare-invalid-shareid', $shareid); + Util::redirect('?do=dozmod§ion=networkshares'); + } + $dec = json_decode($data['sharedata'], true); + if (is_array($dec)) { + $data += $dec; + } + if ($data['auth'] === 'LOGIN_USER') { + $data['loggedInUser_selected'] = 'selected'; + } else { + $data['specificUser_selected'] = 'selected'; + } + } Render::addTemplate('networkshares-edit', $data); } } -- cgit v1.2.3-55-g7522