Odyssey
remote_monitor_save.prg
1 <?php
2  /*
3  *** NOTE:
4  Possibly in the future add information to make sure the next sequence id is also updated.
5  Currently after running on the remote servers the sequence will be out of sync. But based
6  assumptions, the remote servers will not be executing the individual information...Keeping the
7  id's in sync
8  */
9  /* **** REMOTE SAVE ---- for MONITOR
10  ** This will be a remote script on each of the servers
11  ** As a code is saved through monitor it may call this script on the remote servers
12 
13 
14  *** SETUP -- the information will be listed in the posted content ($_POST)
15 
16  *** VALIDATION -- There is not much validation that can be done
17  -- BUT FOR INTERNAL PURPOSES ONLY SO VERIFY THE REMOTE IP IS INTERNAL
18  ** URL VALUES
19  sc - This will be the script information to modify
20  ac - Action to be taken (U)pdate / (D)elete
21  tbl - This is the table name -- It must be one of the predefined allowed tables
22  FIELD INFORMATION -- This will be in the form of an array
23  col[] -- This is an array that contains the information about the column
24  * information array
25  ** name - Name of the field in the table
26  ** value - Value to be saved to the database
27  ** dt - Datatype - (N)umeric, (C)haracter
28  ** len - Maximum length of the to be saved
29  ** key - Is this value part of the table key
30 
31 
32  ** Possible Return Values
33  ** NON-ERRORS
34  800 - No Action Taken -- No Action occurred with this query
35  801 - SUCCESS -- The action was successful
36 
37  ** ERRORS
38  900 - HomeCU Remote IP Error -- the computer that called this script was not an internal machine causing an error with the script
39  901 - HomeCU Database Connection Failed -- The database failed to open
40  902 - Field Values Not Set -- The col value on the url does not appear to be correct
41  903 - Key Not Set -- The key was NOT setup correctly -- it must be set to continue
42  904 - Table Update Not Allowed -- The table specified is not allowed update through this script
43  905 - FAILED -- Action Failed
44  */
45 
46  // ** VALIDATE REFERER IP
47  if (strpos($_SERVER['REMOTE_ADDR'], "192.168.168") === false && strpos($_SERVER['REMOTE_ADDR'], "192.168.169") === false && strpos($_SERVER['REMOTE_ADDR'], "199.184.207.194") === false && strpos($_SERVER['REMOTE_ADDR'], "199.184.207.3") === false && strpos($_SERVER['REMOTE_ADDR'], "199.184.207.5") === false && strpos($_SERVER['REMOTE_ADDR'], "199.184.207.66") === false && strpos($_SERVER['REMOTE_ADDR'], "184.73.202.7") === false && strpos($_SERVER['REMOTE_ADDR'], "107.20.248.233") === false) {
48  print "RU: 900 - HomeCU Remote IP Error";
49  exit;
50  }
51 
52 $monLibrary= dirname(__FILE__) . "/../library";
53 $monIncludes= dirname(__FILE__) . "/../includes";
54 require_once("$monLibrary/cu_top.i");
55 require_once("$monIncludes/cu_remote_top.prg");
56 
57  // ** Declare the variables for connecting to the remote instances of the db's
58  $str_pos = strpos($_SERVER['SERVER_NAME'], ".");
59  $home_host = substr($_SERVER['SERVER_NAME'], 0, $str_pos);
60  $dbhost = ($home_host == 'monitor' ?
61  'localhost' :
62  "db-" . $_SERVER['SERVER_NAME']);
63 
64  $dbhost = (($home_host == 'monitor') ?
65  'localhost' :
66  ($home_host == 'ivr' ?
67  'db-ivr.cpzo4mvee2q5.us-east-1.rds.amazonaws.com sslmode=verify-full sslrootcert=/etc/ssl/certs/rds-combined-ca-bundle.pem' :
68  "db-" . $_SERVER['SERVER_NAME']));
69  // ** Check Database Link
70  if (!$link) {
71  print "RU: 901 - HomeCU Database Connection Failed";
72  exit;
73  }
74 
75  // ** Predefined Allowed Tables for Updating
76  // *** OLD REFERENCE $Allowed_Tables = array("cuvendors");
77 
78  // ** SPECIAL PROCESSING DOES NOT REQUIRE SOME VALIDATION
79  if ($_POST['ac'] == "S") {
80  $tbl_update = $_POST['tbl'];
81  $tbl_key = "";
82  } else {
83 
84  // ** VALIDATE THE TABLE TO UPDATE IS ACCEPTABLE
85  $tbl_update = ""; // NAME OF THE ACTUAL TABLE -- To help so I don't reference the array value
86  $tbl_key = ""; // THIS IS THE TABLE KEY IN THE ALLOWED_TABLES array
87  if (!isset($Allowed_Tables[$_POST['tbl']])) {
88  print "RU: 904 - Table Update Not Allowed";
89  exit;
90  } else {
91  $tbl_update = $Allowed_Tables[$_POST['tbl']]['tablename'];
92  $tbl_key = $_POST['tbl'];
93  }
94 
95  if ($tbl_update == "") {
96  print "RU: 904 - Table Update Not Allowed";
97  exit;
98  }
99 
100  // ** CREATE THE KEY FROM THE GET VALUES
101  $tbl_pk = ""; // *** PRIMARY KEY FOR THE TABLE
102  if (isset($_POST['col']) && is_array($_POST['col'])) {
103  $tbl_cols = $_POST['col'];
104  // Loop through the columns and create the key value
105  foreach ($tbl_cols as $key => $value) {
106  if ($Allowed_Tables[$tbl_key][$value['name']]['key'] == "1") {
107  $tbl_pk .= ($tbl_pk != "" ? " AND " : "") . $Allowed_Tables[$tbl_key][$value['name']]['name'] . " = '" . $value['value'] . "' ";
108  }
109  }
110  reset($tbl_cols);
111  } else {
112  print "RU: 902 - Field Values Not Set";
113  exit;
114  }
115 
116  // ** VERIFY THERE IS A KEY
117  if (strlen($tbl_pk) == 0) {
118  print "RU: 903 - Key Not Set";
119  exit;
120  }
121  }
122 
123  // *** VALIDATION COMPLETE PERFORM TABLE UPDATE/DELETE
124  // ** 1ST - Determine if the record already exists
125  $cnt_sql = "SELECT count(*) as record_count
126  FROM $tbl_update
127  WHERE $tbl_pk ";
128 
129  $cnt_rs = db_query($cnt_sql, $link);
130  list($cnt_row) = db_fetch_array($cnt_rs);
131  db_free_result($cnt_rs);
132 
133  $act_sql = "";
134  switch ($_POST['ac']) {
135  case "U":
136  // *** UPDATE / ADD
137  if ($cnt_row == 0) {
138  // ** INSERT INTO TABLE
139  $act_sql = "INSERT INTO $tbl_update (";
140 
141  // ** CREATE A FIELD LIST FOR INSERTING
142  $fld_cnt = 0;
143  foreach ($tbl_cols as $key => $value) {
144  $fld_cnt++;
145  $act_sql .= ($fld_cnt > 1 ? ", " : "");
146 
147  $act_sql .= $Allowed_Tables[$tbl_key][$value['name']]['name'];
148  }
149  reset($tbl_cols);
150 
151  $act_sql .= ") VALUES (";
152 
153  // ** CREATE VALUE LIST
154  $fld_cnt = 0;
155  foreach ($tbl_cols as $key => $value) {
156  $fld_cnt++;
157  $act_sql .= ($fld_cnt > 1 ? ", " : "");
158 
159  // ** ADD THE VALUE for the field
160  switch ($Allowed_Tables[$tbl_key][$value['name']]['dt']) {
161  case "N":
162  // ** Numeric
163  $act_sql .= "'" . intval($value['value']) . "'";
164  break;
165  case "C":
166  // ** Character
167  $act_sql .= "'" . prep_save($value['value'], $Allowed_Tables[$tbl_key][$value['name']]['len']) . "'";
168  break;
169  case "D":
170  // ** DATE FIELDS
171  // If the date is blank, then save NULL instead, date fields don't accept empty field
172  // Make sure it is a valid date
173  if (isdate($value['value']) && strlen($value['value']) > 0) {
174  $save_date = "'" . prep_save($value['value'], $Allowed_Tables[$tbl_key][$value['name']]['len']) . "'";
175  } else {
176  $save_date = "NULL";
177  }
178  $act_sql .= $save_date;
179  }
180  }
181  reset($tbl_cols);
182  $act_sql .= ")";
183  } elseif ($cnt_row == 1) {
184  // ** UPDATE TABLE
185  $act_sql = "UPDATE $tbl_update SET ";
186 
187  $fld_cnt = 0;
188  foreach ($tbl_cols as $key => $value) {
189  $fld_cnt++;
190  $act_sql .= ($fld_cnt > 1 ? ", " : "");
191 
192  $act_sql .= $Allowed_Tables[$tbl_key][$value['name']]['name'] . " = ";
193  // ** ADD THE VALUE for the field
194  switch ($Allowed_Tables[$tbl_key][$value['name']]['dt']) {
195  case "N":
196  // ** Numeric
197  $act_sql .= "'" . intval($value['value']) . "'";
198  break;
199  case "C":
200  // ** Character
201  $act_sql .= "'" . prep_save($value['value'], $Allowed_Tables[$tbl_key][$value['name']]['len']) . "'";
202  break;
203  case "D":
204  // ** DATE
205  if (isdate($value['value']) && strlen($value['value']) > 0) {
206  $save_date = "'" . prep_save($value['value'], 10) . "'";
207  } else {
208  $save_date = "NULL";
209  }
210  $act_sql .= $save_date;
211  break;
212  }
213  }
214  reset($tbl_cols);
215  $act_sql .= " WHERE $tbl_pk ";
216 
217  } else {
218  print "RU: 800 - No Action Taken";
219  }
220 
221  if (strlen($act_sql) > 0) {
222  if (!$act_rs = db_query($act_sql, $link)) {
223  print "RU: 905 - Update has failed";
224  } else {
225  print "RU: 801 - Update was successful";
226  }
227  }
228  break;
229  case "D":
230  // *** DELETE
231  if ($cnt_row == 1) {
232  // DELETE THE RECORD FROM THE TABLE
233  $act_sql = "DELETE FROM $tbl_update
234  WHERE $tbl_pk ";
235  if ($act_rs = db_query($act_sql, $link)) {
236  print "RU: 801 - Delete was successful";
237  } else {
238  print "RU: 905 - Delete has failed";
239  }
240  } else {
241  print "RU: 800 - No Action Taken";
242  }
243  // *** DO NOTHING IF COUNT IS NOT 1 -- because if 0, no action needed, if 2, something may be wrong with the key
244  break;
245  case "S":
246  // *** SPECIAL PROCESSING
247  switch ($tbl_update) {
248  case "excludelist":
249  $tbl_cols = $_POST['col'];
250  $act_sql = "INSERT INTO cuadminexclude (cu, user_name, program)
251  (SELECT cu, trim(user_name), '" . prep_save($tbl_cols[0]['value'], $Allowed_Tables[$tbl_update][$tbl_cols[0]['name']][len]) . "'
252  FROM cuadmin) ";
253  break;
254  }
255  break;
256  default:
257  // ** NO ACTION TAKEN
258  print "RU: 800 - No Action Taken";
259  }
260 
261 ?>
Generated by   doxygen 1.8.15