--- loncom/lonsql 2007/08/31 12:33:25 1.87 +++ loncom/lonsql 2024/06/22 14:29:36 1.99 @@ -3,7 +3,7 @@ # The LearningOnline Network # lonsql - LON TCP-MySQL-Server Daemon for handling database requests. # -# $Id: lonsql,v 1.87 2007/08/31 12:33:25 raeburn Exp $ +# $Id: lonsql,v 1.99 2024/06/22 14:29:36 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -95,8 +95,6 @@ the database. =head1 Internals -=over 4 - =cut use strict; @@ -121,6 +119,8 @@ use GDBM_File; =pod +=over 4 + =item Global Variables =over 4 @@ -228,18 +228,18 @@ unless ($dbh = DBI->connect("DBI:mysql:l $perlvar{'lonSqlAccess'}, { RaiseError =>0,PrintError=>0})) { print "Cannot connect to database!\n"; - my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}"; + my $emailto="$perlvar{'lonAdmEMail'} $perlvar{'lonSysEMail'}"; my $subj="LON: $perlvar{'lonHostID'} Cannot connect to database!"; system("echo 'Cannot connect to MySQL database!' |". - " mailto $emailto -s '$subj' > /dev/null"); + " mail -s '$subj' $emailto > /dev/null"); - open(SMP,'>/home/httpd/html/lon-status/mysql.txt'); + open(SMP,">$perlvar{'lonDocRoot'}/lon-status/mysql.txt"); print SMP 'time='.time.'&mysql=defunct'."\n"; close(SMP); exit 1; } else { - unlink('/home/httpd/html/lon-status/mysql.txt'); + unlink("$perlvar{'lonDocRoot'}/lon-status/mysql.txt"); $dbh->disconnect; } @@ -442,64 +442,24 @@ sub make_new_child { $result .= &escape(join(':',map{$_.'='.$replies{$_}} keys %replies)); } } elsif ($query eq 'usersearch') { - my $srchdomain = &unescape($arg1); - my @items = split(/%%/,$arg2); - my ($srchby,$srchtype) = map {&unescape($_)} @items; - my $srchterm = &unescape($arg3); - my $quoted_dom = $dbh->quote( $srchdomain ); - my ($query,$quoted_srchterm,@fields); - my ($table_columns,$table_indices) = - &LONCAPA::lonmetadata::describe_metadata_storage('allusers'); - foreach my $coldata (@{$table_columns}) { - push(@fields,$coldata->{'name'}); - } - my $fieldlist = join(',',@fields); - $query = "SELECT $fieldlist FROM allusers WHERE (domain = $quoted_dom AND "; - if ($srchby eq 'lastfirst') { - my ($fraglast,$fragfirst) = split(/,/,$srchterm); - $fragfirst =~ s/^\s+//; - $fraglast =~ s/\s+$//; - if ($srchtype eq 'exact') { - $query .= 'lastname = '.$dbh->quote($fraglast). - ' AND firstname = '.$dbh->quote($fragfirst); - } elsif ($srchtype eq 'begins') { - $query .= 'lastname LIKE '.$dbh->quote($fraglast.'%').' AND firstname LIKE '.$dbh->quote($fragfirst.'%'); - } else { - $query .= 'lastname LIKE '.$dbh->quote('%'.$fraglast.'%').' AND firstname LIKE '.$dbh->quote('%'.$fragfirst.'%'); - } + my ($srchby,$srchtype,$srchterm); + if ((&unescape($arg1) eq $searchdomain) && + ($arg2 =~ /\%\%/)) { + ($srchby,$srchtype) = + map {&unescape($_);} (split(/\%\%/,$arg2)); + $srchterm = &unescape($arg3); } else { - my %srchfield = ( - uname => 'username', - lastname => 'lastname', - ); - if ($srchtype eq 'exact') { - $query .= $srchfield{$srchby}.' = '.$dbh->quote($srchterm); - } elsif ($srchtype eq 'begins') { - $query .= $srchfield{$srchby}.' LIKE '.$dbh->quote($srchterm.'%'); - } else { - $query .= $srchfield{$srchby}.' LIKE '.$dbh->quote('%'.$srchterm.'%'); - } + ($srchby,$srchtype,$srchterm) = + map {&unescape($_);} ($arg1,$arg2,$arg3); } - $query .= ") ORDER BY username "; - my $sth = $dbh->prepare($query); - if ($sth->execute()) { - my @results; - while (my @row = $sth->fetchrow_array) { - my @items; - for (my $i=0; $i<@row; $i++) { - push(@items,&escape($fields[$i]).'='.&escape($row[$i])); - } - push(@results,join(":", @items)); - } - $sth->finish; - $result = &escape(join("&",@results)); - } else { - &logthis(''. - 'WARNING: Could not retrieve from database:'. - $sth->errstr().''); - } + $result = &do_user_search($searchdomain,$srchby, + $srchtype,$srchterm); } elsif ($query eq 'instdirsearch') { $result = &do_inst_dir_search($searchdomain,$arg1,$arg2,$arg3); + } elsif ($query eq 'getinstuser') { + $result = &get_inst_user($searchdomain,$arg1,$arg2); + } elsif ($query eq 'getmultinstusers') { + $result = &get_multiple_instusers($searchdomain,$arg3); } elsif ($query eq 'prepare activity log') { my ($cid,$domain) = map {&unescape($_);} ($arg1,$arg2); &logthis('preparing activity log tables for '.$cid); @@ -530,8 +490,9 @@ sub make_new_child { $userdata{'domain'} = $udom; $result = &allusers_table_update($query,$uname,$udom,\%userdata); } else { + # Sanity checking of $query needed. # Do an sql query - $result = &do_sql_query($query,$arg1,$arg2,$searchdomain); + $result = &do_sql_query($query,$arg1,$arg2,$arg3,$searchdomain); } # result does not need to be escaped because it has already been # escaped. @@ -551,6 +512,75 @@ sub make_new_child { } } +sub do_user_search { + my ($domain,$srchby,$srchtype,$srchterm) = @_; + my $result; + my $quoted_dom = $dbh->quote( $domain ); + my ($query,$quoted_srchterm,@fields); + my ($table_columns,$table_indices) = + &LONCAPA::lonmetadata::describe_metadata_storage('allusers'); + foreach my $coldata (@{$table_columns}) { + push(@fields,$coldata->{'name'}); + } + my $fieldlist = join(',',@fields); + $query = "SELECT $fieldlist FROM allusers WHERE (domain = $quoted_dom AND "; + if ($srchby eq 'lastfirst') { + my ($fraglast,$fragfirst) = split(/,/,$srchterm); + $fragfirst =~ s/^\s+//; + $fraglast =~ s/\s+$//; + if ($srchtype eq 'exact') { + $query .= 'lastname = '.$dbh->quote($fraglast). + ' AND firstname = '.$dbh->quote($fragfirst); + } elsif ($srchtype eq 'begins') { + $query .= 'lastname LIKE '.$dbh->quote($fraglast.'%'). + ' AND firstname LIKE '.$dbh->quote($fragfirst.'%'); + } else { + $query .= 'lastname LIKE '.$dbh->quote('%'.$fraglast.'%'). + ' AND firstname LIKE '.$dbh->quote('%'.$fragfirst.'%'); + } + } else { + my %srchfield = ( + uname_ci => 'username collate latin1_general_ci', + uname => 'username', + lastname => 'lastname', + email => 'permanentemail', + ); + if (exists($srchfield{$srchby})) { + if ($srchtype eq 'exact') { + $query .= $srchfield{$srchby}.' = '.$dbh->quote($srchterm); + } elsif ($srchtype eq 'begins') { + $query .= $srchfield{$srchby}.' LIKE '.$dbh->quote($srchterm.'%'); + } else { + $query .= $srchfield{$srchby}.' LIKE '.$dbh->quote('%'.$srchterm.'%'); + } + } else { + &logthis(''. + 'WARNING: Invalid srchby: '.$srchby.''); + return $result; + } + } + $query .= ") ORDER BY username "; + my $sth = $dbh->prepare($query); + if ($sth->execute()) { + my @results; + while (my @row = $sth->fetchrow_array) { + my @items; + for (my $i=0; $i<@row; $i++) { + push(@items,&escape($fields[$i]).'='.&escape($row[$i])); + } + my $userstr = join(':', @items); + push(@results,&escape($userstr)); + } + $sth->finish; + $result = join('&',@results); + } else { + &logthis(''. + 'WARNING: Could not retrieve from database:'. + $sth->errstr().''); + } + return $result; +} + sub do_inst_dir_search { my ($domain,$srchby,$srchterm,$srchtype) = @_; $srchby = &unescape($srchby); @@ -577,6 +607,58 @@ sub do_inst_dir_search { return $response; } +sub get_inst_user { + my ($domain,$uname,$id) = @_; + $uname = &unescape($uname); + $id = &unescape($id); + my (%instusers,%instids,$result,$response); + eval { + local($SIG{__DIE__})='DEFAULT'; + $result=&localenroll::get_userinfo($domain,$uname,$id,\%instusers, + \%instids); + }; + if ($result eq 'ok') { + if (keys(%instusers) > 0) { + foreach my $key (keys(%instusers)) { + my $usrstr = &Apache::lonnet::freeze_escape($instusers{$key}); + $response .= &escape(&escape($key).'='.$usrstr).'&'; + } + } + $response=~s/\&$//; + } else { + $response = 'unavailable'; + } + return $response; +} + +sub get_multiple_instusers { + my ($domain,$data) = @_; + my ($type,$users) = split(/=/,$data,2); + my $requested = &Apache::lonnet::thaw_unescape($users); + my $response; + if (ref($requested) eq 'HASH') { + my (%instusers,%instids,$result); + eval { + local($SIG{__DIE__})='DEFAULT'; + $result=&localenroll::get_multusersinfo($domain,$type,$requested,\%instusers, + \%instids); + }; + if ($@) { + $response = 'error'; + } elsif ($result eq 'ok') { + $response = $result; + if (keys(%instusers)) { + $response .= '='.&Apache::lonnet::freeze_escape(\%instusers); + } + } elsif ($result eq 'unavailable') { + $response = $result; + } + } else { + $response = 'invalid'; + } + return $response; +} + ######################################################## ######################################################## @@ -608,12 +690,30 @@ sub process_file { } sub do_sql_query { - my ($query,$custom,$customshow,$searchdomain) = @_; + my ($query,$custom,$customshow,$domainstr,$searchdomain) = @_; # # limit to searchdomain if given and table is metadata # - if (($searchdomain) && ($query=~/FROM metadata/)) { + if ($domainstr && ($query=~/FROM metadata/)) { + my $havingstr; + $domainstr = &unescape($domainstr); + if ($domainstr =~ /,/) { + foreach my $dom (split(/,/,$domainstr)) { + if ($dom =~ /^$LONCAPA::domain_re$/) { + $havingstr .= 'domain="'.$dom.'" OR '; + } + } + $havingstr =~ s/ OR $//; + } else { + if ($domainstr =~ /^$LONCAPA::domain_re$/) { + $havingstr = 'domain="'.$domainstr.'"'; + } + } + if ($havingstr) { + $query.=' HAVING ('.$havingstr.')'; + } + } elsif (($searchdomain) && ($query=~/FROM metadata/)) { $query.=' HAVING (domain="'.$searchdomain.'")'; } # &logthis('doing query ('.$searchdomain.')'.$query);