source: trunk/npemap.org.uk/cgi/submit.fcgi @ 70

#!/usr/bin/perl

use strict;
use warnings;

use DBI;
use CGI::Fast qw/:standard -debug/;
use Geo::Postcode;

use vars qw($dbname $dbhost $dbuser $dbpass);

sub print_err;
sub setup_dbh;

# Read in database config
my $config = 'npemap.conf';
do $config or die "Can't read $config!\n";

# Set up database handler to try and make sure it's ready for the first
# request
# No point in handling errors here since they'll get handled by the request
# handler
my $dbh;
setup_dbh();


my @fields = qw(easting northing postcode);
my $returnBaseURL = 'http://www.npemap.org.uk';

my $cgi;
# Process incoming requests
REQUEST: while ($cgi = new CGI::Fast) {

    # If we're given return URL parameters, basic sanity check to stop
    # funny business
    
    my $returnlink = '<a href="/tiles/map.html?' .int($cgi->param('easting')/1000). ",".int($cgi->param('northing')/1000)  . ',1">Go back</a>';   

    if (defined $cgi->param('returnX') and ($cgi->param('returnX') =~ /\d+/) and
        defined $cgi->param('returnY') and ($cgi->param('returnY') =~ /\d+/) ) {
        $returnlink = '<a href="' . $returnBaseURL . '/tiles/map.html?' . $cgi->param('returnX') . ',' . $cgi->param('returnY') . ',1">Go back to the map</a>';
    }


    # In case the database went away, make sure we have a connection
    unless (setup_dbh()) {
        print_err('Error setting up database connection', $returnlink);
        next REQUEST;
    }

    my ($easting, $northing);

    # Input validation
    foreach my $field (@fields) {
        unless (defined $cgi->param($field)) {
            print_err ("Parameter '$field' missing", $returnlink);
            next REQUEST;
        }
    }

    # Is the Easting in a valid range?
    if (($cgi->param('easting') > 700000) or
        ($cgi->param('easting') < 0)) {
        print_err ("Parameter 'easting' must be an integer between 0 and 700,000", $returnlink);
        next REQUEST;
    } else {
        $easting = $cgi->param('easting');
    }

    # Is the Northing in a valid range?
    if (($cgi->param('northing') > 1300000) or
        ($cgi->param('northing') < 0)) {
        print_err("Parameter 'northing' must be an integer between 0 and 1,300,000", $returnlink);
        next REQUEST;
    } else {
        $northing = $cgi->param('northing');
    }

    my $sth;

    # Now validate the postcode input format
    my $raw_postcode = $cgi->param('postcode');
    my $trimmed_postcode = $raw_postcode; 
    $trimmed_postcode =~ s/^\s+//;
    $trimmed_postcode =~ s/\s+$//;
    my $postcode = Geo::Postcode->new($trimmed_postcode);
    my ($first, $second, $third, $fourth) = @{$postcode->fragments};
    my ($outward, $inward);

    if ($postcode->valid) {
        # We have a complete postcode; input it straight into the database
        $outward = $first . $second;
        $inward = $third . $fourth;
    } elsif($postcode->valid_fragment) {
        # We have a valid fragment; let's build up what we can
        # We are guaranteed to have the first two
        $outward = $first . $second;
        $inward = '';
        $inward .= $third if defined $third;
        $inward .= $fourth if defined $fourth;
    } else {
        print_err("The postcode format is not valid", $returnlink);
        next REQUEST;
    }

    # Check for a duplicate.
    # We want to collect duplicates from different IP addresses as a kind of
    # corroboration factor; this just catches accidental double-submission
    # really.
    $sth = $dbh->prepare('SELECT raw_postcode FROM postcodes WHERE raw_postcode = ? AND easting = ? AND northing = ? AND ip = ?');
    unless ($sth->execute($raw_postcode, $easting, $northing, $ENV{'REMOTE_ADDR'})) {
        print_err('Database error when checking for duplicate data :(', $returnlink);
        next REQUEST;
    }

    if ($sth->rows) {
        print_err('You, or someone with the same IP address, have already submitted this postcode with these co-ordinates.', $returnlink);
        next REQUEST;
    }

    $sth = $dbh->prepare('INSERT INTO postcodes (outward, inward, raw_postcode, easting, northing, ip, source) VALUES (?, ?, ?, ?, ?, ?, 0)');
    if ($sth->execute($outward, $inward, $raw_postcode, $easting, $northing, $ENV{'REMOTE_ADDR'})) {
        print "Content-type: text/html\n\n";
        print "<html><head><title>Thank you</title></head>\n";
        print "<body><p>Thank you for telling us where your post code is!</p>\n";
        print "<p>$returnlink</p>\n";
        print "</body></html>";
        next REQUEST;
    } else {
        print STDERR "DB error: " . $dbh->errstr . "\n";
        print_err("Database error when adding your data :(", $returnlink);
        next REQUEST;
    }
}

# No more requests to serve, so tidy up
$dbh->disconnect;

# Helper routines
sub print_err($$) {
    my $err = shift;
    my $returnlink = shift;
    print "Content-type: text/html\n\n";
    print "<html><head><title>Error submitting</title></head>\n";
    print "<body><p>The following error occurred whilst submitting data:\n";
    print CGI::escapeHTML($err);
    print "</p><p>Your input was:</p>\n<ul>";
    foreach my $field (@fields) {
        my $param = $cgi->param($field) || '';
        print "<li>$field: " . $param . "</li>\n";
    }
    print "</ul>\n";
    print "<p>$returnlink</p>\n";
    print "</body></html>\n";
}

sub setup_dbh {
    # $dbh is global
    my $data_source = "dbi:Pg:dbname=$dbname";
    $data_source .= ";host=$dbhost" if $dbhost;
    return $dbh = DBI->connect_cached($data_source, $dbuser, $dbpass);
}