tyler.durden/loganalyzer
1
0
Fork 0
mirror of https://github.com/rsyslog/loganalyzer.git synced 2025-09-23 18:07:52 +02:00
Code Issues Packages Projects Releases Wiki Activity

UserDB: Added backticks arround tablenames in all SQL Statements

Browse Source
This commit is contained in:
Andre Lorbach 2013-10-08 15:48:49 +02:00
parent 278b3173a5
commit 466a678d98
4 changed files with 51 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/include/functions_common.php
View File

@ -819,7 +819,7 @@ function InitConfigurationValues()
if ( GetConfigSetting("UserDBEnabled", false) )
{
// Get configuration variables
$result = DB_Query("SELECT * FROM " . DB_CONFIG . " WHERE is_global = true");
$result = DB_Query("SELECT * FROM `" . DB_CONFIG . "` WHERE is_global = true");
if ( $result )
{

70
src/include/functions_config.php
View File

@ -404,9 +404,9 @@ function InitReportModules($szRootPath = "")
DB_SAVEDREPORTS . ".outputTarget, " .
DB_SAVEDREPORTS . ".outputTargetDetails, " .
DB_SAVEDREPORTS . ".scheduleSettings " .
" FROM " . DB_SAVEDREPORTS .
" WHERE " . DB_SAVEDREPORTS . ".reportid = '" . $myReportID . "' " .
" ORDER BY " . DB_SAVEDREPORTS . ".customTitle";
" FROM `" . DB_SAVEDREPORTS . "`" .
" WHERE `" . DB_SAVEDREPORTS . ".reportid` = '" . $myReportID . "' " .
" ORDER BY `" . DB_SAVEDREPORTS . ".customTitle`";
// Get Views from DB now!
$result = DB_Query($sqlquery);
@ -682,8 +682,8 @@ function LoadDBMappingsFromDatabase()
DB_MAPPINGS . ".ID, " .
DB_MAPPINGS . ".DisplayName, " .
DB_MAPPINGS . ".Mappings " .
" FROM " . DB_MAPPINGS .
" ORDER BY " . DB_MAPPINGS . ".DisplayName";
" FROM `" . DB_MAPPINGS . "`" .
" ORDER BY `" . DB_MAPPINGS . ".DisplayName`";
// Get Views from DB now!
$result = DB_Query($sqlquery);
@ -764,8 +764,8 @@ function LoadFieldsFromDatabase()
DB_FIELDS . ".SearchOnline, " .
DB_FIELDS . ".Trunscate, " .
DB_FIELDS . ".Sortable " .
" FROM " . DB_FIELDS .
" ORDER BY " . DB_FIELDS . ".FieldCaption";
" FROM `" . DB_FIELDS . "`" .
" ORDER BY `" . DB_FIELDS . ".FieldCaption`";
// ---
// Get Searches from DB now!
@ -818,12 +818,12 @@ function LoadSearchesFromDatabase()
// --- Create SQL Query
// Create Where for USERID
if ( isset($content['SESSION_LOGGEDIN']) && $content['SESSION_LOGGEDIN'] )
$szWhereUser = " OR " . DB_SEARCHES . ".userid = " . $content['SESSION_USERID'] . " ";
$szWhereUser = " OR `" . DB_SEARCHES . ".userid` = " . $content['SESSION_USERID'] . " ";
else
$szWhereUser = "";
if ( isset($content['SESSION_GROUPIDS']) )
$szGroupWhere = " OR " . DB_SEARCHES . ".groupid IN (" . $content['SESSION_GROUPIDS'] . ")";
$szGroupWhere = " OR `" . DB_SEARCHES . ".groupid` IN (" . $content['SESSION_GROUPIDS'] . ")";
else
$szGroupWhere = "";
$sqlquery = " SELECT " .
@ -834,13 +834,13 @@ function LoadSearchesFromDatabase()
DB_SEARCHES . ".groupid, " .
DB_USERS . ".username, " .
DB_GROUPS . ".groupname " .
" FROM " . DB_SEARCHES .
" LEFT OUTER JOIN (" . DB_USERS . ") ON (" . DB_SEARCHES . ".userid=" . DB_USERS . ".ID ) " .
" LEFT OUTER JOIN (" . DB_GROUPS . ") ON (" . DB_SEARCHES . ".groupid=" . DB_GROUPS . ".ID ) " .
" WHERE (" . DB_SEARCHES . ".userid IS NULL AND " . DB_SEARCHES . ".groupid IS NULL) " .
" FROM `" . DB_SEARCHES . "`" .
" LEFT OUTER JOIN (`" . DB_USERS . "`) ON (`" . DB_SEARCHES . ".userid`=`" . DB_USERS . ".ID` ) " .
" LEFT OUTER JOIN (`" . DB_GROUPS . "`) ON (`" . DB_SEARCHES . ".groupid`=`" . DB_GROUPS . ".ID` ) " .
" WHERE (`" . DB_SEARCHES . ".userid` IS NULL AND `" . DB_SEARCHES . ".groupid` IS NULL) " .
$szWhereUser .
$szGroupWhere .
" ORDER BY " . DB_SEARCHES . ".userid, " . DB_SEARCHES . ".groupid, " . DB_SEARCHES . ".DisplayName";
" ORDER BY `" . DB_SEARCHES . ".userid`, `" . DB_SEARCHES . ".groupid`, `" . DB_SEARCHES . ".DisplayName`";
// ---
// Get Searches from DB now!
@ -884,12 +884,12 @@ function LoadChartsFromDatabase()
// --- Create SQL Query
// Create Where for USERID
if ( isset($content['SESSION_LOGGEDIN']) && $content['SESSION_LOGGEDIN'] )
$szWhereUser = " OR " . DB_CHARTS . ".userid = " . $content['SESSION_USERID'] . " ";
$szWhereUser = " OR `" . DB_CHARTS . ".userid` = " . $content['SESSION_USERID'] . " ";
else
$szWhereUser = "";
if ( isset($content['SESSION_GROUPIDS']) )
$szGroupWhere = " OR " . DB_CHARTS . ".groupid IN (" . $content['SESSION_GROUPIDS'] . ")";
$szGroupWhere = " OR `" . DB_CHARTS . ".groupid` IN (" . $content['SESSION_GROUPIDS'] . ")";
else
$szGroupWhere = "";
$sqlquery = " SELECT " .
@ -906,13 +906,13 @@ function LoadChartsFromDatabase()
DB_CHARTS . ".groupid, " .
DB_USERS . ".username, " .
DB_GROUPS . ".groupname " .
" FROM " . DB_CHARTS .
" LEFT OUTER JOIN (" . DB_USERS . ") ON (" . DB_CHARTS . ".userid=" . DB_USERS . ".ID ) " .
" LEFT OUTER JOIN (" . DB_GROUPS . ") ON (" . DB_CHARTS . ".groupid=" . DB_GROUPS . ".ID ) " .
" WHERE (" . DB_CHARTS . ".userid IS NULL AND " . DB_CHARTS . ".groupid IS NULL) " .
" FROM `" . DB_CHARTS . "`" .
" LEFT OUTER JOIN (`" . DB_USERS . "`) ON (`" . DB_CHARTS . ".userid`=`" . DB_USERS . ".ID` ) " .
" LEFT OUTER JOIN (`" . DB_GROUPS . "`) ON (`" . DB_CHARTS . ".groupid`=`" . DB_GROUPS . ".ID` ) " .
" WHERE (`" . DB_CHARTS . ".userid` IS NULL AND `" . DB_CHARTS . ".groupid` IS NULL) " .
$szWhereUser .
$szGroupWhere .
" ORDER BY " . DB_CHARTS . ".userid, " . DB_CHARTS . ".groupid, " . DB_CHARTS . ".DisplayName";
" ORDER BY `" . DB_CHARTS . ".userid`, `" . DB_CHARTS . ".groupid`, `" . DB_CHARTS . ".DisplayName`";
// ---
// Get Searches from DB now!
@ -944,12 +944,12 @@ function LoadViewsFromDatabase()
// --- Create SQL Query
// Create Where for USERID
if ( isset($content['SESSION_LOGGEDIN']) && $content['SESSION_LOGGEDIN'] )
$szWhereUser = " OR " . DB_VIEWS . ".userid = " . $content['SESSION_USERID'] . " ";
$szWhereUser = " OR `" . DB_VIEWS . ".userid` = " . $content['SESSION_USERID'] . " ";
else
$szWhereUser = "";
if ( isset($content['SESSION_GROUPIDS']) )
$szGroupWhere = " OR " . DB_VIEWS . ".groupid IN (" . $content['SESSION_GROUPIDS'] . ")";
$szGroupWhere = " OR `" . DB_VIEWS . ".groupid` IN (" . $content['SESSION_GROUPIDS'] . ")";
else
$szGroupWhere = "";
$sqlquery = " SELECT " .
@ -960,13 +960,13 @@ function LoadViewsFromDatabase()
DB_VIEWS . ".groupid, " .
DB_USERS . ".username, " .
DB_GROUPS . ".groupname " .
" FROM " . DB_VIEWS .
" LEFT OUTER JOIN (" . DB_USERS . ") ON (" . DB_VIEWS . ".userid=" . DB_USERS . ".ID ) " .
" LEFT OUTER JOIN (" . DB_GROUPS . ") ON (" . DB_VIEWS . ".groupid=" . DB_GROUPS . ".ID ) " .
" WHERE (" . DB_VIEWS . ".userid IS NULL AND " . DB_VIEWS . ".groupid IS NULL) " .
" FROM `" . DB_VIEWS .
" LEFT OUTER JOIN (`" . DB_USERS . "`) ON (`" . DB_VIEWS . ".userid`=`" . DB_USERS . ".ID` ) " .
" LEFT OUTER JOIN (`" . DB_GROUPS . "`) ON (`" . DB_VIEWS . ".groupid`=`" . DB_GROUPS . ".ID` ) " .
" WHERE (`" . DB_VIEWS . ".userid` IS NULL AND `" . DB_VIEWS . ".groupid` IS NULL) " .
$szWhereUser .
$szGroupWhere .
" ORDER BY " . DB_VIEWS . ".userid, " . DB_VIEWS . ".groupid, " . DB_VIEWS . ".DisplayName";
" ORDER BY `" . DB_VIEWS . ".userid`, `" . DB_VIEWS . ".groupid`, `" . DB_VIEWS . ".DisplayName`";
// ---
// Get Views from DB now!
@ -1008,25 +1008,25 @@ function LoadSourcesFromDatabase()
// --- Create SQL Query
// Create Where for USERID
if ( isset($content['SESSION_LOGGEDIN']) && $content['SESSION_LOGGEDIN'] )
$szWhereUser = " OR " . DB_SOURCES . ".userid = " . $content['SESSION_USERID'] . " ";
$szWhereUser = " OR `" . DB_SOURCES . ".userid` = " . $content['SESSION_USERID'] . " ";
else
$szWhereUser = "";
if ( isset($content['SESSION_GROUPIDS']) )
$szGroupWhere = " OR " . DB_SOURCES . ".groupid IN (" . $content['SESSION_GROUPIDS'] . ")";
$szGroupWhere = " OR `" . DB_SOURCES . ".groupid` IN (" . $content['SESSION_GROUPIDS'] . ")";
else
$szGroupWhere = "";
$sqlquery = " SELECT " .
DB_SOURCES . ".*, " .
DB_USERS . ".username, " .
DB_GROUPS . ".groupname " .
" FROM " . DB_SOURCES .
" LEFT OUTER JOIN (" . DB_USERS . ") ON (" . DB_SOURCES . ".userid=" . DB_USERS . ".ID ) " .
" LEFT OUTER JOIN (" . DB_GROUPS . ") ON (" . DB_SOURCES . ".groupid=" . DB_GROUPS . ".ID ) " .
" WHERE (" . DB_SOURCES . ".userid IS NULL AND " . DB_SOURCES . ".groupid IS NULL) " .
" FROM `" . DB_SOURCES . "`" .
" LEFT OUTER JOIN (`" . DB_USERS . "`) ON (`" . DB_SOURCES . ".userid`=`" . DB_USERS . ".ID` ) " .
" LEFT OUTER JOIN (`" . DB_GROUPS . "`) ON (`" . DB_SOURCES . ".groupid`=`" . DB_GROUPS . ".ID` ) " .
" WHERE (`" . DB_SOURCES . ".userid` IS NULL AND `" . DB_SOURCES . ".groupid` IS NULL) " .
$szWhereUser .
$szGroupWhere .
" ORDER BY " . DB_SOURCES . ".userid, " . DB_SOURCES . ".groupid, " . DB_SOURCES . ".Name";
" ORDER BY `" . DB_SOURCES . ".userid`, `" . DB_SOURCES . ".groupid`, `" . DB_SOURCES . ".Name`";
// ---
// Get Sources from DB now!
$result = DB_Query($sqlquery);

10
src/include/functions_installhelpers.php
View File

@ -102,7 +102,7 @@ function ConvertCustomSearches()
foreach($CFG['Search'] as $searchid => &$mySearch)
{
// New Entry
$result = DB_Query("INSERT INTO " . DB_SEARCHES . " (DisplayName, SearchQuery) VALUES ( '" . PrepareValueForDB($mySearch['DisplayName']) . "', '" . PrepareValueForDB($mySearch['SearchQuery']) . "')");
$result = DB_Query("INSERT INTO `" . DB_SEARCHES . "` (DisplayName, SearchQuery) VALUES ( '" . PrepareValueForDB($mySearch['DisplayName']) . "', '" . PrepareValueForDB($mySearch['SearchQuery']) . "')");
$mySearch['DBID'] = DB_ReturnLastInsertID($result);
DB_FreeQuery($result);
@ -120,7 +120,7 @@ function ConvertCustomCharts()
foreach($CFG['Charts'] as $chartid => &$myChart)
{
// New Entry
$result = DB_Query("INSERT INTO " . DB_CHARTS . " (DisplayName, chart_enabled, chart_type, chart_width, chart_field, maxrecords, showpercent)
$result = DB_Query("INSERT INTO `" . DB_CHARTS . "` (DisplayName, chart_enabled, chart_type, chart_width, chart_field, maxrecords, showpercent)
VALUES (
'" . PrepareValueForDB($myChart['DisplayName']) . "',
" . intval($myChart['chart_enabled']) . ",
@ -157,7 +157,7 @@ function ConvertCustomViews()
}
// New Entry
$result = DB_Query("INSERT INTO " . DB_VIEWS . " (DisplayName, Columns) VALUES ( '" . PrepareValueForDB($myView['DisplayName']) . "', '" . PrepareValueForDB($myView['ColumnsAsString']) . "')");
$result = DB_Query("INSERT INTO `" . DB_VIEWS . "` (DisplayName, Columns) VALUES ( '" . PrepareValueForDB($myView['DisplayName']) . "', '" . PrepareValueForDB($myView['ColumnsAsString']) . "')");
$myView['DBID'] = DB_ReturnLastInsertID($result);
DB_FreeQuery($result);
}
@ -196,7 +196,7 @@ function ConvertCustomSources()
// Add New Entry
if ( $mySource['SourceType'] == SOURCE_DISK )
{
$result = DB_Query("INSERT INTO " . DB_SOURCES . " (Name, Description, SourceType, MsgParserList, MsgNormalize, ViewID, LogLineType, DiskFile) VALUES ( " .
$result = DB_Query("INSERT INTO `" . DB_SOURCES . "` (Name, Description, SourceType, MsgParserList, MsgNormalize, ViewID, LogLineType, DiskFile) VALUES ( " .
"'" . PrepareValueForDB($mySource['Name']) . "', " .
"'" . PrepareValueForDB($mySource['Description']) . "', " .
" " . PrepareValueForDB($mySource['SourceType']) . " , " .
@ -218,7 +218,7 @@ function ConvertCustomSources()
$mySource['DBType'] = DB_MYSQL;
// Perform the insert
$result = DB_Query("INSERT INTO " . DB_SOURCES . " (Name, Description, SourceType, MsgParserList, MsgNormalize, ViewID, DBTableType, DBType, DBServer, DBName, DBUser, DBPassword, DBTableName, DBEnableRowCounting) VALUES ( " .
$result = DB_Query("INSERT INTO `" . DB_SOURCES . "` (Name, Description, SourceType, MsgParserList, MsgNormalize, ViewID, DBTableType, DBType, DBServer, DBName, DBUser, DBPassword, DBTableName, DBEnableRowCounting) VALUES ( " .
"'" . PrepareValueForDB($mySource['Name']) . "', " .
"'" . PrepareValueForDB($mySource['Description']) . "', " .
" " . PrepareValueForDB($mySource['SourceType']) . " , " .

20
src/include/functions_users.php
View File

@ -86,7 +86,7 @@ function InitUserSession()
$content['SESSION_GROUPIDS'] = $_SESSION['SESSION_GROUPIDS'];
// --- Now we obtain user specific general settings from the DB for the user!
$result = DB_Query("SELECT * FROM " . DB_CONFIG . " WHERE userid = " . $content['SESSION_USERID']);
$result = DB_Query("SELECT * FROM `" . DB_CONFIG . "` WHERE userid = " . $content['SESSION_USERID']);
if ( $result )
{
$rows = DB_GetAllRows($result, true);
@ -138,7 +138,7 @@ function InitUserSession()
function CreateUserName( $username, $password, $is_admin )
{
$md5pass = md5($password);
$result = DB_Query("SELECT username FROM " . DB_USERS . " WHERE username = '" . $username . "'");
$result = DB_Query("SELECT username FROM `" . DB_USERS . "` WHERE username = '" . $username . "'");
$rows = DB_GetAllRows($result, true);
if ( isset($rows) )
@ -151,7 +151,7 @@ function CreateUserName( $username, $password, $is_admin )
else
{
// Create User
$result = DB_Query("INSERT INTO " . DB_USERS . " (username, password, is_admin) VALUES ('$username', '$md5pass', $is_admin)");
$result = DB_Query("INSERT INTO `" . DB_USERS . "` (username, password, is_admin) VALUES ('$username', '$md5pass', $is_admin)");
DB_FreeQuery($result);
// Success
@ -173,7 +173,7 @@ function CheckUserLogin( $username, $password )
{
// TODO: SessionTime and AccessLevel check
$md5pass = md5($password);
$sqlquery = "SELECT * FROM " . DB_USERS . " WHERE username = '" . $username . "' and password = '" . $md5pass . "'";
$sqlquery = "SELECT * FROM `" . DB_USERS . "` WHERE username = '" . $username . "' and password = '" . $md5pass . "'";
$result = DB_Query($sqlquery);
$myrow = DB_GetSingleRow($result, true);
}
@ -201,7 +201,7 @@ function CheckUserLogin( $username, $password )
$sqlquery = "SELECT " .
DB_GROUPMEMBERS . ".groupid, " .
DB_GROUPMEMBERS . ".is_member " .
"FROM " . DB_GROUPMEMBERS . " WHERE userid = " . $content['SESSION_USERID'] . " AND " . DB_GROUPMEMBERS . ".is_member = 1";
"FROM `" . DB_GROUPMEMBERS . "` WHERE userid = " . $content['SESSION_USERID'] . " AND `" . DB_GROUPMEMBERS . ".is_member` = 1";
$result = DB_Query($sqlquery);
$myrows = DB_GetAllRows($result, true);
if ( isset($myrows ) && count($myrows) > 0 )
@ -220,7 +220,7 @@ function CheckUserLogin( $username, $password )
// ---
// ---Set LASTLOGIN Time!
$result = DB_Query("UPDATE " . DB_USERS . " SET last_login = " . time() . " WHERE ID = " . $content['SESSION_USERID']);
$result = DB_Query("UPDATE `" . DB_USERS . "` SET last_login = " . time() . " WHERE ID = " . $content['SESSION_USERID']);
DB_FreeQuery($result);
// ---
@ -385,13 +385,13 @@ function CheckLDAPUserLogin( $username, $password )
// then the prefs and group management is done in the DB and we don't rewrite the whole Loganalyzer code…
// check if the user already exist
$sqlquery = "SELECT * FROM " . DB_USERS . " WHERE username = '" . $username . "'";
$sqlquery = "SELECT * FROM `" . DB_USERS . "` WHERE username = '" . $username . "'";
$result = DB_Query($sqlquery);
$myrow = DB_GetSingleRow($result, true);
if (!isset($myrow['is_admin']) )
{
// Create User | use password to create MD5 Hash, so technically the user could login without LDAP as well
$sqlcmd = "INSERT INTO " . DB_USERS . " (username, password, is_admin, is_readonly) VALUES ('" . $username . "', '" . md5($password) . "', 0, 1)";
$sqlcmd = "INSERT INTO `" . DB_USERS . "` (username, password, is_admin, is_readonly) VALUES ('" . $username . "', '" . md5($password) . "', 0, 1)";
$result = DB_Query($sqlcmd);
DB_FreeQuery($result);
@ -487,8 +487,8 @@ function GetGroupsForSelectfield()
$sqlquery = "SELECT " .
DB_GROUPS . ".ID as mygroupid, " .
DB_GROUPS . ".groupname " .
"FROM " . DB_GROUPS .
" ORDER BY " . DB_GROUPS . ".groupname";
"FROM `" . DB_GROUPS . "`" .
" ORDER BY `" . DB_GROUPS . ".groupname`";
$result = DB_Query($sqlquery);
$mygroups = DB_GetAllRows($result, true);
if ( isset($mygroups) && count($mygroups) > 0 )