2008-07-13 Evi Vanoost <vanooste@rcbi.rochester.edu>
* pandora_console/general/logon_ok.php: Made the query use sprintf (for security purposes)
* pandora_console/include/functions_db.php: Made all the database queries relying on a single query function for simpler management
Also made sure that no functions returned NULL because NULL is a valid database value. It will return an empty value or something
Also made a simple query cache array so that duplicate queries to generate a single page won't be repeated (ACL queries)
Also updated some other queries and functions (see the diff) and removed some old code
* pandora_console/estado_grupo.php: Now with working agents counter!
* pandora_console/general/footer.php: Just made a fancy counter that displays how much queries weren't duplicated (90 on some pages!!)
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@953 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
guruevi
parent
15283d4b31
commit
086ec57b3c
|
|
@ -1,10 +1,25 @@
|
|||
2008-07-13 Evi Vanoost <vanooste@rcbi.rochester.edu>
|
||||
|
||||
* pandora_console/general/logon_ok.php: Made the query use sprintf (for security purposes)
|
||||
|
||||
* pandora_console/include/functions_db.php: Made all the database queries relying on a single query function for simpler management
|
||||
Also made sure that no functions returned NULL because NULL is a valid database value.
|
||||
Also made a simple query cache array so that duplicate queries to generate a single page won't be repeated (ACL queries)
|
||||
Also updated some other queries and functions (see the diff) and removed some old code
|
||||
|
||||
* pandora_console/estado_grupo.php: Now with working agents counter!
|
||||
|
||||
* pandora_console/general/footer.php: Just made a fancy counter that displays how much queries weren't duplicated (90 on some pages!!)
|
||||
|
||||
2008-07-12 Evi Vanoost <vanooste@rcbi.rochester.edu>
|
||||
|
||||
* pandora_console/operation/agentes/networkmap.php: Some minor bugfixes introduced with my changes yesterday
|
||||
|
||||
* pandora_console/general/links_menu.php: 2 queries for a menu? Changed it to a single query. This list will likely never be empty - if it is, Links section won't be generated
|
||||
* pandora_console/general/links_menu.php: 2 queries for a menu? Changed it to a single query.
|
||||
This list will likely never be empty - if it is, Links section won't be generated
|
||||
|
||||
* pandora_console/general/logon_ok.php: Updated the queries to go faster. Changed the timestamp calculation to an indexed query using utimestamp and UNIXTIME(NOW())-604800
|
||||
* pandora_console/general/logon_ok.php: Updated the queries to go faster.
|
||||
Changed the timestamp calculation to an indexed query using utimestamp and UNIXTIME(NOW())-604800
|
||||
|
||||
* pandora_console/images/networkmap/8.png: Added the Mac OS X icon..
|
||||
|
||||
|
|
@ -12,7 +27,8 @@
|
|||
|
||||
* pandora_console/operation/agentes/estado_grupo.php: Fixed the issue where all data was 0-ed out. There was an if-then-else construction that wasn't working well
|
||||
|
||||
* pandora_console/operation/agentes/networkmap.php: Made more extensive error messages that explains WHY it wasn't generating. Then also made it so the image is cached instead of regenerated every time (currently hardcoded at 5 min.).
|
||||
* pandora_console/operation/agentes/networkmap.php: Made more extensive error messages that explains WHY it wasn't generating.
|
||||
Then also made it so the image is cached instead of regenerated every time (currently hardcoded at 5 min.).
|
||||
|
||||
2008-07-10 Evi Vanoost <vanooste@rcbi.rochester.edu>
|
||||
|
||||
|
|
|
|||
|
|
@ -19,13 +19,13 @@ global $config;
|
|||
|
||||
echo "<center>";
|
||||
echo '<a class="white_bold" target="_new" href="general/license/pandora_info_'.$config["language"].'.html">
|
||||
Pandora FMS '.$pandora_version.' Build '.$build_version.'<br>'.
|
||||
Pandora FMS '.$pandora_version.' - Build '.$build_version.'<br>'.
|
||||
lang_string ("gpl_notice").'</a><br>';
|
||||
if (isset($_SERVER['REQUEST_TIME'])) {
|
||||
$time = $_SERVER['REQUEST_TIME'];
|
||||
} else {
|
||||
$time = time();
|
||||
}
|
||||
echo "<a class='white'>".$lang_label["gen_date"]." ".date("D F d, Y H:i:s", $time)."</a><br>";
|
||||
echo "<a class='white'>".$lang_label["gen_date"]." ".date("D F d, Y H:i:s", $time)." - Saved ".$sql_cache["saved"]." Queries</a><br>";
|
||||
echo "</center>";
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ echo "</p>";
|
|||
|
||||
// Private messages pending to read !
|
||||
|
||||
$sql='SELECT COUNT('id_mensaje') AS count FROM tmensajes WHERE id_usuario_destino="'.$nick.'" AND estado="FALSE";';
|
||||
$sql=sprintf("SELECT COUNT('id_mensaje') AS count FROM tmensajes WHERE id_usuario_destino='%s' AND estado='FALSE';",$nick);
|
||||
$resultado = mysql_query ($sql);
|
||||
$row = mysql_fetch_array ($resultado);
|
||||
if ($row["count"] != 0){
|
||||
|
|
|
|||
|
|
@ -13,7 +13,6 @@
|
|||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU General Public License for more details.
|
||||
|
||||
|
||||
/**
|
||||
* Check if login session variables are set.
|
||||
*
|
||||
|
|
@ -21,29 +20,26 @@
|
|||
*
|
||||
* @return 0 on success
|
||||
*/
|
||||
function check_login () {
|
||||
global $config;
|
||||
if (!isset($config["homedir"])){
|
||||
// No exists $config. Exit inmediatly
|
||||
include ("general/noaccess.php");
|
||||
exit;
|
||||
}
|
||||
if ((isset($_SESSION["id_usuario"])) AND ($_SESSION["id_usuario"] != "")) {
|
||||
$id = $_SESSION["id_usuario"];
|
||||
$query1="SELECT id_usuario FROM tusuario WHERE id_usuario= '$id'";
|
||||
$resq1 = mysql_query($query1);
|
||||
$rowdup = mysql_fetch_array($resq1);
|
||||
$nombre = $rowdup[0];
|
||||
if ( $id == $nombre ){
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
audit_db("N/A", getenv("REMOTE_ADDR"), "No session", "Trying to access without a valid session");
|
||||
include ($config["homedir"]."/general/noaccess.php");
|
||||
exit;
|
||||
function check_login () {
|
||||
global $config;
|
||||
if (!isset($config["homedir"])){
|
||||
// No exists $config. Exit inmediatly
|
||||
include("general/noaccess.php");
|
||||
exit;
|
||||
}
|
||||
if ((isset($_SESSION["id_usuario"])) AND ($_SESSION["id_usuario"] != "")) {
|
||||
$id = get_db_value("id_usuario","tusuario","id_usuario",$_SESSION["id_usuario"]);
|
||||
if ( $_SESSION["id_usuario"] == $id ){
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
audit_db("N/A", getenv("REMOTE_ADDR"), "No session", "Trying to access without a valid session");
|
||||
include ($config["homedir"]."/general/noaccess.php");
|
||||
exit;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
/**
|
||||
* Check access privileges to resources
|
||||
*
|
||||
* Access can be:
|
||||
|
|
@ -57,91 +53,69 @@ function check_login () {
|
|||
* DM - DB Management
|
||||
* LM - Alert Management
|
||||
* PM - Pandora Management
|
||||
*
|
||||
* @param id_user User id
|
||||
*
|
||||
* @param id_user User id
|
||||
* @param id_group Agents group id
|
||||
* @param access Access privilege
|
||||
*
|
||||
*
|
||||
* @return 1 if the user has privileges, 0 if not.
|
||||
*/
|
||||
**/
|
||||
function give_acl ($id_user, $id_group, $access) {
|
||||
// IF user is level = 1 then always return 1
|
||||
// Access can be:
|
||||
/*
|
||||
IR - Incident Read
|
||||
IW - Incident Write
|
||||
IM - Incident Management
|
||||
AR - Agent Read
|
||||
AW - Agent Write
|
||||
LW - Alert Write
|
||||
UM - User Management
|
||||
DM - DB Management
|
||||
LM - Alert Management
|
||||
PM - Pandora Management
|
||||
*/
|
||||
// IF user is level = 1 then always return 1
|
||||
|
||||
global $config;
|
||||
$nivel = get_db_value("nivel","tusuario","id_usuario",$id_user);
|
||||
if ($nivel == 1) {
|
||||
return 1;
|
||||
//Apparently nivel is 1 if user has full admin access
|
||||
}
|
||||
|
||||
global $config;
|
||||
|
||||
$query1="SELECT * FROM tusuario WHERE id_usuario = '".$id_user."'";
|
||||
$res=mysql_query($query1);
|
||||
$row=mysql_fetch_array($res);
|
||||
if ($row["nivel"] == 1)
|
||||
return 1;
|
||||
if ($id_group == 0) // Group doesnt matter, any group, for check permission to do at least an action in a group
|
||||
$query1="SELECT * FROM tusuario_perfil WHERE id_usuario = '".$id_user."'"; // GroupID = 0, group doesnt matter (use with caution!)
|
||||
else
|
||||
$query1="SELECT * FROM tusuario_perfil WHERE id_usuario = '".$id_user."' and ( id_grupo =".$id_group." OR id_grupo = 1)"; // GroupID = 1 ALL groups
|
||||
$resq1=mysql_query($query1);
|
||||
$result = 0;
|
||||
while ($rowdup=mysql_fetch_array($resq1)){
|
||||
$id_perfil=$rowdup["id_perfil"];
|
||||
//Joined multiple queries into one. That saves on the query overhead and query cache.
|
||||
if ($id_group == 0) {
|
||||
$query1=sprintf("SELECT `tperfil`.`incident_view`,`tperfil`.`incident_edit`,`tperfil`.`incident_management`,`tperfil`.`agent_view`,`tperfil`.`agent_edit`,`tperfil`.`alert_edit`,`tperfil`.`alert_management`,`tperfil`.`pandora_management`,`tperfil`.`db_management`,`tperfil`.`user_management` FROM `tusuario_perfil`,`tperfil` WHERE `tusuario_perfil`.`id_perfil` = `tperfil`.`id_perfil` AND `tusuario_perfil`.`id_usuario` = '%s'",$id_user); //GroupID = 0, access doesnt matter (use with caution!) - Any user gets access to group 0
|
||||
} else {
|
||||
$query1=sprintf("SELECT `tperfil`.`incident_view`,`tperfil`.`incident_edit`,`tperfil`.`incident_management`,`tperfil`.`agent_view`,`tperfil`.`agent_edit`,`tperfil`.`alert_edit`,`tperfil`.`alert_management`,`tperfil`.`pandora_management`,`tperfil`.`db_management`,`tperfil`.`user_management` FROM `tusuario_perfil`,`tperfil` WHERE `tusuario_perfil`.`id_perfil` = `tperfil`.`id_perfil`
|
||||
AND `tusuario_perfil`.`id_usuario` = '%s' AND (`tusuario_perfil`.`id_grupo` = '%d' OR `tusuario_perfil`.`id_grupo`= 1)",$id_user,$id_group);
|
||||
}
|
||||
|
||||
$rowdup = get_db_all_rows_sql($query1);
|
||||
$result = 0;
|
||||
$i = 0;
|
||||
while($rowdup[$i]){
|
||||
// For each profile for this pair of group and user do...
|
||||
$query2="SELECT * FROM tperfil WHERE id_perfil = ".$id_perfil;
|
||||
$resq2=mysql_query($query2);
|
||||
if ($rowq2=mysql_fetch_array($resq2)){
|
||||
switch ($access) {
|
||||
case "IR":
|
||||
$result = $result + $rowq2["incident_view"];
|
||||
|
||||
$result += $rowdup[$i]["incident_view"];
|
||||
break;
|
||||
case "IW":
|
||||
$result = $result + $rowq2["incident_edit"];
|
||||
|
||||
$result += $rowdup[$i]["incident_edit"];
|
||||
break;
|
||||
case "IM":
|
||||
$result = $result + $rowq2["incident_management"];
|
||||
|
||||
$result += $rowdup[$i]["incident_management"];
|
||||
break;
|
||||
case "AR":
|
||||
$result = $result + $rowq2["agent_view"];
|
||||
|
||||
$result += $rowdup[$i]["agent_view"];
|
||||
break;
|
||||
case "AW":
|
||||
$result = $result + $rowq2["agent_edit"];
|
||||
|
||||
$result += $rowdup[$i]["agent_edit"];
|
||||
break;
|
||||
case "LW":
|
||||
$result = $result + $rowq2["alert_edit"];
|
||||
|
||||
$result += $rowdup[$i]["alert_edit"];
|
||||
break;
|
||||
case "LM":
|
||||
$result = $result + $rowq2["alert_management"];
|
||||
|
||||
$result += $rowdup[$i]["alert_management"];
|
||||
break;
|
||||
case "PM":
|
||||
$result = $result + $rowq2["pandora_management"];
|
||||
|
||||
$result += $rowdup[$i]["pandora_management"];
|
||||
break;
|
||||
case "DM":
|
||||
$result = $result + $rowq2["db_management"];
|
||||
|
||||
$result += $rowdup[$i]["db_management"];
|
||||
break;
|
||||
case "UM":
|
||||
$result = $result + $rowq2["user_management"];
|
||||
|
||||
$result += $rowdup[$i]["user_management"];
|
||||
break;
|
||||
}
|
||||
}
|
||||
$i++;
|
||||
}
|
||||
if ($result > 1)
|
||||
$result = 1;
|
||||
|
|
@ -157,9 +131,9 @@ function give_acl ($id_user, $id_group, $access) {
|
|||
* @param descripcion Long action description
|
||||
*/
|
||||
function audit_db ($id, $ip, $accion, $descripcion){
|
||||
$today=date('Y-m-d H:i:s');
|
||||
$utimestamp = time();
|
||||
$sql1='INSERT INTO tsesion (ID_usuario, accion, fecha, IP_origen,descripcion, utimestamp) VALUES ("'.$id.'","'.$accion.'","'.$today.'","'.$ip.'","'.$descripcion.'", '.$utimestamp.')';
|
||||
$today=date('Y-m-d H:i:s',$utimestamp);
|
||||
$sql1='INSERT INTO tsesion (ID_usuario, accion, fecha, IP_origen,descripcion, utimestamp) VALUES ("'.$id.'","'.$accion.'","'.$today.'","'.$ip.'","'.$descripcion.'", "'.$utimestamp.'")';
|
||||
$result=mysql_query($sql1);
|
||||
}
|
||||
|
||||
|
|
@ -171,11 +145,11 @@ function audit_db ($id, $ip, $accion, $descripcion){
|
|||
*/
|
||||
function logon_db ($id_user, $ip) {
|
||||
global $config;
|
||||
|
||||
|
||||
audit_db ($id_user, $ip, "Logon", "Logged in");
|
||||
// Update last registry of user to get last logon
|
||||
$sql = sprintf ('UPDATE tusuario fecha_registro = $today WHERE id_usuario = "%s"', $id_user);
|
||||
$result = mysql_query ($sql);
|
||||
// Update last registry of user to set last logon. How do we audit when the user was created then?
|
||||
$sql = sprintf ('UPDATE tusuario SET fecha_registro = $today WHERE id_usuario = "%s"', $id_user);
|
||||
mysql_query ($sql);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -185,8 +159,7 @@ function logon_db ($id_user, $ip) {
|
|||
* @param ip Client user IP address.
|
||||
*/
|
||||
function logoff_db ($id_user, $ip) {
|
||||
global $config;
|
||||
audit_db ($config['id_user'], $ip, "Logoff", "Logged out");
|
||||
audit_db ($id_user, $ip, "Logoff", "Logged out");
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -1260,29 +1233,26 @@ function give_agent_id_from_module_id ($id_agent_module) {
|
|||
* @param field Field name to get
|
||||
* @param table Table to retrieve the data
|
||||
* @param field_search Field to filter elements
|
||||
* @param condition Condition the field must have.
|
||||
* @param condition Condition the field must have
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
function get_db_value ($field, $table, $field_search, $condition){
|
||||
$sql_cache=array('saved' => 0);
|
||||
function get_db_value ($field, $table, $field_search=1, $condition=1){
|
||||
|
||||
if (is_int ($condition)) {
|
||||
$sql = sprintf ('SELECT %s FROM %s WHERE %s = %d', $field, $table, $field_search, $condition);
|
||||
$sql = sprintf ("SELECT %s FROM `%s` WHERE `%s` = '%d'", $field, $table, $field_search, $condition);
|
||||
} else if (is_float ($condition) || is_double ($condition)) {
|
||||
$sql = sprintf ('SELECT %s FROM %s WHERE %s = %f', $field, $table, $field_search, $condition);
|
||||
$sql = sprintf ("SELECT %s FROM `%s` WHERE `%s` = '%f'", $field, $table, $field_search, $condition);
|
||||
} else {
|
||||
$sql = sprintf ('SELECT %s FROM %s WHERE %s = "%s"', $field, $table, $field_search, $condition);
|
||||
$sql = sprintf ("SELECT %s FROM `%s` WHERE `%s` = '%s'", $field, $table, $field_search, $condition);
|
||||
}
|
||||
$sql .= ' LIMIT 1';
|
||||
$sql .= " LIMIT 1";
|
||||
$result = get_db_all_rows_sql($sql);
|
||||
if(is_array($result))
|
||||
return $result[0][$field];
|
||||
|
||||
$result = mysql_query ($sql);
|
||||
if (! $result) {
|
||||
echo '<strong>Error:</strong> get_db_value("'.$sql.'") :'. mysql_error ().'<br />';
|
||||
return NULL;
|
||||
}
|
||||
if ($row = mysql_fetch_array ($result))
|
||||
return $row[0];
|
||||
|
||||
return NULL;
|
||||
return "";
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -1290,18 +1260,12 @@ function get_db_value ($field, $table, $field_search, $condition){
|
|||
*
|
||||
* @param sql SQL select statement to execute.
|
||||
*
|
||||
* @return The first row of the result.
|
||||
* @return The first row of the result or something empty.
|
||||
*/
|
||||
function get_db_row_sql ($sql) {
|
||||
$result = mysql_query ($sql);
|
||||
if (! $result) {
|
||||
echo '<strong>Error:</strong> get_db_row("'.$sql.'") :'. mysql_error ().'<br />';
|
||||
return NULL;
|
||||
}
|
||||
if ($row = mysql_fetch_array ($result))
|
||||
return $row;
|
||||
$result = get_db_all_rows_sql($sql);
|
||||
|
||||
return NULL;
|
||||
return $result[0];
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -1317,18 +1281,19 @@ function get_db_row_sql ($sql) {
|
|||
* @return The first row of a database query.
|
||||
*/
|
||||
function get_db_row ($table, $field_search, $condition) {
|
||||
global $config;
|
||||
|
||||
if (is_int ($condition)) {
|
||||
$sql = sprintf ('SELECT * FROM %s WHERE %s = %d', $table, $field_search, $condition);
|
||||
$sql = sprintf ("SELECT * FROM `%s` WHERE `%s` = '%d'", $table, $field_search, $condition);
|
||||
} else if (is_float ($condition) || is_double ($condition)) {
|
||||
$sql = sprintf ('SELECT * FROM %s WHERE %s = %f', $table, $field_search, $condition);
|
||||
$sql = sprintf ("SELECT * FROM `%s` WHERE `%s` = '%f'", $table, $field_search, $condition);
|
||||
} else {
|
||||
$sql = sprintf ('SELECT * FROM %s WHERE %s = "%s"', $table, $field_search, $condition);
|
||||
$sql = sprintf ("SELECT * FROM `%s` WHERE `%s` = '%s'", $table, $field_search, $condition);
|
||||
}
|
||||
$sql .= ' LIMIT 1';
|
||||
|
||||
return get_db_row_sql ($sql);
|
||||
$result = get_db_all_rows_sql ($sql);
|
||||
|
||||
return $result[0];
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -1336,21 +1301,12 @@ function get_db_row ($table, $field_search, $condition) {
|
|||
*
|
||||
* @param sql SQL statement to execute
|
||||
* @param field Field number to get, beggining by 0. Default: 0
|
||||
*
|
||||
* @param cache Cache the query while generating this page. Default: 1
|
||||
* @return The selected field of the first row in a select statement.
|
||||
*/
|
||||
function get_db_sql ($sql, $field = 0) {
|
||||
global $config;
|
||||
|
||||
$result = mysql_query ($sql);
|
||||
if (! $result) {
|
||||
echo '<strong>Error:</strong> get_db_sql ("'.$sql.'") :'. mysql_error ().'<br />';
|
||||
return NULL;
|
||||
}
|
||||
if ($row = mysql_fetch_array ($result))
|
||||
return $row[$field];
|
||||
|
||||
return NULL;
|
||||
$row = get_db_all_rows_sql($sql);
|
||||
return $row[0][$field];
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -1362,18 +1318,26 @@ function get_db_sql ($sql, $field = 0) {
|
|||
*/
|
||||
function get_db_all_rows_sql ($sql) {
|
||||
global $config;
|
||||
$retval = array ();
|
||||
$result = mysql_query ($sql);
|
||||
global $sql_cache;
|
||||
$retval = array();
|
||||
|
||||
if (! $result) {
|
||||
echo mysql_error ();
|
||||
return array();
|
||||
if($sql_cache[$sql]) {
|
||||
$retval = $sql_cache[$sql];
|
||||
$sql_cache[saved]++;
|
||||
} else {
|
||||
$result = mysql_query($sql);
|
||||
if (!$result) {
|
||||
echo '<strong>Error:</strong> get_db_all_rows_sql ("'.$sql.'") :'. mysql_error ().'<br />';
|
||||
return $retval;
|
||||
}
|
||||
while ($row = mysql_fetch_array ($result)) {
|
||||
array_push ($retval, $row);
|
||||
}
|
||||
$sql_cache[$sql] = $retval;
|
||||
}
|
||||
while ($row = mysql_fetch_array ($result)) {
|
||||
array_push ($retval, $row);
|
||||
}
|
||||
|
||||
return $retval;
|
||||
if(!empty($retval))
|
||||
return $retval;
|
||||
return ""; //Return empty because NULL is a possible database value
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -1384,10 +1348,11 @@ function get_db_all_rows_sql ($sql) {
|
|||
* @return A matrix with all the values in the table
|
||||
*/
|
||||
function get_db_all_rows_in_table ($table, $order_field = "") {
|
||||
if ($order_field != "")
|
||||
return get_db_all_rows_sql ('SELECT * FROM ' . $table . " ORDER BY $order_field ");
|
||||
else
|
||||
return get_db_all_rows_sql ('SELECT * FROM '.$table);
|
||||
if ($order_field != "") {
|
||||
return get_db_all_rows_sql("SELECT * FROM `".$table."` ORDER BY `".$order_field."` ");
|
||||
} else {
|
||||
return get_db_all_rows_sql("SELECT * FROM `".$table."`");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ foreach ($groups as $id_group => $group_name) {
|
|||
continue;
|
||||
|
||||
$total_agents += $agents;
|
||||
$group_info = array ('agent' => 0,
|
||||
$group_info = array ('agent' => $agents,
|
||||
'ok' => 0,
|
||||
'bad' => 0,
|
||||
'alerts' => 0,
|
||||
|
|
|
|||
Loading…
Reference in New Issue