diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index baa3c48ea1..e5ce62cf30 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,43 +1,65 @@ +2008-07-15 Esteban Sanchez + + * ChangeLog: Fixed some indentation and lines length issues. Fixed + also some filepaths. + + * include/functions_db.php: Tab and blankspaces correction. Limit the + query to one result in get_db_value() and get_db_row(). + 2008-07-13 Evi Vanoost - * pandora_console/general/logon_ok.php: Made the query use sprintf (for security purposes) + * pandora_console/general/logon_ok.php: Made the query use sprintf + (for security purposes). - * pandora_console/include/functions_db.php: Made all the database queries relying on a single query function for simpler management - Also made sure that no functions returned NULL because NULL is a valid database value. - Also made a simple query cache array so that duplicate queries to generate a single page won't be repeated (ACL queries) - Also updated some other queries and functions (see the diff) and removed some old code + * include/functions_db.php: Made all the database queries relying on a + single query function for simpler management. Also made sure that no + functions returned NULL because NULL is a valid database value. Also + made a simple query cache array so that duplicate queries to generate + a single page won't be repeated (ACL queries). Also updated some other + queries and functions (see the diff) and removed some old code. - * pandora_console/estado_grupo.php: Now with working agents counter! + * operation/agentes/estado_grupo.php: Now with working agents counter! - * pandora_console/general/footer.php: Just made a fancy counter that displays how much queries weren't duplicated (90 on some pages!!) + * general/footer.php: Just made a fancy counter that displays how much + queries weren't duplicated (90 on some pages!!) 2008-07-12 Evi Vanoost - * pandora_console/operation/agentes/networkmap.php: Some minor bugfixes introduced with my changes yesterday + * operation/agentes/networkmap.php: Some minor bugfixes introduced + with my changes yesterday. - * pandora_console/general/links_menu.php: 2 queries for a menu? Changed it to a single query. - This list will likely never be empty - if it is, Links section won't be generated + * pandora_console/general/links_menu.php: 2 queries for a menu? + Changed it to a single query. This list will likely never be empty - + if it is, Links section won't be generated. - * pandora_console/general/logon_ok.php: Updated the queries to go faster. - Changed the timestamp calculation to an indexed query using utimestamp and UNIXTIME(NOW())-604800 + * general/logon_ok.php: Updated the queries to go faster. Changed the + timestamp calculation to an indexed query using utimestamp and + UNIXTIME(NOW())-604800 - * pandora_console/images/networkmap/8.png: Added the Mac OS X icon.. + * images/networkmap/8.png: Added the Mac OS X icon.. 2008-07-11 Evi Vanoost - * pandora_console/operation/agentes/estado_grupo.php: Fixed the issue where all data was 0-ed out. There was an if-then-else construction that wasn't working well + * operation/agentes/estado_grupo.php: Fixed the issue where all data + was 0-ed out. There was an if-then-else construction that wasn't + working well. - * pandora_console/operation/agentes/networkmap.php: Made more extensive error messages that explains WHY it wasn't generating. - Then also made it so the image is cached instead of regenerated every time (currently hardcoded at 5 min.). + * operation/agentes/networkmap.php: Made more extensive error messages + that explains WHY it wasn't generating. Then also made it so the image + is cached instead of regenerated every time (currently hardcoded at 5 + min.). 2008-07-10 Evi Vanoost - * pandora_console/operation/agentes/estado_grupo.php: Fixed some extra spaces that made the URL look ugly + * operation/agentes/estado_grupo.php: Fixed some extra spaces that + made the URL look ugly. - * pandora_console/operation/agentes/status_monitor.php: Made a nested SQL query out of the flagging operation, much faster now. - There is still a bug here that I was trying to fix. Everything is 0-ed on this page. I will find out why tomorrow + * operation/agentes/status_monitor.php: Made a nested SQL query out of + the flagging operation, much faster now. There is still a bug here + that I was trying to fix. Everything is 0-ed on this page. I will find + out why tomorrow. - * pandora_console/images/console/background: Added some backgrounds + * images/console/background: Added some backgrounds 2008-07-10 Sancho Lerena @@ -84,7 +106,7 @@ 2008-07-09 Evi Vanoost - * pandoradb.sql: Updated indexes + * pandoradb.sql: Updated indexes 2008-07-09 Sancho LErena @@ -98,19 +120,19 @@ 2008-07-08 Evi Vanoost - * pandora/console/install.php: Added mysql_error debugging that can be u -ncommented when something goes wrong for clearer troubleshooting + * pandora/console/install.php: Added mysql_error debugging that can + be uncommented when something goes wrong for clearer troubleshooting. - * pandora_console/pandoradb_data.sql: Fixed a line that had an extra semi -colon (;) which caused the installer to fail + * pandora_console/pandoradb_data.sql: Fixed a line that had an extra + semicolon (;) which caused the installer to fail. - * pandora_console/index.php: Fixed the code that displays the custom CSS -code. Now the Console looks good. + * pandora_console/index.php: Fixed the code that displays the custom + CSS code. Now the Console looks good. - * pandora_console/general/header.php: Fixed the Autorefresh code. Now the - Autorefresh link switches correctly between grey and white instead of staying w -hite. Also fixed the autorefresh in case that there is no correct $_SERVER['REQU -EST_URI'] so that it doesn't go 404. + * pandora_console/general/header.php: Fixed the Autorefresh code. Now + the Autorefresh link switches correctly between grey and white instead + of staying whte. Also fixed the autorefresh in case that there is no + correct $_SERVER['REQUEST_URI'] so that it doesn't go 404. 2008-07-08 Sancho Lerena diff --git a/pandora_console/include/functions_db.php b/pandora_console/include/functions_db.php index 745166c112..3d4aba802d 100644 --- a/pandora_console/include/functions_db.php +++ b/pandora_console/include/functions_db.php @@ -21,21 +21,21 @@ * @return 0 on success */ function check_login () { - global $config; - if (!isset($config["homedir"])){ - // No exists $config. Exit inmediatly - include("general/noaccess.php"); - exit; - } - if ((isset($_SESSION["id_usuario"])) AND ($_SESSION["id_usuario"] != "")) { - $id = get_db_value("id_usuario","tusuario","id_usuario",$_SESSION["id_usuario"]); - if ( $_SESSION["id_usuario"] == $id ){ - return 0; - } - } - audit_db("N/A", getenv("REMOTE_ADDR"), "No session", "Trying to access without a valid session"); - include ($config["homedir"]."/general/noaccess.php"); - exit; + global $config; + if (!isset($config["homedir"])){ + // No exists $config. Exit inmediatly + include("general/noaccess.php"); + exit; + } + if ((isset($_SESSION["id_usuario"])) AND ($_SESSION["id_usuario"] != "")) { + $id = get_db_value("id_usuario","tusuario","id_usuario",$_SESSION["id_usuario"]); + if ( $_SESSION["id_usuario"] == $id) { + return 0; + } + } + audit_db("N/A", getenv("REMOTE_ADDR"), "No session", "Trying to access without a valid session"); + include ($config["homedir"]."/general/noaccess.php"); + exit; } @@ -61,20 +61,21 @@ function check_login () { * @return 1 if the user has privileges, 0 if not. **/ function give_acl ($id_user, $id_group, $access) { - // IF user is level = 1 then always return 1 + // IF user is level = 1 then always return 1 - global $config; - $nivel = get_db_value("nivel","tusuario","id_usuario",$id_user); - if ($nivel == 1) { - return 1; - //Apparently nivel is 1 if user has full admin access - } + global $config; + $nivel = get_db_value("nivel","tusuario","id_usuario",$id_user); + if ($nivel == 1) { + return 1; + //Apparently nivel is 1 if user has full admin access + } //Joined multiple queries into one. That saves on the query overhead and query cache. - if ($id_group == 0) { - $query1=sprintf("SELECT `tperfil`.`incident_view`,`tperfil`.`incident_edit`,`tperfil`.`incident_management`,`tperfil`.`agent_view`,`tperfil`.`agent_edit`,`tperfil`.`alert_edit`,`tperfil`.`alert_management`,`tperfil`.`pandora_management`,`tperfil`.`db_management`,`tperfil`.`user_management` FROM `tusuario_perfil`,`tperfil` WHERE `tusuario_perfil`.`id_perfil` = `tperfil`.`id_perfil` AND `tusuario_perfil`.`id_usuario` = '%s'",$id_user); //GroupID = 0, access doesnt matter (use with caution!) - Any user gets access to group 0 - } else { - $query1=sprintf("SELECT `tperfil`.`incident_view`,`tperfil`.`incident_edit`,`tperfil`.`incident_management`,`tperfil`.`agent_view`,`tperfil`.`agent_edit`,`tperfil`.`alert_edit`,`tperfil`.`alert_management`,`tperfil`.`pandora_management`,`tperfil`.`db_management`,`tperfil`.`user_management` FROM `tusuario_perfil`,`tperfil` WHERE `tusuario_perfil`.`id_perfil` = `tperfil`.`id_perfil` + if ($id_group == 0) { + $query1=sprintf("SELECT `tperfil`.`incident_view`,`tperfil`.`incident_edit`,`tperfil`.`incident_management`,`tperfil`.`agent_view`,`tperfil`.`agent_edit`,`tperfil`.`alert_edit`,`tperfil`.`alert_management`,`tperfil`.`pandora_management`,`tperfil`.`db_management`,`tperfil`.`user_management` FROM `tusuario_perfil`,`tperfil` WHERE `tusuario_perfil`.`id_perfil` = `tperfil`.`id_perfil` AND `tusuario_perfil`.`id_usuario` = '%s'",$id_user); + //GroupID = 0, access doesnt matter (use with caution!) - Any user gets access to group 0 + } else { + $query1=sprintf("SELECT `tperfil`.`incident_view`,`tperfil`.`incident_edit`,`tperfil`.`incident_management`,`tperfil`.`agent_view`,`tperfil`.`agent_edit`,`tperfil`.`alert_edit`,`tperfil`.`alert_management`,`tperfil`.`pandora_management`,`tperfil`.`db_management`,`tperfil`.`user_management` FROM `tusuario_perfil`,`tperfil` WHERE `tusuario_perfil`.`id_perfil` = `tperfil`.`id_perfil` AND `tusuario_perfil`.`id_usuario` = '%s' AND (`tusuario_perfil`.`id_grupo` = '%d' OR `tusuario_perfil`.`id_grupo`= 1)",$id_user,$id_group); } @@ -119,7 +120,7 @@ AND `tusuario_perfil`.`id_usuario` = '%s' AND (`tusuario_perfil`.`id_grupo` = '% } if ($result > 1) $result = 1; - return $result; + return $result; } /** @@ -1241,11 +1242,11 @@ $sql_cache=array('saved' => 0); function get_db_value ($field, $table, $field_search=1, $condition=1){ if (is_int ($condition)) { - $sql = sprintf ("SELECT %s FROM `%s` WHERE `%s` = '%d'", $field, $table, $field_search, $condition); + $sql = sprintf ("SELECT %s FROM `%s` WHERE `%s` = '%d' LIMIT 1", $field, $table, $field_search, $condition); } else if (is_float ($condition) || is_double ($condition)) { - $sql = sprintf ("SELECT %s FROM `%s` WHERE `%s` = '%f'", $field, $table, $field_search, $condition); + $sql = sprintf ("SELECT %s FROM `%s` WHERE `%s` = '%f' LIMIT 1", $field, $table, $field_search, $condition); } else { - $sql = sprintf ("SELECT %s FROM `%s` WHERE `%s` = '%s'", $field, $table, $field_search, $condition); + $sql = sprintf ("SELECT %s FROM `%s` WHERE `%s` = '%s' LIMIT 1", $field, $table, $field_search, $condition); } $sql .= " LIMIT 1"; $result = get_db_all_rows_sql($sql); @@ -1283,11 +1284,11 @@ function get_db_row_sql ($sql) { function get_db_row ($table, $field_search, $condition) { if (is_int ($condition)) { - $sql = sprintf ("SELECT * FROM `%s` WHERE `%s` = '%d'", $table, $field_search, $condition); + $sql = sprintf ("SELECT * FROM `%s` WHERE `%s` = '%d' LIMIT 1", $table, $field_search, $condition); } else if (is_float ($condition) || is_double ($condition)) { - $sql = sprintf ("SELECT * FROM `%s` WHERE `%s` = '%f'", $table, $field_search, $condition); + $sql = sprintf ("SELECT * FROM `%s` WHERE `%s` = '%f' LIMIT 1", $table, $field_search, $condition); } else { - $sql = sprintf ("SELECT * FROM `%s` WHERE `%s` = '%s'", $table, $field_search, $condition); + $sql = sprintf ("SELECT * FROM `%s` WHERE `%s` = '%s' LIMIT 1", $table, $field_search, $condition); } $sql .= ' LIMIT 1'; @@ -1318,25 +1319,25 @@ function get_db_sql ($sql, $field = 0) { */ function get_db_all_rows_sql ($sql) { global $config; - global $sql_cache; - $retval = array(); + global $sql_cache; + $retval = array(); if($sql_cache[$sql]) { - $retval = $sql_cache[$sql]; - $sql_cache[saved]++; + $retval = $sql_cache[$sql]; + $sql_cache[saved]++; } else { - $result = mysql_query($sql); - if (!$result) { - echo 'Error: get_db_all_rows_sql ("'.$sql.'") :'. mysql_error ().'
'; - return $retval; - } - while ($row = mysql_fetch_array ($result)) { - array_push ($retval, $row); - } + $result = mysql_query($sql); + if (!$result) { + echo 'Error: get_db_all_rows_sql ("'.$sql.'") :'. mysql_error ().'
'; + return $retval; + } + while ($row = mysql_fetch_array ($result)) { + array_push ($retval, $row); + } $sql_cache[$sql] = $retval; } if(!empty($retval)) - return $retval; + return $retval; return ""; //Return empty because NULL is a possible database value } @@ -1408,7 +1409,7 @@ function return_status_agent_module ($id_agentmodule = 0){ $query2 = "SELECT SUM(times_fired) FROM talerta_agente_modulo WHERE id_agente_modulo = " . $id_agentmodule; $resq2 = mysql_query($query2); if ($resq2 != 0) { - $rowdup2 = mysql_fetch_array ($resq2); + $rowdup2 = mysql_fetch_array ($resq2); if ($rowdup2[0] > 0){ return 0; }