tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-29 00:34:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

2008-07-15 Esteban Sanchez <estebans@artica.es>

Browse Source 
* ChangeLog: Fixed some indentation and lines length issues. Fixed
        also some filepaths.

        * include/functions_db.php: Tab and blankspaces correction. Limit the
        query to one result in get_db_value() and get_db_row().



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@954 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
Esteban Sanchez 2008-07-15 21:29:28 +00:00
parent 086ec57b3c
commit 0bb314ff41
2 changed files with 101 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
pandora_console/ChangeLog
View File

@ -1,43 +1,65 @@
2008-07-15 Esteban Sanchez <estebans@artica.es>
* ChangeLog: Fixed some indentation and lines length issues. Fixed
also some filepaths.
* include/functions_db.php: Tab and blankspaces correction. Limit the
query to one result in get_db_value() and get_db_row().
2008-07-13 Evi Vanoost <vanooste@rcbi.rochester.edu> 2008-07-13 Evi Vanoost <vanooste@rcbi.rochester.edu>
* pandora_console/general/logon_ok.php: Made the query use sprintf (for security purposes) * pandora_console/general/logon_ok.php: Made the query use sprintf
(for security purposes).
* pandora_console/include/functions_db.php: Made all the database queries relying on a single query function for simpler management * include/functions_db.php: Made all the database queries relying on a
Also made sure that no functions returned NULL because NULL is a valid database value. single query function for simpler management. Also made sure that no
Also made a simple query cache array so that duplicate queries to generate a single page won't be repeated (ACL queries) functions returned NULL because NULL is a valid database value. Also
Also updated some other queries and functions (see the diff) and removed some old code made a simple query cache array so that duplicate queries to generate
a single page won't be repeated (ACL queries). Also updated some other
queries and functions (see the diff) and removed some old code.
* pandora_console/estado_grupo.php: Now with working agents counter! * operation/agentes/estado_grupo.php: Now with working agents counter!
* pandora_console/general/footer.php: Just made a fancy counter that displays how much queries weren't duplicated (90 on some pages!!) * general/footer.php: Just made a fancy counter that displays how much
queries weren't duplicated (90 on some pages!!)
2008-07-12 Evi Vanoost <vanooste@rcbi.rochester.edu> 2008-07-12 Evi Vanoost <vanooste@rcbi.rochester.edu>
* pandora_console/operation/agentes/networkmap.php: Some minor bugfixes introduced with my changes yesterday * operation/agentes/networkmap.php: Some minor bugfixes introduced
with my changes yesterday.
* pandora_console/general/links_menu.php: 2 queries for a menu? Changed it to a single query. * pandora_console/general/links_menu.php: 2 queries for a menu?
This list will likely never be empty - if it is, Links section won't be generated Changed it to a single query. This list will likely never be empty -
if it is, Links section won't be generated.
* pandora_console/general/logon_ok.php: Updated the queries to go faster. * general/logon_ok.php: Updated the queries to go faster. Changed the
Changed the timestamp calculation to an indexed query using utimestamp and UNIXTIME(NOW())-604800 timestamp calculation to an indexed query using utimestamp and
UNIXTIME(NOW())-604800
* pandora_console/images/networkmap/8.png: Added the Mac OS X icon.. * images/networkmap/8.png: Added the Mac OS X icon..
2008-07-11 Evi Vanoost <vanooste@rcbi.rochester.edu> 2008-07-11 Evi Vanoost <vanooste@rcbi.rochester.edu>
* pandora_console/operation/agentes/estado_grupo.php: Fixed the issue where all data was 0-ed out. There was an if-then-else construction that wasn't working well * operation/agentes/estado_grupo.php: Fixed the issue where all data
was 0-ed out. There was an if-then-else construction that wasn't
working well.
* pandora_console/operation/agentes/networkmap.php: Made more extensive error messages that explains WHY it wasn't generating. * operation/agentes/networkmap.php: Made more extensive error messages
Then also made it so the image is cached instead of regenerated every time (currently hardcoded at 5 min.). that explains WHY it wasn't generating. Then also made it so the image
is cached instead of regenerated every time (currently hardcoded at 5
min.).
2008-07-10 Evi Vanoost <vanooste@rcbi.rochester.edu> 2008-07-10 Evi Vanoost <vanooste@rcbi.rochester.edu>
* pandora_console/operation/agentes/estado_grupo.php: Fixed some extra spaces that made the URL look ugly * operation/agentes/estado_grupo.php: Fixed some extra spaces that
made the URL look ugly.
* pandora_console/operation/agentes/status_monitor.php: Made a nested SQL query out of the flagging operation, much faster now. * operation/agentes/status_monitor.php: Made a nested SQL query out of
There is still a bug here that I was trying to fix. Everything is 0-ed on this page. I will find out why tomorrow the flagging operation, much faster now. There is still a bug here
that I was trying to fix. Everything is 0-ed on this page. I will find
out why tomorrow.
* pandora_console/images/console/background: Added some backgrounds * images/console/background: Added some backgrounds
2008-07-10 Sancho Lerena <slerena@gmail.com> 2008-07-10 Sancho Lerena <slerena@gmail.com>
@ -84,7 +106,7 @@
2008-07-09 Evi Vanoost <vanooste@rcbi.rochester.edu> 2008-07-09 Evi Vanoost <vanooste@rcbi.rochester.edu>
* pandoradb.sql: Updated indexes * pandoradb.sql: Updated indexes
2008-07-09 Sancho LErena <slerena@gmail.com> 2008-07-09 Sancho LErena <slerena@gmail.com>
@ -98,19 +120,19 @@
2008-07-08 Evi Vanoost <vanooste@rcbi.rochester.edu> 2008-07-08 Evi Vanoost <vanooste@rcbi.rochester.edu>
* pandora/console/install.php: Added mysql_error debugging that can be u * pandora/console/install.php: Added mysql_error debugging that can
ncommented when something goes wrong for clearer troubleshooting be uncommented when something goes wrong for clearer troubleshooting.
* pandora_console/pandoradb_data.sql: Fixed a line that had an extra semi * pandora_console/pandoradb_data.sql: Fixed a line that had an extra
colon (;) which caused the installer to fail semicolon (;) which caused the installer to fail.
* pandora_console/index.php: Fixed the code that displays the custom CSS * pandora_console/index.php: Fixed the code that displays the custom
code. Now the Console looks good. CSS code. Now the Console looks good.
* pandora_console/general/header.php: Fixed the Autorefresh code. Now the * pandora_console/general/header.php: Fixed the Autorefresh code. Now
Autorefresh link switches correctly between grey and white instead of staying w the Autorefresh link switches correctly between grey and white instead
hite. Also fixed the autorefresh in case that there is no correct $_SERVER['REQU of staying whte. Also fixed the autorefresh in case that there is no
EST_URI'] so that it doesn't go 404. correct $_SERVER['REQUEST_URI'] so that it doesn't go 404.
2008-07-08 Sancho Lerena <slerena@artica.es> 2008-07-08 Sancho Lerena <slerena@artica.es>

95
pandora_console/include/functions_db.php
View File

@ -21,21 +21,21 @@
* @return 0 on success * @return 0 on success
*/ */
function check_login () { function check_login () {
global $config; global $config;
if (!isset($config["homedir"])){ if (!isset($config["homedir"])){
// No exists $config. Exit inmediatly // No exists $config. Exit inmediatly
include("general/noaccess.php"); include("general/noaccess.php");
exit; exit;
} }
if ((isset($_SESSION["id_usuario"])) AND ($_SESSION["id_usuario"] != "")) { if ((isset($_SESSION["id_usuario"])) AND ($_SESSION["id_usuario"] != "")) {
$id = get_db_value("id_usuario","tusuario","id_usuario",$_SESSION["id_usuario"]); $id = get_db_value("id_usuario","tusuario","id_usuario",$_SESSION["id_usuario"]);
if ( $_SESSION["id_usuario"] == $id ){ if ( $_SESSION["id_usuario"] == $id) {
return 0; return 0;
} }
} }
audit_db("N/A", getenv("REMOTE_ADDR"), "No session", "Trying to access without a valid session"); audit_db("N/A", getenv("REMOTE_ADDR"), "No session", "Trying to access without a valid session");
include ($config["homedir"]."/general/noaccess.php"); include ($config["homedir"]."/general/noaccess.php");
exit; exit;
} }
@ -61,20 +61,21 @@ function check_login () {
* @return 1 if the user has privileges, 0 if not. * @return 1 if the user has privileges, 0 if not.
**/ **/
function give_acl ($id_user, $id_group, $access) { function give_acl ($id_user, $id_group, $access) {
// IF user is level = 1 then always return 1 // IF user is level = 1 then always return 1
global $config; global $config;
$nivel = get_db_value("nivel","tusuario","id_usuario",$id_user); $nivel = get_db_value("nivel","tusuario","id_usuario",$id_user);
if ($nivel == 1) { if ($nivel == 1) {
return 1; return 1;
//Apparently nivel is 1 if user has full admin access //Apparently nivel is 1 if user has full admin access
} }
//Joined multiple queries into one. That saves on the query overhead and query cache. //Joined multiple queries into one. That saves on the query overhead and query cache.
if ($id_group == 0) { if ($id_group == 0) {
$query1=sprintf("SELECT `tperfil`.`incident_view`,`tperfil`.`incident_edit`,`tperfil`.`incident_management`,`tperfil`.`agent_view`,`tperfil`.`agent_edit`,`tperfil`.`alert_edit`,`tperfil`.`alert_management`,`tperfil`.`pandora_management`,`tperfil`.`db_management`,`tperfil`.`user_management` FROM `tusuario_perfil`,`tperfil` WHERE `tusuario_perfil`.`id_perfil` = `tperfil`.`id_perfil` AND `tusuario_perfil`.`id_usuario` = '%s'",$id_user); //GroupID = 0, access doesnt matter (use with caution!) - Any user gets access to group 0 $query1=sprintf("SELECT `tperfil`.`incident_view`,`tperfil`.`incident_edit`,`tperfil`.`incident_management`,`tperfil`.`agent_view`,`tperfil`.`agent_edit`,`tperfil`.`alert_edit`,`tperfil`.`alert_management`,`tperfil`.`pandora_management`,`tperfil`.`db_management`,`tperfil`.`user_management` FROM `tusuario_perfil`,`tperfil` WHERE `tusuario_perfil`.`id_perfil` = `tperfil`.`id_perfil` AND `tusuario_perfil`.`id_usuario` = '%s'",$id_user);
} else { //GroupID = 0, access doesnt matter (use with caution!) - Any user gets access to group 0
$query1=sprintf("SELECT `tperfil`.`incident_view`,`tperfil`.`incident_edit`,`tperfil`.`incident_management`,`tperfil`.`agent_view`,`tperfil`.`agent_edit`,`tperfil`.`alert_edit`,`tperfil`.`alert_management`,`tperfil`.`pandora_management`,`tperfil`.`db_management`,`tperfil`.`user_management` FROM `tusuario_perfil`,`tperfil` WHERE `tusuario_perfil`.`id_perfil` = `tperfil`.`id_perfil` } else {
$query1=sprintf("SELECT `tperfil`.`incident_view`,`tperfil`.`incident_edit`,`tperfil`.`incident_management`,`tperfil`.`agent_view`,`tperfil`.`agent_edit`,`tperfil`.`alert_edit`,`tperfil`.`alert_management`,`tperfil`.`pandora_management`,`tperfil`.`db_management`,`tperfil`.`user_management` FROM `tusuario_perfil`,`tperfil` WHERE `tusuario_perfil`.`id_perfil` = `tperfil`.`id_perfil`
AND `tusuario_perfil`.`id_usuario` = '%s' AND (`tusuario_perfil`.`id_grupo` = '%d' OR `tusuario_perfil`.`id_grupo`= 1)",$id_user,$id_group); AND `tusuario_perfil`.`id_usuario` = '%s' AND (`tusuario_perfil`.`id_grupo` = '%d' OR `tusuario_perfil`.`id_grupo`= 1)",$id_user,$id_group);
} }
@ -119,7 +120,7 @@ AND `tusuario_perfil`.`id_usuario` = '%s' AND (`tusuario_perfil`.`id_grupo` = '%
} }
if ($result > 1) if ($result > 1)
$result = 1; $result = 1;
return $result; return $result;
} }
/** /**
@ -1241,11 +1242,11 @@ $sql_cache=array('saved' => 0);
function get_db_value ($field, $table, $field_search=1, $condition=1){ function get_db_value ($field, $table, $field_search=1, $condition=1){
if (is_int ($condition)) { if (is_int ($condition)) {
$sql = sprintf ("SELECT %s FROM `%s` WHERE `%s` = '%d'", $field, $table, $field_search, $condition); $sql = sprintf ("SELECT %s FROM `%s` WHERE `%s` = '%d' LIMIT 1", $field, $table, $field_search, $condition);
} else if (is_float ($condition) || is_double ($condition)) { } else if (is_float ($condition) || is_double ($condition)) {
$sql = sprintf ("SELECT %s FROM `%s` WHERE `%s` = '%f'", $field, $table, $field_search, $condition); $sql = sprintf ("SELECT %s FROM `%s` WHERE `%s` = '%f' LIMIT 1", $field, $table, $field_search, $condition);
} else { } else {
$sql = sprintf ("SELECT %s FROM `%s` WHERE `%s` = '%s'", $field, $table, $field_search, $condition); $sql = sprintf ("SELECT %s FROM `%s` WHERE `%s` = '%s' LIMIT 1", $field, $table, $field_search, $condition);
} }
$sql .= " LIMIT 1"; $sql .= " LIMIT 1";
$result = get_db_all_rows_sql($sql); $result = get_db_all_rows_sql($sql);
@ -1283,11 +1284,11 @@ function get_db_row_sql ($sql) {
function get_db_row ($table, $field_search, $condition) { function get_db_row ($table, $field_search, $condition) {
if (is_int ($condition)) { if (is_int ($condition)) {
$sql = sprintf ("SELECT * FROM `%s` WHERE `%s` = '%d'", $table, $field_search, $condition); $sql = sprintf ("SELECT * FROM `%s` WHERE `%s` = '%d' LIMIT 1", $table, $field_search, $condition);
} else if (is_float ($condition) || is_double ($condition)) { } else if (is_float ($condition) || is_double ($condition)) {
$sql = sprintf ("SELECT * FROM `%s` WHERE `%s` = '%f'", $table, $field_search, $condition); $sql = sprintf ("SELECT * FROM `%s` WHERE `%s` = '%f' LIMIT 1", $table, $field_search, $condition);
} else { } else {
$sql = sprintf ("SELECT * FROM `%s` WHERE `%s` = '%s'", $table, $field_search, $condition); $sql = sprintf ("SELECT * FROM `%s` WHERE `%s` = '%s' LIMIT 1", $table, $field_search, $condition);
} }
$sql .= ' LIMIT 1'; $sql .= ' LIMIT 1';
@ -1318,25 +1319,25 @@ function get_db_sql ($sql, $field = 0) {
*/ */
function get_db_all_rows_sql ($sql) { function get_db_all_rows_sql ($sql) {
global $config; global $config;
global $sql_cache; global $sql_cache;
$retval = array(); $retval = array();
if($sql_cache[$sql]) { if($sql_cache[$sql]) {
$retval = $sql_cache[$sql]; $retval = $sql_cache[$sql];
$sql_cache[saved]++; $sql_cache[saved]++;
} else { } else {
$result = mysql_query($sql); $result = mysql_query($sql);
if (!$result) { if (!$result) {
echo '<strong>Error:</strong> get_db_all_rows_sql ("'.$sql.'") :'. mysql_error ().'<br />'; echo '<strong>Error:</strong> get_db_all_rows_sql ("'.$sql.'") :'. mysql_error ().'<br />';
return $retval; return $retval;
} }
while ($row = mysql_fetch_array ($result)) { while ($row = mysql_fetch_array ($result)) {
array_push ($retval, $row); array_push ($retval, $row);
} }
$sql_cache[$sql] = $retval; $sql_cache[$sql] = $retval;
} }
if(!empty($retval)) if(!empty($retval))
return $retval; return $retval;
return ""; //Return empty because NULL is a possible database value return ""; //Return empty because NULL is a possible database value
} }
@ -1408,7 +1409,7 @@ function return_status_agent_module ($id_agentmodule = 0){
$query2 = "SELECT SUM(times_fired) FROM talerta_agente_modulo WHERE id_agente_modulo = " . $id_agentmodule; $query2 = "SELECT SUM(times_fired) FROM talerta_agente_modulo WHERE id_agente_modulo = " . $id_agentmodule;
$resq2 = mysql_query($query2); $resq2 = mysql_query($query2);
if ($resq2 != 0) { if ($resq2 != 0) {
$rowdup2 = mysql_fetch_array ($resq2); $rowdup2 = mysql_fetch_array ($resq2);
if ($rowdup2[0] > 0){ if ($rowdup2[0] > 0){
return 0; return 0;
} }