2008-06-09 Sancho Lerena <slerena@gmail.com>

* operation/agentes/status_monitor.php,
        operation/agentes/estado_agente.php: Data was presented for users with
        access to specific groups (fixed also in 1.3.1 branch). Fixed.

        * godmode/users/configure_user.php: Better management of password.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@846 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f

pandora_console/ChangeLog

@@ -1,10 +1,21 @@
+2008-06-09  Sancho Lerena <slerena@gmail.com>
+
+        * operation/agentes/status_monitor.php, 
+        operation/agentes/estado_agente.php: Data was presented for users with
+        access to specific groups (fixed also in 1.3.1 branch).
+
+        * godmode/users/configure_user.php: Better management of password.  
+
 2008-06-09  Ramon Novoa  <rnovoa@artica.es>
 
 	* pandoradb_data.sql: Added missing parenthesis.
+
 	* include/styles/pandora.css: Added style for the remote configuration
 	  editor.
+
 	* godmode/agentes/agent_disk_conf_editor.php: Added to repository.
 	  Remote configuration editor.
+
 	* godmode/agentes/agent_manager.php: Added support to edit remote
 	  agent configurations.
 

pandora_console/godmode/users/configure_user.php

@@ -2,7 +2,7 @@
 // Pandora - the Free monitoring system
 // ====================================
 // Copyright (c) 2004-2006 Sancho Lerena, slerena@gmail.com
-// Copyright (c) 2005-2006 Artica Soluciones Tecnol<EFBFBD>gicas S.L, info@artica.es
+// Copyright (c) 2005-2006 Artica Soluciones Tecnologicas S.L, info@artica.es
 // Copyright (c) 2004-2006 Raul Mateos Martin, raulofpandora@gmail.com
 // This program is free software; you can redistribute it and/or
 // modify it under the terms of the GNU General Public License
@@ -26,6 +26,7 @@ if (comprueba_login() == 0)
 	$direccion = "";
 	$telefono = "";
 	$password = "";
+    $password2 = "";
 	$id_usuario_mio = "";
 	$nombre_real = "";
 	$nivel = 0;
@@ -53,7 +54,8 @@ if (comprueba_login() == 0)
 			exit;
 			}
 		else
-		$password=$rowdup["password"];
+		$password="";
+        $password2="";
 		$comentarios=$rowdup["comentarios"];
 		$direccion=$rowdup["direccion"];
 		$telefono=$rowdup["telefono"]; 
@@ -80,7 +82,7 @@ if (comprueba_login() == 0)
 			$telefono = entrada_limpia($_POST["telefono"]);
 			$comentarios = entrada_limpia($_POST["comentarios"]);
 			
-			if (dame_password($nombre_viejo)!=$password){
+            if ($password != ""){
 				$password=md5($password);
 				$sql = "UPDATE tusuario SET nombre_real ='".$nombre_real."', id_usuario ='".$nombre."', password = '".$password."', telefono ='".$telefono."', direccion ='".$direccion." ', nivel = '".$nivel."', comentarios = '".$comentarios."' WHERE id_usuario = '".$nombre_viejo."'";
 			}
@@ -103,7 +105,8 @@ if (comprueba_login() == 0)
 			$id_usuario_mio = $nombre;
 			$resq1=mysql_query($query1);
 			$rowdup=mysql_fetch_array($resq1);
-			$password=$rowdup["password"];
+			$password="";
+            $password2= "";
 			$comentarios=$rowdup["comentarios"];
 			$direccion=$rowdup["direccion"];
 			$telefono=$rowdup["telefono"]; 
@@ -144,6 +147,8 @@ if (comprueba_login() == 0)
 			}
 		$id_usuario_mio = $nombre;
 		$modo ="edicion";
+        $password = "";
+        $password2 = "";
 	}
 		echo "<h2>".$lang_label["user_management"]." &gt; ";
 		if (isset($_GET["alta"])){
@@ -169,11 +174,18 @@ if (comprueba_login() == 0)
 	<td class="datos"><input type="text" name="nombre" value="<?php echo $id_usuario_mio ?>"></td>
 	<tr><td class="datos2"><?php echo $lang_label["real_name"] ?>
 	<td class="datos2"><input type="text" name="nombre_real" value="<?php echo $nombre_real ?>"></td>
-	<tr><td class="datos"><?php echo $lang_label["password"] ?>
+
-	<td class="datos"><input type="password" name="pass1" value="<?php echo $password ?>"></td>
+<?PHP
-	<tr><td class="datos2"><?php echo $lang_label["password"] ?> - <?php echo $lang_label["confirmation"] ?></td>
+    echo '<tr><td class="datos">';
-	<td class="datos2"><input type="password" name="pass2" value="<?php echo $password ?>"></td>
+    echo lang_string ("password");
-	<tr><td class="datos">E-Mail</td>
+    echo '<td class="datos">';
+    echo '<input type="password" name="pass1" value="'.$password.'"></td>';
+    echo '<tr><td class="datos2">';
+    echo lang_string ("password"). " ". lang_string ("confirmation").'</td>';
+	echo '<td class="datos">';
+    echo '<input type="password" name="pass2" value="'.$password2.'"></td>';
+	echo '<tr><td class="datos">E-Mail</td>';
+?>
 	<td class="datos"><input type="text" name="direccion" size="40" value="<?php echo $direccion ?>"></td>
 	<tr><td class="datos2"><?php echo $lang_label["telefono"] ?></td>
 	<td class="datos2"><input type="text" name="telefono" value="<?php echo $telefono ?>"></td>

pandora_console/operation/agentes/estado_agente.php

@@ -93,19 +93,35 @@ if (comprueba_login() == 0) {
 	// Show only selected groups	
 	if ($ag_group > 1){
 		$sql="SELECT * FROM tagente WHERE id_grupo=$ag_group
-		AND disabled = 0 $search_sql ORDER BY nombre LIMIT $offset, ".$config['block_size'];
+		AND disabled = 0 $search_sql ORDER BY nombre LIMIT $offset, ".$config["block_size"];
 		$sql2="SELECT COUNT(id_agente) FROM tagente WHERE id_grupo=$ag_group 
 		AND disabled = 0 $search_sql ORDER BY nombre";
+		
+	// Not selected any specific group
 	} else {
         // Is admin user ??
         if (get_db_sql ("SELECT * FROM tusuario WHERE id_usuario ='$id_user'", "nivel") == 1){
-                        $sql="SELECT * FROM tagente WHERE disabled = 0 $search_sql ORDER BY nombre, id_grupo LIMIT $offset, ".$config['block_size'];
+                $sql="SELECT * FROM tagente WHERE disabled = 0 $search_sql ORDER BY nombre, id_grupo LIMIT $offset, $block_size";
                 $sql2="SELECT COUNT(id_agente) FROM tagente WHERE disabled = 0 $search_sql ORDER BY nombre, id_grupo";
+
+        // standard user
+        } else {
+            
+            // User has explicit permission on group 1 ?
+            $all_group = get_db_sql ("SELECT COUNT(id_grupo) FROM tusuario_perfil WHERE id_usuario='$id_user' AND id_grupo = 1");
+
+            if ($all_group > 0){
+                $sql="SELECT * FROM tagente WHERE disabled = 0 $search_sql 
+                ORDER BY nombre, id_grupo LIMIT $offset, ".$config["block_size"];
+                $sql2="SELECT COUNT(id_agente) FROM tagente WHERE disabled = 0 $search_sql  
+                ORDER BY nombre, id_grupo";
             } else {
 		        $sql="SELECT * FROM tagente WHERE disabled = 0 $search_sql AND id_grupo IN (SELECT id_grupo FROM tusuario_perfil WHERE id_usuario='$id_user') 
-		        ORDER BY nombre, id_grupo LIMIT $offset, ".$config['block_size'];
+		        ORDER BY nombre, id_grupo LIMIT $offset,".$config["block_size"];
 		        $sql2="SELECT COUNT(id_agente) FROM tagente WHERE disabled = 0 $search_sql AND id_grupo IN (SELECT id_grupo  FROM tusuario_perfil WHERE id_usuario='$id_user') ORDER BY nombre, id_grupo";
             }
+            
+        }
 	}
 
 	$result2=mysql_query($sql2);

pandora_console/operation/agentes/status_monitor.php

@@ -110,6 +110,12 @@ $SQL = " FROM tagente, tagente_modulo WHERE tagente.id_agente = tagente_modulo.i
 // Agent group selector
 if ($ag_group > 1)
     $SQL .=" AND tagente.id_grupo = ".$ag_group;
+else {
+     // User has explicit permission on group 1 ?
+    $all_group = get_db_sql ("SELECT COUNT(id_grupo) FROM tusuario_perfil WHERE id_usuario='$id_user' AND id_grupo = 1");
+    if ($all_group == 0)
+        $SQL .=" AND tagente.id_grupo IN (SELECT id_grupo FROM tusuario_perfil WHERE id_usuario='$id_user') ";
+}
 
 // Module name selector
 // This code thanks for an idea from Nikum, nikun_h@hotmail.com
@@ -121,7 +127,6 @@ if ($ag_freestring != "")
     $SQL .= " AND ( tagente_modulo.nombre LIKE '%".$ag_freestring."%' OR tagente_modulo.descripcion LIKE '%".$ag_freestring."%') ";
 $SQL .= " ORDER BY tagente.id_grupo, tagente.nombre";
 
-
 // Build final SQL sentences
 $SQL_FINAL = $SQL_pre . $SQL;
 $SQL_COUNT = $SQL_pre_count . $SQL;