2008-10-14 Esteban Sanchez <estebans@artica.es>
* operation/reporting/reporting_viewer.php,
operation/reporting/custom_reporting.php: Fixed checking of private
reports.
* operation/reporting/custom_reporting.php: Do not show reports that
user can not see.
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1148 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
Esteban Sanchez
parent
a508f64b7e
commit
4b1b4dc1cc
|
|
@ -1,3 +1,12 @@
|
||||||
|
2008-10-14 Esteban Sanchez <estebans@artica.es>
|
||||||
|
|
||||||
|
* operation/reporting/reporting_viewer.php,
|
||||||
|
operation/reporting/custom_reporting.php: Fixed checking of private
|
||||||
|
reports.
|
||||||
|
|
||||||
|
* operation/reporting/custom_reporting.php: Do not show reports that
|
||||||
|
user can not see.
|
||||||
|
|
||||||
2008-10-13 Sancho Lerena <slerena@artica.es>
|
2008-10-13 Sancho Lerena <slerena@artica.es>
|
||||||
|
|
||||||
* agent_disk_conf_editor.php: Now load enterprise code
|
* agent_disk_conf_editor.php: Now load enterprise code
|
||||||
|
|
|
||||||
|
|
@ -53,6 +53,10 @@ $table->align[3] = 'center';
|
||||||
$table->data = array ();
|
$table->data = array ();
|
||||||
|
|
||||||
foreach ($reports as $report) {
|
foreach ($reports as $report) {
|
||||||
|
if ($report['private'] && ($report['id_user'] != $config['id_user'] && ! dame_admin ($config['id_user']))) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
$data = array ();
|
$data = array ();
|
||||||
|
|
||||||
$data[0] = $report['name'];
|
$data[0] = $report['name'];
|
||||||
|
|
|
||||||
|
|
@ -42,7 +42,8 @@ if (! give_acl ($config['id_user'], $report['id_group'], "AR")) {
|
||||||
require ("include/functions_reporting.php");
|
require ("include/functions_reporting.php");
|
||||||
|
|
||||||
/* Check if the user can see the graph */
|
/* Check if the user can see the graph */
|
||||||
if ($report['id_user'] != $config['id_user'] && ! dame_admin ($config['id_user']) && ! $report['private']) {
|
if ($report['private'] && ($report['id_user'] != $config['id_user'] && ! dame_admin ($config['id_user']))) {
|
||||||
|
include ("general/noaccess.php");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -60,38 +60,36 @@ if (isset ($_GET["direct"])) {
|
||||||
$nick = get_parameter ("nick");
|
$nick = get_parameter ("nick");
|
||||||
$pass = get_parameter ("pass");
|
$pass = get_parameter ("pass");
|
||||||
|
|
||||||
// Connect to Database
|
$sql = sprintf("SELECT `id_usuario`, `password` FROM `tusuario` WHERE `id_usuario` = '%s'",$nick);
|
||||||
$sql = sprintf("SELECT `id_usuario`, `password` FROM `tusuario` WHERE `id_usuario` = '%s'",$nick);
|
$row = get_db_row_sql ($sql);
|
||||||
$row = get_db_row_sql ($sql);
|
|
||||||
|
|
||||||
// For every registry
|
// For every registry
|
||||||
if ($row !== false) {
|
if ($row !== false) {
|
||||||
if ($row["password"] == md5 ($pass)) {
|
if ($row["password"] == md5 ($pass)) {
|
||||||
// Login OK
|
// Login OK
|
||||||
// Nick could be uppercase or lowercase (select in MySQL
|
// Nick could be uppercase or lowercase (select in MySQL
|
||||||
// is not case sensitive)
|
// is not case sensitive)
|
||||||
// We get DB nick to put in PHP Session variable,
|
// We get DB nick to put in PHP Session variable,
|
||||||
// to avoid problems with case-sensitive usernames.
|
// to avoid problems with case-sensitive usernames.
|
||||||
// Thanks to David Muñiz for Bug discovery :)
|
// Thanks to David Muñiz for Bug discovery :)
|
||||||
$nick = $row["id_usuario"];
|
$nick = $row["id_usuario"];
|
||||||
update_user_contact ($nick);
|
update_user_contact ($nick);
|
||||||
$_SESSION['id_usuario'] = $nick;
|
$_SESSION['id_usuario'] = $nick;
|
||||||
$config['id_user'] = $nick;
|
$config['id_user'] = $nick;
|
||||||
unset ($_GET['pass'], $pass);
|
unset ($_GET['pass'], $pass);
|
||||||
} else {
|
} else {
|
||||||
// Login failed (bad password)
|
// Login failed (bad password)
|
||||||
echo "Logon failed";
|
echo "Logon failed";
|
||||||
audit_db ($nick, $_SERVER['REMOTE_ADDR'], "Logon Failed",
|
audit_db ($nick, $_SERVER['REMOTE_ADDR'], "Logon Failed",
|
||||||
"Incorrect password: " . $nick);
|
"Incorrect password: " . $nick);
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// User not known
|
// User not known
|
||||||
echo "Logon failed";
|
echo "Logon failed";
|
||||||
audit_db ($nick, $_SERVER['REMOTE_ADDR'], "Logon Failed",
|
audit_db ($nick, $_SERVER['REMOTE_ADDR'], "Logon Failed", "Invalid username: " . $nick);
|
||||||
"Invalid username: " . $nick);
|
exit;
|
||||||
exit;
|
}
|
||||||
}
|
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
require_once ("include/config.php");
|
require_once ("include/config.php");
|
||||||
|
|
@ -118,7 +116,7 @@ if (! give_acl ($config['id_user'], $report['id_group'], "AR")) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Check if the user can see the graph */
|
/* Check if the user can see the graph */
|
||||||
if ($report['id_user'] != $config['id_user'] && ! dame_admin ($config['id_user']) && ! $report['private']) {
|
if ($report['private'] && ($report['id_user'] != $config['id_user'] && ! dame_admin ($config['id_user']))) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue