From 60fd02fefc1ebf7ca5cb9faff7aa8c758faa2cf2 Mon Sep 17 00:00:00 2001
From: mdtrooper <tres.14159@gmail.com>
Date: Tue, 9 Mar 2010 16:59:23 +0000
Subject: [PATCH] 2010-03-09  Miguel de Dios  <miguel.dedios@artica.es>

	* index.php: changed the deprecated var $REMOTE_ADDR for standar
	$_SERVER['REMOTE_ADDR']. I forget in the last commit.

	* operation/gis_maps/render_view.php, operation/gis_maps/index.php,
	operation/menu.php, godmode/gis_maps/configure_gis_map.php: fix the ACL
	and add in other sites of source code.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@2496 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
 pandora_console/ChangeLog                             |  9 +++++++++
 .../godmode/gis_maps/configure_gis_map.php            | 10 +++++++++-
 pandora_console/index.php                             | 11 +++++------
 pandora_console/operation/gis_maps/index.php          |  2 +-
 pandora_console/operation/gis_maps/render_view.php    |  8 +++++++-
 pandora_console/operation/menu.php                    |  2 +-
 6 files changed, 32 insertions(+), 10 deletions(-)

diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog
index 0c084074ea..e5c9329f98 100644
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@@ -1,3 +1,12 @@
+2010-03-09  Miguel de Dios  <miguel.dedios@artica.es>
+
+	* index.php: changed the deprecated var $REMOTE_ADDR for standar
+	$_SERVER['REMOTE_ADDR']. I forget in the last commit.
+
+	* operation/gis_maps/render_view.php, operation/gis_maps/index.php,
+	operation/menu.php, godmode/gis_maps/configure_gis_map.php: fix the ACL
+	and add in other sites of source code.
+
 2010-03-09  Miguel de Dios  <miguel.dedios@artica.es>
 
 	* include/config_process.php, extensions/dbmanager.php,
diff --git a/pandora_console/godmode/gis_maps/configure_gis_map.php b/pandora_console/godmode/gis_maps/configure_gis_map.php
index cf1b6e3eb3..48b8298390 100644
--- a/pandora_console/godmode/gis_maps/configure_gis_map.php
+++ b/pandora_console/godmode/gis_maps/configure_gis_map.php
@@ -308,11 +308,19 @@ if (isset($invalidFields['map_connection_list'])) {
 	}
 }
 
+$listConnectionTemp = get_db_all_rows_sql("SELECT id_tmap_connection, conection_name, group_id FROM tgis_map_connection");
+$listConnection = array();
+foreach ($listConnectionTemp as $connectionTemp) {
+	if (check_acl ($config["id_user"], $connectionTemp['group_id'], "IW")) {
+		$listConnection[$connectionTemp['id_tmap_connection']] = $connectionTemp['conection_name'];
+	}
+}
+
 $table->data[1][0] =  __("Add Map connection") . print_help_tip (__('At least one map connection must be deffined, it will be possible to change betwwen the connections in the map'), true). ": " . $iconError;
 $table->data[1][1] = "<table class='databox' border='0' id='map_connection'>
 	<tr>
 		<td>
-			" . print_select_from_sql('SELECT id_tmap_connection, conection_name FROM tgis_map_connection', 'map_connection', '', '', '', '0', true) ."
+			" . print_select($listConnection, 'map_connection', '', '', '', '0', true) ."
 		</td>
 		<td>
 			<a href='javascript: addConnectionMap();'>" . print_image ("images/add.png", true) . "</a>
diff --git a/pandora_console/index.php b/pandora_console/index.php
index 2ad1aaa197..579a6ac318 100644
--- a/pandora_console/index.php
+++ b/pandora_console/index.php
@@ -110,7 +110,6 @@ echo '</head>'."\n";
 
 ob_start ('process_page_body');
 
-$REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
 $config["remote_addr"] = $_SERVER['REMOTE_ADDR'];
 
 $sec2 = get_parameter_get ('sec2');
@@ -136,12 +135,12 @@ if (! isset ($config['id_user']) && isset ($_GET["loginhash"])) {
 	$loginhash_user = get_parameter("loginhash_user", "");
 	
 	if ($loginhash_data == md5($loginhash_user.$config["loginhash_pwd"])) {
-		logon_db ($loginhash_user, $REMOTE_ADDR);
+		logon_db ($loginhash_user, $_SERVER['REMOTE_ADDR']);
 		$_SESSION['id_usuario'] = $loginhash_user;
 		$config["id_user"] = $loginhash_user;
 	} else {
 		require_once ('general/login_page.php');
-		audit_db ("system", $REMOTE_ADDR, "Logon Failed (loginhash", "");
+		audit_db ("system", $_SERVER['REMOTE_ADDR'], "Logon Failed (loginhash", "");
 		while (@ob_end_flush ());
 		exit ("</html>");
 	}
@@ -161,7 +160,7 @@ if (! isset ($config['id_user']) && isset ($_GET["loginhash"])) {
 	if ($nick !== false) {
 		unset ($_GET["sec2"]);
 		$_GET["sec"] = "general/logon_ok";
-		logon_db ($nick, $REMOTE_ADDR);
+		logon_db ($nick, $_SERVER['REMOTE_ADDR']);
 		$_SESSION['id_usuario'] = $nick;
 		$config['id_user'] = $nick;
 		//Remove everything that might have to do with people's passwords or logins
@@ -182,7 +181,7 @@ if (! isset ($config['id_user']) && isset ($_GET["loginhash"])) {
 		// User not known
 		$login_failed = true;
 		require_once ('general/login_page.php');
-		audit_db ($nick, $REMOTE_ADDR, "Logon Failed", "Invalid login: ".$nick);
+		audit_db ($nick, $_SERVER['REMOTE_ADDR'], "Logon Failed", "Invalid login: ".$nick);
 		while (@ob_end_flush ());
 		exit ("</html>");
 	}
@@ -197,7 +196,7 @@ if (! isset ($config['id_user']) && isset ($_GET["loginhash"])) {
 if (isset ($_GET["bye"])) {
 	include ("general/logoff.php");
 	$iduser = $_SESSION["id_usuario"];
-	logoff_db ($iduser, $REMOTE_ADDR);
+	logoff_db ($iduser, $_SERVER['REMOTE_ADDR']);
 	// Unregister Session (compatible with 5.2 and 6.x, old code was deprecated
 	unset($_SESSION['id_usuario']);
 	unset($iduser);
diff --git a/pandora_console/operation/gis_maps/index.php b/pandora_console/operation/gis_maps/index.php
index fabe3c2fc5..c942231113 100644
--- a/pandora_console/operation/gis_maps/index.php
+++ b/pandora_console/operation/gis_maps/index.php
@@ -47,7 +47,7 @@ if ($maps !== false) {
 		$rowPair = !$rowPair;
 		$iterator++;
 		
-		if (!give_acl ($config["id_user"], $map["group_id"], "AR")) {
+		if (!check_acl ($config["id_user"], $map["group_id"], "IR")) {
 			continue;
 		}
 		$data = array ();
diff --git a/pandora_console/operation/gis_maps/render_view.php b/pandora_console/operation/gis_maps/render_view.php
index 71825b5060..e64d025b61 100644
--- a/pandora_console/operation/gis_maps/render_view.php
+++ b/pandora_console/operation/gis_maps/render_view.php
@@ -28,6 +28,12 @@ $show_history = get_parameter ('show_history', 'n');
 $map = get_db_row ('tgis_map', 'id_tgis_map', $idMap);
 $confMap = getMapConf($idMap);
 
+if (! check_acl ($config['id_user'], $map['group_id'], "IR")) {
+	audit_db ($config['id_user'], $_SERVER['REMOTE_ADDR'], "ACL Violation", "Trying to access map builder");
+	require ("general/noaccess.php");
+	return;
+}
+
 $num_baselayer=0;
 // Initialy there is no Gmap base layer.
 $gmap_layer = false;
@@ -88,7 +94,7 @@ else {
 		print_image ("images/normalscreen.png", true, array ("title" => __('Back to normal mode'))) . "</a>";
 }
 
-if (give_acl ($config["id_user"], $map['group_id'], "AW"))
+if (check_acl ($config["id_user"], $map['group_id'], "IW"))
 	$buttons [] = '<a href="index.php?sec=godgismaps&sec2=godmode/gis_maps/configure_gis_map&action=edit_map&map_id='. $idMap.'">'.print_image ("images/setup.png", true, array ("title" => __('Setup'))).'</a>';
 	
 $buttonsString = '<a href="index.php?sec=estado&amp;sec2=operation/agentes/ver_agente&amp;id_agente=3"><img src="images/bricks.png" class="top" border="0">&nbsp; Agent&nbsp;-&nbsp;test_gis1</a></li></ul></div><div id="menu_tab"><ul class="mn"><li class="nomn"><a href="index.php?sec=gagente&amp;sec2=godmode/agentes/configurar_agente&amp;id_agente=3"><img src="images/setup.png" class="top" title="Manage" border="0" width="16">&nbsp;</a></li><li class="nomn_high"><a href="index.php?sec=estado&amp;sec2=operation/agentes/ver_agente&amp;id_agente=3"><img src="images/monitor.png" class="top" title="Main" border="0">&nbsp;</a></li><li class="nomn"><a href="index.php?sec=estado&amp;sec2=operation/agentes/ver_agente&amp;id_agente=3&amp;tab=data"><img src="images/lightbulb.png" class="top" title="Data" border="0">&nbsp;</a></li><li class="nomn"><a href="index.php?sec=estado&amp;sec2=operation/agentes/ver_agente&amp;id_agente=3&amp;tab=alert"><img src="images/bell.png" class="top" title="Alerts" border="0">&nbsp;</a></li><li class="nomn"><a href="index.php?sec=estado&amp;sec2=operation/agentes/ver_agente&amp;tab=sla&amp;id_agente=3"><img src="images/images.png" class="top" title="S.L.A." border="0">&nbsp;</a></li><li class="nomn"><a href="index.php?sec=estado&amp;sec2=operation/agentes/estado_agente&amp;group_id=2"><img src="images/agents_group.png" class="top" title="Group" border="0">&nbsp;</a></li><li class="nomn"><a href="index.php?sec=estado&amp;sec2=operation/agentes/ver_agente&amp;tab=inventory&amp;id_agente=3"><img src="images/page_white_text.png" class="top" title="Inventory" border="0" width="16">&nbsp;</a></li><li class="nomn"><a href="index.php?sec=estado&amp;sec2=operation/agentes/ver_agente&amp;tab=gis&amp;id_agente=3"><img src="images/world.png" class="top" title="GIS data" border="0">&nbsp;</a>';
diff --git a/pandora_console/operation/menu.php b/pandora_console/operation/menu.php
index 4fe00aba11..457887161d 100644
--- a/pandora_console/operation/menu.php
+++ b/pandora_console/operation/menu.php
@@ -78,7 +78,7 @@ if (give_acl ($config['id_user'], 0, "AR")) {
 		$id = (int) get_parameter ('id', -1);
 		
 		foreach ($gisMaps as $gisMap) {
-			if (! give_acl ($config["id_user"], $gisMap["group_id"], "AR")) {
+			if (! check_acl ($config["id_user"], $gisMap["group_id"], "IR")) {
 				continue;
 			}
 			$sub["operation/gis_maps/render_view&amp;map_id=".$gisMap["id_tgis_map"]]["text"] = mb_substr ($gisMap["map_name"], 0, 15);