2008-11-17 Evi Vanoost <vanooste@rcbi.rochester.edu>
* operations/snmpconsole/snmp_view.php: Removed lang_string references in favor of __ () * index.php: Style updates and function name update * include/functions_db.php: Removed lang_string function * include/functions.php: parameter_extra_clean is now safe_url_extraclean. Also updated it slightly * godmode/admin_access_logs: Updated for style and speed git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1248 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
parent
af6a758a9c
commit
89fbb48b11
|
@ -1,3 +1,17 @@
|
|||
2008-11-17 Evi Vanoost <vanooste@rcbi.rochester.edu>
|
||||
|
||||
* operations/snmpconsole/snmp_view.php: Removed
|
||||
lang_string references in favor of __ ()
|
||||
|
||||
* index.php: Style updates and function name update
|
||||
|
||||
* include/functions_db.php: Removed lang_string function
|
||||
|
||||
* include/functions.php: parameter_extra_clean is now
|
||||
safe_url_extraclean. Also updated it slightly
|
||||
|
||||
* godmode/admin_access_logs: Updated for style and speed
|
||||
|
||||
2008-11-17 Jorge Gonzalez <jorgegonz@svn.gnome.org>
|
||||
|
||||
* pandoradb_data.sql: Added Danish to available languages.
|
||||
|
|
|
@ -16,7 +16,8 @@
|
|||
// along with this program; if not, write to the Free Software
|
||||
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
// Load global vars
|
||||
require("include/config.php");
|
||||
|
||||
require_once ("include/config.php");
|
||||
|
||||
check_login ();
|
||||
|
||||
|
@ -28,106 +29,84 @@ if (! give_acl ($config['id_user'], 0, "PM")) {
|
|||
}
|
||||
|
||||
echo "<h2>".__('Pandora audit')." > ".__('Review Logs')."</h2>";
|
||||
if (isset ($_GET["offset"]))
|
||||
$offset=$_GET["offset"];
|
||||
else
|
||||
$offset=0;
|
||||
$offset = get_parameter ("offset", 0);
|
||||
$tipo_log = get_parameter ("tipo_log", 'all');
|
||||
|
||||
echo "<table width=100%>";
|
||||
echo "<tr><td>";
|
||||
echo "<table cellpadding='4' cellspacing='4' class='databox'>";
|
||||
echo "<tr><td colspan='2' valign='top'>";
|
||||
echo "<h3>".__('Filter')."</h3></td></tr>";
|
||||
// Manage GET/POST parameter for subselect on action type. POST parameter are proccessed before GET parameter (if passed)
|
||||
if (isset ($_GET["tipo_log"])) {
|
||||
$tipo_log = $_GET["tipo_log"];
|
||||
$tipo_log_select = " WHERE accion='".$tipo_log."' ";
|
||||
} elseif (isset ($_POST["tipo_log"])) {
|
||||
$tipo_log = $_POST["tipo_log"];
|
||||
if ($tipo_log == "-1"){
|
||||
$tipo_log_select = "";
|
||||
unset($tipo_log);
|
||||
} else {
|
||||
$tipo_log_select = " WHERE accion='".$tipo_log."' ";
|
||||
}
|
||||
} else {
|
||||
$tipo_log_select= "";
|
||||
echo '<div style="width:450px; float:left;">';
|
||||
echo '<h3>'.__('Filter').'</h3>';
|
||||
|
||||
// generate select
|
||||
|
||||
$rows = get_db_all_rows_sql ("SELECT DISTINCT(accion) FROM tsesion");
|
||||
if (empty ($rows)) {
|
||||
$rows = array ();
|
||||
}
|
||||
// generate select
|
||||
|
||||
echo "<form name='query_sel' method='post' action='index.php?sec=godmode&sec2=godmode/admin_access_logs'>";
|
||||
echo "<tr><td>".__('Action')."</td><td valign='middle'>";
|
||||
echo "<select name='tipo_log' onChange='javascript:this.form.submit();'>";
|
||||
if (isset($tipo_log)) {
|
||||
echo "<option>".$tipo_log."</option>";
|
||||
$actions = array ();
|
||||
|
||||
foreach ($rows as $row) {
|
||||
$actions[$row["accion"]] = $row["accion"];
|
||||
}
|
||||
echo "<option value='-1'>".__('All')."</option>";
|
||||
$sql3="SELECT DISTINCT (accion) FROM `tsesion`";
|
||||
// Prepare index for pagination
|
||||
$result3=mysql_query($sql3);
|
||||
while ($row3=mysql_fetch_array($result3)){
|
||||
if (isset($tipo_log)) {
|
||||
if ($tipo_log != $row3[0]) {
|
||||
echo "<option value='".$row3[0]."'>".$row3[0]."</option>";
|
||||
}
|
||||
} else {
|
||||
echo "<option value='".$row3[0]."'>".$row3[0]."</option>";
|
||||
}
|
||||
|
||||
echo '<form name="query_sel" method="post" action="index.php?sec=godmode&sec2=godmode/admin_access_logs">';
|
||||
echo __('Action').': ';
|
||||
print_select ($actions, 'tipo_log', $tipo_log, 'this.form.submit();', __('All'), 'all');
|
||||
echo '<br /><noscript><input name="uptbutton" type="submit" class="sub" value="'.__('Show').'"></noscript>';
|
||||
echo '</form></div>';
|
||||
|
||||
echo '<div style="width:300px; height:140px; float:left;">';
|
||||
echo '<img src="reporting/fgraph.php?tipo=user_activity&width=300&height=140" />';
|
||||
echo '</div><div style="clear:both;"> </div>';
|
||||
|
||||
$filter = '';
|
||||
if ($tipo_log != 'all') {
|
||||
$filter = sprintf (" WHERE accion = '%s'", $tipo_log);
|
||||
}
|
||||
echo "</select>";
|
||||
echo "<td valign='middle'><noscript><input name='uptbutton' type='submit' class='sub' value='".__('Show')."'></noscript>";
|
||||
echo "</table></form>";
|
||||
|
||||
echo "</td><td align='right'>";
|
||||
echo "<img src='reporting/fgraph.php?tipo=user_activity&width=300&height=140'>";
|
||||
echo "</table>";
|
||||
$sql = "SELECT COUNT(*) FROM tsesion".$filter;
|
||||
$count = get_db_sql ($sql);
|
||||
$url = "index.php?sec=godmode&sec2=godmode/admin_access_logs&tipo_log=".$tipo_log;
|
||||
|
||||
$sql2="SELECT COUNT(*) FROM tsesion ".$tipo_log_select." ORDER BY fecha DESC";
|
||||
$result2=mysql_query($sql2);
|
||||
$row2=mysql_fetch_array($result2);
|
||||
$counter = $row2[0];
|
||||
if (isset ($tipo_log))
|
||||
$url = "index.php?sec=godmode&sec2=godmode/admin_access_logs&tipo_log=".$tipo_log;
|
||||
else
|
||||
$url = "index.php?sec=godmode&sec2=godmode/admin_access_logs";
|
||||
pagination ($count, $url, $offset);
|
||||
|
||||
// Prepare query and pagination
|
||||
$query1 = "SELECT * FROM tsesion " . $tipo_log_select." ORDER BY fecha DESC";
|
||||
if ( $counter > $config["block_size"]) {
|
||||
pagination ($counter, $url, $offset);
|
||||
$query1 .= " LIMIT $offset , ".$config["block_size"];
|
||||
|
||||
$sql = sprintf ("SELECT * FROM tsesion%s ORDER BY fecha DESC LIMIT %d, %d", $filter, $offset, $config["block_size"]);
|
||||
$result = get_db_all_rows_sql ($sql);
|
||||
|
||||
if (empty ($result)) {
|
||||
$result = array ();
|
||||
}
|
||||
$result=mysql_query($query1);
|
||||
|
||||
// table header
|
||||
echo '<table cellpadding="4" cellspacing="4" width="700" class="databox">';
|
||||
echo '<tr>';
|
||||
echo '<th width="80px">'.__('User').'</th>';
|
||||
echo '<th>'.__('Action').'</th>';
|
||||
echo '<th width="130px">'.__('Date').'</th>';
|
||||
echo '<th width="100px">'.__('Source IP').'</th>';
|
||||
echo '<th width="200px">'.__('Comments').'</th>';
|
||||
$table->cellpadding = 4;
|
||||
$table->cellspacing = 4;
|
||||
$table->width = 700;
|
||||
$table->class = "databox";
|
||||
$table->size = array ();
|
||||
$table->data = array ();
|
||||
$table->head = array ();
|
||||
|
||||
$table->head[0] = __('User');
|
||||
$table->head[1] = __('Action');
|
||||
$table->head[2] = __('Date');
|
||||
$table->head[3] = __('Source IP');
|
||||
$table->head[4] = __('Comments');
|
||||
|
||||
$table->size[0] = 80;
|
||||
$table->size[2] = 130;
|
||||
$table->size[3] = 100;
|
||||
$table->size[4] = 200;
|
||||
|
||||
$color=1;
|
||||
// Get data
|
||||
while ($row=mysql_fetch_array($result)) {
|
||||
if ($color == 1){
|
||||
$tdcolor = "datos";
|
||||
$color = 0;
|
||||
}
|
||||
else {
|
||||
$tdcolor = "datos2";
|
||||
$color = 1;
|
||||
}
|
||||
echo '<tr><td class="'.$tdcolor.'_id">'.$row["ID_usuario"];
|
||||
echo '<td class="'.$tdcolor.'">'.$row["accion"];
|
||||
echo '<td class="'.$tdcolor.'f9">'.$row["fecha"];
|
||||
echo '<td class="'.$tdcolor.'f9">'.$row["IP_origen"];
|
||||
echo '<td class="'.$tdcolor.'">'.$row["descripcion"];
|
||||
echo '</tr>';
|
||||
foreach ($result as $row) {
|
||||
$data = array ();
|
||||
$data[0] = $row["ID_usuario"];
|
||||
$data[1] = $row["accion"];
|
||||
$data[2] = $row["fecha"];
|
||||
$data[3] = $row["IP_origen"];
|
||||
$data[4] = $row["descripcion"];
|
||||
array_push ($table->data, $data);
|
||||
}
|
||||
|
||||
// end table
|
||||
echo "</table>";
|
||||
print_table ($table);
|
||||
|
||||
?>
|
||||
|
|
|
@ -148,15 +148,18 @@ function entrada_limpia ($string) {
|
|||
*
|
||||
* @return
|
||||
*/
|
||||
function parameter_extra_clean ($string) {
|
||||
function safe_url_extraclean ($string) {
|
||||
/* Clean "://" from the strings
|
||||
See: http://seclists.org/lists/incidents/2004/Jul/0034.html
|
||||
*/
|
||||
$pos = strpos ($string, "://");
|
||||
if ($pos != 0)
|
||||
$string = substr_replace ($string, "", $pos, +3);
|
||||
if ($pos != 0) {
|
||||
//Strip the string from (protocol[://] to protocol[://] + 125 chars)
|
||||
$string = substr ($string, $pos + 3, $pos + 128);
|
||||
} else {
|
||||
$string = substr ($string, 0, 125);
|
||||
}
|
||||
/* Strip the string to 125 characters */
|
||||
$string = substr_replace ($string, "", 125);
|
||||
return preg_replace ('/[^a-z0-9_\/]/i', '', $string);
|
||||
}
|
||||
|
||||
|
|
|
@ -1898,18 +1898,6 @@ function __ ($string) {
|
|||
return $l10n->translate ($string);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get a translated string. (DEPRECATED IN FAVOR OF __ )
|
||||
* Calls to the __ function will automatically be picked up by the translators
|
||||
*
|
||||
* @param string String to translate
|
||||
*
|
||||
* @return The translated string. If not defined, the same string will be returned
|
||||
*/
|
||||
function lang_string ($string) {
|
||||
return __ ($string);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the numbers of servers up.
|
||||
*
|
||||
|
|
|
@ -28,32 +28,32 @@ global $pandora_version;
|
|||
// Set to 1 to do not check for installer or config file (for development!).
|
||||
$develop_bypass = 0;
|
||||
|
||||
if ($develop_bypass != 1){
|
||||
if ($develop_bypass != 1) {
|
||||
// If no config file, automatically try to install
|
||||
if (! file_exists("include/config.php")){
|
||||
if (!file_exists("install.php")){
|
||||
if (! file_exists ("include/config.php")) {
|
||||
if (! file_exists ("install.php")) {
|
||||
include ("general/error_noconfig.php");
|
||||
exit;
|
||||
} else
|
||||
} else {
|
||||
include ("install.php");
|
||||
exit;
|
||||
exit;
|
||||
}
|
||||
}
|
||||
// Check for installer presence
|
||||
if (file_exists("install.php")){
|
||||
if (file_exists ("install.php")) {
|
||||
include "general/error_install.php";
|
||||
exit;
|
||||
}
|
||||
// Check perms for config.php
|
||||
if ((substr(sprintf('%o', fileperms('include/config.php')), -4) != "0600") &&
|
||||
(substr(sprintf('%o', fileperms('include/config.php')), -4) != "0660") &&
|
||||
(substr(sprintf('%o', fileperms('include/config.php')), -4) != "0640"))
|
||||
{
|
||||
if ((substr (sprintf ('%o', fileperms('include/config.php')), -4) != "0600") &&
|
||||
(substr (sprintf ('%o', fileperms('include/config.php')), -4) != "0660") &&
|
||||
(substr (sprintf ('%o', fileperms('include/config.php')), -4) != "0640")) {
|
||||
include "general/error_perms.php";
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
if ((! file_exists("include/config.php")) || (! is_readable("include/config.php"))){
|
||||
if ((! file_exists("include/config.php")) || (! is_readable("include/config.php"))) {
|
||||
include ("general/error_noconfig.php");
|
||||
exit;
|
||||
}
|
||||
|
@ -78,7 +78,7 @@ $config["pure"] = get_parameter ("pure", 0);
|
|||
|
||||
// Auto Refresh page
|
||||
$intervalo = get_parameter ("refr", 0);
|
||||
if ($intervalo > 0){
|
||||
if ($intervalo > 0) {
|
||||
// Agent selection filters and refresh
|
||||
$query = 'http' . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE ? 's': '') . '://' . $_SERVER['SERVER_NAME'];
|
||||
if ($_SERVER['SERVER_PORT'] != 80 && (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE && $_SERVER['SERVER_PORT'] != 443))
|
||||
|
@ -209,13 +209,13 @@ $sec2 = "";
|
|||
$sec = "";
|
||||
if (isset ($_GET["sec2"])) {
|
||||
$sec2 = get_parameter_get ('sec2');
|
||||
$sec2 = parameter_extra_clean ($sec2);
|
||||
$sec2 = safe_url_extraclean ($sec2);
|
||||
$page = $sec2;
|
||||
}
|
||||
|
||||
if (isset ($_GET["sec"])) {
|
||||
$sec = get_parameter_get ('sec');
|
||||
$sec = parameter_extra_clean ($sec);
|
||||
$sec = safe_url_extraclean ($sec);
|
||||
$page = $sec2;
|
||||
}
|
||||
|
||||
|
@ -277,5 +277,4 @@ if ($config["pure"] == 0) {
|
|||
}
|
||||
|
||||
echo '</body></html>';
|
||||
|
||||
?>
|
||||
?>
|
|
@ -145,23 +145,23 @@ if ($config["pure"] == 1) {
|
|||
}
|
||||
|
||||
// Agent select
|
||||
$table->data[0][0] = '<strong>'.lang_string ('Agent').'</strong>';
|
||||
$table->data[0][0] = '<strong>'.__('Agent').'</strong>';
|
||||
$table->data[0][1] = print_select ($agents, 'filter_agent', $filter_agent, 'javascript:this.form.submit();', __('All'), '', true);
|
||||
|
||||
// OID select
|
||||
$table->data[0][2] = '<strong>'.lang_string ('OID').'</strong>';
|
||||
$table->data[0][2] = '<strong>'.__('OID').'</strong>';
|
||||
$table->data[0][3] = print_select ($oids, 'filter_oid', $filter_oid, 'javascript:this.form.submit();', __('All'), '', true);
|
||||
|
||||
// Alert status select
|
||||
$table->data[1][0] = '<strong>' . __('Alert') . '</strong>';
|
||||
$table->data[1][0] = '<strong>'.__('Alert').'</strong>';
|
||||
$table->data[1][1] = print_select ($alerted, "filter_fired", $filter_fired, 'javascript:this.form.submit();', __('All'), '-1', true);
|
||||
|
||||
// String search_string
|
||||
$table->data[1][2] = '<strong>' . __('Search value') . '</strong>';
|
||||
$table->data[1][2] = '<strong>'.__('Search value').'</strong>';
|
||||
$table->data[1][3] = print_input_text ('search_string', $search_string, '', 25, 0, true);
|
||||
|
||||
// Block size for pagination select
|
||||
$table->data[2][0] = '<strong>' . __('Block size for pagination') . '</strong>';
|
||||
$table->data[2][0] = '<strong>'.__('Block size for pagination').'</strong>';
|
||||
$lpagination[25]=25;
|
||||
$lpagination[50]=50;
|
||||
$lpagination[100]=100;
|
||||
|
@ -170,7 +170,7 @@ $lpagination[500]=500;
|
|||
$table->data[2][1] = print_select ($lpagination, "pagination", $config["block_size"], 'javascript:this.form.submit();', __('Default'), $config["block_size"], true);
|
||||
|
||||
// Severity select
|
||||
$table->data[2][2] = '<strong>'.lang_string ('Severity').'</strong>';
|
||||
$table->data[2][2] = '<strong>'.__('Severity').'</strong>';
|
||||
$table->data[2][3] = print_select ($severities, 'filter_severity', $filter_severity, 'javascript:this.form.submit();', __('All'), -1, true);
|
||||
|
||||
print_table ($table);
|
||||
|
|
Loading…
Reference in New Issue