From 89fbb48b112029cc1ed3d10a0e3b363df4406a5e Mon Sep 17 00:00:00 2001
From: guruevi <noreply@pandorafms.org>
Date: Mon, 17 Nov 2008 15:49:29 +0000
Subject: [PATCH] 2008-11-17  Evi Vanoost  <vanooste@rcbi.rochester.edu>

	* operations/snmpconsole/snmp_view.php: Removed
	lang_string references in favor of __ ()

	* index.php: Style updates and function name update

	* include/functions_db.php: Removed lang_string function

	* include/functions.php: parameter_extra_clean is now
	safe_url_extraclean. Also updated it slightly

	* godmode/admin_access_logs: Updated for style and speed

git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1248 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
 pandora_console/ChangeLog                     |  14 ++
 pandora_console/godmode/admin_access_logs.php | 155 ++++++++----------
 pandora_console/include/functions.php         |  11 +-
 pandora_console/include/functions_db.php      |  12 --
 pandora_console/index.php                     |  31 ++--
 .../operation/snmpconsole/snmp_view.php       |  12 +-
 6 files changed, 109 insertions(+), 126 deletions(-)

diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog
index b71ce3168a..f47a1c47f7 100644
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@@ -1,3 +1,17 @@
+2008-11-17  Evi Vanoost  <vanooste@rcbi.rochester.edu>
+
+	* operations/snmpconsole/snmp_view.php: Removed 
+	lang_string references in favor of __ ()
+	
+	* index.php: Style updates and function name update
+	
+	* include/functions_db.php: Removed lang_string function
+	
+	* include/functions.php: parameter_extra_clean is now 
+	safe_url_extraclean. Also updated it slightly
+	
+	* godmode/admin_access_logs: Updated for style and speed
+
 2008-11-17  Jorge Gonzalez  <jorgegonz@svn.gnome.org>
 
 	* pandoradb_data.sql: Added Danish to available languages.
diff --git a/pandora_console/godmode/admin_access_logs.php b/pandora_console/godmode/admin_access_logs.php
index 38a0e7549f..ab3bca87fd 100644
--- a/pandora_console/godmode/admin_access_logs.php
+++ b/pandora_console/godmode/admin_access_logs.php
@@ -16,7 +16,8 @@
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 // Load global vars
-require("include/config.php");
+
+require_once ("include/config.php");
 
 check_login ();
 
@@ -28,106 +29,84 @@ if (! give_acl ($config['id_user'], 0, "PM")) {
 }
 
 echo "<h2>".__('Pandora audit')." &gt ".__('Review Logs')."</h2>";
-if (isset ($_GET["offset"]))
-	$offset=$_GET["offset"];
-else
-	$offset=0;
+$offset = get_parameter ("offset", 0);
+$tipo_log = get_parameter ("tipo_log", 'all');
 
-echo "<table width=100%>";
-echo "<tr><td>";
-echo "<table cellpadding='4' cellspacing='4' class='databox'>";
-echo "<tr><td colspan='2' valign='top'>";
-echo "<h3>".__('Filter')."</h3></td></tr>";
-// Manage GET/POST parameter for subselect on action type. POST parameter are proccessed before GET parameter (if passed)
-if (isset ($_GET["tipo_log"])) {
-	$tipo_log = $_GET["tipo_log"];
-	$tipo_log_select = " WHERE accion='".$tipo_log."' ";
-} elseif (isset ($_POST["tipo_log"])) {
-	$tipo_log = $_POST["tipo_log"];
-	if ($tipo_log == "-1"){
-		$tipo_log_select = "";
-		unset($tipo_log);
-	} else {
-		$tipo_log_select = " WHERE accion='".$tipo_log."' ";
-	}
-} else {
-	$tipo_log_select= "";
+echo '<div style="width:450px; float:left;">';
+echo '<h3>'.__('Filter').'</h3>';
+
+// generate select
+
+$rows = get_db_all_rows_sql ("SELECT DISTINCT(accion) FROM tsesion");
+if (empty ($rows)) {
+	$rows = array ();
 }
-// generate select 
 
-echo "<form name='query_sel' method='post' action='index.php?sec=godmode&sec2=godmode/admin_access_logs'>";
-echo "<tr><td>".__('Action')."</td><td valign='middle'>";
-echo "<select name='tipo_log' onChange='javascript:this.form.submit();'>";
-if (isset($tipo_log)) {
-	echo "<option>".$tipo_log."</option>";
+$actions = array ();
+
+foreach ($rows as $row) {
+	$actions[$row["accion"]] = $row["accion"]; 
 }
-echo "<option value='-1'>".__('All')."</option>";
-$sql3="SELECT DISTINCT (accion) FROM `tsesion`"; 
-// Prepare index for pagination
-$result3=mysql_query($sql3);
-while ($row3=mysql_fetch_array($result3)){
-	if (isset($tipo_log)) {
-		if ($tipo_log != $row3[0]) {
-			echo "<option value='".$row3[0]."'>".$row3[0]."</option>";
-		}
-	} else {
-		echo "<option value='".$row3[0]."'>".$row3[0]."</option>";
-	}
+	
+echo '<form name="query_sel" method="post" action="index.php?sec=godmode&sec2=godmode/admin_access_logs">';
+echo __('Action').': ';
+print_select ($actions, 'tipo_log', $tipo_log, 'this.form.submit();', __('All'), 'all');
+echo '<br /><noscript><input name="uptbutton" type="submit" class="sub" value="'.__('Show').'"></noscript>';
+echo '</form></div>';
+
+echo '<div style="width:300px; height:140px; float:left;">';
+echo '<img src="reporting/fgraph.php?tipo=user_activity&width=300&height=140" />';
+echo '</div><div style="clear:both;">&nbsp;</div>';
+
+$filter = '';
+if ($tipo_log != 'all') {
+	$filter = sprintf (" WHERE accion = '%s'", $tipo_log);
 }
-echo "</select>";
-echo "<td valign='middle'><noscript><input name='uptbutton' type='submit' class='sub' value='".__('Show')."'></noscript>";
-echo "</table></form>";
 
-echo "</td><td align='right'>";
-echo "<img src='reporting/fgraph.php?tipo=user_activity&width=300&height=140'>";
-echo "</table>";
+$sql = "SELECT COUNT(*) FROM tsesion".$filter;
+$count = get_db_sql ($sql);
+$url = "index.php?sec=godmode&sec2=godmode/admin_access_logs&tipo_log=".$tipo_log;
 
-$sql2="SELECT COUNT(*) FROM tsesion ".$tipo_log_select." ORDER BY fecha DESC";
-$result2=mysql_query($sql2);
-$row2=mysql_fetch_array($result2);
-$counter = $row2[0];
-if (isset ($tipo_log))
-	$url = "index.php?sec=godmode&sec2=godmode/admin_access_logs&tipo_log=".$tipo_log;
-else
-	$url = "index.php?sec=godmode&sec2=godmode/admin_access_logs";
+pagination ($count, $url, $offset);
 
-// Prepare query and pagination
-$query1 = "SELECT * FROM tsesion " . $tipo_log_select." ORDER BY fecha DESC"; 
-if ( $counter > $config["block_size"]) {
-	pagination ($counter, $url, $offset);
-	$query1 .= " LIMIT $offset , ".$config["block_size"];
+
+$sql = sprintf ("SELECT * FROM tsesion%s ORDER BY fecha DESC LIMIT %d, %d", $filter, $offset, $config["block_size"]);
+$result = get_db_all_rows_sql ($sql);
+
+if (empty ($result)) {
+	$result = array ();
 }
-$result=mysql_query($query1);
 
-// table header
-echo '<table cellpadding="4" cellspacing="4" width="700" class="databox">';
-echo '<tr>';
-echo '<th width="80px">'.__('User').'</th>';
-echo '<th>'.__('Action').'</th>';
-echo '<th width="130px">'.__('Date').'</th>';
-echo '<th width="100px">'.__('Source IP').'</th>';
-echo '<th width="200px">'.__('Comments').'</th>';
+$table->cellpadding = 4;
+$table->cellspacing = 4;
+$table->width = 700;
+$table->class = "databox";
+$table->size = array ();
+$table->data = array ();
+$table->head = array ();
+
+$table->head[0] = __('User');
+$table->head[1] = __('Action');
+$table->head[2] = __('Date');
+$table->head[3] = __('Source IP');
+$table->head[4] = __('Comments');
+
+$table->size[0] = 80;
+$table->size[2] = 130;
+$table->size[3] = 100;
+$table->size[4] = 200;
 
-$color=1;
 // Get data
-while ($row=mysql_fetch_array($result)) {
-	if ($color == 1){
-		$tdcolor = "datos";
-		$color = 0;
-	}
-	else {
-		$tdcolor = "datos2";
-		$color = 1;
-	}
-	echo '<tr><td class="'.$tdcolor.'_id">'.$row["ID_usuario"];
-	echo '<td class="'.$tdcolor.'">'.$row["accion"];
-	echo '<td class="'.$tdcolor.'f9">'.$row["fecha"];
-	echo '<td class="'.$tdcolor.'f9">'.$row["IP_origen"];
-	echo '<td class="'.$tdcolor.'">'.$row["descripcion"];
-	echo '</tr>';
+foreach ($result as $row) {
+	$data = array ();
+	$data[0] = $row["ID_usuario"];
+	$data[1] = $row["accion"];
+	$data[2] = $row["fecha"];
+	$data[3] = $row["IP_origen"];
+	$data[4] = $row["descripcion"];
+	array_push ($table->data, $data);
 }
 
-// end table
-echo "</table>"; 
+print_table ($table);
 
 ?>
diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php
index 5c84ae7c03..51e7e4ecd5 100644
--- a/pandora_console/include/functions.php
+++ b/pandora_console/include/functions.php
@@ -148,15 +148,18 @@ function entrada_limpia ($string) {
  * 
  * @return 
  */
-function parameter_extra_clean ($string) {
+function safe_url_extraclean ($string) {
 	/* Clean "://" from the strings
 	 See: http://seclists.org/lists/incidents/2004/Jul/0034.html
 	*/
 	$pos = strpos ($string, "://");
-	if ($pos != 0)
-		$string = substr_replace ($string, "", $pos, +3);
+	if ($pos != 0) {
+		//Strip the string from (protocol[://] to protocol[://] + 125 chars)
+		$string = substr ($string, $pos + 3, $pos + 128);
+	} else {
+		$string = substr ($string, 0, 125);
+	}
 	/* Strip the string to 125 characters */
-	$string = substr_replace ($string, "", 125);
 	return preg_replace ('/[^a-z0-9_\/]/i', '', $string);
 }
 
diff --git a/pandora_console/include/functions_db.php b/pandora_console/include/functions_db.php
index 2d887a4065..b2f0613ab3 100644
--- a/pandora_console/include/functions_db.php
+++ b/pandora_console/include/functions_db.php
@@ -1898,18 +1898,6 @@ function __ ($string) {
 	return $l10n->translate ($string);
 }
 
-/** 
- * Get a translated string. (DEPRECATED IN FAVOR OF __ )
- * Calls to the __ function will automatically be picked up by the translators
- * 
- * @param string String to translate
- * 
- * @return The translated string. If not defined, the same string will be returned
- */
-function lang_string ($string) {
-	return __ ($string);
-}
-
 /** 
  * Get the numbers of servers up.
  *
diff --git a/pandora_console/index.php b/pandora_console/index.php
index 692c17fcaf..daa69b3fef 100644
--- a/pandora_console/index.php
+++ b/pandora_console/index.php
@@ -28,32 +28,32 @@ global $pandora_version;
 // Set to 1 to do not check for installer or config file (for development!).
 $develop_bypass = 0;
 
-if ($develop_bypass != 1){
+if ($develop_bypass != 1) {
 	// If no config file, automatically try to install
-	if (! file_exists("include/config.php")){
-		if (!file_exists("install.php")){
+	if (! file_exists ("include/config.php")) {
+		if (! file_exists ("install.php")) {
 			include ("general/error_noconfig.php");
 			exit;
-		} else
+		} else {
 			include ("install.php");
-		exit;
+			exit;
+		}
 	}
 	// Check for installer presence
-	if (file_exists("install.php")){
+	if (file_exists ("install.php")) {
 		include "general/error_install.php";
 		exit;
 	}
 	// Check perms for config.php
-	if ((substr(sprintf('%o', fileperms('include/config.php')), -4) != "0600") &&
-	    (substr(sprintf('%o', fileperms('include/config.php')), -4) != "0660") &&
-	    (substr(sprintf('%o', fileperms('include/config.php')), -4) != "0640"))
-	{
+	if ((substr (sprintf ('%o', fileperms('include/config.php')), -4) != "0600") &&
+	    (substr (sprintf ('%o', fileperms('include/config.php')), -4) != "0660") &&
+	    (substr (sprintf ('%o', fileperms('include/config.php')), -4) != "0640")) {
 		include "general/error_perms.php";
 		exit;
 	}
 }
 
-if ((! file_exists("include/config.php")) || (! is_readable("include/config.php"))){
+if ((! file_exists("include/config.php")) || (! is_readable("include/config.php"))) {
 	include ("general/error_noconfig.php");
 	exit;
 }
@@ -78,7 +78,7 @@ $config["pure"] = get_parameter ("pure", 0);
 
 // Auto Refresh page
 $intervalo = get_parameter ("refr", 0);
-if ($intervalo > 0){
+if ($intervalo > 0) {
 	// Agent selection filters and refresh
 	$query = 'http' . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE ? 's': '') . '://' . $_SERVER['SERVER_NAME'];
 	if ($_SERVER['SERVER_PORT'] != 80 && (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE && $_SERVER['SERVER_PORT'] != 443))
@@ -209,13 +209,13 @@ $sec2 = "";
 $sec = "";
 if (isset ($_GET["sec2"])) {
 	$sec2 = get_parameter_get ('sec2');
-	$sec2 = parameter_extra_clean ($sec2);
+	$sec2 = safe_url_extraclean ($sec2);
 	$page = $sec2;
 }
 
 if (isset ($_GET["sec"])) {
 	$sec = get_parameter_get ('sec');
-	$sec = parameter_extra_clean ($sec);
+	$sec = safe_url_extraclean ($sec);
 	$page = $sec2;
 }
 
@@ -277,5 +277,4 @@ if ($config["pure"] == 0) {
 }
 
 echo '</body></html>';
-
-?>
+?>
\ No newline at end of file
diff --git a/pandora_console/operation/snmpconsole/snmp_view.php b/pandora_console/operation/snmpconsole/snmp_view.php
index 6ec0be2bd1..2c7b32bcf0 100644
--- a/pandora_console/operation/snmpconsole/snmp_view.php
+++ b/pandora_console/operation/snmpconsole/snmp_view.php
@@ -145,23 +145,23 @@ if ($config["pure"] == 1) {
 }
 
 // Agent select
-$table->data[0][0] = '<strong>'.lang_string ('Agent').'</strong>';
+$table->data[0][0] = '<strong>'.__('Agent').'</strong>';
 $table->data[0][1] = print_select ($agents, 'filter_agent', $filter_agent, 'javascript:this.form.submit();', __('All'), '', true);
 
 // OID select
-$table->data[0][2] = '<strong>'.lang_string ('OID').'</strong>';
+$table->data[0][2] = '<strong>'.__('OID').'</strong>';
 $table->data[0][3] = print_select ($oids, 'filter_oid', $filter_oid, 'javascript:this.form.submit();', __('All'), '', true);
 
 // Alert status select
-$table->data[1][0] = '<strong>' . __('Alert') . '</strong>';
+$table->data[1][0] = '<strong>'.__('Alert').'</strong>';
 $table->data[1][1] = print_select ($alerted, "filter_fired", $filter_fired, 'javascript:this.form.submit();', __('All'), '-1', true);
 
 // String search_string
-$table->data[1][2] = '<strong>' . __('Search value') . '</strong>';
+$table->data[1][2] = '<strong>'.__('Search value').'</strong>';
 $table->data[1][3] = print_input_text ('search_string', $search_string, '', 25, 0, true);
 
 // Block size for pagination select
-$table->data[2][0] = '<strong>' . __('Block size for pagination') . '</strong>';
+$table->data[2][0] = '<strong>'.__('Block size for pagination').'</strong>';
 $lpagination[25]=25;
 $lpagination[50]=50;
 $lpagination[100]=100;
@@ -170,7 +170,7 @@ $lpagination[500]=500;
 $table->data[2][1] = print_select ($lpagination, "pagination", $config["block_size"], 'javascript:this.form.submit();', __('Default'), $config["block_size"], true);
 
 // Severity select
-$table->data[2][2] = '<strong>'.lang_string ('Severity').'</strong>';
+$table->data[2][2] = '<strong>'.__('Severity').'</strong>';
 $table->data[2][3] = print_select ($severities, 'filter_severity', $filter_severity, 'javascript:this.form.submit();', __('All'), -1, true);
 
 print_table ($table);