From 8fad28d9468980efa8af8105904a748387466325 Mon Sep 17 00:00:00 2001
From: guruevi <noreply@pandorafms.org>
Date: Mon, 20 Oct 2008 17:25:37 +0000
Subject: [PATCH] 2008-10-20  Evi Vanoost  <vanooste@rcbi.rochester.edu>

        * pandoradb_data.sql, pandora_db.sql: id_npc was rendered unnecessary
        with the last rewrite of the profiles page and id_np should really be
        the key since that what we're selecting/sorting on.

        * operation/events/events.php: Fixed Bug #2174790 and fixed the
        brackets being in all the wrong places. Also added checks so that only
        admins can retrieve system events

        * include/functions_db.php: Added an option to get_user_groups so that
        other privileges than AR can be retrieved.

        * operation/visual_console/index.php: Added ACL check. Security issue
        reported in bug #2174790

        * operation/menu.php: Added ACL check. Security issue reported in bug
        #2174790


git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1177 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
 pandora_console/ChangeLog                     |  19 ++
 pandora_console/include/functions_db.php      |   8 +-
 pandora_console/operation/events/events.php   | 168 ++++++++++--------
 pandora_console/operation/menu.php            |  19 +-
 .../operation/visual_console/index.php        |  48 ++---
 .../operation/visual_console/render_view.php  |  14 +-
 pandora_console/pandoradb.sql                 |   7 +-
 pandora_console/pandoradb_data.sql            |  90 +++++-----
 8 files changed, 204 insertions(+), 169 deletions(-)

diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog
index 7226d678ef..57e9a0f8f1 100644
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@@ -1,3 +1,22 @@
+2008-10-20  Evi Vanoost  <vanooste@rcbi.rochester.edu>
+
+	* pandoradb_data.sql, pandora_db.sql: id_npc was rendered unnecessary
+	with the last rewrite of the profiles page and id_np should really be
+	the key since that what we're selecting/sorting on.
+
+	* operation/events/events.php: Fixed Bug #2174790 and fixed the
+	brackets being in all the wrong places. Also added checks so that only 
+	admins can retrieve system events
+
+	* include/functions_db.php: Added an option to get_user_groups so that
+	other privileges than AR can be retrieved.
+
+	* operation/visual_console/index.php: Added ACL check. Security issue
+	reported in bug #2174790
+
+	* operation/menu.php: Added ACL check. Security issue reported in bug
+	#2174790
+
 2008-10-20  Esteban Sanchez  <estebans@artica.es>
 
 	* operation/agentes/estado_agente.php: Checking if there are monitors
diff --git a/pandora_console/include/functions_db.php b/pandora_console/include/functions_db.php
index 7bc4718d62..3dffdd34b9 100644
--- a/pandora_console/include/functions_db.php
+++ b/pandora_console/include/functions_db.php
@@ -1078,10 +1078,10 @@ function list_users ($order = "nombre_real") {
  * Get all the groups a user has reading privileges.
  * 
  * @param id_user User id
- * 
- * @return A list of the groups the user has reading privileges.
+ * @param privilege The privilege to evaluate
+ * @return A list of the groups the user has certain privileges.
  */
-function get_user_groups ($id_user = 0) {
+function get_user_groups ($id_user = 0, $privilege = "AR") {
 	if ($id_user == 0) {
 		global $config;
 		$id_user = $config['id_user'];
@@ -1094,7 +1094,7 @@ function get_user_groups ($id_user = 0) {
 		return $user_groups;
 
 	foreach ($groups as $group) {
-		if (! give_acl ($id_user, $group["id_grupo"], "AR"))
+		if (! give_acl ($id_user, $group["id_grupo"], $privilege))
 			continue;
 		$user_groups[$group['id_grupo']] = $group['nombre'];
 	}
diff --git a/pandora_console/operation/events/events.php b/pandora_console/operation/events/events.php
index 30854215c0..e57ff403b5 100644
--- a/pandora_console/operation/events/events.php
+++ b/pandora_console/operation/events/events.php
@@ -165,23 +165,36 @@ if (isset ($_POST["updatebt"])) {
 // Get data
 
 $offset = (int) get_parameter ( "offset",0);
-$ev_group = (int) get_parameter ("ev_group", 0); // group
+$ev_group = (int) get_parameter ("ev_group", 1); //1 = all
 $search = get_parameter ("search", ""); // free search
 $event_type = get_parameter ("event_type", ''); // 0 all
 $severity = (int) get_parameter ("severity", -1); // -1 all
 $status = (int) get_parameter ("status", 0); // -1 all, 0 only red, 1 only green
-$id_agent = (int) get_parameter ("id_agent", -1);
+$id_agent = (int) get_parameter ("id_agent", -1); //-1 all, 0 system
 $id_event = (int) get_parameter ("id_event", -1);
 $pagination = (int) get_parameter ("pagination", $config["block_size"]);
 $config["block_size"] = $pagination;
+$groups = get_user_groups ($config["id_user"]);
+//Group selection
 
-$sql_post = "";
-if ($ev_group > 1)
-	$sql_post .= " AND id_grupo = $ev_group";
-if ($status == 1)
+if ($ev_group > 1 && in_array ($ev_group, array_keys ($groups))) {
+	//If a group is selected and it's in the groups allowed
+	$sql_post = " AND id_grupo = $ev_group";
+} elseif (dame_admin ($config["id_user"])) {
+	//Do nothing if you're admin, you get full access
+	$sql_post = "";
+	$groups[0] = __('System Events');
+} else {
+	//Otherwise select all groups the user has rights to.
+	$sql_post = " AND id_grupo IN (".implode (",", array_keys ($groups)).")";
+}
+
+if ($status == 1) {
 	$sql_post .= " AND estado = 1";
-if ($status == 0)
+} elseif ($status == 0) {
 	$sql_post .= " AND estado = 0";
+}
+
 if ($search != "")
 	$sql_post .= " AND evento LIKE '%$search%'";
 if ($event_type != "")
@@ -197,16 +210,15 @@ $url = "index.php?sec=eventos&sec2=operation/events/events&search=$search&event_
 
 echo "<h2>".__('Events')." &gt; ".__('Main event view'). "&nbsp";
 
-if ($config["pure"] == 1)
+if ($config["pure"] == 1) {
 	echo "<a target='_top' href='$url&pure=0'><img src='images/monitor.png' title='".__('Normal screen')."'></a>";
-else {
+} else {
 	// Fullscreen
 	echo "<a target='_top' href='$url&pure=1'><img src='images/monitor.png' title='".__('Full screen')."'></a>";
 }
 echo "</h2>";
-
-echo "<a href=\"javascript:;\" onmousedown=\"toggleDiv('event_control');\">";
-echo "<b>".__('Event control filter')." ".'<img src="images/wand.png"></A></b>';
+echo '<a href="javascript::" onmousedown="toggleDiv(\'event_control\');">';
+echo "<b>".__('Event control filter')." ".'<img src="images/wand.png" /></a></b>';
 
 if ($config["pure"] == 1) {
 	echo "<div id='event_control' style='display:none'>";
@@ -218,38 +230,35 @@ echo "<table width=99% cellpadding=0 cellspacing=2 border=0>";
 echo "<tr><td width=500>";
 
 // Table for filter controls
+echo "<form method='post' action='index.php?sec=eventos&sec2=operation/events/events&refr=60&pure=".$config["pure"]."'>";
 echo "<table width=500 cellpadding=4 cellspacing=4 class=databox>";
 echo "<tr>";
-echo "<form method='post' action='index.php?sec=eventos&sec2=operation/events/events&refr=60&id_agent=$id_agent&pure=".$config["pure"]."'>";
 
 // Group combo
 echo "<td>".__('Group')."</td>";
 echo "<td>";
-echo "<select name='ev_group' onChange='javascript:this.form.submit();' class='w130'>";
-if ( $ev_group > 1 ){
-	echo "<option value='".$ev_group."' selected>".dame_nombre_grupo ($ev_group)."</option>";
-}
-list_group ($config["id_user"]);
-echo "</select></td>";
+print_select ($groups, 'ev_group', $ev_group, 'javascript:this.form.submit();', '', 0, false, false, false, 'w130');
+echo "</td>";
 
 // Event type
 echo "<td>".__('Event type')."</td>";
 echo "<td>";
-print_select (get_event_types (), 'event_type', $event_type, '', 'All', '');
+print_select (get_event_types (), 'event_type', $event_type, '', __('All'), '');
 echo "</td></tr><tr>";
 
 // Severity
 echo "<td>".__('Severity')."</td>";
 echo "<td>";
-print_select (get_priorities (), "severity", $severity, '', 'All', '-1');
+print_select (get_priorities (), "severity", $severity, '', __('All'), '-1');
 
 // Status
 echo "</td><td>".__('Event status')."</td>";
 echo "<td>";
-$fields = array ( -1 => __('All event'), 
-		  1 => __('Only validated'),
-		  0 => __('Only pending') 
-		);
+$fields = array ();
+$fields[-1] = __('All event');
+$fields[1] = __('Only validated');
+$fields[0] = __('Only pending');
+
 print_select ($fields, 'status', $status, 'javascript:this.form.submit();', '', '');
 echo "</td></tr><tr>";
 
@@ -263,10 +272,17 @@ $sql = "SELECT DISTINCT(id_agente) FROM tevento WHERE 1=1 ".$sql_post;
 $result = get_db_all_rows_sql ($sql);
 if ($result === false)
 	$result = array();
-$agents = array(-1 => "All");
+$agents = array ();
+$agents[-1] = __('All');
+
+if (dame_admin ($config["id_user"])) {
+	$agents[0] = __('System');
+}
 
 foreach ($result as $id_row) {
-	$name_for_combo = substr(dame_nombre_agente ($id_row[0]),0,20);
+	$name_for_combo = "";
+	if ($id_row[0] > 0)
+		$name_for_combo = substr (strtolower (dame_nombre_agente ($id_row[0])),0,20);
 	if ($name_for_combo != "")
 		$agents[$id_row[0]] = $name_for_combo;
 }
@@ -285,12 +301,12 @@ $lpagination[200]=200;
 $lpagination[500]=500;
 
 echo "<td>";
-print_select ($lpagination, "pagination", $pagination, '', 'Default', $config["block_size"]);
+print_select ($lpagination, "pagination", $pagination, '', __('Default'), $config["block_size"]);
 echo "</td>";
 
 //The buttons
 echo '<td colspan="2">';
-print_submit_button (__('Update'), '', false, $attributes = 'class="sub upd"');
+print_submit_button (__('Update'), '', false, 'class="sub upd"');
 
 // CSV
 echo '&nbsp;&nbsp;&nbsp;
@@ -302,20 +318,17 @@ echo "&nbsp;<a target='_top' href='operation/events/events_marquee.php'><img src
 echo '&nbsp;<a target="_top" href="operation/events/events_rss.php?ev_group='.$ev_group.'&event_type='.$event_type.'&search='.$search.'&severity='.$severity.'&status='.$status.'&id_agent='.$id_agent.'"><img src="images/transmit.png" title="'.__('RSS Events').'"></a>';
 
 
-echo "</td></tr></table>";
-echo "</form>";
-echo "<td>";
-echo '<img src="reporting/fgraph.php?tipo=group_events&width=250&height=180&url='.rawurlencode($sql_post).'" border="0">'; //Don't rely on browsers to do this correctly
-echo "</td></tr></table>";
-echo "</div>";
+echo "</td></tr></table></form>";
+echo '<td><img src="reporting/fgraph.php?tipo=group_events&width=250&height=180&url='.rawurlencode($sql_post).'" border="0">'; //Don't rely on browsers to do this correctly
+echo "</td></tr></table></div>";
 
-$sql = "SELECT * FROM tevento WHERE 1=1 ".$sql_post." ORDER BY timestamp DESC LIMIT ".$offset.",".$config["block_size"];
+$sql = "SELECT * FROM tevento WHERE 1=1 ".$sql_post." ORDER BY utimestamp DESC LIMIT ".$offset.",".$config["block_size"];
 $result = get_db_all_rows_sql ($sql);
 $sql = "SELECT COUNT(id_evento) FROM tevento WHERE 1=1 ".$sql_post;
 $total_events = get_db_sql ($sql);
 
 // Show pagination header
-if ($total_events > 0){
+if ($total_events > 0) {
 
 	$offset = get_parameter ("offset",0);
 	pagination ($total_events, $url."&pure=".$config["pure"], $offset);		
@@ -348,7 +361,7 @@ if ($total_events > 0){
 	// Make query for data (all data, not only distinct).
 	foreach ($result as $row2) {
 		$id_grupo = $row2["id_grupo"];
-		if (give_acl($config["id_user"], $id_grupo, "AR") == 1){ // Only incident read access to view data !
+		if (give_acl($config["id_user"], $id_grupo, "AR") == 1) // Only incident read access to view data !
 			$id_group = $row2["id_grupo"];
 
 		switch ($row2["criticity"]) {
@@ -373,14 +386,15 @@ if ($total_events > 0){
 		$criticity_label = return_priority ($row2["criticity"]);
 		// Colored box 
 		echo "<tr><td class='$tdclass' title='$criticity_label' align='center'>";
-		if ($row2["estado"] == 0)
+		if ($row2["estado"] == 0) {
 			echo "<img src='images/pixel_red.png' width=20 height=35>";
-		else
+		} else {
 			echo "<img src='images/pixel_green.png' width=20 height=35>";
+		}
 
 		// Event type
 		echo "<td class='".$tdclass."' title='".$row2["event_type"]."'>";
-		switch ($row2["event_type"]){
+		switch ($row2["event_type"]) {
 		case "unknown": 
 			echo "<img src='images/err.png'>";
 			break;
@@ -438,50 +452,48 @@ if ($total_events > 0){
 			echo "<td class='$tdclass' align='center'><img src='images/groups_small/".show_icon_group($id_group).".png' title='$group_name' class='bot'></td>";
 
 			// for System or SNMP generated alerts
-			} else { 
-				if ($row2["event_type"] == "system") {
-					echo "<td class='$tdclass' colspan=3>".__('System');
-				} else {
-					echo "<td class='$tdclass' colspan=3>".__('Alert')."SNMP";
-				}
-			}
-
-			// User who validated event
-			echo "<td class='$tdclass'>";
-			if ($row2["estado"] <> 0)
-				echo "<a href='index.php?sec=usuario&sec2=operation/users/user_edit&ver=".$row2["id_usuario"]."'>".substr($row2["id_usuario"],0,8)."<a href='#' class='tip'> <span>".dame_nombre_real($row2["id_usuario"])."</span></a></a>";
-			
-			// Timestamp
-			echo "<td class='".$tdclass."f9' title='".$row2["timestamp"]."'>";
-			echo human_time_comparation ($row2["timestamp"]);
-			echo "</td>";
-			// Several options grouped here
-			echo "<td class='$tdclass' align='right'>";
-			// Validate event
-			if (($row2["estado"] == 0) and (give_acl ($config["id_user"], $id_group,"IW") ==1))
-				echo "<a href='$url&check=".$row2["id_evento"]."&pure=".$config["pure"]."'>
-				<img src='images/ok.png' border='0'></a> ";
-			// Delete event
-			if (give_acl ($config["id_user"], $id_group,"IM") ==1)
-				echo "<a href='$url&delete=".$row2["id_evento"]."&pure=".$config["pure"]."'>
-				<img src='images/cross.png' border=0></a> ";
-			// Create incident from this event			
-			if (give_acl ($config["id_user"], $id_group,"IW") == 1)
-				echo "<a href='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&insert_form&from_event=".$row2["id_evento"]."'><img src='images/page_lightning.png' border=0></a>";
-			echo "</td>";
-			// Checbox				
-			echo "<td class='$tdclass' align='center'>";
-			echo "<input type='checkbox' class='chk' name='eventid".$offset_counter."' 
-			value='".$row2["id_evento"]."'>";
-			echo "</td></tr>";
+		} elseif ($row2["event_type"] == "system") {
+			echo "<td class='$tdclass' colspan=3>".__('System');
+		} else {
+			echo "<td class='$tdclass' colspan=3>".__('Alert')."SNMP";
 		}
+
+		// User who validated event
+		echo "<td class='$tdclass'>";
+		if ($row2["estado"] <> 0)
+			echo "<a href='index.php?sec=usuario&sec2=operation/users/user_edit&ver=".$row2["id_usuario"]."'>".substr($row2["id_usuario"],0,8)."<a href='#' class='tip'> <span>".dame_nombre_real($row2["id_usuario"])."</span></a></a>";
+			
+		// Timestamp
+		echo "<td class='".$tdclass."f9' title='".$row2["timestamp"]."'>";
+		echo human_time_comparation ($row2["timestamp"]);
+		echo "</td>";
+		// Several options grouped here
+		echo "<td class='$tdclass' align='right'>";
+		// Validate event
+		if (($row2["estado"] == 0) and (give_acl ($config["id_user"], $id_group,"IW") ==1))
+			echo "<a href='$url&check=".$row2["id_evento"]."&pure=".$config["pure"]."'>
+			<img src='images/ok.png' border='0'></a> ";
+		// Delete event
+		if (give_acl ($config["id_user"], $id_group,"IM") ==1)
+			echo "<a href='$url&delete=".$row2["id_evento"]."&pure=".$config["pure"]."'>
+			<img src='images/cross.png' border=0></a> ";
+		// Create incident from this event			
+		if (give_acl ($config["id_user"], $id_group,"IW") == 1)
+			echo "<a href='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&insert_form&from_event=".$row2["id_evento"]."'><img src='images/page_lightning.png' border=0></a>";
+			echo "</td>";
+		// Checbox				
+		echo "<td class='$tdclass' align='center'>";
+		echo "<input type='checkbox' class='chk' name='eventid".$offset_counter."' 
+		value='".$row2["id_evento"]."'>";
+		echo "</td></tr>";
+
 		$offset_counter++;
 	}
 	echo "</table>";
 	echo "<table width='750'><tr><td align='right'>";
 	
 	echo "<input class='sub ok' type='submit' name='updatebt' value='".__('Validate')."'> ";
-	if (give_acl ($config["id_user"], 0,"IM") ==1){
+	if (give_acl ($config["id_user"], 0,"IM") == 1) {
 		echo "<input class='sub delete' type='submit' name='deletebt' value='".__('Delete')."'>";
 	}
 	echo "</form></table>";
diff --git a/pandora_console/operation/menu.php b/pandora_console/operation/menu.php
index 450b6138af..128ef5fdcd 100644
--- a/pandora_console/operation/menu.php
+++ b/pandora_console/operation/menu.php
@@ -100,17 +100,18 @@ if (give_acl ($config['id_user'], 0, "AR")) {
 	echo '<a href="index.php?sec=visualc&sec2=operation/visual_console/index"  class="mn">'.__('Visual console').'</a></li></ul></div>';
 
 	if ($sec  == "visualc") {
-		$sql="SELECT * FROM tlayout ORDER BY name";
+		$result = get_db_all_rows_in_table ('tlayout','name');
 		$id = get_parameter ('id');
-		if ($res = mysql_query ($sql))
-			while ($layout = mysql_fetch_array ($res)) {
-				if ($sec2 == "operation/visual_console/render_view" && $id == $layout["id"]) {
-					echo "<div class='operation-submenu submenu-selected'>";
-				} else {
-					echo "<div class='operation-submenu'>";
-				}
-				echo "<ul class='mn'><li><a href='index.php?sec=visualc&sec2=operation/visual_console/render_view&id=".$layout["id"]."' class='mn'>". substr ($layout["name"], 0, 15). "</a></li></ul></div>";
+		foreach ($result as $layout) {
+			if (!give_acl ($config["id_user"], $layout["id_group"], "AR")) {
+				continue;
+			} elseif ($sec2 == "operation/visual_console/render_view" && $id == $layout["id"]) {
+				echo "<div class='operation-submenu submenu-selected'>";
+			} else {
+				echo "<div class='operation-submenu'>";
 			}
+			echo "<ul class='mn'><li><a href='index.php?sec=visualc&sec2=operation/visual_console/render_view&id=".$layout["id"]."' class='mn'>". substr ($layout["name"], 0, 15). "</a></li></ul></div>";
+		}
 	}
 	
 
diff --git a/pandora_console/operation/visual_console/index.php b/pandora_console/operation/visual_console/index.php
index 0b6be3cd79..5170067f51 100644
--- a/pandora_console/operation/visual_console/index.php
+++ b/pandora_console/operation/visual_console/index.php
@@ -19,19 +19,15 @@
 
 
 // Login check
-global $REMOTE_ADDR;
-
 check_login ();
 
-echo "<h2>".__('Visual console')." &gt; ";
-echo __('Summary')."</h2>";
+echo "<h2>".__('Visual console')." &gt; ".__('Summary')."</h2>";
+
 
 $layouts = get_db_all_rows_in_table ('tlayout','name');
 
-if (sizeof ($layouts) == 0) {
-	echo "<div class='nf'>".__('There are no defined layouts')."</div>";
-	return;
-}
+if ($layouts === false)
+	$layouts = array ();
 
 $table->width = '500px';
 $table->data = array ();
@@ -41,22 +37,28 @@ $table->head[1] = __('Group');
 $table->head[2] = __('Elements');
 $table->align = array ();
 $table->align[2] = 'center';
-if ($layouts){
-	foreach ($layouts as $layout) {
-		$data = array ();
-		
-		$data[0] = '<a href="index.php?sec=visualc&sec2=operation/visual_console/render_view&id='.
-			$layout['id'].'">'.$layout['name'].'</a>';
-		$data[1] = '<img src="images/'.dame_grupo_icono($layout["id_group"]).'.png" 
-			title="'.dame_nombre_grupo ($layout["id_group"]).'"> ';
-		$data[1] .= dame_nombre_grupo ($layout["id_group"]);
-		$data[2] = get_db_value ('COUNT(*)', 'tlayout_data', 'id_layout', $layout['id']);
-		
-		array_push ($table->data, $data);
+
+foreach ($layouts as $layout) {
+	if (!give_acl ($config["id_user"], $layout["id_group"], "AR")) {
+		continue;
 	}
-	print_table ($table);
-} else {
-	echo '<div class="nf">'.__('There are no visual consoles defined').'</div>';
+	$data = array ();
+	
+	$data[0] = '<a href="index.php?sec=visualc&sec2=operation/visual_console/render_view&id='.
+		$layout['id'].'">'.$layout['name'].'</a>';
+	$data[1] = '<img src="images/'.dame_grupo_icono($layout["id_group"]).'.png" 
+		title="'.dame_nombre_grupo ($layout["id_group"]).'"> ';
+	$data[1] .= dame_nombre_grupo ($layout["id_group"]);
+	$data[2] = get_db_value ('COUNT(*)', 'tlayout_data', 'id_layout', $layout['id']);
+		
+	array_push ($table->data, $data);
 }
 
+if (!empty ($table->data)) {
+	print_table ($table);
+} else {
+	echo '<div class="nf">'.__('No layouts found').'</div>';
+}
+unset ($table);
+
 ?>
diff --git a/pandora_console/operation/visual_console/render_view.php b/pandora_console/operation/visual_console/render_view.php
index 765ab2b9f6..f285297f74 100644
--- a/pandora_console/operation/visual_console/render_view.php
+++ b/pandora_console/operation/visual_console/render_view.php
@@ -19,11 +19,7 @@
 // Login check
 require ('include/functions_visual_map.php');
 
-if (check_login () != 0) {
-	audit_db ($config["id_user"],$REMOTE_ADDR, "ACL Violation","Trying to access graph builder");
-	include ("general/noaccess.php");
-	exit;
-}
+check_login ();
 
 $id_layout = (int) get_parameter ('id');
 $refr = (int) get_parameter ('refr');
@@ -53,10 +49,16 @@ $bheight = $layout["height"];
 
 $pure_url = "&pure=".$config["pure"];
 
+if (! give_acl ($config["id_user"], $id_group, "AR")) {
+	audit_db ($config["id_user"], $REMOTE_ADDR, "ACL Violation", "Trying to access visual console without group access");
+	require ("general/noaccess.php");
+	exit;
+}
+
 // Render map
 echo "<h1>".$layout_name."&nbsp;&nbsp;";
 
-if ($config["pure"] == 0){
+if ($config["pure"] == 0) {
 	echo "<a href='index.php?sec=visualc&sec2=operation/visual_console/render_view&id=$id_layout&refr=$refr&pure=1'>";
 	echo "<img src='images/monitor.png' title='".__('Full screen mode')."'>";
 	echo "</a>";
diff --git a/pandora_console/pandoradb.sql b/pandora_console/pandoradb.sql
index 792da92b8c..a5d8cf2b0e 100644
--- a/pandora_console/pandoradb.sql
+++ b/pandora_console/pandoradb.sql
@@ -413,10 +413,9 @@ CREATE TABLE IF NOT EXISTS `tnetwork_profile` (
 
 
 CREATE TABLE IF NOT EXISTS `tnetwork_profile_component` (
-  `id_npc` int(10) unsigned NOT NULL auto_increment,
-  `id_nc` int(10) unsigned NOT NULL default '0',
-  `id_np` int(10) unsigned NOT NULL default '0',
-  PRIMARY KEY  (`id_npc`)
+  `id_nc` mediumint(8) unsigned NOT NULL default '0',
+  `id_np` mediumint(8) unsigned NOT NULL default '0',
+  KEY `id_np` (`id_np`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
 
diff --git a/pandora_console/pandoradb_data.sql b/pandora_console/pandoradb_data.sql
index d5438290b7..7517322ae1 100644
--- a/pandora_console/pandoradb_data.sql
+++ b/pandora_console/pandoradb_data.sql
@@ -301,50 +301,50 @@ INSERT INTO `tnetwork_profile` (`id_np`, `name`, `description`) VALUES (4,'Full
 INSERT INTO `tnetwork_profile` (`id_np`, `name`, `description`) VALUES (5,'Linux Server','Full Monitoring of a Linux server services.');
 INSERT INTO `tnetwork_profile` (`id_np`, `name`, `description`) VALUES (6,'Basic WMI monitoring','Basic monitoring of a Windows host.');
 
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (1,24,1);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (2,25,1);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (3,27,1);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (4,28,1);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (5,30,1);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (6,31,1);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (7,34,1);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (8,39,1);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (9,34,2);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (10,34,3);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (11,37,3);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (12,39,3);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (13,38,3);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (14,24,3);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (15,3,4);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (16,24,4);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (17,25,4);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (18,26,4);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (19,27,4);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (20,28,4);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (21,29,4);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (22,30,4);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (23,31,4);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (24,32,4);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (25,45,4);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (26,46,4);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (27,47,4);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (28,48,4);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (29,3,5);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (30,50,5);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (31,53,5);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (32,24,5);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (33,30,5);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (34,27,5);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (35,34,5);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (36,1,5);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (37,2,5);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (38,49,5);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (39,4,5);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (40,51,5);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (41,52,5);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (42,39,5);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (43,200,6);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (44,201,6);
-INSERT INTO `tnetwork_profile_component` (`id_npc`, `id_nc`, `id_np`) VALUES (45,202,6);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (24,1);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (25,1);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (27,1);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (28,1);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (30,1);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (31,1);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (34,1);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (39,1);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (34,2);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (34,3);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (37,3);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (39,3);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (38,3);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (24,3);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (3,4);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (24,4);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (25,4);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (26,4);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (27,4);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (28,4);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (29,4);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (30,4);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (31,4);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (32,4);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (45,4);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (46,4);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (47,4);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (48,4);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (3,5);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (50,5);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (53,5);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (24,5);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (30,5);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (27,5);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (34,5);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (1,5);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (2,5);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (49,5);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (4,5);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (51,5);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (52,5);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (39,5);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (200,6);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (201,6);
+INSERT INTO `tnetwork_profile_component` (`id_nc`, `id_np`) VALUES (202,6);