2008-09-03 Evi Vanoost <vanooste@rcbi.rochester.edu>

* reporting/fgraph.php: Fixed bug where a graph wouldn't return
        when free search was specified. Also made SQL safer against
        attacks since fgraph can be accessed by anyone. This should be
        fixed in later versions so there has to be no SQL query passed

        * operation/events/events_rss.php: Made RSS feed better. Now you can
        also pass a filter from events.php. Fixed direction of the links

        * operation/events/events.php: Added a filter on agent name. Updated
        for RSS feeds. Added filter on event id

        * install.php: A little bit of automatic field filling. Corrected some
        text for more correct English and update to the new URL specification


git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1077 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
guruevi 2008-09-03 15:47:09 +00:00
parent 64db350841
commit 97af45b63a
5 changed files with 113 additions and 45 deletions

View File

@ -1,3 +1,19 @@
2008-09-03 Evi Vanoost <vanooste@rcbi.rochester.edu>
* reporting/fgraph.php: Fixed bug where a graph wouldn't return
when free search was specified. Also made SQL safer against
attacks since fgraph can be accessed by anyone. This should be
fixed in later versions so there has to be no SQL query passed
* operation/events/events_rss.php: Made RSS feed better. Now you can
also pass a filter from events.php. Fixed direction of the links
* operation/events/events.php: Added a filter on agent name. Updated
for RSS feeds. Added filter on event id
* install.php: A little bit of automatic field filling. Corrected some
text for more correct English and update to the new URL specification
2008-09-03 Esteban Sanchez <estebans@artica.es> 2008-09-03 Esteban Sanchez <estebans@artica.es>
* include/functions_html.php: Fixed a typo error in print_textarea * include/functions_html.php: Fixed a typo error in print_textarea

View File

@ -317,13 +317,13 @@ function install_step3() {
</span> </span>
</div> </div>
<input class='login' type='text' name='path' style='width: 190px;' <input class='login' type='text' name='path' style='width: 190px;'
value='/var/www/pandora_console/'> value='".dirname (__FILE__)."'>
<div>Full local URL to Pandora FMS Console<br> <div>URL path to Pandora FMS Console<br>
<span class='f9b'>For example '/pandora_console'</span> <span class='f9b'>For example '/pandora_console'</span>
</div> </div>
<input class='login' type='text' name='url' style='width: 250px;' <input class='login' type='text' name='url' style='width: 250px;'
value='/pandora_console'> value='".dirname ($_SERVER['PHP_SELF'])."'>
<div align='right'> <div align='right'>
<input type='image' src='images/arrow_next.png' value='Step #4' id='step4'> <input type='image' src='images/arrow_next.png' value='Step #4' id='step4'>
@ -474,7 +474,7 @@ function install_step5() {
<h2>Installation complete</h2> <h2>Installation complete</h2>
<p>You now must delete manually this installer ('<i>install.php</i>') <p>You now must delete manually this installer ('<i>install.php</i>')
file for security before trying to access to your Pandora FMS console. file for security before trying to access to your Pandora FMS console.
<p>Now you need to install Pandora FMS server before trying to monitor anything, <p>You should also install the Pandora FMS Servers before trying to monitor anything,
please read documentation on how to install it.</p> please read documentation on how to install it.</p>
<p>Don't forget to check <a href='http://pandorafms.com'>http://pandorafms.com</a> <p>Don't forget to check <a href='http://pandorafms.com'>http://pandorafms.com</a>
for updates. for updates.

View File

@ -164,13 +164,14 @@ if (isset ($_POST["updatebt"])) {
// Get data // Get data
$offset = get_parameter ( "offset",0); $offset = (int) get_parameter ( "offset",0);
$ev_group = get_parameter ("ev_group", 0); // group $ev_group = (int) get_parameter ("ev_group", 0); // group
$search = get_parameter ("search", ""); // free search $search = get_parameter ("search", ""); // free search
$event_type = get_parameter ("event_type", ''); // 0 all $event_type = get_parameter ("event_type", ''); // 0 all
$severity = get_parameter ("severity", -1); // -1 all $severity = (int) get_parameter ("severity", -1); // -1 all
$status = get_parameter ("status", 0); // -1 all, 0 only red, 1 only green $status = (int) get_parameter ("status", 0); // -1 all, 0 only red, 1 only green
$id_agent = get_parameter ("id_agent", -1); $id_agent = (int) get_parameter ("id_agent", -1);
$id_event = (int) get_parameter ("id_event", -1);
$sql_post = ""; $sql_post = "";
if ($ev_group > 1) if ($ev_group > 1)
@ -184,10 +185,13 @@ if ($search != "")
if ($event_type != "") if ($event_type != "")
$sql_post .= " AND event_type = '$event_type'"; $sql_post .= " AND event_type = '$event_type'";
if ($severity != -1) if ($severity != -1)
$sql_post .= " AND criticity >= $severity"; $sql_post .= " AND criticity >= ".$severity;
if ($id_agent != -1) if ($id_agent != -1)
$sql_post .= " AND id_agente = $id_agent"; $sql_post .= " AND id_agente = ".$id_agent;
$url = "index.php?sec=eventos&sec2=operation/events/events&search=$search&event_type=$event_type&severity=$severity&status=$status&ev_group=$ev_group&refr=60&id_agent=$id_agent"; if ($id_event != -1)
$sql_post .= " AND id_evento = ".$id_event;
$url = "index.php?sec=eventos&sec2=operation/events/events&search=$search&event_type=$event_type&severity=$severity&status=$status&ev_group=$ev_group&refr=60&id_agent=$id_agent&id_event=$id_event";
echo "<h2>".__('Events')." &gt; ".__('Main event view'). "&nbsp"; echo "<h2>".__('Events')." &gt; ".__('Main event view'). "&nbsp";
@ -250,7 +254,24 @@ echo "</td></tr><tr>";
// Free search // Free search
echo "<td>".__('Free search')."</td><td>"; echo "<td>".__('Free search')."</td><td>";
print_input_text ('search', $search, '', 15); print_input_text ('search', $search, '', 15);
echo "</td><td colspan=2>";
//Agent search
echo "</td><td>".__('Agent search')."</td><td>";
$sql = "SELECT DISTINCT(id_agente) FROM tevento WHERE 1=1 ".$sql_post;
$result = get_db_all_rows_sql ($sql);
if ($result === false)
$result = array();
$agents = array(-1 => "All");
foreach ($result as $id_row) {
$agents[$id_row[0]] = dame_nombre_agente ($id_row[0]);
}
print_select ($agents, 'id_agent', $id_agent, 'javascript:this.form.submit();', '', '');
echo "</td></tr>";
//The buttons
echo '<tr><td colspan="2"><!-- Empty cell --></td><td colspan="2">';
print_submit_button (__('Update'), '', false, $attributes = 'class="sub upd"'); print_submit_button (__('Update'), '', false, $attributes = 'class="sub upd"');
// CSV // CSV
@ -260,7 +281,7 @@ echo '&nbsp;&nbsp;&nbsp;
// Marquee // Marquee
echo "&nbsp;<a target='_top' href='operation/events/events_marquee.php'><img src='images/heart.png' title='".__('Marquee display')."'></a>"; echo "&nbsp;<a target='_top' href='operation/events/events_marquee.php'><img src='images/heart.png' title='".__('Marquee display')."'></a>";
// RSS // RSS
echo "&nbsp;<a target='_top' href='operation/events/events_rss.php'><img src='images/transmit.png' title='".__('RSS Events')."'></a>"; echo '&nbsp;<a target="_top" href="operation/events/events_rss.php?ev_group='.$ev_group.'&event_type='.$event_type.'&search='.$search.'&severity='.$severity.'&status='.$status.'&id_agent='.$id_agent.'"><img src="images/transmit.png" title="'.__('RSS Events').'"></a>';
echo "</td></tr></table>"; echo "</td></tr></table>";

View File

@ -16,54 +16,82 @@
// along with this program; if not, write to the Free Software // along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
error_reporting(E_ALL);
require "../../include/config.php"; require "../../include/config.php";
require "../../include/functions.php"; require "../../include/functions.php";
require_once "../../include/functions_db.php"; require_once "../../include/functions_db.php";
$constraints = ""; $ev_group = get_parameter ("ev_group", 0); // group
$search = get_parameter ("search", ""); // free search
$event_type = get_parameter ("event_type", ''); // 0 all
$severity = (int) get_parameter ("severity", -1); // -1 all
$status = (int) get_parameter ("status", 0); // -1 all, 0 only red, 1 only green
$id_agent = (int) get_parameter ("id_agent", -1);
$id_event = (int) get_parameter ("id_event", -1); //This will allow to select only 1 event (eg. RSS)
$sql_post = "";
if ($ev_group > 1)
$sql_post .= " AND `tevento`.`id_grupo` = $ev_group";
if ($status == 1)
$sql_post .= " AND `tevento`.`estado` = 1";
if ($status == 0)
$sql_post .= " AND `tevento`.`estado` = 0";
if ($search != "")
$sql_post .= " AND `tevento`.`evento` LIKE '%$search%'";
if ($event_type != "")
$sql_post .= " AND `tevento`.`event_type` = '$event_type'";
if ($severity != -1)
$sql_post .= " AND `tevento`.`criticity` >= ".$severity;
if ($id_agent != -1)
$sql_post .= " AND `tevento`.`id_agente` = ".$id_agent;
if ($id_event != -1)
$sql_post .= " AND id_evento = ".$id_event;
$sql="SELECT `tevento`.`id_evento` AS event_id,
`tagente`.`nombre` AS agent_name,
`tevento`.`id_usuario` AS validated_by,
`tevento`.`estado` AS validated,
`tevento`.`evento` AS event_descr,
`tevento`.`utimestamp` AS unix_timestamp
FROM tevento, tagente
WHERE `tevento`.`id_agente` = `tagente`.`id_agente` ".$sql_post."
ORDER BY utimestamp DESC LIMIT 0 , 30";
$sql="SELECT `tevento`.`id_evento` AS event_id, `tagente`.`nombre` AS agent_name, `tevento`.`id_usuario` AS validated_by , `tevento`.`estado` AS validated, `tevento`.`evento` AS event_descr , `tevento`.`utimestamp` AS unix_timestamp, `tgrupo`.`nombre` AS group_name, `tgrupo`.`icon` AS group_icon $result= get_db_all_rows_sql ($sql);
FROM tevento, tagente, tgrupo
WHERE `tevento`.`id_agente` = `tagente`.`id_agente` AND `tevento`.`id_grupo` = `tgrupo`.`id_grupo` $constraints
ORDER BY utimestamp DESC
LIMIT 0 , 30";
$result=mysql_query($sql);
//$url = "https://".$_SERVER['HTTP_HOST']."/pandora_console"; //$url = "https://".$_SERVER['HTTP_HOST']."/pandora_console";
$url = 'http://'.$_SERVER['HTTP_HOST'].$config["homeurl"]; $url = 'http://'.$_SERVER['HTTP_HOST'].$config["homeurl"];
$selfurl = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'];
$rss_feed = '<?xml version="1.0" encoding="utf-8" ?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">';
$rss_feed .= '<channel><title>Pandora RSS Feed</title><description>Latest events on Pandora</description>';
$rss_feed .= '<lastBuildDate>'.date(DATE_RFC822, $result[0]['unix_timestamp']).'</lastBuildDate>';
$rss_feed .= '<link>'.$url.'</link>';
$rss_feed .= '<atom:link href="'.htmlentities ($selfurl).'" rel="self" type="application/rss+xml" />';
$rss_feed = '<?xml version="1.0" ?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel> if ($result === false) {
<title>Pandora RSS Feed</title> $result = array();
<description>Latest events on Pandora</description> $rss_feed .= '<item><guid>'.$url.'/index.php?sec=eventos&sec2=operation/events/events</guid><title>No results</title>';
<link>' . $url . '</link> $rss_feed .= '<description>There are no results. Click on the link to see all Pending events</description>';
<atom:link href="' . $url . '/operation/events/events_rss.php" rel="self" type="application/rss+xml" />'; $rss_feed .= '<link>'.$url.'/index.php?sec=eventos&sec2=operation/events/events</link></item>';
}
while($row=mysql_fetch_array($result,MYSQL_ASSOC)) { foreach ($result as $row) {
//This is mandatory //This is mandatory
$rss_feed .= '<item><guid>'; $rss_feed .= '<item><guid>';
$rss_feed .= $url . "/operation/events/view_event?id=" . $row['event_id']; $rss_feed .= htmlentities ($url . "/index.php?sec=eventos&sec2=operation/events/events&id_event=" . $row['event_id']);
$rss_feed .= '</guid><title>'; $rss_feed .= '</guid><title>';
$rss_feed .= htmlentities($row['agent_name']); $rss_feed .= htmlentities ($row['agent_name']);
$rss_feed .= '</title><description>'; $rss_feed .= '</title><description>';
$rss_feed .= htmlentities($row['event_descr']); $rss_feed .= htmlentities ($row['event_descr']);
if($row['validated'] == 1) { if($row['validated'] == 1) {
$rss_feed .= '<br /><br />Validated by ' . $row['validated_by']; $rss_feed .= '<br /><br />Validated by ' . $row['validated_by'];
} }
$rss_feed .= '</description><link>'; $rss_feed .= '</description><link>';
$rss_feed .= $url . "/operation/events/view_event?id=" . $row["event_id"]; $rss_feed .= htmlentities ($url . "/index.php?sec=eventos&sec2=operation/events/events&id_event=" . $row["event_id"]);
$rss_feed .= '</link>'; $rss_feed .= '</link>';
//The rest is optional //The rest is optional
$rss_feed .= '<pubDate>' . date(DATE_RFC822, $row['unix_timestamp']) . '</pubDate>'; $rss_feed .= '<pubDate>' . date(DATE_RFC822, $row['unix_timestamp']) . '</pubDate>';
$rss_feed .= '<image>';
$rss_feed .= '<link>' . $url . '</link>';
$rss_feed .= '<title>' . $row['group_name'] . '</title>';
$rss_feed .= '<url>' . $url . '/images/groups_small/' . $row['group_icon'] . '.png</url>';
$rss_feed .= '</image>';
//This is mandatory again //This is mandatory again
$rss_feed .= '</item>'; $rss_feed .= '</item>';

View File

@ -1325,7 +1325,7 @@ function graph_event_module ($width = 300, $height = 200, $id_agent) {
$data = array(); $data = array();
$legend = array(); $legend = array();
$sql = "SELECT DISTINCT(id_agentmodule) AS id_agentmodule, id_grupo, COUNT(id_agentmodule) AS count FROM tevento WHERE id_agente = ".$id_agent." GROUP BY id_agentmodule"; $sql = sprintf ("SELECT DISTINCT(id_agentmodule) AS id_agentmodule, id_grupo, COUNT(id_agentmodule) AS count FROM tevento WHERE id_agente = %d GROUP BY id_agentmodule",$id_agent);
$result = get_db_all_rows_sql ($sql); $result = get_db_all_rows_sql ($sql);
if ($result === false) if ($result === false)
$result = array(); $result = array();
@ -1359,10 +1359,13 @@ function graph_event_module ($width = 300, $height = 200, $id_agent) {
function grafico_eventos_grupo ($width = 300, $height = 200, $url = "") { function grafico_eventos_grupo ($width = 300, $height = 200, $url = "") {
global $config; global $config;
$url = rawurldecode ($url); //It was urlencoded, so we urldecode it $url = html_entity_decode (rawurldecode ($url),ENT_QUOTES); //It was urlencoded, so we urldecode it
$data = array(); $data = array();
$legend = array(); $legend = array();
$badstrings = array (";", "SELECT ", "DELETE ", "UPDATE ", "INSERT ");
$url = str_ireplace ($badstrings,"",$url); //remove bad strings from the query so queries like ; DELETE FROM don't pass
//This will give the distinct id_agente, give the id_grupo that goes //This will give the distinct id_agente, give the id_grupo that goes
//with it and then the number of times it occured. GROUP BY statement //with it and then the number of times it occured. GROUP BY statement
//is required if both DISTINCT() and COUNT() are in the statement //is required if both DISTINCT() and COUNT() are in the statement