diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index b9ee77e1cf..7a6d453ece 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,19 @@ +2011-03-03 Miguel de Dios + * include/db/postgresql.php, include/db/mysql.php, include/functions_db.php: + fixed the function "get_db_all_rows_filter" for PostgreSQL engine, added + new function "get_db_last_error" and derivate functions in DB engines. And + added new parameter $status in function "process_sql". + + * extensions/dbmanager.php, general/error_authconfig.php, + general/error_dbconfig.php, godmode/groups/modu_group_list.php, + godmode/groups/group_list.php, godmode/db/db_sanity.php, + godmode/agentes/fields_manager.php, + godmode/agentes/manage_config_remote.php, godmode/servers/recon_script.php, + godmode/servers/plugin.php, godmode/modules/module_list.php, + godmode/modules/manage_network_components_form_wmi.php, + godmode/reporting/graphs.php: changed the calls to mysql functions to own + functions, and rewrote some parts of source code for this action. + 2011-03-03 Miguel de Dios * godmode/setup/news.php, godmode/setup/links.php, include/fgraph.php, operation/agentes/status_monitor.php, operation/reporting/graph_viewer.php: diff --git a/pandora_console/extensions/dbmanager.php b/pandora_console/extensions/dbmanager.php index 18375b6c85..42e87459a5 100644 --- a/pandora_console/extensions/dbmanager.php +++ b/pandora_console/extensions/dbmanager.php @@ -14,35 +14,64 @@ function dbmanager_query ($sql, &$error) { global $config; - - $retval = array(); - if ($sql == '') - return false; + switch ($config["dbtype"]) { + case "mysql": + $retval = array(); - $sql = html_entity_decode($sql, ENT_QUOTES); - - $result = mysql_query ($sql); - if ($result === false) { - $backtrace = debug_backtrace (); - $error = mysql_error (); - return false; + if ($sql == '') + return false; + + $sql = html_entity_decode($sql, ENT_QUOTES); + + $result = mysql_query ($sql); + if ($result === false) { + $backtrace = debug_backtrace (); + $error = mysql_error (); + return false; + } + + if ($result === true) { + return mysql_affected_rows (); + } + + while ($row = mysql_fetch_array ($result, MYSQL_ASSOC)) { + array_push ($retval, $row); + } + mysql_free_result ($result); + + if (! empty ($retval)) + return $retval; + + //Return false, check with === or !== + return "Empty"; + break; + case "postgresql": + $retval = array(); + + if ($sql == '') + return false; + + $sql = html_entity_decode($sql, ENT_QUOTES); + + $result = process_sql($sql, "affected_rows", '', false, $status); + + //$result = mysql_query ($sql); + if ($result === false) { + $backtrace = debug_backtrace(); + $error = get_db_last_error(); + + return false; + } + + if ($status == 2) { + return $result; + } + else { + return $result; + } + break; } - - if ($result === true) { - return mysql_affected_rows (); - } - - while ($row = mysql_fetch_array ($result, MYSQL_ASSOC)) { - array_push ($retval, $row); - } - mysql_free_result ($result); - - if (! empty ($retval)) - return $retval; - - //Return false, check with === or !== - return "Empty"; } @@ -50,6 +79,7 @@ function dbmgr_extension_main () { require_css_file ('dbmanager', 'extensions/dbmanager/'); global $config; + if (! check_acl ($config['id_user'], 0, "PM") && ! is_user_admin ($config['id_user'])) { pandora_audit("ACL Violation", "Trying to access Setup Management"); require ("general/noaccess.php"); diff --git a/pandora_console/general/error_authconfig.php b/pandora_console/general/error_authconfig.php index 6046a616ab..acdf5d9a31 100644 --- a/pandora_console/general/error_authconfig.php +++ b/pandora_console/general/error_authconfig.php @@ -42,7 +42,10 @@ Cannot connect to the database, please check your database setup in the include/config.php file or read the documentation on how to setup Pandora FMS.

Probably one or more of your user, database or hostname values are incorrect or the database server is not running.

- MySQL ERROR: + DB ERROR: +
If you have modified auth system, problem could be because Pandora cannot override authorization variables from the config database. Remove them from your database by executing:

DELETE FROM tconfig WHERE token = "auth";
diff --git a/pandora_console/general/error_dbconfig.php b/pandora_console/general/error_dbconfig.php index afe58faa28..be7b833bf8 100644 --- a/pandora_console/general/error_dbconfig.php +++ b/pandora_console/general/error_dbconfig.php @@ -42,7 +42,7 @@ Cannot connect to the database, please check your database setup in the include/config.php file or read the documentation on how to setup Pandora FMS.

Probably one or more of your user, database or hostname values are incorrect or the database server is not running.

- MySQL ERROR: '. mysql_error().' + DB ERROR:
 
diff --git a/pandora_console/godmode/agentes/fields_manager.php b/pandora_console/godmode/agentes/fields_manager.php index b9b29989ef..e0622cd354 100644 --- a/pandora_console/godmode/agentes/fields_manager.php +++ b/pandora_console/godmode/agentes/fields_manager.php @@ -19,10 +19,11 @@ global $config; check_login(); -if (! check_acl($config['id_user'], 0, "PM")) { +if (!check_acl($config['id_user'], 0, "PM")) { pandora_audit("ACL Violation", "Trying to access Group Management"); require ("general/noaccess.php"); + return; } @@ -40,44 +41,43 @@ $display_on_front = (int) get_parameter ('display_on_front', 0); if ($create_field) { /*Check if name field is empty*/ if ($name != "") { - $sql = sprintf ('INSERT INTO tagent_custom_fields (name, display_on_front) - VALUES ("%s", "%d")', - $name, $display_on_front); - $result = mysql_query ($sql); - } else { + $result = process_sql_insert('tagent_custom_fields', array('name' => $name, 'display_on_front' => $display_on_front)); + } + else { $result = false; } if ($result) { echo "

".__('Field successfully created')."

"; - } else { - echo "

".__('There was a problem creating field')."

"; } + } + else { + echo "

".__('There was a problem creating field')."

"; + } } /* Update field */ if ($update_field) { /*Check if name field is empty*/ if( $name != "") { - $sql = sprintf ('UPDATE tagent_custom_fields SET name = "%s", - display_on_front = %d - WHERE id_field = %d', - $name, $display_on_front, $id_field); - $result = process_sql ($sql); - } else { + $values = array('name' => $name, 'display_on_front' => $display_on_front); + + $result = process_sql_update('tagent_custom_fields', $values, array('id_field' => $id_field)); + } + else { $result = false; } if ($result !== false) { echo "

".__('Field successfully updated')."

"; - } else { + } + else { echo "

".__('There was a problem modifying field')."

"; } } /* Delete field */ if ($delete_field) { - $sql = sprintf ('DELETE FROM tagent_custom_fields WHERE id_field = %d', $id_field); - $result = process_sql ($sql); + $result = process_sql_delete('tagent_custom_fields', array('id_field' => $id_field)); if (!$result) echo "

".__('There was a problem deleting field')."

"; @@ -97,7 +97,8 @@ if ($fields) { $table->align[1] = 'center'; $table->align[2] = 'center'; $table->data = array (); -} else { +} +else { echo '
'. __('No fields defined') .'
'; } @@ -109,7 +110,8 @@ foreach ($fields as $field) { if($field['display_on_front']) { $data[1] = print_image('images/tick.png', true); - }else { + } + else { $data[1] = print_image('images/delete.png', true); } diff --git a/pandora_console/godmode/agentes/manage_config_remote.php b/pandora_console/godmode/agentes/manage_config_remote.php index cb99854013..3346dab7c4 100644 --- a/pandora_console/godmode/agentes/manage_config_remote.php +++ b/pandora_console/godmode/agentes/manage_config_remote.php @@ -121,8 +121,13 @@ if ((isset($_GET["operacion"])) AND ($update_group == -1) ) { $sql1 = "SELECT * FROM tagente WHERE id_grupo IN ($grouplist) ORDER BY nombre"; echo ''; echo ''; } echo ''; @@ -110,9 +115,15 @@ echo ''; echo ''; diff --git a/pandora_console/godmode/modules/module_list.php b/pandora_console/godmode/modules/module_list.php index 386984ac63..87cf8c13e5 100644 --- a/pandora_console/godmode/modules/module_list.php +++ b/pandora_console/godmode/modules/module_list.php @@ -37,11 +37,15 @@ if ($update_module) { $icon = get_parameter_post ("icon"); $category = get_parameter_post ("category"); - $sql_update ="UPDATE ttipo_modulo - SET descripcion = '".$description."', categoria = '".$category."', - nombre = '".$name."', icon = '".$icon."' - WHERE id_tipo = '".$id_type."'"; - $result = mysql_query($sql_update); + $values = array( + 'descripcion' => $description, + 'categoria' => $category, + 'nombre' => $name, + 'icon' => $icon + ); + + $result = process_sql_update('ttipo_modulo', $values, array('id_tipo' => $id_type)); + if (! $result) echo "

".__('Problem modifying module')."

"; else @@ -54,14 +58,19 @@ echo "".__('Icon').""; echo "".__('ID').""; echo "".__('Name').""; echo "".__('Description').""; -$sql = 'SELECT * FROM ttipo_modulo ORDER BY nombre'; -$result = mysql_query ($sql); + +$rows = get_db_all_rows_sql('SELECT * FROM ttipo_modulo ORDER BY nombre'); +if ($rows === false) { + $rows = array(); +} + $color = 0; -while ($row = mysql_fetch_array ($result)){ +foreach ($rows as $row) { if ($color == 1) { $tdcolor = "datos"; $color = 0; - } else { + } + else { $tdcolor = "datos2"; $color = 1; } diff --git a/pandora_console/godmode/reporting/graphs.php b/pandora_console/godmode/reporting/graphs.php index 2f510ba478..d740b10400 100644 --- a/pandora_console/godmode/reporting/graphs.php +++ b/pandora_console/godmode/reporting/graphs.php @@ -37,16 +37,20 @@ print_page_header (__('Graphs management'), "", false, "", true); // Delete module SQL code if ($delete_graph) { if (check_acl ($config['id_user'], 0, "AW")) { - $sql = "DELETE FROM tgraph_source WHERE id_graph = $id"; - if ($res=mysql_query($sql)) + $result = process_sql_delete("tgraph_source", array('id_graph' =>$id)); + + if ($result) $result = "

".__('Successfully deleted')."

"; else $result = "

".__('Not deleted. Error deleting data')."

"; - $sql = "DELETE FROM tgraph WHERE id_graph = $id"; - if ($res=mysql_query($sql)) + + $result = process_sql_delete("tgraph", array('id_graph' =>$id)); + + if ($result) $result = "

".__('Successfully deleted')."

"; else $result = "

".__('Not deleted. Error deleting data')."

"; + echo $result; } else { diff --git a/pandora_console/godmode/servers/plugin.php b/pandora_console/godmode/servers/plugin.php index 6ec6494087..36a1008ce3 100644 --- a/pandora_console/godmode/servers/plugin.php +++ b/pandora_console/godmode/servers/plugin.php @@ -152,21 +152,23 @@ else { $plugin_pass_opt = get_parameter ("form_pass_opt", ""); $plugin_plugin_type = get_parameter ("form_plugin_type", "0"); - $sql_update ="UPDATE tplugin SET - name = '$plugin_name', - description = '$plugin_description', - max_timeout = '$plugin_max_timeout', - execute = '$plugin_execute', - net_dst_opt = '$plugin_net_dst_opt', - net_port_opt = '$plugin_net_port_opt', - user_opt = '$plugin_user_opt', - plugin_type = '$plugin_plugin_type', - pass_opt = '$plugin_pass_opt' - WHERE id = $plugin_id"; - $result=mysql_query($sql_update); + $values = array( + 'name' => $plugin_name, + 'description' => $plugin_description, + 'max_timeout' => $plugin_max_timeout, + 'execute' => $plugin_execute, + 'net_dst_opt' => $plugin_net_dst_opt, + 'net_port_opt' => $plugin_net_port_opt, + 'user_opt' => $plugin_user_opt, + 'plugin_type' => $plugin_plugin_type, + 'pass_opt' => $plugin_pass_opt); + + $result =process_sql_update('tplugin', $values, array('id' => $plugin_id)); + if (! $result) { echo "

".__('Problem updating plugin')."

"; - } else { + } + else { echo "

".__('Plugin updated successfully')."

"; } } @@ -182,43 +184,57 @@ else { $plugin_user_opt = get_parameter ("form_user_opt", ""); $plugin_pass_opt = get_parameter ("form_pass_opt", ""); $plugin_plugin_type = get_parameter ("form_plugin_type", "0"); - - $sql_insert ="INSERT tplugin (name, description, max_timeout, execute, net_dst_opt, net_port_opt, user_opt, pass_opt, plugin_type) VALUES ('$plugin_name', '$plugin_description', '$plugin_max_timeout', '$plugin_execute', '$plugin_net_dst_opt', '$plugin_net_port_opt', '$plugin_user_opt', '$plugin_pass_opt', $plugin_plugin_type)"; - $result=mysql_query($sql_insert); - if (! $result){ + + $values = array( + 'name' => $plugin_name, + 'description' => $plugin_description, + 'max_timeout' => $plugin_max_timeout, + 'execute' => $plugin_execute, + 'net_dst_opt' => $plugin_net_dst_opt, + 'net_port_opt' => $plugin_net_port_opt, + 'user_opt' => $plugin_user_opt, + 'pass_opt' => $plugin_pass_opt, + 'plugin_type' => $plugin_plugin_type); + + $result = process_sql_insert('tplugin', $values); + + if (! $result) { echo "

".__('Problem creating plugin')."

"; echo $sql_insert; - } else { + } + else { echo "

".__('Plugin created successfully')."

"; } } if (isset($_GET["kill_plugin"])){ // if delete alert $plugin_id = get_parameter ("kill_plugin", 0); - $sql_delete= "DELETE FROM tplugin WHERE id= ".$plugin_id; - $result=mysql_query($sql_delete); + + $result = process_sql_delete('tplugin', array('id' => $plugin_id)); + if (! $result){ echo "

".__('Problem deleting plugin')."

"; - } else { + } + else { echo "

".__('Plugin deleted successfully')."

"; } - if ($plugin_id != 0){ - $sql_delete2 ="DELETE FROM tagente_modulo WHERE id_plugin = ".$plugin_id; - $result=mysql_query($sql_delete2); + if ($plugin_id != 0){ + $result = process_sql_delete('tagente_modulo', array('id_plugin' => $plugin_id)); } } // If not edition or insert, then list available plugins - $sql1='SELECT * FROM tplugin ORDER BY name'; - $result=mysql_query($sql1); - if (mysql_num_rows($result) > 0){ + $rows = get_db_sql('SELECT * FROM tplugin ORDER BY name'); + + if ($rows !== false) { echo ''; echo ""; echo ""; echo ""; echo ""; $color = 0; - while ($row=mysql_fetch_array($result)){ + + foreach ($rows as $row) { if ($color == 1){ $tdcolor = "datos"; $color = 0; diff --git a/pandora_console/godmode/servers/recon_script.php b/pandora_console/godmode/servers/recon_script.php index 098b1ba399..3a2689b054 100644 --- a/pandora_console/godmode/servers/recon_script.php +++ b/pandora_console/godmode/servers/recon_script.php @@ -157,16 +157,16 @@ else { // If not edition or insert, then list available reconscripts - $sql1='SELECT * FROM trecon_script ORDER BY name'; - $result=mysql_query($sql1); - if (mysql_num_rows($result) > 0) { + $rows = get_db_all_rows_in_table('trecon_script'); + + if ($rows !== false) { echo '
".__('Name')."".__('Type')."".__('Command')."".__('Delete')."
'; echo ""; echo ""; echo ""; echo ""; $color = 0; - while ($row=mysql_fetch_array($result)){ + foreach ($rows as $row) { if ($color == 1){ $tdcolor = "datos"; $color = 0; diff --git a/pandora_console/include/db/mysql.php b/pandora_console/include/db/mysql.php index 3e48c5a752..da5ec44ab5 100644 --- a/pandora_console/include/db/mysql.php +++ b/pandora_console/include/db/mysql.php @@ -950,4 +950,13 @@ function mysql_safe_sql_string($string) { return mysql_real_escape_string($string, $config['dbconnection']); } + +/** + * Get last error. + * + * @return string Return the string error. + */ +function mysql_get_db_last_error() { + return mysql_error(); +} ?> \ No newline at end of file diff --git a/pandora_console/include/db/postgresql.php b/pandora_console/include/db/postgresql.php index 912dbf2d19..a84daec18e 100644 --- a/pandora_console/include/db/postgresql.php +++ b/pandora_console/include/db/postgresql.php @@ -180,7 +180,7 @@ function postgresql_insert_id($dbconnection = '') { return $result; } -function postgresql_process_sql($sql, $rettype = "affected_rows", $dbconnection = '', $cache = true) { +function postgresql_process_sql($sql, $rettype = "affected_rows", $dbconnection = '', $cache = true, &$status = null) { global $config; global $sql_cache; @@ -205,7 +205,10 @@ function postgresql_process_sql($sql, $rettype = "affected_rows", $dbconnection $result = pg_get_result($config['dbconnection']); } $time = microtime (true) - $start; - if ($result === false) { + + $resultError = pg_result_error($result); + + if (($result === false) || (!empty($resultError))) { $backtrace = debug_backtrace (); $error = sprintf ('%s (\'%s\') in %s on line %d', pg_result_error($result), $sql, $backtrace[0]['file'], $backtrace[0]['line']); @@ -239,9 +242,9 @@ function postgresql_process_sql($sql, $rettype = "affected_rows", $dbconnection else { //The query IS a select. add_database_debug_trace ($sql, 0, $rows, array ('time' => $time)); while ($row = pg_fetch_assoc($result)) { - array_push ($retval, $row); + array_push($retval, $row); } - + if ($cache === true) $sql_cache[$sql] = $retval; pg_free_result ($result); @@ -595,7 +598,7 @@ function postgresql_get_db_value_sql($sql) { */ function postgresql_get_db_row_sql ($sql, $search_history_db = false) { $sql .= " LIMIT 1"; - $result = get_db_all_rows_sql ($sql, $search_history_db); + $result = get_db_all_rows_sql($sql, $search_history_db); if($result === false) return false; @@ -964,4 +967,13 @@ function postgresql_safe_sql_string($string) { return pg_escape_string($config['dbconnection'], $string); } + +/** + * Get last error. + * + * @return string Return the string error. + */ +function postgresql_get_db_last_error() { + return pg_last_error(); +} ?> \ No newline at end of file diff --git a/pandora_console/include/functions_db.php b/pandora_console/include/functions_db.php index dbcb2cebd5..537478b32d 100644 --- a/pandora_console/include/functions_db.php +++ b/pandora_console/include/functions_db.php @@ -2267,7 +2267,7 @@ function get_db_all_rows_filter($table, $filter = array(), $fields = false, $whe return mysql_get_db_all_rows_filter($table, $filter, $fields, $where_join, $search_history_db, $returnSQL); break; case "postgresql": - return postgresql_get_db_all_rows_sql($table, $filter, $fields, $where_join, $search_history_db, $returnSQL); + return postgresql_get_db_all_rows_filter($table, $filter, $fields, $where_join, $search_history_db, $returnSQL); break; } } @@ -2397,17 +2397,19 @@ function clean_cache() { * 'insert_id' will return the ID of an autoincrement value * 'info' will return the full (debug) information of a query * + * @param string $status The status and type of query (support only postgreSQL). + * * @return mixed An array with the rows, columns and values in a multidimensional array or false in error */ -function process_sql($sql, $rettype = "affected_rows", $dbconnection = '', $cache = true) { +function process_sql($sql, $rettype = "affected_rows", $dbconnection = '', $cache = true, &$status = null) { global $config; switch ($config["dbtype"]) { case "mysql": - return mysql_process_sql($sql, $rettype, $dbconnection, $cache); + return @mysql_process_sql($sql, $rettype, $dbconnection, $cache); break; case "postgresql": - return postgresql_process_sql($sql, $rettype, $dbconnection, $cache); + return @postgresql_process_sql($sql, $rettype, $dbconnection, $cache, $status); break; } } @@ -3486,4 +3488,22 @@ function user_access_to_agent ($id_agent, $mode = "AR", $id_user = false) { $id_group = (int) get_db_value ('id_grupo', 'tagente', 'id_agente', (int) $id_agent); return (bool) check_acl ($id_user, $id_group, $mode); } + +/** + * Get last error. + * + * @return string Return the string error. + */ +function get_db_last_error() { + global $config; + + switch ($config["dbtype"]) { + case "mysql": + return mysql_get_db_last_error(); + break; + case "postgresql": + return postgresql_get_db_last_error(); + break; + } +} ?>
".__('Name')."".__('Command')."".__('Description')."".__('Delete')."