From bf785adeeedde2fe4806fac795db0fbb49fb5639 Mon Sep 17 00:00:00 2001 From: esanchezm Date: Fri, 27 Mar 2009 11:33:11 +0000 Subject: [PATCH] 2009-03-27 Esteban Sanchez * pandoradb.sql, extras/pandoradb_migrate_v2.x_to_v3.0.sql: Fixed constraint restrictions on alert actions. * godmode/users/configure_user.php: Many bugfixes when creating and editing. * include/auth/mysql.php: Fixed return value on create_user() because it does not return an insert id. * include/functions_db.php: Call debug() on SQL errors to get a backtrace. * include/functions_ui.php: Added a return value to debug(). * operation/users/user_edit.php: Renamed user_update(). git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1574 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f --- pandora_console/ChangeLog | 18 +++++++++ .../extras/pandoradb_migrate_v2.x_to_v3.0.sql | 22 +++++------ .../godmode/users/configure_user.php | 38 +++++++++++-------- pandora_console/include/auth/mysql.php | 6 ++- pandora_console/include/functions_db.php | 4 +- pandora_console/include/functions_ui.php | 5 ++- pandora_console/operation/users/user_edit.php | 2 +- pandora_console/pandoradb.sql | 8 ++-- 8 files changed, 67 insertions(+), 36 deletions(-) diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index 2d3faea67e..38f14795cf 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,21 @@ +2009-03-27 Esteban Sanchez + + * pandoradb.sql, extras/pandoradb_migrate_v2.x_to_v3.0.sql: Fixed + constraint restrictions on alert actions. + + * godmode/users/configure_user.php: Many bugfixes when creating and + editing. + + * include/auth/mysql.php: Fixed return value on create_user() because + it does not return an insert id. + + * include/functions_db.php: Call debug() on SQL errors to get a + backtrace. + + * include/functions_ui.php: Added a return value to debug(). + + * operation/users/user_edit.php: Renamed user_update(). + 2009-03-26 Evi Vanoost * include/functions_reporting.php: Fixed security vulnerability diff --git a/pandora_console/extras/pandoradb_migrate_v2.x_to_v3.0.sql b/pandora_console/extras/pandoradb_migrate_v2.x_to_v3.0.sql index 6f712bc31b..a3fc619394 100644 --- a/pandora_console/extras/pandoradb_migrate_v2.x_to_v3.0.sql +++ b/pandora_console/extras/pandoradb_migrate_v2.x_to_v3.0.sql @@ -59,15 +59,15 @@ CREATE TABLE IF NOT EXISTS `talert_commands` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE IF NOT EXISTS `talert_actions` ( - `id` int(10) unsigned NOT NULL auto_increment, - `name` varchar(255) default '', - `id_alert_command` int(10) unsigned NOT NULL, - `field1` varchar(255) NOT NULL default '', - `field2` varchar(255) default '', - `field3` varchar(255) default '', - PRIMARY KEY (`id`), - FOREIGN KEY (`id_alert_command`) REFERENCES talert_commands(`id`) - ON DELETE RESTRICT ON UPDATE CASCADE + `id` int(10) unsigned NOT NULL auto_increment, + `name` varchar(255) default '', + `id_alert_command` int(10) unsigned NOT NULL, + `field1` varchar(255) NOT NULL default '', + `field2` varchar(255) default '', + `field3` varchar(255) default '', + PRIMARY KEY (`id`), + FOREIGN KEY (`id_alert_command`) REFERENCES talert_commands(`id`) + ON DELETE CASCADE ON UPDATE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE IF NOT EXISTS `talert_templates` ( @@ -100,7 +100,7 @@ CREATE TABLE IF NOT EXISTS `talert_templates` ( `field3_recovery` mediumtext NOT NULL, PRIMARY KEY (`id`), FOREIGN KEY (`id_alert_action`) REFERENCES talert_actions(`id`) - ON DELETE RESTRICT ON UPDATE CASCADE + ON DELETE SET NULL ON UPDATE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE IF NOT EXISTS `talert_template_modules` ( @@ -133,7 +133,7 @@ CREATE TABLE IF NOT EXISTS `talert_template_module_actions` ( talert_template_modules(`id`) ON DELETE CASCADE ON UPDATE CASCADE, FOREIGN KEY (`id_alert_action`) REFERENCES talert_actions(`id`) - ON DELETE RESTRICT ON UPDATE CASCADE + ON DELETE CASCADE ON UPDATE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -- If you have custom stuff here, please make sure you manually diff --git a/pandora_console/godmode/users/configure_user.php b/pandora_console/godmode/users/configure_user.php index c7d130e398..13890b2f0a 100644 --- a/pandora_console/godmode/users/configure_user.php +++ b/pandora_console/godmode/users/configure_user.php @@ -43,6 +43,18 @@ $add_profile = (bool) get_parameter ('add_profile'); $delete_profile = (bool) get_parameter ('delete_profile'); $update_user = (bool) get_parameter ('update_user'); +if ($new_user && $config['admin_can_add_user']) { + $user_info = array (); + $id = ''; + $user_info['fullname'] = ''; + $user_info['firstname'] = ''; + $user_info['lastname'] = ''; + $user_info['email'] = ''; + $user_info['phone'] = ''; + $user_info['comments'] = ''; + $user_info['is_admin'] = 0; +} + if ($create_user) { if (! $config['admin_can_add_user']) { print_result_message (false, '', @@ -51,6 +63,7 @@ if ($create_user) { } $values = array (); + $id = (string) get_parameter ('id_user'); $values['fullname'] = (string) get_parameter ('fullname'); $values['firstname'] = (string) get_parameter ('firstname'); $values['lastname'] = (string) get_parameter ('lastname'); @@ -66,21 +79,24 @@ if ($create_user) { $user_info = $values; $password_new = ''; $password_confirm = ''; + $new_user = true; } elseif ($password_new != $password_confirm) { print_result_message (false, '', __('Passwords didn\'t match')); $user_info = $values; $password_new = ''; $password_confirm = ''; + $new_user = true; } else { - $id = (string) get_parameter ('id_user'); $result = create_user ($id, $password_new, $values); print_result_message ($result, - __('User successfully created'), - __('Error creating user')); + __('Successfully created'), + __('Could not be created')); $user_info = get_user_info ($id); $password_new = ''; $password_confirm = ''; } + + $user_info['is_admin'] = $is_admin; } if ($update_user) { @@ -122,19 +138,8 @@ if ($update_user) { $user_info = $values; } -if ($new_user && $config['admin_can_add_user']) { - $user_info = array (); - $id = ''; - $user_info['fullname'] = ''; - $user_info['firstname'] = ''; - $user_info['lastname'] = ''; - $user_info['email'] = ''; - $user_info['phone'] = ''; - $user_info['comments'] = ''; - $user_info['is_admin'] = 0; -} - if ($add_profile) { + $id = (string) get_parameter ('id_user'); $group = (int) get_parameter ('assign_group'); $profile = (int) get_parameter ('assign_profile'); @@ -145,6 +150,7 @@ if ($add_profile) { } if ($delete_profile) { + $id = (string) get_parameter ('id_user'); $id_up = (int) get_parameter ('id_user_profile'); $return = delete_user_profile ($id, $id_up); @@ -265,6 +271,7 @@ foreach ($result as $profile) { $data[2] = '
'; $data[2] .= print_input_hidden ('delete_profile', 1, true); $data[2] .= print_input_hidden ('id_user_profile', $profile['id_up'], true); + $data[2] .= print_input_hidden ('id_user', $id, true); $data[2] .= print_input_image ('del', 'images/cross.png', 1, '', true); $data[2] .= '
'; @@ -278,6 +285,7 @@ $data[0] .= print_select (get_profiles (), 'assign_profile', 0, '', __('None'), $data[1] = print_select (get_user_groups ($config['id_user'], 'UM'), 'assign_group', 0, '', __('None'), 0, true, false, false); $data[2] = print_input_image ('add', 'images/add.png', 1, '', true); +$data[2] .= print_input_hidden ('id_user', $id, true); $data[2] .= print_input_hidden ('add_profile', 1, true); $data[2] .= ''; diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php index 112fcfdc86..57795c2f7b 100644 --- a/pandora_console/include/auth/mysql.php +++ b/pandora_console/include/auth/mysql.php @@ -183,7 +183,9 @@ function get_users ($order = "fullname") { * @param string User id */ function process_user_contact ($id_user) { - return process_sql_update ("tusuario", array ("last_connect" => get_system_time ()), array ("id_user" => $id_user)); + return process_sql_update ("tusuario", + array ("last_connect" => get_system_time ()), + array ("id_user" => $id_user)); } /** @@ -198,7 +200,7 @@ function create_user ($id_user, $password, $user_info) { $values["last_connect"] = 0; $values["registered"] = get_system_time (); - return process_sql_insert ("tusuario", $values); + return (@process_sql_insert ("tusuario", $values)) !== false; } /** diff --git a/pandora_console/include/functions_db.php b/pandora_console/include/functions_db.php index a11485fc3f..7de63e8c32 100644 --- a/pandora_console/include/functions_db.php +++ b/pandora_console/include/functions_db.php @@ -1649,8 +1649,8 @@ function get_db_all_rows_filter ($table, $filter, $fields = false, $where_join = function sql_error_handler ($errno, $errstr) { global $config; - /* If debug is activated, the database debug table will show the error */ - if (isset ($config['debug'])) + /* If debug is activated, this will also show the backtrace */ + if (debug ($errstr)) return false; if (error_reporting () <= $errno) diff --git a/pandora_console/include/functions_ui.php b/pandora_console/include/functions_ui.php index 3be2e6e71a..25ef8ca8ea 100644 --- a/pandora_console/include/functions_ui.php +++ b/pandora_console/include/functions_ui.php @@ -852,11 +852,13 @@ function print_help_tip ($text, $return = false) { * * @param mixed Variable name to debug * @param bool Wheter to print the backtrace or not. + * + * @return bool Tru if the debug was actived. False if not. */ function debug ($var, $backtrace = true) { global $config; if (! isset ($config['debug'])) - return; + return false; static $id = 0; static $trace_id = 0; @@ -911,6 +913,7 @@ function debug ($var, $backtrace = true) { echo '
';
 	print_r ($var);
 	echo '
'; + return true; } /** diff --git a/pandora_console/operation/users/user_edit.php b/pandora_console/operation/users/user_edit.php index f2db4d799f..091a51891a 100644 --- a/pandora_console/operation/users/user_edit.php +++ b/pandora_console/operation/users/user_edit.php @@ -53,7 +53,7 @@ if (isset ($_GET["modified"]) && !$view_mode) { print_result_message (false, '', __('Passwords didn\'t match or other problem encountered while updating passwords')); } - $return = process_user_info ($id, $upd_info); + $return = update_user ($id, $upd_info); print_result_message ($return, __('User info successfully updated'), __('Error updating user info')); diff --git a/pandora_console/pandoradb.sql b/pandora_console/pandoradb.sql index e824432c22..7b64011a5e 100644 --- a/pandora_console/pandoradb.sql +++ b/pandora_console/pandoradb.sql @@ -218,7 +218,7 @@ CREATE TABLE IF NOT EXISTS `talert_actions` ( `field3` varchar(255) default '', PRIMARY KEY (`id`), FOREIGN KEY (`id_alert_command`) REFERENCES talert_commands(`id`) - ON DELETE RESTRICT ON UPDATE CASCADE + ON DELETE CASCADE ON UPDATE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE IF NOT EXISTS `talert_templates` ( @@ -251,7 +251,7 @@ CREATE TABLE IF NOT EXISTS `talert_templates` ( `field3_recovery` mediumtext NOT NULL, PRIMARY KEY (`id`), FOREIGN KEY (`id_alert_action`) REFERENCES talert_actions(`id`) - ON DELETE RESTRICT ON UPDATE CASCADE + ON DELETE SET NULL ON UPDATE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE IF NOT EXISTS `talert_template_modules` ( @@ -269,7 +269,7 @@ CREATE TABLE IF NOT EXISTS `talert_template_modules` ( FOREIGN KEY (`id_agent_module`) REFERENCES tagente_modulo(`id_agente_modulo`) ON DELETE CASCADE ON UPDATE CASCADE, FOREIGN KEY (`id_alert_template`) REFERENCES talert_templates(`id`) - ON DELETE RESTRICT ON UPDATE CASCADE, + ON DELETE CASCADE ON UPDATE CASCADE, UNIQUE (`id_agent_module`, `id_alert_template`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; @@ -283,7 +283,7 @@ CREATE TABLE IF NOT EXISTS `talert_template_module_actions` ( FOREIGN KEY (`id_alert_template_module`) REFERENCES talert_template_modules(`id`) ON DELETE CASCADE ON UPDATE CASCADE, FOREIGN KEY (`id_alert_action`) REFERENCES talert_actions(`id`) - ON DELETE RESTRICT ON UPDATE CASCADE + ON DELETE CASCADE ON UPDATE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE IF NOT EXISTS `talert_compound` (