tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2008-07-17 Evi Vanoost <vanooste@rcbi.rochester.edu> 

* pandora_console/godmode/db/*.php
        -require_once for config might already have loaded
        -Changed mysql_real_escape_string in favor of get_parameter_post
        -Process the DELETE SQL queries through process_sql()
        -Changed comprueba_login() for check_login()
        -Adhered some things to preferred style
        -Compounded SQL queries into joins, subqueries or functions
        -Removed mysql_close() from db_purge.php since the select
        after the delete wouldn't work anymore (database closed)

        * pandora_console/godmode/reporting/reporting_builder.php
        -Fixed a bug that was introduced when the SQL functions returned false

        * pandora_console/include/functions_db.php
        -Made foreach instead of while loops for simpler functions
        -Fixed get_reports that failed since SQL function return false
        -All SQL functions now return false in case of empty
        -New SQL function process_sql that can handle DELETE. Returns
        affected rows in case of a changing query or an array in case
        it was a selecting query or false in case of error

        * pandora_console/include/functions.php
        -Simplified safe_input function

        * pandora_console/index.php
        -Updated SQL queries, style changes

        * pandora_console/operation/agentes/*.php
        -Style changes and updates to use check_login


git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@962 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
guruevi 2008-07-21 12:23:28 +00:00
parent 401620e8fa
commit d97b4be836
23 changed files with 454 additions and 484 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
pandora_console/ChangeLog
View File

@ -1,3 +1,35 @@
2008-07-17 Evi Vanoost <vanooste@rcbi.rochester.edu>
* godmode/db/*.php
-require_once for config might already have loaded
-Changed mysql_real_escape_string in favor of get_parameter_post
-Process the DELETE SQL queries through process_sql()
-Changed comprueba_login() for check_login()
-Adhered some things to preferred style
-Compounded SQL queries into joins, subqueries or functions
-Removed mysql_close() from db_purge.php since the select
after the delete wouldn't work anymore (database closed)
* godmode/reporting/reporting_builder.php
-Fixed a bug that was introduced when the SQL functions returned false
* include/functions_db.php
-Made foreach instead of while loops for simpler functions
-Fixed get_reports that failed since SQL function return false
-All SQL functions now return false in case of empty
-New SQL function process_sql that can handle DELETE. Returns
affected rows in case of a changing query or an array in case
it was a selecting query or false in case of error
* include/functions.php
-Simplified safe_input function
* index.php
-Updated SQL queries, style changes
* operation/agentes/*.php
-Style changes and updates to use check_login
2008-07-17 Esteban Sanchez <estebans@artica.es>
* godmode/reporting/map_builder.php: Check background existance to

7
pandora_console/godmode/db/db_audit.php
View File

@ -18,7 +18,7 @@
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// Load global vars
require ("include/config.php");
require_once ("include/config.php");
check_login ();
if ((give_acl ($id_user, 0, "DM")==1) or (dame_admin ($id_user)==1)) {
@ -43,10 +43,9 @@ if ((give_acl ($id_user, 0, "DM")==1) or (dame_admin ($id_user)==1)) {
# Purge data using dates
# Purge data using dates
if (isset($_POST["purgedb"])){ # Fixed 2005-1-13, nil
$from_date = mysql_real_escape_string($_POST["date_purge"]);
$from_date = get_parameter_post("date_purge");
$query = sprintf("DELETE FROM `tsesion` WHERE `fecha` < '%s';",$from_date);
echo $query;
mysql_query($query);
(int) $deleted = process_sql($query);
}
# End of get parameters block

10
pandora_console/godmode/db/db_event.php
View File

@ -7,12 +7,12 @@
// Raul Mateos <raulofpandora@gmail.com>, 2005-2006
// Load global vars
require ("include/config.php");
require_once ("include/config.php");
check_login ();
if ((give_acl($id_user, 0, "DM")==1) or (dame_admin($id_user)==1)) {
if ((give_acl ($id_user, 0, "DM")==1) or (dame_admin ($id_user)==1)) {
require("godmode/db/times_incl.php");
require ("godmode/db/times_incl.php");
$datos_rango3=0;
$datos_rango2=0;
@ -24,9 +24,9 @@ if ((give_acl($id_user, 0, "DM")==1) or (dame_admin($id_user)==1)) {
# Purge data using dates
# Purge data using dates
if (isset ($_POST["date_purge"])){
$from_date = mysql_real_esape_string ($_POST["date_purge"]);
$from_date = get_parameter_post ("date_purge");
$query = sprintf ("DELETE FROM `tevento` WHERE `timestamp` < '%s'",$from_date);
mysql_query ($query);
(int) $deleted = process_sql ($query);
}
# End of get parameters block

2
pandora_console/godmode/db/db_info.php
View File

@ -7,7 +7,7 @@
// Evi Vanoost <vanooste@rcbi.rochester.edu> 2008
// Load global vars
require ("include/config.php");
require_once ("include/config.php");
check_login ();
if ((give_acl ($id_user, 0, "DM")==1) or (dame_admin ($id_user)==1)) {

28
pandora_console/godmode/db/db_info_data.php
View File

@ -17,7 +17,7 @@
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// Load global vars
require ("include/config.php");
require_once ("include/config.php");
check_login ();
if ((give_acl ($id_user, 0, "DM")==1) or (dame_admin ($id_user)==1)) {
@ -40,17 +40,15 @@ if ((give_acl ($id_user, 0, "DM")==1) or (dame_admin ($id_user)==1)) {
echo "<th>".$lang_label["total_data"]."</th>";
$color=0;
$result_2=get_db_all_fields_in_table("tagente","id_agente");
foreach($result_2 as $rownum => $row2) {
$total_agente=0;
$result_3=mysql_query("SELECT id_agente_modulo FROM tagente_modulo WHERE id_agente = ".$row2["id_agente"]);
$row3c = mysql_num_rows($result_3);
// for all data_modules belongs to an agent
while ($row3=mysql_fetch_array($result_3)){
$result_4=mysql_query("SELECT COUNT(id_agente_modulo) FROM tagente_datos WHERE id_agente_modulo = ".$row3["id_agente_modulo"]);
$row4=mysql_fetch_array($result_4);
$total_agente=$total_agente + $row4[0];
}
$sql = "SELECT `id_agente`, `nombre` FROM `tagente`";
$result = get_db_all_rows_sql($sql);
foreach($result as $row2) {
$sql = sprintf("SELECT COUNT(`id_agente_modulo`) FROM `tagente_modulo` WHERE `id_agente` = '%d'",$row2["id_agente"]);
$row3c = get_db_sql($sql);
// for all data_modules belongs to an agent -- simplified, made
// faster
$sql=sprintf("SELECT COUNT(`id_agente_datos`) FROM `tagente_datos` WHERE `id_agente` = '%d'",$row2["id_agente"]);
$total_agente = get_db_sql($sql);
if ($color == 1){
$tdcolor = "datos";
$color = 0;
@ -61,15 +59,15 @@ if ((give_acl ($id_user, 0, "DM")==1) or (dame_admin ($id_user)==1)) {
}
echo "<tr>
<td class='$tdcolor'>
<b><a href='index.php?sec=gagente&sec2=operation/agentes/ver_agente&id_agente=".$row2["id_agente"]."'>".dame_nombre_agente($row2[0])."</a></b></td>";
<b><a href='index.php?sec=gagente&sec2=operation/agentes/ver_agente&id_agente=".$row2["id_agente"]."'>".$row2["nombre"]."</a></b></td>";
echo "<td class='$tdcolor'>".$row3c."</td>";
echo "<td class='$tdcolor'>".$total_agente."</td></tr>";
flush();
flush ();
//ob_flush();
}
echo "</table>";
} else {
audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access Database Management Info data");
audit_db ($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access Database Management Info data");
require ("general/noaccess.php");
}
?>

2
pandora_console/godmode/db/db_main.php
View File

@ -20,7 +20,7 @@
global $config;
check_login ();
if ((give_acl($id_user, 0, "DM")==1) or (dame_admin($id_user)==1)) {
if ((give_acl ($id_user, 0, "DM")==1) or (dame_admin ($id_user)==1)) {
// Todo for a good DB maintenance
/*
- Delete too on datos_string and and datos_inc tables

114
pandora_console/godmode/db/db_purge.php
View File

@ -21,10 +21,10 @@ check_login ();
$id_usuario= $_SESSION["id_usuario"];
if (give_acl($id_usuario, 0, "DM")==1){
if (give_acl ($id_usuario, 0, "DM")==1){
if (isset($_POST["agent"])){
$id_agent =$_POST["agent"];
if (isset ($_POST["agent"])){
$id_agent = get_parameter_post ("agent");
} else
$id_agent = -1;
@ -38,7 +38,13 @@ if (give_acl($id_usuario, 0, "DM")==1){
require("godmode/db/times_incl.php");
$datos_rango3=0;$datos_rango2=0;$datos_rango1=0;$datos_rango0=0; $datos_rango00=0; $datos_rango11=0; $datos_total=0;
$datos_rango3=0;
$datos_rango2=0;
$datos_rango1=0;
$datos_rango0=0;
$datos_rango00=0;
$datos_rango11=0;
$datos_total=0;
# ADQUIRE DATA PASSED AS FORM PARAMETERS
# ======================================
@ -47,43 +53,38 @@ if (give_acl($id_usuario, 0, "DM")==1){
# Purge data using dates
if (isset($_POST["purgedb"])){
$from_date =$_POST["date_purge"];
$from_date = get_parameter_post ("date_purge");
if (isset($id_agent)){
if ($id_agent != -1) {
echo $lang_label["purge_task"].$id_agent." / ".$from_date;
echo $lang_label["purge_task"].$id_agent." / ".$from_date;
echo "<h3>".$lang_label["please_wait"]."<br>",$lang_label["while_delete_data"].$lang_label["agent"]."</h3>";
if ($id_agent == 0)
$sql_2='SELECT * FROM tagente_modulo';
else
$sql_2='SELECT * FROM tagente_modulo WHERE id_agente = '.$id_agent;
if ($id_agent == 0) {
$sql_2='SELECT * FROM tagente_modulo';
} else {
$sql_2='SELECT * FROM tagente_modulo WHERE id_agente = '.$id_agent;
}
$result_t=mysql_query($sql_2);
while ($row=mysql_fetch_array($result_t)){
while ($row=mysql_fetch_array($result_t)) {
echo $lang_label["deleting_records"].dame_nombre_modulo_agentemodulo($row["id_agente_modulo"]);
flush();
//ob_flush();
echo "<br>";
$query = "DELETE FROM tagente_datos WHERE id_agente_modulo = ".$row["id_agente_modulo"]." and timestamp < '".$from_date."'";
mysql_query($query);
$query = "DELETE FROM tagente_datos_inc WHERE id_agente_modulo = ".$row["id_agente_modulo"]." and timestamp < '".$from_date."'";
mysql_query($query);
$query = "DELETE FROM tagente_datos_string WHERE id_agente_modulo = ".$row["id_agente_modulo"]." and timestamp < '".$from_date."'";
mysql_query($query);
$query = sprintf("DELETE FROM `tagente_datos` WHERE `id_agente_modulo` = '%d' AND `timestamp` < '%s'",$row["id_agente_modulo"],$from_date);
process_sql ($query);
$query = sprintf("DELETE FROM `tagente_datos_inc` WHERE `id_agente_modulo` = '%d' AND `timestamp` < '%s'",$row["id_agente_modulo"],$from_date);
process_sql ($query);
$query = sprintf("DELETE FROM `tagente_datos_string` WHERE `id_agente_modulo` = '%d' AND `timestamp` < '%s'",$row["id_agente_modulo"],$from_date);
process_sql ($query);
}
}
else {
} else {
echo $lang_label["deleting_records"].$lang_label["all_agents"];
flush();
ob_flush();
$query = "DELETE FROM tagente_datos WHERE timestamp < '".$from_date."'";
mysql_query($query);
$query = "DELETE FROM tagente_datos_inc WHERE timestamp < '".$from_date."'";
mysql_query($query);
$query = "DELETE FROM tagente_datos_string WHERE timestamp < '".$from_date."'";
mysql_query($query);
$query = "DELETE FROM tagente_datos,tagente_datos_inc,tagente_datos_string WHERE timestamp < '".$from_date."'";
process_sql ($query);
}
echo "<br><br>";
echo "<br><br>";
}
mysql_close();
}
# Select Agent for further operations.
@ -119,34 +120,23 @@ if (give_acl($id_usuario, 0, "DM")==1){
if (isset($_POST["agent"]) and ($id_agent !=-1)){
echo "<h3>".$lang_label["db_agent_bra"].dame_nombre_agente($id_agent).$lang_label["db_agent_ket"]."</h3>";
if ($id_agent == 0)
$sql_2='SELECT * FROM tagente_modulo';
else
$sql_2='SELECT * FROM tagente_modulo WHERE id_agente = '.$id_agent;
$result_t=mysql_query($sql_2);
while ($row=mysql_fetch_array($result_t)){
/* flush();
ob_flush(); */
$rango00=mysql_query('SELECT COUNT(*) FROM tagente_datos WHERE id_agente_modulo = '.$row["id_agente_modulo"].' and timestamp > "'.$d1.'"');
$rango0=mysql_query('SELECT COUNT(*) FROM tagente_datos WHERE id_agente_modulo = '.$row["id_agente_modulo"].' and timestamp > "'.$d3.'"');
$rango1=mysql_query('SELECT COUNT(*) FROM tagente_datos WHERE id_agente_modulo = '.$row["id_agente_modulo"].' and timestamp > "'.$week.'"');
$rango11=mysql_query('SELECT COUNT(*) FROM tagente_datos WHERE id_agente_modulo = '.$row["id_agente_modulo"].' and timestamp > "'.$week2.'"');
$rango2=mysql_query('SELECT COUNT(*) FROM tagente_datos WHERE id_agente_modulo = '.$row["id_agente_modulo"].' and timestamp > "'.$month.'"');
$rango3=mysql_query('SELECT COUNT(*) FROM tagente_datos WHERE id_agente_modulo = '.$row["id_agente_modulo"].' and timestamp > "'.$month3.'"');
$rango4=mysql_query('SELECT COUNT(*) FROM tagente_datos WHERE id_agente_modulo = '.$row["id_agente_modulo"]);
$row00=mysql_fetch_array($rango00);
$row3=mysql_fetch_array($rango3); $row1=mysql_fetch_array($rango1);
$row2=mysql_fetch_array($rango2); $row11=mysql_fetch_array($rango11);
$row0=mysql_fetch_array($rango0);
$row4=mysql_fetch_array($rango4);
$datos_rango00=$datos_rango00+$row00[0];
$datos_rango0=$datos_rango0+$row0[0];
$datos_rango3=$datos_rango3+$row3[0];
$datos_rango2=$datos_rango2+$row2[0];
$datos_rango1=$datos_rango1+$row1[0];
$datos_rango11=$datos_rango11+$row11[0];
$datos_total=$datos_total+$row4[0];
}
$sql = "SELECT id_agente_modulo FROM tagente_modulo";
if ($id_agent != 0) {
$sql .= sprintf(" WHERE id_agente = '%d'",$id_agent);
}
/*
flush();
ob_flush();
*/
$datos_rango00 += get_db_sql (sprintf("SELECT COUNT(*) FROM `tagente_datos` WHERE `id_agente_modulo` = ANY(%s) AND `timestamp` > '%s'",$sql,$d1));
$datos_rango0 += get_db_sql (sprintf("SELECT COUNT(*) FROM `tagente_datos` WHERE `id_agente_modulo` = ANY(%s) AND `timestamp` > '%s'",$sql,$d3));
$datos_rango1 += get_db_sql (sprintf("SELECT COUNT(*) FROM `tagente_datos` WHERE `id_agente_modulo` = ANY(%s) AND `timestamp` > '%s'",$sql,$week));
$datos_rango11 += get_db_sql (sprintf("SELECT COUNT(*) FROM `tagente_datos` WHERE `id_agente_modulo` = ANY(%s) AND `timestamp` > '%s'",$sql,$week2));
$datos_rango2 += get_db_sql (sprintf("SELECT COUNT(*) FROM `tagente_datos` WHERE `id_agente_modulo` = ANY(%s) AND `timestamp` > '%s'",$sql,$month));
$datos_rango3 += get_db_sql (sprintf("SELECT COUNT(*) FROM `tagente_datos` WHERE `id_agente_modulo` = ANY(%s) AND `timestamp` > '%s'",$sql,$month3));
$datos_total += get_db_sql (sprintf("SELECT COUNT(*) FROM `tagente_datos` WHERE `id_agente_modulo` = ANY(%s)",$sql));
}
?>
@ -156,48 +146,48 @@ if (give_acl($id_usuario, 0, "DM")==1){
<?php echo $lang_label["rango3"]?>
</td>
<td class=datos>
<?php echo $datos_rango3 ?>
<?php echo $datos_rango3; ?>
</td>
<tr><td class=datos2>
<?php echo $lang_label["rango2"]?>
</td>
<td class=datos2>
<?php echo $datos_rango2 ?>
<?php echo $datos_rango2; ?>
</td>
<tr><td class=datos>
<?php echo $lang_label["rango11"]?>
</td>
<td class=datos>
<?php echo $datos_rango11 ?>
<?php echo $datos_rango11; ?>
</td>
<tr><td class=datos2>
<?php echo $lang_label["rango1"]?>
</td>
<td class=datos2>
<?php echo $datos_rango1 ?>
<?php echo $datos_rango1; ?>
</td>
<tr><td class=datos>
<?php echo $lang_label["rango0"]?>
</td>
<td class=datos>
<?php echo $datos_rango0 ?>
<?php echo $datos_rango0; ?>
</td>
<tr><td class=datos2>
<?php echo $lang_label["rango00"]?>
</td>
<td class=datos2>
<?php echo $datos_rango00 ?>
<?php echo $datos_rango00; ?>
</td>
<tr><td class=datos>
<b><?php echo $lang_label["total_packets"]?></b>
</td>
<td class=datos>
<b><?php echo $datos_total ?></b>
<b><?php echo $datos_total; ?></b>
</td>
</tr>
</table>

11
pandora_console/godmode/db/db_refine.php
View File

@ -19,13 +19,14 @@
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, U6
// Load global vars
require("include/config.php");
require_once ("include/config.php");
check_login ();
$id_user = $_SESSION["id_usuario"];
if ((give_acl($id_user, 0, "DM")==1) or (dame_admin($id_user)==1)) {
if ((isset($_GET["operacion"])) AND (! isset($_POST["update_agent"]))){
if ((give_acl ($id_user, 0, "DM")==1) or (dame_admin ($id_user)==1)) {
if ((isset ($_GET["operacion"])) AND (!isset ($_POST["update_agent"]))){
// DATA COPY
if (isset($_POST["eliminar"])) {
if (isset ($_POST["eliminar"])) {
echo "<h2>".$lang_label["deletedata"]."</h2>";
// First checkings
@ -37,7 +38,7 @@ if ((give_acl($id_user, 0, "DM")==1) or (dame_admin($id_user)==1)) {
include ("general/footer.php");
exit;
}
$origen_modulo = $_POST["origen_modulo"];
$origen_modulo = mysql_real_esape_string($_POST["origen_modulo"]);
if (count($origen_modulo) <= 0){
echo "<h3 class='error'>ERROR: ".$lang_label["nomodules_selected"]."</h3>";
echo "</table>";

7
pandora_console/godmode/reporting/reporting_builder.php
View File

@ -21,11 +21,6 @@
$id_user=$_SESSION["id_usuario"];
global $REMOTE_ADDR;
if (comprueba_login() != 0) {
audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access report builder");
include ("general/noaccess.php");
exit;
}
if ((give_acl($id_user, 0, "AW") != 1) && (dame_admin ($id_user) != 1)) {
audit_db($id_usuario,$REMOTE_ADDR, "ACL Violation","Trying to access graph builder");
@ -484,7 +479,7 @@ if ($edit_sla_report_content) {
$reports = get_db_all_rows_in_table ('treport', 'name');
$table->width = '0px';
if (sizeof ($reports)) {
if ($reports !== false) {
$table->id = 'report_list';
$table->width = '600px';
$table->head = array ();

7
pandora_console/include/functions.php
View File

@ -46,11 +46,8 @@ function safe_input ($value) {
if (is_numeric ($value))
return $value;
if (is_array ($value)) {
$retval = array ();
foreach ($value as $id => $val) {
$retval[$id] = htmlentities (utf8_decode ($val), ENT_QUOTES);
}
return $retval;
$value = array_walk($value,'safe_input');
return $value;
}
return htmlentities (utf8_decode ($value), ENT_QUOTES);
}

114
pandora_console/include/functions_db.php
View File

@ -79,42 +79,40 @@ AND `tusuario_perfil`.`id_usuario` = '%s' AND (`tusuario_perfil`.`id_grupo` = '%
$rowdup = get_db_all_rows_sql($query1);
$result = 0;
$i = 0;
while($rowdup[$i]){
foreach($rowdup as $row) {
// For each profile for this pair of group and user do...
switch ($access) {
case "IR":
$result += $rowdup[$i]["incident_view"];
$result += $row["incident_view"];
break;
case "IW":
$result += $rowdup[$i]["incident_edit"];
$result += $row["incident_edit"];
break;
case "IM":
$result += $rowdup[$i]["incident_management"];
$result += $row["incident_management"];
break;
case "AR":
$result += $rowdup[$i]["agent_view"];
$result += $row["agent_view"];
break;
case "AW":
$result += $rowdup[$i]["agent_edit"];
$result += $row["agent_edit"];
break;
case "LW":
$result += $rowdup[$i]["alert_edit"];
$result += $row["alert_edit"];
break;
case "LM":
$result += $rowdup[$i]["alert_management"];
$result += $row["alert_management"];
break;
case "PM":
$result += $rowdup[$i]["pandora_management"];
$result += $row["pandora_management"];
break;
case "DM":
$result += $rowdup[$i]["db_management"];
$result += $row["db_management"];
break;
case "UM":
$result += $rowdup[$i]["user_management"];
$result += $row["user_management"];
break;
}
$i++;
}
if ($result > 1)
$result = 1;
@ -266,7 +264,7 @@ function get_alerts_in_agent ($id_agent) {
function get_reports ($id_user) {
$user_reports = array ();
$all_reports = get_db_all_rows_in_table ('treport', 'name');
if (sizeof ($all_reports) == 0) {
if ($all_reports === false) {
return $user_reports;
}
foreach ($all_reports as $report) {
@ -1224,6 +1222,7 @@ function give_agent_id_from_module_id ($id_agent_module) {
return (int) get_db_value ('id_agente', 'tagente_modulo', 'id_agente_modulo', $id_agent_module);
}
$sql_cache=array('saved' => 0);
/**
* Get the first value of the first row of a table in the database.
*
@ -1231,10 +1230,9 @@ function give_agent_id_from_module_id ($id_agent_module) {
* @param table Table to retrieve the data
* @param field_search Field to filter elements
* @param condition Condition the field must have
*
* @return
*/
$sql_cache=array('saved' => 0);
*
* @return
*/
function get_db_value ($field, $table, $field_search=1, $condition=1){
if (is_int ($condition)) {
@ -1245,10 +1243,11 @@ function get_db_value ($field, $table, $field_search=1, $condition=1){
$sql = sprintf ("SELECT %s FROM `%s` WHERE `%s` = '%s' LIMIT 1", $field, $table, $field_search, $condition);
}
$result = get_db_all_rows_sql ($sql);
if(is_array ($result))
return $result[0][$field];
return "";
if($result === false)
return false;
return $result[0][$field];
}
/**
@ -1261,8 +1260,11 @@ function get_db_value ($field, $table, $field_search=1, $condition=1){
function get_db_row_sql ($sql) {
$sql .= " LIMIT 1";
$result = get_db_all_rows_sql ($sql);
return $result[0];
if($result === false)
return false;
return $result[0];
}
/**
@ -1288,6 +1290,9 @@ function get_db_row ($table, $field_search, $condition) {
}
$result = get_db_all_rows_sql ($sql);
if($result === false)
return false;
return $result[0];
}
@ -1300,12 +1305,11 @@ function get_db_row ($table, $field_search, $condition) {
* @return The selected field of the first row in a select statement.
*/
function get_db_sql ($sql, $field = 0) {
$row = get_db_all_rows_sql ($sql);
if (is_array ($row)) {
return $row[0][$field];
} else {
return "";
}
$result = get_db_all_rows_sql ($sql);
if($result === false)
return false;
return $result[0][$field];
}
/**
@ -1313,32 +1317,48 @@ function get_db_sql ($sql, $field = 0) {
*
* @param $sql SQL statement to execute.
*
* @return A matrix with all the values returned from the SQL statement
* @return A matrix with all the values returned from the SQL statement or
* false in case of empty result
*/
function get_db_all_rows_sql ($sql) {
global $config;
$return = process_sql($sql);
if (! empty ($return))
return $return;
//Return false, check with === or !==
return false;
}
/**
* This function comes back with an array in case of SELECT
* in case of UPDATE, DELETE etc. with affected rows
* an empty array in case of SELECT without results
*/
function process_sql ($sql) {
global $config;
global $sql_cache;
$retval = array();
if (! empty ($sql_cache[$sql])) {
$retval = $sql_cache[$sql];
$sql_cache['saved']++;
} else {
$result = mysql_query ($sql);
if (!$result) {
if ($result === false) {
echo '<strong>Error:</strong> get_db_all_rows_sql ("'.$sql.'") :'. mysql_error ().'<br />';
return $retval;
return false;
} elseif ($result === true) {
return mysql_affected_rows (); //This happens in case the statement was executed but didn't need a resource
} else {
while ($row = mysql_fetch_array ($result)) {
array_push ($retval, $row);
}
$sql_cache[$sql] = $retval;
mysql_free_result ($result);
}
while ($row = mysql_fetch_array ($result)) {
array_push ($retval, $row);
}
$sql_cache[$sql] = $retval;
mysql_free_result ($result);
}
if (! empty ($retval))
return $retval;
//Return false, check with === or !==
return false;
return $retval;
//Return false, check with === or !==
}
/**
@ -1367,15 +1387,15 @@ function get_db_all_rows_in_table ($table, $order_field = "") {
*/
function get_db_all_rows_field_filter ($table, $field, $condition, $order_field = "") {
if (is_int ($condition)) {
$sql = sprintf ('SELECT * FROM %s WHERE %s = %d', $table, $field, $condition);
$sql = sprintf ("SELECT * FROM `%s` WHERE `%s` = '%d'", $table, $field, $condition);
} else if (is_float ($condition) || is_double ($condition)) {
$sql = sprintf ('SELECT * FROM %s WHERE %s = %f', $table, $field, $condition);
$sql = sprintf ("SELECT * FROM `%s` WHERE `%s` = '%f'", $table, $field, $condition);
} else {
$sql = sprintf ('SELECT * FROM %s WHERE %s = "%s"', $table, $field, $condition);
$sql = sprintf ("SELECT * FROM `%s` WHERE `%s` = '%s'", $table, $field, $condition);
}
if ($order_field != "")
$sql .= " ORDER BY ".$order_field;
$sql .= sprintf(" ORDER BY `%s`",$order_field);
return get_db_all_rows_sql ($sql);
}

15
pandora_console/index.php
View File

@ -60,10 +60,11 @@ if ((! file_exists("include/config.php")) OR (! is_readable("include/config.php"
// Real start
session_start();
include_once ("include/config.php");
include_once ("include/languages/language_".$config["language"].".php");
require_once ("include/config.php");
require_once ("include/languages/language_".$config["language"].".php");
require_once ("include/functions.php");
require_once ("include/functions_db.php");
//We should require this or you might end up with some empty strings
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
@ -132,13 +133,12 @@ $REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
if ( (! isset ($_SESSION['id_usuario'])) && (isset ($_GET["login"]))) {
$nick = get_parameter_post ("nick");
$pass = get_parameter_post ("pass");
// Connect to Database
$sql1 = 'SELECT * FROM tusuario WHERE id_usuario = "'.$nick.'"';
$result = mysql_query ($sql1);
$sql1 = sprintf("SELECT `id_usuario`, `password` FROM `tusuario` WHERE `id_usuario` = '%s'",$nick);
$row = get_db_row_sql ($sql1);
// For every registry
if ($row = mysql_fetch_array ($result)){
if ($row !== false){
if ($row["password"] == md5 ($pass)){
// Login OK
// Nick could be uppercase or lowercase (select in MySQL
@ -165,8 +165,7 @@ if ( (! isset ($_SESSION['id_usuario'])) && (isset ($_GET["login"]))) {
"Incorrect password: " . $nick . " / " . $pass);
exit;
}
}
else {
} else {
// User not known
unset ($_GET["sec2"]);
include "general/logon_failed.php";

32
pandora_console/operation/agentes/datos_agente.php
View File

@ -18,28 +18,28 @@
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// Load global vars
require("include/config.php");
require ("include/config.php");
function datos_raw($id_agente_modulo, $periodo){
function datos_raw ($id_agente_modulo, $periodo){
global $config;
require("include/languages/language_".$config["language"].".php");
$id_user = $config["id_user"];
$periodo_label = $periodo;
switch ($periodo) {
case "mes":
$periodo = 86400*30;
$et=$lang_label["last_month"];
break;
$periodo = 2592000;
$et=$lang_label["last_month"];
break;
case "semana":
$periodo = 86400*7;
$et=$lang_label["last_week"];
break;
$periodo = 604800;
$et=$lang_label["last_week"];
break;
case "dia":
$periodo = 86400;
$et=$lang_label["last_24"];
break;
$periodo = 86400;
$et=$lang_label["last_24"];
break;
}
$periodo = time() - $periodo;
$periodo = time () - $periodo;
$id_agent = give_agent_id_from_module_id ($id_agente_modulo);
$id_group = get_db_value ("id_grupo", "tagente", "id_agente", $id_agent);
// Different query for string data type
@ -108,9 +108,9 @@ function datos_raw($id_agente_modulo, $periodo){
// Page begin
// ---------------
$id_user = "";
if (comprueba_login() == 0)
$id_user = $_SESSION["id_usuario"];
check_login();
$id_user = $_SESSION["id_usuario"];
if (give_acl($id_user, 0, "AR")!=1) {
audit_db ($id_user, $REMOTE_ADDR, "ACL Violation",
@ -133,6 +133,6 @@ if (isset($_GET["delete"])) {
$result=mysql_query($sql);
}
datos_raw($id,$tipo);
datos_raw ($id,$tipo);
?>

9
pandora_console/operation/agentes/estado_agente.php
View File

@ -16,14 +16,11 @@
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// Load global vars
require("include/config.php");
require ("include/config.php");
check_login ();
if (comprueba_login ()) {
audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access Agent view");
require ("general/noaccess.php");
}
if (give_acl($id_user, 0, "AR") == 0) {
audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access agent main list view");
audit_db ($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access agent main list view");
require ("general/noaccess.php");
exit;
}

10
pandora_console/operation/agentes/estado_alertas.php
View File

@ -17,23 +17,23 @@
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// Load global vars
require("include/config.php");
require ("include/config.php");
// Login check
$id_usuario=$_SESSION["id_usuario"];
global $REMOTE_ADDR;
if (comprueba_login() != 0) {
if (check_login() != 0) {
audit_db($id_usuario,$REMOTE_ADDR, "ACL Violation","Trying to access alert view");
include ("general/noaccess.php");
exit;
}
if ((give_acl($config["id_user"], 0, "AR")!=1) AND (!give_acl($config["id_user"],0,"AW")) AND (dame_admin($config["id_user"])!=1)) {
audit_db($id_usuario,$REMOTE_ADDR, "ACL Violation","Trying to access alert view");
if ((give_acl($config["id_user"], 0, "AR")!=1) AND (!give_acl($config["id_user"],0,"AW")) AND (dame_admin($config["id_user"])!=1)) {
audit_db($id_usuario,$REMOTE_ADDR, "ACL Violation","Trying to access alert view");
include ("general/noaccess.php");
exit;
}
}
// -------------------------------

296
pandora_console/operation/agentes/estado_generalagente.php
View File

@ -16,190 +16,156 @@
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// Load global vars
require("include/config.php");
require ("include/config.php");
check_login ();
if (comprueba_login() == 0) {
if (isset($_GET["id_agente"])){
$id_agente = $_GET["id_agente"];
if (isset($_GET["id_agente"])){
$id_agente = $_GET["id_agente"];
// Connect BBDD
$sql1='SELECT * FROM tagente WHERE id_agente = '.$id_agente;
$result=mysql_query($sql1);
if ($row=mysql_fetch_array($result)){
$intervalo = $row["intervalo"]; // Interval in seconds to receive data
$nombre_agente = $row["nombre"];
$direccion_agente =$row["direccion"];
$ultima_act = $row["ultimo_contacto"];
$ultima_act_remota =$row["ultimo_contacto_remoto"];
$comentarios = $row["comentarios"];
$id_grupo = $row["id_grupo"];
$id_os= $row["id_os"];
$id_parent= $row["id_parent"];
$os_version = $row["os_version"];
$agent_version = $row["agent_version"];
$disabled= $row["disabled"];
$network_server = $row["id_network_server"];
} else {
echo "<h3 class='error'>".$lang_label["agent_error"]."</h3>";
echo "</table>";
echo "</div><div id='foot'>";
include ("general/footer.php");
echo "</div>";
exit;
}
$sql1='SELECT * FROM tagente WHERE id_agente = '.$id_agente;
$result=mysql_query($sql1);
if ($row=mysql_fetch_array($result)){
$intervalo = $row["intervalo"]; // Interval in seconds to receive data
$nombre_agente = $row["nombre"];
$direccion_agente =$row["direccion"];
$ultima_act = $row["ultimo_contacto"];
$ultima_act_remota =$row["ultimo_contacto_remoto"];
$comentarios = $row["comentarios"];
$id_grupo = $row["id_grupo"];
$id_os= $row["id_os"];
$id_parent= $row["id_parent"];
$os_version = $row["os_version"];
$agent_version = $row["agent_version"];
$disabled= $row["disabled"];
$network_server = $row["id_network_server"];
} else {
echo "<h3 class='error'>".$lang_label["agent_error"]."</h3>";
echo "</table>";
echo "</div><div id='foot'>";
include ("general/footer.php");
echo "</div>";
exit;
}
}
echo "<h2>".$lang_label["ag_title"]." &gt; ".$lang_label["view_agent_general_data"]."</h2>";
echo "<h2>".$lang_label["ag_title"]." &gt; ".$lang_label["view_agent_general_data"]."</h2>";
// Blank space below title
echo "<div style='height: 10px'> </div>";
echo '<table cellspacing="0" cellpadding="0" width="750" border=0 class="databox">';
echo "<tr><td>";
echo '<table cellspacing="4" cellpadding="4" border=0 class="databox">';
echo '<tr>
// Blank space below title
echo "<div style='height: 10px'> </div>";
echo '<table cellspacing="0" cellpadding="0" width="750" border=0 class="databox">';
echo "<tr><td>";
echo '<table cellspacing="4" cellpadding="4" border=0 class="databox">';
echo '<tr>
<td class="datos"><b>'.$lang_label["agent_name"].'</b></td>
<td class="datos"><b>'.strtoupper(salida_limpia($nombre_agente)).'</b></td>';
echo "<td class='datos2' width='40'>
echo "<td class='datos2' width='40'>
<a class='info' href='index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=".$id_agente."&refr=60'><span>".$lang_label["refresh_data"]."</span><img src='images/refresh.png' class='top' border=0></a>&nbsp;";
echo "<a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&flag_agent=1&id_agente=$id_agente'><img src='images/target.png' border=0></A>";
// Data base access graph
echo '</td>';
echo '</tr>';
echo '<tr>
<td class="datos2"><b>'.$lang_label["ip_address"].'</b></td>
<td class="datos2" colspan=2>';
// Show all address for this agent, show first the main IP (taken from tagente table)
echo "<select style='padding:0px' name='notused' size='1'>";
echo "<option>".salida_limpia($direccion_agente)."</option>";
$sql_2='SELECT id_a FROM taddress_agent WHERE id_agent = '.$id_agente;
$result_t=mysql_query($sql_2);
while ($row=mysql_fetch_array($result_t)){
$sql_3='SELECT ip FROM taddress WHERE id_a = '.$row[0];
$result_3=mysql_query($sql_3);
$row3=mysql_fetch_array($result_3);
if ($direccion_agente != $row3[0]) {
echo "<option value='".salida_limpia($row3[0])."'>".salida_limpia($row3[0])."</option>";
}
}
echo "</select>";
echo '<tr>
<td class="datos"><b>'.$lang_label["os"].'</b></td>
<td class="datos" colspan="2">
<img src="images/'.dame_so_icon($id_os).'"> - '.dame_so_name($id_os);
if ($os_version != "")
echo ' '.salida_limpia($os_version);
echo '</td>';
echo '</tr>';
// Parent
echo '<tr>
<td class="datos2"><b>'.lang_string("Parent").'</b></td>
<td class="datos2" colspan=2>';
echo "<a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=$id_parent'>";
echo dame_nombre_agente($id_parent).'</a></td>';
// Agent Interval
echo '<tr>
<td class="datos"><b>'.$lang_label["interval"].'</b></td>
<td class="datos" colspan=2>'. human_time_description_raw($intervalo).'</td>';
echo '</tr>';
// Comments
echo '<tr>
<td class="datos2"><b>'.$lang_label["description"].'</b></td>
<td class="datos2" colspan=2>'.$comentarios.'</td>';
echo '</tr>';
// Group
echo '<tr>
<td class="datos"><b>'.$lang_label["group"].'</b></td>
<td class="datos" colspan="2">
<img class="bot" src="images/groups_small/'.show_icon_group($id_grupo).'.png" >&nbsp;&nbsp; '.dame_grupo($id_grupo).'</td></tr>';
// Agent version
echo '<tr><td class="datos2"><b>'.lang_string ("agentversion"). '</b>';
echo '<td class="datos2" colspan=2>'.salida_limpia($agent_version). '</td>';
// Total packets
echo '<tr>
<td class="datos"><b>'. lang_string ("total_packets"). '</b></td>';
echo '<td class="datos" colspan=2>';
$total_paketes= 0;
$sql_3='SELECT COUNT(*) FROM tagente_datos WHERE id_agente = '.$id_agente;
echo "<a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&flag_agent=1&id_agente=$id_agente'><img src='images/target.png' border=0></A>";
// Data base access graph
echo '</td></tr>';
echo '<tr><td class="datos2"><b>'.$lang_label["ip_address"].'</b></td><td class="datos2" colspan=2>';
// Show all address for this agent, show first the main IP (taken from tagente table)
echo "<select style='padding:0px' name='notused' size='1'>";
echo "<option>".salida_limpia($direccion_agente)."</option>";
$sql_2='SELECT id_a FROM taddress_agent WHERE id_agent = '.$id_agente;
$result_t=mysql_query($sql_2);
while ($row=mysql_fetch_array($result_t)){
$sql_3='SELECT ip FROM taddress WHERE id_a = '.$row[0];
$result_3=mysql_query($sql_3);
$row3=mysql_fetch_array($result_3);
$total_paketes = $row3[0];
echo $total_paketes;
echo '</td></tr>';
// Last contact
echo '<tr>
<td class="datos2f9">
<b>'.$lang_label["last_contact"]." / ".$lang_label["remote"].'</b>
</td>
<td class="datos2 f9" colspan="2">';
if ($ultima_act == "0000-00-00 00:00:00"){
echo $lang_label["never"];
} else {
echo $ultima_act;
}
echo " / ";
if ($ultima_act_remota == "0000-00-00 00:00:00"){
echo $lang_label["never"];
} else {
echo $ultima_act_remota;
if ($direccion_agente != $row3[0]) {
echo "<option value='".salida_limpia($row3[0])."'>".salida_limpia($row3[0])."</option>";
}
}
echo "</select>";
// Next contact
echo '<tr><td class="datos"><b>'.$lang_label["os"].'</b></td><td class="datos" colspan="2"><img src="images/'.dame_so_icon($id_os).'"> - '.dame_so_name($id_os);
$ultima = strtotime($ultima_act);
$ahora = strtotime("now");
$diferencia = $ahora - $ultima;
// Get higher interval set for the set of modules from this agent
$sql_maxi ="SELECT MAX(module_interval) FROM tagente_modulo WHERE id_agente = ".$id_agente;
$result_maxi=mysql_query($sql_maxi);
if ($row_maxi=mysql_fetch_array($result_maxi))
if ($row_maxi[0] > 0 )
$intervalo = $row_maxi[0];
if ($os_version != "") {
echo ' '.salida_limpia($os_version);
}
echo '</td>';
echo '</tr>';
// Parent
echo '<tr><td class="datos2"><b>'.lang_string("Parent").'</b></td><td class="datos2" colspan=2>';
echo "<a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=$id_parent'>";
echo dame_nombre_agente($id_parent).'</a></td>';
// Agent Interval
echo '<tr><td class="datos"><b>'.$lang_label["interval"].'</b></td><td class="datos" colspan=2>'. human_time_description_raw($intervalo).'</td></tr>';
// Comments
echo '<tr><td class="datos2"><b>'.$lang_label["description"].'</b></td><td class="datos2" colspan=2>'.$comentarios.'</td></tr>';
// Group
echo '<tr><td class="datos"><b>'.$lang_label["group"].'</b></td><td class="datos" colspan="2">
<img class="bot" src="images/groups_small/'.show_icon_group($id_grupo).'.png" >&nbsp;&nbsp; '.dame_grupo($id_grupo).'</td></tr>';
// Agent version
echo '<tr><td class="datos2"><b>'.lang_string ("agentversion"). '</b>';
echo '<td class="datos2" colspan=2>'.salida_limpia($agent_version). '</td>';
// Total packets
echo '<tr><td class="datos"><b>'. lang_string ("total_packets"). '</b></td>';
echo '<td class="datos" colspan=2>';
$total_paketes= 0;
$sql_3='SELECT COUNT(*) FROM tagente_datos WHERE id_agente = '.$id_agente;
$result_3=mysql_query($sql_3);
$row3=mysql_fetch_array($result_3);
$total_paketes = $row3[0];
echo $total_paketes;
echo '</td></tr>';
// Last contact
echo '<tr><td class="datos2f9"><b>'.$lang_label["last_contact"]." / ".$lang_label["remote"].'</b></td><td class="datos2 f9" colspan="2">';
if ($ultima_act == "0000-00-00 00:00:00"){
echo $lang_label["never"];
} else {
echo $ultima_act;
}
echo " / ";
if ($ultima_act_remota == "0000-00-00 00:00:00"){
echo $lang_label["never"];
} else {
echo $ultima_act_remota;
}
// Next contact
$ultima = strtotime($ultima_act);
$ahora = strtotime("now");
$diferencia = $ahora - $ultima;
// Get higher interval set for the set of modules from this agent
$sql_maxi ="SELECT MAX(module_interval) FROM tagente_modulo WHERE id_agente = ".$id_agente;
$result_maxi=mysql_query($sql_maxi);
if ($row_maxi=mysql_fetch_array($result_maxi))
if ($row_maxi[0] > 0 ) {
$intervalo = $row_maxi[0];
}
if ($intervalo > 0){
$percentil = round($diferencia/(($intervalo*2) / 100));
} else {
$percentil = -1;
}
echo "<tr>
<td class='datos'><b>".$lang_label['next_contact']."</b>
<td class='datosf9' colspan=2>
<img src='reporting/fgraph.php?tipo=progress&percent=".$percentil."&height=20&width=200'>
</td>
</tr>
</table>
echo "<tr><td class='datos'><b>".$lang_label['next_contact']."</b>
<td class='datosf9' colspan=2>
<img src='reporting/fgraph.php?tipo=progress&percent=".$percentil."&height=20&width=200'>
</td></tr></table>
<td valign='top'>
<table border=0>
<tr>
<td>
<b>".$lang_label["agent_access_rate"]."</b><br><br>
<img border=1 src='reporting/fgraph.php?id=".$id_agente."&tipo=agentaccess&periodo=1440&height=70&width=280'>
</td>
</tr><tr>
<td><div style='height:25px'> </div>
<b>".lang_string("Events generated -by module-")."</b><br><br>
<img src='reporting/fgraph.php?tipo=event_module&width=250&height=180&id_agent=".$id_agente."' >
</td></tr>
<td valign='top'><table border=0>
<tr><td><b>".$lang_label["agent_access_rate"]."</b><br><br>
<img border=1 src='reporting/fgraph.php?id=".$id_agente."&tipo=agentaccess&periodo=1440&height=70&width=280'>
</td></tr>
<tr><td><div style='height:25px'> </div>
<b>".lang_string("Events generated -by module-")."</b><br><br>
<img src='reporting/fgraph.php?tipo=event_module&width=250&height=180&id_agent=".$id_agente."' >
</td></tr>
</table></td></tr>
</table>
";
}
</table>";
?>

4
pandora_console/operation/agentes/estado_monitores.php
View File

@ -18,7 +18,7 @@
// Load globar vars
require("include/config.php");
if (comprueba_login() == 0) {
check_login();
// $id_agente can be obtained as global variable or GET param.
if (isset($_GET["id_agente"])){
@ -120,5 +120,5 @@ if (comprueba_login() == 0) {
} else {
echo "<div class='nf'>".$lang_label["no_monitors"]."</div>";
}
}
?>

5
pandora_console/operation/agentes/exportdata.php
View File

@ -89,10 +89,7 @@ function generate_average_table ($id_de_mi_agente, $id_agente_modulo, $fecha_ini
require("include/config.php");
// Security checks
if (comprueba_login() != 0) {
require ("general/noaccess.php");
exit;
}
check_login();
$id_user = $_SESSION["id_usuario"];
if ( (give_acl($id_user, 0, "AR")==0) AND (give_acl($id_user, 0, "AW")==0) ){

6
pandora_console/operation/agentes/networkmap.php
View File

@ -237,11 +237,7 @@ $font_size = (int) get_parameter ('font_size', 12);
$id_user = $_SESSION["id_usuario"];
global $REMOTE_ADDR;
if (comprueba_login() != 0) {
audit_db($id_user, $REMOTE_ADDR, "ACL Violation", "Trying to access node graph builder");
include("general/noaccess.php");
exit;
}
check_login();
if ((give_acl($id_user, 0, "AR") != 1 ) && (dame_admin($id_user) !=1 )) {
audit_db($id_user, $REMOTE_ADDR, "ACL Violation", "Trying to access node graph builder");

7
pandora_console/operation/agentes/sla_view.php
View File

@ -18,12 +18,9 @@
// Load global vars
global $config;
$id_user = $config["id_user"];
check_login();
if (comprueba_login() != 0) {
require ("general/noaccess.php");
exit;
}
$id_user = $config["id_user"];
if ((give_acl($id_user, 0, "AR") != 1) AND (give_acl($id_user,0,"AW") != 1)) {
audit_db($id_user,$REMOTE_ADDR, "ACL Violation",

8
pandora_console/operation/agentes/status_events.php
View File

@ -18,11 +18,7 @@
// Load global vars
global $config;
if (comprueba_login() != 0) {
require ("general/noaccess.php");
exit;
}
check_login();
if (!isset($id_agente)){
require ("general/noaccess.php");
@ -32,4 +28,4 @@ if (!isset($id_agente)){
echo "<h3>".lang_string ("Latest events for this agent")."</h3>";
smal_event_table ("WHERE id_agente = $id_agente", $limit = 10, $width=750);
?>
?>

6
pandora_console/operation/agentes/status_monitor.php
View File

@ -20,11 +20,7 @@
global $config;
$id_user = $config["id_user"];
if (comprueba_login() != 0) {
require ("general/noaccess.php");
exit;
}
check_login();
if ((give_acl($id_user, 0, "AR")!=1) AND (give_acl($id_user,0,"AW")!=1)) {
audit_db($id_user,$REMOTE_ADDR, "ACL Violation",

206
pandora_console/operation/agentes/ver_agente.php
View File

@ -108,144 +108,138 @@ if (defined ('AJAX')) {
exit ();
}
if (comprueba_login() == 0) {
$id_agente = get_parameter("id_agente",-1);
if ($id_agente != -1){
// get group for this id_agente
$query="SELECT * FROM tagente WHERE id_agente = ".$id_agente;
$res=mysql_query($query);
$row=mysql_fetch_array($res);
$id_grupo = $row["id_grupo"];
$id_usuario=$config["id_user"];
if (give_acl($id_usuario, $id_grupo, "AR")==1){
// Check for validate alert request
$validate_alert = get_parameter ("validate_alert");
if ($validate_alert != ""){
check_login();
$id_agente = get_parameter("id_agente",-1);
if ($id_agente != -1){
// get group for this id_agente
$query="SELECT * FROM tagente WHERE id_agente = ".$id_agente;
$res=mysql_query($query);
$row=mysql_fetch_array($res);
$id_grupo = $row["id_grupo"];
$id_usuario=$config["id_user"];
if (give_acl($id_usuario, $id_grupo, "AR")==1){
// Check for validate alert request
$validate_alert = get_parameter ("validate_alert");
if ($validate_alert != ""){
if (give_acl($id_usuario, $id_grupo, "AW")==1){
$alert_row = get_db_row ("talerta_agente_modulo", "id_aam", $validate_alert);
if ($alert_row["id_agente_modulo"] != 0){
$am_row = get_db_row ("tagente_modulo", "id_agente_modulo", $alert_row["id_agente_modulo"]);
$ag_row = get_db_row ("tagente", "id_agente", $am_row["id_agente"]);
} else {
$ag_row = get_db_row ("tagente", "id_agente", $alert_row ["id_agent"]);
}
$alert_name = $alert_row["descripcion"];
// Single alerts
if ($alert_row["id_agente_modulo"] != 0){
event_insert("Manual validation of alert for '$alert_name'", $ag_row["id_grupo"], $am_row["id_agente"], 1, $config["id_user"], "alert_manual_validation", 1, $alert_row["id_agente_modulo"], $validate_alert);
// Combined alerts
} else {
event_insert("Manual validation of alert for '$alert_name'", $ag_row["id_grupo"], $alert_row ["id_agent"], 1, $config["id_user"], "alert_manual_validation", 1, 0, $validate_alert);
}
$sql='UPDATE talerta_agente_modulo SET times_fired = 0, internal_counter = 0 WHERE id_aam = '.$validate_alert;
$result=mysql_query($sql);
}
}
// Check for Network FLAG change request
if (isset($_GET["flag"])){
if ($_GET["flag"]==1){
if (give_acl($id_usuario, $id_grupo, "AW")==1){
$alert_row = get_db_row ("talerta_agente_modulo", "id_aam", $validate_alert);
if ($alert_row["id_agente_modulo"] != 0){
$am_row = get_db_row ("tagente_modulo", "id_agente_modulo", $alert_row["id_agente_modulo"]);
$ag_row = get_db_row ("tagente", "id_agente", $am_row["id_agente"]);
} else {
$ag_row = get_db_row ("tagente", "id_agente", $alert_row ["id_agent"]);
}
$alert_name = $alert_row["descripcion"];
// Single alerts
if ($alert_row["id_agente_modulo"] != 0){
event_insert("Manual validation of alert for '$alert_name'", $ag_row["id_grupo"], $am_row["id_agente"], 1, $config["id_user"], "alert_manual_validation", 1, $alert_row["id_agente_modulo"], $validate_alert);
// Combined alerts
} else {
event_insert("Manual validation of alert for '$alert_name'", $ag_row["id_grupo"], $alert_row ["id_agent"], 1, $config["id_user"], "alert_manual_validation", 1, 0, $validate_alert);
}
$sql='UPDATE talerta_agente_modulo SET times_fired = 0, internal_counter = 0 WHERE id_aam = '.$validate_alert;
$result=mysql_query($sql);
$query ="UPDATE tagente_modulo SET flag=1 WHERE id_agente_modulo = ".$_GET["id_agente_modulo"];
$res=mysql_query($query);
}
}
// Check for Network FLAG change request
if (isset($_GET["flag"])){
if ($_GET["flag"]==1){
if (give_acl($id_usuario, $id_grupo, "AW")==1){
$query ="UPDATE tagente_modulo SET flag=1 WHERE id_agente_modulo = ".$_GET["id_agente_modulo"];
$res=mysql_query($query);
}
}
// Check for Network FLAG change request
if (isset($_GET["flag_agent"])){
if ($_GET["flag_agent"]==1){
if (give_acl($id_usuario, $id_grupo, "AW")==1){
$query ="UPDATE tagente_modulo SET flag=1 WHERE id_agente = ". $id_agente;
$res=mysql_query($query);
}
}
// Check for Network FLAG change request
if (isset($_GET["flag_agent"])){
if ($_GET["flag_agent"]==1){
if (give_acl($id_usuario, $id_grupo, "AW")==1){
$query ="UPDATE tagente_modulo SET flag=1 WHERE id_agente = ". $id_agente;
$res=mysql_query($query);
}
}
}
if (give_acl($id_usuario,$id_grupo, "AR") == 1){
echo "<div id='menu_tab_frame_view'>";
echo "<div id='menu_tab_left'>
<ul class='mn'>
<li class='view'>
<a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=$id_agente'><img src='images/bricks.png' class='top' border=0>&nbsp; ".substr(dame_nombre_agente($id_agente),0,15)." - ".$lang_label["view_mode"]."</a>";
echo "</li>";
echo "</ul></div>";
$tab = get_parameter ("tab", "main");
echo "<div id='menu_tab'><ul class='mn'>";
if (give_acl($id_usuario,$id_grupo, "AW") == 1){
if ($tab == "manage")
echo "<li class='nomn_high'>";
else
echo "<li class='nomn'>";
}
if (give_acl($id_usuario,$id_grupo, "AR") == 1){
echo "<div id='menu_tab_frame_view'>";
echo "<div id='menu_tab_left'><ul class='mn'><li class='view'>
<a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=$id_agente'><img src='images/bricks.png' class='top' border=0>&nbsp; ".substr(dame_nombre_agente($id_agente),0,15)." - ".$lang_label["view_mode"]."</a>";
echo "</li>";
echo "</ul></div>";
$tab = get_parameter ("tab", "main");
echo "<div id='menu_tab'><ul class='mn'>";
if (give_acl($id_usuario,$id_grupo, "AW") == 1){
if ($tab == "manage") {
echo "<li class='nomn_high'>";
} else {
echo "<li class='nomn'>";
// Manage agent
echo "<a href='index.php?sec=gagente&sec2=godmode/agentes/configurar_agente&id_agente=$id_agente'><img src='images/setup.png' width='16' class='top' border=0> ".$lang_label["Manage"]." </a>";
echo "</li>";
}
// Main view
if ($tab == "main")
echo "<li class='nomn_high'>";
else
echo "<li class='nomn'>";
} // Main view
if ($tab == "main") {
echo "<li class='nomn_high'>";
} else {
echo "<li class='nomn'>";
echo "<a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=$id_agente'><img src='images/monitor.png' class='top' border=0> ".$lang_label["Main"]." </a>";
echo "</li>";
// Data
if ($tab == "data")
echo "<li class='nomn_high'>";
else
echo "<li class='nomn'>";
}
// Data
if ($tab == "data") {
echo "<li class='nomn_high'>";
} else {
echo "<li class='nomn'>";
echo "<a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=$id_agente&tab=data'><img src='images/lightbulb.png' class='top' border=0> ".$lang_label["Data"]." </a>";
echo "</li>";
// Alerts
if ($tab == "alert")
echo "<li class='nomn_high'>";
else
echo "<li class='nomn'>";
}
// Alerts
if ($tab == "alert") {
echo "<li class='nomn_high'>";
} else {
echo "<li class='nomn'>";
echo "<a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=$id_agente&tab=alert'><img src='images/bell.png' class='top' border=0> ".$lang_label["Alerts"]." </a>";
echo "</li>";
// Go to SLA view
echo "<li class='nomn'>";
echo "<a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&tab=sla&id_agente=$id_agente'><img src='images/images.png' class='top' border=0> ".lang_string("SLA")." </a>";
echo "</li>";
}
// Go to SLA view
echo "<li class='nomn'>";
echo "<a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&tab=sla&id_agente=$id_agente'><img src='images/images.png' class='top' border=0> ".lang_string("SLA")." </a>";
echo "</li>";
echo "</ul>";
echo "</div>";
echo "</div>";
echo "<div style='height: 25px'> </div>";
switch ($tab) {
echo "</ul>";
echo "</div>";
echo "</div>";
echo "<div style='height: 25px'> </div>";
switch ($tab) {
case "sla":
require "sla_view.php";
break;
case "manage":
require "estado_generalagente.php";
require "estado_generalagente.php";
break;
case "main":
require "estado_generalagente.php";
require "estado_generalagente.php";
require "estado_monitores.php";
require "estado_alertas.php";
require "status_events.php";
require "status_events.php";
break;
case "data":
require "estado_ultimopaquete.php";
require "estado_ultimopaquete.php";
break;
case "alert":
require "estado_alertas.php";
require "estado_alertas.php";
break;
}
} else {
audit_db($id_usuario,$REMOTE_ADDR, "ACL Violation","Trying to read data from agent ".dame_nombre_agente($id_agente));
require ("general/noaccess.php");
}
} else {
audit_db($id_usuario,$REMOTE_ADDR, "ACL Violation","Trying to access (read) to agent ".dame_nombre_agente($id_agente));
include ("general/noaccess.php");
audit_db($id_usuario,$REMOTE_ADDR, "ACL Violation","Trying to read data from agent ".dame_nombre_agente($id_agente));
require ("general/noaccess.php");
}
} else {
audit_db($id_usuario,$REMOTE_ADDR, "ACL Violation","Trying to access (read) to agent ".dame_nombre_agente($id_agente));
include ("general/noaccess.php");
}
}
?>