tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-28 08:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

2008-07-17 Evi Vanoost <vanooste@rcbi.rochester.edu>

Browse Source 
* pandora_console/godmode/db/*.php
        -require_once for config might already have loaded
        -Changed mysql_real_escape_string in favor of get_parameter_post
        -Process the DELETE SQL queries through process_sql()
        -Changed comprueba_login() for check_login()
        -Adhered some things to preferred style
        -Compounded SQL queries into joins, subqueries or functions
        -Removed mysql_close() from db_purge.php since the select
        after the delete wouldn't work anymore (database closed)

        * pandora_console/godmode/reporting/reporting_builder.php
        -Fixed a bug that was introduced when the SQL functions returned false

        * pandora_console/include/functions_db.php
        -Made foreach instead of while loops for simpler functions
        -Fixed get_reports that failed since SQL function return false
        -All SQL functions now return false in case of empty
        -New SQL function process_sql that can handle DELETE. Returns
        affected rows in case of a changing query or an array in case
        it was a selecting query or false in case of error

        * pandora_console/include/functions.php
        -Simplified safe_input function

        * pandora_console/index.php
        -Updated SQL queries, style changes

        * pandora_console/operation/agentes/*.php
        -Style changes and updates to use check_login


git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@962 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
guruevi 2008-07-21 12:23:28 +00:00
parent 401620e8fa
commit d97b4be836
23 changed files with 454 additions and 484 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
pandora_console/ChangeLog
View File

@ -1,3 +1,35 @@
2008-07-17 Evi Vanoost <vanooste@rcbi.rochester.edu>
* godmode/db/*.php
-require_once for config might already have loaded
-Changed mysql_real_escape_string in favor of get_parameter_post
-Process the DELETE SQL queries through process_sql()
-Changed comprueba_login() for check_login()
-Adhered some things to preferred style
-Compounded SQL queries into joins, subqueries or functions
-Removed mysql_close() from db_purge.php since the select
after the delete wouldn't work anymore (database closed)
* godmode/reporting/reporting_builder.php
-Fixed a bug that was introduced when the SQL functions returned false
* include/functions_db.php
-Made foreach instead of while loops for simpler functions
-Fixed get_reports that failed since SQL function return false
-All SQL functions now return false in case of empty
-New SQL function process_sql that can handle DELETE. Returns
affected rows in case of a changing query or an array in case
it was a selecting query or false in case of error
* include/functions.php
-Simplified safe_input function
* index.php
-Updated SQL queries, style changes
* operation/agentes/*.php
-Style changes and updates to use check_login
2008-07-17 Esteban Sanchez <estebans@artica.es> 2008-07-17 Esteban Sanchez <estebans@artica.es>
* godmode/reporting/map_builder.php: Check background existance to * godmode/reporting/map_builder.php: Check background existance to

7
pandora_console/godmode/db/db_audit.php
View File

@ -18,7 +18,7 @@
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// Load global vars // Load global vars
require ("include/config.php"); require_once ("include/config.php");
check_login (); check_login ();
if ((give_acl ($id_user, 0, "DM")==1) or (dame_admin ($id_user)==1)) { if ((give_acl ($id_user, 0, "DM")==1) or (dame_admin ($id_user)==1)) {
@ -43,10 +43,9 @@ if ((give_acl ($id_user, 0, "DM")==1) or (dame_admin ($id_user)==1)) {
# Purge data using dates # Purge data using dates
# Purge data using dates # Purge data using dates
if (isset($_POST["purgedb"])){ # Fixed 2005-1-13, nil if (isset($_POST["purgedb"])){ # Fixed 2005-1-13, nil
$from_date = mysql_real_escape_string($_POST["date_purge"]); $from_date = get_parameter_post("date_purge");
$query = sprintf("DELETE FROM `tsesion` WHERE `fecha` < '%s';",$from_date); $query = sprintf("DELETE FROM `tsesion` WHERE `fecha` < '%s';",$from_date);
echo $query; (int) $deleted = process_sql($query);
mysql_query($query);
} }
# End of get parameters block # End of get parameters block

10
pandora_console/godmode/db/db_event.php
View File

@ -7,12 +7,12 @@
// Raul Mateos <raulofpandora@gmail.com>, 2005-2006 // Raul Mateos <raulofpandora@gmail.com>, 2005-2006
// Load global vars // Load global vars
require ("include/config.php"); require_once ("include/config.php");
check_login (); check_login ();
if ((give_acl($id_user, 0, "DM")==1) or (dame_admin($id_user)==1)) { if ((give_acl ($id_user, 0, "DM")==1) or (dame_admin ($id_user)==1)) {
require("godmode/db/times_incl.php"); require ("godmode/db/times_incl.php");
$datos_rango3=0; $datos_rango3=0;
$datos_rango2=0; $datos_rango2=0;
@ -24,9 +24,9 @@ if ((give_acl($id_user, 0, "DM")==1) or (dame_admin($id_user)==1)) {
# Purge data using dates # Purge data using dates
# Purge data using dates # Purge data using dates
if (isset ($_POST["date_purge"])){ if (isset ($_POST["date_purge"])){
$from_date = mysql_real_esape_string ($_POST["date_purge"]); $from_date = get_parameter_post ("date_purge");
$query = sprintf ("DELETE FROM `tevento` WHERE `timestamp` < '%s'",$from_date); $query = sprintf ("DELETE FROM `tevento` WHERE `timestamp` < '%s'",$from_date);
mysql_query ($query); (int) $deleted = process_sql ($query);
} }
# End of get parameters block # End of get parameters block

2
pandora_console/godmode/db/db_info.php
View File

@ -7,7 +7,7 @@
// Evi Vanoost <vanooste@rcbi.rochester.edu> 2008 // Evi Vanoost <vanooste@rcbi.rochester.edu> 2008
// Load global vars // Load global vars
require ("include/config.php"); require_once ("include/config.php");
check_login (); check_login ();
if ((give_acl ($id_user, 0, "DM")==1) or (dame_admin ($id_user)==1)) { if ((give_acl ($id_user, 0, "DM")==1) or (dame_admin ($id_user)==1)) {

28
pandora_console/godmode/db/db_info_data.php
View File

@ -17,7 +17,7 @@
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// Load global vars // Load global vars
require ("include/config.php"); require_once ("include/config.php");
check_login (); check_login ();
if ((give_acl ($id_user, 0, "DM")==1) or (dame_admin ($id_user)==1)) { if ((give_acl ($id_user, 0, "DM")==1) or (dame_admin ($id_user)==1)) {
@ -40,17 +40,15 @@ if ((give_acl ($id_user, 0, "DM")==1) or (dame_admin ($id_user)==1)) {
echo "<th>".$lang_label["total_data"]."</th>"; echo "<th>".$lang_label["total_data"]."</th>";
$color=0; $color=0;
$result_2=get_db_all_fields_in_table("tagente","id_agente"); $sql = "SELECT `id_agente`, `nombre` FROM `tagente`";
foreach($result_2 as $rownum => $row2) { $result = get_db_all_rows_sql($sql);
$total_agente=0; foreach($result as $row2) {
$result_3=mysql_query("SELECT id_agente_modulo FROM tagente_modulo WHERE id_agente = ".$row2["id_agente"]); $sql = sprintf("SELECT COUNT(`id_agente_modulo`) FROM `tagente_modulo` WHERE `id_agente` = '%d'",$row2["id_agente"]);
$row3c = mysql_num_rows($result_3); $row3c = get_db_sql($sql);
// for all data_modules belongs to an agent // for all data_modules belongs to an agent -- simplified, made
while ($row3=mysql_fetch_array($result_3)){ // faster
$result_4=mysql_query("SELECT COUNT(id_agente_modulo) FROM tagente_datos WHERE id_agente_modulo = ".$row3["id_agente_modulo"]); $sql=sprintf("SELECT COUNT(`id_agente_datos`) FROM `tagente_datos` WHERE `id_agente` = '%d'",$row2["id_agente"]);
$row4=mysql_fetch_array($result_4); $total_agente = get_db_sql($sql);
$total_agente=$total_agente + $row4[0];
}
if ($color == 1){ if ($color == 1){
$tdcolor = "datos"; $tdcolor = "datos";
$color = 0; $color = 0;
@ -61,15 +59,15 @@ if ((give_acl ($id_user, 0, "DM")==1) or (dame_admin ($id_user)==1)) {
} }
echo "<tr> echo "<tr>
<td class='$tdcolor'> <td class='$tdcolor'>
<b><a href='index.php?sec=gagente&sec2=operation/agentes/ver_agente&id_agente=".$row2["id_agente"]."'>".dame_nombre_agente($row2[0])."</a></b></td>"; <b><a href='index.php?sec=gagente&sec2=operation/agentes/ver_agente&id_agente=".$row2["id_agente"]."'>".$row2["nombre"]."</a></b></td>";
echo "<td class='$tdcolor'>".$row3c."</td>"; echo "<td class='$tdcolor'>".$row3c."</td>";
echo "<td class='$tdcolor'>".$total_agente."</td></tr>"; echo "<td class='$tdcolor'>".$total_agente."</td></tr>";
flush(); flush ();
//ob_flush(); //ob_flush();
} }
echo "</table>"; echo "</table>";
} else { } else {
audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access Database Management Info data"); audit_db ($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access Database Management Info data");
require ("general/noaccess.php"); require ("general/noaccess.php");
} }
?> ?>

2
pandora_console/godmode/db/db_main.php
View File

@ -20,7 +20,7 @@
global $config; global $config;
check_login (); check_login ();
if ((give_acl($id_user, 0, "DM")==1) or (dame_admin($id_user)==1)) { if ((give_acl ($id_user, 0, "DM")==1) or (dame_admin ($id_user)==1)) {
// Todo for a good DB maintenance // Todo for a good DB maintenance
/* /*
- Delete too on datos_string and and datos_inc tables - Delete too on datos_string and and datos_inc tables

104
pandora_console/godmode/db/db_purge.php
View File

@ -21,10 +21,10 @@ check_login ();
$id_usuario= $_SESSION["id_usuario"]; $id_usuario= $_SESSION["id_usuario"];
if (give_acl($id_usuario, 0, "DM")==1){ if (give_acl ($id_usuario, 0, "DM")==1){
if (isset($_POST["agent"])){ if (isset ($_POST["agent"])){
$id_agent =$_POST["agent"]; $id_agent = get_parameter_post ("agent");
} else } else
$id_agent = -1; $id_agent = -1;
@ -38,7 +38,13 @@ if (give_acl($id_usuario, 0, "DM")==1){
require("godmode/db/times_incl.php"); require("godmode/db/times_incl.php");
$datos_rango3=0;$datos_rango2=0;$datos_rango1=0;$datos_rango0=0; $datos_rango00=0; $datos_rango11=0; $datos_total=0; $datos_rango3=0;
$datos_rango2=0;
$datos_rango1=0;
$datos_rango0=0;
$datos_rango00=0;
$datos_rango11=0;
$datos_total=0;
# ADQUIRE DATA PASSED AS FORM PARAMETERS # ADQUIRE DATA PASSED AS FORM PARAMETERS
# ====================================== # ======================================
@ -47,43 +53,38 @@ if (give_acl($id_usuario, 0, "DM")==1){
# Purge data using dates # Purge data using dates
if (isset($_POST["purgedb"])){ if (isset($_POST["purgedb"])){
$from_date =$_POST["date_purge"]; $from_date = get_parameter_post ("date_purge");
if (isset($id_agent)){ if (isset($id_agent)){
if ($id_agent != -1) { if ($id_agent != -1) {
echo $lang_label["purge_task"].$id_agent." / ".$from_date; echo $lang_label["purge_task"].$id_agent." / ".$from_date;
echo "<h3>".$lang_label["please_wait"]."<br>",$lang_label["while_delete_data"].$lang_label["agent"]."</h3>"; echo "<h3>".$lang_label["please_wait"]."<br>",$lang_label["while_delete_data"].$lang_label["agent"]."</h3>";
if ($id_agent == 0) if ($id_agent == 0) {
$sql_2='SELECT * FROM tagente_modulo'; $sql_2='SELECT * FROM tagente_modulo';
else } else {
$sql_2='SELECT * FROM tagente_modulo WHERE id_agente = '.$id_agent; $sql_2='SELECT * FROM tagente_modulo WHERE id_agente = '.$id_agent;
}
$result_t=mysql_query($sql_2); $result_t=mysql_query($sql_2);
while ($row=mysql_fetch_array($result_t)){ while ($row=mysql_fetch_array($result_t)) {
echo $lang_label["deleting_records"].dame_nombre_modulo_agentemodulo($row["id_agente_modulo"]); echo $lang_label["deleting_records"].dame_nombre_modulo_agentemodulo($row["id_agente_modulo"]);
flush(); flush();
//ob_flush(); //ob_flush();
echo "<br>"; echo "<br>";
$query = "DELETE FROM tagente_datos WHERE id_agente_modulo = ".$row["id_agente_modulo"]." and timestamp < '".$from_date."'"; $query = sprintf("DELETE FROM `tagente_datos` WHERE `id_agente_modulo` = '%d' AND `timestamp` < '%s'",$row["id_agente_modulo"],$from_date);
mysql_query($query); process_sql ($query);
$query = "DELETE FROM tagente_datos_inc WHERE id_agente_modulo = ".$row["id_agente_modulo"]." and timestamp < '".$from_date."'"; $query = sprintf("DELETE FROM `tagente_datos_inc` WHERE `id_agente_modulo` = '%d' AND `timestamp` < '%s'",$row["id_agente_modulo"],$from_date);
mysql_query($query); process_sql ($query);
$query = "DELETE FROM tagente_datos_string WHERE id_agente_modulo = ".$row["id_agente_modulo"]." and timestamp < '".$from_date."'"; $query = sprintf("DELETE FROM `tagente_datos_string` WHERE `id_agente_modulo` = '%d' AND `timestamp` < '%s'",$row["id_agente_modulo"],$from_date);
mysql_query($query); process_sql ($query);
} }
} } else {
else {
echo $lang_label["deleting_records"].$lang_label["all_agents"]; echo $lang_label["deleting_records"].$lang_label["all_agents"];
flush(); flush();
ob_flush(); ob_flush();
$query = "DELETE FROM tagente_datos WHERE timestamp < '".$from_date."'"; $query = "DELETE FROM tagente_datos,tagente_datos_inc,tagente_datos_string WHERE timestamp < '".$from_date."'";
mysql_query($query); process_sql ($query);
$query = "DELETE FROM tagente_datos_inc WHERE timestamp < '".$from_date."'";
mysql_query($query);
$query = "DELETE FROM tagente_datos_string WHERE timestamp < '".$from_date."'";
mysql_query($query);
} }
echo "<br><br>"; echo "<br><br>";
} }
mysql_close();
} }
# Select Agent for further operations. # Select Agent for further operations.
@ -119,34 +120,23 @@ if (give_acl($id_usuario, 0, "DM")==1){
if (isset($_POST["agent"]) and ($id_agent !=-1)){ if (isset($_POST["agent"]) and ($id_agent !=-1)){
echo "<h3>".$lang_label["db_agent_bra"].dame_nombre_agente($id_agent).$lang_label["db_agent_ket"]."</h3>"; echo "<h3>".$lang_label["db_agent_bra"].dame_nombre_agente($id_agent).$lang_label["db_agent_ket"]."</h3>";
if ($id_agent == 0)
$sql_2='SELECT * FROM tagente_modulo'; $sql = "SELECT id_agente_modulo FROM tagente_modulo";
else if ($id_agent != 0) {
$sql_2='SELECT * FROM tagente_modulo WHERE id_agente = '.$id_agent; $sql .= sprintf(" WHERE id_agente = '%d'",$id_agent);
$result_t=mysql_query($sql_2);
while ($row=mysql_fetch_array($result_t)){
/* flush();
ob_flush(); */
$rango00=mysql_query('SELECT COUNT(*) FROM tagente_datos WHERE id_agente_modulo = '.$row["id_agente_modulo"].' and timestamp > "'.$d1.'"');
$rango0=mysql_query('SELECT COUNT(*) FROM tagente_datos WHERE id_agente_modulo = '.$row["id_agente_modulo"].' and timestamp > "'.$d3.'"');
$rango1=mysql_query('SELECT COUNT(*) FROM tagente_datos WHERE id_agente_modulo = '.$row["id_agente_modulo"].' and timestamp > "'.$week.'"');
$rango11=mysql_query('SELECT COUNT(*) FROM tagente_datos WHERE id_agente_modulo = '.$row["id_agente_modulo"].' and timestamp > "'.$week2.'"');
$rango2=mysql_query('SELECT COUNT(*) FROM tagente_datos WHERE id_agente_modulo = '.$row["id_agente_modulo"].' and timestamp > "'.$month.'"');
$rango3=mysql_query('SELECT COUNT(*) FROM tagente_datos WHERE id_agente_modulo = '.$row["id_agente_modulo"].' and timestamp > "'.$month3.'"');
$rango4=mysql_query('SELECT COUNT(*) FROM tagente_datos WHERE id_agente_modulo = '.$row["id_agente_modulo"]);
$row00=mysql_fetch_array($rango00);
$row3=mysql_fetch_array($rango3); $row1=mysql_fetch_array($rango1);
$row2=mysql_fetch_array($rango2); $row11=mysql_fetch_array($rango11);
$row0=mysql_fetch_array($rango0);
$row4=mysql_fetch_array($rango4);
$datos_rango00=$datos_rango00+$row00[0];
$datos_rango0=$datos_rango0+$row0[0];
$datos_rango3=$datos_rango3+$row3[0];
$datos_rango2=$datos_rango2+$row2[0];
$datos_rango1=$datos_rango1+$row1[0];
$datos_rango11=$datos_rango11+$row11[0];
$datos_total=$datos_total+$row4[0];
} }
/*
flush();
ob_flush();
*/
$datos_rango00 += get_db_sql (sprintf("SELECT COUNT(*) FROM `tagente_datos` WHERE `id_agente_modulo` = ANY(%s) AND `timestamp` > '%s'",$sql,$d1));
$datos_rango0 += get_db_sql (sprintf("SELECT COUNT(*) FROM `tagente_datos` WHERE `id_agente_modulo` = ANY(%s) AND `timestamp` > '%s'",$sql,$d3));
$datos_rango1 += get_db_sql (sprintf("SELECT COUNT(*) FROM `tagente_datos` WHERE `id_agente_modulo` = ANY(%s) AND `timestamp` > '%s'",$sql,$week));
$datos_rango11 += get_db_sql (sprintf("SELECT COUNT(*) FROM `tagente_datos` WHERE `id_agente_modulo` = ANY(%s) AND `timestamp` > '%s'",$sql,$week2));
$datos_rango2 += get_db_sql (sprintf("SELECT COUNT(*) FROM `tagente_datos` WHERE `id_agente_modulo` = ANY(%s) AND `timestamp` > '%s'",$sql,$month));
$datos_rango3 += get_db_sql (sprintf("SELECT COUNT(*) FROM `tagente_datos` WHERE `id_agente_modulo` = ANY(%s) AND `timestamp` > '%s'",$sql,$month3));
$datos_total += get_db_sql (sprintf("SELECT COUNT(*) FROM `tagente_datos` WHERE `id_agente_modulo` = ANY(%s)",$sql));
} }
?> ?>
@ -156,48 +146,48 @@ if (give_acl($id_usuario, 0, "DM")==1){
<?php echo $lang_label["rango3"]?> <?php echo $lang_label["rango3"]?>
</td> </td>
<td class=datos> <td class=datos>
<?php echo $datos_rango3 ?> <?php echo $datos_rango3; ?>
</td> </td>
<tr><td class=datos2> <tr><td class=datos2>
<?php echo $lang_label["rango2"]?> <?php echo $lang_label["rango2"]?>
</td> </td>
<td class=datos2> <td class=datos2>
<?php echo $datos_rango2 ?> <?php echo $datos_rango2; ?>
</td> </td>
<tr><td class=datos> <tr><td class=datos>
<?php echo $lang_label["rango11"]?> <?php echo $lang_label["rango11"]?>
</td> </td>
<td class=datos> <td class=datos>
<?php echo $datos_rango11 ?> <?php echo $datos_rango11; ?>
</td> </td>
<tr><td class=datos2> <tr><td class=datos2>
<?php echo $lang_label["rango1"]?> <?php echo $lang_label["rango1"]?>
</td> </td>
<td class=datos2> <td class=datos2>
<?php echo $datos_rango1 ?> <?php echo $datos_rango1; ?>
</td> </td>
<tr><td class=datos> <tr><td class=datos>
<?php echo $lang_label["rango0"]?> <?php echo $lang_label["rango0"]?>
</td> </td>
<td class=datos> <td class=datos>
<?php echo $datos_rango0 ?> <?php echo $datos_rango0; ?>
</td> </td>
<tr><td class=datos2> <tr><td class=datos2>
<?php echo $lang_label["rango00"]?> <?php echo $lang_label["rango00"]?>
</td> </td>
<td class=datos2> <td class=datos2>
<?php echo $datos_rango00 ?> <?php echo $datos_rango00; ?>
</td> </td>
<tr><td class=datos> <tr><td class=datos>
<b><?php echo $lang_label["total_packets"]?></b> <b><?php echo $lang_label["total_packets"]?></b>
</td> </td>
<td class=datos> <td class=datos>
<b><?php echo $datos_total ?></b> <b><?php echo $datos_total; ?></b>
</td> </td>
</tr> </tr>
</table> </table>

11
pandora_console/godmode/db/db_refine.php
View File

@ -19,13 +19,14 @@
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, U6 // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, U6
// Load global vars // Load global vars
require("include/config.php"); require_once ("include/config.php");
check_login (); check_login ();
$id_user = $_SESSION["id_usuario"]; $id_user = $_SESSION["id_usuario"];
if ((give_acl($id_user, 0, "DM")==1) or (dame_admin($id_user)==1)) { if ((give_acl ($id_user, 0, "DM")==1) or (dame_admin ($id_user)==1)) {
if ((isset($_GET["operacion"])) AND (! isset($_POST["update_agent"]))){ if ((isset ($_GET["operacion"])) AND (!isset ($_POST["update_agent"]))){
// DATA COPY // DATA COPY
if (isset($_POST["eliminar"])) { if (isset ($_POST["eliminar"])) {
echo "<h2>".$lang_label["deletedata"]."</h2>"; echo "<h2>".$lang_label["deletedata"]."</h2>";
// First checkings // First checkings
@ -37,7 +38,7 @@ if ((give_acl($id_user, 0, "DM")==1) or (dame_admin($id_user)==1)) {
include ("general/footer.php"); include ("general/footer.php");
exit; exit;
} }
$origen_modulo = $_POST["origen_modulo"]; $origen_modulo = mysql_real_esape_string($_POST["origen_modulo"]);
if (count($origen_modulo) <= 0){ if (count($origen_modulo) <= 0){
echo "<h3 class='error'>ERROR: ".$lang_label["nomodules_selected"]."</h3>"; echo "<h3 class='error'>ERROR: ".$lang_label["nomodules_selected"]."</h3>";
echo "</table>"; echo "</table>";

7
pandora_console/godmode/reporting/reporting_builder.php
View File

@ -21,11 +21,6 @@
$id_user=$_SESSION["id_usuario"]; $id_user=$_SESSION["id_usuario"];
global $REMOTE_ADDR; global $REMOTE_ADDR;
if (comprueba_login() != 0) {
audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access report builder");
include ("general/noaccess.php");
exit;
}
if ((give_acl($id_user, 0, "AW") != 1) && (dame_admin ($id_user) != 1)) { if ((give_acl($id_user, 0, "AW") != 1) && (dame_admin ($id_user) != 1)) {
audit_db($id_usuario,$REMOTE_ADDR, "ACL Violation","Trying to access graph builder"); audit_db($id_usuario,$REMOTE_ADDR, "ACL Violation","Trying to access graph builder");
@ -484,7 +479,7 @@ if ($edit_sla_report_content) {
$reports = get_db_all_rows_in_table ('treport', 'name'); $reports = get_db_all_rows_in_table ('treport', 'name');
$table->width = '0px'; $table->width = '0px';
if (sizeof ($reports)) { if ($reports !== false) {
$table->id = 'report_list'; $table->id = 'report_list';
$table->width = '600px'; $table->width = '600px';
$table->head = array (); $table->head = array ();

7
pandora_console/include/functions.php
View File

@ -46,11 +46,8 @@ function safe_input ($value) {
if (is_numeric ($value)) if (is_numeric ($value))
return $value; return $value;
if (is_array ($value)) { if (is_array ($value)) {
$retval = array (); $value = array_walk($value,'safe_input');
foreach ($value as $id => $val) { return $value;
$retval[$id] = htmlentities (utf8_decode ($val), ENT_QUOTES);
}
return $retval;
} }
return htmlentities (utf8_decode ($value), ENT_QUOTES); return htmlentities (utf8_decode ($value), ENT_QUOTES);
} }

88
pandora_console/include/functions_db.php
View File

@ -79,42 +79,40 @@ AND `tusuario_perfil`.`id_usuario` = '%s' AND (`tusuario_perfil`.`id_grupo` = '%
$rowdup = get_db_all_rows_sql($query1); $rowdup = get_db_all_rows_sql($query1);
$result = 0; $result = 0;
$i = 0; foreach($rowdup as $row) {
while($rowdup[$i]){
// For each profile for this pair of group and user do... // For each profile for this pair of group and user do...
switch ($access) { switch ($access) {
case "IR": case "IR":
$result += $rowdup[$i]["incident_view"]; $result += $row["incident_view"];
break; break;
case "IW": case "IW":
$result += $rowdup[$i]["incident_edit"]; $result += $row["incident_edit"];
break; break;
case "IM": case "IM":
$result += $rowdup[$i]["incident_management"]; $result += $row["incident_management"];
break; break;
case "AR": case "AR":
$result += $rowdup[$i]["agent_view"]; $result += $row["agent_view"];
break; break;
case "AW": case "AW":
$result += $rowdup[$i]["agent_edit"]; $result += $row["agent_edit"];
break; break;
case "LW": case "LW":
$result += $rowdup[$i]["alert_edit"]; $result += $row["alert_edit"];
break; break;
case "LM": case "LM":
$result += $rowdup[$i]["alert_management"]; $result += $row["alert_management"];
break; break;
case "PM": case "PM":
$result += $rowdup[$i]["pandora_management"]; $result += $row["pandora_management"];
break; break;
case "DM": case "DM":
$result += $rowdup[$i]["db_management"]; $result += $row["db_management"];
break; break;
case "UM": case "UM":
$result += $rowdup[$i]["user_management"]; $result += $row["user_management"];
break; break;
} }
$i++;
} }
if ($result > 1) if ($result > 1)
$result = 1; $result = 1;
@ -266,7 +264,7 @@ function get_alerts_in_agent ($id_agent) {
function get_reports ($id_user) { function get_reports ($id_user) {
$user_reports = array (); $user_reports = array ();
$all_reports = get_db_all_rows_in_table ('treport', 'name'); $all_reports = get_db_all_rows_in_table ('treport', 'name');
if (sizeof ($all_reports) == 0) { if ($all_reports === false) {
return $user_reports; return $user_reports;
} }
foreach ($all_reports as $report) { foreach ($all_reports as $report) {
@ -1224,6 +1222,7 @@ function give_agent_id_from_module_id ($id_agent_module) {
return (int) get_db_value ('id_agente', 'tagente_modulo', 'id_agente_modulo', $id_agent_module); return (int) get_db_value ('id_agente', 'tagente_modulo', 'id_agente_modulo', $id_agent_module);
} }
$sql_cache=array('saved' => 0);
/** /**
* Get the first value of the first row of a table in the database. * Get the first value of the first row of a table in the database.
* *
@ -1234,7 +1233,6 @@ function give_agent_id_from_module_id ($id_agent_module) {
* *
* @return * @return
*/ */
$sql_cache=array('saved' => 0);
function get_db_value ($field, $table, $field_search=1, $condition=1){ function get_db_value ($field, $table, $field_search=1, $condition=1){
if (is_int ($condition)) { if (is_int ($condition)) {
@ -1245,10 +1243,11 @@ function get_db_value ($field, $table, $field_search=1, $condition=1){
$sql = sprintf ("SELECT %s FROM `%s` WHERE `%s` = '%s' LIMIT 1", $field, $table, $field_search, $condition); $sql = sprintf ("SELECT %s FROM `%s` WHERE `%s` = '%s' LIMIT 1", $field, $table, $field_search, $condition);
} }
$result = get_db_all_rows_sql ($sql); $result = get_db_all_rows_sql ($sql);
if(is_array ($result))
return $result[0][$field];
return ""; if($result === false)
return false;
return $result[0][$field];
} }
/** /**
@ -1262,6 +1261,9 @@ function get_db_row_sql ($sql) {
$sql .= " LIMIT 1"; $sql .= " LIMIT 1";
$result = get_db_all_rows_sql ($sql); $result = get_db_all_rows_sql ($sql);
if($result === false)
return false;
return $result[0]; return $result[0];
} }
@ -1288,6 +1290,9 @@ function get_db_row ($table, $field_search, $condition) {
} }
$result = get_db_all_rows_sql ($sql); $result = get_db_all_rows_sql ($sql);
if($result === false)
return false;
return $result[0]; return $result[0];
} }
@ -1300,12 +1305,11 @@ function get_db_row ($table, $field_search, $condition) {
* @return The selected field of the first row in a select statement. * @return The selected field of the first row in a select statement.
*/ */
function get_db_sql ($sql, $field = 0) { function get_db_sql ($sql, $field = 0) {
$row = get_db_all_rows_sql ($sql); $result = get_db_all_rows_sql ($sql);
if (is_array ($row)) { if($result === false)
return $row[0][$field]; return false;
} else {
return ""; return $result[0][$field];
}
} }
/** /**
@ -1313,9 +1317,24 @@ function get_db_sql ($sql, $field = 0) {
* *
* @param $sql SQL statement to execute. * @param $sql SQL statement to execute.
* *
* @return A matrix with all the values returned from the SQL statement * @return A matrix with all the values returned from the SQL statement or
* false in case of empty result
*/ */
function get_db_all_rows_sql ($sql) { function get_db_all_rows_sql ($sql) {
$return = process_sql($sql);
if (! empty ($return))
return $return;
//Return false, check with === or !==
return false;
}
/**
* This function comes back with an array in case of SELECT
* in case of UPDATE, DELETE etc. with affected rows
* an empty array in case of SELECT without results
*/
function process_sql ($sql) {
global $config; global $config;
global $sql_cache; global $sql_cache;
$retval = array(); $retval = array();
@ -1325,20 +1344,21 @@ function get_db_all_rows_sql ($sql) {
$sql_cache['saved']++; $sql_cache['saved']++;
} else { } else {
$result = mysql_query ($sql); $result = mysql_query ($sql);
if (!$result) { if ($result === false) {
echo '<strong>Error:</strong> get_db_all_rows_sql ("'.$sql.'") :'. mysql_error ().'<br />'; echo '<strong>Error:</strong> get_db_all_rows_sql ("'.$sql.'") :'. mysql_error ().'<br />';
return $retval; return false;
} } elseif ($result === true) {
return mysql_affected_rows (); //This happens in case the statement was executed but didn't need a resource
} else {
while ($row = mysql_fetch_array ($result)) { while ($row = mysql_fetch_array ($result)) {
array_push ($retval, $row); array_push ($retval, $row);
} }
$sql_cache[$sql] = $retval; $sql_cache[$sql] = $retval;
mysql_free_result ($result); mysql_free_result ($result);
} }
if (! empty ($retval)) }
return $retval; return $retval;
//Return false, check with === or !== //Return false, check with === or !==
return false;
} }
/** /**
@ -1367,15 +1387,15 @@ function get_db_all_rows_in_table ($table, $order_field = "") {
*/ */
function get_db_all_rows_field_filter ($table, $field, $condition, $order_field = "") { function get_db_all_rows_field_filter ($table, $field, $condition, $order_field = "") {
if (is_int ($condition)) { if (is_int ($condition)) {
$sql = sprintf ('SELECT * FROM %s WHERE %s = %d', $table, $field, $condition); $sql = sprintf ("SELECT * FROM `%s` WHERE `%s` = '%d'", $table, $field, $condition);
} else if (is_float ($condition) || is_double ($condition)) { } else if (is_float ($condition) || is_double ($condition)) {
$sql = sprintf ('SELECT * FROM %s WHERE %s = %f', $table, $field, $condition); $sql = sprintf ("SELECT * FROM `%s` WHERE `%s` = '%f'", $table, $field, $condition);
} else { } else {
$sql = sprintf ('SELECT * FROM %s WHERE %s = "%s"', $table, $field, $condition); $sql = sprintf ("SELECT * FROM `%s` WHERE `%s` = '%s'", $table, $field, $condition);
} }
if ($order_field != "") if ($order_field != "")
$sql .= " ORDER BY ".$order_field; $sql .= sprintf(" ORDER BY `%s`",$order_field);
return get_db_all_rows_sql ($sql); return get_db_all_rows_sql ($sql);
} }

15
pandora_console/index.php
View File

@ -60,10 +60,11 @@ if ((! file_exists("include/config.php")) OR (! is_readable("include/config.php"
// Real start // Real start
session_start(); session_start();
include_once ("include/config.php"); require_once ("include/config.php");
include_once ("include/languages/language_".$config["language"].".php"); require_once ("include/languages/language_".$config["language"].".php");
require_once ("include/functions.php"); require_once ("include/functions.php");
require_once ("include/functions_db.php"); require_once ("include/functions_db.php");
//We should require this or you might end up with some empty strings
?> ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
@ -132,13 +133,12 @@ $REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
if ( (! isset ($_SESSION['id_usuario'])) && (isset ($_GET["login"]))) { if ( (! isset ($_SESSION['id_usuario'])) && (isset ($_GET["login"]))) {
$nick = get_parameter_post ("nick"); $nick = get_parameter_post ("nick");
$pass = get_parameter_post ("pass"); $pass = get_parameter_post ("pass");
// Connect to Database // Connect to Database
$sql1 = 'SELECT * FROM tusuario WHERE id_usuario = "'.$nick.'"'; $sql1 = sprintf("SELECT `id_usuario`, `password` FROM `tusuario` WHERE `id_usuario` = '%s'",$nick);
$result = mysql_query ($sql1); $row = get_db_row_sql ($sql1);
// For every registry // For every registry
if ($row = mysql_fetch_array ($result)){ if ($row !== false){
if ($row["password"] == md5 ($pass)){ if ($row["password"] == md5 ($pass)){
// Login OK // Login OK
// Nick could be uppercase or lowercase (select in MySQL // Nick could be uppercase or lowercase (select in MySQL
@ -165,8 +165,7 @@ if ( (! isset ($_SESSION['id_usuario'])) && (isset ($_GET["login"]))) {
"Incorrect password: " . $nick . " / " . $pass); "Incorrect password: " . $nick . " / " . $pass);
exit; exit;
} }
} } else {
else {
// User not known // User not known
unset ($_GET["sec2"]); unset ($_GET["sec2"]);
include "general/logon_failed.php"; include "general/logon_failed.php";

18
pandora_console/operation/agentes/datos_agente.php
View File

@ -18,20 +18,20 @@
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// Load global vars // Load global vars
require("include/config.php"); require ("include/config.php");
function datos_raw($id_agente_modulo, $periodo){ function datos_raw ($id_agente_modulo, $periodo){
global $config; global $config;
require("include/languages/language_".$config["language"].".php"); require("include/languages/language_".$config["language"].".php");
$id_user = $config["id_user"]; $id_user = $config["id_user"];
$periodo_label = $periodo; $periodo_label = $periodo;
switch ($periodo) { switch ($periodo) {
case "mes": case "mes":
$periodo = 86400*30; $periodo = 2592000;
$et=$lang_label["last_month"]; $et=$lang_label["last_month"];
break; break;
case "semana": case "semana":
$periodo = 86400*7; $periodo = 604800;
$et=$lang_label["last_week"]; $et=$lang_label["last_week"];
break; break;
case "dia": case "dia":
@ -39,7 +39,7 @@ function datos_raw($id_agente_modulo, $periodo){
$et=$lang_label["last_24"]; $et=$lang_label["last_24"];
break; break;
} }
$periodo = time() - $periodo; $periodo = time () - $periodo;
$id_agent = give_agent_id_from_module_id ($id_agente_modulo); $id_agent = give_agent_id_from_module_id ($id_agente_modulo);
$id_group = get_db_value ("id_grupo", "tagente", "id_agente", $id_agent); $id_group = get_db_value ("id_grupo", "tagente", "id_agente", $id_agent);
// Different query for string data type // Different query for string data type
@ -108,9 +108,9 @@ function datos_raw($id_agente_modulo, $periodo){
// Page begin // Page begin
// --------------- // ---------------
$id_user = ""; check_login();
if (comprueba_login() == 0)
$id_user = $_SESSION["id_usuario"]; $id_user = $_SESSION["id_usuario"];
if (give_acl($id_user, 0, "AR")!=1) { if (give_acl($id_user, 0, "AR")!=1) {
audit_db ($id_user, $REMOTE_ADDR, "ACL Violation", audit_db ($id_user, $REMOTE_ADDR, "ACL Violation",
@ -133,6 +133,6 @@ if (isset($_GET["delete"])) {
$result=mysql_query($sql); $result=mysql_query($sql);
} }
datos_raw($id,$tipo); datos_raw ($id,$tipo);
?> ?>

9
pandora_console/operation/agentes/estado_agente.php
View File

@ -16,14 +16,11 @@
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// Load global vars // Load global vars
require("include/config.php"); require ("include/config.php");
check_login ();
if (comprueba_login ()) {
audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access Agent view");
require ("general/noaccess.php");
}
if (give_acl($id_user, 0, "AR") == 0) { if (give_acl($id_user, 0, "AR") == 0) {
audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access agent main list view"); audit_db ($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access agent main list view");
require ("general/noaccess.php"); require ("general/noaccess.php");
exit; exit;
} }

8
pandora_console/operation/agentes/estado_alertas.php
View File

@ -17,23 +17,23 @@
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// Load global vars // Load global vars
require("include/config.php"); require ("include/config.php");
// Login check // Login check
$id_usuario=$_SESSION["id_usuario"]; $id_usuario=$_SESSION["id_usuario"];
global $REMOTE_ADDR; global $REMOTE_ADDR;
if (comprueba_login() != 0) { if (check_login() != 0) {
audit_db($id_usuario,$REMOTE_ADDR, "ACL Violation","Trying to access alert view"); audit_db($id_usuario,$REMOTE_ADDR, "ACL Violation","Trying to access alert view");
include ("general/noaccess.php"); include ("general/noaccess.php");
exit; exit;
} }
if ((give_acl($config["id_user"], 0, "AR")!=1) AND (!give_acl($config["id_user"],0,"AW")) AND (dame_admin($config["id_user"])!=1)) { if ((give_acl($config["id_user"], 0, "AR")!=1) AND (!give_acl($config["id_user"],0,"AW")) AND (dame_admin($config["id_user"])!=1)) {
audit_db($id_usuario,$REMOTE_ADDR, "ACL Violation","Trying to access alert view"); audit_db($id_usuario,$REMOTE_ADDR, "ACL Violation","Trying to access alert view");
include ("general/noaccess.php"); include ("general/noaccess.php");
exit; exit;
} }
// ------------------------------- // -------------------------------

198
pandora_console/operation/agentes/estado_generalagente.php
View File

@ -16,11 +16,10 @@
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// Load global vars // Load global vars
require("include/config.php"); require ("include/config.php");
check_login ();
if (comprueba_login() == 0) { if (isset($_GET["id_agente"])){
if (isset($_GET["id_agente"])){
$id_agente = $_GET["id_agente"]; $id_agente = $_GET["id_agente"];
// Connect BBDD // Connect BBDD
$sql1='SELECT * FROM tagente WHERE id_agente = '.$id_agente; $sql1='SELECT * FROM tagente WHERE id_agente = '.$id_agente;
@ -47,159 +46,126 @@ if (comprueba_login() == 0) {
echo "</div>"; echo "</div>";
exit; exit;
} }
} }
echo "<h2>".$lang_label["ag_title"]." &gt; ".$lang_label["view_agent_general_data"]."</h2>"; echo "<h2>".$lang_label["ag_title"]." &gt; ".$lang_label["view_agent_general_data"]."</h2>";
// Blank space below title // Blank space below title
echo "<div style='height: 10px'> </div>"; echo "<div style='height: 10px'> </div>";
echo '<table cellspacing="0" cellpadding="0" width="750" border=0 class="databox">'; echo '<table cellspacing="0" cellpadding="0" width="750" border=0 class="databox">';
echo "<tr><td>"; echo "<tr><td>";
echo '<table cellspacing="4" cellpadding="4" border=0 class="databox">'; echo '<table cellspacing="4" cellpadding="4" border=0 class="databox">';
echo '<tr> echo '<tr>
<td class="datos"><b>'.$lang_label["agent_name"].'</b></td> <td class="datos"><b>'.$lang_label["agent_name"].'</b></td>
<td class="datos"><b>'.strtoupper(salida_limpia($nombre_agente)).'</b></td>'; <td class="datos"><b>'.strtoupper(salida_limpia($nombre_agente)).'</b></td>';
echo "<td class='datos2' width='40'>
echo "<td class='datos2' width='40'>
<a class='info' href='index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=".$id_agente."&refr=60'><span>".$lang_label["refresh_data"]."</span><img src='images/refresh.png' class='top' border=0></a>&nbsp;"; <a class='info' href='index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=".$id_agente."&refr=60'><span>".$lang_label["refresh_data"]."</span><img src='images/refresh.png' class='top' border=0></a>&nbsp;";
echo "<a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&flag_agent=1&id_agente=$id_agente'><img src='images/target.png' border=0></A>";
echo "<a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&flag_agent=1&id_agente=$id_agente'><img src='images/target.png' border=0></A>"; // Data base access graph
// Data base access graph echo '</td></tr>';
echo '</td>'; echo '<tr><td class="datos2"><b>'.$lang_label["ip_address"].'</b></td><td class="datos2" colspan=2>';
// Show all address for this agent, show first the main IP (taken from tagente table)
echo '</tr>'; echo "<select style='padding:0px' name='notused' size='1'>";
echo '<tr> echo "<option>".salida_limpia($direccion_agente)."</option>";
<td class="datos2"><b>'.$lang_label["ip_address"].'</b></td> $sql_2='SELECT id_a FROM taddress_agent WHERE id_agent = '.$id_agente;
<td class="datos2" colspan=2>'; $result_t=mysql_query($sql_2);
while ($row=mysql_fetch_array($result_t)){
// Show all address for this agent, show first the main IP (taken from tagente table)
echo "<select style='padding:0px' name='notused' size='1'>";
echo "<option>".salida_limpia($direccion_agente)."</option>";
$sql_2='SELECT id_a FROM taddress_agent WHERE id_agent = '.$id_agente;
$result_t=mysql_query($sql_2);
while ($row=mysql_fetch_array($result_t)){
$sql_3='SELECT ip FROM taddress WHERE id_a = '.$row[0]; $sql_3='SELECT ip FROM taddress WHERE id_a = '.$row[0];
$result_3=mysql_query($sql_3); $result_3=mysql_query($sql_3);
$row3=mysql_fetch_array($result_3); $row3=mysql_fetch_array($result_3);
if ($direccion_agente != $row3[0]) { if ($direccion_agente != $row3[0]) {
echo "<option value='".salida_limpia($row3[0])."'>".salida_limpia($row3[0])."</option>"; echo "<option value='".salida_limpia($row3[0])."'>".salida_limpia($row3[0])."</option>";
} }
} }
echo "</select>"; echo "</select>";
echo '<tr><td class="datos"><b>'.$lang_label["os"].'</b></td><td class="datos" colspan="2"><img src="images/'.dame_so_icon($id_os).'"> - '.dame_so_name($id_os);
echo '<tr> if ($os_version != "") {
<td class="datos"><b>'.$lang_label["os"].'</b></td>
<td class="datos" colspan="2">
<img src="images/'.dame_so_icon($id_os).'"> - '.dame_so_name($id_os);
if ($os_version != "")
echo ' '.salida_limpia($os_version); echo ' '.salida_limpia($os_version);
echo '</td>'; }
echo '</tr>';
// Parent echo '</td>';
echo '<tr> echo '</tr>';
<td class="datos2"><b>'.lang_string("Parent").'</b></td>
<td class="datos2" colspan=2>';
echo "<a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=$id_parent'>";
echo dame_nombre_agente($id_parent).'</a></td>';
// Agent Interval // Parent
echo '<tr> echo '<tr><td class="datos2"><b>'.lang_string("Parent").'</b></td><td class="datos2" colspan=2>';
<td class="datos"><b>'.$lang_label["interval"].'</b></td> echo "<a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=$id_parent'>";
<td class="datos" colspan=2>'. human_time_description_raw($intervalo).'</td>'; echo dame_nombre_agente($id_parent).'</a></td>';
echo '</tr>';
// Comments // Agent Interval
echo '<tr> echo '<tr><td class="datos"><b>'.$lang_label["interval"].'</b></td><td class="datos" colspan=2>'. human_time_description_raw($intervalo).'</td></tr>';
<td class="datos2"><b>'.$lang_label["description"].'</b></td>
<td class="datos2" colspan=2>'.$comentarios.'</td>';
echo '</tr>';
// Group // Comments
echo '<tr> echo '<tr><td class="datos2"><b>'.$lang_label["description"].'</b></td><td class="datos2" colspan=2>'.$comentarios.'</td></tr>';
<td class="datos"><b>'.$lang_label["group"].'</b></td>
<td class="datos" colspan="2"> // Group
echo '<tr><td class="datos"><b>'.$lang_label["group"].'</b></td><td class="datos" colspan="2">
<img class="bot" src="images/groups_small/'.show_icon_group($id_grupo).'.png" >&nbsp;&nbsp; '.dame_grupo($id_grupo).'</td></tr>'; <img class="bot" src="images/groups_small/'.show_icon_group($id_grupo).'.png" >&nbsp;&nbsp; '.dame_grupo($id_grupo).'</td></tr>';
// Agent version // Agent version
echo '<tr><td class="datos2"><b>'.lang_string ("agentversion"). '</b>'; echo '<tr><td class="datos2"><b>'.lang_string ("agentversion"). '</b>';
echo '<td class="datos2" colspan=2>'.salida_limpia($agent_version). '</td>'; echo '<td class="datos2" colspan=2>'.salida_limpia($agent_version). '</td>';
// Total packets // Total packets
echo '<tr> echo '<tr><td class="datos"><b>'. lang_string ("total_packets"). '</b></td>';
<td class="datos"><b>'. lang_string ("total_packets"). '</b></td>'; echo '<td class="datos" colspan=2>';
echo '<td class="datos" colspan=2>'; $total_paketes= 0;
$total_paketes= 0; $sql_3='SELECT COUNT(*) FROM tagente_datos WHERE id_agente = '.$id_agente;
$sql_3='SELECT COUNT(*) FROM tagente_datos WHERE id_agente = '.$id_agente; $result_3=mysql_query($sql_3);
$result_3=mysql_query($sql_3); $row3=mysql_fetch_array($result_3);
$row3=mysql_fetch_array($result_3); $total_paketes = $row3[0];
$total_paketes = $row3[0]; echo $total_paketes;
echo $total_paketes; echo '</td></tr>';
echo '</td></tr>';
// Last contact // Last contact
echo '<tr> echo '<tr><td class="datos2f9"><b>'.$lang_label["last_contact"]." / ".$lang_label["remote"].'</b></td><td class="datos2 f9" colspan="2">';
<td class="datos2f9">
<b>'.$lang_label["last_contact"]." / ".$lang_label["remote"].'</b> if ($ultima_act == "0000-00-00 00:00:00"){
</td>
<td class="datos2 f9" colspan="2">';
if ($ultima_act == "0000-00-00 00:00:00"){
echo $lang_label["never"]; echo $lang_label["never"];
} else { } else {
echo $ultima_act; echo $ultima_act;
} }
echo " / ";
if ($ultima_act_remota == "0000-00-00 00:00:00"){ echo " / ";
if ($ultima_act_remota == "0000-00-00 00:00:00"){
echo $lang_label["never"]; echo $lang_label["never"];
} else { } else {
echo $ultima_act_remota; echo $ultima_act_remota;
} }
// Next contact // Next contact
$ultima = strtotime($ultima_act); $ultima = strtotime($ultima_act);
$ahora = strtotime("now"); $ahora = strtotime("now");
$diferencia = $ahora - $ultima; $diferencia = $ahora - $ultima;
// Get higher interval set for the set of modules from this agent // Get higher interval set for the set of modules from this agent
$sql_maxi ="SELECT MAX(module_interval) FROM tagente_modulo WHERE id_agente = ".$id_agente; $sql_maxi ="SELECT MAX(module_interval) FROM tagente_modulo WHERE id_agente = ".$id_agente;
$result_maxi=mysql_query($sql_maxi); $result_maxi=mysql_query($sql_maxi);
if ($row_maxi=mysql_fetch_array($result_maxi)) if ($row_maxi=mysql_fetch_array($result_maxi))
if ($row_maxi[0] > 0 ) if ($row_maxi[0] > 0 ) {
$intervalo = $row_maxi[0]; $intervalo = $row_maxi[0];
}
if ($intervalo > 0){ if ($intervalo > 0){
$percentil = round($diferencia/(($intervalo*2) / 100)); $percentil = round($diferencia/(($intervalo*2) / 100));
} else { } else {
$percentil = -1; $percentil = -1;
} }
echo "<tr> echo "<tr><td class='datos'><b>".$lang_label['next_contact']."</b>
<td class='datos'><b>".$lang_label['next_contact']."</b>
<td class='datosf9' colspan=2> <td class='datosf9' colspan=2>
<img src='reporting/fgraph.php?tipo=progress&percent=".$percentil."&height=20&width=200'> <img src='reporting/fgraph.php?tipo=progress&percent=".$percentil."&height=20&width=200'>
</td> </td></tr></table>
</tr>
</table>
<td valign='top'> <td valign='top'><table border=0>
<tr><td><b>".$lang_label["agent_access_rate"]."</b><br><br>
<table border=0>
<tr>
<td>
<b>".$lang_label["agent_access_rate"]."</b><br><br>
<img border=1 src='reporting/fgraph.php?id=".$id_agente."&tipo=agentaccess&periodo=1440&height=70&width=280'> <img border=1 src='reporting/fgraph.php?id=".$id_agente."&tipo=agentaccess&periodo=1440&height=70&width=280'>
</td> </td></tr>
</tr><tr> <tr><td><div style='height:25px'> </div>
<td><div style='height:25px'> </div>
<b>".lang_string("Events generated -by module-")."</b><br><br> <b>".lang_string("Events generated -by module-")."</b><br><br>
<img src='reporting/fgraph.php?tipo=event_module&width=250&height=180&id_agent=".$id_agente."' > <img src='reporting/fgraph.php?tipo=event_module&width=250&height=180&id_agent=".$id_agente."' >
</td></tr> </td></tr>
</table></td></tr> </table></td></tr>
</table> </table>";
";
}
?> ?>

4
pandora_console/operation/agentes/estado_monitores.php
View File

@ -18,7 +18,7 @@
// Load globar vars // Load globar vars
require("include/config.php"); require("include/config.php");
if (comprueba_login() == 0) { check_login();
// $id_agente can be obtained as global variable or GET param. // $id_agente can be obtained as global variable or GET param.
if (isset($_GET["id_agente"])){ if (isset($_GET["id_agente"])){
@ -120,5 +120,5 @@ if (comprueba_login() == 0) {
} else { } else {
echo "<div class='nf'>".$lang_label["no_monitors"]."</div>"; echo "<div class='nf'>".$lang_label["no_monitors"]."</div>";
} }
}
?> ?>

5
pandora_console/operation/agentes/exportdata.php
View File

@ -89,10 +89,7 @@ function generate_average_table ($id_de_mi_agente, $id_agente_modulo, $fecha_ini
require("include/config.php"); require("include/config.php");
// Security checks // Security checks
if (comprueba_login() != 0) { check_login();
require ("general/noaccess.php");
exit;
}
$id_user = $_SESSION["id_usuario"]; $id_user = $_SESSION["id_usuario"];
if ( (give_acl($id_user, 0, "AR")==0) AND (give_acl($id_user, 0, "AW")==0) ){ if ( (give_acl($id_user, 0, "AR")==0) AND (give_acl($id_user, 0, "AW")==0) ){

6
pandora_console/operation/agentes/networkmap.php
View File

@ -237,11 +237,7 @@ $font_size = (int) get_parameter ('font_size', 12);
$id_user = $_SESSION["id_usuario"]; $id_user = $_SESSION["id_usuario"];
global $REMOTE_ADDR; global $REMOTE_ADDR;
if (comprueba_login() != 0) { check_login();
audit_db($id_user, $REMOTE_ADDR, "ACL Violation", "Trying to access node graph builder");
include("general/noaccess.php");
exit;
}
if ((give_acl($id_user, 0, "AR") != 1 ) && (dame_admin($id_user) !=1 )) { if ((give_acl($id_user, 0, "AR") != 1 ) && (dame_admin($id_user) !=1 )) {
audit_db($id_user, $REMOTE_ADDR, "ACL Violation", "Trying to access node graph builder"); audit_db($id_user, $REMOTE_ADDR, "ACL Violation", "Trying to access node graph builder");

7
pandora_console/operation/agentes/sla_view.php
View File

@ -18,12 +18,9 @@
// Load global vars // Load global vars
global $config; global $config;
$id_user = $config["id_user"]; check_login();
if (comprueba_login() != 0) { $id_user = $config["id_user"];
require ("general/noaccess.php");
exit;
}
if ((give_acl($id_user, 0, "AR") != 1) AND (give_acl($id_user,0,"AW") != 1)) { if ((give_acl($id_user, 0, "AR") != 1) AND (give_acl($id_user,0,"AW") != 1)) {
audit_db($id_user,$REMOTE_ADDR, "ACL Violation", audit_db($id_user,$REMOTE_ADDR, "ACL Violation",

6
pandora_console/operation/agentes/status_events.php
View File

@ -18,11 +18,7 @@
// Load global vars // Load global vars
global $config; global $config;
check_login();
if (comprueba_login() != 0) {
require ("general/noaccess.php");
exit;
}
if (!isset($id_agente)){ if (!isset($id_agente)){
require ("general/noaccess.php"); require ("general/noaccess.php");

6
pandora_console/operation/agentes/status_monitor.php
View File

@ -20,11 +20,7 @@
global $config; global $config;
$id_user = $config["id_user"]; $id_user = $config["id_user"];
check_login();
if (comprueba_login() != 0) {
require ("general/noaccess.php");
exit;
}
if ((give_acl($id_user, 0, "AR")!=1) AND (give_acl($id_user,0,"AW")!=1)) { if ((give_acl($id_user, 0, "AR")!=1) AND (give_acl($id_user,0,"AW")!=1)) {
audit_db($id_user,$REMOTE_ADDR, "ACL Violation", audit_db($id_user,$REMOTE_ADDR, "ACL Violation",

42
pandora_console/operation/agentes/ver_agente.php
View File

@ -108,9 +108,10 @@ if (defined ('AJAX')) {
exit (); exit ();
} }
if (comprueba_login() == 0) { check_login();
$id_agente = get_parameter("id_agente",-1);
if ($id_agente != -1){ $id_agente = get_parameter("id_agente",-1);
if ($id_agente != -1){
// get group for this id_agente // get group for this id_agente
$query="SELECT * FROM tagente WHERE id_agente = ".$id_agente; $query="SELECT * FROM tagente WHERE id_agente = ".$id_agente;
$res=mysql_query($query); $res=mysql_query($query);
@ -118,7 +119,6 @@ if (comprueba_login() == 0) {
$id_grupo = $row["id_grupo"]; $id_grupo = $row["id_grupo"];
$id_usuario=$config["id_user"]; $id_usuario=$config["id_user"];
if (give_acl($id_usuario, $id_grupo, "AR")==1){ if (give_acl($id_usuario, $id_grupo, "AR")==1){
// Check for validate alert request // Check for validate alert request
$validate_alert = get_parameter ("validate_alert"); $validate_alert = get_parameter ("validate_alert");
if ($validate_alert != ""){ if ($validate_alert != ""){
@ -135,7 +135,6 @@ if (comprueba_login() == 0) {
// Single alerts // Single alerts
if ($alert_row["id_agente_modulo"] != 0){ if ($alert_row["id_agente_modulo"] != 0){
event_insert("Manual validation of alert for '$alert_name'", $ag_row["id_grupo"], $am_row["id_agente"], 1, $config["id_user"], "alert_manual_validation", 1, $alert_row["id_agente_modulo"], $validate_alert); event_insert("Manual validation of alert for '$alert_name'", $ag_row["id_grupo"], $am_row["id_agente"], 1, $config["id_user"], "alert_manual_validation", 1, $alert_row["id_agente_modulo"], $validate_alert);
// Combined alerts // Combined alerts
} else { } else {
event_insert("Manual validation of alert for '$alert_name'", $ag_row["id_grupo"], $alert_row ["id_agent"], 1, $config["id_user"], "alert_manual_validation", 1, 0, $validate_alert); event_insert("Manual validation of alert for '$alert_name'", $ag_row["id_grupo"], $alert_row ["id_agent"], 1, $config["id_user"], "alert_manual_validation", 1, 0, $validate_alert);
@ -165,48 +164,45 @@ if (comprueba_login() == 0) {
} }
if (give_acl($id_usuario,$id_grupo, "AR") == 1){ if (give_acl($id_usuario,$id_grupo, "AR") == 1){
echo "<div id='menu_tab_frame_view'>"; echo "<div id='menu_tab_frame_view'>";
echo "<div id='menu_tab_left'> echo "<div id='menu_tab_left'><ul class='mn'><li class='view'>
<ul class='mn'>
<li class='view'>
<a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=$id_agente'><img src='images/bricks.png' class='top' border=0>&nbsp; ".substr(dame_nombre_agente($id_agente),0,15)." - ".$lang_label["view_mode"]."</a>"; <a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=$id_agente'><img src='images/bricks.png' class='top' border=0>&nbsp; ".substr(dame_nombre_agente($id_agente),0,15)." - ".$lang_label["view_mode"]."</a>";
echo "</li>"; echo "</li>";
echo "</ul></div>"; echo "</ul></div>";
$tab = get_parameter ("tab", "main"); $tab = get_parameter ("tab", "main");
echo "<div id='menu_tab'><ul class='mn'>"; echo "<div id='menu_tab'><ul class='mn'>";
if (give_acl($id_usuario,$id_grupo, "AW") == 1){ if (give_acl($id_usuario,$id_grupo, "AW") == 1){
if ($tab == "manage") if ($tab == "manage") {
echo "<li class='nomn_high'>"; echo "<li class='nomn_high'>";
else } else {
echo "<li class='nomn'>"; echo "<li class='nomn'>";
// Manage agent // Manage agent
echo "<a href='index.php?sec=gagente&sec2=godmode/agentes/configurar_agente&id_agente=$id_agente'><img src='images/setup.png' width='16' class='top' border=0> ".$lang_label["Manage"]." </a>"; echo "<a href='index.php?sec=gagente&sec2=godmode/agentes/configurar_agente&id_agente=$id_agente'><img src='images/setup.png' width='16' class='top' border=0> ".$lang_label["Manage"]." </a>";
echo "</li>"; echo "</li>";
} }
// Main view } // Main view
if ($tab == "main") if ($tab == "main") {
echo "<li class='nomn_high'>"; echo "<li class='nomn_high'>";
else } else {
echo "<li class='nomn'>"; echo "<li class='nomn'>";
echo "<a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=$id_agente'><img src='images/monitor.png' class='top' border=0> ".$lang_label["Main"]." </a>"; echo "<a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=$id_agente'><img src='images/monitor.png' class='top' border=0> ".$lang_label["Main"]." </a>";
echo "</li>"; echo "</li>";
}
// Data // Data
if ($tab == "data") if ($tab == "data") {
echo "<li class='nomn_high'>"; echo "<li class='nomn_high'>";
else } else {
echo "<li class='nomn'>"; echo "<li class='nomn'>";
echo "<a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=$id_agente&tab=data'><img src='images/lightbulb.png' class='top' border=0> ".$lang_label["Data"]." </a>"; echo "<a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=$id_agente&tab=data'><img src='images/lightbulb.png' class='top' border=0> ".$lang_label["Data"]." </a>";
echo "</li>"; echo "</li>";
}
// Alerts // Alerts
if ($tab == "alert") if ($tab == "alert") {
echo "<li class='nomn_high'>"; echo "<li class='nomn_high'>";
else } else {
echo "<li class='nomn'>"; echo "<li class='nomn'>";
echo "<a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=$id_agente&tab=alert'><img src='images/bell.png' class='top' border=0> ".$lang_label["Alerts"]." </a>"; echo "<a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=$id_agente&tab=alert'><img src='images/bell.png' class='top' border=0> ".$lang_label["Alerts"]." </a>";
echo "</li>"; echo "</li>";
}
// Go to SLA view // Go to SLA view
echo "<li class='nomn'>"; echo "<li class='nomn'>";
echo "<a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&tab=sla&id_agente=$id_agente'><img src='images/images.png' class='top' border=0> ".lang_string("SLA")." </a>"; echo "<a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&tab=sla&id_agente=$id_agente'><img src='images/images.png' class='top' border=0> ".lang_string("SLA")." </a>";
@ -229,11 +225,9 @@ if (comprueba_login() == 0) {
require "estado_alertas.php"; require "estado_alertas.php";
require "status_events.php"; require "status_events.php";
break; break;
case "data": case "data":
require "estado_ultimopaquete.php"; require "estado_ultimopaquete.php";
break; break;
case "alert": case "alert":
require "estado_alertas.php"; require "estado_alertas.php";
break; break;
@ -246,6 +240,6 @@ if (comprueba_login() == 0) {
audit_db($id_usuario,$REMOTE_ADDR, "ACL Violation","Trying to access (read) to agent ".dame_nombre_agente($id_agente)); audit_db($id_usuario,$REMOTE_ADDR, "ACL Violation","Trying to access (read) to agent ".dame_nombre_agente($id_agente));
include ("general/noaccess.php"); include ("general/noaccess.php");
} }
}
} }
?> ?>