diff --git a/assetclassedit.php b/assetclassedit.php index 863437c..c0fe463 100644 --- a/assetclassedit.php +++ b/assetclassedit.php @@ -21,7 +21,7 @@ $sth->execute([$assetclass_id]); $smarty->assign("assetclass", $sth->fetch(PDO::FETCH_OBJ)); -$smarty->assign("assetclassgroup_options", db_get_options_assetclass()); +$smarty->assign("assetclassgroup_options", db_get_options_assetclassgroup()); $smarty->display("assetclassedit.tpl"); diff --git a/assetview.php b/assetview.php index 12756c7..c30afcc 100644 --- a/assetview.php +++ b/assetview.php @@ -9,7 +9,11 @@ SPDX-License-Identifier: GPL-3.0-or-later include("includes.php"); -$asset_id = sanitize($_GET['asset_id']); +if (isset($_GET['asset_id']) && (!empty($_GET['asset_id']))) { + $asset_id = sanitize($_GET['asset_id']); +} else { + header_location("comments.php?comments=error"); +} include("header.php"); diff --git a/lib.php b/lib.php index 8a8c707..8f8f1eb 100644 --- a/lib.php +++ b/lib.php @@ -41,13 +41,15 @@ $smarty->template_dir = 'tpl'; $smarty->compile_dir = 'tpl_c'; $smarty->registerPlugin('function', 'treelist', 'print_tree'); $smarty->registerPlugin('function', 'msgout', 'msgout'); -$smarty->assign("suser_name", $_SESSION['suser_displayname']); -$smarty->assign("suser_tooltips", $_SESSION['suser_tooltips'] ?? 'off'); -$smarty->assign("suser_add", $_SESSION['suser_role_add']); -$smarty->assign("suser_edit", $_SESSION['suser_role_edit']); -$smarty->assign("suser_delete", $_SESSION['suser_role_delete']); -$smarty->assign("suser_manage", $_SESSION['suser_role_manage']); -$smarty->assign("suser_admin", $_SESSION['suser_role_admin']); +if (!empty($_SESSION['suser_id'])) { + $smarty->assign("suser_name", $_SESSION['suser_displayname']); + $smarty->assign("suser_tooltips", $_SESSION['suser_tooltips'] ?? 'off'); + $smarty->assign("suser_add", $_SESSION['suser_role_add']); + $smarty->assign("suser_edit", $_SESSION['suser_role_edit']); + $smarty->assign("suser_delete", $_SESSION['suser_role_delete']); + $smarty->assign("suser_manage", $_SESSION['suser_role_manage']); + $smarty->assign("suser_admin", $_SESSION['suser_role_admin']); +} // prepare global message system $g_message = new Message; diff --git a/login.php b/login.php index 9073824..d2231e3 100644 --- a/login.php +++ b/login.php @@ -20,7 +20,9 @@ $dbh = new PDO("mysql:host=$config_mysql_host;dbname=$config_mysql_dbname;charse $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); -include("lib.php"); // only for get_language from browser. TODO: simplify +include("lib.php"); // for smarty e.g. + +// ========== LOGIN FUNCTIONS ================================================= function check_ldap_bind($user_name, $user_pass) { global $config_ldap_host; @@ -40,7 +42,7 @@ function check_ldap_bind($user_name, $user_pass) { if ($res) { $info = ldap_get_entries($ldap_conn, $res); $user_dn = $info[0]['dn']; - $res = ldap_bind($ldap_conn, $user_dn, $user_pass); + $res = @ldap_bind($ldap_conn, $user_dn, $user_pass); if ($res) { return TRUE; } @@ -83,7 +85,7 @@ function user_login ($user_name, $user_pass) { return FALSE; } // TODO sync LDAP data to local - { else { + } else { // compare local passwords if (strcmp(md5($user_pass), rtrim($user->user_pass)) != 0) { // password does not match with md5, check if new hash matches @@ -135,6 +137,8 @@ function user_login ($user_name, $user_pass) { // No header included, this page has no menu +// ========== LOGIN: HERE BE DRAGONS ========================================== + $language = lang_getfrombrowser($config_lang, $config_lang_default, null, false); include('lang/' . $language . '.php'); diff --git a/nodeview.php b/nodeview.php index 62c93be..e240124 100644 --- a/nodeview.php +++ b/nodeview.php @@ -36,8 +36,8 @@ $sql = "SELECT zone.zone_origin FROM node - JOIN asset USING (asset_id) - JOIN subnet USING (subnet_id) + LEFT JOIN asset USING (asset_id) + LEFT JOIN subnet USING (subnet_id) LEFT JOIN zone USING (zone_id) WHERE node.node_id=?"; diff --git a/tpl/assetclassedit.tpl b/tpl/assetclassedit.tpl index a95cd86..07147ce 100644 --- a/tpl/assetclassedit.tpl +++ b/tpl/assetclassedit.tpl @@ -47,7 +47,7 @@ {$lang_assetclassgroup}