From 6e4c4236aacd79ba9d207a968bc9e6adccb55362 Mon Sep 17 00:00:00 2001
From: Thomas Hooge <thomas@hoogi.de>
Date: Thu, 2 Mar 2023 10:53:06 +0100
Subject: [PATCH] Some more bugfixing

---
 assetclassedit.php          |  2 +-
 assetview.php               |  6 +++++-
 lib.php                     | 16 +++++++++-------
 login.php                   | 10 +++++++---
 nodeview.php                |  4 ++--
 tpl/assetclassedit.tpl      |  2 +-
 tpl/assetclassgroupview.tpl |  2 +-
 tpl/assetclassview.tpl      |  2 +-
 tpl/assetview.tpl           |  2 +-
 tpl/locationview.tpl        |  2 +-
 tpl/nodeview.tpl            |  2 +-
 tpl/subnetview.tpl          |  2 +-
 tpl/vlanview.tpl            |  2 +-
 tpl/zoneview.tpl            |  2 +-
 14 files changed, 33 insertions(+), 23 deletions(-)

diff --git a/assetclassedit.php b/assetclassedit.php
index 863437c..c0fe463 100644
--- a/assetclassedit.php
+++ b/assetclassedit.php
@@ -21,7 +21,7 @@ $sth->execute([$assetclass_id]);
 
 $smarty->assign("assetclass", $sth->fetch(PDO::FETCH_OBJ));
 
-$smarty->assign("assetclassgroup_options", db_get_options_assetclass());
+$smarty->assign("assetclassgroup_options", db_get_options_assetclassgroup());
 
 $smarty->display("assetclassedit.tpl");
 
diff --git a/assetview.php b/assetview.php
index 12756c7..c30afcc 100644
--- a/assetview.php
+++ b/assetview.php
@@ -9,7 +9,11 @@ SPDX-License-Identifier: GPL-3.0-or-later
 
 include("includes.php");
 
-$asset_id = sanitize($_GET['asset_id']);
+if (isset($_GET['asset_id']) && (!empty($_GET['asset_id']))) {
+    $asset_id = sanitize($_GET['asset_id']);
+} else {
+    header_location("comments.php?comments=error");
+}
 
 include("header.php");
 
diff --git a/lib.php b/lib.php
index 8a8c707..8f8f1eb 100644
--- a/lib.php
+++ b/lib.php
@@ -41,13 +41,15 @@ $smarty->template_dir = 'tpl';
 $smarty->compile_dir = 'tpl_c';
 $smarty->registerPlugin('function', 'treelist', 'print_tree');
 $smarty->registerPlugin('function', 'msgout', 'msgout');
-$smarty->assign("suser_name", $_SESSION['suser_displayname']);
-$smarty->assign("suser_tooltips", $_SESSION['suser_tooltips'] ?? 'off');
-$smarty->assign("suser_add", $_SESSION['suser_role_add']);
-$smarty->assign("suser_edit", $_SESSION['suser_role_edit']);
-$smarty->assign("suser_delete", $_SESSION['suser_role_delete']);
-$smarty->assign("suser_manage", $_SESSION['suser_role_manage']);
-$smarty->assign("suser_admin", $_SESSION['suser_role_admin']);
+if (!empty($_SESSION['suser_id'])) {
+    $smarty->assign("suser_name", $_SESSION['suser_displayname']);
+    $smarty->assign("suser_tooltips", $_SESSION['suser_tooltips'] ?? 'off');
+    $smarty->assign("suser_add", $_SESSION['suser_role_add']);
+    $smarty->assign("suser_edit", $_SESSION['suser_role_edit']);
+    $smarty->assign("suser_delete", $_SESSION['suser_role_delete']);
+    $smarty->assign("suser_manage", $_SESSION['suser_role_manage']);
+    $smarty->assign("suser_admin", $_SESSION['suser_role_admin']);
+}
 
 // prepare global message system
 $g_message = new Message;
diff --git a/login.php b/login.php
index 9073824..d2231e3 100644
--- a/login.php
+++ b/login.php
@@ -20,7 +20,9 @@ $dbh = new PDO("mysql:host=$config_mysql_host;dbname=$config_mysql_dbname;charse
 $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 $dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
 
-include("lib.php"); // only for get_language from browser. TODO: simplify
+include("lib.php"); // for smarty e.g.
+
+// ========== LOGIN FUNCTIONS =================================================
 
 function check_ldap_bind($user_name, $user_pass) {
     global $config_ldap_host;
@@ -40,7 +42,7 @@ function check_ldap_bind($user_name, $user_pass) {
                 if ($res) {
                     $info = ldap_get_entries($ldap_conn, $res);
                     $user_dn = $info[0]['dn'];
-                    $res = ldap_bind($ldap_conn, $user_dn, $user_pass);
+                    $res = @ldap_bind($ldap_conn, $user_dn, $user_pass);
                     if ($res) {
                         return TRUE;
                     }
@@ -83,7 +85,7 @@ function user_login ($user_name, $user_pass) {
             return FALSE;
         }
         // TODO sync LDAP data to local
-    { else {
+    } else {
         // compare local passwords
         if (strcmp(md5($user_pass), rtrim($user->user_pass)) != 0) {
             // password does not match with md5, check if new hash matches
@@ -135,6 +137,8 @@ function user_login ($user_name, $user_pass) {
 
 // No header included, this page has no menu
 
+// ========== LOGIN: HERE BE DRAGONS ==========================================
+
 $language = lang_getfrombrowser($config_lang, $config_lang_default, null, false);
 include('lang/' . $language . '.php');
 
diff --git a/nodeview.php b/nodeview.php
index 62c93be..e240124 100644
--- a/nodeview.php
+++ b/nodeview.php
@@ -36,8 +36,8 @@ $sql = "SELECT
             zone.zone_origin
         FROM
             node
-            JOIN asset USING (asset_id)
-            JOIN subnet USING (subnet_id)
+            LEFT JOIN asset USING (asset_id)
+            LEFT JOIN subnet USING (subnet_id)
             LEFT JOIN zone USING (zone_id)
         WHERE
             node.node_id=?";
diff --git a/tpl/assetclassedit.tpl b/tpl/assetclassedit.tpl
index a95cd86..07147ce 100644
--- a/tpl/assetclassedit.tpl
+++ b/tpl/assetclassedit.tpl
@@ -47,7 +47,7 @@
         {$lang_assetclassgroup}
     </td>
     <td class="value">
-        {html_options name=assetclassgroup_id options=$assetclassgroup_options selected=$assetclassgroup_id}
+        {html_options name=assetclassgroup_id options=$assetclassgroup_options selected=$assetclass->group_id}
     </td>
 </tr>
 </table>
diff --git a/tpl/assetclassgroupview.tpl b/tpl/assetclassgroupview.tpl
index a24057b..df4ec19 100644
--- a/tpl/assetclassgroupview.tpl
+++ b/tpl/assetclassgroupview.tpl
@@ -11,7 +11,7 @@
 {if $suser_edit}
         <a href="assetclassgroupedit.php?assetclassgroup_id={$assetclassgroup->id}"><img src="image.php?icon=edit" alt="{$lang_assetclassgroup_edit}" {if $suser_tooltips}title="{$lang_assetclassgroup_edit}" {/if}/></a>
 {/if}
-{if $suser_del}
+{if $suser_delete}
         <a href="assetclassgroupdel.php?assetclassgroup_id={$assetclassgroup->id}"><img src="image.php?icon=delete" alt="{$lang_assetclassgroup_del}" {if $suser_tooltips}title="{$lang_assetclassgroup_del}" {/if}/></a>
 {/if}
     </td>
diff --git a/tpl/assetclassview.tpl b/tpl/assetclassview.tpl
index 65ac5cd..fc9c945 100644
--- a/tpl/assetclassview.tpl
+++ b/tpl/assetclassview.tpl
@@ -11,7 +11,7 @@
 {if $suser_edit}
         <a href="assetclassedit.php?assetclass_id={$assetclass->assetclass_id}"><img src="image.php?icon=edit" alt="{$lang_assetclass_edit}" {if $suser_tooltips}title="{$lang_asset_edit}" {/if}/></a>
 {/if}
-{if $suser_del}
+{if $suser_delete}
         <a href="assetclassdel.php?assetclass_id={$assetclass->assetclass_id}"><img src="image.php?icon=delete" alt="{$lang_assetclass_add}" {if $suser_tooltips}title="{$lang_asset_delete}" {/if}/></a>
 {/if}
     </td>
diff --git a/tpl/assetview.tpl b/tpl/assetview.tpl
index ebe74c2..1bfd00b 100644
--- a/tpl/assetview.tpl
+++ b/tpl/assetview.tpl
@@ -11,7 +11,7 @@
 {if $suser_edit}
         <a href="assetedit.php?asset_id={$asset->asset_id}"><img src="image.php?icon=edit" alt="{$lang_asset_edit}"></a>
 {/if}
-{if $suser_del}
+{if $suser_delete}
         <a href="assetdel.php?asset_id={$asset->asset_id}"><img src="image.php?icon=delete" alt="{$lang_asset_edit}"></a>
 {/if}
     </td>
diff --git a/tpl/locationview.tpl b/tpl/locationview.tpl
index a0604b5..50c32c9 100644
--- a/tpl/locationview.tpl
+++ b/tpl/locationview.tpl
@@ -11,7 +11,7 @@
 {if $suser_edit}
         <a href="locationedit.php?location_id={$location->id}"><img src="images/building_edit.png" alt="{$lang_location_edit}"></a>
 {/if}
-{if $suser_del}
+{if $suser_delete}
         <a href="locationdel.php?location_id={$location->id}"><img src="images/building_delete.png" alt="{$lang_location_del}"></a>
 {/if}
     </td>
diff --git a/tpl/nodeview.tpl b/tpl/nodeview.tpl
index b759fa4..8f67f27 100644
--- a/tpl/nodeview.tpl
+++ b/tpl/nodeview.tpl
@@ -8,7 +8,7 @@
 {if $suser_edit}
         <a href="nodeedit.php?node_id={$node->id}"><img src="image.php?icon=edit" alt="{$lang_node_edit}"></a>
 {/if}
-{if $suser_del}
+{if $suser_delete}
         <a href="nodedel.php?node_id={$node->id}"><img src="image.php?icon=delete" alt="{$lang_node_del}"></a>
 {/if}
     </td>
diff --git a/tpl/subnetview.tpl b/tpl/subnetview.tpl
index 5bab9bf..b62d3cc 100644
--- a/tpl/subnetview.tpl
+++ b/tpl/subnetview.tpl
@@ -8,7 +8,7 @@
 {if $suser_edit}
         <a href="subnetedit.php?subnet_id={$subnet->id}"><img src="image.php?icon=edit" alt="{$lang_subnet_edit}"></a>
 {/if}
-{if $suser_del}
+{if $suser_delete}
         <a href="subnetdel.php?subnet_id={$subnet->id}"><img src="image.php?icon=delete" alt="{$lang_subnet_del}"></a>
 {/if}
     </td>
diff --git a/tpl/vlanview.tpl b/tpl/vlanview.tpl
index c8b6d96..52ee51b 100644
--- a/tpl/vlanview.tpl
+++ b/tpl/vlanview.tpl
@@ -11,7 +11,7 @@
 {if $suser_edit}
         <a href="vlanedit.php?vlan_id={$vlan->id}"><img src="image.php?icon=edit" alt="{$lang_vlan_edit}"></a>
 {/if}
-{if $suser_del}
+{if $suser_delete}
         <a href="vlandel.php?vlan_id={$vlan->id}"><img src="image.php?icon=delete" alt="{$lang_vlan_del}"></a>
 {/if}
     </td>
diff --git a/tpl/zoneview.tpl b/tpl/zoneview.tpl
index a3ffabc..1b2631e 100644
--- a/tpl/zoneview.tpl
+++ b/tpl/zoneview.tpl
@@ -8,7 +8,7 @@
 {if $suser_edit || $suser_admin}
 		<a href="zoneedit.php?zone_id={$zone->zone_id}"><img src="images/table_edit.png" alt="{$lang_zone_edit}" /></a>
 {/if}
-{if $suser_del || $suser_admin}
+{if $suser_delete || $suser_admin}
 		<a href="zonedel.php?zone_id={$zone->zone_id}"><img src="images/table_delete.png" alt="{$lang_zone_del}" /></a>
 {/if}
 	</td>