Changed database access to PDO using prepared statements

master
Thomas Hooge 1 year ago
parent a4ecd1bff7
commit 7c300e0a8f
  1. 50
      asset.php
  2. 21
      assetadd.php
  3. 19
      assetclass.php
  4. 19
      assetclassdel.php
  5. 22
      assetclassedit.php
  6. 17
      assetclassgroup.php
  7. 20
      assetclassgroupdel.php
  8. 24
      assetclassgroupedit.php
  9. 43
      assetclassgroupview.php
  10. 47
      assetclassview.php
  11. 33
      assetdel.php
  12. 21
      assetedit.php
  13. 50
      assetview.php
  14. 20
      assigniptonode.php
  15. 27
      assignnodetoasset.php
  16. 5
      dbconnect.php
  17. 54
      index.php
  18. 2
      lang/en.php
  19. 73
      lib.php
  20. 3
      lib/functions.php
  21. 14
      location.php
  22. 16
      locationadd.php
  23. 15
      locationdel.php
  24. 50
      locationedit.php
  25. 17
      locationsubnetadd.php
  26. 27
      locationsubnetdel.php
  27. 17
      locationsubnetedit.php
  28. 83
      locationview.php
  29. 93
      login.php
  30. 26
      natadd.php
  31. 43
      natdel.php
  32. 15
      natedit.php
  33. 48
      node.php
  34. 5
      nodeadd.php
  35. 19
      nodedel.php
  36. 38
      nodeedit.php
  37. 114
      nodeview.php
  38. 214
      search.php
  39. 1062
      submit.php
  40. 21
      subnet.php
  41. 16
      subnetadd.php
  42. 38
      subnetdel.php
  43. 33
      subnetedit.php
  44. 23
      subnetlocationadd.php
  45. 44
      subnetlocationdel.php
  46. 19
      subnetlocationedit.php
  47. 207
      subnetview.php
  48. 49
      subnetvlanadd.php
  49. 41
      subnetvlandel.php
  50. 19
      subnetvlanedit.php
  51. 296
      tpl/about.tpl
  52. 4
      tpl/asset.tpl
  53. 140
      tpl/assetadd.tpl
  54. 108
      tpl/assetclassadd.tpl
  55. 72
      tpl/assetclassdel.tpl
  56. 110
      tpl/assetclassedit.tpl
  57. 84
      tpl/assetclassgroupadd.tpl
  58. 76
      tpl/assetclassgroupdel.tpl
  59. 88
      tpl/assetclassgroupedit.tpl
  60. 121
      tpl/assetclassgroupview.tpl
  61. 12
      tpl/assetclassview.tpl
  62. 116
      tpl/assetdel.tpl
  63. 144
      tpl/assetedit.tpl
  64. 178
      tpl/assetview.tpl
  65. 126
      tpl/assigniptonode.tpl
  66. 210
      tpl/assignnodetoasset.tpl
  67. 46
      tpl/comments.tpl
  68. 18
      tpl/footer.tpl
  69. 122
      tpl/index.tpl
  70. 126
      tpl/locationadd.tpl
  71. 78
      tpl/locationdel.tpl
  72. 128
      tpl/locationedit.tpl
  73. 106
      tpl/locationsubnetadd.tpl
  74. 106
      tpl/locationsubnetdel.tpl
  75. 108
      tpl/locationsubnetedit.tpl
  76. 176
      tpl/locationview.tpl
  77. 136
      tpl/login.tpl
  78. 122
      tpl/natadd.tpl
  79. 8
      tpl/natdel.tpl
  80. 104
      tpl/natedit.tpl
  81. 3
      tpl/node.tpl
  82. 266
      tpl/nodeadd.tpl
  83. 76
      tpl/nodedel.tpl
  84. 252
      tpl/nodeedit.tpl
  85. 26
      tpl/nodeview.tpl
  86. 68
      tpl/options.tpl
  87. 220
      tpl/optionseditdisplay.tpl
  88. 102
      tpl/optionseditpassword.tpl
  89. 268
      tpl/search.tpl
  90. 158
      tpl/subnetadd.tpl
  91. 106
      tpl/subnetdel.tpl
  92. 168
      tpl/subnetedit.tpl
  93. 110
      tpl/subnetlocationadd.tpl
  94. 110
      tpl/subnetlocationdel.tpl
  95. 112
      tpl/subnetlocationedit.tpl
  96. 376
      tpl/subnetview.tpl
  97. 108
      tpl/subnetvlanadd.tpl
  98. 106
      tpl/subnetvlandel.tpl
  99. 108
      tpl/subnetvlanedit.tpl
  100. 64
      tpl/user.tpl
  101. Some files were not shown because too many files have changed in this diff Show More

@ -13,41 +13,33 @@ include("header.php");
// create letter links
$query = "SELECT
SUBSTRING(UPPER(asset.asset_name),1,1) AS asset_letter
FROM
asset
GROUP BY
asset_letter
ORDER BY
asset_letter";
$sql = "SELECT DISTINCT SUBSTRING(UPPER(asset_name),1,1) AS asset_letter
FROM asset
ORDER BY asset_letter";
$sth = $dbh->query($sql);
$alphabet = $db->db_select($query);
$alphabet = $sth->fetchAll();
$smarty->assign("alphabet", $alphabet);
// setup current letter
if(isset($_GET['asset_letter'])) {
$asset_letter = sanitize($_GET['asset_letter']);
// total asset count
$sth = $dbh->query("SELECT COUNT(*) FROM asset");
$smarty->assign("assetcount", $sth->fetchColumn());
// assetf for current letter
if (isset($_GET['asset_letter'])) {
$asset_letter = sanitize($_GET['asset_letter']);
} else {
$asset_letter = $alphabet[0]['asset_letter'];
$asset_letter = $alphabet[0]['asset_letter'];
}
$query = "SELECT
a.asset_id,
IF(LENGTH(a.asset_name)>0, a.asset_name, '...') AS asset_name,
a.asset_info,
c.assetclass_id,
c.assetclass_name
FROM
asset AS a LEFT OUTER JOIN assetclass AS c USING (assetclass_id)
WHERE
SUBSTRING(a.asset_name,1,1) = '" . $asset_letter . "'
ORDER BY
a.asset_name";
$assets = $db->db_select($query);
$smarty->assign("assets", $assets);
$sql = "SELECT a.asset_id, IF(LENGTH(a.asset_name)>0, a.asset_name, '...') AS asset_name,
a.asset_info, c.assetclass_id, c.assetclass_name
FROM asset AS a LEFT OUTER JOIN assetclass AS c USING (assetclass_id)
WHERE SUBSTRING(a.asset_name,1,1)=?
ORDER BY a.asset_name";
$sth = $dbh->prepare($sql);
$sth->execute([$asset_letter]);
$smarty->assign("assets", $sth->fetchAll());
$smarty->display("asset.tpl");

@ -12,18 +12,15 @@ include("includes.php");
if((isset($_GET['assetclass_id'])) ? $assetclass_id = sanitize($_GET['assetclass_id']) : $assetclass_id = "");
include("header.php");
$query = "SELECT
assetclass_id,
assetclass_name
FROM
assetclass
ORDER BY
assetclass_name";
$assetclasses = $db->db_select($query);
foreach ($assetclasses as $assetclass) {
$assetclass_options[$assetclass['assetclass_id']] = $assetclass['assetclass_name'];
$sql = "SELECT assetclass_id, assetclass_name
FROM assetclass
ORDER BY assetclass_name";
$sth = $dbh->query($sql);
$assetclass_options = array();
foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
$assetclass_options[$rec[0]] = $rec[1];
}
$smarty->assign("assetclass_options", $assetclass_options);

@ -10,20 +10,13 @@ SPDX-License-Identifier: GPL-3.0-or-later
include("includes.php");
include("header.php");
$query = "SELECT
a.assetclass_id,
a.assetclass_name,
g.assetclassgroup_id,
g.assetclassgroup_name,
g.assetclassgroup_color
FROM
assetclass AS a LEFT OUTER JOIN assetclassgroup AS g USING (assetclassgroup_id)
ORDER BY
a.assetclass_name";
$sql = "SELECT a.assetclass_id, a.assetclass_name, g.assetclassgroup_id,
g.assetclassgroup_name, g.assetclassgroup_color
FROM assetclass AS a LEFT OUTER JOIN assetclassgroup AS g USING (assetclassgroup_id)
ORDER BY a.assetclass_name";
$sth = $dbh->query($sql);
$smarty->assign("assetclasses", $sth->fetchAll(PDO::FETCH_ASSOC));
$assetclasses = $db->db_select($query);
$smarty->assign("assetclasses", $assetclasses);
$smarty->display("assetclass.tpl");
include("footer.php");

@ -13,18 +13,13 @@ $assetclass_id = sanitize($_GET['assetclass_id']);
include("header.php");
$query = "SELECT
assetclass_id,
assetclass_name
FROM
assetclass
WHERE
assetclass_id=" . $assetclass_id;
$assetclass = $db->db_select($query);
$smarty->assign("assetclass_id", $assetclass[0]['assetclass_id']);
$smarty->assign("assetclass_name", $assetclass[0]['assetclass_name']);
$sql = "SELECT assetclass_id, assetclass_name
FROM assetclass
WHERE assetclass_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$assetclass_id]);
$smarty->assign("assetclass", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("assetclassdel.tpl");

@ -12,22 +12,16 @@ include("includes.php");
$assetclass_id = sanitize($_GET['assetclass_id']);
include("header.php");
$query = "SELECT
assetclass_id,
assetclass_name,
assetclassgroup_id
FROM
assetclass
WHERE
assetclass_id=" . $assetclass_id;
$sql = "SELECT assetclass_id AS id, assetclass_name AS name,
assetclassgroup_id AS group_id
FROM assetclass
WHERE assetclass_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$assetclass_id]);
$assetclass = $db->db_select($query);
$smarty->assign("assetclass", $sth->fetch(PDO::FETCH_OBJ));
$smarty->assign("assetclass_id", $assetclass[0]['assetclass_id']);
$smarty->assign("assetclass_name", $assetclass[0]['assetclass_name']);
$smarty->assign("assetclassgroup_id", $assetclass[0]['assetclassgroup_id']);
$smarty->assign("assetclassgroup_options", $db->options_assetclassgroup());
$smarty->assign("assetclassgroup_options", db_get_options_assetclass());
$smarty->display("assetclassedit.tpl");

@ -8,21 +8,14 @@ SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
include("header.php");
$query = "SELECT
assetclassgroup_id,
assetclassgroup_name,
assetclassgroup_color
FROM
assetclassgroup
ORDER BY
assetclassgroup_name";
$assetclassgroups = $db->db_select($query);
$sql = "SELECT assetclassgroup_id, assetclassgroup_name, assetclassgroup_color
FROM assetclassgroup
ORDER BY assetclassgroup_name";
$sth = $dbh->query($sql);
$smarty->assign('assetclassgroups', $sth->fetchAll(PDO::FETCH_ASSOC));
$smarty->assign("assetclassgroups", $assetclassgroups);
$smarty->display("assetclassgroup.tpl");
include("footer.php");

@ -13,20 +13,12 @@ $assetclassgroup_id = sanitize($_GET['assetclassgroup_id']);
include("header.php");
$smarty->assign($lang);
$query = "SELECT
assetclassgroup_id,
assetclassgroup_name
FROM
assetclassgroup
WHERE
assetclassgroup_id=" . $assetclassgroup_id;
$assetclassgroup = $db->db_select($query);
$smarty->assign("assetclassgroup_id", $assetclassgroup[0]['assetclassgroup_id']);
$smarty->assign("assetclassgroup_name", $assetclassgroup[0]['assetclassgroup_name']);
$sql = "SELECT assetclassgroup_id AS id, assetclassgroup_name AS name
FROM assetclassgroup
WHERE assetclassgroup_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$assetclassgroup_id]);
$smarty->assign("assetclassgroup", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("assetclassgroupdel.tpl");

@ -14,22 +14,14 @@ $assetclassgroup_id = sanitize($_GET['assetclassgroup_id']);
$smarty->assign("scripts", 'jscolor.js');
include("header.php");
$smarty->assign($lang);
$query = "SELECT
assetclassgroup_id,
assetclassgroup_name,
assetclassgroup_color
FROM
assetclassgroup
WHERE
assetclassgroup_id=" . $assetclassgroup_id;
$assetclassgroup = $db->db_select($query);
$smarty->assign("assetclassgroup_id", $assetclassgroup[0]['assetclassgroup_id']);
$smarty->assign("assetclassgroup_name", $assetclassgroup[0]['assetclassgroup_name']);
$smarty->assign("assetclassgroup_color", $assetclassgroup[0]['assetclassgroup_color']);
$sql = "SELECT assetclassgroup_id AS id, assetclassgroup_name AS name,
assetclassgroup_color AS color
FROM assetclassgroup
WHERE assetclassgroup_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$assetclassgroup_id]);
$smarty->assign("assetclassgroup", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("assetclassgroupedit.tpl");

@ -13,33 +13,22 @@ $assetclassgroup_id = sanitize($_GET['assetclassgroup_id']);
include("header.php");
$query = "SELECT
assetclassgroup_id,
assetclassgroup_name,
assetclassgroup_color
FROM
assetclassgroup
WHERE
assetclassgroup_id=" . $assetclassgroup_id;
$assetclassgroup = $db->db_select($query);
$smarty->assign("assetclassgroup_id", $assetclassgroup[0]['assetclassgroup_id']);
$smarty->assign("assetclassgroup_name", $assetclassgroup[0]['assetclassgroup_name']);
$smarty->assign("assetclassgroup_color", $assetclassgroup[0]['assetclassgroup_color']);
$query = "SELECT
assetclass_id,
assetclass_name
FROM
assetclass
WHERE
assetclassgroup_id=" . $assetclassgroup_id . "
ORDER BY
assetclass_name";
$assetclasses = $db->db_select($query);
$smarty->assign("assetclasses", $assetclasses);
$sql = "SELECT assetclassgroup_id AS id,
assetclassgroup_name AS name,
assetclassgroup_color AS color
FROM assetclassgroup
WHERE assetclassgroup_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$assetclassgroup_id]);
$smarty->assign("assetclassgroup", $sth->fetch(PDO::FETCH_OBJ));
$sql = "SELECT assetclass_id, assetclass_name
FROM assetclass
WHERE assetclassgroup_id=?
ORDER BY assetclass_name";
$sth = $dbh->prepare($sql);
$sth->execute([$assetclassgroup_id]);
$smarty->assign("assetclasses", $sth->fetchAll(PDO::FETCH_ASSOC));
$smarty->display("assetclassgroupview.tpl");

@ -13,37 +13,22 @@ $assetclass_id = sanitize($_GET['assetclass_id']);
include("header.php");
$query = "SELECT
a.assetclass_id, a.assetclass_name,
g.assetclassgroup_id, g.assetclassgroup_name, g.assetclassgroup_color
FROM
assetclass AS a LEFT OUTER JOIN assetclassgroup AS g USING (assetclassgroup_id)
WHERE
a.assetclass_id=" . $assetclass_id;
$assetclass = $db->db_select($query);
$smarty->assign("assetclass_id", $assetclass[0]['assetclass_id']);
$smarty->assign("assetclass_name", $assetclass[0]['assetclass_name']);
$smarty->assign("assetclass_selected", "");
$smarty->assign("assetclassgroup_id", $assetclass[0]['assetclassgroup_id']);
$smarty->assign("assetclassgroup_name", $assetclass[0]['assetclassgroup_name']);
$smarty->assign("assetclassgroup_color", $assetclass[0]['assetclassgroup_color']);
$query = "SELECT
asset_id,
asset_name,
CONCAT(LEFT(asset_info, 80), IF(CHAR_LENGTH(asset_info)>80,'...','')) AS asset_info
FROM
asset
WHERE
assetclass_id='" . $assetclass_id . "'
ORDER BY
asset_name";
$assets = $db->db_select($query);
$smarty->assign("assets", $assets);
$sql = "SELECT a.assetclass_id, a.assetclass_name, g.assetclassgroup_id,
g.assetclassgroup_name, g.assetclassgroup_color
FROM assetclass AS a LEFT OUTER JOIN assetclassgroup AS g USING (assetclassgroup_id)
WHERE a.assetclass_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$assetclass_id]);
$smarty->assign("assetclass", $sth->fetch(PDO::FETCH_OBJ));
$sql = "SELECT asset_id, asset_name,
CONCAT(LEFT(asset_info, 80), IF(CHAR_LENGTH(asset_info)>80,'...','')) AS asset_info
FROM asset
WHERE assetclass_id=?
ORDER BY asset_name";
$sth = $dbh->prepare($sql);
$sth->execute([$assetclass_id]);
$smarty->assign("assets", $sth->fetchAll(PDO::FETCH_ASSOC));
$smarty->display("assetclassview.tpl");

@ -12,31 +12,18 @@ include("includes.php");
$asset_id = sanitize($_GET['asset_id']);
include("header.php");
$query = "SELECT
asset_name
FROM
asset
WHERE
asset_id=" . $asset_id;
$asset = $db->db_select($query);
// asset to delete
$sth = $dbh->prepare("SELECT asset_name FROM asset WHERE asset_id=?");
$sth->execute([$asset_id]);
$smarty->assign("asset_id", $asset_id);
$smarty->assign("asset_name", $asset[0]['asset_name']);
$query = "SELECT
node_id,
node_ip
FROM
node
WHERE
asset_id=" . $asset_id . "
ORDER BY
INET_ATON(node_ip)";
$nodes = $db->db_select($query);
$smarty->assign("nodes", $nodes);
$smarty->assign("asset_name", $sth->fetchColumn());
// nodes to delete
$sql = "SELECT node_id, node_ip FROM node WHERE asset_id=? ORDER BY INET_ATON(node_ip)";
$sth = $dbh->prepare($sql);
$sth->execute([$asset_id]);
$smarty->assign("nodes", $sth->fetchAll(PDO::FETCH_ASSOC));
$smarty->display("assetdel.tpl");

@ -13,21 +13,14 @@ $asset_id = sanitize($_GET['asset_id']);
include("header.php");
$query = "SELECT
asset_id,
asset_name,
asset_hostname,
asset_info,
assetclass_id
FROM
asset
WHERE
asset_id=" . $asset_id;
$sql = "SELECT asset_id, asset_name, asset_hostname, asset_info, assetclass_id
FROM asset
WHERE asset_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$asset_id]);
$smarty->assign("asset", $sth->fetch(PDO::FETCH_OBJ));
$asset = $db->db_select($query);
$smarty->assign("asset", $asset[0]);
$smarty->assign("assetclass_options", $db->options_assetclass());
$smarty->assign("assetclass_options", db_get_options_assetclass());
$smarty->display("assetedit.tpl");

@ -13,40 +13,22 @@ $asset_id = sanitize($_GET['asset_id']);
include("header.php");
$query = "SELECT
a.asset_name,
a.asset_hostname,
a.asset_info,
c.assetclass_id,
c.assetclass_name
FROM
asset AS a LEFT OUTER JOIN assetclass AS c USING (assetclass_id)
WHERE
a.asset_id=" . $asset_id;
$asset = $db->db_select($query);
$smarty->assign("asset_id", $asset_id);
$smarty->assign("asset_name", $asset[0]['asset_name']);
$smarty->assign("asset_hostname", $asset[0]['asset_hostname']);
$smarty->assign("asset_info", nl2br($asset[0]['asset_info']));
$smarty->assign("assetclass_id", $asset[0]['assetclass_id']);
$smarty->assign("assetclass_name", $asset[0]['assetclass_name']);
$query = "SELECT
node_id,
node_ip,
LEFT(node_info, 40) as node_info
FROM
node
WHERE
asset_id=" . $asset_id . "
ORDER BY
INET_ATON(node_ip)";
$nodes = $db->db_select($query);
$smarty->assign("nodes", $nodes);
$sql = "SELECT a.asset_id, a.asset_name, a.asset_hostname, a.asset_info,
c.assetclass_id, c.assetclass_name
FROM asset AS a LEFT OUTER JOIN assetclass AS c USING (assetclass_id)
WHERE a.asset_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$asset_id]);
$asset = $sth->fetch(PDO::FETCH_OBJ);
$smarty->assign("asset", $asset);
$sql = "SELECT node_id, node_ip, LEFT(node_info, 40) as node_info
FROM node
WHERE asset_id=?
ORDER BY INET_ATON(node_ip)";
$sth = $dbh->prepare($sql);
$sth->execute([$asset_id]);
$smarty->assign("nodes", $sth->fetchAll(PDO::FETCH_ASSOC));
$smarty->display("assetview.tpl");

@ -14,19 +14,13 @@ $subnet_id = sanitize($_GET['subnet_id']);
include("header.php");
$query = "SELECT
subnet_address,
subnet_mask
FROM
subnet
WHERE
subnet_id=" . $subnet_id;
$subnet = $db->db_select($query);
$smarty->assign("subnet_id", $subnet_id);
$smarty->assign("subnet_address", $subnet[0]['subnet_address']);
$smarty->assign("subnet_mask", $subnet[0]['subnet_mask']);
$sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
FROM subnet
WHERE subnet_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$subnet_id]);
$smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
$smarty->assign("node_ip", $node_ip);
$smarty->display("assigniptonode.tpl");

@ -17,31 +17,10 @@ include("header.php");
$smarty->assign("node_ip", $node_ip);
$smarty->assign("asset_id", $asset_id);
$smarty->assign("subnet_id", $subnet_id);
$query = "SELECT
asset_id,
asset_name
FROM
asset
ORDER BY
asset_name";
$assets = $db->db_select($query);
foreach ($assets as $asset) {
$asset_options[$asset['asset_id']] = $asset['asset_name'];
}
$smarty->assign("asset_options", $asset_options);
$query = "SELECT subnet_id,
CONCAT_WS('/', subnet_address, subnet_mask) AS subnet_name
FROM subnet
ORDER BY INET_ATON(subnet_address)";
$subnets = $db->db_select($query);
foreach ($subnets as $subnet) {
$subnet_options[$subnet['subnet_id']] = $subnet['subnet_name'];
}
$smarty->assign("subnet_options", $subnet_options);
$smarty->assign("asset_options", db_get_options_asset());
$smarty->assign("subnet_options", db_get_options_subnet());
$smarty->display("assignnodetoasset.tpl");

@ -7,7 +7,8 @@ Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
$dblink = mysqli_connect($config_mysql_host,$config_mysql_username,$config_mysql_password);
mysqli_select_db($dblink, $config_mysql_dbname);
$dbh = new PDO("mysql:host=$config_mysql_host;dbname=$config_mysql_dbname;charset=utf8", $config_mysql_username, $config_mysql_password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
?>

@ -11,57 +11,31 @@ include("includes.php");
include("header.php");
// asset
$query = "SELECT
COUNT(asset_id) AS asset_counter
FROM
asset";
// Statistics
$assets = $db->db_select($query);
$smarty->assign("asset_counter", $assets[0]['asset_counter']);
// asset
$sth = $dbh->query("SELECT COUNT(asset_id) AS asset_counter FROM asset");
$smarty->assign("asset_counter", $sth->fetchColumn());
// location
$query = "SELECT
COUNT(location_id) AS location_counter
FROM
location";
$locations = $db->db_select($query);
$smarty->assign("location_counter", $locations[0]['location_counter']);
$sth = $dbh->query("SELECT COUNT(location_id) AS location_counter FROM location");
$smarty->assign("location_counter", $sth->fetchColumn());
// node
$query = "SELECT
COUNT(node_id) AS node_counter
FROM
node";
$nodes = $db->db_select($query);
$smarty->assign("node_counter", $nodes[0]['node_counter']);
$sth = $dbh->query("SELECT COUNT(node_id) AS node_counter FROM node");
$smarty->assign("node_counter", $sth->fetchColumn());
// subnet
$query = "SELECT
COUNT(subnet_id) AS subnet_counter
FROM
subnet";
$subnets = $db->db_select($query);
$smarty->assign("subnet_counter", $subnets[0]['subnet_counter']);
$sth = $dbh->query("SELECT COUNT(subnet_id) AS subnet_counter FROM subnet");
$smarty->assign("subnet_counter", $sth->fetchColumn());
// vlan
$query = "SELECT
COUNT(vlan_id) AS vlan_counter
FROM
vlan";
$vlans = $db->db_select($query);
$smarty->assign("vlan_counter", $vlans[0]['vlan_counter']);
$sth = $dbh->query("SELECT COUNT(vlan_id) AS vlan_counter FROM vlan");
$smarty->assign("vlan_counter", $sth->fetchColumn());
// zone
$query = "SELECT
COUNT(zone_id) AS zone_counter
FROM
zone";
$zones = $db->db_select($query);
$smarty->assign("zone_counter", $zones[0]['zone_counter']);
$sth = $dbh->query("SELECT COUNT(zone_id) AS zone_counter FROM zone");
$smarty->assign("zone_counter", $sth->fetchColumn());
$smarty->display("index.tpl");

@ -62,7 +62,7 @@ $lang = array(
'lang_assetclassgroup_add' => 'Add assetclassgroup',
'lang_assetclassgroup_del' => 'Delete assetclassgroup',
'lang_assetclassgroup_edit' => 'Modify assetclassgroup',
'lang_assetclassgroup_name' => 'Assetclass Groupname',
'lang_assetclassgroup_name' => 'Assetclassgroup Name',
'lang_assetclassgroup_none' => 'There are no assetclassegroups defined',
'lang_assignnodetoasset' => 'Assign node to asset',

@ -15,11 +15,11 @@ $config_lang = array('de', 'en');
include("lib/functions.php");
require("lib/db.class.php");
$db = new Db($dblink);
//require("lib/db.class.php");
//$db = new Db($dblink);
require("lib/user.class.php");
$user = new User();
//require("lib/user.class.php");
// $user = new User();
require_once('smarty3/Smarty.class.php');
$smarty = new Smarty();
@ -29,4 +29,69 @@ $smarty->registerPlugin('function', 'treelist', 'print_tree');
$smarty->assign("suser_tooltips", $_SESSION['suser_tooltips'] ?? 'off');
// ========== DATABASE FUCTIONS ===============================================
function db_get_options_asset() {
global $dbh;
$sql = "SELECT asset_id, asset_name FROM asset ORDER BY asset_name";
$sth = $dbh->query($sql);
foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
$options[$rec[0]] = $rec[1];
}
return $options;
}
function db_get_options_assetclass() {
global $dbh;
$sql = "SELECT assetclass_id, assetclass_name FROM assetclass ORDER BY assetclass_name";
$sth = $dbh->query($sql);
foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
$options[$rec[0]] = $rec[1];
}
return $options;
}
function db_get_options_assetclassgroup() {
global $dbh;
$sql = "SELECT assetclassgroup_id, assetclassgroup_name FROM assetclassgroup ORDER BY assetclassgroup_name";
$sth = $dbh->query($sql);
foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
$options[$rec[0]] = $rec[1];
}
return $options;
}
function db_get_options_location() {
global $dbh;
$sql = "SELECT location_id, location_name FROM location ORDER BY location_name";
$sth = $dbh->query($sql);
foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
$options[$rec[0]] = $rec[1];
}
return $options;
}
function db_get_options_subnet() {
global $dbh;
$sql = "SELECT subnet_id,
CONCAT_WS('/', subnet_address, subnet_mask) AS subnet_name
FROM subnet
ORDER BY INET_ATON(subnet_address)";
$sth = $dbh->query($sql);
foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
$options[$rec[0]] = $rec[1];
}
return $options;
}
function db_get_options_vlan() {
global $dbh;
$sql = "SELECT vlan_id, vlan_name FROM vlan ORDER BY vlan_name";
$sth = $dbh->query($sql);
foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
$options[$rec[0]] = $rec[1];
}
return $options;
}
?>

@ -74,9 +74,6 @@ function sanitize($input) {
// convert special chars
$input = htmlentities($input,ENT_QUOTES,'UTF-8');
// make sql ready
$input = mysqli_real_escape_string($dblink, $input);
// and return
return $input;
}

@ -11,15 +11,11 @@ include("includes.php");
include("header.php");
$query = "SELECT
location_id AS id,
location_name AS value,
location_parent AS parent_id
FROM
location
ORDER BY location_parent, location_sort, location_name";
$locations = $db->db_select($query);
$sql = "SELECT location_id AS id, location_name AS value, location_parent AS parent_id
FROM location
ORDER BY location_parent, location_sort, location_name";
$sth = $dbh->query($sql);
$locations = $sth->fetchAll();
// function for recursion
function build_tree($parent_id, $level) {

@ -16,18 +16,16 @@ include("header.php");
// ************* <option value="0">{$lang_option_none}</option>
$query = "SELECT location_id, location_name, location_parent, location_sort
FROM location
ORDER BY location_parent, location_sort, location_name";
$sql = "SELECT location_id AS id, location_name, location_parent, location_sort
FROM location
ORDER BY location_parent, location_sort, location_name";
$sth = $dbh->query($sql);
$locations = $sth->fetchAll();
$locations = $db->db_select($query);
$location_counter = count($locations);
if ($location_counter>0) {
// get objects
if ($location_counter > 0) {
foreach ($locations AS $location) {
// create arrays
$location_names[$location['location_id']] = $location['location_name'];
$parents[$location['location_parent']][] = $location['location_id'];
}
@ -36,7 +34,6 @@ if ($location_counter>0) {
// look for parents
// function to look for parents and create a new array for every child
function location($parents, $parent = 0) {
// loop array to check
foreach ($parents[$parent] as $child) {
if (isset($parents[$child])) {
// element has children
@ -47,7 +44,6 @@ function location($parents, $parent = 0) {
}
}
// and again...
return $children;
}

@ -13,17 +13,10 @@ $location_id = sanitize($_GET['location_id']);
include("header.php");
$query = "SELECT
location_name
FROM
location
WHERE
location_id=" . $location_id;
$location = $db->db_select($query);
$smarty->assign("location_id", $location_id);
$smarty->assign("location_name", $location[0]['location_name']);
$sql = "SELECT location_name FROM location WHERE location_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$location_id]);
$smarty->assign("location", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("locationdel.tpl");

@ -14,39 +14,33 @@ $location_id = sanitize($_GET['location_id']);
include("header.php");
// location
$query = "SELECT
location_name,
location_parent,
location_info,
location_sort
FROM
location
WHERE
location_id=" . $location_id;
$sql = "SELECT location_name AS name, location_parent AS parent,
location_info AS info, location_sort AS sort
FROM location
WHERE location_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$location_id]);
$location = $sth->fetch(PDO::FETCH_OBJ);
$location = $db->db_select($query);
$location_parent = $location[0]['location_parent'];
$smarty->assign("location_id", $location_id);
$location_parent = $location->parent;
$smarty->assign("location", $location);
/*$smarty->assign("location_id", $location_id);
$smarty->assign("location_name", $location[0]['location_name']);
$smarty->assign("location_info", $location[0]['location_info']);
$smarty->assign("location_sort", $location[0]['location_sort']);
$smarty->assign("location_sort", $location[0]['location_sort']); */
// parent location
$query = "SELECT
location_id,
location_name,
location_parent
FROM
location
WHERE
location_id != " . $location_id . "
ORDER BY
location_name";
$locations = $db->db_select($query);
$sql = "SELECT location_id, location_name, location_parent
FROM location
WHERE location_id != ?
ORDER BY location_name";
$sth = $dbh->prepare($sql);
$sth->execute([$location_id]);
$locations = $sth->fetchAll();
$location_counter = count($locations);
$smarty->assign("location_counter", $location_counter);

@ -13,18 +13,15 @@ $location_id = sanitize($_GET['location_id']);
include("header.php");
$query = "SELECT
location_name
FROM
location
WHERE
location_id=" . $location_id;
$sql = "SELECT location_id AS id, location_name AS name
FROM location
WHERE location_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$location_id]);
$smarty->assign("location", $sth->fetch(PDO::FETCH_OBJ));
$location = $db->db_select($query);
$smarty->assign("location_id", $location_id);
$smarty->assign("location_name", $location[0]['location_name']);
$smarty->assign("subnet_options", $db->options_subnet());
$smarty->display("locationsubnetadd.tpl");
include("footer.php");

@ -14,32 +14,29 @@ $location_id = sanitize($_GET['location_id']);
include("header.php");
// location
$query = "SELECT
location_name
FROM
location
WHERE
location_id=" . $location_id;
$location = $db->db_select($query);
$smarty->assign("location_id", $location_id);
$smarty->assign("location_name", $location[0]['location_name']);
$sql = "SELECT location_id AS id, location_name AS name
FROM location
WHERE location_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$location_id]);
$smarty->assign("location", $sth->fetch(PDO::FETCH_OBJ));
// subnet
$query = "SELECT
$sql = "SELECT
s.subnet_id,
s.subnet_address,
s.subnet_mask
FROM
subnetlocation AS l LEFT JOIN subnet AS s USING (subnet_id)
WHERE
l.location_id=" . $location_id . "
l.location_id=?
ORDER BY
INET_ATON(s.subnet_address)";
$sth = $dbh->prepare($sql);
$sth->execute([$location_id]);
$subnets = $db->db_select($query);
$smarty->assign($subnets);
$smarty->assign($sth->fetchAll());
$smarty->display("locationsubnetdel.tpl");

@ -12,18 +12,13 @@ include("includes.php");
$location_id = sanitize($_GET['location_id']);
include("header.php");
// location
$query = "SELECT
location_name
FROM
location
WHERE
location_id=" . $location_id;
$location = $db->db_select($query);
$smarty->assign("location_id", $location_id);
$smarty->assign("location_name", $location[0]['location_name']);
$sql = "SELECT location_id AS id, location_name AS name
FROM location
WHERE location_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$zone_id]);
$smarty->assign("location", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("locationsubnetedit.tpl");

@ -15,64 +15,53 @@ include("header.php");
// locationcrumb
$sql = "SELECT location_id AS id, location_name AS name,
location_parent AS parent_id, location_info AS info,
CONCAT('locationview.php?location_id=', location_id) AS url
FROM location
WHERE location_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$location_id]);
$location = $sth->fetch(PDO::FETCH_OBJ);
$query = "SELECT location_id AS id,
location_name AS name,
location_parent AS parent_id,
location_info
FROM location
WHERE location_id=" . $location_id;
$location = $db->db_select($query);
$location[0]['url'] = 'locationview.php?location_id=' . $location[0]['id'];
$crumbs[] = $location[0];
$crumbs[] = $location;
$level = 1;
while ($crumbs[0]['parent_id'] != 0) {
$query = "SELECT location_id AS id,
location_name AS name,
location_parent AS parent_id
$sql = "SELECT location_id AS id, location_name AS name,
location_parent AS parent_id,
CONCAT('locationview.php?location_id=', location_id) AS url
FROM location
WHERE location_id=" . $crumbs[0]['parent_id'];
$result = $db->db_select($query);
$result[0]['url'] = 'locationview.php?location_id=' . $result[0]['id'];
array_unshift($crumbs, $result[0]);
WHERE location_id=?";
$sth = $dbh->prepare($sql);
while ($crumbs[0]->parent_id != 0) {
$sth->execute([$crumbs[0]->parent_id]);
$result = $sth->fetch(PDO::FETCH_OBJ);
array_unshift($crumbs, $result);
$level++;
}
$smarty->assign("location_id", $location_id);
$smarty->assign("location_info", nl2br($location[0]['location_info']));
$smarty->assign("location_id", $location->id);
$smarty->assign("location_info", nl2br($location->info));
$smarty->assign("crumbs", $crumbs);
// sublocations
$query = "SELECT
location_id AS sublocation_id,
location_name AS sublocation_name,
LEFT(location_info, 40) AS info_short,
CHAR_LENGTH(location_info) AS info_length
FROM
location
WHERE
location_parent=" . $location_id . "
ORDER BY
location_name";
$sublocations = $db->db_select($query);
$smarty->assign("sublocations", $sublocations);
$sql = "SELECT location_id AS sublocation_id, location_name AS sublocation_name,
LEFT(location_info, 40) AS info_short,
CHAR_LENGTH(location_info) AS info_length
FROM location
WHERE location_parent=?
ORDER BY location_name";
$sth = $dbh->prepare($sql);
$sth->execute([$location_id]);
$smarty->assign("sublocations", $sth->fetchAll());
// subnets
$query = "SELECT
s.subnet_id,
s.subnet_address,
s.subnet_mask
FROM
subnet AS s LEFT JOIN subnetlocation USING (subnet_id)
WHERE
subnetlocation.location_id=" . $location_id . "
ORDER BY
INET_ATON(s.subnet_address)";
$subnets = $db->db_select($query);
$smarty->assign("subnets", $subnets);
$sql = "SELECT s.subnet_id, s.subnet_address, s.subnet_mask
FROM subnet AS s LEFT JOIN subnetlocation AS l USING (subnet_id)
WHERE l.location_id=?
ORDER BY INET_ATON(s.subnet_address)";
$sth = $dbh->prepare($sql);
$sth->execute([$location_id]);
$smarty->assign("subnets", $sth->fetchAll());
$smarty->display("locationview.tpl");

@ -12,35 +12,86 @@ session_start();
include("config.php");
include("dbconnect.php");
include("lib.php");
// include language file
function user_login($user_name, $user_pass) {
global $dbh;
if (strlen($user_name) < 1) {
return FALSE;
}
if (strlen($user_pass) < 1) {
return FALSE;
}
$sql = "SELECT user_id, user_pass, user_displayname, user_language,
user_imagesize, user_imagecount, user_mac, user_dateformat,
user_dns1suffix, user_dns2suffix, user_menu_assets,
user_menu_assetclasses, user_menu_assetclassgroups,
user_menu_locations, user_menu_nodes, user_menu_subnets,
user_menu_users, user_menu_vlans, user_menu_zones,
user_tooltips
FROM user
WHERE user_name=?";
$sth = $dbh->prepare($sql);
$sth->execute([$user_name]);
if (!$user = $sth->fetch(PDO::FETCH_OBJ)) {
// no user record found
return FALSE;
}
// TODO use secure algo with salt!
if (strcmp(md5($user_pass), $user->user_pass) != 0) {
// password does not match
return FALSE;
}
// all ok: user is logged in, register session data
$_SESSION['suser_id'] = $user->user_id;
$_SESSION['suser_displayname'] = $user->user_displayname;
$_SESSION['suser_language'] = $user->user_language;
$_SESSION['suser_imagesize'] = $user->user_imagesize;
$_SESSION['suser_imagecount'] = $user->user_imagecount;
$_SESSION['suser_mac'] = $user->user_mac;
$_SESSION['suser_dateformat'] = $user->user_dateformat;
$_SESSION['suser_dns1suffix'] = $user->user_dns1suffix;
$_SESSION['suser_dns2suffix'] = $user->user_dns2suffix;
$_SESSION['suser_menu_assets'] = $user->user_menu_assets;
$_SESSION['suser_menu_assetclasses'] = $user->user_menu_assetclasses;
$_SESSION['suser_menu_assetclassgroups'] = $user->user_menu_assetclassgroups;
$_SESSION['suser_menu_locations'] = $user->user_menu_locations;
$_SESSION['suser_menu_nodes'] = $user->user_menu_nodes;
$_SESSION['suser_menu_subnets'] = $user->user_menu_subnets;
$_SESSION['suser_menu_users'] = $user->user_menu_users;
$_SESSION['suser_menu_vlans'] = $user->user_menu_vlans;
$_SESSION['suser_menu_zones'] = $user->user_menu_zones;
$_SESSION['suser_tooltips'] = $user->user_tooltips;
return TRUE;
}
// No header included, this page has no menu
$language = lang_getfrombrowser($config_lang, $config_lang_default, null, false);
include('lang/' . $language . '.php');
// check for submit
if ($_SERVER['REQUEST_METHOD']=="POST" ) {
/// get post info
$user_name = sanitize($_POST['user_name']);
$user_pass = sanitize($_POST['user_pass']);
// login
$login = $user->user_login($user_name, $user_pass);
if($login==TRUE) {
// redirect
header_location("index.php");
} else {
// not ok, break session
$_SESSION = array();
session_destroy();
}
$user_name = sanitize($_POST['user_name']);
$user_pass = sanitize($_POST['user_pass']);
if (user_login($user_name, $user_pass) == TRUE) {
header_location("index.php");
} else {
$_SESSION = array();
session_destroy();
}
}
$smarty->assign("config_version", $config_version);
$smarty->assign($lang);
$smarty->display("login.tpl");
include("footer.php");

@ -14,20 +14,19 @@ $node_id = sanitize($_GET['node_id']);
include("header.php");
// node_ext
$query = "SELECT
node_ip AS node_ip_ext
FROM
node
WHERE
node_id=" . $node_id;
$sql = "SELECT node_ip AS node_ip_ext
FROM node
WHERE node_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$node_id]);
$node = $db->db_select($query);
$node = $sth->fetch(PDO::FETCH_OBJ);
$smarty->assign("node_id_ext", $node_id);
$smarty->assign("node_ip_ext", $node[0]['node_ip_ext']);
$smarty->assign("node_ip_ext", $node->node_ip_ext);
// node_int
$query = "SELECT
$sql = "SELECT
a.asset_name,
n.node_id AS node_id_int,
n.node_ip AS node_ip_int
@ -40,13 +39,16 @@ $query = "SELECT
FROM
nat
WHERE
nat_ext=" . $node_id . "
nat_ext=?
)
AND n.node_id!=" . $node_id . "
AND n.node_id!=?
ORDER BY
INET_ATON(n.node_ip)";
$sth = $dbh->prepare($sql);
$sth->execute([$node_id, $node_id]);
$nodes = $sth->fetchAll();
$nodes = $db->db_select($query);
foreach ($nodes as $rec) {
$node_options[$rec['node_id_int']] = $rec['node_ip_int'] . '/' . $rec['asset_name'];
}

@ -14,39 +14,24 @@ $node_id = sanitize($_GET['node_id']);
include("header.php");
// node_ext
$query = "SELECT
node_ip AS node_ip_ext
FROM
node
WHERE
node_id=" . $node_id;
$node = $db->db_select($query);
$smarty->assign("node_id_ext", $node_id);
$smarty->assign("node_ip_ext", $node[0]['node_ip_ext']);
$sth = $dbh->prepare("SELECT node_id AS id_ext, node_ip AS ip_ext FROM node WHERE node_id=?");
$sth->execute([$node_id]);
$smarty->assign("node", $sth->fetch(PDO::FETCH_OBJ));
// options
$query = "SELECT
a.asset_name,
n.node_ip,
x.nat_ext
FROM
asset AS a,
nat AS x,
node AS n
WHERE
x.nat_ext=" . $node_id . "
AND n.node_id=x.nat_int
AND a.asset_id=n.asset_id
ORDER BY
INET_ATON(n.node_ip)";
$nodes = $db->db_select($query);
$sql = "SELECT x.nat_id, n.node_ip, a.asset_name
FROM nat AS x
LEFT JOIN node AS n ON (x.nat_int=n.node_id)
LEFT JOIN asset AS a USING (asset_id)
WHERE x.nat_ext=?
ORDER BY INET_ATON(n.node_ip)";
$sth = $dbh->prepare($sql);
$sth->execute([$node_id]);
$nats = $sth->fetchAll();
$options = array();
foreach ($nodes as $rec) {
$options[$rec['nat_ext']] = $rec['node_ip'] . '/' . $rec['asset_name'];
foreach ($nats as $rec) {
$options[$rec['nat_id']] = $rec['node_ip'] . '/' . $rec['asset_name'];
}
$smarty->assign("nat_options", $options);
$smarty->display("natdel.tpl");

@ -13,18 +13,11 @@ $node_id = sanitize($_GET['node_id']);
include("header.php");
$query = "SELECT
node_ip
FROM
node
WHERE
node.node_id=" . $node_id;
$sql = "SELECT node_id AS id, node_ip AS ip FROM node WHERE node.node_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$node_id]);
$smarty->assign("node", $sth->fetch(PDO::FETCH_OBJ));
$node = $db->db_select($query);
$smarty->assign("node_id", $node_id);
$smarty->assign("node_ip", $node[0]['node_ip']);
$smarty->display("natedit.tpl");
include("footer.php");

@ -10,31 +10,43 @@ SPDX-License-Identifier: GPL-3.0-or-later
include("includes.php");
include("header.php");
// filter preparation
$p = array();
$w = array();
if(isset($_GET['subnet_id'])) {
$subnet_id = sanitize($_GET['subnet_id']);
$subnet_view = "WHERE node.subnet_id=" . $subnet_id;
$w[] = "n.subnet_id=?";
$p[] = $subnet_id;
$smarty->assign("subnet_id", $subnet_id);
// get subnet details for title
$sql = "SELECT CONCAT_WS('/',subnet_address,subnet_mask) AS subnet
FROM subnet
WHERE subnet_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$subnet_id]);
$smarty->assign("subnet", $sth->fetchColumn());
} else {
$smarty->assign("subnet_id", '');
$subnet_view = '';
}
$query = "SELECT
asset.asset_id,
REPLACE(asset.asset_name, ' ', '&nbsp;') AS asset_name,
asset.asset_info,
node.node_id,
node.node_ip
FROM
asset LEFT JOIN node USING (asset_id)
" . $subnet_view . "
GROUP BY
node.node_id
ORDER BY
INET_ATON(node.node_ip)";
$nodes = $db->db_select($query);
$smarty->assign("nodes", $nodes);
// create sql with optional filter
$where = join(' AND ', $w);
$sql = "SELECT a.asset_id, a.asset_info,
REPLACE(a.asset_name, ' ', '&nbsp;') AS asset_name,
n.node_id, n.node_ip
FROM asset AS a LEFT JOIN node AS n USING (asset_id)";
if ($where) {
$sql .= ' WHERE ' . $where;
}
$sql .= "GROUP BY n.node_id ORDER BY INET_ATON(n.node_ip)";
$sth = $dbh->prepare($sql);
$sth->execute($p);
$smarty->assign("nodes", $sth->fetchAll());
$smarty->display("node.tpl");
include("footer.php");