diff --git a/asset.php b/asset.php
index 350e723..dcaf598 100644
--- a/asset.php
+++ b/asset.php
@@ -13,41 +13,33 @@ include("header.php");
// create letter links
-$query = "SELECT
- SUBSTRING(UPPER(asset.asset_name),1,1) AS asset_letter
- FROM
- asset
- GROUP BY
- asset_letter
- ORDER BY
- asset_letter";
+$sql = "SELECT DISTINCT SUBSTRING(UPPER(asset_name),1,1) AS asset_letter
+ FROM asset
+ ORDER BY asset_letter";
+$sth = $dbh->query($sql);
-$alphabet = $db->db_select($query);
+$alphabet = $sth->fetchAll();
$smarty->assign("alphabet", $alphabet);
-// setup current letter
-if(isset($_GET['asset_letter'])) {
- $asset_letter = sanitize($_GET['asset_letter']);
+// total asset count
+$sth = $dbh->query("SELECT COUNT(*) FROM asset");
+$smarty->assign("assetcount", $sth->fetchColumn());
+
+// assetf for current letter
+if (isset($_GET['asset_letter'])) {
+ $asset_letter = sanitize($_GET['asset_letter']);
} else {
- $asset_letter = $alphabet[0]['asset_letter'];
+ $asset_letter = $alphabet[0]['asset_letter'];
}
-$query = "SELECT
- a.asset_id,
- IF(LENGTH(a.asset_name)>0, a.asset_name, '...') AS asset_name,
- a.asset_info,
- c.assetclass_id,
- c.assetclass_name
- FROM
- asset AS a LEFT OUTER JOIN assetclass AS c USING (assetclass_id)
- WHERE
- SUBSTRING(a.asset_name,1,1) = '" . $asset_letter . "'
- ORDER BY
- a.asset_name";
-
-$assets = $db->db_select($query);
-
-$smarty->assign("assets", $assets);
+$sql = "SELECT a.asset_id, IF(LENGTH(a.asset_name)>0, a.asset_name, '...') AS asset_name,
+ a.asset_info, c.assetclass_id, c.assetclass_name
+ FROM asset AS a LEFT OUTER JOIN assetclass AS c USING (assetclass_id)
+ WHERE SUBSTRING(a.asset_name,1,1)=?
+ ORDER BY a.asset_name";
+$sth = $dbh->prepare($sql);
+$sth->execute([$asset_letter]);
+$smarty->assign("assets", $sth->fetchAll());
$smarty->display("asset.tpl");
diff --git a/assetadd.php b/assetadd.php
index ce6bdaa..980f0f7 100644
--- a/assetadd.php
+++ b/assetadd.php
@@ -12,18 +12,15 @@ include("includes.php");
if((isset($_GET['assetclass_id'])) ? $assetclass_id = sanitize($_GET['assetclass_id']) : $assetclass_id = "");
include("header.php");
-
-$query = "SELECT
- assetclass_id,
- assetclass_name
-FROM
- assetclass
-ORDER BY
- assetclass_name";
-
-$assetclasses = $db->db_select($query);
-foreach ($assetclasses as $assetclass) {
- $assetclass_options[$assetclass['assetclass_id']] = $assetclass['assetclass_name'];
+
+$sql = "SELECT assetclass_id, assetclass_name
+ FROM assetclass
+ ORDER BY assetclass_name";
+$sth = $dbh->query($sql);
+
+$assetclass_options = array();
+foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
+ $assetclass_options[$rec[0]] = $rec[1];
}
$smarty->assign("assetclass_options", $assetclass_options);
diff --git a/assetclass.php b/assetclass.php
index 318e96e..7723abb 100644
--- a/assetclass.php
+++ b/assetclass.php
@@ -10,20 +10,13 @@ SPDX-License-Identifier: GPL-3.0-or-later
include("includes.php");
include("header.php");
-$query = "SELECT
- a.assetclass_id,
- a.assetclass_name,
- g.assetclassgroup_id,
- g.assetclassgroup_name,
- g.assetclassgroup_color
- FROM
- assetclass AS a LEFT OUTER JOIN assetclassgroup AS g USING (assetclassgroup_id)
- ORDER BY
- a.assetclass_name";
+$sql = "SELECT a.assetclass_id, a.assetclass_name, g.assetclassgroup_id,
+ g.assetclassgroup_name, g.assetclassgroup_color
+ FROM assetclass AS a LEFT OUTER JOIN assetclassgroup AS g USING (assetclassgroup_id)
+ ORDER BY a.assetclass_name";
+$sth = $dbh->query($sql);
+$smarty->assign("assetclasses", $sth->fetchAll(PDO::FETCH_ASSOC));
-$assetclasses = $db->db_select($query);
-
-$smarty->assign("assetclasses", $assetclasses);
$smarty->display("assetclass.tpl");
include("footer.php");
diff --git a/assetclassdel.php b/assetclassdel.php
index 8c17b89..917951c 100644
--- a/assetclassdel.php
+++ b/assetclassdel.php
@@ -13,18 +13,13 @@ $assetclass_id = sanitize($_GET['assetclass_id']);
include("header.php");
-$query = "SELECT
- assetclass_id,
- assetclass_name
- FROM
- assetclass
- WHERE
- assetclass_id=" . $assetclass_id;
-
-$assetclass = $db->db_select($query);
-
-$smarty->assign("assetclass_id", $assetclass[0]['assetclass_id']);
-$smarty->assign("assetclass_name", $assetclass[0]['assetclass_name']);
+$sql = "SELECT assetclass_id, assetclass_name
+ FROM assetclass
+ WHERE assetclass_id=?";
+
+$sth = $dbh->prepare($sql);
+$sth->execute([$assetclass_id]);
+$smarty->assign("assetclass", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("assetclassdel.tpl");
diff --git a/assetclassedit.php b/assetclassedit.php
index d0ac629..863437c 100644
--- a/assetclassedit.php
+++ b/assetclassedit.php
@@ -12,22 +12,16 @@ include("includes.php");
$assetclass_id = sanitize($_GET['assetclass_id']);
include("header.php");
-$query = "SELECT
- assetclass_id,
- assetclass_name,
- assetclassgroup_id
- FROM
- assetclass
- WHERE
- assetclass_id=" . $assetclass_id;
+$sql = "SELECT assetclass_id AS id, assetclass_name AS name,
+ assetclassgroup_id AS group_id
+ FROM assetclass
+ WHERE assetclass_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$assetclass_id]);
-$assetclass = $db->db_select($query);
+$smarty->assign("assetclass", $sth->fetch(PDO::FETCH_OBJ));
-$smarty->assign("assetclass_id", $assetclass[0]['assetclass_id']);
-$smarty->assign("assetclass_name", $assetclass[0]['assetclass_name']);
-$smarty->assign("assetclassgroup_id", $assetclass[0]['assetclassgroup_id']);
-
-$smarty->assign("assetclassgroup_options", $db->options_assetclassgroup());
+$smarty->assign("assetclassgroup_options", db_get_options_assetclass());
$smarty->display("assetclassedit.tpl");
diff --git a/assetclassgroup.php b/assetclassgroup.php
index a77e26c..622056a 100644
--- a/assetclassgroup.php
+++ b/assetclassgroup.php
@@ -8,21 +8,14 @@ SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
-
include("header.php");
-$query = "SELECT
- assetclassgroup_id,
- assetclassgroup_name,
- assetclassgroup_color
-FROM
- assetclassgroup
-ORDER BY
- assetclassgroup_name";
-
-$assetclassgroups = $db->db_select($query);
+$sql = "SELECT assetclassgroup_id, assetclassgroup_name, assetclassgroup_color
+ FROM assetclassgroup
+ ORDER BY assetclassgroup_name";
+$sth = $dbh->query($sql);
+$smarty->assign('assetclassgroups', $sth->fetchAll(PDO::FETCH_ASSOC));
-$smarty->assign("assetclassgroups", $assetclassgroups);
$smarty->display("assetclassgroup.tpl");
include("footer.php");
diff --git a/assetclassgroupdel.php b/assetclassgroupdel.php
index dd34439..e8efe19 100644
--- a/assetclassgroupdel.php
+++ b/assetclassgroupdel.php
@@ -13,20 +13,12 @@ $assetclassgroup_id = sanitize($_GET['assetclassgroup_id']);
include("header.php");
-$smarty->assign($lang);
-
-$query = "SELECT
- assetclassgroup_id,
- assetclassgroup_name
- FROM
- assetclassgroup
- WHERE
- assetclassgroup_id=" . $assetclassgroup_id;
-
-$assetclassgroup = $db->db_select($query);
-
-$smarty->assign("assetclassgroup_id", $assetclassgroup[0]['assetclassgroup_id']);
-$smarty->assign("assetclassgroup_name", $assetclassgroup[0]['assetclassgroup_name']);
+$sql = "SELECT assetclassgroup_id AS id, assetclassgroup_name AS name
+ FROM assetclassgroup
+ WHERE assetclassgroup_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$assetclassgroup_id]);
+$smarty->assign("assetclassgroup", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("assetclassgroupdel.tpl");
diff --git a/assetclassgroupedit.php b/assetclassgroupedit.php
index cac83b4..fb1a3f0 100644
--- a/assetclassgroupedit.php
+++ b/assetclassgroupedit.php
@@ -14,22 +14,14 @@ $assetclassgroup_id = sanitize($_GET['assetclassgroup_id']);
$smarty->assign("scripts", 'jscolor.js');
include("header.php");
-$smarty->assign($lang);
-
-$query = "SELECT
- assetclassgroup_id,
- assetclassgroup_name,
- assetclassgroup_color
- FROM
- assetclassgroup
- WHERE
- assetclassgroup_id=" . $assetclassgroup_id;
-
-$assetclassgroup = $db->db_select($query);
-
-$smarty->assign("assetclassgroup_id", $assetclassgroup[0]['assetclassgroup_id']);
-$smarty->assign("assetclassgroup_name", $assetclassgroup[0]['assetclassgroup_name']);
-$smarty->assign("assetclassgroup_color", $assetclassgroup[0]['assetclassgroup_color']);
+$sql = "SELECT assetclassgroup_id AS id, assetclassgroup_name AS name,
+ assetclassgroup_color AS color
+ FROM assetclassgroup
+ WHERE assetclassgroup_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$assetclassgroup_id]);
+
+$smarty->assign("assetclassgroup", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("assetclassgroupedit.tpl");
diff --git a/assetclassgroupview.php b/assetclassgroupview.php
index 50eb233..1d36dd9 100644
--- a/assetclassgroupview.php
+++ b/assetclassgroupview.php
@@ -13,33 +13,22 @@ $assetclassgroup_id = sanitize($_GET['assetclassgroup_id']);
include("header.php");
-$query = "SELECT
- assetclassgroup_id,
- assetclassgroup_name,
- assetclassgroup_color
- FROM
- assetclassgroup
- WHERE
- assetclassgroup_id=" . $assetclassgroup_id;
-
-$assetclassgroup = $db->db_select($query);
-
-$smarty->assign("assetclassgroup_id", $assetclassgroup[0]['assetclassgroup_id']);
-$smarty->assign("assetclassgroup_name", $assetclassgroup[0]['assetclassgroup_name']);
-$smarty->assign("assetclassgroup_color", $assetclassgroup[0]['assetclassgroup_color']);
-
-$query = "SELECT
- assetclass_id,
- assetclass_name
- FROM
- assetclass
- WHERE
- assetclassgroup_id=" . $assetclassgroup_id . "
- ORDER BY
- assetclass_name";
-
-$assetclasses = $db->db_select($query);
-$smarty->assign("assetclasses", $assetclasses);
+$sql = "SELECT assetclassgroup_id AS id,
+ assetclassgroup_name AS name,
+ assetclassgroup_color AS color
+ FROM assetclassgroup
+ WHERE assetclassgroup_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$assetclassgroup_id]);
+$smarty->assign("assetclassgroup", $sth->fetch(PDO::FETCH_OBJ));
+
+$sql = "SELECT assetclass_id, assetclass_name
+ FROM assetclass
+ WHERE assetclassgroup_id=?
+ ORDER BY assetclass_name";
+$sth = $dbh->prepare($sql);
+$sth->execute([$assetclassgroup_id]);
+$smarty->assign("assetclasses", $sth->fetchAll(PDO::FETCH_ASSOC));
$smarty->display("assetclassgroupview.tpl");
diff --git a/assetclassview.php b/assetclassview.php
index 861d0fd..9f359d2 100644
--- a/assetclassview.php
+++ b/assetclassview.php
@@ -13,37 +13,22 @@ $assetclass_id = sanitize($_GET['assetclass_id']);
include("header.php");
- $query = "SELECT
- a.assetclass_id, a.assetclass_name,
- g.assetclassgroup_id, g.assetclassgroup_name, g.assetclassgroup_color
- FROM
- assetclass AS a LEFT OUTER JOIN assetclassgroup AS g USING (assetclassgroup_id)
- WHERE
- a.assetclass_id=" . $assetclass_id;
-
-$assetclass = $db->db_select($query);
-
-$smarty->assign("assetclass_id", $assetclass[0]['assetclass_id']);
-$smarty->assign("assetclass_name", $assetclass[0]['assetclass_name']);
-$smarty->assign("assetclass_selected", "");
-
-$smarty->assign("assetclassgroup_id", $assetclass[0]['assetclassgroup_id']);
-$smarty->assign("assetclassgroup_name", $assetclass[0]['assetclassgroup_name']);
-$smarty->assign("assetclassgroup_color", $assetclass[0]['assetclassgroup_color']);
-
-$query = "SELECT
- asset_id,
- asset_name,
- CONCAT(LEFT(asset_info, 80), IF(CHAR_LENGTH(asset_info)>80,'...','')) AS asset_info
- FROM
- asset
- WHERE
- assetclass_id='" . $assetclass_id . "'
- ORDER BY
- asset_name";
-
-$assets = $db->db_select($query);
-$smarty->assign("assets", $assets);
+$sql = "SELECT a.assetclass_id, a.assetclass_name, g.assetclassgroup_id,
+ g.assetclassgroup_name, g.assetclassgroup_color
+ FROM assetclass AS a LEFT OUTER JOIN assetclassgroup AS g USING (assetclassgroup_id)
+ WHERE a.assetclass_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$assetclass_id]);
+$smarty->assign("assetclass", $sth->fetch(PDO::FETCH_OBJ));
+
+$sql = "SELECT asset_id, asset_name,
+ CONCAT(LEFT(asset_info, 80), IF(CHAR_LENGTH(asset_info)>80,'...','')) AS asset_info
+ FROM asset
+ WHERE assetclass_id=?
+ ORDER BY asset_name";
+$sth = $dbh->prepare($sql);
+$sth->execute([$assetclass_id]);
+$smarty->assign("assets", $sth->fetchAll(PDO::FETCH_ASSOC));
$smarty->display("assetclassview.tpl");
diff --git a/assetdel.php b/assetdel.php
index 4e99ff4..4b63a10 100644
--- a/assetdel.php
+++ b/assetdel.php
@@ -12,31 +12,18 @@ include("includes.php");
$asset_id = sanitize($_GET['asset_id']);
include("header.php");
-
-$query = "SELECT
- asset_name
- FROM
- asset
- WHERE
- asset_id=" . $asset_id;
-
-$asset = $db->db_select($query);
+// asset to delete
+$sth = $dbh->prepare("SELECT asset_name FROM asset WHERE asset_id=?");
+$sth->execute([$asset_id]);
$smarty->assign("asset_id", $asset_id);
-$smarty->assign("asset_name", $asset[0]['asset_name']);
-
-$query = "SELECT
- node_id,
- node_ip
- FROM
- node
- WHERE
- asset_id=" . $asset_id . "
- ORDER BY
- INET_ATON(node_ip)";
-
-$nodes = $db->db_select($query);
-$smarty->assign("nodes", $nodes);
+$smarty->assign("asset_name", $sth->fetchColumn());
+
+// nodes to delete
+$sql = "SELECT node_id, node_ip FROM node WHERE asset_id=? ORDER BY INET_ATON(node_ip)";
+$sth = $dbh->prepare($sql);
+$sth->execute([$asset_id]);
+$smarty->assign("nodes", $sth->fetchAll(PDO::FETCH_ASSOC));
$smarty->display("assetdel.tpl");
diff --git a/assetedit.php b/assetedit.php
index 307ce62..6119fbc 100644
--- a/assetedit.php
+++ b/assetedit.php
@@ -13,21 +13,14 @@ $asset_id = sanitize($_GET['asset_id']);
include("header.php");
-$query = "SELECT
- asset_id,
- asset_name,
- asset_hostname,
- asset_info,
- assetclass_id
- FROM
- asset
- WHERE
- asset_id=" . $asset_id;
+$sql = "SELECT asset_id, asset_name, asset_hostname, asset_info, assetclass_id
+ FROM asset
+ WHERE asset_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$asset_id]);
+$smarty->assign("asset", $sth->fetch(PDO::FETCH_OBJ));
-$asset = $db->db_select($query);
-$smarty->assign("asset", $asset[0]);
-
-$smarty->assign("assetclass_options", $db->options_assetclass());
+$smarty->assign("assetclass_options", db_get_options_assetclass());
$smarty->display("assetedit.tpl");
diff --git a/assetview.php b/assetview.php
index 10554a8..2c4a974 100644
--- a/assetview.php
+++ b/assetview.php
@@ -13,40 +13,22 @@ $asset_id = sanitize($_GET['asset_id']);
include("header.php");
-$query = "SELECT
- a.asset_name,
- a.asset_hostname,
- a.asset_info,
- c.assetclass_id,
- c.assetclass_name
- FROM
- asset AS a LEFT OUTER JOIN assetclass AS c USING (assetclass_id)
- WHERE
- a.asset_id=" . $asset_id;
-
-$asset = $db->db_select($query);
-
-$smarty->assign("asset_id", $asset_id);
-$smarty->assign("asset_name", $asset[0]['asset_name']);
-$smarty->assign("asset_hostname", $asset[0]['asset_hostname']);
-$smarty->assign("asset_info", nl2br($asset[0]['asset_info']));
-
-$smarty->assign("assetclass_id", $asset[0]['assetclass_id']);
-$smarty->assign("assetclass_name", $asset[0]['assetclass_name']);
-
-$query = "SELECT
- node_id,
- node_ip,
- LEFT(node_info, 40) as node_info
- FROM
- node
- WHERE
- asset_id=" . $asset_id . "
- ORDER BY
- INET_ATON(node_ip)";
-
-$nodes = $db->db_select($query);
-$smarty->assign("nodes", $nodes);
+$sql = "SELECT a.asset_id, a.asset_name, a.asset_hostname, a.asset_info,
+ c.assetclass_id, c.assetclass_name
+ FROM asset AS a LEFT OUTER JOIN assetclass AS c USING (assetclass_id)
+ WHERE a.asset_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$asset_id]);
+$asset = $sth->fetch(PDO::FETCH_OBJ);
+$smarty->assign("asset", $asset);
+
+$sql = "SELECT node_id, node_ip, LEFT(node_info, 40) as node_info
+ FROM node
+ WHERE asset_id=?
+ ORDER BY INET_ATON(node_ip)";
+$sth = $dbh->prepare($sql);
+$sth->execute([$asset_id]);
+$smarty->assign("nodes", $sth->fetchAll(PDO::FETCH_ASSOC));
$smarty->display("assetview.tpl");
diff --git a/assigniptonode.php b/assigniptonode.php
index 4d333a3..89de0d4 100644
--- a/assigniptonode.php
+++ b/assigniptonode.php
@@ -14,19 +14,13 @@ $subnet_id = sanitize($_GET['subnet_id']);
include("header.php");
-$query = "SELECT
- subnet_address,
- subnet_mask
- FROM
- subnet
- WHERE
- subnet_id=" . $subnet_id;
-
-$subnet = $db->db_select($query);
-
-$smarty->assign("subnet_id", $subnet_id);
-$smarty->assign("subnet_address", $subnet[0]['subnet_address']);
-$smarty->assign("subnet_mask", $subnet[0]['subnet_mask']);
+$sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
+ FROM subnet
+ WHERE subnet_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$subnet_id]);
+
+$smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
$smarty->assign("node_ip", $node_ip);
$smarty->display("assigniptonode.tpl");
diff --git a/assignnodetoasset.php b/assignnodetoasset.php
index 337210d..035b43a 100644
--- a/assignnodetoasset.php
+++ b/assignnodetoasset.php
@@ -17,31 +17,10 @@ include("header.php");
$smarty->assign("node_ip", $node_ip);
$smarty->assign("asset_id", $asset_id);
+$smarty->assign("subnet_id", $subnet_id);
-$query = "SELECT
- asset_id,
- asset_name
- FROM
- asset
- ORDER BY
- asset_name";
-
-$assets = $db->db_select($query);
-foreach ($assets as $asset) {
- $asset_options[$asset['asset_id']] = $asset['asset_name'];
-}
-$smarty->assign("asset_options", $asset_options);
-
-$query = "SELECT subnet_id,
- CONCAT_WS('/', subnet_address, subnet_mask) AS subnet_name
- FROM subnet
- ORDER BY INET_ATON(subnet_address)";
-
-$subnets = $db->db_select($query);
-foreach ($subnets as $subnet) {
- $subnet_options[$subnet['subnet_id']] = $subnet['subnet_name'];
-}
-$smarty->assign("subnet_options", $subnet_options);
+$smarty->assign("asset_options", db_get_options_asset());
+$smarty->assign("subnet_options", db_get_options_subnet());
$smarty->display("assignnodetoasset.tpl");
diff --git a/dbconnect.php b/dbconnect.php
index c81d5c9..85e91e1 100644
--- a/dbconnect.php
+++ b/dbconnect.php
@@ -7,7 +7,8 @@ Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
-$dblink = mysqli_connect($config_mysql_host,$config_mysql_username,$config_mysql_password);
-mysqli_select_db($dblink, $config_mysql_dbname);
+$dbh = new PDO("mysql:host=$config_mysql_host;dbname=$config_mysql_dbname;charset=utf8", $config_mysql_username, $config_mysql_password);
+$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+$dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
?>
diff --git a/index.php b/index.php
index 4e56d7c..2495d89 100644
--- a/index.php
+++ b/index.php
@@ -11,57 +11,31 @@ include("includes.php");
include("header.php");
-// asset
-$query = "SELECT
- COUNT(asset_id) AS asset_counter
- FROM
- asset";
+// Statistics
-$assets = $db->db_select($query);
-$smarty->assign("asset_counter", $assets[0]['asset_counter']);
+// asset
+$sth = $dbh->query("SELECT COUNT(asset_id) AS asset_counter FROM asset");
+$smarty->assign("asset_counter", $sth->fetchColumn());
// location
-$query = "SELECT
- COUNT(location_id) AS location_counter
- FROM
- location";
-
-$locations = $db->db_select($query);
-$smarty->assign("location_counter", $locations[0]['location_counter']);
+$sth = $dbh->query("SELECT COUNT(location_id) AS location_counter FROM location");
+$smarty->assign("location_counter", $sth->fetchColumn());
// node
-$query = "SELECT
- COUNT(node_id) AS node_counter
- FROM
- node";
-
-$nodes = $db->db_select($query);
-$smarty->assign("node_counter", $nodes[0]['node_counter']);
+$sth = $dbh->query("SELECT COUNT(node_id) AS node_counter FROM node");
+$smarty->assign("node_counter", $sth->fetchColumn());
// subnet
-$query = "SELECT
- COUNT(subnet_id) AS subnet_counter
- FROM
- subnet";
-$subnets = $db->db_select($query);
-$smarty->assign("subnet_counter", $subnets[0]['subnet_counter']);
+$sth = $dbh->query("SELECT COUNT(subnet_id) AS subnet_counter FROM subnet");
+$smarty->assign("subnet_counter", $sth->fetchColumn());
// vlan
-$query = "SELECT
- COUNT(vlan_id) AS vlan_counter
- FROM
- vlan";
-
-$vlans = $db->db_select($query);
-$smarty->assign("vlan_counter", $vlans[0]['vlan_counter']);
+$sth = $dbh->query("SELECT COUNT(vlan_id) AS vlan_counter FROM vlan");
+$smarty->assign("vlan_counter", $sth->fetchColumn());
// zone
-$query = "SELECT
- COUNT(zone_id) AS zone_counter
- FROM
- zone";
-$zones = $db->db_select($query);
-$smarty->assign("zone_counter", $zones[0]['zone_counter']);
+$sth = $dbh->query("SELECT COUNT(zone_id) AS zone_counter FROM zone");
+$smarty->assign("zone_counter", $sth->fetchColumn());
$smarty->display("index.tpl");
diff --git a/lang/en.php b/lang/en.php
index fb11d81..6047dd6 100644
--- a/lang/en.php
+++ b/lang/en.php
@@ -62,7 +62,7 @@ $lang = array(
'lang_assetclassgroup_add' => 'Add assetclassgroup',
'lang_assetclassgroup_del' => 'Delete assetclassgroup',
'lang_assetclassgroup_edit' => 'Modify assetclassgroup',
- 'lang_assetclassgroup_name' => 'Assetclass Groupname',
+ 'lang_assetclassgroup_name' => 'Assetclassgroup Name',
'lang_assetclassgroup_none' => 'There are no assetclassegroups defined',
'lang_assignnodetoasset' => 'Assign node to asset',
diff --git a/lib.php b/lib.php
index c18e020..49a3f72 100644
--- a/lib.php
+++ b/lib.php
@@ -15,11 +15,11 @@ $config_lang = array('de', 'en');
include("lib/functions.php");
-require("lib/db.class.php");
-$db = new Db($dblink);
+//require("lib/db.class.php");
+//$db = new Db($dblink);
-require("lib/user.class.php");
-$user = new User();
+//require("lib/user.class.php");
+// $user = new User();
require_once('smarty3/Smarty.class.php');
$smarty = new Smarty();
@@ -29,4 +29,69 @@ $smarty->registerPlugin('function', 'treelist', 'print_tree');
$smarty->assign("suser_tooltips", $_SESSION['suser_tooltips'] ?? 'off');
+// ========== DATABASE FUCTIONS ===============================================
+
+function db_get_options_asset() {
+ global $dbh;
+ $sql = "SELECT asset_id, asset_name FROM asset ORDER BY asset_name";
+ $sth = $dbh->query($sql);
+ foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
+ $options[$rec[0]] = $rec[1];
+ }
+ return $options;
+}
+
+function db_get_options_assetclass() {
+ global $dbh;
+ $sql = "SELECT assetclass_id, assetclass_name FROM assetclass ORDER BY assetclass_name";
+ $sth = $dbh->query($sql);
+ foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
+ $options[$rec[0]] = $rec[1];
+ }
+ return $options;
+}
+
+function db_get_options_assetclassgroup() {
+ global $dbh;
+ $sql = "SELECT assetclassgroup_id, assetclassgroup_name FROM assetclassgroup ORDER BY assetclassgroup_name";
+ $sth = $dbh->query($sql);
+ foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
+ $options[$rec[0]] = $rec[1];
+ }
+ return $options;
+}
+
+function db_get_options_location() {
+ global $dbh;
+ $sql = "SELECT location_id, location_name FROM location ORDER BY location_name";
+ $sth = $dbh->query($sql);
+ foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
+ $options[$rec[0]] = $rec[1];
+ }
+ return $options;
+}
+
+function db_get_options_subnet() {
+ global $dbh;
+ $sql = "SELECT subnet_id,
+ CONCAT_WS('/', subnet_address, subnet_mask) AS subnet_name
+ FROM subnet
+ ORDER BY INET_ATON(subnet_address)";
+ $sth = $dbh->query($sql);
+ foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
+ $options[$rec[0]] = $rec[1];
+ }
+ return $options;
+}
+
+function db_get_options_vlan() {
+ global $dbh;
+ $sql = "SELECT vlan_id, vlan_name FROM vlan ORDER BY vlan_name";
+ $sth = $dbh->query($sql);
+ foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
+ $options[$rec[0]] = $rec[1];
+ }
+ return $options;
+}
+
?>
diff --git a/lib/functions.php b/lib/functions.php
index dbb09b8..88a5e35 100644
--- a/lib/functions.php
+++ b/lib/functions.php
@@ -74,9 +74,6 @@ function sanitize($input) {
// convert special chars
$input = htmlentities($input,ENT_QUOTES,'UTF-8');
- // make sql ready
- $input = mysqli_real_escape_string($dblink, $input);
-
// and return
return $input;
}
diff --git a/location.php b/location.php
index 5506bd4..660c4f9 100644
--- a/location.php
+++ b/location.php
@@ -11,15 +11,11 @@ include("includes.php");
include("header.php");
-$query = "SELECT
- location_id AS id,
- location_name AS value,
- location_parent AS parent_id
-FROM
- location
-ORDER BY location_parent, location_sort, location_name";
-
-$locations = $db->db_select($query);
+$sql = "SELECT location_id AS id, location_name AS value, location_parent AS parent_id
+ FROM location
+ ORDER BY location_parent, location_sort, location_name";
+$sth = $dbh->query($sql);
+$locations = $sth->fetchAll();
// function for recursion
function build_tree($parent_id, $level) {
diff --git a/locationadd.php b/locationadd.php
index 4c75102..fedb3bb 100644
--- a/locationadd.php
+++ b/locationadd.php
@@ -16,18 +16,16 @@ include("header.php");
// *************
-$query = "SELECT location_id, location_name, location_parent, location_sort
- FROM location
- ORDER BY location_parent, location_sort, location_name";
+$sql = "SELECT location_id AS id, location_name, location_parent, location_sort
+ FROM location
+ ORDER BY location_parent, location_sort, location_name";
+$sth = $dbh->query($sql);
+$locations = $sth->fetchAll();
-$locations = $db->db_select($query);
-
$location_counter = count($locations);
-if ($location_counter>0) {
- // get objects
+if ($location_counter > 0) {
foreach ($locations AS $location) {
- // create arrays
$location_names[$location['location_id']] = $location['location_name'];
$parents[$location['location_parent']][] = $location['location_id'];
}
@@ -36,7 +34,6 @@ if ($location_counter>0) {
// look for parents
// function to look for parents and create a new array for every child
function location($parents, $parent = 0) {
- // loop array to check
foreach ($parents[$parent] as $child) {
if (isset($parents[$child])) {
// element has children
@@ -47,7 +44,6 @@ function location($parents, $parent = 0) {
}
}
- // and again...
return $children;
}
diff --git a/locationdel.php b/locationdel.php
index 91ef975..d1424fe 100644
--- a/locationdel.php
+++ b/locationdel.php
@@ -13,17 +13,10 @@ $location_id = sanitize($_GET['location_id']);
include("header.php");
-$query = "SELECT
- location_name
-FROM
- location
-WHERE
- location_id=" . $location_id;
-
-$location = $db->db_select($query);
-
-$smarty->assign("location_id", $location_id);
-$smarty->assign("location_name", $location[0]['location_name']);
+$sql = "SELECT location_name FROM location WHERE location_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$location_id]);
+$smarty->assign("location", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("locationdel.tpl");
diff --git a/locationedit.php b/locationedit.php
index 6ecfb34..9e07778 100644
--- a/locationedit.php
+++ b/locationedit.php
@@ -14,39 +14,33 @@ $location_id = sanitize($_GET['location_id']);
include("header.php");
// location
-$query = "SELECT
- location_name,
- location_parent,
- location_info,
- location_sort
-FROM
- location
-WHERE
- location_id=" . $location_id;
+$sql = "SELECT location_name AS name, location_parent AS parent,
+ location_info AS info, location_sort AS sort
+ FROM location
+ WHERE location_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$location_id]);
+$location = $sth->fetch(PDO::FETCH_OBJ);
-$location = $db->db_select($query);
-
-$location_parent = $location[0]['location_parent'];
-
-$smarty->assign("location_id", $location_id);
+$location_parent = $location->parent;
+
+$smarty->assign("location", $location);
+
+/*$smarty->assign("location_id", $location_id);
$smarty->assign("location_name", $location[0]['location_name']);
$smarty->assign("location_info", $location[0]['location_info']);
-$smarty->assign("location_sort", $location[0]['location_sort']);
+$smarty->assign("location_sort", $location[0]['location_sort']); */
// parent location
-$query = "SELECT
- location_id,
- location_name,
- location_parent
-FROM
- location
-WHERE
- location_id != " . $location_id . "
-ORDER BY
- location_name";
-
-$locations = $db->db_select($query);
-
+$sql = "SELECT location_id, location_name, location_parent
+ FROM location
+ WHERE location_id != ?
+ ORDER BY location_name";
+$sth = $dbh->prepare($sql);
+$sth->execute([$location_id]);
+
+$locations = $sth->fetchAll();
+
$location_counter = count($locations);
$smarty->assign("location_counter", $location_counter);
diff --git a/locationsubnetadd.php b/locationsubnetadd.php
index 1f11e63..78926b6 100644
--- a/locationsubnetadd.php
+++ b/locationsubnetadd.php
@@ -13,18 +13,15 @@ $location_id = sanitize($_GET['location_id']);
include("header.php");
-$query = "SELECT
- location_name
- FROM
- location
- WHERE
- location_id=" . $location_id;
+$sql = "SELECT location_id AS id, location_name AS name
+ FROM location
+ WHERE location_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$location_id]);
+$smarty->assign("location", $sth->fetch(PDO::FETCH_OBJ));
-$location = $db->db_select($query);
-
-$smarty->assign("location_id", $location_id);
-$smarty->assign("location_name", $location[0]['location_name']);
$smarty->assign("subnet_options", $db->options_subnet());
+
$smarty->display("locationsubnetadd.tpl");
include("footer.php");
diff --git a/locationsubnetdel.php b/locationsubnetdel.php
index b5f4e8e..4d7eb02 100644
--- a/locationsubnetdel.php
+++ b/locationsubnetdel.php
@@ -14,32 +14,29 @@ $location_id = sanitize($_GET['location_id']);
include("header.php");
// location
-$query = "SELECT
- location_name
-FROM
- location
-WHERE
- location_id=" . $location_id;
-
-$location = $db->db_select($query);
-
-$smarty->assign("location_id", $location_id);
-$smarty->assign("location_name", $location[0]['location_name']);
+$sql = "SELECT location_id AS id, location_name AS name
+ FROM location
+ WHERE location_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$location_id]);
+$smarty->assign("location", $sth->fetch(PDO::FETCH_OBJ));
+
// subnet
-$query = "SELECT
+$sql = "SELECT
s.subnet_id,
s.subnet_address,
s.subnet_mask
FROM
subnetlocation AS l LEFT JOIN subnet AS s USING (subnet_id)
WHERE
- l.location_id=" . $location_id . "
+ l.location_id=?
ORDER BY
INET_ATON(s.subnet_address)";
+$sth = $dbh->prepare($sql);
+$sth->execute([$location_id]);
-$subnets = $db->db_select($query);
-$smarty->assign($subnets);
+$smarty->assign($sth->fetchAll());
$smarty->display("locationsubnetdel.tpl");
diff --git a/locationsubnetedit.php b/locationsubnetedit.php
index 905a0d0..5f15175 100644
--- a/locationsubnetedit.php
+++ b/locationsubnetedit.php
@@ -12,18 +12,13 @@ include("includes.php");
$location_id = sanitize($_GET['location_id']);
include("header.php");
-// location
-$query = "SELECT
- location_name
- FROM
- location
- WHERE
- location_id=" . $location_id;
-$location = $db->db_select($query);
-
-$smarty->assign("location_id", $location_id);
-$smarty->assign("location_name", $location[0]['location_name']);
+$sql = "SELECT location_id AS id, location_name AS name
+ FROM location
+ WHERE location_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$zone_id]);
+$smarty->assign("location", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("locationsubnetedit.tpl");
diff --git a/locationview.php b/locationview.php
index 95ccf78..3916ecc 100644
--- a/locationview.php
+++ b/locationview.php
@@ -15,64 +15,53 @@ include("header.php");
// locationcrumb
+$sql = "SELECT location_id AS id, location_name AS name,
+ location_parent AS parent_id, location_info AS info,
+ CONCAT('locationview.php?location_id=', location_id) AS url
+ FROM location
+ WHERE location_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$location_id]);
+$location = $sth->fetch(PDO::FETCH_OBJ);
-$query = "SELECT location_id AS id,
- location_name AS name,
- location_parent AS parent_id,
- location_info
- FROM location
- WHERE location_id=" . $location_id;
-$location = $db->db_select($query);
-$location[0]['url'] = 'locationview.php?location_id=' . $location[0]['id'];
-$crumbs[] = $location[0];
+$crumbs[] = $location;
$level = 1;
-while ($crumbs[0]['parent_id'] != 0) {
- $query = "SELECT location_id AS id,
- location_name AS name,
- location_parent AS parent_id
+$sql = "SELECT location_id AS id, location_name AS name,
+ location_parent AS parent_id,
+ CONCAT('locationview.php?location_id=', location_id) AS url
FROM location
- WHERE location_id=" . $crumbs[0]['parent_id'];
- $result = $db->db_select($query);
- $result[0]['url'] = 'locationview.php?location_id=' . $result[0]['id'];
- array_unshift($crumbs, $result[0]);
+ WHERE location_id=?";
+$sth = $dbh->prepare($sql);
+while ($crumbs[0]->parent_id != 0) {
+ $sth->execute([$crumbs[0]->parent_id]);
+ $result = $sth->fetch(PDO::FETCH_OBJ);
+ array_unshift($crumbs, $result);
$level++;
}
-$smarty->assign("location_id", $location_id);
-$smarty->assign("location_info", nl2br($location[0]['location_info']));
+$smarty->assign("location_id", $location->id);
+$smarty->assign("location_info", nl2br($location->info));
$smarty->assign("crumbs", $crumbs);
-
// sublocations
-$query = "SELECT
- location_id AS sublocation_id,
- location_name AS sublocation_name,
- LEFT(location_info, 40) AS info_short,
- CHAR_LENGTH(location_info) AS info_length
- FROM
- location
- WHERE
- location_parent=" . $location_id . "
- ORDER BY
- location_name";
-
-$sublocations = $db->db_select($query);
-$smarty->assign("sublocations", $sublocations);
+$sql = "SELECT location_id AS sublocation_id, location_name AS sublocation_name,
+ LEFT(location_info, 40) AS info_short,
+ CHAR_LENGTH(location_info) AS info_length
+ FROM location
+ WHERE location_parent=?
+ ORDER BY location_name";
+$sth = $dbh->prepare($sql);
+$sth->execute([$location_id]);
+$smarty->assign("sublocations", $sth->fetchAll());
// subnets
-$query = "SELECT
- s.subnet_id,
- s.subnet_address,
- s.subnet_mask
- FROM
- subnet AS s LEFT JOIN subnetlocation USING (subnet_id)
- WHERE
- subnetlocation.location_id=" . $location_id . "
- ORDER BY
- INET_ATON(s.subnet_address)";
-
-$subnets = $db->db_select($query);
-$smarty->assign("subnets", $subnets);
+$sql = "SELECT s.subnet_id, s.subnet_address, s.subnet_mask
+ FROM subnet AS s LEFT JOIN subnetlocation AS l USING (subnet_id)
+ WHERE l.location_id=?
+ ORDER BY INET_ATON(s.subnet_address)";
+$sth = $dbh->prepare($sql);
+$sth->execute([$location_id]);
+$smarty->assign("subnets", $sth->fetchAll());
$smarty->display("locationview.tpl");
diff --git a/login.php b/login.php
index b355d10..a8dd921 100644
--- a/login.php
+++ b/login.php
@@ -12,35 +12,86 @@ session_start();
include("config.php");
include("dbconnect.php");
-
include("lib.php");
-
-// include language file
+
+function user_login($user_name, $user_pass) {
+ global $dbh;
+
+ if (strlen($user_name) < 1) {
+ return FALSE;
+ }
+
+ if (strlen($user_pass) < 1) {
+ return FALSE;
+ }
+
+ $sql = "SELECT user_id, user_pass, user_displayname, user_language,
+ user_imagesize, user_imagecount, user_mac, user_dateformat,
+ user_dns1suffix, user_dns2suffix, user_menu_assets,
+ user_menu_assetclasses, user_menu_assetclassgroups,
+ user_menu_locations, user_menu_nodes, user_menu_subnets,
+ user_menu_users, user_menu_vlans, user_menu_zones,
+ user_tooltips
+ FROM user
+ WHERE user_name=?";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$user_name]);
+
+ if (!$user = $sth->fetch(PDO::FETCH_OBJ)) {
+ // no user record found
+ return FALSE;
+ }
+
+ // TODO use secure algo with salt!
+ if (strcmp(md5($user_pass), $user->user_pass) != 0) {
+ // password does not match
+ return FALSE;
+ }
+
+ // all ok: user is logged in, register session data
+ $_SESSION['suser_id'] = $user->user_id;
+ $_SESSION['suser_displayname'] = $user->user_displayname;
+ $_SESSION['suser_language'] = $user->user_language;
+ $_SESSION['suser_imagesize'] = $user->user_imagesize;
+ $_SESSION['suser_imagecount'] = $user->user_imagecount;
+ $_SESSION['suser_mac'] = $user->user_mac;
+ $_SESSION['suser_dateformat'] = $user->user_dateformat;
+ $_SESSION['suser_dns1suffix'] = $user->user_dns1suffix;
+ $_SESSION['suser_dns2suffix'] = $user->user_dns2suffix;
+ $_SESSION['suser_menu_assets'] = $user->user_menu_assets;
+ $_SESSION['suser_menu_assetclasses'] = $user->user_menu_assetclasses;
+ $_SESSION['suser_menu_assetclassgroups'] = $user->user_menu_assetclassgroups;
+ $_SESSION['suser_menu_locations'] = $user->user_menu_locations;
+ $_SESSION['suser_menu_nodes'] = $user->user_menu_nodes;
+ $_SESSION['suser_menu_subnets'] = $user->user_menu_subnets;
+ $_SESSION['suser_menu_users'] = $user->user_menu_users;
+ $_SESSION['suser_menu_vlans'] = $user->user_menu_vlans;
+ $_SESSION['suser_menu_zones'] = $user->user_menu_zones;
+ $_SESSION['suser_tooltips'] = $user->user_tooltips;
+
+ return TRUE;
+}
+
+// No header included, this page has no menu
+
$language = lang_getfrombrowser($config_lang, $config_lang_default, null, false);
include('lang/' . $language . '.php');
-// check for submit
if ($_SERVER['REQUEST_METHOD']=="POST" ) {
- /// get post info
- $user_name = sanitize($_POST['user_name']);
- $user_pass = sanitize($_POST['user_pass']);
-
- // login
- $login = $user->user_login($user_name, $user_pass);
-
- if($login==TRUE) {
- // redirect
- header_location("index.php");
- } else {
- // not ok, break session
- $_SESSION = array();
- session_destroy();
- }
+
+ $user_name = sanitize($_POST['user_name']);
+ $user_pass = sanitize($_POST['user_pass']);
+
+ if (user_login($user_name, $user_pass) == TRUE) {
+ header_location("index.php");
+ } else {
+ $_SESSION = array();
+ session_destroy();
+ }
}
-
+
$smarty->assign("config_version", $config_version);
$smarty->assign($lang);
-
$smarty->display("login.tpl");
include("footer.php");
diff --git a/natadd.php b/natadd.php
index 395bcf0..02f480e 100644
--- a/natadd.php
+++ b/natadd.php
@@ -14,20 +14,19 @@ $node_id = sanitize($_GET['node_id']);
include("header.php");
// node_ext
-$query = "SELECT
- node_ip AS node_ip_ext
- FROM
- node
- WHERE
- node_id=" . $node_id;
+$sql = "SELECT node_ip AS node_ip_ext
+ FROM node
+ WHERE node_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$node_id]);
-$node = $db->db_select($query);
+$node = $sth->fetch(PDO::FETCH_OBJ);
$smarty->assign("node_id_ext", $node_id);
-$smarty->assign("node_ip_ext", $node[0]['node_ip_ext']);
+$smarty->assign("node_ip_ext", $node->node_ip_ext);
// node_int
-$query = "SELECT
+$sql = "SELECT
a.asset_name,
n.node_id AS node_id_int,
n.node_ip AS node_ip_int
@@ -40,13 +39,16 @@ $query = "SELECT
FROM
nat
WHERE
- nat_ext=" . $node_id . "
+ nat_ext=?
)
- AND n.node_id!=" . $node_id . "
+ AND n.node_id!=?
ORDER BY
INET_ATON(n.node_ip)";
+$sth = $dbh->prepare($sql);
+$sth->execute([$node_id, $node_id]);
+
+$nodes = $sth->fetchAll();
-$nodes = $db->db_select($query);
foreach ($nodes as $rec) {
$node_options[$rec['node_id_int']] = $rec['node_ip_int'] . '/' . $rec['asset_name'];
}
diff --git a/natdel.php b/natdel.php
index 94f44d8..96a8f80 100644
--- a/natdel.php
+++ b/natdel.php
@@ -14,39 +14,24 @@ $node_id = sanitize($_GET['node_id']);
include("header.php");
// node_ext
-$query = "SELECT
- node_ip AS node_ip_ext
- FROM
- node
- WHERE
- node_id=" . $node_id;
-
-$node = $db->db_select($query);
-
-$smarty->assign("node_id_ext", $node_id);
-$smarty->assign("node_ip_ext", $node[0]['node_ip_ext']);
+$sth = $dbh->prepare("SELECT node_id AS id_ext, node_ip AS ip_ext FROM node WHERE node_id=?");
+$sth->execute([$node_id]);
+$smarty->assign("node", $sth->fetch(PDO::FETCH_OBJ));
// options
-$query = "SELECT
- a.asset_name,
- n.node_ip,
- x.nat_ext
- FROM
- asset AS a,
- nat AS x,
- node AS n
- WHERE
- x.nat_ext=" . $node_id . "
- AND n.node_id=x.nat_int
- AND a.asset_id=n.asset_id
- ORDER BY
- INET_ATON(n.node_ip)";
-
-$nodes = $db->db_select($query);
+$sql = "SELECT x.nat_id, n.node_ip, a.asset_name
+ FROM nat AS x
+ LEFT JOIN node AS n ON (x.nat_int=n.node_id)
+ LEFT JOIN asset AS a USING (asset_id)
+ WHERE x.nat_ext=?
+ ORDER BY INET_ATON(n.node_ip)";
+$sth = $dbh->prepare($sql);
+$sth->execute([$node_id]);
+$nats = $sth->fetchAll();
$options = array();
-foreach ($nodes as $rec) {
- $options[$rec['nat_ext']] = $rec['node_ip'] . '/' . $rec['asset_name'];
+foreach ($nats as $rec) {
+ $options[$rec['nat_id']] = $rec['node_ip'] . '/' . $rec['asset_name'];
}
$smarty->assign("nat_options", $options);
$smarty->display("natdel.tpl");
diff --git a/natedit.php b/natedit.php
index dd4408c..63c46b6 100644
--- a/natedit.php
+++ b/natedit.php
@@ -13,18 +13,11 @@ $node_id = sanitize($_GET['node_id']);
include("header.php");
-$query = "SELECT
- node_ip
-FROM
- node
-WHERE
- node.node_id=" . $node_id;
+$sql = "SELECT node_id AS id, node_ip AS ip FROM node WHERE node.node_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$node_id]);
+$smarty->assign("node", $sth->fetch(PDO::FETCH_OBJ));
-$node = $db->db_select($query);
-
-$smarty->assign("node_id", $node_id);
-$smarty->assign("node_ip", $node[0]['node_ip']);
-
$smarty->display("natedit.tpl");
include("footer.php");
diff --git a/node.php b/node.php
index 25fc72f..a2c4313 100644
--- a/node.php
+++ b/node.php
@@ -10,31 +10,43 @@ SPDX-License-Identifier: GPL-3.0-or-later
include("includes.php");
include("header.php");
+// filter preparation
+$p = array();
+$w = array();
+
if(isset($_GET['subnet_id'])) {
$subnet_id = sanitize($_GET['subnet_id']);
- $subnet_view = "WHERE node.subnet_id=" . $subnet_id;
+ $w[] = "n.subnet_id=?";
+ $p[] = $subnet_id;
$smarty->assign("subnet_id", $subnet_id);
+
+ // get subnet details for title
+ $sql = "SELECT CONCAT_WS('/',subnet_address,subnet_mask) AS subnet
+ FROM subnet
+ WHERE subnet_id=?";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$subnet_id]);
+ $smarty->assign("subnet", $sth->fetchColumn());
+
} else {
$smarty->assign("subnet_id", '');
- $subnet_view = '';
}
-$query = "SELECT
- asset.asset_id,
- REPLACE(asset.asset_name, ' ', ' ') AS asset_name,
- asset.asset_info,
- node.node_id,
- node.node_ip
- FROM
- asset LEFT JOIN node USING (asset_id)
- " . $subnet_view . "
- GROUP BY
- node.node_id
- ORDER BY
- INET_ATON(node.node_ip)";
-
-$nodes = $db->db_select($query);
-$smarty->assign("nodes", $nodes);
+// create sql with optional filter
+$where = join(' AND ', $w);
+
+$sql = "SELECT a.asset_id, a.asset_info,
+ REPLACE(a.asset_name, ' ', ' ') AS asset_name,
+ n.node_id, n.node_ip
+ FROM asset AS a LEFT JOIN node AS n USING (asset_id)";
+if ($where) {
+ $sql .= ' WHERE ' . $where;
+}
+$sql .= "GROUP BY n.node_id ORDER BY INET_ATON(n.node_ip)";
+$sth = $dbh->prepare($sql);
+$sth->execute($p);
+$smarty->assign("nodes", $sth->fetchAll());
+
$smarty->display("node.tpl");
include("footer.php");
diff --git a/nodeadd.php b/nodeadd.php
index 31791ad..2822677 100644
--- a/nodeadd.php
+++ b/nodeadd.php
@@ -17,9 +17,10 @@ include("header.php");
$smarty->assign("user_dns1suffix", $_SESSION['suser_dns1suffix']);
$smarty->assign("user_dns2suffix", $_SESSION['suser_dns2suffix']);
$smarty->assign("node_ip", $node_ip);
+$smarty->assign("subnet_id", $subnet_id);
-$smarty->assign("subnet_options", $db->options_subnet());
-$smarty->assign("assetclass_options", $db->options_assetclass());
+$smarty->assign("subnet_options", db_get_options_subnet());
+$smarty->assign("assetclass_options", db_get_options_assetclass());
$smarty->display("nodeadd.tpl");
include("footer.php");
diff --git a/nodedel.php b/nodedel.php
index 46ce123..5a750ab 100644
--- a/nodedel.php
+++ b/nodedel.php
@@ -13,21 +13,10 @@ $node_id = sanitize($_GET['node_id']);
include("header.php");
-$query = "SELECT
- asset_id,
- node_ip
- FROM
- node
- WHERE
- node_id=" . $node_id;
-
-// run query
-$node = $db->db_select($query);
-
-// send to tpl
-$smarty->assign("node_id", $node_id);
-$smarty->assign("asset_id", $node[0]['asset_id']);
-$smarty->assign("node_ip", $node[0]['node_ip']);
+$sql = "SELECT node_id AS id, node_ip AS ip, asset_id FROM node WHERE node_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$node_id]);
+$smarty->assign("node", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("nodedel.tpl");
diff --git a/nodeedit.php b/nodeedit.php
index dd0e7f6..e0579ac 100644
--- a/nodeedit.php
+++ b/nodeedit.php
@@ -12,37 +12,15 @@ include("includes.php");
$node_id = sanitize($_GET['node_id']);
include("header.php");
-
-$query = "SELECT
- a.asset_id,
- n.node_id,
- n.node_ip,
- n.node_mac,
- n.node_dns1,
- n.node_dns2,
- n.node_info,
- s.subnet_id,
- n.zone_id
- FROM
- asset AS a,
- node AS n,
- subnet AS s
- WHERE
- a.asset_id=n.asset_id
- AND n.node_id=" . $node_id . "
- AND s.subnet_id=n.subnet_id";
-
-$node = $db->db_select($query);
-$smarty->assign("node_id", $node[0]['node_id']);
-$smarty->assign("node_ip", $node[0]['node_ip']);
-$smarty->assign("node_mac", write_mac($node[0]['node_mac']));
-$smarty->assign("node_dns1", $node[0]['node_dns1']);
-$smarty->assign("node_dns2", $node[0]['node_dns2']);
-$smarty->assign("node_info", $node[0]['node_info']);
-$smarty->assign("asset_id", $node[0]['asset_id']);
-$smarty->assign("subnet_id", $node[0]['subnet_id']);
-$smarty->assign("zone_id", $node[0]['zone_id']);
+$sql = "SELECT node_id AS id, node_ip AS ip, node_mac AS mac,
+ node_dns1 AS dns1, node_dns2 AS dns2, node_info AS info,
+ zone_id, asset_id, subnet_id
+ FROM node
+ WHERE node_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$node_id]);
+$smarty->assign("node", $sth->fetch(PDO::FETCH_OBJ));
$smarty->assign("asset_options", $db->options_asset());
$smarty->assign("subnet_options", $db->options_subnet());
diff --git a/nodeview.php b/nodeview.php
index 6c82193..62c93be 100644
--- a/nodeview.php
+++ b/nodeview.php
@@ -18,66 +18,70 @@ if (isset($_GET['node_id']) && (!empty($_GET['node_id']))) {
}
include("header.php");
+
// node
-$query = "SELECT
- asset.asset_id,
- asset.asset_name,
- node.node_id,
- node.node_ip,
- node.node_mac,
- node.node_dns1,
- node.node_dns2,
- node.node_info,
- node.node_type,
- subnet.subnet_id,
- subnet.subnet_address,
- subnet.subnet_mask,
- zone.zone_origin
- FROM
- node
- JOIN asset USING (asset_id)
- JOIN subnet USING (subnet_id)
- LEFT JOIN zone USING (zone_id)
- WHERE
- node.node_id=" . $node_id;
+$sql = "SELECT
+ asset.asset_id,
+ asset.asset_name,
+ node.node_id AS id,
+ node.node_ip AS ip,
+ node.node_mac AS mac,
+ node.node_dns1 AS dns1,
+ node.node_dns2 AS dns2,
+ node.node_info AS info,
+ node.node_type AS type,
+ subnet.subnet_id,
+ subnet.subnet_address,
+ subnet.subnet_mask,
+ zone.zone_origin
+ FROM
+ node
+ JOIN asset USING (asset_id)
+ JOIN subnet USING (subnet_id)
+ LEFT JOIN zone USING (zone_id)
+ WHERE
+ node.node_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$node_id]);
-$node = $db->db_select($query);
-$node[0]['node_mac'] = write_mac($node[0]['node_mac']);
-$smarty->assign("node", $node[0]);
+$node = $sth->fetch(PDO::FETCH_OBJ);
+$node->mac = write_mac($node->mac);
+$smarty->assign("node", $node);
// nat
-$query = "SELECT
- asset_ext.asset_id AS asset_id_ext,
- asset_int.asset_id AS asset_id_int,
- asset_ext.asset_name AS asset_name_ext,
- asset_int.asset_name AS asset_name_int,
- nat.nat_id AS nat_id,
- nat.nat_type AS nat_type,
- nat.nat_ext AS nat_ext,
- nat.nat_int AS nat_int,
- node_ext.node_ip AS node_ip_ext,
- node_int.node_ip AS node_ip_int,
- node_int.node_id AS node_id_int,
- node_ext.node_id AS node_id_ext
- FROM
- asset AS asset_ext,
- asset AS asset_int,
- nat,
- node AS node_ext,
- node AS node_int
- WHERE
- (nat.nat_ext=" . $node_id . "
- OR nat.nat_int=" . $node_id . ")
- AND node_ext.node_id=nat.nat_ext
- AND node_int.node_id=nat.nat_int
- AND asset_ext.asset_id=node_ext.asset_id
- AND asset_int.asset_id=node_int.asset_id
- ORDER BY
- INET_ATON(node_ext.node_ip),
- INET_ATON(node_int.node_ip)";
+$sql = "SELECT
+ asset_ext.asset_id AS asset_id_ext,
+ asset_int.asset_id AS asset_id_int,
+ asset_ext.asset_name AS asset_name_ext,
+ asset_int.asset_name AS asset_name_int,
+ nat.nat_id AS nat_id,
+ nat.nat_type AS nat_type,
+ nat.nat_ext AS nat_ext,
+ nat.nat_int AS nat_int,
+ node_ext.node_ip AS node_ip_ext,
+ node_int.node_ip AS node_ip_int,
+ node_int.node_id AS node_id_int,
+ node_ext.node_id AS node_id_ext
+ FROM
+ asset AS asset_ext,
+ asset AS asset_int,
+ nat,
+ node AS node_ext,
+ node AS node_int
+ WHERE
+ (nat.nat_ext=:node_id OR nat.nat_int=:node_id)
+ AND node_ext.node_id=nat.nat_ext
+ AND node_int.node_id=nat.nat_int
+ AND asset_ext.asset_id=node_ext.asset_id
+ AND asset_int.asset_id=node_int.asset_id
+ ORDER BY
+ INET_ATON(node_ext.node_ip),
+ INET_ATON(node_int.node_ip)";
+
+$sth = $dbh->prepare($sql);
+$sth->execute(['node_id' => $node_id]);
-$natrules = $db->db_select($query);
-$smarty->assign("natrules", $natrules);
+$smarty->assign("natrules", $sth->fetchAll());
$smarty->display("nodeview.tpl");
diff --git a/search.php b/search.php
index d51c130..6419334 100644
--- a/search.php
+++ b/search.php
@@ -15,130 +15,100 @@ include("header.php");
if (empty($search)) {
// parse nosearch box
$smarty->assign("nosearch", TRUE);
-} else {
- // hide nosearch box
- $smarty->assign("nosearch", FALSE);
- $smarty->assign("search", $search);
-
- // set needle
- $needle = '%' . $search . '%';
-
- // set counter
- $resultcounter = 0;
-
- // asset
- $query = "SELECT
- asset_id AS id,
- asset_name AS name,
- asset_info AS description
- FROM
- asset
- WHERE
- asset_name LIKE '" . $needle . "'
- OR asset_hostname LIKE '" . $needle . "'
- OR asset_info LIKE '" . $needle . "'
- ORDER BY
- asset_name";
-
- $assets = $db->db_select($query);
- $resultcounter += count($assets);
- $smarty->assign("assets", $assets);
-
- // location
- $query = "SELECT
- location_id AS id,
- location_name AS name
- FROM
- location
- WHERE
- location_name LIKE '" . $needle . "'
- OR location_info LIKE '" . $needle . "'
- ORDER BY
- location_name";
-
- $locations = $db->db_select($query);
- $resultcounter += count($locations);
- $smarty->assign("locations", $locations);
-
- // node
- $query = "SELECT
- node_id AS id,
- node_ip AS ip
- FROM
- node
- WHERE
- node_ip LIKE '" . $needle . "'
- OR node_mac LIKE '" . $needle . "'
- OR node_dns1 LIKE '" . $needle . "'
- OR node_dns2 LIKE '" . $needle . "'
- OR node_info LIKE '" . $needle . "'
- ORDER BY
- node_ip";
-
- $nodes = $db->db_select($query);
- $resultcounter += count($nodes);
- $smarty->assign("nodes", $nodes);
-
- // subnet
- $query = "SELECT
- subnet_id AS id,
- subnet_address AS address
- FROM
- subnet
- WHERE
- subnet_address LIKE '" . $needle . "'
- OR subnet_info LIKE '" . $needle . "'
- ORDER BY
- subnet_address";
-
- // run query
- $subnets = $db->db_select($query);
- $resultcounter += count($subnets);
- $smarty->assign("subnets", $subnets);
-
- // vlan
- $query = "SELECT
- vlan_id AS id,
- vlan_name AS name
- FROM
- vlan
- WHERE
- vlan_name LIKE '" . $needle . "'
- OR vlan_info LIKE '" . $needle . "'
- ORDER BY
- vlan_name";
-
- $vlans = $db->db_select($query);
- $resultcounter += count($vlans);
- $smarty->assign("vlans", $vlans);
-
- // setup zone
- $query = "SELECT
- zone_id AS id,
- zone_origin AS origin
- FROM
- zone
- WHERE
- zone_origin LIKE '" . $needle . "'
- OR zone_soa LIKE '" . $needle . "'
- OR zone_hostmaster LIKE '" . $needle . "'
- OR zone_ns1 LIKE '" . $needle . "'
- OR zone_ns2 LIKE '" . $needle . "'
- OR zone_ns3 LIKE '" . $needle . "'
- OR zone_mx1 LIKE '" . $needle . "'
- OR zone_mx2 LIKE '" . $needle . "'
- OR zone_info LIKE '" . $needle . "'
- ORDER BY
- zone_origin";
-
- $zones = $db->db_select($query);
- $resultcounter += count($zones);
- $smarty->assign("zones", $zones);
-
- // grand totals
- $smarty->assign("resultcounter", $resultcounter);
+ $smarty->display("search.tpl");
+ include("footer.php");
+ exit;
}
+// hide nosearch box
+$smarty->assign("nosearch", FALSE);
+$smarty->assign("search", $search);
+
+$needle = '%' . $search . '%';
+$resultcounter = 0;
+
+// asset
+$sql = "SELECT asset_id AS id, asset_name AS name, asset_info AS description
+ FROM asset
+ WHERE asset_name LIKE :needle OR asset_hostname LIKE :needle
+ OR asset_info LIKE :needle
+ ORDER BY asset_name";
+$sth = $dbh->prepare($sql);
+$sth->execute(['needle' => $needle]);
+
+$assets = $sth->fetchAll();
+$resultcounter += count($assets);
+$smarty->assign("assets", $assets);
+
+// location
+$sql = "SELECT location_id AS id, location_name AS name
+ FROM location
+ WHERE location_name LIKE :needle OR location_info LIKE :needle
+ ORDER BY location_name";
+$sth = $dbh->prepare($sql);
+$sth->execute(['needle' => $needle]);
+
+$locations = $sth->fetchAll();
+$resultcounter += count($locations);
+$smarty->assign("locations", $locations);
+
+// node
+$sql = "SELECT node_id AS id, node_ip AS ip
+ FROM node
+ WHERE node_ip LIKE :needle OR node_mac LIKE :needle
+ OR node_dns1 LIKE :needle OR node_dns2 LIKE :needle
+ OR node_info LIKE :needle
+ ORDER BY node_ip";
+$sth = $dbh->prepare($sql);
+$sth->execute(['needle' => $needle]);
+
+$nodes = $sth->fetchAll();
+$resultcounter += count($nodes);
+$smarty->assign("nodes", $nodes);
+
+// subnet
+$sql = "SELECT subnet_id AS id, subnet_address AS address
+ FROM subnet
+ WHERE subnet_address LIKE :needle OR subnet_info LIKE :needle
+ ORDER BY subnet_address";
+$sth = $dbh->prepare($sql);
+$sth->execute(['needle' => $needle]);
+
+$subnets = $sth->fetchAll();
+$resultcounter += count($subnets);
+$smarty->assign("subnets", $subnets);
+
+// vlan
+$sql = "SELECT vlan_id AS id, vlan_name AS name
+ FROM vlan
+ WHERE vlan_name LIKE :needle OR vlan_info LIKE :needle
+ ORDER BY vlan_name";
+$sth = $dbh->prepare($sql);
+$sth->execute(['needle' => $needle]);
+
+$vlans = $sth->fetchAll();
+$resultcounter += count($vlans);
+$smarty->assign("vlans", $vlans);
+
+// setup zone
+$sql = "SELECT zone_id AS id, zone_origin AS origin
+ FROM zone
+ WHERE zone_origin LIKE :needle OR zone_soa LIKE :needle
+ OR zone_hostmaster LIKE :needle OR zone_ns1 LIKE :needle
+ OR zone_ns2 LIKE :needle OR zone_ns3 LIKE :needle
+ OR zone_mx1 LIKE :needle OR zone_mx2 LIKE :needle
+ OR zone_info LIKE :needle
+ ORDER BY zone_origin";
+$sth = $dbh->prepare($sql);
+$sth->execute(['needle' => $needle]);
+
+$zones = $sth->fetchAll();
+$resultcounter += count($zones);
+$smarty->assign("zones", $zones);
+
+// grand totals
+$smarty->assign("resultcounter", $resultcounter);
+
$smarty->display("search.tpl");
include("footer.php");
diff --git a/submit.php b/submit.php
index e944ba6..621a6e3 100644
--- a/submit.php
+++ b/submit.php
@@ -16,6 +16,7 @@ if ($_SERVER['REQUEST_METHOD'] != "POST") {
if (isset($_POST['redirect'])) {
switch ($_POST['redirect']) {
+
case ("assigniptonode") :
$node_ip = sanitize($_POST['node_ip']);
$subnet_id = sanitize($_POST['subnet_id']);
@@ -28,7 +29,8 @@ if (isset($_POST['redirect'])) {
header_location("nodeadd.php?subnet_id=" . $subnet_id . "&node_ip=" . $node_ip);
break;
}
- break;
+ break;
+
case ("locationsubnet") :
$location_id = sanitize($_POST['location_id']);
@@ -40,126 +42,109 @@ if (isset($_POST['redirect'])) {
header_location("locationsubnetdel.php?location_id=" . $location_id);
break;
}
- break;
+ break;
+
case ("nat") :
$node_id = sanitize($_POST['node_id']);
switch ($_POST['action']) {
case ("natadd") :
header_location("natadd.php?node_id=" . $node_id);
- break;
+ break;
case ("natdel") :
header_location("natdel.php?node_id=" . $node_id);
- break;
+ break;
}
- break;
+ break;
+
case ("subnetlocation") :
$subnet_id = sanitize($_POST['subnet_id']);
switch ($_POST['action']) {
case ("subnetlocationadd") :
header_location("subnetlocationadd.php?subnet_id=" . $subnet_id);
- break;
+ break;
case ("subnetlocationdel") :
header_location("subnetlocationdel.php?subnet_id=" . $subnet_id);
- break;
+ break;
}
- break;
+ break;
+
case ("subnetvlan") :
$subnet_id = sanitize($_POST['subnet_id']);
switch ($_POST['action']) {
case ("subnetvlanadd") :
header_location("subnetvlanadd.php?subnet_id=" . $subnet_id);
- break;
+ break;
case ("subnetvlandel") :
header_location("subnetvlandel.php?subnet_id=" . $subnet_id);
- break;
+ break;
}
- break;
+ break;
+
case ("vlansubnet") :
$vlan_id = sanitize($_POST['vlan_id']);
switch ($_POST['action']) {
case ("vlansubnetadd") :
header_location("vlansubnetadd.php?vlan_id=" . $vlan_id);
- break;
+ break;
case ("vlansubnetdel") :
header_location("vlansubnetdel.php?vlan_id=" . $vlan_id);
- break;
+ break;
}
- break;
+ break;
}
}
if (isset($_POST['add'])) {
switch ($_POST['add']) {
+
case ("asset") :
- $asset_name = sanitize($_POST['asset_name']);
- $asset_hostname = sanitize($_POST['asset_hostname']);
+ $name = sanitize($_POST['asset_name']);
+ $hostname = sanitize($_POST['asset_hostname']);
$assetclass_id = sanitize($_POST['assetclass_id']);
- $asset_info = sanitize($_POST['asset_info']);
+ $info = sanitize($_POST['asset_info']);
- $query = "INSERT
- INTO
- asset(
- asset_name,
- asset_hostname,
- assetclass_id,
- asset_info
- )
- VALUE
- (
- '$asset_name',
- '$asset_hostname',
- '$assetclass_id',
- '$asset_info'
- )";
+ $sql = "INSERT INTO asset
+ (asset_name, asset_hostname, assetclass_id, asset_info)
+ VALUE
+ (?, ?, ?, ?)";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$name, $hostname, $assetclass_id, $info]);
- $asset_id = $db->db_insert($query);
+ header_location("assetview.php?asset_id=" . $dbh->lastInsertId());
+ break;
- header_location("assetview.php?asset_id=" . $asset_id);
- break;
case ("assetclass") :
$assetclass_name = sanitize($_POST['assetclass_name']);
$assetclassgroup_id = sanitize($_POST['assetclassgroup_id']);
- $query = "INSERT
- INTO
- assetclass(
- assetclass_name,
- assetclassgroup_id
- )
+ $sql = "INSERT INTO assetclass
+ (assetclass_name, assetclassgroup_id)
VALUE
- (
- '$assetclass_name',
- '$assetclassgroup_id'
- )";
+ (?, ?)";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$assetclass_name, $assetclassgroup_id]);
- $assetclass_id = $db->db_insert($query);
+ header_location("assetclassview.php?assetclass_id=" . $dbh->lastInsertId());
+ break;
- header_location("assetclassview.php?assetclass_id=" . $assetclass_id);
- break;
case ("assetclassgroup") :
- $assetclassgroup_name = sanitize($_POST['assetclassgroup_name']);
- $assetclassgroup_color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['assetclassgroup_color'])));
+ $name = sanitize($_POST['assetclassgroup_name']);
+ $color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['assetclassgroup_color'])));
- $query = "INSERT
- INTO
- assetclassgroup(
- assetclassgroup_name,
- assetclassgroup_color
- )
- VALUE
- (
- '$assetclassgroup_name',
- '$assetclassgroup_color'
- )";
+ $sql = "INSERT INTO assetclassgroup
+ (assetclassgroup_name, assetclassgroup_color)
+ VALUE
+ (?, ?)";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$name, $color]);
- $assetclassgroup_id = $db->db_insert($query);
+ header_location("assetclassgroupview.php?assetclassgroup_id=" . $dbh->lastInsertId());
+ break;
- header_location("assetclassgroupview.php?assetclassgroup_id=" . $assetclassgroup_id);
- break;
case ("assignnodetoasset") :
$node_ip = sanitize($_POST['node_ip']);
$subnet_id = sanitize($_POST['subnet_id']);
@@ -169,133 +154,86 @@ if (isset($_POST['add'])) {
if ((!empty($_POST['node_dns2']) && isset($_POST['node_dns2suffix'])) ? $node_dns2 = sanitize($_POST['node_dns2']) . $config_dns2suffix : $node_dns2 = sanitize($_POST['node_dns2']));
$node_info = $_POST['node_info'];
- $query = "INSERT
- INTO
- node(
+ $sql = "INSERT INTO node (
node_ip,
node_mac,
node_dns1,
node_dns2,
subnet_id,
asset_id,
- node_info
- )
- VALUE
- (
- '$node_ip',
- '$node_mac',
- '$node_dns1',
- '$node_dns2',
- '$subnet_id',
- '$asset_id',
- '$node_info'
- )";
-
- $node_id = $db->db_insert($query);
+ node_info)
+ VALUE
+ (?, ?, ?, ?, ?, ?, ?)";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$node_ip, $node_mac, $node_dns1, $node_dns2,
+ $subnet_id, $asset_id, $node_info]);
+
+ header_location("nodeview.php?node_id=" . $dbh->lastInsertId());
+ break;
- header_location("nodeview.php?node_id=" . $node_id);
- break;
case ("assignlocationtosubnet") :
$location_id = sanitize($_POST['location_id']);
$subnet_id = sanitize($_POST['subnet_id']);
- $query = "INSERT
- INTO
- subnetlocation(
- location_id,
- subnet_id
- )
- VALUE
- (
- '$location_id',
- '$subnet_id'
- )";
+ $sql = "INSERT INTO subnetlocation (location_id, subnet_id)
+ VALUE (?, ?)";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$location_id, $subnet_id]);
- $db->db_insert($query);
+ header_location("Location: location.php?location_id=" . $dbh->lastInsertId());
+ break;
- header_location("Location: location.php");
- break;
case ("assignsubnettovlan") :
$subnet_id = sanitize($_POST['subnet_id']);
$vlan_id = sanitize($_POST['vlan_id']);
- $query = "UPDATE
- subnet
- SET
- vlan_id='$vlan_id'
- WHERE
- subnet_id='$subnet_id'";
-
- $db->db_update($query);
+ $sql = "UPDATE subnet SET vlan_id=? WHERE subnet_id=?";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$vlan_id, $subnet_id]);
header_location("subnetview.php?subnet_id=" . $subnet_id);
- break;
+ break;
+
case ("location") :
- $location_name = sanitize($_POST['location_name']);
- $location_parent = sanitize($_POST['location_parent']);
- $location_info = sanitize($_POST['location_info']);
+ $name = sanitize($_POST['location_name']);
+ $parent = sanitize($_POST['location_parent']);
+ $info = sanitize($_POST['location_info']);
- $query = "INSERT
- INTO
- location(
- location_name,
- location_parent,
- location_info
+ $sql = "INSERT INTO location (
+ location_name, location_parent, location_info
)
- VALUE
- (
- '$location_name',
- '$location_parent',
- '$location_info'
- )";
+ VALUE (?, ?, ?)";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$name, $parent, $info]);
- $location_id = $db->db_insert($query);
+ header_location("locationview.php?location_id=" . $dbh->lastInsertId());
+ break;
- header_location("locationview.php?location_id=" . $location_id);
- break;
case ("locationsubnet") :
$location_id = sanitize($_POST['location_id']);
$subnet_id = sanitize($_POST['subnet_id']);
- $query = "INSERT
- INTO
- subnetlocation(
- location_id,
- subnet_id
- )
- VALUE
- (
- '$location_id',
- '$subnet_id'
- )";
-
- $newid = $db->db_insert($query);
+ $sql = "INSERT INTO subnetlocation (location_id, subnet_id)
+ VALUE (?, ?)";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$location_id, $subnet_id]);
header_location("locationview.php?location_id=" . $location_id);
- break;
+ break;
+
case ("nat") :
$node_id_ext = sanitize($_POST['node_id_ext']);
$node_id_int = sanitize($_POST['node_id_int']);
$nat_type = sanitize($_POST['nat_type']);
- $query = "INSERT
- INTO
- nat(
- nat_ext,
- nat_int,
- nat_type
- )
- VALUE
- (
- '$node_id_ext',
- '$node_id_int',
- '$nat_type'
- )";
-
- $db->db_insert($query);
+ $sql = "INSERT INTO nat (nat_ext, nat_int, nat_type)
+ VALUE (?, ?, ?)";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$node_id_ext, $node_id_int, $nat_type]);
header_location("nodeview.php?node_id=" . $node_id_ext);
- break;
+ break;
+
case ("node") :
$asset_name = sanitize($_POST['asset_name']);
$asset_hostname = sanitize($_POST['asset_hostname']);
@@ -307,192 +245,107 @@ if (isset($_POST['add'])) {
$node_info = sanitize($_POST['node_info']);
$subnet_id = $_POST['subnet_id'];
- $query = "INSERT
- INTO
- asset(
- asset_name,
- asset_hostname,
- assetclass_id
- )
- VALUE
- (
- '$asset_name',
- '$asset_hostname',
- '$assetclass_id'
- )";
-
- $asset_id = $db->db_insert($query);
+ $sql = "INSERT INTO asset (asset_name, asset_hostname, assetclass_id)
+ VALUE (?, ?, ?)";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$asset_name, $asset_hostname, $assetclass_id]);
+ $asset_id = $dbh->lastInsertId();
- $query = "INSERT
- INTO
- node(
- node_ip,
- node_mac,
- node_dns1,
- node_dns2,
- node_info,
- subnet_id,
- asset_id
+ $sql = "INSERT INTO node (
+ node_ip, node_mac, node_dns1, node_dns2, node_info,
+ subnet_id, asset_id
)
- VALUE
- (
- '$ip',
- '$mac',
- '$dns1',
- '$dns2',
- '$node_info',
- '$subnet_id',
- '$asset_id'
- )";
-
- $node_id = $db->db_insert($query);
+ VALUE (?, ?, ?, ?, ?, ?, ?)";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$ip, $mac, $dns1, $dns2, $node_info, $subnet_id, $asset_id]);
+
+ header_location("nodeview.php?node_id=" . $dbh->lastInsertId());
+ break;
- header_location("nodeview.php?node_id=" . $node_id);
- break;
case ("subnet") :
$subnet_address= sanitize($_POST['subnet_address']);
$subnet_mask = sanitize($_POST['subnet_mask']);
$subnet_info = sanitize($_POST['subnet_info']);
- $query = "INSERT
- INTO
- subnet(
- subnet_address,
- subnet_mask,
- subnet_info
- )
- VALUE
- (
- '$subnet_address',
- '$subnet_mask',
- '$subnet_info'
- )";
+ $sql = "INSERT INTO subnet (subnet_address, subnet_mask, subnet_info)
+ VALUE (?, ?, ?)";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$subnet_address, $subnet_mask, $subnet_info]);
- $subnet_id = $db->db_insert($query);
+ header_location("subnetview.php?subnet_id=" . $dbh->lastInsertId());
+ break;
- header_location("subnetview.php?subnet_id=" . $subnet_id);
- break;
case ("subnetlocation") :
$location_id = sanitize($_POST['location_id']);
$subnet_id = sanitize($_POST['subnet_id']);
- $query = "INSERT
- INTO
- subnetlocation(
- location_id,
- subnet_id
- )
- VALUE
- (
- '$location_id',
- '$subnet_id'
- )";
-
- $db->db_insert($query);
+ $sql = "INSERT INTO subnetlocation (location_id, subnet_id)
+ VALUE (?, ?)";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$location_id, $subnet_id]);
header_location("subnetview.php?subnet_id=" . $subnet_id);
- break;
+ break;
+
case ("subnetvlan") :
$subnet_id = sanitize($_POST['subnet_id']);
$vlan_id = sanitize($_POST['vlan_id']);
- $query = "INSERT
- INTO
- subnetvlan(
- subnet_id,
- vlan_id
- )
- VALUE
- (
- '$subnet_id',
- '$vlan_id'
- )";
-
- $db->db_insert($query);
+ $sql = "INSERT INTO subnetvlan (subnet_id, vlan_id)
+ VALUE (?, ?)";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$subnet_id, $vlan_id]);
header_location("subnetview.php?subnet_id=" . $subnet_id);
- break;
+ break;
+
case ("user") :
$user_name = strtolower(sanitize($_POST['user_name']));
$user_displayname = sanitize($_POST['user_displayname']);
$user_password = md5(sanitize($_POST['user_password']));
- $query = "SELECT
- user_name
- FROM
- user
- WHERE
- user_name='$user_name'";
-
- $users = $db->db_select($query);
-
- $user_counter = count($users);
+ // check if username exists
+ $sth = $dbh->prepare("SELECT COUNT(*) FROM user WHERE user_name=?");
+ $sth->execute([$user_name]);
- if ($user_counter==0) {
- $query = "INSERT
- INTO
- user(
- user_name,
- user_displayname,
- user_pass
- )
- VALUE
- (
- '$user_name',
- '$user_displayname',
- '$user_password'
- )";
-
- $user_id = $db->db_insert($query);
+ if ($sth->fetchColumn() == 0) {
+ $sql = "INSERT INTO user (user_name, user_displayname, user_pass)
+ VALUE (?, ?, ?)";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$user_name, $user_displayname, $user_password]);
- header_location("userview.php?user_id=" . $user_id);
+ header_location("userview.php?user_id=" . $dbh->lastInsertId());
+ break;
}
$comments = "usernameinuse";
- break;
+ break;
+
case ("vlan") :
$vlan_name = sanitize($_POST['vlan_name']);
$vlan_number = sanitize($_POST['vlan_number']);
$vlan_info = sanitize($_POST['vlan_info']);
- $query = "INSERT
- INTO
- vlan(
- vlan_name,
- vlan_number,
- vlan_info
- )
- VALUE
- (
- '$vlan_name',
- '$vlan_number',
- '$vlan_info'
- )";
+ $sql = "INSERT INTO vlan (vlan_name, vlan_number, vlan_info)
+ VALUE (?, ?, ?)";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$vlan_name, $vlan_number, $vlan_info]);
- $vlan_id = $db->db_insert($query);
+ header_location("vlanview.php?vlan_id=" . $dbh->lastInsertId());
+ break;
- header_location("vlanview.php?vlan_id=" . $vlan_id);
- break;
case ("vlansubnet") :
$subnet_id = sanitize($_POST['subnet_id']);
$vlan_id = sanitize($_POST['vlan_id']);
- $query = "INSERT
- INTO
- subnetvlan(
- subnet_id,
- vlan_id
- )
- VALUE
- (
- '$subnet_id',
- '$vlan_id'
- )";
-
- $db->db_insert($query);
+ $sql = "INSERT INTO subnetvlan (subnet_id, vlan_id)
+ VALUE (?, ?)";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$subnet_id, $vlan_id]);
header_location("vlanview.php?vlan_id=" . $vlan_id);
- break;
+ break;
+
case ("zone") :
$zone_origin = sanitize($_POST['zone_origin']);
$zone_ttl_default = sanitize($_POST['zone_ttl_default']);
@@ -510,267 +363,166 @@ if (isset($_POST['add'])) {
$zone_mx2 = sanitize($_POST['zone_mx2']);
$zone_info = sanitize($_POST['zone_info']);
- $query = "INSERT
- INTO
- zone(
- zone_origin,
- zone_ttl_default,
- zone_soa,
- zone_hostmaster,
- zone_refresh,
- zone_retry,
- zone_expire,
- zone_ttl,
- zone_serial,
- zone_ns1,
- zone_ns2,
- zone_ns3,
- zone_mx1,
- zone_mx2,
- zone_info
- )
- VALUE
- (
- '$zone_origin',
- '$zone_ttl_default',
- '$zone_soa',
- '$zone_hostmaster',
- '$zone_refresh',
- '$zone_retry',
- '$zone_expire',
- '$zone_ttl',
- '$zone_serial',
- '$zone_ns1',
- '$zone_ns2',
- '$zone_ns3',
- '$zone_mx1',
- '$zone_mx2',
- '$zone_info'
- )";
-
- $zoneid = $db->db_insert($query);
-
- header_location("zoneview.php?zone_id=" . $zoneid);
- break;
+ $sql = "INSERT INTO zone (
+ zone_origin, zone_ttl_default, zone_soa, zone_hostmaster,
+ zone_refresh, zone_retry, zone_expire, zone_ttl, zone_serial,
+ zone_ns1, zone_ns2, zone_ns3, zone_mx1, zone_mx2, zone_info)
+ VALUE (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$zone_origin, $zone_ttl_default, $zone_soa, $zone_hostmaster,
+ $zone_refresh, $zone_retry, $zone_expire, $zone_ttl, $zone_serial,
+ $zone_ns1, $zone_ns2, $zone_ns3, $zone_mx1, $zone_mx2, $zone_info]);
+
+ header_location("zoneview.php?zone_id=" . $dbh->lastInsertId());
+ break;
}
}
if (isset($_POST['del'])) {
switch ($_POST['del']) {
+
case ("asset") :
$asset_id = sanitize($_POST['asset_id']);
- $query = "DELETE
- FROM
- asset
- WHERE
- asset_id=" . $asset_id;
+ $sth = $dbh->prepare("DELETE FROM asset WHERE asset_id=?");
+ $sth->execute([$asset_id]);
- $db->db_delete($query);
-
- $query = "DELETE
- FROM
- node
- WHERE
- asset_id=" . $asset_id;
-
- $db->db_delete($query);
+ $sth = $dbh->prepare("DELETE FROM node WHERE asset_id=?");
+ $sth->execute([$asset_id]);
header_location("asset.php");
- break;
+ break;
+
case ("assetclass") :
$assetclass_id = sanitize($_POST['assetclass_id']);
- $query = "DELETE
- FROM
- assetclass
- WHERE
- assetclass_id=" . $assetclass_id;
-
- $db->db_delete($query);
+ $sth = $dbh->prepare("DELETE FROM assetclass WHERE assetclass_id=?");
+ $sth->execute([$assetclass_id]);
header_location("assetclass.php");
- break;
+ break;
+
case ("assetclassgroup") :
$assetclassgroup_id = sanitize($_POST['assetclassgroup_id']);
- $query = "DELETE
- FROM
- assetclassgroup
- WHERE
- assetclassgroup_id=" . $assetclassgroup_id;
-
- $db->db_delete($query);
+ $sth = $dbh->prepare("DELETE FROM assetclassgroup WHERE assetclassgroup_id=?");
+ $sth->execute([$assetclassgroup_id]);
header_location("assetclassgroup.php");
- break;
+ break;
+
case ("location") :
$location_id = sanitize($_POST['location_id']);
- $query = "DELETE
- FROM
- location
- WHERE
- location_id=" . $location_id;
-
- $db->db_delete($query);
+ $sth = $dbh->prepare("DELETE FROM location WHERE location_id=?");
+ $sth->execute([$location_id]);
header_location("location.php");
- break;
+ break;
+
case ("locationsubnet") :
$location_id = sanitize($_POST['location_id']);
$subnet_id = sanitize($_POST['subnet_id']);
- $query = "DELETE
- FROM
- subnetlocation
- WHERE
- location_id=" . $location_id . "
- AND subnet_id=" . $subnet_id;
-
- $db->db_delete($query);
+ $sth = $dbh->prepare("DELETE FROM subnetlocation WHERE location_id=? AND subnet_id=?");
+ $sth->execute([$location_id, $subnet_id]);
header_location("locationview.php?location_id=" . $location_id);
- break;
+ break;
+
case ("nat") :
+ $nat_id = sanitize($_POST['nat_id']);
$node_id_ext = sanitize($_POST['node_id_ext']);
- $node_id_int = sanitize($_POST['node_id_int']);
-
- $query = "DELETE
- FROM
- nat
- WHERE
- nat_ext=" . $node_id_ext . "
- AND nat_int=" . $node_id_int;
- $db->db_delete($query);
+ $sth = $dbh->prepare("DELETE FROM nat WHERE nat_id=?");
+ $sth->execute([$nat_id]);
header_location("nodeview.php?node_id=" . $node_id_ext);
- break;
+ break;
+
case ("node") :
$node_id = sanitize($_POST['node_id']);
- $asset_id = sanitize($_POST['asset_id']);
-
- $query = "DELETE
- FROM
- node
- WHERE
- node_id=" . $node_id;
- $db->db_delete($query);
+ $sth = $dbh->prepare("DELETE FROM node WHERE node_id=?");
+ $sth->execute([$node_id]);
header_location("assetview.php?asset_id=" . $asset_id);
- break;
+ break;
+
case ("subnet") :
$subnet_id = sanitize($_POST['subnet_id']);
- $query = "DELETE
- FROM
- subnet
- WHERE
- subnet_id=" . $subnet_id;
+ $sth = $dbh->prepare("DELETE FROM subnet WHERE subnet_id=?");
+ $sth->execute([$subnet_id]);
- $db->db_delete($query);
-
- $query = "DELETE
- FROM
- node
- WHERE
- subnet_id=" . $subnet_id;
-
- $db->db_delete($query);
+ $sth = $dbh->prepare("DELETE FROM node WHERE subnet_id=?");
+ $sth->execute([$subnet_id]);
header_location("subnet.php");
- break;
+ break;
+
case ("subnetlocation") :
$location_id = sanitize($_POST['location_id']);
$subnet_id = sanitize($_POST['subnet_id']);
- $query = "DELETE
- FROM
- subnetlocation
- WHERE
- location_id=" . $location_id . "
- AND subnet_id=" . $subnet_id;
-
- $db->db_delete($query);
+ $sth = $dbh->prepare("DELETE FROM subnetlocation WHERE location_id=? AND subnet_id=?");
+ $sth->execute([$location_id, $subnet_id]);
header_location("subnetview.php?subnet_id=" . $subnet_id);
- break;
+ break;
+
case ("subnetvlan") :
$subnet_id = sanitize($_POST['subnet_id']);
$vlan_id = sanitize($_POST['vlan_id']);
- $query = "DELETE
- FROM
- subnetvlan
- WHERE
- subnet_id=" . $subnet_id . "
- AND vlan_id=" . $vlan_id;
-
- $db->db_delete($query);
+ $sth = $dbh->prepare("DELETE FROM subnetvlan WHERE subnet_id=? AND vlan_id=?");
+ $sth->execute([$subnet_id, $vlan_id]);
header_location("subnetview.php?subnet_id=" . $subnet_id);
- break;
+ break;
+
case ("user") :
$user_id = sanitize($_POST['user_id']);
- $query = "DELETE
- FROM
- user
- WHERE
- user_id=" . $user_id;
-
- $db->db_delete($query);
+ $sth = $dbh->prepare("DELETE FROM user WHERE user_id=?");
+ $sth->execute([$user_id]);
header_location("user.php");
- break;
+ break;
+
case ("vlan") :
$vlan_id = sanitize($_POST['vlan_id']);
- $query = "DELETE
- FROM
- vlan
- WHERE
- vlan_id=" . $vlan_id;
-
- $db->db_delete($query);
+ $sth = $dbh->prepare("DELETE FROM vlan WHERE vlan_id=");
+ $sth->execute([$vlan_id]);
header_location("vlan.php");
- break;
+ break;
+
case ("vlansubnet") :
$subnet_id = sanitize($_POST['subnet_id']);
$vlan_id = sanitize($_POST['vlan_id']);
- $query = "DELETE
- FROM
- subnetvlan
- WHERE
- subnet_id=" . $subnet_id . "
- AND vlan_id=" . $vlan_id;
-
- $db->db_delete($query);
+ $sth = $dbh->prepare("DELETE FROM subnetvlan WHERE subnet_id=? AND vlan_id=?");
+ $sth->execute([$subnet_id, $vlan_id]);
header_location("vlanview.php?vlan_id=" . $vlan_id);
- break;
+ break;
+
case ("zone") :
$zone_id = sanitize($_POST['zone_id']);
- $query = "DELETE
- FROM
- zone
- WHERE
- zone_id=" . $zone_id;
-
- $db->db_delete($query);
+ $sth = $dbh->prepare("DELETE FROM zone WHERE zone_id=?");
+ $sth->execute([$zone_id]);
header_location("zone.php");
- break;
+ break;
}
}
if (isset($_POST['edit'])) {
switch ($_POST['edit']) {
+
case ("asset") :
$asset_id = sanitize($_POST['asset_id']);
$asset_name = sanitize($_POST['asset_name']);
@@ -778,72 +530,58 @@ if (isset($_POST['edit'])) {
$asset_hostname = sanitize($_POST['asset_hostname']);
$assetclass_id = sanitize($_POST['assetclass_id']);
- $query = "UPDATE
- asset
- SET
- asset_name='$asset_name',
- asset_info='$asset_info',
- asset_hostname='$asset_hostname',
- assetclass_id='$assetclass_id'
- WHERE
- asset_id=" . $asset_id;
-
- $db->db_update($query);
+ $sql = "UPDATE asset SET
+ asset_name=?, asset_info=?, asset_hostname=?,
+ assetclass_id=?
+ WHERE asset_id=?";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$asset_name, $asset_info, $asset_hostname, $assetclass_id, $asset_id]);
header_location("assetview.php?asset_id=" . $asset_id);
+
case ("assetclass") :
$assetclass_id = sanitize($_POST['assetclass_id']);
$assetclass_name = sanitize($_POST['assetclass_name']);
$assetclassgroup_id = sanitize($_POST['assetclassgroup_id']);
- $query = "UPDATE
- assetclass
- SET
- assetclass_name='$assetclass_name',
- assetclassgroup_id='$assetclassgroup_id'
- WHERE
- assetclass_id=" . $assetclass_id;
-
- $db->db_update($query);
+ $sql = "UPDATE assetclass SET
+ assetclass_name=?, assetclassgroup_id=?
+ WHERE assetclass_id=?";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$assetclass_name, $assetclassgroup_id, $assetclass_id]);
header_location("assetclassview.php?assetclass_id=" . $assetclass_id);
- break;
+ break;
+
case ("assetclassgroup") :
$assetclassgroup_id = sanitize($_POST['assetclassgroup_id']);
$assetclassgroup_name = sanitize($_POST['assetclassgroup_name']);
$assetclassgroup_color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['assetclassgroup_color'])));
- $query = "UPDATE
- assetclassgroup
- SET
- assetclassgroup_name='$assetclassgroup_name',
- assetclassgroup_color='$assetclassgroup_color'
- WHERE
- assetclassgroup_id=" . $assetclassgroup_id;
-
- $db->db_update($query);
+ $sql = "UPDATE assetclassgroup SET
+ assetclassgroup_name=?, assetclassgroup_color=?
+ WHERE assetclassgroup_id=?";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$assetclassgroup_name, $assetclassgroup_color, $assetclassgroup_id]);
header_location("assetclassgroupview.php?assetclassgroup_id=" . $assetclassgroup_id);
- break;
+ break;
+
case ("location") :
$location_id = sanitize($_POST['location_id']);
$location_name = sanitize($_POST['location_name']);
$location_info = sanitize($_POST['location_info']);
$parentlocation_id = sanitize($_POST['parentlocation_id']);
- $query = "UPDATE
- location
- SET
- location_name='$location_name',
- location_parent='$parentlocation_id',
- location_info='$location_info'
- WHERE
- location_id=" . $location_id;
-
- $db->db_update($query);
+ $sql = "UPDATE location SET
+ location_name=?, location_parent=?, location_info=?
+ WHERE location_id=?";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$location_name, $parentlocation_id, $location_info, $location_id]);
header_location("locationview.php?location_id=" . $location_id);
- break;
+ break;
+
case ("node") :
$node_id = sanitize($_POST['node_id']);
$asset_id = sanitize($_POST['asset_id']);
@@ -855,119 +593,95 @@ if (isset($_POST['edit'])) {
$node_info = sanitize($_POST['node_info']);
$zone_id = sanitize($_POST['zone_id']);
- $query = "UPDATE
- node
- SET
- asset_id='$asset_id',
- node_ip='$node_ip',
- subnet_id='$subnet_id',
- node_mac='$node_mac',
- node_dns1='$node_dns1',
- node_dns2='$node_dns2',
- node_info='$node_info',
- zone_id='$zone_id'
- WHERE
- node_id=" . $node_id;
-
- $db->db_update($query);
+ $sql = "UPDATE node SET
+ asset_id=?, node_ip=?, subnet_id=?, node_mac=?,
+ node_dns1=?, node_dns2=?, node_info=?, zone_id=?
+ WHERE node_id=?";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$asset_id, $node_ip, $subnet_id, $node_mac,
+ $node_dns1, $node_dns2, $node_info, $zone_id,
+ $node_id]);
header_location("nodeview.php?node_id=" . $node_id);
- break;
+ break;
+
case ("optionsdisplay") :
- $user_id = $_SESSION['suser_id'];
- $user_language = $_POST['user_language'];
- $user_imagesize = sanitize($_POST['user_imagesize']);
- $user_imagecount = sanitize($_POST['user_imagecount']);
- $user_mac = sanitize($_POST['user_mac']);
- $user_dateformat = sanitize($_POST['user_dateformat']);
- $user_dns1suffix = sanitize($_POST['user_dns1suffix']);
- $user_dns2suffix = sanitize($_POST['user_dns2suffix']);
- $user_menu_assets = sanitize($_POST['user_menu_assets']);
- $user_menu_assetclasses = sanitize($_POST['user_menu_assetclasses']);
- $user_menu_assetclassgroups = sanitize($_POST['user_menu_assetclassgroups']);
- $user_menu_locations = sanitize($_POST['user_menu_locations']);
- $user_menu_nodes = sanitize($_POST['user_menu_nodes']);
- $user_menu_subnets = sanitize($_POST['user_menu_subnets']);
- $user_menu_users = sanitize($_POST['user_menu_users']);
- $user_menu_vlans = sanitize($_POST['user_menu_vlans']);
- $user_menu_zones = sanitize($_POST['user_menu_zones']);
- $user_tooltips = sanitize($_POST['user_tooltips']);
-
- $query = "UPDATE
- user
- SET
- user_language='" . $user_language . "',
- user_imagesize='" . $user_imagesize . "',
- user_imagecount='" . $user_imagecount . "',
- user_mac='" . $user_mac . "',
- user_dateformat='" . $user_dateformat . "',
- user_dns1suffix='" . $user_dns1suffix . "',
- user_dns2suffix='" . $user_dns2suffix . "',
- user_menu_assets='" . $user_menu_assets . "',
- user_menu_assetclasses='" . $user_menu_assetclasses . "',
- user_menu_assetclassgroups='" . $user_menu_assetclassgroups . "',
- user_menu_locations='" . $user_menu_locations . "',
- user_menu_nodes='" . $user_menu_nodes . "',
- user_menu_subnets='" . $user_menu_subnets . "',
- user_menu_users='" . $user_menu_users . "',
- user_menu_vlans='" . $user_menu_vlans . "',
- user_menu_zones='" . $user_menu_zones . "',
- user_tooltips='" . $user_tooltips . "'
+ $id = $_SESSION['suser_id'];
+ $language = $_POST['user_language'];
+ $imagesize = sanitize($_POST['user_imagesize']);
+ $imagecount = sanitize($_POST['user_imagecount']);
+ $mac = sanitize($_POST['user_mac']);
+ $dateformat = sanitize($_POST['user_dateformat']);
+ $dns1suffix = sanitize($_POST['user_dns1suffix']);
+ $dns2suffix = sanitize($_POST['user_dns2suffix']);
+ $menu_assets = sanitize($_POST['user_menu_assets']);
+ $menu_assetclasses = sanitize($_POST['user_menu_assetclasses']);
+ $menu_assetclassgroups = sanitize($_POST['user_menu_assetclassgroups']);
+ $menu_locations = sanitize($_POST['user_menu_locations']);
+ $menu_nodes = sanitize($_POST['user_menu_nodes']);
+ $menu_subnets = sanitize($_POST['user_menu_subnets']);
+ $menu_users = sanitize($_POST['user_menu_users']);
+ $menu_vlans = sanitize($_POST['user_menu_vlans']);
+ $menu_zones = sanitize($_POST['user_menu_zones']);
+ $tooltips = sanitize($_POST['user_tooltips']);
+
+ $sql = "UPDATE user SET
+ user_language=?, user_imagesize=?, user_imagecount=?, user_mac=?, user_dateformat=?,
+ user_dns1suffix=?, user_dns2suffix=?, user_menu_assets=?, user_menu_assetclasses=?,
+ user_menu_assetclassgroups=?, user_menu_locations=?, user_menu_nodes=?,
+ user_menu_subnets=?, user_menu_users=?, user_menu_vlans=?, user_menu_zones=?,
+ user_tooltips=?
WHERE
- user_id=" . $user_id;
-
- $_SESSION['suser_language'] = $user_language;
- $_SESSION['suser_imagesize'] = $user_imagesize;
- $_SESSION['suser_imagecount'] = $user_imagecount;
- $_SESSION['suser_mac'] = $user_mac;
- $_SESSION['suser_dateformat'] = $user_dateformat;
- $_SESSION['suser_dns1suffix'] = $user_dns1suffix;
- $_SESSION['suser_dns2suffix'] = $user_dns2suffix;
- $_SESSION['suser_menu_assets'] = $user_menu_assets;
- $_SESSION['suser_menu_assetclasses'] = $user_menu_assetclasses;
- $_SESSION['suser_menu_assetclassgroups'] = $user_menu_assetclassgroups;
- $_SESSION['suser_menu_locations'] = $user_menu_locations;
- $_SESSION['suser_menu_nodes'] = $user_menu_nodes;
- $_SESSION['suser_menu_subnets'] = $user_menu_subnets;
- $_SESSION['suser_menu_users'] = $user_menu_users;
- $_SESSION['suser_menu_vlans'] = $user_menu_vlans;
- $_SESSION['suser_menu_zones'] = $user_menu_zones;
- $_SESSION['suser_tooltips'] = $user_tooltips;
-
- $db->db_update($query);
+ user_id=?";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$language, $imagesize, $imagecount, $mac, $dateformat,
+ $dns1suffix, $dns2suffix, $menu_assets, $menu_assetclasses,
+ $menu_assetclassgroups, $menu_locations, $menu_nodes,
+ $menu_subnets, $menu_users, $menu_vlans, $menu_zones,
+ $tooltips, $id]);
+
+ $_SESSION['suser_language'] = $language;
+ $_SESSION['suser_imagesize'] = $imagesize;
+ $_SESSION['suser_imagecount'] = $imagecount;
+ $_SESSION['suser_mac'] = $mac;
+ $_SESSION['suser_dateformat'] = $dateformat;
+ $_SESSION['suser_dns1suffix'] = $dns1suffix;
+ $_SESSION['suser_dns2suffix'] = $dns2suffix;
+ $_SESSION['suser_menu_assets'] = $menu_assets;
+ $_SESSION['suser_menu_assetclasses'] = $menu_assetclasses;
+ $_SESSION['suser_menu_assetclassgroups'] = $menu_assetclassgroups;
+ $_SESSION['suser_menu_locations'] = $menu_locations;
+ $_SESSION['suser_menu_nodes'] = $menu_nodes;
+ $_SESSION['suser_menu_subnets'] = $menu_subnets;
+ $_SESSION['suser_menu_users'] = $menu_users;
+ $_SESSION['suser_menu_vlans'] = $menu_vlans;
+ $_SESSION['suser_menu_zones'] = $menu_zones;
+ $_SESSION['suser_tooltips'] = $tooltips;
header_location("options.php");
- break;
+ break;
+
case ("optionspassword") :
$user_id = $_SESSION['suser_id'];
- $user_currentpass = sanitize($_POST['user_currentpass']);
- $user_newpass1 = sanitize($_POST['user_newpass1']);
- $user_newpass2 = sanitize($_POST['user_newpass2']);
-
- $query = "SELECT
- user_pass
- FROM
- user
- WHERE
- user_id='" . $user_id . "'";
-
- $user = $db->db_select($query);
-
- if(!strcmp(md5($user_currentpass), $user[0]['user_pass'])) {
- if(!strcmp($user_newpass1, $user_newpass2)) {
- $query = "UPDATE
- user
- SET
- user_pass='" . md5($user_newpass1) . "'
- WHERE
- user_id=" . $user_id;
-
- $db->db_update($query);
+ $currentpass = sanitize($_POST['user_currentpass']);
+ $newpass1 = sanitize($_POST['user_newpass1']);
+ $newpass2 = sanitize($_POST['user_newpass2']);
+
+ $sth = $dbh->prepare("SELECT user_pass FROM user WHERE user_id=?");
+ $sth->execute([$user_id]);
+
+ $userpass = $sth->fetchColumn();;
+ if (!strcmp(md5($currentpass), $userpass)) {
+ if (!strcmp($user_newpass1, $user_newpass2)) {
+ $sth = $dbh->prepare("UPDATE user SET user_pass=? WHERE user_id=?");
+ $sth->execute([md5($user_newpass1), $user_id]);
header_location("options.php");
}
}
- break;
+ // TODO generate errormessages here
+ break;
+
case ("subnet") :
$subnet_id = sanitize($_POST['subnet_id']);
$subnet_address= sanitize($_POST['subnet_address']);
@@ -978,101 +692,73 @@ if (isset($_POST['edit'])) {
$subnet_ntp_server = sanitize($_POST['subnet_ntp_server']);
$subnet_info = sanitize($_POST['subnet_info']);
- $query = "UPDATE
- subnet
- SET
- subnet_address='$subnet_address',
- subnet_mask='$subnet_mask',
- subnet_dhcp_start='$subnet_dhcpstart',
- subnet_dhcp_end='$subnet_dhcpend',
- subnet_info='$subnet_info',
- protocol_version=$subnet_proto_vers,
- ntp_server='$subnet_ntp_server'
- WHERE
- subnet_id=" . $subnet_id;
-
- $db->db_update($query);
+ $sql = "UPDATE subnet SET
+ subnet_address=?, subnet_mask=?, subnet_dhcp_start=?,
+ subnet_dhcp_end=?, subnet_info=?, protocol_version=?,
+ ntp_server=?
+ WHERE subnet_id=?";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$subnet_address, $subnet_mask, $subnet_dhcpstart,
+ $subnet_dhcpend, $subnet_info, $subnet_proto_vers,
+ $subnet_ntp_server, $subnet_id]);
header_location("subnetview.php?subnet_id=" . $subnet_id);
- break;
+ break;
+
case ("user") :
$user_id = sanitize($_POST['user_id']);
$user_name = sanitize($_POST['user_name']);
$user_displayname = sanitize($_POST['user_displayname']);
- $query = "UPDATE
- user
- SET
- user_name='" . $user_name . "',
- user_displayname='" . $user_displayname . "'
- WHERE
- user_id=" . $user_id;
-
- $db->db_update($query);
+ $sql = "UPDATE user SET user_name=?, user_displayname=? WHERE user_id=?";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$user_name ,$user_displayname, $user_id]);
header_location("userview.php?user_id=" . $user_id);
- break;
+ break;
+
case ("vlan") :
$vlan_id = sanitize($_POST['vlan_id']);
$vlan_name = sanitize($_POST['vlan_name']);
$vlan_number = sanitize($_POST['vlan_number']);
$vlan_info = sanitize($_POST['vlan_info']);
- $query = "UPDATE
- vlan
- SET
- vlan_name='$vlan_name',
- vlan_number='$vlan_number',
- vlan_info='$vlan_info'
- WHERE
- vlan_id=" . $vlan_id;
-
- $db->db_update($query);
+ $sql = "UPDATE vlan SET vlan_name=?, vlan_number=?, vlan_info=? WHERE vlan_id=?";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$vlan_name, $vlan_number, $vlan_info, $vlan_id]);
header_location("vlanview.php?vlan_id=" . $vlan_id);
- break;
- case ("zone") :
- $zone_id = sanitize($_POST['zone_id']);
- $zone_origin = sanitize($_POST['zone_origin']);
- $zone_ttl_default = sanitize($_POST['zone_ttl_default']);
- $zone_soa = sanitize($_POST['zone_soa']);
- $zone_hostmaster = sanitize($_POST['zone_hostmaster']);
- $zone_refresh = sanitize($_POST['zone_refresh']);
- $zone_retry = sanitize($_POST['zone_retry']);
- $zone_expire = sanitize($_POST['zone_expire']);
- $zone_ttl = sanitize($_POST['zone_ttl']);
- $zone_serial = sanitize($_POST['zone_serial']);
- $zone_ns1 = sanitize($_POST['zone_ns1']);
- $zone_ns2 = sanitize($_POST['zone_ns2']);
- $zone_ns3 = sanitize($_POST['zone_ns3']);
- $zone_mx1 = sanitize($_POST['zone_mx1']);
- $zone_mx2 = sanitize($_POST['zone_mx2']);
- $zone_info = sanitize($_POST['zone_info']);
- $query = "UPDATE
- zone
- SET
- zone_origin='$zone_origin',
- zone_ttl_default='$zone_ttl_default',
- zone_soa='$zone_soa',
- zone_hostmaster='$zone_hostmaster',
- zone_refresh='$zone_refresh',
- zone_retry='$zone_retry',
- zone_expire='$zone_expire',
- zone_ttl='$zone_ttl',
- zone_serial='$zone_serial',
- zone_ns1='$zone_ns1',
- zone_ns2='$zone_ns2',
- zone_ns3='$zone_ns3',
- zone_mx1='$zone_mx1',
- zone_mx2='$zone_mx2',
- zone_info='$zone_info'
- WHERE
- zone_id=" . $zone_id;
+ break;
- $db->db_update($query);
+ case ("zone") :
+ $id = sanitize($_POST['zone_id']);
+ $origin = sanitize($_POST['zone_origin']);
+ $ttl_default = sanitize($_POST['zone_ttl_default']);
+ $soa = sanitize($_POST['zone_soa']);
+ $hostmaster = sanitize($_POST['zone_hostmaster']);
+ $refresh = sanitize($_POST['zone_refresh']);
+ $retry = sanitize($_POST['zone_retry']);
+ $expire = sanitize($_POST['zone_expire']);
+ $ttl = sanitize($_POST['zone_ttl']);
+ $serial = sanitize($_POST['zone_serial']);
+ $ns1 = sanitize($_POST['zone_ns1']);
+ $ns2 = sanitize($_POST['zone_ns2']);
+ $ns3 = sanitize($_POST['zone_ns3']);
+ $mx1 = sanitize($_POST['zone_mx1']);
+ $mx2 = sanitize($_POST['zone_mx2']);
+ $info = sanitize($_POST['zone_info']);
+ $sql = "UPDATE zone SET
+ zone_origin=?, zone_ttl_default=?, zone_soa=?, zone_hostmaster=?,
+ zone_refresh=?, zone_retry=?, zone_expire=?, zone_ttl=?, zone_serial=?,
+ zone_ns1=?, zone_ns2=?, zone_ns3=?, zone_mx1=?, zone_mx2=?, zone_info=?
+ WHERE zone_id=?";
+ $sth = $dbh->prepare($sql);
+ $sth->execute([$origin, $ttl_default, $soa, $hostmaster, $refresh, $retry,
+ $expire, $ttl, $serial, $ns1, $ns2, $ns3, $mx1, $mx2, $info,
+ $id]);
header_location("zoneview.php?zone_id=" . $zone_id);
- break;
+ break;
}
}
diff --git a/subnet.php b/subnet.php
index 0981402..969eb59 100644
--- a/subnet.php
+++ b/subnet.php
@@ -10,24 +10,17 @@ SPDX-License-Identifier: GPL-3.0-or-later
include("includes.php");
include("header.php");
-$query = "SELECT
- s.subnet_id,
- s.subnet_address,
- s.subnet_mask,
- s.ntp_server,
- LEFT(s.subnet_info, 40) AS subnet_info,
+$sql = "SELECT s.subnet_id, s.subnet_address, s.subnet_mask,
+ s.ntp_server, LEFT(s.subnet_info, 40) AS subnet_info,
CHAR_LENGTH(s.subnet_info) AS subnet_length,
COUNT(node.subnet_id) AS node_counter
- FROM
- subnet AS s LEFT JOIN node USING (subnet_id)
- GROUP BY
- s.subnet_id
- ORDER BY
- INET_ATON(s.subnet_address)";
+ FROM subnet AS s LEFT JOIN node USING (subnet_id)
+ GROUP BY s.subnet_id
+ ORDER BY INET_ATON(s.subnet_address)";
+$sth = $dbh->query($sql);
-$subnets = $db->db_select($query);
+$smarty->assign("subnets", $sth->fetchAll());
-$smarty->assign("subnets", $subnets);
$smarty->display("subnet.tpl");
include("footer.php");
diff --git a/subnetadd.php b/subnetadd.php
index 20f90ae..5e78d43 100644
--- a/subnetadd.php
+++ b/subnetadd.php
@@ -13,21 +13,7 @@ if((isset($_GET['vlan_id'])) ? $vlan_id = sanitize($_GET['vlan_id']) : $vlan_id
include("header.php");
-$query = "SELECT
- vlan_id,
- vlan_number,
- vlan_name
- FROM
- vlan
- ORDER BY
- vlan_name";
-
-$vlans = $db->db_select($query);
-$vlan_options[0] = $lang['lang_option_none'];
-foreach ($vlans as $vlan) {
- $vlan_options[$vlan['vlan_id']] = $vlan['vlan_name'];
-}
-$smarty->assign("vlan_options", $vlan_options);
+$smarty->assign("vlan_options", db_get_options_vlan());
$smarty->display("subnetadd.tpl");
diff --git a/subnetdel.php b/subnetdel.php
index 6ed440f..4e470f2 100644
--- a/subnetdel.php
+++ b/subnetdel.php
@@ -14,34 +14,22 @@ $subnet_id = sanitize($_GET['subnet_id']);
include("header.php");
// subnet
-$query = "SELECT
- subnet_address,
- subnet_mask
- FROM
- subnet
- WHERE
- subnet_id=" . $subnet_id;
+$sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
+ FROM subnet
+ WHERE subnet_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$subnet_id]);
+$smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
-$subnet = $db->db_select($query);
-
-$smarty->assign("subnet_id", $subnet_id);
-$smarty->assign("subnet_address", $subnet[0]['subnet_address']);
-$smarty->assign("subnet_mask", $subnet[0]['subnet_mask']);
-
// node
-$query = "SELECT
- node_id,
- node_ip
- FROM
- node
- WHERE
- subnet_id=" . $subnet_id . "
- ORDER BY
- INET_ATON(node_ip)";
-
-$nodes = $db->db_select($query);
+$sql = "SELECT node_id AS id, node_ip AS ip
+ FROM node
+ WHERE subnet_id=?
+ ORDER BY INET_ATON(node_ip)";
+$sth = $dbh->prepare($sql);
+$sth->execute([$subnet_id]);
+$smarty->assign("nodes", $sth->fetchAll());
-$smarty->assign("nodes", $nodes);
$smarty->display("subnetdel.tpl");
include("footer.php");
diff --git a/subnetedit.php b/subnetedit.php
index ab2344a..1e888ed 100644
--- a/subnetedit.php
+++ b/subnetedit.php
@@ -13,29 +13,16 @@ $subnet_id = sanitize($_GET['subnet_id']);
include("header.php");
-$query = "SELECT
- subnet_address,
- subnet_mask,
- protocol_version,
- subnet_dhcp_start,
- subnet_dhcp_end,
- ntp_server,
- subnet_info AS subnet_info
- FROM
- subnet
- WHERE
- subnet_id=" . $subnet_id;
-
-$subnet = $db->db_select($query);
-
-$smarty->assign("subnet_id", $subnet_id);
-$smarty->assign("subnet_address", $subnet[0]['subnet_address']);
-$smarty->assign("subnet_mask", $subnet[0]['subnet_mask']);
-$smarty->assign("subnet_proto_vers", $subnet[0]['protocol_version']);
-$smarty->assign("subnet_dhcpstart", $subnet[0]['subnet_dhcp_start']);
-$smarty->assign("subnet_dhcpend", $subnet[0]['subnet_dhcp_end']);
-$smarty->assign("subnet_ntp_server", $subnet[0]['ntp_server']);
-$smarty->assign("subnet_info", $subnet[0]['subnet_info']);
+$sql = "SELECT subnet_address AS address, subnet_mask AS mask,
+ protocol_version AS proto_vers,
+ subnet_dhcp_start AS dhcp_start, subnet_dhcp_end AS dhcp_end,
+ ntp_server, subnet_info AS info
+ FROM subnet
+ WHERE subnet_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$subnet_id]);
+
+$smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("subnetedit.tpl");
diff --git a/subnetlocationadd.php b/subnetlocationadd.php
index 12f3008..b4610bf 100644
--- a/subnetlocationadd.php
+++ b/subnetlocationadd.php
@@ -13,21 +13,16 @@ $subnet_id = sanitize($_GET['subnet_id']);
include("header.php");
-$query = "SELECT
- subnet_address,
- subnet_mask
- FROM
- subnet
- WHERE
- subnet_id=" . $subnet_id;
-
-$subnet = $db->db_select($query);
-
-$smarty->assign("subnet_id", $subnet_id);
-$smarty->assign("subnet_address", $subnet[0]['subnet_address']);
-$smarty->assign("subnet_mask", $subnet[0]['subnet_mask']);
+$sql = "SELECT subnet_id AS id, subnet_address AS address,
+ subnet_mask AS mask
+ FROM subnet
+ WHERE subnet_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$zone_id]);
+$smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
-$smarty->assign("location_options", $db->options_location());
+$smarty->assign("location_options", db_get_options_location());
+
$smarty->display("subnetlocationadd.tpl");
include("footer.php");
diff --git a/subnetlocationdel.php b/subnetlocationdel.php
index 06cb992..8761d9b 100644
--- a/subnetlocationdel.php
+++ b/subnetlocationdel.php
@@ -14,34 +14,22 @@ $subnet_id = sanitize($_GET['subnet_id']);
include("header.php");
// subnet
-$query = "SELECT
- subnet_address,
- subnet_mask
- FROM
- subnet
- WHERE
- subnet_id=" . $subnet_id;
-
-// run query
-$subnet = $db->db_select($query);
-
-$smarty->assign("subnet_id", $subnet_id);
-$smarty->assign("subnet_address", $subnet[0]['subnet_address']);
-$smarty->assign("subnet_mask", $subnet[0]['subnet_mask']);
-
-// location
-$query = "SELECT
- l.location_id,
- l.location_name
- FROM
- subnetlocation AS s LEFT JOIN location USING (location_id)
- WHERE
- s.subnet_id=" . $subnet_id . "
- ORDER BY
- l.location_name";
-
-// run query
-$records = $db->db_select($query);
+$sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
+ FROM subnet
+ WHERE subnet_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$subnet_id]);
+$smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
+
+// locations for subnet
+$sql = "SELECT l.location_id, l.location_name
+ FROM subnetlocation AS s LEFT JOIN location USING (location_id)
+ WHERE s.subnet_id=?
+ ORDER BY l.location_name";
+$sth = $dbh->prepare($sql);
+$sth->execute([$subnet_id]
+$records = $sth->fetchAll();
+
$locations = array();
foreach ($records as $rec) {
$locations[$rec['location_id']] = $rec['location_name'];
diff --git a/subnetlocationedit.php b/subnetlocationedit.php
index ac6e75d..80544df 100644
--- a/subnetlocationedit.php
+++ b/subnetlocationedit.php
@@ -13,20 +13,13 @@ $subnet_id = sanitize($_GET['subnet_id']);
include("header.php");
-$query = "SELECT
- subnet_address,
- subnet_mask
- FROM
- subnet
- WHERE
- subnet_id=" . $subnet_id;
+$sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
+ FROM subnet
+ WHERE subnet_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$subnet_id]);
-// run query
-$subnet = $db->db_select($query);
-
-$smarty->assign("subnet_id", $subnet_id);
-$smarty->assign("subnet_address", $subnet[0]['subnet_address']);
-$smarty->assign("subnet_mask", $subnet[0]['subnet_mask']);
+$smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("subnetlocationedit.tpl");
diff --git a/subnetview.php b/subnetview.php
index 75b8e71..b998e20 100644
--- a/subnetview.php
+++ b/subnetview.php
@@ -19,45 +19,42 @@ $smarty->assign("scripts",'changetext.js');
include("header.php");
// subnet
-$query = "SELECT
- s.subnet_address,
- s.subnet_mask,
- s.subnet_dhcp_start,
- s.subnet_dhcp_end,
- s.subnet_info,
- s.protocol_version,
- s.ntp_server,
- COUNT(node.subnet_id) AS node_counter
- FROM
- subnet AS s LEFT JOIN node USING (subnet_id)
- WHERE
- s.subnet_id=" . $subnet_id . "
- GROUP BY
- s.subnet_id";
+$sql = "SELECT
+ s.subnet_id AS id,
+ s.subnet_address AS address,
+ s.subnet_mask AS mask,
+ s.subnet_dhcp_start AS dhcp_start,
+ s.subnet_dhcp_end AS dhcp_end,
+ s.subnet_info AS info,
+ s.protocol_version AS proto_vers,
+ s.ntp_server,
+ COUNT(node.subnet_id) AS node_counter
+ FROM
+ subnet AS s LEFT JOIN node USING (subnet_id)
+ WHERE
+ s.subnet_id=?
+ GROUP BY
+ s.subnet_id";
+$sth = $dbh->prepare($sql);
+$sth->execute([$subnet_id]);
+
+$subnet = $sth->fetch(PDO::FETCH_OBJ);
-$subnet = $db->db_select($query);
+$smarty->assign("subnet", $subnet);
// set needed variables
-$subnet_address = $subnet[0]['subnet_address'];
-$subnet_mask = $subnet[0]['subnet_mask'];
-$subnet_dhcpstart = $subnet[0]['subnet_dhcp_start'];
-$subnet_dhcpend = $subnet[0]['subnet_dhcp_end'];
-$subnet_proto_vers = $subnet[0]['protocol_version'];
-$subnet_ntp_server = $subnet[0]['ntp_server'];
+$subnet_address = $subnet->address;
+$subnet_mask = $subnet->mask;
+$subnet_dhcpstart = $subnet->dhcp_start;
+$subnet_dhcpend = $subnet->dhcp_end;
+$subnet_proto_vers = $subnet->protocol_version;
+$subnet_ntp_server = $subnet->ntp_server;
// set counters
$host_counter = pow(2,(32-$subnet_mask));
-$node_counter = $subnet[0]['node_counter'];
+$node_counter = $subnet->node_counter;
$subnet_usedpercentage = round((($node_counter/($host_counter-2))*100), 1);
-$smarty->assign("subnet_id", $subnet_id);
-$smarty->assign("subnet_address", $subnet_address);
-$smarty->assign("subnet_mask", $subnet_mask);
-$smarty->assign("subnet_dhcpstart", $subnet_dhcpstart);
-$smarty->assign("subnet_dhcpend", $subnet_dhcpend);
-$smarty->assign("subnet_info", nl2br($subnet[0]['subnet_info']));
-$smarty->assign("subnet_proto_vers", $subnet_proto_vers);
-$smarty->assign("subnet_ntp_server", $subnet_ntp_server);
$smarty->assign("node_counter", $node_counter);
$smarty->assign("subnet_usedpercentage", $subnet_usedpercentage);
$smarty->assign("config_color_unused", $config_color_unused);
@@ -67,25 +64,25 @@ $smarty->assign("free_counter", (($host_counter-2)-$node_counter));
// subnet
// split up the range
-$iprange = explode('.', $subnet_address);
+$iprange = explode('.', $subnet->address);
$iprange1 = $iprange[0];
$iprange2 = $iprange[1];
$iprange3 = $iprange[2];
$iprange4 = $iprange[3];
// create empty subnet-array
-$subnet = array();
+$subnetdata = array();
// determine range (Class A/B/C)
-if ($subnet_mask>=24) {
+if ($subnet_mask >= 24) {
// Class C
// fill subnet-array with addresses we want to see
- for($i=0;$i<$host_counter;$i++) {
+ for($i=0; $i<$host_counter; $i++) {
// build ip
$ip = $iprange1 . '.' . $iprange2 . '.' . $iprange3 . '.' . ($iprange4+$i);
// fill subnet-array
- $subnet[$ip] = array();
+ $subnetdata[$ip] = array();
}
// calculate broadcast address
@@ -121,7 +118,7 @@ if ($subnet_mask>=24) {
$ip = $iprange1 . '.' . $iprange2 . '.' . $page2 . '.' . $i;
// fill subnet-array
- $subnet[$ip] = array();
+ $subnetdata[$ip] = array();
}
// calculate broadcast address
@@ -162,18 +159,18 @@ if ($subnet_mask>=24) {
} else {
// Class A
// which part do we want to see?
- if((empty($page)) ? $page=$subnet_address : $page=$page);
+ if ((empty($page)) ? $page = $subnet_address : $page = $page);
$page = explode('.', $page);
$page2 = $page[1];
$page3 = $page[2];
// fill subnet-array with addresses we want to see
- for($i=0;$i<256;$i++) {
+ for($i=0; $i<256; $i++) {
// build ip
$ip = $iprange1 . '.' . $page2 . '.' . $page3 . '.' . $i;
// fill subnet-array
- $subnet[$ip] = array();
+ $subnetdata[$ip] = array();
}
// calculate broadcast address
@@ -192,7 +189,7 @@ if ($subnet_mask>=24) {
$smarty->assign("iprange4", $iprange4);
// set select box
- if($i==$page2) {
+ if($i == $page2) {
$smarty->assign("row1_selected", "selected");
} else {
@@ -204,7 +201,7 @@ if ($subnet_mask>=24) {
}
// loop addresses in range 3
- for($i=0;$i<256;$i++) {
+ for($i=0; $i<256; $i++) {
// send to tpl
$smarty->assign("iprange1", $iprange1);
$smarty->assign("iprange2", $page2);
@@ -238,7 +235,7 @@ if ($subnet_mask>=24) {
}
// get nodes for this subnetview and implement the values into the array
-$query = "SELECT
+$sql = "SELECT
asset.asset_name,
assetclassgroup.assetclassgroup_color,
node.node_id,
@@ -249,34 +246,38 @@ $query = "SELECT
assetclassgroup,
node
WHERE
- node.node_ip IN ('".implode("','",array_keys($subnet))."')
- AND node.subnet_id='$subnet_id'
+ node.node_ip IN ('".implode("','",array_keys($subnetdata))."')
+ AND node.subnet_id=?
AND asset.asset_id=node.asset_id
AND assetclass.assetclass_id=asset.assetclass_id
AND assetclassgroup.assetclassgroup_id=assetclass.assetclassgroup_id";
-$nodes = $db->db_select($query);
+$sth = $dbh->prepare($sql);
+$sth->execute([$subnet_id]);
+$smarty->assign("locations", $sth->fetchAll());
+
+$nodes = $sth->fetchAll();
$node_counter = count($nodes);
-if ($node_counter>0) {
+if ($node_counter > 0) {
// get objects
- foreach($nodes AS $node) {
+ foreach ($nodes AS $node) {
// add node-values to ip in subnet-array
- $subnet[$node['node_ip']] = $node;
+ $subnetdata[$node['node_ip']] = $node;
}
}
// replace ip's in subnet-array (if necessary)
// check for subnet address
-if(array_key_exists($subnet_address, $subnet)) {
+if (array_key_exists($subnet_address, $subnet)) {
// replace
- $subnet[$subnet_address] = array("subnet_address");
+ $subnetdata[$subnet_address] = array("subnet_address");
}
// check for broadcast address
-if(array_key_exists($broadcast_address, $subnet)) {
+if (array_key_exists($broadcast_address, $subnet)) {
// replace
- $subnet[$broadcast_address] = array("broadcast_address");
+ $subnetdata[$broadcast_address] = array("broadcast_address");
}
$dhcpstart = 0;
@@ -289,13 +290,13 @@ if ($subnet_dhcpstart && $subnet_dhcpend) {
// start counter
// $i=1;
// loop subnet-array
-foreach ($subnet AS $node_ip => $node) {
+foreach ($subnetdata AS $node_ip => $node) {
// make new line?
// if(($i%$_SESSION['suser_imagecount']==0 && $i!=$nodes_displayed) ? $tr="
" : $tr="");
-// check if node-ip in DHCP-area
- $subnet[$node_ip]["dynamic"] = false;
+ // check if node-ip in DHCP-area
+ $subnetdata[$node_ip]["dynamic"] = false;
if ($dhcpstart > 0) {
$ipval = ip2long($node_ip);
if (($ipval >= $dhcpstart) and ($ipval <= $dhcpend)) {
@@ -306,28 +307,28 @@ foreach ($subnet AS $node_ip => $node) {
// check node
if (empty($node)) {
// empty node to tpl
- $subnet[$node_ip]["url"] = 'assigniptonode.php?subnet_id=' . $subnet_id . '&node_ip='. $node_ip;
- $subnet[$node_ip]["remotetext"] = $node_ip;
- if ($subnet[$node_ip]["dynamic"]) {
- $subnet[$node_ip]["assetclassgroup_color"] = $config_color_dynamic;
+ $subnetdata[$node_ip]["url"] = 'assigniptonode.php?subnet_id=' . $subnet_id . '&node_ip='. $node_ip;
+ $subnetdata[$node_ip]["remotetext"] = $node_ip;
+ if ($subnetdata[$node_ip]["dynamic"]) {
+ $subnetdata[$node_ip]["assetclassgroup_color"] = $config_color_dynamic;
} else {
- $subnet[$node_ip]["assetclassgroup_color"] = $config_color_unused;
+ $subnetdata[$node_ip]["assetclassgroup_color"] = $config_color_unused;
}
} else if (array_key_exists(0, $node) && $node[0]=="subnet_address") {
// subnet address to tpl
- $subnet[$node_ip]["url"] = "";
- $subnet[$node_ip]["remotetext"] = $node_ip . ' ' . $lang['lang_subnet_subnetaddress'];
- $subnet[$node_ip]["assetclassgroup_color"] = $config_color_blocked;
+ $subnetdata[$node_ip]["url"] = "";
+ $subnetdata[$node_ip]["remotetext"] = $node_ip . ' ' . $lang['lang_subnet_subnetaddress'];
+ $subnetdata[$node_ip]["assetclassgroup_color"] = $config_color_blocked;
} else if (array_key_exists(0, $node) && $node[0]=="broadcast_address") {
// broadcast address to tpl
- $subnet[$node_ip]["url"] = "";
- $subnet[$node_ip]["remotetext"] = $node_ip . ' ' . $lang['lang_subnet_broadcastaddress'];
- $subnet[$node_ip]["assetclassgroup_color"] = $config_color_blocked;
+ $subnetdata[$node_ip]["url"] = "";
+ $subnetdata[$node_ip]["remotetext"] = $node_ip . ' ' . $lang['lang_subnet_broadcastaddress'];
+ $subnetdata[$node_ip]["assetclassgroup_color"] = $config_color_blocked;
} else {
// node to tpl
- $subnet[$node_ip]["url"] = 'nodeview.php?node_id=' . $node['node_id'];
- $subnet[$node_ip]["remotetext"] = $node_ip . ' ' . $node['asset_name'];
- $subnet[$node_ip]["assetclassgroup_color"] = $node['assetclassgroup_color'];
+ $subnetdata[$node_ip]["url"] = 'nodeview.php?node_id=' . $node['node_id'];
+ $subnetdata[$node_ip]["remotetext"] = $node_ip . ' ' . $node['asset_name'];
+ $subnetdata[$node_ip]["assetclassgroup_color"] = $node['assetclassgroup_color'];
}
// update counter
@@ -335,43 +336,30 @@ foreach ($subnet AS $node_ip => $node) {
} // foreach
-$smarty->assign("subnet", $subnet);
+$smarty->assign("subnetdata", $subnetdata);
$smarty->assign("imagewrap", $_SESSION['suser_imagecount']);
-// vlan
-$query = "SELECT
- vlan.vlan_id AS vlan_id,
- vlan.vlan_name AS vlan_name,
- vlan.vlan_number AS vlan_number
- FROM
- subnetvlan,
- vlan
- WHERE
- subnetvlan.subnet_id=" . $subnet_id . "
- AND vlan.vlan_id=subnetvlan.vlan_id
- ORDER BY
- vlan.vlan_name";
-
-// run query
-$vlans = $db->db_select($query);
-$smarty->assign("vlans", $vlans);
-
-// location
-$query = "SELECT
- l.location_id,
- l.location_name
- FROM
- location AS l LEFT JOIN subnetlocation AS s USING (location_id)
- WHERE
- s.subnet_id=". $subnet_id . "
- ORDER BY
- l.location_name";
-
-$locations = $db->db_select($query);
-$smarty->assign("locations", $locations);
-
-// assetclassgroup
-$query = "SELECT
+// vlans
+$sql = "SELECT v.vlan_id AS id, v.vlan_name AS name,
+ v.vlan_number AS number
+ FROM subnetvlan AS s JOIN vlan AS v USING (vlan_id)
+ WHERE s.subnet_id=?
+ ORDER BY v.vlan_name";
+$sth = $dbh->prepare($sql);
+$sth->execute([$subnet_id]);
+$smarty->assign("vlans", $sth->fetchAll());
+
+// locations
+$sql = "SELECT l.location_id, l.location_name
+ FROM location AS l LEFT JOIN subnetlocation AS s USING (location_id)
+ WHERE s.subnet_id=?
+ ORDER BY l.location_name";
+$sth = $dbh->prepare($sql);
+$sth->execute([$subnet_id]);
+$smarty->assign("locations", $sth->fetchAll());
+
+// assetclassgroups
+$sql = "SELECT
assetclassgroup_id AS id,
assetclassgroup_name AS name,
assetclassgroup_color AS color,
@@ -381,13 +369,12 @@ $query = "SELECT
LEFT JOIN asset USING (asset_id)
LEFT JOIN assetclass USING (assetclass_id)
LEFT JOIN assetclassgroup USING (assetclassgroup_id)
- WHERE subnet_id=" . $subnet_id . "
+ WHERE subnet_id=?
GROUP BY assetclass_id
ORDER BY counter DESC";
-
-// run query
-$assetclassgroups = $db->db_select($query);
-$smarty->assign("assetclassgroups", $assetclassgroups);
+$sth = $dbh->prepare($sql);
+$sth->execute([$subnet_id]);
+$smarty->assign("assetclassgroups", $sth->fetchAll());
$smarty->display("subnetview.tpl");
diff --git a/subnetvlanadd.php b/subnetvlanadd.php
index 54d1f70..3b0dbfa 100644
--- a/subnetvlanadd.php
+++ b/subnetvlanadd.php
@@ -13,44 +13,25 @@ $subnet_id = sanitize($_GET['subnet_id']);
include("header.php");
-
-// subnet
-// build query
-$query = "SELECT
- subnet_address,
- subnet_mask
- FROM
- subnet
- WHERE
- subnet_id=" . $subnet_id;
-
-// run query
-$subnet = $db->db_select($query);
+$sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
+ FROM subnet
+ WHERE subnet_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$subnet_id]);
-$smarty->assign("subnet_id", $subnet_id);
-$smarty->assign("subnet_address", $subnet[0]['subnet_address']);
-$smarty->assign("subnet_mask", $subnet[0]['subnet_mask']);
+$smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
// vlan
-$query = " SELECT
- vlan_id,
- vlan_number,
- vlan_name
- FROM
- vlan
- WHERE
- vlan_id NOT IN (
- SELECT
- vlan_id
- FROM
- subnetvlan
- WHERE
- subnet_id=" . $subnet_id . "
- )
- ORDER BY
- vlan_number";
+$sql = "SELECT vlan_id, vlan_number, vlan_name
+ FROM vlan
+ WHERE vlan_id NOT IN (
+ SELECT vlan_id FROM subnetvlan WHERE subnet_id=?
+ )
+ ORDER BY vlan_number";
+$sth = $dbh->prepare($sql);
+$sth->execute([$subnet_id]);
-$vlans = $db->db_select($query);
+$vlans = $sth->fetchAll();
foreach ($vlans as $vlan) {
$vlan_options[$vlan['vlan_id']] = $vlan['vlan_name'];
}
diff --git a/subnetvlandel.php b/subnetvlandel.php
index b0c0132..d544177 100644
--- a/subnetvlandel.php
+++ b/subnetvlandel.php
@@ -14,37 +14,22 @@ $subnet_id = sanitize($_GET['subnet_id']);
include("header.php");
// subnet
-$query = "SELECT
- subnet_address,
- subnet_mask
- FROM
- subnet
- WHERE
- subnet_id=" . $subnet_id;
+$sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
+ FROM subnet
+ WHERE subnet_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$subnet_id]);
+$smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
-// run query
-$subnet = $db->db_select($query);
-
-$smarty->assign("subnet_id", $subnet_id);
-$smarty->assign("subnet_address", $subnet[0]['subnet_address']);
-$smarty->assign("subnet_mask", $subnet[0]['subnet_mask']);
-
// vlan
-$query = "SELECT
- v.vlan_id,
- v.vlan_number,
- v.vlan_name
- FROM
- subnetvlan AS s LEFT JOIN vlan AS v USING (vlan_id)
- WHERE
- s.subnet_id=" . $subnet_id . "
- ORDER BY
- v.vlan_number";
+$sql = "SELECT v.vlan_id, v.vlan_number, v.vlan_name
+ FROM subnetvlan AS s LEFT JOIN vlan AS v USING (vlan_id)
+ WHERE s.subnet_id=?
+ ORDER BY v.vlan_number";
+$sth = $dbh->prepare($sql);
+$sth->execute([$subnet_id]);
+$smarty->assign("vlans", $sth->fetchAll());
-// run query
-$vlans = $db->db_select($query);
-$smarty->assign("vlans", $vlans);
-
$smarty->display("subnetvlandel.tpl");
include("footer.php");
diff --git a/subnetvlanedit.php b/subnetvlanedit.php
index bcaae53..33406af 100644
--- a/subnetvlanedit.php
+++ b/subnetvlanedit.php
@@ -13,19 +13,12 @@ $subnet_id = sanitize($_GET['subnet_id']);
include("header.php");
-$query = "SELECT
- subnet_address,
- subnet_mask
- FROM
- subnet
- WHERE
- subnet_id=" . $subnet_id;
-
-$subnet = $db->db_select($query);
-
-$smarty->assign("subnet_id", $subnet_id);
-$smarty->assign("subnet_address", $subnet[0]['subnet_address']);
-$smarty->assign("subnet_mask", $subnet[0]['subnet_mask']);
+$sql = "SELECT subnet_address, subnet_mask
+ FROM subnet
+ WHERE subnet_id=?";
+$sth = $dbh->prepare($sql);
+$sth->execute([$subnet_id]);
+$smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("subnetvlanedit.tpl");
diff --git a/tpl/about.tpl b/tpl/about.tpl
index 993051a..ac6d7d6 100644
--- a/tpl/about.tpl
+++ b/tpl/about.tpl
@@ -1,148 +1,148 @@
-
-
-
-
-
-
-
-
-
-
-
-
- {$lang_about_license_ext}
- |
-
-
-
-
-
-
-
-
-
-
-
-
- {$lang_about_changelog_v08}
- |
-
- {$lang_about_changelog_v08_ext}
- |
-
-
-
- {$lang_about_changelog_v07}
- |
-
- {$lang_about_changelog_v07_ext}
- |
-
-
-
- {$lang_about_changelog_v06}
- |
-
- {$lang_about_changelog_v06_ext}
- |
-
-
-
- {$lang_about_changelog_v05}
- |
-
- {$lang_about_changelog_v05_ext}
- |
-
-
- {$lang_about_changelog_v04}
- |
-
- {$lang_about_changelog_v04_ext}
- |
-
-
- {$lang_about_changelog_v03}
- |
-
- {$lang_about_changelog_v03_ext}
- |
-
-
-
- {$lang_about_changelog_v02}
- |
-
- {$lang_about_changelog_v02_ext}
- |
-
-
-
- {$lang_about_changelog_v01}
- |
-
- {$lang_about_changelog_v01_ext}
- |
-
-
\ No newline at end of file
+
+
+
+
+
+
+
+
+
+
+
+
+ {$lang_about_license_ext}
+ |
+
+
+
+
+
+
+
+
+
+
+
+
+ {$lang_about_changelog_v08}
+ |
+
+ {$lang_about_changelog_v08_ext}
+ |
+
+
+
+ {$lang_about_changelog_v07}
+ |
+
+ {$lang_about_changelog_v07_ext}
+ |
+
+
+
+ {$lang_about_changelog_v06}
+ |
+
+ {$lang_about_changelog_v06_ext}
+ |
+
+
+
+ {$lang_about_changelog_v05}
+ |
+
+ {$lang_about_changelog_v05_ext}
+ |
+
+
+ {$lang_about_changelog_v04}
+ |
+
+ {$lang_about_changelog_v04_ext}
+ |
+
+
+ {$lang_about_changelog_v03}
+ |
+
+ {$lang_about_changelog_v03_ext}
+ |
+
+
+
+ {$lang_about_changelog_v02}
+ |
+
+ {$lang_about_changelog_v02_ext}
+ |
+
+
+
+ {$lang_about_changelog_v01}
+ |
+
+ {$lang_about_changelog_v01_ext}
+ |
+
+
diff --git a/tpl/asset.tpl b/tpl/asset.tpl
index da05d39..51da3ed 100644
--- a/tpl/asset.tpl
+++ b/tpl/asset.tpl
@@ -1,7 +1,7 @@
@@ -34,7 +34,7 @@
{foreach item=asset from=$assets}
|
- {$asset.asset_name}
+ {$asset.asset_name}
|
{$asset.assetclass_name}
diff --git a/tpl/assetadd.tpl b/tpl/assetadd.tpl
index c7fce4b..eeb0194 100644
--- a/tpl/assetadd.tpl
+++ b/tpl/assetadd.tpl
@@ -1,70 +1,70 @@
-
\ No newline at end of file
+
diff --git a/tpl/assetclassadd.tpl b/tpl/assetclassadd.tpl
index 0d320ba..1168bcf 100644
--- a/tpl/assetclassadd.tpl
+++ b/tpl/assetclassadd.tpl
@@ -1,54 +1,54 @@
-
\ No newline at end of file
+
diff --git a/tpl/assetclassdel.tpl b/tpl/assetclassdel.tpl
index 54b93d1..2f2f762 100644
--- a/tpl/assetclassdel.tpl
+++ b/tpl/assetclassdel.tpl
@@ -1,36 +1,36 @@
-
\ No newline at end of file
+
diff --git a/tpl/assetclassedit.tpl b/tpl/assetclassedit.tpl
index 2ee448d..a95cd86 100644
--- a/tpl/assetclassedit.tpl
+++ b/tpl/assetclassedit.tpl
@@ -1,55 +1,55 @@
-
\ No newline at end of file
+
diff --git a/tpl/assetclassgroupadd.tpl b/tpl/assetclassgroupadd.tpl
index 370517f..33d5f77 100644
--- a/tpl/assetclassgroupadd.tpl
+++ b/tpl/assetclassgroupadd.tpl
@@ -1,42 +1,42 @@
-
\ No newline at end of file
+
diff --git a/tpl/assetclassgroupdel.tpl b/tpl/assetclassgroupdel.tpl
index 11d1d9e..781efab 100644
--- a/tpl/assetclassgroupdel.tpl
+++ b/tpl/assetclassgroupdel.tpl
@@ -1,38 +1,38 @@
-
\ No newline at end of file
+
diff --git a/tpl/assetclassgroupedit.tpl b/tpl/assetclassgroupedit.tpl
index d24b6f0..e442e70 100644
--- a/tpl/assetclassgroupedit.tpl
+++ b/tpl/assetclassgroupedit.tpl
@@ -1,44 +1,44 @@
-
\ No newline at end of file
+
diff --git a/tpl/assetclassgroupview.tpl b/tpl/assetclassgroupview.tpl
index 02d2c42..b27eecb 100644
--- a/tpl/assetclassgroupview.tpl
+++ b/tpl/assetclassgroupview.tpl
@@ -1,60 +1,61 @@
-
-
-
-
-
-
-
-
-
-
-
- {$lang_assetclasses} ({$assetclasses|@count})
- |
-
- {foreach item=assetclass from=$assetclasses}
- {$assetclass.assetclass_name}
- {/foreach}
- |
-
-
\ No newline at end of file
+
+
+
+
+
+
+
+
+
+ {$lang_assetclassgroup_name}
+ |
+
+ {$assetclassgroup->name}
+ |
+
+
+
+ {$lang_color}
+ |
+
+
+ #{$assetclassgroup->color}
+ |
+
+
+
+
+
+
+
+
+
+
+ {$lang_assetclasses} ({$assetclasses|@count})
+ |
+
+ {foreach item=assetclass from=$assetclasses}
+ {$assetclass.assetclass_name}
+ {/foreach}
+ |
+
+
diff --git a/tpl/assetclassview.tpl b/tpl/assetclassview.tpl
index 19f2f69..f59d56f 100644
--- a/tpl/assetclassview.tpl
+++ b/tpl/assetclassview.tpl
@@ -4,9 +4,9 @@
{$assetclass_name}
|
-
-
-
+
+
+
|
@@ -25,7 +25,7 @@
{$lang_assetclass_name}
- {$assetclass_name}
+ {$assetclass->assetclass_name}
|
@@ -44,8 +44,8 @@
{$lang_assetclassgroup_name}
-
- {$assetclassgroup_name}
+
+ {$assetclass->assetclassgroup_name}
|
diff --git a/tpl/assetdel.tpl b/tpl/assetdel.tpl
index fe5d04e..c561b2b 100644
--- a/tpl/assetdel.tpl
+++ b/tpl/assetdel.tpl
@@ -1,58 +1,58 @@
-
-
-
-
-{if $nodes|@count}
-
-
-
-
-
-{foreach item=node from=$nodes}
-
-
- {$lang_ip}
- |
-
- {$node.node_ip}
- |
-
-{/foreach}
-
-{/if}
+
+
+
+
+{if $nodes|@count}
+
+
+
+
+
+{foreach item=node from=$nodes}
+
+
+ {$lang_ip}
+ |
+
+ {$node.node_ip}
+ |
+
+{/foreach}
+
+{/if}
diff --git a/tpl/assetedit.tpl b/tpl/assetedit.tpl
index c6359b8..2abfb14 100644
--- a/tpl/assetedit.tpl
+++ b/tpl/assetedit.tpl
@@ -1,72 +1,72 @@
-
\ No newline at end of file
+
diff --git a/tpl/assetview.tpl b/tpl/assetview.tpl
index 1fc068c..a64d897 100644
--- a/tpl/assetview.tpl
+++ b/tpl/assetview.tpl
@@ -1,89 +1,89 @@
-
-
-
-
-
-
-
-
-
- {$lang_asset_name}
- |
-
- {$asset_name}
- |
-
-
-
- {$lang_asset_hostname}
- |
-
- {$asset_hostname}
- |
-
-
-
- {$lang_asset_info}
- |
-
- {$asset_info}
- |
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+ {$lang_asset_name}
+ |
+
+ {$asset->asset_name}
+ |
+
+
+
+ {$lang_asset_hostname}
+ |
+
+ {$asset->asset_hostname}
+ |
+
+
+
+ {$lang_asset_info}
+ |
+
+ {$asset->asset_info}
+ |
+
+
+
+
+
+
+
diff --git a/tpl/assigniptonode.tpl b/tpl/assigniptonode.tpl
index a4fd913..62c8c3d 100644
--- a/tpl/assigniptonode.tpl
+++ b/tpl/assigniptonode.tpl
@@ -1,63 +1,63 @@
-
+
diff --git a/tpl/assignnodetoasset.tpl b/tpl/assignnodetoasset.tpl
index b4be354..33e54e4 100644
--- a/tpl/assignnodetoasset.tpl
+++ b/tpl/assignnodetoasset.tpl
@@ -1,105 +1,105 @@
-
\ No newline at end of file
+
diff --git a/tpl/comments.tpl b/tpl/comments.tpl
index d1db562..b5c7eca 100644
--- a/tpl/comments.tpl
+++ b/tpl/comments.tpl
@@ -1,23 +1,23 @@
-
-
-
-
-
- |
-
-
-
-
-
-
-
-
-
- {$comments}
- |
-
-
\ No newline at end of file
+
+
+
+
+
+ |
+
+
+
+
+
+
+
+
+
+ {$comments}
+ |
+
+
diff --git a/tpl/footer.tpl b/tpl/footer.tpl
index 134c8c3..9aa216c 100644
--- a/tpl/footer.tpl
+++ b/tpl/footer.tpl
@@ -1,9 +1,9 @@
-
-