diff --git a/asset.php b/asset.php index dcaf598..2f43754 100644 --- a/asset.php +++ b/asset.php @@ -25,7 +25,7 @@ $smarty->assign("alphabet", $alphabet); $sth = $dbh->query("SELECT COUNT(*) FROM asset"); $smarty->assign("assetcount", $sth->fetchColumn()); -// assetf for current letter +// assets for current letter if (isset($_GET['asset_letter'])) { $asset_letter = sanitize($_GET['asset_letter']); } else { @@ -42,6 +42,6 @@ $sth->execute([$asset_letter]); $smarty->assign("assets", $sth->fetchAll()); $smarty->display("asset.tpl"); - + include("footer.php"); ?> diff --git a/assetclassadd.php b/assetclassadd.php index 7199997..62a54f2 100644 --- a/assetclassadd.php +++ b/assetclassadd.php @@ -13,7 +13,7 @@ if((isset($_GET['assetclassgroup_id'])) ? $assetclassgroup_id = sanitize($_GET[' include("header.php"); -$smarty->assign("assetclassgroup_options", $db->options_assetclassgroup()); +$smarty->assign("assetclassgroup_options", db_get_options_assetclassgroup()); $smarty->display("assetclassadd.tpl"); include("footer.php"); diff --git a/assetclassdel.php b/assetclassdel.php index 917951c..da8c57e 100644 --- a/assetclassdel.php +++ b/assetclassdel.php @@ -13,10 +13,9 @@ $assetclass_id = sanitize($_GET['assetclass_id']); include("header.php"); -$sql = "SELECT assetclass_id, assetclass_name +$sql = "SELECT assetclass_id AS id, assetclass_name AS name FROM assetclass WHERE assetclass_id=?"; - $sth = $dbh->prepare($sql); $sth->execute([$assetclass_id]); $smarty->assign("assetclass", $sth->fetch(PDO::FETCH_OBJ)); diff --git a/assetclassgroup.php b/assetclassgroup.php index 622056a..c080ac1 100644 --- a/assetclassgroup.php +++ b/assetclassgroup.php @@ -10,7 +10,8 @@ SPDX-License-Identifier: GPL-3.0-or-later include("includes.php"); include("header.php"); -$sql = "SELECT assetclassgroup_id, assetclassgroup_name, assetclassgroup_color +$sql = "SELECT assetclassgroup_id AS id, assetclassgroup_name AS name, + assetclassgroup_color AS color, assetclassgroup_description AS description FROM assetclassgroup ORDER BY assetclassgroup_name"; $sth = $dbh->query($sql); diff --git a/assetclassgroupadd.php b/assetclassgroupadd.php index 33d8f60..766a83c 100644 --- a/assetclassgroupadd.php +++ b/assetclassgroupadd.php @@ -8,6 +8,8 @@ SPDX-License-Identifier: GPL-3.0-or-later *****************************************************************************/ include("includes.php"); + +$smarty->assign("scripts", 'jscolor.js'); include("header.php"); $smarty->display("assetclassgroupadd.tpl"); diff --git a/assetclassgroupedit.php b/assetclassgroupedit.php index fb1a3f0..56f04c9 100644 --- a/assetclassgroupedit.php +++ b/assetclassgroupedit.php @@ -15,7 +15,8 @@ $smarty->assign("scripts", 'jscolor.js'); include("header.php"); $sql = "SELECT assetclassgroup_id AS id, assetclassgroup_name AS name, - assetclassgroup_color AS color + assetclassgroup_color AS color, + assetclassgroup_description AS description FROM assetclassgroup WHERE assetclassgroup_id=?"; $sth = $dbh->prepare($sql); diff --git a/assetclassgroupview.php b/assetclassgroupview.php index 1d36dd9..4e3b4dc 100644 --- a/assetclassgroupview.php +++ b/assetclassgroupview.php @@ -15,7 +15,8 @@ include("header.php"); $sql = "SELECT assetclassgroup_id AS id, assetclassgroup_name AS name, - assetclassgroup_color AS color + assetclassgroup_color AS color, + assetclassgroup_description AS description FROM assetclassgroup WHERE assetclassgroup_id=?"; $sth = $dbh->prepare($sql); diff --git a/config.php-sample b/config.php-sample index 030e7f9..1978cef 100644 --- a/config.php-sample +++ b/config.php-sample @@ -21,4 +21,16 @@ $config_color_dynamic = 'e0e0e0'; // language $config_lang_default = 'en'; +// auth +$config_auth_ldap = false; +$config_ldap_host = array('localhost', 'otherhost.example.com'); +$config_ldap_port = 389; +$config_ldap_v3 = true; +$config_ldap_base_dn = 'ou=organizationalunit,dc=example,dc=com'; +$config_ldap_login_attr = 'uid'; + +// ldap search user +$config_ldap_bind_dn = 'cn=dummy,ou=organizationalunit,dc=example,dc=com'; +$config_ldap_bind_pass = 'secret'; + ?> diff --git a/install/install.txt b/install/install.txt index aa8ac39..0899642 100644 --- a/install/install.txt +++ b/install/install.txt @@ -1,6 +1,8 @@ IP Reg Installation 1. Install requirements +Minimum PHP version is 7.4, we are using arrow functions introduced +in that version. IP Reg version 0.6 and up depends on smarty template engine. In Debian install it with: "apt-get install smarty3". The PHP-GD module is also required: "apt-get install php-gd". diff --git a/install/mysql.sql b/install/mysql.sql index be45079..bb3be4f 100644 --- a/install/mysql.sql +++ b/install/mysql.sql @@ -4,6 +4,9 @@ CREATE TABLE asset ( asset_hostname varchar(100) DEFAULT NULL, assetclass_id int(10) NOT NULL, asset_info text DEFAULT NULL, + asset_intf smallint(5) UNSIGNED NOT NULL DEFAULT 1, + asset_location int(10) DEFAULT NULL, + asset_type enum ('active','passive') NOT NULL DEFAULT 'active', PRIMARY KEY (asset_id), INDEX ix_asset_name (asset_name) ) ENGINE=MyISAM DEFAULT CHARSET=utf8; @@ -20,16 +23,44 @@ CREATE TABLE assetclassgroup ( assetclassgroup_id int(10) NOT NULL AUTO_INCREMENT, assetclassgroup_name varchar(100) NOT NULL, assetclassgroup_color varchar(6) NOT NULL DEFAULT '000000', + assetclassgroup_description varchar(100) DEFAULT NULL, PRIMARY KEY (assetclassgroup_id), INDEX ix_assetclassgroup_name (assetclassgroup_name) ) ENGINE=MyISAM DEFAULT CHARSET=utf8; +-- WIP +CREATE TABLE cable ( + cable_id int(10) NOT NULL AUTO_INCREMENT, + cable_description varchar(100) NOT NULL, + cable_from_id int(10) DEFAULT NULL, + cable_to_id int(10) DEFAULT NULL, + cable_length smallint(5) UNSIGNED DEFAULT NULL, + cable_links smallint(5) UNSIGNED DEFAULT 1, + cable_type enum('copper','fibre','laser','radio') DEFAULT NULL, + cable_info text DEFAULT NULL, + PRIMARY KEY (cable_id), + UNIQUE INDEX ix_cable_description (cable_description) +) ENGINE=MyISAM DEFAULT CHARSET=utf8; + +-- WIP +-- Reference to external systems +CREATE TABLE extlink ( + extlink_id int(10) NOT NULL AUTO_INCREMENT, + asset_id int(10) NOT NULL, + extlink_type enum('cdb','zabbix', 'topdesk') NOT NULL DEFAULT 'cdb', + extlink_refid int(10) DEFAULT NULL, + extlink_uid varchar(65) DEFAULT NULL, + PRIMARY KEY (extlink_id), + INDEX ix_extlink_asset_id (asset_id) +) ENGINE=MyISAM DEFAULT CHARSET=utf8; + CREATE TABLE location ( location_id int(10) NOT NULL AUTO_INCREMENT, location_name varchar(100) NOT NULL, location_parent int(10) NOT NULL DEFAULT 0, location_info text DEFAULT NULL, - location_sort int(11) NOT NULL DEFAULT 0, + location_type enum('location', 'building','room','rack') NOT NULL DEFAULT 'location', + location_sort smallint(6) NOT NULL DEFAULT 0, PRIMARY KEY (location_id), INDEX ix_location_sort (location_sort), INDEX ix_location_name (location_name) @@ -40,6 +71,9 @@ CREATE TABLE nat ( nat_type int(1) NOT NULL, nat_ext int(10) NOT NULL, nat_int int(10) NOT NULL, + nat_ext_port smallint(5) UNSIGNED DEFAULT NULL, + nat_int_port smallint(5) UNSIGNED DEFAULT NULL, + nat_description varchar(100) DEFAULT NULL, PRIMARY KEY (nat_id) ) ENGINE=MyISAM DEFAULT CHARSET=utf8; @@ -85,8 +119,9 @@ CREATE TABLE subnetvlan ( CREATE TABLE user ( user_id int(10) NOT NULL AUTO_INCREMENT, + user_realm enum ('local','ldap') NOT NULL DEFAULT 'local', user_name varchar(100) NOT NULL, - user_pass varchar(32) NOT NULL, + user_pass binary(60) NOT NULL, user_displayname varchar(100) NOT NULL, user_language char(2) NOT NULL DEFAULT 'en', user_imagesize int(3) NOT NULL DEFAULT 6, @@ -110,7 +145,7 @@ CREATE TABLE user ( ) ENGINE=MyISAM DEFAULT CHARSET=utf8; INSERT INTO user (user_name, user_pass, user_displayname) VALUES -('admin', '21232f297a57a5a743894a0e4a801fc3', 'administrator'); +('admin', '$2y$10$HTs0lSaFrfr.q4Gmy5zWfeDg3jhYZkqEGZEnDkMiHZ641nso38mt6', 'Administrator'); CREATE TABLE vlan ( vlan_id int(10) NOT NULL AUTO_INCREMENT, diff --git a/install/mysql_sample.sql b/install/mysql_sample.sql index e2c90de..3b5373f 100644 --- a/install/mysql_sample.sql +++ b/install/mysql_sample.sql @@ -49,6 +49,10 @@ INSERT INTO subnetlocation (subnet_id, location_id) VALUES INSERT INTO subnetvlan (subnet_id, vlan_id) VALUES (1, 1); +INSERT INTO user (user_name, user_pass, user_displayname) VALUES +('alice', '$2y$10$CTq04qodeKZBgeuShC3E..cEzfh.SDlaoOEUWcCXXHPDvXJ51nGdq', 'Alice'), +('bob', '$2y$10$hl4NN4lOyuz7KN0ZjLHbOuCqGi08GVaTvl/RiMcL1mbFqGmtzDN76', 'Bob'); + INSERT INTO vlan (vlan_number, vlan_name) VALUES (1, 'DEFAULT_VLAN'); diff --git a/install/upgrade.txt b/install/upgrade.txt new file mode 100644 index 0000000..a5251eb --- /dev/null +++ b/install/upgrade.txt @@ -0,0 +1,24 @@ +IP Reg Upgrading + +This version has still not reached version 1.0 (feature complete). +As such, there may be changes at any time. + +There is no database upgrade logic so the database structure has +to be compared manually. + +1. Check and upgrade database schema +Compare current database schema with the contents of the database +creation script "mysql.sql". +Create missing objects in your current database. + +2. Install new version +Install the new application in a new location. +Copy the configuration file "config.php" to new installation. +Compare the configuration to the sample config. +There may be additional settings that you want to customize. + +3. Switch to new version +Rename the old an new directory. + +4. Done +If everything works fine you could remove the old directory. \ No newline at end of file diff --git a/lang/de.php b/lang/de.php index 5ee409e..92c9dc2 100644 --- a/lang/de.php +++ b/lang/de.php @@ -44,6 +44,10 @@ $lang = array( 'lang_submit' => 'Absenden', 'lang_unassigned' => 'Nicht zugeordnet', 'lang_warning' => 'Warnung', + 'lang_description' => 'Beschreibung', + 'lang_empty' => 'leer', + 'lang_source' => 'Quelle', + 'lang_target' => 'Ziel', 'lang_asset_add' => 'Objekt hinzufügen', 'lang_asset_del' => 'Objekt löschen', @@ -144,6 +148,7 @@ $lang = array( 'lang_user_name' => 'Benutzername', 'lang_user_password' => 'Kennwort', 'lang_user_language' => 'Sprache', + 'lang_user_realm' => 'Realm', 'lang_zone_add' => 'Zone hinzufügen', 'lang_zone_del' => 'Zone löschen', diff --git a/lang/en.php b/lang/en.php index 6047dd6..7281267 100644 --- a/lang/en.php +++ b/lang/en.php @@ -44,6 +44,10 @@ $lang = array( 'lang_submit' => 'Submit', 'lang_unassigned' => 'Unassigned', 'lang_warning' => 'Warning', + 'lang_description' => 'Description', + 'lang_empty' => 'empty', + 'lang_source' => 'Source', + 'lang_target' => 'Target', 'lang_asset_add' => 'Add asset', 'lang_asset_del' => 'Delete asset', @@ -143,6 +147,8 @@ $lang = array( 'lang_user_edit' => 'Mofidy user', 'lang_user_name' => 'Username', 'lang_user_password' => 'Password', + 'lang_user_language' => 'Language', + 'lang_user_realm' => 'Realm', 'lang_zone_add' => 'Add zone', 'lang_zone_del' => 'Delete zone', @@ -157,7 +163,6 @@ $lang = array( 'lang_vlan_new' => 'VLAN info', 'lang_vlan_name' => 'VLAN name', 'lang_vlan_none' => 'There are no VLANs defined', - 'lang_user_language' => 'Language', 'lang_vlansubnet' => 'VLAN/Subnet', 'lang_vlansubnet_edit' => 'Edit VLAN/Subnet', diff --git a/lib.php b/lib.php index 49a3f72..86933f0 100644 --- a/lib.php +++ b/lib.php @@ -31,6 +31,17 @@ $smarty->assign("suser_tooltips", $_SESSION['suser_tooltips'] ?? 'off'); // ========== DATABASE FUCTIONS =============================================== +function db_load_enum($table, $column) { + // returns array of enum-values as defined in database + global $dbh; + $sql = "SELECT TRIM(TRAILING ')' FROM SUBSTRING(column_type,6)) + FROM information_schema.columns + WHERE table_name=? AND column_name=?"; + $sth = $dbh->prepare($sql); + $sth->execute([$table, $column]); + return array_map(fn($x) => trim($x, "'"), explode(',', $sth->fetch(PDO::FETCH_NUM))); +} + function db_get_options_asset() { global $dbh; $sql = "SELECT asset_id, asset_name FROM asset ORDER BY asset_name"; @@ -61,8 +72,12 @@ function db_get_options_assetclassgroup() { return $options; } -function db_get_options_location() { +function db_get_options_location($default = NULL) { global $dbh; + $options = array(); + if ($default != NULL) { + $options[0] = $default; + } $sql = "SELECT location_id, location_name FROM location ORDER BY location_name"; $sth = $dbh->query($sql); foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) { @@ -84,8 +99,12 @@ function db_get_options_subnet() { return $options; } -function db_get_options_vlan() { +function db_get_options_vlan($default = NULL) { global $dbh; + $options = array(); + if ($default != NULL) { + $options[0] = $default; + } $sql = "SELECT vlan_id, vlan_name FROM vlan ORDER BY vlan_name"; $sth = $dbh->query($sql); foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) { @@ -94,4 +113,18 @@ function db_get_options_vlan() { return $options; } +function db_get_options_zone($default = NULL) { + global $dbh; + $options = array(); + if ($default != NULL) { + $options[0] = $default; + } + $sql = "SELECT zone_id, zone_origin FROM zone ORDER BY zone_origin"; + $sth = $dbh->query($sql); + foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) { + $options[$rec[0]] = $rec[1]; + } + return $options; +} + ?> diff --git a/lib/db.class.php b/lib/db.class.php deleted file mode 100644 index b64247b..0000000 --- a/lib/db.class.php +++ /dev/null @@ -1,173 +0,0 @@ -. - - For more information, visit http://sourceforge.net/projects/ipreg, - or contact me at wietsew@users.sourceforge.net - *****************************************************************************/ - - class Db { - - protected $dblink; - - public function __construct ($dblink) { - $this->dblink = $dblink; - } - - function db_delete($query) { - // run query - $sql = mysqli_query($this->dblink, $query) or die(mysqli_error($this->dblink)); - } - - function db_insert($query) { - // run query - echo "
$query
"; - $sql = mysqli_query($this->dblink, $query) or die(mysqli_error($this->dblink)); - - // return result - return mysqli_insert_id($this->dblink); - } - - function db_select($query) { - // run query - $sql = mysqli_query($this->dblink, $query) or die(mysqli_error($this->dblink)); - - // loop results - $result = array(); - while($record = mysqli_fetch_assoc($sql)) { - $result[] = $record; - } - - // return array - return $result; - } - - function db_update($query) { - // run query - $sql = mysqli_query($this->dblink, $query) or die(mysqli_error($this->dblink)); - } - - function options_asset($null_value=NULL) { - $options = array(); - if (isset($null_value)) { - $options[0] = $null_value; - } - $sql = "SELECT asset_id, asset_name - FROM asset - ORDER BY asset_name"; - $records = $this->db_select($sql); - foreach ($records as $rec) { - $options[$rec['asset_id']] = $rec['asset_name']; - } - return $options; - } - - function options_assetclass($null_value=NULL) { - $options = array(); - if (isset($null_value)) { - $options[0] = $null_value; - } - $sql = "SELECT assetclass_id, assetclass_name - FROM assetclass - ORDER BY assetclass_name"; - $records = $this->db_select($sql); - foreach ($records as $rec) { - $options[$rec['assetclass_id']] = $rec['assetclass_name']; - } - return $options; - } - - function options_assetclassgroup($null_value=NULL) { - $options = array(); - if (isset($null_value)) { - $options[0] = $null_value; - } - $sql = "SELECT assetclassgroup_id, assetclassgroup_name - FROM assetclassgroup - ORDER BY assetclassgroup_name"; - $records = $this->db_select($sql); - foreach ($records as $rec) { - $options[$rec['assetclassgroup_id']] = $rec['assetclassgroup_name']; - } - return $options; - } - - function options_location($null_value=NULL) { - $options = array(); - if (isset($null_value)) { - $options[0] = $null_value; - } - $sql = "SELECT location_id, - location_name - FROM location - ORDER BY location_name"; - $records = $this->db_select($sql); - foreach ($records as $rec) { - $options[$rec['location_id']] = $rec['location_name']; - } - return $options; - } - - function options_subnet($null_value=NULL) { - $options = array(); - if (isset($null_value)) { - $options[0] = $null_value; - } - $sql = "SELECT subnet_id, - CONCAT_WS('/', subnet_address, subnet_mask) AS subnet_name - FROM subnet - ORDER BY INET_ATON(subnet_address)"; - $records = $this->db_select($sql); - foreach ($records as $rec) { - $options[$rec['subnet_id']] = $rec['subnet_name']; - } - return $options; - } - - function options_vlan($null_value=NULL) { - $options = array(); - if (isset($null_value)) { - $options[0] = $null_value; - } - $sql = "SELECT vlan_id, - CONCAT_WS(' - ', vlan_number, vlan_name) AS vlan_option - FROM vlan - ORDER BY vlan_number"; - $records = $this->db_select($sql); - foreach ($records as $rec) { - $options[$rec['vlan_id']] = $rec['vlan_option']; - } - return $options; - } - - function options_zone($null_value=NULL) { - $options = array(); - if (isset($null_value)) { - $options[0] = $null_value; - } - $sql = "SELECT zone_id, zone_origin - FROM zone - ORDER BY zone_origin"; - $records = $this->db_select($sql); - foreach ($records as $rec) { - $options[$rec['zone_id']] = $rec['zone_origin']; - } - return $options; - } - - } -?> diff --git a/locationdel.php b/locationdel.php index d1424fe..bebea1e 100644 --- a/locationdel.php +++ b/locationdel.php @@ -13,7 +13,7 @@ $location_id = sanitize($_GET['location_id']); include("header.php"); -$sql = "SELECT location_name FROM location WHERE location_id=?"; +$sql = "SELECT location_id AS id, location_name AS name FROM location WHERE location_id=?"; $sth = $dbh->prepare($sql); $sth->execute([$location_id]); $smarty->assign("location", $sth->fetch(PDO::FETCH_OBJ)); diff --git a/locationedit.php b/locationedit.php index 9e07778..a9cc492 100644 --- a/locationedit.php +++ b/locationedit.php @@ -14,7 +14,7 @@ $location_id = sanitize($_GET['location_id']); include("header.php"); // location -$sql = "SELECT location_name AS name, location_parent AS parent, +$sql = "SELECT location_id AS id, location_name AS name, location_parent AS parent, location_info AS info, location_sort AS sort FROM location WHERE location_id=?"; diff --git a/locationview.php b/locationview.php index 3916ecc..50b1fad 100644 --- a/locationview.php +++ b/locationview.php @@ -10,11 +10,12 @@ SPDX-License-Identifier: GPL-3.0-or-later include("includes.php"); $location_id = sanitize($_GET['location_id']); +if ((isset($_GET['id'])) ? $id = sanitize($_GET['id']) : $id = ''); include("header.php"); -// locationcrumb +// base location $sql = "SELECT location_id AS id, location_name AS name, location_parent AS parent_id, location_info AS info, CONCAT('locationview.php?location_id=', location_id) AS url @@ -23,9 +24,10 @@ $sql = "SELECT location_id AS id, location_name AS name, $sth = $dbh->prepare($sql); $sth->execute([$location_id]); $location = $sth->fetch(PDO::FETCH_OBJ); +$smarty->assign("location", $location); +// crumbs $crumbs[] = $location; -$level = 1; $sql = "SELECT location_id AS id, location_name AS name, location_parent AS parent_id, CONCAT('locationview.php?location_id=', location_id) AS url @@ -36,11 +38,7 @@ while ($crumbs[0]->parent_id != 0) { $sth->execute([$crumbs[0]->parent_id]); $result = $sth->fetch(PDO::FETCH_OBJ); array_unshift($crumbs, $result); - $level++; } - -$smarty->assign("location_id", $location->id); -$smarty->assign("location_info", nl2br($location->info)); $smarty->assign("crumbs", $crumbs); // sublocations diff --git a/login.php b/login.php index a8dd921..3c5d67a 100644 --- a/login.php +++ b/login.php @@ -14,7 +14,7 @@ include("config.php"); include("dbconnect.php"); include("lib.php"); -function user_login($user_name, $user_pass) { +function user_login ($user_name, $user_pass) { global $dbh; if (strlen($user_name) < 1) { @@ -42,10 +42,17 @@ function user_login($user_name, $user_pass) { return FALSE; } - // TODO use secure algo with salt! - if (strcmp(md5($user_pass), $user->user_pass) != 0) { - // password does not match - return FALSE; + if (strcmp(md5($user_pass), rtrim($user->user_pass)) != 0) { + // password does not match with md5, check if new hash matches + // For future expansion: $pwd_peppered = hash_hmac('sha256', $user_pass, $config_pepper); + if (! password_verify($user_pass, $user->user_pass)) { + return FALSE; + } + } else { + // md5 match but outdated. rewrite with new algo + $sth = $dbh->prepare("UPDATE user SET user_pass=? WHERE user_id=?"); + $newhash = password_hash($user_pass, PASSWORD_BCRYPT); + $sth->execute([$newhash, $user->user_id]); } // all ok: user is logged in, register session data diff --git a/node.php b/node.php index a2c4313..f4a1a10 100644 --- a/node.php +++ b/node.php @@ -24,10 +24,9 @@ if(isset($_GET['subnet_id'])) { $sql = "SELECT CONCAT_WS('/',subnet_address,subnet_mask) AS subnet FROM subnet WHERE subnet_id=?"; - $sth = $dbh->prepare($sql); - $sth->execute([$subnet_id]); + $sth = $dbh->prepare($sql); + $sth->execute([$subnet_id]); $smarty->assign("subnet", $sth->fetchColumn()); - } else { $smarty->assign("subnet_id", ''); } @@ -38,9 +37,9 @@ $where = join(' AND ', $w); $sql = "SELECT a.asset_id, a.asset_info, REPLACE(a.asset_name, ' ', ' ') AS asset_name, n.node_id, n.node_ip - FROM asset AS a LEFT JOIN node AS n USING (asset_id)"; + FROM node AS n LEFT JOIN asset AS a USING (asset_id)"; if ($where) { - $sql .= ' WHERE ' . $where; + $sql .= ' WHERE ' . $where; } $sql .= "GROUP BY n.node_id ORDER BY INET_ATON(n.node_ip)"; $sth = $dbh->prepare($sql); diff --git a/nodeedit.php b/nodeedit.php index e0579ac..c0ff61f 100644 --- a/nodeedit.php +++ b/nodeedit.php @@ -22,9 +22,9 @@ $sth = $dbh->prepare($sql); $sth->execute([$node_id]); $smarty->assign("node", $sth->fetch(PDO::FETCH_OBJ)); -$smarty->assign("asset_options", $db->options_asset()); -$smarty->assign("subnet_options", $db->options_subnet()); -$smarty->assign("zone_options", $db->options_zone("(keine)")); +$smarty->assign("asset_options", db_get_options_asset()); +$smarty->assign("subnet_options", db_get_options_subnet()); +$smarty->assign("zone_options", db_get_options_zone('(keine)')); $smarty->display("nodeedit.tpl"); diff --git a/submit.php b/submit.php index 621a6e3..9801682 100644 --- a/submit.php +++ b/submit.php @@ -132,15 +132,16 @@ if (isset($_POST['add'])) { break; case ("assetclassgroup") : - $name = sanitize($_POST['assetclassgroup_name']); - $color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['assetclassgroup_color']))); + $name = sanitize($_POST['acg_name']); + $color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['acg_color']))); + $desc = sanitize($_POST['acg_description']); $sql = "INSERT INTO assetclassgroup - (assetclassgroup_name, assetclassgroup_color) + (assetclassgroup_name, assetclassgroup_color, assetclassgroup_description) VALUE - (?, ?)"; + (?, ?, ?)"; $sth = $dbh->prepare($sql); - $sth->execute([$name, $color]); + $sth->execute([$name, $color, $desc]); header_location("assetclassgroupview.php?assetclassgroup_id=" . $dbh->lastInsertId()); break; @@ -554,17 +555,18 @@ if (isset($_POST['edit'])) { break; case ("assetclassgroup") : - $assetclassgroup_id = sanitize($_POST['assetclassgroup_id']); - $assetclassgroup_name = sanitize($_POST['assetclassgroup_name']); - $assetclassgroup_color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['assetclassgroup_color']))); + $acg_id = sanitize($_POST['acg_id']); + $acg_name = sanitize($_POST['acg_name']); + $acg_desc = sanitize($_POST['acg_description']); + $acg_color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['acg_color']))); $sql = "UPDATE assetclassgroup SET - assetclassgroup_name=?, assetclassgroup_color=? + assetclassgroup_name=?, assetclassgroup_color=?, assetclassgroup_description=? WHERE assetclassgroup_id=?"; $sth = $dbh->prepare($sql); - $sth->execute([$assetclassgroup_name, $assetclassgroup_color, $assetclassgroup_id]); + $sth->execute([$acg_name, $acg_color, $acg_desc, $acg_id]); - header_location("assetclassgroupview.php?assetclassgroup_id=" . $assetclassgroup_id); + header_location("assetclassgroupview.php?assetclassgroup_id=" . $acg_id); break; case ("location") : @@ -672,10 +674,11 @@ if (isset($_POST['edit'])) { $userpass = $sth->fetchColumn();; - if (!strcmp(md5($currentpass), $userpass)) { - if (!strcmp($user_newpass1, $user_newpass2)) { + if (password_verify($currentpass, $userpass)) { + if (!strcmp($newpass1, $newpass2)) { $sth = $dbh->prepare("UPDATE user SET user_pass=? WHERE user_id=?"); - $sth->execute([md5($user_newpass1), $user_id]); + $newhash = password_hash($newpass1, PASSWORD_BCRYPT); + $sth->execute([$newhash, $user_id]); header_location("options.php"); } } diff --git a/subnetadd.php b/subnetadd.php index 5e78d43..8f434fb 100644 --- a/subnetadd.php +++ b/subnetadd.php @@ -13,7 +13,7 @@ if((isset($_GET['vlan_id'])) ? $vlan_id = sanitize($_GET['vlan_id']) : $vlan_id include("header.php"); -$smarty->assign("vlan_options", db_get_options_vlan()); +$smarty->assign("vlan_options", db_get_options_vlan($lang['lang_option_none'])); $smarty->display("subnetadd.tpl"); diff --git a/subnetedit.php b/subnetedit.php index 1e888ed..ed1b51a 100644 --- a/subnetedit.php +++ b/subnetedit.php @@ -13,10 +13,9 @@ $subnet_id = sanitize($_GET['subnet_id']); include("header.php"); -$sql = "SELECT subnet_address AS address, subnet_mask AS mask, - protocol_version AS proto_vers, - subnet_dhcp_start AS dhcp_start, subnet_dhcp_end AS dhcp_end, - ntp_server, subnet_info AS info +$sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask, + protocol_version AS proto_vers, subnet_dhcp_start AS dhcp_start, + subnet_dhcp_end AS dhcp_end, ntp_server, subnet_info AS info FROM subnet WHERE subnet_id=?"; $sth = $dbh->prepare($sql); diff --git a/subnetlocationadd.php b/subnetlocationadd.php index b4610bf..5bf181f 100644 --- a/subnetlocationadd.php +++ b/subnetlocationadd.php @@ -13,12 +13,11 @@ $subnet_id = sanitize($_GET['subnet_id']); include("header.php"); -$sql = "SELECT subnet_id AS id, subnet_address AS address, - subnet_mask AS mask +$sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask FROM subnet WHERE subnet_id=?"; $sth = $dbh->prepare($sql); -$sth->execute([$zone_id]); +$sth->execute([$subnet_id]); $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ)); $smarty->assign("location_options", db_get_options_location()); diff --git a/subnetview.php b/subnetview.php index b998e20..1471b1b 100644 --- a/subnetview.php +++ b/subnetview.php @@ -42,16 +42,8 @@ $subnet = $sth->fetch(PDO::FETCH_OBJ); $smarty->assign("subnet", $subnet); -// set needed variables -$subnet_address = $subnet->address; -$subnet_mask = $subnet->mask; -$subnet_dhcpstart = $subnet->dhcp_start; -$subnet_dhcpend = $subnet->dhcp_end; -$subnet_proto_vers = $subnet->protocol_version; -$subnet_ntp_server = $subnet->ntp_server; - // set counters -$host_counter = pow(2,(32-$subnet_mask)); +$host_counter = pow(2, (32-$subnet->mask)); $node_counter = $subnet->node_counter; $subnet_usedpercentage = round((($node_counter/($host_counter-2))*100), 1); @@ -74,7 +66,7 @@ $iprange4 = $iprange[3]; $subnetdata = array(); // determine range (Class A/B/C) -if ($subnet_mask >= 24) { +if ($subnet->mask >= 24) { // Class C // fill subnet-array with addresses we want to see for($i=0; $i<$host_counter; $i++) { @@ -105,15 +97,16 @@ if ($subnet_mask >= 24) { // set displayed nodes $nodes_displayed = $host_counter; -} else if ($subnet_mask>=16) { + +} else if ($subnet->mask >= 16) { // Class B // which part do we want to see? - if((empty($page)) ? $page=$subnet_address : $page=$page); + if ((empty($page)) ? $page = $subnet->address : $page = $page); $page = explode('.', $page); $page2 = $page[2]; // fill subnet-array with addresses we want to see - for($i=0;$i<256;$i++) { + for($i=0; $i<256; $i++) { // build ip $ip = $iprange1 . '.' . $iprange2 . '.' . $page2 . '.' . $i; @@ -129,13 +122,13 @@ if ($subnet_mask >= 24) { $smarty->assign("iprange2", $iprange2); // loop addresses in range3 - for($i=$iprange3;$i<(pow(2,(32-$subnet_mask))/256);$i++) { + for ($i=$iprange3; $i<(pow(2,(32-$subnet->mask))/256); $i++) { // send to tpl $smarty->assign("iprange3", $i); $smarty->assign("iprange4", 0); // set select box - if($i==$page2) { + if ($i == $page2) { $smarty->assign("row_selected", "selected"); } else { @@ -159,7 +152,7 @@ if ($subnet_mask >= 24) { } else { // Class A // which part do we want to see? - if ((empty($page)) ? $page = $subnet_address : $page = $page); + if ((empty($page)) ? $page = $subnet->address : $page = $page); $page = explode('.', $page); $page2 = $page[1]; $page3 = $page[2]; @@ -181,7 +174,7 @@ if ($subnet_mask >= 24) { $smarty->assign("iprange2", $iprange2); // loop addresses in range 2 - for ($i=$iprange2; $i<(pow(2,(24-$subnet_mask))/256); $i++) { + for ($i=$iprange2; $i<(pow(2,(24-$subnet->mask))/256); $i++) { // send to tpl $smarty->assign("iprange1", $iprange1); $smarty->assign("iprange2", $i); @@ -196,12 +189,10 @@ if ($subnet_mask >= 24) { $smarty->assign("row1_selected", ""); } - // parse block - $tp->parse("two_select_row1"); } // loop addresses in range 3 - for($i=0; $i<256; $i++) { + for ($i=0; $i<256; $i++) { // send to tpl $smarty->assign("iprange1", $iprange1); $smarty->assign("iprange2", $page2); @@ -216,8 +207,6 @@ if ($subnet_mask >= 24) { $smarty->assign("row2_selected", ""); } - // parse block - $tp->parse("two_select_row2"); } $smarty->assign("subnetmask1", 255); @@ -235,43 +224,36 @@ if ($subnet_mask >= 24) { } // get nodes for this subnetview and implement the values into the array -$sql = "SELECT - asset.asset_name, - assetclassgroup.assetclassgroup_color, - node.node_id, - node.node_ip - FROM - asset, - assetclass, - assetclassgroup, - node +$sql = "SELECT a.asset_name, g.assetclassgroup_color, n.node_id, n.node_ip + FROM + asset AS a, + assetclass AS c, + assetclassgroup AS g, + node AS n WHERE - node.node_ip IN ('".implode("','",array_keys($subnetdata))."') - AND node.subnet_id=? - AND asset.asset_id=node.asset_id - AND assetclass.assetclass_id=asset.assetclass_id - AND assetclassgroup.assetclassgroup_id=assetclass.assetclassgroup_id"; + n.node_ip IN ('".implode("','",array_keys($subnetdata))."') + AND n.subnet_id=? + AND a.asset_id=n.asset_id + AND c.assetclass_id=a.assetclass_id + AND g.assetclassgroup_id=c.assetclassgroup_id"; $sth = $dbh->prepare($sql); $sth->execute([$subnet_id]); -$smarty->assign("locations", $sth->fetchAll()); $nodes = $sth->fetchAll(); +$smarty->assign("nodes", $nodes); -$node_counter = count($nodes); -if ($node_counter > 0) { - // get objects +if (count($nodes) > 0) { foreach ($nodes AS $node) { - // add node-values to ip in subnet-array $subnetdata[$node['node_ip']] = $node; } } // replace ip's in subnet-array (if necessary) // check for subnet address -if (array_key_exists($subnet_address, $subnet)) { +if (array_key_exists($subnet->address, $subnet)) { // replace - $subnetdata[$subnet_address] = array("subnet_address"); + $subnetdata[$subnet->address] = array("subnet_address"); } // check for broadcast address @@ -281,9 +263,9 @@ if (array_key_exists($broadcast_address, $subnet)) { } $dhcpstart = 0; -if ($subnet_dhcpstart && $subnet_dhcpend) { - $dhcpstart = ip2long($subnet_dhcpstart); - $dhcpend = ip2long($subnet_dhcpend); +if ($subnet->dhcp_start && $subnet->dhcp_end) { + $dhcpstart = ip2long($subnet->dhcp_start); + $dhcpend = ip2long($subnet->dhcp_end); } // loop subnet-array and send to template @@ -300,7 +282,7 @@ foreach ($subnetdata AS $node_ip => $node) { if ($dhcpstart > 0) { $ipval = ip2long($node_ip); if (($ipval >= $dhcpstart) and ($ipval <= $dhcpend)) { - $subnet[$node_ip]["dynamic"] = true; + $subnetdata[$node_ip]["dynamic"] = true; } } diff --git a/subnetvlanedit.php b/subnetvlanedit.php index 33406af..4bf5d0e 100644 --- a/subnetvlanedit.php +++ b/subnetvlanedit.php @@ -13,14 +13,14 @@ $subnet_id = sanitize($_GET['subnet_id']); include("header.php"); -$sql = "SELECT subnet_address, subnet_mask +$sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask FROM subnet WHERE subnet_id=?"; $sth = $dbh->prepare($sql); $sth->execute([$subnet_id]); $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ)); - + $smarty->display("subnetvlanedit.tpl"); - + include("footer.php"); ?> diff --git a/tpl/assetclassgroup.tpl b/tpl/assetclassgroup.tpl index f137c0e..1af661d 100644 --- a/tpl/assetclassgroup.tpl +++ b/tpl/assetclassgroup.tpl @@ -14,17 +14,23 @@ {$lang_assetclassgroup_name} + + {$lang_description} + -{foreach item=assetclassgroup from=$assetclassgroups} +{foreach item=acg from=$assetclassgroups} - #{$assetclassgroup.assetclassgroup_color} - {$assetclassgroup.assetclassgroup_name} + #{$acg.color} + {$acg.name} + + + {$acg.description} {foreachelse} - + {$lang_assetclassgroup_none} diff --git a/tpl/assetclassgroupadd.tpl b/tpl/assetclassgroupadd.tpl index 33d5f77..2dd7408 100644 --- a/tpl/assetclassgroupadd.tpl +++ b/tpl/assetclassgroupadd.tpl @@ -27,7 +27,15 @@ {$lang_assetclassgroup_name} - + + + + + + {$lang_description} + + + @@ -35,7 +43,7 @@ {$lang_color} - + # diff --git a/tpl/assetclassgroupedit.tpl b/tpl/assetclassgroupedit.tpl index e442e70..88f2705 100644 --- a/tpl/assetclassgroupedit.tpl +++ b/tpl/assetclassgroupedit.tpl @@ -1,6 +1,6 @@
- + @@ -28,7 +28,15 @@ {$lang_assetclassgroup_name} + + + + @@ -36,7 +44,7 @@ {$lang_color}
- + +
+ {$lang_description} + +
- # + #
diff --git a/tpl/assetclassgroupview.tpl b/tpl/assetclassgroupview.tpl index b27eecb..b50e87c 100644 --- a/tpl/assetclassgroupview.tpl +++ b/tpl/assetclassgroupview.tpl @@ -1,7 +1,7 @@ + + + +
- {$assetclassgroup_name} + {$assetclassgroup->name} {$lang_assetclassgroup_add} @@ -28,6 +28,14 @@ {$assetclassgroup->name}
+ {$lang_description} + + {$assetclassgroup->description} +
{$lang_color} diff --git a/tpl/locationview.tpl b/tpl/locationview.tpl index d376ac2..31fc122 100644 --- a/tpl/locationview.tpl +++ b/tpl/locationview.tpl @@ -38,7 +38,7 @@ {$lang_location_info} - {$location_info} + {$location->info}
@@ -72,7 +72,7 @@ {$lang_subnet} - {$lang_locationsubnet_edit} + {$lang_locationsubnet_edit} diff --git a/tpl/nodeview.tpl b/tpl/nodeview.tpl index 91aee97..cbae880 100644 --- a/tpl/nodeview.tpl +++ b/tpl/nodeview.tpl @@ -131,7 +131,7 @@ {foreach item=rule from=$natrules} -{if $rule.node_id_int eq $node.node_id} +{if $rule.node_id_int eq $node->id} incoming {$rule.node_ip_ext}/{$rule.asset_name_ext} ({$rule.nat_type})
{else} diff --git a/tpl/subnetdel.tpl b/tpl/subnetdel.tpl index 8a600b8..bd9a997 100644 --- a/tpl/subnetdel.tpl +++ b/tpl/subnetdel.tpl @@ -43,7 +43,7 @@ {$lang_ip} - {$node.node_ip} + {$node.ip} {/foreach} diff --git a/tpl/subnetedit.tpl b/tpl/subnetedit.tpl index c9b4e14..03e81fe 100644 --- a/tpl/subnetedit.tpl +++ b/tpl/subnetedit.tpl @@ -1,6 +1,6 @@ - + @@ -28,7 +28,7 @@ {$lang_subnet_subnetaddress} @@ -36,7 +36,7 @@ {$lang_subnet_mask} @@ -44,7 +44,7 @@ {$lang_proto_vers} @@ -52,7 +52,7 @@ {$lang_subnet_dhcpstart} @@ -60,7 +60,7 @@ {$lang_subnet_dhcpend} @@ -68,7 +68,7 @@ NTP Server @@ -76,7 +76,7 @@ {$lang_subnet_info}
- +
- +
- +
- +
- +
- +
- +
diff --git a/tpl/subnetlocationadd.tpl b/tpl/subnetlocationadd.tpl index f1d35b0..84760dd 100644 --- a/tpl/subnetlocationadd.tpl +++ b/tpl/subnetlocationadd.tpl @@ -1,6 +1,6 @@ - + @@ -30,7 +30,7 @@ {$lang_subnet_subnetaddress}/{$lang_subnet_mask}
- {$subnet_address}/{$subnet_mask} + {$subnet->address}/{$subnet->mask}
diff --git a/tpl/subnetlocationedit.tpl b/tpl/subnetlocationedit.tpl index 9ce42f6..81ee80c 100644 --- a/tpl/subnetlocationedit.tpl +++ b/tpl/subnetlocationedit.tpl @@ -1,6 +1,6 @@ - + @@ -28,7 +28,7 @@ {$lang_subnet_subnetaddress}/{$lang_subnet_mask}
- {$subnet_address}/{$subnet_mask} + {$subnet->address}/{$subnet->mask}
diff --git a/tpl/subnetview.tpl b/tpl/subnetview.tpl index e5a82fe..0759796 100644 --- a/tpl/subnetview.tpl +++ b/tpl/subnetview.tpl @@ -47,7 +47,7 @@ {$lang_subnet_subnetaddress} -{if $subnet_proto_vers eq 4} +{if $subnet->proto_vers eq 4} {$subnet->address} {else} {$subnet->address} / {$subnet->mask} @@ -62,7 +62,7 @@ {$subnet->proto_vers} -{if $subnet_proto_vers eq 4} +{if $subnet->proto_vers eq 4} {$lang_subnet_mask} diff --git a/tpl/subnetvlanadd.tpl b/tpl/subnetvlanadd.tpl index e2cd399..3543f2d 100644 --- a/tpl/subnetvlanadd.tpl +++ b/tpl/subnetvlanadd.tpl @@ -1,6 +1,6 @@ - + @@ -28,7 +28,7 @@ {$lang_subnet_subnetaddress}/{$lang_subnet_mask}
- {$subnet_address}/{$subnet_mask} + {$subnet->address}/{$subnet->mask}
diff --git a/tpl/subnetvlanedit.tpl b/tpl/subnetvlanedit.tpl index 081bd91..f8af0da 100644 --- a/tpl/subnetvlanedit.tpl +++ b/tpl/subnetvlanedit.tpl @@ -1,6 +1,6 @@ - + @@ -28,7 +28,7 @@ {$lang_subnet_subnetaddress}/{$lang_subnet_mask}
- {$subnet_address}/{$subnet_mask} + {$subnet->address}/{$subnet->mask}
diff --git a/tpl/useredit.tpl b/tpl/useredit.tpl index 49a8adc..9a16ebc 100644 --- a/tpl/useredit.tpl +++ b/tpl/useredit.tpl @@ -1,6 +1,6 @@ - + @@ -29,7 +29,7 @@ {$lang_user_name} @@ -37,7 +37,7 @@ {$lang_user_displayname}
- +
- +
diff --git a/tpl/vlansubnetadd.tpl b/tpl/vlansubnetadd.tpl index b646a8d..0dcd68c 100644 --- a/tpl/vlansubnetadd.tpl +++ b/tpl/vlansubnetadd.tpl @@ -1,6 +1,6 @@ - + @@ -28,7 +28,7 @@ {$lang_vlan_name} ({$lang_vlan_number})
- {$vlan_name} ({$vlan_number}) + {$vlan->name} ({$vlan->number})
diff --git a/useredit.php b/useredit.php index 3496ec1..1cecc55 100644 --- a/useredit.php +++ b/useredit.php @@ -13,7 +13,7 @@ $user_id = sanitize($_GET['user_id']); include("header.php"); -$sql = "SELECT user_name AS name, user_displayname AS displayname +$sql = "SELECT user_id AS id, user_name AS name, user_displayname AS displayname FROM user WHERE user_id=?"; $sth = $dbh->prepare($sql); diff --git a/userview.php b/userview.php index a3c106a..2e95108 100644 --- a/userview.php +++ b/userview.php @@ -13,7 +13,7 @@ $user_id = sanitize($_GET['user_id']); include("header.php"); -$sql = "SELECT user_name AS name, user_displayname AS displayname +$sql = "SELECT user_id AS id, user_name AS name, user_displayname AS displayname FROM user WHERE user_id=?"; $sth = $dbh->prepare($sql); diff --git a/vlandel.php b/vlandel.php index 2481be5..6b73b3a 100644 --- a/vlandel.php +++ b/vlandel.php @@ -17,7 +17,7 @@ $sql = "SELECT vlan_id AS id, vlan_name AS name, vlan_number AS number FROM vlan WHERE vlan_id=?"; $sth = $dbh->prepare($sql); -$sth->execute([$zone_id]); +$sth->execute([$vlan_id]); $smarty->assign("vlan", $sth->fetch(PDO::FETCH_OBJ)); $smarty->display("vlandel.tpl");