Subsequent fixes after major changes for PDO

master
Thomas Hooge 2 years ago
parent 7c300e0a8f
commit e74bde2d14
  1. 2
      asset.php
  2. 2
      assetclassadd.php
  3. 3
      assetclassdel.php
  4. 3
      assetclassgroup.php
  5. 2
      assetclassgroupadd.php
  6. 3
      assetclassgroupedit.php
  7. 3
      assetclassgroupview.php
  8. 12
      config.php-sample
  9. 2
      install/install.txt
  10. 41
      install/mysql.sql
  11. 4
      install/mysql_sample.sql
  12. 24
      install/upgrade.txt
  13. 5
      lang/de.php
  14. 7
      lang/en.php
  15. 37
      lib.php
  16. 173
      lib/db.class.php
  17. 2
      locationdel.php
  18. 2
      locationedit.php
  19. 10
      locationview.php
  20. 17
      login.php
  21. 9
      node.php
  22. 6
      nodeedit.php
  23. 31
      submit.php
  24. 2
      subnetadd.php
  25. 7
      subnetedit.php
  26. 5
      subnetlocationadd.php
  27. 78
      subnetview.php
  28. 2
      subnetvlanedit.php
  29. 14
      tpl/assetclassgroup.tpl
  30. 12
      tpl/assetclassgroupadd.tpl
  31. 14
      tpl/assetclassgroupedit.tpl
  32. 10
      tpl/assetclassgroupview.tpl
  33. 4
      tpl/locationview.tpl
  34. 2
      tpl/nodeview.tpl
  35. 2
      tpl/subnetdel.tpl
  36. 16
      tpl/subnetedit.tpl
  37. 4
      tpl/subnetlocationadd.tpl
  38. 4
      tpl/subnetlocationedit.tpl
  39. 4
      tpl/subnetview.tpl
  40. 4
      tpl/subnetvlanadd.tpl
  41. 4
      tpl/subnetvlanedit.tpl
  42. 6
      tpl/useredit.tpl
  43. 4
      tpl/vlansubnetadd.tpl
  44. 2
      useredit.php
  45. 2
      userview.php
  46. 2
      vlandel.php

@ -25,7 +25,7 @@ $smarty->assign("alphabet", $alphabet);
$sth = $dbh->query("SELECT COUNT(*) FROM asset");
$smarty->assign("assetcount", $sth->fetchColumn());
// assetf for current letter
// assets for current letter
if (isset($_GET['asset_letter'])) {
$asset_letter = sanitize($_GET['asset_letter']);
} else {

@ -13,7 +13,7 @@ if((isset($_GET['assetclassgroup_id'])) ? $assetclassgroup_id = sanitize($_GET['
include("header.php");
$smarty->assign("assetclassgroup_options", $db->options_assetclassgroup());
$smarty->assign("assetclassgroup_options", db_get_options_assetclassgroup());
$smarty->display("assetclassadd.tpl");
include("footer.php");

@ -13,10 +13,9 @@ $assetclass_id = sanitize($_GET['assetclass_id']);
include("header.php");
$sql = "SELECT assetclass_id, assetclass_name
$sql = "SELECT assetclass_id AS id, assetclass_name AS name
FROM assetclass
WHERE assetclass_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$assetclass_id]);
$smarty->assign("assetclass", $sth->fetch(PDO::FETCH_OBJ));

@ -10,7 +10,8 @@ SPDX-License-Identifier: GPL-3.0-or-later
include("includes.php");
include("header.php");
$sql = "SELECT assetclassgroup_id, assetclassgroup_name, assetclassgroup_color
$sql = "SELECT assetclassgroup_id AS id, assetclassgroup_name AS name,
assetclassgroup_color AS color, assetclassgroup_description AS description
FROM assetclassgroup
ORDER BY assetclassgroup_name";
$sth = $dbh->query($sql);

@ -8,6 +8,8 @@ SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
$smarty->assign("scripts", 'jscolor.js');
include("header.php");
$smarty->display("assetclassgroupadd.tpl");

@ -15,7 +15,8 @@ $smarty->assign("scripts", 'jscolor.js');
include("header.php");
$sql = "SELECT assetclassgroup_id AS id, assetclassgroup_name AS name,
assetclassgroup_color AS color
assetclassgroup_color AS color,
assetclassgroup_description AS description
FROM assetclassgroup
WHERE assetclassgroup_id=?";
$sth = $dbh->prepare($sql);

@ -15,7 +15,8 @@ include("header.php");
$sql = "SELECT assetclassgroup_id AS id,
assetclassgroup_name AS name,
assetclassgroup_color AS color
assetclassgroup_color AS color,
assetclassgroup_description AS description
FROM assetclassgroup
WHERE assetclassgroup_id=?";
$sth = $dbh->prepare($sql);

@ -21,4 +21,16 @@ $config_color_dynamic = 'e0e0e0';
// language
$config_lang_default = 'en';
// auth
$config_auth_ldap = false;
$config_ldap_host = array('localhost', 'otherhost.example.com');
$config_ldap_port = 389;
$config_ldap_v3 = true;
$config_ldap_base_dn = 'ou=organizationalunit,dc=example,dc=com';
$config_ldap_login_attr = 'uid';
// ldap search user
$config_ldap_bind_dn = 'cn=dummy,ou=organizationalunit,dc=example,dc=com';
$config_ldap_bind_pass = 'secret';
?>

@ -1,6 +1,8 @@
IP Reg Installation
1. Install requirements
Minimum PHP version is 7.4, we are using arrow functions introduced
in that version.
IP Reg version 0.6 and up depends on smarty template engine.
In Debian install it with: "apt-get install smarty3".
The PHP-GD module is also required: "apt-get install php-gd".

@ -4,6 +4,9 @@ CREATE TABLE asset (
asset_hostname varchar(100) DEFAULT NULL,
assetclass_id int(10) NOT NULL,
asset_info text DEFAULT NULL,
asset_intf smallint(5) UNSIGNED NOT NULL DEFAULT 1,
asset_location int(10) DEFAULT NULL,
asset_type enum ('active','passive') NOT NULL DEFAULT 'active',
PRIMARY KEY (asset_id),
INDEX ix_asset_name (asset_name)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
@ -20,16 +23,44 @@ CREATE TABLE assetclassgroup (
assetclassgroup_id int(10) NOT NULL AUTO_INCREMENT,
assetclassgroup_name varchar(100) NOT NULL,
assetclassgroup_color varchar(6) NOT NULL DEFAULT '000000',
assetclassgroup_description varchar(100) DEFAULT NULL,
PRIMARY KEY (assetclassgroup_id),
INDEX ix_assetclassgroup_name (assetclassgroup_name)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
-- WIP
CREATE TABLE cable (
cable_id int(10) NOT NULL AUTO_INCREMENT,
cable_description varchar(100) NOT NULL,
cable_from_id int(10) DEFAULT NULL,
cable_to_id int(10) DEFAULT NULL,
cable_length smallint(5) UNSIGNED DEFAULT NULL,
cable_links smallint(5) UNSIGNED DEFAULT 1,
cable_type enum('copper','fibre','laser','radio') DEFAULT NULL,
cable_info text DEFAULT NULL,
PRIMARY KEY (cable_id),
UNIQUE INDEX ix_cable_description (cable_description)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
-- WIP
-- Reference to external systems
CREATE TABLE extlink (
extlink_id int(10) NOT NULL AUTO_INCREMENT,
asset_id int(10) NOT NULL,
extlink_type enum('cdb','zabbix', 'topdesk') NOT NULL DEFAULT 'cdb',
extlink_refid int(10) DEFAULT NULL,
extlink_uid varchar(65) DEFAULT NULL,
PRIMARY KEY (extlink_id),
INDEX ix_extlink_asset_id (asset_id)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
CREATE TABLE location (
location_id int(10) NOT NULL AUTO_INCREMENT,
location_name varchar(100) NOT NULL,
location_parent int(10) NOT NULL DEFAULT 0,
location_info text DEFAULT NULL,
location_sort int(11) NOT NULL DEFAULT 0,
location_type enum('location', 'building','room','rack') NOT NULL DEFAULT 'location',
location_sort smallint(6) NOT NULL DEFAULT 0,
PRIMARY KEY (location_id),
INDEX ix_location_sort (location_sort),
INDEX ix_location_name (location_name)
@ -40,6 +71,9 @@ CREATE TABLE nat (
nat_type int(1) NOT NULL,
nat_ext int(10) NOT NULL,
nat_int int(10) NOT NULL,
nat_ext_port smallint(5) UNSIGNED DEFAULT NULL,
nat_int_port smallint(5) UNSIGNED DEFAULT NULL,
nat_description varchar(100) DEFAULT NULL,
PRIMARY KEY (nat_id)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
@ -85,8 +119,9 @@ CREATE TABLE subnetvlan (
CREATE TABLE user (
user_id int(10) NOT NULL AUTO_INCREMENT,
user_realm enum ('local','ldap') NOT NULL DEFAULT 'local',
user_name varchar(100) NOT NULL,
user_pass varchar(32) NOT NULL,
user_pass binary(60) NOT NULL,
user_displayname varchar(100) NOT NULL,
user_language char(2) NOT NULL DEFAULT 'en',
user_imagesize int(3) NOT NULL DEFAULT 6,
@ -110,7 +145,7 @@ CREATE TABLE user (
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
INSERT INTO user (user_name, user_pass, user_displayname) VALUES
('admin', '21232f297a57a5a743894a0e4a801fc3', 'administrator');
('admin', '$2y$10$HTs0lSaFrfr.q4Gmy5zWfeDg3jhYZkqEGZEnDkMiHZ641nso38mt6', 'Administrator');
CREATE TABLE vlan (
vlan_id int(10) NOT NULL AUTO_INCREMENT,

@ -49,6 +49,10 @@ INSERT INTO subnetlocation (subnet_id, location_id) VALUES
INSERT INTO subnetvlan (subnet_id, vlan_id) VALUES
(1, 1);
INSERT INTO user (user_name, user_pass, user_displayname) VALUES
('alice', '$2y$10$CTq04qodeKZBgeuShC3E..cEzfh.SDlaoOEUWcCXXHPDvXJ51nGdq', 'Alice'),
('bob', '$2y$10$hl4NN4lOyuz7KN0ZjLHbOuCqGi08GVaTvl/RiMcL1mbFqGmtzDN76', 'Bob');
INSERT INTO vlan (vlan_number, vlan_name) VALUES
(1, 'DEFAULT_VLAN');

@ -0,0 +1,24 @@
IP Reg Upgrading
This version has still not reached version 1.0 (feature complete).
As such, there may be changes at any time.
There is no database upgrade logic so the database structure has
to be compared manually.
1. Check and upgrade database schema
Compare current database schema with the contents of the database
creation script "mysql.sql".
Create missing objects in your current database.
2. Install new version
Install the new application in a new location.
Copy the configuration file "config.php" to new installation.
Compare the configuration to the sample config.
There may be additional settings that you want to customize.
3. Switch to new version
Rename the old an new directory.
4. Done
If everything works fine you could remove the old directory.

@ -44,6 +44,10 @@ $lang = array(
'lang_submit' => 'Absenden',
'lang_unassigned' => 'Nicht zugeordnet',
'lang_warning' => 'Warnung',
'lang_description' => 'Beschreibung',
'lang_empty' => 'leer',
'lang_source' => 'Quelle',
'lang_target' => 'Ziel',
'lang_asset_add' => 'Objekt hinzufügen',
'lang_asset_del' => 'Objekt löschen',
@ -144,6 +148,7 @@ $lang = array(
'lang_user_name' => 'Benutzername',
'lang_user_password' => 'Kennwort',
'lang_user_language' => 'Sprache',
'lang_user_realm' => 'Realm',
'lang_zone_add' => 'Zone hinzufügen',
'lang_zone_del' => 'Zone löschen',

@ -44,6 +44,10 @@ $lang = array(
'lang_submit' => 'Submit',
'lang_unassigned' => 'Unassigned',
'lang_warning' => 'Warning',
'lang_description' => 'Description',
'lang_empty' => 'empty',
'lang_source' => 'Source',
'lang_target' => 'Target',
'lang_asset_add' => 'Add asset',
'lang_asset_del' => 'Delete asset',
@ -143,6 +147,8 @@ $lang = array(
'lang_user_edit' => 'Mofidy user',
'lang_user_name' => 'Username',
'lang_user_password' => 'Password',
'lang_user_language' => 'Language',
'lang_user_realm' => 'Realm',
'lang_zone_add' => 'Add zone',
'lang_zone_del' => 'Delete zone',
@ -157,7 +163,6 @@ $lang = array(
'lang_vlan_new' => 'VLAN info',
'lang_vlan_name' => 'VLAN name',
'lang_vlan_none' => 'There are no VLANs defined',
'lang_user_language' => 'Language',
'lang_vlansubnet' => 'VLAN/Subnet',
'lang_vlansubnet_edit' => 'Edit VLAN/Subnet',

@ -31,6 +31,17 @@ $smarty->assign("suser_tooltips", $_SESSION['suser_tooltips'] ?? 'off');
// ========== DATABASE FUCTIONS ===============================================
function db_load_enum($table, $column) {
// returns array of enum-values as defined in database
global $dbh;
$sql = "SELECT TRIM(TRAILING ')' FROM SUBSTRING(column_type,6))
FROM information_schema.columns
WHERE table_name=? AND column_name=?";
$sth = $dbh->prepare($sql);
$sth->execute([$table, $column]);
return array_map(fn($x) => trim($x, "'"), explode(',', $sth->fetch(PDO::FETCH_NUM)));
}
function db_get_options_asset() {
global $dbh;
$sql = "SELECT asset_id, asset_name FROM asset ORDER BY asset_name";
@ -61,8 +72,12 @@ function db_get_options_assetclassgroup() {
return $options;
}
function db_get_options_location() {
function db_get_options_location($default = NULL) {
global $dbh;
$options = array();
if ($default != NULL) {
$options[0] = $default;
}
$sql = "SELECT location_id, location_name FROM location ORDER BY location_name";
$sth = $dbh->query($sql);
foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
@ -84,8 +99,12 @@ function db_get_options_subnet() {
return $options;
}
function db_get_options_vlan() {
function db_get_options_vlan($default = NULL) {
global $dbh;
$options = array();
if ($default != NULL) {
$options[0] = $default;
}
$sql = "SELECT vlan_id, vlan_name FROM vlan ORDER BY vlan_name";
$sth = $dbh->query($sql);
foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
@ -94,4 +113,18 @@ function db_get_options_vlan() {
return $options;
}
function db_get_options_zone($default = NULL) {
global $dbh;
$options = array();
if ($default != NULL) {
$options[0] = $default;
}
$sql = "SELECT zone_id, zone_origin FROM zone ORDER BY zone_origin";
$sth = $dbh->query($sql);
foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
$options[$rec[0]] = $rec[1];
}
return $options;
}
?>

@ -1,173 +0,0 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
For more information, visit http://sourceforge.net/projects/ipreg,
or contact me at wietsew@users.sourceforge.net
*****************************************************************************/
class Db {
protected $dblink;
public function __construct ($dblink) {
$this->dblink = $dblink;
}
function db_delete($query) {
// run query
$sql = mysqli_query($this->dblink, $query) or die(mysqli_error($this->dblink));
}
function db_insert($query) {
// run query
echo "<pre>$query</pre>";
$sql = mysqli_query($this->dblink, $query) or die(mysqli_error($this->dblink));
// return result
return mysqli_insert_id($this->dblink);
}
function db_select($query) {
// run query
$sql = mysqli_query($this->dblink, $query) or die(mysqli_error($this->dblink));
// loop results
$result = array();
while($record = mysqli_fetch_assoc($sql)) {
$result[] = $record;
}
// return array
return $result;
}
function db_update($query) {
// run query
$sql = mysqli_query($this->dblink, $query) or die(mysqli_error($this->dblink));
}
function options_asset($null_value=NULL) {
$options = array();
if (isset($null_value)) {
$options[0] = $null_value;
}
$sql = "SELECT asset_id, asset_name
FROM asset
ORDER BY asset_name";
$records = $this->db_select($sql);
foreach ($records as $rec) {
$options[$rec['asset_id']] = $rec['asset_name'];
}
return $options;
}
function options_assetclass($null_value=NULL) {
$options = array();
if (isset($null_value)) {
$options[0] = $null_value;
}
$sql = "SELECT assetclass_id, assetclass_name
FROM assetclass
ORDER BY assetclass_name";
$records = $this->db_select($sql);
foreach ($records as $rec) {
$options[$rec['assetclass_id']] = $rec['assetclass_name'];
}
return $options;
}
function options_assetclassgroup($null_value=NULL) {
$options = array();
if (isset($null_value)) {
$options[0] = $null_value;
}
$sql = "SELECT assetclassgroup_id, assetclassgroup_name
FROM assetclassgroup
ORDER BY assetclassgroup_name";
$records = $this->db_select($sql);
foreach ($records as $rec) {
$options[$rec['assetclassgroup_id']] = $rec['assetclassgroup_name'];
}
return $options;
}
function options_location($null_value=NULL) {
$options = array();
if (isset($null_value)) {
$options[0] = $null_value;
}
$sql = "SELECT location_id,
location_name
FROM location
ORDER BY location_name";
$records = $this->db_select($sql);
foreach ($records as $rec) {
$options[$rec['location_id']] = $rec['location_name'];
}
return $options;
}
function options_subnet($null_value=NULL) {
$options = array();
if (isset($null_value)) {
$options[0] = $null_value;
}
$sql = "SELECT subnet_id,
CONCAT_WS('/', subnet_address, subnet_mask) AS subnet_name
FROM subnet
ORDER BY INET_ATON(subnet_address)";
$records = $this->db_select($sql);
foreach ($records as $rec) {
$options[$rec['subnet_id']] = $rec['subnet_name'];
}
return $options;
}
function options_vlan($null_value=NULL) {
$options = array();
if (isset($null_value)) {
$options[0] = $null_value;
}
$sql = "SELECT vlan_id,
CONCAT_WS(' - ', vlan_number, vlan_name) AS vlan_option
FROM vlan
ORDER BY vlan_number";
$records = $this->db_select($sql);
foreach ($records as $rec) {
$options[$rec['vlan_id']] = $rec['vlan_option'];
}
return $options;
}
function options_zone($null_value=NULL) {
$options = array();
if (isset($null_value)) {
$options[0] = $null_value;
}
$sql = "SELECT zone_id, zone_origin
FROM zone
ORDER BY zone_origin";
$records = $this->db_select($sql);
foreach ($records as $rec) {
$options[$rec['zone_id']] = $rec['zone_origin'];
}
return $options;
}
}
?>

@ -13,7 +13,7 @@ $location_id = sanitize($_GET['location_id']);
include("header.php");
$sql = "SELECT location_name FROM location WHERE location_id=?";
$sql = "SELECT location_id AS id, location_name AS name FROM location WHERE location_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$location_id]);
$smarty->assign("location", $sth->fetch(PDO::FETCH_OBJ));

@ -14,7 +14,7 @@ $location_id = sanitize($_GET['location_id']);
include("header.php");
// location
$sql = "SELECT location_name AS name, location_parent AS parent,
$sql = "SELECT location_id AS id, location_name AS name, location_parent AS parent,
location_info AS info, location_sort AS sort
FROM location
WHERE location_id=?";

@ -10,11 +10,12 @@ SPDX-License-Identifier: GPL-3.0-or-later
include("includes.php");
$location_id = sanitize($_GET['location_id']);
if ((isset($_GET['id'])) ? $id = sanitize($_GET['id']) : $id = '');
include("header.php");
// locationcrumb
// base location
$sql = "SELECT location_id AS id, location_name AS name,
location_parent AS parent_id, location_info AS info,
CONCAT('locationview.php?location_id=', location_id) AS url
@ -23,9 +24,10 @@ $sql = "SELECT location_id AS id, location_name AS name,
$sth = $dbh->prepare($sql);
$sth->execute([$location_id]);
$location = $sth->fetch(PDO::FETCH_OBJ);
$smarty->assign("location", $location);
// crumbs
$crumbs[] = $location;
$level = 1;
$sql = "SELECT location_id AS id, location_name AS name,
location_parent AS parent_id,
CONCAT('locationview.php?location_id=', location_id) AS url
@ -36,11 +38,7 @@ while ($crumbs[0]->parent_id != 0) {
$sth->execute([$crumbs[0]->parent_id]);
$result = $sth->fetch(PDO::FETCH_OBJ);
array_unshift($crumbs, $result);
$level++;
}
$smarty->assign("location_id", $location->id);
$smarty->assign("location_info", nl2br($location->info));
$smarty->assign("crumbs", $crumbs);
// sublocations

@ -14,7 +14,7 @@ include("config.php");
include("dbconnect.php");
include("lib.php");
function user_login($user_name, $user_pass) {
function user_login ($user_name, $user_pass) {
global $dbh;
if (strlen($user_name) < 1) {
@ -42,10 +42,17 @@ function user_login($user_name, $user_pass) {
return FALSE;
}
// TODO use secure algo with salt!
if (strcmp(md5($user_pass), $user->user_pass) != 0) {
// password does not match
return FALSE;
if (strcmp(md5($user_pass), rtrim($user->user_pass)) != 0) {
// password does not match with md5, check if new hash matches
// For future expansion: $pwd_peppered = hash_hmac('sha256', $user_pass, $config_pepper);
if (! password_verify($user_pass, $user->user_pass)) {
return FALSE;
}
} else {
// md5 match but outdated. rewrite with new algo
$sth = $dbh->prepare("UPDATE user SET user_pass=? WHERE user_id=?");
$newhash = password_hash($user_pass, PASSWORD_BCRYPT);
$sth->execute([$newhash, $user->user_id]);
}
// all ok: user is logged in, register session data

@ -24,10 +24,9 @@ if(isset($_GET['subnet_id'])) {
$sql = "SELECT CONCAT_WS('/',subnet_address,subnet_mask) AS subnet
FROM subnet
WHERE subnet_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$subnet_id]);
$sth = $dbh->prepare($sql);
$sth->execute([$subnet_id]);
$smarty->assign("subnet", $sth->fetchColumn());
} else {
$smarty->assign("subnet_id", '');
}
@ -38,9 +37,9 @@ $where = join(' AND ', $w);
$sql = "SELECT a.asset_id, a.asset_info,
REPLACE(a.asset_name, ' ', '&nbsp;') AS asset_name,
n.node_id, n.node_ip
FROM asset AS a LEFT JOIN node AS n USING (asset_id)";
FROM node AS n LEFT JOIN asset AS a USING (asset_id)";
if ($where) {
$sql .= ' WHERE ' . $where;
$sql .= ' WHERE ' . $where;
}
$sql .= "GROUP BY n.node_id ORDER BY INET_ATON(n.node_ip)";
$sth = $dbh->prepare($sql);

@ -22,9 +22,9 @@ $sth = $dbh->prepare($sql);
$sth->execute([$node_id]);
$smarty->assign("node", $sth->fetch(PDO::FETCH_OBJ));
$smarty->assign("asset_options", $db->options_asset());
$smarty->assign("subnet_options", $db->options_subnet());
$smarty->assign("zone_options", $db->options_zone("(keine)"));
$smarty->assign("asset_options", db_get_options_asset());
$smarty->assign("subnet_options", db_get_options_subnet());
$smarty->assign("zone_options", db_get_options_zone('(keine)'));
$smarty->display("nodeedit.tpl");

@ -132,15 +132,16 @@ if (isset($_POST['add'])) {
break;
case ("assetclassgroup") :
$name = sanitize($_POST['assetclassgroup_name']);
$color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['assetclassgroup_color'])));
$name = sanitize($_POST['acg_name']);
$color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['acg_color'])));
$desc = sanitize($_POST['acg_description']);
$sql = "INSERT INTO assetclassgroup
(assetclassgroup_name, assetclassgroup_color)
(assetclassgroup_name, assetclassgroup_color, assetclassgroup_description)
VALUE
(?, ?)";
(?, ?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$name, $color]);
$sth->execute([$name, $color, $desc]);
header_location("assetclassgroupview.php?assetclassgroup_id=" . $dbh->lastInsertId());
break;
@ -554,17 +555,18 @@ if (isset($_POST['edit'])) {
break;
case ("assetclassgroup") :
$assetclassgroup_id = sanitize($_POST['assetclassgroup_id']);
$assetclassgroup_name = sanitize($_POST['assetclassgroup_name']);
$assetclassgroup_color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['assetclassgroup_color'])));
$acg_id = sanitize($_POST['acg_id']);
$acg_name = sanitize($_POST['acg_name']);
$acg_desc = sanitize($_POST['acg_description']);
$acg_color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['acg_color'])));
$sql = "UPDATE assetclassgroup SET
assetclassgroup_name=?, assetclassgroup_color=?
assetclassgroup_name=?, assetclassgroup_color=?, assetclassgroup_description=?
WHERE assetclassgroup_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$assetclassgroup_name, $assetclassgroup_color, $assetclassgroup_id]);
$sth->execute([$acg_name, $acg_color, $acg_desc, $acg_id]);
header_location("assetclassgroupview.php?assetclassgroup_id=" . $assetclassgroup_id);
header_location("assetclassgroupview.php?assetclassgroup_id=" . $acg_id);
break;
case ("location") :
@ -672,10 +674,11 @@ if (isset($_POST['edit'])) {
$userpass = $sth->fetchColumn();;
if (!strcmp(md5($currentpass), $userpass)) {
if (!strcmp($user_newpass1, $user_newpass2)) {
if (password_verify($currentpass, $userpass)) {
if (!strcmp($newpass1, $newpass2)) {
$sth = $dbh->prepare("UPDATE user SET user_pass=? WHERE user_id=?");
$sth->execute([md5($user_newpass1), $user_id]);
$newhash = password_hash($newpass1, PASSWORD_BCRYPT);
$sth->execute([$newhash, $user_id]);
header_location("options.php");
}
}

@ -13,7 +13,7 @@ if((isset($_GET['vlan_id'])) ? $vlan_id = sanitize($_GET['vlan_id']) : $vlan_id
include("header.php");
$smarty->assign("vlan_options", db_get_options_vlan());
$smarty->assign("vlan_options", db_get_options_vlan($lang['lang_option_none']));
$smarty->display("subnetadd.tpl");

@ -13,10 +13,9 @@ $subnet_id = sanitize($_GET['subnet_id']);
include("header.php");
$sql = "SELECT subnet_address AS address, subnet_mask AS mask,
protocol_version AS proto_vers,
subnet_dhcp_start AS dhcp_start, subnet_dhcp_end AS dhcp_end,
ntp_server, subnet_info AS info
$sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask,
protocol_version AS proto_vers, subnet_dhcp_start AS dhcp_start,
subnet_dhcp_end AS dhcp_end, ntp_server, subnet_info AS info
FROM subnet
WHERE subnet_id=?";
$sth = $dbh->prepare($sql);

@ -13,12 +13,11 @@ $subnet_id = sanitize($_GET['subnet_id']);
include("header.php");
$sql = "SELECT subnet_id AS id, subnet_address AS address,
subnet_mask AS mask
$sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
FROM subnet
WHERE subnet_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$zone_id]);
$sth->execute([$subnet_id]);
$smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
$smarty->assign("location_options", db_get_options_location());

@ -42,16 +42,8 @@ $subnet = $sth->fetch(PDO::FETCH_OBJ);
$smarty->assign("subnet", $subnet);
// set needed variables
$subnet_address = $subnet->address;
$subnet_mask = $subnet->mask;
$subnet_dhcpstart = $subnet->dhcp_start;
$subnet_dhcpend = $subnet->dhcp_end;
$subnet_proto_vers = $subnet->protocol_version;
$subnet_ntp_server = $subnet->ntp_server;
// set counters
$host_counter = pow(2,(32-$subnet_mask));
$host_counter = pow(2, (32-$subnet->mask));
$node_counter = $subnet->node_counter;
$subnet_usedpercentage = round((($node_counter/($host_counter-2))*100), 1);
@ -74,7 +66,7 @@ $iprange4 = $iprange[3];
$subnetdata = array();
// determine range (Class A/B/C)
if ($subnet_mask >= 24) {
if ($subnet->mask >= 24) {
// Class C
// fill subnet-array with addresses we want to see
for($i=0; $i<$host_counter; $i++) {
@ -105,15 +97,16 @@ if ($subnet_mask >= 24) {
// set displayed nodes
$nodes_displayed = $host_counter;
} else if ($subnet_mask>=16) {
} else if ($subnet->mask >= 16) {
// Class B
// which part do we want to see?
if((empty($page)) ? $page=$subnet_address : $page=$page);
if ((empty($page)) ? $page = $subnet->address : $page = $page);
$page = explode('.', $page);
$page2 = $page[2];
// fill subnet-array with addresses we want to see
for($i=0;$i<256;$i++) {
for($i=0; $i<256; $i++) {
// build ip
$ip = $iprange1 . '.' . $iprange2 . '.' . $page2 . '.' . $i;
@ -129,13 +122,13 @@ if ($subnet_mask >= 24) {
$smarty->assign("iprange2", $iprange2);
// loop addresses in range3
for($i=$iprange3;$i<(pow(2,(32-$subnet_mask))/256);$i++) {
for ($i=$iprange3; $i<(pow(2,(32-$subnet->mask))/256); $i++) {
// send to tpl
$smarty->assign("iprange3", $i);
$smarty->assign("iprange4", 0);
// set select box
if($i==$page2) {
if ($i == $page2) {
$smarty->assign("row_selected", "selected");
} else {
@ -159,7 +152,7 @@ if ($subnet_mask >= 24) {
} else {
// Class A
// which part do we want to see?
if ((empty($page)) ? $page = $subnet_address : $page = $page);
if ((empty($page)) ? $page = $subnet->address : $page = $page);
$page = explode('.', $page);
$page2 = $page[1];
$page3 = $page[2];
@ -181,7 +174,7 @@ if ($subnet_mask >= 24) {
$smarty->assign("iprange2", $iprange2);
// loop addresses in range 2
for ($i=$iprange2; $i<(pow(2,(24-$subnet_mask))/256); $i++) {
for ($i=$iprange2; $i<(pow(2,(24-$subnet->mask))/256); $i++) {
// send to tpl
$smarty->assign("iprange1", $iprange1);
$smarty->assign("iprange2", $i);
@ -196,12 +189,10 @@ if ($subnet_mask >= 24) {
$smarty->assign("row1_selected", "");
}
// parse block
$tp->parse("two_select_row1");
}
// loop addresses in range 3
for($i=0; $i<256; $i++) {
for ($i=0; $i<256; $i++) {
// send to tpl
$smarty->assign("iprange1", $iprange1);
$smarty->assign("iprange2", $page2);
@ -216,8 +207,6 @@ if ($subnet_mask >= 24) {
$smarty->assign("row2_selected", "");
}
// parse block
$tp->parse("two_select_row2");
}
$smarty->assign("subnetmask1", 255);
@ -235,43 +224,36 @@ if ($subnet_mask >= 24) {
}
// get nodes for this subnetview and implement the values into the array
$sql = "SELECT
asset.asset_name,
assetclassgroup.assetclassgroup_color,
node.node_id,
node.node_ip
FROM
asset,
assetclass,
assetclassgroup,
node
$sql = "SELECT a.asset_name, g.assetclassgroup_color, n.node_id, n.node_ip
FROM
asset AS a,
assetclass AS c,
assetclassgroup AS g,
node AS n
WHERE
node.node_ip IN ('".implode("','",array_keys($subnetdata))."')
AND node.subnet_id=?
AND asset.asset_id=node.asset_id
AND assetclass.assetclass_id=asset.assetclass_id
AND assetclassgroup.assetclassgroup_id=assetclass.assetclassgroup_id";
n.node_ip IN ('".implode("','",array_keys($subnetdata))."')
AND n.subnet_id=?
AND a.asset_id=n.asset_id
AND c.assetclass_id=a.assetclass_id
AND g.assetclassgroup_id=c.assetclassgroup_id";
$sth = $dbh->prepare($sql);
$sth->execute([$subnet_id]);
$smarty->assign("locations", $sth->fetchAll());
$nodes = $sth->fetchAll();
$smarty->assign("nodes", $nodes);
$node_counter = count($nodes);
if ($node_counter > 0) {
// get objects
if (count($nodes) > 0) {
foreach ($nodes AS $node) {
// add node-values to ip in subnet-array
$subnetdata[$node['node_ip']] = $node;
}
}
// replace ip's in subnet-array (if necessary)
// check for subnet address
if (array_key_exists($subnet_address, $subnet)) {
if (array_key_exists($subnet->address, $subnet)) {
// replace
$subnetdata[$subnet_address] = array("subnet_address");
$subnetdata[$subnet->address] = array("subnet_address");
}
// check for broadcast address
@ -281,9 +263,9 @@ if (array_key_exists($broadcast_address, $subnet)) {
}
$dhcpstart = 0;
if ($subnet_dhcpstart && $subnet_dhcpend) {
$dhcpstart = ip2long($subnet_dhcpstart);
$dhcpend = ip2long($subnet_dhcpend);
if ($subnet->dhcp_start && $subnet->dhcp_end) {
$dhcpstart = ip2long($subnet->dhcp_start);
$dhcpend = ip2long($subnet->dhcp_end);
}
// loop subnet-array and send to template
@ -300,7 +282,7 @@ foreach ($subnetdata AS $node_ip => $node) {
if ($dhcpstart > 0) {
$ipval = ip2long($node_ip);
if (($ipval >= $dhcpstart) and ($ipval <= $dhcpend)) {
$subnet[$node_ip]["dynamic"] = true;
$subnetdata[$node_ip]["dynamic"] = true;
}
}

@ -13,7 +13,7 @@ $subnet_id = sanitize($_GET['subnet_id']);
include("header.php");
$sql = "SELECT subnet_address, subnet_mask
$sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
FROM subnet
WHERE subnet_id=?";
$sth = $dbh->prepare($sql);

@ -14,17 +14,23 @@
<td class="header">
{$lang_assetclassgroup_name}
</td>
<td class="header">
{$lang_description}
</td>
</tr>
{foreach item=assetclassgroup from=$assetclassgroups}
{foreach item=acg from=$assetclassgroups}
<tr>
<td class="label">
<img src="image.php?color={$assetclassgroup.assetclassgroup_color}" alt="#{$assetclassgroup.assetclassgroup_color}">
<a href="assetclassgroupview.php?assetclassgroup_id={$assetclassgroup.assetclassgroup_id}">{$assetclassgroup.assetclassgroup_name}</a>
<img src="image.php?color={$acg.color}" alt="#{$acg.color}">
<a href="assetclassgroupview.php?assetclassgroup_id={$acg.id}">{$acg.name}</a>
</td>
<td>
{$acg.description}
</td>
</tr>
{foreachelse}
<tr>
<td>
<td colspan="2">
{$lang_assetclassgroup_none}
</td>
</tr>

@ -27,7 +27,15 @@
{$lang_assetclassgroup_name}
</td>
<td class="value">
<input type="text" name="assetclassgroup_name">
<input type="text" name="acg_name">
</td>
</tr>
<tr>
<td class="label">
{$lang_description}
</td>
<td class="value">
<input type="text" name="acg_description" size="80" maxlength="100">
</td>
</tr>
<tr>
@ -35,7 +43,7 @@
{$lang_color}
</td>
<td class="value">
<input type="text" name="assetclassgroup_color">
#<input type="text" {literal}class="color {pickerPosition:'right'}"{/literal} name="acg_color" size="6" maxlength="6" value="{$assetclassgroup->color}">
</td>
</tr>
</table>

@ -1,6 +1,6 @@
<form method="POST" action="submit.php">
<input type="hidden" name="edit" value="assetclassgroup">
<input type="hidden" name="assetclassgroup_id" value="{$assetclassgroup->id}">
<input type="hidden" name="acg_id" value="{$assetclassgroup->id}">
<table class="title">
<tr>
@ -28,7 +28,15 @@
{$lang_assetclassgroup_name}
</td>
<td class="value">
<input type="text" name="assetclassgroup_name" value="{$assetclassgroup->name}">
<input type="text" name="acg_name" value="{$assetclassgroup->name}">
</td>
</tr>
<tr>
<td class="label">
{$lang_description}
</td>
<td class="value">
<input type="text" name="acg_description" size="80" maxlength="100" value="{$assetclassgroup->description}">
</td>
</tr>
<tr>
@ -36,7 +44,7 @@
{$lang_color}
</td>
<td class="value">
#<input type="text" {literal}class="color {pickerPosition:'right'}"{/literal} name="assetclassgroup_color" size="6" maxlength="6" value="{$assetclassgroup->color}">
#<input type="text" {literal}class="color {pickerPosition:'right'}"{/literal} name="acg_color" size="6" maxlength="6" value="{$assetclassgroup->color}">
</td>
</tr>
</table>

@ -1,7 +1,7 @@
<table class="title">
<tr>
<td class="header">
{$assetclassgroup_name}
{$assetclassgroup->name}
</td>
<td align="right">
<a href="assetclassgroupadd.php?assetclassgroup_id={$assetclassgroup->id}"><img src="image.php?icon=add" alt="{$lang_assetclassgroup_add}" {if $suser_tooltips}title="{$lang_assetclassgroup_add}" {/if}/></a>
@ -28,6 +28,14 @@
<a href="assetclassgroupview.php?assetclassgroup_id={$assetclassgroup->id}">{$assetclassgroup->name}</a>
</td>
</tr>
<tr>
<td class="label">
{$lang_description}
</td>
<td class="value">
{$assetclassgroup->description}
</td>
</tr>
<tr>
<td class="label">
{$lang_color}

@ -38,7 +38,7 @@
{$lang_location_info}
</td>
<td class="value">
{$location_info}
{$location->info}
</td>
</tr>
</table>
@ -72,7 +72,7 @@
{$lang_subnet}
</td>
<td class="header_right">
<a href="locationsubnetedit.php?location_id={$location_id}"><img src="image.php?icon=edit" alt="{$lang_locationsubnet_edit}"></a>
<a href="locationsubnetedit.php?location_id={$location->id}"><img src="image.php?icon=edit" alt="{$lang_locationsubnet_edit}"></a>
</td>
</tr>
<tr>

@ -131,7 +131,7 @@
</td>
<td class="value">
{foreach item=rule from=$natrules}
{if $rule.node_id_int eq $node.node_id}
{if $rule.node_id_int eq $node->id}
<img src="images/arrow_left.png" alt="incoming" title="coming from">
<a href="nodeview.php?node_id={$rule.node_id_ext}">{$rule.node_ip_ext}</a>/<a href="assetview.php?asset_id={$rule.asset_id_ext}">{$rule.asset_name_ext}</a> ({$rule.nat_type})<br />
{else}

@ -43,7 +43,7 @@
{$lang_ip}
</td>
<td class="value">
<a href="nodeview.php?node_id={$node.node_id}">{$node.node_ip}</a>
<a href="nodeview.php?node_id={$node.id}">{$node.ip}</a>
</td>
</tr>
{/foreach}

@ -1,6 +1,6 @@
<form method="POST" action="submit.php">
<input type="hidden" name="edit" value="subnet">
<input type="hidden" name="subnet_id" value="{$subnet_id}">
<input type="hidden" name="subnet_id" value="{$subnet->id}">
<table class="title">
<tr>
@ -28,7 +28,7 @@
{$lang_subnet_subnetaddress}
</td>
<td class="value">
<input type="text" name="subnet_address" value="{$subnet_address}">
<input type="text" name="subnet_address" value="{$subnet->address}">
</td>
</tr>
<tr>
@ -36,7 +36,7 @@
{$lang_subnet_mask}
</td>
<td class="value">
<input type="text" name="subnet_mask" size="2" value="{$subnet_mask}">
<input type="text" name="subnet_mask" size="2" value="{$subnet->mask}">
</td>
</tr>
<tr>
@ -44,7 +44,7 @@
{$lang_proto_vers}
</td>
<td class="value">
<input type="text" name="subnet_proto_vers" size="2" value="{$subnet_proto_vers}">
<input type="text" name="subnet_proto_vers" size="2" value="{$subnet->proto_vers}">
</td>
</tr>
<tr>
@ -52,7 +52,7 @@
{$lang_subnet_dhcpstart}
</td>
<td class="value">
<input type="text" name="subnet_dhcpstart" size="15" value="{$subnet_dhcpstart}">
<input type="text" name="subnet_dhcpstart" size="15" value="{$subnet->dhcp_start}">
</td>
</tr>
<tr>
@ -60,7 +60,7 @@
{$lang_subnet_dhcpend}
</td>
<td class="value">
<input type="text" name="subnet_dhcpend" size="15" value="{$subnet_dhcpend}">
<input type="text" name="subnet_dhcpend" size="15" value="{$subnet->dhcp_end}">
</td>
</tr>
<tr>
@ -68,7 +68,7 @@
NTP Server
</td>
<td class="value">
<input type="text" name="subnet_ntp_server" size="45" value="{$subnet_ntp_server}">
<input type="text" name="subnet_ntp_server" size="45" value="{$subnet->ntp_server}">
</td>
</tr>
<tr>
@ -76,7 +76,7 @@
{$lang_subnet_info}
</td>
<td class="value">
<textarea name="subnet_info" cols="30" rows="10">{$subnet_info}</textarea>
<textarea name="subnet_info" cols="30" rows="10">{$subnet->info}</textarea>
</td>
</tr>
</table>

@ -1,6 +1,6 @@
<form method="POST" action="submit.php">
<input type="hidden" name="add" value="subnetlocation">
<input type="hidden" name="subnet_id" value="{$subnet_id}">
<input type="hidden" name="subnet_id" value="{$subnet->id}">
<table class="title">
<tr>
@ -30,7 +30,7 @@
{$lang_subnet_subnetaddress}/{$lang_subnet_mask}
</td>
<td class="value">
<a href="subnetview.php?subnet_id={$subnet_id}">{$subnet_address}/{$subnet_mask}</a>
<a href="subnetview.php?subnet_id={$subnet->id}">{$subnet->address}/{$subnet->mask}</a>
</td>
</tr>
</table>

@ -1,6 +1,6 @@
<form method="POST" action="submit.php">
<input type="hidden" name="redirect" value="subnetlocation">
<input type="hidden" name="subnet_id" value="{$subnet_id}">
<input type="hidden" name="subnet_id" value="{$subnet->id}">
<table class="title">
<tr>
@ -28,7 +28,7 @@
{$lang_subnet_subnetaddress}/{$lang_subnet_mask}
</td>
<td class="value">
<a href="subnetview.php?subnet_id={$subnet_id}">{$subnet_address}/{$subnet_mask}</a>
<a href="subnetview.php?subnet_id={$subnet->id}">{$subnet->address}/{$subnet->mask}</a>
</td>
</tr>
</table>

@ -47,7 +47,7 @@
{$lang_subnet_subnetaddress}
</td>
<td class="value">
{if $subnet_proto_vers eq 4}
{if $subnet->proto_vers eq 4}
<a href="subnetview.php?subnet_id={$subnet->id}">{$subnet->address}</a>
{else}
{$subnet->address}&nbsp;/&nbsp;{$subnet->mask}
@ -62,7 +62,7 @@
{$subnet->proto_vers}
</td>
</tr>
{if $subnet_proto_vers eq 4}
{if $subnet->proto_vers eq 4}
<tr>
<td class="label">
{$lang_subnet_mask}

@ -1,6 +1,6 @@
<form method="POST" action="submit.php">
<input type="hidden" name="add" value="subnetvlan">
<input type="hidden" name="subnet_id" value="{$subnet_id}">
<input type="hidden" name="subnet_id" value="{$subnet->id}">
<table class="title">
<tr>
@ -28,7 +28,7 @@
{$lang_subnet_subnetaddress}/{$lang_subnet_mask}
</td>
<td class="value">
<a href="subnetview.php?subnet_id={$subnet_id}">{$subnet_address}/{$subnet_mask}</a>
<a href="subnetview.php?subnet_id={$subnet->id}">{$subnet->address}/{$subnet->mask}</a>
</td>
</tr>
</table>

@ -1,6 +1,6 @@
<form method="POST" action="submit.php">
<input type="hidden" name="redirect" value="subnetvlan">
<input type="hidden" name="subnet_id" value="{$subnet_id}">
<input type="hidden" name="subnet_id" value="{$subnet->id}">
<table class="title">
<tr>
@ -28,7 +28,7 @@
{$lang_subnet_subnetaddress}/{$lang_subnet_mask}
</td>
<td class="value">
<a href="subnetview.php?subnet_id={$subnet_id}">{$subnet_address}/{$subnet_mask}</a>
<a href="subnetview.php?subnet_id={$subnet->id}">{$subnet->address}/{$subnet->mask}</a>
</td>
</tr>
</table>

@ -1,6 +1,6 @@
<form method="POST" action="submit.php">
<input type="hidden" name="edit" value="user">
<input type="hidden" name="user_id" value="{$user_id}">
<input type="hidden" name="user_id" value="{$user->id}">
<table class="title">
<tr>
@ -29,7 +29,7 @@
{$lang_user_name}
</td>
<td class="value">
<input type="text" name="user_name" value="{$user_name}">
<input type="text" name="user_name" value="{$user->name}">
</td>
</tr>
<tr>
@ -37,7 +37,7 @@
{$lang_user_displayname}
</td>
<td class="value">
<input type="text" name="user_displayname" value="{$user_displayname}">
<input type="text" name="user_displayname" value="{$user->displayname}">
</td>
</tr>
</table>

@ -1,6 +1,6 @@
<form method="POST" action="submit.php">
<input type="hidden" name="add" value="vlansubnet">
<input type="hidden" name="vlan_id" value="{$vlan_id}">
<input type="hidden" name="vlan_id" value="{$vlan->id}">
<table class="title">
<tr>
@ -28,7 +28,7 @@
{$lang_vlan_name} ({$lang_vlan_number})
</td>
<td class="value">
<a href="vlanview.php?vlan_id={$vlan_id}">{$vlan_name} ({$vlan_number})</a>
<a href="vlanview.php?vlan_id={$vlan->id}">{$vlan->name} ({$vlan->number})</a>
</td>
</tr>
</table>

@ -13,7 +13,7 @@ $user_id = sanitize($_GET['user_id']);
include("header.php");
$sql = "SELECT user_name AS name, user_displayname AS displayname
$sql = "SELECT user_id AS id, user_name AS name, user_displayname AS displayname
FROM user
WHERE user_id=?";
$sth = $dbh->prepare($sql);

@ -13,7 +13,7 @@ $user_id = sanitize($_GET['user_id']);
include("header.php");
$sql = "SELECT user_name AS name, user_displayname AS displayname
$sql = "SELECT user_id AS id, user_name AS name, user_displayname AS displayname
FROM user
WHERE user_id=?";
$sth = $dbh->prepare($sql);

@ -17,7 +17,7 @@ $sql = "SELECT vlan_id AS id, vlan_name AS name, vlan_number AS number
FROM vlan
WHERE vlan_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$zone_id]);
$sth->execute([$vlan_id]);
$smarty->assign("vlan", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("vlandel.tpl");