function api_user_info($array) {
/* build SQL query */
$sql_query = "SELECT *, DATE_FORMAT(password_change_last,'%M %e %Y %H:%i:%s') as password_change_last_formatted, DATE_FORMAT(last_login,'%M %e %Y %H:%i:%s') as last_login_formatted FROM user_auth WHERE ";
$sql_where = "";
if (($array) && (is_array($array))) {
foreach ($array as $field => $value) {
$sql_where .= $field . " = '" . sql_sanitize($value) . "' AND ";
}
/* remove trailing AND */
$sql_where = preg_replace("/ AND\ $/", "", $sql_where);
$sql_query = $sql_query . $sql_where;
}else{
/* error no array */
return "";
}
/* get the user info */
$user = db_fetch_row($sql_query);
if ((is_array($user)) && (sizeof($user) > 0)) {
return $user;
}else{
return NULL;
}
}
function api_rra_consolidation_function_list($rra_id) {
/* sanity checks */
validate_id_die($rra_id, "rra_id");
return array_rekey(db_fetch_assoc("select * from rra_cf where rra_id = " . sql_sanitize($rra_id)), "", "consolidation_function_id");
}
function sql_save($array_items, $table_name, $key_cols = "id") {
global $cnn_id;
while (list ($key, $value) = each ($array_items)) {
$array_items[$key] = "\"" . sql_sanitize($value) . "\"";
}
if (!$cnn_id->Replace($table_name, $array_items, $key_cols, false)) { return 0; }
/* get the last AUTO_ID and return it */
if ($cnn_id->Insert_ID() == "0") {
if (!is_array($key_cols)) {
if (isset($array_items[$key_cols])) {
return str_replace("\"", "", $array_items[$key_cols]);
}
}
return 0;
}else{
return $cnn_id->Insert_ID();
}
}
function sql_get_quoted_string($field_type, $field_value) {
if ($field_type == DB_TYPE_STRING) {
return "'" . sql_sanitize($field_value) . "'";
}else if ($field_type == DB_TYPE_INTEGER){
if (is_numeric($field_value)) {
return $field_value;
}else{
log_message("Invalid numeric column value '" . $field_value . "' in " . __FUNCTION__ . "()", LOG_LEVEL_WARNING, "lib-db");
die("Invalid numeric column value '" . $field_value . "' in " . __FUNCTION__ . "()");
}
}else if ($field_type == DB_TYPE_INTEGER) {
if (db_integer_validate($field_value, true, true)) {
return $field_value;
}else{
log_message("Invalid numeric column value '" . $field_value . "' in " . __FUNCTION__ . "()", LOG_LEVEL_WARNING, "lib-db");
die("Invalid numeric column value '" . $field_value . "' in " . __FUNCTION__ . "()");
}
}else if ($field_type == DB_TYPE_NULL) {
return "NULL";
}else if ($field_type == DB_TYPE_BLOB) {
// i think the addslashes() may cause problems for non-mysql dbs, but it wasn't working for me otherwise
return "'" . addslashes($field_value) . "'";
}else if ($field_type == DB_TYPE_HTML_CHECKBOX) {
if ($field_value == "on") {
return 1;
}else if ($field_value == "") {
return 0;
}else if ($field_value == "0") {
return 0;
}else if ($field_value == "1") {
return 1;
}else{
return 0;
}
}else if ($field_type == DB_TYPE_FUNC_NOW) {
return "NOW()";
}else if ($field_type == DB_TYPE_FUNC_MD5) {
return "'" . md5($field_value) . "'";
}else{
log_save("Invalid column type '" . $field_type . "' value '" . $field_value . "' in " . __FUNCTION__ . "()", SEV_WARNING);
}
}
function api_graph_template_data_template_list($graph_template_id) {
/* sanity checks */
validate_id_die($graph_template_id, "graph_template_id");
return db_fetch_assoc("select distinct
data_template_item.data_template_id as id,
data_template.template_name
from graph_template_item,data_template_item,data_template
where graph_template_item.data_template_item_id=data_template_item.id
and data_template_item.data_template_id=data_template.id
and graph_template_item.graph_template_id = " . sql_sanitize($graph_template_id) . "
order by data_template.template_name");
}
function sql_save($array_items, $table_name, $key_cols = "id", $autoinc = TRUE, $db_conn = FALSE)
{
global $cnn_id;
if (read_config_option("log_verbosity") == POLLER_VERBOSITY_DEVDBG) {
cacti_log("DEVEL: SQL Save on table '{$table_name}': \"" . serialize($array_items) . "\"", FALSE);
}
/* check for a connection being passed, if not use legacy behavior */
if (!$db_conn) {
$db_conn = $cnn_id;
}
while (list($key, $value) = each($array_items)) {
$array_items[$key] = sql_sanitize($value);
}
$replace_result = $db_conn->Replace($table_name, $array_items, $key_cols, FALSE, $autoinc);
if ($replace_result == 0) {
cacti_log("ERROR: SQL Save Command Failed for Table '{$table_name}'. Error was '" . $cnn_id->ErrorMsg() . "'", false);
return 0;
}
/* get the last AUTO_ID and return it */
if ($db_conn->Insert_ID() == "0" || $replace_result == 1) {
if (!is_array($key_cols)) {
if (isset($array_items[$key_cols])) {
return str_replace("'", "", $array_items[$key_cols]);
}
}
return 0;
} else {
return $db_conn->Insert_ID();
}
}
if (isset($_SESSION['id'])) {
$quote = "<a href=\"#comment-" . $c['id'] . "-" . $c['author'] . "\" class=\"quote\">Quote</a> | ";
$pm = " | <a href=\"?base=ucp&page=mail&uc=" . $c['author'] . "\">PM</a>";
}
echo "\n\t\t\t<div class=\"well\"><img src=\"" . get_gravatar($c['email']) . "\" alt=\"" . $c['author'] . "\" class=\"img-responsive\" style=\"float:left;padding-right:10px;\"/>\n\t\t\t<h4 style=\"margin:0px;\">" . $c['author'] . "</h4>\n\t\t\t\t<b>Feedback:</b> " . $feedback . "<br/>\n\t\t\t\t<small>Posted " . ago($c['date']) . ", on " . date('M j, Y', $c['date']) . "</small><br/>\n\t\t\t\t<small>" . $modify . $quote . "<a href=\"#comment-link-" . $c['id'] . "\" class=\"permalink\">Permalink</a><a href=\"?base=main&page=events&id=" . $id . "#comment-" . $c['id'] . "\" class=\"permalinkshow linkid-" . $c['id'] . "\">?base=main&page=events&id=" . $id . "#comment-" . $c['id'] . "</a>" . $pm . "</small><hr/>\n\t\t\t\t<div class=\"breakword\" id=\"comment-" . $c['id'] . "\">" . $clean_comment . "</div>\n\t\t\t\t</div>";
}
}
} else {
$ge = $mysqli->query("SELECT * FROM " . $prefix . "events ORDER BY id DESC") or die;
$rows = $ge->num_rows;
if ($rows < 1) {
echo "<div class=\"alert alert-danger\">Oops! No events to display right now!</div>";
} else {
echo "<h2 class=\"text-left\">" . $servername . " Events</h2><hr/>";
while ($e = $ge->fetch_assoc()) {
$gc = $mysqli->query("SELECT * FROM " . $prefix . "ecomments WHERE eid='" . sql_sanitize($e['id']) . "' ORDER BY id ASC") or die;
$cc = $gc->num_rows;
echo "<img src=\"assets/img/news/" . $e['type'] . ".gif\" alt='' />";
echo "[" . $e['date'] . "] \n\t\t\t<b><a href=\"?base=main&page=events&id=" . $e['id'] . "\">" . stripslashes($e['title']) . "</a></b>\n\t\t<span class=\"commentbubble\">\n\t\t\t<b>" . $e['views'] . "</b> views | <b>" . $cc . "</b> comments\n\t\t";
if (isset($_SESSION['admin'])) {
echo "\n\t\t\t\t<a href=\"?base=admin&page=manevent&action=edit&id=" . $e['id'] . "\">Edit</a> | \n\t\t\t\t<a href=\"?base=admin&page=manevent&action=del\">Delete</a> | \n\t\t\t\t<a href=\"?base=admin&page=manevent&action=lock\">Lock</a> \n\t\t\t";
}
echo "</span><br/>";
}
}
}
?>
<script>
<?php
if (isset($_SESSION['id'])) {
?>
function api_data_template_input_field_list($data_template_id) {
/* sanity check for $data_template_id */
if ((!is_numeric($data_template_id)) || (empty($data_template_id))) {
return false;
}
return array_rekey(db_fetch_assoc("select name,t_value,value from data_template_field where data_template_id = " . sql_sanitize($data_template_id)), "name", array("value", "t_value"));
}
function sql_save($array_items, $table_name, $key_cols = 'id', $autoinc = TRUE, $db_conn = FALSE)
{
global $database_sessions, $database_default;
/* check for a connection being passed, if not use legacy behavior */
if (!$db_conn) {
$db_conn = $database_sessions[$database_default];
}
if (read_config_option('log_verbosity') == POLLER_VERBOSITY_DEVDBG) {
cacti_log("DEVEL: SQL Save on table '{$table_name}': \"" . serialize($array_items) . '"', FALSE);
}
while (list($key, $value) = each($array_items)) {
$array_items[$key] = '"' . sql_sanitize($value) . '"';
}
$replace_result = _db_replace($db_conn, $table_name, $array_items, $key_cols, $autoinc);
if ($replace_result === false) {
cacti_log("ERROR: SQL Save Command Failed for Table '{$table_name}'. Error was '" . mysql_error($db_conn) . "'", false);
return FALSE;
}
/* get the last AUTO_ID and return it */
if (!$replace_result || db_fetch_insert_id($db_conn) == '0') {
if (!is_array($key_cols)) {
if (isset($array_items[$key_cols])) {
return str_replace('"', '', $array_items[$key_cols]);
}
}
return FALSE;
} else {
return $replace_result;
}
}
function update_reindex_cache($host_id, $data_query_id) {
require_once(CACTI_BASE_PATH . "/lib/sys/snmp.php");
require_once(CACTI_BASE_PATH . "/include/data_query/data_query_constants.php");
require_once(CACTI_BASE_PATH . "/lib/device/device_info.php");
require_once(CACTI_BASE_PATH . "/lib/data_query/data_query_info.php");
/* will be used to keep track of sql statements to execute later on */
$recache_stack = array();
/* get information about the host */
$host = api_device_get($host_id);
/* get information about the host->data query assignment */
$host_data_query = api_device_data_query_get($host_id, $data_query_id);
/* get information about the data query */
$data_query = api_data_query_get($data_query_id);
switch ($host_data_query["reindex_method"]) {
case DATA_QUERY_AUTOINDEX_NONE:
break;
case DATA_QUERY_AUTOINDEX_BACKWARDS_UPTIME:
/* the uptime backwards method requires snmp, so make sure snmp is actually enabled
* on this device first */
if ($host["snmp_community"] != "") {
$assert_value = cacti_snmp_get($host["hostname"],
$host["snmp_community"],
".1.3.6.1.2.1.1.3.0",
$host["snmp_version"],
$host["snmpv3_auth_username"],
$host["snmpv3_auth_password"],
$host["snmpv3_auth_protocol"],
$host["snmpv3_priv_passphrase"],
$host["snmpv3_priv_protocol"],
$host["snmp_port"],
$host["snmp_timeout"],
SNMP_POLLER);
array_push($recache_stack, "insert into poller_reindex (host_id,data_query_id,action,op,assert_value,arg1) values (" . sql_sanitize($host_id) . "," . sql_sanitize($data_query_id) . ",0,'<','" . sql_sanitize($assert_value) . "','.1.3.6.1.2.1.1.3.0')");
}
break;
case DATA_QUERY_AUTOINDEX_INDEX_NUM_CHANGE:
/* this method requires that some command/oid can be used to determine the
* current number of indexes in the data query */
$assert_value = api_data_query_cache_num_rows_get($data_query_id, $host_id);
if ($data_query_type == DATA_QUERY_INPUT_TYPE_SNMP_QUERY) {
if ($data_query["snmp_oid_num_rows"] != "") {
array_push($recache_stack, "insert into poller_reindex (host_id,data_query_id,action,op,assert_value,arg1) values (" . sql_sanitize($host_id) . "," . sql_sanitize($data_query_id) . ",0,'=','" . sql_sanitize($assert_value) . "','" . sql_sanitize($data_query["snmp_oid_num_rows"]) . "')");
}
}else if ($data_query_type == DATA_QUERY_INPUT_TYPE_SCRIPT_QUERY) {
array_push($recache_stack, "insert into poller_reindex (host_id,data_query_id,action,op,assert_value,arg1) values (" . sql_sanitize($host_id) . "," . sql_sanitize($data_query_id) . ",1,'=','" . sql_sanitize($assert_value) . "','" . sql_sanitize(api_data_query_script_path_format($data_query_xml["script_path"]) . DATA_QUERY_SCRIPT_ARG_NUM_INDEXES) . "')");
}
break;
case DATA_QUERY_AUTOINDEX_FIELD_VERIFICATION:
$primary_indexes = api_data_query_cache_field_get($data_query_id, $host_id, $data_query["sort_field"]);
if (sizeof($primary_indexes) > 0) {
foreach ($primary_indexes as $index) {
$assert_value = $index["field_value"];
if ($data_query_type == DATA_QUERY_INPUT_TYPE_SNMP_QUERY) {
array_push($recache_stack, "insert into poller_reindex (host_id,data_query_id,action,op,assert_value,arg1) values (" . sql_sanitize($host_id) . "," . sql_sanitize($data_query_id) . ",0,'=','" . sql_sanitize($assert_value) . "','" . sql_sanitize($index["oid"]) . "')");
}else if ($data_query_type == DATA_QUERY_INPUT_TYPE_SCRIPT_QUERY) {
array_push($recache_stack, "insert into poller_reindex (host_id,data_query_id,action,op,assert_value,arg1) values (" . sql_sanitize($host_id) . "," . sql_sanitize($data_query_id) . ",1,'=','" . sql_sanitize($assert_value) . "','" . sql_sanitize(api_data_query_script_path_format($data_query_xml["script_path"]) . DATA_QUERY_SCRIPT_ARG_GET . " " . $data_query_xml["fields"]{$data_query["sort_field"]}["query_name"] . " " . $index["snmp_index"]) . "')");
}
}
}
break;
}
/* save the delete for last since we need to reference this table in the code above */
db_execute("delete from poller_reindex where host_id=$host_id and data_query_id=$data_query_id");
for ($i=0; $i<count($recache_stack); $i++) {
db_execute($recache_stack[$i]);
}
}
function save_schedules()
{
/* ================= input validation ================= */
input_validate_input_number(get_request_var_post('id'));
input_validate_input_number(get_request_var_post('savedquery'));
input_validate_input_number(get_request_var_post('sendinterval'));
/* ==================================================== */
$save['title'] = sql_sanitize($_POST['title']);
$save['savedquery'] = $_POST['savedquery'];
$save['sendinterval'] = $_POST['sendinterval'];
$save['start'] = sql_sanitize($_POST['start']);
$save['email'] = sql_sanitize($_POST['email']);
$t = time();
$d = strtotime($_POST['start']);
$i = $save['sendinterval'];
if (isset($_POST['id'])) {
$save['id'] = $_POST['id'];
$q = db_fetch_row("SELECT * FROM plugin_flowview_schedules WHERE id = " . $save['id']);
if (!isset($q['lastsent']) || $save['start'] != $q['start'] || $save['sendinterval'] != $q['sendinterval']) {
while ($d < $t) {
$d += $i;
}
$save['lastsent'] = $d - $i;
}
} else {
$save['id'] = '';
while ($d < $t) {
$d += $i;
}
$save['lastsent'] = $d - $i;
}
if (isset($_POST["enabled"])) {
$save["enabled"] = 'on';
} else {
$save["enabled"] = 'off';
}
$id = sql_save($save, 'plugin_flowview_schedules', 'id', true);
if (is_error_message()) {
header('Location: flowview_schedules.php?action=edit&id=' . (empty($id) ? $_POST['id'] : $id));
exit;
}
header("Location: flowview_schedules.php");
exit;
}
function api_data_source_item_list($data_source_id) {
/* sanity checks */
validate_id_die($data_source_id, "data_source_id");
return db_fetch_assoc("select
data_source_item.rrd_heartbeat,
data_source_item.rrd_minimum,
data_source_item.rrd_maximum,
data_source_item.data_source_name,
data_source_item.data_source_type
from data_source_item
where data_source_item.data_source_id = " . sql_sanitize($data_source_id));
}
function api_data_preset_package_vendor_get($preset_id) {
/* sanity checks */
validate_id_die($preset_id, "preset_id");
return db_fetch_cell("select name from preset_package_vendor where id = " . sql_sanitize($preset_id));
}
function api_package_author_get($package_author_id) {
/* sanity checks */
validate_id_die($package_author_id, "package_author_id");
return db_fetch_row("select * from package_author where id = " . sql_sanitize($package_author_id));
}
function api_graph_template_item_remove($graph_template_item_id, $delete_attached = true) {
/* sanity checks */
validate_id_die($graph_template_item_id, "graph_template_item_id");
/* base tables */
db_delete("graph_template_item",
array(
"id" => array("type" => DB_TYPE_INTEGER, "value" => $graph_template_item_id)
));
db_delete("graph_template_item_input_item",
array(
"graph_template_item_id" => array("type" => DB_TYPE_INTEGER, "value" => $graph_template_item_id)
));
/* attached graph items */
if ($delete_attached === true) {
db_delete("graph_item",
array(
"graph_template_item_id" => array("type" => DB_TYPE_INTEGER, "value" => $graph_template_item_id)
));
}else{
db_execute("UPDATE graph_item SET graph_template_item_id = 0 WHERE graph_template_item_id = " . sql_sanitize($graph_template_item_id));
}
}
if (isset($_POST['subcomment'])) {
$postComment = $mysqli->real_escape_string($_POST['comment']);
if (strlen($postComment) < 10) {
echo "Please provide more information.";
} else {
$insertComment = $mysqli->query("INSERT INTO " . $prefix . "tcomments (ticketid, user, content, date_com)\n\t\t\t\t\t\t\tVALUES " . "('" . $_GET['a'] . "', '" . $_SESSION['pname'] . "', '" . $postComment . "', '" . date('F d - g:i A') . "')") or die(mysql_error());
$insertComment = $mysqli->query("UPDATE " . $prefix . "tickets SET date = '" . date('F d - g:i A') . "' WHERE ticketid = '" . sql_sanitize($_GET['a']) . "'") or die(mysql_error());
if ($insertComment) {
echo "<meta http-equiv=\"refresh\" content=\"0; url=\"/>";
} else {
echo "There was an error processing your update. Please notify the admin.";
}
}
}
if (isset($_POST['close'])) {
$closeTicket = $mysqli->query("UPDATE " . $prefix . "tickets SET status = 0 WHERE ticketid = '" . sql_sanitize($_GET['a']) . "'");
if ($closeTicket) {
echo "<br/><div class=\"alert alert-success\">This ticket was successfully closed! You will be redirected in five seconds.</div>";
redirect_wait5("?base=admin&page=ticket");
}
}
}
} else {
redirect("?base");
}
?>
<script>
<?php
if (isset($_SESSION['id'])) {
?>
CKEDITOR.replace( 'ticketDetails', {
function api_data_preset_cdef_get($preset_cdef_id) {
/* sanity checks */
validate_id_die($preset_cdef_id, "preset_cdef_id");
return db_fetch_row("select * from preset_cdef where id = " . sql_sanitize($preset_cdef_id));
}
function item_edit()
{
global $colors;
/* if the user pushed the 'clear' button */
if (isset($_REQUEST["clear_x"])) {
kill_session_var("sess_ds_host_id");
unset($_REQUEST["host_id"]);
}
/* remember these search fields in session vars so we don't have to keep passing them around */
load_current_session_value("filter", "sess_ds_filter", "");
load_current_session_value("host_id", "sess_ds_host_id", "-1");
$host = db_fetch_row("select hostname from host where id = " . sql_sanitize($_REQUEST["host_id"]));
html_start_box("<strong>Data Source by Host</strong> [host: " . (empty($host["hostname"]) ? "No Host" : $host["hostname"]) . "]", "98%", $colors["header"], "3", "center", "");
include "./include/html/inc_graph_items_filter_table.php";
html_end_box();
if ($_REQUEST["host_id"] == "-1") {
$sql_where = "";
} elseif ($_REQUEST["host_id"] == "0") {
$sql_where = " and data_local.host_id = 0";
} elseif (!empty($_REQUEST["host_id"])) {
$sql_where = " and data_local.host_id = " . sql_sanitize($_REQUEST["host_id"]);
}
if (!empty($_GET["id"])) {
$graph_item = db_fetch_row("select * from graph_item where id = " . sql_sanitize($_GET["id"]));
$host_id = db_fetch_cell("select host_id from graph where id = " . sql_sanitize($_GET["graph_id"]));
}
/* by default, select the LAST DS chosen to make everyone's lives easier */
$default = db_fetch_row("select data_source_item_id from graph_item where graph_id = " . sql_sanitize($_GET["graph_id"]) . " order by sequence DESC limit 1");
form_start("graphs_items.php", "form_graph_item");
/* ==================== Box: Graph Item ==================== */
html_start_box("<strong>" . _("Graph Item") . "</strong> [Graph: " . db_fetch_cell("select title_cache from graph where id=" . $_GET["graph_id"]) . "]", "98%", $colors["header_background"], "3", "center", "");
_graph_item_field__data_source_item_id("data_source_item_id", sizeof($default) == 1 ? $default["data_source_item_id"] : "0", empty($_GET["id"]) ? 0 : $_GET["id"], $host_id);
_graph_item_field__color("color", isset($graph_item["color"]) ? $graph_item["color"] : "", empty($_GET["id"]) ? 0 : $_GET["id"]);
_graph_item_field__graph_item_type("graph_item_type", isset($graph_item["graph_item_type"]) ? $graph_item["graph_item_type"] : "", empty($_GET["id"]) ? 0 : $_GET["id"]);
_graph_item_field__consolidation_function("consolidation_function", isset($graph_item["consolidation_function"]) ? $graph_item["consolidation_function"] : "", empty($_GET["id"]) ? 0 : $_GET["id"]);
_graph_item_field__cdef("cdef", isset($graph_item["cdef"]) ? $graph_item["cdef"] : "", empty($_GET["id"]) ? 0 : $_GET["id"]);
_graph_item_field__gprint_format("gprint_format", isset($graph_item["gprint_format"]) ? $graph_item["gprint_format"] : "", empty($_GET["id"]) ? 0 : $_GET["id"]);
_graph_item_field__legend_value("legend_value", isset($graph_item["legend_value"]) ? $graph_item["legend_value"] : "", empty($_GET["id"]) ? 0 : $_GET["id"]);
_graph_item_field__legend_format("legend_format", isset($graph_item["legend_format"]) ? $graph_item["legend_format"] : "", empty($_GET["id"]) ? 0 : $_GET["id"]);
_graph_item_field__hard_return("hard_return", isset($graph_item["hard_return"]) ? $graph_item["hard_return"] : "", empty($_GET["id"]) ? 0 : $_GET["id"]);
form_hidden_box("graph_item_id", isset($graph_item) ? $graph_item["id"] : "0", "");
form_hidden_box("graph_id", $_GET["graph_id"], "0");
form_hidden_box("save_component_item", "1", "");
html_end_box();
form_save_button("graphs.php?action=edit&id=" . $_GET["graph_id"]);
}
function sql_save($array_items, $table_name, $key_cols = "id", $autoinc = TRUE, $db_conn = FALSE)
{
global $cnn_id;
/* check for a connection being passed, if not use legacy behavior */
if (!$db_conn) {
$db_conn = $cnn_id;
}
while (list($key, $value) = each($array_items)) {
$array_items[$key] = "\"" . sql_sanitize($value) . "\"";
}
$replace_result = $db_conn->Replace($table_name, $array_items, $key_cols, FALSE, $autoinc);
if ($replace_result == 0) {
return 0;
}
/* get the last AUTO_ID and return it */
if ($db_conn->Insert_ID() == "0" || $replace_result == 1) {
if (!is_array($key_cols)) {
if (isset($array_items[$key_cols])) {
return str_replace("\"", "", $array_items[$key_cols]);
}
}
return 0;
} else {
return $db_conn->Insert_ID();
}
}
function api_data_query_snmp_execute($host_id, $data_query_id) {
require_once(CACTI_BASE_PATH . "/include/data_query/data_query_constants.php");
require_once(CACTI_BASE_PATH . "/lib/data_query/data_query_info.php");
require_once(CACTI_BASE_PATH . "/lib/device/device_info.php");
/* get information about the data query */
$data_query = api_data_query_get($data_query_id);
/* get a list of all input fields defined for this data query */
$data_query_fields = api_data_query_field_list($data_query_id, DATA_QUERY_FIELD_TYPE_INPUT);
/* fetch a list of indexes for this data query */
$field_values{$data_query["index_field_id"]} = api_data_query_snmp_execute_field($host_id, $data_query["index_field_id"]);
if (($field_values{$data_query["index_field_id"]} === false) || (sizeof($field_values{$data_query["index_field_id"]}) == 0)) {
debug_log_insert("data_query", _("No indexes returned, cannot continue."));
return false;
}
/* reindex the parsed index values as a hash (value->oid) for quicker access. DUPLICATE INDEX VALUES
* WILL CAUSE PROBLEMS HERE */
foreach ($field_values{$data_query["index_field_id"]} as $result) {
$index_field_values{$result["value_parsed"]} = true;
}
/* clear old data from the data query cache */
db_execute("delete from host_data_query_cache where host_id = " . sql_sanitize($host_id) . " and data_query_id = " . sql_sanitize($data_query_id));
if (is_array($data_query_fields)) {
foreach ($data_query_fields as $field) {
/* fetch a list of values for this field (assuming that we haven't already seen it */
if (!isset($field_values{$field["id"]})) {
$field_values{$field["id"]} = api_data_query_snmp_execute_field($host_id, $field["id"]);
}else{
debug_log_insert("data_query", "Walking OID '" . $field["source"] . "' (cached)");
}
/* see if we have some output to play with */
if (($field_values{$field["id"]} !== false) && (sizeof($field_values{$field["id"]}) > 0)) {
foreach ($field_values{$field["id"]} as $oid => $result) {
/* stick with the 0.8.x behavior: use the value for the index when the actual value is
* derived from the oid */
if (($field["method_type"] == DATA_QUERY_FIELD_METHOD_OID_OCTET) || ($field["method_type"] == DATA_QUERY_FIELD_METHOD_OID_PARSE)) {
$expected_index = $result["value"];
/* find the index at the end of the oid */
}else{
$expected_index = substr($oid, strlen($field["source"])+1);
}
/* a match for this index has been located */
if (isset($index_field_values[$expected_index])) {
debug_log_insert("data_query", sprintf(_("Found value [%s = '%s'] for index [%s]"), $field["name"], $result["value_parsed"], $expected_index));
db_insert("host_data_query_cache",
array(
"host_id" => array("type" => DB_TYPE_INTEGER, "value" => $host_id),
"data_query_id" => array("type" => DB_TYPE_INTEGER, "value" => $data_query_id),
"field_name" => array("type" => DB_TYPE_STRING, "value" => $field["name"]),
"field_value" => array("type" => DB_TYPE_STRING, "value" => $result["value_parsed"]),
"index_value" => array("type" => DB_TYPE_STRING, "value" => $expected_index),
"oid" => array("type" => DB_TYPE_STRING, "value" => $oid)
),
array("host_id", "data_query_id", "field_name", "index_value"));
/* a match for this index has not been located */
}else{
debug_log_insert("data_query", _("Ignoring unknown index '$expected_index'."));
}
}
}else{
debug_log_insert("data_query", _("No values returned from the field '" . $field["name"] . "', ignoring."));
}
}
}
return true;
}
function sql_save($array_items, $table_name, $key_cols = "id", $autoinc = true) {
global $cnn_id;
while (list ($key, $value) = each ($array_items)) {
$array_items[$key] = "\"" . sql_sanitize($value) . "\"";
}
$replace_result = $cnn_id->Replace($table_name, $array_items, $key_cols, FALSE, $autoinc);
if ($replace_result == 0) {
return 0;
}
/* get the last AUTO_ID and return it */
if (($cnn_id->Insert_ID() == "0") || ($replace_result == 1)) {
if (!is_array($key_cols)) {
if (isset($array_items[$key_cols])) {
return str_replace("\"", "", $array_items[$key_cols]);
}
}
return 0;
}else{
return $cnn_id->Insert_ID();
}
}
/**
* Send syslog message to a syslog server
*
* Generates and sends a syslog packet to a syslog server
*
* @param string $syslog_server Server to send syslog messages to
* @param int $syslog_server_port Port to send to on syslog server
* @param int $syslog_facility Syslog facility value, refer to syslog log constants
* @param int $syslog_severity Syslog severity value, refer to syslog log constants
* @param string $syslog_message message to send to syslog server
* @return bool true on sent, false on error
*/
function log_save_syslog ($syslog_server, $syslog_server_port, $syslog_facility, $syslog_severity, $syslog_message) {
global $cnn_id;
/* Set syslog tag */
$syslog_tag = "cacti";
/* Get the pid */
$pid = getmypid();
/* Set syslog server */
if (strtolower(substr($syslog_server, 0, 5)) == "udp://") {
$syslog_server = strtolower($syslog_server);
} elseif (strtolower(substr($syslog_server, 0, 5)) == "udp://") {
$syslog_server = strtolower($syslog_server);
}else{
$syslog_server = "udp://" . $syslog_server;
}
/* Check facility */
if (empty($syslog_facility)) {
$syslog_facility = SYSLOG_LOCAL0;
}
if (($syslog_facility > 23) || ($syslog_facility < 0)) {
$syslog_facility = SYSLOG_LOCAL0;
}
/* Check severity */
if (empty($syslog_severity)) {
$syslog_severity = SYSLOG_INFO;
}
if (($syslog_severity > 7) || ($syslog_severity < 0)) {
$syslog_severity = SYSLOG_INFO;
}
/* Make syslog packet */
$device = $_SERVER["SERVER_NAME"];
$time = time();
if (strlen(date("j", $time)) < 2) {
$time = date("M j H H:i:s", $time);
}else{
$time = date("M j H H:i:s", $time);
}
$priority = ($syslog_facility * 8) + $syslog_severity;
$packet = "<" . $priority . ">" . $syslog_tag . "[" . $pid . "]: " . $syslog_message;
if (strlen($packet) > 1024) {
$packet = substr($packet, 0, 1024);
}
/* Send the syslog message */
$socket = @fsockopen($syslog_server, $syslog_server_port, $error_number, $error_string);
if ($socket) {
@fwrite($socket, $packet);
@fclose($socket);
return true;
}else{
/* socket error - log to database */
$sql = "insert into log
(logdate,facility,severity,poller_id,host_id,username,source,plugin,message) values
(SYSDATE(), " . CACTI_LOG_FAC_SYSTEM . "," . CACTI_LOG_SEV_ERROR . ",0,0,'SYSTEM','SYSLOG','N/A','". sql_sanitize("Syslog error[" . $error_number ."]: " . $error_string) . "');";
/* DO NOT USE db_execute, function looping can occur when in CACTI_LOG_SEV_DEV mode */
$cnn_id->Execute($sql);
return false;
}
return true;
}
die("403 - Access Forbidden");
}
?>
<script src="assets/libs/cksimple/ckeditor.js"></script>
<style>
blockquote {
margin: 0px;
}
.permalinkshow {
display: none;
}
</style>
<?php
if (@$_GET['id']) {
$id = sql_sanitize($_GET['id']);
$gb = $mysqli->query("SELECT * FROM " . $prefix . "gmblog WHERE id='" . $id . "'") or die;
$b = $gb->fetch_assoc();
require_once 'assets/libs/HTMLPurifier.standalone.php';
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.SafeIframe', true);
$config->set('HTML.TargetBlank', true);
$config->set('HTML.SafeObject', true);
$config->set('Output.FlashCompat', true);
$config->set('HTML.SafeEmbed', true);
$config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\\.youtube(?:-nocookie)?\\.com/embed/|player\\.vimeo\\.com/video/)%');
//allow YouTube and Vimeo
$purifier = new HTMLPurifier($config);
$clean_html = $purifier->purify($b['content']);
$positive = 0;
$negative = 0;
function collect_hrSystem(&$host)
{
global $hrSystem;
if (sizeof($host)) {
debug("Polling hrSystem from '" . $host["description"] . "[" . $host["hostname"] . "]'");
$hostMib = cacti_snmp_walk($host["hostname"], $host["snmp_community"], ".1.3.6.1.2.1.25.1", $host["snmp_version"], $host["snmp_username"], $host["snmp_password"], $host["snmp_auth_protocol"], $host["snmp_priv_passphrase"], $host["snmp_priv_protocol"], $host["snmp_context"], $host["snmp_port"], $host["snmp_timeout"], read_config_option("snmp_retries"), $host["max_oids"], SNMP_VALUE_LIBRARY, SNMP_WEBUI);
$systemMib = cacti_snmp_walk($host["hostname"], $host["snmp_community"], ".1.3.6.1.2.1.1", $host["snmp_version"], $host["snmp_username"], $host["snmp_password"], $host["snmp_auth_protocol"], $host["snmp_priv_passphrase"], $host["snmp_priv_protocol"], $host["snmp_context"], $host["snmp_port"], $host["snmp_timeout"], read_config_option("snmp_retries"), $host["max_oids"], SNMP_VALUE_LIBRARY, SNMP_WEBUI);
$hostMib = array_merge($hostMib, $systemMib);
$set_string = "";
// Locate the values names
if (sizeof($hostMib)) {
foreach ($hostMib as $mib) {
/* do some cleanup */
if (substr($mib["oid"], 0, 1) != ".") {
$mib["oid"] = "." . trim($mib["oid"]);
}
if (substr($mib["value"], 0, 4) == "OID:") {
$mib["value"] = str_replace("OID:", "", $mib["value"]);
}
$key = array_search($mib["oid"], $hrSystem);
if ($key == "date") {
$mib["value"] = hmib_dateParse($mib["value"]);
}
if (!empty($key)) {
$set_string .= (strlen($set_string) ? "," : "") . $key . "='" . sql_sanitize(trim($mib["value"], ' "')) . "'";
}
}
}
/* Update the values */
if (strlen($set_string)) {
db_execute("UPDATE plugin_hmib_hrSystem SET {$set_string} WHERE host_id=" . $host["id"]);
}
}
}
function api_graph_tree_item_get($graph_tree_item_id) {
/* sanity checks */
validate_id_die($graph_tree_item_id, "graph_tree_item_id");
return db_fetch_row("select * from graph_tree_items where id = " . sql_sanitize($graph_tree_item_id));
}
function api_graph_tree_item_move($graph_tree_item_id, $direction) {
require_once(CACTI_BASE_PATH . "/lib/graph_tree/graph_tree_info.php");
/* sanity checks */
validate_id_die($graph_tree_item_id, "graph_tree_item_id");
if (($direction != "up") && ($direction != "down")) {
return false;
}
/* obtain a copy of the current graph tree item */
$graph_tree_item = api_graph_tree_item_get($graph_tree_item_id);
/* find out where in the tree this item is located */
$current_depth = api_graph_tree_item_depth_get($graph_tree_item["order_key"]);
$displaced_row = db_fetch_row("select
order_key
from graph_tree_items
where order_key " . ($direction == "up" ? "<" : ">") . " " . sql_sanitize($graph_tree_item["order_key"]) . "
and order_key like '%" . sql_sanitize(substr($graph_tree_item["order_key"], ($current_depth * CHARS_PER_TIER))) . "'
and order_key not like '%" . sql_sanitize(str_repeat('0', CHARS_PER_TIER) . substr($graph_tree_item["order_key"], ($current_depth * CHARS_PER_TIER))) . "'
and graph_tree_id = " . $graph_tree_item["graph_tree_id"] . "
order by order_key " . ($direction == "up" ? "DESC" : "ASC"));
if ((is_array($displaced_row)) && (isset($displaced_row["order_key"]))) {
$old_root = sql_sanitize(substr($graph_tree_item["order_key"], 0, ($current_depth * CHARS_PER_TIER)));
$new_root = sql_sanitize(substr($displaced_row["order_key"], 0, ($current_depth * CHARS_PER_TIER)));
db_execute("UPDATE graph_tree_items SET order_key = CONCAT('" . str_pad('', ($current_depth * CHARS_PER_TIER), 'Z') . "',SUBSTRING(order_key," . (($current_depth * CHARS_PER_TIER) + 1).")) WHERE order_key LIKE '$new_root%' AND graph_tree_id = " . $graph_tree_item["graph_tree_id"]);
db_execute("UPDATE graph_tree_items SET order_key = CONCAT('$new_root',SUBSTRING(order_key," . (($current_depth * CHARS_PER_TIER) + 1) . ")) WHERE order_key LIKE '$old_root%' AND graph_tree_id = " . $graph_tree_item["graph_tree_id"]);
db_execute("UPDATE graph_tree_items SET order_key = CONCAT('$old_root',SUBSTRING(order_key," . (($current_depth * CHARS_PER_TIER) + 1) . ")) WHERE order_key LIKE '" . str_pad('', ($current_depth * CHARS_PER_TIER), 'Z') . "%' AND graph_tree_id = " . $graph_tree_item["graph_tree_id"]);
}
}
function api_device_data_query_get($device_id, $data_query_id) {
/* sanity check for $data_query_id */
if ((!is_numeric($data_query_id)) || (empty($data_query_id))) {
log_save("Invalid input '$data_query_id' for 'data_query_id' in " . __FUNCTION__ . "()", SEV_ERROR);
return false;
}
/* sanity check for $device_id */
if ((!is_numeric($device_id)) || (empty($device_id))) {
log_save("Invalid input '$device_id' for 'host_id' in " . __FUNCTION__ . "()", SEV_ERROR);
return false;
}
return db_fetch_row("select * from host_data_query where host_id = " . sql_sanitize($device_id) . " and data_query_id = " . sql_sanitize($data_query_id));
}
/**
* Returns information about an auth control entry
*
* Returns information array for a given auth control entries, or single requested value.
*
* @return array fields => values or value, false on error
*/
function api_auth_control_get($control_type, $control_id, $data_field = "") {
/* include required arrays */
require(CACTI_BASE_PATH . "/include/auth/auth_arrays.php");
/* Validate input */
if (!is_numeric($control_id)) {
return false;
}
if (!is_numeric($control_type)) {
return false;
}
/* Setup variables */
$value = false;
$expired = true;
$session = false;
$user = false;
if ($control_type == AUTH_CONTROL_OBJECT_TYPE_USER) {
$user = true;
$data_fields = $auth_control_data_user_fields;
} elseif ($control_type == AUTH_CONTROL_OBJECT_TYPE_GROUP) {
$data_fields = $auth_control_data_group_fields;
}else{
$data_fields = array();
}
/* Control record */
$control = db_fetch_row("SELECT * FROM (auth_control) WHERE id = " . $control_id . " AND object_type = " . $control_type);
if (sizeof($control) == 0) {
return false;
}
/* Check session for variable and that we can use the session */
if ((isset($_SESSION["auth_control_user_id"])) && ($user)) {
if ($_SESSION["auth_control_user_id"] == $control_id) {
if (isset($_SESSION["auth_data"])) {
print_a($_SESSION["auth_data"]);
$session = true;
}
}
}
/* Check update to user record if active session*/
if ((isset($_SESSION["auth_data"]["updated_when"])) && ($session) && ($user)) {
if ($_SESSION["auth_data"]["updated_when"] == $control["updated_when"]) {
$expired = false;
}
}
/* Get the requested data */
if (! empty($data_field)) {
/* single value return */
/* Get the value from the session else go to the database, if we are allowed to use the session */
if ((isset($_SESSION["auth_data"][$data_field])) && (! $expired) && ($session)) {
$value = $_SESSION["auth_data"][$data_field];
}else{
$data = db_fetch_row("SELECT * FROM (auth_data) WHERE control_id = " . $control_id . " AND name = '" . sql_sanitize($data_field) . "'");
if (isset($data[$data_field])) {
$value = $data["value"];
}else{
if (isset($data_fields[$data_field])) {
/* use default value */
$value = $data_fields[$data_field];
}else{
/* data field not found */
return false;
}
}
/* put the value into the session if we are using sessions */
if (($session) && ($user)) {
$_SESSION["auth_data"][$data_field] = $value;
}
}
}else{
/* multi value return */
/* Get the values from the session else go to the database, if we are allowed to use the session */
if ((! $expired) && ($session)) {
/* get current session variables */
$value = $_SESSION["auth_data"];
}else{
/* set control data */
$value = $control;
/* get control data for this control id */
$data = db_fetch_assoc("SELECT * FROM (auth_data) WHERE control_id = " . $control_id . " AND name in('" . implode("','",array_keys($data_fields)). "')");
if (sizeof($data) > 0) {
foreach ($data as $db_row) {
$value[$db_row["name"]] = $db_row["value"];
}
}
}
/* check that required control data values are present */
$db_values = array();
foreach ($data_fields as $key => $default_value) {
if (! array_key_exists($key, $value)) {
/* default value not set, let's get it */
if (sizeof($db_values) == 0) {
$control_data = db_fetch_assoc("SELECT * FROM (auth_data) WHERE control_id = " . $control_id);
foreach ($control_data as $data_row) {
$db_values[$data_row["name"]] = $data_row["value"];
}
}
if (array_key_exists($key, $db_values)) {
$value[$key] = $db_values[$key];
}else{
$value[$key] = $data_fields[$key];
}
}
}
/* update session values if needed */
if (($session) && ($user)) {
$_SESSION["auth_data"] = $value;
}
}
return $value;
}
function api_graph_template_item_input_propagate($graph_template_item_input_id, $value) {
require_once(CACTI_BASE_PATH . "/lib/graph/graph_info.php");
if ((empty($graph_template_item_input_id)) || (!is_numeric($graph_template_item_input_id))) {
return false;
}
/* retrieve a list of graph item fields */
$graph_item_fields = api_graph_item_form_list();
/* get the db field name for this graph item input */
$input_field_name = db_fetch_cell("select field_name from graph_template_item_input where id = " . sql_sanitize($graph_template_item_input_id));
if ($input_field_name != "") {
$graph_template_items = db_fetch_assoc("select graph_template_item_id from graph_template_item_input_item where graph_template_item_input_id = " . sql_sanitize($graph_template_item_input_id));
if (sizeof($graph_template_items) > 0) {
foreach ($graph_template_items as $graph_template_item) {
db_update("graph_item",
array(
"graph_template_item_id" => array("type" => DB_TYPE_INTEGER, "value" => $graph_template_item["graph_template_item_id"]),
$input_field_name => array("type" => $graph_item_fields[$input_field_name]["data_type"], "value" => $value)
),
array("graph_template_item_id"));
}
}
return true;
}else{
return false;
}
}
function syslog_sql_save($array_items, $table_name, $key_cols = "id", $autoinc = true)
{
global $syslog_cnn, $cnn_id;
/* use cacti function if using Cacti db */
if ($syslog_cnn == $cnn_id) {
return sql_save($array_items, $table_name, $key_cols, $autoinc);
}
while (list($key, $value) = each($array_items)) {
$array_items[$key] = "\"" . sql_sanitize($value) . "\"";
}
$replace_result = $syslog_cnn->Replace($table_name, $array_items, $key_cols, FALSE, $autoinc);
if ($replace_result == 0) {
return 0;
}
/* get the last AUTO_ID and return it */
if ($syslog_cnn->Insert_ID() == "0" || $replace_result == 1) {
if (!is_array($key_cols)) {
if (isset($array_items[$key_cols])) {
return str_replace("\"", "", $array_items[$key_cols]);
}
}
return 0;
} else {
return $syslog_cnn->Insert_ID();
}
}