/**
* Generate SQL from Group-Pattern
* @param string $pattern Pattern to generate SQL for
* @param string $search What to searchid for
* @return string
*/
function GenGroupSQL($pattern, $search = '')
{
$tmp = explode(" ", $pattern);
$tables = array();
foreach ($tmp as $opt) {
if (strstr($opt, '%') && strstr($opt, '.')) {
$tmpp = explode(".", $opt, 2);
$tmpp[0] = str_replace("%", "", $tmpp[0]);
$tables[] = mres(str_replace("(", "", $tmpp[0]));
$pattern = str_replace($opt, $tmpp[0] . '.' . $tmpp[1], $pattern);
}
}
$tables = array_keys(array_flip($tables));
$x = sizeof($tables);
$i = 0;
$join = "";
while ($i < $x) {
if (isset($tables[$i + 1])) {
$join .= $tables[$i] . ".device_id = " . $tables[$i + 1] . ".device_id && ";
}
$i++;
}
if (!empty($search)) {
$search .= " &&";
}
$sql = "SELECT DISTINCT(" . str_replace("(", "", $tables[0]) . ".device_id) FROM " . implode(",", $tables) . " WHERE " . $search . " (" . str_replace(array("%", "@", "!~", "~"), array("", "%", "NOT LIKE", "LIKE"), $pattern) . ")";
return $sql;
}
/**
* Generate SQL from Group-Pattern
* @param string $pattern Pattern to generate SQL for
* @param string $search What to searchid for
* @return string
*/
function GenGroupSQL($pattern, $search = '')
{
$pattern = RunGroupMacros($pattern);
if ($pattern === false) {
return false;
}
$tmp = explode(' ', $pattern);
$tables = array();
foreach ($tmp as $opt) {
if (strstr($opt, '%') && strstr($opt, '.')) {
$tmpp = explode('.', $opt, 2);
$tmpp[0] = str_replace('%', '', $tmpp[0]);
$tables[] = mres(str_replace('(', '', $tmpp[0]));
$pattern = str_replace($opt, $tmpp[0] . '.' . $tmpp[1], $pattern);
}
}
$tables = array_keys(array_flip($tables));
$x = sizeof($tables);
$i = 0;
$join = '';
while ($i < $x) {
if (isset($tables[$i + 1])) {
$join .= $tables[$i] . '.device_id = ' . $tables[$i + 1] . '.device_id && ';
}
$i++;
}
if (!empty($search)) {
$search .= ' &&';
}
$sql = 'SELECT DISTINCT(' . str_replace('(', '', $tables[0]) . '.device_id) FROM ' . implode(',', $tables) . ' WHERE ' . $search . ' (' . str_replace(array('%', '@', '!~', '~'), array('', '.*', 'NOT REGEXP', 'REGEXP'), $pattern) . ')';
return $sql;
}
function get_userid($username)
{
# FIXME should come from LDAP
$sql = "SELECT user_id FROM `users` WHERE `username`='" . mres($username) . "'";
$row = mysql_fetch_array(mysql_query($sql));
return $row['user_id'];
}
/**
* Generate SQL from Rule
* @param string $rule Rule to generate SQL for
* @return string
*/
function GenSQL($rule)
{
$tmp = explode(" ", $rule);
$tables = array();
foreach ($tmp as $opt) {
if (strstr($opt, '%') && strstr($opt, '.')) {
$tmpp = explode(".", $opt, 2);
$tmpp[0] = str_replace("%", "", $tmpp[0]);
$tables[] = mres(str_replace("(", "", $tmpp[0]));
$rule = str_replace($opt, $tmpp[0] . '.' . $tmpp[1], $rule);
}
}
$tables = array_unique($tables);
$x = sizeof($tables);
$i = 0;
$join = "";
while ($i < $x) {
if (isset($tables[$i + 1])) {
$join .= $tables[$i] . ".device_id = " . $tables[$i + 1] . ".device_id && ";
}
$i++;
}
$sql = "SELECT * FROM " . implode(",", $tables) . " WHERE (" . $join . "" . str_replace("(", "", $tables[0]) . ".device_id = ?) && (" . str_replace(array("%", "@", "!~", "~"), array("", "%", "NOT LIKE", "LIKE"), $rule) . ")";
return $sql;
}
function postbug($username, $body)
{
global $DB_HOST, $DB_USERNAME, $DB_PASSWORD, $DB_WEBSITE;
$connection = connect($DB_HOST, $DB_USERNAME, $DB_PASSWORD);
$date = date('Y-m-d H:i:s');
$sql = "INSERT INTO " . $DB_WEBSITE . ".`bugtracker` ( `body`, `autor`, `solved`, `date`, `so_date`) VALUES ( '" . mres($body) . "', '" . $username . "', 0, '" . $date . "', '" . $date . "')";
mysqli_query($connection, $sql);
}
/**
* Generate SQL from Rule
* @param string $rule Rule to generate SQL for
* @return string|boolean
*/
function GenSQL($rule)
{
$rule = htmlspecialchars_decode($rule);
$rule = RunMacros($rule);
if (empty($rule)) {
//Cannot resolve Macros due to recursion. Rule is invalid.
return false;
}
//Pretty-print rule to dissect easier
$pretty = array('*' => ' * ', '(' => ' ( ', ')' => ' ) ', '/' => ' / ', '&&' => ' && ', '||' => ' || ', 'DATE_SUB ( NOW ( )' => 'DATE_SUB( NOW()');
$rule = str_replace(array_keys($pretty), $pretty, $rule);
$tmp = explode(" ", $rule);
$tables = array();
foreach ($tmp as $opt) {
if (strstr($opt, '%') && strstr($opt, '.')) {
$tmpp = explode(".", $opt, 2);
$tmpp[0] = str_replace("%", "", $tmpp[0]);
$tables[] = mres(str_replace("(", "", $tmpp[0]));
$rule = str_replace($opt, $tmpp[0] . '.' . $tmpp[1], $rule);
}
}
$tables = array_keys(array_flip($tables));
if (dbFetchCell('SELECT 1 FROM information_schema.COLUMNS WHERE TABLE_NAME = ? && COLUMN_NAME = ?', array($tables[0], 'device_id')) != 1) {
//Our first table has no valid glue, append the 'devices' table to it!
array_unshift($tables, 'devices');
}
$x = sizeof($tables) - 1;
$i = 0;
$join = "";
while ($i < $x) {
if (isset($tables[$i + 1])) {
$gtmp = ResolveGlues(array($tables[$i + 1]), 'device_id');
if ($gtmp === false) {
//Cannot resolve glue-chain. Rule is invalid.
return false;
}
$last = "";
$qry = "";
foreach ($gtmp as $glue) {
if (empty($last)) {
list($tmp, $last) = explode('.', $glue);
$qry .= $glue . ' = ';
} else {
list($tmp, $new) = explode('.', $glue);
$qry .= $tmp . '.' . $last . ' && ' . $tmp . '.' . $new . ' = ';
$last = $new;
}
if (!in_array($tmp, $tables)) {
$tables[] = $tmp;
}
}
$join .= "( " . $qry . $tables[0] . ".device_id ) && ";
}
$i++;
}
$sql = "SELECT * FROM " . implode(",", $tables) . " WHERE (" . $join . "" . str_replace("(", "", $tables[0]) . ".device_id = ?) && (" . str_replace(array("%", "@", "!~", "~"), array("", ".*", "NOT REGEXP", "REGEXP"), $rule) . ")";
return $sql;
}
function discover_service($device, $service)
{
if (!dbFetchCell('SELECT COUNT(service_id) FROM `services` WHERE `service_type`= ? AND `device_id` = ?', array($service, $device['device_id']))) {
add_service($device, $service, "(Auto discovered) {$service}");
log_event('Autodiscovered service: type ' . mres($service), $device, 'service');
echo '+';
}
echo "{$service} ";
}
function mres($q)
{
if (is_array($q)) {
foreach ($q as $k => $v) {
$q[$k] = mres($v);
}
} elseif (is_string($q)) {
$q = mysql_real_escape_string($q);
}
return $q;
}
function authenticate($username, $password)
{
global $config;
if (isset($_SERVER['REMOTE_USER'])) {
$_SESSION['username'] = mres($_SERVER['REMOTE_USER']);
if (user_exists($_SESSION['username'])) {
return 1;
}
$_SESSION['username'] = $config['http_auth_guest'];
return 1;
}
return 0;
}
function authenticate($username, $password)
{
global $config;
if (isset($_SERVER['REMOTE_USER'])) {
$_SESSION['username'] = mres($_SERVER['REMOTE_USER']);
$row = @dbFetchRow("SELECT username FROM `users` WHERE `username`=?", array($_SESSION['username']));
if (isset($row['username']) && $row['username'] == $_SESSION['username']) {
return 1;
} else {
$_SESSION['username'] = $config['http_auth_guest'];
return 1;
}
}
return 0;
}
/**
* generic clean up from db_quoteStr() clone
*
* @param string $string
*
* @return string
*/
public static function db_sanitize($string = '')
{
function mres($string = '')
{
$search = array("\\", "", "\n", "\r", "'", '"', "");
$replace = array("\\\\", "\\0", "\\n", "\\r", "\\'", '\\"', "\\Z");
return str_replace($search, $replace, $string);
}
if (empty($string)) {
return '';
}
// remove only double empty single quotes
$string = (string) preg_replace("/[']{2}/", "'", $string);
$string = (string) str_replace("\\n", "\n", $string);
$string = (string) str_replace("\\r", "\r", $string);
$string = (string) str_replace("\\\\", "\\", $string);
$string = (string) mres($string);
return $string;
}
foreach (dbFetchRows('SELECT DISTINCT `program` FROM `syslog` ORDER BY `program`') as $data) {
echo '"<option value="' . mres($data['program']) . '"';
if ($data['program'] == $vars['program']) {
echo ' selected';
}
echo '>' . $data['program'] . '</option>';
}
?>
</select>
</div>
<div class="form-group">
<select name="priority" id="priority" class="form-control input-sm">
<option value="">All Priorities</option>
<?php
foreach (dbFetchRows('SELECT DISTINCT `priority` FROM `syslog` ORDER BY `level`') as $data) {
echo '"<option value="' . mres($data['priority']) . '"';
if ($data['priority'] == $vars['priority']) {
echo ' selected';
}
echo '>' . $data['priority'] . '</option>';
}
?>
</select>
</div>
<div class="form-group">
<input name="from" type="text" class="form-control input-sm" id="dtpickerfrom" maxlength="16" value="<?php
echo $vars['from'];
?>
" placeholder="From" data-date-format="YYYY-MM-DD HH:mm">
</div>
<div class="form-group">
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or (at your
* option) any later version. Please see LICENSE.txt at the top level of
* the source code distribution for details.
*/
header('Content-type: application/json');
if (is_admin() === false) {
$response = array('status' => 'error', 'message' => 'Need to be admin');
echo _json_encode($response);
exit;
}
$status = 'error';
$message = 'Error updating storage information';
$device_id = mres($_POST['device_id']);
$storage_id = mres($_POST['storage_id']);
$data = mres($_POST['data']);
if (!is_numeric($device_id)) {
$message = 'Missing device id';
} elseif (!is_numeric($storage_id)) {
$message = 'Missing storage id';
} elseif (!is_numeric($data)) {
$message = 'Missing value';
} else {
if (dbUpdate(array('storage_perc_warn' => $data), 'storage', '`storage_id`=? AND `device_id`=?', array($storage_id, $device_id))) {
$message = 'Storage information updated';
$status = 'ok';
} else {
$message = 'Could not update storage information';
}
}
$response = array('status' => $status, 'message' => $message, 'extra' => $extra);
<?php
/*
* LibreNMS
*
* Copyright (c) 2015 Søren Friis Rosiak <*****@*****.**>
* This program is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or (at your
* option) any later version. Please see LICENSE.txt at the top level of
* the source code distribution for details.
*/
header('Content-type: application/json');
$status = 'error';
$message = 'unknown error';
$device_id = mres($_POST['device_id']);
$port_id_notes = mres($_POST['port_id_notes']);
$attrib_value = $_POST['notes'];
if (isset($attrib_value) && set_dev_attrib(array('device_id' => $device_id), $port_id_notes, $attrib_value)) {
$status = 'ok';
$message = 'Updated';
} else {
$status = 'error';
$message = 'ERROR: Could not update';
}
die(json_encode(array('status' => $status, 'message' => $message, 'attrib_type' => $port_id_notes, 'attrib_value' => $attrib_value, 'device_id' => $device_id)));
echo _json_encode($response);
exit;
}
$action = mres($_POST['action']);
$config_group = mres($_POST['config_group']);
$config_sub_group = mres($_POST['config_sub_group']);
$config_name = mres($_POST['config_name']);
$config_value = mres($_POST['config_value']);
$config_extra = mres($_POST['config_extra']);
$config_room_id = mres($_POST['config_room_id']);
$config_from = mres($_POST['config_from']);
$config_userkey = mres($_POST['config_userkey']);
$status = 'error';
$message = 'Error with config';
if ($action == 'remove' || $action == 'remove-slack' || $action == 'remove-hipchat' || $action == 'remove-pushover' || $action == 'remove-boxcar') {
$config_id = mres($_POST['config_id']);
if (empty($config_id)) {
$message = 'No config id passed';
} else {
if (dbDelete('config', '`config_id`=?', array($config_id))) {
if ($action == 'remove-slack') {
dbDelete('config', "`config_name` LIKE 'alert.transports.slack.{$config_id}.%'");
} else {
if ($action == 'remove-hipchat') {
dbDelete('config', "`config_name` LIKE 'alert.transports.hipchat.{$config_id}.%'");
} else {
if ($action == 'remove-pushover') {
dbDelete('config', "`config_name` LIKE 'alert.transports.pushover.{$config_id}.%'");
} elseif ($action == 'remove-boxcar') {
dbDelete('config', "`config_name` LIKE 'alert.transports.boxcar.{$config_id}.%'");
}
function generate_device_link($device, $text = null, $vars = array(), $start = 0, $end = 0, $escape_text = 1, $overlib = 1)
{
global $config;
if (!$start) {
$start = $config['time']['day'];
}
if (!$end) {
$end = $config['time']['now'];
}
$class = devclass($device);
if (!$text) {
$text = $device['hostname'];
}
if (isset($config['os'][$device['os']]['over'])) {
$graphs = $config['os'][$device['os']]['over'];
} else {
if (isset($device['os_group']) && isset($config['os'][$device['os_group']]['over'])) {
$graphs = $config['os'][$device['os_group']]['over'];
} else {
$graphs = $config['os']['default']['over'];
}
}
$url = generate_device_url($device, $vars);
// beginning of overlib box contains large hostname followed by hardware & OS details
$contents = '<div><span class="list-large">' . $device['hostname'] . '</span>';
if ($device['hardware']) {
$contents .= ' - ' . $device['hardware'];
}
if ($device['os']) {
$contents .= ' - ' . mres($config['os'][$device['os']]['text']);
}
if ($device['version']) {
$contents .= ' ' . mres($device['version']);
}
if ($device['features']) {
$contents .= ' (' . mres($device['features']) . ')';
}
if (isset($device['location'])) {
$contents .= ' - ' . htmlentities($device['location']);
}
$contents .= '</div>';
foreach ($graphs as $entry) {
$graph = $entry['graph'];
$graphhead = $entry['text'];
$contents .= '<div class="overlib-box">';
$contents .= '<span class="overlib-title">' . $graphhead . '</span><br />';
$contents .= generate_minigraph_image($device, $start, $end, $graph);
$contents .= generate_minigraph_image($device, $config['time']['week'], $end, $graph);
$contents .= '</div>';
}
if ($escape_text) {
$text = htmlentities($text);
}
if ($overlib == 0) {
$link = $contents;
} else {
$link = overlib_link($url, $text, escape_quotes($contents), $class);
}
if (device_permitted($device['device_id'])) {
return $link;
} else {
return $device['hostname'];
}
}
function dbBulkInsert($data, $table)
{
global $db_stats;
// the following block swaps the parameters if they were given in the wrong order.
// it allows the method to work for those that would rather it (or expect it to)
// follow closer with SQL convention:
// insert into the TABLE this DATA
if (is_string($data) && is_array($table)) {
$tmp = $data;
$data = $table;
$table = $tmp;
}
if (count($data) === 0) {
return false;
}
if (count($data[0]) === 0) {
return false;
}
$sql = 'INSERT INTO `' . $table . '` (`' . implode('`,`', array_keys($data[0])) . '`) VALUES ';
$values = '';
foreach ($data as $row) {
if ($values != '') {
$values .= ',';
}
$rowvalues = '';
foreach ($row as $key => $value) {
if ($rowvalues != '') {
$rowvalues .= ',';
}
$rowvalues .= "'" . mres($value) . "'";
}
$values .= "(" . $rowvalues . ")";
}
$time_start = microtime(true);
$result = dbQuery($sql . $values);
// logfile($fullSql);
$time_end = microtime(true);
$db_stats['insert_sec'] += number_format($time_end - $time_start, 8);
$db_stats['insert']++;
return $result;
}
<?php
if ($_POST['editing']) {
if ($_SESSION['userlevel'] > '7') {
$community = mres($_POST['community']);
$snmpver = mres($_POST['snmpver']);
$transport = $_POST['transport'] ? mres($_POST['transport']) : ($transport = 'udp');
$port = $_POST['port'] ? mres($_POST['port']) : $config['snmp']['port'];
$timeout = mres($_POST['timeout']);
$retries = mres($_POST['retries']);
$poller_group = mres($_POST['poller_group']);
$port_assoc_mode = mres($_POST['port_assoc_mode']);
$max_repeaters = mres($_POST['max_repeaters']);
$v3 = array('authlevel' => mres($_POST['authlevel']), 'authname' => mres($_POST['authname']), 'authpass' => mres($_POST['authpass']), 'authalgo' => mres($_POST['authalgo']), 'cryptopass' => mres($_POST['cryptopass']), 'cryptoalgo' => mres($_POST['cryptoalgo']));
// FIXME needs better feedback
$update = array('community' => $community, 'snmpver' => $snmpver, 'port' => $port, 'transport' => $transport, 'poller_group' => $poller_group, 'port_association_mode' => $port_assoc_mode);
if ($_POST['timeout']) {
$update['timeout'] = $timeout;
} else {
$update['timeout'] = array('NULL');
}
if ($_POST['retries']) {
$update['retries'] = $retries;
} else {
$update['retries'] = array('NULL');
}
$update = array_merge($update, $v3);
$device_tmp = deviceArray($device['hostname'], $community, $snmpver, $port, $transport, $v3, $port_assoc_mode);
if (isSNMPable($device_tmp)) {
$rows_updated = dbUpdate($update, 'devices', '`device_id` = ?', array($device['device_id']));
$max_repeaters_set = false;
*
* This program is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or (at your
* option) any later version. Please see LICENSE.txt at the top level of
* the source code distribution for details.
*/
require_once '../includes/defaults.inc.php';
set_debug($_REQUEST['debug']);
require_once '../config.php';
require_once '../includes/definitions.inc.php';
require_once 'includes/functions.inc.php';
require_once '../includes/functions.php';
require_once 'includes/authenticate.inc.php';
if (!$_SESSION['authenticated']) {
echo 'unauthenticated';
exit;
}
$type = mres($_POST['type']);
if ($type == 'placeholder') {
$output = 'Please add a Widget to get started';
$status = 'ok';
} elseif (is_file('includes/common/' . $type . '.inc.php')) {
$results_limit = 10;
$no_form = true;
include 'includes/common/' . $type . '.inc.php';
$output = implode('', $common_output);
$status = 'ok';
}
$response = array('status' => $status, 'html' => $output);
echo _json_encode($response);
}
}
if (is_numeric($from)) {
if ($to - $from <= 172800) {
$graph_max = 0;
}
// Do not graph MAX areas for intervals less then 48 hours
} elseif (preg_match('/\\d(d(ay)?s?|h(our)?s?)$/', $from)) {
$graph_max = 0;
// Also for RRD style from (6h, 2day)
}
$rrd_options .= ' --start ' . $from . ' --end ' . $to . ' --width ' . $width . ' --height ' . $height . ' ';
$rrd_options .= $config['rrdgraph_def_text'];
# FIXME mres? that's not for fixing commandline injection... we don't pass this on commandline, luckily... :-)
if ($vars['bg']) {
$rrd_options .= ' -c CANVAS#' . mres($vars['bg']) . ' ';
}
#$rrd_options .= ' -c BACK#FFFFFF';
if ($height < '99' && $vars['draw_all'] != 'yes') {
$rrd_options .= ' --only-graph';
}
if ($width <= '350') {
$rrd_options .= " --font LEGEND:7:'" . $config['mono_font'] . "' --font AXIS:6:'" . $config['mono_font'] . "'";
} else {
$rrd_options .= " --font LEGEND:8:'" . $config['mono_font'] . "' --font AXIS:7:'" . $config['mono_font'] . "'";
}
//$rrd_options .= ' --font-render-mode normal --dynamic-labels'; // dynamic-labels not supported in rrdtool < 1.4
$rrd_options .= ' --font-render-mode normal';
if ($step != TRUE) {
$rrd_options .= ' -E';
}
?>
</div>
</div>
</div>
</nav>
<?php
}
if (dbFetchCell("SELECT COUNT(`device_id`) FROM `devices` WHERE `last_polled` <= DATE_ADD(NOW(), INTERVAL - 15 minute) AND `ignore` = 0 AND `disabled` = 0 AND status = 1", array()) > 0) {
$msg_box[] = array('type' => 'warning', 'message' => "<a href=\"poll-log/filter=unpolled/\">It appears as though you have some devices that haven't completed polling within the last 15 minutes, you may want to check that out :)</a>", 'title' => 'Devices unpolled');
}
if (is_array($msg_box)) {
echo "<script>\n toastr.options.timeout = 10;\n toastr.options.extendedTimeOut = 20;\n ";
foreach ($msg_box as $message) {
$message['type'] = mres($message['type']);
$message['message'] = mres($message['message']);
$message['title'] = mres($message['title']);
echo "toastr." . $message['type'] . "('" . $message['message'] . "','" . $message['title'] . "');\n";
}
echo "</script>";
}
if (is_array($sql_debug) && is_array($php_debug) && $_SESSION['authenticated'] === true) {
require_once "includes/print-debug.php";
}
if ($no_refresh !== true && $config['page_refresh'] != 0) {
$refresh = $config['page_refresh'] * 1000;
echo '<script type="text/javascript">
$(document).ready(function() {
$("#countdown_timer_status").html("<i class=\\"fa fa-pause fa-fw\\"></i> Pause");
var Countdown = {
sec: ' . $config['page_refresh'] . ',
#!/usr/bin/env php
<?php
require 'includes/defaults.inc.php';
require 'config.php';
require 'includes/definitions.inc.php';
require 'includes/functions.php';
rrdtool_pipe_open($rrd_process, $rrd_pipes);
$options = getopt('h:p:');
$hosts = str_replace('*', '%', mres($options['h']));
$ports = str_replace('*', '%', mres($options['p']));
if (empty($hosts) && empty($ports)) {
echo "-h <device hostname wildcard> Device(s) to match\n";
echo "-p <ifName widcard> Port(s) to match using ifName\n";
echo "\n";
}
foreach (dbFetchRows("SELECT `device_id`,`hostname` FROM `devices` WHERE `hostname` LIKE ?", array('%' . $hosts . '%')) as $device) {
echo "Found hostname " . $device['hostname'] . ".......\n";
foreach (dbFetchRows("SELECT `port_id`,`ifIndex`,`ifName`,`ifSpeed` FROM `ports` WHERE `ifName` LIKE ? AND `device_id` = ?", array('%' . $ports . '%', $device['device_id'])) as $port) {
echo "Tuning port " . $port['ifName'] . ".......\n";
$rrdfile = get_port_rrdfile_path($device['hostname'], $port['port_id']);
rrdtool_tune('port', $rrdfile, $port['ifSpeed']);
}
}
function list_bills()
{
global $config;
$app = \Slim\Slim::getInstance();
$router = $app->router()->getCurrentRoute()->getParams();
$status = 'ok';
$err_msg = '';
$message = '';
$code = 200;
$bills = array();
$bill_id = mres($router['bill_id']);
$bill_ref = mres($_GET['ref']);
$bill_custid = mres($_GET['custid']);
if (!empty($bill_custid)) {
$sql = '`bill_custid` = ?';
$param = array($bill_custid);
} elseif (!empty($bill_ref)) {
$sql = '`bill_ref` = ?';
$param = array($bill_ref);
} elseif (is_numeric($bill_id)) {
$sql = '`bill_id` = ?';
$param = array($bill_id);
} else {
$sql = '';
$param = array();
}
if (count($param) >= 1) {
$sql = "WHERE {$sql}";
}
foreach (dbFetchRows("SELECT `bills`.*,COUNT(port_id) AS `ports_total` FROM `bills` LEFT JOIN `bill_ports` ON `bill_ports`.`bill_id`=`bills`.`bill_id` {$sql} GROUP BY `bill_name`,`bill_ref` ORDER BY `bill_name`", $param) as $bill) {
$rate_data = $bill;
$allowed = '';
$used = '';
$percent = '';
$overuse = '';
if ($bill['bill_type'] == "cdr") {
$allowed = format_si($bill['bill_cdr']) . "bps";
$used = format_si($rate_data['rate_95th']) . "bps";
$percent = round($rate_data['rate_95th'] / $bill['bill_cdr'] * 100, 2);
$overuse = $rate_data['rate_95th'] - $bill['bill_cdr'];
$overuse = $overuse <= 0 ? "-" : format_si($overuse);
} elseif ($bill['bill_type'] == "quota") {
$allowed = format_bytes_billing($bill['bill_quota']);
$used = format_bytes_billing($rate_data['total_data']);
$percent = round($rate_data['total_data'] / $bill['bill_quota'] * 100, 2);
$overuse = $rate_data['total_data'] - $bill['bill_quota'];
$overuse = $overuse <= 0 ? "-" : format_bytes_billing($overuse);
}
$bill['allowed'] = $allowed;
$bill['used'] = $used;
$bill['percent'] = $percent;
$bill['overuse'] = $overuse;
$bills[] = $bill;
}
$count = count($bills);
$output = array('status' => $status, 'message' => $message, 'err-msg' => $err_msg, 'count' => $count, 'bills' => $bills);
$app->response->setStatus($code);
$app->response->headers->set('Content-Type', 'application/json');
echo _json_encode($output);
}
<?php
if ($_POST['editing']) {
if ($_SESSION['userlevel'] > "7") {
$updated = 0;
$override_sysLocation_bool = mres($_POST['override_sysLocation']);
if (isset($_POST['sysLocation'])) {
$override_sysLocation_string = mres($_POST['sysLocation']);
}
if ($device['override_sysLocation'] != $override_sysLocation_bool || $device['location'] != $override_sysLocation_string) {
$updated = 1;
}
if ($override_sysLocation_bool) {
$override_sysLocation = 1;
} else {
$override_sysLocation = 0;
}
dbUpdate(array('override_sysLocation' => $override_sysLocation), 'devices', '`device_id`=?', array($device['device_id']));
if (isset($override_sysLocation_string)) {
dbUpdate(array('location' => $override_sysLocation_string), 'devices', '`device_id`=?', array($device['device_id']));
}
#FIXME needs more sanity checking! and better feedback
$param = array('purpose' => $_POST['descr'], 'type' => $_POST['type'], 'ignore' => $_POST['ignore'], 'disabled' => $_POST['disabled']);
$rows_updated = dbUpdate($param, 'devices', '`device_id` = ?', array($device['device_id']));
if ($rows_updated > 0 || $updated) {
$update_message = "Device record updated.";
$updated = 1;
$device = dbFetchRow("SELECT * FROM `devices` WHERE `device_id` = ?", array($device['device_id']));
} elseif ($rows_updated = '-1') {
$update_message = "Device record unchanged. No update necessary.";
$updated = -1;
<?php
if ($_POST['editing']) {
if ($_SESSION['userlevel'] > '7') {
$ipmi_hostname = mres($_POST['ipmi_hostname']);
$ipmi_username = mres($_POST['ipmi_username']);
$ipmi_password = mres($_POST['ipmi_password']);
if ($ipmi_hostname != '') {
set_dev_attrib($device, 'ipmi_hostname', $ipmi_hostname);
} else {
del_dev_attrib($device, 'ipmi_hostname');
}
if ($ipmi_username != '') {
set_dev_attrib($device, 'ipmi_username', $ipmi_username);
} else {
del_dev_attrib($device, 'ipmi_username');
}
if ($ipmi_password != '') {
set_dev_attrib($device, 'ipmi_password', $ipmi_password);
} else {
del_dev_attrib($device, 'ipmi_password');
}
$update_message = 'Device IPMI data updated.';
$updated = 1;
} else {
include 'includes/error-no-perm.inc.php';
}
//end if
}
//end if
if ($updated && $update_message) {
if (empty($_POST['config_value'])) {
$db_inserts = 0;
}
if ($config_type == 'slack') {
dbDelete('config', "(`config_name` LIKE 'alert.transports.slack.{$config_id}.%' AND `config_name` != 'alert.transports.slack.{$config_id}.url' AND `config_id` NOT IN ({$db_inserts}))");
} else {
if ($config_type == 'hipchat') {
dbDelete('config', "(`config_name` LIKE 'alert.transports.hipchat.{$config_id}.%' AND (`config_name` != 'alert.transports.hipchat.{$config_id}.url' AND `config_name` != 'alert.transports.hipchat.{$config_id}.room_id' AND `config_name` != 'alert.transports.hipchat.{$config_id}.from') AND `config_id` NOT IN ({$db_inserts}))");
} else {
if ($config_type == 'pushover') {
dbDelete('config', "(`config_name` LIKE 'alert.transports.pushover.{$config_id}.%' AND (`config_name` != 'alert.transports.pushover.{$config_id}.appkey' AND `config_name` != 'alert.transports.pushover.{$config_id}.userkey') AND `config_id` NOT IN ({$db_inserts}))");
}
}
}
}
$message = 'Config item has been updated:';
$status = 'ok';
} else {
$state = mres($_POST['config_value']);
$update = dbUpdate(array('config_value' => $state), 'config', '`config_id`=?', array($config_id));
if (!empty($update) || $update == '0') {
$message = 'Alert rule has been updated.';
$status = 'ok';
} else {
$message = 'ERROR: Alert rule has not been updated.';
}
}
}
//end if
$response = array('status' => $status, 'message' => $message);
echo _json_encode($response);
require_once 'includes/functions.inc.php';
require_once '../includes/functions.php';
require_once 'includes/authenticate.inc.php';
if (!$_SESSION['authenticated']) {
echo 'unauthenticated';
exit;
}
$type = mres($_POST['type']);
if ($type == 'placeholder') {
$output = "<span style='text-align:left;'><br><h3>Click on the Edit Dashboard button (next to the list of dashboards) to add widgets</h3><br><h4><strong>Remember:</strong> You can only move & resize widgets when you're in <strong>Edit Mode</strong>.</h4><span>";
$status = 'ok';
$title = 'Placeholder';
} elseif (is_file('includes/common/' . $type . '.inc.php')) {
$results_limit = 10;
$no_form = true;
$title = ucfirst($type);
$unique_id = str_replace(array("-", "."), "_", uniqid($type, true));
$widget_id = mres($_POST['id']);
$widget_settings = json_decode(dbFetchCell('select settings from users_widgets where user_widget_id = ?', array($widget_id)), true);
$widget_dimensions = $_POST['dimensions'];
if (!empty($_POST['settings'])) {
define('show_settings', true);
}
include 'includes/common/' . $type . '.inc.php';
$output = implode('', $common_output);
$status = 'ok';
$title = $widget_settings['title'] ?: $title;
}
$response = array('status' => $status, 'html' => $output, 'title' => $title);
header('Content-type: application/json');
echo _json_encode($response);
function update_device()
{
global $config;
$app = \Slim\Slim::getInstance();
$router = $app->router()->getCurrentRoute()->getParams();
$status = 'error';
$code = 500;
$hostname = $router['hostname'];
// use hostname as device_id if it's all digits
$device_id = ctype_digit($hostname) ? $hostname : getidbyname($hostname);
$data = json_decode(file_get_contents('php://input'), true);
$bad_fields = array('id', 'hostname');
if (empty($data['field'])) {
$message = 'Device field to patch has not been supplied';
} elseif (in_array($data['field'], $bad_fields)) {
$message = 'Device field is not allowed to be updated';
} else {
if (dbUpdate(array(mres($data['field']) => mres($data['data'])), 'devices', '`device_id`=?', array($device_id)) >= 0) {
$status = 'ok';
$message = 'Device ' . mres($data['field']) . ' field has been updated';
$code = 200;
} else {
$message = 'Device ' . mres($data['field']) . ' field failed to be updated';
}
}
$output = array('status' => $status, 'message' => $message);
$app->response->setStatus($code);
$app->response->headers->set('Content-Type', 'application/json');
echo _json_encode($output);
}
$options['i'] = "2";
} elseif ($options['h'] == "even") {
$options['n'] = "0";
$options['i'] = "2";
} elseif ($options['h'] == "all") {
$where = " ";
$doing = "all";
} elseif ($options['h'] == "new") {
$where = "AND `last_discovered` IS NULL";
$doing = "new";
} elseif ($options['h']) {
if (is_numeric($options['h'])) {
$where = "AND `device_id` = '" . $options['h'] . "'";
$doing = $options['h'];
} else {
$where = "AND `hostname` LIKE '" . str_replace('*', '%', mres($options['h'])) . "'";
$doing = $options['h'];
}
}
}
if (isset($options['i']) && $options['i'] && isset($options['n'])) {
$where = "AND MOD(device_id," . $options['i'] . ") = '" . $options['n'] . "'";
$doing = $options['n'] . "/" . $options['i'];
}
if (isset($options['d'])) {
echo "DEBUG!\n";
$debug = TRUE;
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
ini_set('log_errors', 1);
ini_set('error_reporting', 1);
* Copyright (c) 2014 Neil Lathwood <https://github.com/laf/ http://www.lathwood.co.uk/fa>
*
* This program is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or (at your
* option) any later version. Please see LICENSE.txt at the top level of
* the source code distribution for details.
*/
if (is_admin() === false) {
die('ERROR: You need to be admin');
}
require_once '../includes/device-groups.inc.php';
$pattern = $_POST['patterns'];
$group_id = $_POST['group_id'];
$name = mres($_POST['name']);
$desc = mres($_POST['desc']);
if (is_array($pattern)) {
$pattern = implode(' ', $pattern);
} elseif (!empty($_POST['pattern']) && !empty($_POST['condition']) && !empty($_POST['value'])) {
$pattern = '%' . $_POST['pattern'] . ' ' . $_POST['condition'] . ' ';
if (is_numeric($_POST['value'])) {
$pattern .= $_POST['value'];
} else {
$pattern .= '"' . $_POST['value'] . '"';
}
}
if (empty($pattern)) {
$update_message = 'ERROR: No group was generated';
} elseif (is_numeric($group_id) && $group_id > 0) {
if (EditDeviceGroup($group_id, $name, $desc, $pattern)) {
$update_message = "Edited Group: <i>{$name}: {$pattern}</i>";
