PHP add_audit_details Examples

Example #1

File: CMaintenance.php Project: jbfavre/debian-zabbix

 /**
  * Delete Maintenances.
  *
  * @param array $maintenanceids
  *
  * @return array
  */
 public function delete(array $maintenanceids)
 {
     if (self::$userData['type'] == USER_TYPE_ZABBIX_USER) {
         self::exception(ZBX_API_ERROR_PERMISSIONS, _('You do not have permission to perform this operation.'));
     }
     $options = ['output' => ['maintenanceid', 'name'], 'maintenanceids' => $maintenanceids, 'editable' => true, 'preservekeys' => true];
     $maintenances = $this->get($options);
     foreach ($maintenanceids as $maintenanceid) {
         if (!isset($maintenances[$maintenanceid])) {
             self::exception(ZBX_API_ERROR_PERMISSIONS, _('You do not have permission to perform this operation.'));
         }
     }
     $timeperiodids = [];
     $dbTimeperiods = DBselect('SELECT DISTINCT tp.timeperiodid' . ' FROM timeperiods tp,maintenances_windows mw' . ' WHERE ' . dbConditionInt('mw.maintenanceid', $maintenanceids) . ' AND tp.timeperiodid=mw.timeperiodid');
     while ($timeperiod = DBfetch($dbTimeperiods)) {
         $timeperiodids[] = $timeperiod['timeperiodid'];
     }
     $midCond = ['maintenanceid' => $maintenanceids];
     // remove maintenanceid from hosts table
     $options = ['real_hosts' => true, 'output' => ['hostid'], 'filter' => ['maintenanceid' => $maintenanceids]];
     $hosts = API::Host()->get($options);
     if (!empty($hosts)) {
         DB::update('hosts', ['values' => ['maintenanceid' => 0], 'where' => ['hostid' => zbx_objectValues($hosts, 'hostid')]]);
     }
     DB::delete('timeperiods', ['timeperiodid' => $timeperiodids]);
     DB::delete('maintenances_windows', $midCond);
     DB::delete('maintenances_hosts', $midCond);
     DB::delete('maintenances_groups', $midCond);
     DB::delete('maintenances', $midCond);
     foreach ($maintenances as $maintenanceid => $maintenance) {
         add_audit_details(AUDIT_ACTION_DELETE, AUDIT_RESOURCE_MAINTENANCE, $maintenanceid, $maintenance['name'], null);
     }
     return ['maintenanceids' => $maintenanceids];
 }

Example #2

File: screenedit.php Project: SandipSingh14/Zabbix_

        $rmv_row = get_request('rmv_row', 0);
        DBexecute('UPDATE screens SET vsize=(vsize-1) WHERE screenid=' . zbx_dbstr($screen['screenid']));
        DBexecute('DELETE FROM screens_items WHERE screenid=' . zbx_dbstr($screen['screenid']) . ' AND y=' . zbx_dbstr($rmv_row));
        DBexecute('UPDATE screens_items SET y=(y-1) WHERE screenid=' . zbx_dbstr($screen['screenid']) . ' AND y>' . zbx_dbstr($rmv_row));
        add_audit_details(AUDIT_ACTION_UPDATE, AUDIT_RESOURCE_SCREEN, $screen['screenid'], $screen['name'], 'Row deleted');
    } else {
        error(_('Screen should contain at least one row and column.'));
        show_error_message(_('Impossible to remove last row and column.'));
    }
} elseif (isset($_REQUEST['rmv_col'])) {
    if ($screen['hsize'] > 1) {
        $rmv_col = get_request('rmv_col', 0);
        DBexecute('UPDATE screens SET hsize=(hsize-1) WHERE screenid=' . zbx_dbstr($screen['screenid']));
        DBexecute('DELETE FROM screens_items WHERE screenid=' . zbx_dbstr($screen['screenid']) . ' AND x=' . zbx_dbstr($rmv_col));
        DBexecute('UPDATE screens_items SET x=(x-1) WHERE screenid=' . zbx_dbstr($screen['screenid']) . ' AND x>' . zbx_dbstr($rmv_col));
        add_audit_details(AUDIT_ACTION_UPDATE, AUDIT_RESOURCE_SCREEN, $screen['screenid'], $screen['name'], 'Column deleted');
    } else {
        error(_('Screen should contain at least one row and column.'));
        show_error_message(_('Impossible to remove last row and column.'));
    }
}
/*
 * Display
 */
$data = array('screenid' => get_request('screenid', 0));
// getting updated screen, so we wont have to refresh the page to see changes
$data['screen'] = API::Screen()->get($options);
if (empty($data['screen'])) {
    $data['screen'] = API::TemplateScreen()->get($options);
    if (empty($data['screen'])) {
        access_deny();

Example #3

File: screenconf.php Project: itnihao/Zabbix_

        $screenids[] = $_REQUEST['screenid'];
    }
    $screens = API::Screen()->get(array('screenids' => $screenids, 'output' => API_OUTPUT_EXTEND, 'editable' => true));
    if (!empty($screens)) {
        $goResult = API::Screen()->delete($screenids);
        if ($goResult) {
            foreach ($screens as $screen) {
                add_audit_details(AUDIT_ACTION_DELETE, AUDIT_RESOURCE_SCREEN, $screen['screenid'], $screen['name']);
            }
        }
    } else {
        $goResult = API::TemplateScreen()->delete($screenids);
        if ($goResult) {
            $templatedScreens = API::TemplateScreen()->get(array('screenids' => $screenids, 'output' => API_OUTPUT_EXTEND, 'editable' => true));
            foreach ($templatedScreens as $screen) {
                add_audit_details(AUDIT_ACTION_DELETE, AUDIT_RESOURCE_SCREEN, $screen['screenid'], $screen['name']);
            }
        }
    }
    if ($goResult) {
        unset($_REQUEST['screenid'], $_REQUEST['form']);
    }
    show_messages($goResult, _('Screen deleted'), _('Cannot delete screen'));
    clearCookies($goResult);
}
/*
 * Display
 */
if (isset($_REQUEST['form'])) {
    $data = array('form' => get_request('form', null), 'screenid' => get_request('screenid', null), 'templateid' => get_request('templateid', null));
    // screen

Example #4

File: index.php Project: jbfavre/debian-zabbix

**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
**/
require_once dirname(__FILE__) . '/include/config.inc.php';
require_once dirname(__FILE__) . '/include/forms.inc.php';
$page['title'] = _('ZABBIX');
$page['file'] = 'index.php';
// VAR	TYPE	OPTIONAL	FLAGS	VALIDATION	EXCEPTION
$fields = ['name' => [T_ZBX_STR, O_NO, null, null, 'isset({enter})', _('Username')], 'password' => [T_ZBX_STR, O_OPT, null, null, 'isset({enter})'], 'sessionid' => [T_ZBX_STR, O_OPT, null, null, null], 'reconnect' => [T_ZBX_INT, O_OPT, P_SYS | P_ACT, BETWEEN(0, 65535), null], 'enter' => [T_ZBX_STR, O_OPT, P_SYS, null, null], 'autologin' => [T_ZBX_INT, O_OPT, null, null, null], 'request' => [T_ZBX_STR, O_OPT, null, null, null]];
check_fields($fields);
// logout
if (isset($_REQUEST['reconnect'])) {
    DBstart();
    add_audit_details(AUDIT_ACTION_LOGOUT, AUDIT_RESOURCE_USER, CWebUser::$data['userid'], '', _('Manual Logout'), CWebUser::$data['userid']);
    DBend(true);
    CWebUser::logout();
    redirect('index.php');
}
$config = select_config();
if ($config['authentication_type'] == ZBX_AUTH_HTTP) {
    if (!empty($_SERVER['PHP_AUTH_USER'])) {
        $_REQUEST['enter'] = _('Sign in');
        $_REQUEST['name'] = $_SERVER['PHP_AUTH_USER'];
    } else {
        access_deny(ACCESS_DENY_PAGE);
    }
}
// login via form
if (isset($_REQUEST['enter']) && $_REQUEST['enter'] == _('Sign in')) {

Example #5

File: screenedit.php Project: jbfavre/debian-zabbix

        $screenItem['y'] = getRequest('y');
        $result = API::ScreenItem()->create($screenItem);
    }
    if ($result) {
        add_audit_details(AUDIT_ACTION_UPDATE, AUDIT_RESOURCE_SCREEN, $screen['screenid'], $screen['name'], 'Cell changed ' . (hasRequest('screenitemid') ? 'screen itemid "' . getRequest('screenitemid') . '"' : '') . (hasRequest('x') && hasRequest('y') ? ' coordinates "' . getRequest('x') . ',' . getRequest('y') . '"' : '') . (hasRequest('resourcetype') ? ' resource type "' . getRequest('resourcetype') . '"' : ''));
        unset($_REQUEST['form']);
    }
    $result = DBend($result);
    show_messages($result, _('Screen updated'), _('Cannot update screen'));
} elseif (hasRequest('delete')) {
    DBstart();
    $screenitemid = API::ScreenItem()->delete([getRequest('screenitemid')]);
    if ($screenitemid) {
        $screenitemid = reset($screenitemid);
        $screenitemid = reset($screenitemid);
        add_audit_details(AUDIT_ACTION_DELETE, AUDIT_RESOURCE_SCREEN, $screen['screenid'], $screen['name'], 'Screen itemid "' . $screenitemid . '"');
    }
    unset($_REQUEST['x']);
    $result = DBend($screenitemid);
    show_messages($result, _('Screen updated'), _('Cannot update screen'));
} elseif (hasRequest('add_row')) {
    addScreenRow($screen, getRequest('add_row'));
} elseif (hasRequest('add_col')) {
    addScreenColumn($screen, getRequest('add_col'));
} elseif (hasRequest('rmv_row')) {
    delScreenRow($screen, getRequest('rmv_row'));
} elseif (hasRequest('rmv_col')) {
    delScreenColumn($screen, getRequest('rmv_col'));
}
show_messages();
/*

Example #6

File: CUserGroup.php Project: jbfavre/debian-zabbix

 /**
  * Disable actions.
  *
  * @param array $actionids
  */
 protected function disableActions(array $actionids)
 {
     $update = ['values' => ['status' => ACTION_STATUS_DISABLED], 'where' => ['actionid' => $actionids]];
     DB::update('actions', $update);
     foreach ($actionids as $actionid) {
         add_audit_details(AUDIT_ACTION_DISABLE, AUDIT_RESOURCE_ACTION, $actionid, '', _('Action disabled due to deletion of user group.'), null);
     }
 }

Example #7

File: CUser.php Project: omidmt/zabbix-greenplum

 /**
  * Login user.
  *
  * @param array $user
  * @param array $user['user']		User alias
  * @param array $user['password']	User password
  *
  * @return string					session id
  */
 public function login($user)
 {
     $name = $user['user'];
     $password = md5($user['password']);
     $userInfo = DBfetch(DBselect('SELECT u.userid,u.attempt_failed,u.attempt_clock,u.attempt_ip' . ' FROM users u' . ' WHERE u.alias=' . zbx_dbstr($name)));
     if (!$userInfo) {
         self::exception(ZBX_API_ERROR_PARAMETERS, _('Login name or password is incorrect.'));
     }
     // check if user is blocked
     if ($userInfo['attempt_failed'] >= ZBX_LOGIN_ATTEMPTS) {
         if (time() - $userInfo['attempt_clock'] < ZBX_LOGIN_BLOCK) {
             self::exception(ZBX_API_ERROR_PARAMETERS, _s('Account is blocked for %s seconds', ZBX_LOGIN_BLOCK - (time() - $userInfo['attempt_clock'])));
         }
         DBexecute('UPDATE users SET attempt_clock=' . time() . ' WHERE alias=' . zbx_dbstr($name));
     }
     // check system permissions
     if (!check_perm2system($userInfo['userid'])) {
         self::exception(ZBX_API_ERROR_PARAMETERS, _('No permissions for system access.'));
     }
     $dbAccess = DBfetch(DBselect('SELECT MAX(g.gui_access) AS gui_access' . ' FROM usrgrp g,users_groups ug' . ' WHERE ug.userid=' . zbx_dbstr($userInfo['userid']) . ' AND g.usrgrpid=ug.usrgrpid'));
     if (zbx_empty($dbAccess['gui_access'])) {
         $guiAccess = GROUP_GUI_ACCESS_SYSTEM;
     } else {
         $guiAccess = $dbAccess['gui_access'];
     }
     $config = select_config();
     $authType = $config['authentication_type'];
     switch ($guiAccess) {
         case GROUP_GUI_ACCESS_INTERNAL:
             $authType = $authType == ZBX_AUTH_HTTP ? ZBX_AUTH_HTTP : ZBX_AUTH_INTERNAL;
             break;
         case GROUP_GUI_ACCESS_DISABLED:
             /* fall through */
         /* fall through */
         case GROUP_GUI_ACCESS_SYSTEM:
             /* fall through */
     }
     if ($authType == ZBX_AUTH_HTTP) {
         // if PHP_AUTH_USER is not set, it means that HTTP authentication is not enabled
         if (!isset($_SERVER['PHP_AUTH_USER'])) {
             self::exception(ZBX_API_ERROR_PARAMETERS, _('Cannot login.'));
         } elseif ($name !== $_SERVER['PHP_AUTH_USER']) {
             self::exception(ZBX_API_ERROR_PARAMETERS, _s('Login name "%1$s" does not match the name "%2$s" used to pass HTTP authentication.', $name, $_SERVER['PHP_AUTH_USER']));
         }
     }
     try {
         switch ($authType) {
             case ZBX_AUTH_LDAP:
                 $this->ldapLogin($user);
                 break;
             case ZBX_AUTH_INTERNAL:
                 $this->dbLogin($user);
                 break;
             case ZBX_AUTH_HTTP:
         }
     } catch (APIException $e) {
         $ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
         $userInfo['attempt_failed']++;
         DBexecute('UPDATE users' . ' SET attempt_failed=' . zbx_dbstr($userInfo['attempt_failed']) . ',' . ' attempt_clock=' . time() . ',' . ' attempt_ip=' . zbx_dbstr($ip) . ' WHERE userid=' . zbx_dbstr($userInfo['userid']));
         add_audit_details(AUDIT_ACTION_LOGIN, AUDIT_RESOURCE_USER, $userInfo['userid'], '', _s('Login failed "%s".', $name), $userInfo['userid']);
         self::exception(ZBX_API_ERROR_PARAMETERS, $e->getMessage());
     }
     // start session
     $sessionid = md5(time() . $password . $name . rand(0, 10000000));
     DBexecute('INSERT INTO sessions (sessionid,userid,lastaccess,status)' . ' VALUES (' . zbx_dbstr($sessionid) . ',' . zbx_dbstr($userInfo['userid']) . ',' . time() . ',' . ZBX_SESSION_ACTIVE . ')');
     $userData = $this->_getUserData($userInfo['userid']);
     $userData['sessionid'] = $sessionid;
     $userData['gui_access'] = $guiAccess;
     $userData['userid'] = $userInfo['userid'];
     if ($userInfo['attempt_failed']) {
         DBexecute('UPDATE users SET attempt_failed=0 WHERE userid=' . zbx_dbstr($userInfo['userid']));
     }
     CWebUser::$data = self::$userData = $userData;
     return isset($user['userData']) ? $userData : $userData['sessionid'];
 }

Example #8

File: screens.inc.php Project: jbfavre/debian-zabbix

/**
 * Remove screen column.
 *
 * @param array $screen
 * @param int   $col_num
 */
function delScreenColumn(array $screen, $col_num)
{
    foreach ($screen['screenitems'] as $key => &$screen_item) {
        if ($screen_item['x'] == $col_num) {
            unset($screen['screenitems'][$key]);
        } elseif ($screen_item['x'] > $col_num) {
            $screen_item['x']--;
        }
    }
    unset($screen_item);
    DBstart();
    $result = API::Screen()->update(['screenid' => $screen['screenid'], 'hsize' => $screen['hsize'] - 1, 'screenitems' => $screen['screenitems']]);
    if ($result) {
        add_audit_details(AUDIT_ACTION_UPDATE, AUDIT_RESOURCE_SCREEN, $screen['screenid'], $screen['name'], _('Column deleted'));
    }
    DBend($result);
}