function is_indicator_allowed($conn, $type, $asset_id) { $has_perm = 1; if (Session::am_i_admin()) { return $has_perm; } if ($type == 'host') { $has_perm = Session::hostAllowed($conn, $asset_id); } elseif ($type == 'sensor' || $type == 'server') { $has_perm = Session::sensorAllowed($asset_id); } elseif ($type == 'net') { $has_perm = Session::netAllowed($conn, $asset_id); } elseif ($type == 'host_group' || $type == 'hostgroup') { $has_perm = Session::groupHostAllowed($conn, $asset_id); } elseif ($type == 'net_group' || $type == 'netgroup') { $has_perm = Session::groupAllowed($conn, $asset_id); } return $has_perm; }
function print_indicators($map, $print_inputs = false, $linked = 1) { require_once 'classes/Host.inc'; require_once 'classes/Net.inc'; require_once 'ossim_db.inc'; $db = new ossim_db(); $conn = $db->connect(); list($sensors_aux, $hosts_aux) = Host::get_ips_and_hostname($conn, true); $all_nets = Net::get_list($conn); $hosts = array_flip($hosts_aux); $sensors = array_flip($sensors_aux); $nets = array(); foreach ($all_nets as $k => $v) { $nets[$v->get_name()] = $v->get_name(); } $query = "SELECT * FROM risk_indicators WHERE name <> 'rect' AND map= ?"; $params = array($map); if (!($rs =& $conn->Execute($query, $params))) { print $conn->ErrorMsg(); } else { while (!$rs->EOF) { if (Session::am_i_admin()) { $has_perm = 1; } else { $has_perm = indicatorAllowed($conn, $rs->fields['type'], $rs->fields['type_name'], $hosts, $sensors, $nets); } if ($has_perm) { $id = $rs->fields["id"]; if ($print_inputs) { $name = mb_detect_encoding($rs->fields["name"] . " ", 'UTF-8,ISO-8859-1') == 'UTF-8' ? $rs->fields["name"] : mb_convert_encoding($rs->fields["name"], 'UTF-8', 'ISO-8859-1'); $type = $rs->fields["type"]; $type_name = mb_detect_encoding($rs->fields["type_name"] . " ", 'UTF-8,ISO-8859-1') == 'UTF-8' ? $rs->fields["type_name"] : mb_convert_encoding($rs->fields["type_name"], 'UTF-8', 'ISO-8859-1'); $url = $rs->fields["url"]; $size = $rs->fields["size"]; $icon = preg_replace("/\\#.*/", "", $rs->fields["icon"]); $val = preg_match("/\\#(.+)/", $rs->fields["icon"], $found) ? $found[1] : ""; echo "<input type='hidden' name='dataname" . $id . "' id='dataname" . $id . "' value='" . $name . "'/>\n"; echo "<input type='hidden' name='datatype" . $id . "' id='datatype" . $id . "' value='" . $type . "'/>\n"; echo "<input type='hidden' name='type_name" . $id . "' id='type_name" . $id . "' value='" . $type_name . "'/>\n"; echo "<input type='hidden' name='dataurl" . $id . "' id='dataurl" . $id . "' value='" . $url . "'/>\n"; echo "<input type='hidden' name='dataicon" . $id . "' id='dataicon" . $id . "' value='" . $icon . "'/>\n"; echo "<input type='hidden' name='dataiconsize" . $id . "' id='dataiconsize" . $id . "' value='" . $size . "'/>\n"; echo "<input type='hidden' name='dataiconbg" . $id . "' id='dataiconbg" . $id . "' value='" . $val . "'/>\n"; } $style = "z-index:10;\r\n\t\t\t\t\t\t border:1px solid transparent;\r\n\t\t\t\t\t\t cursor:pointer;\r\n\t\t\t\t\t\t background:url(../pixmaps/1x1.png);\r\n\t\t\t\t\t\t visibility:hidden;\r\n\t\t\t\t\t\t position:absolute;\r\n\t\t\t\t\t\t left:" . $rs->fields["x"] . "px;\r\n\t\t\t\t\t\t top:" . $rs->fields["y"] . "px;\r\n\t\t\t\t\t\t height:" . $rs->fields["h"] . "px;\r\n\t\t\t\t\t\t width:" . $rs->fields["w"] . "px;\r\n\t\t\t\t"; ?> <div id="indicator<?php echo $id; ?> " class="itcanbemoved" style="<?php echo $style; ?> "> <?php print_indicator_content($conn, $rs, $linked); ?> </div> <?php } $rs->MoveNext(); } } $query = "SELECT * FROM risk_indicators WHERE name='rect' AND map = ?"; $params = array($map); if (!($rs =& $conn->Execute($query, $params))) { print $conn->ErrorMsg(); } else { while (!$rs->EOF) { $has_perm = 0; if (Session::am_i_admin()) { $has_perm = 1; } else { if ($type == "host") { $has_perm = !empty($hosts[$type_name]) ? 1 : 0; } elseif ($type == "sensor" || $type == "server") { $has_perm = !empty($sensors[$type_name]) ? 1 : 0; } elseif ($type == "net") { $has_perm = !empty($nets[$type_name]) ? 1 : 0; } elseif ($type == "host_group") { if (Session::groupHostAllowed($conn, $type_name)) { $has_perm = 1; } } else { $has_perm = 1; } } if ($has_perm) { $id = $rs->fields["id"]; if ($print_inputs) { $name = $rs->fields["name"]; $url = $rs->fields["url"]; echo "<input type='hidden' name='dataname" . $id . "' id='dataname" . $id . "' value='" . $name . "'/>\n"; echo "<input type='hidden' name='dataurl" . $id . "' id='dataurl" . $id . "' value='" . $url . "'/>\n"; } $style = "border:1px solid transparent;\r\n\t\t\t\t\t\t cursor:pointer;\r\n\t\t\t\t\t\t background:url(../pixmaps/1x1.png);\r\n\t\t\t\t\t\t visibility:hidden;\r\n\t\t\t\t\t\t position:absolute;\r\n\t\t\t\t\t\t left:" . $rs->fields["x"] . "px;\r\n\t\t\t\t\t\t top:" . $rs->fields["y"] . "px;\r\n\t\t\t\t\t\t height:" . $rs->fields["h"] . "px;\r\n\t\t\t\t\t\t width:" . $rs->fields["w"] . "px;\r\n\t\t\t\t"; ?> <div id="rect<?php echo $id; ?> " class="itcanbemoved" style="<?php echo $style; ?> "> <?php print_rectangle_content($conn, $print_inputs); ?> </div> <?php } $rs->MoveNext(); } } }