コード例 #1
0
ファイル: user_info.php プロジェクト: songchin/Cacti
function api_user_info($array) {

	/* build SQL query */
	$sql_query = "SELECT *, DATE_FORMAT(password_change_last,'%M %e %Y %H:%i:%s') as password_change_last_formatted, DATE_FORMAT(last_login,'%M %e %Y %H:%i:%s') as last_login_formatted FROM user_auth WHERE ";
	$sql_where = "";
	if (($array) && (is_array($array))) {
		foreach ($array as $field => $value) {
			$sql_where .= $field . " = '" . sql_sanitize($value) . "' AND ";
		}
		/* remove trailing AND */
		$sql_where = preg_replace("/ AND\ $/", "", $sql_where);
		$sql_query = $sql_query . $sql_where;
	}else{
		/* error no array */
		return "";
	}

	/* get the user info */
	$user = db_fetch_row($sql_query);
	if ((is_array($user)) && (sizeof($user) > 0)) {
		return $user;
	}else{
		return NULL;
	}

}
コード例 #2
0
ファイル: rra_info.php プロジェクト: songchin/Cacti
function api_rra_consolidation_function_list($rra_id) {
	/* sanity checks */
	validate_id_die($rra_id, "rra_id");

	return array_rekey(db_fetch_assoc("select * from rra_cf where rra_id = " . sql_sanitize($rra_id)), "", "consolidation_function_id");
}
コード例 #3
0
ファイル: database.php プロジェクト: songchin/Cacti
function sql_save($array_items, $table_name, $key_cols = "id") {
	global $cnn_id;

	while (list ($key, $value) = each ($array_items)) {
		$array_items[$key] = "\"" . sql_sanitize($value) . "\"";
	}

	if (!$cnn_id->Replace($table_name, $array_items, $key_cols, false)) { return 0; }

	/* get the last AUTO_ID and return it */
	if ($cnn_id->Insert_ID() == "0") {
		if (!is_array($key_cols)) {
			if (isset($array_items[$key_cols])) {
				return str_replace("\"", "", $array_items[$key_cols]);
			}
		}
		return 0;
	}else{
		return $cnn_id->Insert_ID();
	}
}
コード例 #4
0
ファイル: database_utility.php プロジェクト: songchin/Cacti
function sql_get_quoted_string($field_type, $field_value) {
	if ($field_type == DB_TYPE_STRING) {
		return "'" . sql_sanitize($field_value) . "'";
	}else if ($field_type == DB_TYPE_INTEGER){
		if (is_numeric($field_value)) {
			return $field_value;
		}else{
			log_message("Invalid numeric column value '" . $field_value . "' in " . __FUNCTION__ . "()", LOG_LEVEL_WARNING, "lib-db");
			die("Invalid numeric column value '" . $field_value . "' in " . __FUNCTION__ . "()");
		}
	}else if ($field_type == DB_TYPE_INTEGER) {
		if (db_integer_validate($field_value, true, true)) {
			return $field_value;
		}else{
			log_message("Invalid numeric column value '" . $field_value . "' in " . __FUNCTION__ . "()", LOG_LEVEL_WARNING, "lib-db");
			die("Invalid numeric column value '" . $field_value . "' in " . __FUNCTION__ . "()");
		}
	}else if ($field_type == DB_TYPE_NULL) {
		return "NULL";
	}else if ($field_type == DB_TYPE_BLOB) {
		// i think the addslashes() may cause problems for non-mysql dbs, but it wasn't working for me otherwise
		return "'" . addslashes($field_value) . "'";
	}else if ($field_type == DB_TYPE_HTML_CHECKBOX) {
		if ($field_value == "on") {
			return 1;
		}else if ($field_value == "") {
			return 0;
		}else if ($field_value == "0") {
			return 0;
		}else if ($field_value == "1") {
			return 1;
		}else{
			return 0;
		}
	}else if ($field_type == DB_TYPE_FUNC_NOW) {
		return "NOW()";
	}else if ($field_type == DB_TYPE_FUNC_MD5) {
		return "'" . md5($field_value) . "'";
	}else{
		log_save("Invalid column type '" . $field_type . "' value '" . $field_value . "' in " . __FUNCTION__ . "()", SEV_WARNING);
	}
}
コード例 #5
0
function api_graph_template_data_template_list($graph_template_id) {
	/* sanity checks */
	validate_id_die($graph_template_id, "graph_template_id");

	return db_fetch_assoc("select distinct
		data_template_item.data_template_id as id,
		data_template.template_name
		from graph_template_item,data_template_item,data_template
		where graph_template_item.data_template_item_id=data_template_item.id
		and data_template_item.data_template_id=data_template.id
		and graph_template_item.graph_template_id = " . sql_sanitize($graph_template_id) . "
		order by data_template.template_name");
}
コード例 #6
0
ファイル: database.php プロジェクト: teddywen/cacti
function sql_save($array_items, $table_name, $key_cols = "id", $autoinc = TRUE, $db_conn = FALSE)
{
    global $cnn_id;
    if (read_config_option("log_verbosity") == POLLER_VERBOSITY_DEVDBG) {
        cacti_log("DEVEL: SQL Save on table '{$table_name}': \"" . serialize($array_items) . "\"", FALSE);
    }
    /* check for a connection being passed, if not use legacy behavior */
    if (!$db_conn) {
        $db_conn = $cnn_id;
    }
    while (list($key, $value) = each($array_items)) {
        $array_items[$key] = sql_sanitize($value);
    }
    $replace_result = $db_conn->Replace($table_name, $array_items, $key_cols, FALSE, $autoinc);
    if ($replace_result == 0) {
        cacti_log("ERROR: SQL Save Command Failed for Table '{$table_name}'.  Error was '" . $cnn_id->ErrorMsg() . "'", false);
        return 0;
    }
    /* get the last AUTO_ID and return it */
    if ($db_conn->Insert_ID() == "0" || $replace_result == 1) {
        if (!is_array($key_cols)) {
            if (isset($array_items[$key_cols])) {
                return str_replace("'", "", $array_items[$key_cols]);
            }
        }
        return 0;
    } else {
        return $db_conn->Insert_ID();
    }
}
コード例 #7
0
ファイル: events.php プロジェクト: Kashionz/MapleBit
            if (isset($_SESSION['id'])) {
                $quote = "<a href=\"#comment-" . $c['id'] . "-" . $c['author'] . "\" class=\"quote\">Quote</a> | ";
                $pm = " | <a href=\"?base=ucp&page=mail&uc=" . $c['author'] . "\">PM</a>";
            }
            echo "\n\t\t\t<div class=\"well\"><img src=\"" . get_gravatar($c['email']) . "\" alt=\"" . $c['author'] . "\" class=\"img-responsive\" style=\"float:left;padding-right:10px;\"/>\n\t\t\t<h4 style=\"margin:0px;\">" . $c['author'] . "</h4>\n\t\t\t\t<b>Feedback:</b> " . $feedback . "<br/>\n\t\t\t\t<small>Posted " . ago($c['date']) . ", on " . date('M j, Y', $c['date']) . "</small><br/>\n\t\t\t\t<small>" . $modify . $quote . "<a href=\"#comment-link-" . $c['id'] . "\" class=\"permalink\">Permalink</a><a href=\"?base=main&page=events&id=" . $id . "#comment-" . $c['id'] . "\" class=\"permalinkshow linkid-" . $c['id'] . "\">?base=main&page=events&id=" . $id . "#comment-" . $c['id'] . "</a>" . $pm . "</small><hr/>\n\t\t\t\t<div class=\"breakword\" id=\"comment-" . $c['id'] . "\">" . $clean_comment . "</div>\n\t\t\t\t</div>";
        }
    }
} else {
    $ge = $mysqli->query("SELECT * FROM " . $prefix . "events ORDER BY id DESC") or die;
    $rows = $ge->num_rows;
    if ($rows < 1) {
        echo "<div class=\"alert alert-danger\">Oops! No events to display right now!</div>";
    } else {
        echo "<h2 class=\"text-left\">" . $servername . " Events</h2><hr/>";
        while ($e = $ge->fetch_assoc()) {
            $gc = $mysqli->query("SELECT * FROM " . $prefix . "ecomments WHERE eid='" . sql_sanitize($e['id']) . "' ORDER BY id ASC") or die;
            $cc = $gc->num_rows;
            echo "<img src=\"assets/img/news/" . $e['type'] . ".gif\" alt='' />";
            echo "[" . $e['date'] . "]  \n\t\t\t<b><a href=\"?base=main&amp;page=events&amp;id=" . $e['id'] . "\">" . stripslashes($e['title']) . "</a></b>\n\t\t<span class=\"commentbubble\">\n\t\t\t<b>" . $e['views'] . "</b> views | <b>" . $cc . "</b> comments\n\t\t";
            if (isset($_SESSION['admin'])) {
                echo "\n\t\t\t\t<a href=\"?base=admin&amp;page=manevent&amp;action=edit&amp;id=" . $e['id'] . "\">Edit</a> | \n\t\t\t\t<a href=\"?base=admin&amp;page=manevent&amp;action=del\">Delete</a> | \n\t\t\t\t<a href=\"?base=admin&amp;page=manevent&amp;action=lock\">Lock</a>&nbsp;\n\t\t\t";
            }
            echo "</span><br/>";
        }
    }
}
?>
<script>
<?php 
if (isset($_SESSION['id'])) {
    ?>
コード例 #8
0
ファイル: data_template_info.php プロジェクト: songchin/Cacti
function api_data_template_input_field_list($data_template_id) {
	/* sanity check for $data_template_id */
	if ((!is_numeric($data_template_id)) || (empty($data_template_id))) {
		return false;
	}

	return array_rekey(db_fetch_assoc("select name,t_value,value from data_template_field where data_template_id = " . sql_sanitize($data_template_id)), "name", array("value", "t_value"));

}
コード例 #9
0
ファイル: database.php プロジェクト: MrWnn/cacti
function sql_save($array_items, $table_name, $key_cols = 'id', $autoinc = TRUE, $db_conn = FALSE)
{
    global $database_sessions, $database_default;
    /* check for a connection being passed, if not use legacy behavior */
    if (!$db_conn) {
        $db_conn = $database_sessions[$database_default];
    }
    if (read_config_option('log_verbosity') == POLLER_VERBOSITY_DEVDBG) {
        cacti_log("DEVEL: SQL Save on table '{$table_name}': \"" . serialize($array_items) . '"', FALSE);
    }
    while (list($key, $value) = each($array_items)) {
        $array_items[$key] = '"' . sql_sanitize($value) . '"';
    }
    $replace_result = _db_replace($db_conn, $table_name, $array_items, $key_cols, $autoinc);
    if ($replace_result === false) {
        cacti_log("ERROR: SQL Save Command Failed for Table '{$table_name}'.  Error was '" . mysql_error($db_conn) . "'", false);
        return FALSE;
    }
    /* get the last AUTO_ID and return it */
    if (!$replace_result || db_fetch_insert_id($db_conn) == '0') {
        if (!is_array($key_cols)) {
            if (isset($array_items[$key_cols])) {
                return str_replace('"', '', $array_items[$key_cols]);
            }
        }
        return FALSE;
    } else {
        return $replace_result;
    }
}
コード例 #10
0
ファイル: poller.php プロジェクト: songchin/Cacti
function update_reindex_cache($host_id, $data_query_id) {
	require_once(CACTI_BASE_PATH . "/lib/sys/snmp.php");
	require_once(CACTI_BASE_PATH . "/include/data_query/data_query_constants.php");
	require_once(CACTI_BASE_PATH . "/lib/device/device_info.php");
	require_once(CACTI_BASE_PATH . "/lib/data_query/data_query_info.php");

	/* will be used to keep track of sql statements to execute later on */
	$recache_stack = array();

	/* get information about the host */
	$host = api_device_get($host_id);

	/* get information about the host->data query assignment */
	$host_data_query = api_device_data_query_get($host_id, $data_query_id);

	/* get information about the data query */
	$data_query = api_data_query_get($data_query_id);

	switch ($host_data_query["reindex_method"]) {
		case DATA_QUERY_AUTOINDEX_NONE:
			break;
		case DATA_QUERY_AUTOINDEX_BACKWARDS_UPTIME:
			/* the uptime backwards method requires snmp, so make sure snmp is actually enabled
			 * on this device first */
			if ($host["snmp_community"] != "") {
				$assert_value = cacti_snmp_get($host["hostname"],
					$host["snmp_community"],
					".1.3.6.1.2.1.1.3.0",
					$host["snmp_version"],
					$host["snmpv3_auth_username"],
					$host["snmpv3_auth_password"],
					$host["snmpv3_auth_protocol"],
					$host["snmpv3_priv_passphrase"],
					$host["snmpv3_priv_protocol"],
					$host["snmp_port"],
					$host["snmp_timeout"],
					SNMP_POLLER);

				array_push($recache_stack, "insert into poller_reindex (host_id,data_query_id,action,op,assert_value,arg1) values (" . sql_sanitize($host_id) . "," . sql_sanitize($data_query_id) . ",0,'<','" . sql_sanitize($assert_value) . "','.1.3.6.1.2.1.1.3.0')");
			}

			break;
		case DATA_QUERY_AUTOINDEX_INDEX_NUM_CHANGE:
			/* this method requires that some command/oid can be used to determine the
			 * current number of indexes in the data query */
			$assert_value = api_data_query_cache_num_rows_get($data_query_id, $host_id);

			if ($data_query_type == DATA_QUERY_INPUT_TYPE_SNMP_QUERY) {
				if ($data_query["snmp_oid_num_rows"] != "") {
					array_push($recache_stack, "insert into poller_reindex (host_id,data_query_id,action,op,assert_value,arg1) values (" . sql_sanitize($host_id) . "," . sql_sanitize($data_query_id) . ",0,'=','" . sql_sanitize($assert_value) . "','" . sql_sanitize($data_query["snmp_oid_num_rows"]) . "')");
				}
			}else if ($data_query_type == DATA_QUERY_INPUT_TYPE_SCRIPT_QUERY) {
				array_push($recache_stack, "insert into poller_reindex (host_id,data_query_id,action,op,assert_value,arg1) values (" . sql_sanitize($host_id) . "," . sql_sanitize($data_query_id) . ",1,'=','" . sql_sanitize($assert_value) . "','" . sql_sanitize(api_data_query_script_path_format($data_query_xml["script_path"]) . DATA_QUERY_SCRIPT_ARG_NUM_INDEXES) . "')");
			}

			break;
		case DATA_QUERY_AUTOINDEX_FIELD_VERIFICATION:
			$primary_indexes = api_data_query_cache_field_get($data_query_id, $host_id, $data_query["sort_field"]);

			if (sizeof($primary_indexes) > 0) {
				foreach ($primary_indexes as $index) {
					$assert_value = $index["field_value"];

					if ($data_query_type == DATA_QUERY_INPUT_TYPE_SNMP_QUERY) {
						array_push($recache_stack, "insert into poller_reindex (host_id,data_query_id,action,op,assert_value,arg1) values (" . sql_sanitize($host_id) . "," . sql_sanitize($data_query_id) . ",0,'=','" . sql_sanitize($assert_value) . "','" . sql_sanitize($index["oid"]) . "')");
					}else if ($data_query_type == DATA_QUERY_INPUT_TYPE_SCRIPT_QUERY) {
						array_push($recache_stack, "insert into poller_reindex (host_id,data_query_id,action,op,assert_value,arg1) values (" . sql_sanitize($host_id) . "," . sql_sanitize($data_query_id) . ",1,'=','" . sql_sanitize($assert_value) . "','" . sql_sanitize(api_data_query_script_path_format($data_query_xml["script_path"]) . DATA_QUERY_SCRIPT_ARG_GET . " " . $data_query_xml["fields"]{$data_query["sort_field"]}["query_name"] . " " . $index["snmp_index"]) . "')");
					}
				}
			}

			break;
	}

	/* save the delete for last since we need to reference this table in the code above */
	db_execute("delete from poller_reindex where host_id=$host_id and data_query_id=$data_query_id");

	for ($i=0; $i<count($recache_stack); $i++) {
		db_execute($recache_stack[$i]);
	}
}
コード例 #11
0
function save_schedules()
{
    /* ================= input validation ================= */
    input_validate_input_number(get_request_var_post('id'));
    input_validate_input_number(get_request_var_post('savedquery'));
    input_validate_input_number(get_request_var_post('sendinterval'));
    /* ==================================================== */
    $save['title'] = sql_sanitize($_POST['title']);
    $save['savedquery'] = $_POST['savedquery'];
    $save['sendinterval'] = $_POST['sendinterval'];
    $save['start'] = sql_sanitize($_POST['start']);
    $save['email'] = sql_sanitize($_POST['email']);
    $t = time();
    $d = strtotime($_POST['start']);
    $i = $save['sendinterval'];
    if (isset($_POST['id'])) {
        $save['id'] = $_POST['id'];
        $q = db_fetch_row("SELECT * FROM plugin_flowview_schedules WHERE id = " . $save['id']);
        if (!isset($q['lastsent']) || $save['start'] != $q['start'] || $save['sendinterval'] != $q['sendinterval']) {
            while ($d < $t) {
                $d += $i;
            }
            $save['lastsent'] = $d - $i;
        }
    } else {
        $save['id'] = '';
        while ($d < $t) {
            $d += $i;
        }
        $save['lastsent'] = $d - $i;
    }
    if (isset($_POST["enabled"])) {
        $save["enabled"] = 'on';
    } else {
        $save["enabled"] = 'off';
    }
    $id = sql_save($save, 'plugin_flowview_schedules', 'id', true);
    if (is_error_message()) {
        header('Location: flowview_schedules.php?action=edit&id=' . (empty($id) ? $_POST['id'] : $id));
        exit;
    }
    header("Location: flowview_schedules.php");
    exit;
}
コード例 #12
0
ファイル: data_source_info.php プロジェクト: songchin/Cacti
function api_data_source_item_list($data_source_id) {
	/* sanity checks */
	validate_id_die($data_source_id, "data_source_id");

	return db_fetch_assoc("select
		data_source_item.rrd_heartbeat,
		data_source_item.rrd_minimum,
		data_source_item.rrd_maximum,
		data_source_item.data_source_name,
		data_source_item.data_source_type
		from data_source_item
		where data_source_item.data_source_id = " . sql_sanitize($data_source_id));
}
コード例 #13
0
function api_data_preset_package_vendor_get($preset_id) {
	/* sanity checks */
	validate_id_die($preset_id, "preset_id");

	return db_fetch_cell("select name from preset_package_vendor where id = " . sql_sanitize($preset_id));
}
コード例 #14
0
ファイル: package_info.php プロジェクト: songchin/Cacti
function api_package_author_get($package_author_id) {
	/* sanity checks */
	validate_id_die($package_author_id, "package_author_id");

	return db_fetch_row("select * from package_author where id = " . sql_sanitize($package_author_id));
}
コード例 #15
0
function api_graph_template_item_remove($graph_template_item_id, $delete_attached = true) {
	/* sanity checks */
	validate_id_die($graph_template_item_id, "graph_template_item_id");

	/* base tables */
	db_delete("graph_template_item",
		array(
			"id" => array("type" => DB_TYPE_INTEGER, "value" => $graph_template_item_id)
			));
	db_delete("graph_template_item_input_item",
		array(
			"graph_template_item_id" => array("type" => DB_TYPE_INTEGER, "value" => $graph_template_item_id)
			));

	/* attached graph items */
	if ($delete_attached === true) {
		db_delete("graph_item",
			array(
				"graph_template_item_id" => array("type" => DB_TYPE_INTEGER, "value" => $graph_template_item_id)
				));
	}else{
		db_execute("UPDATE graph_item SET graph_template_item_id = 0 WHERE graph_template_item_id = " . sql_sanitize($graph_template_item_id));
	}
}
コード例 #16
0
ファイル: ticket.php プロジェクト: javcj516/MapleBit
        if (isset($_POST['subcomment'])) {
            $postComment = $mysqli->real_escape_string($_POST['comment']);
            if (strlen($postComment) < 10) {
                echo "Please provide more information.";
            } else {
                $insertComment = $mysqli->query("INSERT INTO " . $prefix . "tcomments (ticketid, user, content, date_com)\n\t\t\t\t\t\t\tVALUES " . "('" . $_GET['a'] . "', '" . $_SESSION['pname'] . "', '" . $postComment . "', '" . date('F d - g:i A') . "')") or die(mysql_error());
                $insertComment = $mysqli->query("UPDATE " . $prefix . "tickets SET date = '" . date('F d - g:i A') . "' WHERE ticketid = '" . sql_sanitize($_GET['a']) . "'") or die(mysql_error());
                if ($insertComment) {
                    echo "<meta http-equiv=\"refresh\" content=\"0; url=\"/>";
                } else {
                    echo "There was an error processing your update. Please notify the admin.";
                }
            }
        }
        if (isset($_POST['close'])) {
            $closeTicket = $mysqli->query("UPDATE " . $prefix . "tickets SET status = 0 WHERE ticketid = '" . sql_sanitize($_GET['a']) . "'");
            if ($closeTicket) {
                echo "<br/><div class=\"alert alert-success\">This ticket was successfully closed! You will be redirected in five seconds.</div>";
                redirect_wait5("?base=admin&amp;page=ticket");
            }
        }
    }
} else {
    redirect("?base");
}
?>
<script>
<?php 
if (isset($_SESSION['id'])) {
    ?>
CKEDITOR.replace( 'ticketDetails', {
コード例 #17
0
function api_data_preset_cdef_get($preset_cdef_id) {
	/* sanity checks */
	validate_id_die($preset_cdef_id, "preset_cdef_id");

	return db_fetch_row("select * from preset_cdef where id = " . sql_sanitize($preset_cdef_id));
}
コード例 #18
0
ファイル: graphs_items.php プロジェクト: songchin/Cacti
function item_edit()
{
    global $colors;
    /* if the user pushed the 'clear' button */
    if (isset($_REQUEST["clear_x"])) {
        kill_session_var("sess_ds_host_id");
        unset($_REQUEST["host_id"]);
    }
    /* remember these search fields in session vars so we don't have to keep passing them around */
    load_current_session_value("filter", "sess_ds_filter", "");
    load_current_session_value("host_id", "sess_ds_host_id", "-1");
    $host = db_fetch_row("select hostname from host where id = " . sql_sanitize($_REQUEST["host_id"]));
    html_start_box("<strong>Data Source by Host</strong> [host: " . (empty($host["hostname"]) ? "No Host" : $host["hostname"]) . "]", "98%", $colors["header"], "3", "center", "");
    include "./include/html/inc_graph_items_filter_table.php";
    html_end_box();
    if ($_REQUEST["host_id"] == "-1") {
        $sql_where = "";
    } elseif ($_REQUEST["host_id"] == "0") {
        $sql_where = " and data_local.host_id = 0";
    } elseif (!empty($_REQUEST["host_id"])) {
        $sql_where = " and data_local.host_id = " . sql_sanitize($_REQUEST["host_id"]);
    }
    if (!empty($_GET["id"])) {
        $graph_item = db_fetch_row("select * from graph_item where id = " . sql_sanitize($_GET["id"]));
        $host_id = db_fetch_cell("select host_id from graph where id = " . sql_sanitize($_GET["graph_id"]));
    }
    /* by default, select the LAST DS chosen to make everyone's lives easier */
    $default = db_fetch_row("select data_source_item_id from graph_item where graph_id = " . sql_sanitize($_GET["graph_id"]) . " order by sequence DESC limit 1");
    form_start("graphs_items.php", "form_graph_item");
    /* ==================== Box: Graph Item ==================== */
    html_start_box("<strong>" . _("Graph Item") . "</strong> [Graph: " . db_fetch_cell("select title_cache from graph where id=" . $_GET["graph_id"]) . "]", "98%", $colors["header_background"], "3", "center", "");
    _graph_item_field__data_source_item_id("data_source_item_id", sizeof($default) == 1 ? $default["data_source_item_id"] : "0", empty($_GET["id"]) ? 0 : $_GET["id"], $host_id);
    _graph_item_field__color("color", isset($graph_item["color"]) ? $graph_item["color"] : "", empty($_GET["id"]) ? 0 : $_GET["id"]);
    _graph_item_field__graph_item_type("graph_item_type", isset($graph_item["graph_item_type"]) ? $graph_item["graph_item_type"] : "", empty($_GET["id"]) ? 0 : $_GET["id"]);
    _graph_item_field__consolidation_function("consolidation_function", isset($graph_item["consolidation_function"]) ? $graph_item["consolidation_function"] : "", empty($_GET["id"]) ? 0 : $_GET["id"]);
    _graph_item_field__cdef("cdef", isset($graph_item["cdef"]) ? $graph_item["cdef"] : "", empty($_GET["id"]) ? 0 : $_GET["id"]);
    _graph_item_field__gprint_format("gprint_format", isset($graph_item["gprint_format"]) ? $graph_item["gprint_format"] : "", empty($_GET["id"]) ? 0 : $_GET["id"]);
    _graph_item_field__legend_value("legend_value", isset($graph_item["legend_value"]) ? $graph_item["legend_value"] : "", empty($_GET["id"]) ? 0 : $_GET["id"]);
    _graph_item_field__legend_format("legend_format", isset($graph_item["legend_format"]) ? $graph_item["legend_format"] : "", empty($_GET["id"]) ? 0 : $_GET["id"]);
    _graph_item_field__hard_return("hard_return", isset($graph_item["hard_return"]) ? $graph_item["hard_return"] : "", empty($_GET["id"]) ? 0 : $_GET["id"]);
    form_hidden_box("graph_item_id", isset($graph_item) ? $graph_item["id"] : "0", "");
    form_hidden_box("graph_id", $_GET["graph_id"], "0");
    form_hidden_box("save_component_item", "1", "");
    html_end_box();
    form_save_button("graphs.php?action=edit&id=" . $_GET["graph_id"]);
}
コード例 #19
0
ファイル: database.php プロジェクト: songchin/Cacti
function sql_save($array_items, $table_name, $key_cols = "id", $autoinc = TRUE, $db_conn = FALSE)
{
    global $cnn_id;
    /* check for a connection being passed, if not use legacy behavior */
    if (!$db_conn) {
        $db_conn = $cnn_id;
    }
    while (list($key, $value) = each($array_items)) {
        $array_items[$key] = "\"" . sql_sanitize($value) . "\"";
    }
    $replace_result = $db_conn->Replace($table_name, $array_items, $key_cols, FALSE, $autoinc);
    if ($replace_result == 0) {
        return 0;
    }
    /* get the last AUTO_ID and return it */
    if ($db_conn->Insert_ID() == "0" || $replace_result == 1) {
        if (!is_array($key_cols)) {
            if (isset($array_items[$key_cols])) {
                return str_replace("\"", "", $array_items[$key_cols]);
            }
        }
        return 0;
    } else {
        return $db_conn->Insert_ID();
    }
}
コード例 #20
0
ファイル: data_query_execute.php プロジェクト: songchin/Cacti
function api_data_query_snmp_execute($host_id, $data_query_id) {
	require_once(CACTI_BASE_PATH . "/include/data_query/data_query_constants.php");
	require_once(CACTI_BASE_PATH . "/lib/data_query/data_query_info.php");
	require_once(CACTI_BASE_PATH . "/lib/device/device_info.php");

	/* get information about the data query */
	$data_query = api_data_query_get($data_query_id);

	/* get a list of all input fields defined for this data query */
	$data_query_fields = api_data_query_field_list($data_query_id, DATA_QUERY_FIELD_TYPE_INPUT);

	/* fetch a list of indexes for this data query */
	$field_values{$data_query["index_field_id"]} = api_data_query_snmp_execute_field($host_id, $data_query["index_field_id"]);

	if (($field_values{$data_query["index_field_id"]} === false) || (sizeof($field_values{$data_query["index_field_id"]}) == 0)) {
		debug_log_insert("data_query", _("No indexes returned, cannot continue."));
		return false;
	}

	/* reindex the parsed index values as a hash (value->oid) for quicker access. DUPLICATE INDEX VALUES
	 * WILL CAUSE PROBLEMS HERE */
	foreach ($field_values{$data_query["index_field_id"]} as $result) {
		$index_field_values{$result["value_parsed"]} = true;
	}

	/* clear old data from the data query cache */
	db_execute("delete from host_data_query_cache where host_id = " . sql_sanitize($host_id) . " and data_query_id = " . sql_sanitize($data_query_id));

	if (is_array($data_query_fields)) {
		foreach ($data_query_fields as $field) {
			/* fetch a list of values for this field (assuming that we haven't already seen it */
			if (!isset($field_values{$field["id"]})) {
				$field_values{$field["id"]} = api_data_query_snmp_execute_field($host_id, $field["id"]);
			}else{
				debug_log_insert("data_query", "Walking OID '" . $field["source"] . "' (cached)");
			}

			/* see if we have some output to play with */
			if (($field_values{$field["id"]} !== false) && (sizeof($field_values{$field["id"]}) > 0)) {
				foreach ($field_values{$field["id"]} as $oid => $result) {
					/* stick with the 0.8.x behavior: use the value for the index when the actual value is
					 * derived from the oid */
					if (($field["method_type"] == DATA_QUERY_FIELD_METHOD_OID_OCTET) || ($field["method_type"] == DATA_QUERY_FIELD_METHOD_OID_PARSE)) {
						$expected_index = $result["value"];
					/* find the index at the end of the oid */
					}else{
						$expected_index = substr($oid, strlen($field["source"])+1);
					}

					/* a match for this index has been located */
					if (isset($index_field_values[$expected_index])) {
						debug_log_insert("data_query", sprintf(_("Found value [%s = '%s'] for index [%s]"), $field["name"], $result["value_parsed"], $expected_index));

						db_insert("host_data_query_cache",
							array(
								"host_id" => array("type" => DB_TYPE_INTEGER, "value" => $host_id),
								"data_query_id" => array("type" => DB_TYPE_INTEGER, "value" => $data_query_id),
								"field_name" => array("type" => DB_TYPE_STRING, "value" => $field["name"]),
								"field_value" => array("type" => DB_TYPE_STRING, "value" => $result["value_parsed"]),
								"index_value" => array("type" => DB_TYPE_STRING, "value" => $expected_index),
								"oid" => array("type" => DB_TYPE_STRING, "value" => $oid)
								),
							array("host_id", "data_query_id", "field_name", "index_value"));
					/* a match for this index has not been located */
					}else{
						debug_log_insert("data_query", _("Ignoring unknown index '$expected_index'."));
					}
				}
			}else{
				debug_log_insert("data_query", _("No values returned from the field '" . $field["name"] . "', ignoring."));
			}
		}
	}

	return true;
}
コード例 #21
0
ファイル: database.php プロジェクト: songchin/Cacti
function sql_save($array_items, $table_name, $key_cols = "id", $autoinc = true) {
	global $cnn_id;

	while (list ($key, $value) = each ($array_items)) {
		$array_items[$key] = "\"" . sql_sanitize($value) . "\"";
	}

	$replace_result = $cnn_id->Replace($table_name, $array_items, $key_cols, FALSE, $autoinc);

	if ($replace_result == 0) {
		return 0;
	}

	/* get the last AUTO_ID and return it */
	if (($cnn_id->Insert_ID() == "0") || ($replace_result == 1)) {
		if (!is_array($key_cols)) {
			if (isset($array_items[$key_cols])) {
				return str_replace("\"", "", $array_items[$key_cols]);
			}
		}

		return 0;
	}else{
		return $cnn_id->Insert_ID();
	}
}
コード例 #22
0
ファイル: update.php プロジェクト: songchin/Cacti
/**
 * Send syslog message to a syslog server
 *
 * Generates and sends a syslog packet to a syslog server
 *
 * @param string $syslog_server Server to send syslog messages to
 * @param int $syslog_server_port Port to send to on syslog server
 * @param int $syslog_facility Syslog facility value, refer to syslog log constants
 * @param int $syslog_severity Syslog severity value, refer to syslog log constants
 * @param string $syslog_message message to send to syslog server
 * @return bool true on sent, false on error
 */
function log_save_syslog ($syslog_server, $syslog_server_port, $syslog_facility, $syslog_severity, $syslog_message) {
	global $cnn_id;

	/* Set syslog tag */
	$syslog_tag = "cacti";

	/* Get the pid */
	$pid = getmypid();

	/* Set syslog server */
	if (strtolower(substr($syslog_server, 0, 5)) == "udp://") {
		$syslog_server = strtolower($syslog_server);
	} elseif (strtolower(substr($syslog_server, 0, 5)) == "udp://") {
		$syslog_server = strtolower($syslog_server);
	}else{
		$syslog_server = "udp://" . $syslog_server;
	}

	/* Check facility */
	if (empty($syslog_facility)) {
		$syslog_facility = SYSLOG_LOCAL0;
	}
	if (($syslog_facility > 23) || ($syslog_facility < 0)) {
		$syslog_facility = SYSLOG_LOCAL0;
	}

	/* Check severity */
	if (empty($syslog_severity)) {
		$syslog_severity = SYSLOG_INFO;
	}
	if (($syslog_severity > 7) || ($syslog_severity < 0)) {
		$syslog_severity = SYSLOG_INFO;
	}

	/* Make syslog packet */
	$device = $_SERVER["SERVER_NAME"];
	$time = time();
	if (strlen(date("j", $time)) < 2) {
		$time = date("M  j H H:i:s", $time);
	}else{
		$time = date("M j H H:i:s", $time);
	}
	$priority = ($syslog_facility * 8) + $syslog_severity;
	$packet = "<" . $priority . ">" . $syslog_tag . "[" . $pid  . "]: " . $syslog_message;
	if (strlen($packet) > 1024) {
		$packet = substr($packet, 0, 1024);
	}

	/* Send the syslog message */
	$socket = @fsockopen($syslog_server, $syslog_server_port, $error_number, $error_string);
	if ($socket) {
		@fwrite($socket, $packet);
		@fclose($socket);
		return true;
	}else{
		/* socket error - log to database */
		$sql = "insert into log
			(logdate,facility,severity,poller_id,host_id,username,source,plugin,message) values
			(SYSDATE(), " . CACTI_LOG_FAC_SYSTEM . "," . CACTI_LOG_SEV_ERROR . ",0,0,'SYSTEM','SYSLOG','N/A','". sql_sanitize("Syslog error[" . $error_number ."]: " . $error_string) . "');";
		/* DO NOT USE db_execute, function looping can occur when in CACTI_LOG_SEV_DEV mode */
		$cnn_id->Execute($sql);
		return false;
	}

	return true;

}
コード例 #23
0
ファイル: gmblog.php プロジェクト: Kashionz/MapleBit
    die("403 - Access Forbidden");
}
?>
<script src="assets/libs/cksimple/ckeditor.js"></script>
<style>
blockquote {
	margin: 0px;
	
}
.permalinkshow {
	display: none;
}
</style>
<?php 
if (@$_GET['id']) {
    $id = sql_sanitize($_GET['id']);
    $gb = $mysqli->query("SELECT * FROM " . $prefix . "gmblog WHERE id='" . $id . "'") or die;
    $b = $gb->fetch_assoc();
    require_once 'assets/libs/HTMLPurifier.standalone.php';
    $config = HTMLPurifier_Config::createDefault();
    $config->set('HTML.SafeIframe', true);
    $config->set('HTML.TargetBlank', true);
    $config->set('HTML.SafeObject', true);
    $config->set('Output.FlashCompat', true);
    $config->set('HTML.SafeEmbed', true);
    $config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\\.youtube(?:-nocookie)?\\.com/embed/|player\\.vimeo\\.com/video/)%');
    //allow YouTube and Vimeo
    $purifier = new HTMLPurifier($config);
    $clean_html = $purifier->purify($b['content']);
    $positive = 0;
    $negative = 0;
コード例 #24
0
ファイル: poller_hmib.php プロジェクト: khoimt/cacti-sample
function collect_hrSystem(&$host)
{
    global $hrSystem;
    if (sizeof($host)) {
        debug("Polling hrSystem from '" . $host["description"] . "[" . $host["hostname"] . "]'");
        $hostMib = cacti_snmp_walk($host["hostname"], $host["snmp_community"], ".1.3.6.1.2.1.25.1", $host["snmp_version"], $host["snmp_username"], $host["snmp_password"], $host["snmp_auth_protocol"], $host["snmp_priv_passphrase"], $host["snmp_priv_protocol"], $host["snmp_context"], $host["snmp_port"], $host["snmp_timeout"], read_config_option("snmp_retries"), $host["max_oids"], SNMP_VALUE_LIBRARY, SNMP_WEBUI);
        $systemMib = cacti_snmp_walk($host["hostname"], $host["snmp_community"], ".1.3.6.1.2.1.1", $host["snmp_version"], $host["snmp_username"], $host["snmp_password"], $host["snmp_auth_protocol"], $host["snmp_priv_passphrase"], $host["snmp_priv_protocol"], $host["snmp_context"], $host["snmp_port"], $host["snmp_timeout"], read_config_option("snmp_retries"), $host["max_oids"], SNMP_VALUE_LIBRARY, SNMP_WEBUI);
        $hostMib = array_merge($hostMib, $systemMib);
        $set_string = "";
        // Locate the values names
        if (sizeof($hostMib)) {
            foreach ($hostMib as $mib) {
                /* do some cleanup */
                if (substr($mib["oid"], 0, 1) != ".") {
                    $mib["oid"] = "." . trim($mib["oid"]);
                }
                if (substr($mib["value"], 0, 4) == "OID:") {
                    $mib["value"] = str_replace("OID:", "", $mib["value"]);
                }
                $key = array_search($mib["oid"], $hrSystem);
                if ($key == "date") {
                    $mib["value"] = hmib_dateParse($mib["value"]);
                }
                if (!empty($key)) {
                    $set_string .= (strlen($set_string) ? "," : "") . $key . "='" . sql_sanitize(trim($mib["value"], ' "')) . "'";
                }
            }
        }
        /* Update the values */
        if (strlen($set_string)) {
            db_execute("UPDATE plugin_hmib_hrSystem SET {$set_string} WHERE host_id=" . $host["id"]);
        }
    }
}
コード例 #25
0
ファイル: graph_tree_info.php プロジェクト: songchin/Cacti
function api_graph_tree_item_get($graph_tree_item_id) {
	/* sanity checks */
	validate_id_die($graph_tree_item_id, "graph_tree_item_id");

	return db_fetch_row("select * from graph_tree_items where id = " . sql_sanitize($graph_tree_item_id));
}
コード例 #26
0
ファイル: graph_tree_update.php プロジェクト: songchin/Cacti
function api_graph_tree_item_move($graph_tree_item_id, $direction) {
	require_once(CACTI_BASE_PATH . "/lib/graph_tree/graph_tree_info.php");

	/* sanity checks */
	validate_id_die($graph_tree_item_id, "graph_tree_item_id");

	if (($direction != "up") && ($direction != "down")) {
		return false;
	}

	/* obtain a copy of the current graph tree item */
	$graph_tree_item = api_graph_tree_item_get($graph_tree_item_id);

	/* find out where in the tree this item is located */
	$current_depth = api_graph_tree_item_depth_get($graph_tree_item["order_key"]);

	$displaced_row = db_fetch_row("select
		order_key
		from graph_tree_items
		where order_key " . ($direction == "up" ? "<" : ">") . " " . sql_sanitize($graph_tree_item["order_key"]) . "
		and order_key like '%" . sql_sanitize(substr($graph_tree_item["order_key"], ($current_depth * CHARS_PER_TIER))) . "'
		and order_key not like '%" . sql_sanitize(str_repeat('0', CHARS_PER_TIER) . substr($graph_tree_item["order_key"], ($current_depth * CHARS_PER_TIER))) . "'
		and graph_tree_id = " . $graph_tree_item["graph_tree_id"] . "
		order by order_key " .  ($direction == "up" ? "DESC" : "ASC"));

	if ((is_array($displaced_row)) && (isset($displaced_row["order_key"]))) {
		$old_root = sql_sanitize(substr($graph_tree_item["order_key"], 0, ($current_depth * CHARS_PER_TIER)));
		$new_root = sql_sanitize(substr($displaced_row["order_key"], 0, ($current_depth * CHARS_PER_TIER)));

		db_execute("UPDATE graph_tree_items SET order_key = CONCAT('" . str_pad('', ($current_depth * CHARS_PER_TIER), 'Z') . "',SUBSTRING(order_key," . (($current_depth * CHARS_PER_TIER) + 1).")) WHERE order_key LIKE '$new_root%' AND graph_tree_id = " . $graph_tree_item["graph_tree_id"]);
		db_execute("UPDATE graph_tree_items SET order_key = CONCAT('$new_root',SUBSTRING(order_key," . (($current_depth * CHARS_PER_TIER) + 1) . ")) WHERE order_key LIKE '$old_root%' AND graph_tree_id = " . $graph_tree_item["graph_tree_id"]);
		db_execute("UPDATE graph_tree_items SET order_key = CONCAT('$old_root',SUBSTRING(order_key," . (($current_depth * CHARS_PER_TIER) + 1) . ")) WHERE order_key LIKE '" . str_pad('', ($current_depth * CHARS_PER_TIER), 'Z') . "%' AND graph_tree_id = " . $graph_tree_item["graph_tree_id"]);
	}
}
コード例 #27
0
ファイル: device_info.php プロジェクト: songchin/Cacti
function api_device_data_query_get($device_id, $data_query_id) {
	/* sanity check for $data_query_id */
	if ((!is_numeric($data_query_id)) || (empty($data_query_id))) {
		log_save("Invalid input '$data_query_id' for 'data_query_id' in " . __FUNCTION__ . "()", SEV_ERROR);
		return false;
	}

	/* sanity check for $device_id */
	if ((!is_numeric($device_id)) || (empty($device_id))) {
		log_save("Invalid input '$device_id' for 'host_id' in " . __FUNCTION__ . "()", SEV_ERROR);
		return false;
	}

	return db_fetch_row("select * from host_data_query where host_id = " . sql_sanitize($device_id) . " and data_query_id = " . sql_sanitize($data_query_id));
}
コード例 #28
0
ファイル: auth_info.php プロジェクト: songchin/Cacti
/**
 * Returns information about an auth control entry
 *
 * Returns information array for a given auth control entries, or single requested value.
 *
 * @return array fields => values or value, false on error
 */
function api_auth_control_get($control_type, $control_id, $data_field = "") {

	/* include required arrays */
	require(CACTI_BASE_PATH . "/include/auth/auth_arrays.php");

	/* Validate input */
	if (!is_numeric($control_id)) {
		return false;
	}
	if (!is_numeric($control_type)) {
		return false;
	}

	/* Setup variables */
	$value = false;
	$expired = true;
	$session = false;
	$user = false;
	if ($control_type == AUTH_CONTROL_OBJECT_TYPE_USER) {
		$user = true;
		$data_fields = $auth_control_data_user_fields;
	} elseif ($control_type == AUTH_CONTROL_OBJECT_TYPE_GROUP) {
		$data_fields = $auth_control_data_group_fields;
	}else{
		$data_fields = array();
	}

	/* Control record */
	$control = db_fetch_row("SELECT * FROM (auth_control) WHERE id = " . $control_id . " AND object_type = " . $control_type);
	if (sizeof($control) == 0) {
		return false;
	}

	/* Check session for variable and that we can use the session */
	if ((isset($_SESSION["auth_control_user_id"])) && ($user)) {
		if ($_SESSION["auth_control_user_id"] == $control_id) {
			if (isset($_SESSION["auth_data"])) {
				print_a($_SESSION["auth_data"]);
				$session = true;
			}
		}
	}

	/* Check update to user record if active session*/
	if ((isset($_SESSION["auth_data"]["updated_when"])) && ($session) && ($user)) {
		if ($_SESSION["auth_data"]["updated_when"] == $control["updated_when"]) {
			$expired = false;
		}
	}

	/* Get the requested data */
	if (! empty($data_field)) {
		/* single value return */

		/* Get the value from the session else go to the database, if we are allowed to use the session */
		if ((isset($_SESSION["auth_data"][$data_field])) && (! $expired) && ($session)) {
			$value = $_SESSION["auth_data"][$data_field];
		}else{
			$data = db_fetch_row("SELECT * FROM (auth_data) WHERE control_id = " . $control_id . " AND name = '" . sql_sanitize($data_field) . "'");
			if (isset($data[$data_field])) {
				$value = $data["value"];
			}else{
				if (isset($data_fields[$data_field])) {
					/* use default value */
					$value = $data_fields[$data_field];
				}else{
					/* data field not found */
					return false;
				}
			}

			/* put the value into the session if we are using sessions */
			if (($session) && ($user)) {
				$_SESSION["auth_data"][$data_field] = $value;
			}
		}

	}else{
		/* multi value return */

		/* Get the values from the session else go to the database, if we are allowed to use the session */
		if ((! $expired) && ($session)) {
			/* get current session variables */
			$value = $_SESSION["auth_data"];

		}else{
			/* set control data */
			$value = $control;

			/* get control data for this control id */
			$data = db_fetch_assoc("SELECT * FROM (auth_data) WHERE control_id = " . $control_id . " AND name in('" . implode("','",array_keys($data_fields)). "')");
			if (sizeof($data) > 0) {
				foreach ($data as $db_row) {
					$value[$db_row["name"]] = $db_row["value"];
				}
			}

		}

		/* check that required control data values are present */
		$db_values = array();
		foreach ($data_fields as $key => $default_value) {
			if (! array_key_exists($key, $value)) {
				/* default value not set, let's get it */
				if (sizeof($db_values) == 0) {
					$control_data = db_fetch_assoc("SELECT * FROM (auth_data) WHERE control_id = " . $control_id);
					foreach ($control_data as $data_row) {
						$db_values[$data_row["name"]] = $data_row["value"];
					}
				}
				if (array_key_exists($key, $db_values)) {
					$value[$key] = $db_values[$key];
				}else{
					$value[$key] = $data_fields[$key];
				}
			}
		}

		/* update session values if needed */
		if (($session) && ($user)) {
			$_SESSION["auth_data"] = $value;
		}

	}

	return $value;

}
コード例 #29
0
function api_graph_template_item_input_propagate($graph_template_item_input_id, $value) {
	require_once(CACTI_BASE_PATH . "/lib/graph/graph_info.php");

	if ((empty($graph_template_item_input_id)) || (!is_numeric($graph_template_item_input_id))) {
		return false;
	}

	/* retrieve a list of graph item fields */
	$graph_item_fields = api_graph_item_form_list();

	/* get the db field name for this graph item input */
	$input_field_name = db_fetch_cell("select field_name from graph_template_item_input where id = " . sql_sanitize($graph_template_item_input_id));

	if ($input_field_name != "") {
		$graph_template_items = db_fetch_assoc("select graph_template_item_id from graph_template_item_input_item where graph_template_item_input_id = " . sql_sanitize($graph_template_item_input_id));

		if (sizeof($graph_template_items) > 0) {
			foreach ($graph_template_items as $graph_template_item) {
				db_update("graph_item",
					array(
						"graph_template_item_id" => array("type" => DB_TYPE_INTEGER, "value" => $graph_template_item["graph_template_item_id"]),
						$input_field_name => array("type" => $graph_item_fields[$input_field_name]["data_type"], "value" => $value)
						),
					array("graph_template_item_id"));
			}
		}

		return true;
	}else{
		return false;
	}
}
コード例 #30
0
ファイル: database.php プロジェクト: khoimt/cacti-sample
function syslog_sql_save($array_items, $table_name, $key_cols = "id", $autoinc = true)
{
    global $syslog_cnn, $cnn_id;
    /* use cacti function if using Cacti db */
    if ($syslog_cnn == $cnn_id) {
        return sql_save($array_items, $table_name, $key_cols, $autoinc);
    }
    while (list($key, $value) = each($array_items)) {
        $array_items[$key] = "\"" . sql_sanitize($value) . "\"";
    }
    $replace_result = $syslog_cnn->Replace($table_name, $array_items, $key_cols, FALSE, $autoinc);
    if ($replace_result == 0) {
        return 0;
    }
    /* get the last AUTO_ID and return it */
    if ($syslog_cnn->Insert_ID() == "0" || $replace_result == 1) {
        if (!is_array($key_cols)) {
            if (isset($array_items[$key_cols])) {
                return str_replace("\"", "", $array_items[$key_cols]);
            }
        }
        return 0;
    } else {
        return $syslog_cnn->Insert_ID();
    }
}