if (isset($_GET['referer'])) {
$szRedir = $_GET['referer'];
} else {
if (isset($_POST['referer'])) {
$szRedir = $_POST['referer'];
} else {
$szRedir = "index.php";
}
}
// Default
if (isset($_POST['op']) && $_POST['op'] == "login") {
// Perform login!
if ($_POST['op'] == "login") {
if (isset($_POST['uname']) && strlen($_POST['uname']) > 0 && (isset($_POST['pass']) && strlen($_POST['pass']) > 0)) {
// Set Username and password
$content['uname'] = DB_RemoveBadChars($_POST['uname']);
$content['pass'] = $_POST['pass'];
// RAW Copy of password string, otherwise passwords with special characters can be broken.
if (!CheckUserLogin($content['uname'], $content['pass'])) {
$content['ISERROR'] = "true";
$content['ERROR_MSG'] = $content['LN_LOGIN_ERRWRONGPASSWORD'];
} else {
RedirectPage(urldecode($szRedir));
}
} else {
$content['ISERROR'] = "true";
$content['ERROR_MSG'] = $content['LN_LOGIN_USERPASSMISSING'];
}
}
} else {
if (isset($_GET['op']) && $_GET['op'] == "logoff") {
function PrepareValueForDB($szValue, $bForceStripSlahes = false)
{
// Wrapper for this function
return DB_RemoveBadChars($szValue, null, $bForceStripSlahes);
}
function CreateTimeStampFromValues($iNum)
{
global $currentTime, $currentDay, $currentMonth, $currentYear, $tomorrowTime, $tomorrowDay, $tomorrowMonth, $tomorrowYear;
// Read and parse Date
if (isset($_POST['filter_daterange_year_' . $iNum])) {
$tmpYear = DB_RemoveBadChars($_POST['filter_daterange_year_' . $iNum]);
} else {
$tmpYear = $currentYear;
}
// Default value
if (isset($_POST['filter_daterange_month_' . $iNum])) {
$tmpMonth = DB_RemoveBadChars($_POST['filter_daterange_month_' . $iNum]);
} else {
$tmpMonth = $tomorrowMonth;
}
// Default value
if (isset($_POST['filter_daterange_day_' . $iNum])) {
$tmpDay = DB_RemoveBadChars($_POST['filter_daterange_day_' . $iNum]);
} else {
$tmpDay = $currentDay;
}
// Default value
// Read and parse Time
if (isset($_POST['filter_daterange_hour_' . $iNum])) {
$tmpHour = DB_RemoveBadChars($_POST['filter_daterange_hour_' . $iNum]);
} else {
$tmpHour = 0;
}
// Default value
if (isset($_POST['filter_daterange_minute_' . $iNum])) {
$tmpMinute = DB_RemoveBadChars($_POST['filter_daterange_minute_' . $iNum]);
} else {
$tmpMinute = 0;
}
// Default value
if (isset($_POST['filter_daterange_second_' . $iNum])) {
$tmpSecond = DB_RemoveBadChars($_POST['filter_daterange_second_' . $iNum]);
} else {
$tmpSecond = 0;
}
// Default value
return $tmpYear . "-" . $tmpMonth . "-" . $tmpDay . "T" . $tmpHour . ":" . $tmpMinute . ":" . $tmpSecond;
}
}
}
} else {
$content['ISERROR'] = true;
$content['ERROR_MSG'] = $content['LN_PARSERS_ERROR_INVALIDID'];
}
} else {
if ($_GET['op'] == "initparser") {
// --- Only if the user is an admin!
if (!isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0) {
DieWithFriendlyErrorMsg($content['LN_ADMIN_ERROR_NOTALLOWED']);
}
// ---
if (isset($_GET['id'])) {
//PreInit these values
$content['ParserID'] = DB_RemoveBadChars($_GET['id']);
if (isset($content['PARSERS'][$content['ParserID']])) {
// Get Reference to parser!
$myParser = $content['PARSERS'][$content['ParserID']];
// check for custom fields
if (isset($myParser['CustomFieldsList']) && count($myParser['CustomFieldsList']) > 0) {
// Helper counter
$addedFields = 0;
// Loop through all custom fields!
foreach ($myParser['CustomFieldsList'] as $myField) {
// check if field is in define list!
if (!array_key_exists($myField['FieldID'], $fields)) {
// Add field into DB!
$sqlquery = "INSERT INTO " . DB_FIELDS . " (FieldID, FieldCaption, FieldDefine, SearchField, FieldAlign, DefaultWidth, FieldType, SearchOnline) \n\t\t\t\t\t\t\tVALUES (\n\t\t\t\t\t\t\t\t\t'" . $myField['FieldID'] . "', \n\t\t\t\t\t\t\t\t\t'" . $myField['FieldCaption'] . "',\n\t\t\t\t\t\t\t\t\t'" . $myField['FieldDefine'] . "',\n\t\t\t\t\t\t\t\t\t'" . $myField['SearchField'] . "',\n\t\t\t\t\t\t\t\t\t'" . $myField['FieldAlign'] . "', \n\t\t\t\t\t\t\t\t\t" . $myField['DefaultWidth'] . ", \n\t\t\t\t\t\t\t\t\t" . $myField['FieldType'] . ", \n\t\t\t\t\t\t\t\t\t" . $myField['SearchOnline'] . " \n\t\t\t\t\t\t\t\t\t)";
$result = DB_Query($sqlquery);
DB_FreeQuery($result);
}
}
}
if (isset($_POST['op'])) {
if (isset($_POST['id'])) {
$content['SEARCHID'] = intval(DB_RemoveBadChars($_POST['id']));
} else {
$content['SEARCHID'] = -1;
}
if (isset($_POST['DisplayName'])) {
$content['DisplayName'] = DB_RemoveBadChars($_POST['DisplayName']);
} else {
$content['DisplayName'] = "";
}
if (isset($_POST['SearchQuery'])) {
$content['SearchQuery'] = DB_RemoveBadChars($_POST['SearchQuery']);
} else {
$content['SearchQuery'] = "";
}
// User & Group handeled specially
if (isset($_POST['isuseronly'])) {
$content['userid'] = $content['SESSION_USERID'];
$content['groupid'] = "null";
// Either user or group not both!
} else {
// --- Can only create a USER source!
if (!isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0) {
$content['userid'] = $content['SESSION_USERID'];
$content['groupid'] = "null";
} else {
$content['userid'] = "null";
$content['DisplayName'] = DB_RemoveBadChars($_POST['DisplayName']);
$result = DB_Query("SELECT ID FROM " . DB_VIEWS . " WHERE ID = " . $content['VIEWID']);
$myrow = DB_GetSingleRow($result, true);
if (!isset($myrow['ID'])) {
$content['ISERROR'] = true;
$content['ERROR_MSG'] = GetAndReplaceLangStr($content['LN_VIEWS_ERROR_IDNOTFOUND'], $content['VIEWID']);
} else {
// Create Columnlist comma seperated!
if (isset($_POST['Columns']) && is_array($_POST['Columns'])) {
// Copy columns ID's
unset($content['COLUMNS']);
foreach ($_POST['Columns'] as $myColKey) {
if (isset($content['COLUMNS'])) {
$content['COLUMNS'] .= ", " . DB_RemoveBadChars($myColKey);
} else {
$content['COLUMNS'] = DB_RemoveBadChars($myColKey);
}
}
// Edit the Search Entry now!
$result = DB_Query("UPDATE " . DB_VIEWS . " SET \n\t\t\t\t\t\t\tDisplayName = '" . $content['DisplayName'] . "', \n\t\t\t\t\t\t\tColumns = '" . $content['COLUMNS'] . "', \n\t\t\t\t\t\t\tuserid = " . $content['userid'] . ", \n\t\t\t\t\t\t\tgroupid = " . $content['groupid'] . "\n\t\t\t\t\t\t\tWHERE ID = " . $content['VIEWID']);
DB_FreeQuery($result);
// Done redirect!
RedirectResult(GetAndReplaceLangStr($content['LN_VIEWS_HASBEENEDIT'], DB_StripSlahes($content['DisplayName'])), "views.php");
} else {
$content['ISERROR'] = true;
$content['ERROR_MSG'] = $content['LN_VIEWS_ERROR_NOCOLUMNS'];
}
}
}
}
}
$_SESSION['SourceDBTableName'] = DB_RemoveBadChars($_POST['SourceDBTableName']);
} else {
RevertOneStep($content['INSTALL_STEP'] - 1, $content['LN_CFG_PARAMMISSING'] . $content['LN_CFG_DBTABLENAME']);
}
if (isset($_POST['SourceDBUser'])) {
$_SESSION['SourceDBUser'] = DB_RemoveBadChars($_POST['SourceDBUser']);
} else {
RevertOneStep($content['INSTALL_STEP'] - 1, $content['LN_CFG_PARAMMISSING'] . $content['LN_CFG_DBUSER']);
}
if (isset($_POST['SourceDBPassword'])) {
$_SESSION['SourceDBPassword'] = DB_RemoveBadChars($_POST['SourceDBPassword']);
} else {
$_SESSION['SourceDBPassword'] = "";
}
if (isset($_POST['SourceDBEnableRowCounting'])) {
$_SESSION['SourceDBEnableRowCounting'] = DB_RemoveBadChars($_POST['SourceDBEnableRowCounting']);
if ($_SESSION['SourceDBEnableRowCounting'] != "true") {
$_SESSION['SourceDBEnableRowCounting'] = "false";
}
}
// Check Database Access!
}
}
// If we reached this point, we have gathered all necessary information to create our configuration file ;)!
$filebuffer = LoadDataFile($configsamplefile);
// Set helper variables and init user vars if needed!
if (isset($_SESSION['UserDBEnabled']) && $_SESSION['UserDBEnabled']) {
$_SESSION['UserDBEnabled_value'] = "true";
} else {
$_SESSION['UserDBEnabled_value'] = "false";
}
DB_FreeQuery($result);
// Do the final redirect
RedirectResult(GetAndReplaceLangStr($content['LN_GROUP_USERHASBEENADDEDGROUP'], $myrow['username'], $content['groupname']), "groups.php");
} else {
$content['ISERROR'] = true;
$content['ERROR_MSG'] = GetAndReplaceLangStr($content['LN_USER_ERROR_IDNOTFOUND'], $content['USERID']);
}
} else {
$content['ISERROR'] = true;
$content['ERROR_MSG'] = $content['LN_GROUP_ERROR_USERIDMISSING'];
}
} else {
if ($_POST['op'] == "removeuser") {
if (isset($_POST['userid'])) {
// Copy UserID
$content['USERID'] = intval(DB_RemoveBadChars($_POST['userid']));
$result = DB_Query("SELECT username FROM " . DB_USERS . " WHERE id = " . $content['USERID']);
$myrow = DB_GetSingleRow($result, true);
if (isset($myrow['username'])) {
// remove user from group
$result = DB_Query("DELETE FROM " . DB_GROUPMEMBERS . " WHERE userid = " . $content['USERID'] . " AND groupid = " . $content['GROUPID']);
if ($result == FALSE) {
$content['ISERROR'] = true;
$content['ERROR_MSG'] = GetAndReplaceLangStr($content['LN_GROUP_ERROR_REMUSERFROMGROUP'], $myrow['username'], $content['groupname']);
} else {
DB_FreeQuery($result);
}
// Do the final redirect
RedirectResult(GetAndReplaceLangStr($content['LN_GROUP_USERHASBEENREMOVED'], $myrow['username'], $content['groupname']), "groups.php");
} else {
$content['ISERROR'] = true;
private function CreateSQLWhereClause()
{
if ($this->_filters != null) {
global $dbmapping;
$szTableType = $this->_logStreamConfigObj->DBTableType;
// Reset WhereClause
$this->_SQLwhereClause = "";
// --- Build Query Array
$arrayQueryProperties = $this->_arrProperties;
if (isset($this->_arrFilterProperties) && $this->_arrFilterProperties != null) {
foreach ($this->_arrFilterProperties as $filterproperty) {
if ($this->_arrProperties == null || !in_array($filterproperty, $this->_arrProperties)) {
$arrayQueryProperties[] = $filterproperty;
}
}
}
// ---
// Loop through all available properties
foreach ($arrayQueryProperties as $propertyname) {
// If the property exists in the filter array, we have something to filter for ^^!
if (array_key_exists($propertyname, $this->_filters)) {
// Process all filters
foreach ($this->_filters[$propertyname] as $myfilter) {
// Only perform if database mapping is available for this filter!
if (isset($dbmapping[$szTableType]['DBMAPPINGS'][$propertyname])) {
switch ($myfilter[FILTER_TYPE]) {
case FILTER_TYPE_STRING:
// --- Either make a LIKE or a equal query!
if ($myfilter[FILTER_MODE] & FILTER_MODE_SEARCHFULL) {
// Set addnot to nothing
$addnod = "";
// --- Check if user wants to include or exclude!
if ($myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE) {
$szSearchBegin = " = '";
$szSearchEnd = "' ";
} else {
$szSearchBegin = " <> '";
$szSearchEnd = "' ";
}
// ---
} else {
if ($myfilter[FILTER_MODE] & FILTER_MODE_SEARCHREGEX) {
//REGEXP Supported by MYSQL
if ($this->_logStreamConfigObj->DBType == DB_MYSQL) {
// --- Check if user wants to include or exclude!
if ($myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE) {
$addnod = " ";
} else {
$addnod = " NOT";
}
// ---
$szSearchBegin = "REGEXP '";
$szSearchEnd = "' ";
} else {
if ($this->_logStreamConfigObj->DBType == DB_PGSQL) {
// --- Check if user wants to include or exclude!
if ($myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE) {
$addnod = " ";
} else {
$addnod = " !";
}
// ---
$szSearchBegin = "~* '";
$szSearchEnd = "' ";
} else {
// --- Check if user wants to include or exclude!
if ($myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE) {
$addnod = " ";
} else {
$addnod = " NOT";
}
// ---
// Database Layer does not support REGEXP
$szSearchBegin = "LIKE '%";
$szSearchEnd = "%' ";
}
}
} else {
// --- Check if user wants to include or exclude!
if ($myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE) {
$addnod = "";
} else {
$addnod = " NOT";
}
// ---
$szSearchBegin = " LIKE '%";
$szSearchEnd = "%' ";
}
}
// ---
// --- If Syslog message, we have AND handling, otherwise OR!
if ($propertyname == SYSLOG_MESSAGE) {
$addor = " AND ";
} else {
// If we exclude filters, we need to combine with AND
if ($myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE) {
$addor = " OR ";
} else {
$addor = " AND ";
}
}
// ---
// Not create LIKE Filters
if (isset($tmpfilters[$propertyname])) {
$tmpfilters[$propertyname][FILTER_VALUE] .= $addor . $dbmapping[$szTableType]['DBMAPPINGS'][$propertyname] . $addnod . $szSearchBegin . DB_RemoveBadChars($myfilter[FILTER_VALUE], $this->_logStreamConfigObj->DBType) . $szSearchEnd;
} else {
$tmpfilters[$propertyname][FILTER_TYPE] = FILTER_TYPE_STRING;
$tmpfilters[$propertyname][FILTER_VALUE] = $dbmapping[$szTableType]['DBMAPPINGS'][$propertyname] . $addnod . $szSearchBegin . DB_RemoveBadChars($myfilter[FILTER_VALUE], $this->_logStreamConfigObj->DBType) . $szSearchEnd;
}
break;
case FILTER_TYPE_NUMBER:
// --- Check if user wants to include or exclude!
if ($myfilter[FILTER_MODE] & FILTER_MODE_EXCLUDE) {
// Add to filterset
$szArrayKey = $propertyname . "-NOT";
if (isset($tmpfilters[$szArrayKey])) {
$tmpfilters[$szArrayKey][FILTER_VALUE] .= ", " . $myfilter[FILTER_VALUE];
} else {
$tmpfilters[$szArrayKey][FILTER_TYPE] = FILTER_TYPE_NUMBER;
$tmpfilters[$szArrayKey][FILTER_VALUE] = $dbmapping[$szTableType]['DBMAPPINGS'][$propertyname] . " NOT IN (" . DB_RemoveBadChars($myfilter[FILTER_VALUE], $this->_logStreamConfigObj->DBType);
}
} else {
// Add to filterset
if (isset($tmpfilters[$propertyname])) {
$tmpfilters[$propertyname][FILTER_VALUE] .= ", " . $myfilter[FILTER_VALUE];
} else {
$tmpfilters[$propertyname][FILTER_TYPE] = FILTER_TYPE_NUMBER;
$tmpfilters[$propertyname][FILTER_VALUE] = $dbmapping[$szTableType]['DBMAPPINGS'][$propertyname] . " IN (" . DB_RemoveBadChars($myfilter[FILTER_VALUE], $this->_logStreamConfigObj->DBType);
}
}
// ---
break;
case FILTER_TYPE_DATE:
if (isset($tmpfilters[$propertyname])) {
$tmpfilters[$propertyname][FILTER_VALUE] .= " AND ";
} else {
$tmpfilters[$propertyname][FILTER_VALUE] = "";
$tmpfilters[$propertyname][FILTER_TYPE] = FILTER_TYPE_DATE;
}
if ($myfilter[FILTER_DATEMODE] == DATEMODE_LASTX) {
// Get current timestamp
$nNowTimeStamp = time();
if ($myfilter[FILTER_VALUE] == DATE_LASTX_HOUR) {
$nNowTimeStamp -= 60 * 60;
} else {
if ($myfilter[FILTER_VALUE] == DATE_LASTX_12HOURS) {
$nNowTimeStamp -= 60 * 60 * 12;
} else {
if ($myfilter[FILTER_VALUE] == DATE_LASTX_24HOURS) {
$nNowTimeStamp -= 60 * 60 * 24;
} else {
if ($myfilter[FILTER_VALUE] == DATE_LASTX_7DAYS) {
$nNowTimeStamp -= 60 * 60 * 24 * 7;
} else {
if ($myfilter[FILTER_VALUE] == DATE_LASTX_31DAYS) {
$nNowTimeStamp -= 60 * 60 * 24 * 31;
} else {
// Set filter to unknown and Abort in this case!
$tmpfilters[$propertyname][FILTER_TYPE] = FILTER_TYPE_UNKNOWN;
break;
}
}
}
}
}
// Append filter
$tmpfilters[$propertyname][FILTER_VALUE] .= $dbmapping[$szTableType]['DBMAPPINGS'][$propertyname] . " > '" . date("Y-m-d H:i:s", $nNowTimeStamp) . "'";
} else {
if ($myfilter[FILTER_DATEMODE] == DATEMODE_RANGE_FROM) {
// Obtain Event struct for the time!
$myeventtime = GetEventTime($myfilter[FILTER_VALUE]);
$tmpfilters[$propertyname][FILTER_VALUE] .= $dbmapping[$szTableType]['DBMAPPINGS'][$propertyname] . " > '" . date("Y-m-d H:i:s", $myeventtime[EVTIME_TIMESTAMP]) . "'";
} else {
if ($myfilter[FILTER_DATEMODE] == DATEMODE_RANGE_TO) {
// Obtain Event struct for the time!
$myeventtime = GetEventTime($myfilter[FILTER_VALUE]);
$tmpfilters[$propertyname][FILTER_VALUE] .= $dbmapping[$szTableType]['DBMAPPINGS'][$propertyname] . " < '" . date("Y-m-d H:i:s", $myeventtime[EVTIME_TIMESTAMP]) . "'";
} else {
if ($myfilter[FILTER_DATEMODE] == DATEMODE_RANGE_DATE) {
// Obtain Event struct for the time!
$myeventtime = GetEventTime($myfilter[FILTER_VALUE]);
$tmpfilters[$propertyname][FILTER_VALUE] .= $dbmapping[$szTableType]['DBMAPPINGS'][$propertyname] . " > '" . date("Y-m-d H:i:s", $myeventtime[EVTIME_TIMESTAMP]) . "' AND " . $dbmapping[$szTableType]['DBMAPPINGS'][$propertyname] . " < '" . date("Y-m-d H:i:s", $myeventtime[EVTIME_TIMESTAMP] + 86400) . "'";
}
}
}
}
break;
default:
// Nothing to do!
break;
}
} else {
// Check how to treat not found db mappings / filters
if (GetConfigSetting("TreatNotFoundFiltersAsTrue", 0, CFGLEVEL_USER) == 0) {
return ERROR_DB_DBFIELDNOTFOUND;
}
}
}
}
}
// Check and combine all filters now!
if (isset($tmpfilters)) {
// Append filters
foreach ($tmpfilters as $tmpfilter) {
// Init WHERE or Append AND
if (strlen($this->_SQLwhereClause) > 0) {
$this->_SQLwhereClause .= " AND ";
} else {
$this->_SQLwhereClause = " WHERE ";
}
switch ($tmpfilter[FILTER_TYPE]) {
case FILTER_TYPE_STRING:
$this->_SQLwhereClause .= "( " . $tmpfilter[FILTER_VALUE] . ") ";
break;
case FILTER_TYPE_NUMBER:
$this->_SQLwhereClause .= $tmpfilter[FILTER_VALUE] . ") ";
break;
case FILTER_TYPE_DATE:
$this->_SQLwhereClause .= $tmpfilter[FILTER_VALUE];
break;
default:
// Should not happen, wrong filters!
// We add a dummy into the where clause, just as a place holder
$this->_SQLwhereClause .= " 1=1 ";
break;
}
}
}
//echo $this->_SQLwhereClause;
//$dbmapping[$szTableType][SYSLOG_UID]
} else {
// No filters means nothing to do!
return SUCCESS;
}
}
if (!isset($content['ISERROR'])) {
// Add custom search now!
$sqlquery = "INSERT INTO " . DB_MAPPINGS . " (DisplayName, Mappings) \n\t\t\t\t\t\tVALUES ('" . $content['DisplayName'] . "', \n\t\t\t\t\t\t\t\t'" . $content['SUBMAPPINGS'] . "' \n\t\t\t\t\t\t\t\t)";
$result = DB_Query($sqlquery);
DB_FreeQuery($result);
// Do the final redirect
RedirectResult(GetAndReplaceLangStr($content['LN_DBMP_HASBEENADDED'], DB_StripSlahes($content['DisplayName'])), "dbmappings.php");
}
} else {
$content['ISERROR'] = true;
$content['ERROR_MSG'] = $content['LN_DBMP_ERROR_NOCOLUMNS'];
}
} else {
if ($_POST['op'] == "editdbmp") {
// Now we convert fr DB insert!
$content['DisplayName'] = DB_RemoveBadChars($_POST['DisplayName']);
$result = DB_Query("SELECT ID FROM " . DB_MAPPINGS . " WHERE ID = " . $content['DBMPID']);
$myrow = DB_GetSingleRow($result, true);
if (!isset($myrow['ID'])) {
$content['ISERROR'] = true;
$content['ERROR_MSG'] = GetAndReplaceLangStr($content['LN_DBMP_ERROR_IDNOTFOUND'], $content['DBMPID']);
} else {
// Create Columnlist comma seperated!
if (isset($_POST['Mappings']) && is_array($_POST['Mappings'])) {
// Copy columns ID's
unset($content['SUBMAPPINGS']);
foreach ($_POST['Mappings'] as $myColKey) {
if (isset($_POST[$myColKey]) && strlen($_POST[$myColKey]) > 0) {
// Get FieldName
$myMappingFieldName = DB_StripSlahes($_POST[$myColKey]);
if (isset($content['SUBMAPPINGS'])) {
$content['USERID'] = DB_RemoveBadChars($_POST['id']);
} else {
$content['USERID'] = "";
}
if (isset($_POST['username'])) {
$content['USERNAME'] = DB_RemoveBadChars($_POST['username']);
} else {
$content['USERNAME'] = "";
}
if (isset($_POST['password1'])) {
$content['PASSWORD1'] = DB_RemoveBadChars($_POST['password1']);
} else {
$content['PASSWORD1'] = "";
}
if (isset($_POST['password2'])) {
$content['PASSWORD2'] = DB_RemoveBadChars($_POST['password2']);
} else {
$content['PASSWORD2'] = "";
}
if (isset($_POST['isadmin'])) {
$content['ISADMIN'] = 1;
} else {
$content['ISADMIN'] = 0;
}
if (isset($_POST['isreadonly'])) {
$content['ISREADONLY'] = 1;
} else {
$content['ISREADONLY'] = 0;
}
// Check mandotary values
if ($content['USERNAME'] == "") {
function CheckLDAPUserLogin($username, $password)
{
global $content;
// Create LDAP Searchfilter
$ldap_filter = '(&' . $content['LDAPSearchFilter'] . '(' . $content['LDAPUidAttribute'] . '=' . $username . '))';
// Get LDAP Connection
$ldapConn = DoLDAPConnect();
if ($ldapConn) {
if (!DoLDAPBind($ldapConn)) {
if (GetConfigSetting("DebugUserLogin", 0) == 1) {
// Die with error
DebugLDAPErrorAndDie(GetAndReplaceLangStr($content['LN_LOGIN_LDAP_USERBINDFAILED'], $content['LDAPBindDN'], ldap_err2str(ldap_errno($ldapConn))), $ldap_filter);
}
return false;
}
} else {
if (GetConfigSetting("DebugUserLogin", 0) == 1) {
// Die with error
DebugLDAPErrorAndDie(GetAndReplaceLangStr($content['LN_LOGIN_LDAP_SERVERFAILED'], $content['LDAPServer'] . ":" . $content['LDAPPort'], ldap_err2str(ldap_errno($ldapConn))), $ldap_filter);
}
// return false in this case
return false;
}
// Search for the user
if (!($r = @ldap_search($ldapConn, $content['LDAPBaseDN'], $ldap_filter, array("uid", "cn", "localentryid", "userpassword")))) {
if (GetConfigSetting("DebugUserLogin", 0) == 1) {
// Die with error
DebugLDAPErrorAndDie(GetAndReplaceLangStr($content['LN_LOGIN_LDAP_USERCOULDNOTLOGIN'], $username, ldap_err2str(ldap_errno($ldapConn))), $ldap_filter);
}
// return false in this case
return false;
}
$info = ldap_get_entries($ldapConn, $r);
if (!$info || $info["count"] != 1) {
if (GetConfigSetting("DebugUserLogin", 0) == 1) {
// Die with error
DebugLDAPErrorAndDie(GetAndReplaceLangStr($content['LN_LOGIN_LDAP_USERNOTFOUND'], $username), $ldap_filter);
}
// return false in this case
return false;
}
// now we have the user data. Do a bind to check for his password
if (!($r = @ldap_bind($ldapConn, $info[0]['dn'], $password))) {
if (GetConfigSetting("DebugUserLogin", 0) == 1) {
// Die with error
DebugLDAPErrorAndDie(GetAndReplaceLangStr($content['LN_LOGIN_LDAP_PASSWORDFAIL'], $username), $ldap_filter);
}
// return false in this case
return false;
}
// for the moment when a user logs in from LDAP, create it in the DB.
// then the prefs and group management is done in the DB and we don't rewrite the whole Loganalyzer code…
//
// added by czhujer
//
$ldapadmingroup = "cn=loganalyzeradminusers,cn=groups,cn=accounts,dc=someorg,dc=en";
if (LdapCheckGroup($ldapConn, $info[0]['dn'], $ldapadmingroup)) {
$ldapuser_is_admin = 1;
$ldapuser_is_readonly = 0;
//echo "You're (".$info[0]['dn'].") member of \"".$ldapadmingroup."\"";
} else {
//echo "You're (".$info[0]['dn'].") not member of \"".$ldapadmingroup."\"";
$ldapuser_admin = 0;
$ldapuser_is_readonly = 1;
}
/* debug
echo "<pre>";
print_r($info);
echo "</pre>";
DebugLDAPErrorAndDie("" , $ldap_filter );
*/
//
// end of czhujer modify
//
/* DB_RemoveBadChars() needs to be done here to maintain backwards compatibility even if it is not needed here*/
$md5pass = md5(DB_RemoveBadChars($password));
// check if the user already exist
$sqlquery = "SELECT * FROM `" . DB_USERS . "` WHERE username = '******'";
$result = DB_Query($sqlquery);
$myrow = DB_GetSingleRow($result, true);
if (!isset($myrow['is_admin'])) {
// Create User | use password to create MD5 Hash, so technically the user could login without LDAP as well
//$sqlcmd = "INSERT INTO `" . DB_USERS . "` (username, password, is_admin, is_readonly) VALUES ('" . $username . "', '" . $md5pass . "', 0, 1)";
//modified by czhujer
$sqlcmd = "INSERT INTO `" . DB_USERS . "` (username, password, is_admin, is_readonly) VALUES " . "('" . $username . "', '" . $md5pass . "', " . intval($ldapuser_is_admin) . ", " . intval($ldapuser_is_readonly) . ")";
$result = DB_Query($sqlcmd);
DB_FreeQuery($result);
$myrow['is_admin'] = 0;
$myrow['last_login'] = 0;
$myrow['is_readonly'] = 1;
}
// Construct Row and return
$myrowfinal['username'] = $username;
$myrowfinal['password'] = $md5pass;
$myrowfinal['dn'] = $info[0]['dn'];
if (isset($myrow['ID'])) {
$myrowfinal['ID'] = $myrow['ID'];
} else {
$myrowfinal['ID'] = DB_ReturnLastInsertID();
}
// Get from last insert!
$myrowfinal['is_admin'] = $myrow['is_admin'];
$myrowfinal['is_readonly'] = $myrow['is_readonly'];
$myrowfinal['last_login'] = $myrow['last_login'];
return $myrowfinal;
}
} else {
$content['chart_width'] = 400;
}
if (isset($_POST['chart_field'])) {
$content['chart_field'] = DB_RemoveBadChars($_POST['chart_field']);
}
if (isset($_POST['maxrecords'])) {
$content['maxrecords'] = intval(DB_RemoveBadChars($_POST['maxrecords']));
}
if (isset($_POST['showpercent'])) {
$content['showpercent'] = intval(DB_RemoveBadChars($_POST['showpercent']));
} else {
$content['showpercent'] = 0;
}
if (isset($_POST['chart_defaultfilter'])) {
$content['chart_defaultfilter'] = DB_RemoveBadChars($_POST['chart_defaultfilter']);
}
// User & Group handeled specially
if (isset($_POST['isuseronly'])) {
$content['userid'] = $content['SESSION_USERID'];
$content['groupid'] = "null";
// Either user or group not both!
} else {
// --- Can only create a USER source!
if (!isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0) {
$content['userid'] = $content['SESSION_USERID'];
$content['groupid'] = "null";
} else {
$content['userid'] = "null";
if (isset($_POST['groupid']) && $_POST['groupid'] != -1) {
$content['groupid'] = intval($_POST['groupid']);
InitFilterHelpers();
// Helpers for frontend filtering!
// Firts of all init List of Reports!
InitReportModules();
// ---
// --- READ CONTENT Vars
$content['error_occured'] = false;
$content['report_success'] = false;
if (isset($_GET['op'])) {
$content['op'] = DB_RemoveBadChars($_GET['op']);
} else {
$content['error_occured'] = "error";
$content['error_details'] = $content['LN_GEN_ERROR_INVALIDOP'];
}
if (isset($_GET['id'])) {
$content['reportid'] = DB_RemoveBadChars($_GET['id']);
} else {
$content['error_occured'] = "error";
$content['error_details'] = $content['LN_GEN_ERROR_INVALIDREPORTID'];
}
if (isset($_GET['savedreportid'])) {
// read and verify value
$content['savedreportid'] = intval($_GET['savedreportid']);
} else {
$content['error_occured'] = "error";
$content['error_details'] = $content['LN_GEN_ERROR_MISSINGSAVEDREPORTID'];
}
// ---
// --- BEGIN CREATE TITLE
$content['TITLE'] = InitPageTitle();
// --- END CREATE TITLE
$content['PhplogconLogoUrl'] = $_POST['PhplogconLogoUrl'];
}
if (isset($_POST['UseProxyServerForRemoteQueries'])) {
$content['UseProxyServerForRemoteQueries'] = $_POST['UseProxyServerForRemoteQueries'];
}
if (isset($_POST['HeaderDefaultEncoding'])) {
$content['HeaderDefaultEncoding'] = $_POST['HeaderDefaultEncoding'];
}
// Save configuration variables now
SaveGeneralSettingsIntoDB();
}
// Do if User wants extra options
if ($content['ENABLEUSEROPTIONS']) {
// Language needs special treatment
if (isset($_POST['User_ViewDefaultLanguage'])) {
$tmpvar = DB_RemoveBadChars($_POST['User_ViewDefaultLanguage']);
if (VerifyLanguage($tmpvar)) {
$USERCFG['ViewDefaultLanguage'] = $tmpvar;
}
}
// Read default theme
if (isset($_POST['User_ViewDefaultTheme'])) {
$USERCFG['ViewDefaultTheme'] = $_POST['User_ViewDefaultTheme'];
}
// Read default VIEW | Check if View exists as well!
if (isset($_POST['User_DefaultViewsID']) && isset($content['Views'][$_POST['User_DefaultViewsID']])) {
$USERCFG['DefaultViewsID'] = $_POST['User_DefaultViewsID'];
}
// Read default SOURCES | Check if Source exists as well!
if (isset($_POST['User_DefaultSourceID']) && isset($content['Sources'][$_POST['User_DefaultSourceID']])) {
$USERCFG['DefaultSourceID'] = $_POST['User_DefaultSourceID'];
}
} else {
if ($content['CONVERT_STEP'] == 5) {
// Verify Username and Password Input
if (isset($_POST['username'])) {
$_SESSION['MAIN_Username'] = DB_RemoveBadChars($_POST['username']);
} else {
RevertOneStep($content['CONVERT_STEP'] - 1, $content['LN_INSTALL_MISSINGUSERNAME']);
}
if (isset($_POST['password1'])) {
$_SESSION['MAIN_Password1'] = DB_RemoveBadChars($_POST['password1']);
} else {
$_SESSION['MAIN_Password1'] = "";
}
if (isset($_POST['password2'])) {
$_SESSION['MAIN_Password2'] = DB_RemoveBadChars($_POST['password2']);
} else {
$_SESSION['MAIN_Password2'] = "";
}
if (strlen($_SESSION['MAIN_Password1']) < 4 || $_SESSION['MAIN_Password1'] != $_SESSION['MAIN_Password2']) {
RevertOneStep($content['CONVERT_STEP'] - 1, $content['LN_INSTALL_PASSWORDNOTMATCH']);
}
// --- Now execute all commands
ini_set('error_reporting', E_WARNING);
// Enable Warnings!
// Establish DB Connection
DB_Connect();
// Everything is fine, lets go create the User!
CreateUserName($_SESSION['MAIN_Username'], $_SESSION['MAIN_Password1'], 1);
// Show User success!
$content['MAIN_Username'] = $_SESSION['MAIN_Username'];
} else {
if (isset($_POST['FieldDefine'])) {
$content['FieldDefine'] = DB_RemoveBadChars($_POST['FieldDefine']);
} else {
$content['FieldDefine'] = "";
}
}
CreateFieldAlignmentList(0);
if (isset($_POST['FieldAlign']) && isset($content['ALIGMENTS'][$_POST['FieldAlign']])) {
$content['FieldAlign'] = $_POST['FieldAlign'];
} else {
$content['FieldAlign'] = ALIGN_CENTER;
}
// number fields
if (isset($_POST['DefaultWidth'])) {
$content['DefaultWidth'] = intval(DB_RemoveBadChars($_POST['DefaultWidth']));
} else {
$content['DefaultWidth'] = 50;
}
// NOT USED YET if ( isset ($_POST['Trunscate']) ) { $content['Trunscate'] = intval(DB_RemoveBadChars($_POST['Trunscate'])); } else {$content['Trunscate'] = 30; }
CreateFieldTypesList(0);
if (isset($_POST['NewFieldType']) && isset($content['FILTERTYPES'][$_POST['NewFieldType']])) {
$content['FieldType'] = intval($_POST['NewFieldType']);
} else {
if (isset($_POST['FieldType']) && isset($content['FILTERTYPES'][$_POST['FieldType']])) {
$content['FieldType'] = intval($_POST['FieldType']);
} else {
$content['FieldType'] = FILTER_TYPE_STRING;
}
}
// Checkbox fields
if (isset($_POST['SourceDBTableName'])) {
$content['SourceDBTableName'] = DB_RemoveBadChars($_POST['SourceDBTableName']);
}
if (isset($_POST['SourceDBUser'])) {
$content['SourceDBUser'] = DB_RemoveBadChars($_POST['SourceDBUser']);
}
if (isset($_POST['SourceDBRecordsPerQuery'])) {
$content['SourceDBRecordsPerQuery'] = DB_RemoveBadChars($_POST['SourceDBRecordsPerQuery']);
}
if (isset($_POST['SourceDBPassword'])) {
$content['SourceDBPassword'] = DB_RemoveBadChars($_POST['SourceDBPassword']);
} else {
$content['SourceDBPassword'] = "";
}
if (isset($_POST['SourceDBEnableRowCounting'])) {
$content['SourceDBEnableRowCounting'] = DB_RemoveBadChars($_POST['SourceDBEnableRowCounting']);
}
// Extra Check for this property
if ($content['SourceDBEnableRowCounting'] != "true") {
$content['SourceDBEnableRowCounting'] = "false";
}
}
}
}
// User & Group handeled specially
if (isset($_POST['isuseronly'])) {
$content['userid'] = $content['SESSION_USERID'];
$content['groupid'] = "null";
// Either user or group not both!
} else {
// --- Can only create a USER source!