includes/html/table/inventory.inc.php

<?php

$where = '1';
$param = array();

if (!Auth::user()->hasGlobalRead()) {
    $device_ids = Permissions::devicesForUser()->toArray() ?: [0];
    $where .= " AND `D`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
    $param = array_merge($param, $device_ids);
}

$sql = " FROM entPhysical AS E, devices AS D WHERE $where AND D.device_id = E.device_id";

if (isset($searchPhrase) && !empty($searchPhrase)) {
    $sql .= " AND (`D`.`hostname` LIKE ? OR `E`.`entPhysicalDescr` LIKE ? OR `E`.`entPhysicalModelName` LIKE ? OR `E`.`entPhysicalSerialNum` LIKE ?)";
    $param[] = "%$searchPhrase%";
    $param[] = "%$searchPhrase%";
    $param[] = "%$searchPhrase%";
    $param[] = "%$searchPhrase%";
}

if (isset($vars['string']) && strlen($vars['string'])) {
    $sql    .= ' AND E.entPhysicalDescr LIKE ?';
    $param[] = '%'.$vars['string'].'%';
}

if (isset($vars['device_string']) && strlen($vars['device_string'])) {
    $sql    .= ' AND D.hostname LIKE ?';
    $param[] = '%'.$vars['device_string'].'%';
}

if (isset($vars['part']) && strlen($vars['part'])) {
    $sql    .= ' AND E.entPhysicalModelName = ?';
    $param[] = $vars['part'];
}

if (isset($vars['serial']) && strlen($vars['serial'])) {
    $sql    .= ' AND E.entPhysicalSerialNum LIKE ?';
    $param[] = '%'.$vars['serial'].'%';
}

if (isset($vars['device']) && is_numeric($vars['device'])) {
    $sql    .= ' AND D.device_id = ?';
    $param[] = $vars['device'];
}

$count_sql = "SELECT COUNT(`entPhysical_id`) $sql";
$total     = dbFetchCell($count_sql, $param);
if (empty($total)) {
    $total = 0;
}

if (!isset($sort) || empty($sort)) {
    $sort = '`hostname` DESC';
}

$sql .= " ORDER BY $sort";

if (isset($current)) {
    $limit_low  = (($current * $rowCount) - ($rowCount));
    $limit_high = $rowCount;
}

if ($rowCount != -1) {
    $sql .= " LIMIT $limit_low,$limit_high";
}

$sql = "SELECT `D`.`device_id` AS `device_id`, `D`.`os` AS `os`, `D`.`hostname` AS `hostname`, `D`.`sysName` AS `sysName`,`entPhysicalDescr` AS `description`, `entPhysicalName` AS `name`, `entPhysicalModelName` AS `model`, `entPhysicalSerialNum` AS `serial` $sql";

foreach (dbFetchRows($sql, $param) as $invent) {
    $response[] = array(
                   'hostname'    => generate_device_link($invent),
                   'description' => $invent['description'],
                   'name'        => $invent['name'],
                   'model'       => $invent['model'],
                   'serial'      => $invent['serial'],
                  );
}

$output = array(
           'current'  => $current,
           'rowCount' => $rowCount,
           'rows'     => $response,
           'total'    => $total,
          );
echo _json_encode($output);
Updated inventory table to use bootgrid 2015-04-02 18:05:24 +01:00			`<?php`

Fix coding style part 2 2015-07-13 20:10:26 +02:00			`$where = '1';`
Updated inventory table to use bootgrid 2015-04-02 18:05:24 +01:00			`$param = array();`

Device group based access (#10568) * Device group based access * Use Permissions class to resolve permissions Also give port access based on device access * Convert more pages to use Permissions class * shorten config setting name use Eloquent relationships in several places alphabetize config_definitions.json * Change Models and Permissions * Clean up ajax_search LIMIT sql * Convert more pages to use Permissions class Co-authored-by: Tony Murray <murraytony@gmail.com> 2019-12-30 12:11:26 +01:00			`if (!Auth::user()->hasGlobalRead()) {`
			`$device_ids = Permissions::devicesForUser()->toArray() ?: [0];`
			$where .= " AND `D`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
			`$param = array_merge($param, $device_ids);`
Updated inventory table to use bootgrid 2015-04-02 18:05:24 +01:00			`}`

Device group based access (#10568) * Device group based access * Use Permissions class to resolve permissions Also give port access based on device access * Convert more pages to use Permissions class * shorten config setting name use Eloquent relationships in several places alphabetize config_definitions.json * Change Models and Permissions * Clean up ajax_search LIMIT sql * Convert more pages to use Permissions class Co-authored-by: Tony Murray <murraytony@gmail.com> 2019-12-30 12:11:26 +01:00			`$sql = " FROM entPhysical AS E, devices AS D WHERE $where AND D.device_id = E.device_id";`

Updated inventory table to use bootgrid 2015-04-02 18:05:24 +01:00			`if (isset($searchPhrase) && !empty($searchPhrase)) {`
Fix SQL injections in ajax_table.php (#11920) * Fix SQL injections via searchPhrase parameter * Fix SQL injections via address parameter * Fix sort injection Co-authored-by: Tony Murray <murraytony@gmail.com> 2020-07-10 16:17:09 +02:00			$sql .= " AND (`D`.`hostname` LIKE ? OR `E`.`entPhysicalDescr` LIKE ? OR `E`.`entPhysicalModelName` LIKE ? OR `E`.`entPhysicalSerialNum` LIKE ?)";
			`$param[] = "%$searchPhrase%";`
			`$param[] = "%$searchPhrase%";`
			`$param[] = "%$searchPhrase%";`
			`$param[] = "%$searchPhrase%";`
Updated inventory table to use bootgrid 2015-04-02 18:05:24 +01:00			`}`

webui: Allow full search on devices page (#8364) * Update devices.inc.php * Update devices.inc.php * Replace $_POST with $vars Better protection for SQL injection attempts; Need to verify other files for same issue. * Fixed whitespace. sigh * More search options & sql injection fixes. +Allow full search on devices page; +Allow sysName search on alertlog page; +Allow sysName search on alerts page; +Allow sysName search on eventlog page; +Allow sysName search on poll-log page; +Allow sysName search on ports page; Replaced all occurrences of $_POST with $vars in librenms/html/includes/table. ($vars are sanity-checked). Whitespace fix * Fixed $where & $param * Add files via upload * Whitespaces.... Sometimes you want'em, sometimes you hate'em. 2018-03-25 22:50:09 +02:00			`if (isset($vars['string']) && strlen($vars['string'])) {`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`$sql .= ' AND E.entPhysicalDescr LIKE ?';`
webui: Allow full search on devices page (#8364) * Update devices.inc.php * Update devices.inc.php * Replace $_POST with $vars Better protection for SQL injection attempts; Need to verify other files for same issue. * Fixed whitespace. sigh * More search options & sql injection fixes. +Allow full search on devices page; +Allow sysName search on alertlog page; +Allow sysName search on alerts page; +Allow sysName search on eventlog page; +Allow sysName search on poll-log page; +Allow sysName search on ports page; Replaced all occurrences of $_POST with $vars in librenms/html/includes/table. ($vars are sanity-checked). Whitespace fix * Fixed $where & $param * Add files via upload * Whitespaces.... Sometimes you want'em, sometimes you hate'em. 2018-03-25 22:50:09 +02:00			`$param[] = '%'.$vars['string'].'%';`
Updated inventory table to use bootgrid 2015-04-02 18:05:24 +01:00			`}`

webui: Allow full search on devices page (#8364) * Update devices.inc.php * Update devices.inc.php * Replace $_POST with $vars Better protection for SQL injection attempts; Need to verify other files for same issue. * Fixed whitespace. sigh * More search options & sql injection fixes. +Allow full search on devices page; +Allow sysName search on alertlog page; +Allow sysName search on alerts page; +Allow sysName search on eventlog page; +Allow sysName search on poll-log page; +Allow sysName search on ports page; Replaced all occurrences of $_POST with $vars in librenms/html/includes/table. ($vars are sanity-checked). Whitespace fix * Fixed $where & $param * Add files via upload * Whitespaces.... Sometimes you want'em, sometimes you hate'em. 2018-03-25 22:50:09 +02:00			`if (isset($vars['device_string']) && strlen($vars['device_string'])) {`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`$sql .= ' AND D.hostname LIKE ?';`
webui: Allow full search on devices page (#8364) * Update devices.inc.php * Update devices.inc.php * Replace $_POST with $vars Better protection for SQL injection attempts; Need to verify other files for same issue. * Fixed whitespace. sigh * More search options & sql injection fixes. +Allow full search on devices page; +Allow sysName search on alertlog page; +Allow sysName search on alerts page; +Allow sysName search on eventlog page; +Allow sysName search on poll-log page; +Allow sysName search on ports page; Replaced all occurrences of $_POST with $vars in librenms/html/includes/table. ($vars are sanity-checked). Whitespace fix * Fixed $where & $param * Add files via upload * Whitespaces.... Sometimes you want'em, sometimes you hate'em. 2018-03-25 22:50:09 +02:00			`$param[] = '%'.$vars['device_string'].'%';`
Updated inventory table to use bootgrid 2015-04-02 18:05:24 +01:00			`}`

webui: Allow full search on devices page (#8364) * Update devices.inc.php * Update devices.inc.php * Replace $_POST with $vars Better protection for SQL injection attempts; Need to verify other files for same issue. * Fixed whitespace. sigh * More search options & sql injection fixes. +Allow full search on devices page; +Allow sysName search on alertlog page; +Allow sysName search on alerts page; +Allow sysName search on eventlog page; +Allow sysName search on poll-log page; +Allow sysName search on ports page; Replaced all occurrences of $_POST with $vars in librenms/html/includes/table. ($vars are sanity-checked). Whitespace fix * Fixed $where & $param * Add files via upload * Whitespaces.... Sometimes you want'em, sometimes you hate'em. 2018-03-25 22:50:09 +02:00			`if (isset($vars['part']) && strlen($vars['part'])) {`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`$sql .= ' AND E.entPhysicalModelName = ?';`
webui: Allow full search on devices page (#8364) * Update devices.inc.php * Update devices.inc.php * Replace $_POST with $vars Better protection for SQL injection attempts; Need to verify other files for same issue. * Fixed whitespace. sigh * More search options & sql injection fixes. +Allow full search on devices page; +Allow sysName search on alertlog page; +Allow sysName search on alerts page; +Allow sysName search on eventlog page; +Allow sysName search on poll-log page; +Allow sysName search on ports page; Replaced all occurrences of $_POST with $vars in librenms/html/includes/table. ($vars are sanity-checked). Whitespace fix * Fixed $where & $param * Add files via upload * Whitespaces.... Sometimes you want'em, sometimes you hate'em. 2018-03-25 22:50:09 +02:00			`$param[] = $vars['part'];`
Updated inventory table to use bootgrid 2015-04-02 18:05:24 +01:00			`}`

webui: Allow full search on devices page (#8364) * Update devices.inc.php * Update devices.inc.php * Replace $_POST with $vars Better protection for SQL injection attempts; Need to verify other files for same issue. * Fixed whitespace. sigh * More search options & sql injection fixes. +Allow full search on devices page; +Allow sysName search on alertlog page; +Allow sysName search on alerts page; +Allow sysName search on eventlog page; +Allow sysName search on poll-log page; +Allow sysName search on ports page; Replaced all occurrences of $_POST with $vars in librenms/html/includes/table. ($vars are sanity-checked). Whitespace fix * Fixed $where & $param * Add files via upload * Whitespaces.... Sometimes you want'em, sometimes you hate'em. 2018-03-25 22:50:09 +02:00			`if (isset($vars['serial']) && strlen($vars['serial'])) {`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`$sql .= ' AND E.entPhysicalSerialNum LIKE ?';`
webui: Allow full search on devices page (#8364) * Update devices.inc.php * Update devices.inc.php * Replace $_POST with $vars Better protection for SQL injection attempts; Need to verify other files for same issue. * Fixed whitespace. sigh * More search options & sql injection fixes. +Allow full search on devices page; +Allow sysName search on alertlog page; +Allow sysName search on alerts page; +Allow sysName search on eventlog page; +Allow sysName search on poll-log page; +Allow sysName search on ports page; Replaced all occurrences of $_POST with $vars in librenms/html/includes/table. ($vars are sanity-checked). Whitespace fix * Fixed $where & $param * Add files via upload * Whitespaces.... Sometimes you want'em, sometimes you hate'em. 2018-03-25 22:50:09 +02:00			`$param[] = '%'.$vars['serial'].'%';`
Updated inventory table to use bootgrid 2015-04-02 18:05:24 +01:00			`}`

webui: Allow full search on devices page (#8364) * Update devices.inc.php * Update devices.inc.php * Replace $_POST with $vars Better protection for SQL injection attempts; Need to verify other files for same issue. * Fixed whitespace. sigh * More search options & sql injection fixes. +Allow full search on devices page; +Allow sysName search on alertlog page; +Allow sysName search on alerts page; +Allow sysName search on eventlog page; +Allow sysName search on poll-log page; +Allow sysName search on ports page; Replaced all occurrences of $_POST with $vars in librenms/html/includes/table. ($vars are sanity-checked). Whitespace fix * Fixed $where & $param * Add files via upload * Whitespaces.... Sometimes you want'em, sometimes you hate'em. 2018-03-25 22:50:09 +02:00			`if (isset($vars['device']) && is_numeric($vars['device'])) {`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`$sql .= ' AND D.device_id = ?';`
webui: Allow full search on devices page (#8364) * Update devices.inc.php * Update devices.inc.php * Replace $_POST with $vars Better protection for SQL injection attempts; Need to verify other files for same issue. * Fixed whitespace. sigh * More search options & sql injection fixes. +Allow full search on devices page; +Allow sysName search on alertlog page; +Allow sysName search on alerts page; +Allow sysName search on eventlog page; +Allow sysName search on poll-log page; +Allow sysName search on ports page; Replaced all occurrences of $_POST with $vars in librenms/html/includes/table. ($vars are sanity-checked). Whitespace fix * Fixed $where & $param * Add files via upload * Whitespaces.... Sometimes you want'em, sometimes you hate'em. 2018-03-25 22:50:09 +02:00			`$param[] = $vars['device'];`
Updated inventory table to use bootgrid 2015-04-02 18:05:24 +01:00			`}`

			$count_sql = "SELECT COUNT(`entPhysical_id`) $sql";
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`$total = dbFetchCell($count_sql, $param);`
Fixed loading.... issue when no data returned 2015-04-12 11:47:21 +01:00			`if (empty($total)) {`
			`$total = 0;`
			`}`
Updated inventory table to use bootgrid 2015-04-02 18:05:24 +01:00
			`if (!isset($sort) \|\| empty($sort)) {`
			$sort = '`hostname` DESC';
			`}`

			`$sql .= " ORDER BY $sort";`

			`if (isset($current)) {`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`$limit_low = (($current * $rowCount) - ($rowCount));`
Updated inventory table to use bootgrid 2015-04-02 18:05:24 +01:00			`$limit_high = $rowCount;`
			`}`

			`if ($rowCount != -1) {`
			`$sql .= " LIMIT $limit_low,$limit_high";`
			`}`

Correct OS Overlib in Inventory (#11551) 2020-05-05 01:59:44 +02:00			$sql = "SELECT `D`.`device_id` AS `device_id`, `D`.`os` AS `os`, `D`.`hostname` AS `hostname`, `D`.`sysName` AS `sysName`,`entPhysicalDescr` AS `description`, `entPhysicalName` AS `name`, `entPhysicalModelName` AS `model`, `entPhysicalSerialNum` AS `serial` $sql";
Updated inventory table to use bootgrid 2015-04-02 18:05:24 +01:00
			`foreach (dbFetchRows($sql, $param) as $invent) {`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`$response[] = array(`
Fix inventory page hostname/sysname and default generate_device_link behaviour (#11114) * Fix inventory page hostname and default behaviour on generate_device_link * force test re-run * space * simplify Co-authored-by: PipoCanaja <38363551+PipoCanaja@users.noreply.github.com> 2020-02-10 12:07:27 +01:00			`'hostname' => generate_device_link($invent),`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`'description' => $invent['description'],`
			`'name' => $invent['name'],`
			`'model' => $invent['model'],`
			`'serial' => $invent['serial'],`
			`);`
Updated inventory table to use bootgrid 2015-04-02 18:05:24 +01:00			`}`

Fix coding style part 2 2015-07-13 20:10:26 +02:00			`$output = array(`
			`'current' => $current,`
			`'rowCount' => $rowCount,`
			`'rows' => $response,`
			`'total' => $total,`
			`);`
Updated inventory table to use bootgrid 2015-04-02 18:05:24 +01:00			`echo _json_encode($output);`