fix unauthenticated graphs via $config['allow_unauth_graphs']

git-svn-id: http://www.observium.org/svn/observer/trunk@1691 61d68cd4-352d-0410-923a-c4978735b2b8

html/includes/graphs/application/auth.inc.php

@@ -1,6 +1,6 @@
 <?php
 
-if(is_numeric($id) && application_permitted($id))
+if(is_numeric($id) && ($config['allow_unauth_graphs'] || application_permitted($id)))
 {
   $app    = get_application_by_id($id);
   $device = device_by_id_cache($app['device_id']);

html/includes/graphs/atmvp/auth.inc.php

@@ -9,7 +9,7 @@ $sql .= " WHERE J.juniAtmVp_id = '".$atm_vp_id."' AND I.interface_id = J.interfa
 $query = mysql_query($sql);
 $vp = mysql_fetch_array($query);
 
-if(port_permitted($vp['interface_id'])) {
+if($config['allow_unauth_graphs'] || port_permitted($vp['interface_id'])) {
 
   $port   = $vp;
   $device = device_by_id_cache($port['device_id']);

html/includes/graphs/bgp/auth.inc.php

@@ -5,7 +5,7 @@ if(is_numeric($id))
 
   $data = mysql_fetch_assoc(mysql_query("SELECT * FROM bgpPeers WHERE bgpPeer_id = '".$id."'"));
 
-  if(is_numeric($data['device_id']) && device_permitted($data['device_id']))
+  if(is_numeric($data['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($data['device_id'])))
   {
     $device = device_by_id_cache($data['device_id']);
 

html/includes/graphs/bill/auth.inc.php

@@ -2,7 +2,7 @@
 
 ### Authorises bill viewing and sets $ports as reference to mysql query containing ports for this bill
 
-if(is_numeric($_GET['id']) && bill_permitted($_GET['id']))
+if(is_numeric($_GET['id']) && ($config['allow_unauth_graphs'] || bill_permitted($_GET['id'])))
 {
 
   $ports = mysql_query("SELECT * FROM `bill_ports` AS B, `ports` AS P, `devices` AS D

html/includes/graphs/customer/auth.inc.php

@@ -1,6 +1,6 @@
 <?php
 
-if ($_SESSION['userlevel'] >= "5") 
+if ($_SESSION['userlevel'] >= "5" || $config['allow_unauth_graphs'];) 
 {
   $id = mres($_GET['id']);
   $title = generate_device_link($device);

html/includes/graphs/device/auth.inc.php

@@ -1,6 +1,6 @@
 <?php
 
-if(is_numeric($id) && device_permitted($id)) 
+if(is_numeric($id) && ($config['allow_unauth_graphs'] || device_permitted($id))) 
 {
   $device = device_by_id_cache($id);
   $title = generate_device_link($device);

html/includes/graphs/diskio/auth.inc.php

@@ -6,7 +6,7 @@ if(is_numeric($id))
   $query = mysql_query("SELECT * FROM `ucd_diskio` AS U, `devices` AS D WHERE U.diskio_id = '".$id."' AND U.device_id = D.device_id");
   $disk = mysql_fetch_array($query);
 
-  if(is_numeric($disk['device_id']) && device_permitted($disk['device_id']))
+  if(is_numeric($disk['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($disk['device_id'])))
   {
     $device = device_by_id_cache($disk['device_id']);
 

html/includes/graphs/graph.inc.php

@@ -30,22 +30,13 @@ if(isset($_GET['debug'])) {
   $legend   = mres($_GET['legend']);
   $id       = mres($_GET['id']);
 
-  if(!$config['allow_unauth_graphs']) 
+  if($config['allow_unauth_graphs']) 
   {
+    $allow_unauth = TRUE;
+  } else {
     if(!$_SESSION['authenticated']) { graph_error("Not authenticated"); exit; }
   }
   
-#  if($_GET['device']) {
-#    $_GET['id'] = $_GET['device'];
-#    $device_id = $_GET['device'];
-#  } elseif($_GET['if']) {
-#    $_GET['id'] = $_GET['if'];
-#  } elseif($_GET['port']) {
-#    $_GET['id'] = $_GET['port'];
-#  } elseif($_GET['peer']) {
-#    $_GET['id'] = $_GET['peer'];
-#  }
-
   preg_match('/^(?P<type>[A-Za-z0-9]+)_(?P<subtype>.+)/', mres($_GET['type']), $graphtype);
 
   $type = $graphtype['type'];
@@ -55,19 +46,6 @@ if(isset($_GET['debug'])) {
 
   $graphfile = $config['temp_dir'] . "/"  . strgen() . ".png";
 
-#  $os = gethostosbyid($device_id);
-#  if($config['os'][$os]['group']) {$os_group = $config['os'][$os]['group'];}
-#  if(is_file($config['install_dir'] . "/html/includes/graphs/".$type."_".$os.".inc.php")) {
-#    /// Type + OS Specific
-#    include($config['install_dir'] . "/html/includes/graphs/".$type."_".$os.".inc.php");
-#  }elseif($os_group && is_file($config['install_dir'] . "/html/includes/graphs/".$type."_".$os_group.".inc.php")) {
-#    /// Type + OS Group Specific
-#    include($config['install_dir'] . "/html/includes/graphs/".$type."_".$os_group.".inc.php");
-#  } elseif(is_file($config['install_dir'] . "/html/includes/graphs/$type.inc.php")) {
-#    /// Type Specific
-#    include($config['install_dir'] . "/html/includes/graphs/$type.inc.php");
-#  }
-
 if(is_file($config['install_dir'] . "/html/includes/graphs/$type/$subtype.inc.php")) {
   include($config['install_dir'] . "/html/includes/graphs/$type/auth.inc.php");
   if($auth) { 

html/includes/graphs/mempool/auth.inc.php

@@ -5,7 +5,7 @@ if(is_numeric($id))
   $sql = mysql_query("SELECT * FROM `mempools` AS C, `devices` AS D where C.`mempool_id` = '".mres($id)."' AND C.device_id = D.device_id");
   $mempool = mysql_fetch_assoc($sql);
 
-  if(is_numeric($mempool['device_id']) && device_permitted($mempool['device_id']))   
+  if(is_numeric($mempool['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($mempool['device_id'])))   
   {
     $device = device_by_id_cache($mempool['device_id']);
     $rrd_filename = $config['rrd_dir'] . "/".$device['hostname']."/" . safename("mempool-".$mempool['mempool_type']."-".$mempool['mempool_index'].".rrd");

html/includes/graphs/multiport/auth.inc.php

@@ -3,7 +3,7 @@
 $auth = TRUE;
 
 foreach(explode(",", $id) as $ifid) {
-  if(!port_permitted($ifid))
+  if(!$config['allow_unauth_graphs'] && !port_permitted($ifid))
   $auth = FALSE;
 }
 

html/includes/graphs/port/auth.inc.php

@@ -1,6 +1,6 @@
 <?php
 
-if(is_numeric($id) && port_permitted($id)) {
+if(is_numeric($id) && ($config['allow_unauth_graphs'] || port_permitted($id))) {
   $port   = get_port_by_id($id);
   $device = device_by_id_cache($port['device_id']);
   $title  = generate_device_link($device);

html/includes/graphs/processor/auth.inc.php

@@ -3,7 +3,7 @@
 $sql = mysql_query("SELECT * FROM `processors` where `processor_id` = '".mres($_GET['id'])."'");
 $proc = mysql_fetch_assoc($sql);
 
-if(is_numeric($proc['device_id']) && device_permitted($proc['device_id'])) 
+if(is_numeric($proc['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($proc['device_id']))) 
 {
   $device = device_by_id_cache($proc['device_id']);
   $rrd_filename  = $config['rrd_dir'] . "/".$device['hostname']."/" . safename("processor-" . $proc['processor_type'] . "-" . $proc['processor_index'] . ".rrd");

html/includes/graphs/sensor/auth.inc.php

@@ -4,7 +4,7 @@ if(is_numeric($id))
 {
   $sensor = mysql_fetch_assoc(mysql_query("SELECT * FROM sensors WHERE sensor_id = '".mres($id)."'"));
 
-  if(is_numeric($sensor['device_id']) && device_permitted($sensor['device_id']))
+  if(is_numeric($sensor['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($sensor['device_id'])))
   {
     $device = device_by_id_cache($sensor['device_id']);
 

html/includes/graphs/service/auth.inc.php

@@ -4,7 +4,7 @@ if(is_numeric($id))
 {
   $service = mysql_fetch_assoc(mysql_query("SELECT * FROM services WHERE service_id = '".mres($id)."'"));
 
-  if(is_numeric($service['device_id']) && device_permitted($service['device_id']))
+  if(is_numeric($service['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($service['device_id'])))
   {
     $device = device_by_id_cache($service['device_id']);
 

html/includes/graphs/storage/auth.inc.php

@@ -5,7 +5,7 @@ if(is_numeric($id))
   $sql = mysql_query("SELECT * FROM `storage` WHERE `storage_id` = '".mres($id)."'");
   $storage = mysql_fetch_assoc($sql);
 
-  if(is_numeric($storage['device_id']) && device_permitted($storage['device_id']))   
+  if(is_numeric($storage['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($storage['device_id'])))   
   {
     $device = device_by_id_cache($storage['device_id']);
     $rrd_filename  = $config['rrd_dir'] . "/" . $device['hostname'] . "/" . safename("storage-" . $storage['storage_mib'] . "-" . $storage['storage_descr'] . ".rrd");