move current to sensors table, plug some sql injection holes

git-svn-id: http://www.observium.org/svn/observer/trunk@1312 61d68cd4-352d-0410-923a-c4978735b2b8
2024-10-07 16:52:45 +00:00 · 2010-07-07 14:34:44 +00:00
parent 27d1a215f3
commit 1ed4749f40
17 changed files with 101 additions and 106 deletions
@@ -6,16 +6,16 @@ include("common.inc.php");

  $rrd_options .= " COMMENT:'                                 Last   Max\\n'";

-  $current = mysql_fetch_array(mysql_query("SELECT * FROM current where current_id = '".mres($_GET['id'])."'"));
+  $current = mysql_fetch_array(mysql_query("SELECT * FROM sensors WHERE sensor_class='current' AND sensor_id = '".mres($_GET['id'])."'"));

  $hostname = mysql_result(mysql_query("SELECT hostname FROM devices WHERE device_id = '" . $current['device_id'] . "'"),0);

-  $current['current_descr_fixed'] = substr(str_pad($current['current_descr'], 28),0,28);
+  $current['sensor_descr_fixed'] = substr(str_pad($current['sensor_descr'], 28),0,28);

-  $rrd_filename  = $config['rrd_dir'] . "/".$hostname."/" . safename("current-" . $current['current_descr'] . ".rrd");
+  $rrd_filename  = $config['rrd_dir'] . "/".$hostname."/" . safename("current-" . $current['sensor_descr'] . ".rrd");

  $rrd_options .= " DEF:current=$rrd_filename:current:AVERAGE";
-  $rrd_options .= " LINE1.5:current#cc0000:'" . $current['current_descr_fixed']."'";
+  $rrd_options .= " LINE1.5:current#cc0000:'" . $current['sensor_descr_fixed']."'";
  $rrd_options .= " GPRINT:current:LAST:%3.0lfA";
  $rrd_options .= " GPRINT:current:MAX:%3.0lfA\\\\l";

@@ -6,7 +6,7 @@ $device = device_by_id_cache($id);
 $rrd_options .= " -l 0 -E ";

 $iter = "1";
-$sql = mysql_query("SELECT * FROM current where device_id = '$id'");
+$sql = mysql_query("SELECT * FROM sensors WHERE sensor_class='current' AND device_id = '$id'");
 $rrd_options .= " COMMENT:'                       Cur     Min      Max\\n'";
 while($current = mysql_fetch_array($sql)) 
 {
@@ -39,9 +39,9 @@ while($current = mysql_fetch_array($sql))

  $hostname = gethostbyid($current['device_id']);
  
-  $descr = substr(str_pad($current['current_descr'], 15),0,15);
-  $rrd_filename  = $config['rrd_dir'] . "/".$device['hostname']."/" . safename("current-" . $current['current_descr'] . ".rrd");
-  $current_id = $current['current_id'];
+  $descr = substr(str_pad($current['sensor_descr'], 15),0,15);
+  $rrd_filename  = $config['rrd_dir'] . "/".$device['hostname']."/" . safename("current-" . $current['sensor_descr'] . ".rrd");
+  $current_id = $current['sensor_id'];

  $rrd_options .= " DEF:current$current_id=$rrd_filename:current:AVERAGE";
  $rrd_options .= " LINE1:current$current_id#".$colour.":'" . $descr . "'";