diff --git a/html/includes/graphs/graph.inc.php b/html/includes/graphs/graph.inc.php
index 170b091bd6..3e5c9c5b48 100644
--- a/html/includes/graphs/graph.inc.php
+++ b/html/includes/graphs/graph.inc.php
@@ -36,11 +36,12 @@ $vertical = mres($_GET['vertical']);
 $legend   = mres($_GET['legend']);
 $id       = mres($_GET['id']);
 
-if (!$config['allow_unauth_graphs'])
+if (isset($config['allow_unauth_graphs']) && $config['allow_unauth_graphs'])
 {
+} else {
   if (!$_SESSION['authenticated']) { graph_error("Session not authenticated"); exit; }
 } else {
-  $auth = TRUE; ## hardcode auth for all
+  $auth = "1"; ## hardcode auth for all
 }
 
 preg_match('/^(?P<type>[A-Za-z0-9]+)_(?P<subtype>.+)/', mres($_GET['type']), $graphtype);
@@ -60,7 +61,7 @@ if (is_file($config['install_dir'] . "/html/includes/graphs/$type/$subtype.inc.p
     {
       if (Net_IPv4::ipInNetwork($_SERVER['REMOTE_ADDR'], $range))
       {
-        $auth = TRUE;
+        $auth = "1";
         break;
       }
     }
@@ -68,7 +69,7 @@ if (is_file($config['install_dir'] . "/html/includes/graphs/$type/$subtype.inc.p
 
   include($config['install_dir'] . "/html/includes/graphs/$type/auth.inc.php");
 
-  if ($auth)
+  if (isset($auth) && $auth)
   {
     include($config['install_dir'] . "/html/includes/graphs/$type/$subtype.inc.php");
   }
diff --git a/html/pages/device/edit/apps.inc.php b/html/pages/device/edit/apps.inc.php
index 9f581046f5..a4df5c4066 100644
--- a/html/pages/device/edit/apps.inc.php
+++ b/html/pages/device/edit/apps.inc.php
@@ -22,19 +22,19 @@ if ($handle = opendir($config['install_dir'] . "/includes/polling/applications/"
 if ($_POST['device'])
 {
   $updated = 0;
-  $param = array($device['device_id']);
+  $param[] = array($device['device_id']);
   foreach (array_keys($_POST) as $key)
   {
     if (substr($key,0,4) == 'app_')
     {
       $param[] = substr($key,4);
       $enabled[] = substr($key,4);
-      $query[] = "?";
+      $replace[] = "?";
     }
   }
 
   if(count($enabled)) {
-    $updated += dbDelete('applications', "`device_id` = ? AND `app_type` NOT IN (".implode(',',$query).")", array($param));
+    $updated += dbDelete('applications', "`device_id` = ? AND `app_type` NOT IN (".implode(",",$replace).")", $param);
   } else {
     $updated += dbDelete('applications', "`device_id` = ?", array($param));
   }