more db

git-svn-id: http://www.observium.org/svn/observer/trunk@2317 61d68cd4-352d-0410-923a-c4978735b2b8

html/pages/iftype.inc.php

@@ -7,16 +7,16 @@ if ($bg == "#ffffff") { $bg = "#e5e5e5"; } else { $bg = "#ffffff"; }
 $type_where = " (";
 foreach (explode(",", $_GET['opta']) as $type)
 {
-  $type_where .= " $or `port_descr_type` = '" . mres($type) . "' ";
+  $type_where .= " $or `port_descr_type` = ?";
   $or = "OR";
+  $type_param[] = $type; 
 }
 
 $type_where .= ") ";
+$ports = dbFetchRows("SELECT * FROM `ports` as I, `devices` AS D WHERE $type_where AND I.device_id = D.device_id ORDER BY I.ifAlias", $type_param);
 
-$sql  = "SELECT * FROM `ports` as I, `devices` AS D WHERE $type_where AND I.device_id = D.device_id ORDER BY I.ifAlias";
 
-$query = mysql_query($sql);
-while ($interface = mysql_fetch_assoc($query))
+foreach ($ports as $interface)
 {
   $if_list .= $seperator . $interface['interface_id'];
   $seperator = ",";
@@ -38,9 +38,7 @@ if ($if_list)
   include("includes/print-interface-graphs.inc.php");
   echo("</td></tr>");
 
-  $sql  = "select * from ports as I, devices as D WHERE $type_where AND I.device_id = D.device_id ORDER BY I.ifAlias";
-  $query = mysql_query($sql);
-  while ($interface = mysql_fetch_assoc($query))
+  foreach ($ports as $interface)
   {
     $done = "yes";
     unset($class);
@@ -75,4 +73,4 @@ else
 }
 
 ?>
-</table>
+</table>

html/pages/inventory.inc.php

@@ -10,8 +10,7 @@
     <select name="part" id="part">
       <option value="">All Parts</option>
       <?php
-        $query = mysql_query("SELECT `entPhysicalModelName` FROM `entPhysical` GROUP BY `entPhysicalModelName` ORDER BY `entPhysicalModelName`");
-        while ($data = mysql_fetch_assoc($query))
+        foreach (dbFetchRows("SELECT `entPhysicalModelName` FROM `entPhysical` GROUP BY `entPhysicalModelName` ORDER BY `entPhysicalModelName`") as $data)
         {
           echo("<option value='".$data['entPhysicalModelName']."'");
           if ($data['entPhysicalModelName'] == $_POST['part']) { echo("selected"); }
@@ -28,8 +27,7 @@
     <select name="device" id="device">
       <option value="">All Devices</option>
       <?php
-        $query = mysql_query("SELECT * FROM `devices` ORDER BY `hostname`");
-        while ($data = mysql_fetch_assoc($query))
+        foreach (dbFetchRows("SELECT * FROM `devices` ORDER BY `hostname`") as $data)
         {
           echo("<option value='".$data['device_id']."'");
 
@@ -40,52 +38,57 @@
       ?>
     </select>
   </label>
-  <input type="text" size=24 name="device_string" id="device_string" value="<?php echo($_POST['device_string']); ?>" />
+  <input type="text" size=24 name="device_string" id="device_string" value="<?php if($_POST['device_string']) { echo($_POST['device_string']); } ?>" />
   <input style type=submit class=submit value=Search>
 
 <?php
 
 print_optionbar_end();
 
-if ($_POST['string'])
-{
-  $where .= " AND E.entPhysicalDescr LIKE '%".$_POST['string']."%'";
-}
-
-if ($_POST['device_string'])
-{
-  $where .= " AND D.hostname LIKE '%".$_POST['device_string']."%'";
-}
-
-if ($_POST['part'])
-{
-  $where .= " AND E.entPhysicalModelName = '".$_POST['part']."'";
-}
-
-if ($_POST['serial'])
-{
-  $where .= " AND E.entPhysicalSerialNum LIKE '%".$_POST['serial']."%'";
-}
-
-if ($_POST['device'])
-{
-  $where .= " AND D.device_id = '".$_POST['device']."'";
-}
+$param = array();
 
 if ($_SESSION['userlevel'] >= '5')
 {
-  $sql = "SELECT * from entPhysical AS E, devices AS D WHERE E.device_id = D.device_id $where ORDER BY D.hostname";
+  $sql = "SELECT * from entPhysical AS E, devices AS D WHERE D.device_id = E.device_id";
 } else {
-  $sql = "SELECT * from entPhysical AS E, devices AS D, devices_perms AS P
-          WHERE E.device_id = D.device_id AND D.device_id = P.device_id $where ORDER BY D.hostname";
+  $sql = "SELECT * from entPhysical AS E, devices AS D, devices_perms AS P WHERE D.device_id = E.device_id AND P.device_id = D.device_id AND P.user_id = ?";
+  $param[] = $_SESSION['user_id'];
 }
 
-$query = mysql_query($sql);
-echo("<table cellspacing=0 cellpadding=2 width=100%>");
+if (isset($_POST['string']) && strlen($_POST['string']))
+{
+  $sql  .= " AND E.entPhysicalDescr LIKE ?";
+  $param[] = "%".$_POST['string']."%"; 
+}
 
+if (isset($_POST['device_string']) && strlen($_POST['device_string']))
+{
+  $sql .= " AND D.hostname LIKE ?";
+  $param[] = "%".$_POST['device_string']."%";
+}
+
+if (isset($_POST['part']) && strlen($_POST['part']))
+{
+  $sql .= " AND E.entPhysicalModelName = ?";
+  $param[] = $_POST['part'];
+}
+
+if (isset($_POST['serial']) && strlen($_POST['serial']))
+{
+  $sql .= " AND E.entPhysicalSerialNum LIKE ?";
+  $param[] = "%".$_POST['serial']."%";
+}
+
+if (isset($_POST['device']) && is_numeric($_POST['device']))
+{
+  $sql .= " AND D.device_id = ?";
+  $param[] = $_POST['device'];
+}
+
+echo("<table cellspacing=0 cellpadding=2 width=100%>");
 echo("<tr><th>Hostname</th><th>Description</th><th>Name</th><th>Part No</th><th>Serial No</th></tr>");
 
-while ($entry = mysql_fetch_assoc($query))
+foreach (dbFetchRows($sql, $param) as $entry)
 {
   if ($bg == $list_colour_a) { $bg = $list_colour_b; } else { $bg=$list_colour_a; }
   echo("<tr style=\"background-color: $bg\"><td>" . generate_device_link($entry, shortHost($entry['hostname'])) . "</td><td>" . $entry['entPhysicalDescr']  .
@@ -94,4 +97,4 @@ while ($entry = mysql_fetch_assoc($query))
 echo("</table>");
 
 ?>
-</table>
+</table>

html/pages/list.inc.php

@@ -1,28 +0,0 @@
-<?php
-
-if ($_GET['location']) { $where = "AND location = '$_GET[location]'"; }
-if ($_GET['location'] == "Unset") { $where = "AND location = ''"; }
-if ($_GET['type']) { $where = "AND type = '$_GET[type]'"; }
-
-$sql = "select *, U.device_uptime as uptime from devices AS D, device_uptime AS U WHERE D.id = U.device_id $where ORDER BY `ignore`, `status`, `os`, `hostname`";
-$device_query = mysql_query($sql);
-
-echo("<table cellpadding=7 cellspacing=0 class=devicetable width=100%>");
-
-echo("<tr class=interface-desc bgcolor=#e5e5e5 style='font-weight:bold;'>
-<td></td>
-<td>Hostname - Description</td>
-<td>Operating System - Version</td>
-<td>Hardware - Features</td>
-<td>Uptime - Location</td>
-<td></td>
-</tr>");
-
-while ($device = mysql_fetch_assoc($device_query))
-{
-  include("includes/hostbox.inc.php");
-}
-
-echo("</table>");
-
-?>

html/pages/locations.inc.php

@@ -7,17 +7,17 @@ foreach (getlocations() as $location)
 
   if ($_SESSION['userlevel'] == '10')
   {
-    $num = dbFetchCell("SELECT COUNT(device_id) FROM devices WHERE location = '" . $location . "'");
-    $net = dbFetchCell("SELECT COUNT(device_id) FROM devices WHERE location = '" . $location . "' AND type = 'network'");
-    $srv = dbFetchCell("SELECT COUNT(device_id) FROM devices WHERE location = '" . $location . "' AND type = 'server'");
-    $fwl = dbFetchCell("SELECT COUNT(device_id) FROM devices WHERE location = '" . $location . "' AND type = 'firewall'");
-    $hostalerts = dbFetchCell("SELECT COUNT(device_id) FROM devices WHERE location = '" . $location . "' AND status = '0'");
+    $num = dbFetchCell("SELECT COUNT(device_id) FROM devices WHERE location = ?", array($location));
+    $net = dbFetchCell("SELECT COUNT(device_id) FROM devices WHERE location = ? AND type = 'network'", array($location));
+    $srv = dbFetchCell("SELECT COUNT(device_id) FROM devices WHERE location = ? AND type = 'server'", array($location));
+    $fwl = dbFetchCell("SELECT COUNT(device_id) FROM devices WHERE location = ? AND type = 'firewall'", array($location));
+    $hostalerts = dbFetchCell("SELECT COUNT(device_id) FROM devices WHERE location = ? AND status = '0'", array($location));
   } else {
-    $num = dbFetchCell("SELECT COUNT(D.device_id) FROM devices AS D, devices_perms AS P WHERE D.device_id = P.device_id AND P.user_id = '" . $_SESSION['user_id'] . "' AND location = '" . $location . "'");
-    $net = dbFetchCell("SELECT COUNT(D.device_id) FROM devices AS D, devices_perms AS P WHERE D.device_id = P.device_id AND P.user_id = '" . $_SESSION['user_id'] . "' AND location = '" . $location . "' AND D.type = 'network'");
-    $srv = dbFetchCell("SELECT COUNT(D.device_id) FROM devices AS D, devices_perms AS P WHERE D.device_id = P.device_id AND P.user_id = '" . $_SESSION['user_id'] . "' AND location = '" . $location . "' AND type = 'server'");
-    $fwl = dbFetchCell("SELECT COUNT(D.device_id) FROM devices AS D, devices_perms AS P WHERE D.device_id = P.device_id AND P.user_id = '" . $_SESSION['user_id'] . "' AND location = '" . $location . "' AND type = 'firewall'");
-    $hostalerts = dbFetchCell("SELECT COUNT(device_id) FROM devices AS D, devices_perms AS P WHERE location = '" . $location . "' AND status = '0'");
+    $num = dbFetchCell("SELECT COUNT(D.device_id) FROM devices AS D, devices_perms AS P WHERE D.device_id = P.device_id AND P.user_id = ? AND location = ?", array($_SESSION['user_id'], $location));
+    $net = dbFetchCell("SELECT COUNT(D.device_id) FROM devices AS D, devices_perms AS P WHERE D.device_id = P.device_id AND P.user_id = ? AND location = ? AND D.type = 'network'", array($_SESSION['user_id'], $location));
+    $srv = dbFetchCell("SELECT COUNT(D.device_id) FROM devices AS D, devices_perms AS P WHERE D.device_id = P.device_id AND P.user_id = ? AND location = ? AND type = 'server'", array($_SESSION['user_id'], $location));
+    $fwl = dbFetchCell("SELECT COUNT(D.device_id) FROM devices AS D, devices_perms AS P WHERE D.device_id = P.device_id AND P.user_id = ? AND location = ? AND type = 'firewall'", array($_SESSION['user_id'], $location));
+    $hostalerts = dbFetchCell("SELECT COUNT(device_id) FROM devices AS D, devices_perms AS P WHERE D.device_id = P.device_id AND P.user_id = ? AND location = ? AND status = '0'", array($_SESSION['user_id'], $location));
   }
 
   if ($hostalerts) { $alert = '<img src="images/16/flag_red.png" alt="alert" />'; } else { $alert = ""; }

html/pages/preferences.inc.php

@@ -52,9 +52,8 @@ if ($_SESSION['userlevel'] == '10') { echo("<strong class='blue'>Global Administ
 if ($_SESSION['userlevel'] == '5')  { echo("<strong class='green'>Global Viewing Access</strong>"); }
 if ($_SESSION['userlevel'] == '1')
 {
-  $perms = mysql_query("SELECT * FROM `devices_perms` AS P, `devices` AS D WHERE `user_id` = '" . $user_id . "' AND P.device_id = D.device_id");
 
-  while ($perm = mysql_fetch_assoc($perms))
+  foreach (dbFetchRows("SELECT * FROM `devices_perms` AS P, `devices` AS D WHERE `user_id` = ? AND P.device_id = D.device_id", array($user_id)) as $perm)
   {
     echo("<a href='?page=device&id=" . $perm['device_id'] . "'>" . $perm['hostname'] . "</a><br />");
     $dev_access = 1;
@@ -67,4 +66,4 @@ echo("</div>");
 echo("</div>");
 echo("</div>");
 
-?>
+?>

html/pages/services.inc.php

@@ -35,16 +35,16 @@ echo("<div style='margin: 5px;'><table cellpadding=7 border=0 cellspacing=0 widt
 if ($_SESSION['userlevel'] >= '5')
 {
   $host_sql = "SELECT * FROM devices AS D, services AS S WHERE D.device_id = S.device_id GROUP BY D.hostname ORDER BY D.hostname";
+  $host_par = array();
 } else {
-  $host_sql = "SELECT * FROM devices AS D, services AS S, devices_perms AS P WHERE D.device_id = S.device_id AND D.device_id = P.device_id AND P.user_id = '" . $_SESSION['user_id'] . "' $where GROUP BY D.hostname ORDER BY D.hostname";
+  $host_sql = "SELECT * FROM devices AS D, services AS S, devices_perms AS P WHERE D.device_id = S.device_id AND D.device_id = P.device_id AND P.user_id = ? GROUP BY D.hostname ORDER BY D.hostname";
+  $host_par = array($_SESSION['user_id']);
 }
-  $host_query = mysql_query($host_sql);
-  while ($host_data = mysql_fetch_assoc($host_query))
+  foreach (dbFetchRows($host_sql, $host_par) as $host_data)
   {
     $device_id = $host_data['device_id'];
     $device_hostname = $host_data['hostname'];
-    $service_query = mysql_query("SELECT * FROM `services` WHERE `device_id` = '" . $host_data['device_id'] . "' $where");
-    while ($service = mysql_fetch_assoc($service_query))
+    foreach (dbFetchRows("SELECT * FROM `services` WHERE `device_id` = ?", array($host_data['device_id'])) as $service)
     {
        include("includes/print-service.inc.php");
 #       $samehost = 1;

includes/syslog.php

@@ -1,5 +1,12 @@
 <?php
 
+/**
+ * @package syslog
+ */
+
+/**
+ * function process_syslog
+ */
 function process_syslog ($entry, $update) {
 
   global $config;

irc.php

@@ -1,20 +1,92 @@
 #!/usr/bin/env php
+
+# status <dev prt srv>
+# reboot
+# log
+# help
+# down
+
 <?php
 
-include("includes/defaults.inc.php");
-include("config.php");
-include("includes/functions.php");
-include("includes/discovery/functions.inc.php");
+# Disable annoying messages... well... all messages actually :)
+error_reporting(0);
+
+include_once("includes/defaults.inc.php");
+include_once("config.php");
+include_once("includes/functions.php");
+include_once("includes/discovery/functions.inc.php");
 
 include_once('Net/SmartIRC.php');
 
+mysql_close();
+
+# Redirect to /dev/null if you aren't using screen to keep tabs
+echo "Observer Bot Starting ...\n";
+echo "\n";
+echo "COMMAND\t\tHOST\t\t\tDEVICE\n";
+echo "-------\t\t----\t\t\t------\n";
+
 class observiumbot
+
 {
+
+###
+# Get status on !version 
+###
+  function version_info(&$irc, &$data)
+  {
+
+global $config;
+
+$irc->message(SMARTIRC_TYPE_CHANNEL, $data->channel, "Observium Version " . $config['version']);
+
+echo "VERSION\t\t". $config['version'] . "\n";
+
+mysql_close();
+
+  }
+
+###
+# Get status on !down devices
+###
+  function down_info(&$irc, &$data)
+  {
+
+global $config;
+mysql_connect($config['db_host'],$config['db_user'],$config['db_pass']);
+mysql_select_db($config['db_name']);
+
+    $query = mysql_query("SELECT * FROM `devices` where status=0");
+    unset($message);
+    while($device = mysql_fetch_assoc($query))
+    {
+      $message .= $sep . $device['hostname'];
+      $sep = ", ";
+    }
+    $irc->message(SMARTIRC_TYPE_CHANNEL, $data->channel, $message);
+    unset($sep);
+
+mysql_close();
+
+echo "DOWN\n";
+
+  }
+
+###
+# Get status on !device <hostname>
+###
   function device_info(&$irc, &$data)
   {
+
     $hostname = $data->messageex[1];
 
-    $device = mysql_fetch_assoc(mysql_query("SELECT * FROM `devices` WHERE `hostname` = '".mres($hostname)."'"));
+global $config;
+mysql_connect($config['db_host'],$config['db_user'],$config['db_pass']);
+mysql_select_db($config['db_name']);
+
+    $device = dbFetchRow("SELECT * FROM `devices` WHERE `hostname` = ?",array($hostname));
+
+mysql_close();
 
     if ($device['status'] == 1) { $status = "Up " . formatUptime($device['uptime'] . " "); } else { $status = "Down "; }
     if ($device['ignore']) { $status = "*Ignored*"; }
@@ -22,15 +94,28 @@ class observiumbot
 
     $irc->message(SMARTIRC_TYPE_CHANNEL, $data->channel, '#'.$device['device_id'] . " " . $device['os'] . " " . $device['version'] . " " .
       $device['features'] . " " . $status);
+
+echo "DEVICE\t\t". $device['hostname']."\n";
+
   }
 
+
+###
+# Get status on !port <hostname port>
+###
   function port_info(&$irc, &$data)
   {
     $hostname = $data->messageex[1];
     $ifname = $data->messageex[2];
 
-    $device = mysql_fetch_assoc(mysql_query("SELECT * FROM `devices` WHERE `hostname` = '".mres($hostname)."'"));
-    $port   = mysql_fetch_assoc(mysql_query("SELECT * FROM `ports` WHERE `ifName` = '".mres($ifname)."' OR `ifDescr` = '".mres($ifname)."' AND device_id = '".$device['device_id']."'"));
+global $config;
+mysql_connect($config['db_host'],$config['db_user'],$config['db_pass']);
+mysql_select_db($config['db_name']);
+
+    $device = dbFetchRow("SELECT * FROM `devices` WHERE `hostname` = ?",array($device));
+    $port   = dbFetchRow("SELECT * FROM `ports` WHERE `ifName` = ? OR `ifDescr` = ? AND device_id = ?", array($ifname, $ifname, $device['device_id']));
+
+mysql_close();
 
     $bps_in = formatRates($port['ifInOctets_rate']);
     $bps_out = formatRates($port['ifOutOctets_rate']);
@@ -39,19 +124,36 @@ class observiumbot
 
     $irc->message(SMARTIRC_TYPE_CHANNEL, $data->channel, '#' . $port['interface_id'] . " " . $port['ifAdminStatus'] . "/" . $port['ifOperStatus'] . " " .
       $bps_in. " > bps > " . $bps_out . " | " . $pps_in. "pps > PPS > " . $pps_out ."pps");
+
+echo "PORT\t\t" . $hostname . "\t". $ifname . "\n";
+
   }
 
+
+###
+# !listdevices lists all devices
+###
   function list_devices(&$irc, &$data)
   {
-    $query = mysql_query("SELECT * FROM `devices`");
-    unset($message);
-    while($device = mysql_fetch_assoc($query)) 
+    unset ($message);
+
+global $config;
+mysql_connect($config['db_host'],$config['db_user'],$config['db_pass']);
+mysql_select_db($config['db_name']);
+
+    foreach (dbFetchRows("SELECT `hostname` FROM `devices`") as $device)
     {
       $message .= $sep . $device['hostname'];
       $sep = ", ";
     }
+
+mysql_close();
+
     $irc->message(SMARTIRC_TYPE_CHANNEL, $data->channel, $message);
     unset($sep);
+
+echo "LISTDEVICES\n";
+
   }
 }
 
@@ -62,6 +164,8 @@ $irc->setUseSockets(TRUE);
 $irc->registerActionhandler(SMARTIRC_TYPE_CHANNEL, '!listdevices', $bot, 'list_devices');
 $irc->registerActionhandler(SMARTIRC_TYPE_CHANNEL, '!device', $bot, 'device_info');
 $irc->registerActionhandler(SMARTIRC_TYPE_CHANNEL, '!port', $bot, 'port_info');
+$irc->registerActionhandler(SMARTIRC_TYPE_CHANNEL, '!down', $bot, 'down_info');
+$irc->registerActionhandler(SMARTIRC_TYPE_CHANNEL, '!version', $bot, 'version_info');
 
 $irc->connect($config['irc_host'], $config['irc_port']);
 $irc->login($config['irc_nick'], 'Observium Bot', 0, $config['irc_nick']);