From b53ed5a470c400f5a6578dfd3eac8f7b4765d2fa Mon Sep 17 00:00:00 2001
From: Adam Amstrong <adama@localhost>
Date: Tue, 17 Mar 2009 20:26:29 +0000
Subject: [PATCH] fix login and some other things

git-svn-id: http://www.observium.org/svn/observer/trunk@356 61d68cd4-352d-0410-923a-c4978735b2b8
---
 config.php.default             |  8 ++++----
 html/includes/authenticate.inc | 25 ++++++++-----------------
 html/pages/preferences.php     | 27 +++++++++++++++------------
 poll-reachability.php          |  2 +-
 renamehost.php                 |  2 +-
 5 files changed, 29 insertions(+), 35 deletions(-)

diff --git a/config.php.default b/config.php.default
index f85aa1fdb2..594c942435 100755
--- a/config.php.default
+++ b/config.php.default
@@ -68,10 +68,10 @@ $config['show_locations'] = 1;  # Enable Locations on menu
 
 ### Which additional features should we enable?
 
-$config['enable_bgp'] 		= 1; # Enable BGP session collection and display
-$config['enable_syslog'] 	= 1; # Enable Syslog
-$config['enable_billing']	= 1; # Enable BGP session collection and display
-$config['enable_inventory']     = 1; # Enable Inventory
+$config['enable_bgp'] 		= 0; # Enable BGP session collection and display
+$config['enable_syslog'] 	= 0; # Enable Syslog
+$config['enable_billing']	= 0; # Enable BGP session collection and display
+$config['enable_inventory']     = 0; # Enable Inventory
 
 ## Uncomment this to enable display of rancid-collected configs
 #$config['rancid_configs']       = '/var/lib/rancid/network/configs/';
diff --git a/html/includes/authenticate.inc b/html/includes/authenticate.inc
index 0011d03de5..9c993b0cf1 100644
--- a/html/includes/authenticate.inc
+++ b/html/includes/authenticate.inc
@@ -1,17 +1,8 @@
 <?php 
 
-function check_auth($username, $password) {
-  $encrypted = md5($password);
-  $sql = "select username, level, user_id from users where username='$username' and password='$encrypted'";
-  $query = mysql_query($sql);
-  $row = mysql_fetch_row($query);
-
-  if ($row[0] == $username) { return $row[1]; } else { return FALSE; }
-
-}
+session_start();
 
 if($_GET['logout']) {
-  session_start();
   $olduser = $_SESSION['username'];
   session_destroy();
   header('Location: /');
@@ -20,15 +11,16 @@ if($_GET['logout']) {
   mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('$olduser', '".$_SERVER["REMOTE_ADDR"]."', 'logged out')");
   $auth_message = "Logged Out";
 } else {
-
-  session_start();  
-
   if($_POST['username'] && $_POST['password']){
     $username = mres($_POST['username']);
     $password = mres($_POST['password']);
-    $userlevel = check_auth($username,$password);
-    if($userlevel) {
-      $_SESSION['userlevel'] = $userlevel;
+    $encrypted = md5($password);
+    $sql = "SELECT * FROM `users` WHERE `username`='$username' AND `password`='$encrypted'";
+    $query = mysql_query($sql);
+    $row = @mysql_fetch_array($query);
+    if($row['level']) {
+      $_SESSION['userlevel'] = $row['level'];
+      $_SESSION['user_id'] = $row['user_id'];
       $_SESSION['authenticated'] = true;
       $_SESSION['username'] = $username;
       mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('$username', '".$_SERVER["REMOTE_ADDR"]."', 'logged in')");
@@ -37,7 +29,6 @@ if($_GET['logout']) {
       $auth_message = "Authentication Failed"; 
       mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('$username', '".$_SERVER["REMOTE_ADDR"]."', 'authentication failure')");
     } 
-
   }
 }
 
diff --git a/html/pages/preferences.php b/html/pages/preferences.php
index ab7013dc24..b5e9631527 100644
--- a/html/pages/preferences.php
+++ b/html/pages/preferences.php
@@ -2,36 +2,39 @@
 echo("<div style='margin: 10px'>");
 echo("<h3>User Preferences</h3>");
 
-include("includes/update-preferences.inc.php");
-
+include("includes/update-preferences-password.inc.php");
 
 echo("<div style='width: 800px; background-color: #fff; padding:5px; margin-bottom:10px; float:left;'>");
+
+$pref_sql = "SELECT * FROM user_prefs"
+
+
+
 echo("</div>");
 
 
 echo("<div style='width: 300px; float: right;'>");
 echo("<div style='background-color: #e5e5e5; border: solid #e5e5e5 10px; margin-bottom:10px;'>");
-echo("<h2>Change Password</h2>");
+echo("<div style='font-size: 18px; font-weight: bold; margin-bottom: 5px;'>Change Password</div>");
 
-echo($password_message);
+echo($changepass_message);
 
-echo("<form method='post' action='?page=preferences'><input type=hidden name='action' value='changepass'>
+echo("<form method='post' action='".$config['baseurl']."/preferences/'><input type=hidden name='action' value='changepass'>
         <table>
-        <tr><td>Old Password</td><td><input type=password name=old_pass></input></td></tr>
-        <tr><td>New Password</td><td><input type=password name=new_pass></input></td></tr>
-        <tr><td>New Password</td><td><input type=password name=new_pass2></input></td></tr>
+        <tr><td>Old Password</td><td><input type=password name=old_pass autocomplete='off'></input></td></tr>
+        <tr><td>New Password</td><td><input type=password name=new_pass autocomplete='off'></input></td></tr>
+        <tr><td>New Password</td><td><input type=password name=new_pass2 autocomplete='off'></input></td></tr>
         <tr><td></td><td align=right><input type=submit></td></tr></table></form>");
-
 echo("</div>");
 
 
 echo("<div style='background-color: #e5e5e5; border: solid #e5e5e5 10px;  margin-bottom:10px;'>");
 
 
-echo("<h3>Device Permissions</h3>");
+echo("<div style='font-size: 18px; font-weight: bold; margin-bottom: 5px;'>Device Permissions</div>");
 
-if($_SESSION['userlevel'] == '10') { echo("<strong>Global Administrative Access</strong>"); }
-if($_SESSION['userlevel'] == '5')  { echo("<strong>Global Viewing Access</strong>"); }
+if($_SESSION['userlevel'] == '10') { echo("<strong class='blue'>Global Administrative Access</strong>"); }
+if($_SESSION['userlevel'] == '5')  { echo("<strong class='green'>Global Viewing Access</strong>"); }
 if($_SESSION['userlevel'] == '1') {
 
   $perms = mysql_query("SELECT * FROM `devices_perms` AS P, `devices` AS D WHERE `user_id` = '" . $user_id . "' AND P.device_id = D.device_id");
diff --git a/poll-reachability.php b/poll-reachability.php
index dcb1a9401c..30ead5d006 100755
--- a/poll-reachability.php
+++ b/poll-reachability.php
@@ -7,7 +7,7 @@
 include("config.php");
 include("includes/functions.php");
 
-$device_query = mysql_query("SELECT * FROM `devices` WHERE `device_id` LIKE '%" . $argv[1] . "' ORDER BY `device_id` DESC");
+$device_query = mysql_query("SELECT * FROM `devices` WHERE `device_id` LIKE '%" . $argv[1] . "' AND disabled = '0' ORDER BY `device_id` DESC");
 while ($device = mysql_fetch_array($device_query)) {
 
    $id = $device['device_id'];
diff --git a/renamehost.php b/renamehost.php
index af5abbfaca..30b810d501 100755
--- a/renamehost.php
+++ b/renamehost.php
@@ -15,7 +15,7 @@ if($argv[1] && $argv[2]) {
     echo("Host doesn't exist!\n");
   }
 } else {
-    echo("Host Rename Tool\nUsage: ./delhost.php <old hostname> <new hostname>\n");
+    echo("Host Rename Tool\nUsage: ./renamehost.php <old hostname> <new hostname>\n");
 }
 
 ?>