mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix login and some other things

Browse Source 
git-svn-id: http://www.observium.org/svn/observer/trunk@356 61d68cd4-352d-0410-923a-c4978735b2b8
This commit is contained in:
Adam Amstrong
2009-03-17 20:26:29 +00:00
parent 3b6b3c6378
commit b53ed5a470
5 changed files with 29 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
config.php.default
View File

@@ -68,10 +68,10 @@ $config['show_locations'] = 1; # Enable Locations on menu
### Which additional features should we enable? ### Which additional features should we enable?
$config['enable_bgp'] = 1; # Enable BGP session collection and display $config['enable_bgp'] = 0; # Enable BGP session collection and display
$config['enable_syslog'] = 1; # Enable Syslog $config['enable_syslog'] = 0; # Enable Syslog
$config['enable_billing'] = 1; # Enable BGP session collection and display $config['enable_billing'] = 0; # Enable BGP session collection and display
$config['enable_inventory'] = 1; # Enable Inventory $config['enable_inventory'] = 0; # Enable Inventory
## Uncomment this to enable display of rancid-collected configs ## Uncomment this to enable display of rancid-collected configs
#$config['rancid_configs'] = '/var/lib/rancid/network/configs/'; #$config['rancid_configs'] = '/var/lib/rancid/network/configs/';

25
html/includes/authenticate.inc
View File

@@ -1,17 +1,8 @@
<?php <?php
function check_auth($username, $password) { session_start();
$encrypted = md5($password);
$sql = "select username, level, user_id from users where username='$username' and password='$encrypted'";
$query = mysql_query($sql);
$row = mysql_fetch_row($query);
if ($row[0] == $username) { return $row[1]; } else { return FALSE; }
}
if($_GET['logout']) { if($_GET['logout']) {
session_start();
$olduser = $_SESSION['username']; $olduser = $_SESSION['username'];
session_destroy(); session_destroy();
header('Location: /'); header('Location: /');
@@ -20,15 +11,16 @@ if($_GET['logout']) {
mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('$olduser', '".$_SERVER["REMOTE_ADDR"]."', 'logged out')"); mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('$olduser', '".$_SERVER["REMOTE_ADDR"]."', 'logged out')");
$auth_message = "Logged Out"; $auth_message = "Logged Out";
} else { } else {
session_start();
if($_POST['username'] && $_POST['password']){ if($_POST['username'] && $_POST['password']){
$username = mres($_POST['username']); $username = mres($_POST['username']);
$password = mres($_POST['password']); $password = mres($_POST['password']);
$userlevel = check_auth($username,$password); $encrypted = md5($password);
if($userlevel) { $sql = "SELECT * FROM `users` WHERE `username`='$username' AND `password`='$encrypted'";
$_SESSION['userlevel'] = $userlevel; $query = mysql_query($sql);
$row = @mysql_fetch_array($query);
if($row['level']) {
$_SESSION['userlevel'] = $row['level'];
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['authenticated'] = true; $_SESSION['authenticated'] = true;
$_SESSION['username'] = $username; $_SESSION['username'] = $username;
mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('$username', '".$_SERVER["REMOTE_ADDR"]."', 'logged in')"); mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('$username', '".$_SERVER["REMOTE_ADDR"]."', 'logged in')");
@@ -37,7 +29,6 @@ if($_GET['logout']) {
$auth_message = "Authentication Failed"; $auth_message = "Authentication Failed";
mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('$username', '".$_SERVER["REMOTE_ADDR"]."', 'authentication failure')"); mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('$username', '".$_SERVER["REMOTE_ADDR"]."', 'authentication failure')");
} }
} }
} }

27
html/pages/preferences.php
View File

@@ -2,36 +2,39 @@
echo("<div style='margin: 10px'>"); echo("<div style='margin: 10px'>");
echo("<h3>User Preferences</h3>"); echo("<h3>User Preferences</h3>");
include("includes/update-preferences.inc.php"); include("includes/update-preferences-password.inc.php");
echo("<div style='width: 800px; background-color: #fff; padding:5px; margin-bottom:10px; float:left;'>"); echo("<div style='width: 800px; background-color: #fff; padding:5px; margin-bottom:10px; float:left;'>");
$pref_sql = "SELECT * FROM user_prefs"
echo("</div>"); echo("</div>");
echo("<div style='width: 300px; float: right;'>"); echo("<div style='width: 300px; float: right;'>");
echo("<div style='background-color: #e5e5e5; border: solid #e5e5e5 10px; margin-bottom:10px;'>"); echo("<div style='background-color: #e5e5e5; border: solid #e5e5e5 10px; margin-bottom:10px;'>");
echo("<h2>Change Password</h2>"); echo("<div style='font-size: 18px; font-weight: bold; margin-bottom: 5px;'>Change Password</div>");
echo($password_message); echo($changepass_message);
echo("<form method='post' action='?page=preferences'><input type=hidden name='action' value='changepass'> echo("<form method='post' action='".$config['baseurl']."/preferences/'><input type=hidden name='action' value='changepass'>
<table> <table>
<tr><td>Old Password</td><td><input type=password name=old_pass></input></td></tr> <tr><td>Old Password</td><td><input type=password name=old_pass autocomplete='off'></input></td></tr>
<tr><td>New Password</td><td><input type=password name=new_pass></input></td></tr> <tr><td>New Password</td><td><input type=password name=new_pass autocomplete='off'></input></td></tr>
<tr><td>New Password</td><td><input type=password name=new_pass2></input></td></tr> <tr><td>New Password</td><td><input type=password name=new_pass2 autocomplete='off'></input></td></tr>
<tr><td></td><td align=right><input type=submit></td></tr></table></form>"); <tr><td></td><td align=right><input type=submit></td></tr></table></form>");
echo("</div>"); echo("</div>");
echo("<div style='background-color: #e5e5e5; border: solid #e5e5e5 10px; margin-bottom:10px;'>"); echo("<div style='background-color: #e5e5e5; border: solid #e5e5e5 10px; margin-bottom:10px;'>");
echo("<h3>Device Permissions</h3>"); echo("<div style='font-size: 18px; font-weight: bold; margin-bottom: 5px;'>Device Permissions</div>");
if($_SESSION['userlevel'] == '10') { echo("<strong>Global Administrative Access</strong>"); } if($_SESSION['userlevel'] == '10') { echo("<strong class='blue'>Global Administrative Access</strong>"); }
if($_SESSION['userlevel'] == '5') { echo("<strong>Global Viewing Access</strong>"); } if($_SESSION['userlevel'] == '5') { echo("<strong class='green'>Global Viewing Access</strong>"); }
if($_SESSION['userlevel'] == '1') { if($_SESSION['userlevel'] == '1') {
$perms = mysql_query("SELECT * FROM `devices_perms` AS P, `devices` AS D WHERE `user_id` = '" . $user_id . "' AND P.device_id = D.device_id"); $perms = mysql_query("SELECT * FROM `devices_perms` AS P, `devices` AS D WHERE `user_id` = '" . $user_id . "' AND P.device_id = D.device_id");

2
poll-reachability.php
View File

@@ -7,7 +7,7 @@
include("config.php"); include("config.php");
include("includes/functions.php"); include("includes/functions.php");
$device_query = mysql_query("SELECT * FROM `devices` WHERE `device_id` LIKE '%" . $argv[1] . "' ORDER BY `device_id` DESC"); $device_query = mysql_query("SELECT * FROM `devices` WHERE `device_id` LIKE '%" . $argv[1] . "' AND disabled = '0' ORDER BY `device_id` DESC");
while ($device = mysql_fetch_array($device_query)) { while ($device = mysql_fetch_array($device_query)) {
$id = $device['device_id']; $id = $device['device_id'];

2
renamehost.php
View File

@@ -15,7 +15,7 @@ if($argv[1] && $argv[2]) {
echo("Host doesn't exist!\n"); echo("Host doesn't exist!\n");
} }
} else { } else {
echo("Host Rename Tool\nUsage: ./delhost.php <old hostname> <new hostname>\n"); echo("Host Rename Tool\nUsage: ./renamehost.php <old hostname> <new hostname>\n");
} }
?> ?>