fixing things, adding better security

git-svn-id: http://www.observium.org/svn/observer/trunk@351 61d68cd4-352d-0410-923a-c4978735b2b8

INSTALL

@@ -1,5 +1,5 @@
-This software is currently Alpha, so no real documentation exists yes.
-
-Please see http://www.observernms.org for some instructions.
-
-Please also contact me via adama@memetic.org if you run in to any issues.
+This software is currently Alpha, so no real documentation exists yet.
+
+Please see http://www.observernms.org for some instructions.
+
+Please also contact me via adama@memetic.org if you run in to any issues.

html/billing-graph.php

@@ -7,6 +7,8 @@
 
 include("../config.php");
 include("../includes/functions.php");
+include("includes/authenticate.inc");
+if(!$_SESSION['authenticated']) { echo("unauthenticated"); exit; }
 require("includes/jpgraph/jpgraph.php");
 include("includes/jpgraph/jpgraph_line.php");
 include("includes/jpgraph/jpgraph_utils.inc.php");

html/graph.php

@@ -9,8 +9,6 @@
   include("../config.php");
   include("../includes/functions.php");
   include("includes/authenticate.inc");
-
-
   if(!$_SESSION['authenticated']) { echo("not authenticated"); exit; }
   
 

html/list_interfaces.php

@@ -3,11 +3,7 @@
   include("../config.php");
   include("../includes/functions.php");
   include("includes/authenticate.inc");
-
-#  ini_set('display_errors', 1);
-#  ini_set('display_startup_errors', 1);
-#  ini_set('log_errors', 1);
-#  ini_set('error_reporting', E_ALL);
+  if(!$_SESSION['authenticated']) { echo("unauthenticated"); exit; }
 
 if(isset($_GET['device_id'])){
 

html/netcmd.php

@@ -3,7 +3,6 @@
 ini_set('allow_url_fopen', 0);
 ini_set('display_errors', 0);
 
-
 if($_GET[debug]) {
   ini_set('display_errors', 1);
   ini_set('display_startup_errors', 1);
@@ -14,6 +13,8 @@ if($_GET[debug]) {
 include("../config.php");
 include("../includes/functions.php");
 include("includes/authenticate.inc");
+if(!$_SESSION['authenticated']) { echo("unauthenticated"); exit; }
+
 
 if($_GET['query'] && $_GET['cmd']) {
   $host = $_GET['query'];

html/percentage.php

@@ -1,6 +1,8 @@
 <?php 
 
-
+include("../config.php");
+include("../includes/functions.php");
+include("includes/authenticate.inc");
 
 if (isset($_GET["dir"])) {
   $dir = $_GET["dir"];

includes/static-config.php

@@ -3,6 +3,7 @@
 ## ifDescr whitelist (used instead of ifName)
 $config['ifdescr']['IOS'] = true;
 
+
 ##############################
 # No changes below this line #
 ##############################

remove-deleted-interfaces.php

@@ -0,0 +1,22 @@
+#!/usr/bin/php
+
+### Purge deleted interfaces from the database
+
+<?
+include("config.php");
+include("includes/functions.php");
+
+$query = mysql_query("SELECT * FROM interfaces AS I, devices as D WHERE I.device_id = D.device_id AND I.deleted = '1'");
+
+while($interface = mysql_fetch_array($query)) {
+
+  mysql_query("DELETE from interfaces where interface_id = '" . $interface['interface_id'] . "'");
+  mysql_query("DELETE from `adjacencies` WHERE `interface_id` = '" . $interface['interface_id'] . "'");
+  mysql_query("DELETE from `links` WHERE `src_if` = '" . $interface['interface_id'] . "'");
+  mysql_query("DELETE from `links` WHERE `dst_if` = '" . $interface['interface_id'] . "'");
+  mysql_query("DELETE from `ipaddr` WHERE `interface_id` = '" . $interface['interface_id'] . "'");
+  echo("Removed interface " . $interface['ifDescr'] . " from " . $interface['hostname'] . "\n");
+
+}
+
+?>

renamehost.php

@@ -0,0 +1,21 @@
+#!/usr/bin/php 
+<?
+include("config.php");
+include("includes/functions.php");
+
+# Remove a host and all related data from the system
+
+if($argv[1] && $argv[2]) { 
+  $host = strtolower($argv[1]);
+  $id = getidbyname($host);
+  if($id) {
+    renamehost($id, $argv[2]);
+    echo("Renamed $host\n");
+  } else {
+    echo("Host doesn't exist!\n");
+  }
+} else {
+    echo("Host Rename Tool\nUsage: ./delhost.php <old hostname> <new hostname>\n");
+}
+
+?>