refactor: MySQL strict and query fixes (#5338)

* refactor: MySQL strict and query fixes

* moved sql file

discovery.php

@@ -125,7 +125,7 @@ $run      = ($end - $start);
 $proctime = substr($run, 0, 5);
 
 if ($discovered_devices) {
-    dbInsert(array('type' => 'discover', 'doing' => $doing, 'start' => $start, 'duration' => $proctime, 'devices' => $discovered_devices), 'perf_times');
+    dbInsert(array('type' => 'discover', 'doing' => $doing, 'start' => $start, 'duration' => $proctime, 'devices' => $discovered_devices, 'poller' => $config['distributed_poller_name']), 'perf_times');
 }
 
 $string = $argv[0]." $doing ".date($config['dateformat']['compact'])." - $discovered_devices devices discovered in $proctime secs";

html/includes/authentication/active_directory.inc.php

@@ -206,14 +206,14 @@ function get_userid($username)
 }
 
 
-function deluser($username)
+function deluser($userid)
 {
-    dbDelete('bill_perms', '`user_name` =  ?', array($username));
-    dbDelete('devices_perms', '`user_name` =  ?', array($username));
-    dbDelete('ports_perms', '`user_name` =  ?', array($username));
-    dbDelete('users_prefs', '`user_name` =  ?', array($username));
-    dbDelete('users', '`user_name` =  ?', array($username));
-    return dbDelete('users', '`username` =  ?', array($username));
+    dbDelete('bill_perms', '`user_id` =  ?', array($userid));
+    dbDelete('devices_perms', '`user_id` =  ?', array($userid));
+    dbDelete('ports_perms', '`user_id` =  ?', array($userid));
+    dbDelete('users_prefs', '`user_id` =  ?', array($userid));
+    dbDelete('users', '`user_id` =  ?', array($userid));
+    return dbDelete('users', '`user_id` =  ?', array($userid));
 }
 
 

html/includes/authentication/ad-authorization.inc.php

@@ -197,14 +197,14 @@ function get_userid($username)
 }
 
 
-function deluser($username)
+function deluser($userid)
 {
-    dbDelete('bill_perms', '`user_name` =  ?', array($username));
-    dbDelete('devices_perms', '`user_name` =  ?', array($username));
-    dbDelete('ports_perms', '`user_name` =  ?', array($username));
-    dbDelete('users_prefs', '`user_name` =  ?', array($username));
-    dbDelete('users', '`user_name` =  ?', array($username));
-    return dbDelete('users', '`username` =  ?', array($username));
+    dbDelete('bill_perms', '`user_id` =  ?', array($userid));
+    dbDelete('devices_perms', '`user_id` =  ?', array($userid));
+    dbDelete('ports_perms', '`user_id` =  ?', array($userid));
+    dbDelete('users_prefs', '`user_id` =  ?', array($userid));
+    dbDelete('users', '`user_id` =  ?', array($userid));
+    return dbDelete('users', '`user_id` =  ?', array($userid));
 }
 
 

html/includes/authentication/mysql.inc.php

@@ -139,15 +139,15 @@ function get_userid($username)
 }//end get_userid()
 
 
-function deluser($username)
+function deluser($userid)
 {
-    dbDelete('bill_perms', '`user_name` =  ?', array($username));
-    dbDelete('devices_perms', '`user_name` =  ?', array($username));
-    dbDelete('ports_perms', '`user_name` =  ?', array($username));
-    dbDelete('users_prefs', '`user_name` =  ?', array($username));
-    dbDelete('users', '`user_name` =  ?', array($username));
+    dbDelete('bill_perms', '`user_id` =  ?', array($userid));
+    dbDelete('devices_perms', '`user_id` =  ?', array($userid));
+    dbDelete('ports_perms', '`user_id` =  ?', array($userid));
+    dbDelete('users_prefs', '`user_id` =  ?', array($userid));
+    dbDelete('users', '`user_id` =  ?', array($userid));
 
-    return dbDelete('users', '`username` =  ?', array($username));
+    return dbDelete('users', '`user_id` =  ?', array($userid));
 }//end deluser()
 
 

html/includes/authentication/radius.inc.php

@@ -94,14 +94,14 @@ function get_userid($username)
 }
 
 
-function deluser($username)
+function deluser($userid)
 {
-    dbDelete('bill_perms', '`user_name` =  ?', array($username));
-    dbDelete('devices_perms', '`user_name` =  ?', array($username));
-    dbDelete('ports_perms', '`user_name` =  ?', array($username));
-    dbDelete('users_prefs', '`user_name` =  ?', array($username));
-    dbDelete('users', '`user_name` =  ?', array($username));
-    return dbDelete('users', '`username` =  ?', array($username));
+    dbDelete('bill_perms', '`user_id` =  ?', array($userid));
+    dbDelete('devices_perms', '`user_id` =  ?', array($userid));
+    dbDelete('ports_perms', '`user_id` =  ?', array($userid));
+    dbDelete('users_prefs', '`user_id` =  ?', array($userid));
+    dbDelete('users', '`user_id` =  ?', array($userid));
+    return dbDelete('users', '`user_id` =  ?', array($userid));
 }
 
 

html/includes/forms/delete-alert-rule.inc.php

@@ -22,7 +22,7 @@ if (!is_numeric($_POST['alert_id'])) {
     exit;
 } else {
     if (dbDelete('alert_rules', '`id` =  ?', array($_POST['alert_id']))) {
-        if (dbDelete('alert_map', 'rule = ?', array($_POST['alert_id'])) || dbFetchCell('COUNT(id) FROM alert_map WHERE rule = ?', array($_POST['alert_id'])) == 0) {
+        if (dbDelete('alert_map', 'rule = ?', array($_POST['alert_id'])) || dbFetchCell('SELECT COUNT(*) FROM alert_map WHERE rule = ?', array($_POST['alert_id'])) == 0) {
             echo 'Maps has been deleted.';
         } else {
             echo 'WARNING: Maps could not be deleted.';

html/pages/deluser.inc.php

@@ -14,7 +14,7 @@ if ($_SESSION['userlevel'] < 10 || $_SESSION['userlevel'] > 10) {
             $delete_username = dbFetchCell('SELECT username FROM users WHERE user_id = ?', array($vars['id']));
 
             if ($vars['confirm'] == 'yes') {
-                if (deluser($delete_username)) {
+                if (deluser($vars['id']) >= 0) {
                     print_message('<div class="infobox">User "'.$delete_username.'" deleted!');
                 } else {
                     print_error('Error deleting user "'.$delete_username.'"!');

html/pages/device/edit/device.inc.php

@@ -26,7 +26,7 @@ if ($_POST['editing']) {
 
         #FIXME needs more sanity checking! and better feedback
 
-        $param = array('purpose' => $vars['descr'], 'type' => $vars['type'], 'ignore' => $vars['ignore'], 'disabled' => $vars['disabled']);
+        $param = array('purpose' => $vars['descr'], 'type' => $vars['type'], 'ignore' => set_numeric($vars['ignore']), 'disabled' => set_numeric($vars['disabled']));
 
         $rows_updated = dbUpdate($param, 'devices', '`device_id` = ?', array($device['device_id']));
 

includes/common.php

@@ -1557,3 +1557,16 @@ function load_all_os($restricted = array())
         $config['os'][$tmp['os']] = $tmp;
     }
 }
+
+/**
+ * @param $value
+ * @param int $default
+ * @return int
+ */
+function set_numeric($value, $default = 0)
+{
+    if (!isset($value) || !is_numeric($value)) {
+        $value = $default;
+    }
+    return $value;
+}

includes/discovery/functions.inc.php

@@ -178,6 +178,11 @@ function discover_device($device, $options = null)
 
 function discover_sensor(&$valid, $class, $device, $oid, $index, $type, $descr, $divisor = '1', $multiplier = '1', $low_limit = null, $low_warn_limit = null, $warn_limit = null, $high_limit = null, $current = null, $poller_type = 'snmp', $entPhysicalIndex = null, $entPhysicalIndex_measured = null)
 {
+
+    if (!is_numeric($divisor)) {
+        $divisor  = 1;
+    }
+
     d_echo("Discover sensor: $oid, $index, $type, $descr, $poller_type, $precision, $entPhysicalIndex\n");
 
     if (is_null($low_warn_limit) && !is_null($warn_limit)) {

includes/functions.php

@@ -1322,6 +1322,12 @@ function fping($host, $params, $address_family = AF_INET)
         $rcv = 1;
         $loss = 100;
     }
+    $xmt      = set_numeric($xmt);
+    $rcv      = set_numeric($rcv);
+    $loss     = set_numeric($loss);
+    $min      = set_numeric($min);
+    $max      = set_numeric($max);
+    $avg      = set_numeric($avg);
     $response = array('xmt'=>$xmt,'rcv'=>$rcv,'loss'=>$loss,'min'=>$min,'max'=>$max,'avg'=>$avg);
     return $response;
 }

includes/polling/bgp-peers.inc.php

@@ -170,10 +170,10 @@ if ($config['enable_bgp']) {
 
             $peer['update']['bgpPeerState']              = $bgpPeerState;
             $peer['update']['bgpPeerAdminStatus']        = $bgpPeerAdminStatus;
-            $peer['update']['bgpPeerFsmEstablishedTime'] = $bgpPeerFsmEstablishedTime;
-            $peer['update']['bgpPeerInUpdates']          = $bgpPeerInUpdates;
+            $peer['update']['bgpPeerFsmEstablishedTime'] = set_numeric($bgpPeerFsmEstablishedTime);
+            $peer['update']['bgpPeerInUpdates']          = set_numeric($bgpPeerInUpdates);
             $peer['update']['bgpLocalAddr']              = $bgpLocalAddr;
-            $peer['update']['bgpPeerOutUpdates']         = $bgpPeerOutUpdates;
+            $peer['update']['bgpPeerOutUpdates']         = set_numeric($bgpPeerOutUpdates);
 
             dbUpdate($peer['update'], 'bgpPeers', '`device_id` = ? AND `bgpPeerIdentifier` = ?', array($device['device_id'], $peer['bgpPeerIdentifier']));
 

includes/polling/mempools.inc.php

@@ -41,11 +41,11 @@ foreach (dbFetchRows('SELECT * FROM mempools WHERE device_id = ?', array($device
                         );
 
     if (!empty($mempool['largestfree'])) {
-        $mempool['state']['mempool_largestfree'] = $mempool['largestfree'];
+        $mempool['state']['mempool_largestfree'] = set_numeric($mempool['largestfree']);
     }
 
     if (!empty($mempool['lowestfree'])) {
-        $mempool['state']['mempool_lowestfree'] = $mempool['lowestfree'];
+        $mempool['state']['mempool_lowestfree'] = set_numeric($mempool['lowestfree']);
     }
 
     dbUpdate($mempool['state'], 'mempools', '`mempool_id` = ?', array($mempool['mempool_id']));

includes/polling/ospf.inc.php

@@ -120,7 +120,7 @@ foreach ($vrfs_lite_cisco as $vrf_lite) {
                     // Loop the OIDs
                     if ($ospf_instance_db[$device['context_name']][$oid] != $ospf_instance_poll[$oid]) {
                         // If data has changed, build a query
-                        $ospf_instance_update[$oid] = $ospf_instance_poll[$oid];
+                        $ospf_instance_update[$oid] = set_numeric($ospf_instance_poll[$oid]);
                         // log_event("$oid -> ".$this_port[$oid], $device, 'ospf', $port['port_id']); // FIXME
                     }
                 }
@@ -252,7 +252,7 @@ foreach ($vrfs_lite_cisco as $vrf_lite) {
                     // Loop the OIDs
                     if ($ospf_port_db[$device['context_name']][$oid] != $ospf_port_poll[$oid]) {
                         // If data has changed, build a query
-                        $ospf_port_update[$oid] = $ospf_port_poll[$oid];
+                        $ospf_port_update[$oid] = set_numeric($ospf_port_poll[$oid]);
                         // log_event("$oid -> ".$this_port[$oid], $device, 'ospf', $port['port_id']); // FIXME
                     }
                 }
@@ -340,7 +340,7 @@ foreach ($vrfs_lite_cisco as $vrf_lite) {
 
                     if ($ospf_nbr_db[$device['context_name']][$oid] != $ospf_nbr_poll[$oid]) {
                         // If data has changed, build a query
-                        $ospf_nbr_update[$oid] = $ospf_nbr_poll[$oid];
+                        $ospf_nbr_update[$oid] = set_numeric($ospf_nbr_poll[$oid]);
                         // log_event("$oid -> ".$this_nbr[$oid], $device, 'ospf', $nbr['port_id']); // FIXME
                     }
                 }

includes/polling/ports.inc.php

@@ -548,7 +548,7 @@ foreach ($ports as $port) {
             }
 
             if ($config['slow_statistics'] == true) {
-                $port[$port_update][$oid]         = $this_port[$oid];
+                $port[$port_update][$oid]         = set_numeric($this_port[$oid]);
                 $port[$port_update][$oid.'_prev'] = $port[$oid];
             }
 
@@ -695,6 +695,7 @@ foreach ($ports as $port) {
             if (!isset($val_check)) {
                 unset($port['update'][$key]);
             }
+            $port['update'][$key] = set_numeric($val_check);
         }
 
         // Update Database

includes/services.inc.php

@@ -43,7 +43,7 @@ function add_service($device, $type, $desc, $ip = 'localhost', $param = "", $ign
         $ip = $device['hostname'];
     }
 
-    $insert = array('device_id' => $device['device_id'], 'service_ip' => $ip, 'service_type' => $type, 'service_changed' => array('UNIX_TIMESTAMP(NOW())'), 'service_desc' => $desc, 'service_param' => $param, 'service_ignore' => $ignore, 'service_status' => 3, 'service_message' => 'Service not yet checked');
+    $insert = array('device_id' => $device['device_id'], 'service_ip' => $ip, 'service_type' => $type, 'service_changed' => array('UNIX_TIMESTAMP(NOW())'), 'service_desc' => $desc, 'service_param' => $param, 'service_ignore' => $ignore, 'service_status' => 3, 'service_message' => 'Service not yet checked', 'service_ds' => '{}');
     return dbInsert($insert, 'services');
 }
 

poll-billing.php

@@ -91,7 +91,7 @@ function CollectData($bill_id)
             $port_data['out_delta'] = '0';
         }
 
-        $fields = array('timestamp' => $now, 'in_counter' => $port_data['in_measurement'], 'out_counter' => $port_data['out_measurement'], 'in_delta' => $port_data['in_delta'], 'out_delta' => $port_data['out_delta']);
+        $fields = array('timestamp' => $now, 'in_counter' => set_numeric($port_data['in_measurement']), 'out_counter' => set_numeric($port_data['out_measurement']), 'in_delta' => set_numeric($port_data['in_delta']), 'out_delta' => set_numeric($port_data['out_delta']));
         if (dbUpdate($fields, 'bill_port_counters', "`port_id`='" . mres($port_id) . "' AND `bill_id`='$bill_id'") == 0) {
             $fields['bill_id'] = $bill_id;
             $fields['port_id'] = $port_id;

sql-schema/154.sql

@@ -0,0 +1,2 @@
+ALTER TABLE `devices` CHANGE `ip` `ip` VARBINARY(16) NULL DEFAULT NULL;
+ALTER TABLE `alert_log` CHANGE `details` `details` LONGBLOB NULL DEFAULT NULL;