mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Remove legacy auth usage of $_SESSION (#10491)

Browse Source 
* Remove auth use of $_SESSION

Will break plugins that depend on $_SESSION, Weathermap was already fixed.
Port them to use Auth::check()/Auth::user()/Auth:id()

* revert accidental replacement
This commit is contained in:
Tony Murray
2019-08-05 14:16:05 -05:00
committed by GitHub
parent f2163edcd8
commit e99f421511
185 changed files with 342 additions and 781 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
includes/html/forms/update-dashboard-config.inc.php
View File

@@ -1,10 +1,8 @@
<?php
use LibreNMS\Authentication\LegacyAuth;
header('Content-type: application/json');
if (!LegacyAuth::check()) {
if (!Auth::check()) {
$response = array(
'status' => 'error',
'message' => 'Unauthenticated',
@@ -22,7 +20,7 @@ $widget_id = $vars['widget_id'];
$dasboard_id = $vars['dashboard_id'];
if ($sub_type == 'remove' && is_numeric($widget_id)) {
if (dbFetchCell('select 1 from dashboards where (user_id = ? || access = 2) && dashboard_id = ?', array(LegacyAuth::id(),$dasboard_id)) == 1) {
if (dbFetchCell('select 1 from dashboards where (user_id = ? || access = 2) && dashboard_id = ?', array(Auth::id(),$dasboard_id)) == 1) {
if ($widget_id == 0 || dbDelete('users_widgets', '`user_widget_id`=? AND `dashboard_id`=?', array($widget_id,$dasboard_id))) {
$status = 'ok';
$message = 'Widget ' . $widget_id . ' removed';
@@ -32,7 +30,7 @@ if ($sub_type == 'remove' && is_numeric($widget_id)) {
$message = 'ERROR: You don\'t have write access.';
}
} elseif ($sub_type == 'remove-all') {
if (dbFetchCell('select 1 from dashboards where (user_id = ? || access = 2) && dashboard_id = ?', array(LegacyAuth::id(),$dasboard_id)) == 1) {
if (dbFetchCell('select 1 from dashboards where (user_id = ? || access = 2) && dashboard_id = ?', array(Auth::id(),$dasboard_id)) == 1) {
if (dbDelete('users_widgets', '`dashboard_id`=?', array($dasboard_id))) {
$status = 'ok';
$message = 'All widgets removed';
@@ -42,11 +40,11 @@ if ($sub_type == 'remove' && is_numeric($widget_id)) {
$message = 'ERROR: You don\'t have write access.';
}
} elseif ($sub_type == 'add' && is_numeric($widget_id)) {
if (dbFetchCell('select 1 from dashboards where (user_id = ? || access = 2) && dashboard_id = ?', array(LegacyAuth::id(),$dasboard_id)) == 1) {
if (dbFetchCell('select 1 from dashboards where (user_id = ? || access = 2) && dashboard_id = ?', array(Auth::id(),$dasboard_id)) == 1) {
$widget = dbFetchRow('SELECT * FROM `widgets` WHERE `widget_id`=?', array($widget_id));
if (is_array($widget)) {
list($x,$y) = explode(',', $widget['base_dimensions']);
$item_id = dbInsert(array('user_id'=>LegacyAuth::id(),'widget_id'=>$widget_id, 'col'=>1,'row'=>1,'refresh'=>60,'title'=>$widget['widget_title'],'size_x'=>$x,'size_y'=>$y,'settings'=>'','dashboard_id'=>$dasboard_id), 'users_widgets');
$item_id = dbInsert(array('user_id'=>Auth::id(),'widget_id'=>$widget_id, 'col'=>1,'row'=>1,'refresh'=>60,'title'=>$widget['widget_title'],'size_x'=>$x,'size_y'=>$y,'settings'=>'','dashboard_id'=>$dasboard_id), 'users_widgets');
if (is_numeric($item_id)) {
$extra = array('user_widget_id'=>$item_id,'widget_id'=>$item_id,'title'=>$widget['widget_title'],'widget'=>$widget['widget'],'refresh'=>60,'size_x'=>$x,'size_y'=>$y);
$status = 'ok';
@@ -58,7 +56,7 @@ if ($sub_type == 'remove' && is_numeric($widget_id)) {
$message = 'ERROR: You don\'t have write access.';
}
} else {
if (dbFetchCell('select 1 from dashboards where (user_id = ? || access = 2) && dashboard_id = ?', array(LegacyAuth::id(),$dasboard_id)) == 1) {
if (dbFetchCell('select 1 from dashboards where (user_id = ? || access = 2) && dashboard_id = ?', array(Auth::id(),$dasboard_id)) == 1) {
$status = 'ok';
$message = 'Widgets updated';
foreach ($data as $line) {