mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Remove legacy auth usage of $_SESSION (#10491)

Browse Source 
* Remove auth use of $_SESSION

Will break plugins that depend on $_SESSION, Weathermap was already fixed.
Port them to use Auth::check()/Auth::user()/Auth:id()

* revert accidental replacement
This commit is contained in:
Tony Murray
2019-08-05 14:16:05 -05:00
committed by GitHub
parent f2163edcd8
commit e99f421511
185 changed files with 342 additions and 781 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
includes/html/pages/front/default.php
View File

@@ -1,6 +1,5 @@
<?php
use LibreNMS\Authentication\LegacyAuth;
use LibreNMS\Config;
require_once 'includes/html/object-cache.inc.php';
@@ -35,10 +34,10 @@ echo '<div class="status-boxes">';
$count_boxes = 0;
// Device down boxes
if (LegacyAuth::user()->hasGlobalRead()) {
if (Auth::user()->hasGlobalRead()) {
$sql = "SELECT * FROM `devices` WHERE `status` = '0' AND `ignore` = '0' LIMIT " . Config::get('front_page_down_box_limit');
} else {
$sql = "SELECT * FROM `devices` AS D, devices_perms AS P WHERE D.device_id = P.device_id AND P.user_id = '" . LegacyAuth::id() . "' AND D.status = '0' AND D.ignore = '0' LIMIT" . Config::get('front_page_down_box_limit');
$sql = "SELECT * FROM `devices` AS D, devices_perms AS P WHERE D.device_id = P.device_id AND P.user_id = '" . Auth::id() . "' AND D.status = '0' AND D.ignore = '0' LIMIT" . Config::get('front_page_down_box_limit');
}
foreach (dbFetchRows($sql) as $device) {
@@ -51,10 +50,10 @@ foreach (dbFetchRows($sql) as $device) {
++$count_boxes;
}
if (LegacyAuth::user()->hasGlobalRead()) {
if (Auth::user()->hasGlobalRead()) {
$sql = "SELECT * FROM `ports` AS I, `devices` AS D WHERE I.device_id = D.device_id AND ifOperStatus = 'down' AND ifAdminStatus = 'up' AND D.ignore = '0' AND I.ignore = '0' AND `D`.`status` = '1' LIMIT " . Config::get('front_page_down_box_limit');
} else {
$sql = "SELECT * FROM `ports` AS I, `devices` AS D, devices_perms AS P WHERE D.device_id = P.device_id AND P.user_id = '" . LegacyAuth::id() . "' AND I.device_id = D.device_id AND ifOperStatus = 'down' AND ifAdminStatus = 'up' AND D.ignore = '0' AND I.ignore = '0' AND `D`.`status` = '1' LIMIT " . Config::get('front_page_down_box_limit');
$sql = "SELECT * FROM `ports` AS I, `devices` AS D, devices_perms AS P WHERE D.device_id = P.device_id AND P.user_id = '" . Auth::id() . "' AND I.device_id = D.device_id AND ifOperStatus = 'down' AND ifAdminStatus = 'up' AND D.ignore = '0' AND I.ignore = '0' AND `D`.`status` = '1' LIMIT " . Config::get('front_page_down_box_limit');
}
// These things need to become more generic, and more manageable across different frontpages... rewrite inc :>
@@ -79,12 +78,12 @@ if (Config::get('warn.ifdown')) {
/*
FIXME service permissions? seem nonexisting now.. */
// Service down boxes
if (LegacyAuth::user()->hasGlobalRead()) {
if (Auth::user()->hasGlobalRead()) {
$sql = "SELECT * FROM `services` AS S, `devices` AS D WHERE S.device_id = D.device_id AND service_status = '2' AND D.ignore = '0' AND S.service_ignore = '0' LIMIT " . Config::get('front_page_down_box_limit');
$param[] = '';
} else {
$sql = "SELECT * FROM services AS S, devices AS D, devices_perms AS P WHERE P.`user_id` = ? AND P.`device_id` = D.`device_id` AND S.`device_id` = D.`device_id` AND S.`service_ignore` = '0' AND S.`service_disabled` = '0' AND S.`service_status` = '2' LIMIT " . Config::get('front_page_down_box_limit');
$param[] = LegacyAuth::id();
$param[] = Auth::id();
}
foreach (dbFetchRows($sql, $param) as $service) {
@@ -100,10 +99,10 @@ foreach (dbFetchRows($sql, $param) as $service) {
// BGP neighbour down boxes
if (Config::get('enable_bgp')) {
if (LegacyAuth::user()->hasGlobalRead()) {
if (Auth::user()->hasGlobalRead()) {
$sql = "SELECT * FROM `devices` AS D, bgpPeers AS B WHERE bgpPeerAdminStatus != 'start' AND bgpPeerState != 'established' AND bgpPeerState != '' AND B.device_id = D.device_id AND D.ignore = 0 AND `D`.`status` = '1' LIMIT " . Config::get('front_page_down_box_limit');
} else {
$sql = "SELECT * FROM `devices` AS D, bgpPeers AS B, devices_perms AS P WHERE D.device_id = P.device_id AND P.user_id = '" . LegacyAuth::id() . "' AND bgpPeerAdminStatus != 'start' AND bgpPeerState != 'established' AND bgpPeerState != '' AND B.device_id = D.device_id AND D.ignore = 0 AND `D`.`status` = '1' LIMIT " . Config::get('front_page_down_box_limit');
$sql = "SELECT * FROM `devices` AS D, bgpPeers AS B, devices_perms AS P WHERE D.device_id = P.device_id AND P.user_id = '" . Auth::id() . "' AND bgpPeerAdminStatus != 'start' AND bgpPeerState != 'established' AND bgpPeerState != '' AND B.device_id = D.device_id AND D.ignore = 0 AND `D`.`status` = '1' LIMIT " . Config::get('front_page_down_box_limit');
}
foreach (dbFetchRows($sql) as $peer) {
@@ -120,10 +119,10 @@ if (Config::get('enable_bgp')) {
// Device rebooted boxes
if (filter_var(Config::get('uptime_warning'), FILTER_VALIDATE_FLOAT) !== false && Config::get('uptime_warning') > 0 && !Config::get("os.{$device['os']}.bad_uptime")) {
if (LegacyAuth::user()->hasGlobalRead()) {
if (Auth::user()->hasGlobalRead()) {
$sql = "SELECT * FROM `devices` AS D WHERE D.status = '1' AND D.uptime > 0 AND D.uptime < '" . Config::get('uptime_warning') . "' AND D.ignore = 0 LIMIT " . Config::get('front_page_down_box_limit');
} else {
$sql = "SELECT * FROM `devices` AS D, devices_perms AS P WHERE D.device_id = P.device_id AND P.user_id = '" . LegacyAuth::id() . "' AND D.status = '1' AND D.uptime > 0 AND D.uptime < '" . Config::get('uptime_warning') . "' AND D.ignore = 0 LIMIT " . Config::get('front_page_down_box_limit');
$sql = "SELECT * FROM `devices` AS D, devices_perms AS P WHERE D.device_id = P.device_id AND P.user_id = '" . Auth::id() . "' AND D.status = '1' AND D.uptime > 0 AND D.uptime < '" . Config::get('uptime_warning') . "' AND D.ignore = 0 LIMIT " . Config::get('front_page_down_box_limit');
}
foreach (dbFetchRows($sql) as $device) {
@@ -199,12 +198,12 @@ if (Config::get('enable_syslog')) {
echo '</div>';
echo '</div>';
} else {
if (LegacyAuth::user()->hasGlobalRead()) {
if (Auth::user()->hasGlobalRead()) {
$query = "SELECT *,DATE_FORMAT(datetime, '" . Config::get('dateformat.mysql.compact') . "') as humandate FROM `eventlog` ORDER BY `datetime` DESC LIMIT 0,15";
$alertquery = 'SELECT devices.device_id,name,state,time_logged FROM alert_log LEFT JOIN devices ON alert_log.device_id=devices.device_id LEFT JOIN alert_rules ON alert_log.rule_id=alert_rules.id ORDER BY `time_logged` DESC LIMIT 0,15';
} else {
$query = "SELECT *,DATE_FORMAT(datetime, '" . Config::get('dateformat.mysql.compact') . "') as humandate FROM `eventlog` AS E, devices_perms AS P WHERE E.host = P.device_id AND P.user_id = " . LegacyAuth::id() . ' ORDER BY `datetime` DESC LIMIT 0,15';
$alertquery = 'SELECT devices.device_id,name,state,time_logged FROM alert_log LEFT JOIN devices ON alert_log.device_id=devices.device_id LEFT JOIN alert_rules ON alert_log.rule_id=alert_rules.id RIGHT JOIN devices_perms ON alert_log.device_id = devices_perms.device_id AND devices_perms.user_id = ' . LegacyAuth::id() . ' ORDER BY `time_logged` DESC LIMIT 0,15';
$query = "SELECT *,DATE_FORMAT(datetime, '" . Config::get('dateformat.mysql.compact') . "') as humandate FROM `eventlog` AS E, devices_perms AS P WHERE E.host = P.device_id AND P.user_id = " . Auth::id() . ' ORDER BY `datetime` DESC LIMIT 0,15';
$alertquery = 'SELECT devices.device_id,name,state,time_logged FROM alert_log LEFT JOIN devices ON alert_log.device_id=devices.device_id LEFT JOIN alert_rules ON alert_log.rule_id=alert_rules.id RIGHT JOIN devices_perms ON alert_log.device_id = devices_perms.device_id AND devices_perms.user_id = ' . Auth::id() . ' ORDER BY `time_logged` DESC LIMIT 0,15';
}
echo '<div class="container-fluid">