From ebd8fb0cf45c9185947b96d585c1724b70b4f4cf Mon Sep 17 00:00:00 2001
From: Tom Laermans <tom@localhost>
Date: Sat, 9 Jan 2010 18:28:02 +0000
Subject: [PATCH] authentication check on the map file now

git-svn-id: http://www.observium.org/svn/observer/trunk@641 61d68cd4-352d-0410-923a-c4978735b2b8
---
 html/map.php | 101 +++++++++++++++++++++++++++------------------------
 1 file changed, 54 insertions(+), 47 deletions(-)

diff --git a/html/map.php b/html/map.php
index e6064d2dba..e16bce4925 100755
--- a/html/map.php
+++ b/html/map.php
@@ -2,8 +2,8 @@
 
 include("../config.php");
 include("../includes/functions.php");
+include("includes/authenticate.inc");
 
-#FIXME no auth on thie file??
 if ($_GET['device']) { $where = "WHERE device_id = ".$_GET['device']; } else { $where = ""; }
 $deviceresult = mysql_query("SELECT * from devices $where");
 
@@ -17,71 +17,78 @@ if (preg_match("/^[a-z]*$/", $_GET['format']))
 
 ";
 
-  while ($device = mysql_fetch_array($deviceresult))
+  if(!$_SESSION['authenticated']) 
   {
-    if($device)
+    $map .= "\"Not authenticated\" [fontsize=20 fillcolor=\"lightblue\" URL=\"/\" shape=box3d]\n";
+  }
+  else
+  {
+    while ($device = mysql_fetch_array($deviceresult))
     {
-      $sql = "SELECT * from interfaces AS I, links AS L WHERE I.device_id = ".$device['device_id']." AND L.src_if = I.interface_id";
-      $links = mysql_query($sql);
-
-      if (mysql_num_rows($links))
+      if($device)
       {
-        $map .= "\"".$device['hostname']."\" [fontsize=20 fillcolor=\"lightblue\" URL=\"/device/".$device['device_id']."/map/\" shape=box3d]\n";
-      }
+        $sql = "SELECT * from interfaces AS I, links AS L WHERE I.device_id = ".$device['device_id']." AND L.src_if = I.interface_id";
+        $links = mysql_query($sql);
 
-      while($link = mysql_fetch_array($links)) 
-      {
-        $src_if = $link['src_if'];
-        $dst_if = $link['dst_if'];
-
-        $i = 0; $done = 0;
-        while ($i < count($linkdone)) 
+        if (mysql_num_rows($links))
         {
-          $thislink = "$dst_if $src_if";
-          if ($linkdone[$i] == $thislink) { $done = 1; }
-          $i++;
+          $map .= "\"".$device['hostname']."\" [fontsize=20 fillcolor=\"lightblue\" URL=\"/device/".$device['device_id']."/map/\" shape=box3d]\n";
         }
 
-        if(!$done) 
+        while($link = mysql_fetch_array($links)) 
         {
-          $linkdone[] = "$src_if $dst_if";
+          $src_if = $link['src_if'];
+          $dst_if = $link['dst_if'];
 
-          if($link['ifSpeed'] >= "10000000000") 
+          $i = 0; $done = 0;
+          while ($i < count($linkdone)) 
           {
-            $info = "color=lightred style=\"setlinewidth(8)\"";
-          } elseif ($link['ifSpeed'] >= "1000000000") {
-            $info = "color=lightblue style=\"setlinewidth(4)\"";
-          } elseif ($link['ifSpeed'] >= "100000000") {
-            $info = "color=lightgrey style=\"setlinewidth(2)\"";
-          } elseif ($link['ifSpeed'] >= "10000000") {
-            $info = "style=\"setlinewidth(1)\"";
-          } else {
-            $info = "style=\"setlinewidth(1)\"";
+            $thislink = "$dst_if $src_if";
+            if ($linkdone[$i] == $thislink) { $done = 1; }
+            $i++;
           }
 
-          $src = $device['hostname'];
-          $dst = mysql_result(mysql_query("SELECT `hostname` FROM `devices` AS D, `interfaces` AS I WHERE I.interface_id = '$dst_if'  AND D.device_id = I.device_id"),0);
-          $dst_host = mysql_result(mysql_query("SELECT D.device_id FROM `devices` AS D, `interfaces` AS I WHERE I.interface_id = '$dst_if'  AND D.device_id = I.device_id"),0);
+          if(!$done) 
+          {
+            $linkdone[] = "$src_if $dst_if";
 
-          $sif = ifNameDescr(mysql_fetch_array(mysql_query("SELECT * FROM interfaces WHERE `interface_id`=" . $link['src_if'])),$device);
-          $dif = ifNameDescr(mysql_fetch_array(mysql_query("SELECT * FROM interfaces WHERE `interface_id`=" . $link['dst_if'])));
+            if($link['ifSpeed'] >= "10000000000") 
+            {
+              $info = "color=lightred style=\"setlinewidth(8)\"";
+            } elseif ($link['ifSpeed'] >= "1000000000") {
+              $info = "color=lightblue style=\"setlinewidth(4)\"";
+            } elseif ($link['ifSpeed'] >= "100000000") {
+              $info = "color=lightgrey style=\"setlinewidth(2)\"";
+            } elseif ($link['ifSpeed'] >= "10000000") {
+              $info = "style=\"setlinewidth(1)\"";
+            } else {
+              $info = "style=\"setlinewidth(1)\"";
+            }
 
-          $map .= "\"" . $sif['interface_id'] . "\" [label=\"" . $sif['label'] . "\", fontsize=12, fillcolor=lightblue URL=\"/device/".$device['device_id']."/interface/$src_if/\"]\n";
-          $map .= "\"$src\" -> \"" . $sif['interface_id'] . "\" [weight=500000, arrowsize=0, len=0];\n";
+            $src = $device['hostname'];
+            $dst = mysql_result(mysql_query("SELECT `hostname` FROM `devices` AS D, `interfaces` AS I WHERE I.interface_id = '$dst_if'  AND D.device_id = I.device_id"),0);
+            $dst_host = mysql_result(mysql_query("SELECT D.device_id FROM `devices` AS D, `interfaces` AS I WHERE I.interface_id = '$dst_if'  AND D.device_id = I.device_id"),0);
 
-          $map .= "\"$dst\" [URL=\"/device/$dst_host/map/\" fontsize=20 shape=box3d]\n";
+            $sif = ifNameDescr(mysql_fetch_array(mysql_query("SELECT * FROM interfaces WHERE `interface_id`=" . $link['src_if'])),$device);
+            $dif = ifNameDescr(mysql_fetch_array(mysql_query("SELECT * FROM interfaces WHERE `interface_id`=" . $link['dst_if'])));
 
-          if($dst_host == $device['device_id']) {
-            $map .= "\"" . $dif['interface_id'] . "\" [label=\"" . $dif['label'] . "\", fontsize=12, fillcolor=lightblue, URL=\"/device/$dst_host/interface/$dst_if/\"]\n";
-          } else {
-            $map .= "\"" . $dif['interface_id'] . "\" [label=\"" . $dif['label'] . " \", fontsize=12, fillcolor=lightgray, URL=\"/device/$dst_host/interface/$dst_if/\"]\n";
+            $map .= "\"" . $sif['interface_id'] . "\" [label=\"" . $sif['label'] . "\", fontsize=12, fillcolor=lightblue URL=\"/device/".$device['device_id']."/interface/$src_if/\"]\n";
+            $map .= "\"$src\" -> \"" . $sif['interface_id'] . "\" [weight=500000, arrowsize=0, len=0];\n";
+
+            $map .= "\"$dst\" [URL=\"/device/$dst_host/map/\" fontsize=20 shape=box3d]\n";
+
+            if($dst_host == $device['device_id']) {
+              $map .= "\"" . $dif['interface_id'] . "\" [label=\"" . $dif['label'] . "\", fontsize=12, fillcolor=lightblue, URL=\"/device/$dst_host/interface/$dst_if/\"]\n";
+            } else {
+              $map .= "\"" . $dif['interface_id'] . "\" [label=\"" . $dif['label'] . " \", fontsize=12, fillcolor=lightgray, URL=\"/device/$dst_host/interface/$dst_if/\"]\n";
+            }
+
+            $map .= "\"" . $dif['interface_id'] . "\" -> \"$dst\" [weight=500000, arrowsize=0, len=0];\n";
+            $map .= "\"" . $sif['interface_id'] . "\" -> \"" . $dif['interface_id'] . "\" [weight=1, arrowhead=normal, arrowtail=normal, len=2, $info] \n";
           }
-
-          $map .= "\"" . $dif['interface_id'] . "\" -> \"$dst\" [weight=500000, arrowsize=0, len=0];\n";
-          $map .= "\"" . $sif['interface_id'] . "\" -> \"" . $dif['interface_id'] . "\" [weight=1, arrowhead=normal, arrowtail=normal, len=2, $info] \n";
         }
+        $done = 0;
       }
-      $done = 0;
     }
   }