mirror of
https://github.com/librenms/librenms.git
synced 2024-10-07 16:52:45 +00:00
36431dd296
* Security fix: unauthorized access Affects nginx users: Moved php files outside of public html directory (Apache was protected by .htaccess) Affects all users: Some files did not check for authentication and could disclose some info. Better checks before including files from user input * git mv html/includes/ includes/html git mv html/pages/ includes/html/
175 lines
6.7 KiB
PHP
175 lines
6.7 KiB
PHP
<?php
|
|
|
|
use LibreNMS\Authentication\LegacyAuth;
|
|
|
|
// Calculate filters
|
|
$prev = !empty($vars['period']) && ($vars['period'] == 'prev');
|
|
$wheres = array();
|
|
$param = array();
|
|
if (isset($searchPhrase) && !empty($searchPhrase)) {
|
|
$wheres[] = 'bills.bill_name LIKE ?';
|
|
$param[] = "%$searchPhrase%";
|
|
}
|
|
if (!empty($vars['bill_type'])) {
|
|
if ($prev) {
|
|
$wheres[] = 'bill_history.bill_type = ?';
|
|
} else {
|
|
$wheres[] = 'bill_type = ?';
|
|
}
|
|
$param[] = $vars['bill_type'];
|
|
}
|
|
if (!empty($vars['state'])) {
|
|
if ($vars['state'] === 'under') {
|
|
if ($prev) {
|
|
$wheres[] = "((bill_history.bill_type = 'cdr' AND bill_history.rate_95th <= bill_history.bill_allowed) OR (bill_history.bill_type = 'quota' AND bill_history.traf_total <= bill_history.bill_allowed))";
|
|
} else {
|
|
$wheres[] = "((bill_type = 'cdr' AND rate_95th <= bill_cdr) OR (bill_type = 'quota' AND total_data <= bill_quota))";
|
|
}
|
|
} elseif ($vars['state'] === 'over') {
|
|
if ($prev) {
|
|
$wheres[] = "((bill_history.bill_type = 'cdr' AND bill_history.rate_95th > bill_history.bill_allowed) OR (bill_history.bill_type = 'quota' AND bill_history.traf_total > bill_allowed))";
|
|
} else {
|
|
$wheres[] = "((bill_type = 'cdr' AND rate_95th > bill_cdr) OR (bill_type = 'quota' AND total_data > bill_quota))";
|
|
}
|
|
}
|
|
}
|
|
|
|
if ($prev) {
|
|
$select = "SELECT bills.bill_name, bills.bill_notes, bill_history.*, bill_history.traf_total as total_data, bill_history.traf_in as total_data_in, bill_history.traf_out as total_data_out ";
|
|
$query = 'FROM `bills`
|
|
INNER JOIN (SELECT bill_id, MAX(bill_hist_id) AS bill_hist_id FROM bill_history WHERE bill_dateto < NOW() AND bill_dateto > subdate(NOW(), 40) GROUP BY bill_id) qLastBills ON bills.bill_id = qLastBills.bill_id
|
|
INNER JOIN bill_history ON qLastBills.bill_hist_id = bill_history.bill_hist_id
|
|
';
|
|
} else {
|
|
$select = "SELECT bills.*,
|
|
IF(bills.bill_type = 'CDR', bill_cdr, bill_quota) AS bill_allowed
|
|
";
|
|
$query = "FROM `bills`\n";
|
|
}
|
|
|
|
// Permissions check
|
|
if (!LegacyAuth::user()->hasGlobalRead()) {
|
|
$query .= ' INNER JOIN `bill_perms` AS `BP` ON `bills`.`bill_id` = `BP`.`bill_id` ';
|
|
$wheres[] = '`BP`.`user_id`=?';
|
|
$param[] = LegacyAuth::id();
|
|
}
|
|
|
|
if (sizeof($wheres) > 0) {
|
|
$query .= "WHERE " . implode(' AND ', $wheres) . "\n";
|
|
}
|
|
$orderby = "ORDER BY bills.bill_name";
|
|
|
|
$total = dbFetchCell("SELECT COUNT(bills.bill_id) $query", $param);
|
|
|
|
$sql = "$select
|
|
$query";
|
|
|
|
if (!isset($sort) || empty($sort)) {
|
|
$sort = 'bills.bill_name';
|
|
}
|
|
|
|
$sql .= "\nORDER BY $sort";
|
|
|
|
if (isset($current)) {
|
|
$limit_low = (($current * $rowCount) - ($rowCount));
|
|
$limit_high = $rowCount;
|
|
}
|
|
|
|
if ($rowCount != -1) {
|
|
$sql .= " LIMIT $limit_low,$limit_high";
|
|
}
|
|
|
|
foreach (dbFetchRows($sql, $param) as $bill) {
|
|
if ($prev) {
|
|
$datefrom = $bill['bill_datefrom'];
|
|
$dateto = $bill['bill_dateto'];
|
|
} else {
|
|
$day_data = getDates($bill['bill_day']);
|
|
$datefrom = $day_data['0'];
|
|
$dateto = $day_data['1'];
|
|
}
|
|
$rate_95th = format_si($bill['rate_95th']) . 'bps';
|
|
$dir_95th = $bill['dir_95th'];
|
|
$total_data = format_bytes_billing($bill['total_data']);
|
|
$rate_average = $bill['rate_average'];
|
|
$url = generate_url(array('page' => 'bill', 'bill_id' => $bill['bill_id']));
|
|
$used95th = format_si($bill['rate_95th']).'bps';
|
|
$notes = $bill['bill_notes'];
|
|
|
|
if ($prev) {
|
|
$percent = $bill['bill_percent'];
|
|
$overuse = $bill['bill_overuse'];
|
|
} else {
|
|
}
|
|
|
|
if (strtolower($bill['bill_type']) == 'cdr') {
|
|
$type = 'CDR';
|
|
$allowed = format_si($bill['bill_allowed']).'bps';
|
|
$in = format_si($bill['rate_95th_in']).'bps';
|
|
$out = format_si($bill['rate_95th_out']).'bps';
|
|
if (!$prev) {
|
|
$percent = round((($bill['rate_95th'] / $bill['bill_allowed']) * 100), 2);
|
|
$overuse = ($bill['rate_95th'] - $bill['bill_allowed']);
|
|
}
|
|
|
|
$overuse_formatted = format_si($overuse).'bps';
|
|
$used = $rate_95th;
|
|
$tmp_used = $bill['rate_95th'];
|
|
$rate_95th = "<b>$rate_95th</b>";
|
|
} elseif (strtolower($bill['bill_type']) == 'quota') {
|
|
$type = 'Quota';
|
|
$allowed = format_bytes_billing($bill['bill_allowed']);
|
|
if (!empty($prev)) {
|
|
$in = format_bytes_billing($bill['traf_in']);
|
|
$out = format_bytes_billing($bill['traf_out']);
|
|
} else {
|
|
$in = format_bytes_billing($bill['total_data_in']);
|
|
$out = format_bytes_billing($bill['total_data_out']);
|
|
}
|
|
if (!$prev) {
|
|
$percent = round((($bill['total_data'] / ($bill['bill_allowed'])) * 100), 2);
|
|
$overuse = ($bill['total_data'] - $bill['bill_allowed']);
|
|
}
|
|
|
|
$overuse_formatted = format_bytes_billing($overuse);
|
|
$used = $total_data;
|
|
$tmp_used = $bill['total_data'];
|
|
$total_data = "<b>$total_data</b>";
|
|
}
|
|
|
|
$background = get_percentage_colours($percent);
|
|
$right_background = $background['right'];
|
|
$left_background = $background['left'];
|
|
$overuse_formatted = (($overuse <= 0) ? '-' : "<span style='color: #${background['left']}; font-weight: bold;'>$overuse_formatted</span>");
|
|
|
|
$bill_name = "<a href='$url'><span style='font-weight: bold;' class='interface'>${bill['bill_name']}</span></a><br />" .
|
|
strftime('%F', strtotime($datefrom)) . " to " . strftime('%F', strtotime($dateto));
|
|
$bar = print_percentage_bar(250, 20, $percent, null, 'ffffff', $background['left'], $percent.'%', 'ffffff', $background['right']);
|
|
$actions = "";
|
|
|
|
if (!$prev && LegacyAuth::user()->hasGlobalAdmin()) {
|
|
$actions .= "<a href='" . generate_url(array('page' => 'bill', 'bill_id' => $bill['bill_id'], 'view' => 'edit')) .
|
|
"'><i class='fa fa-pencil fa-lg icon-theme' title='Edit' aria-hidden='true'></i> Edit</a> ";
|
|
}
|
|
$predicted = format_bytes_billing(getPredictedUsage($bill['bill_day'], $tmp_used));
|
|
|
|
$response[] = array(
|
|
'bill_name' => $bill_name,
|
|
'notes' => $notes,
|
|
'bill_type' => $type,
|
|
'bill_allowed' => $allowed,
|
|
'total_data_in' => $in,
|
|
'total_data_out'=> $out,
|
|
'total_data' => $total_data,
|
|
'rate_95th' => $rate_95th,
|
|
'used' => $used,
|
|
'overusage' => $overuse_formatted,
|
|
'predicted' => $predicted,
|
|
'graph' => $bar,
|
|
'actions' => $actions
|
|
);
|
|
}
|
|
|
|
$output = array('current' => $current, 'rowCount' => $rowCount, 'rows' => $response, 'total' => $total);
|
|
echo _json_encode($output);
|