mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
librenms-librenms/html/ajax_search.php
Jellyfrog b765b250c9 Fix sql query syntax error (#12248)
2020-10-21 23:15:47 +02:00

360 lines
17 KiB
PHP
Raw Blame History

<?php
$init_modules = ['web', 'auth'];
require realpath(__DIR__ . '/..') . '/includes/init.php';
if (! Auth::check()) {
exit('Unauthorized');
}
set_debug($_REQUEST['debug']);
$device = [];
$ports = [];
$bgp = [];
$limit = (int) \LibreNMS\Config::get('webui.global_search_result_limit');
if (isset($_REQUEST['search'])) {
$search = mres($_REQUEST['search']);
header('Content-type: application/json');
if (strlen($search) > 0) {
$found = 0;
if (! Auth::user()->hasGlobalRead()) {
$device_ids = Permissions::devicesForUser()->toArray() ?: [0];
$perms_sql = '`D`.`device_id` IN ' . dbGenPlaceholders(count($device_ids)) . ' AND ';
} else {
$device_ids = [];
$perms_sql = '';
}
if ($_REQUEST['type'] == 'group') {
foreach (dbFetchRows('SELECT id,name FROM device_groups WHERE name LIKE ?', ["%$search%"]) as $group) {
if ($_REQUEST['map']) {
$results[] = [
'name' => 'g:' . $group['name'],
'group_id' => $group['id'],
];
} else {
$results[] = ['name' => $group['name']];
}
}
exit(json_encode($results));
} elseif ($_REQUEST['type'] == 'alert-rules') {
foreach (dbFetchRows('SELECT name FROM alert_rules WHERE name LIKE ?', ["%$search%"]) as $rules) {
$results[] = ['name' => $rules['name']];
}
exit(json_encode($results));
} elseif ($_REQUEST['type'] == 'device') {
// Device search
$query = 'SELECT *, `D`.`device_id` AS `device_id` FROM `devices` as `D`
LEFT JOIN `locations` AS `L` ON `L`.`id` = `D`.`location_id`';
// user depending limitation
if (! Auth::user()->hasGlobalRead()) {
$query_args_list = $device_ids;
$query_filter = $perms_sql;
} else {
$query_args_list = [];
$query_filter = '';
}
// search filter
$query_filter .= '(`D`.`hostname` LIKE ?
OR `L`.`location` LIKE ?
OR `D`.`sysName` LIKE ?
OR `D`.`purpose` LIKE ?
OR `D`.`notes` LIKE ?';
$query_args_list = array_merge($query_args_list, ["%$search%", "%$search%", "%$search%",
"%$search%", "%$search%", ]);
if (\LibreNMS\Util\IPv4::isValid($search, false)) {
$query .= ' LEFT JOIN `ports` AS `P` ON `P`.`device_id` = `D`.`device_id`
LEFT JOIN `ipv4_addresses` AS `V4` ON `V4`.`port_id` = `P`.`port_id`';
$query_filter .= ' OR `V4`.`ipv4_address` LIKE ?
OR `D`.`overwrite_ip` LIKE ?
OR `D`.`ip` = ? ';
$query_args_list = array_merge($query_args_list, ["%$search%", "%$search%", inet_pton($search)]);
} elseif (\LibreNMS\Util\IPv6::isValid($search, false)) {
$query .= ' LEFT JOIN `ports` AS `P` ON `P`.`device_id` = `D`.`device_id`
LEFT JOIN `ipv6_addresses` AS `V6` ON `V6`.`port_id` = `P`.`port_id`';
$query_filter .= ' OR `V6`.`ipv6_address` LIKE ?
OR `D`.`overwrite_ip` LIKE ?
OR `D`.`ip` = ? ';
$query_args_list = array_merge($query_args_list, ["%$search%", "%$search%", inet_pton($search)]);
} elseif (ctype_xdigit($mac_search = str_replace([':', '-', '.'], '', $search))) {
$query .= ' LEFT JOIN `ports` as `M` on `M`.`device_id` = `D`.`device_id`';
$query_filter .= ' OR `M`.`ifPhysAddress` LIKE ? ';
$query_args_list[] = "%$mac_search%";
}
$query_filter .= ')';
// result limitation
$query_args_list[] = $limit;
$results = dbFetchRows($query .
' WHERE ' . $query_filter .
' GROUP BY `D`.`hostname`
ORDER BY `D`.`hostname` LIMIT ?', $query_args_list);
if (count($results)) {
$found = 1;
$devices = count($results);
foreach ($results as $result) {
$name = $result['hostname'];
if ($_REQUEST['map'] != 1 && $result['sysName'] != $name && ! empty($result['sysName'])) {
$name .= ' (' . $result['sysName'] . ') ';
}
if ($result['disabled'] == 1) {
$highlight_colour = '#808080';
} elseif ($result['ignored'] == 1 && $result['disabled'] == 0) {
$highlight_colour = '#000000';
} elseif ($result['status'] == 0 && $result['ignore'] == 0 && $result['disabled'] == 0) {
$highlight_colour = '#ff0000';
} elseif ($result['status'] == 1 && $result['ignore'] == 0 && $result['disabled'] == 0) {
$highlight_colour = '#008000';
}
$num_ports = dbFetchCell('SELECT COUNT(*) FROM `ports` AS `I`, `devices` AS `D` WHERE ' . $perms_sql . ' `I`.`device_id` = `D`.`device_id` AND `I`.`ignore` = 0 AND `I`.`deleted` = 0 AND `D`.`device_id` = ?', array_merge($device_ids, [$result['device_id']]));
$device[] = [
'name' => $name,
'device_id' => $result['device_id'],
'url' => generate_device_url($result),
'colours' => $highlight_colour,
'device_ports' => $num_ports,
'device_image' => getIcon($result),
'device_hardware' => $result['hardware'],
'device_os' => \LibreNMS\Config::getOsSetting($result['os'], 'text'),
'version' => $result['version'],
'location' => $result['location'],
];
}//end foreach
}//end if
$json = json_encode($device);
exit($json);
} elseif ($_REQUEST['type'] == 'ports') {
// Search ports
if (Auth::user()->hasGlobalRead()) {
$results = dbFetchRows(
'SELECT `ports`.*,`devices`.* FROM `ports` LEFT JOIN `devices` ON `ports`.`device_id` = `devices`.`device_id` WHERE `ifAlias` LIKE ? OR `ifDescr` LIKE ? OR `ifName` LIKE ? ORDER BY ifDescr LIMIT ?',
["%$search%", "%$search%", "%$search%", $limit]
);
} else {
$results = dbFetchRows(
"SELECT DISTINCT(`I`.`port_id`), `I`.*, `D`.`hostname` FROM `ports` AS `I`, `devices` AS `D` WHERE $perms_sql `D`.`device_id` = `I`.`device_id` AND (`ifAlias` LIKE ? OR `ifDescr` LIKE ? OR `ifName` LIKE ?) ORDER BY ifDescr LIMIT ?",
array_merge($device_ids, ["%$search%", "%$search%", "%$search%", $limit])
);
}
if (count($results)) {
$found = 1;
foreach ($results as $result) {
$name = $result['ifDescr'] == $result['ifAlias'] ? $result['ifName'] : $result['ifDescr'];
$description = display($result['ifAlias']);
if ($result['deleted'] == 0 && ($result['ignore'] == 0 || $result['ignore'] == 0) && ($result['ifInErrors_delta'] > 0 || $result['ifOutErrors_delta'] > 0)) {
// Errored ports
$port_colour = '#ffa500';
} elseif ($result['deleted'] == 0 && ($result['ignore'] == 1 || $result['ignore'] == 1)) {
// Ignored ports
$port_colour = '#000000';
} elseif ($result['deleted'] == 0 && $result['ifAdminStatus'] == 'down' && $result['ignore'] == 0 && $result['ignore'] == 0) {
// Shutdown ports
$port_colour = '#808080';
} elseif ($result['deleted'] == 0 && $result['ifOperStatus'] == 'down' && $result['ifAdminStatus'] == 'up' && $result['ignore'] == 0 && $result['ignore'] == 0) {
// Down ports
$port_colour = '#ff0000';
} elseif ($result['deleted'] == 0 && $result['ifOperStatus'] == 'up' && $result['ignore'] == 0 && $result['ignore'] == 0) {
// Up ports
$port_colour = '#008000';
}//end if
$ports[] = [
'count' => count($results),
'url' => generate_port_url($result),
'name' => $name,
'description' => $description,
'colours' => $port_colour,
'hostname' => format_hostname($result),
'port_id' => $result['port_id'],
];
}//end foreach
}//end if
$json = json_encode($ports);
exit($json);
} elseif ($_REQUEST['type'] == 'bgp') {
// Search bgp peers
$results = dbFetchRows(
"SELECT `bgpPeers`.*,`D`.* FROM `bgpPeers`, `devices` AS `D` WHERE $perms_sql `bgpPeers`.`device_id`=`D`.`device_id` AND (`astext` LIKE ? OR `bgpPeerIdentifier` LIKE ? OR `bgpPeerRemoteAs` LIKE ?) ORDER BY `astext` LIMIT ?",
array_merge($device_ids, ["%$search%", "%$search%", "%$search%", $limit])
);
if (count($results)) {
$found = 1;
foreach ($results as $result) {
$name = $result['bgpPeerIdentifier'];
$description = $result['astext'];
$remoteas = $result['bgpPeerRemoteAs'];
$localas = $result['bgpLocalAs'];
if ($result['bgpPeerAdminStatus'] == 'start' && $result['bgpPeerState'] != 'established') {
// Session active but errored
$port_colour = '#ffa500';
} elseif ($result['bgpPeerAdminStatus'] != 'start') {
// Session inactive
$port_colour = '#000000';
} elseif ($result['bgpPeerAdminStatus'] == 'start' && $result['bgpPeerState'] == 'established') {
// Session Up
$port_colour = '#008000';
}
if ($result['bgpPeerRemoteAs'] == $result['bgpLocalAs']) {
$bgp_image = 'fa fa-square fa-lg icon-theme';
} else {
$bgp_image = 'fa fa-external-link-square fa-lg icon-theme';
}
$bgp[] = [
'count' => count($results),
'url' => generate_peer_url($result),
'name' => $name,
'description' => $description,
'localas' => $localas,
'bgp_image' => $bgp_image,
'remoteas' => $remoteas,
'colours' => $port_colour,
'hostname' => format_hostname($result),
];
}//end foreach
}//end if
$json = json_encode($bgp);
exit($json);
} elseif ($_REQUEST['type'] == 'applications') {
// Device search
$results = dbFetchRows(
"SELECT * FROM `applications` INNER JOIN `devices` AS `D` ON `D`.`device_id` = `applications`.`device_id` WHERE $perms_sql (`app_type` LIKE ? OR `hostname` LIKE ?) ORDER BY hostname LIMIT ?",
array_merge($device_ids, ["%$search%", "%$search%", $limit])
);
if (count($results)) {
$found = 1;
$devices = count($results);
foreach ($results as $result) {
$name = $result['app_type'];
if ($result['disabled'] == 1) {
$highlight_colour = '#808080';
} elseif ($result['ignored'] == 1 && $result['disabled'] == 0) {
$highlight_colour = '#000000';
} elseif ($result['status'] == 0 && $result['ignore'] == 0 && $result['disabled'] == 0) {
$highlight_colour = '#ff0000';
} elseif ($result['status'] == 1 && $result['ignore'] == 0 && $result['disabled'] == 0) {
$highlight_colour = '#008000';
}
$device[] = [
'name' => $name,
'hostname' => format_hostname($result),
'app_id' => $result['app_id'],
'device_id' => $result['device_id'],
'colours' => $highlight_colour,
'device_image' => getIcon($result),
'device_hardware' => $result['hardware'],
'device_os' => \LibreNMS\Config::getOsSetting($result['os'], 'text'),
'version' => $result['version'],
'location' => $result['location'],
];
}//end foreach
}//end if
$json = json_encode($device);
exit($json);
} elseif ($_REQUEST['type'] == 'munin') {
// Device search
$results = dbFetchRows(
"SELECT * FROM `munin_plugins` INNER JOIN `devices` AS `D` ON `D`.`device_id` = `munin_plugins`.`device_id` WHERE $perms_sql (`mplug_type` LIKE ? OR `mplug_title` LIKE ? OR `hostname` LIKE ?) ORDER BY hostname LIMIT ?",
array_merge($device_ids, ["%$search%", "%$search%", "%$search%", $limit])
);
if (count($results)) {
$found = 1;
$devices = count($results);
foreach ($results as $result) {
$name = $result['mplug_title'];
if ($result['disabled'] == 1) {
$highlight_colour = '#808080';
} elseif ($result['ignored'] == 1 && $result['disabled'] == 0) {
$highlight_colour = '#000000';
} elseif ($result['status'] == 0 && $result['ignore'] == 0 && $result['disabled'] == 0) {
$highlight_colour = '#ff0000';
} elseif ($result['status'] == 1 && $result['ignore'] == 0 && $result['disabled'] == 0) {
$highlight_colour = '#008000';
}
$device[] = [
'name' => $name,
'hostname' => format_hostname($result),
'device_id' => $result['device_id'],
'colours' => $highlight_colour,
'device_image' => getIcon($result),
'device_hardware' => $result['hardware'],
'device_os' => \LibreNMS\Config::getOsSetting($result['os'], 'text'),
'version' => $result['version'],
'location' => $result['location'],
'plugin' => $result['mplug_type'],
];
}//end foreach
}//end if
$json = json_encode($device);
exit($json);
} elseif ($_REQUEST['type'] == 'iftype') {
// Device search
$results = dbFetchRows(
"SELECT `ports`.ifType FROM `ports` WHERE $perms_sql `ifType` LIKE ? GROUP BY ifType ORDER BY ifType LIMIT ?",
array_merge($device_ids, ["%$search%", $limit])
);
if (count($results)) {
$found = 1;
$devices = count($results);
foreach ($results as $result) {
$device[] = [
'filter' => $result['ifType'],
];
}//end foreach
}//end if
$json = json_encode($device);
exit($json);
} elseif ($_REQUEST['type'] == 'bill') {
// Device search
if (Auth::user()->hasGlobalRead()) {
$results = dbFetchRows(
'SELECT `bills`.bill_id, `bills`.bill_name FROM `bills` WHERE `bill_name` LIKE ? OR `bill_notes` LIKE ? LIMIT ?',
["%$search%", "%$search%", $limit]
);
} else {
$results = dbFetchRows(
'SELECT `bills`.bill_id, `bills`.bill_name FROM `bills` INNER JOIN `bill_perms` ON `bills`.bill_id = `bill_perms`.bill_id WHERE `bill_perms`.user_id = ? AND (`bill_name` LIKE ? OR `bill_notes` LIKE ?) LIMIT ?',
[Auth::id(), "%$search%", "%$search%", $limit]
);
}
$json = json_encode($results);
exit($json);
}//end if
}//end if
}//end if
Reference in New Issue View Git Blame Copy Permalink