diff --git a/html/graphs b/html/graphs
index f37cb17ed..08ab9b260 120000
--- a/html/graphs
+++ b/html/graphs
@@ -1 +1 @@
-../graphs/
\ No newline at end of file
+../graphs
\ No newline at end of file
diff --git a/html/index.php b/html/index.php
index 321cdb375..cbf3a3afc 100755
--- a/html/index.php
+++ b/html/index.php
@@ -28,7 +28,9 @@ if($_GET[debug]) {
-
+
+
+
"); }
?>
diff --git a/html/pages/devices.php b/html/pages/devices.php
index 803aa67b8..7fba3f8df 100644
--- a/html/pages/devices.php
+++ b/html/pages/devices.php
@@ -10,11 +10,9 @@ if($_GET['status'] == "alerted") {
}
$device_query = mysql_query($sql);
-
echo("");
-
while($device = mysql_fetch_array($device_query)) {
- if( devicepermitted($device['device_id']) || $_SESSION['userlevel'] >= '5' ) {
+ if( devicepermitted($device['device_id']) ) {
$device['uptime'] = @mysql_result(mysql_query("SELECT `attrib_value` FROM `devices_attribs` WHERE `device_id` = '" . $device['device_id'] ."' AND `attrib_type` = 'uptime'"), 0);
include("includes/hostbox.inc");
}
diff --git a/includes/functions.php b/includes/functions.php
index d67dadcf8..95babe5f1 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -92,8 +92,8 @@ function strgen ($length = 16)
return $string;
}
-function billpermitted($bill_id) {
-
+function billpermitted($bill_id)
+{
global $_SESSION;
if($_SESSION['userlevel'] >= "5") {
$allowed = TRUE;
@@ -112,21 +112,26 @@ function interfacepermitted($interface_id)
global $_SESSION;
if($_SESSION['userlevel'] >= "5") {
$allowed = TRUE;
- } elseif ( devicepermitted(mysql_result(mysql_query("SELECT device_id FROM interfaces WHERE interface_id = '$interface_id'"),0))) {
+ } elseif ( devicepermitted(mysql_result(mysql_query("SELECT `device_id` FROM `interfaces` WHERE `interface_id` = '$interface_id'"),0))) {
$allowed = TRUE;
- } elseif ( @mysql_result(mysql_query("SELECT interface_id FROM interfaces_perms WHERE `user_id` = '" . $_SESSION['user_id'] . "' AND `interface_id` = $interface_id"), 0)) {
+ } elseif ( @mysql_result(mysql_query("SELECT `interface_id` FROM `interfaces_perms` WHERE `user_id` = '" . $_SESSION['user_id'] . "' AND `interface_id` = $interface_id"), 0)) {
$allowed = TRUE;
- } else { $allowed = FALSE; }
+ } else {
+ $allowed = FALSE;
+ }
return $allowed;
}
function devicepermitted($device_id)
{
global $_SESSION;
- if($_SESSION['userlevel'] >= "5") { $allowed = true;
+ if($_SESSION['userlevel'] >= "5") {
+ $allowed = true;
} elseif ( @mysql_result(mysql_query("SELECT * FROM devices_perms WHERE `user_id` = '" . $_SESSION['user_id'] . "' AND `device_id` = $device_id"), 0) > '0' ) {
$allowed = true;
- } else { $allowed = false; }
+ } else {
+ $allowed = false;
+ }
return $allowed;
}