diff --git a/html/includes/graphs/cisco_entity_sensor.inc.php b/attic/cisco_entity_sensor.inc.php similarity index 100% rename from html/includes/graphs/cisco_entity_sensor.inc.php rename to attic/cisco_entity_sensor.inc.php diff --git a/html/ajax_listports.php b/html/ajax_listports.php index 60e566021..f8913ea70 100755 --- a/html/ajax_listports.php +++ b/html/ajax_listports.php @@ -9,19 +9,20 @@ if ($_GET['debug']) ini_set('error_reporting', E_ALL); } -include("../includes/defaults.inc.php"); -include("../config.php"); -include("includes/functions.inc.php"); -include("../includes/common.php"); -include("../includes/rewrites.php"); -include("includes/authenticate.inc.php"); +include_once("../includes/defaults.inc.php"); +include_once("../config.php"); +include_once("includes/functions.inc.php"); +include_once("../includes/dbFacile.php"); +include_once("../includes/common.php"); + +include_once("../includes/rewrites.php"); +include_once("includes/authenticate.inc.php"); if (!$_SESSION['authenticated']) { echo("unauthenticated"); exit; } if (is_numeric($_GET['device_id'])) { - $ports = mysql_query("SELECT * FROM ports WHERE device_id = '".$_GET['device_id']."'"); - while ($interface = mysql_fetch_assoc($ports)) + foreach (dbFetch("SELECT * FROM ports WHERE device_id = ?", array($_GET['device_id'])) as $interface) { echo("obj.options[obj.options.length] = new Option('".$interface['ifDescr']." - ".$interface['ifAlias']."','".$interface['interface_id']."');\n"); } diff --git a/html/billing-graph.php b/html/billing-graph.php index 33a05cc28..e290dfd3c 100755 --- a/html/billing-graph.php +++ b/html/billing-graph.php @@ -50,19 +50,17 @@ if ($type == "date") { $date_format = "%d %b %H:%i"; $tickinterval = "2"; } else $datefrom = date('Ymt', $start) . "000000"; $dateto = date('Ymt', $end) . "235959"; -$datefrom = mysql_result(mysql_query("SELECT FROM_UNIXTIME($start, '%Y%m%d')"),0) . "000000"; -$dateto = mysql_result(mysql_query("SELECT FROM_UNIXTIME($end, '%Y%m%d')"),0) . "235959"; +$datefrom = dbFetchCell("SELECT FROM_UNIXTIME($start, '%Y%m%d')") . "000000"; +$dateto = dbFetchCell("SELECT FROM_UNIXTIME($end, '%Y%m%d')") . "235959"; $rate_data = getRates($bill_id,$datefrom,$dateto); $rate_95th = $rate_data['rate_95th'] * 1000; $rate_average = $rate_data['rate_average'] * 1000; -$bi_q = mysql_query("SELECT * FROM bills WHERE bill_id = $bill_id"); -$bi_a = mysql_fetch_assoc($bi_q); +$bi_a = dbFetchRow("SELECT * FROM bills WHERE bill_id = ?", array($bill_id)"); $bill_name = $bi_a['bill_name']; -$countsql = mysql_query("SELECT count(`delta`) FROM `bill_data` WHERE `bill_id` = '$bill_id' AND `timestamp` >= '$datefrom' AND `timestamp` <= '$dateto'"); -$counttot = mysql_result($countsql,0); +$counttot = dbFetchCell("SELECT count(`delta`) FROM `bill_data` WHERE `bill_id` = ? AND `timestamp` >= ? AND `timestamp` <= ?", array($bill_id, $datefrom, $dateto)); $count = round($counttot / (($ysize - 100) * 2), 0); if ($count <= 1) { $count = 2; } @@ -72,19 +70,18 @@ if ($count <= 1) { $count = 2; } #$count = round($counttot / 260, 0); #if ($count <= 1) { $count = 2; } -$max = mysql_result(mysql_query("SELECT delta FROM bill_data WHERE bill_id = $bill_id AND timestamp >= $datefrom AND timestamp <= $dateto ORDER BY delta DESC LIMIT 0,1"),0); +$max = dbFetchCell("SELECT delta FROM bill_data WHERE bill_id = ? AND timestamp >= ? AND timestamp <= ? ORDER BY delta DESC LIMIT 0,1", array($bill_id, $datefrom, $dateto)); if ($max > 1000000) { $div = "1000000"; $yaxis = "Mbit/sec"; } else { $div = "1000"; $yaxis = "Kbit/sec"; } $i = '0'; -#$start = mysql_result(mysql_query("SELECT *, UNIX_TIMESTAMP(timestamp) AS formatted_date FROM bill_data WHERE bill_id = $bill_id AND timestamp >=$datefrom AND timestamp <= $dateto ORDER BY timestamp ASC LIMIT 0,1"),0); -#$end = mysql_result(mysql_query("SELECT *, UNIX_TIMESTAMP(timestamp) AS formatted_date FROM bill_data WHERE bill_id = $bill_id AND timestamp >=$datefrom AND timestamp <= $dateto ORDER BY timestamp DESC LIMIT 0,1"),0); +#$start = "SELECT *, UNIX_TIMESTAMP(timestamp) AS formatted_date FROM bill_data WHERE bill_id = $bill_id AND timestamp >=$datefrom AND timestamp <= $dateto ORDER BY timestamp ASC LIMIT 0,1"),0); +#$end = "SELECT *, UNIX_TIMESTAMP(timestamp) AS formatted_date FROM bill_data WHERE bill_id = $bill_id AND timestamp >=$datefrom AND timestamp <= $dateto ORDER BY timestamp DESC LIMIT 0,1"),0); $dur = $end - $start; -$sql = "SELECT *, UNIX_TIMESTAMP(timestamp) AS formatted_date FROM bill_data WHERE bill_id = $bill_id AND timestamp >= $datefrom AND timestamp <= $dateto ORDER BY timestamp ASC"; -$data = mysql_query($sql); +#$sql = "SELECT *, UNIX_TIMESTAMP(timestamp) AS formatted_date FROM bill_data WHERE bill_id = $bill_id AND timestamp >= $datefrom AND timestamp <= $dateto ORDER BY timestamp ASC"; -while ($row = mysql_fetch_assoc($data)) +foreach (dbFetch("SELECT *, UNIX_TIMESTAMP(timestamp) AS formatted_date FROM bill_data WHERE bill_id = ? AND timestamp >= ? AND timestamp <= ? ORDER BY timestamp ASC", array($bill_id, $datefrom, $dateto)) as $row) { @$timestamp = $row['formatted_date']; if (!$first) { $first = $timestamp; } diff --git a/html/includes/authentication/http-auth.inc.php b/html/includes/authentication/http-auth.inc.php index e555bf987..aeab81efd 100644 --- a/html/includes/authentication/http-auth.inc.php +++ b/html/includes/authentication/http-auth.inc.php @@ -13,9 +13,7 @@ function authenticate($username,$password) { $_SESSION['username'] = mres($_SERVER['REMOTE_USER']); - $sql = "SELECT username FROM `users` WHERE `username`='".$_SESSION['username'] . "'";; - $query = mysql_query($sql); - $row = @mysql_fetch_assoc($query); + $row = @dbFetchRow("SELECT username FROM `users` WHERE `username`=?", array($_SESSION['username'])); if (isset($row['username']) && $row['username'] == $_SESSION['username']) { return 1; @@ -46,28 +44,23 @@ function auth_usermanagement() function adduser($username, $password, $level, $email = "", $realname = "") { - mysql_query("INSERT INTO `users` (`username`,`password`,`level`, `email`, `realname`) VALUES ('".mres($username)."',MD5('".mres($password)."'),'".mres($level)."','".mres($email)."','".mres($realname)."')"); - - return mysql_affected_rows(); + return dbInsert(array('username' => $username, 'password' => $password. 'level' => $level, 'email' => $email, 'realname' => $realname), 'users'); } function user_exists($username) { - return mysql_result(mysql_query("SELECT * FROM users WHERE username = '".mres($username)."'"),0); + ## FIXME this doesn't seem right? (adama) + return dbFetchCell("SELECT * FROM `users` WHERE `username` = ?", array($username)); } function get_userlevel($username) { - $sql = "SELECT level FROM `users` WHERE `username`='".mres($username)."'"; - $row = mysql_fetch_assoc(mysql_query($sql)); - return $row['level']; + return dbFetchCell("SELECT `level` FROM `users` WHERE `username`= ?", array($username)); } function get_userid($username) { - $sql = "SELECT user_id FROM `users` WHERE `username`='".mres($username)."'"; - $row = mysql_fetch_assoc(mysql_query($sql)); - return $row['user_id']; + return dbFetchCell("SELECT `user_id` FROM `users` WHERE `username`= ?", array($username)); } function deluser($username) diff --git a/html/includes/authentication/ldap.inc.php b/html/includes/authentication/ldap.inc.php index f216ff358..636eebe11 100644 --- a/html/includes/authentication/ldap.inc.php +++ b/html/includes/authentication/ldap.inc.php @@ -67,17 +67,13 @@ function user_exists($username) function get_userlevel($username) { # FIXME should come from LDAP - $sql = "SELECT level FROM `users` WHERE `username`='".mres($username)."'"; - $row = mysql_fetch_assoc(mysql_query($sql)); - return $row['level']; + return dbFetchRow("SELECT `level` FROM `users` WHERE `username` = ?", array($username)); } function get_userid($username) { # FIXME should come from LDAP - $sql = "SELECT user_id FROM `users` WHERE `username`='".mres($username)."'"; - $row = mysql_fetch_assoc(mysql_query($sql)); - return $row['user_id']; + return dbFetchRow("SELECT `user_id` FROM `users` WHERE `username` = ?", array($username)); } function deluser($username) @@ -86,4 +82,4 @@ function deluser($username) return 0; } -?> \ No newline at end of file +?> diff --git a/html/includes/authentication/mysql.inc.php b/html/includes/authentication/mysql.inc.php index d605fac92..32f1fd16d 100644 --- a/html/includes/authentication/mysql.inc.php +++ b/html/includes/authentication/mysql.inc.php @@ -3,16 +3,13 @@ function authenticate($username,$password) { $encrypted_old = md5($password); - $sql = "SELECT username,password FROM `users` WHERE `username`='".$username."'"; - $query = mysql_query($sql); - $row = @mysql_fetch_assoc($query); + $row = dbFetchRow("SELECT username,password FROM `users` WHERE `username`= ?", array($username)); if ($row['username'] && $row['username'] == $username) { // Migrate from old, unhashed password if ($row['password'] == $encrypted_old) { - $query = mysql_query("DESCRIBE users password"); - $row = mysql_fetch_assoc($query); + $row = dbFetchRow("DESCRIBE users password"); if ($row['Type'] == 'varchar(34)') { changepassword($username,$password); @@ -39,7 +36,7 @@ function passwordscanchange($username="") if (empty($username) || !user_exists($username)) { return 1; } else { - return @mysql_result(mysql_query("SELECT can_modify_passwd FROM users WHERE username = '".mres($username)."'"),0); + return dbFetchCell("SELECT can_modify_passwd FROM users WHERE username = ?", array($username)); } } @@ -67,8 +64,7 @@ function generateSalt($max = 15) function changepassword($username,$password) { $encrypted = crypt($password,'$1$' . generateSalt(8).'$'); - $sql = "UPDATE `users` SET `password` = '$encrypted' WHERE `username`='".$username."'"; - $query = mysql_query($sql); + return dbUpdate(array('password' => $encrypted), 'users', '`username` = ?', array($username)); } function auth_usermanagement() @@ -81,35 +77,30 @@ function adduser($username, $password, $level, $email = "", $realname = "", $can if (!user_exists($username)) { $encrypted = crypt($password,'$1$' . generateSalt(8).'$'); - mysql_query("INSERT INTO `users` (`username`,`password`,`level`, `email`, `realname`, `can_modify_passwd`) VALUES ('".mres($username)."','".mres($encrypted)."','".mres($level)."','".mres($email)."','".mres($realname)."','".mres($can_modify_passwd)."')"); + return dbInsert(array('username' => $username, 'password' => $encrypted, 'level' => $level, 'email' => $email, 'realname' => $realname, 'can_modify_passwd' => $can_modify_passwd), 'users'); + } else { + return FALSE; } - - return mysql_affected_rows(); } function user_exists($username) { - return @mysql_result(mysql_query("SELECT * FROM users WHERE username = '".mres($username)."'"),0); + return @dbFetchCell("SELECT * FROM users WHERE username = ?", array($username)); } function get_userlevel($username) { - $sql = "SELECT level FROM `users` WHERE `username`='".mres($username)."'"; - $row = mysql_fetch_assoc(mysql_query($sql)); - return $row['level']; + return dbFetchRow("SELECT `level` FROM `users` WHERE `username` = ?", array($username)); } function get_userid($username) { - $sql = "SELECT user_id FROM `users` WHERE `username`='".mres($username)."'"; - $row = mysql_fetch_assoc(mysql_query($sql)); - return $row['user_id']; + return dbFetchRow("SELECT `user_id` FROM `users` WHERE `username` = ?", array($username)); } function deluser($username) { - mysql_query("DELETE FROM `users` WHERE `user_id` = '" . mres($_GET['user_id']) . "'"); - return mysql_affected_rows(); + return dbDelete('users', "`username` = ?", array($username)); } ?> diff --git a/html/includes/hostbox.inc.php b/html/includes/hostbox.inc.php index 56445c202..f90e7b9ab 100644 --- a/html/includes/hostbox.inc.php +++ b/html/includes/hostbox.inc.php @@ -28,8 +28,8 @@ $image = getImage($device['device_id']); if ($device['os'] == "ios") { formatCiscoHardware($device, true); } $device['os_text'] = $config['os'][$device['os']]['text']; -$port_count = mysql_result(mysql_query("SELECT COUNT(*) FROM `ports` WHERE `device_id` = '".$device['device_id']."'"),0); -$sensor_count = mysql_result(mysql_query("SELECT COUNT(*) FROM `sensors` WHERE `device_id` = '".$device['device_id']."'"),0); +$port_count = dbFetchCell("SELECT COUNT(*) FROM `ports` WHERE `device_id` = ?", array($device['device_id'])); +$sensor_count = dbFetchCell("SELECT COUNT(*) FROM `sensors` WHERE `device_id` = ?", array($device['device_id'])); echo(' diff --git a/html/includes/port-edit.inc.php b/html/includes/port-edit.inc.php index 163c73167..87c38a167 100644 --- a/html/includes/port-edit.inc.php +++ b/html/includes/port-edit.inc.php @@ -24,14 +24,7 @@ foreach ($_POST as $key => $val) continue; } - if (!mysql_query('UPDATE `ports` SET `ignore`='.$newign.' WHERE `device_id`='.$device_id.' AND `interface_id`='.$interface_id)) - { - $n = -1; - } - else - { - $n = mysql_affected_rows(); - } + $n = dbUpdate(array('ignore' => $newign), 'ports', '`device_id` = ? AND `interface_id` = ?', array($device_id, $interface_id)); if ($n <0) { @@ -58,14 +51,7 @@ foreach ($_POST as $key => $val) continue; } - if (!mysql_query('UPDATE `ports` SET `disabled`='.$newdis.' WHERE `device_id`='.$device_id.' AND `interface_id`='.$interface_id)) - { - $n = -1; - } - else - { - $n = mysql_affected_rows(); - } + $n = dbUpdate(array('disabled' => $newdis), 'ports', '`device_id` = ? AND `interface_id` = ?', array($device_id, $interface_id)); if ($n <0) { diff --git a/html/includes/print-interface-adsl.inc.php b/html/includes/print-interface-adsl.inc.php index 43ecfa97a..456990f3a 100644 --- a/html/includes/print-interface-adsl.inc.php +++ b/html/includes/print-interface-adsl.inc.php @@ -30,14 +30,12 @@ if ($interface['ifAlias']) { echo("
"); } unset ($break); if ($port_details) { - $ipdata = mysql_query("SELECT * FROM `ipv4_addresses` WHERE `interface_id` = '" . $interface['interface_id'] . "'"); - while ($ip = mysql_fetch_assoc($ipdata)) + foreach (dbFetchRows("SELECT * FROM `ipv4_addresses` WHERE `interface_id` = ?", array($interface['interface_id'])) as $ip) { echo("$break ".$ip['ipv4_address']."/".$ip['ipv4_prefixlen'].""); $break = ","; } - $ip6data = mysql_query("SELECT * FROM `ipv6_addresses` WHERE `interface_id` = '" . $interface['interface_id'] . "'"); - while ($ip6 = mysql_fetch_assoc($ip6data)) + foreach (dbFetchRows("SELECT * FROM `ipv6_addresses` WHERE `interface_id` = ?", array($interface['interface_id']) as $ip6); { echo("$break ".Net_IPv6::compress($ip6['ipv6_address'])."/".$ip6['ipv6_prefixlen'].""); $break = ","; @@ -142,4 +140,4 @@ if ($graph_type && is_file($graph_file)) echo(""); } -?> \ No newline at end of file +?> diff --git a/html/includes/print-interface.inc.php b/html/includes/print-interface.inc.php index 924636b0f..b3c17e602 100644 --- a/html/includes/print-interface.inc.php +++ b/html/includes/print-interface.inc.php @@ -16,15 +16,14 @@ if($int_colour) if (!is_integer($i/2)) { $row_colour = $list_colour_a; } else { $row_colour = $list_colour_b; } } -$port_adsl_query = mysql_query("SELECT * FROM `ports_adsl` WHERE `interface_id` = '".$interface['interface_id']."'"); -$port_adsl = mysql_fetch_assoc($port_adsl_query); +$port_adsl = dbFetchRow("SELECT * FROM `ports_adsl` WHERE `interface_id` = ?", array($interface['interface_id'])); if ($interface['ifInErrors_delta'] > 0 || $interface['ifOutErrors_delta'] > 0) { $error_img = generate_port_link($interface, "Interface Errors", "port_errors"); } else { $error_img = ""; } -if (mysql_result(mysql_query("SELECT count(*) FROM mac_accounting WHERE interface_id = '".$interface['interface_id']."'"),0)) +if (dbFetchCell("SELECT COUNT(*) FROM `mac_accounting` WHERE `interface_id` = ?", array($interface['interface_id']))) { $mac = ""; } else { $mac = ""; } @@ -41,13 +40,13 @@ unset ($break); if ($port_details) { - $ipdata = mysql_query("SELECT * FROM `ipv4_addresses` WHERE `interface_id` = '" . $interface['interface_id'] . "'"); - while ($ip = mysql_fetch_Array($ipdata)) { + foreach (dbFetchRows("SELECT * FROM `ipv4_addresses` WHERE `interface_id` = ?", array($interface['interface_id'])) as $ip) + { echo("$break $ip[ipv4_address]/$ip[ipv4_prefixlen]"); $break = "
"; } - $ip6data = mysql_query("SELECT * FROM `ipv6_addresses` WHERE `interface_id` = '" . $interface['interface_id'] . "'"); - while ($ip6 = mysql_fetch_Array($ip6data)) { + foreach (dbFetchRows("SELECT * FROM `ipv6_addresses` WHERE `interface_id` = ?", array($interface['interface_id'])) as $ip6) + { echo("$break ".Net_IPv6::compress($ip6['ipv6_address'])."/".$ip6['ipv6_prefixlen'].""); $break = "
"; } @@ -94,7 +93,7 @@ if ($device['os'] == "ios" || $device['os'] == "iosxe") } elseif ($interface['ifVlan']) { echo("VLAN " . $interface['ifVlan'] . ""); } elseif ($interface['ifVrf']) { - $vrf = mysql_fetch_assoc(mysql_query("SELECT * FROM vrfs WHERE vrf_id = '".$interface['ifVrf']."'")); + $vrf = dbFetchRow("SELECT * FROM vrfs WHERE vrf_id = ?", array($interface['ifVrf'])); echo("" . $vrf['vrf_name'] . ""); } } @@ -126,8 +125,7 @@ echo(""); echo(""); if (strpos($interface['label'], "oopback") === false && !$graph_type) { - $link_query = mysql_query("select * from links AS L, ports AS I, devices AS D WHERE L.local_interface_id = '$if_id' AND L.remote_interface_id = I.interface_id AND I.device_id = D.device_id"); - while ($link = mysql_fetch_assoc($link_query)) + foreach(dbFetchRows("SELECT * FROM `links` AS L, `ports` AS I, `devices` AS D WHERE L.local_interface_id = ? AND L.remote_interface_id = I.interface_id AND I.device_id = D.device_id", array($if_id)) as $link) { # echo("Directly Connected " . generate_port_link($link, makeshortif($link['label'])) . " on " . generate_device_link($link, shorthost($link['hostname'])) . "
"); # $br = "
"; @@ -139,17 +137,15 @@ if (strpos($interface['label'], "oopback") === false && !$graph_type) if ($port_details) { ## Show which other devices are on the same subnet as this interface - $sql = "SELECT `ipv4_network_id` FROM `ipv4_addresses` WHERE `interface_id` = '".$interface['interface_id']."' AND `ipv4_address` NOT LIKE '127.%'"; - $nets_query = mysql_query($sql); - while ($net = mysql_fetch_assoc($nets_query)) + foreach (dbFetchRows("SELECT `ipv4_network_id` FROM `ipv4_addresses` WHERE `interface_id` = ? AND `ipv4_address` NOT LIKE '127.%'", array($interface['interface_id'])) as $net) { $ipv4_network_id = $net['ipv4_network_id']; $sql = "SELECT I.interface_id FROM ipv4_addresses AS A, ports AS I, devices AS D WHERE A.interface_id = I.interface_id - AND A.ipv4_network_id = '".$net['ipv4_network_id']."' AND D.device_id = I.device_id - AND D.device_id != '".$device['device_id']."'"; - $new_query = mysql_query($sql); - while ($new = mysql_fetch_assoc($new_query)) + AND A.ipv4_network_id = ? AND D.device_id = I.device_id + AND D.device_id != ?"; + $array = array($net['ipv4_network_id'], $device['device_id']); + foreach(dbFetchRow($sql, $array) AS $new) { echo($new['ipv4_network_id']); $this_ifid = $new['interface_id']; @@ -161,17 +157,16 @@ if (strpos($interface['label'], "oopback") === false && !$graph_type) } } - $sql = "SELECT ipv6_network_id FROM ipv6_addresses WHERE interface_id = '".$interface['interface_id']."'"; - $nets_query = mysql_query($sql); - while ($net = mysql_fetch_assoc($nets_query)) + foreach (dbFetchRows("SELECT ipv6_network_id FROM ipv6_addresses WHERE interface_id = ?", array($interface['interface_id'])) as $net) { $ipv6_network_id = $net['ipv6_network_id']; $sql = "SELECT I.interface_id FROM ipv6_addresses AS A, ports AS I, devices AS D WHERE A.interface_id = I.interface_id - AND A.ipv6_network_id = '".$net['ipv6_network_id']."' AND D.device_id = I.device_id - AND D.device_id != '".$device['device_id']."' AND A.ipv6_origin != 'linklayer' AND A.ipv6_origin != 'wellknown'"; - $new_query = mysql_query($sql); - while ($new = mysql_fetch_assoc($new_query)) + AND A.ipv6_network_id = ? AND D.device_id = I.device_id + AND D.device_id != ? AND A.ipv6_origin != 'linklayer' AND A.ipv6_origin != 'wellknown'"; + $array = array($net['ipv6_network_id'], $device['device_id']); + + foreach(dbFetchRow($sql, $array) AS $new) { echo($new['ipv6_network_id']); $this_ifid = $new['interface_id']; @@ -186,7 +181,7 @@ if (strpos($interface['label'], "oopback") === false && !$graph_type) foreach ($int_links as $int_link) { - $link_if = mysql_fetch_assoc(mysql_query("SELECT * from ports AS I, devices AS D WHERE I.device_id = D.device_id and I.interface_id = '".$int_link."'")); + $link_if = dbFetchRow("SELECT * from ports AS I, devices AS D WHERE I.device_id = D.device_id and I.interface_id = ?", array($int_link)); echo("$br"); @@ -202,21 +197,18 @@ if (strpos($interface['label'], "oopback") === false && !$graph_type) # unset($int_links, $int_links_v6, $int_links_v4, $int_links_phys, $br); } -$pseudowires = mysql_query("SELECT * FROM `pseudowires` WHERE `interface_id` = '" . $interface['interface_id'] . "'"); -while ($pseudowire = mysql_fetch_assoc($pseudowires)) +foreach (dbFetchRows("SELECT * FROM `pseudowires` WHERE `interface_id` = ?", array($interface['interface_id'])) as $pseudowire) { #`interface_id`,`peer_device_id`,`peer_ldp_id`,`cpwVcID`,`cpwOid` - $pw_peer_dev = mysql_fetch_assoc(mysql_query("SELECT * from `devices` WHERE `device_id` = '" . $pseudowire['peer_device_id'] . "'")); - $pw_peer_int = mysql_fetch_assoc(mysql_query("SELECT * from `ports` AS I, pseudowires AS P WHERE I.device_id = '".$pseudowire['peer_device_id']."' AND - P.cpwVcID = '".$pseudowire['cpwVcID']."' AND - P.interface_id = I.interface_id")); + $pw_peer_dev = dbFetchRow("SELECT * FROM `devices` WHERE `device_id` = ?", array($pseudowire['peer_device_id'])); + $pw_peer_int = dbFetchRow("SELECT * FROM `ports` AS I, pseudowires AS P WHERE I.device_id = ? AND P.cpwVcID = ? AND P.interface_id = I.interface_id", array($pseudowire['peer_device_id'], $pseudowire['cpwVcID'])); + $pw_peer_int = ifNameDescr($pw_peer_int); echo("$br " . generate_port_link($pw_peer_int, makeshortif($pw_peer_int['label'])) ." on ". generate_device_link($pw_peer_dev, shorthost($pw_peer_dev['hostname'])) . ""); $br = "
"; } -$members = mysql_query("SELECT * FROM `ports` WHERE `pagpGroupIfIndex` = '".$interface['ifIndex']."' and `device_id` = '".$device['device_id']."'"); -while ($member = mysql_fetch_assoc($members)) +foreach(dbFetchRows("SELECT * FROM `ports` WHERE `pagpGroupIfIndex` = ? and `device_id` = ?", array($interface['ifIndex'], $device['device_id'])) as $member) { echo("$br " . generate_port_link($member) . " (PAgP)"); $br = "
"; @@ -224,13 +216,12 @@ while ($member = mysql_fetch_assoc($members)) if ($interface['pagpGroupIfIndex'] && $interface['pagpGroupIfIndex'] != $interface['ifIndex']) { - $parent = mysql_fetch_assoc(mysql_query("SELECT * FROM `ports` WHERE `ifIndex` = '".$interface['pagpGroupIfIndex']."' and `device_id` = '".$device['device_id']."'")); + $parent = dbFetchRow("SELECT * FROM `ports` WHERE `ifIndex` = ? and `device_id` = ?", array($interface['pagpGroupIfIndex'], $device['device_id'])); echo("$br " . generate_port_link($parent) . " (PAgP)"); $br = "
"; } -$higher_ifs = mysql_query("SELECT * FROM `ports_stack` WHERE `interface_id_low` = '".$interface['ifIndex']."' and `device_id` = '".$device['device_id']."'"); -while ($higher_if = mysql_fetch_assoc($higher_ifs)) +foreach(dbFetchRows("SELECT * FROM `ports_stack` WHERE `interface_id_low` = ? and `device_id` = ?", array($interface['ifIndex'], $device['device_id'])) as $higher_if) { if($higher_if['interface_id_high']) { @@ -240,8 +231,7 @@ while ($higher_if = mysql_fetch_assoc($higher_ifs)) } } -$lower_ifs = mysql_query("SELECT * FROM `ports_stack` WHERE `interface_id_high` = '".$interface['ifIndex']."' and `device_id` = '".$device['device_id']."'"); -while ($lower_if = mysql_fetch_assoc($lower_ifs)) +foreach(dbFetchRows("SELECT * FROM `ports_stack` WHERE `interface_id_high` = ? and `device_id` = ?", array($interface['ifIndex'], $device['device_id'])) as $lower_if) { if($lower_if['interface_id_low']) { diff --git a/html/includes/print-vlan.inc.php b/html/includes/print-vlan.inc.php index acd896313..b6d64f20f 100644 --- a/html/includes/print-vlan.inc.php +++ b/html/includes/print-vlan.inc.php @@ -8,8 +8,7 @@ echo(" Vlan " . $vlan['vlan_vlan'] . ""); echo("" . $vlan['vlan_descr'] . ""); echo(""); -$ports_query = mysql_query("SELECT * FROM ports WHERE `device_id` = '" . $device['device_id'] . "' AND `ifVlan` = '" . $vlan['vlan_vlan'] . "' "); -while ($port = mysql_fetch_assoc($ports_query)) +foreach (dbFetchRows("SELECT * FROM ports WHERE `device_id` = ? AND `ifVlan` = ?", array($device['device_id'], $vlan['vlan_vlan'])) as $port) { if ($_GET['opta']) { @@ -36,4 +35,4 @@ while ($port = mysql_fetch_assoc($ports_query)) echo(''); -?> \ No newline at end of file +?> diff --git a/html/includes/print-vrf.inc.php b/html/includes/print-vrf.inc.php index eb366cfdc..38dba870b 100644 --- a/html/includes/print-vrf.inc.php +++ b/html/includes/print-vrf.inc.php @@ -9,8 +9,7 @@ echo("" . $vrf['mplsVpnVrfDescription'] . ""); echo("" . $vrf['mplsVpnVrfRouteDistinguisher'] . ""); echo(''); -$ports_query = mysql_query("SELECT * FROM ports WHERE `device_id` = '" . $device['device_id'] . "' AND `ifVrf` = '" . $vrf['vrf_id'] . "' "); -while ($port = mysql_fetch_assoc($ports_query)) +foreach (dbFetchRows("SELECT * FROM ports WHERE `device_id` = ? AND `ifVrf` = ?", array($device['device_id'], $vrf['vrf_id'])) as $port)) { if ($_GET['optb'] == "graphs") { diff --git a/html/includes/service-add.inc.php b/html/includes/service-add.inc.php index 71c66b056..5e8367329 100644 --- a/html/includes/service-add.inc.php +++ b/html/includes/service-add.inc.php @@ -2,15 +2,11 @@ $updated = '1'; - $sql = "INSERT INTO `services` (`device_id`,`service_ip`,`service_type`,`service_desc`,`service_param`,`service_ignore`) - VALUES ('" . mres($_POST['device']). "','" . mres($_POST['ip']) . "','" . mres($_POST['type']) . "', - '" . mres($_POST['descr']) . "','" . mres($_POST['params']) . "','0')"; - - $query = mysql_query($sql); - $affected = mysql_affected_rows() . "records affected"; - - $message .= $message_break . "Service added!"; - $message_break .= "
" + $service_id = dbInsert(array('device_id' => $_POST['device'], 'service_ip' => $_POST['ip'], 'service_type' => $_POST['type'], 'service_desc' => $_POST['descr'], 'service_param' => $_POST['params'], 'service_ignore' => '0'), 'services'); + if($service_id) { + $message .= $message_break . "Service added (".$service_id.")!"; + $message_break .= "
" + } ?> diff --git a/html/includes/service-delete.inc.php b/html/includes/service-delete.inc.php index ce8d63fb9..c102fd817 100644 --- a/html/includes/service-delete.inc.php +++ b/html/includes/service-delete.inc.php @@ -2,14 +2,12 @@ $updated = '1'; - $sql = "DELETE FROM `services` WHERE service_id = '" . mres($_POST['service']). "'"; - - $query = mysql_query($sql); - $rows = mysql_affected_rows(); - $affected = $rows . " records affected"; - - $message .= $message_break . $rows . " service deleted!"; - $message_break .= "
" + $affected = dbDelete('services', '`service_id` = ?', array($_POST['service'])); + if($affected) + { + $message .= $message_break . $rows . " service deleted!"; + $message_break .= "
" + } ?> diff --git a/includes/functions.php b/includes/functions.php index 3d2a5b553..2a0d24c67 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -481,7 +481,7 @@ function log_event($text, $device = NULL, $type = NULL, $reference = NULL) 'datetime' => array("NOW()"), 'message' => $text); - return $dbInsert($insert, 'eventlog'); + dbInsert($insert, 'eventlog'); } diff --git a/includes/services.inc.php b/includes/services.inc.php index c270e85c2..ce72285f2 100644 --- a/includes/services.inc.php +++ b/includes/services.inc.php @@ -13,7 +13,7 @@ $insert = array('device_id' => $id, 'service_ip' => $hostname, 'service_type' => $service, 'service_desc' => "auto discovered: $service", 'service_param' => "", 'service_ignore' => "0"); - return $dbInsert($insert, 'services'); + return dbInsert($insert, 'services'); } diff --git a/includes/syslog.php b/includes/syslog.php index 568b96cf7..7e3378537 100755 --- a/includes/syslog.php +++ b/includes/syslog.php @@ -91,7 +91,7 @@ function process_syslog ($entry, $update) $insert_array = array('device_id' => $entry['device_id'], 'program' => $entry['program'], 'facility' => $entry['facility'], 'priority' => $entry['priority'], 'level' => $entry['level'], 'tag' => $entry['tag'], 'msg' => $entry['msg'], 'timestamp' => $entry['timestamp']); - if ($update && $entry['device_id']) { $dbInsert($insert_array, 'syslog'); } + if ($update && $entry['device_id']) { dbInsert($insert_array, 'syslog'); } unset ($fix); } else { print_r($entry); echo("D-$delete"); }