From 2cb5d727b4f9ad0c0f9021998d8a7a8908919361 Mon Sep 17 00:00:00 2001 From: Neil Lathwood Date: Mon, 16 Feb 2015 23:45:28 +0000 Subject: [PATCH 1/2] Updated to support a demo user --- html/includes/functions.inc.php | 6 +++++- html/includes/print-alert-rules.php | 8 ++++---- html/includes/print-alert-templates.php | 4 ++-- html/includes/print-alerts.php | 4 ++-- html/includes/print-menubar.php | 2 +- html/pages/addsrv.inc.php | 2 +- html/pages/adduser.inc.php | 4 ++++ html/pages/api-access.inc.php | 2 +- html/pages/authlog.inc.php | 2 +- html/pages/bill.inc.php | 10 +++++----- html/pages/bills.inc.php | 2 +- html/pages/delhost.inc.php | 5 +++++ html/pages/device/edit/services.inc.php | 4 ++-- html/pages/device/port.inc.php | 2 +- html/pages/edituser.inc.php | 1 + html/pages/front/default.php | 12 ++++++------ html/pages/front/globe.php | 10 +++++----- html/pages/locations.inc.php | 2 +- html/pages/preferences.inc.php | 8 ++++++++ html/pages/settings.inc.php | 2 +- 20 files changed, 57 insertions(+), 35 deletions(-) diff --git a/html/includes/functions.inc.php b/html/includes/functions.inc.php index 8d056e06b3..4a6b7f201f 100644 --- a/html/includes/functions.inc.php +++ b/html/includes/functions.inc.php @@ -712,7 +712,7 @@ function generate_pagination($count,$limit,$page,$links = 2) { } function is_admin() { - if ($_SESSION['userlevel'] == '10') { + if ($_SESSION['userlevel'] >= '10') { $allowed = true; } else { $allowed = false; @@ -720,4 +720,8 @@ function is_admin() { return $allowed; } +function demo_account() { + print_error("You are logged in as a demo account, this page isn't accessible to you"); +} + ?> diff --git a/html/includes/print-alert-rules.php b/html/includes/print-alert-rules.php index ce99291564..8c6f144d35 100644 --- a/html/includes/print-alert-rules.php +++ b/html/includes/print-alert-rules.php @@ -46,7 +46,7 @@ echo '
'; echo (''); -if ($_SESSION['userlevel'] == '10') { +if ($_SESSION['userlevel'] >= '10') { echo(''); } echo (' @@ -128,12 +128,12 @@ foreach( dbFetchRows($full_query, $param) as $rule ) { } echo "Max: ".$rule_extra['count']."
Delay: ".$rule_extra['delay'].""; echo ""; - if ($_SESSION['userlevel'] == '10') { + if ($_SESSION['userlevel'] >= '10') { echo ""; } echo ""; echo ""; - if ($_SESSION['userlevel'] == '10') { + if ($_SESSION['userlevel'] >= '10') { echo " "; echo ""; } @@ -153,7 +153,7 @@ echo '
'; if($count < 1) { - if ($_SESSION['userlevel'] == '10') { + if ($_SESSION['userlevel'] >= '10') { echo '
diff --git a/html/includes/print-alert-templates.php b/html/includes/print-alert-templates.php index 001e10dd62..4fe04bd039 100644 --- a/html/includes/print-alert-templates.php +++ b/html/includes/print-alert-templates.php @@ -27,7 +27,7 @@ echo '
'; -if ($_SESSION['userlevel'] == '10') { +if ($_SESSION['userlevel'] >= '10') { echo(''); } @@ -62,7 +62,7 @@ foreach( dbFetchRows($full_query, $param) as $template ) { echo ' '.$template['name'].' '; - if ($_SESSION['userlevel'] == '10') { + if ($_SESSION['userlevel'] >= '10') { echo " "; echo " "; echo ""; diff --git a/html/includes/print-alerts.php b/html/includes/print-alerts.php index d1cf6b6b98..57ee86d64e 100644 --- a/html/includes/print-alerts.php +++ b/html/includes/print-alerts.php @@ -27,7 +27,7 @@ echo '
'; echo (''); -if ($_SESSION['userlevel'] == '10') { +if ($_SESSION['userlevel'] >= '10') { echo(''); } echo (' @@ -96,7 +96,7 @@ foreach( dbFetchRows($full_query, $param) as $alert ) { } echo ""; echo ""; - if ($_SESSION['userlevel'] == '10') { + if ($_SESSION['userlevel'] >= '10') { $ack_ico = 'volume-up'; $ack_col = 'success'; if(in_array($alert['state'],array(2,3,4))) { diff --git a/html/includes/print-menubar.php b/html/includes/print-menubar.php index 16f3767588..0885389eaf 100644 --- a/html/includes/print-menubar.php +++ b/html/includes/print-menubar.php @@ -43,7 +43,7 @@ if (isset($config['enable_bgp']) && $config['enable_bgp'])
  • Overview
  • Alerts
    • = '10') { ?>
  • Alert Rules
  • Alert Templates
    • diff --git a/html/pages/addsrv.inc.php b/html/pages/addsrv.inc.php index 23c945b9eb..3fdadd6b05 100644 --- a/html/pages/addsrv.inc.php +++ b/html/pages/addsrv.inc.php @@ -8,7 +8,7 @@ else { if ($_POST['addsrv']) { - if ($_SESSION['userlevel'] == '10') + if ($_SESSION['userlevel'] >= '10') { $updated = '1'; diff --git a/html/pages/adduser.inc.php b/html/pages/adduser.inc.php index 248ccf2344..c0a7db564f 100644 --- a/html/pages/adduser.inc.php +++ b/html/pages/adduser.inc.php @@ -4,6 +4,9 @@ if ($_SESSION['userlevel'] < '10') { include("includes/error-no-perm.inc.php"); } +elseif ($_SESSION['userlevel'] == 11) { + demo_account(); +} else { echo("

    Add User

    "); @@ -92,6 +95,7 @@ echo(" +
    diff --git a/html/pages/api-access.inc.php b/html/pages/api-access.inc.php index f1052c91b2..a1b6e5a528 100644 --- a/html/pages/api-access.inc.php +++ b/html/pages/api-access.inc.php @@ -12,7 +12,7 @@ * the source code distribution for details. */ -if ($_SESSION['userlevel'] == '10') +if ($_SESSION['userlevel'] >= '10') { if(empty($_POST['token'])) { $_POST['token'] = bin2hex(openssl_random_pseudo_bytes(16)); diff --git a/html/pages/authlog.inc.php b/html/pages/authlog.inc.php index 801afd40a4..606345526e 100644 --- a/html/pages/authlog.inc.php +++ b/html/pages/authlog.inc.php @@ -1,6 +1,6 @@ = '10') { echo(""); diff --git a/html/pages/bill.inc.php b/html/pages/bill.inc.php index 8563518b20..c6c0029e65 100644 --- a/html/pages/bill.inc.php +++ b/html/pages/bill.inc.php @@ -2,7 +2,7 @@ $bill_id = mres($vars['bill_id']); -if ($_SESSION['userlevel'] == "10") +if ($_SESSION['userlevel'] >= "10") { include("pages/bill/actions.inc.php"); } @@ -94,7 +94,7 @@ if (bill_permitted($bill_id)) echo('Historical Usage'); if ($vars['view'] == "history") { echo(""); } - if ($_SESSION['userlevel'] == "10") + if ($_SESSION['userlevel'] >= "10") { echo(" | "); if ($vars['view'] == "edit") { echo(""); } @@ -116,15 +116,15 @@ if (bill_permitted($bill_id)) print_optionbar_end(); - if ($vars['view'] == "edit" && $_SESSION['userlevel'] == "10") + if ($vars['view'] == "edit" && $_SESSION['userlevel'] >= "10") { include("pages/bill/edit.inc.php"); } - elseif ($vars['view'] == "delete" && $_SESSION['userlevel'] == "10") + elseif ($vars['view'] == "delete" && $_SESSION['userlevel'] >= "10") { include("pages/bill/delete.inc.php"); } - elseif ($vars['view'] == "reset" && $_SESSION['userlevel'] == "10") + elseif ($vars['view'] == "reset" && $_SESSION['userlevel'] >= "10") { include("pages/bill/reset.inc.php"); } diff --git a/html/pages/bills.inc.php b/html/pages/bills.inc.php index adf2a77242..6a900f9fe1 100644 --- a/html/pages/bills.inc.php +++ b/html/pages/bills.inc.php @@ -64,7 +64,7 @@ elseif ($vars['view'] == "add") print_optionbar_start(); echo("Bill » "); if (!$vars['view']) { $vars['view'] = "add"; } - if ($_SESSION['userlevel'] == "10") + if ($_SESSION['userlevel'] >= "10") { if ($vars['view'] == "add") { echo(""); } echo('Add'); diff --git a/html/pages/delhost.inc.php b/html/pages/delhost.inc.php index 467338375d..1c89e4297b 100644 --- a/html/pages/delhost.inc.php +++ b/html/pages/delhost.inc.php @@ -11,6 +11,10 @@ if ($_SESSION['userlevel'] < 10) $pagetitle[] = "Delete device"; +if ($_SESSION['userlevel'] == 11) { + demo_account(); +} else { + if (is_numeric($_REQUEST['id'])) { echo(' @@ -82,4 +86,5 @@ foreach (dbFetchRows("SELECT * FROM `devices` ORDER BY `hostname`") as $data) diff --git a/html/pages/device/edit/services.inc.php b/html/pages/device/edit/services.inc.php index 6ef7e0e45d..083b36b97e 100644 --- a/html/pages/device/edit/services.inc.php +++ b/html/pages/device/edit/services.inc.php @@ -3,13 +3,13 @@ echo('
    '); if ($_POST['addsrv']) { - if ($_SESSION['userlevel'] == '10') { + if ($_SESSION['userlevel'] >= '10') { include("includes/service-add.inc.php"); } } if ($_POST['delsrv']) { - if ($_SESSION['userlevel'] == '10') { + if ($_SESSION['userlevel'] >= '10') { include("includes/service-delete.inc.php"); } } diff --git a/html/pages/device/port.inc.php b/html/pages/device/port.inc.php index 357bdfe328..944b10a55d 100644 --- a/html/pages/device/port.inc.php +++ b/html/pages/device/port.inc.php @@ -148,7 +148,7 @@ if (dbFetchCell("SELECT COUNT(*) FROM juniAtmVp WHERE port_id = '".$port['port_i if ($vars['view'] == "junose-atm-vp" && $vars['graph'] == "bits") { echo(""); } } -if ($_SESSION['userlevel'] == '10') +if ($_SESSION['userlevel'] >= '10') { echo(" Create Bill"); } diff --git a/html/pages/edituser.inc.php b/html/pages/edituser.inc.php index e41813c027..0626f1ecf9 100644 --- a/html/pages/edituser.inc.php +++ b/html/pages/edituser.inc.php @@ -316,6 +316,7 @@ if ($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php"); +
    diff --git a/html/pages/front/default.php b/html/pages/front/default.php index 811b2fe248..5f883017e7 100644 --- a/html/pages/front/default.php +++ b/html/pages/front/default.php @@ -31,7 +31,7 @@ echo('
    '); $count_boxes = 0; // Device down boxes -if ($_SESSION['userlevel'] == '10') +if ($_SESSION['userlevel'] >= '10') { $sql = "SELECT * FROM `devices` WHERE `status` = '0' AND `ignore` = '0' LIMIT ".$config['front_page_down_box_limit']; } else { @@ -45,7 +45,7 @@ foreach (dbFetchRows($sql) as $device) ++$count_boxes; } -if ($_SESSION['userlevel'] == '10') +if ($_SESSION['userlevel'] >= '10') { $sql = "SELECT * FROM `ports` AS I, `devices` AS D WHERE I.device_id = D.device_id AND ifOperStatus = 'down' AND ifAdminStatus = 'up' AND D.ignore = '0' AND I.ignore = '0' LIMIT ".$config['front_page_down_box_limit']; } else { @@ -74,7 +74,7 @@ if ($config['warn']['ifdown']) /* FIXME service permissions? seem nonexisting now.. */ // Service down boxes -if ($_SESSION['userlevel'] == '10') +if ($_SESSION['userlevel'] >= '10') { $sql = "SELECT * FROM `services` AS S, `devices` AS D WHERE S.device_id = D.device_id AND service_status = 'down' AND D.ignore = '0' AND S.service_ignore = '0' LIMIT ".$config['front_page_down_box_limit']; $param[] = ''; @@ -96,7 +96,7 @@ foreach (dbFetchRows($sql,$param) as $service) // BGP neighbour down boxes if (isset($config['enable_bgp']) && $config['enable_bgp']) { - if ($_SESSION['userlevel'] == '10') + if ($_SESSION['userlevel'] >= '10') { $sql = "SELECT * FROM `devices` AS D, bgpPeers AS B WHERE bgpPeerAdminStatus != 'start' AND bgpPeerState != 'established' AND bgpPeerState != '' AND B.device_id = D.device_id AND D.ignore = 0 LIMIT ".$config['front_page_down_box_limit']; } else { @@ -115,7 +115,7 @@ if (isset($config['enable_bgp']) && $config['enable_bgp']) // Device rebooted boxes if (filter_var($config['uptime_warning'], FILTER_VALIDATE_FLOAT) !== FALSE && $config['uptime_warning'] > 0) { - if ($_SESSION['userlevel'] == '10') + if ($_SESSION['userlevel'] >= '10') { $sql = "SELECT * FROM `devices` AS D WHERE D.status = '1' AND D.uptime > 0 AND D.uptime < '" . $config['uptime_warning'] . "' AND D.ignore = 0 LIMIT ".$config['front_page_down_box_limit']; } else { @@ -196,7 +196,7 @@ if ($config['enable_syslog']) } else { - if ($_SESSION['userlevel'] == '10') + if ($_SESSION['userlevel'] >= '10') { $query = "SELECT *,DATE_FORMAT(datetime, '%D %b %T') as humandate FROM `eventlog` ORDER BY `datetime` DESC LIMIT 0,15"; } else { diff --git a/html/pages/front/globe.php b/html/pages/front/globe.php index af3a1f7aa2..cc0b8e5604 100644 --- a/html/pages/front/globe.php +++ b/html/pages/front/globe.php @@ -76,7 +76,7 @@ echo("
    "); -if ($_SESSION['userlevel'] == '10') +if ($_SESSION['userlevel'] >= '10') { $sql = "SELECT * FROM `devices` WHERE `status` = '0' AND `ignore` = '0'"; } else { @@ -91,7 +91,7 @@ foreach (dbFetchRows($sql) as $device) } -if ($_SESSION['userlevel'] == '10') +if ($_SESSION['userlevel'] >= '10') { $sql = "SELECT * FROM `ports` AS I, `devices` AS D WHERE I.device_id = D.device_id AND ifOperStatus = 'down' AND ifAdminStatus = 'up' AND D.ignore = '0' AND I.ignore = '0'"; } else { @@ -130,7 +130,7 @@ foreach (dbFetchRows($sql) as $service) if (isset($config['enable_bgp']) && $config['enable_bgp']) { - if ($_SESSION['userlevel'] == '10') + if ($_SESSION['userlevel'] >= '10') { $sql = "SELECT * FROM `devices` AS D, bgpPeers AS B WHERE bgpPeerAdminStatus != 'start' AND bgpPeerState != 'established' AND bgpPeerState != '' AND B.device_id = D.device_id AND D.ignore = 0"; } else { @@ -148,7 +148,7 @@ if (isset($config['enable_bgp']) && $config['enable_bgp']) if (filter_var($config['uptime_warning'], FILTER_VALIDATE_FLOAT) !== FALSE && $config['uptime_warning'] > 0) { - if ($_SESSION['userlevel'] == '10') + if ($_SESSION['userlevel'] >= '10') { $sql = "SELECT * FROM `devices` AS D WHERE D.status = '1' AND D.uptime > 0 AND D.uptime < '" . $config['uptime_warning'] . "' AND D.ignore = 0"; } else { @@ -191,7 +191,7 @@ if ($config['enable_syslog'])

    Recent Eventlog Entries

    "); - if ($_SESSION['userlevel'] == '10') + if ($_SESSION['userlevel'] >= '10') { $query = "SELECT *,DATE_FORMAT(datetime, '%D %b %T') as humandate FROM `eventlog` ORDER BY `datetime` DESC LIMIT 0,15"; } else { diff --git a/html/pages/locations.inc.php b/html/pages/locations.inc.php index bd35d25f7e..93dffa0e36 100644 --- a/html/pages/locations.inc.php +++ b/html/pages/locations.inc.php @@ -35,7 +35,7 @@ echo('
    ') foreach (getlocations() as $location) { - if ($_SESSION['userlevel'] == '10') + if ($_SESSION['userlevel'] >= '10') { $num = dbFetchCell("SELECT COUNT(device_id) FROM devices WHERE location = ?", array($location)); $net = dbFetchCell("SELECT COUNT(device_id) FROM devices WHERE location = ? AND type = 'network'", array($location)); diff --git a/html/pages/preferences.inc.php b/html/pages/preferences.inc.php index 845b3198e4..560a4faef6 100644 --- a/html/pages/preferences.inc.php +++ b/html/pages/preferences.inc.php @@ -4,6 +4,12 @@ $pagetitle[] = "Preferences"; echo("

    User Preferences

    "); +if ($_SESSION['userlevel'] == 11) { + + demo_account(); + +} else { + if ($_POST['action'] == "changepass") { if (authenticate($_SESSION['username'],$_POST['old_pass'])) @@ -167,6 +173,8 @@ if( $config['twofactor'] === true ) { } } +} + echo("
    "); echo("
    Device Permissions
    "); diff --git a/html/pages/settings.inc.php b/html/pages/settings.inc.php index 88a1a45724..8885e131c9 100644 --- a/html/pages/settings.inc.php +++ b/html/pages/settings.inc.php @@ -38,7 +38,7 @@ function a2t($a) { return $r; } -if( $_SESSION['userlevel'] == 10 ) { +if( $_SESSION['userlevel'] >= 10 ) { echo "
    ".a2t($config)."
    "; } else { include("includes/error-no-perm.inc.php"); From c1bbbaca1b1aafb156b3bec8f25db73213acb763 Mon Sep 17 00:00:00 2001 From: Neil Lathwood Date: Mon, 16 Feb 2015 23:55:36 +0000 Subject: [PATCH 2/2] Locked down edit user page as well --- html/pages/edituser.inc.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/html/pages/edituser.inc.php b/html/pages/edituser.inc.php index 0626f1ecf9..635ec3f627 100644 --- a/html/pages/edituser.inc.php +++ b/html/pages/edituser.inc.php @@ -236,6 +236,10 @@ if ($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php"); } elseif ($vars['user_id'] && $vars['edit']) { + if($_SESSION['userlevel'] == 10) { + demo_account(); + } else { + if(!empty($vars['new_level'])) { if($vars['can_modify_passwd'] == 'on') { @@ -368,6 +372,7 @@ if ($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php"); } else { echo print_error("Authentication method doesn't support updating users"); } + } } else { $user_list = get_userlist();