thooge
/
ipreg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Features LDAP, Rights, Cables, Menu improvements and bug fixing

This commit is contained in:
Thomas Hooge 2023-02-28 19:21:42 +01:00
parent 26e9c89405
commit db26ffa611
59 changed files with 1039 additions and 301 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

161
cable.php Normal file
View File

@ -0,0 +1,161 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
if ($_SESSION['suser_role_admin'] == 0) {
header_location('comments.php?comments=accessdenied');
}
if (isset($_REQUEST['id'])) {
$id = (int) $_REQUEST['id'] or $id = 0;
}
$ctypes = array('copper' => 'Copper', 'fibre' => 'Fibre',
'laser' => 'Laserlink', 'radio' => 'Radiolink');
// ========== ACTIONS START ===================================================
switch ($submit = form_get_action()) {
case NULL: break;
case 'add': $action = ACT_ADD; break;
case 'view': $action = ACT_VIEW; break;
case 'edit': $action = ACT_EDIT; break;
case 'del': $action = ACT_DELETE; break;
case 'insert':
$description = sanitize($_POST['description']);
$color = sanitize($_POST['color']);
$info = sanitize($_POST['info']);
$sql = "INSERT INTO cable
(cable_description, cable_color, cable_info)
VALUES
(:description, :color, :info)";
$sth = $dbh->prepare($sql);
$sth->bindValue(':description', $description, PDO::PARAM_STR);
$sth->bindValue(':color', $color, PDO::PARAM_STR);
$sth->bindValue(':info', $info, PDO::PARAM_STR);
$sth->execute();
$id = $dbh->lastInsertId();
$action = ACT_VIEW;
break;
case 'update':
$description = sanitize($_POST['description']);
$color = sanitize($_POST['color']);
$length = sanitize($_POST['length']);
$type = sanitize($_POST['cable_type']);
$info = sanitize($_POST['info']);
$sql = "UPDATE cable
SET cable_description=:desc,
cable_color=:color,
cable_length=:length,
cable_type=:type,
cable_info=:info
WHERE cable_id=:id";
$sth = $dbh->prepare($sql);
$sth->bindValue(':id', $id, PDO::PARAM_INT);
$sth->bindValue(':desc', $description, PDO::PARAM_STR);
$sth->bindValue(':length', $length, PDO::PARAM_INT);
$sth->bindValue(':color', $color, PDO::PARAM_STR);
$sth->bindValue(':type', $type, PDO::PARAM_STR);
$sth->bindValue(':info', $info, PDO::PARAM_STR);
$sth->execute();
$action = ACT_VIEW;
break;
case 'delete':
$sth = $dbh->prepare("DELETE FROM cable WHERE cable_id=?");
$sth->execute([$id]);
$action = ACT_DEFAULT;
break;
default:
$g_error->Add(submit_error($submit));
$valid = FALSE;
}
// ========== ACTIONS END =====================================================
$smarty->assign("scripts", 'jscolor.js');
include("header.php");
// ========== PAGE CONTENT ====================================================
if ($action == ACT_DEFAULT):
// ========== VARIANT: default behavior =======================================
$sql = "SELECT cable_id AS id, cable_description AS description,
cable_from_id, cable_to_id, cable_length, cable_links,
cable_type, cable_color,
CONCAT(LEFT(cable_info, 60), IF(CHAR_LENGTH(cable_info)>60,'...','')) AS info
FROM cable
ORDER BY cable_description";
$sth = $dbh->query($sql);
$smarty->assign("cables", $sth->fetchAll());
$smarty->display("cable.tpl");
elseif ($action == ACT_ADD):
// ========== VARIANT: add record =============================================
$smarty->assign('type_options', $ctypes);
$smarty->display('cableadd.tpl');
elseif ($action == ACT_VIEW):
// ========== VARIANT: view single record =====================================
$sql = "SELECT cable_id AS id, cable_description AS description,
cable_from_id, cable_to_id, cable_length, cable_links,
cable_type, cable_color AS color, cable_info AS info
FROM cable
WHERE cable_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$id]);
$smarty->assign('cable', $sth->fetch(PDO::FETCH_OBJ));
$smarty->display('cableview.tpl');
elseif ($action == ACT_EDIT):
// ========== VARIANT: edit single record =====================================
$sql = "SELECT cable_id AS id, cable_description AS description,
cable_from_id, cable_to_id, cable_length, cable_links,
cable_type, cable_color AS color, cable_info AS info
FROM cable
WHERE cable_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$id]);
$smarty->assign('cable', $sth->fetch(PDO::FETCH_OBJ));
$smarty->assign('type_options', $ctypes);
$smarty->display('cableedit.tpl');
elseif ($action == ACT_DELETE):
// ========== VARIANT: delete record ==========================================
$sth = $dbh->prepare("SELECT cable_description FROM cable WHERE cable_id=?");
$sth->execute([$id]);
$smarty->assign('id', $id);
$smarty->assign('description', $sth->fetchColumn());
$smarty->display('cabledel.tpl');
else:
// ========== UNBEKANNTE VARIANTE =============================================
echo "<p>Unknown function call: Please report to system development!</p>\n";
endif; // $action == ...
// ========== END OF VARIANTS =================================================
include("footer.php");
?>

14
dbconnect.php
View File

@ -1,14 +0,0 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
$dbh = new PDO("mysql:host=$config_mysql_host;dbname=$config_mysql_dbname;charset=utf8", $config_mysql_username, $config_mysql_password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
?>

38
header.php
View File

@ -27,15 +27,35 @@ $smarty->assign("suser_name", $_SESSION['suser_displayname']);
$smarty->assign("search", $search);
// menu
$smarty->assign("menu_assets", $_SESSION['suser_menu_assets']=='on');
$smarty->assign("menu_assetclasses", $_SESSION['suser_menu_assetclasses']=='on');
$smarty->assign("menu_assetclassgroups", $_SESSION['suser_menu_assetclassgroups']=='on');
$smarty->assign("menu_locations", $_SESSION['suser_menu_locations']=='on');
$smarty->assign("menu_nodes", $_SESSION['suser_menu_nodes']=='on');
$smarty->assign("menu_subnets", $_SESSION['suser_menu_subnets']=='on');
$smarty->assign("menu_users", $_SESSION['suser_menu_users']=='on');
$smarty->assign("menu_vlans", $_SESSION['suser_menu_vlans']=='on');
$smarty->assign("menu_zones", $_SESSION['suser_menu_zones']=='on');
$menu = array();
if ($_SESSION['suser_menu_assets']) {
$menu[] = '<a href="asset.php">' . $lang['lang_assets'] . "</a>\n";
}
if ($_SESSION['suser_menu_assetclasses']) {
$menu[] = '<a href="assetclass.php">' . $lang['lang_assetclasses'] . "</a>\n";
}
if ($_SESSION['suser_menu_assetclassgroups']) {
$menu[] = '<a href="assetclassgroup.php">' . $lang['lang_assetclassgroups'] . "</a>\n";
}
if ($_SESSION['suser_menu_locations']) {
$menu[] = '<a href="location.php">' . $lang['lang_locations'] . "</a>\n";
}
if ($_SESSION['suser_menu_nodes']) {
$menu[] = '<a href="node.php">' . $lang['lang_nodes'] . "</a>\n";
}
if ($_SESSION['suser_menu_subnets']) {
$menu[] = '<a href="subnet.php">' . $lang['lang_subnets'] . "</a>\n";
}
if ($_SESSION['suser_menu_vlans']) {
$menu[] = '<a href="vlan.php">' . $lang['lang_vlans'] . "</a>\n";
}
if ($_SESSION['suser_menu_cables']) {
$menu[] = '<a href="cable.php">' . $lang['lang_cables'] . "</a>\n";
}
if ($_SESSION['suser_menu_zones']) {
$menu[] = '<a href="zone.php">' . $lang['lang_zones'] . "</a>\n";
}
$smarty->assign("menu", implode(' | ', $menu));
$smarty->display("header.tpl");
?>

BIN
images/admin.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 748 B

BIN
images/cancel.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 587 B

BIN
images/information.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 778 B

BIN
images/manage.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 801 B

BIN
images/note.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 500 B

BIN
images/plugin.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 591 B

13
includes.php
View File

@ -11,13 +11,18 @@ session_name('ipreg');
session_start();
// check for user_id, if unnkown, redirect to login
if(empty($_SESSION['suser_id'])) {
header("Location: login.php");
exit;
if (empty($_SESSION['suser_id'])) {
$_SESSION['prelogin'] = $_SERVER['REQUEST_URI'];
header("Location: login.php");
exit;
}
include("config.php");
include("dbconnect.php");
// connect to database
$dbh = new PDO("mysql:host=$config_mysql_host;dbname=$config_mysql_dbname;charset=utf8", $config_mysql_username, $config_mysql_password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
include("lib.php");

29
install/mysql.sql
View File

@ -22,7 +22,7 @@ CREATE TABLE assetclass (
CREATE TABLE assetclassgroup (
assetclassgroup_id int(10) NOT NULL AUTO_INCREMENT,
assetclassgroup_name varchar(100) NOT NULL,
assetclassgroup_color varchar(6) NOT NULL DEFAULT '000000',
assetclassgroup_color char(6) NOT NULL DEFAULT '000000',
assetclassgroup_description varchar(100) DEFAULT NULL,
PRIMARY KEY (assetclassgroup_id),
INDEX ix_assetclassgroup_name (assetclassgroup_name)
@ -37,11 +37,20 @@ CREATE TABLE cable (
cable_length smallint(5) UNSIGNED DEFAULT NULL,
cable_links smallint(5) UNSIGNED DEFAULT 1,
cable_type enum('copper','fibre','laser','radio') DEFAULT NULL,
cable_color char(6) NOT NULL DEFAULT '000000',
cable_info text DEFAULT NULL,
PRIMARY KEY (cable_id),
UNIQUE INDEX ix_cable_description (cable_description)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
-- WIP
CREATE TABLE cablevlan (
cablevlan_id int(10) NOT NULL AUTO_INCREMENT,
cable_id int(10) NOT NULL,
vlan_id int(10) NOT NULL,
PRIMARY KEY (cablevlan_id)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
-- WIP
-- Reference to external systems
CREATE TABLE extlink (
@ -130,27 +139,23 @@ CREATE TABLE user (
user_dateformat varchar(10) NOT NULL DEFAULT 'd M Y H:i',
user_dns1suffix varchar(100) DEFAULT NULL,
user_dns2suffix varchar(100) DEFAULT NULL,
user_menu_assets varchar(2) NOT NULL DEFAULT 'on',
user_menu_assetclasses varchar(2) NOT NULL DEFAULT 'on',
user_menu_assetclassgroups varchar(2) NOT NULL DEFAULT 'on',
user_menu_locations varchar(2) NOT NULL DEFAULT 'on',
user_menu_nodes varchar(2) NOT NULL DEFAULT 'on',
user_menu_subnets varchar(2) NOT NULL DEFAULT 'on',
user_menu_users varchar(2) NOT NULL DEFAULT 'on',
user_menu_vlans varchar(2) NOT NULL DEFAULT 'on',
user_menu_zones varchar(2) NOT NULL DEFAULT 'on',
user_tooltips varchar(2) NOT NULL DEFAULT 'on',
user_menu set('asset','cable','class','group','location','nat','node',
'subnet','vlan','zone') NOT NULL DEFAULT 'asset,class,group,location,node,subnet,vlan',
user_role set('add','edit','delete','manage','admin') DEFAULT NULL,
user_flags set('deleted','locked'),
PRIMARY KEY (user_id),
UNIQUE INDEX ix_username (user_name)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
INSERT INTO user (user_name, user_pass, user_displayname) VALUES
('admin', '$2y$10$HTs0lSaFrfr.q4Gmy5zWfeDg3jhYZkqEGZEnDkMiHZ641nso38mt6', 'Administrator');
INSERT INTO user (user_name, user_pass, user_displayname, user_role) VALUES
('admin', '$2y$10$HTs0lSaFrfr.q4Gmy5zWfeDg3jhYZkqEGZEnDkMiHZ641nso38mt6', 'Administrator', 'admin');
CREATE TABLE vlan (
vlan_id int(10) NOT NULL AUTO_INCREMENT,
vlan_number int(3) NOT NULL,
vlan_name varchar(100) NOT NULL,
vlan_color char(6) NOT NULL DEFAULT '000000',
vlan_info text DEFAULT NULL,
PRIMARY KEY (vlan_id)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;

2
install/mysql_sample.sql
View File

@ -57,4 +57,4 @@ INSERT INTO vlan (vlan_number, vlan_name) VALUES
(1, 'DEFAULT_VLAN');
INSERT INTO zone (zone_soa, zone_origin, zone_hostmaster, zone_serial, zone_ns1) VALUES
('ns1.example.com.', 'example.com.', 'hostmaster@example.com', '2023021301', 'ns1.example.com');
('ns1.example.com.', 'example.com.', 'hostmaster.example.com.', '2023021301', 'ns1.example.com');

20
lang/de.php
View File

@ -9,6 +9,8 @@ $lang = array(
'lang_assetclasses' => 'Objektklassen',
'lang_assetclassgroup' => 'Objektklassengruppe',
'lang_assetclassgroups' => 'Objektklassengruppen',
'lang_cable' => 'Kabel',
'lang_cables' => 'Kabel',
'lang_location' => 'Standort',
'lang_locations' => 'Standorte',
'lang_menu' => 'Menü',
@ -27,7 +29,7 @@ $lang = array(
'lang_vlans' => 'VLANs',
'lang_about' => 'Über',
'lang_all' => 'Allw',
'lang_all' => 'Alle',
'lang_cancel' => 'Abbruch',
'lang_color' => 'Farbe',
'lang_error' => 'Fehler',
@ -48,6 +50,7 @@ $lang = array(
'lang_empty' => 'leer',
'lang_source' => 'Quelle',
'lang_target' => 'Ziel',
'lang_length' => 'L&auml;nge',
'lang_asset_add' => 'Objekt hinzufügen',
'lang_asset_del' => 'Objekt löschen',
@ -99,6 +102,10 @@ $lang = array(
'lang_locationsubnet' => 'Standort/Subnetz',
'lang_locationsubnet_edit' => 'Standort/Subnetz bearbeiten',
'lang_cable_info' => 'Kabelinfo',
'lang_cable_type' => 'Kabeltyp',
'lang_cable_none' => 'Es sind keine Kabel vorhanden',
'lang_node_add' => 'Knoten hinzufügen',
'lang_node_del' => 'Knoten löschen',
'lang_node_edit' => 'Knoten ändern',
@ -151,6 +158,12 @@ $lang = array(
'lang_user_password' => 'Kennwort',
'lang_user_language' => 'Sprache',
'lang_user_realm' => 'Realm',
'lang_user_roles' => 'Rechte',
'lang_user_role_add' => 'Anlegen',
'lang_user_role_edit' => 'Bearbeiten',
'lang_user_role_delete' => 'Löschen',
'lang_user_role_manage' => 'Konfigurieren',
'lang_user_role_admin' => 'Adminstration',
'lang_zone_add' => 'Zone hinzufügen',
'lang_zone_del' => 'Zone löschen',
@ -178,6 +191,7 @@ $lang = array(
'lang_comments_usernameinuse' => 'Benutzername wird bereits verwendet',
'lang_comments_invalidpass' => 'Das Kennwort ist falsch',
'lang_comments_invalidnewpass' => 'Das neue Kennwort wurde nicht korrekt eingegeben',
'lang_comments_accessdenied' => 'Zugriff verweigert. Keine Berechtigung.',
'lang_options_ipreg' => 'IP Reg Optionen',
'lang_options_display' => 'Anzeigeeinstellungen',
@ -192,9 +206,9 @@ $lang = array(
'lang_options_dateformat' => 'Datumsformat',
'lang_options_dateformat_help' => 'Format in which dates are displayed using the php-date-format (see http://www.php.net/date for more info)',
'lang_options_dns1suffix' => 'DNS Name suffix',
'lang_options_dns1suffix_help' => 'Default DNS Name suffix für neue Knoten',
'lang_options_dns1suffix_help' => 'Standard DNS Name Suffix für neue Knoten',
'lang_options_dns2suffix' => 'DNS Alias suffix',
'lang_options_dns2suffix_help' => 'Default DNS Alias suffix für neue Knoten',
'lang_options_dns2suffix_help' => 'Standard DNS Alias Suffix für neue Knoten',
'lang_options_currentpassword' => 'Aktuelles Kennwort',
'lang_options_currentpassword_help' => 'Bitte geben Sie hier Ihr bisheriges Kennwort ein',
'lang_options_newpassword1' => 'Neues Kennwort',

14
lang/en.php
View File

@ -9,6 +9,8 @@ $lang = array(
'lang_assetclasses' => 'Assetclasses',
'lang_assetclassgroup' => 'Assetclassgroup',
'lang_assetclassgroups' => 'Assetclassgroups',
'lang_cable' => 'Cable',
'lang_cables' => 'Cables',
'lang_location' => 'Location',
'lang_locations' => 'Locations',
'lang_menu' => 'Menu',
@ -48,6 +50,7 @@ $lang = array(
'lang_empty' => 'empty',
'lang_source' => 'Source',
'lang_target' => 'Target',
'lang_length' => 'Length',
'lang_asset_add' => 'Add asset',
'lang_asset_del' => 'Delete asset',
@ -99,6 +102,10 @@ $lang = array(
'lang_locationsubnet' => 'Location/Subnet',
'lang_locationsubnet_edit' => 'Edit Location/Subnet',
'lang_cable_info' => 'Cable info',
'lang_cable_type' => 'Cable type',
'lang_cable_none' => 'There are no cables defined',
'lang_node_add' => 'Add node',
'lang_node_del' => 'Delete node',
'lang_node_edit' => 'Modify node',
@ -151,6 +158,12 @@ $lang = array(
'lang_user_password' => 'Password',
'lang_user_language' => 'Language',
'lang_user_realm' => 'Realm',
'lang_user_roles' => 'Roles',
'lang_user_role_add' => 'Add',
'lang_user_role_edit' => 'Edit',
'lang_user_role_delete' => 'Delete',
'lang_user_role_manage' => 'Manage',
'lang_user_role_admin' => 'Adminstration',
'lang_zone_add' => 'Add zone',
'lang_zone_del' => 'Delete zone',
@ -178,6 +191,7 @@ $lang = array(
'lang_comments_usernameinuse' => 'Username in use',
'lang_comments_invalidpass' => 'Invalid password',
'lang_comments_invalidnewpass' => 'Invalid new password',
'lang_comments_accessdenied' => 'Access denied',
'lang_options_ipreg' => 'IP Reg options',
'lang_options_display' => 'Display options',

143
lib.php
View File

@ -7,6 +7,26 @@ Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
// ========== CONSTANT DEFINITIONS ============================================
// page actions
define ('ACT_DEFAULT', 0);
define ('ACT_ADD', 1);
define ('ACT_VIEW', 2);
define ('ACT_EDIT', 3);
define ('ACT_DELETE', 4);
define ('ACT_COPY', 5);
define ('ACT_JOIN', 6);
define ('ACT_LEAVE', 7);
define ('ACT_EDIT_DETAIL', 8);
define ('ACT_DEL_DETAIL', 9);
define ('ACT_LINK', 10);
define ('ACT_UNLINK', 11);
define ('ACT_MAIL', 12);
define ('ACT_VIEW_LIST', 13);
// ========== GLOBAL PAGE START CODE ==========================================
// global version string
$config_version = 'v0.8';
@ -15,19 +35,128 @@ $config_lang = array('de', 'en');
include("lib/functions.php");
//require("lib/db.class.php");
//$db = new Db($dblink);
//require("lib/user.class.php");
// $user = new User();
require_once('smarty3/Smarty.class.php');
$smarty = new Smarty();
$smarty->template_dir = 'tpl';
$smarty->compile_dir = 'tpl_c';
$smarty->registerPlugin('function', 'treelist', 'print_tree');
$smarty->registerPlugin('function', 'msgout', 'msgout');
$smarty->assign("suser_name", $_SESSION['suser_displayname']);
$smarty->assign("suser_tooltips", $_SESSION['suser_tooltips'] ?? 'off');
$smarty->assign("suser_add", $_SESSION['suser_role_add']);
$smarty->assign("suser_edit", $_SESSION['suser_role_edit']);
$smarty->assign("suser_delete", $_SESSION['suser_role_delete']);
$smarty->assign("suser_manage", $_SESSION['suser_role_manage']);
$smarty->assign("suser_admin", $_SESSION['suser_role_admin']);
// prepare global message system
$g_message = new Message;
$g_warning = new MessageWarning;
$g_error = new MessageError;
$action = ACT_DEFAULT;
// ========== FEEDBACK FUNCTIONS ==============================================
class Message {
var $count = 0;
var $text = array();
var $caption;
function Message() {
$this->caption = 'Information';
}
function SetCaption($str) {
$this->caption = $str;
}
function Add($msg) {
$this->count++;
$this->text[$this->count] = $msg;
}
function GetCount() {
return $this->count;
}
function PrintOut() {
if ($this->count > 0) {
echo '<div class="info">', "\n";
echo '<h3>', $this->caption, "</h3>\n";
echo "<ul>\n";
for ($i=1; $i<=$this->count; $i++) {
echo "\t<li>", $this->text[$i],"</li>\n";
}
echo "</ul>\n";
echo "</div>\n";
}
}
}
class MessageWarning extends Message {
function MessageWarning() {
$this->caption = 'Warning';
}
function PrintOut() {
if ($this->count > 0) {
echo '<div class="warning">', "\n";
echo '<h3>', $this->caption, "</h3>\n";
echo "<ul>\n";
for ($i=1; $i<=$this->count; $i++) {
echo "\t<li>", $this->text[$i],"</li>\n";
}
echo "</ul>\n";
echo "</div>\n";
}
}
}
class MessageError extends Message {
function MessageError() {
$this->caption = 'Error';
}
function PrintOut() {
if ($this->count > 0) {
echo '<div class="error">', "\n";
echo '<h3>', $this->caption, "</h3>\n";
echo "<ul>\n";
for ($i=1; $i<=$this->count; $i++) {
echo "\t<li>", $this->text[$i],"</li>\n";
}
echo "</ul>\n";
echo "</div>\n";
}
}
}
// ========== FORM FUNCTIONS ==================================================
function form_get_action() {
if (!isset($_POST['submit'])) {
if (isset($_GET['f'])) {
$submit = $_GET['f'];
} else {
$submit = NULL;
}
} else {
$submit = $_POST['submit'];
}
if (is_array($submit)) {
$submit = key($submit);
}
return strtolower($submit);
}
function submit_error($action) {
/* Submit buttons that return an unknown value end up in this
function by default. An exit() is conscious here *not* installed,
since it could be that despite such an error the program
execution should be continued. */
return sprintf('The action "%s" is unknown. It is probably a program error.<br /> Please inform your administrator of the exact circumstances of how this situation came about.', strtoupper($action));
}
// ========== DATABASE FUCTIONS ===============================================

8
lib/functions.php
View File

@ -152,4 +152,12 @@ function print_tree($params, Smarty_Internal_Template $template) {
}
}
function msgout(array $parameters, Smarty_Internal_Template $smarty)
{
// This is just a quick hack around missing {php} in Smarty3
$GLOBALS['g_error']->PrintOut();
$GLOBALS['g_warning']->PrintOut();
$GLOBALS['g_message']->PrintOut();
}
?>

171
lib/user.class.php
View File

@ -1,171 +0,0 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
For more information, visit http://sourceforge.net/projects/ipreg,
or contact me at wietsew@users.sourceforge.net
*****************************************************************************/
class User {
function check_strlen($string) {
// check length
if(strlen($string)<1) {
return FALSE;
} else {
return TRUE;
}
}
function check_ldap_bind($user_name, $user_pass) {
global $config_ldap_host;
global $config_ldap_port;
global $config_ldap_base_dn;
global $config_ldap_bind_dn;
global $config_ldap_bind_pass;
global $config_ldap_login_attr;
$ldap_conn = NULL;
foreach ($config_ldap_host as $server) {
if ($ldap_conn = ldap_connect($server, $config_ldap_port)) {
if ($res = ldap_bind($ldap_conn, $config_ldap_bind_dn, $config_ldap_bind_pass)) {
ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
$filter = "(&(objectClass=user)($config_ldap_login_attr=$user_name))";
$res = ldap_search($ldap_conn, $config_ldap_base_dn, $filter, ['dn']);
if ($res) {
$info = ldap_get_entries($ldap_conn, $res);
$user_dn = $info[0]['dn'];
$res = ldap_bind($ldap_conn, $user_dn, $user_pass);
if ($res) {
return TRUE;
}
}
}
return FALSE;
}
}
return FALSE;
}
function user_login($user_name, $user_pass) {
global $dblink;
// check user_name length
if($this->check_strlen($user_name)==FALSE) {
return FALSE;
}
// check user_pass length
if($this->check_strlen($user_pass)==FALSE) {
return FALSE;
}
// get user data
// initiate class
$db = new Db($dblink);
// build query
$query = "SELECT
user.user_id,
user.user_pass,
user.user_realm,
user.user_displayname,
user.user_language,
user.user_imagesize,
user.user_imagecount,
user.user_mac,
user.user_dateformat,
user.user_dns1suffix,
user.user_dns2suffix,
user.user_menu_assets,
user.user_menu_assetclasses,
user.user_menu_assetclassgroups,
user.user_menu_locations,
user.user_menu_nodes,
user.user_menu_subnets,
user.user_menu_users,
user.user_menu_vlans,
user.user_menu_zones,
user.user_tooltips
FROM
user
WHERE
user.user_name='" . $user_name . "'";
// run query
$users = $db->db_select($query);
// count results
$user_counter = count($users);
// any users?
if ($user_counter>0) {
if ($users[0]['user_realm'] == 'ldap') {
// check LDAP auth
if (! $this->check_ldap_bind($user_name, $user_pass)) {
return FALSE;
}
// TODO sync LDAP data to local
} else {
// compare local passwords
if(!strcmp(md5($user_pass), rtrim($users[0]['user_pass']))) {
// all ok: user is logged in
// md5 match but outdated. rewrite with new algo
$newhash = password_hash($user_pass, PASSWORD_BCRYPT);
$query = "UPDATE user SET user_pass='" . $newhash. "' WHERE user_id=" . $users[0]['user_id'];
$db->db_update($query);
} else {
if (! password_verify($user_pass, $users[0]['user_pass'])) {
return FALSE;
}
}
}
} else {
return FALSE;
}
// register session data
$_SESSION['suser_id'] = $users[0]['user_id'];
$_SESSION['suser_displayname'] = $users[0]['user_displayname'];
$_SESSION['suser_language'] = $users[0]['user_language'];
$_SESSION['suser_imagesize'] = $users[0]['user_imagesize'];
$_SESSION['suser_imagecount'] = $users[0]['user_imagecount'];
$_SESSION['suser_mac'] = $users[0]['user_mac'];
$_SESSION['suser_dateformat'] = $users[0]['user_dateformat'];
$_SESSION['suser_dns1suffix'] = $users[0]['user_dns1suffix'];
$_SESSION['suser_dns2suffix'] = $users[0]['user_dns2suffix'];
$_SESSION['suser_menu_assets'] = $users[0]['user_menu_assets'];
$_SESSION['suser_menu_assetclasses'] = $users[0]['user_menu_assetclasses'];
$_SESSION['suser_menu_assetclassgroups'] = $users[0]['user_menu_assetclassgroups'];
$_SESSION['suser_menu_locations'] = $users[0]['user_menu_locations'];
$_SESSION['suser_menu_nodes'] = $users[0]['user_menu_nodes'];
$_SESSION['suser_menu_subnets'] = $users[0]['user_menu_subnets'];
$_SESSION['suser_menu_users'] = $users[0]['user_menu_users'];
$_SESSION['suser_menu_vlans'] = $users[0]['user_menu_vlans'];
$_SESSION['suser_menu_zones'] = $users[0]['user_menu_zones'];
$_SESSION['suser_tooltips'] = $users[0]['user_tooltips'];
// no errors found, return
return TRUE;
}
function user_logout() {
// clear and destroy session
$_SESSION = array();
}
}
?>

48
login.php
View File

@ -11,8 +11,13 @@ session_name('ipreg');
session_start();
include("config.php");
include("dbconnect.php");
include("lib.php");
// connect to database
$dbh = new PDO("mysql:host=$config_mysql_host;dbname=$config_mysql_dbname;charset=utf8", $config_mysql_username, $config_mysql_password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
include("lib.php"); // only for get_language from browser. TODO: simplify
function user_login ($user_name, $user_pass) {
global $dbh;
@ -27,11 +32,8 @@ function user_login ($user_name, $user_pass) {
$sql = "SELECT user_id, user_pass, user_displayname, user_language,
user_imagesize, user_imagecount, user_mac, user_dateformat,
user_dns1suffix, user_dns2suffix, user_menu_assets,
user_menu_assetclasses, user_menu_assetclassgroups,
user_menu_locations, user_menu_nodes, user_menu_subnets,
user_menu_users, user_menu_vlans, user_menu_zones,
user_tooltips
user_dns1suffix, user_dns2suffix, user_tooltips,
user_menu, user_role, user_flags
FROM user
WHERE user_name=?";
$sth = $dbh->prepare($sql);
@ -55,6 +57,7 @@ function user_login ($user_name, $user_pass) {
$sth->execute([$newhash, $user->user_id]);
}
// all ok: user is logged in, register session data
$_SESSION['suser_id'] = $user->user_id;
$_SESSION['suser_displayname'] = $user->user_displayname;
@ -65,17 +68,26 @@ function user_login ($user_name, $user_pass) {
$_SESSION['suser_dateformat'] = $user->user_dateformat;
$_SESSION['suser_dns1suffix'] = $user->user_dns1suffix;
$_SESSION['suser_dns2suffix'] = $user->user_dns2suffix;
$_SESSION['suser_menu_assets'] = $user->user_menu_assets;
$_SESSION['suser_menu_assetclasses'] = $user->user_menu_assetclasses;
$_SESSION['suser_menu_assetclassgroups'] = $user->user_menu_assetclassgroups;
$_SESSION['suser_menu_locations'] = $user->user_menu_locations;
$_SESSION['suser_menu_nodes'] = $user->user_menu_nodes;
$_SESSION['suser_menu_subnets'] = $user->user_menu_subnets;
$_SESSION['suser_menu_users'] = $user->user_menu_users;
$_SESSION['suser_menu_vlans'] = $user->user_menu_vlans;
$_SESSION['suser_menu_zones'] = $user->user_menu_zones;
$_SESSION['suser_tooltips'] = $user->user_tooltips;
$roles = explode(',', $user->user_role);
$_SESSION['suser_role_add'] = in_array('add', $roles);
$_SESSION['suser_role_edit'] = in_array('edit', $roles);
$_SESSION['suser_role_delete'] = in_array('delete', $roles);
$_SESSION['suser_role_manage'] = in_array('manage', $roles);
$_SESSION['suser_role_admin'] = in_array('admin', $roles);
$menu = explode(',', $user->user_menu);
$_SESSION['suser_menu_assets'] = in_array('asset', $menu);
$_SESSION['suser_menu_assetclasses'] = in_array('class', $menu);
$_SESSION['suser_menu_assetclassgroups'] = in_array('group', $menu);
$_SESSION['suser_menu_cables'] = in_array('cable', $menu);
$_SESSION['suser_menu_locations'] = in_array('location', $menu);
$_SESSION['suser_menu_nodes'] = in_array('node', $menu);
$_SESSION['suser_menu_subnets'] = in_array('subnet', $menu);
$_SESSION['suser_menu_vlans'] = in_array('vlan', $menu);
$_SESSION['suser_menu_zones'] = in_array('zone', $menu);
return TRUE;
}
@ -84,13 +96,13 @@ function user_login ($user_name, $user_pass) {
$language = lang_getfrombrowser($config_lang, $config_lang_default, null, false);
include('lang/' . $language . '.php');
if ($_SERVER['REQUEST_METHOD']=="POST" ) {
if ($_SERVER['REQUEST_METHOD'] == "POST" ) {
$user_name = sanitize($_POST['user_name']);
$user_pass = sanitize($_POST['user_pass']);
if (user_login($user_name, $user_pass) == TRUE) {
header_location("index.php");
header_location($_SESSION['prelogin'] ?? 'index.php');
} else {
$_SESSION = array();
session_destroy();

14
optionseditdisplay.php
View File

@ -31,6 +31,12 @@ if($_SESSION['suser_menu_assetclassgroups']=='on') {
} else {
$user_menu_assetclassgroups_checked = '';
}
// cables
if($_SESSION['suser_menu_cables']=='on') {
$user_menu_cables_checked = 'checked';
} else {
$user_menu_cables_checked = '';
}
// locations
if($_SESSION['suser_menu_locations']=='on') {
$user_menu_locations_checked = 'checked';
@ -49,12 +55,6 @@ if($_SESSION['suser_menu_subnets']=='on') {
} else {
$user_menu_subnets_checked = '';
}
// users
if($_SESSION['suser_menu_users']=='on') {
$user_menu_users_checked = 'checked';
} else {
$user_menu_users_checked = '';
}
// vlans
if($_SESSION['suser_menu_vlans']=='on') {
$user_menu_vlans_checked = 'checked';
@ -85,10 +85,10 @@ $smarty->assign("user_language", $_SESSION['suser_language']);
$smarty->assign("user_menu_assets_checked", $user_menu_assets_checked);
$smarty->assign("user_menu_assetclasses_checked", $user_menu_assetclasses_checked);
$smarty->assign("user_menu_assetclassgroups_checked", $user_menu_assetclassgroups_checked);
$smarty->assign("user_menu_cables_checked", $user_menu_cables_checked);
$smarty->assign("user_menu_locations_checked", $user_menu_locations_checked);
$smarty->assign("user_menu_nodes_checked", $user_menu_nodes_checked);
$smarty->assign("user_menu_subnets_checked", $user_menu_subnets_checked);
$smarty->assign("user_menu_users_checked", $user_menu_users_checked);
$smarty->assign("user_menu_vlans_checked", $user_menu_vlans_checked);
$smarty->assign("user_menu_zones_checked", $user_menu_zones_checked);
$smarty->assign("user_tooltips_checked", $user_tooltips_checked);

73
submit.php
View File

@ -329,11 +329,12 @@ if (isset($_POST['add'])) {
$vlan_name = sanitize($_POST['vlan_name']);
$vlan_number = sanitize($_POST['vlan_number']);
$vlan_info = sanitize($_POST['vlan_info']);
$vlan_color = sanitize($_POST['vlan_color']);
$sql = "INSERT INTO vlan (vlan_name, vlan_number, vlan_info)
VALUE (?, ?, ?)";
$sql = "INSERT INTO vlan (vlan_name, vlan_number, vlan_color, vlan_info)
VALUE (?, ?, ?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$vlan_name, $vlan_number, $vlan_info]);
$sth->execute([$vlan_name, $vlan_number, $vlan_color, $vlan_info]);
header_location("vlanview.php?vlan_id=" . $dbh->lastInsertId());
break;
@ -497,7 +498,7 @@ if (isset($_POST['del'])) {
case ("vlan") :
$vlan_id = sanitize($_POST['vlan_id']);
$sth = $dbh->prepare("DELETE FROM vlan WHERE vlan_id=");
$sth = $dbh->prepare("DELETE FROM vlan WHERE vlan_id=?");
$sth->execute([$vlan_id]);
header_location("vlan.php");
@ -623,31 +624,41 @@ if (isset($_POST['edit'])) {
$dateformat = sanitize($_POST['user_dateformat']);
$dns1suffix = sanitize($_POST['user_dns1suffix']);
$dns2suffix = sanitize($_POST['user_dns2suffix']);
$tooltips = sanitize($_POST['user_tooltips']);
$menu_assets = sanitize($_POST['user_menu_assets']);
$menu_assetclasses = sanitize($_POST['user_menu_assetclasses']);
$menu_assetclassgroups = sanitize($_POST['user_menu_assetclassgroups']);
$menu_cables = sanitize($_POST['user_menu_cables']);
$menu_locations = sanitize($_POST['user_menu_locations']);
$menu_nodes = sanitize($_POST['user_menu_nodes']);
$menu_subnets = sanitize($_POST['user_menu_subnets']);
$menu_users = sanitize($_POST['user_menu_users']);
$menu_vlans = sanitize($_POST['user_menu_vlans']);
$menu_zones = sanitize($_POST['user_menu_zones']);
$tooltips = sanitize($_POST['user_tooltips']);
// construct menu set
$menu = array();
if ($menu_assets) $menu[] = 'asset';
if ($menu_assetclasses) $menu[] = 'class';
if ($menu_assetclassgroups) $menu[] = 'group';
if ($menu_cables) $menu[] = 'cable';
if ($menu_locations) $menu[] = 'location';
if ($menu_nodes) $menu[] = 'node';
if ($menu_subnets) $menu[] = 'subnet';
if ($menu_vlans) $menu[] = 'vlan';
if ($menu_zones) $menu[] = 'zone';
$sql = "UPDATE user SET
user_language=?, user_imagesize=?, user_imagecount=?, user_mac=?, user_dateformat=?,
user_dns1suffix=?, user_dns2suffix=?, user_menu_assets=?, user_menu_assetclasses=?,
user_menu_assetclassgroups=?, user_menu_locations=?, user_menu_nodes=?,
user_menu_subnets=?, user_menu_users=?, user_menu_vlans=?, user_menu_zones=?,
user_tooltips=?
user_language=?, user_imagesize=?, user_imagecount=?,
user_mac=?, user_dateformat=?, user_dns1suffix=?,
user_dns2suffix=?, user_tooltips=?, user_menu=?
WHERE
user_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$language, $imagesize, $imagecount, $mac, $dateformat,
$dns1suffix, $dns2suffix, $menu_assets, $menu_assetclasses,
$menu_assetclassgroups, $menu_locations, $menu_nodes,
$menu_subnets, $menu_users, $menu_vlans, $menu_zones,
$tooltips, $id]);
$sth->execute([$language, $imagesize, $imagecount,
$mac, $dateformat, $dns1suffix,
$dns2suffix, $tooltips, implode(',', $menu),
$id]);
$_SESSION['suser_language'] = $language;
$_SESSION['suser_imagesize'] = $imagesize;
@ -659,10 +670,10 @@ if (isset($_POST['edit'])) {
$_SESSION['suser_menu_assets'] = $menu_assets;
$_SESSION['suser_menu_assetclasses'] = $menu_assetclasses;
$_SESSION['suser_menu_assetclassgroups'] = $menu_assetclassgroups;
$_SESSION['suser_menu_cables'] = $menu_cables;
$_SESSION['suser_menu_locations'] = $menu_locations;
$_SESSION['suser_menu_nodes'] = $menu_nodes;
$_SESSION['suser_menu_subnets'] = $menu_subnets;
$_SESSION['suser_menu_users'] = $menu_users;
$_SESSION['suser_menu_vlans'] = $menu_vlans;
$_SESSION['suser_menu_zones'] = $menu_zones;
$_SESSION['suser_tooltips'] = $tooltips;
@ -720,10 +731,29 @@ if (isset($_POST['edit'])) {
$user_name = sanitize($_POST['user_name']);
$user_displayname = sanitize($_POST['user_displayname']);
$user_realm = sanitize($_POST['user_realm']);
// roles
$role_add = sanitize($_POST['role_add']);
$role_edit = sanitize($_POST['role_edit']);
$role_delete = sanitize($_POST['role_delete']);
$role_manage = sanitize($_POST['role_manage']);
$role_admin = sanitize($_POST['role_admin']);
$sql = "UPDATE user SET user_name=?, user_displayname=?, user_realm=? WHERE user_id=?";
// construct menu set
$role = array();
if ($role_add) $role[] = 'add';
if ($role_edit) $role[] = 'edit';
if ($role_delete) $role[] = 'delete';
if ($role_manage) $role[] = 'manage';
if ($role_admin) $role[] = 'admin';
$sql = "UPDATE user SET
user_name=?, user_displayname=?, user_realm=?,
user_role=?
WHERE user_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$user_name ,$user_displayname, $user_realm, $user_id]);
$sth->execute([$user_name ,$user_displayname, $user_realm,
implode(',', $role), $user_id]);
header_location("userview.php?user_id=" . $user_id);
break;
@ -733,10 +763,11 @@ if (isset($_POST['edit'])) {
$vlan_name = sanitize($_POST['vlan_name']);
$vlan_number = sanitize($_POST['vlan_number']);
$vlan_info = sanitize($_POST['vlan_info']);
$vlan_color = sanitize($_POST['vlan_color']);
$sql = "UPDATE vlan SET vlan_name=?, vlan_number=?, vlan_info=? WHERE vlan_id=?";
$sql = "UPDATE vlan SET vlan_name=?, vlan_number=?, vlan_color=?, vlan_info=? WHERE vlan_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$vlan_name, $vlan_number, $vlan_info, $vlan_id]);
$sth->execute([$vlan_name, $vlan_number, $vlan_color, $vlan_info, $vlan_id]);
header_location("vlanview.php?vlan_id=" . $vlan_id);
break;

2
subnetvlanadd.php
View File

@ -33,7 +33,7 @@ $sth->execute([$subnet_id]);
$vlans = $sth->fetchAll();
foreach ($vlans as $vlan) {
$vlan_options[$vlan['vlan_id']] = $vlan['vlan_name'];
$vlan_options[$vlan['vlan_id']] = $vlan['vlan_name'] . '(' . $vlan['vlan_number']. ')';
}
$smarty->assign("vlan_options", $vlan_options);

2
tpl/asset.tpl
View File

@ -4,7 +4,9 @@
{$lang_assets} ({$assets|@count} / {$assetcount})
</td>
<td align="right">
{if $suser_add}
<a href="assetadd.php"><img src="image.php?icon=add" alt="{$lang_asset_add}" {if $suser_tooltips}title="{$lang_asset_add}" {/if}/></a>
{/if}
</td>
</tr>
</table>

2
tpl/assetclass.tpl
View File

@ -4,7 +4,9 @@
{$lang_assetclasses} ({$assetclasses|@count})
</td>
<td align="right">
{if $suser_add || $suser_admin}
<a href="assetclassadd.php"><img src="image.php?icon=add" alt="{$lang_assetclass_add}" {if $suser_tooltips}title="{$lang_assetclass_add}" {/if}/></a>
{/if}
</td>
</tr>
</table>

2
tpl/assetclassgroup.tpl
View File

@ -4,7 +4,9 @@
{$lang_assetclassgroups} ({$assetclassgroups|@count})
</td>
<td align="right">
{if $suser_add || $suser_admin}
<a href="assetclassgroupadd.php"><img src="image.php?icon=add" alt="{$lang_assetclassgroup_add}" {if $suser_tooltips}title="{$lang_assetclassgroup_add}" {/if}/></a>
{/if}
</td>
</tr>
</table>

2
tpl/assetclassview.tpl
View File

@ -1,7 +1,7 @@
<table class="title">
<tr>
<td class="header">
{$assetclass_name}
{$assetclass->assetclass_name}
</td>
<td align="right">
<a href="assetadd.php?assetclass_id={$assetclass->assetclass_id}"><img src="image.php?icon=add" alt="{$lang_asset_add}" {if $suser_tooltips}title="{$lang_asset_add}" {/if}/></a>

2
tpl/assetview.tpl
View File

@ -1,7 +1,7 @@
<table class="title">
<tr>
<td class="header">
{$asset_name}
{$asset->asset_name}
</td>
<td align="right">
<a href="assignnodetoasset.php?asset_id={$asset->asset_id}"><img src="image.php?icon=add" alt="{$lang_assignnodetoasset}"></a>

52
tpl/cable.tpl Normal file
View File

@ -0,0 +1,52 @@
<table class="title">
<tr>
<td class="header">
{$lang_cable} ({$cables|@count})
</td>
<td align="right">
{if $suser_add || $suser_admin}
<a href="cable.php?f=add"><img src="images/page_add.png" alt="{$lang_add}" {if $suser_tooltips}title="{$lang_add}" {/if}/></a>
{/if}
</td>
</tr>
</table>
<table class="info">
<tr>
<td class="header">
{$lang_cable}
</td>
<td class="header">
{$lang_length}
</td>
<td class="header">
{$lang_cable_type}
</td>
<td class="header">
{$lang_cable_info}
</td>
</tr>
{foreach item=cable from=$cables}
<tr>
<td class="label">
<img src="image.php?color={$cable.cable_color}" alt="#{$cable.cable_color}">
<a href="cable.php?f=view&id={$cable.id}">{$cable.description}</a>
</td>
<td class="label">
{$cable.cable_length} m
</td>
<td class="label">
{$cable.cable_type}
</td>
<td class="label">
{$cable.info}
</td>
</tr>
{foreachelse}
<tr>
<td>
{$lang_cable_none}
</td>
</tr>
{/foreach}
</table>

75
tpl/cableadd.tpl Normal file
View File

@ -0,0 +1,75 @@
<form method="POST" action="cable.php">
<table class="title">
<tr>
<td class="header">
{$lang_cable_add}
</td>
<td align="right">
<a href="#" onClick="history.go(-1)"><img src="images/control_rewind_blue.png" alt="{$lang_cancel}"{if $suser_tooltips} title="{$lang_cancel}"{/if} /></a>
<input type="image" name="submit[insert]" src="images/page_save.png" alt="{$lang_save}"{if $suser_tooltips} title="{$lang_save}"{/if} />
</td>
</tr>
</table>
<table class="info">
<tr>
<td class="header">
{$lang_cable}
</td>
</tr>
<tr>
<td class="label">
{$lang_description}
</td>
<td class="value">
<input type="text" size="40" name="description" maxlength="80">
</td>
</tr>
{*
<tr>
<td class="label">
from - to
</td>
<td class="value">
<input type="text" size="10" name="length" maxlength="12">
-
<input type="text" size="10" name="length" maxlength="12">
</td>
</tr>
*}
<tr>
<td class="label">
{$lang_length}
</td>
<td class="value">
<input type="text" size="10" name="length" maxlength="80"> m
</td>
</tr>
<tr>
<td class="label">
Type
</td>
<td class="value">
{html_options name=cable_type options=$type_options selected=$cable->cable_type}
</td>
</tr>
<tr>
<td class="label">
{$lang_color}
</td>
<td class="value">
#<input type="text" {literal}class="color {pickerPosition:'right'}"{/literal} name="color" size="6" maxlength="6" value="{$cable->color}">
</td>
</tr>
<tr>
<td class="label">
{$lang_info}
</td>
<td class="value">
<textarea name="info" cols="30" rows="10"></textarea>
</td>
</tr>
</table>
</form>

39
tpl/cabledel.tpl Normal file
View File

@ -0,0 +1,39 @@
<form method="POST" action="cable.php">
<input type="hidden" name="id" value="{$cable->id}">
<table class="title">
<tr>
<td class="header">
{$lang_cable_del}
</td>
<td align="right">
<a href="#" onClick="history.go(-1)"><img src="image.php?icon=cancel" alt="{$lang_cancel}" {if $suser_tooltips}title="{$lang_cancel}" {/if}/></a>
<input type="image" src="image.php?icon=shred" alt="{$lang_assetclass_del}" {if $suser_tooltips}title="{$lang_assetclass_del}" {/if}/>
<a href="#" onClick="history.go(-1)"><img src="images/control_rewind_blue.png" alt="Abbruch"{if $suser_tooltips} title="{$lang_cancel}"{/if} /></a>
<input type="image" name="submit[delete]" src="images/delete.png" alt="Löschen"{if $suser_tooltips} title="Löschen"{/if} />
</td>
</tr>
</table>
<table class="info">
<tr>
<td class="header">
{$lang_cable}
</td>
<td class="header_right">
&nbsp;
</td>
</tr>
<tr>
<td class="label">
{$lang_cable_name}
</td>
<td class="value">
<a href="cable.php?id={$cable->id}">{$cable->description}</a>
</td>
</tr>
</table>
</form>

76
tpl/cableedit.tpl Normal file
View File

@ -0,0 +1,76 @@
<form method="POST" action="cable.php">
<input type="hidden" name="id" value="{$cable->id}">
<table class="title">
<tr>
<td class="header">
{$lang_cable_add}
</td>
<td align="right">
<a href="#" onClick="history.go(-1)"><img src="images/control_rewind_blue.png" alt="{$lang_cancel}"{if $suser_tooltips} title="{$lang_cancel}"{/if} /></a>
<input type="image" name="submit[update]" src="images/page_save.png" alt="{$lang_save}"{if $suser_tooltips} title="{$lang_save}"{/if} />
</td>
</tr>
</table>
<table class="info">
<tr>
<td class="header">
{$lang_cable}
</td>
</tr>
<tr>
<td class="label">
{$lang_description}
</td>
<td class="value">
<input type="text" size="40" name="description" maxlength="80" value="{$cable->description}">
</td>
</tr>
{*
<tr>
<td class="label">
from - to
</td>
<td class="value">
<input type="text" size="10" name="loc_from" maxlength="12">
-
<input type="text" size="10" name="loc_to" maxlength="12">
</td>
</tr>
*}
<tr>
<td class="label">
{$lang_length}
</td>
<td class="value">
<input type="text" size="10" name="length" maxlength="80" value="{$cable->cable_length}"> m
</td>
</tr>
<tr>
<td class="label">
Type
</td>
<td class="value">
{html_options name=cable_type options=$type_options selected=$cable->cable_type}
</td>
</tr>
<tr>
<td class="label">
{$lang_color}
</td>
<td class="value">
#<input type="text" {literal}class="color {pickerPosition:'right'}"{/literal} name="color" size="6" maxlength="6" value="{$cable->color}">
</td>
</tr>
<tr>
<td class="label">
{$lang_info}
</td>
<td class="value">
<textarea name="info" cols="30" rows="10">{$cable->info}</textarea>
</td>
</tr>
</table>
</form>

63
tpl/cableview.tpl Normal file
View File

@ -0,0 +1,63 @@
<table class="title">
<tr>
<td class="header">
{$vlan_name}
</td>
<td align="right">
<a href="cable.php?f=edit&id={$cable->id}"><img src="image.php?icon=edit" alt="{$lang_cable_edit}"></a>
<a href="cable.php?f=del&id={$cable->id}"><img src="image.php?icon=delete" alt="{$lang_cable_del}"></a>
</td>
</tr>
</table>
<table class="info">
<tr>
<td class="header">
{$lang_cable}
</td>
<td class="header_right">
&nbsp;
</td>
</tr>
<tr>
<td class="label">
{$lang_description}
</td>
<td class="value">
{$cable->description}
</td>
</tr>
<tr>
<td class="label">
{$lang_cable_type} XXX
</td>
<td class="value">
{$cable->cable_type}
</td>
</tr>
<tr>
<td class="label">
{$lang_length}
</td>
<td class="value">
{$cable->cable_length} m
</td>
</tr>
<tr>
<td class="label">
{$lang_color}
</td>
<td class="value">
<img src="image.php?color={$cable->color}" alt="{$cable->color}">
#{$cable->color}
</td>
</tr>
<tr>
<td class="label">
{$lang_cable_info}
</td>
<td class="value">
{$cable->info}
</td>
</tr>
</table>

11
tpl/header.tpl
View File

@ -26,14 +26,7 @@
<a href="index.php"><img src="image.php?icon=logo" alt="{$lang_ipreg}" style="margin-right:1em" /></a>
</td>
<td valign="top" rowspan="2">
{if $menu_assets}<a href="asset.php">{$lang_assets}</a> | {/if}
{if $menu_assetclasses}<a href="assetclass.php">{$lang_assetclasses}</a> | {/if}
{if $menu_assetclassgroups}<a href="assetclassgroup.php">{$lang_assetclassgroups}</a> | {/if}
{if $menu_locations}<a href="location.php">{$lang_locations}</a> | {/if}
{if $menu_nodes}<a href="node.php">{$lang_nodes}</a> | {/if}
{if $menu_subnets}<a href="subnet.php">{$lang_subnets}</a> | {/if}
{if $menu_vlans}<a href="vlan.php">{$lang_vlans}</a> | {/if}
{if $menu_zones}<a href="zone.php">{$lang_zones}</a> {/if}
{$menu}
</td>
<td align="right" width="38%">
{$suser_name}&nbsp;|&nbsp;
@ -49,7 +42,6 @@
</tr>
</table>
</form>
<table class="header">
<tr>
<td>
@ -57,3 +49,4 @@
</td>
</tr>
</table>
{msgout}

2
tpl/location.tpl
View File

@ -5,7 +5,9 @@
{$lang_locations} ({$locations|@count})
</td>
<td align="right">
{if $suser_add || $suser_admin}
<a href="locationadd.php"><img src="images/building_add.png" alt="{$lang_location_add}" title="{$lang_location_add}" /></a>
{/if}
</td>
</tr>
</table>

2
tpl/locationview.tpl
View File

@ -2,7 +2,7 @@
<tr>
<td class="header">
<img class="icon" src="images/building.png" alt="" />
{$location_name}
{$location->name}
</td>
<td align="right">
<a href="locationadd.php?location_parent={$location->id}"><img src="images/building_add.png" alt="{$lang_sublocation_add}"></a>

2
tpl/login.tpl
View File

@ -1,4 +1,4 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<!DOCTYPE html>
<html>
<head>
<title>{$lang_ipreg}</title>

4
tpl/node.tpl
View File

@ -5,7 +5,9 @@
{$lang_nodes} {if $subnet_id}in {$subnet}{/if} ({$nodes|@count})
</td>
<td align="right">
{if $suser_add || $suser_admin}
<a href="nodeadd.php?subnet_id={$subnet_id}"><img src="image.php?icon=add" alt="{$lang_node_add}"></a>
{/if}
</td>
</tr>
</table>
@ -40,4 +42,4 @@
</td>
</tr>
{/foreach}
</table>
</table>

2
tpl/options.tpl
View File

@ -26,9 +26,11 @@
<a href="optionseditdisplay.php">{$lang_options_display}</a>
</td>
</tr>
{if $suser_admin || $suser_manage}
<tr>
<td class="label">
<a href="user.php">{$lang_users}</a>
</td>
</tr>
{/if}
</table>

4
tpl/optionseditdisplay.tpl
View File

@ -89,10 +89,12 @@
<input type="checkbox" name="user_menu_assets" {$user_menu_assets_checked}>{$lang_assets}<br />
<input type="checkbox" name="user_menu_assetclasses" {$user_menu_assetclasses_checked}>{$lang_assetclasses}<br />
<input type="checkbox" name="user_menu_assetclassgroups" {$user_menu_assetclassgroups_checked}>{$lang_assetclassgroups}<br />
{if $suser_admin}
<input type="checkbox" name="user_menu_cables" {$user_menu_cables_checked}>{$lang_cables}<br />
{/if}
<input type="checkbox" name="user_menu_locations" {$user_menu_locations_checked}>{$lang_locations}<br />
<input type="checkbox" name="user_menu_nodes" {$user_menu_nodes_checked}>{$lang_nodes}<br />
<input type="checkbox" name="user_menu_subnets" {$user_menu_subnets_checked}>{$lang_subnets}<br />
<input type="checkbox" name="user_menu_users" {$user_menu_users_checked}>{$lang_users}<br />
<input type="checkbox" name="user_menu_vlans" {$user_menu_vlans_checked}>{$lang_vlans}<br />
<input type="checkbox" name="user_menu_zones" {$user_menu_zones_checked}>{$lang_zones}
</td>

38
tpl/style.css
View File

@ -201,3 +201,41 @@ table.subnetview td {
padding-left: 0;
background-image: none;
}
/* ========== Error and other messages ===== ================================ */
div.error, div.warning, div.info, div.note {
padding: 0 1em 0 36px;
margin: 1em 0 0 0;
-moz-border-radius: 12px;
}
div.error {
border: 1px solid #8b0000;
background: #ff9999 url("../images/cancel.png") no-repeat scroll 4px 4px;
}
div.warning {
border: 1px solid #827206;
background: #ffdd00 url("../images/error.png") no-repeat scroll 4px 4px;
}
div.info {
border: 1px solid #006400;
background: #b0e1a9 url("../images/information.png") no-repeat scroll 4px 4px;
}
div.note {
border: 1px solid #00008b;
background: #c3d4de url("../images/note.png") no-repeat scroll 4px 4px;
}
div.error h3,
div.warning h3,
div.info h3,
div.note h3 {
font-size: 0.9em;
margin: 0.8em 0.5em 0.5em 0;
color: black;
}
div.error p,
div.warning p,
div.info p,
div.note p {
margin: 0.5em 0.5em 0.5em 0;
}

3
tpl/subnet.tpl
View File

@ -1,10 +1,13 @@
<table class="title">
<tr>
<td class="header">
<img class="icon" src="images/plugin.png" alt="" />
{$lang_subnets} ({$subnets|@count})
</td>
<td align="right">
{if $suser_add || $suser_admin}
<a href="subnetadd.php"><img src="image.php?icon=add" alt="{$lang_subnet_add}"></a>
{/if}
</td>
</tr>
</table>

20
tpl/user.tpl
View File

@ -21,6 +21,9 @@
<td class="header">
{$lang_user_displayname}
</td>
<td class="header">
{$lang_user_roles}
</td>
</tr>
{foreach item=user from=$users}
<tr>
@ -33,6 +36,23 @@
<td class="value">
{$user.displayname}
</td>
<td class="value">
{if in_array('add', $user.role)}
<img src="images/page_add.png" alt="{$lang_user_role_add}"{if $suser_tooltips} title="{$lang_user_role_add}"{/if} />
{/if}
{if in_array('edit', $user.role)}
<img src="images/page_edit.png" alt="{$lang_user_role_edit}"{if $suser_tooltips} title="{$lang_user_role_edit}"{/if} />
{/if}
{if in_array('delete', $user.role)}
<img src="images/page_delete.png" alt="{$lang_user_role_delete}"{if $suser_tooltips} title="{$lang_user_role_delete}"{/if} />
{/if}
{if in_array('manage', $user.role)}
<img src="images/manage.png" alt="{$lang_user_role_manage}"{if $suser_tooltips} title="{$lang_user_role_manage}"{/if} />
{/if}
{if in_array('admin', $user.role)}
<img src="images/admin.png" alt="{$lang_user_role_admin}"{if $suser_tooltips} title="{$lang_user_role_admin}"{/if} />
{/if}
</td>
</tr>
{/foreach}
</table>

57
tpl/useredit.tpl
View File

@ -45,9 +45,64 @@
{$lang_user_realm}
</td>
<td class="value">
{html_radios name=user_realm values=$realm_ids output=$realm_names selected=$realm_selected}
{html_radios name=user_realm values=$realm_ids output=$realm_names selected=$user->realm}
</td>
</tr>
<tr>
<td class="label">
<b>Rechte</b>
</td>
<td class="value">
&nbsp;
</td>
</tr>
<tr>
<td class="label">
{$lang_user_role_add}
</td>
<td class="value">
<img src="images/page_add.png" alt="[Add]">
<input type="checkbox" name="role_add" {if in_array('add', $user->role)} checked="checked"{/if}
</td>
</tr>
<tr>
<td class="label">
{$lang_user_role_edit}
</td>
<td class="value">
<img src="images/page_edit.png" alt="[Edit]">
<input type="checkbox" name="role_edit" {if in_array('edit', $user->role)} checked="checked"{/if}
</td>
</tr>
<tr>
<td class="label">
{$lang_user_role_delete}
</td>
<td class="value">
<img src="images/page_delete.png" alt="[Delete]">
<input type="checkbox" name="role_delete" {if in_array('delete', $user->role)} checked="checked"{/if}
</td>
</tr>
{if $suser_admin}
<tr>
<td class="label">
{$lang_user_role_manage}
</td>
<td class="value">
<img src="images/manage.png" alt="[Manage]">
<input type="checkbox" name="role_manage" {if in_array('manage', $user->role)} checked="checked"{/if}
</td>
</tr>
<tr>
<td class="label">
{$lang_user_role_admin}
</td>
<td class="value">
<img src="images/admin.png" alt="[Admin]">
<input type="checkbox" name="role_admin" {if in_array('admin', $user->role)} checked="checked"{/if}
</td>
</tr>
{/if}
</table>
</form>

22
tpl/userview.tpl
View File

@ -44,4 +44,26 @@
{$user->realm}
</td>
</tr>
<tr>
<td class="label">
{$lang_user_roles}
</td>
<td class="value">
{if in_array('add', $user->role)}
<img src="images/page_add.png" alt="{$lang_user_role_add}"{if $suser_tooltips} title="{$lang_user_role_add}"{/if} />
{/if}
{if in_array('edit', $user->role)}
<img src="images/page_edit.png" alt="{$lang_user_role_edit}"{if $suser_tooltips} title="{$lang_user_role_edit}"{/if} />
{/if}
{if in_array('delete', $user->role)}
<img src="images/page_delete.png" alt="{$lang_user_role_delete}"{if $suser_tooltips} title="{$lang_user_role_delete}"{/if} />
{/if}
{if in_array('manage', $user->role)}
<img src="images/manage.png" alt="{$lang_user_role_manage}"{if $suser_tooltips} title="{$lang_user_role_manage}"{/if} />
{/if}
{if in_array('admin', $user->role)}
<img src="images/admin.png" alt="{$lang_user_role_admin}"{if $suser_tooltips} title="{$lang_user_role_admin}"{/if} />
{/if}
</td>
</tr>
</table>

3
tpl/vlan.tpl
View File

@ -4,7 +4,9 @@
{$lang_vlans} ({$vlans|@count})
</td>
<td align="right">
{if $suser_add || $suser_admin}
<a href="vlanadd.php"><img src="image.php?icon=add" alt="{$lang_vlan_add}" {if $suser_tooltips}title="{$lang_vlan_add}" {/if}/></a>
{/if}
</td>
</tr>
</table>
@ -27,6 +29,7 @@
{$vlan.number}
</td>
<td class="value">
<img src="image.php?color={$vlan.color}" alt="#{$vlan.color}">
<a href="vlanview.php?vlan_id={$vlan.id}">{$vlan.name}</a>
</td>
<td>

8
tpl/vlanadd.tpl
View File

@ -35,6 +35,14 @@
<input type="text" name="vlan_number" size="3">
</td>
</tr>
<tr>
<td class="label">
{$lang_color}
</td>
<td class="value">
#<input type="text" {literal}class="color {pickerPosition:'right'}"{/literal} name="vlan_color" size="6" maxlength="6" value="{$vlan->color}">
</td>
</tr>
<tr>
<td class="label">
{$lang_vlan_info}

2
tpl/vlandel.tpl
View File

@ -5,7 +5,7 @@
<table class="title">
<tr>
<td class="header">
{$vlan_name}
{$vlan->name}
</td>
<td align="right">
<a href="#" onClick="history.go(-1)"><img src="image.php?icon=cancel" alt="{$lang_cancel}"></a>

12
tpl/vlanedit.tpl
View File

@ -1,11 +1,11 @@
<form method="POST" action="submit.php">
<input type="hidden" name="edit" value="vlan">
<input type="hidden" name="vlan_id" value="{$vlan_id}">
<input type="hidden" name="vlan_id" value="{$vlan->id}">
<table class="title">
<tr>
<td class="header">
{$vlan_name}
{$vlan->name}
</td>
<td align="right">
<a href="#" onClick="history.go(-1)"><img src="image.php?icon=back" alt="{$lang_cancel}"></a>
@ -39,6 +39,14 @@
<input type="text" name="vlan_number" size="3" value="{$vlan->number}">
</td>
</tr>
<tr>
<td class="label">
{$lang_color}
</td>
<td class="value">
#<input type="text" {literal}class="color {pickerPosition:'right'}"{/literal} name="vlan_color" size="6" maxlength="6" value="{$vlan->color}">
</td>
</tr>
<tr>
<td class="label">
{$lang_vlan_info}

11
tpl/vlanview.tpl
View File

@ -1,7 +1,7 @@
<table class="title">
<tr>
<td class="header">
{$vlan_name}
{$vlan->name}
</td>
<td align="right">
<a href="assignvlantosubnet.php?vlan_id={$vlan->id}"><img src="image.php?icon=add" alt="{$lang_assignvlantosubnet}"></a>
@ -44,6 +44,15 @@
{$vlan->info}
</td>
</tr>
<tr>
<td class="label">
{$lang_color}
</td>
<td class="value">
<img src="image.php?color={$vlan->color}" alt="{$vlan->color}">
#{$vlan->color}
</td>
</tr>
</table>
<table class="info">

2
tpl/zone.tpl
View File

@ -5,7 +5,9 @@
{$lang_zones} ({$zones|@count})
</td>
<td align="right">
{if $suser_add || $suser_admin}
<a href="zoneadd.php"><img src="image.php?icon=add" alt="{$lang_zone_add}"></a>
{/if}
</td>
</tr>
</table>

6
tpl/zoneview.tpl
View File

@ -2,11 +2,15 @@
<tr>
<td class="header">
<img class="icon" src="images/table.png" alt="" />
{$zone_origin}
{$zone->zone_origin}
</td>
<td align="right">
{if $suser_edit || $suser_admin}
<a href="zoneedit.php?zone_id={$zone->zone_id}"><img src="images/table_edit.png" alt="{$lang_zone_edit}" /></a>
{/if}
{if $suser_del || $suser_admin}
<a href="zonedel.php?zone_id={$zone->zone_id}"><img src="images/table_delete.png" alt="{$lang_zone_del}" /></a>
{/if}
</td>
</tr>
</table>

17
user.php
View File

@ -8,14 +8,27 @@ SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
if (($_SESSION['suser_role_admin'] == 0) and ($_SESSION['suser_role_manage'] == 0)) {
header_location('comments.php?comments=accessdenied');
}
include("header.php");
$sql = "SELECT user_id AS id, user_name AS name,
user_displayname AS displayname, user_realm as realm
user_displayname AS displayname, user_realm AS realm,
user_role AS role
FROM user
ORDER BY user_name";
$sth = $dbh->query($sql);
$smarty->assign("users", $sth->fetchAll(PDO::FETCH_ASSOC));
// role: convert db set to array
$users = $sth->fetchAll(PDO::FETCH_ASSOC);
for($i = 0; $i < count($users); $i++) {
$users[$i]['role'] = explode(',', $users[$i]['role'] );
}
$smarty->assign("users", $users);
$smarty->display("user.tpl");

5
useradd.php
View File

@ -8,6 +8,11 @@ SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
if (($_SESSION['suser_role_admin'] == 0) && ($_SESSION['suser_role_manage'] == 0)) {
header_location('comments.php?comments=accessdenied');
}
include("header.php");
$realms = db_load_enum('user','user_realm');

6
userdel.php
View File

@ -8,7 +8,11 @@ SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
if ($_SESSION['suser_role_admin'] == 0) {
header_location('comments.php?comments=accessdenied');
}
$user_id = sanitize($_GET['user_id']);
include("header.php");

13
useredit.php
View File

@ -8,18 +8,25 @@ SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
if (($_SESSION['suser_role_admin'] == 0) && ($_SESSION['suser_role_manage'] == 0)) {
header_location('comments.php?comments=accessdenied');
}
$user_id = sanitize($_GET['user_id']);
include("header.php");
$sql = "SELECT user_id AS id, user_name AS name, user_displayname AS displayname,
user_realm AS realm
user_realm AS realm, user_role AS role, user_flags AS flags
FROM user
WHERE user_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$user_id]);
$smarty->assign("user", $sth->fetch(PDO::FETCH_OBJ));
$user = $sth->fetch(PDO::FETCH_OBJ);
$user->role = explode(',', $user->role);
$smarty->assign("user", $user);
// auth realms
$smarty->assign("realm_ids", ['local', 'ldap']);

14
userview.php
View File

@ -8,18 +8,26 @@ SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
if (($_SESSION['suser_role_admin'] == 0) and ($_SESSION['suser_role_manage'] == 0)) {
header_location('comments.php?comments=accessdenied');
}
$user_id = sanitize($_GET['user_id']);
include("header.php");
$sql = "SELECT user_id AS id, user_name AS name, user_displayname AS displayname,
user_realm as realm
user_realm as realm, user_role AS role, user_flags AS flags
FROM user
WHERE user_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$user_id]);
$smarty->assign("user", $sth->fetch(PDO::FETCH_OBJ));
$user = $sth->fetch(PDO::FETCH_OBJ);
$user->role = explode(',', $user->role);
$user->flags = explode(',', $user->flags);
$smarty->assign("user", $user);
$smarty->display("userview.tpl");

2
vlan.php
View File

@ -11,7 +11,7 @@ include("includes.php");
include("header.php");
$sql = "SELECT vlan_id AS id, vlan_number AS number, vlan_name AS name,
LEFT(vlan_info, 60) AS info
vlan_color AS color, LEFT(vlan_info, 60) AS info
FROM vlan
ORDER BY vlan_number";
$sth = $dbh->query($sql);

2
vlanadd.php
View File

@ -8,6 +8,8 @@ SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
$smarty->assign("scripts", 'jscolor.js');
include("header.php");
$smarty->display("vlanadd.tpl");

3
vlanedit.php
View File

@ -11,10 +11,11 @@ include("includes.php");
$vlan_id = sanitize($_GET['vlan_id']);
$smarty->assign("scripts", 'jscolor.js');
include("header.php");
$sql = "SELECT vlan_id AS id, vlan_name AS name, vlan_number AS number,
vlan_info AS info
vlan_color AS color, vlan_info AS info
FROM vlan
WHERE vlan_id=?";
$sth = $dbh->prepare($sql);

2
vlanview.php
View File

@ -15,7 +15,7 @@ include("header.php");
// vlan
$sql = "SELECT vlan_id AS id, vlan_name AS name, vlan_number AS number,
vlan_info AS info
vlan_info AS info, vlan_color AS color
FROM vlan
WHERE vlan_id=?";
$sth = $dbh->prepare($sql);