- [DEV-178] fixes to permission scheme in DM setup (Artem)

- [DEV-153] changes in brute force blocking scheme (Artem) git-svn-id: svn://svn.zabbix.com/trunk@5775 97f52cf1-0a1b-0410-bd0e-c28be96e8082
author: artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082> 2008-06-17 13:51:42 +0000
committer: artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082> 2008-06-17 13:51:42 +0000
commit: 717eb6f9ed27471f3213d188d29bd267ff726a0f (patch)
tree: de1b3ce21891d1ce5d50e7762a6acf5270acdb47 /frontends/php/include
parent: 184117d744e0a9c98e31ae94cfc3bca0e66e4b50 (diff)
download: zabbix-717eb6f9ed27471f3213d188d29bd267ff726a0f.tar.gz
zabbix-717eb6f9ed27471f3213d188d29bd267ff726a0f.tar.xz
zabbix-717eb6f9ed27471f3213d188d29bd267ff726a0f.zip
4 files changed, 69 insertions, 66 deletions
diff --git a/frontends/php/include/config.inc.php b/frontends/php/include/config.inc.php
index 6dbd676a..a6caf779 100644
--- a/frontends/php/include/config.inc.php
+++ b/frontends/php/include/config.inc.php
@@ -220,7 +220,7 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; }  // DEBUG INFO!!!
 			$ZBX_WITH_SUBNODES = get_cookie('zbx_with_subnodes', false); // Show elements from subnodes
 
 			if(isset($_REQUEST['switch_node'])){
-				if($node_data = DBfetch(DBselect("select * from nodes where nodeid=".$_REQUEST['switch_node']))){
+				if($node_data = DBfetch(DBselect('SELECT * FROM nodes WHERE nodeid='.$_REQUEST['switch_node']))){
 					$ZBX_CURRENT_NODEID = $_REQUEST['switch_node'];
 				}
 				unset($node_data);
@@ -230,11 +230,17 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; }  // DEBUG INFO!!!
 				$ZBX_WITH_SUBNODES = !empty($_REQUEST['show_subnodes']);
 			}
 
-			if($node_data = DBfetch(DBselect("select * from nodes where nodeid=".$ZBX_CURRENT_NODEID))){
+			if($node_data = DBfetch(DBselect('SELECT * FROM nodes WHERE nodeid='.$ZBX_CURRENT_NODEID))){
 				$ZBX_CURMASTERID = $node_data['masterid'];
 			}
 			
-			$ZBX_NODES = get_accessible_nodes_by_user($USER_DETAILS, PERM_READ_LIST, PERM_RES_DATA_ARRAY);
+//			$ZBX_NODES = get_accessible_nodes_by_user($USER_DETAILS, PERM_READ_LIST, PERM_RES_DATA_ARRAY);
+
+			$sql = 'SELECT * FROM nodes';
+			$db_nodes = DBselect($sql);
+			while($node = DBfetch($db_nodes)){
+				$ZBX_NODES[$node['nodeid']] = $node;
+			}
 
 			if ( !isset($ZBX_NODES[$ZBX_CURRENT_NODEID]) ){
 				$denyed_page_requested = true;
@@ -242,14 +248,14 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; }  // DEBUG INFO!!!
 				$ZBX_CURMASTERID = $ZBX_LOCMASTERID;
 			}
 
-			foreach ( $ZBX_NODES as $nodeid => $node_data ){
-				for ( 	$curr_node = &$node_data;
-					$curr_node['masterid'] != 0 &&
-					(bccomp($curr_node['masterid'] , $ZBX_CURRENT_NODEID) != 0);
-					$curr_node = &$ZBX_NODES[$curr_node['masterid']]
-				);
+			foreach($ZBX_NODES as $nodeid => $node_data ){
+				$curr_node = &$node_data;
+
+				while(($curr_node['masterid']!=0) && (bccomp($curr_node['masterid'],$ZBX_CURRENT_NODEID)!=0)){
+					$curr_node = &$ZBX_NODES[$curr_node['masterid']];
+				}
 
-				if (bccomp($curr_node['masterid'],$ZBX_CURRENT_NODEID) == 0 ){
+				if(bccomp($curr_node['masterid'],$ZBX_CURRENT_NODEID) == 0 ){
 					$ZBX_CURRENT_SUBNODES[$nodeid] = $nodeid;
 				}
 			}
@@ -271,14 +277,12 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; }  // DEBUG INFO!!!
 
 	function get_current_nodeid($forse_with_subnodes = null, $perm = null){
 		global $USER_DETAILS, $ZBX_CURRENT_NODEID, $ZBX_CURRENT_SUBNODES, $ZBX_WITH_SUBNODES;
-
 		if(!isset($ZBX_CURRENT_NODEID))
 			init_nodes();
 
 		$result = ( is_show_subnodes($forse_with_subnodes) ? $ZBX_CURRENT_SUBNODES : $ZBX_CURRENT_NODEID );
-		
 		if(!is_null($perm)){
-			$result = get_accessible_nodes_by_user($USER_DETAILS, PERM_READ_ONLY, null, null, $result);
+			$result = get_accessible_nodes_by_user($USER_DETAILS, PERM_READ_ONLY, null, $result);
 		}
 
 	return $result;
@@ -301,13 +305,14 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; }  // DEBUG INFO!!!
 	function is_show_subnodes($forse_with_subnodes = null){
 		global	$ZBX_WITH_SUBNODES;
 
-		if ( is_null($forse_with_subnodes)){
-			if ( defined('ZBX_DISABLE_SUBNODES'))
+		if(is_null($forse_with_subnodes)){
+			if(defined('ZBX_DISABLE_SUBNODES'))
 				$forse_with_subnodes = false;
 			else
 				$forse_with_subnodes = $ZBX_WITH_SUBNODES;
 		}
-		return $forse_with_subnodes;
+
+	return $forse_with_subnodes;
 	}
 
 	function access_deny(){
diff --git a/frontends/php/include/defines.inc.php b/frontends/php/include/defines.inc.php
index 03f0f2d2..7b3986ec 100644
--- a/frontends/php/include/defines.inc.php
+++ b/frontends/php/include/defines.inc.php
@@ -32,7 +32,7 @@
 	define('PAGE_TYPE_HTML_BLOCK',	4);	//simple block of html (as text)
 	
 	define('ZBX_LOGIN_ATTEMPTS', 5);
-	define('ZBX_LOGIN_BLOCK', 180);
+	define('ZBX_LOGIN_BLOCK', 30);
 
 	define('T_ZBX_STR',			0);
 	define('T_ZBX_INT',			1);
diff --git a/frontends/php/include/forms.inc.php b/frontends/php/include/forms.inc.php
index 5cb2d04c..898d359e 100644
--- a/frontends/php/include/forms.inc.php
+++ b/frontends/php/include/forms.inc.php
@@ -774,9 +774,9 @@
 		if(isset($userid))	$frmUser->AddVar("userid",$userid);
 
 		if($profile==0){
-			$frmUser->AddRow(S_ALIAS,	new CTextBox("alias",$alias,20));
-			$frmUser->AddRow(S_NAME,	new CTextBox("name",$name,20));
-			$frmUser->AddRow(S_SURNAME,	new CTextBox("surname",$surname,20));
+			$frmUser->AddRow(S_ALIAS,	new CTextBox("alias",$alias,40));
+			$frmUser->AddRow(S_NAME,	new CTextBox("name",$name,40));
+			$frmUser->AddRow(S_SURNAME,	new CTextBox("surname",$surname,40));
 		}
 
 		if(ZBX_AUTH_INTERNAL == $config['authentication_type']){
@@ -818,7 +818,7 @@
 			}
 			
 			$lstGroups = new CListBox('user_groups_to_del[]');
-			$lstGroups->options['style'] = 'width: 270px';
+			$lstGroups->options['style'] = 'width: 280px';
 
 			foreach($user_groups as $groupid => $group_name){
 				$lstGroups->AddItem($groupid,	$group_name);
@@ -951,19 +951,16 @@
 	}
 
 	# Insert form for User Groups
-	function	insert_usergroups_form()
-	{
+	function insert_usergroups_form(){
 		global  $USER_DETAILS;
 
 		$frm_title = S_USER_GROUP;
-		if(isset($_REQUEST["usrgrpid"]))
-		{
+		if(isset($_REQUEST["usrgrpid"])){
 			$usrgrp		= get_group_by_usrgrpid($_REQUEST["usrgrpid"]);
-			$frm_title 	= S_USER_GROUP." \"".$usrgrp["name"]."\"";
+			$frm_title 	= S_USER_GROUP.' "'.$usrgrp['name'].'"';
 		}
 
-		if(isset($_REQUEST["usrgrpid"]) && !isset($_REQUEST["form_refresh"]))
-		{
+		if(isset($_REQUEST["usrgrpid"]) && !isset($_REQUEST["form_refresh"])){
 			$name	= $usrgrp['name'];
 
 			$users_status = $usrgrp['users_status'];
@@ -988,11 +985,9 @@
 					' LEFT JOIN nodes n on n.nodeid='.DBid2nodeid('g.groupid').
 					' WHERE r.groupid='.$_REQUEST["usrgrpid"],
 				);
-			foreach($sqls as $sql)
-			{
+			foreach($sqls as $sql){
 				$db_rights = DBselect($sql);
-				while($db_right = DBfetch($db_rights))
-				{
+				while($db_right = DBfetch($db_rights)){
 					if(isset($db_right['node_name']))
 						$db_right['name'] = $db_right['node_name'].':'.$db_right['name'];
 
@@ -1004,9 +999,8 @@
 				}
 			}
 		}
-		else
-		{
-			$name	=			get_request("gname","");
+		else{
+			$name	=			get_request('gname','');
 			$users_status = 	get_request('users_status',0);
 			$gui_access = 		get_request('gui_access',0);
 			$group_users	= get_request("group_users",array());
@@ -1020,12 +1014,12 @@
 		$frmUserG->SetHelp("web.users.groups.php");
 		$frmUserG->AddVar("config",get_request("config",1));
 
-		if(isset($_REQUEST["usrgrpid"]))
-		{
+		if(isset($_REQUEST["usrgrpid"])){
 			$frmUserG->AddVar("usrgrpid",$_REQUEST["usrgrpid"]);
 		}
+		
 		$grName = new CTextBox("gname",$name,49);
-		$grName->options['style'] = 'width: 250px';
+		$grName->options['style'] = 'width: 280px';
 		$frmUserG->AddRow(S_GROUP_NAME,$grName);
 
 		$frmUserG->AddVar('group_rights', $group_rights);
@@ -1033,7 +1027,7 @@
 		$frmUserG->AddVar('group_users', $group_users);
 
 		$lstUsers = new CListBox('group_users_to_del[]');
-		$lstUsers->options['style'] = 'width: 250px';
+		$lstUsers->options['style'] = 'width: 280px';
 
 		foreach($group_users as $userid => $alias)
 		{
@@ -1081,14 +1075,12 @@
 
 		$lstWrite = new CListBox('right_to_del[read_write][]'	,null	,20);
 		$lstRead  = new CListBox('right_to_del[read_only][]'	,null	,20);
-		$lstDeny  = new CListBox('right_to_del[deny][]'		,null	,20);
+		$lstDeny  = new CListBox('right_to_del[deny][]'			,null	,20);
 
-		foreach($group_rights as $name => $element_data)
-		{
-			if($element_data['permission'] == PERM_DENY)		$lstDeny->AddItem($name, $name);
-			elseif ($element_data['permission'] == PERM_READ_ONLY)	$lstRead->AddItem($name, $name);
-			elseif ($element_data['permission'] == PERM_READ_WRITE)	$lstWrite->AddItem($name, $name);
-			
+		foreach($group_rights as $name => $element_data){
+			if($element_data['permission'] == PERM_DENY)			$lstDeny->AddItem($name, $name);
+			else if($element_data['permission'] == PERM_READ_ONLY)	$lstRead->AddItem($name, $name);
+			else if($element_data['permission'] == PERM_READ_WRITE)	$lstWrite->AddItem($name, $name);
 		}
 
 		$table_Rights->SetHeader(array(S_READ_WRITE, S_READ_ONLY, S_DENY),'header');
@@ -1145,9 +1137,9 @@
 
 		if(ZBX_DISTRIBUTED){
 			$lst['node']['label']		= S_NODES;
-			$lst['node']['read_write']	= new CListBox('nodes_write'	,null	,6);
-			$lst['node']['read_only']	= new CListBox('nodes_read'	,null	,6);
-			$lst['node']['deny']		= new CListBox('nodes_deny'	,null	,6);
+			$lst['node']['read_write']	= new CListBox('nodes_write',null	,10);
+			$lst['node']['read_only']	= new CListBox('nodes_read'	,null	,10);
+			$lst['node']['deny']		= new CListBox('nodes_deny'	,null	,10);
 
 			$nodes = get_accessible_nodes_by_rights($rights, $user_type, PERM_DENY, PERM_RES_DATA_ARRAY);
 			foreach($nodes as $node){
@@ -1162,17 +1154,12 @@
 		}
 
 		$lst['group']['label']		= S_HOST_GROUPS;
-		$lst['group']['read_write']	= new CListBox('groups_write'	,null	,10);
-		$lst['group']['read_only']	= new CListBox('groups_read'	,null	,10);
-		$lst['group']['deny']		= new CListBox('groups_deny'	,null	,10);
+		$lst['group']['read_write']	= new CListBox('groups_write'	,null	,15);
+		$lst['group']['read_only']	= new CListBox('groups_read'	,null	,15);
+		$lst['group']['deny']		= new CListBox('groups_deny'	,null	,15);
 
-		$groups = get_accessible_groups_by_rights($rights, $user_type, PERM_DENY, PERM_RES_DATA_ARRAY, get_current_nodeid(false));
-/*
-SDI($groups);
-		$rights['userid'] = 3;
-		$available_groups= get_accessible_groups_by_user($rights, PERM_DENY, PERM_RES_DATA_ARRAY);
-SDI($available_groups);
-//*/		
+		$groups = get_accessible_groups_by_rights($rights, $user_type, PERM_DENY, PERM_RES_DATA_ARRAY, get_current_nodeid(true));
+	
 		foreach($groups as $group){
 			switch($group['permission']){
 				case PERM_READ_ONLY:
@@ -1193,7 +1180,7 @@ SDI($available_groups);
 		$lst['host']['read_only']	= new CListBox('hosts_read'	,null	,15);
 		$lst['host']['deny']		= new CListBox('hosts_deny'	,null	,15);
 
-		$hosts = get_accessible_hosts_by_rights($rights, $user_type, PERM_DENY, PERM_RES_DATA_ARRAY, get_current_nodeid(false));
+		$hosts = get_accessible_hosts_by_rights($rights, $user_type, PERM_DENY, PERM_RES_DATA_ARRAY, get_current_nodeid(true));
 
 		foreach($hosts as $host){
 			switch($host['permission']){
diff --git a/frontends/php/include/perm.inc.php b/frontends/php/include/perm.inc.php
index 7e5dba6d..b4288da1 100644
--- a/frontends/php/include/perm.inc.php
+++ b/frontends/php/include/perm.inc.php
@@ -58,7 +58,14 @@ function check_authorisation(){
 			$incorect_session = true;
 		}
 		else if($login['attempt_failed']){
-			error('There was ['.$login['attempt_failed'].'] failed attempts to Login from ['.$login['attempt_ip'].'] at ['.date('d.m.Y H:i',$login['attempt_clock']).'] o\'clock!');
+			error(new CScript(array(
+						bold($login['attempt_failed']),
+						'failed login attempts logged. Last failed attempt was from ',
+						bold($login['attempt_ip']),
+						' on ',
+						bold(date('d.m.Y H:i',$login['attempt_clock'])),
+						'.')));
+			
 			DBexecute('UPDATE users SET attempt_failed=0 WHERE userid='.zbx_dbstr($login['userid']));
 		}
 	}
@@ -389,11 +396,13 @@ COpt::counter_up('perm');
 	return $result;
 }
 
-function get_accessible_nodes_by_user(&$user_data,$perm,$perm_res=null,$nodeid=null){
+function get_accessible_nodes_by_user(&$user_data,$perm,$perm_res=null){
 	global $ZBX_LOCALNODEID;
-
+	
+	$nodeid = get_current_nodeid(true);
+//SDI($nodeid);
 	if(is_null($perm_res))	$perm_res=PERM_RES_STRING_LINE;
-
+	
 	$userid		=& $user_data['userid'];
 	$user_type	=& $user_data['type'];
 	if(!isset($userid)) fatal_error('Incorrect user data in "get_accessible_nodes_by_user"');
@@ -610,8 +619,10 @@ function get_accessible_groups_by_rights(&$rights,$user_type,$perm,$perm_res=nul
 return $result;
 }
 
-function get_accessible_nodes_by_rights(&$rights,$user_type,$perm,$perm_res=null,$nodeid=null){
+function get_accessible_nodes_by_rights(&$rights,$user_type,$perm,$perm_res=null){
 	global $ZBX_LOCALNODEID;
+	
+	$nodeid = get_current_nodeid(true);
 
 	if(is_null($perm_res))	$perm_res=PERM_RES_STRING_LINE;
 	if(is_null($user_type)) $user_type = USER_TYPE_ZABBIX_USER;
@@ -672,4 +683,4 @@ function get_accessible_nodes_by_rights(&$rights,$user_type,$perm,$perm_res=null
 
 return $result;
 }
-?>
-\ No newline at end of file
+?>
author	artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082>	2008-06-17 13:51:42 +0000
committer	artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082>	2008-06-17 13:51:42 +0000
commit	717eb6f9ed27471f3213d188d29bd267ff726a0f (patch)
tree	de1b3ce21891d1ce5d50e7762a6acf5270acdb47 /frontends/php/include
parent	184117d744e0a9c98e31ae94cfc3bca0e66e4b50 (diff)
download	zabbix-717eb6f9ed27471f3213d188d29bd267ff726a0f.tar.gz zabbix-717eb6f9ed27471f3213d188d29bd267ff726a0f.tar.xz zabbix-717eb6f9ed27471f3213d188d29bd267ff726a0f.zip