[Netpass-devel] NetPass/www/htdocs/Admin audit.mhtml,1.8,1.9
Brought to you by:
jeffmurphy
Menu
▾
▴
[Netpass-devel] NetPass/www/htdocs/Admin audit.mhtml,1.8,1.9
|
From: jeff m. <jef...@us...> - 2005-09-14 17:41:36
|
Update of /cvsroot/netpass/NetPass/www/htdocs/Admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv17687/www/htdocs/Admin Modified Files: audit.mhtml Log Message: bug fix to audit form Index: audit.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/audit.mhtml,v retrieving revision 1.8 retrieving revision 1.9 diff -u -d -r1.8 -r1.9 --- audit.mhtml 31 Aug 2005 20:09:17 -0000 1.8 +++ audit.mhtml 14 Sep 2005 17:41:27 -0000 1.9 @@ -248,47 +248,40 @@ # double check the value, make sure noone can sneak an insertion attack in here ;) $type = ($type eq "OR")?"OR":"AND"; + + my $query = "SELECT DATE_FORMAT(ts, '%Y-%m-%d %H:%i:%s') as dt, username, ipAddress, macAddress, severity, location, message FROM audit "; - my @clause = (); - my @params = (); + my @SC = (); if($ip) { - push(@clause, "ipAddress=?"); - push(@params, $ip); + push @SC, " ipAddress = ".$dbh->quote($ip); } if($message) { - push(@clause, "message LIKE ?"); - push(@params, $message); + push @SC, " message LIKE ".$dbh->quote($message); } if($mac) { $mac =~ s/://g; - - push(@clause, "macAddress=?"); - push(@params, lc($mac)); + push @SC, " macAddress = ".$dbh->quote($mac); } if($uid) { - push(@clause, "username=?"); - push(@params, $uid); + push @SC, " username = ".$dbh->quote($uid); } if($sev) { - push(@clause, "severity=?"); - push(@params, $sev); + push @SC, " severity = ".$dbh->quote($sev); } - my $query = "SELECT DATE_FORMAT(ts, '%Y-%m-%d %H:%i:%s') as dt, username, ipAddress, macAddress, severity, location, message FROM audit "; - if($#clause>-1) { - $query .= " WHERE " . join(" $type ", @clause) + if($#SC > -1) { + $query .= " WHERE " . join(" $type ", @SC) } $query .= " ORDER BY ts DESC LIMIT $start,$limit"; - #print $query; - #print join(',', @params); + #print "query ", $query, "<P>"; my $lres = $dbh->selectall_arrayref($query); @@ -314,9 +307,7 @@ my @results = @$lres; -print "others<P>"; foreach my $npserv (keys %hosts) { -print "others=$npserv<P>"; my $rdbh = DBI->connect('dbi:mysql:database=netpass;host='.$npserv, $np->cfg->dbUsername, $np->cfg->dbPassword); if ($rdbh) { |
