[Netpass-devel] NetPass/www/htdocs/Admin audit.mhtml,1.8,1.9

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/netpass/NetPass/www/htdocs/Admin
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv17687/www/htdocs/Admin

Modified Files:
	audit.mhtml 
Log Message:
bug fix to audit form

Index: audit.mhtml
===================================================================
RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/audit.mhtml,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9

--- audit.mhtml	31 Aug 2005 20:09:17 -0000	1.8
+++ audit.mhtml	14 Sep 2005 17:41:27 -0000	1.9
@@ -248,47 +248,40 @@
 
 	# double check the value, make sure noone can sneak an insertion attack in here ;)
 	$type = ($type eq "OR")?"OR":"AND";
+
+	my $query = "SELECT DATE_FORMAT(ts, '%Y-%m-%d %H:%i:%s') as dt, username, ipAddress, macAddress, severity, location, message FROM audit ";
 	
-	my @clause = ();
-	my @params = ();
+	my @SC = ();
 
 	if($ip) {
-		push(@clause, "ipAddress=?");
-		push(@params, $ip);
+		push @SC, " ipAddress = ".$dbh->quote($ip);
 	}
 
 	if($message) {
-		push(@clause, "message LIKE ?");
-		push(@params, $message);
+		push @SC, " message LIKE ".$dbh->quote($message);
 	}
 
 	if($mac) {
 		$mac =~ s/://g;
-
-		push(@clause, "macAddress=?");
-		push(@params, lc($mac));
+		push @SC, " macAddress = ".$dbh->quote($mac);
 	}
 	
 	if($uid) {
-		push(@clause, "username=?");
-		push(@params, $uid);
+		push @SC, "  username = ".$dbh->quote($uid);
 	}
 
 	if($sev) {
-		push(@clause, "severity=?");
-		push(@params, $sev);
+		push @SC, "  severity = ".$dbh->quote($sev);
 	}
 
-	my $query = "SELECT DATE_FORMAT(ts, '%Y-%m-%d %H:%i:%s') as dt, username, ipAddress, macAddress, severity, location, message FROM audit ";
 	
-	if($#clause>-1) {
-		$query .= " WHERE " . join(" $type ", @clause)
+	if($#SC > -1) {
+		$query .= " WHERE " . join(" $type ", @SC)
 	}
 
 	$query .= " ORDER BY ts DESC LIMIT $start,$limit";
 
-	#print $query;
-	#print join(',', @params);
+	#print "query ", $query, "<P>";
 
 	my $lres = $dbh->selectall_arrayref($query);
 
@@ -314,9 +307,7 @@
 
 	my @results = @$lres;
 
-print "others<P>";
 	foreach my $npserv (keys %hosts) {
-print "others=$npserv<P>";
 		my $rdbh = DBI->connect('dbi:mysql:database=netpass;host='.$npserv, 
 				$np->cfg->dbUsername, $np->cfg->dbPassword);
 		if ($rdbh) {



