Update of /cvsroot/netpass/NetPass/www/htdocs/Admin
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv17687/www/htdocs/Admin
Modified Files:
audit.mhtml
Log Message:
bug fix to audit form
Index: audit.mhtml
===================================================================
RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/audit.mhtml,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- audit.mhtml 31 Aug 2005 20:09:17 -0000 1.8
+++ audit.mhtml 14 Sep 2005 17:41:27 -0000 1.9
@@ -248,47 +248,40 @@
# double check the value, make sure noone can sneak an insertion attack in here ;)
$type = ($type eq "OR")?"OR":"AND";
+
+ my $query = "SELECT DATE_FORMAT(ts, '%Y-%m-%d %H:%i:%s') as dt, username, ipAddress, macAddress, severity, location, message FROM audit ";
- my @clause = ();
- my @params = ();
+ my @SC = ();
if($ip) {
- push(@clause, "ipAddress=?");
- push(@params, $ip);
+ push @SC, " ipAddress = ".$dbh->quote($ip);
}
if($message) {
- push(@clause, "message LIKE ?");
- push(@params, $message);
+ push @SC, " message LIKE ".$dbh->quote($message);
}
if($mac) {
$mac =~ s/://g;
-
- push(@clause, "macAddress=?");
- push(@params, lc($mac));
+ push @SC, " macAddress = ".$dbh->quote($mac);
}
if($uid) {
- push(@clause, "username=?");
- push(@params, $uid);
+ push @SC, " username = ".$dbh->quote($uid);
}
if($sev) {
- push(@clause, "severity=?");
- push(@params, $sev);
+ push @SC, " severity = ".$dbh->quote($sev);
}
- my $query = "SELECT DATE_FORMAT(ts, '%Y-%m-%d %H:%i:%s') as dt, username, ipAddress, macAddress, severity, location, message FROM audit ";
- if($#clause>-1) {
- $query .= " WHERE " . join(" $type ", @clause)
+ if($#SC > -1) {
+ $query .= " WHERE " . join(" $type ", @SC)
}
$query .= " ORDER BY ts DESC LIMIT $start,$limit";
- #print $query;
- #print join(',', @params);
+ #print "query ", $query, "<P>";
my $lres = $dbh->selectall_arrayref($query);
@@ -314,9 +307,7 @@
my @results = @$lres;
-print "others<P>";
foreach my $npserv (keys %hosts) {
-print "others=$npserv<P>";
my $rdbh = DBI->connect('dbi:mysql:database=netpass;host='.$npserv,
$np->cfg->dbUsername, $np->cfg->dbPassword);
if ($rdbh) {
|
