Merge pull request #1386 from OCSInventory-NG/compat_php8

Add PHP8 compatibility and Update version to 2.10

Author: charleneauger

Changes

@@ -1,4 +1,30 @@
 Revision history for ocsreports
+2.10.0
+		* Add PHP8 compatibility
+		* Add layout feature
+		* Add archive/restore actions to GUI LOGS
+		* Add CAS connection feature
+		* Add custom interval configuration to Last Contact in dashboard
+		* Add plugin deployment for unix systems
+		* Add configuration to exclude archive machines from the interface
+		* Improve archive/restore feature
+		* Improve LDAP connection feature
+		* Improve Software category regex display
+		* Update password encryption
+		* Fix subnets loading taking to much time on login
+		* Fix activate package display for every language
+		* Fix archive/restore action
+		* Fix multisearch query if IS NULL operator
+		* Fix software category deletion
+		* Fix SNMP read mib files
+		* Fix save search group for LDAP and CAS users
+		* Fix rights on actions column
+		* Fix CVE 2021-46355
+		* Fix IpDiscover export
+		* Fix IpDiscover bugs
+		* Fix blank page after create networks type
+		* Remove overriding of profile rights on extensions pages
+
 2.9.2
 		* Add archive button on computer details page
 		* Add local import

ajax/calendarfield.php

@@ -1,4 +1,5 @@
 <?php
+
 /*
  * Copyright 2005-2019 OCSInventory-NG/OCSInventory-ocsreports contributors.
  * See the Contributors file for more details about them.
@@ -22,23 +23,18 @@
  */
 require_once('../require/function_commun.php');
 require_once('../var.php');
-
 if(isset($_GET['fieldid'])){
     $html = get_html($_GET['fieldid']);
     echo $html;
 }
-
-
 function get_html($fieldId) {
     global $l;
-    $fieldId = htmlspecialchars($fieldId, ENT_QUOTES, 'UTF-8');
-    $html = '<div class="input-group date form_datetime">
+    $fieldId = htmlspecialchars($fieldId, ENT_QUOTES, 'UTF-8'); 
+
+    return '<div class="input-group date form_datetime">
                 <input type="text" class="form-control" name="'.$fieldId.'" id="'.$fieldId.'" value=""/>
                 <span class="input-group-addon">
                     '.calendars($fieldId, $_SESSION['OCS']['DATE_FORMAT_LANG']).'
                 </span>
-            </div>'; 
-
-    return $html;
+            </div>';
 }
-?>

backend/AUTH/auth.php

@@ -38,6 +38,7 @@
 // You don't have to change these variables anymore, see var.php
 $affich_method = get_affiche_methode();
 $list_methode = get_list_methode();
+$limitAttempt = false;
 
 if ($affich_method == 'HTML' && isset($protectedPost['Valid_CNX']) && trim($protectedPost['LOGIN']) != "") {
     $login = $protectedPost['LOGIN'];
@@ -85,7 +86,7 @@
 
 if (isset($login) && isset($mdp)) {
     $i = 0;
-    while ($list_methode[$i]) {
+    while (array_key_exists($i, $list_methode) && $list_methode[$i]) {
         require_once('methode/' . $list_methode[$i]);
         if ($login_successful == "OK")
             break;
@@ -94,7 +95,7 @@
 }
 
 // login ok?
-if ($login_successful == "OK" && isset($login_successful) && !$limitAttempt) {
+if (isset($login_successful) && $login_successful == "OK" && !$limitAttempt) {
     $_SESSION['OCS']["loggeduser"] = $login;
     $_SESSION['OCS']['cnx_origine'] = $cnx_origine;
     $_SESSION['OCS']['user_group'] = $user_group;
@@ -166,7 +167,7 @@
     }
 } else {
     if ($auth['ivalue']['SECURITY_AUTHENTICATION_BLOCK_IP'] == 1){
-        if ($login != ""){
+        if (!empty($login)){
             $sql = "INSERT INTO auth_attempt (`DATETIMEATTEMPT`,`LOGIN`,`IP`,`SUCCESS`)
             VALUES ('%s','%s','%s','%s')";
             $datetime = new DateTime();
@@ -179,6 +180,9 @@
     if ($affich_method == 'HTML') {
         require_once (HEADER_HTML);
         if (isset($protectedPost['Valid_CNX'])) {
+            if (empty($_SESSION['OCS']["loggeduser"])) {
+                $login_successful = "No user provided";
+            }
             msg_error($login_successful);
             flush();
             //you can't send a new login/passwd before 2 seconds
@@ -204,11 +208,11 @@
 
                     <div class="form-group">
                         <label for="LOGIN"><?php echo $l->g(243); ?> :</label>
-                        <input type="text" class="form-control login-username-input" name="LOGIN" id="LOGIN" value='<?php echo preg_replace("/[^A-Za-z0-9-_\.]/", "", $protectedPost['LOGIN']); ?>' placeholder="<?php echo $l->g(243); ?>">
+                        <input type="text" class="form-control login-username-input" name="LOGIN" id="LOGIN" value='<?php echo preg_replace("/[^A-Za-z0-9-_\.]/", "", $protectedPost['LOGIN'] ?? ""); ?>' placeholder="<?php echo $l->g(243); ?>">
                     </div>
                     <div class="form-group">
                         <label for="PASSWD"><?php echo $l->g(217); ?> :</label>
-                        <input type="password" class="form-control login-password-input" name="PASSWD" id="PASSWD" value='<?php echo preg_replace("/[^A-Za-z0-9-_\.]/", "", $protectedPost['PASSWD']); ?>' placeholder="<?php echo $l->g(217); ?>">
+                        <input type="password" class="form-control login-password-input" name="PASSWD" id="PASSWD" value='<?php echo preg_replace("/[^A-Za-z0-9-_\.]/", "", $protectedPost['PASSWD'] ?? ""); ?>' placeholder="<?php echo $l->g(217); ?>">
                     </div>
 
                     <input type="submit" class="btn btn-lg btn-block btn-success login-btn" id="btn-logon" name="Valid_CNX" value="<?php echo $l->g(13); ?>" />

backend/AUTH/methode/ldap.php

@@ -107,11 +107,11 @@ function search_on_loginnt($login) {
     }
 
     // save user fields in session
-    $_SESSION['OCS']['details']['givenname'] = $info[0]['givenname'][0];
-    $_SESSION['OCS']['details']['sn'] = $info[0]['sn'][0];
-    $_SESSION['OCS']['details']['cn'] = $info[0]['cn'][0];
-    $_SESSION['OCS']['details']['mail'] = $info[0]['mail'][0];
-    $_SESSION['OCS']['details']['title'] = $info[0]['title'][0];
+    $_SESSION['OCS']['details']['givenname'] = $info[0]['givenname'][0] ?? '';
+    $_SESSION['OCS']['details']['sn'] = $info[0]['sn'][0] ?? '';
+    $_SESSION['OCS']['details']['cn'] = $info[0]['cn'][0] ?? '';
+    $_SESSION['OCS']['details']['mail'] = $info[0]['mail'][0] ?? '';
+    $_SESSION['OCS']['details']['title'] = $info[0]['title'][0] ?? '';
 
     return $info;
 }

backend/AUTH/methode/local.php

@@ -28,7 +28,7 @@
 $resOp = mysql2_query_secure($reqOp, $_SESSION['OCS']["readServer"], $arg_reqOp);
 $rowOp = mysqli_fetch_object($resOp);
 
-if ($rowOp->PASSWORD_VERSION === '0') {
+if (isset($rowOp->PASSWORD_VERSION) && $rowOp->PASSWORD_VERSION === '0') {
     $reqOp = "SELECT ID, USER_GROUP FROM operators WHERE ID='%s' and PASSWD ='%s'";
     $arg_reqOp = array($login, md5($protectedMdp));
 
@@ -68,7 +68,7 @@
         }
     }
 
-    if ($login_status == true || hash(PASSWORD_CRYPT, $mdp) == $rowOp->PASSWD) {
+    if ($login_status == true || (isset($rowOp->PASSWD) && hash(PASSWORD_CRYPT, $mdp) == $rowOp->PASSWD)) {
         $login_successful = "OK";
         $user_group = $rowOp->USER_GROUP;
         $type_log = 'CONNEXION';

backend/identity/identity.php

@@ -1,4 +1,5 @@
 <?php
+
 /*
  * Copyright 2005-2016 OCSInventory-NG/OCSInventory-ocsreports contributors.
  * See the Contributors file for more details about them.
@@ -22,14 +23,12 @@
  */
 require_once(BACKEND . 'require/connexion.php');
 require_once(BACKEND . 'require/auth.manager.php');
-
 // You don't have to change these variables anymore, see var.php
 $list_methode = get_list_methode(true);
-
 if (!isset($_SESSION['OCS']["lvluser"])) {
     $i = 0;
     //methode pour le calcul des droits
-    while ($list_methode[$i]) {
+    while (isset($list_methode[$i]) && $list_methode[$i]) {
         require_once('methode/' . $list_methode[$i]);
         //on garde les erreurs présentes
         //entre chaque méthode
@@ -45,16 +44,15 @@
         $i++;
     }
 }
-
 if (!isset($tab_tag) && $restriction != 'NO') {
     $LIST_ERROR = "";
-    foreach ($tab_error as $script => $error) {
+    foreach ($tab_error as $error) {
         $LIST_ERROR .= $error;
         addLog('ERROR_IDENTITY', $error);
     }
     $_SESSION['OCS']["mesmachines"] = "NOTAG";
 } elseif (isset($tab_tag)) {
-    foreach ($list_methode as $prio => $script) {
+    foreach ($list_methode as $script) {
         if (isset($tab_tag[$script])) {
             foreach ($tab_tag[$script] as $tag => $lbl) {
                 $list_tag[$tag] = $tag;
@@ -71,7 +69,5 @@
     $_SESSION['OCS']["mytag"] = $lbl_list_tag;
     $_SESSION['OCS']['TAGS'] = $list_tag;
 }
-
 if (isset($lvluser))
     $_SESSION['OCS']["lvluser"] = $lvluser;
-?>

backend/identity/methode/cas.php

@@ -64,11 +64,11 @@
 
         $arg_insert = array($_SESSION['OCS']["loggeduser"],
             'Default',
-            $_SESSION['OCS']['details']['sn'],
+            $_SESSION['OCS']['details']['sn'] ?? '',
             "",
             "CAS",
             $defaultRole,
-            $_SESSION['OCS']['details']['mail'],
+            $_SESSION['OCS']['details']['mail'] ?? '',
             "NULL"
         );
     } else {
@@ -78,7 +78,7 @@
                     WHERE ID='%s'";
 
         $arg_insert = array(
-            $_SESSION['OCS']['details']['mail'],
+            $_SESSION['OCS']['details']['mail'] ?? '',
             $_SESSION['OCS']["loggeduser"]);
     }
     connexion_local_write();

backend/identity/methode/ldap.php

@@ -1,4 +1,5 @@
 <?php
+
 /*
  * Copyright 2005-2016 OCSInventory-NG/OCSInventory-ocsreports contributors.
  * See the Contributors file for more details about them.
@@ -53,23 +54,19 @@
 if ($_SESSION['OCS']['cnx_origine'] != "LDAP") {
     return false;
 }
-
 require_once ('require/function_files.php');
 // page name
 $name = "ldap.php";
 connexion_local_read();
-
 // select the main database
 mysqli_select_db($link_ocs, $db_ocs);
-
 // retrieve LDAP-related config values into an array
 $sql = "select substr(NAME,7) as NAME,TVALUE from config where NAME like '%s'";
 $arg = array("%CONEX%");
 $res = mysql2_query_secure($sql, $link_ocs, $arg);
 while ($item = mysqli_fetch_object($res)) {
     $config[$item->NAME] = $item->TVALUE;
 }
-
 // checks if the user already exists
 $reqOp = "SELECT new_accesslvl as accesslvl FROM operators WHERE id='%s'";
 $argOp = array($_SESSION['OCS']["loggeduser"]);
@@ -82,14 +79,13 @@
 if (isset($_SESSION['OCS']['details']["filter"])) {
     $defaultRole = $config[$_SESSION['OCS']['details']["filter"]];
 }
-
 // uncomment this section for DEBUG
 // note: cannot use the global DEBUG variable because this happens before the toggle is available.
 /*
-  echo ("field1: ".$f1_name." value=".$f1_value." condition: ".$config['LDAP_CHECK_FIELD1_VALUE']." role=".$config['LDAP_CHECK_FIELD1_ROLE']." level=".$config['LDAP_CHECK_FIELD1_USERLEVEL']."<br>");
-  echo ("field2: ".$item['CONEX_LDAP_CHECK_FIELD2_NAME']." value=".$f2_value." condition: ".$config['LDAP_CHECK_FIELD2_VALUE']." role=".$config['LDAP_CHECK_FIELD2_ROLE']." level=".$config['LDAP_CHECK_FIELD2_USERLEVEL']."<br>");
-  echo ("user: ".$_SESSION['OCS']["loggeduser"]." will have level=".$defaultLevel." and role=".$defaultRole."<br>");
- */
+ echo ("field1: ".$f1_name." value=".$f1_value." condition: ".$config['LDAP_CHECK_FIELD1_VALUE']." role=".$config['LDAP_CHECK_FIELD1_ROLE']." level=".$config['LDAP_CHECK_FIELD1_USERLEVEL']."<br>");
+ echo ("field2: ".$item['CONEX_LDAP_CHECK_FIELD2_NAME']." value=".$f2_value." condition: ".$config['LDAP_CHECK_FIELD2_VALUE']." role=".$config['LDAP_CHECK_FIELD2_ROLE']." level=".$config['LDAP_CHECK_FIELD2_USERLEVEL']."<br>");
+ echo ("user: ".$_SESSION['OCS']["loggeduser"]." will have level=".$defaultLevel." and role=".$defaultRole."<br>");
+*/
 //if defaultRole is define
 if (isset($defaultRole) && trim($defaultRole) != '') {
     // if it doesn't exist, create the user record

backend/identity/methode/local.php

@@ -1,4 +1,5 @@
 <?php
+
 /*
  * Copyright 2005-2016 OCSInventory-NG/OCSInventory-ocsreports contributors.
  * See the Contributors file for more details about them.
@@ -28,19 +29,16 @@
  * si une erreur est rencontrée, on retourne un code erreur
  *
  */
-
 require_once ('require/function_files.php');
 //nom de la page
 $name = "local.php";
 connexion_local_read();
 mysqli_select_db($link_ocs, $db_ocs);
-
 //recherche du niveau de droit de l'utilisateur
 $reqOp = "SELECT new_accesslvl as accesslvl FROM operators WHERE id='%s'";
 $argOp = array($_SESSION['OCS']["loggeduser"]);
 $resOp = mysql2_query_secure($reqOp, $link_ocs, $argOp);
 $rowOp = mysqli_fetch_object($resOp);
-
 if (isset($rowOp->accesslvl)) {
     $lvluser = $rowOp->accesslvl;
 
@@ -95,4 +93,3 @@
 } else {
     $ERROR = $l->g(894);
 }
-?>

backend/ipdiscover/ipdiscover.php

@@ -1,4 +1,5 @@
 <?php
+
 /*
  * Copyright 2005-2016 OCSInventory-NG/OCSInventory-ocsreports contributors.
  * See the Contributors file for more details about them.
@@ -22,13 +23,11 @@
  */
 require_once(BACKEND . 'require/connexion.php');
 require_once(BACKEND . 'require/auth.manager.php');
-
 $list_methode = array(0 => "local.php");
-
 if (!isset($_SESSION['OCS']["ipdiscover"])) {
     $i = 0;
     //methode pour le calcul des droits
-    while ($list_methode[$i]) {
+    while (isset($list_methode[$i]) == true) {
         require_once('methode/' . $list_methode[$i]);
         //on garde les droits de l'utilisateur sur l'ipdiscover
         if (isset($list_ip)) {
@@ -40,7 +39,7 @@
 }
 unset($list_ip);
 if (isset($tab_ip)) {
-    foreach ($list_methode as $prio => $script) {
+    foreach ($list_methode as $script) {
         if (isset($tab_ip[$script])) {
             foreach ($tab_ip[$script] as $ip => $lbl) {
                 $list_ip[$ip] = $lbl;
@@ -58,4 +57,3 @@
     $_SESSION['OCS']["ipdiscover"] = $tab_info;
     $_SESSION['OCS']["ipdiscover_methode"] = $base;
 }
-?>