Open-AudIT

What's on your network?
It is currently Tue Jan 16, 2018 11:14 pm

All times are UTC + 10 hours




Post new topic Reply to topic  [ 9 posts ] 
Author Message
PostPosted: Sat Jun 01, 2013 1:38 am 
Offline
Helper

Joined: Fri Feb 19, 2010 1:02 am
Posts: 67
Location: Washington State, USA
After I upgraded from the beta version to 1.0.2, if I click on all devices and then search it turns up no results, even if I copy and paste a computer name that is in the list that I am looking at I get nothing.

Is there an index I need to build or something?

_________________
Server Info:
OA: v1.0.3
OS: Ubuntu 13.04 on Hyper-V for Website (LAMP)
OS: Windows Server 2008 R2 for Script (Domain Server)
Auditing: 366 Machines (XP/Win7/Ubuntu)
LDAP: Active Directory


Last edited by Shmee on Sat Jun 01, 2013 5:57 am, edited 1 time in total.

Top
 Profile  
Reply with quote  
PostPosted: Sat Jun 01, 2013 5:30 am 
Offline
Helper

Joined: Fri Feb 19, 2010 1:02 am
Posts: 67
Location: Washington State, USA
I found the issue. The search is looking for system.type = 'system', but all my records have system.type = 'computer', so if I change the code to look for 'computer' it work, but which one should it be.

So I can A) Fix the code to look for 'computer' or B) Make an SQL script to change everything from 'computer' to 'system'?

For now I did just change line 53 of m_systems.php from "system.type = 'system' AND" to "system.type = 'computer' AND" and it does now work, but I am going to leave this open until I hear back if that is the right change or if I should change everything to 'system'.

_________________
Server Info:
OA: v1.0.3
OS: Ubuntu 13.04 on Hyper-V for Website (LAMP)
OS: Windows Server 2008 R2 for Script (Domain Server)
Auditing: 366 Machines (XP/Win7/Ubuntu)
LDAP: Active Directory


Last edited by Shmee on Sat Jun 01, 2013 5:40 am, edited 1 time in total.

Top
 Profile  
Reply with quote  
PostPosted: Sat Jun 01, 2013 5:39 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1223
You want system.type = "computer" based on my current data but from the comment in the source you don't really want that line at all. Looks like removing it is a ToDo item.

Although looking over the code it looks like it specifically doesn't search the main 'system' table so that needs to be fixed as well.


Top
 Profile  
Reply with quote  
PostPosted: Sat Jun 01, 2013 5:59 am 
Offline
Helper

Joined: Fri Feb 19, 2010 1:02 am
Posts: 67
Location: Washington State, USA
Sounds good and thanks for the update. Based on your response, I changed the Topic to [BUG], and left my code change in.

_________________
Server Info:
OA: v1.0.3
OS: Ubuntu 13.04 on Hyper-V for Website (LAMP)
OS: Windows Server 2008 R2 for Script (Domain Server)
Auditing: 366 Machines (XP/Win7/Ubuntu)
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Sun Jun 02, 2013 12:01 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1933
Location: Brisbane, Australia
Yes, it should be searching on type='computer' now. I have changed from a PC being a "system" to a "computer". Makes more sense. I just didn't remember to check searching... My bad. Having said that, I removed the type= altogether from the SQL statement in models/systems.php and it seems fine. I also properly URL decoded any input string in controllers/main.php.

Both files are attached and have been updated in my GIT from the next release. Thanks for posting the bug :D

EDIT - updated m_systems.php as per below post.


Attachments:
File comment: move to open-audit/code_igniter/application/models and rename to m_systems.php
m_systems.txt [5.27 KiB]
Downloaded 163 times
File comment: move to open-audit/code_igniter/application/controllers and rename to main.php
main.txt [26.23 KiB]
Downloaded 137 times

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.
Top
 Profile  
Reply with quote  
PostPosted: Sun Jun 02, 2013 2:21 pm 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1223
Couple things about the changes:

Since you've removed the system.type from the query string you should probably remove the "ToDo" comment explaining it. Unless you left it in to remind yourself for some reason.

It still doesn't search on the 'system' table which has a ton of data you'd probably like to search on. This is more than a one-liner so if you put it on the ToDo list that's great.

As you build the search query using concatenated strings you should probably watch out for little Bobby Tables. Probably another ToDo list item.


Top
 Profile  
Reply with quote  
PostPosted: Sun Jun 02, 2013 7:00 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1933
Location: Brisbane, Australia
Updated file posted above.
Mark wrote:
Since you've removed the system.type from the query string you should probably remove the "ToDo" comment explaining it. Unless you left it in to remind yourself for some reason.
Fixed
Mark wrote:
It still doesn't search on the 'system' table which has a ton of data you'd probably like to search on. This is more than a one-liner so if you put it on the ToDo list that's great.
Fixed.
Mark wrote:
As you build the search query using concatenated strings you should probably watch out for little Bobby Tables. Probably another ToDo list item.
Now sure what you mean here? The input is escaped (uses the CodeIgniter stuff). Is that what you mean - watching for SQL injection?

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Mon Jun 03, 2013 2:24 pm 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1223
Great. I probably should have been less obtuse on the SQL injection. I didn't think about CodeIgniter already doing it.


Top
 Profile  
Reply with quote  
PostPosted: Tue Jul 16, 2013 7:53 am 
Offline
Newbie

Joined: Sat Jul 13, 2013 1:24 am
Posts: 8
This seems like a separate bug but for the same element.
The enter key doesn't initiate the search, I always have to click the "Search" button.
Can it be made to handle the enter key please?


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group