.phpcs.xml

@@ -1,213 +0,0 @@
-<?xml version="1.0"?>
-<ruleset name="Observium ruleset">
-    <description>Observium rules for PHP CodeSniffer</description>
-
-    <arg value="sp"/>
-    <arg name="extensions" value="php"/>
-
-    <file>.</file>
-
-    <!-- <arg name="report" value="xml"/>
-    <arg name="report-file" value="phpcs-report.xml"/> -->
-
-    <!-- Exclude unused code. -->
-    <exclude-pattern>*/attic/*</exclude-pattern>
-    <!-- Exclude devel code. -->
-    <exclude-pattern>*/devel/*</exclude-pattern>
-    <!-- Exclude Composer vendor directory. -->
-    <exclude-pattern>*/vendor/*</exclude-pattern>
-    <!-- Weathermap exclude -->
-    <exclude-pattern>*/weathermap/*</exclude-pattern>
-    <!-- Self PHPCompatibility exclude -->
-    <exclude-pattern>tests/php-compatibility/*</exclude-pattern>
-
-    <!-- Strip the filepaths down to the relevant bit. -->
-    <arg name="basepath" value="./"/>
-
-    <!-- Check up to 8 files simultanously. -->
-    <arg name="parallel" value="8"/>
-
-    <!-- PHPCompatibility standard path -->
-    <!-- <config name="installed_paths" value="tests/php-compatibility"/> -->
-
-    <!-- Check for cross-version support for PHP 5.6 and higher. -->
-    <config name="testVersion" value="5.6-"/>
-
-    <!-- Run against the PHPCompatibility ruleset -->
-    <rule ref="PHPCompatibility">
-        <exclude-pattern>irc\.php$</exclude-pattern>
-        <exclude-pattern>*/weathermap/*</exclude-pattern>
-        <!-- random_bytes() already exist by compatibility lib -->
-        <exclude name="PHPCompatibility.FunctionUse.NewFunctions.random_bytesFound"/>
-        <exclude name="PHPCompatibility.FunctionUse.NewFunctions.random_intFound"/>
-        <!-- array_key_first() already exist by compatibility -->
-        <exclude name="PHPCompatibility.FunctionUse.NewFunctions.array_key_firstFound"/>
-    </rule>
-
-    <!-- Whitelist the mysql_to_rfc3339() and mysql_another_function() functions. -->
-    <rule ref="PHPCompatibility.Extensions.RemovedExtensions">
-        <properties>
-            <property name="functionWhitelist" type="array" value="mysql_authenticate,mysql_auth_can_logout,mysql_auth_can_change_password,mysql_auth_change_password,mysql_auth_usermanagement,mysql_adduser,mysql_auth_user_exists,mysql_auth_username_by_id,mysql_auth_user_level,mysql_auth_user_id,mysql_deluser,mysql_auth_user_list,mysql_auth_user_info"/>
-        </properties>
-    </rule>
-
-    <!-- random_compat lib -->
-    <rule ref="PHPCompatibility.Classes.NewClasses.typeerrorFound">
-        <exclude-pattern>libs/random_compat/*</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.Classes.NewClasses.errorFound">
-        <exclude-pattern>libs/random_compat/*</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.IniDirectives.RemovedIniDirectives.mbstring_func_overloadDeprecated">
-        <exclude-pattern>libs/random_compat/*</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.FunctionUse.RemovedFunctions.mcrypt_create_ivDeprecatedRemoved">
-        <exclude-pattern>libs/random_compat/*</exclude-pattern>
-        <exclude-pattern>libs/pear/Crypt/CHAP\.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.Constants.RemovedConstants.mcrypt_dev_urandomDeprecatedRemoved">
-        <exclude-pattern>libs/random_compat/*</exclude-pattern>
-        <exclude-pattern>libs/pear/Crypt/CHAP\.php</exclude-pattern>
-    </rule>
-
-    <!-- pear chap lib excludes -->
-    <rule ref="PHPCompatibility.FunctionUse.RemovedFunctions.mcrypt_module_openDeprecatedRemoved">
-        <exclude-pattern>libs/pear/Crypt/CHAP\.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.Constants.RemovedConstants.mcrypt_desDeprecatedRemoved">
-        <exclude-pattern>libs/pear/Crypt/CHAP\.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.FunctionUse.RemovedFunctions.mcrypt_enc_get_iv_sizeDeprecatedRemoved">
-        <exclude-pattern>libs/pear/Crypt/CHAP\.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.Constants.RemovedConstants.mcrypt_randDeprecatedRemoved">
-        <exclude-pattern>libs/pear/Crypt/CHAP\.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.FunctionUse.RemovedFunctions.mcrypt_generic_initDeprecatedRemoved">
-        <exclude-pattern>libs/pear/Crypt/CHAP\.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.FunctionUse.RemovedFunctions.mcrypt_genericDeprecatedRemoved">
-        <exclude-pattern>libs/pear/Crypt/CHAP\.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.FunctionUse.RemovedFunctions.mcrypt_generic_deinitDeprecatedRemoved">
-        <exclude-pattern>libs/pear/Crypt/CHAP\.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.FunctionUse.RemovedFunctions.mcrypt_module_closeDeprecatedRemoved">
-        <exclude-pattern>libs/pear/Crypt/CHAP\.php</exclude-pattern>
-    </rule>
-
-    <!-- pear net socket excludes -->
-    <rule ref="PHPCompatibility.IniDirectives.RemovedIniDirectives.track_errorsDeprecated">
-        <exclude-pattern>libs/pear/Net/Socket\.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.Variables.RemovedPredefinedGlobalVariables.php_errormsgDeprecated">
-        <exclude-pattern>libs/pear/Net/Socket\.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.FunctionUse.NewFunctions.error_clear_lastFound">
-        <exclude-pattern>libs/pear/Net/Socket\.php</exclude-pattern>
-    </rule>
-
-    <!-- Exclude shiff on specific patterns -->
-    <rule ref="PHPCompatibility.FunctionUse.ArgumentFunctionsReportCurrentValue.NeedsInspection">
-        <exclude-pattern>includes/common\.inc\.php</exclude-pattern>
-        <exclude-pattern>libs/Fabiang/Xmpp/*</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.Miscellaneous.ValidIntegers.HexNumericStringFound">
-        <exclude-pattern>tests/*</exclude-pattern>
-        <exclude-pattern>libs/pear/*</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.IniDirectives.RemovedIniDirectives.magic_quotes_runtimeDeprecatedRemoved">
-        <exclude-pattern>libs/pear/Mail/mime*</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.Constants.NewConstants.json_preserve_zero_fractionFound">
-        <exclude-pattern>includes/definitions\.inc\.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.Extensions.RemovedExtensions.mysql_DeprecatedRemoved">
-        <exclude-pattern>includes/db/mysql\.inc\.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.IniDirectives.RemovedIniDirectives.session_hash_functionRemoved">
-        <exclude-pattern>html/includes/authenticate\.inc\.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.Constants.NewConstants.sodium_crypto_secretbox_keybytesFound">
-        <exclude-pattern>tests/IncludesEncryptTest\.php</exclude-pattern>
-        <exclude-pattern>includes/encrypt\.inc\.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.Constants.NewConstants.sodium_crypto_secretbox_noncebytesFound">
-        <exclude-pattern>tests/IncludesEncryptTest\.php</exclude-pattern>
-        <exclude-pattern>includes/encrypt\.inc\.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.FunctionUse.NewFunctions.sodium_padFound">
-        <exclude-pattern>tests/IncludesEncryptTest\.php</exclude-pattern>
-        <exclude-pattern>includes/encrypt\.inc\.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.FunctionUse.NewFunctions.sodium_crypto_secretboxFound">
-        <exclude-pattern>tests/IncludesEncryptTest\.php</exclude-pattern>
-        <exclude-pattern>includes/encrypt\.inc\.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.Classes.NewClasses.sodiumexceptionFound">
-        <exclude-pattern>tests/IncludesEncryptTest\.php</exclude-pattern>
-        <exclude-pattern>includes/encrypt\.inc\.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.FunctionUse.NewFunctions.sodium_crypto_secretbox_openFound">
-        <exclude-pattern>tests/IncludesEncryptTest\.php</exclude-pattern>
-        <exclude-pattern>includes/encrypt\.inc\.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.Extensions.RemovedExtensions.mcryptDeprecatedRemoved">
-        <exclude-pattern>tests/IncludesEncryptTest\.php</exclude-pattern>
-        <exclude-pattern>includes/encrypt\.inc\.php</exclude-pattern>
-        <exclude-pattern>libs/random_compat/*</exclude-pattern>
-        <exclude-pattern>libs/pear/Crypt/CHAP\.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.FunctionUse.RemovedFunctions.mcrypt_encryptDeprecatedRemoved">
-        <exclude-pattern>tests/IncludesEncryptTest\.php</exclude-pattern>
-        <exclude-pattern>includes/encrypt\.inc\.php</exclude-pattern>
-        <exclude-pattern>libs/pear/Crypt/CHAP\.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.FunctionUse.RemovedFunctions.mcrypt_decryptDeprecatedRemoved">
-        <exclude-pattern>tests/IncludesEncryptTest\.php</exclude-pattern>
-        <exclude-pattern>includes/encrypt\.inc\.php</exclude-pattern>
-        <exclude-pattern>libs/pear/Crypt/CHAP\.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.Constants.RemovedConstants.mcrypt_rijndael_256DeprecatedRemoved">
-        <exclude-pattern>tests/IncludesEncryptTest\.php</exclude-pattern>
-        <exclude-pattern>includes/encrypt\.inc\.php</exclude-pattern>
-        <exclude-pattern>libs/pear/Crypt/CHAP\.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.Constants.RemovedConstants.mcrypt_mode_ecbDeprecatedRemoved">
-        <exclude-pattern>tests/IncludesEncryptTest\.php</exclude-pattern>
-        <exclude-pattern>includes/encrypt\.inc\.php</exclude-pattern>
-        <exclude-pattern>libs/pear/Crypt/CHAP\.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.FunctionUse.RemovedFunctions.get_magic_quotes_gpcDeprecated">
-        <exclude-pattern>html/includes/collectd/functions.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.FunctionUse.NewFunctions.session_create_idFound">
-        <exclude-pattern>html/includes/authenticate.inc.php</exclude-pattern>
-    </rule>
-    <!-- compatability fixed in code -->
-    <rule ref="PHPCompatibility.FunctionUse.RemovedFunctions.ldap_control_paged_resultDeprecated">
-        <exclude-pattern>html/includes/authentication/ldap.inc.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.FunctionUse.RemovedFunctions.ldap_control_paged_result_responseDeprecated">
-        <exclude-pattern>html/includes/authentication/ldap.inc.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.FunctionUse.NewFunctionParameters.ldap_search_serverctrlsFound">
-        <exclude-pattern>html/includes/authentication/ldap.inc.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.FunctionUse.NewFunctionParameters.ldap_parse_result_serverctrlsFound">
-        <exclude-pattern>html/includes/authentication/ldap.inc.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.Constants.NewConstants.ldap_control_pagedresultsFound">
-        <exclude-pattern>html/includes/authentication/ldap.inc.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.Miscellaneous.ValidIntegers.HexNumericStringFound">
-        <exclude-pattern>includes/entities/sensor.inc.php</exclude-pattern>
-    </rule>
-    <rule ref="PHPCompatibility.Constants.NewConstants.mysqli_client_ssl_dont_verify_server_certFound">
-        <exclude-pattern>includes/db/mysqli.inc.php</exclude-pattern>
-    </rule>
-
-    <!-- Run against a second ruleset -->
-    <!-- <rule ref="PSR2"/> -->
-
-</ruleset>

VERSION

@@ -1 +1 @@
-Observium CE 22.5
+Observium CE 22.12

alerter.php

@@ -7,13 +7,13 @@
  *
  * @package    observium
  * @subpackage cli
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2021 Observium Limited
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
 chdir(dirname($argv[0]));
 
-$options = getopt("h:i:m:n:p:dqrsV");
+$options = getopt("h:p:dqrsV");
 
 include("includes/sql-config.inc.php");
 
@@ -40,7 +40,7 @@ if ($options['h'] === "all") {
   $where = " ";
   $doing = "all";
 } elseif ($options['h']) {
-  $params = array();
+  $params = [];
   if (is_numeric($options['h'])) {
     $where = "AND `device_id` = ?";
     $doing = $options['h'];
@@ -52,25 +52,26 @@ if ($options['h'] === "all") {
   }
 }
 
+if (isset($options['p'])) {
+  print_cli_heading("%WConstrained to poller partition id ".$options['p']);
+  $where .= ' AND `poller_id` = ?';
+  $params[] = $options['p'];
+}
+
 if (!$where) {
   print_message("%n
 USAGE:
-$scriptname [-drqV] [-i instances] [-n number] [-m module] [-h device]
+$scriptname [-drqV] [-p poller_id] [-h device]
 
 EXAMPLE:
 -h <device id> | <device hostname wildcard>  Poll single device
--h odd                                       Poll odd numbered devices  (same as -i 2 -n 0)
--h even                                      Poll even numbered devices (same as -i 2 -n 1)
 -h all                                       Poll all devices
--h new                                       Poll all devices that have not had a discovery run before
 
--i <instances> -n <number>                   Poll as instance <number> of <instances>
-                                             Instances start at 0. 0-3 for -n 4
+-p <poller_id>                               Poll for specific poller_id
 
 OPTIONS:
- -h                                          Device hostname, id or key odd/even/all/new.
- -i                                          Poll instance.
- -n                                          Poll number.
+ -h                                          Device hostname, id or hostname or keys all.
+ -p                                          Poller ID.
  -s                                          Sends alerts even if they have already been sent.
  -q                                          Quiet output.
  -V                                          Show version and exit.
@@ -79,7 +80,6 @@ DEBUGGING OPTIONS:
  -r                                          Do not create or update RRDs
  -d                                          Enable debugging output.
  -dd                                         More verbose debugging output.
- -m                                          Specify module(s) (separated by commas) to be run.
 
 %rInvalid arguments!%n", 'color');
   exit;
@@ -100,14 +100,16 @@ $_SESSION['userlevel'] = 10;
 //$params[] = $config['poller_id'];
 
 $query = "SELECT * FROM `devices` WHERE `disabled` = 0 $where ORDER BY `device_id` ASC";
-foreach (dbFetch($query, $params) as $device) {
+foreach (dbFetchRows($query, $params) as $device) {
 
   humanize_device($device);
 
   process_alerts($device);
-  process_notifications(array('device_id' => $device['device_id'])); // Send all notifications (also for syslog from queue)
+  if ($config['poller-wrapper']['notifications'] || $spam) {
+    process_notifications([ 'device_id' => $device['device_id'] ]); // Send all notifications (also for syslog from queue)
+  }
 
-  dbUpdate(array('last_alerter' => array('NOW()')), 'devices', '`device_id` = ?', array($device['device_id']));
+  dbUpdate([ 'last_alerter' => [ 'NOW()' ] ], 'devices', '`device_id` = ?', [ $device['device_id'] ]);
 
 }
 

discovery.php

@@ -122,14 +122,13 @@ if (isset($options['h'])) {
   }
 }
 
-if (isset($options['i']) && $options['i'] && isset($options['n'])) {
+if (isset($options['i'], $options['n']) && $options['i']) {
   $where .= ' AND MOD(device_id,' . $options['i'] . ') = ?';
   $params[] = $options['n'];
   $doing = $options['n'] . '/' . $options['i'];
 }
 
-if (!$where && !$options['u'] && !isset($options['a']))
-{
+if (!$where && !$options['u'] && !isset($options['a'])) {
   print_message("%n
 USAGE:
 $scriptname [-dquV] [-i instances] [-n number] [-m module] [-h device]
@@ -169,10 +168,19 @@ if ($config['version_check'] && ($options['h'] !== 'new' || $options['u'])) {
 if (!$where) {
   // Only update Group/Alert tables
   if (isset($options['a'])) {
-    $silent = isset($options['q']);
-    // Not exist in CE
-    if (function_exists('update_group_tables')) { update_group_tables($silent); }
-    if (function_exists('update_alert_tables')) { update_alert_tables($silent); }
+
+    if (OBS_DISTRIBUTED && function_exists('run_action_queue')) {
+      //run_action_queue('device_add');
+      //run_action_queue('device_rename');
+      //run_action_queue('device_delete');
+
+      // Update alert and group tables
+      run_action_queue('tables_update');
+    } else {
+      $silent = isset($options['q']);
+      if (function_exists('update_group_tables')) { update_group_tables($silent); } // Not exist in CE
+      if (function_exists('update_alert_tables')) { update_alert_tables($silent); }
+    }
   }
 
   exit;
@@ -215,11 +223,10 @@ if (($discovered_devices && !isset($options['m'])) || isset($options['a'])) {
   if (OBS_DISTRIBUTED && !isset($options['a']) && function_exists('add_action_queue') &&
       $action_id = add_action_queue('tables_update', 'discovery', [ 'silent' => $silent ])) {
     print_message("Update alert and group tables added to queue [$action_id].");
-    //log_event("Device with hostname '$hostname' added to queue [$action_id] for addition on remote Poller [${vars['poller_id']}].", NULL, 'info', NULL, 7);
-  } elseif (OBSERVIUM_EDITION !== 'community') {
-    // Not exist in CE
-    update_group_tables($silent);
-    update_alert_tables($silent);
+    //log_event("Device with hostname '$hostname' added to queue [$action_id] for addition on remote Poller [{$vars['poller_id']}].", NULL, 'info', NULL, 7);
+  } else {
+    if (function_exists('update_group_tables')) { update_group_tables($silent); } // Not exist in CE
+    if (function_exists('update_alert_tables')) { update_alert_tables($silent); }
   }
 }
 

html/ajax/actions.php

@@ -6,7 +6,7 @@
  *
  * @package    observium
  * @subpackage ajax
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2021 Observium Limited
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
@@ -235,13 +235,18 @@ switch ($vars['action']) {
       exit();
     }
 
-    $widget                  = dbFetchRow("SELECT * FROM `dash_widgets` WHERE widget_id = ?", array($vars['widget_id']));
+    $widget                  = dbFetchRow("SELECT * FROM `dash_widgets` WHERE `widget_id` = ?", array($vars['widget_id']));
     $widget['widget_config'] = safe_json_decode($widget['widget_config']);
 
     // Verify config value applies to this widget here
 
+    $default_on = [ 'legend' ];
+
     if (isset($vars['config_field']) && isset($vars['config_value'])) {
-      if (empty($vars['config_value'])) {
+      if ( empty($vars['config_value']) ||
+           (in_array($vars['config_field'], $default_on) && get_var_true($vars['config_value'])) ||
+           (!in_array($vars['config_field'], $default_on) && get_var_false($vars['config_value'])) ) {
+        // Just unset the value if it's empty or it's a default value.
         unset($widget['widget_config'][$vars['config_field']]);
       } else {
         $widget['widget_config'][$vars['config_field']] = $vars['config_value'];
@@ -265,7 +270,7 @@ switch ($vars['action']) {
     // Validate CSRF Token
     //r($vars);
     $json = '';
-    if (!str_contains_array($vars['action'], [ 'widget', 'dash' ]) && // widget & dashboard currently not send request token
+    if (!str_contains_array($vars['action'], [ 'widget', 'dash', 'settings_user' ]) && // widget & dashboard currently not send request token
         !request_token_valid($vars, $json)) {
       $json = safe_json_decode($json);
       $json['reload'] = TRUE;

html/ajax/actions/edit_widget.inc.php

@@ -6,13 +6,13 @@
  *
  * @package    observium
  * @subpackage ajax
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2021 Observium Limited
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
 if ($readonly) { return; } // Currently edit allowed only for 7+
 
-$widget = dbFetchRow("SELECT * FROM `dash_widgets` WHERE widget_id = ?", array($vars['widget_id']));
+$widget = dbFetchRow("SELECT * FROM `dash_widgets` WHERE `widget_id` = ?", [ $vars['widget_id'] ]);
 
 $widget['widget_config'] = safe_json_decode($widget['widget_config']);
 
@@ -22,11 +22,111 @@ switch ($widget['widget_type']) {
 
     if (safe_count($widget['widget_config'])) {
 
+//      echo '
+//      <form onsubmit="return false">
+//        Title  <input name="widget-config-input" data-field="title" value="'.$widget['widget_config']['title'].'" data-id="'.$widget['widget_id'].'"></input>
+//      </form>
+//      ';
+
+      //r($widget['widget_config']);
+
+      //r(isset($widget['widget_config']['legend']) && $widget['widget_config']['legend'] === 'no');
+
+      $modal_args = [
+        'id'    => 'modal-edit_widget_' . $widget['widget_id'],
+        'title' => 'Configure Widget',
+        //'hide'  => TRUE,
+        //'fade'  => TRUE,
+        //'role'  => 'dialog',
+        //'class' => 'modal-md',
+      ];
+
+      $form = [
+        'form_only' => TRUE, // Do not add modal open/close divs (it's generated outside)
+        'type'      => 'horizontal',
+        'id'        => 'edit_widget_' . $widget['widget_id'],
+        'userlevel'  => 7,          // Minimum user level for display form
+        'modal_args' => $modal_args, // !!! This generate modal specific form
+        //'help'     => 'This will completely delete the rule and all associations and history.',
+        'class'     => '', // Clean default box class!
+        //'url'       => generate_url([ 'page' => 'syslog_rules' ]),
+        'onsubmit' => "return false",
+      ];
+      $form['fieldset']['body']   = [ 'class' => 'modal-body' ];   // Required this class for modal body!
+      $form['fieldset']['footer'] = [ 'class' => 'modal-footer' ]; // Required this class for modal footer!
+
+      $form['row'][1]['widget-config-title'] = [
+        'type'     => 'text',
+        'fieldset' => 'body',
+        'name'     => 'Title',
+        'placeholder' => 'Graph Title',
+        'class'    => 'input-xlarge',
+        'attribs'     => [
+          'data-id'    => $widget['widget_id'],
+          'data-field' => 'title',
+          'data-type'  => 'text'
+        ],
+        'value'    => $widget['widget_config']['title']
+      ];
+      $form['row'][2]['widget-config-legend'] = [
+        'type'        => 'checkbox',
+        'fieldset'    => 'body',
+        'name'        => 'Show Legend',
+        //'placeholder' => 'Yes, please delete this rule.',
+        //'onchange'    => "javascript: toggleAttrib('disabled', 'delete_button_".$la['la_id']."'); showDiv(!this.checked, 'warning_".$la['la_id']."_div');",
+        'attribs'     => [
+          'data-id'    => $widget['widget_id'],
+          'data-field' => 'legend',
+          'data-type'  => 'checkbox'
+        ],
+        'value'       => safe_empty($widget['widget_config']['legend']) ? 'yes' : $widget['widget_config']['legend'] //'legend'
+      ];
+
+
+      $form['row'][8]['close'] = [
+        'type'        => 'submit',
+        'fieldset'    => 'footer',
+        'div_class'   => '', // Clean default form-action class!
+        'name'        => 'Close',
+        'icon'        => '',
+        'attribs'     => [
+          'data-dismiss' => 'modal',
+          'aria-hidden'  => 'true'
+        ]
+      ];
+
+      echo generate_form_modal($form);
+      unset($form);
+
+      /*
       echo '
-      <form onsubmit="return false">
-        Title  <input name="widget-config-input" data-field="title" value="'.$widget['widget_config']['title'].'" data-id="'.$widget['widget_id'].'"></input> 
-      </form>
-      ';
+<form onsubmit="return false" class="form form-horizontal" style="margin-bottom: 0px;">
+  <fieldset>
+  <div id="purpose_div" class="control-group" style="margin-bottom: 10px;"> <!-- START row-1 -->
+    <label class="control-label" for="purpose">Title</label>
+    <div id="purpose_div" class="controls">
+      <input type="text" placeholder="Graph Title" name="widget-config-title" class="input" data-field="title" style="width: 100%;" value="'.$widget['widget_config']['title'].'" data-id="'.$widget['widget_id'].'">
+    </div>
+  </div>
+
+  <div id="ignore_div" class="control-group" style="margin-bottom: 10px;"> <!-- START row-6 -->
+    <label class="control-label" for="ignore">Show Legend</label>
+    <div id="ignore_div" class="controls">
+      <input type="checkbox" name="widget-config-legend" data-field="legend" data-type="checkbox" value="legend" '.(isset($widget['widget_config']['legend']) && $widget['widget_config']['legend'] === 'no' ? '' : 'checked').' data-id="'.$widget['widget_id'].'">
+    </div>
+  </div>
+</fieldset>  <!-- END fieldset-body -->
+
+<div class="modal-footer">
+   <fieldset>
+      <button id="close" name="close" type="submit" class="btn btn-default text-nowrap" value="" data-dismiss="modal" aria-hidden="true">Close</button>
+      <!-- <button id="action" name="action" type="submit" class="btn btn-primary text-nowrap" value="add_contact"><i style="margin-right: 0px;" class="icon-ok icon-white"></i>&nbsp;&nbsp;Add Contact</button> -->
+   </fieldset>
+</div>
+
+</form>';
+      */
+
 
     } else {
 

html/ajax/actions/settings_edit.inc.php

@@ -6,7 +6,7 @@
  *
  * @package    observium
  * @subpackage web
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2021 Observium Limited
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
@@ -34,7 +34,7 @@ $updates = 0;
 
 // Set fields that were submitted with custom value
 if (safe_count($sets)) {
-  $query = 'SELECT * FROM `users_prefs` WHERE `user_id` = ?' . generate_query_values(array_keys($sets), 'pref');
+  $query = 'SELECT * FROM `users_prefs` WHERE `user_id` = ?' . generate_query_values_and(array_keys($sets), 'pref');
   // Fetch current rows in config file so we know which one to UPDATE and which one to INSERT
   $in_db = [];
   foreach (dbFetchRows($query, [ $user_id ]) as $row) {
@@ -52,7 +52,7 @@ if (safe_count($sets)) {
 
 // Delete fields that were reset to default
 if (safe_count($deletes)) {
-  dbDelete('users_prefs', '`user_id` = ? ' . generate_query_values($deletes, 'pref'), [ $user_id ]);
+  dbDelete('users_prefs', '`user_id` = ? ' . generate_query_values_and($deletes, 'pref'), [ $user_id ]);
   $updates++;
 }
 

html/ajax/actions/settings_user.inc.php

@@ -0,0 +1,66 @@
+<?php
+/**
+ * Observium
+ *
+ *   This file is part of Observium.
+ *
+ * @package    observium
+ * @subpackage web
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
+ *
+ */
+
+
+switch (str_replace('->', '|', $vars['setting'])) {
+  case "theme":
+  case "web_theme_default":
+    $pref = 'web_theme_default';
+    if ($vars['value'] === 'reset') {
+      session_unset_var("theme");
+      if ($config['web_theme_default'] === 'system') {
+        // Override default
+        session_unset_var("theme_default");
+      }
+
+      if (del_user_pref($_SESSION['user_id'], $pref)) {
+        print_json_status('ok', 'Theme reset.');
+      }
+    } elseif (isset($config['themes'][$vars['value']]) || $vars['value'] === 'system') {
+      if (set_user_pref($_SESSION['user_id'], $pref, serialize($vars['value']))) {
+        print_json_status('ok', 'Theme set.');
+      }
+    } else {
+      print_json_status('failed', 'Invalid theme.');
+    }
+    break;
+
+  case "big_graphs":
+    $pref = 'graphs|size';
+    if (set_user_pref($_SESSION['user_id'], $pref, serialize('big'))) {
+      print_json_status('ok', 'Big graphs set.');
+      session_unset_var("big_graphs"); // clear old
+    }
+    //session_set_var("big_graphs", TRUE);
+    //print_json_status('ok', 'Big graphs set.');
+    break;
+
+  case "normal_graphs":
+    $pref = 'graphs|size';
+    if (set_user_pref($_SESSION['user_id'], $pref, serialize('normal'))) {
+      print_json_status('ok', 'Normal graphs set.');
+      session_unset_var("big_graphs"); // clear old
+    }
+    //session_unset_var("big_graphs");
+    //print_json_status('ok', 'Small graphs set.');
+    break;
+
+  case "sensors|web_measured_compact":
+    // BOOL values
+    $pref = $vars['setting'];
+    if (set_user_pref($_SESSION['user_id'], $pref, serialize(get_var_true($vars['value'])))) {
+      print_json_status('ok', 'Setting was set.', [ 'reload' => TRUE ]);
+    }
+    break;
+
+}
+// EOF

html/ajax/entity_popup.php

@@ -21,10 +21,12 @@ if (!$_SESSION['authenticated']) { print_error('Session expired, please log in a
 
 ob_start();
 
-$vars = get_vars();
+$vars = get_vars([ 'JSON', 'POST', 'GET' ]);
 
 $vars['page'] = "popup";
 
+if(isset($vars['debug'])) { r($vars); }
+
 switch ($vars['entity_type']) {
   case "port":
     if (is_numeric($vars['entity_id']) && (port_permitted($vars['entity_id']))) {
@@ -35,6 +37,23 @@ switch ($vars['entity_type']) {
     }
     break;
 
+  case "link":
+    if (is_numeric($vars['entity_id_a']) && (port_permitted($vars['entity_id_a']))) {
+      $port = get_port_by_id($vars['entity_id_a']);
+      echo generate_port_popup($port);
+    } else {
+      print_warning("You are not permitted to view this port.");
+    }
+
+    if (is_numeric($vars['entity_id_b']) && (port_permitted($vars['entity_id_b']))) {
+      $port = get_port_by_id($vars['entity_id_b']);
+      echo generate_port_popup($port, '','none'); // suppress graph for b side of link
+    } else {
+      print_warning("You are not permitted to view this port.");
+    }
+    break;
+
+
   case "device":
     if (is_numeric($vars['entity_id']) && device_permitted($vars['entity_id'])) {
       $device = device_by_id_cache($vars['entity_id']);
@@ -53,7 +72,6 @@ switch ($vars['entity_type']) {
     }
     break;
 
-  // FIXME : mac is not an observium entity. This should go elsewhere!
   case "mac":
     if (preg_match('/^' . OBS_PATTERN_MAC . '$/i', $vars['entity_id'])) {
       $mac = format_mac($vars['entity_id']);

html/ajax/input.php

@@ -6,7 +6,7 @@
  *
  * @package    observium
  * @subpackage ajax
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2021 Observium Limited
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
@@ -48,11 +48,11 @@ if ($cache_key && $options = get_cache_session($cache_key)) {
       list($ip_version)  = explode('_', $vars['field']);
       $query_permitted   = generate_query_permitted('ports');
       $network_permitted = dbFetchColumn('SELECT DISTINCT(`' . $ip_version . '_network_id`) FROM `' . $ip_version . '_addresses` WHERE 1' . $query_permitted);
-      $query = 'SELECT `' . $ip_version . '_network` FROM `' . $ip_version . '_networks` WHERE 1 ' . generate_query_values($network_permitted, $ip_version . '_network_id');
+      $query = 'SELECT `' . $ip_version . '_network` FROM `' . $ip_version . '_networks` WHERE 1 ' . generate_query_values_and($network_permitted, $ip_version . '_network_id');
       if (!safe_empty($vars['query'])) {
         //$query .= ' AND `' . $ip_version . '_network` LIKE ?';
         //$params[] = '%' . $vars['query'] . '%';
-        $query .= generate_query_values($vars['query'], $vars['field'], '%LIKE%');
+        $query .= generate_query_values_and($vars['query'], $vars['field'], '%LIKE%');
       }
       $query .= ' ORDER BY `' . $ip_version . '_network`;';
       //print_vars($query);
@@ -69,7 +69,7 @@ if ($cache_key && $options = get_cache_session($cache_key)) {
       //$query_permitted   = generate_query_permitted();
       $query = 'SELECT DISTINCT `program` FROM `syslog`';
       if (is_intnum($vars['device_id'])) {
-        $query .= ' WHERE ' . generate_query_values($vars['device_id'], 'device_id', NULL, FALSE);
+        $query .= ' WHERE ' . generate_query_values_ng($vars['device_id'], 'device_id');
       }
       $array_filter = TRUE; // Search query string in array instead sql query (when this faster)
       break;
@@ -86,7 +86,7 @@ if ($cache_key && $options = get_cache_session($cache_key)) {
         $query .= ' AND (`' . $column . '` LIKE ? OR `astext` LIKE ?)';
         $params[] = '%' . $vars['query'] . '%';
         $params[] = '%' . $vars['query'] . '%';
-        //$query .= generate_query_values($vars['query'], $vars['field'], '%LIKE%');
+        //$query .= generate_query_values_and($vars['query'], $vars['field'], '%LIKE%');
       }
       break;
 
@@ -100,7 +100,7 @@ if ($cache_key && $options = get_cache_session($cache_key)) {
       $query_permitted = generate_query_permitted('devices');
       $query = 'SELECT DISTINCT `' . $column . '` FROM `bgpPeers` WHERE 1 ' . $query_permitted;
       if (!safe_empty($vars['query'])) {
-        $query .= generate_query_values($vars['query'], $column, '%LIKE%');
+        $query .= generate_query_values_and($vars['query'], $column, '%LIKE%');
       }
       break;
 

html/ajax/search.php

@@ -26,8 +26,7 @@ $query_limit = 8; // Limit per query
 $vars = get_vars([ 'POST', 'GET' ]);
 
 // Is there a POST/GET query string?
-if (isset($vars['queryString']))
-{
+if (isset($vars['queryString'])) {
   $queryString = trim($vars['queryString']);
 
   // Is the string length greater than 0?

html/ajax/widget.php

@@ -169,8 +169,14 @@ function print_dash_mod ($mod)
       echo '  <div class="box box-solid" style="overflow: hidden; height: auto; max-height: 100%">';
       echo '    <div class="box-header" style="cursor: hand;"><h3 class="box-title"><a href="/syslog/">Syslog</a></h3></div>';
       echo '    <div class="box-content" style="overflow: hidden; overflow-x:scroll;">';
-      print_syslogs(array('short' => TRUE, 'pagesize' => ($height - 36) / 26,
-                          'priority' => $config['frontpage']['syslog']['priority']));
+
+      $syslog_vars = $mod['vars'];
+
+      $syslog_vars = array_merge($syslog_vars, ['short' => TRUE, 'pagesize' => ($height - 36) / 26,
+                      'priority' => $config['frontpage']['syslog']['priority']]);
+
+      print_syslogs($syslog_vars);
+
       echo '  </div>';
       echo '</div>';
       break;
@@ -372,7 +378,7 @@ function print_dash_graph($mod, $width, $height) {
   if ($graph_array['width'] > 350)
   {
     $graph_array['height'] -= 6;
-  } // RRD graphs > 350px are 6 px wider because of larger legend font
+  } // RRD graphs > 350px are 6 px taller because of larger legend font
 
   $title_div = 'top:0px; left: 0px; padding: 4px; border-top-left-radius: 4px; border: 1px solid #e5e5e5; border-left: none; border-top: none; background-color: rgba(255, 255,255, 0.75); ';
   $title_div = 'widget-title';
@@ -411,7 +417,10 @@ function print_dash_graph($mod, $width, $height) {
   //$graph_array['format'] = 'png';
 
   //$graph_array['img_id'] = generate_random_string(5);
-  $graph_array['legend'] = 'no';
+  //$graph_array['legend'] = 'no';
+
+  $graph_array['rigid_height'] = 'yes'; // Force height of graph to be same as height of graph_type.
+
   $graph_array['class'] = 'image-refresh';
 
   $graph = generate_graph_tag($graph_array, TRUE);
@@ -419,6 +428,7 @@ function print_dash_graph($mod, $width, $height) {
   $link_array = $graph_array;
   $link_array['page'] = "graphs";
   unset($link_array['graph_only']);
+  unset($link_array['rigid_height']);
   unset($link_array['height'], $link_array['width']);
   $link = generate_url($link_array);
 

html/css/bootstrap.css

@@ -10404,7 +10404,7 @@ a.badge:focus {
   box-shadow: none;
   padding: 0;
 }
-.qtip-content {
+.qtip-content, .tippy-content {
   position: relative;
   padding: 5px 9px;
   overflow: hidden;
@@ -10503,7 +10503,7 @@ a.badge:focus {
  * Tested with IE 8, IE 9, Chrome 18, Firefox 9, Opera 11.
  * Does not work with IE 7.
  */
-.qtip-bootstrap {
+.qtip-bootstrap, .tippy-box {
   /** Taken from Bootstrap body */
   font-size: 14px;
   line-height: 20px;

html/css/observium.css

@@ -6275,6 +6275,10 @@ i.menu-icon,
   margin-right: 5px;
   margin-top: 1px;
 }
+.dropdown-scrollable .dropdown-menu {
+  max-height: 1000px;
+  overflow-y: auto;
+}
 .well {
   min-height: 20px;
   padding: 10px;
@@ -6769,6 +6773,7 @@ i.menu-icon,
   color: #444;
   display: block;
   padding: 7px 10px;
+  padding-bottom: 4px;
   position: relative;
   background-color: #fafafa;
 }
@@ -10449,7 +10454,8 @@ a.badge:focus {
  * Tested with IE 8, IE 9, Chrome 18, Firefox 9, Opera 11.
  * Does not work with IE 7.
  */
-.qtip-bootstrap {
+.qtip-bootstrap,
+.tippy-box {
   /** Taken from Bootstrap body */
   font-size: 14px;
   line-height: 20px;
@@ -10496,9 +10502,10 @@ a.badge:focus {
   top: 45%;
   border-style: none;
 }
-.qtip-bootstrap .qtip-content {
+.qtip-bootstrap .qtip-content,
+.tippy-content {
   /** Taken from Bootstrap .popover-content */
-  padding: 9px 14px;
+  padding: 9px 9px;
 }
 .qtip-bootstrap .qtip-icon {
   /**
@@ -10916,11 +10923,13 @@ select.selectpicker {
   overflow: hidden;
 }
 .bootstrap-select .dropdown-toggle .caret {
+  right: 12px;
+  /*
   position: absolute;
   top: 50%;
-  right: 12px;
   margin-top: -2px;
   vertical-align: middle;
+*/
 }
 .input-group .bootstrap-select.form-control .dropdown-toggle {
   border-radius: inherit;
@@ -12127,6 +12136,12 @@ form.pagination {
 .form-horizontal .col-md-4 .control-label {
   width: 120px;
 }
+.dygraph-axis-label > .dygraph-axis-label-x {
+  color: #333333;
+}
+.dygraph-axis-label > .dygraph-axis-label-y {
+  color: #333333;
+}
 /*EOF*/
 #suggestions {
   display: none;

html/data.php

@@ -1,24 +1,22 @@
 <?php
-
 /**
  * Observium
  *
  *   This file is part of Observium.
  *
  * @package    observium
- * @subpackage webinterface
- * @author     Adam Armstrong <adama@observium.org>
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2019 Observium Limited
+ * @subpackage web
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
+
 include_once("../includes/sql-config.inc.php");
 
 include($config['html_dir'] . "/includes/functions.inc.php");
 include($config['html_dir'] . "/includes/authenticate.inc.php");
 
-if (is_numeric($_GET['id']) && ($config['allow_unauth_graphs'] || port_permitted($_GET['id'])))
-{
+if (is_numeric($_GET['id']) && ($config['allow_unauth_graphs'] || port_permitted($_GET['id']))) {
   $port   = get_port_by_id($_GET['id']);
   $device = device_by_id_cache($port['device_id']);
   //$title  = generate_device_link($device);
@@ -28,9 +26,9 @@ if (is_numeric($_GET['id']) && ($config['allow_unauth_graphs'] || port_permitted
   $time = time();
   $HC   = ($port['port_64bit'] ? 'HC' : '');
 
-  $data = snmp_get_multi_oid($device, "if${HC}InOctets.".$port['ifIndex']." if${HC}OutOctets.".$port['ifIndex'],  array(),"IF-MIB");
+  $data = snmp_get_multi_oid($device, "if{$HC}InOctets.".$port['ifIndex']." if{$HC}OutOctets.".$port['ifIndex'], [], "IF-MIB");
 
-  printf("%lf|%s|%s\n", $time, $data[$port['ifIndex']]["if${HC}InOctets"], $data[$port['ifIndex']]["if${HC}OutOctets"]);
+  printf("%lf|%s|%s\n", $time, $data[$port['ifIndex']]["if{$HC}InOctets"], $data[$port['ifIndex']]["if{$HC}OutOctets"]);
 } else {
   echo("unauthenticated");
   exit;

html/graph-realtime.php

@@ -199,8 +199,12 @@ function fetch_data() {
 function plot_data(obj) {
   // Show datetimelegend
   var now = new Date();
-  var datetime = (now.getMonth()+1) + "/" + now.getDate() + "/" + now.getFullYear() + ' ' +
-    LZ(now.getHours()) + ":" + LZ(now.getMinutes()) + ":" + LZ(now.getSeconds());
+  //var datetime = (now.getMonth()+1) + "/" + now.getDate() + "/" + now.getFullYear() + ' ' +
+  //  LZ(now.getHours()) + ":" + LZ(now.getMinutes()) + ":" + LZ(now.getSeconds());
+
+  datetime = now.toLocaleString();
+  //datetime = now.toISOString();
+
   SVGDoc.getElementById('datetime').firstChild.data = datetime;
 
   if (!obj.success)

html/graph.php

@@ -15,9 +15,9 @@
 // Define this is graph
 define('OBS_GRAPH', TRUE);
 
-include_once("../includes/sql-config.inc.php");
+$start = microtime(TRUE); // Needs common.php
 
-$start = utime(); // Needs common.php
+include_once("../includes/sql-config.inc.php");
 
 include($config['html_dir'] . "/includes/functions.inc.php");
 
@@ -44,7 +44,7 @@ $vars = get_vars('GET', $auth);
 
 include($config['html_dir'] . "/includes/graphs/graph.inc.php");
 
-$runtime = utime() - $start;
+$runtime = microtime(TRUE) - $start;
 
 print_debug("Runtime ".$runtime." secs");
 

html/includes/actions/role_add.inc.php

@@ -1,25 +1,28 @@
 <?php
+/**
+ * Observium
+ *
+ *   This file is part of Observium.
+ *
+ * @package    observium
+ * @subpackage web
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
+ *
+ */
 
-if ($_SESSION['userlevel'] == 10 && request_token_valid($vars)) // Only valid forms from level 10 users
-{
-  if (strlen($vars['role_name']) &&
-      strlen($vars['role_descr']))
-  {
-    $oid_id = dbInsert('roles', array('role_descr'        => $vars['role_descr'],
-                                            'role_name'         => $vars['role_name'])
+if ($_SESSION['userlevel'] == 10 && request_token_valid($vars)) { // Only valid forms from level 10 users
+  if (!safe_empty($vars['role_name']) &&
+      !safe_empty($vars['role_descr'])) {
+    $oid_id = dbInsert('roles', [ 'role_descr' => $vars['role_descr'],
+                                  'role_name'  => $vars['role_name'] ]
     );
 
-    if ($oid_id)
-    {
+    if ($oid_id) {
       print_success("<strong>SUCCESS:</strong> Added role");
-    }
-    else
-    {
+    } else {
       print_warning("<strong>WARNING:</strong> Role not added");
     }
-  }
-  else
-  {
+  } else {
     print_error("<strong>ERROR:</strong> All fields must be completed to add a new role.");
   }
 }

html/includes/actions/role_entity_add.inc.php

@@ -6,42 +6,45 @@
  *
  * @package    observium
  * @subpackage web
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2020 Observium Limited
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
-if ($_SESSION['userlevel'] == 10 && request_token_valid($vars)) // Only valid forms from level 10 users
-{
+if ($_SESSION['userlevel'] == 10 && request_token_valid($vars)) { // Only valid forms from level 10 users
 
-  if (isset($vars['entity_id']))
-  {
-  } // use entity_id
-  elseif (isset($vars[$vars['entity_type'] . '_entity_id'])) // use type_entity_id
-  {
+  if (isset($vars['entity_id'])) {
+    // use entity_id
+  } elseif (isset($vars[$vars['entity_type'] . '_entity_id'])) {
+    // use type_entity_id
     $vars['entity_id'] = $vars[$vars['entity_type'] . '_entity_id'];
   }
-  if (!is_array($vars['entity_id']))
-  {
-    $vars['entity_id'] = array($vars['entity_id']);
+
+  if (!is_array($vars['entity_id'])) {
+    $vars['entity_id'] = [ $vars['entity_id'] ];
   }
 
-  foreach ($vars['entity_id'] as $entity_id)
-  {
-    if (get_entity_by_id_cache($vars['entity_type'], $entity_id)) // Skip not exist entities
-    {
+  $changed = 0;
+  foreach ($vars['entity_id'] as $entity_id) {
+    if (get_entity_by_id_cache($vars['entity_type'], $entity_id)) { // Skip not exist entities
       if (!dbExist('roles_entity_permissions', '`role_id` = ? AND `entity_type` = ? AND `entity_id` = ?',
-                   array($vars['role_id'], $vars['entity_type'], $entity_id)
-      ))
-      {
+                   [ $vars['role_id'], $vars['entity_type'], $entity_id ])) {
 
-        if(!in_array($vars['access'], array('ro', 'rw'))) { $vars['access'] = 'ro'; }
+        if (!in_array($vars['access'], [ 'ro', 'rw' ])) {
+          $vars['access'] = 'ro';
+        }
 
-        dbInsert(array('entity_id' => $entity_id, 'entity_type' => $vars['entity_type'], 'role_id' => $vars['role_id'], 'access' => $vars['access']),
-                 'roles_entity_permissions'
-        );
+        dbInsert([ 'entity_id' => $entity_id, 'entity_type' => $vars['entity_type'], 'role_id' => $vars['role_id'], 'access' => $vars['access'] ],
+                 'roles_entity_permissions');
+        $changed++;
       }
-    } else { print_error('Error: Invalid Entity.'); }
+    } else {
+      print_error('Error: Invalid Entity.');
+    }
   }
+
+  // Reset permissions cache
+  if ($changed) { set_cache_clear('wui'); }
+  unset($changed);
 }
 
 // EOF

html/includes/actions/role_entity_del.inc.php

@@ -6,32 +6,31 @@
  *
  * @package    observium
  * @subpackage web
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2020 Observium Limited
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
-if ($_SESSION['userlevel'] == 10 && request_token_valid($vars)) // Only valid forms from level 10 users
-{
+if ($_SESSION['userlevel'] == 10 && request_token_valid($vars)) { // Only valid forms from level 10 users
 
-  if (isset($vars['entity_id']))
-  {
-  } // use entity_id
-  elseif (isset($vars[$vars['entity_type'] . '_entity_id'])) // use type_entity_id
-  {
+  if (isset($vars['entity_id'])) {
+    // use entity_id
+  } elseif (isset($vars[$vars['entity_type'] . '_entity_id'])) {
+    // use type_entity_id
     $vars['entity_id'] = $vars[$vars['entity_type'] . '_entity_id'];
   }
 
-  $where = '`role_id` = ? AND `entity_type` = ?' . generate_query_values($vars['entity_id'], 'entity_id');
+  $where = '`role_id` = ? AND `entity_type` = ?' . generate_query_values_and($vars['entity_id'], 'entity_id');
   //if (@dbFetchCell("SELECT COUNT(*) FROM `entity_permissions` WHERE " . $where, array($vars['user_id'], $vars['entity_type'])))
-  if (dbExist('roles_entity_permissions', $where, array($vars['role_id'], $vars['entity_type'])))
-  {
+  if (dbExist('roles_entity_permissions', $where, [ $vars['role_id'], $vars['entity_type'] ])) {
     dbDelete('roles_entity_permissions', $where, array($vars['role_id'], $vars['entity_type']));
 
     //print_vars(dbError());
 
-  } else { }
+    // Reset permissions cache
+    set_cache_clear('wui');
+  }
 }
 
-echo ("nope"); // Hrm?
+//echo ("nope"); // Hrm?
 
 // EOF

html/includes/alerting-navbar.inc.php

@@ -6,11 +6,10 @@
  *
  * @package    observium
  * @subpackage web
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2021 Observium Limited
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
-
 /// CONTACTS ACTIONS
 
 $readonly = $_SESSION['userlevel'] < 10;
@@ -60,7 +59,7 @@ if (!$readonly)
         $exist_contacts = dbFetchColumn('SELECT `contact_id` FROM `alert_contacts_assoc` WHERE `aca_type` = ? AND `alert_checker_id` = ?', array('alert', $vars['alert_test_id']));
         //print_vars($exist_contacts);
         $sql = "SELECT `contact_id` FROM `alert_contacts` WHERE `contact_disabled` = 0 AND `contact_method` != 'syscontact'" .
-               generate_query_values($exist_contacts, 'contact_id', '!='); // exclude exist contacts
+               generate_query_values_and($exist_contacts, 'contact_id', '!='); // exclude exist contacts
         //print_vars($sql);
         foreach (dbFetchColumn($sql) as $contact_id)
         {

html/includes/authenticate-functions.inc.php

@@ -262,4 +262,12 @@ function auth_user_info($username)
   }
 }
 
+// Create placeholder user for users logged in via non-MySQL mechanisms to enable user list
+function create_mysql_user($username, $userid, $level = '1', $type = 'mysql')
+{
+  if(isset($username) && isset($userid) && is_numeric($userid)) {
+    dbInsert(array('username' => $username, 'user_id' => $userid, 'level' => $level, 'type' => $type), 'users');
+  }
+}
+
 // EOF

html/includes/authenticate.inc.php

@@ -5,8 +5,8 @@
  *   This file is part of Observium.
  *
  * @package    observium
- * @subpackage authentication
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2021 Observium Limited
+ * @subpackage web
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
@@ -23,15 +23,19 @@ define('OBS_AJAX', (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SE
 
 $debug_auth = FALSE; // Do not use this debug unless you Observium Developer ;)
 
-if (PHP_VERSION_ID < 70100)
-{
+if (PHP_VERSION_ID < 70100) {
   // Use sha1 to generate the session ID (option removed in php 7.1)
   // session.sid_length (Number of session ID characters - 22 to 256.
   // session.sid_bits_per_character (Bits used per character - 4 to 6.
   @ini_set('session.hash_function', '1');
 }
+
 @ini_set('session.referer_check', '');     // This config was causing so much trouble with Chrome
-@ini_set('session.name', 'OBSID');         // Session name
+if (OBS_API) {
+  @ini_set('session.name', 'OBSAPI');      // Session name for API
+} else {
+  @ini_set('session.name', 'OBSID');       // Session name for common Web UI
+}
 @ini_set('session.use_cookies', '1');      // Use cookies to store the session id on the client side
 @ini_set('session.use_only_cookies', '1'); // This prevents attacks involved passing session ids in URLs
 @ini_set('session.use_trans_sid', '0');    // Disable SID (no session id in url)
@@ -48,13 +52,13 @@ $cookie_httponly = FALSE;
 //$cookie_httponly = TRUE;
 
 // Use custom session lifetime
-if (is_numeric($GLOBALS['config']['web_session_lifetime']) && $GLOBALS['config']['web_session_lifetime'] >= 0) {
+if (is_intnum($GLOBALS['config']['web_session_lifetime']) && $GLOBALS['config']['web_session_lifetime'] >= 0) {
   $lifetime = (int)$GLOBALS['config']['web_session_lifetime'];
 }
 
 @ini_set('session.gc_maxlifetime',  $lifetime); // Session lifetime (for non "remember me" sessions)
-if (PHP_VERSION_ID >= 70300)
-{
+
+if (PHP_VERSION_ID >= 70300) {
   // Allows servers to assert that a cookie ought not to be sent along with cross-site requests.
   // Lax will sent the cookie for cross-domain GET requests, while Strict will not
   //@ini_set('session.cookie_samesite', 'Strict');
@@ -64,7 +68,7 @@ if (PHP_VERSION_ID >= 70300)
     'domain'   => $cookie_domain,
     'secure'   => $cookie_https,
     'httponly' => $cookie_httponly,
-    'samesite' => 'Strict'
+    'samesite' => 'Lax' // 'Strict' /// FIXME. Set this configurable? See: https://jira.observium.org/browse/OBS-4214
   ];
   session_set_cookie_params($cookie_params);
 } else {
@@ -77,28 +81,24 @@ if (!session_is_active()) {
   session_regenerate();
 }
 
-if ($debug_auth && empty($_SESSION['authenticated']))
-{
+if ($debug_auth && empty($_SESSION['authenticated'])) {
   logfile('debug_auth.log', __LINE__ . " NOT Authenticated!!!. IP=[" . get_remote_addr($config['web_session_ip_by_header']) . "]. URL=[" . $_SERVER['REQUEST_URI'] . "]");
   logfile('debug_auth.log', __LINE__ . ' ' . json_encode($_SESSION));
 }
 
 // Fallback to MySQL auth as default - FIXME do this in sqlconfig file?
-if (!isset($config['auth_mechanism']))
-{
+if (!isset($config['auth_mechanism'])) {
   $config['auth_mechanism'] = "mysql";
 }
 
 // Trust Apache authenticated user, if configured to do so and username is available
-if ($config['auth']['remote_user'] && $_SERVER['REMOTE_USER'] != '')
-{
+if ($config['auth']['remote_user'] && is_valid_param($_SERVER['REMOTE_USER'], 'username')) {
   session_set_var('username', $_SERVER['REMOTE_USER']);
 }
 
 $auth_file = $config['html_dir'].'/includes/authentication/' . $config['auth_mechanism'] . '.inc.php';
 if (is_file($auth_file)) {
-  if (isset($_SESSION['auth_mechanism']) && $_SESSION['auth_mechanism'] != $config['auth_mechanism'])
-  {
+  if (isset($_SESSION['auth_mechanism']) && $_SESSION['auth_mechanism'] != $config['auth_mechanism']) {
     // Logout if AUTH mechanism changed
     session_logout();
     reauth_with_message('Authentication mechanism changed, please log in again!');
@@ -123,14 +123,12 @@ if (is_file($auth_file)) {
 if ($_SESSION['authenticated'] && str_starts(ltrim($_SERVER['REQUEST_URI'], '/'), 'logout')) {
   // Do not use $vars and get_vars here!
   //print_vars($_SERVER['REQUEST_URI']);
-  if (auth_can_logout())
-  {
+  if (auth_can_logout()) {
     // No need for a feedback message if user requested a logout
     session_logout(function_exists('auth_require_login'));
 
     $redirect = auth_logout_url();
-    if ($redirect)
-    {
+    if ($redirect) {
       redirect_to_url($redirect);
       exit();
     }
@@ -144,8 +142,7 @@ $user_unique_id = session_unique_id(); // Get unique user id and check if IP cha
 // Store logged remote IP with real proxied IP (if configured and available)
 $remote_addr = get_remote_addr();
 $remote_addr_header = get_remote_addr(TRUE); // Remote addr by http header
-if ($remote_addr_header && $remote_addr != $remote_addr_header)
-{
+if ($remote_addr_header && $remote_addr != $remote_addr_header) {
   $remote_addr = $remote_addr_header . ' (' . $remote_addr . ')';
 }
 
@@ -156,15 +153,16 @@ if (isset($config['web_session_cidr']) && count($config['web_session_cidr'])) {
 }
 
 if (!$_SESSION['authenticated']) {
-  if (isset($_GET['username']) && isset($_GET['password']) &&
-      is_string($_GET['username']) && is_string($_GET['password'])) {
+  if (isset($_GET['username'], $_GET['password']) &&
+      is_valid_param($_GET['username'], 'username') && is_valid_param($_GET['password'], 'password')) {
+
     session_set_var('username', $_GET['username']);
     $auth_password        = $_GET['password'];
     //r($_GET);
     //r($_SESSION);
-  } elseif (isset($_POST['username']) && isset($_POST['password']) &&
-            is_string($_POST['username']) && is_string($_POST['password']))
-  {
+  } elseif (isset($_POST['username'], $_POST['password']) &&
+            is_valid_param($_POST['username'], 'username') && is_valid_param($_POST['password'], 'password')) {
+
     session_set_var('username', $_POST['username']);
     $auth_password        = $_POST['password'];
   } elseif (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
@@ -256,8 +254,7 @@ if (isset($_SESSION['username'])) {
                    'user_agent' => $_SERVER['HTTP_USER_AGENT'],
                    'result'     => 'Logged In'), 'authlog');
     // Generate keys for cookie auth
-    if (isset($_POST['remember']) && OBS_ENCRYPT)
-    {
+    if (isset($_POST['remember']) && OBS_ENCRYPT) {
       $ckey = md5(strgen());
       $dkey = md5(strgen());
       $encpass = encrypt($auth_password, $dkey);
@@ -307,28 +304,15 @@ if (isset($_SESSION['username'])) {
     session_commit();
 
     // Hardcoded level permissions
+    /// FIXME. It's seems unused?..
 
-    $user_perms = array();
+    $user_perms = [];
 
-    $perms[0]  = [];
-    $perms[1]  = ['LOGIN'];
-    $perms[2]  = [];
-    $perms[3]  = [];
-    $perms[5]  = ['GLOBAL_READ'];
-    $perms[6]  = [];
-    $perms[7]  = [];
-    $perms[8]  = [];
-    $perms[9]  = [];
-    $perms[10] = ['ADMIN'];
-
-    foreach($perms as $level => $array)
-    {
-      if($_SESSION['userlevel'] >= $level)
-      {
-        foreach($array AS $entry) { $user_perms[$entry] = $entry; }
+    foreach ($config['user_level'] as $level => $array) {
+      if ($_SESSION['userlevel'] >= $level) {
+        foreach($array['roles'] as $entry) { $user_perms[$entry] = $entry; }
       }
     }
-
     //print_vars($user_perms);
 
     //print_vars($_SESSION);

html/includes/authentication/ldap.inc.php

@@ -6,7 +6,7 @@
  *
  * @package    observium
  * @subpackage authentication
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2021 Observium Limited
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
@@ -67,7 +67,7 @@ function ldap_search_user($ldap_group, $userdn, $depth = -1) {
 
     $ldap_search  = ldap_search($ds, trim($config['auth_ldap_groupbase'], ', '), $filter, array($config['auth_ldap_attr']['dn']));
     //r($filter);
-    if (is_resource($ldap_search)) {
+    if (ldap_internal_is_valid($ldap_search)) {
       $ldap_results = ldap_get_entries($ds, $ldap_search);
 
       //r($ldap_results);
@@ -101,30 +101,30 @@ function ldap_search_user($ldap_group, $userdn, $depth = -1) {
  * Initializes the LDAP connection to the specified server(s). Cycles through all servers, throws error when no server can be reached.
  * Private function for this LDAP module only.
  */
-function ldap_init()
-{
+function ldap_init() {
   global $ds, $config;
 
-  if (!is_resource($ds))
-  {
+  if (!ldap_internal_is_valid($ds)) {
     print_debug('LDAP[Connecting to ' . implode(' ',$config['auth_ldap_server']) . ']');
-    $ds = @ldap_connect(implode(' ',$config['auth_ldap_server']), $config['auth_ldap_port']);
+    if ($config['auth_ldap_port'] === 636) {
+      print_debug('LDAP[Port 636. Prepending ldaps:// to server URI]');
+      $ds = @ldap_connect(implode(' ',preg_filter('/^(ldaps:\/\/)?/', 'ldaps://', $config['auth_ldap_server'])), $config['auth_ldap_port']);
+    } else {
+      $ds = @ldap_connect(implode(' ',$config['auth_ldap_server']), $config['auth_ldap_port']);
+    }
     print_debug("LDAP[Connected]");
 
     if ($config['auth_ldap_starttls'] &&
-        (in_array($config['auth_ldap_starttls'], [ 'optional', 'require', '1', 1, TRUE ], TRUE)))
-    {
+        (in_array($config['auth_ldap_starttls'], [ 'optional', 'require', '1', 1, TRUE ], TRUE))) {
       $tls = ldap_start_tls($ds);
-      if ($config['auth_ldap_starttls'] === 'require' && !$tls)
-      {
+      if ($config['auth_ldap_starttls'] === 'require' && !$tls) {
         session_logout();
         print_error("Fatal error: LDAP TLS required but not successfully negotiated [" . ldap_error($ds) . "]");
         exit;
       }
     }
 
-    if ($config['auth_ldap_referrals'])
-    {
+    if ($config['auth_ldap_referrals']) {
       ldap_set_option($ds, LDAP_OPT_REFERRALS, $config['auth_ldap_referrals']);
       print_debug("LDAP[Referrals][Set to " . $config['auth_ldap_referrals'] . "]");
     } else {
@@ -132,8 +132,7 @@ function ldap_init()
       print_debug("LDAP[Referrals][Disabled]");
     }
 
-    if ($config['auth_ldap_version'])
-    {
+    if ($config['auth_ldap_version']) {
       ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $config['auth_ldap_version']);
       print_debug("LDAP[Version][Set to " . $config['auth_ldap_version'] . "]");
     }
@@ -385,11 +384,12 @@ function ldap_auth_user_id($username)
   $filter_params[] = ldap_filter_create('objectClass', $config['auth_ldap_objectclass']);
   $filter_params[] = ldap_filter_create($config['auth_ldap_attr']['uid'], $username);
   $filter          = ldap_filter_combine($filter_params);
-  
+
   print_debug("LDAP[Filter][$filter][" . trim($config['auth_ldap_suffix'], ', ') . "]");
   $search = ldap_search($ds, trim($config['auth_ldap_suffix'], ', '), $filter);
-  $entries = is_resource($search) ? ldap_get_entries($ds, $search) : [];
-  //print_vars($entries);
+  //r($search);
+  $entries = ldap_internal_is_valid($search) ? ldap_get_entries($ds, $search) : [];
+  //r($entries);
 
   if ($entries['count'])
   {
@@ -500,7 +500,7 @@ function ldap_auth_user_list($username = NULL) {
       //$group_filter .= '(memberof='.$group.')';
       $group_params[] = ldap_filter_create($config['auth_ldap_attr']['memberOf'], $group);
     }
-    
+
     $filter_params[] = ldap_filter_combine($group_params, '|');
 
     //$filter = '(&'.$filter.'(|'.$group_filter.'))';
@@ -566,7 +566,7 @@ function ldap_internal_user_entries($entries, &$userlist) {
 
         $compare = ldap_search_user($ldap_group, $userdn);
         //print_warning("$username, $realname, ");
-        //print_vars($compare);
+        //r($compare);
 
         if ($compare === -1) {
           print_debug("LDAP[UserList][Compare LDAP error: " . ldap_error($ds) . "]");
@@ -606,9 +606,9 @@ function ldap_internal_paged_entries($filter, $attributes)
     do {
       $search = ldap_search(
         $ds, trim($config['auth_ldap_suffix'], ', '), $filter, $attributes, 0, 0, 0, LDAP_DEREF_NEVER,
-        [['oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => ['size' => $page_size, 'cookie' => $cookie]]]
+        [['oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => [ 'size' => $page_size, 'cookie' => $cookie ]]]
       );
-      if (is_resource($search)) {
+      if (ldap_internal_is_valid($search)) {
         ldap_parse_result($ds, $search, $errcode, $matcheddn, $errmsg, $referrals, $controls);
         print_debug(ldap_error($ds));
         $entries = array_merge($entries, ldap_get_entries($ds, $search));
@@ -642,7 +642,7 @@ function ldap_internal_paged_entries($filter, $attributes)
 
       $search = ldap_search($ds, trim($config['auth_ldap_suffix'], ', '), $filter, $attributes);
       print_debug(ldap_error($ds));
-      if (is_resource($search)) {
+      if (ldap_internal_is_valid($search)) {
         $entries = array_merge($entries, ldap_get_entries($ds, $search));
         //print_vars($filter);
         //print_vars($search);
@@ -665,7 +665,7 @@ function ldap_internal_paged_entries($filter, $attributes)
     $search = ldap_search($ds, trim($config['auth_ldap_suffix'], ', '), $filter, $attributes);
     print_debug(ldap_error($ds));
 
-    if (is_resource($search)) {
+    if (ldap_internal_is_valid($search)) {
       $entries = ldap_get_entries($ds, $search);
       //print_vars($filter);
       //print_vars($search);
@@ -800,6 +800,9 @@ function ldap_bind_dn($username = "", $password = "")
  */
 function ldap_internal_dn_from_username($username)
 {
+
+  //r(debug_backtrace());
+
   global $config, $ds, $cache;
 
   if (!isset($cache['ldap']['dn'][$username]))
@@ -813,7 +816,11 @@ function ldap_internal_dn_from_username($username)
     print_debug("LDAP[Filter][$filter][" . trim($config['auth_ldap_suffix'], ', ') . "]");
 
     $search  = ldap_search($ds, trim($config['auth_ldap_suffix'], ', '), $filter);
-    if (is_resource($search)) {
+
+    //r($search);
+    //r(ldap_get_entries($ds, $search));
+
+    if (ldap_internal_is_valid($search)) {
       $entries = ldap_get_entries($ds, $search);
 
       if ($entries['count']) {
@@ -1110,6 +1117,16 @@ function ldap_unescape_filter_value($values = array())
   return $values;
 }
 
+function ldap_internal_is_valid($obj) {
+  if (PHP_VERSION_ID >= 80100) {
+    // ldap_bind() returns an LDAP\Connection instance in 8.1; previously, a resource was returned
+    // ldap_search() returns an LDAP\Result instance in 8.1; previously, a resource was returned.
+    return is_object($obj);
+  }
+
+  return is_resource($obj);
+}
+
 /**
  * Converts all ASCII chars < 32 to "\HEX"
  *

html/includes/authentication/mysql.inc.php

@@ -1,5 +1,4 @@
 <?php
-
 /**
  * Observium
  *
@@ -7,7 +6,7 @@
  *
  * @package    observium
  * @subpackage authentication
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2019 Observium Limited
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
@@ -23,7 +22,7 @@ function mysql_authenticate($username, $password)
 {
   global $config;
 
-  $row = dbFetchRow("SELECT `username`, `password` FROM `users` WHERE `username` = ?", array($username));
+  $row = dbFetchRow("SELECT `username`, `password` FROM `users` WHERE `username` = ? AND `type` = ?", [ $username, 'mysql' ]);
   if ($row['username'] && $row['username'] == $username)
   {
     if ($config['auth']['remote_user']) { return 1; }
@@ -78,12 +77,11 @@ function mysql_auth_can_change_password($username = "")
 {
   global $config;
 
-  if ((empty($username) || !mysql_auth_user_exists($username)) && !$config['auth']['remote_user'])
-  {
+  if ((empty($username) || !mysql_auth_user_exists($username)) && !$config['auth']['remote_user']) {
     return TRUE;
-  } else {
-    return dbFetchCell("SELECT `can_modify_passwd` FROM `users` WHERE `username` = ?", array($username)); // FIXME should return BOOL
   }
+
+  return dbFetchCell("SELECT `can_modify_passwd` FROM `users` WHERE `username` = ? AND `type` = ?", [ $username, 'mysql' ]); // FIXME should return BOOL
 }
 
 /**
@@ -99,7 +97,7 @@ function mysql_auth_change_password($username,$password)
 
   // $hash = crypt($password, '$1$' . strgen(8).'$'); // This is old hash, do not used anymore (keep for history)
   $hash = password_hash($password, PASSWORD_DEFAULT);
-  return dbUpdate(array('password' => $hash), 'users', '`username` = ?', array($username)); // FIXME should return BOOL
+  return dbUpdate([ 'password' => $hash ], 'users', '`username` = ? AND `type` = ?', [ $username, 'mysql' ]); // FIXME should return BOOL
 }
 
 /**
@@ -124,16 +122,22 @@ function mysql_auth_usermanagement()
  * @param string $description User's description
  * @return bool TRUE if user addition is successful, FALSE if it is not
  */
-function mysql_adduser($username, $password, $level, $email = "", $realname = "", $can_modify_passwd='1', $description = "")
+function mysql_adduser($username, $password, $level, $email = "", $realname = "", $can_modify_passwd = '1', $description = "")
 {
   if (!mysql_auth_user_exists($username))
   {
     // $hash = crypt($password, '$1$' . strgen(8).'$'); // This is old hash, do not used anymore (keep for history)
     $hash = password_hash($password, PASSWORD_DEFAULT);
-    return dbInsert(array('username' => $username, 'password' => $hash, 'level' => $level, 'email' => $email, 'realname' => $realname, 'can_modify_passwd' => $can_modify_passwd, 'descr' => $description), 'users');
-  } else {
-    return FALSE;
+    return dbInsert([ 'username' => $username,
+                      'password' => $hash,
+                      'level' => $level,
+                      'email' => $email,
+                      'realname' => $realname,
+                      'can_modify_passwd' => $can_modify_passwd,
+                      'descr' => $description ], 'users');
   }
+
+  return FALSE;
 }
 
 /**
@@ -145,7 +149,7 @@ function mysql_adduser($username, $password, $level, $email = "", $realname = ""
 function mysql_auth_user_exists($username)
 {
   //return @dbFetchCell("SELECT COUNT(*) FROM `users` WHERE `username` = ?", array($username)); // FIXME should return BOOL
-  return dbExist('users', '`username` = ?', array($username));
+  return dbExist('users', '`username` = ? AND `type` = ?', [ $username, 'mysql' ]);
 }
 
 /**
@@ -156,7 +160,7 @@ function mysql_auth_user_exists($username)
  */
 function mysql_auth_username_by_id($user_id)
 {
-  return dbFetchCell("SELECT `username` FROM `users` WHERE `user_id` = ?", array($user_id)); // FIXME should return FALSE if not found
+  return dbFetchCell("SELECT `username` FROM `users` WHERE `user_id` = ? AND `type` = ?", [ $user_id, 'mysql' ]); // FIXME should return FALSE if not found
 }
   
 /**
@@ -167,7 +171,7 @@ function mysql_auth_username_by_id($user_id)
  */
 function mysql_auth_user_level($username)
 {
-  return dbFetchCell("SELECT `level` FROM `users` WHERE `username` = ?", array($username));
+  return dbFetchCell("SELECT `level` FROM `users` WHERE `username` = ? AND `type` = ?", [ $username, 'mysql' ]);
 }
 
 /**
@@ -178,7 +182,7 @@ function mysql_auth_user_level($username)
  */
 function mysql_auth_user_id($username)
 {
-  return dbFetchCell("SELECT `user_id` FROM `users` WHERE `username` = ?", array($username));
+  return dbFetchCell("SELECT `user_id` FROM `users` WHERE `username` = ? AND `type` = ?", [ $username, 'mysql' ]);
 }
 
 /**
@@ -196,7 +200,7 @@ function mysql_deluser($username)
   dbDelete('users_prefs',        "`user_id` = ?", array($user_id));
   dbDelete('users_ckeys',       "`username` = ?", array($username));
 
-  return dbDelete('users', "`username` =  ?", array($username)); // FIXME should return BOOL
+  return dbDelete('users', "`username` = ? AND `type` = ?", [ $username, 'mysql' ]); // FIXME should return BOOL
 }
 
 /**
@@ -206,7 +210,7 @@ function mysql_deluser($username)
  */
 function mysql_auth_user_list()
 {
-  return dbFetchRows("SELECT * FROM `users`"); // FIXME hardcode list of returned fields as in all other backends; array content should not depend on db changes/column names.
+  return dbFetchRows("SELECT * FROM `users` WHERE `type` = ?", [ 'mysql' ]); // FIXME hardcode list of returned fields as in all other backends; array content should not depend on db changes/column names.
 }
 
 /**
@@ -217,7 +221,7 @@ function mysql_auth_user_list()
  */
 function mysql_auth_user_info($username)
 {
-  return dbFetchRow("SELECT * FROM `users` WHERE `username` = ?", array($username));
+  return dbFetchRow("SELECT * FROM `users` WHERE `username` = ? AND `type` = ?", [ $username, 'mysql' ]);
 }
 
 // EOF

html/includes/authentication/radius.inc.php

@@ -1,5 +1,4 @@
 <?php
-
 /**
  * Observium
  *
@@ -7,7 +6,7 @@
  *
  * @package    observium
  * @subpackage authentication
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2019 Observium Limited
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
@@ -219,14 +218,14 @@ function radius_adduser($username, $password, $level, $email = "", $realname = "
 
 /**
  * Check if a user, specified by username, exists in the user backend.
- * This is not currently possible using the RADIUS backend.
+ * This will only return users that have logged in at least once and inserted into MySQL
  *
  * @param string $username Username to check
  * @return bool TRUE if the user exists, FALSE if they do not
  */
 function radius_auth_user_exists($username)
 {
-  return FALSE;
+  return dbExist('users', '`username` = ? AND `type` = ?', [ $username, 'radius' ]);
 }
 
 /**
@@ -246,7 +245,7 @@ function radius_auth_user_level($username)
 
     if (!isset($cache['radius']['level'][$username]))
     {
-      if ($config['auth_radius_groupmemberattr'] == 18 || strtolower($config['auth_radius_groupmemberattr']) == 'reply-message')
+      if ($config['auth_radius_groupmemberattr'] == 18 || strtolower($config['auth_radius_groupmemberattr']) === 'reply-message')
       {
         // Reply-Message (18)
         $attribute = RADIUS_REPLY_MESSAGE;
@@ -285,7 +284,18 @@ function radius_auth_user_level($username)
       $rad_userlevel = 10;
     }
   }
-  //r($rad_userlevel);
+
+  // If we don't already have an entry for this RADIUS user in the MySQL database, create one
+  if (!radius_auth_user_exists($username)){
+    $user_id = radius_auth_user_id($username);
+    create_mysql_user($username, $user_id, $rad_userlevel, 'radius');
+  } else {
+    // Update the user's level in MySQL if it doesn't match. This is really informational only.
+    if (dbFetchCell("SELECT `level` FROM `users` WHERE `username` = ? AND `type` = ?", [ $username, 'radius' ]) != $rad_userlevel) {
+      $user_id = radius_auth_user_id($username);
+      dbUpdate([ 'level' => $rad_userlevel, 'user_id' => $user_id ], 'users', '`username` = ? AND `type` = ?', [ $username, 'radius' ]);
+    }
+  }
 
   return $rad_userlevel;
 }
@@ -324,8 +334,8 @@ function radius_deluser($username)
  */
 function radius_auth_user_list()
 {
-  $userlist = array();
-  return $userlist;
+    // Send list of users from MySQL
+    return dbFetchRows("SELECT * FROM `users` WHERE `type` = ?", [ 'radius' ]);
 }
 
 // EOF

html/includes/cache-data.inc.php

@@ -6,10 +6,11 @@
  *
  * @package    observium
  * @subpackage web
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2020 Observium Limited
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
+$cache_data_start = microtime(TRUE);
 $cache_item = get_cache_item('data');
 //print_vars($cache_item->isHit());
 
@@ -33,17 +34,22 @@ if (!ishit_cache_item($cache_item))
   // This means device_by_id_cache actually never has to do any queries by itself, it'll always get the
   // cached version when running from the web interface. From the commandline obviously we'll need to fetch
   // the data per-device. We pre-fetch the graphs list as well, much faster than a query per device obviously.
-  $graphs_array = dbFetchRows("SELECT * FROM `device_graphs` FORCE INDEX (`graph`) ORDER BY `graph`;");
+  //$graphs_array = dbFetchRows("SELECT * FROM `device_graphs` FORCE INDEX (`graph`) ORDER BY `graph`;");
 
-  foreach ($graphs_array as $graph)
+  $cache['graphs'] = [];
+  foreach(dbFetchRows("SELECT `graph` FROM `device_graphs` GROUP BY `graph` ORDER BY `graph`;") as $entry)
+  {
+    $cache['graphs'][$entry['graph']] = $entry['graph'];
+  }
+
+  /*foreach ($graphs_array as $graph)
   {
     // Cache this per device_id so we can assign it to the correct (cached) device in the for loop below
     if ($graph['enabled'])
     {
       $device_graphs[$graph['device_id']][$graph['graph']] = $graph;
     }
-  }
-  $cache['graphs'] = array(); // All permitted graphs
+  }*/
 
   // Cache scheduled maintenance currently active
   $cache['maint'] = cache_alert_maintenance();
@@ -54,16 +60,18 @@ if (!ishit_cache_item($cache_item))
   } else {
     $devices_array = dbFetchRows("SELECT * FROM `devices` ORDER BY `hostname`;");
   }
+
   foreach ($devices_array as $device)
   {
     if (device_permitted($device['device_id']))
     {
       // Process device and add all the human-readable stuff.
-      humanize_device($device);
+      // Very slow on larger systems (3s with 2000 devices)
+      //humanize_device($device);
 
       // Assign device graphs from array created above
-      $device['graphs'] = (array)$device_graphs[$device['device_id']];
-      $cache['graphs']  = array_unique(array_merge($cache['graphs'], array_keys($device['graphs']))); // Add to global array cache
+      //$device['graphs'] = (array)$device_graphs[$device['device_id']];
+      //$cache['graphs']  = array_unique(array_merge($cache['graphs'], array_keys($device['graphs']))); // Add to global array cache
 
       $cache['devices']['permitted'][] = (int)$device['device_id']; // Collect IDs for permitted
       $cache['devices']['hostname'][$device['hostname']] = $device['device_id'];
@@ -184,10 +192,10 @@ if (!ishit_cache_item($cache_item))
   // Devices disabled
   if (isset($cache['devices']['disabled']) && count($cache['devices']['disabled']) > 0)
   {
-    $cache['ports']['device_disabled'] = dbFetchColumn("SELECT `port_id` FROM `ports` WHERE 1 " . $where_permitted . generate_query_values($cache['devices']['disabled'], 'device_id'));
+    $cache['ports']['device_disabled'] = dbFetchColumn("SELECT `port_id` FROM `ports` WHERE 1 " . $where_permitted . generate_query_values_and($cache['devices']['disabled'], 'device_id'));
     if (!$config['web_show_disabled'])
     {
-      $where_hide  .= generate_query_values($cache['devices']['disabled'], 'device_id', '!=');
+      $where_hide  .= generate_query_values_and($cache['devices']['disabled'], 'device_id', '!=');
     }
   }
 
@@ -195,9 +203,9 @@ if (!ishit_cache_item($cache_item))
   $where_devices_ignored = '';
   if (isset($cache['devices']['ignored']) && count($cache['devices']['ignored']) > 0)
   {
-    $cache['ports']['device_ignored'] = dbFetchColumn("SELECT `port_id` FROM `ports` WHERE 1 " . $where_permitted . $where_hide . generate_query_values($cache['devices']['ignored'], 'device_id'));
-    $where_hide  .= generate_query_values($cache['devices']['ignored'], 'device_id', '!=');
-    $where_devices_ignored = generate_query_values($cache['devices']['ignored'], 'device_id');
+    $cache['ports']['device_ignored'] = dbFetchColumn("SELECT `port_id` FROM `ports` WHERE 1 " . $where_permitted . $where_hide . generate_query_values_and($cache['devices']['ignored'], 'device_id'));
+    $where_hide  .= generate_query_values_and($cache['devices']['ignored'], 'device_id', '!=');
+    $where_devices_ignored = generate_query_values_and($cache['devices']['ignored'], 'device_id');
   }
   $cache['ports']['stat']['device_ignored']   = count($cache['ports']['device_ignored']);
 
@@ -650,6 +658,8 @@ unset($cache_item);
 //print_vars(get_cache_items('__wui'));
 //print_vars(get_cache_stats());
 
+$cache_data_time = microtime(TRUE) - $cache_data_start;
+
 // EOF
 
 

html/includes/contacts-navbar.inc.php

@@ -341,10 +341,10 @@ $("#contact_method").change(function() {
     } else {
       $script .= PHP_EOL . "  } else if (select === '" . $transport . "') {" . PHP_EOL;
     }
-    $script .= "    \$('div[id^=\"contact_${transport}_\"]').show();" . PHP_EOL . "   ";
+    $script .= "    \$('div[id^=\"contact_{$transport}_\"]').show();" . PHP_EOL . "   ";
     foreach (array_keys($config['transports']) as $ltransport) {
       if ($transport != $ltransport) {
-        $script .= " \$('div[id^=\"contact_${ltransport}_\"]').hide();";
+        $script .= " \$('div[id^=\"contact_{$ltransport}_\"]').hide();";
       }
     }
 

html/includes/entities/cbqos.inc.php

@@ -6,7 +6,7 @@
  *
  * @package    observium
  * @subpackage web
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2021 Observium Limited
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
@@ -28,21 +28,21 @@ function build_cbqos_query($vars)
     switch ($var) {
       case "policy_name":
       case "object_name":
-        $sql .= generate_query_values($value, $var);
+        $sql .= generate_query_values_and($value, $var);
         break;
       case "group":
       case "group_id":
         $values = get_group_entities($value);
-        $sql .= generate_query_values($values, 'cbqos_id');
+        $sql .= generate_query_values_and($values, 'cbqos_id');
         break;
       case 'device_group_id':
       case 'device_group':
         $values = get_group_entities($value, 'device');
-        $sql .= generate_query_values($values, 'ports_cbqos.device_id');
+        $sql .= generate_query_values_and($values, 'ports_cbqos.device_id');
         break;
       case "device":
       case "device_id":
-        $sql .= generate_query_values($value, 'ports_cbqos.device_id');
+        $sql .= generate_query_values_and($value, 'ports_cbqos.device_id');
         break;
     }
   }

html/includes/entities/counter.inc.php

@@ -6,14 +6,14 @@
  *
  * @package    observium
  * @subpackage web
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2021 Observium Limited
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
 /**
  * Humanize counter.
  *
- * Returns a the $counter array with processed information:
+ * Returns a $counter array with processed information:
  * counter_state (TRUE: state counter, FALSE: normal counter)
  * human_value, counter_symbol, state_name, state_event, state_class
  *
@@ -164,42 +164,42 @@ function build_counter_query($vars, $query_count = FALSE)
       case "group":
       case "group_id":
         $values = get_group_entities($value);
-        $sql .= generate_query_values($values, 'counters.counter_id');
+        $sql .= generate_query_values_and($values, 'counters.counter_id');
         break;
       case 'device_group_id':
       case 'device_group':
         $values = get_group_entities($value, 'device');
-        $sql .= generate_query_values($values, 'counters.device_id');
+        $sql .= generate_query_values_and($values, 'counters.device_id');
         break;
       case "device":
       case "device_id":
-        $sql .= generate_query_values($value, 'counters.device_id');
+        $sql .= generate_query_values_and($value, 'counters.device_id');
         break;
       case "id":
       case "counter_id":
-        $sql .= generate_query_values($value, 'counters.counter_id');
+        $sql .= generate_query_values_and($value, 'counters.counter_id');
         break;
       case "entity_id":
-        $sql .= generate_query_values($value, 'counters.measured_entity');
+        $sql .= generate_query_values_and($value, 'counters.measured_entity');
         break;
       case "entity_type":
-        $sql .= generate_query_values($value, 'counters.measured_class');
+        $sql .= generate_query_values_and($value, 'counters.measured_class');
         break;
       case 'entity_state':
       case "measured_state":
-        $sql .= build_entity_measured_where('counter', ['measured_state' => $value]);
+        $sql .= build_entity_measured_where('counter', [ 'measured_state' => $value ]);
         break;
       case 'class':
       case "counter_class":
-        $sql .= generate_query_values($value, 'counter_class');
+        $sql .= generate_query_values_and($value, 'counter_class');
         break;
       case "descr":
       case "counter_descr":
-        $sql .= generate_query_values($value, 'counters.counter_descr', '%LIKE%');
+        $sql .= generate_query_values_and($value, 'counters.counter_descr', '%LIKE%');
         break;
       case "event":
       case "counter_event":
-        $sql .= generate_query_values($value, 'counter_event');
+        $sql .= generate_query_values_and($value, 'counter_event');
         break;
     }
   }
@@ -443,7 +443,7 @@ function generate_counter_row($counter, $vars)
                             $counter['counter_class'],
                             $config['counter_types'][$counter['counter_class']]['alt_units']) as $unit => $unit_value)
     {
-      if (is_numeric($unit_value)) { $counter_tooltip .= "<br />${unit_value}${unit}"; }
+      if (is_numeric($unit_value)) { $counter_tooltip .= "<br />{$unit_value}{$unit}"; }
     }
   }
 

html/includes/entities/device.inc.php

@@ -6,7 +6,7 @@
  *
  * @package    observium
  * @subpackage web
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2021 Observium Limited
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
@@ -14,29 +14,25 @@
  * Build devices where array
  *
  * This function returns an array of "WHERE" statements from a $vars array.
- * The returned array can be implode()d and used on the devices table.
+ * The returned array can be imploded and used on the devices table.
  * Originally extracted from the /devices/ page
  *
  * @param array $vars
  * @return array
  */
-function build_devices_where_array($vars)
-{
+function build_devices_where_array($vars) {
   $where_array = array();
-  foreach ($vars as $var => $value)
-  {
-    if ($value != '')
-    {
-      switch ($var)
-      {
+  foreach ($vars as $var => $value) {
+    if (!safe_empty($value)) {
+      switch ($var) {
         case 'group':
         case 'group_id':
           $values = get_group_entities($value);
-          $where_array[$var] = generate_query_values($values, 'device_id');
+          $where_array[$var] = generate_query_values_and($values, 'device_id');
           break;
         case 'device':
         case 'device_id':
-          $where_array[$var] = generate_query_values($value, 'device_id');
+          $where_array[$var] = generate_query_values_and($value, 'device_id');
           break;
         case 'hostname':
         case 'sysname':
@@ -44,13 +40,15 @@ function build_devices_where_array($vars)
         case 'sysDescr':
         case 'serial':
         case 'purpose':
-          $where_array[$var] = generate_query_values($value, $var, '%LIKE%');
+          $condition = str_contains_array($value, [ '*', '?' ]) ? 'LIKE' : '%LIKE%';
+          $where_array[$var] = generate_query_values_and($value, $var, $condition);
           break;
         case 'location_text':
-          $where_array[$var] = generate_query_values($value, 'devices.location', '%LIKE%');
+          $condition = str_contains_array($value, [ '*', '?' ]) ? 'LIKE' : '%LIKE%';
+          $where_array[$var] = generate_query_values_and($value, 'devices.location', $condition);
           break;
         case 'location':
-          $where_array[$var] = generate_query_values($value, 'devices.location');
+          $where_array[$var] = generate_query_values_and($value, 'devices.location');
           break;
         case 'location_lat':
         case 'location_lon':
@@ -60,7 +58,7 @@ function build_devices_where_array($vars)
         case 'location_city':
           if ($GLOBALS['config']['geocoding']['enable'])
           {
-            $where_array[$var] = generate_query_values($value, 'devices_locations.' . $var);
+            $where_array[$var] = generate_query_values_and($value, 'devices_locations.' . $var);
           }
           break;
         case 'os':
@@ -74,10 +72,10 @@ function build_devices_where_array($vars)
         case 'distro':
         case 'ignore':
         case 'disabled':
-          $where_array[$var] = generate_query_values($value, $var);
+          $where_array[$var] = generate_query_values_and($value, $var);
           break;
         case 'graph':
-          $where_array[$var] = generate_query_values(devices_with_graph($value), "devices.device_id");
+          $where_array[$var] = generate_query_values_and(devices_with_graph($value), "devices.device_id");
      }
     }
   }
@@ -103,7 +101,6 @@ function devices_with_graph($graph)
 function build_devices_sort($vars)
 {
   $order = '';
-  $desc_order = isset($vars['sort_desc']) && $vars['sort_desc'];
   switch ($vars['sort'])
   {
     case 'uptime':
@@ -112,13 +109,12 @@ function build_devices_sort($vars)
     case 'features':
     case 'type':
     case 'os':
+    case 'sysName':
     case 'device_id':
       $order = ' ORDER BY `devices`.`'.$vars['sort'].'`';
-      if ($desc_order)
-      {
-        $order .= " DESC";
-      }
+      if ($vars['sort_order'] == "desc") { $order .= " DESC";}
       break;
+
     case 'domain':
       // Special order hostnames in Domain Order
       // SELECT `hostname`,
@@ -126,19 +122,18 @@ function build_devices_sort($vars)
       //        SUBSTRING_INDEX(SUBSTRING_INDEX(`hostname`,'.',-2),'.',1) AS `middle`,
       //        SUBSTRING_INDEX(`hostname`,'.',-1) AS `rightmost`
       // FROM `devices` ORDER by `middle`, `rightmost`, `leftmost`;
-      if ($desc_order)
+      if ($vars['sort_order'] == "desc")
       {
         $order = ' ORDER BY `middle` DESC, `rightmost` DESC, `leftmost` DESC';
       } else {
         $order = ' ORDER BY `middle`, `rightmost`, `leftmost`';
       }
       break;
+
+    case 'hostname':
     default:
       $order = ' ORDER BY `devices`.`hostname`';
-      if ($desc_order)
-      {
-        $order .= " DESC";
-      }
+      if ($vars['sort_order'] == "desc") { $order .= " DESC"; }
       break;
   }
   return $order;
@@ -150,27 +145,9 @@ function print_device_header($device, $args = array()) {
 
   if (!is_array($device)) { print_error("Invalid device passed to print_device_header()!"); }
 
-  /* FIXME. Unused?
-  if ($device['status'] == '0') {  $class = "div-alert"; } else {   $class = "div-normal"; }
-  if ($device['ignore'] == '1')
-  {
-    $class = "div-ignore-alert";
-    if ($device['status'] == '1')
-    {
-      $class = "div-ignore";
-    }
-  }
-
-  if ($device['disabled'] == '1')
-  {
-    $class = "div-disabled";
-  }
-
-  $type = strtolower($device['os']);
-  */
   $div_class = 'box box-solid';
   if (!safe_empty($args['div-class'])) {
-    $div_class .= " ${args['div-class']}";
+    $div_class .= " " . $args['div-class'];
   }
 
   echo '<div class="'.$div_class.'">
@@ -200,12 +177,12 @@ function print_device_header($device, $args = array()) {
     }
 
     $graph_array = [];
-    $graph_array['height'] = "100";
-    $graph_array['width']  = "310";
-    $graph_array['to']     = $config['time']['now'];
+    //$graph_array['height'] = "100";
+    //$graph_array['width']  = "310";
+    $graph_array['to']     = get_time();
     $graph_array['device'] = $device['device_id'];
     $graph_array['type']   = "device_bits";
-    $graph_array['from']   = $config['time']['day'];
+    $graph_array['from']   = get_time('day');
     $graph_array['legend'] = "no";
 
     $graph_array['height'] = "45";
@@ -398,7 +375,7 @@ function print_device_row($device, $vars = array('view' => 'basic'), $link_vars
 
       // Preprocess device graphs array
       $graphs_enabled = [];
-      foreach ($GLOBALS['cache']['devices']['id'][$device['device_id']]['graphs'] as $graph)
+      foreach ($device['graphs'] as $graph)
       {
         $graphs_enabled[] = $graph['graph'];
       }
@@ -515,50 +492,41 @@ function get_device_icon($device, $base_icon = FALSE, $dark = FALSE) {
   }
 
   // Icon by vendor name
-  if ($icon === 'generic' && ($config['os'][$device['os']]['vendor'] || $device['vendor']))
-  {
-    if ($device['vendor'])
-    {
+  if ($icon === 'generic' && ($config['os'][$device['os']]['vendor'] || $device['vendor'])) {
+    if ($device['vendor']) {
       $vendor = $device['vendor'];
     } else {
       $vendor = rewrite_vendor($config['os'][$device['os']]['vendor']); // Compatibility, if device not polled for long time
     }
 
     $vendor_safe = safename(strtolower($vendor));
-    if (isset($config['vendors'][$vendor_safe]['icon']))
-    {
+    if (isset($config['vendors'][$vendor_safe]['icon'])) {
       $icon  = $config['vendors'][$vendor_safe]['icon'];
-    }
-    elseif (is_file($config['html_dir'] . '/images/os/' . $vendor_safe . '.png'))
-    {
+    } elseif (is_file($config['html_dir'] . '/images/os/' . $vendor_safe . '.png')) {
       $icon  = $vendor_safe;
-    }
-    elseif (isset($config['os'][$device['os']]['icons']))
-    {
+    } elseif (isset($config['os'][$device['os']]['icons'])) {
       // Fallback to os alternative icon
       $icon  = array_values($config['os'][$device['os']]['icons'])[0];
     }
   }
 
   // Set dark mode by session
-  if (isset($_SESSION['theme']))
-  {
+  if (isset($_SESSION['theme'])) {
     $dark = str_contains($_SESSION['theme'], 'dark');
   }
 
   // Prefer dark variant of icon in dark mode
-  if ($dark && is_file($config['html_dir'] . '/images/os/' . $icon . '-dark.png'))
-  {
+  if ($dark && is_file($config['html_dir'] . '/images/os/' . $icon . '-dark.png')) {
     $icon .= '-dark';
   }
 
-  if ($base_icon)
-  {
+  if ($base_icon) {
     // return base name for os icon
     return $icon;
   }
 
   // return image html tag
+  $base_url = rtrim($config['base_url'], '/');
   $srcset = '';
   // Now we always have 2x icon variant!
   //if (is_file($config['html_dir'] . '/images/os/' . $icon . '_2x.png')) // HiDPI image exist?
@@ -566,14 +534,13 @@ function get_device_icon($device, $base_icon = FALSE, $dark = FALSE) {
     // Detect allowed screen ratio for current browser
     $ua_info = detect_browser();
 
-    if ($ua_info['screen_ratio'] > 1)
-    {
-      $srcset = ' srcset="' .$config['base_url'] . '/images/os/' . $icon . '_2x.png'.' 2x"';
+    if ($ua_info['screen_ratio'] > 1) {
+      $srcset = ' srcset="' . $base_url . '/images/os/' . $icon . '_2x.png'.' 2x"';
     }
   //}
 
   // Image tag -- FIXME re-engineer this code to do this properly. This is messy.
-  return '<img src="' . $config['base_url'] . '/images/os/' . $icon . '.png"' . $srcset . ' alt="" />';
+  return '<img src="' . $base_url . '/images/os/' . $icon . '.png"' . $srcset . ' alt="" />';
 }
 
 // TESTME needs unit testing
@@ -638,8 +605,11 @@ function generate_device_popup($device, $vars = []) {
     }
   }
 
+  $count = 0;
   foreach ($graphs as $entry) {
 
+    if($count == 3) { break; }
+
     if ($entry && in_array(str_replace('device_', '', $entry), $graphs_enabled, TRUE)) {
       // No text provided for the minigraph, fetch from array
       if (preg_match(OBS_PATTERN_GRAPH_TYPE, $entry, $graphtype)) {
@@ -664,17 +634,13 @@ function generate_device_popup($device, $vars = []) {
 
       $content .= '<div style="width: 730px; white-space: nowrap;">';
       $content .= "<div class=entity-title><h4>" . $text . "</h4></div>";
-      /*
-      $content .= generate_box_open(array('title' => $text,
-                                          'body-style' => 'white-space: nowrap;'));
-      */
       $content .= generate_graph_tag($graph_array);
-
       $graph_array['from']   = get_time('week');
       $content .= generate_graph_tag($graph_array);
-
       $content .= '</div>';
-      //$content .= generate_box_close();
+
+      $count++;
+
     }
   }
 
@@ -722,41 +688,6 @@ function generate_device_link_short($device, $vars = [], $short = TRUE) {
   return generate_device_link($device, NULL, $vars, TRUE, $short);
 }
 
-function device_name($device, $max_len = FALSE) {
-  global $config;
-
-  switch (strtolower($config['web_device_name'])) {
-    case 'sysname':
-      $name_field = 'sysName';
-      break;
-    case 'purpose':
-    case 'descr':
-    case 'description':
-      $name_field = 'purpose';
-      break;
-    default:
-      $name_field = 'hostname';
-  }
-
-  if ($max_len && !is_intnum($max_len)) {
-    $max_len = $config['short_hostname']['length'];
-  }
-
-  if ($name_field !== 'hostname' && !safe_empty($device[$name_field])) {
-    if ($name_field === 'sysName' && $max_len && $max_len > 3) {
-      // short sysname when is valid hostname (do not escape here)
-      return short_hostname($device[$name_field], $max_len, FALSE);
-    }
-    return $device[$name_field];
-  }
-
-  if ($max_len && $max_len > 3) {
-    // short hostname (do not escape here)
-    return short_hostname($device['hostname'], $max_len, FALSE);
-  }
-  return $device['hostname'];
-}
-
 function generate_device_form_values($form_filter = FALSE, $column = 'device_id', $options = array())
 {
   global $cache;

html/includes/entities/generic.inc.php

@@ -54,6 +54,30 @@ function get_customoid_by_id($oid_id) {
 
 } // end function get_customoid_by_id()
 
+// DOCME needs phpdoc block
+// TESTME needs unit testing
+function get_application_by_id($application_id)
+{
+  if (is_numeric($application_id))
+  {
+    $application = dbFetchRow("SELECT * FROM `applications` WHERE `app_id` = ?", array($application_id));
+  }
+  if (is_array($application))
+  {
+    return $application;
+  } else {
+    return FALSE;
+  }
+}
+
+// DOCME needs phpdoc block
+// TESTME needs unit testing
+function accesspoint_by_id($ap_id, $refresh = '0')
+{
+  $ap = dbFetchRow("SELECT * FROM `accesspoints` WHERE `accesspoint_id` = ?", array($ap_id));
+
+  return $ap;
+}
 
 function generate_entity_popup_graphs($entity, $vars)
 {
@@ -376,8 +400,8 @@ function build_entity_measured_where($entity_type, $vars)
           {
             case 'port':
             case 'printersupply':
-              $measure_sql  = generate_query_values($measured_type, $column_measured_type, NULL, OBS_DB_NO_LEADING_AND);
-              $measure_sql .= generate_query_values($entities,      $column_measured_id);
+              $measure_sql  = generate_query_values_ng($measured_type, $column_measured_type);
+              $measure_sql .= generate_query_values_and($entities,      $column_measured_id);
               break;
           }
           if ($measure_sql) { $measure_array[] = $measure_sql; }
@@ -388,7 +412,7 @@ function build_entity_measured_where($entity_type, $vars)
         //$value = (array)$value;
         // Select all without measured entities
         if (in_array('none', $value)) {
-          $measure_array[] = generate_query_values(1, $column_measured_id, 'NULL', OBS_DB_NO_LEADING_AND);
+          $measure_array[] = generate_query_values_ng(1, $column_measured_id);
           $value = array_diff($value, [ 'none' ]);
         }
         if (count($value))
@@ -410,8 +434,8 @@ function build_entity_measured_where($entity_type, $vars)
                 $entities = dbFetchColumn($entity_sql);
                 //$entities = dbFetchColumn($entity_sql, NULL, TRUE);
                 //r($entities);
-                $measure_sql  = generate_query_values($measured_type, $column_measured_type, NULL, OBS_DB_NO_LEADING_AND);
-                $measure_sql .= generate_query_values($entities,      $column_measured_id);
+                $measure_sql  = generate_query_values_ng($measured_type, $column_measured_type);
+                $measure_sql .= generate_query_values_and($entities,     $column_measured_id);
                 break;
               case 'printersupply':
                 break;

html/includes/entities/mempool.inc.php

@@ -6,7 +6,7 @@
  *
  * @package    observium
  * @subpackage web
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2021 Observium Limited
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
@@ -32,20 +32,20 @@ function build_mempool_query($vars)
       case "group":
       case "group_id":
         $values = get_group_entities($value);
-        $sql .= generate_query_values($values, 'mempools.mempool_id');
+        $sql .= generate_query_values_and($values, 'mempools.mempool_id');
         break;
       case 'device_group_id':
       case 'device_group':
         $values = get_group_entities($value, 'device');
-        $sql .= generate_query_values($values, 'mempools.device_id');
+        $sql .= generate_query_values_and($values, 'mempools.device_id');
         break;
       case "device":
       case "device_id":
-        $sql .= generate_query_values($value, 'mempools.device_id');
+        $sql .= generate_query_values_and($value, 'mempools.device_id');
         break;
       case "descr":
       case "mempool_descr";
-        $sql .= generate_query_values($value, 'mempool_descr', '%LIKE%');
+        $sql .= generate_query_values_and($value, 'mempool_descr', '%LIKE%');
         break;
     }
   }

html/includes/entities/oid_entry.inc.php

@@ -6,15 +6,14 @@
  *
  * @package    observium
  * @subpackage web
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2021 Observium Limited
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
 function generate_oid_template_link($entry)
 {
   $url = generate_url(array('page' => 'customoid', 'oid_id' => $entry['oid_id']));
-  $link = '<a href="'.$url.'">'.$entry['oid_descr'].'</a>';
-  return $link;
+  return '<a href="'.$url.'">'.$entry['oid_descr'].'</a>';
 }
 
 function build_oid_query($vars)
@@ -33,21 +32,21 @@ function build_oid_query($vars)
       case "oid_descr":
       case "oid":
       case "oid_name":
-        $sql .= generate_query_values($value, $var);
+        $sql .= generate_query_values_and($value, $var);
         break;
       case "group":
       case "group_id":
         $values = get_group_entities($value);
-        $sql .= generate_query_values($values, 'oid_entry_id');
+        $sql .= generate_query_values_and($values, 'oid_entry_id');
         break;
       case 'device_group_id':
       case 'device_group':
         $values = get_group_entities($value, 'device');
-        $sql .= generate_query_values($values, 'oids_entries.device_id');
+        $sql .= generate_query_values_and($values, 'oids_entries.device_id');
         break;
       case "device":
       case "device_id":
-        $sql .= generate_query_values($value, 'oids_entries.device_id');
+        $sql .= generate_query_values_and($value, 'oids_entries.device_id');
         break;
     }
   }
@@ -97,7 +96,7 @@ function print_oid_table_header($vars, $entries)
     $cols['event']  = array('Event', 'style="width: 60px;"');
 
     if ($entries[0]['oid_autodiscover'] == '0' && $vars['page'] === "customoid") {
-        $cols['actions'] = array('', 'style="width: 40px;"'); echo "derp";
+        $cols['actions'] = array('', 'style="width: 40px;"');
     }
 
     echo get_table_header($cols, $vars);
@@ -112,7 +111,6 @@ function print_oid_table($vars)
   $entries = dbFetchRows($sql);
   $count = count($entries);
 
-
   if (count($entries)) {
 
     echo generate_box_open();

html/includes/entities/p2pradio.inc.php

@@ -6,7 +6,7 @@
  *
  * @package    observium
  * @subpackage web
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2021 Observium Limited
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
@@ -23,16 +23,16 @@ function generate_p2pradio_query($vars)
       case "group":
       case "group_id":
         $values = get_group_entities($value);
-        $sql .= generate_query_values($values, 'radio_id');
+        $sql .= generate_query_values_and($values, 'radio_id');
         break;
       case 'device_group_id':
       case 'device_group':
         $values = get_group_entities($value, 'device');
-        $sql .= generate_query_values($values, 'p2p_radios.device_id');
+        $sql .= generate_query_values_and($values, 'p2p_radios.device_id');
         break;
       case "device":
       case "device_id":
-        $sql .= generate_query_values($value, 'device_id');
+        $sql .= generate_query_values_and($value, 'device_id');
         break;
     }
   }

html/includes/entities/port.inc.php

@@ -6,7 +6,7 @@
  *
  * @package    observium
  * @subpackage web
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2021 Observium Limited
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
@@ -14,7 +14,7 @@
  * Build ports WHERE array
  *
  * This function returns an array of "WHERE" statements from a $vars array.
- * The returned array can be implode()d and used on the ports table.
+ * The returned array can be imploded and used on the ports table.
  * Originally extracted from the /ports/ page
  *
  * @param array $vars
@@ -27,20 +27,20 @@ function build_ports_where_array($vars) {
     if (!safe_empty($value)) {
       switch ($var) {
         case 'location':
-          $where[] = generate_query_values($value, $var);
+          $where[] = generate_query_values_and($value, $var);
           break;
         case 'device_id':
-          $where[] = generate_query_values($value, 'ports.device_id');
+          $where[] = generate_query_values_and($value, 'ports.device_id');
           break;
         case 'group':
         case 'group_id':
           $values  = get_group_entities($value);
-          $where[] = generate_query_values($values, 'ports.port_id');
+          $where[] = generate_query_values_and($values, 'ports.port_id');
           break;
         case 'device_group_id':
         case 'device_group':
           $values = get_group_entities($value, 'device');
-          $where[] = generate_query_values($values, 'ports.device_id');
+          $where[] = generate_query_values_and($values, 'ports.device_id');
           break;
         case 'disable':
           $var = 'disabled';
@@ -49,25 +49,26 @@ function build_ports_where_array($vars) {
         case 'ignore':
         case 'ifSpeed':
         case 'ifType':
+        case 'ifVlan':
         case 'port_id':
-          $where[] = generate_query_values($value, 'ports.'.$var);
+          $where[] = generate_query_values_and($value, 'ports.'.$var);
           break;
         case 'hostname':
         case 'ifAlias':
         case 'ifDescr': // FIXME, probably better always use port_label instead ifDescr for search
-          $where[] = generate_query_values($value, $var, '%LIKE%');
+          $where[] = generate_query_values_and($value, $var, '%LIKE%');
           break;
         case 'label':
         case 'port_label':
-          $where[] = generate_query_values($value, 'port_label', '%LIKE%');
+          $where[] = generate_query_values_and($value, 'port_label', '%LIKE%');
           break;
         case 'mac':
         case 'ifPhysAddress':
           $value = str_replace([ '.', '-', ':' ], '', $value);
-          $where[] = generate_query_values($value, 'ifPhysAddress', '%LIKE%');
+          $where[] = generate_query_values_and($value, 'ifPhysAddress', '%LIKE%');
           break;
         case 'port_descr_type':
-          $where[] = generate_query_values($value, $var, 'LIKE');
+          $where[] = generate_query_values_and($value, $var, 'LIKE');
           break;
         case 'errors':
           if (get_var_true($value)) {
@@ -88,13 +89,13 @@ function build_ports_where_array($vars) {
           foreach ((array)$value as $state) {
             if ($state === "down") {
               $state_where[] = '`ifAdminStatus` = "up" AND `ifOperStatus` IN ("lowerLayerDown", "down")';
-              //$state_where[] = generate_query_values('up', 'ifAdminStatus', NULL, FALSE) . generate_query_values(['down', 'lowerLayerDown'], 'ifOperStatus');
+              //$state_where[] = generate_query_values_ng('up', 'ifAdminStatus') . generate_query_values_and(['down', 'lowerLayerDown'], 'ifOperStatus');
             } elseif ($state === "up") {
               $state_where[] = '`ifAdminStatus` = "up" AND `ifOperStatus` IN ("up", "testing", "monitoring")';
-              //$state_where[] = generate_query_values('up', 'ifAdminStatus', NULL, FALSE) . generate_query_values(['up', 'testing', 'monitoring'], 'ifOperStatus');
+              //$state_where[] = generate_query_values_ng('up', 'ifAdminStatus') . generate_query_values_and(['up', 'testing', 'monitoring'], 'ifOperStatus');
             } elseif ($state === "admindown" || $state === "shutdown") {
               $state_where[] = '`ifAdminStatus` = "down"';
-              //$state_where[] = generate_query_values('down', 'ifAdminStatus', NULL, FALSE);
+              //$state_where[] = generate_query_values_ng('down', 'ifAdminStatus');
             }
           }
           switch (count($state_where)) {
@@ -110,12 +111,12 @@ function build_ports_where_array($vars) {
           break;
         case 'cbqos':
           if ($value && $value !== 'no') {
-            $where[] = generate_query_values($GLOBALS['cache']['ports']['cbqos'], 'ports.port_id');
+            $where[] = generate_query_values_and($GLOBALS['cache']['ports']['cbqos'], 'ports.port_id');
           }
           break;
         case 'mac_accounting':
           if ($value && $value !== 'no') {
-            $where[] = generate_query_values($GLOBALS['cache']['ports']['mac_accounting'], 'ports.port_id');
+            $where[] = generate_query_values_and($GLOBALS['cache']['ports']['mac_accounting'], 'ports.port_id');
           }
           break;
       }
@@ -194,24 +195,26 @@ function generate_port_popup($port, $text = NULL, $type = NULL)
   $content  = generate_device_popup_header($port);
   $content .= generate_port_popup_header($port);
 
-  $content .= '<div style="width: 700px">';
-  //$content .= generate_box_open(array('body-style' => 'width: 700px;'));
-  $graph_array['type'] = $port['graph_type'];
-  $graph_array['legend'] = "yes";
-  $graph_array['height'] = "100";
-  $graph_array['width'] = "275";
-  $graph_array['to'] = $time['now'];
-  $graph_array['from'] = $time['day'];
-  $graph_array['id'] = $port['port_id'];
-  $content .= generate_graph_tag($graph_array);
-  $graph_array['from'] = $time['week'];
-  $content .= generate_graph_tag($graph_array);
-  $graph_array['from'] = $time['month'];
-  $content .= generate_graph_tag($graph_array);
-  $graph_array['from'] = $time['year'];
-  $content .= generate_graph_tag($graph_array);
-  $content .= "</div>";
-  //$content .= generate_box_close();
+  if($type != "none") {
+    $content .= '<div style="width: 700px">';
+    //$content .= generate_box_open(array('body-style' => 'width: 700px;'));
+    $graph_array['type']   = $port['graph_type'];
+    $graph_array['legend'] = "yes";
+    $graph_array['height'] = "100";
+    $graph_array['width']  = "275";
+    $graph_array['to']     = $time['now'];
+    $graph_array['from']   = $time['day'];
+    $graph_array['id']     = $port['port_id'];
+    $content               .= generate_graph_tag($graph_array);
+    $graph_array['from']   = $time['week'];
+    $content               .= generate_graph_tag($graph_array);
+    $graph_array['from']   = $time['month'];
+    $content               .= generate_graph_tag($graph_array);
+    $graph_array['from']   = $time['year'];
+    $content               .= generate_graph_tag($graph_array);
+    $content               .= "</div>";
+    //$content .= generate_box_close();
+  }
 
   return $content;
 }
@@ -454,7 +457,7 @@ function generate_port_row($port, $vars = array())
     if (!isset($cache['ports_option']['ipv4_addresses']) || in_array($port['port_id'], $cache['ports_option']['ipv4_addresses'])) {
       $sql = "SELECT * FROM `ipv4_addresses` WHERE `port_id` = ?";
       // Do not exclude IPv4 link-local
-      $sql .= generate_query_values(array_diff($ignore_type, [ 'link-local' ]), 'ipv4_type', '!='); // Do not show ignored ip types
+      $sql .= generate_query_values_and(array_diff($ignore_type, [ 'link-local' ]), 'ipv4_type', '!='); // Do not show ignored ip types
       foreach (dbFetchRows($sql, array($port['port_id'])) as $ip)
       {
         $string .= $break . generate_popup_link('ip', $ip['ipv4_address'].'/'.$ip['ipv4_prefixlen'], NULL, 'small');
@@ -464,7 +467,7 @@ function generate_port_row($port, $vars = array())
     if (!isset($cache['ports_option']['ipv6_addresses']) || in_array($port['port_id'], $cache['ports_option']['ipv6_addresses']))
     {
       $sql = "SELECT * FROM `ipv6_addresses` WHERE `port_id` = ?";
-      $sql .= generate_query_values($ignore_type, 'ipv6_type', '!='); // Do not show ignored ip types
+      $sql .= generate_query_values_and($ignore_type, 'ipv6_type', '!='); // Do not show ignored ip types
       foreach (dbFetchRows($sql, array($port['port_id'])) as $ip6)
       {
         $string .= $break . generate_popup_link('ip', $ip6['ipv6_address'].'/'.$ip6['ipv6_prefixlen'], NULL, 'small');

html/includes/entities/printersupply.inc.php

@@ -6,7 +6,7 @@
  *
  * @package    observium
  * @subpackage web
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2021 Observium Limited
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
@@ -23,28 +23,28 @@ function build_printersupplies_query($vars)
       case "group":
       case "group_id":
         $values = get_group_entities($value);
-        $sql .= generate_query_values($values, 'printersupplies.supply_id');
+        $sql .= generate_query_values_and($values, 'printersupplies.supply_id');
         break;
       case 'device_group_id':
       case 'device_group':
         $values = get_group_entities($value, 'device');
-        $sql .= generate_query_values($values, 'printersupplies.device_id');
+        $sql .= generate_query_values_and($values, 'printersupplies.device_id');
         break;
       case "device":
       case "device_id":
-        $sql .= generate_query_values($value, 'printersupplies.device_id');
+        $sql .= generate_query_values_and($value, 'printersupplies.device_id');
         break;
       case "supply":
       case "supply_type";
-        $sql .= generate_query_values($value, 'printersupplies.supply_type');
+        $sql .= generate_query_values_and($value, 'printersupplies.supply_type');
         break;
       case "colour":
       case "supply_colour";
-        $sql .= generate_query_values($value, 'supply_colour');
+        $sql .= generate_query_values_and($value, 'supply_colour');
         break;
       case "descr":
       case "supply_descr";
-        $sql .= generate_query_values($value, 'supply_descr', '%LIKE%');
+        $sql .= generate_query_values_and($value, 'supply_descr', '%LIKE%');
         break;
     }
   }

html/includes/entities/processor.inc.php

@@ -6,7 +6,7 @@
  *
  * @package    observium
  * @subpackage web
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2021 Observium Limited
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
@@ -27,20 +27,20 @@ function generate_processor_query($vars)
       case "group":
       case "group_id":
         $values = get_group_entities($value);
-        $sql .= generate_query_values($values, 'processor_id');
+        $sql .= generate_query_values_and($values, 'processor_id');
         break;
       case 'device_group_id':
       case 'device_group':
         $values = get_group_entities($value, 'device');
-        $sql .= generate_query_values($values, 'processors.device_id');
+        $sql .= generate_query_values_and($values, 'processors.device_id');
         break;
       case "device":
       case "device_id":
-        $sql .= generate_query_values($value, 'processors.device_id');
+        $sql .= generate_query_values_and($value, 'processors.device_id');
         break;
       case "descr":
       case "processor_descr";
-        $sql .= generate_query_values($value, 'processor_descr', '%LIKE%');
+        $sql .= generate_query_values_and($value, 'processor_descr', '%LIKE%');
         break;
     }
   }

html/includes/entities/pseudowire.inc.php

@@ -1,13 +1,12 @@
 <?php
-
 /**
  * Observium
  *
  *   This file is part of Observium.
  *
- * @package        observium
- * @subpackage     web
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2019 Observium Limited
+ * @package    observium
+ * @subpackage web
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
@@ -24,42 +23,42 @@ function generate_pseudowire_query($vars)
       case "group":
       case "group_id":
         $values = get_group_entities($value);
-        $sql .= generate_query_values($values, 'pseudowire_id');
+        $sql .= generate_query_values_and($values, 'pseudowire_id');
         break;
       case 'device_group_id':
       case 'device_group':
         $values = get_group_entities($value, 'device');
-        $sql .= generate_query_values($values, 'device_id');
+        $sql .= generate_query_values_and($values, 'device_id');
         break;
       case "device":
       case "device_id":
-        $sql .= generate_query_values($value, 'device_id');
+        $sql .= generate_query_values_and($value, 'device_id');
         break;
       case "port":
       case "port_id":
-        $sql .= generate_query_values($value, 'port_id');
+        $sql .= generate_query_values_and($value, 'port_id');
         break;
       case "id":
-        $sql .= generate_query_values($value, 'pseudowire_id');
+        $sql .= generate_query_values_and($value, 'pseudowire_id');
         break;
       case "pwid":
       case "pwID":
-        $sql .= generate_query_values($value, 'pwID');
+        $sql .= generate_query_values_and($value, 'pwID');
         break;
       case "pwtype":
-        $sql .= generate_query_values($value, 'pwType');
+        $sql .= generate_query_values_and($value, 'pwType');
         break;
       case "psntype":
-        $sql .= generate_query_values($value, 'pwPsnType');
+        $sql .= generate_query_values_and($value, 'pwPsnType');
         break;
       case "peer_id":
-        $sql .= generate_query_values($value, 'peer_device_id');
+        $sql .= generate_query_values_and($value, 'peer_device_id');
         break;
       case "peer_addr":
-        $sql .= generate_query_values($value, 'peer_addr');
+        $sql .= generate_query_values_and($value, 'peer_addr');
         break;
       case "event":
-        $sql .= generate_query_values($value, 'event');
+        $sql .= generate_query_values_and($value, 'event');
         break;
     }
   }
@@ -130,7 +129,7 @@ function get_pseudowire_table($vars)
 
       if (!is_array($cache_pseudowires['ips'][$peer_addr]))
       {
-        $cache_pseudowires['ips'][$peer_addr]['port_id'] = dbFetchCell('SELECT `port_id` FROM `'.$peer_addr_type.'_addresses` WHERE `'.$peer_addr_type.'_address` = ? '.generate_query_values($GLOBALS['cache']['ports']['pseudowires'], 'port_id').' LIMIT 1;', array($peer_addr));
+        $cache_pseudowires['ips'][$peer_addr]['port_id'] = dbFetchCell('SELECT `port_id` FROM `'.$peer_addr_type.'_addresses` WHERE `'.$peer_addr_type.'_address` = ? '.generate_query_values_and($GLOBALS['cache']['ports']['pseudowires'], 'port_id').' LIMIT 1;', array($peer_addr));
         if (!is_numeric($cache_pseudowires['ips'][$peer_addr]['port_id']))
         {
           // Separate entry for find correct port

html/includes/entities/sensor.inc.php

@@ -6,7 +6,7 @@
  *
  * @package    observium
  * @subpackage web
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2021 Observium Limited
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
@@ -121,30 +121,30 @@ function build_sensor_query($vars, $query_count = FALSE) {
       case "group":
       case "group_id":
         $values = get_group_entities($value);
-        $sql .= generate_query_values($values, 'sensors.sensor_id');
+        $sql .= generate_query_values_and($values, 'sensors.sensor_id');
         break;
       case 'device_group_id':
       case 'device_group':
         $values = get_group_entities($value, 'device');
-        $sql .= generate_query_values($values, 'sensors.device_id');
+        $sql .= generate_query_values_and($values, 'sensors.device_id');
         break;
       case "device":
       case "device_id":
-        $sql .= generate_query_values($value, 'sensors.device_id');
+        $sql .= generate_query_values_and($value, 'sensors.device_id');
         break;
       case "id":
       case "sensor_id":
-        $sql .= generate_query_values($value, 'sensors.sensor_id');
+        $sql .= generate_query_values_and($value, 'sensors.sensor_id');
         break;
       case "entity_id":
-        $sql .= generate_query_values($value, 'sensors.measured_entity');
+        $sql .= generate_query_values_and($value, 'sensors.measured_entity');
         break;
       case "entity_type":
-        $sql .= generate_query_values($value, 'sensors.measured_class');
+        $sql .= generate_query_values_and($value, 'sensors.measured_class');
         break;
       case 'entity_state':
       case "measured_state":
-        $sql .= build_entity_measured_where('sensor', ['measured_state' => $value]);
+        $sql .= build_entity_measured_where('sensor', [ 'measured_state' => $value ]);
         break;
       case "metric":
         // old metric param not allow array
@@ -153,19 +153,19 @@ function build_sensor_query($vars, $query_count = FALSE) {
         }
       case 'class':
       case "sensor_class":
-        $sql .= generate_query_values($value, 'sensor_class');
+        $sql .= generate_query_values_and($value, 'sensor_class');
         break;
       case "descr":
       case "sensor_descr":
-        $sql .= generate_query_values($value, 'sensors.sensor_descr', '%LIKE%');
+        $sql .= generate_query_values_and($value, 'sensors.sensor_descr', '%LIKE%');
         break;
       case "type":
       case "sensor_type":
-        $sql .= generate_query_values($value, 'sensor_type', '%LIKE%');
+        $sql .= generate_query_values_and($value, 'sensor_type', '%LIKE%');
         break;
       case "event":
       case "sensor_event":
-        $sql .= generate_query_values($value, 'sensor_event');
+        $sql .= generate_query_values_and($value, 'sensor_event');
         break;
     }
   }
@@ -304,6 +304,126 @@ function print_sensor_table_header($vars) {
   echo('<tbody>' . PHP_EOL);
 }
 
+function generate_sensor_line($sensor, $vars) {
+  global $config;
+
+  humanize_sensor($sensor);
+
+  $graph_array           = [];
+  $graph_array['to']     = get_time();
+  $graph_array['id']     = $sensor['sensor_id'];
+  $graph_array['type']   = "sensor_graph";
+  $graph_array['width']  = 80;
+  $graph_array['height'] = 20;
+  $graph_array['bg']     = 'ffffff00';
+  $graph_array['from']   = get_time('day');
+  $graph_array['style']  = 'margin-top: 5px';
+
+  if ($sensor['sensor_event'] && is_numeric($sensor['sensor_value'])) {
+    $mini_graph = generate_graph_tag($graph_array);
+  } else {
+    // Do not show "Draw Error" minigraph
+    $mini_graph = '';
+  }
+
+  /*
+  $sensor_tooltip = $sensor['event_descr'];
+  // Append value in alternative units to tooltip
+  if (isset($config['sensor_types'][$sensor['sensor_class']]['alt_units'])) {
+    foreach (value_to_units($sensor['sensor_value'],
+                            $config['sensor_types'][$sensor['sensor_class']]['symbol'],
+                            $sensor['sensor_class'],
+                            $config['sensor_types'][$sensor['sensor_class']]['alt_units']) as $unit => $unit_value) {
+      if (is_numeric($unit_value)) { $sensor_tooltip .= "<br />{$unit_value}{$unit}"; }
+    }
+  }
+  */
+
+  //r($sensor);
+  $text = '<span class="'. $sensor['event_class'].'">' . $sensor['human_value'] . $sensor['sensor_symbol'] . '</span>';
+
+  //$line = '<td class="state-marker"></td>';
+  $line = '<td class="entity '.$sensor['row_class'].'">';
+  //$btn_class = str_replace('label', 'btn', $sensor['event_class']); // FIXME Need button-outline-* class from bs4+
+  if (get_var_true($vars['compact'])) {
+    $line .= '<button class="btn btn-default" style="width: 105px; text-align: right;">';
+  } else {
+    // fixed button size for keep size without images
+    $line .= '<button class="btn btn-default" style="width: 105px; height: 55px;">';
+  }
+
+  $icon = get_icon($config['sensor_types'][$sensor['sensor_class']]['icon']);
+  if ($sensor['sensor_class'] === 'power' || $sensor['sensor_class'] === 'dbm') {
+    if (str_icontains_array($sensor['sensor_descr'], [ ' Rx', 'Rx ', 'Receive' ])) {
+      // rx
+      $icon = get_icon('glyphicon-arrow-down text-primary').'&nbsp;';
+    } elseif (str_icontains_array($sensor['sensor_descr'], [ ' Tx', 'Tx ', 'Trans' ])) {
+      // tx
+      $icon = get_icon('glyphicon-arrow-up text-danger').'&nbsp;';
+    }
+  }
+
+  $line .= $icon.'&nbsp;';
+  $line .= generate_entity_link('sensor', $sensor, $text, NULL, FALSE);
+  if (!get_var_true($vars['compact'])) {
+    $line .= '<br />' .generate_entity_link('sensor', $sensor, $mini_graph, NULL, FALSE);
+  }
+  //$line .= '<strong>' . generate_tooltip_link('', $sensor['human_value'] . $sensor['sensor_symbol'], $sensor_tooltip, $sensor['event_class']) . '</strong>';
+  $line .= '</button>';
+  $line .= '</td>';
+
+  //r($line);
+  return $line;
+}
+
+function get_compact_sensors_line($measured_class, $entry, $vars) {
+
+  // order dom sensors always by temperature, voltage, current, dbm, power
+  $order = [];
+  if (safe_count($entry) > 0) {
+    $classes = array_keys($entry);
+    //r($types);
+    if ($measured_class === 'port') {
+      // always display all classes for dom (also if not exist)
+      $order = [ 'temperature', 'voltage', 'current', /* 'dbm', 'power' */ ];
+      // or dbm or power
+      if (in_array('dbm', $classes, TRUE)) {
+        $order[] = 'dbm';
+      } elseif (in_array('power', $classes, TRUE)) {
+        $order[] = 'power';
+      } else {
+        $order[] = 'dbm';
+      }
+    } else {
+      $order = array_intersect([ 'temperature', 'voltage', 'current', 'dbm', 'power' ], $classes);
+    }
+    $order = array_merge($order, array_diff($classes, $order));
+    //r($order);
+  }
+  $line = '';
+  foreach ($order as $class) {
+    if (!isset($entry[$class])) {
+      // Add empty columns for port entities (for correct align)
+      $line .= '<td class="entity"></td>';
+    }
+
+    foreach ($entry[$class] as $sensor) {
+      /*
+      $sensor['sensor_descr'] = trim(str_ireplace($rename_from, '', $sensor['sensor_descr']), ":- \t\n\r\0\x0B");
+      if (empty($sensor['sensor_descr'])) {
+        // Some time sensor descriptions equals to entity name
+        $sensor['sensor_descr'] = nicecase($sensor['sensor_class']);
+      }
+      */
+
+      // Compact view per entity/lane
+      $line .= generate_sensor_line($sensor, $vars);
+    }
+  }
+
+  return $line;
+}
+
 function print_sensor_row($sensor, $vars)
 {
   echo generate_sensor_row($sensor, $vars);
@@ -404,7 +524,7 @@ function generate_sensor_row($sensor, $vars)
                             $sensor['sensor_class'],
                             $config['sensor_types'][$sensor['sensor_class']]['alt_units']) as $unit => $unit_value)
     {
-      if (is_numeric($unit_value)) { $sensor_tooltip .= "<br />${unit_value}${unit}"; }
+      if (is_numeric($unit_value)) { $sensor_tooltip .= "<br />{$unit_value}{$unit}"; }
     }
   }
 

html/includes/entities/sla.inc.php

@@ -6,7 +6,7 @@
  *
  * @package    observium
  * @subpackage web
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2020 Observium Limited
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
@@ -23,38 +23,38 @@ function generate_sla_query($vars)
       case "group":
       case "group_id":
         $values = get_group_entities($value);
-        $sql .= generate_query_values($values, 'slas.sla_id');
+        $sql .= generate_query_values_and($values, 'slas.sla_id');
         break;
       case 'device_group_id':
       case 'device_group':
         $values = get_group_entities($value, 'device');
-        $sql .= generate_query_values($values, 'storage.device_id');
+        $sql .= generate_query_values_and($values, 'storage.device_id');
         break;
       case "device":
       case "device_id":
-        $sql .= generate_query_values($value, 'slas.device_id');
+        $sql .= generate_query_values_and($value, 'slas.device_id');
         break;
       case "id":
       case "sla_id":
-        $sql .= generate_query_values($value, 'slas.sla_id');
+        $sql .= generate_query_values_and($value, 'slas.sla_id');
         break;
       case "owner":
-        $sql .= generate_query_values($value, 'slas.sla_owner');
+        $sql .= generate_query_values_and($value, 'slas.sla_owner');
         break;
       case "target":
       case "sla_target":
-        $sql .= generate_query_values($value, 'slas.sla_target', '%LIKE%');
+        $sql .= generate_query_values_and($value, 'slas.sla_target', '%LIKE%');
         break;
       case "sla_tag":
-        $sql .= generate_query_values($value, 'slas.sla_tag');
+        $sql .= generate_query_values_and($value, 'slas.sla_tag');
         break;
       case "rtt_type":
       case "rtt_sense":
-        $sql .= generate_query_values($value, 'slas.'.$var);
+        $sql .= generate_query_values_and($value, 'slas.'.$var);
         break;
       case "event":
       case "rtt_event":
-        $sql .= generate_query_values($value, 'slas.rtt_event');
+        $sql .= generate_query_values_and($value, 'slas.rtt_event');
         break;
     }
   }

html/includes/entities/status.inc.php

@@ -6,7 +6,7 @@
  *
  * @package    observium
  * @subpackage web
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2021 Observium Limited
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
@@ -74,26 +74,26 @@ function generate_status_query($vars, $query_count = FALSE) {
       case "group":
       case "group_id":
         $values = get_group_entities($value, 'status');
-        $sql .= generate_query_values($values, 'status.status_id');
+        $sql .= generate_query_values_and($values, 'status.status_id');
         break;
       case 'device_group_id':
       case 'device_group':
         $values = get_group_entities($value, 'device');
-        $sql .= generate_query_values($values, 'status.device_id');
+        $sql .= generate_query_values_and($values, 'status.device_id');
         break;
       case "device":
       case "device_id":
-        $sql .= generate_query_values($value, 'status.device_id');
+        $sql .= generate_query_values_and($value, 'status.device_id');
         break;
       case "id":
       case 'status_id':
-        $sql .= generate_query_values($value, 'status.status_id');
+        $sql .= generate_query_values_and($value, 'status.status_id');
         break;
       case "entity_id":
-        $sql .= generate_query_values($value, 'measured_entity');
+        $sql .= generate_query_values_and($value, 'measured_entity');
         break;
       case "entity_type":
-        $sql .= generate_query_values($value, 'measured_class');
+        $sql .= generate_query_values_and($value, 'measured_class');
         break;
       case 'entity_state':
       case "measured_state":
@@ -101,23 +101,23 @@ function generate_status_query($vars, $query_count = FALSE) {
         break;
       case "class":
       case 'entPhysicalClass':
-        $sql .= generate_query_values($value, 'entPhysicalClass');
+        $sql .= generate_query_values_and($value, 'entPhysicalClass');
         break;
       case "event":
       case "status_event":
-        $sql .= generate_query_values($value, 'status_event');
+        $sql .= generate_query_values_and($value, 'status_event');
         break;
       case "status":
       case "status_name":
-        $sql .= generate_query_values($value, 'status_name');
+        $sql .= generate_query_values_and($value, 'status_name');
         break;
       case "descr":
       case "status_descr":
-        $sql .= generate_query_values($value, 'status_descr', '%LIKE%');
+        $sql .= generate_query_values_and($value, 'status_descr', '%LIKE%');
         break;
       case 'type':
       case "status_type":
-        $sql .= generate_query_values($value, 'status_type', '%LIKE%');
+        $sql .= generate_query_values_and($value, 'status_type', '%LIKE%');
         break;
     }
   }
@@ -323,7 +323,7 @@ function generate_status_row($status, $vars) {
   $row .= '<td style="width: 90px; text-align: right;">' . generate_entity_link('status', $status, $mini_graph, NULL, FALSE) . '</td>';
   if ($vars['tab'] !== "overview")
   {
-    $row .= '<td style="white-space: nowrap">' . generate_tooltip_link('', format_uptime((get_time() - $status['status_last_change']), 'short-2') . ' ago', format_unixtime($status['status_last_change'])) . '</td>
+    $row .= '<td style="white-space: nowrap">' . generate_tooltip_time($status['status_last_change'], 'ago') . '</td>
         <td style="text-align: right;"><strong>' . generate_tooltip_link('', $status['status_event'], $status['event_descr'], $status['event_class']) . '</strong></td>';
     $table_cols++;
     $table_cols++;

html/includes/entities/storage.inc.php

@@ -6,7 +6,7 @@
  *
  * @package    observium
  * @subpackage web
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2021 Observium Limited
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
@@ -30,23 +30,23 @@ function generate_storage_query($vars)
         case "group":
         case "group_id":
           $values = get_group_entities($value);
-          $sql .= generate_query_values($values, 'storage.storage_id');
+          $sql .= generate_query_values_and($values, 'storage.storage_id');
           break;
         case 'device_group_id':
         case 'device_group':
           $values = get_group_entities($value, 'device');
-          $sql .= generate_query_values($values, 'storage.device_id');
+          $sql .= generate_query_values_and($values, 'storage.device_id');
           break;
         case "device":
         case "device_id":
-          $sql .= generate_query_values($value, 'storage.device_id');
+          $sql .= generate_query_values_and($value, 'storage.device_id');
           break;
         case "descr":
         case "storage_descr";
-          $sql .= generate_query_values($value, 'storage_descr', '%LIKE%');
+          $sql .= generate_query_values_and($value, 'storage_descr', '%LIKE%');
           break;
         case 'ignored':
-          $sql .= generate_query_values($value, 'storage.storage_ignore');
+          $sql .= generate_query_values_and($value, 'storage.storage_ignore');
           break;
       }
     }
@@ -92,8 +92,7 @@ function generate_storage_query($vars)
 
 }
 
-function print_storage_table($vars)
-{
+function print_storage_table($vars) {
 
     global $cache, $config;
 
@@ -101,13 +100,16 @@ function print_storage_table($vars)
 
     $sql = generate_storage_query($vars);
 
-    $storages = array();
+    $storages = [];
     foreach (dbFetchRows($sql) as $storage)
     {
       if (isset($cache['devices']['id'][$storage['device_id']]))
       {
         $storage['hostname']       = $cache['devices']['id'][$storage['device_id']]['hostname'];
         $storage['html_row_class'] = $cache['devices']['id'][$storage['device_id']]['html_row_class'];
+
+        // FIXME. Should be part of humanize_storage()
+        $storage['human_type'] = array_preg_replace($config['rewrites']['storage_type_regexp'], $storage['storage_type']);
         $storages[] = $storage;
       }
     }
@@ -152,19 +154,19 @@ function print_storage_table_header($vars)
   }
 
   echo('<table class="' . $table_class . '">' . PHP_EOL);
-  $cols = array(
-                    array(NULL, 'class="state-marker"'),
-    'device'     => array('Device', 'style="width: 250px;"'),
-    'mountpoint' => array('Mountpoint'),
-    'size'       => array('Size', 'style="width: 100px;"'),
-    'used'       => array('Used', 'style="width: 100px;"'),
-    'free'       => array('Free', 'style="width: 100px;"'),
-                    array('', 'style="width: 100px;"'),
-    'usage'      => array('Usage %', 'style="width: 200px;"'),
-  );
+  $cols = [
+                    [ NULL, 'class="state-marker"' ],
+    'device'     => [ 'Device', 'style="width: 250px;"' ],
+    'mountpoint' => [ 'Mountpoint' ],
+    'fstype'     => [ 'FS Type', 'style="width: 90px;"' ],
+    'size'       => [ 'Size', 'style="width: 100px;"' ],
+    'used'       => [ 'Used', 'style="width: 100px;"' ],
+    'free'       => [ 'Free', 'style="width: 100px;"' ],
+                    [ '', 'style="width: 100px;"' ],
+    'usage'      => [ 'Usage %', 'style="width: 200px;"' ],
+  ];
 
-  if ($vars['page'] === "device")
-  {
+  if ($vars['page'] === "device") {
     unset($cols['device']);
   }
 
@@ -182,10 +184,10 @@ function generate_storage_row($storage, $vars) {
 
   global $config;
 
-  $table_cols = 8;
+  $table_cols = 9;
   if ($vars['page'] !== "device" && $vars['popup'] != TRUE) { $table_cols++; } // Add a column for device.
 
-  if(isset($vars['graph_type']) && $vars['graph_type'] == "perc") 
+  if(isset($vars['graph_type']) && $vars['graph_type'] === "perc")
 
   $graph_array           = array();
   $graph_array['to']     = $config['time']['now'];
@@ -225,6 +227,7 @@ function generate_storage_row($storage, $vars) {
   if ($vars['page'] !== "device" && $vars['popup'] != TRUE) { $row .= '<td class="entity">' . generate_device_link($storage) . '</td>'; }
 
   $row .= '  <td class="entity">'.generate_entity_link('storage', $storage).'</td>
+      <td>'.$storage['human_type'].'</td>
       <td>'.$total.'</td>
       <td>'.$used.'</td>
       <td>'.$free.'</td>

html/includes/entities/virtualmachine.inc.php

@@ -1,13 +1,12 @@
 <?php
-
 /**
  * Observium
  *
  *   This file is part of Observium.
  *
- * @package        observium
- * @subpackage     web
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2019 Observium Limited
+ * @package    observium
+ * @subpackage web
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
@@ -23,28 +22,28 @@ function generate_vm_query($vars)
       case "group":
       case "group_id":
         $values = get_group_entities($value);
-        $sql .= generate_query_values($values, 'vm_id');
+        $sql .= generate_query_values_and($values, 'vm_id');
         break;
       case 'device_group_id':
       case 'device_group':
         $values = get_group_entities($value, 'device');
-        $sql .= generate_query_values($values, 'device_id');
+        $sql .= generate_query_values_and($values, 'device_id');
         break;
       case "device":
       case "device_id":
-        $sql .= generate_query_values($value, 'device_id');
+        $sql .= generate_query_values_and($value, 'device_id');
         break;
       case "os":
-        $sql .= generate_query_values($value, 'vm_guestos');
+        $sql .= generate_query_values_and($value, 'vm_guestos');
         break;
       case "state":
-        $sql .= generate_query_values($value, 'vm_state');
+        $sql .= generate_query_values_and($value, 'vm_state');
         break;
       case "memory":
-        $sql .= generate_query_values($value, 'vm_memory');
+        $sql .= generate_query_values_and($value, 'vm_memory');
         break;
       case "cpu":
-        $sql .= generate_query_values($value, 'vm_cpucount');
+        $sql .= generate_query_values_and($value, 'vm_cpucount');
         break;
     }
   }

html/includes/functions.inc.php

@@ -6,7 +6,7 @@
  *
  * @package    observium
  * @subpackage web
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2021 Observium Limited
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
@@ -162,9 +162,10 @@ function get_vars($vars_order = [], $auth = FALSE) {
   // <sCrIpT> < / s c r i p t >
   // javascript:alert("Hello world");/
   // <svg onload=alert(document.domain)>
+  // <style/onload=alert(document.domain)>
   $prevent_xss = '!(^\s*(J\s*A\s*V\s*A\s*)?S\s*C\s*R\s*I\s*P\s*T\s*:'.
                  '|<\s*/?\s*S\s*C\s*R\s*I\s*P\s*T\s*>'.
-                 '|(<\s*s\s*v\s*g.*(o\s*n\s*l\s*o\s*a\s*d|s\s*c\s*r\s*i\s*p\s*t))'.
+                 '|(<\s*\w+.*[\s\/&](o\s*n\s*l\s*o\s*a\s*d|s\s*c\s*r\s*i\s*p\s*t))'.
                  '|<\s*i\s*m\s*g.*o\s*n\s*e\s*r\s*r\s*o\s*r)!i';
 
   // Allow using var_decode(), this prevents to use potentially unsafe serialize functions
@@ -216,7 +217,6 @@ function get_vars($vars_order = [], $auth = FALSE) {
 
         //sr($segments);
         //r($_SERVER['REQUEST_URI']);
-
         foreach ($segments as $pos => $segment) {
           //$segment = urldecode($segment);
           if ($pos == "0" && !str_contains_array($segment, '=')) {
@@ -236,12 +236,12 @@ function get_vars($vars_order = [], $auth = FALSE) {
               if (!isset($value) || $value === '') {
                 $vars[$name] = 'yes';
               } else {
-                //r($value);
                 if ($compressed && $value_uncompress = str_decompress($value)) {
                   $value = $value_uncompress;
                   unset($value_uncompress);
                 } else {
-                  $value = str_replace('%7F', '/', urldecode($value)); // %7F (DEL, delete) - not defined in HTML 4 standard
+                  // rawurldecode() instead of urldecode() to translate %n and not mangle +
+                  $value = str_replace('%7F', '/', rawurldecode($value)); // %7F (DEL, delete) - not defined in HTML 4 standard
                 }
                 if (preg_match($prevent_xss, $value)) {
                   // Prevent any <script> html tag inside vars, exclude any possible XSS with scripts
@@ -250,6 +250,7 @@ function get_vars($vars_order = [], $auth = FALSE) {
 
                 // Better to understand quoted vars
                 $vars[$name] = get_var_csv($value, $auth);
+
                 if (is_string($vars[$name]) && preg_match($prevent_xss, $vars[$name])) {
                   // Prevent any <script> html tag inside vars, exclude any possible XSS with scripts
                   unset($vars[$name]);
@@ -273,7 +274,8 @@ function get_vars($vars_order = [], $auth = FALSE) {
               $value = $value_uncompress;
               unset($value_uncompress);
             } else {
-              $value = str_replace('%7F', '/', urldecode($value)); // %7F (DEL, delete) - not defined in HTML 4 standard
+              // rawurldecode() instead of urldecode() to translate %n and not mangle +
+              $value = str_replace('%7F', '/', rawurldecode($value)); // %7F (DEL, delete) - not defined in HTML 4 standard
             }
             if (preg_match($prevent_xss, $value)) {
               // Prevent any <script> html tag inside vars, exclude any possible XSS with scripts
@@ -310,7 +312,6 @@ function get_vars($vars_order = [], $auth = FALSE) {
     }
   }
 
-  //r($vars);
   return($vars);
 }
 
@@ -523,12 +524,10 @@ function detect_browser_type()
  *                                             screen_size  - initial size of browser window (if exist)
  */
 // TESTME! needs unit testing
-function detect_browser($user_agent = NULL)
-{
+function detect_browser($user_agent = NULL) {
   $ua_custom = !is_null($user_agent); // Used custom user agent?
 
-  if (!$ua_custom && isset($GLOBALS['cache']['detect_browser']))
-  {
+  if (!$ua_custom && isset($GLOBALS['cache']['detect_browser'])) {
     //if (isset($_COOKIE['observium_screen_ratio']) && !isset($GLOBALS['cache']['detect_browser']['screen_resolution']))
     //{
     //  r($_COOKIE);
@@ -539,8 +538,7 @@ function detect_browser($user_agent = NULL)
 
   $detect = new Mobile_Detect;
 
-  if ($ua_custom)
-  {
+  if ($ua_custom) {
     // Set custom User-Agent
     $detect->setUserAgent($user_agent);
   } else {
@@ -550,13 +548,11 @@ function detect_browser($user_agent = NULL)
   // Default type and icon
   $type = 'generic';
   $icon = 'icon-laptop';
-  if ($detect->isMobile())
-  {
+  if ($detect->isMobile()) {
     // Any phone device (exclude tablets).
     $type = 'mobile';
     $icon = 'glyphicon glyphicon-phone';
-    if ($detect->isTablet())
-    {
+    if ($detect->isTablet()) {
       // Any tablet device.
       $type = 'tablet';
       $icon = 'icon-tablet';
@@ -565,8 +561,7 @@ function detect_browser($user_agent = NULL)
 
   // Detect Browser name, version and platform
   $ua_info = [];
-  if (!empty($user_agent))
-  {
+  if (!empty($user_agent)) {
 
     //$ua_info = parse_user_agent($user_agent);
     $parser = new \donatj\UserAgent\UserAgentParser();
@@ -574,22 +569,23 @@ function detect_browser($user_agent = NULL)
     //r($ua);
     $ua_info['browser']  = $ua->browser();
     $ua_info['version']  = $ua->browserVersion();
-    $ua_info['platform'] = $ua->platform();
+    $ua_info['platform'] = str_replace('Macintosh', 'MacOS', $ua->platform());
     $ua_info['browser_full'] = $ua_info['browser'] . ' ' . preg_replace('/^([^\.]+(?:\.[^\.]+)?).*$/', '\1', $ua_info['version']);
     //r($ua_info);
   }
 
-  $detect_browser = array('user_agent' => $user_agent,
-                          'type'       => $type,
-                          'icon'       => $icon,
-                          'browser_full' => $ua_info['browser_full'],
-                          'browser'    => $ua_info['browser'],
-                          'version'    => $ua_info['version'],
-                          'platform'   => $ua_info['platform']);
+  $detect_browser = [
+    'user_agent'   => $user_agent,
+    'type'         => $type,
+    'icon'         => $icon,
+    'browser_full' => $ua_info['browser_full'],
+    'browser'      => $ua_info['browser'],
+    'version'      => $ua_info['version'],
+    'platform'     => $ua_info['platform']
+  ];
 
    // For custom UA, do not cache and return only base User-Agent info
-  if ($ua_custom)
-  {
+  if ($ua_custom) {
     return $detect_browser;
   }
 
@@ -600,15 +596,12 @@ function detect_browser($user_agent = NULL)
   register_html_resource('js', 'observium-screen.js');
 
   // Additional browser info (screen_ratio, screen_size, svg)
-  if ($ua_info['browser'] === 'Firefox' && version_compare($ua_info['version'], '47.0') < 0)
-  {
+  if ($ua_info['browser'] === 'Firefox' && version_compare($ua_info['version'], '47.0') < 0) {
     // Do not use srcset in FF, while issue open:
     // https://bugzilla.mozilla.org/show_bug.cgi?id=1149357
     // Update, seems as in 47.0 partially fixed
     $zoom = 1;
-  }
-  else if (isset($_COOKIE['observium_screen_ratio']))
-  {
+  } elseif (isset($_COOKIE['observium_screen_ratio'])) {
     // Note, Opera uses ratio 1.5
     $zoom = round($_COOKIE['observium_screen_ratio']); // Use int zoom
   } else {
@@ -617,8 +610,7 @@ function detect_browser($user_agent = NULL)
   }
   $detect_browser['screen_ratio'] = $zoom;
   //$detect_browser['svg']          = ($ua_info['browser'] == 'Firefox'); // SVG supported or allowed
-  if (isset($_COOKIE['observium_screen_resolution']))
-  {
+  if (isset($_COOKIE['observium_screen_resolution'])) {
     $detect_browser['screen_resolution'] = $_COOKIE['observium_screen_resolution'];
     //$detect_browser['screen_size']       = $_COOKIE['observium_screen_size'];
   }
@@ -677,34 +669,29 @@ function generate_link($text, $vars, $new_vars = array(), $escape = TRUE)
 
 // TESTME needs unit testing
 // DOCME needs phpdoc block
-function pagination(&$vars, $total, $return_vars = FALSE)
-{
-  $pagesizes = array(10,20,50,100,500,1000,10000,50000); // Permitted pagesizes
-  if (is_numeric($vars['pagesize']))
-  {
+function pagination(&$vars, $total, $options = array()) {
+
+  // Compatibility with pre-options
+  if($options === TRUE) { $options = []; $options['return_vars'] = TRUE; }
+
+  $pagesizes = [ 10, 20, 50, 100, 500, 1000, 10000, 50000 ]; // Permitted pagesizes
+  if (is_numeric($vars['pagesize'])) {
     $per_page = (int)$vars['pagesize'];
-  }
-  else if (isset($_SESSION['pagesize']))
-  {
+  } elseif (isset($_SESSION['pagesize'])) {
     $per_page = $_SESSION['pagesize'];
   } else {
     $per_page = $GLOBALS['config']['web_pagesize'];
   }
-  if (!$vars['short'])
-  {
+
+  if (!$vars['short']) {
     // Permit fixed pagesizes only (except $vars['short'] == TRUE)
-    foreach ($pagesizes as $pagesize)
-    {
+    foreach ($pagesizes as $pagesize) {
       if ($per_page <= $pagesize) { $per_page = $pagesize; break; }
     }
-    if (isset($vars['pagesize']) && $vars['pagesize'] != $_SESSION['pagesize'])
-    {
-      if ($vars['pagesize'] != $GLOBALS['config']['web_pagesize'])
-      {
+    if (isset($vars['pagesize']) && $vars['pagesize'] != $_SESSION['pagesize']) {
+      if ($vars['pagesize'] != $GLOBALS['config']['web_pagesize']) {
         session_set_var('pagesize', $per_page); // Store pagesize in session only if changed default
-      }
-      else if (isset($_SESSION['pagesize']))
-      {
+      } elseif (isset($_SESSION['pagesize'])) {
         session_unset_var('pagesize');          // Reset pagesize from session
       }
     }
@@ -713,11 +700,14 @@ function pagination(&$vars, $total, $return_vars = FALSE)
 
   $page     = (int)$vars['pageno'];
   $lastpage = ceil($total/$per_page);
-  if ($page < 1) { $page = 1; }
-  else if (!$return_vars && $lastpage < $page) { $page = (int)$lastpage; }
+  if ($page < 1) {
+    $page = 1;
+  } elseif (!$options['return_vars'] && $lastpage < $page) {
+    $page = (int)$lastpage;
+  }
   $vars['pageno'] = $page; // Return back current pageno
 
-  if ($return_vars) { return ''; } // Silent exit (needed for detect default pagesize/pageno)
+  if ($options['return_vars'] == TRUE) { return ''; } // Silent exit (needed for detect default pagesize/pageno)
 
   $start = ($page - 1) * $per_page;
   $prev  = $page - 1;
@@ -728,13 +718,14 @@ function pagination(&$vars, $total, $return_vars = FALSE)
   $pagination = '';
 
   // Show pagination if total > 99, total > page size, or web_always_paginate is set.
-  if ($total > 99 || $total > $per_page || ( isset($GLOBALS['config']['web_always_paginate']) && $GLOBALS['config']['web_always_paginate'] === 1))
-  {
-
-
-
-    if($total > 9999) { $total_text = format_si($total); } else { $total_text = $total; }
+  if ($total > 99 || $total > $per_page ||
+      (isset($GLOBALS['config']['web_always_paginate']) && $GLOBALS['config']['web_always_paginate'] === 1)) {
 
+    if ($total > 9999) {
+      $total_text = format_si($total);
+    } else {
+      $total_text = $total;
+    }
 
     $pagination .= '<div class="row">' . PHP_EOL .
                    '  <div class="col-lg-1 col-md-2 col-sm-2" style="display: inline-block;">' . PHP_EOL .
@@ -744,32 +735,23 @@ function pagination(&$vars, $total, $return_vars = FALSE)
                    '  <div class="col-lg-10 col-md-8 col-sm-8">' . PHP_EOL .
                    '    <div class="pagination pagination-centered"><ul>' . PHP_EOL;
 
-    if ($prev)
-    {
+    if ($prev) {
       //$pagination .= '      <li><a href="'.generate_url($vars, array('pageno' => 1)).'">First</a></li>' . PHP_EOL;
       $pagination .= '      <li><a href="'.generate_url($vars, array('pageno' => $prev)).'">Prev</a></li>' . PHP_EOL;
     }
 
-    if ($lastpage < 7 + ($adjacents * 2))
-    {
-      for ($counter = 1; $counter <= $lastpage; $counter++)
-      {
-        if ($counter == $page)
-        {
+    if ($lastpage < 7 + ($adjacents * 2)) {
+      for ($counter = 1; $counter <= $lastpage; $counter++) {
+        if ($counter == $page) {
           $pagination.= "<li class='active'><a>$counter</a></li>";
         } else {
-          $pagination.= "<li><a href='".generate_url($vars, array('pageno' => $counter))."'>$counter</a></li>";
+          $pagination.= "<li><a href='".generate_url($vars, [ 'pageno' => $counter ])."'>$counter</a></li>";
         }
       }
-    }
-    elseif ($lastpage > 5 + ($adjacents * 2))
-    {
-      if ($page < 1 + ($adjacents * 2))
-      {
-        for ($counter = 1; $counter < 4 + ($adjacents * 2); $counter++)
-        {
-          if ($counter == $page)
-          {
+    } elseif ($lastpage > 5 + ($adjacents * 2)) {
+      if ($page < 1 + ($adjacents * 2)) {
+        for ($counter = 1; $counter < 4 + ($adjacents * 2); $counter++) {
+          if ($counter == $page) {
             $pagination .= "<li class='active'><a>$counter</a></li>";
           } else {
             $class = '';
@@ -781,37 +763,31 @@ function pagination(&$vars, $total, $return_vars = FALSE)
             //{
             //  $class = ' class="hidden-sm hidden-xs"';
             //}
-            $pagination .= "<li$class><a href='".generate_url($vars, array('pageno' => $counter))."'>$counter</a></li>";
+            $pagination .= "<li$class><a href='".generate_url($vars, [ 'pageno' => $counter ])."'>$counter</a></li>";
           }
         }
 
-        $pagination.= "<li><a href='".generate_url($vars, array('pageno' => $lpm1))."'>$lpm1</a></li>";
-        $pagination.= "<li><a href='".generate_url($vars, array('pageno' => $lastpage))."'>$lastpage</a></li>";
-      }
-      elseif ($lastpage - ($adjacents * 2) > $page && $page > ($adjacents * 2))
-      {
-        $pagination.= "<li><a href='".generate_url($vars, array('pageno' => '1'))."'>1</a></li>";
-        $pagination.= "<li><a href='".generate_url($vars, array('pageno' => '2'))."'>2</a></li>";
+        $pagination.= "<li><a href='".generate_url($vars, [ 'pageno' => $lpm1 ])."'>$lpm1</a></li>";
+        $pagination.= "<li><a href='".generate_url($vars, [ 'pageno' => $lastpage ])."'>$lastpage</a></li>";
+      } elseif ($lastpage - ($adjacents * 2) > $page && $page > ($adjacents * 2)) {
+        $pagination.= "<li><a href='".generate_url($vars, [ 'pageno' => '1' ])."'>1</a></li>";
+        $pagination.= "<li><a href='".generate_url($vars, [ 'pageno' => '2' ])."'>2</a></li>";
 
-        for ($counter = $page - $adjacents; $counter <= $page + $adjacents; $counter++)
-        {
-          if ($counter == $page)
-          {
+        for ($counter = $page - $adjacents; $counter <= $page + $adjacents; $counter++) {
+          if ($counter == $page) {
             $pagination.= "<li class='active'><a>$counter</a></li>";
           } else {
-            $pagination.= "<li><a href='".generate_url($vars, array('pageno' => $counter))."'>$counter</a></li>";
+            $pagination.= "<li><a href='".generate_url($vars, [ 'pageno' => $counter ])."'>$counter</a></li>";
           }
         }
 
-        $pagination.= "<li><a href='".generate_url($vars, array('pageno' => $lpm1))."'>$lpm1</a></li>";
-        $pagination.= "<li><a href='".generate_url($vars, array('pageno' => $lastpage))."'>$lastpage</a></li>";
+        $pagination.= "<li><a href='".generate_url($vars, [ 'pageno' => $lpm1 ])."'>$lpm1</a></li>";
+        $pagination.= "<li><a href='".generate_url($vars, [ 'pageno' => $lastpage ])."'>$lastpage</a></li>";
       } else {
-        $pagination.= "<li><a href='".generate_url($vars, array('pageno' => '1'))."'>1</a></li>";
-        $pagination.= "<li><a href='".generate_url($vars, array('pageno' => '2'))."'>2</a></li>";
-        for ($counter = $lastpage - (2 + ($adjacents * 2)); $counter <= $lastpage; $counter++)
-        {
-          if ($counter == $page)
-          {
+        $pagination.= "<li><a href='".generate_url($vars, [ 'pageno' => '1' ])."'>1</a></li>";
+        $pagination.= "<li><a href='".generate_url($vars, [ 'pageno' => '2' ])."'>2</a></li>";
+        for ($counter = $lastpage - (2 + ($adjacents * 2)); $counter <= $lastpage; $counter++) {
+          if ($counter == $page) {
             $pagination.= "<li class='active'><a>$counter</a></li>";
           } else {
             $class = '';
@@ -823,20 +799,17 @@ function pagination(&$vars, $total, $return_vars = FALSE)
             //{
             //  $class = ' class="hidden-sm hidden-xs"';
             //}
-            $pagination.= "<li$class><a href='".generate_url($vars, array('pageno' => $counter))."'>$counter</a></li>";
+            $pagination.= "<li$class><a href='".generate_url($vars, [ 'pageno' => $counter ])."'>$counter</a></li>";
           }
         }
       }
     }
 
-    if ($page < $counter - 1)
-    {
-      $pagination.= "<li><a href='".generate_url($vars, array('pageno' => $next))."'>Next</a></li>";
+    if ($page < $counter - 1) {
+      $pagination.= "<li><a href='".generate_url($vars, [ 'pageno' => $next ])."'>Next</a></li>";
       # No need for "Last" as we don't have "First", 1, 2 and the 2 last pages are always in the list.
       #$pagination.= "<li><a href='".generate_url($vars, array('pageno' => $lastpage))."'>Last</a></li>";
-    }
-    else if ($lastpage > 1)
-    {
+    } elseif ($lastpage > 1) {
       $pagination.= "<li class='active'><a>Next</a></li>";
       #$pagination.= "<li class='active'><a>Last</a></li>";
     }
@@ -844,21 +817,22 @@ function pagination(&$vars, $total, $return_vars = FALSE)
     $pagination.= "</ul></div></div>";
 
     //$values = array('' => array('name'))
-    foreach ($pagesizes as $pagesize)
-    {
-      $value = generate_url($vars, array('pagesize' => $pagesize, 'pageno' => floor($start / $pagesize)));
-      $name  = ($pagesize == $GLOBALS['config']['web_pagesize'] ? "[ $pagesize ]" : $pagesize);
-      $values[$value] = array('name' => $name, 'class' => 'text-center');
+    foreach ($pagesizes as $pagesize) {
+      $value = generate_url($vars, [ 'pagesize' => $pagesize, 'pageno' => floor(fdiv($start, $pagesize)) ]);
+      $name  = $pagesize == $GLOBALS['config']['web_pagesize'] ? "[ $pagesize ]" : $pagesize;
+      $values[$value] = [ 'name' => $name, 'class' => 'text-center' ];
     }
-    $element = array('type'     => 'select',
-                     'class'    => 'pagination',
-                     'id'       => 'pagesize',
-                     'name'     => '# '.$per_page,
-                     'width'    => '90px',
-                     'onchange' => "window.open(this.options[this.selectedIndex].value,'_top')",
-                     'value'    => $per_page,
-                     'data-style' => 'box',
-                     'values'   => $values);
+    $element = [
+      'type'     => 'select',
+      'class'    => 'pagination',
+      'id'       => 'pagesize',
+      'name'     => '# '.$per_page,
+      'width'    => '90px',
+      'onchange' => "window.open(this.options[this.selectedIndex].value,'_top')",
+      'value'    => $per_page,
+      'data-style' => 'box',
+      'values'   => $values
+    ];
 
     $pagination.= '
        <div class="col-lg-1 col-md-2 col-sm-2">
@@ -1130,6 +1104,28 @@ function generate_popup_link($type, $text = NULL, $vars = array(), $class = NULL
   return '<a href="'.$url.'" class="entity-popup'.($class ? " $class" : '').'" data-eid="'.$data.'" data-etype="'.$type.'">'.$text.'</a>';
 }
 
+function generate_tooltip_time($timestamp, $text = '') {
+  if (is_numeric($timestamp) && $timestamp > OBS_MIN_UNIXTIME) {
+    // Unixtime
+    $timediff = get_time() - $timestamp;
+    $timetext = format_uptime($timediff, "short-3");
+    if (!safe_empty($text)) {
+      $timetext .= " $text";
+    }
+
+    return generate_tooltip_link('', $timetext, format_unixtime($timestamp), NULL);
+  }
+
+  // Timestamp
+  $timediff = get_time() - strtotime($timestamp);
+  $timetext = format_uptime($timediff, "short-3");
+  if (!safe_empty($text)) {
+    $timetext .= " $text";
+  }
+
+  return generate_tooltip_link('', $timetext, format_timestamp($timestamp), NULL);
+}
+
 /**
  * Generate mouseover links with static tooltip from URL, link text, contents and a class.
  *
@@ -1146,21 +1142,19 @@ function generate_popup_link($type, $text = NULL, $vars = array(), $class = NULL
  * @return string
  */
 // TESTME needs unit testing
-function generate_tooltip_link($url, $text, $contents = '', $class = NULL, $attribs = [], $escape = FALSE)
-{
+function generate_tooltip_link($url, $text, $contents = '', $class = NULL, $attribs = [], $escape = FALSE) {
   global $config, $link_iter;
 
   $link_iter++;
 
-  $href = (strlen($url) ? 'href="' . $url . '"' : '');
+  $href = !safe_empty($url) ? 'href="' . $url . '"' : '';
   if ($escape) { $text = escape_html($text); }
 
   $attribs['class'] = array_merge((array)$class, (array)$attribs['class']);
 
   // Allow the Grinch to disable popups and destroy Christmas.
-  $allow_mobile = (in_array(detect_browser_type(), array('mobile', 'tablet')) ? $config['web_mouseover_mobile'] : TRUE);
-  if ($config['web_mouseover'] && strlen($contents) && $allow_mobile)
-  {
+  $allow_mobile = !in_array(detect_browser_type(), [ 'mobile', 'tablet' ]) || $config['web_mouseover_mobile'];
+  if ($config['web_mouseover'] && $allow_mobile && !safe_empty($contents)) {
     $attribs['style']        = 'cursor: pointer;';
     $attribs['data-rel']     = 'tooltip';
     $attribs['data-tooltip'] = $contents;
@@ -1387,26 +1381,29 @@ function print_graph_popup($graph_array)
 
 // TESTME needs unit testing
 // DOCME needs phpdoc block
-function permissions_cache($user_id)
-{
-  $permissions = array();
+function permissions_cache($user_id) {
+
+  $cache_key = 'permissions_'.$GLOBALS['config']['auth_mechanism'].$user_id;
+  $cache_item = get_cache_item($cache_key);
+  if (ishit_cache_item($cache_item)) {
+    return get_cache_data($cache_item);
+  }
+
+  $permissions = [];
 
   // Get permissions from user-specific and role tables.
   $permission_where  = '`user_id` = ? AND `auth_mechanism` = ?';
   $permission_params = [ $user_id, $GLOBALS['config']['auth_mechanism'] ];
   $entity_permissions = dbFetchRows("SELECT * FROM `entity_permissions` WHERE " . $permission_where, $permission_params);
   $roles_entity_permissions = dbFetchRows("SELECT * FROM `roles_entity_permissions` LEFT JOIN `roles_users` USING (`role_id`) WHERE " . $permission_where, $permission_params);
-  foreach (array_merge((array)$entity_permissions, (array)$roles_entity_permissions) as $entity)
-  {
+  foreach (array_merge((array)$entity_permissions, (array)$roles_entity_permissions) as $entity) {
     // Set access to ro if it's not in the defined list.
     $access = (in_array($entity['access'], array('ro', 'rw')) ? $entity['access'] : 'ro');
 
-    switch ($entity['entity_type'])
-    {
+    switch ($entity['entity_type']) {
       case "group": // this is a group, so expand its members into an array
         $group = get_group_by_id($entity['entity_id']);
-        foreach (get_group_entities($entity['entity_id']) as $group_entity_id)
-        {
+        foreach (get_group_entities($entity['entity_id']) as $group_entity_id) {
           $permissions[$group['entity_type']][$group_entity_id] = $access;
         }
       //break; // And also store self group permission in cache
@@ -1425,20 +1422,22 @@ function permissions_cache($user_id)
 
   // Alerts
   // FIXME - this seems like it would be slow on very large installs
-  $alert = array();
-  foreach (dbFetchRows('SELECT `alert_table_id`, `device_id`, `entity_id`, `entity_type` FROM `alert_table`') as $alert_table_entry)
-  {
+  $alert = [];
+  foreach (dbFetchRows('SELECT `alert_table_id`, `device_id`, `entity_id`, `entity_type` FROM `alert_table`') as $alert_table_entry) {
     //r($alert_table_entry);
-    if (is_entity_permitted($alert_table_entry['entity_id'], $alert_table_entry['entity_type'], $alert_table_entry['device_id'], $permissions))
-    {
+    if (is_entity_permitted($alert_table_entry['entity_id'], $alert_table_entry['entity_type'], $alert_table_entry['device_id'], $permissions)) {
       $alert[$alert_table_entry['alert_table_id']] = TRUE;
     }
   }
-  if (count($alert))
-  {
+  if (count($alert)) {
     $permissions['alert'] = $alert;
   }
 
+  set_cache_item($cache_item, $permissions);
+
+  // Clear expired cache
+  del_cache_expired();
+
   return $permissions;
 
 }
@@ -1882,11 +1881,11 @@ function get_locations($filter = array()) {
       case 'location_city':
         // Check geo params only when GEO enabled globally
         if ($GLOBALS['config']['geocoding']['enable']) {
-          $where_array[$var] = generate_query_values($value, $var);
+          $where_array[$var] = generate_query_values_and($value, $var);
         }
         break;
       case 'location':
-        $where_array[$var] = generate_query_values($value, $var);
+        $where_array[$var] = generate_query_values_and($value, $var);
         break;
     }
   }
@@ -2209,13 +2208,16 @@ function generate_query_permitted($type_array = [ 'device' ], $options = []) {
         if (!isset($options['port_null']) || !$options['port_null']) {
           //$query_permitted[] = "($column != '' AND $column IS NOT NULL)";
           $query_permitted[] = "$column IS NOT NULL";
-        } elseif (!$user_limited) {
+        } elseif (!$user_limited && safe_count($query_permitted)) {
           // FIXME. derp code, need rewrite
-          $query_permitted[] = safe_count($query_permitted) ? "OR $column IS NULL" : "$column IS NULL";
+          //$query_permitted[] = safe_count($query_permitted) ? "OR $column IS NULL" : "$column IS NULL";
+          $query_permitted[] = "OR $column IS NULL";
         }
         $query_permitted = implode(" AND ", (array)$query_permitted);
 
-        $query_part[] = str_replace(" AND OR ", ' OR ', $query_permitted);
+        if (!safe_empty($query_permitted)) {
+          $query_part[] = str_replace(" AND OR ", ' OR ', $query_permitted);
+        }
         unset($query_permitted);
 
         break;
@@ -2384,7 +2386,7 @@ function load_user_config(&$load_config, $user_id) {
     if (!isset($config_variable[$item['pref']]['useredit']) ||
         !$config_variable[$item['pref']]['useredit']) {
       // Load only permitted settings
-      print_debug("User [$user_id] setting '${item['pref']}' not permitted by definitions.");
+      print_debug("User [$user_id] setting '{$item['pref']}' not permitted by definitions.");
       continue;
     }
 
@@ -2628,11 +2630,10 @@ function get_smokeping_files($rdebug = 0)
 
   if ($rdebug) { echo('- Recursing through ' . $config['smokeping']['dir'] . '<br />'); }
 
-  if (isset($config['smokeping']['master_hostname']))
-  {
+  if (isset($config['smokeping']['master_hostname'])) {
     $master_hostname = $config['smokeping']['master_hostname'];
   } else {
-    $master_hostname = $config['own_hostname'];
+    $master_hostname = $config['own_hostname'] ?: get_localhost();
   }
 
   if (is_dir($config['smokeping']['dir']))

html/includes/graphs/bgp/auth.inc.php

@@ -1,5 +1,4 @@
 <?php
-
 /**
  * Observium
  *
@@ -7,21 +6,22 @@
  *
  * @package    observium
  * @subpackage graphs
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2019 Observium Limited
+ * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
  *
  */
 
-if (is_numeric($vars['id']))
-{
+if (is_numeric($vars['id'])) {
 
-  $data = dbFetchRow("SELECT * FROM `bgpPeers` WHERE `bgpPeer_id` = ?", array($vars['id']));
+  $data = dbFetchRow("SELECT * FROM `bgpPeers` WHERE `bgpPeer_id` = ?", [ $vars['id'] ]);
 
-  if (is_numeric($data['device_id']) && ($auth || device_permitted($data['device_id'])))
-  {
+  if (is_numeric($data['device_id']) && ($auth || device_permitted($data['device_id']))) {
     $device = device_by_id_cache($data['device_id']);
 
     $graph_title = $device['hostname'];
     $graph_title .= " :: AS" . ($config['web_show_bgp_asdot'] ? bgp_asplain_to_asdot($data['bgpPeerRemoteAs']) : $data['bgpPeerRemoteAs']);
+    if (!safe_empty($data['astext'])) {
+      $graph_title .= ' (' . truncate($data['astext']) . ')';
+    }
     $auth = TRUE;
   }
 }

html/includes/graphs/common.inc.php

@@ -51,18 +51,22 @@ if ($vars['inverse']) {
    $inverse = FALSE;
 }
 
-
-if ($vars['legend'] === 'no') {
-   $rrd_options .= ' -g';
-   $legend      = 'no';
-}
-
 if (get_var_true($vars['title']) && !safe_empty($graph_title)) {
-   $rrd_options .= " --title='" . rrdtool_escape($graph_title) . "' ";
+  // Note, do not escape title by rrdtool escape
+  //$rrd_options .= " --title='" . rrdtool_escape($graph_title) . "' ";
+  $rrd_options .= " --title=" . escapeshellarg($graph_title) . " ";
 }
 
 if (isset($vars['graph_title'])) {
-   $rrd_options .= " --title='" . rrdtool_escape($vars['graph_title']) . "' ";
+  // Note, do not escape title by rrdtool escape
+  //$rrd_options .= " --title='" . rrdtool_escape($vars['graph_title']) . "' ";
+  $rrd_options .= " --title=" . escapeshellarg($vars['graph_title']) . " ";
+}
+
+// Vertical label
+if (!safe_empty($graph_label)) {
+  // Note, do not escape title by rrdtool escape
+  $rrd_options .= " --vertical-label=" . escapeshellarg($graph_label) . " ";
 }
 
 if (isset($log_y)) {
@@ -90,7 +94,9 @@ if (isset($vars['style']) && $vars['style']) {
 }
 
 // Autoscale
-if (!isset($scale_min) && !isset($scale_max)) {
+if(isset($vars['force_autoscale']) && in_array($vars['force_autoscale'], ['yes', 'true', 1])) {
+   $rrd_options .= ' -A';
+} elseif (!isset($scale_min) && !isset($scale_max)) {
    if ($graph_style === 'mrtg' && !isset($log_y)) { // Don't use this if we're doing logarithmic scale, else it breaks.
       $rrd_options .= ' --alt-autoscale-max';
    } else {
@@ -137,19 +143,14 @@ if (!$config['graphs']['always_draw_max']) {
    }
 }
 
-$rrd_options .= '  --start ' . rrdtool_escape($from) .
-                ' --end ' . rrdtool_escape($to) .
-                ' --width ' . rrdtool_escape($width) .
-                ' --height ' . rrdtool_escape($height) . ' ';
-
 // Parse pango markup. Breaks chevrons and other stuff.
 //$rrd_options .= ' -P ';
 
 if ($config['themes'][$_SESSION['theme']]['type'] === 'dark') {
-  $rrd_options .= str_replace("  ", " ", $config['rrdgraph']['dark']);
+  $rrd_options .= ' ' .str_replace("  ", " ", $config['rrdgraph']['dark']);
   $nan_colour = "#FF000020";
 } else {
-  $rrd_options .= str_replace("  ", " ", $config['rrdgraph']['light']);
+  $rrd_options .= ' '. str_replace("  ", " ", $config['rrdgraph']['light']);
   $nan_colour = "#FFAAAA20";
 }
 
@@ -169,8 +170,11 @@ if ($width <= '350') {
    $rrd_options .= " --font LEGEND:8:'" . $config['mono_font'] . "' --font AXIS:7:'" . $config['mono_font'] . "'";
 }
 
-//$rrd_options .= ' --font-render-mode normal --dynamic-labels'; // dynamic-labels not supported in rrdtool < 1.4
 $rrd_options .= ' --font-render-mode normal';
+if ($config['graphs']['dynamic_labels']) {
+  // dynamic-labels not supported in rrdtool < 1.4
+  $rrd_options .= ' --dynamic-labels';
+}
 
 if ($step != TRUE) {
    $rrd_options .= ' -E';