Giter VIP home page Giter VIP logo

itdb's People

Contributors

chefkeks avatar fengyqf avatar markekraus avatar mosesmoon avatar sivann avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

itdb's Issues

Full Backup 1.23

Hi,
I have problem with Full Backup on 1.23 Version. After clicking "Full backup", a new tab opens and a message appears

Firefox cannot find the file http://1....../gettar.php.

When i go to directory /var/www/itdb-1.23 i see "gettar.php".
When i inspect on the page "Full Backup" the name is correct in "a href".
After chmod 777 and chown www-data still I have this problem.

Upgrading db fails (1.9 - 1.23)

Fails to upgrade from db v3 to v6 with "cannot start a transaction within a transaction" error

solved by adding "commit;" at the top of updates/db/3_4.sql

API?

hello

i am very interested in this software, i am curious though - if there is an api (perhaps xmlrpc) what will allow us to push data in to this database with our own scripts and automation.

thanks

Request: IP address management

For smaller shops, given there are object and rack management in ITDB, one wouldn't need Racktables or other tools if they had a place to put IPv4 and IPv6 ranges and addresses. One other thing that's been missing in Racktables itself, is the ability to designate multiple-IP assignments for DHCP / other allocations.

Enhancement

Can you please add/fix these features?

Software licenses:
Prevent over-licensing.

Items:
Prevent duplicates. Check for existence of Serial Number,Label Number,MAC Address.

short tags

Hello sivann,

1.- I found some short tags in /php/setting.php.
row 164:

row 165: value=1> Please change it.

2.- Another modification request:

Please add hungarian currency to the list in /php/setting.php:

  <option <?php echo $s?> title='Forint' value='Ft'>Ft</option>

Best regards!

Warranty remaining inacurate

When we go to check days left in our warranties, they are wrong by several days.

It seems that you are hardcoding months as exactly thirty days on line 132 and line 174 of this file:

datatables_listitems_ajax.php

Updates never got added

Sivann,

I have provided many updates and non of them have made it into your code. How is it best done to do so? I am thinking maybe creating a fork, but that kind of takes away from the purpose.

Thoughts?

SQL Vulnerability

With SQLMap, I found that this software has problem (maybe more)

---
Parameter: id (GET)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
    Payload: action=edititem&id=5) OR NOT 1460=1460-- CDNM
    Vector: OR NOT [INFERENCE]
---

Issue with ext4 and sqlite

SQLite is very slow on ext4, so please add follow line for speed up:

$dbh->exec("pragma synchronous = off;");

Full Backup probleme

First i wanna Thx all for all hardworks and effort spend for developing this application.

i got an issue whit Full Backup it work by generate the tar.gz file but when i wanna extract the file it show me that's an unknow format or damaged and cannot use it
Any 1 have the same probleme or can help me

Note:
i used 3 differents application to extract the .tar.gz file 7zip, Winrar, Winzip.

Make item labels failed

Click Make item labels, print
TCPDF ERROR: [Image] Unable to get the size of the image: images/itdb.png

I trace the code, find that the current work directory is itdb/php, which does not has images folder, I copy the itdb/images to itdb/php/images, Make item labels is ok.

Information: mandatory fields

Hi,
it's possibile to have some mandatory field for add new items / software?
and if it's just implemented you can i modify the list of this?

Thanks in advance, you can close becouse it's not a bug but a request of info...

Nicola

PS I found the part of code in edititems.php with validation part! Sorry!

Duplicate SN with id X

Hi,
I try to modify an id 25 changing the location from A to B and obtain the error:

Error: Item not saved, correct these errors:
Duplicate SN with id 5

With version 1.22 or 1.23, i have opened the sqllite db with a browser and there are no equal sn into items table.

Follow my personal debug...

it's possible problem with or before this query ?

$sql="SELECT id from items where id <> $myid AND ((length(sn)>0 AND sn in ('{$_POST['sn']}', '{$_POST['sn2']}')) OR (length(sn2)>0 AND sn2 in ('{$_POST['sn']}', '{$_POST['sn2']}'))) LIMIT 1";

I try using with myid = 25 (the right value) and obtain 0 field with any other value obtain as result 25

SELECT id from items where id <> 25 AND ((length(sn)>0 AND sn in ('XXX', '')) OR (length(sn2)>0 AND sn2 in ('XXX, ''))) LIMIT 1
result: null

SELECT id from items where id <> Y AND ((length(sn)>0 AND sn in ('XXX', '')) OR (length(sn2)>0 AND sn2 in ('XXX, ''))) LIMIT 1
result: 25

How can i verify myid it's correct?

Thanks in advance
Nicola

Itdb is not working on windows

I have downloaded latest version of this software and i have try to install it on my local server for checking but i,m getting this error again and again.I have uploaded it on live server too but i,m getting same error when i tried to change itdb directory folder permissions 755 to 777 i,m getting internal server error.pLease tell me what should i do?
THanks
/home/lolololo/public_html/itdb-1.14 is not writeable by apache
make /home/lolololo/public_html/itdb-1.14/data/files/ writeable by the user running the web server
in unix:
chown /home/lolololo/public_html/itdb-1.14/data/files/; chmod u+w /home/lolololo/public_html/itdb-1.14/data/files/

Active directory settings

I tried to connect ITDB to the active directory, but I've failed to login using an active directory user.
Is it working or not? and if someone succeeded to connect to AD, could he advise me please?

v1.12 Edit Users show error message

Warning: require(php/editusers.php): failed to open stream: No such file or directory in C:\xampp\htdocs\TKB-itdb\index.php on line 415

Fatal error: require(): Failed opening required 'php/editusers.php' (include_path='.;\xampp\php\PEAR') in C:\xampp\htdocs\TKB-itdb\index.php on line 415

Reset itdb password

Hi,

I wish to ask that how to reset the itdb password since I have failed to login. The web interface does not seem to have any reset button and the db is not like mysql as I am not familiar with it.

Appreciate the help.

Thanks.

import.php location fix

import.php line 412 under //add items in $stmt=db_execute2 array, fix name for locid:

        //'locationid'=>$locationid,
        'locationid'=>$locid,

Enhancement: Create checkin/checkout page

Something that may be useful for people would be to have a checkin/checkout page for mobile devices and equipment. The page itself wouldn't necessarily need to be fancy, just a search box to input either a service tag or inventory number (i.e. with a barcode scanner), and then bringing the item up, asking whether to check it in our out (depending on prior conditions, possibly), and letting the user of said device be changed at this point.

SQL Injection

in your inventory management tool, it is possible to do SQL injection(s).

How to reproduce:

  • A user with (type=Full Access) is logged in
  • Malroy (the attacker) sends the user an specially crafted URI:
    • localhost/itdb/index.php?action=edititem&delid=1 OR 1=1
  • The user clicks the malicious URI

➡️ This will delete all items stored in the database!

What is the problem:

  • The first problem is, that you invoke actions using a GET requests. This does not send a XSRF-token, thereby an attacker can trick you to execute the delete action by clicking the malicious url.

  • The second problem: You do not restrict the delid to be e.g. only a number. This allows an attacker to inject an arbitrary SQL query.

  • The third problem: The attackers' SQL query is executed, because you do not use prepared statements.

How to patch this vulnerability:

Replace lines 24-25 (https://github.com/sivann/itdb/blob/master/php/edititem.php#L24) with this:

$sql=$mysqli->prepare("DELETE from item2file where itemid=?"); // ? := placeholder for variable content
$sql->bind_param('i', $delid); // i := corresponding variable has type integer
$sql->execute(); // execute prepared statement
$sql->close(); // close statement and connection

And use mysqli for the db connections instead, e.g.:
$mysqli = new mysqli('localhost', 'my_user', 'my_password', 'world');
Here you can find more information/examples : http://php.net/manual/en/mysqli-stmt.bind-param.php

How to fix the problem in general:

  • Use prepared statements and parameterized queries for all your SQL! These are SQL statements that are sent to and parsed by the database server separately from any parameters. This way it is impossible for an attacker to inject malicious SQL. See: https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet

  • Dont modify/delete/... with GET

Vulnerability found by:

Id Sort for some page not "work"

Hi this is not a big problem, in User, Agent, Location i have more then 10 items so the Edit column (or id colum) are sorted in not correct way attacched a sample... 1, 10, 11.., 2, 3, 4,/.., 9

itdb_problem

This is not a problem you can close if you want

Regards
Nicola

Feature Request: rack watt count

Hello,
it would be a great idea adding power consumption for each server/device, having an handy counter per rack.

I'd love it :)

some bits...

on an almost vanilla RHEL6, the following were also needed:

  • add package php-pdo
  • fix permissions chmod a+x ./php

also, update copyright to -2014 or -2015 on homepage!

warranty report

The "Items with warranty end date close to (before or after) today" report appears to be using hardcoded 30 day months as well.

cloning racks and items

It is my firs day working with itdb and I love it:)
I can advise you one usefull feature. My todays task is to add few racks with a looooot of staff inside. It would be very usefull if there was an option to copy item and rack. We have a lot of same equipment with only different serial number and it's anoying to typing it ower and ower again. Same with same kind of racks:P

items not showing up in version 1.8

Hi, i'm facing an issue in ITDB version 1.8

when i search my items, it wont show up like below :

image

same as when i want to add an item :

image

any suggestions ?

regards,
vincent

Cant change user acces right

According to error in php/edituser.php file, we cant't change user access right.
In line: 72 is:
if ($username='admin' && $usertype) {

but should be:
if ($username=='admin' && $usertype) {

Request

Hi Spiro,
at first, let me congratulate you for the excellent tool you have created. I recently tried quite a few tools and this is the only one i have found that provides the capability of creating connections among items (for example, i can create a new network card and associate it to a server!) as well as among software and contracts. It seems that this tool was created gradually and adding up every time a new capability that resulted to a full-set of features.
Now, my request would be to have the table of Items to be configurable as to which columns (fields) to present. For example, I might want to see the hw characteristics of a set of Items (e.g. CPU, RAM, etc), so, if I have the option to select those fields it would be really great. An alternative to that would be to be able to export all the fields of the Items to a csv/excel file (currently you can export only the fields that are shown in the columns of the Items view).
Thanks,
Dimitris

Location data being lost when importing items into ITDB

I noticed an issue when importing data into the database using the import function.
When I attempt to import a file, the location information is populated pre import check, but once the data is imported and I list the items, the location field is blank. Additionally, if there is information in the area field in the csv file, that is entered into the database.

I Found The Security Issue

Hey Sivann,

I found the security issue / vulnerability on ITDB application. I have sent Proof of Concept to your email "[email protected]".

is it possible if I post the vulnerability in here?

Ajax query on items search page when sessions is disconnected

Ajax query on items search page when sessions is disconnected throw php errors:
"PHP Fatal error: Call to a member function fetch() on integer in /var/www/webroot/secure.interplex.ca/interplex-itdb/php/datatables_listitems_ajax.php on line 113"

Sessions status in datatables_listitems_ajax.php must be verified and then the browser must reload page when disconnected.

ITDB Version 1.23
PDO::ATTR_CLIENT_VERSION: 3.13.0
PDO::ATTR_SERVER_VERSION: 3.13.0
Current PHP version: 5.6.23
PDO_SQLITE version:3.13.0

Domain name in data browser with each link.

Hi Sivann,

I'm new to apache2+php. I created a itdb site in my environment. everything is fine but only in the data browser function, each link doesn't include my site domain name.

for example:
http://index.php/?action=edititem&id=6

I see in the itdb demo site is no problem so would you please tell me why? below is my site's configuration information.

Thank you!

DocumentRoot /srv/www/htdocs/www/itdb ServerName itdb.sip.com ServerAdmin [email protected] Options MultiViews +Indexes +Includes AllowOverride None Order deny,allow Allow from all

Multi field search not working after 1.23 upgrade

Since upgrading to V1.23 the multi-field search (image attached) for "Items" no longer works. This is the function accessed by clicking the small clear elliptical looking icon at the top left of the Items list.

All the field tags are now just "Name" where they used to be "Serial Number", "Model" etc. Entering any data into the fields produces the following error when viewing the source in IE

SCRIPT5007: Unable to set property 'sSearch' of undefined or null reference. jquery.dataTables.min.js (123,196)

System details are as follows:
RHEL 6
Apache 2.2.15
PHP 5.3.3
SQLite 3.6.20

Thanks!

itdb

Need an option to render the item details page in read only when the QR code is scanned.

Hi,
When I try to read a QR code asset label, I have added the below text to be prepended.
http://itdb.XXXXX.com/?action=edititem&id=

So on reading the code in a QR code reader connected to a pc or a qr reader app, it opens a browser and displays the item details in:

  1. Edit item mode page if I have logged in as ITDB Administrator.
  2. Item details page with all details in editable mode - if I have logged in as security. Please note that I can edit the details in the fields but on clicking submit, it throws a error, "access denied."

Can we have, instead of "Access denied" after displaying the page with editable fields, the whole page is rendered as read only with the Assets details please?

Regards,
Krishna

Parameter must be an array

Warning: count(): Parameter must be an array or an object that implements Countable.
i wonder if i must doing upgrade or not? this error show when i want to edit items.
Please help, thankyou

Please remove flash elements

If at all possible, would it be hard to remove the flash elements from the menus? Flash support is dying a low and painful death.

Edit Item: Can't add "Items Associations" after using order by in the "Inter-Item Association" table

In edit item:
When I go in "Inter-Item Association"
And I click on "ID" to order by item by "ID"
And I click on check one or some items
And I click on "Save"

No Insert is done in "Inter-Item Associations" table
No variable Itlnk is send by the browser
The sorttable javascript code broke the form inputs for Items Association.

I use Chrome (47.0.2526.80)

The filter work #1. May-be temporary disabling the sort function can be better?

Tanks
And Nice work for ITDB!

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.