sivann / itdb Goto Github PK
View Code? Open in Web Editor NEWIT Items Database
Home Page: http://www.sivann.gr/software/itdb/
License: GNU General Public License v3.0
IT Items Database
Home Page: http://www.sivann.gr/software/itdb/
License: GNU General Public License v3.0
Hi,
I have problem with Full Backup on 1.23 Version. After clicking "Full backup", a new tab opens and a message appears
Firefox cannot find the file http://1....../gettar.php.
When i go to directory /var/www/itdb-1.23 i see "gettar.php".
When i inspect on the page "Full Backup" the name is correct in "a href".
After chmod 777 and chown www-data still I have this problem.
Fails to upgrade from db v3 to v6 with "cannot start a transaction within a transaction" error
solved by adding "commit;" at the top of updates/db/3_4.sql
hello
i am very interested in this software, i am curious though - if there is an api (perhaps xmlrpc) what will allow us to push data in to this database with our own scripts and automation.
thanks
For smaller shops, given there are object and rack management in ITDB, one wouldn't need Racktables or other tools if they had a place to put IPv4 and IPv6 ranges and addresses. One other thing that's been missing in Racktables itself, is the ability to designate multiple-IP assignments for DHCP / other allocations.
Can you please add/fix these features?
Software licenses:
Prevent over-licensing.
Items:
Prevent duplicates. Check for existence of Serial Number,Label Number,MAC Address.
Hello sivann,
1.- I found some short tags in /php/setting.php.
row 164:
2.- Another modification request:
Please add hungarian currency to the list in /php/setting.php:
<option <?php echo $s?> title='Forint' value='Ft'>Ft</option>
Best regards!
When we go to check days left in our warranties, they are wrong by several days.
It seems that you are hardcoding months as exactly thirty days on line 132 and line 174 of this file:
datatables_listitems_ajax.php
Sivann,
I have provided many updates and non of them have made it into your code. How is it best done to do so? I am thinking maybe creating a fork, but that kind of takes away from the purpose.
Thoughts?
Hello
i will work with ITDB. It´s a great Projekt! Thanks for you.
Is it possible to pramm a Email Reminder function that remember if the warranty or service contract expires?
Thanks
Regards Dreamscape84
With SQLMap, I found that this software has problem (maybe more)
---
Parameter: id (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
Payload: action=edititem&id=5) OR NOT 1460=1460-- CDNM
Vector: OR NOT [INFERENCE]
---
SQLite is very slow on ext4, so please add follow line for speed up:
$dbh->exec("pragma synchronous = off;");
When I use Print Labels, the characters in Chinese will be displayed as 口口 in the pdf. The Chinese characters displayed correctly in other pages.
First i wanna Thx all for all hardworks and effort spend for developing this application.
i got an issue whit Full Backup it work by generate the tar.gz file but when i wanna extract the file it show me that's an unknow format or damaged and cannot use it
Any 1 have the same probleme or can help me
Note:
i used 3 differents application to extract the .tar.gz file 7zip, Winrar, Winzip.
Click Make item labels, print
TCPDF ERROR: [Image] Unable to get the size of the image: images/itdb.png
I trace the code, find that the current work directory is itdb/php, which does not has images folder, I copy the itdb/images to itdb/php/images, Make item labels is ok.
Hi,
it's possibile to have some mandatory field for add new items / software?
and if it's just implemented you can i modify the list of this?
Thanks in advance, you can close becouse it's not a bug but a request of info...
Nicola
PS I found the part of code in edititems.php with validation part! Sorry!
this error "Cannot upload files to unsaved items." won't go away when i access the Items / File Upload tab. What do i need to do to get rid of it? I'm running IT DB version 1.23 on Linux Redhat 7.3
Thanks in advance
Sam
Hi,
I try to modify an id 25 changing the location from A to B and obtain the error:
Error: Item not saved, correct these errors:
Duplicate SN with id 5
With version 1.22 or 1.23, i have opened the sqllite db with a browser and there are no equal sn into items table.
Follow my personal debug...
it's possible problem with or before this query ?
$sql="SELECT id from items where id <> $myid AND ((length(sn)>0 AND sn in ('{$_POST['sn']}', '{$_POST['sn2']}')) OR (length(sn2)>0 AND sn2 in ('{$_POST['sn']}', '{$_POST['sn2']}'))) LIMIT 1";
I try using with myid = 25 (the right value) and obtain 0 field with any other value obtain as result 25
SELECT id from items where id <> 25 AND ((length(sn)>0 AND sn in ('XXX', '')) OR (length(sn2)>0 AND sn2 in ('XXX, ''))) LIMIT 1
result: null
SELECT id from items where id <> Y AND ((length(sn)>0 AND sn in ('XXX', '')) OR (length(sn2)>0 AND sn2 in ('XXX, ''))) LIMIT 1
result: 25
How can i verify myid it's correct?
Thanks in advance
Nicola
I have downloaded latest version of this software and i have try to install it on my local server for checking but i,m getting this error again and again.I have uploaded it on live server too but i,m getting same error when i tried to change itdb directory folder permissions 755 to 777 i,m getting internal server error.pLease tell me what should i do?
THanks
/home/lolololo/public_html/itdb-1.14 is not writeable by apache
make /home/lolololo/public_html/itdb-1.14/data/files/ writeable by the user running the web server
in unix:
chown /home/lolololo/public_html/itdb-1.14/data/files/; chmod u+w /home/lolololo/public_html/itdb-1.14/data/files/
I tried to connect ITDB to the active directory, but I've failed to login using an active directory user.
Is it working or not? and if someone succeeded to connect to AD, could he advise me please?
Warning: require(php/editusers.php): failed to open stream: No such file or directory in C:\xampp\htdocs\TKB-itdb\index.php on line 415
Fatal error: require(): Failed opening required 'php/editusers.php' (include_path='.;\xampp\php\PEAR') in C:\xampp\htdocs\TKB-itdb\index.php on line 415
Hi,
I wish to ask that how to reset the itdb password since I have failed to login. The web interface does not seem to have any reset button and the db is not like mysql as I am not familiar with it.
Appreciate the help.
Thanks.
import.php line 412 under //add items in $stmt=db_execute2 array, fix name for locid:
//'locationid'=>$locationid,
'locationid'=>$locid,
Something that may be useful for people would be to have a checkin/checkout page for mobile devices and equipment. The page itself wouldn't necessarily need to be fancy, just a search box to input either a service tag or inventory number (i.e. with a barcode scanner), and then bringing the item up, asking whether to check it in our out (depending on prior conditions, possibly), and letting the user of said device be changed at this point.
V itdb1.23 items Can not add and modify Racks 。
https://github.com/sivann/itdb/archive/1.23.zip
THX
DY DICKY EMAIL:[email protected]
in your inventory management tool, it is possible to do SQL injection(s).
localhost/itdb/index.php?action=edititem&delid=1 OR 1=1
➡️ This will delete all items stored in the database!
The first problem is, that you invoke actions using a GET requests. This does not send a XSRF-token, thereby an attacker can trick you to execute the delete action by clicking the malicious url.
The second problem: You do not restrict the delid to be e.g. only a number. This allows an attacker to inject an arbitrary SQL query.
The third problem: The attackers' SQL query is executed, because you do not use prepared statements.
Replace lines 24-25 (https://github.com/sivann/itdb/blob/master/php/edititem.php#L24) with this:
$sql=$mysqli->prepare("DELETE from item2file where itemid=?"); // ? := placeholder for variable content
$sql->bind_param('i', $delid); // i := corresponding variable has type integer
$sql->execute(); // execute prepared statement
$sql->close(); // close statement and connection
And use mysqli
for the db connections instead, e.g.:
$mysqli = new mysqli('localhost', 'my_user', 'my_password', 'world');
Here you can find more information/examples : http://php.net/manual/en/mysqli-stmt.bind-param.php
Use prepared statements and parameterized queries for all your SQL! These are SQL statements that are sent to and parsed by the database server separately from any parameters. This way it is impossible for an attacker to inject malicious SQL. See: https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
Dont modify/delete/... with GET
Hello,
it would be a great idea adding power consumption for each server/device, having an handy counter per rack.
I'd love it :)
on an almost vanilla RHEL6, the following were also needed:
chmod a+x ./php
also, update copyright to -2014 or -2015 on homepage!
The "Items with warranty end date close to (before or after) today" report appears to be using hardcoded 30 day months as well.
Hi,
First appreciate the great work.
Would like to have the options to export the reports into to a pdf file.
Regards,
Krishna Kumar
It is my firs day working with itdb and I love it:)
I can advise you one usefull feature. My todays task is to add few racks with a looooot of staff inside. It would be very usefull if there was an option to copy item and rack. We have a lot of same equipment with only different serial number and it's anoying to typing it ower and ower again. Same with same kind of racks:P
According to error in php/edituser.php file, we cant't change user access right.
In line: 72 is:
if ($username='admin' && $usertype) {
but should be:
if ($username=='admin' && $usertype) {
Hi Spiro,
at first, let me congratulate you for the excellent tool you have created. I recently tried quite a few tools and this is the only one i have found that provides the capability of creating connections among items (for example, i can create a new network card and associate it to a server!) as well as among software and contracts. It seems that this tool was created gradually and adding up every time a new capability that resulted to a full-set of features.
Now, my request would be to have the table of Items to be configurable as to which columns (fields) to present. For example, I might want to see the hw characteristics of a set of Items (e.g. CPU, RAM, etc), so, if I have the option to select those fields it would be really great. An alternative to that would be to be able to export all the fields of the Items to a csv/excel file (currently you can export only the fields that are shown in the columns of the Items view).
Thanks,
Dimitris
I noticed an issue when importing data into the database using the import function.
When I attempt to import a file, the location information is populated pre import check, but once the data is imported and I list the items, the location field is blank. Additionally, if there is information in the area field in the csv file, that is entered into the database.
Hey Sivann,
I found the security issue / vulnerability on ITDB application. I have sent Proof of Concept to your email "[email protected]".
is it possible if I post the vulnerability in here?
Ajax query on items search page when sessions is disconnected throw php errors:
"PHP Fatal error: Call to a member function fetch() on integer in /var/www/webroot/secure.interplex.ca/interplex-itdb/php/datatables_listitems_ajax.php on line 113"
Sessions status in datatables_listitems_ajax.php must be verified and then the browser must reload page when disconnected.
ITDB Version 1.23
PDO::ATTR_CLIENT_VERSION: 3.13.0
PDO::ATTR_SERVER_VERSION: 3.13.0
Current PHP version: 5.6.23
PDO_SQLITE version:3.13.0
Hi,
A SMTP configuration setting with fields to send email from itdb to an administrator would be nice.
Would be perfect for this software.
Regards,
Krishna Kumar
Hi Sivann,
I'm new to apache2+php. I created a itdb site in my environment. everything is fine but only in the data browser function, each link doesn't include my site domain name.
for example:
http://index.php/?action=edititem&id=6
I see in the itdb demo site is no problem so would you please tell me why? below is my site's configuration information.
Thank you!
DocumentRoot /srv/www/htdocs/www/itdb ServerName itdb.sip.com ServerAdmin [email protected] Options MultiViews +Indexes +Includes AllowOverride None Order deny,allow Allow from allSince upgrading to V1.23 the multi-field search (image attached) for "Items" no longer works. This is the function accessed by clicking the small clear elliptical looking icon at the top left of the Items list.
All the field tags are now just "Name" where they used to be "Serial Number", "Model" etc. Entering any data into the fields produces the following error when viewing the source in IE
SCRIPT5007: Unable to set property 'sSearch' of undefined or null reference. jquery.dataTables.min.js (123,196)
System details are as follows:
RHEL 6
Apache 2.2.15
PHP 5.3.3
SQLite 3.6.20
Thanks!
Hi,
When I try to read a QR code asset label, I have added the below text to be prepended.
http://itdb.XXXXX.com/?action=edititem&id=
So on reading the code in a QR code reader connected to a pc or a qr reader app, it opens a browser and displays the item details in:
Can we have, instead of "Access denied" after displaying the page with editable fields, the whole page is rendered as read only with the Assets details please?
Regards,
Krishna
It would be better if itdb would support PostgreSQL and MySQL as SQLite is not suitable for integration
Warning: count(): Parameter must be an array or an object that implements Countable.
i wonder if i must doing upgrade or not? this error show when i want to edit items.
Please help, thankyou
If at all possible, would it be hard to remove the flash elements from the menus? Flash support is dying a low and painful death.
Please add RUR ito currency.
In edit item:
When I go in "Inter-Item Association"
And I click on "ID" to order by item by "ID"
And I click on check one or some items
And I click on "Save"
No Insert is done in "Inter-Item Associations" table
No variable Itlnk is send by the browser
The sorttable javascript code broke the form inputs for Items Association.
I use Chrome (47.0.2526.80)
The filter work #1. May-be temporary disabling the sort function can be better?
Tanks
And Nice work for ITDB!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.