New module for drawing network maps

Started by dima-u, May 27, 2008, 11:34:25 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

dima-u

May 27, 2008, 11:34:25 AM Last Edit: May 27, 2008, 11:50:12 AM by dima-u
Hellow, i would like to introduce  you new netxms module:

http://www.visualnet.org/netxmsMaps_0.1.4.rar

With it you can draw maps like in microsoft visio (just drag & drop objects to canvas and make lines from one object to another).
It supports:
-straight,curved and other connector types
-object resizing, adding image,changing transparancy
-auto-generating node tree (like in netxms console)
-node templates support (just apply template to node and its parameters will be applied to node)
-support fetching and applying to image node status
-supporting fetching and appying to node  last DCI  value ( as line or number)
....


It supports all database types on which netxms working. (tested only with mysql)
Client application is cross-plaform (tested only on  microsoft windows)

Screenshot:
http://www.visualnet.org/example.png

dima-u

#1
May 27, 2008, 01:51:49 PM
If someone has installation questions/problems or need help about using this module please post it here.

Alex Kirhenshtein

#2
May 27, 2008, 07:22:36 PM Last Edit: May 27, 2008, 07:40:00 PM by Alex Kirhenshtein
Thanks for contributions.

Note for users: netxms access rights are not used (right now); only login/password combination is checked against server's database.

Alex Kirhenshtein

#3
May 27, 2008, 07:38:27 PM
Some SQL-related things:

Code Select
$result = $mdb2->query("select item_id,name,description,polling_interval from items where node_id='{$_POST['node_id']}'");
Queries like this are unsafe on any DB which allows stacked queries (postgres, sqlite - almost all except mysql).

It can be easily exploited to run multiple queries: just set node_id to something like this:
Code Select
'; update users set system_access=524287; select '

This will run 3 queries:
Code Select
select item_id,name,description,polling_interval from items where node_id='';
update users set system_access=524287;
select '' -- to prevent execution error

dima-u

#4
May 27, 2008, 10:08:40 PM
i use mysql_escape_string($variable) to avoid this problem.

If somwhere i missed it,i will change. But file test.php is only for testing,you should delete it after everything will be ok.

Alex Kirhenshtein

#5
May 27, 2008, 11:32:56 PM
That's from rcp.php.

You escaping all input for insert/update queries, for missed it in few selects:
*) fetch_node_status: $_POST['node_id']
*) fetch_dciList: $_POST['node_id']
*) fetch_dci_value: $_POST['item_id'] and $_POST['node_id']
Print
Go Up Pages1
User actions