From 5bc8ea29f2e8c9fca22c607458d4ccab27adefd7 Mon Sep 17 00:00:00 2001
From: Nate Jones <git@reliberate.com>
Date: Mon, 4 May 2015 20:07:51 +0000
Subject: [PATCH] Devices: Prevent duplicate username within domain (if device
 assigned to a domain) or globally (if domain set to Global).

Functions: Added is_mac() and format_mac() functions.
---
 app/devices/device_edit.php | 152 +++++++++++++++++++++++++-----------
 app/devices/devices.php     |   3 +-
 resources/functions.php     |  18 +++++
 3 files changed, 124 insertions(+), 49 deletions(-)

diff --git a/app/devices/device_edit.php b/app/devices/device_edit.php
index 46767ccf0a..b3f6fedccf 100644
--- a/app/devices/device_edit.php
+++ b/app/devices/device_edit.php
@@ -40,28 +40,60 @@ require_once "resources/require.php";
 	$language = new text;
 	$text = $language->get();
 
-//check duplicate mac address
-	if ($_GET["mac"] != '' && $_GET["mac"] != "000000000000") {
-		$sql = "select ";
-		$sql .= "d2.domain_name ";
-		$sql .= "from ";
-		$sql .= "v_devices as d1, ";
-		$sql .= "v_domains as d2 ";
-		$sql .= "where ";
-		$sql .= "d1.domain_uuid = d2.domain_uuid and ";
-		$sql .= "d1.device_mac_address = '".check_str($_GET["mac"])."' ";
-		if ($_GET["id"] != '') {
-			$sql .= " and d1.device_uuid <> '".check_str($_GET["id"])."' ";
-		}
-		$prep_statement = $db->prepare($sql);
-		if ($prep_statement) {
-			$prep_statement->execute();
-			$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
-			if ($row['domain_name'] != '') {
-				echo $text['message-duplicate'].((if_group("superadmin") && $_SESSION["domain_name"] != $row["domain_name"]) ? ": ".$row["domain_name"] : null);
+//check for duplicates
+	if ($_GET["check"] == 'duplicate') {
+		//mac address
+			if ($_GET["mac"] != '' && $_GET["mac"] != "000000000000") {
+				$sql = "select ";
+				$sql .= "d2.domain_name ";
+				$sql .= "from ";
+				$sql .= "v_devices as d1, ";
+				$sql .= "v_domains as d2 ";
+				$sql .= "where ";
+				$sql .= "d1.domain_uuid = d2.domain_uuid and ";
+				$sql .= "d1.device_mac_address = '".check_str($_GET["mac"])."' ";
+				if ($_GET["device_uuid"] != '') {
+					$sql .= " and d1.device_uuid <> '".check_str($_GET["device_uuid"])."' ";
+				}
+				$prep_statement = $db->prepare($sql);
+				if ($prep_statement) {
+					$prep_statement->execute();
+					$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
+					if ($row['domain_name'] != '') {
+						echo $text['message-duplicate'].((if_group("superadmin") && $_SESSION["domain_name"] != $row["domain_name"]) ? ": ".$row["domain_name"] : null);
+					}
+				}
+				unset($prep_statement);
 			}
-		}
-		unset($prep_statement);
+
+		//username
+			if ($_GET['username'] != '') {
+				$sql = "select ";
+				$sql .= "d2.domain_name, ";
+				$sql .= "d1.device_mac_address ";
+				$sql .= "from ";
+				$sql .= "v_devices as d1, ";
+				$sql .= "v_domains as d2 ";
+				$sql .= "where ";
+				$sql .= "d1.domain_uuid = d2.domain_uuid and ";
+				$sql .= "d1.device_username = '".check_str($_GET["username"])."' ";
+				if ($_GET['domain_uuid'] != '') {
+					$sql .= "and d2.domain_uuid = '".check_str($_GET['domain_uuid'])."' ";
+				}
+				if ($_GET['device_uuid'] != '') {
+					$sql .= "and d1.device_uuid <> '".check_str($_GET["device_uuid"])."' ";
+				}
+				$prep_statement = $db->prepare($sql);
+				if ($prep_statement) {
+					$prep_statement->execute();
+					$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
+					if ($row['domain_name'] != '') {
+						echo $text['message-duplicate_username'].((if_group("superadmin")) ? ": ".format_mac($row['device_mac_address']).(($_SESSION["domain_name"] != $row["domain_name"]) ? " (".$row["domain_name"].")" : null) : null);
+					}
+				}
+				unset($prep_statement);
+			}
+
 		exit;
 	}
 
@@ -267,14 +299,14 @@ require_once "resources/require.php";
 							if ($action == "add") {
 								//save the message to a session variable
 									$_SESSION['message'] = $text['message-add'];
-								//redirect the browser
-									header("Location: device_edit.php?id=$device_uuid");
-									exit;
 							}
 							if ($action == "update") {
 								//save the message to a session variable
 									$_SESSION['message'] = $text['message-update'];
 							}
+							//redirect the browser
+								header("Location: device_edit.php?id=$device_uuid");
+								exit;
 						}
 					}
 
@@ -409,28 +441,54 @@ require_once "resources/require.php";
 			obj[0].parentNode.removeChild(obj[2]);
 		}
 
-		function check_mac_duplicate(mac_addr, device_uuid_to_ignore) {
-			if (mac_addr != '') {
-				check_url = "device_edit.php?mac="+mac_addr+"&id="+device_uuid_to_ignore;
-				$("#duplicate_mac_response").load(check_url, function() {
-					if ($("#duplicate_mac_response").html() != '') {
-						$('#device_mac_address').addClass('formfld_highlight_bad');
-						display_message($("#duplicate_mac_response").html(), 'negative');
-					}
-					else {
-						$('#device_mac_address').removeClass('formfld_highlight_bad');
-						document.getElementById('frm').submit();
-					}
-				});
-			}
-			else {
-				$('#frm').submit();
-			}
+		function check_duplicates() {
+			//check mac
+			var mac_addr = document.getElementById('device_mac_address').value;
+			$("#duplicate_mac_response").load("device_edit.php?check=duplicate&mac="+mac_addr+"&device_uuid=<?php echo $device_uuid;?>", function() {
+				var duplicate_mac = false;
+
+				if ($("#duplicate_mac_response").html() != '') {
+					$('#device_mac_address').addClass('formfld_highlight_bad');
+					display_message($("#duplicate_mac_response").html(), 'negative'<?php if (if_group("superadmin")) { echo ', 3000'; } ?>);
+					duplicate_mac = true;
+				}
+				else {
+					$("#duplicate_mac_response").html('');
+					$('#device_mac_address').removeClass('formfld_highlight_bad');
+					duplicate_mac = false;
+				}
+
+				//check username
+				if (duplicate_mac == false) {
+					var username = document.getElementById('device_username').value;
+					var domain_uuid = document.getElementById('domain_uuid').value;
+					$("#duplicate_username_response").load("device_edit.php?check=duplicate&username="+username+"&domain_uuid="+domain_uuid+"&device_uuid=<?php echo $device_uuid;?>", function() {
+						var duplicate_username = false;
+
+						if ($("#duplicate_username_response").html() != '') {
+							$('#device_username').addClass('formfld_highlight_bad');
+							display_message($("#duplicate_username_response").html(), 'negative'<?php if (if_group("superadmin")) { echo ', 3000'; } ?>);
+							duplicate_username = true;
+						}
+						else {
+							$("#duplicate_username_response").html('');
+							$('#device_username').removeClass('formfld_highlight_bad');
+							duplicate_username = false;
+						}
+
+						if (duplicate_username == false) {
+							document.getElementById('frm').submit();
+							return false;
+						}
+					});
+				}
+			});
+			return false;
 		}
 	</script>
 <?php
 //show the content
-	echo "<form method='post' name='frm' id='frm' action='' onsubmit=\"check_mac_duplicate(document.getElementById('device_mac_address').value, '".$device_uuid."'); return false;\">\n";
+	echo "<form method='post' name='frm' id='frm' action='' onsubmit='check_duplicates(); return false;'>\n";
 	echo "<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
 	echo "<tr>\n";
 	echo "<td align='left' width='30%' nowrap='nowrap' valign='top'>";
@@ -455,7 +513,6 @@ require_once "resources/require.php";
 	echo "<td class='vtable' align='left'>\n";
 	echo "	<input class='formfld' type='text' name='device_mac_address' id='device_mac_address' maxlength='255' value=\"$device_mac_address\" required=\"required\">\n";
 	echo "	<div style='display: none;' id='duplicate_mac_response'></div>\n";
-	echo "	<div style='display: none;' id='duplicate_mac_found'></div>\n";
 	echo "<br />\n";
 	echo $text['description-device_mac_address']."\n";
 	echo "</td>\n";
@@ -1035,8 +1092,9 @@ require_once "resources/require.php";
 	echo "	".$text['label-device']."\n";
 	echo "</td>\n";
 	echo "<td class='vtable' align='left'>\n";
-	echo "	<input class='formfld' type='text' name='device_username' maxlength='255' placeholder=\"".$text['label-device_username']."\" value=\"$device_username\">\n";
-	echo "	<input class='formfld' type='text' name='device_password' onfocus=\"this.type='text';\" onmouseout=\"if (!$(this).is(':focus')) { this.type='password'; }\" onblur=\"this.type='password';\" maxlength='255' placeholder=\"".$text['label-device_password']."\" value=\"$device_password\">\n";
+	echo "	<input class='formfld' type='text' name='device_username' id='device_username' maxlength='255' placeholder=\"".$text['label-device_username']."\" value=\"$device_username\">\n";
+	echo "	<input class='formfld' type='text' name='device_password' id='device_password' onfocus=\"this.type='text';\" onmouseout=\"if (!$(this).is(':focus')) { this.type='password'; }\" onblur=\"this.type='password';\" maxlength='255' placeholder=\"".$text['label-device_password']."\" value=\"$device_password\">\n";
+	echo "	<div style='display: none;' id='duplicate_username_response'></div>\n";
 	echo "<br />\n";
 	echo $text['description-device']."\n";
 	echo "</td>\n";
@@ -1047,7 +1105,7 @@ require_once "resources/require.php";
 	echo "	".$text['label-device_vendor']."\n";
 	echo "</td>\n";
 	echo "<td class='vtable' align='left'>\n";
-	echo "	<input class='formfld' type='text' name='device_vendor' maxlength='255' value=\"$device_vendor\" required=\"required\">\n";
+	echo "	<input class='formfld' type='text' name='device_vendor' maxlength='255' value=\"$device_vendor\">\n";
 	echo "<br />\n";
 	echo $text['description-device_vendor']."\n";
 	echo "</td>\n";
@@ -1081,7 +1139,7 @@ require_once "resources/require.php";
 		echo "	".$text['label-domain']."\n";
 		echo "</td>\n";
 		echo "<td class='vtable' align='left'>\n";
-		echo "    <select class='formfld' name='domain_uuid'>\n";
+		echo "    <select class='formfld' name='domain_uuid' id='domain_uuid'>\n";
 		if (strlen($domain_uuid) == 0) {
 			echo "    <option value='' selected='selected'>".$text['select-global']."</option>\n";
 		}
diff --git a/app/devices/devices.php b/app/devices/devices.php
index 3a1104c038..220d8aa2ca 100644
--- a/app/devices/devices.php
+++ b/app/devices/devices.php
@@ -209,8 +209,7 @@ else {
 				echo "	<td valign='top' class='".$row_style[$c]."'>".$_SESSION['domains'][$row['domain_uuid']]['domain_name']."</td>\n";
 			}
 			echo "	<td valign='top' class='".$row_style[$c]."'>";
-			$device_mac_address = substr($row['device_mac_address'], 0,2).'-'.substr($row['device_mac_address'], 2,2).'-'.substr($row['device_mac_address'], 4,2).'-'.substr($row['device_mac_address'], 6,2).'-'.substr($row['device_mac_address'], 8,2).'-'.substr($row['device_mac_address'], 10,2);
-			echo (permission_exists('device_edit')) ? "<a href='device_edit.php?id=".$row['device_uuid']."'>".$device_mac_address."</a>" : $device_mac_address;
+			echo (permission_exists('device_edit')) ? "<a href='device_edit.php?id=".$row['device_uuid']."'>".format_mac($row['device_mac_address'])."</a>" : format_mac($row['device_mac_address']);
 			echo "	</td>\n";
 			echo "	<td valign='top' class='".$row_style[$c]."'>".$row['device_label']."&nbsp;</td>\n";
 			echo "	<td valign='top' class='".$row_style[$c]."'>".$row['device_vendor']."&nbsp;</td>\n";
diff --git a/resources/functions.php b/resources/functions.php
index 53bfeb975b..69b33d3933 100644
--- a/resources/functions.php
+++ b/resources/functions.php
@@ -1266,4 +1266,22 @@ function number_pad($number,$n) {
 		}
 	}
 
+//mac detection
+	if (!function_exists('is_mac')) {
+		function is_mac($str) {
+			return (preg_match('/([a-fA-F0-9]{2}[:|\-]?){6}/', $str) == 1) ? true : false;
+		}
+	}
+
+//format mac address
+	if (!function_exists('format_mac')) {
+		function format_mac($str, $delim = '-', $case = 'lower') {
+			if (is_mac($str)) {
+				$str = join($delim, str_split($str, 2));
+				$str = ($case == 'upper') ? strtoupper($str) : strtolower($str);
+			}
+			return $str;
+		}
+	}
+
 ?>