fixed update user auth rules

html/admin/users/edit_rules.php

@@ -30,10 +30,10 @@ if (isset($_POST['s_save'])) {
             if (intval($_POST['n_id'][$j]) != $save_id) { continue; }
             $new['type'] = $_POST['s_type'][$j];
             $new['rule'] = trim($_POST['s_rule'][$j]);
-            if ($new['type'] ==2) { 
-                $new['rule'] = mac_dotted($new['rule']); 
+            if ($new['type'] ==2) {
+                $new['rule'] = mac_dotted($new['rule']);
                 }
-            update_record($db_link, "auth_rules", "id='{$save_id}'", $new);
+	    update_auth_rule($db_link,$new['rule'],$new['type'],$save_id);
         }
     }
     header("Location: " . $_SERVER["REQUEST_URI"]);
@@ -43,12 +43,8 @@ if (isset($_POST['s_save'])) {
 if (isset($_POST["s_create"])) {
     $new_rule = $_POST["s_new_rule"];
     if (isset($new_rule)) {
-        $new['type'] = $_POST["s_new_type"];
-        $new['rule'] = $new_rule;
-        $new['user_id'] = $id;
-        LOG_INFO($db_link, "Create new rule $new_rule");
-        insert_record($db_link, "auth_rules", $new);
-    }
+	add_auth_rule($db_link,$new_rule,$_POST["s_new_type"],$id);
+	}
     header("Location: " . $_SERVER["REQUEST_URI"]);
     exit;
 }

html/admin/users/editauth.php

@@ -6,6 +6,10 @@ require_once($_SERVER['DOCUMENT_ROOT'] . "/inc/idfilter.php");
 $msg_error = "";
 
 $old_auth_info = get_record_sql($db_link, "SELECT * FROM User_auth WHERE id=" . $id);
+if (empty($old_auth_info)) {
+    header("Location: /admin/");
+    }
+
 $parent_id = $old_auth_info['user_id'];
 
 $user_info = get_record_sql($db_link, "SELECT * FROM User_list WHERE id=" . $parent_id);

html/admin/users/edituser.php

@@ -12,6 +12,10 @@ $msg_error = "";
 $sSQL = "SELECT * FROM User_list WHERE id=$id";
 $user_info = get_record_sql($db_link, $sSQL);
 
+if (empty($user_info)) {
+    header("Location: /admin/");
+    }
+
 if (isset($_POST["edituser"])) {
     unset($new);
     $new["ou_id"] = $_POST["f_ou"] * 1;
@@ -46,16 +50,8 @@ if (isset($_POST["addMacRule"])) {
     unset($new);
     $first_auth = get_record_sql($db_link,"SELECT mac FROM User_auth WHERE user_id=".$id." AND deleted=0 AND LENGTH(mac)>0 ORDER BY id");
     if (!empty($first_auth) and !empty($first_auth['mac'])) {
-        $auth_rules_user = get_record_sql($db_link,"SELECT * FROM auth_rules WHERE user_id=".$id." AND type=2");
-        $auth_rules_mac = get_record_sql($db_link,"SELECT * FROM auth_rules WHERE rule='".$first_auth['mac']."' AND type=2");
-        if (empty($auth_rules_user) and empty($auth_rules_mac)) {
-            $new['user_id']=$id;
-            $new['type']=2;
-            $new['rule']=$first_auth['mac'];
-	        insert_record($db_link,"auth_rules",$new);
-	        LOG_INFO($db_link,"Create auto rule at id: ".$id." login: ".$user_info["login"]." for mac ".$first_auth['mac']);
-            }
-	    }
+	add_auth_rule($db_link,$first_auth['mac'],2,$id);
+        }
     header("Location: " . $_SERVER["REQUEST_URI"]);
     exit;
 }
@@ -71,16 +67,8 @@ if (isset($_POST["addIPRule"])) {
     unset($new);
     $first_auth = get_record_sql($db_link,"SELECT ip FROM User_auth WHERE user_id=".$id." AND deleted=0 AND LENGTH(ip)>0 ORDER BY id");
     if (!empty($first_auth) and !empty($first_auth['ip'])) {
-        $auth_rules_user = get_record_sql($db_link,"SELECT * FROM auth_rules WHERE user_id=".$id." AND type=1");
-        $auth_rules_ip = get_record_sql($db_link,"SELECT * FROM auth_rules WHERE rule='".$first_auth['ip']."' AND type=1");
-        if (empty($auth_rules_user) and empty($auth_rules_ip)) {
-            $new['user_id']=$id;
-            $new['type']=1;
-            $new['rule']=$first_auth['ip'];
-	        insert_record($db_link,"auth_rules",$new);
-	        LOG_INFO($db_link,"Create auto rule id: ".$id." login: ".$user_info["login"]." for ip ".$first_auth['ip']);
-            }
-	    }
+	add_auth_rule($db_link,$first_auth['ip'],1,$id);
+        }
     header("Location: " . $_SERVER["REQUEST_URI"]);
     exit;
 }

html/inc/common.php

@@ -1604,6 +1604,11 @@ function clean_dns_cache($db)
     run_sql($db, "DELETE FROM dns_cache WHERE `timestamp`<='" . $clean_date . "'");
 }
 
+function clean_unreferensed_rules($db)
+{
+    run_sql($db, "DELETE FROM `auth_rules` WHERE user_id NOT IN (SELECT id FROM User_list)");
+}
+
 function FormatDateStr($format = 'Y-m-d H:i:s', $date_str)
 {
     $date1 = GetDateTimeFromString($date_str);
@@ -2007,6 +2012,43 @@ function get_auth_mac($db, $current_auth)
     return $result;
 }
 
+function add_auth_rule($db,$rule,$type,$user_id) 
+{
+$new['user_id']=$user_id;
+$new['type']=$type;
+$new['rule']=$rule;
+$rule_id=0;
+$auth_rules = get_record_sql($db,"SELECT * FROM auth_rules WHERE rule='".$rule."' AND type=".$type);
+if (empty($auth_rules)) {
+    $rule_id = insert_record($db,"auth_rules",$new);
+    LOG_INFO($db,"Create auto rule for user_id: ".$user_id." rule: ".$rule." type: ".$type);
+    } else {
+    if ($auth_rules['user_id'] === $user_id) {
+	$rule_id = update_record($db, "auth_rules", "id=".$auth_rules['id'], $new);
+        LOG_INFO($db,"Replaced auto rule for user_id: ".$user_id." rule: ".$rule." type: ".$type);
+	} else {
+        LOG_WARNING($db,"Create auto rule for user_id: ".$user_id." rule: ".$rule." type: ".$type." failed! Already exists at user_id: ".$auth_rules['user_id']);
+	$rule_id=0;
+	}
+    }
+return $rule_id;
+}
+
+function update_auth_rule($db,$rule,$type,$rule_id)
+{
+$new['type']=$type;
+$new['rule']=$rule;
+$rule_id=0;
+$auth_rules = get_record_sql($db,"SELECT * FROM auth_rules WHERE rule='".$rule."' AND type=".$type." AND id<>".$rule_id);
+if (empty($auth_rules)) {
+    $rule_id = update_record($db, "auth_rules", "id=".$rule_id, $new);
+    } else {
+    LOG_WARNING($db,"Create auto rule id: ".$rule_id." rule: ".$rule." type: ".$type." failed! Already exists at user_id: ".$auth_rules['user_id']);
+    $rule_id=0;
+    }
+return $rule_id;
+}
+
 function isRO($db, $table)
 {
     $result = 1;
@@ -4948,6 +4990,7 @@ if (empty($ou)) {
 $config["init"] = 1;
 
 clean_dns_cache($db_link);
+clean_unreferensed_rules($db_link);
 
 snmp_set_valueretrieval(SNMP_VALUE_LIBRARY);
 snmp_set_enum_print(1);

scripts/garbage.pl

@@ -194,10 +194,11 @@ if ($user_device) {
     }
 }
 
-##### clean empty user account and corresponded devices if there are no rules for automatic linking ################
+##### clean empty user account and corresponded devices ################
 if ($config_ref{clean_empty_user}) {
-    db_log_info($dbh,'Clearing empty user account and corresponded devices if there are no rules for automatic linking');
-    my $u_sql = "SELECT * FROM User_list as U WHERE (SELECT COUNT(*) FROM User_auth WHERE User_auth.deleted=0 AND User_auth.user_id = U.id)=0 AND (SELECT COUNT(*) FROM auth_rules WHERE auth_rules.user_id = U.id)=0";
+    db_log_info($dbh,'Clearing empty user account and corresponded devices');
+#    my $u_sql = "SELECT * FROM User_list as U WHERE (SELECT COUNT(*) FROM User_auth WHERE User_auth.deleted=0 AND User_auth.user_id = U.id)=0 AND (SELECT COUNT(*) FROM auth_rules WHERE auth_rules.user_id = U.id)=0";
+    my $u_sql = "SELECT * FROM User_list as U WHERE (SELECT COUNT(*) FROM User_auth WHERE User_auth.deleted=0 AND User_auth.user_id = U.id)=0";
     my @u_ref = get_records_sql($dbh,$u_sql);
     foreach my $row (@u_ref) {
         do_sql($dbh,"DELETE FROM User_list WHERE id='".$row->{id}."'");
@@ -215,6 +216,9 @@ if ($config_ref{clean_empty_user}) {
         }
     }
 
+##### Remove unreferensed auth rules
+do_sql($dbh, "DELETE FROM `auth_rules` WHERE user_id NOT IN (SELECT id FROM User_list)");
+
 ##### unknown mac clean ############
 db_log_info($dbh,'Clearing unknown mac if it found in current User_auth table');
 $users_sql = "SELECT mac FROM User_auth WHERE deleted=0";