fix(LDAP): fix users search (#7308)

* fix(LDAP): fix users search

- Fix searching for users
- Add @ before ldap_sort() as it is deprecated

* Fix PHP warnings for undefined variable and indexes

* fix(ACL resource access): fetch permissions for hosts from proper table

* style and psr2

www/class/centreonLDAP.class.php

@@ -501,7 +501,7 @@ public function listUserForGroup($groupdn)
              * we get list of members by group
              */
             $filter = preg_replace('/%s/', $this->getCnFromDn($groupdn), $this->groupSearchInfo['filter']);
-            $result = @ldap_search($this->ds, $this->userSearchInfo['base_search'], $filter);
+            $result = @ldap_search($this->ds, $this->groupSearchInfo['base_search'], $filter);
 
             if (false === $result) {
                 restore_error_handler();
@@ -587,7 +587,7 @@ public function search($filter, $basedn, $searchLimit, $searchTimeout)
         $sr = ldap_search($this->ds, $basedn, $filter, $attr, 0, $searchLimit, $searchTimeout);
         $this->debug("LDAP Search : Error : " . ldap_error($this->ds));
         /* Sort */
-        ldap_sort($this->ds, $sr, "dn");
+        @ldap_sort($this->ds, $sr, "dn");
         $number_returned = ldap_count_entries($this->ds, $sr);
         $this->debug("LDAP Search : " . (isset($number_returned) ? $number_returned : "0") . " entries found");
 

www/include/monitoring/status/Hosts/xml/hostXML.php

@@ -33,7 +33,7 @@
  *
  */
 
-require_once realpath(dirname(__FILE__) . "/../../../../../../config/centreon.config.php");
+require_once realpath(__DIR__ . "/../../../../../../config/centreon.config.php");
 require_once realpath(__DIR__ . "/../../../../../../bootstrap.php");
 include_once _CENTREON_PATH_ . "www/class/centreonXMLBGRequest.class.php";
 include_once _CENTREON_PATH_ . "www/class/centreonInstance.class.php";
@@ -56,6 +56,7 @@
 $criticality = new CentreonCriticality($obj->DB);
 $instanceObj = new CentreonInstance($obj->DB);
 $media = new CentreonMedia($obj->DB);
+$centreonDbName = $dependencyInjector['configuration']->get('db');
 
 if (isset($obj->session_id) && CentreonSession::checkSession($obj->session_id, $obj->DB)) {
     ;
@@ -139,7 +140,7 @@
     " cv.value IS NULL as isnull ";
 $rq1 .= " FROM instances i, ";
 if (!$obj->is_admin) {
-    $rq1 .= " centreon_acl, ";
+    $rq1 .= " " . $centreonDbName . ".acl_resources_host_relations, ";
 }
 if ($hostgroups) {
     $rq1 .= " hosts_hostgroups hhg, hostgroups hg, ";
@@ -165,8 +166,12 @@
 }
 
 if (!$obj->is_admin) {
-    $rq1 .= " AND h.host_id = centreon_acl.host_id " .
-        $obj->access->queryBuilder("AND", "centreon_acl.group_id", $obj->grouplistStr);
+    $rq1 .= " AND h.host_id = ".$centreonDbName.".acl_resources_host_relations.host_host_id " .
+        $obj->access->queryBuilder(
+            "AND",
+            $centreonDbName.".acl_resources_host_relations.acl_res_id",
+            $obj->grouplistStr
+        );
 }
 if ($search != "") {
     $rq1 .= " AND (h.name LIKE '%" . CentreonDB::escape($search) . "%' OR h.alias LIKE '%" .
@@ -193,7 +198,9 @@
 }
 
 if ($hostgroups) {
-    $rq1 .= " AND h.host_id = hhg.host_id AND hg.hostgroup_id IN ($hostgroups) AND hhg.hostgroup_id = hg.hostgroup_id";
+    $rq1 .= " AND h.host_id = hhg.host_id " .
+        "AND hg.hostgroup_id IN (" . $hostgroups . ") " .
+        "AND hhg.hostgroup_id = hg.hostgroup_id";
 }
 
 if ($instance != -1 && !empty($instance)) {
@@ -237,21 +244,23 @@
 
 $ct = 0;
 $flag = 0;
-$DBRESULT = $obj->DBC->query($rq1);
+$dbResult = $obj->DBC->query($rq1);
 $numRows = $obj->DBC->numberRows();
 
 /**
  * Get criticality ids
  */
-$critRes = $obj->DBC->query("SELECT value, host_id 
-                                     FROM customvariables
-                                     WHERE name = 'CRITICALITY_ID'
-                                     AND service_id IS NULL");
+$critRes = $obj->DBC->query(
+    "SELECT value, host_id " .
+    "FROM customvariables " .
+    "WHERE name = 'CRITICALITY_ID' " .
+    "AND service_id IS NULL"
+);
 $criticalityUsed = 0;
 $critCache = array();
 if ($critRes->rowCount()) {
     $criticalityUsed = 1;
-    while ($critRow = $critRes->fetchRow()) {
+    while ($critRow = $critRes->fetch()) {
         $critCache[$critRow['host_id']] = $critRow['value'];
     }
 }
@@ -273,7 +282,7 @@
 $obj->XML->endElement();
 
 $delimInit = 0;
-while ($data = $DBRESULT->fetchRow()) {
+while ($data = $dbResult->fetch()) {
     if ($data["last_state_change"] > 0 && time() > $data["last_state_change"]) {
         $duration = CentreonDuration::toString(time() - $data["last_state_change"]);
     } else {
@@ -440,7 +449,7 @@
 
     $obj->XML->endElement();
 }
-$DBRESULT->closeCursor();
+$dbResult->closeCursor();
 
 if (!$ct) {
     $obj->XML->writeElement("infos", "none");

www/include/options/accessLists/resourcesACL/formResourcesAccess.php

@@ -486,10 +486,10 @@
 $tpl = new Smarty();
 $tpl = initSmartyTpl($path, $tpl);
 
-$formDefaults = $acl;
-$formDefaults['all_hosts[all_hosts]'] = $formDefaults['all_hosts'];
-$formDefaults['all_hostgroups[all_hostgroups]'] = $formDefaults['all_hostgroups'];
-$formDefaults['all_servicegroups[all_servicegroups]'] = $formDefaults['all_servicegroups'];
+$formDefaults = $acl ?? [];
+$formDefaults['all_hosts[all_hosts]'] = $formDefaults['all_hosts'] ?? '0';
+$formDefaults['all_hostgroups[all_hostgroups]'] = $formDefaults['all_hostgroups'] ?? '0';
+$formDefaults['all_servicegroups[all_servicegroups]'] = $formDefaults['all_servicegroups'] ?? '0';
 
 if ($o == "w") {
     /*