Brage - CM News

The demo site at http://www.crossley-nilsen.com/brage/ has been long due for an update to the latest stable release (0.0.4-2).

 This is now available.

Login using the following username/password combinations:

username: admin  / password: admin

Username: demo / password: demo 

File upload and email functions are disabled. It is also possible toadd/edit users, apart from the admin and demo account.

Enjoy... 

I've finally managed to get 0.0.4-2 ready. This is only a minor bug fix release, and provides no ne functionallity.

Goto project page for download: 

Changelog for 0.0.4-2 as follows:

March 2005 - v0.0.4-2
- Added new configuration parameter for debug logging -  $api_log_vars
  If this is set to TRUE, POST, GET and SESSION variables will be added
  to the logfile as well.
- BUG #0000033 - init_user_access() function wrongly updates $_SESSION vars
  causing duplication of data in session variables.
  This seems to have caused certain problems with editing profiles and access
  denied issued when adding assets, although it has not been found to be the
  case with every installation.
- BUG #0000038 - Software module Amount field is limited to 127. SQL scheme
  changed from using TINYINT to INTEGER.
- LIMIT #0000039 - Certain field labels are not exactly easy to understand or
  access/see. Changed some of the field labels related to software and licenses
  where  purchase cost and number of licenses where concerned. Also added
  the purchase cost field to the overview table when viewing or editing
  a Software asset entry.
- BUG #0000041 - Calendar popup windows loads in the same frame as the licence
  popup when adding new licenses to a software asset from another non-software
  asset.
- BUG #0000043 - License Count field cannot take values greater than 127.
- BUG #0000044 - Checkbox items does not work when used in asset templates.
  When a template is configured with a Checkbox item, any selections on such
  an asset is ignored.
- Replaced icons used for delete/edit on CM events and assets.
 

I've put together an updated database schema layout for v0.0.4. I had to split the dump in two as the tool used to generate the map was unable to provide all the required fields on screen at the same time (won't go into detail as to which application it is... :-)

Asset DB links: Click here...

Profiles + CM Entries + Users / Groups links: Click here...

If you haven't noticed already, the v0.0.4 has been available for download for some time.

Main changes from v0.0.3 are:

* Customisable asset templates
* Extended the asset part with differnet modules (password, events, attachments)
* Password module uses Blowfish encryption
* and more...

Release notes for 0.0.4

Limitation
* MySQL 4.1.x is currently not supported natively as DB scheme in MySQL 4.0 and older is not compatible with MySQL 4.1.x. (We need to change the way we generate the tables when setting up the database for this to work properly on 4.1)
* Fedora seems to generate different blowfish keys than other OS. This has been tested on Slackware, Debian, RedHat and Fedora 1 and 3, and only Fedora seems to be affected. This is only a problem if you move the PHP code from/to a Fedora system from/to a non Fedora system. Once the library/Fedora bug has been ironed out I will create a migration script that will re-encrypt any passwords in the database to the correct blowfish keys.

Please let me know of any problems you find along the way :-)

Thomas

An update to Brage CM is now available from brage-0.0.4-rc2.tar.gz

A few issues where found when running the RC1 version on an up-to-date RedHat Enterprise AS 3.0 server. Not sure what's special about the RHEL version of PHP, but something caused the session_id code to fail. No session data was kept between pages, pretty much leaving the user without any the ability to do much.

The changelog for RC2 is:

- Added config option to enable/disable the session_id re-generation
($api_session_regenerate). This is now set to disabled by default.
- Fixed LDAP owner lookup code to set all LDAP options before trying to
bind to LDAP server. (This used to fail on Windows Active Directory)
- Added option to force redirect to HTTPS. ($api_force_https)
- Added License Type admin interface.
- Fixed init_user_access which failed to generate variables for users without
access to the asset password module.
- Fixed alignment on the "Password access" checkbox in User management.
- Removed preset master password hash from docs/docs/brage-v004-update.mysql.
This was set to "dolphin" when running the upgrade script, but should have
left the field blank.

If you have already installed and updated to v0.0.4 RC1, just replace the files. No database schema change has been done, but you might want to reset the Asset Master password key which was unfortunately set by the update SQL script. The password in this case is set to "dolphin".

After a very long wait, the next release of Brage CM is here.

I have prepeared a RC-1 version, which hopefully should be without any major flaws.

This release candidate can be downloaded from: brage-004-rc1.tar.gz

The changes from v0.0.3 are:

- Rewrote asset module section to allow user specified assets and user
configured fields. Preconfigured assets are now Computer, Network device &
Software.
- Asset module now allows the following sub-modules to be assigned to each
asset type:
* Password
* Attachments
* Network Ports
* IP Addresses
* License (Software) module
* Eventlog
- Added check for asset id when creating a new asset. All assets must now
be uniqe before being commited to the database
- Changed navigatror from a tabbed menu to a drop down menu.
- Added option to add more than one profile to an event.
- Added dependency on PEAR HTML_Quickform library
(This might make Smarty Template engine redundant in the future)
- Upgraded HTMLArea editor to v3.0 RC-1
- Patched HTMLArea editor with SSL fix. Yuppi!! :-)
- Removed comment in event_view.tpl which caused wrong display in Asset view.
- Changed $api_referal to $api_referrals and implemented code for this option
- Change encryption to use Blowfish library by Igor Ribeiro de Assis
- Renamed most $_SESSION vars
- Improved speed of code (somewhat anyway - still room for more optimalisation)
- Added checkbox for "Email approver" function on Event registration.
- Improved security by forcing regeneration of session_id(). This will prevent
session hijacking. (There is still a lot more room for security
improvements!!)
- Added new $api_ config parameters
* $api_max_filesize - Max file size for uploads
* $api_timedateformat - To show both date and time.
* $api_dbport - DB Port used for connection
* $api_db_persistent - Set to TRUE if database connections are to be
persistent (experimental!!!)
- Started implementing proper escaping of data sent to db when magic quotes is
turned off. (Magic Quotes must currently be turned on!)
- Changed log file setting to use '' for no log.
- Changed search functions to validate users group membership (prevent viewing
of data which user did not have access to)
- Changed table config for group_users to use SMALLINT instead of VARCHAR.
- Upgraded included Smarty library from 2.6.3 to 2.6.9.
- Using AutoExecute type queries in Adodb, which requires v4.60 or newer.
- Changed asset rights check. One will now only be able to see that assets for
which groups one is a member off.

This release has a few new dependencies.
* Adobd v4.60 or newer must be installed
* PEAR HTML_Quickform must be installed

A start of a manual can also be found in this release. A PDF version is available under /docs/manual/ and the Help menu within Brage CM will also bring up the user manual.
It lacks a lot, but it is at least a startingpoint... :-)

As the old Netobject Fusion based web site for Brage CM was a hassle to update, I've converted it to a Nuclues based blog site. This will allow eaiser and quicker updates to the content of this site.

A database structure scheme is now available for those who want to hack, or just better understand the underlying DB structures.The scheme can be downloaded from here: Brage CM DB Scheme v0.0.3

The development release for v0.0.4 is now available as a demo at http://www.crossley-nilsen.com/brage/. This features profile grouping when creating CM events. (The demo site is relocated away from sourceforge as I was unable to get dependant PEAR classes to run properly).

It has been a long wait, but I?m finally getting close to the next official release. A beta/release candidate is now availble for v0.0.3.

v0.0.3 RC #1
* Added status type to events.
* Sorting of dropdown boxes in various sections added.
* Started implementation of internationalisation module
* Added ip/interfacename table to computer assets.
* Changed text of "Sort" to "Filter" text in main CM Event list
* Added sort function to main CM Event list
* Replaced non-standard code to fetch URL parameters with PHP $_GET function.
* Added manual Time/Date field for event registrations.
* Added approval request function on profile and specific CM Types (per profile)
* Added IP Management module to the asset section. (Contributed by Collin Boyce)
* Optional config file can be stored anywhere on the system.
(For added security - Thanks to Mike Cudmore for the idea)
* Started conversion to HTML code template (using Smarty)
* Added Advanced Search function (still needs a lot of work!).
* Using full ?php start tag in all scripts as per PHP recommendations.
(Thanks to Glenn Rice for pointing this out.)
* Windows compatibility. (Tested on IIS with PHP 4.3.x)