2006-07-11 16:14:09 +02:00
|
|
|
<?php
|
2022-06-16 13:02:49 +02:00
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
/**
|
|
|
|
|
* Index.
|
|
|
|
|
*
|
|
|
|
|
* @category Main entrypoint.
|
|
|
|
|
* @package Pandora FMS
|
|
|
|
|
* @subpackage Opensource.
|
|
|
|
|
* @version 1.0.0
|
|
|
|
|
* @license See below
|
|
|
|
|
*
|
|
|
|
|
* ______ ___ _______ _______ ________
|
|
|
|
|
* | __ \.-----.--.--.--| |.-----.----.-----. | ___| | | __|
|
|
|
|
|
* | __/| _ | | _ || _ | _| _ | | ___| |__ |
|
|
|
|
|
* |___| |___._|__|__|_____||_____|__| |___._| |___| |__|_|__|_______|
|
|
|
|
|
*
|
|
|
|
|
* ============================================================================
|
2022-06-07 13:40:35 +02:00
|
|
|
* Copyright (c) 2005-2022 Artica Soluciones Tecnologicas
|
2019-07-02 16:22:23 +02:00
|
|
|
* Please see http://pandorafms.org for full contribution list
|
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
|
* as published by the Free Software Foundation for version 2.
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
* ============================================================================
|
|
|
|
|
*/
|
2006-07-11 16:14:09 +02:00
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
// Begin.
|
2022-06-07 13:40:35 +02:00
|
|
|
if (defined('__PAN_XHPROF__') === false) {
|
2019-01-30 16:18:44 +01:00
|
|
|
define('__PAN_XHPROF__', 0);
|
|
|
|
|
}
|
2018-11-13 12:55:25 +01:00
|
|
|
|
2020-06-26 15:48:58 +02:00
|
|
|
require 'vendor/autoload.php';
|
|
|
|
|
|
2018-11-13 12:55:25 +01:00
|
|
|
if (__PAN_XHPROF__ === 1) {
|
2022-06-07 13:40:35 +02:00
|
|
|
if (function_exists('tideways_xhprof_enable') === true) {
|
2019-01-30 16:18:44 +01:00
|
|
|
tideways_xhprof_enable();
|
|
|
|
|
} else {
|
|
|
|
|
error_log('Cannot find tideways_xhprof_enable function');
|
|
|
|
|
}
|
2018-11-13 12:55:25 +01:00
|
|
|
}
|
|
|
|
|
|
2023-01-26 16:00:08 +01:00
|
|
|
// Needed for InfoBox count.
|
|
|
|
|
if (isset($_SESSION['info_box_count']) === true) {
|
|
|
|
|
$_SESSION['info_box_count'] = 0;
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
// Set character encoding to UTF-8
|
|
|
|
|
// fixes a lot of multibyte character issues.
|
2022-06-07 13:40:35 +02:00
|
|
|
if (function_exists('mb_internal_encoding') === true) {
|
2019-01-30 16:18:44 +01:00
|
|
|
mb_internal_encoding('UTF-8');
|
2009-01-05 19:41:14 +01:00
|
|
|
}
|
|
|
|
|
|
2007-06-12 20:10:57 +02:00
|
|
|
// Set to 1 to do not check for installer or config file (for development!).
|
2019-07-02 16:22:23 +02:00
|
|
|
// Activate gives more error information, not useful for production sites.
|
2013-10-01 14:53:38 +02:00
|
|
|
$develop_bypass = 0;
|
2007-04-11 05:12:48 +02:00
|
|
|
|
2022-06-07 13:40:35 +02:00
|
|
|
if ($develop_bypass !== 1) {
|
2019-07-02 16:22:23 +02:00
|
|
|
// If no config file, automatically try to install.
|
2022-06-07 13:40:35 +02:00
|
|
|
if (file_exists('include/config.php') === false) {
|
|
|
|
|
if (file_exists('install.php') === false) {
|
2019-01-30 16:18:44 +01:00
|
|
|
$url = explode('/', $_SERVER['REQUEST_URI']);
|
|
|
|
|
$flag_url = 0;
|
|
|
|
|
foreach ($url as $key => $value) {
|
|
|
|
|
if (strpos($value, 'index.php') !== false || $flag_url) {
|
|
|
|
|
$flag_url = 1;
|
|
|
|
|
unset($url[$key]);
|
|
|
|
|
} else if (strpos($value, 'enterprise') !== false || $flag_url) {
|
|
|
|
|
$flag_url = 1;
|
|
|
|
|
unset($url[$key]);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$config['homeurl'] = rtrim(join('/', $url), '/');
|
|
|
|
|
$config['homeurl_static'] = $config['homeurl'];
|
|
|
|
|
$login_screen = 'error_noconfig';
|
|
|
|
|
$ownDir = dirname(__FILE__).DIRECTORY_SEPARATOR;
|
|
|
|
|
$config['homedir'] = $ownDir;
|
|
|
|
|
include 'general/error_screen.php';
|
|
|
|
|
exit;
|
|
|
|
|
} else {
|
|
|
|
|
include 'install.php';
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (filesize('include/config.php') == 0) {
|
|
|
|
|
include 'install.php';
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
2022-06-07 13:40:35 +02:00
|
|
|
if (isset($_POST['rename_file']) === true) {
|
2019-01-30 16:18:44 +01:00
|
|
|
$rename_file_install = (bool) $_POST['rename_file'];
|
2022-06-07 13:40:35 +02:00
|
|
|
if ($rename_file_install === true) {
|
2019-01-30 16:18:44 +01:00
|
|
|
$salida_rename = rename('install.php', 'install_old.php');
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
// Check installer presence.
|
2022-06-07 13:40:35 +02:00
|
|
|
if (file_exists('install.php') === true) {
|
2019-01-30 16:18:44 +01:00
|
|
|
$login_screen = 'error_install';
|
|
|
|
|
include 'general/error_screen.php';
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
// Check perms for config.php.
|
2022-06-07 13:40:35 +02:00
|
|
|
if (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') {
|
|
|
|
|
if ((substr(sprintf('%o', fileperms('include/config.php')), -4) !== '0600')
|
|
|
|
|
&& (substr(sprintf('%o', fileperms('include/config.php')), -4) !== '0660')
|
|
|
|
|
&& (substr(sprintf('%o', fileperms('include/config.php')), -4) !== '0640')
|
2019-01-30 16:18:44 +01:00
|
|
|
) {
|
|
|
|
|
$url = explode('/', $_SERVER['REQUEST_URI']);
|
|
|
|
|
$flag_url = 0;
|
|
|
|
|
foreach ($url as $key => $value) {
|
|
|
|
|
if (strpos($value, 'index.php') !== false || $flag_url) {
|
|
|
|
|
$flag_url = 1;
|
|
|
|
|
unset($url[$key]);
|
|
|
|
|
} else if (strpos($value, 'enterprise') !== false || $flag_url) {
|
|
|
|
|
$flag_url = 1;
|
|
|
|
|
unset($url[$key]);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$config['homeurl'] = rtrim(join('/', $url), '/');
|
|
|
|
|
$config['homeurl_static'] = $config['homeurl'];
|
|
|
|
|
$ownDir = dirname(__FILE__).DIRECTORY_SEPARATOR;
|
|
|
|
|
$config['homedir'] = $ownDir;
|
|
|
|
|
$login_screen = 'error_perms';
|
|
|
|
|
include 'general/error_screen.php';
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
}
|
2007-02-20 02:38:59 +01:00
|
|
|
}
|
2007-02-05 18:45:14 +01:00
|
|
|
|
2022-06-07 13:40:35 +02:00
|
|
|
if ((file_exists('include/config.php') === false)
|
|
|
|
|
|| (is_readable('include/config.php') === false)
|
2019-07-02 16:22:23 +02:00
|
|
|
) {
|
2019-01-30 16:18:44 +01:00
|
|
|
$login_screen = 'error_noconfig';
|
|
|
|
|
include 'general/error_screen.php';
|
|
|
|
|
exit;
|
2007-08-08 20:36:18 +02:00
|
|
|
}
|
|
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
/*
|
|
|
|
|
* DO NOT CHANGE ORDER OF FOLLOWING REQUIRES.
|
|
|
|
|
*/
|
|
|
|
|
|
2019-01-30 16:18:44 +01:00
|
|
|
require_once 'include/config.php';
|
|
|
|
|
require_once 'include/functions_config.php';
|
2009-01-20 Evi Vanoost <vanooste@rcbi.rochester.edu>
* ajax.php, include/config.inc.php, include/config_process.php,
include/functions.php, include/functions_db.php,
include/functions_ui.php, index.php, install.php,
operation/users/user.php, operation/users/user_edit.php,
reporting/fgraph.php: Added pluggable authentication and moved functions
* general/login_page.php, general/logon_ok.php,
godmode/agentes/modificar_agente.php,
godmode/users/configure_users.php, godmode/users/user_list.php,
operation/agentes/estado_agente.php, operation/incidents/incident.php,
operation/incidents/incident_search.php: Updated functions
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1366 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2009-01-20 19:21:20 +01:00
|
|
|
|
2022-06-07 13:40:35 +02:00
|
|
|
if (isset($config['console_log_enabled']) === true && (int) $config['console_log_enabled'] === 1) {
|
2020-06-08 10:48:48 +02:00
|
|
|
ini_set('log_errors', 1);
|
|
|
|
|
ini_set('error_log', $config['homedir'].'/log/console.log');
|
|
|
|
|
} else {
|
|
|
|
|
ini_set('log_errors', 0);
|
2022-01-26 17:34:56 +01:00
|
|
|
ini_set('error_log', '');
|
2020-06-08 10:48:48 +02:00
|
|
|
}
|
|
|
|
|
|
2022-06-07 13:40:35 +02:00
|
|
|
if (isset($config['error']) === true) {
|
2019-01-30 16:18:44 +01:00
|
|
|
$login_screen = $config['error'];
|
|
|
|
|
include 'general/error_screen.php';
|
|
|
|
|
exit;
|
2017-03-22 15:26:54 +01:00
|
|
|
}
|
2015-01-19 14:35:56 +01:00
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
// If metaconsole activated, redirect to it.
|
2022-06-07 13:40:35 +02:00
|
|
|
if (is_metaconsole() === true) {
|
2019-07-12 12:17:26 +02:00
|
|
|
header('Location: '.ui_get_full_url('index.php'));
|
2019-07-02 16:22:23 +02:00
|
|
|
// Always exit after sending location headers.
|
2019-01-30 16:18:44 +01:00
|
|
|
exit;
|
2013-01-22 10:22:56 +01:00
|
|
|
}
|
|
|
|
|
|
2022-06-07 13:40:35 +02:00
|
|
|
if (file_exists(ENTERPRISE_DIR.'/include/functions_login.php') === true) {
|
2019-01-30 16:18:44 +01:00
|
|
|
include_once ENTERPRISE_DIR.'/include/functions_login.php';
|
2012-05-17 13:08:11 +02:00
|
|
|
}
|
2019-01-30 16:18:44 +01:00
|
|
|
|
2022-06-07 13:40:35 +02:00
|
|
|
if (empty($config['https']) === false && empty($_SERVER['HTTPS']) === true) {
|
2019-01-30 16:18:44 +01:00
|
|
|
$query = '';
|
2022-06-07 13:40:35 +02:00
|
|
|
if (count($_REQUEST) > 0) {
|
2019-07-02 16:22:23 +02:00
|
|
|
// Some (old) browsers don't like the ?&key=var.
|
2019-01-30 16:18:44 +01:00
|
|
|
$query .= '?1=1';
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
// We don't clean these variables up as they're only being passed along.
|
2019-01-30 16:18:44 +01:00
|
|
|
foreach ($_GET as $key => $value) {
|
|
|
|
|
if ($key == 1) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$query .= '&'.$key.'='.$value;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
foreach ($_POST as $key => $value) {
|
|
|
|
|
$query .= '&'.$key.'='.$value;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$url = ui_get_full_url($query);
|
|
|
|
|
|
|
|
|
|
// Prevent HTTP response splitting attacks
|
2019-07-02 16:22:23 +02:00
|
|
|
// http://en.wikipedia.org/wiki/HTTP_response_splitting.
|
2019-01-30 16:18:44 +01:00
|
|
|
$url = str_replace("\n", '', $url);
|
|
|
|
|
|
|
|
|
|
header('Location: '.$url);
|
2019-07-02 16:22:23 +02:00
|
|
|
// Always exit after sending location headers.
|
2019-01-30 16:18:44 +01:00
|
|
|
exit;
|
2009-01-30 16:09:16 +01:00
|
|
|
}
|
|
|
|
|
|
2008-07-02 14:30:56 +02:00
|
|
|
// Pure mode (without menu, header and footer).
|
2019-01-30 16:18:44 +01:00
|
|
|
$config['pure'] = (bool) get_parameter('pure');
|
2008-06-13 Sancho Lerena <slerena@gmail.com>
* index.php: Added pure (Fullscreen). HTML code cleanup and user session.
* pandoradb.sql: talert_snmp: Added priority field.
* pandoradb_data.sql: Changes default values in talerta. tconfig_os, tgrupo
and some links.
* header.php: Fixed some user session management.
* logon_ok.php: New design for welcome screen, odometer is over.
* menu.php, godmode/menu.php: Some ACL improvements.
* agent_disk_conf_editor.php: Minor fix in view link.
* configurar_agente.php, agent_manager.php: Added parent combo and better
ACL checks. New remote configuration control for get timestamp info of
config file.
* modify_alert.php: Changes to use new internal Mail alert.
* config.php: Some items moved to config_process. (font, attachment and
default style).
* functions.php: Added form_agent_combo(), form_event_type_combo(),
form_priority() and return_priority() functions.
* functions_db.php: Added smal_event_table() to render a variable table
with latest events (filtered).
* pandora.css. Added pure and priority colors.
* estado_alertas.php: Fixed ACL problems.
* stado_generalagente.php: Graph of modules now represents modules that
has generated events. Old graph is not used anymore. Also display parent.
* estado_grupo.php: Border of boxes is now thicker.
* tactical.php: New screen, almost all code changed. Odometer is not used
anymore, added some new items, like module LAG meter, module sanity, and
other general metrics.
* ver_agente.php: Now renders also event for each agent view. Alert manual
validation generate a new event.
* events.php: New event system. 90% new code. A LOT of new features,
including full screen, coloured (by priority) and filters by six fields.
* snmp_alert.php: Added support for alert priority.
* operation/users/user.php: No longer a user with UM privileges could
see any other user.
* render_view.php: Added fullscreen support for visual maps.
* fgraph.php: Added support for session checking in graphs (at least!).
New graphics for events (some changed it's function like events by group),
and feature added to progress GD implementation.
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@860 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2008-06-13 18:59:54 +02:00
|
|
|
|
2019-03-26 18:37:49 +01:00
|
|
|
// Auto Refresh page (can now be disabled anywhere in the script).
|
|
|
|
|
if (get_parameter('refr') != null) {
|
2019-01-30 16:18:44 +01:00
|
|
|
$config['refr'] = (int) get_parameter('refr');
|
|
|
|
|
}
|
2012-02-24 Miguel de Dios <miguel.dedios@artica.es>
* pandora_console/include/functions_ui.php: changed the source code into the
function "ui_get_full_url" for accept false for to return url with the home
url or with any string (as query) return url with the php file.
* pandora_console/include/functions_graph.php,
pandora_console/include/functions_html.php,
pandora_console/include/functions_events.php,
pandora_console/include/functions_reporting.php,
pandora_console/include/functions_api.php,
pandora_console/include/functions.php, pandora_console/index.php,
pandora_console/extensions/system_info.php,
pandora_console/operation/agentes/stat_win.php,
pandora_console/operation/menu.php,
pandora_console/operation/events/events_rss.php,
pandora_console/operation/events/events_marquee.php,
pandora_console/operation/events/events.php: change in more part of source
code to use "ui_get_full_url" instead the hard write method of $_SERVER
vars, now Pandora Console run fine (in all actions I hope) with web servers
in other ports instead the typical 80.
Merged from branch pandora_4.0
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@5646 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2012-02-24 14:48:46 +01:00
|
|
|
|
2022-06-07 13:40:35 +02:00
|
|
|
// Get possible errors with files.
|
|
|
|
|
$errorFileOutput = (string) get_parameter('errorFileOutput');
|
|
|
|
|
|
2019-01-30 16:18:44 +01:00
|
|
|
$delete_file = get_parameter('del_file');
|
2022-06-07 13:40:35 +02:00
|
|
|
if ($delete_file === 'yes_delete') {
|
2019-01-30 16:18:44 +01:00
|
|
|
$salida_delete = shell_exec('rm /var/www/html/pandora_console/install.php');
|
2015-07-27 18:28:27 +02:00
|
|
|
}
|
|
|
|
|
|
2019-01-30 16:18:44 +01:00
|
|
|
ob_start();
|
|
|
|
|
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'."\n";
|
|
|
|
|
echo '<html xmlns="http://www.w3.org/1999/xhtml">'."\n";
|
|
|
|
|
echo '<head>'."\n";
|
2009-03-03 16:21:13 +01:00
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
// This starts the page head. In the callback function,
|
|
|
|
|
// $page['head'] array content will be processed into the head.
|
2019-01-30 16:18:44 +01:00
|
|
|
ob_start('ui_process_page_head');
|
2019-07-02 16:22:23 +02:00
|
|
|
// Enterprise main.
|
2020-10-19 10:59:46 +02:00
|
|
|
enterprise_include_once('index.php');
|
2008-10-22 14:01:36 +02:00
|
|
|
|
2022-12-29 16:21:36 +01:00
|
|
|
// Load event.css to display the about section dialog with correct styles.
|
|
|
|
|
echo '<link rel="stylesheet" href="'.ui_get_full_url('/include/styles/events.css', false, false, false).'" type="text/css" />';
|
|
|
|
|
|
2016-06-27 11:13:34 +02:00
|
|
|
echo '<script type="text/javascript">';
|
2022-06-16 13:02:49 +02:00
|
|
|
echo 'var dispositivo = navigator.userAgent.toLowerCase();';
|
|
|
|
|
echo 'if( dispositivo.search(/iphone|ipod|ipad|android/) > -1 ){';
|
|
|
|
|
echo 'document.location = "'.ui_get_full_url('/mobile').'"; }';
|
2016-06-27 11:13:34 +02:00
|
|
|
echo '</script>';
|
|
|
|
|
|
2016-04-06 11:07:26 +02:00
|
|
|
// This tag is included in the buffer passed to ui_process_page_head so
|
2019-07-02 16:22:23 +02:00
|
|
|
// technically it can be stripped.
|
2019-01-30 16:18:44 +01:00
|
|
|
echo '</head>'."\n";
|
2008-08-21 23:07:20 +02:00
|
|
|
|
2019-01-30 16:18:44 +01:00
|
|
|
require_once 'include/functions_themes.php';
|
|
|
|
|
ob_start('ui_process_page_body');
|
2006-12-15 16:25:19 +01:00
|
|
|
|
2023-03-03 14:16:06 +01:00
|
|
|
ui_require_javascript_file('pandora');
|
|
|
|
|
|
2019-01-30 16:18:44 +01:00
|
|
|
$config['remote_addr'] = $_SERVER['REMOTE_ADDR'];
|
2008-12-23 22:41:05 +01:00
|
|
|
|
2019-01-30 16:18:44 +01:00
|
|
|
$sec2 = get_parameter_get('sec2');
|
|
|
|
|
$sec2 = safe_url_extraclean($sec2);
|
|
|
|
|
$page = $sec2;
|
2019-07-02 16:22:23 +02:00
|
|
|
// Reference variable for old time sake.
|
2019-01-30 16:18:44 +01:00
|
|
|
$sec = get_parameter_get('sec');
|
|
|
|
|
$sec = safe_url_extraclean($sec);
|
2021-05-21 13:59:54 +02:00
|
|
|
// CSRF Validation.
|
|
|
|
|
$validatedCSRF = validate_csrf_code();
|
2008-12-23 22:41:05 +01:00
|
|
|
|
2012-04-13 12:39:28 +02:00
|
|
|
$process_login = false;
|
|
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
// Update user password.
|
2022-06-07 13:40:35 +02:00
|
|
|
$change_pass = (int) get_parameter_post('renew_password');
|
2019-01-30 16:18:44 +01:00
|
|
|
|
2022-06-07 13:40:35 +02:00
|
|
|
if ($change_pass === 1) {
|
2019-01-30 16:18:44 +01:00
|
|
|
$password_old = (string) get_parameter_post('old_password', '');
|
|
|
|
|
$password_new = (string) get_parameter_post('new_password', '');
|
|
|
|
|
$password_confirm = (string) get_parameter_post('confirm_new_password', '');
|
|
|
|
|
$id = (string) get_parameter_post('login', '');
|
2018-08-23 13:57:41 +02:00
|
|
|
|
2019-01-30 16:18:44 +01:00
|
|
|
$changed_pass = login_update_password_check($password_old, $password_new, $password_confirm, $id);
|
2012-05-17 13:08:11 +02:00
|
|
|
}
|
|
|
|
|
|
2016-06-01 14:43:31 +02:00
|
|
|
$minor_release_message = false;
|
2009-07-24 12:27:14 +02:00
|
|
|
$searchPage = false;
|
2019-01-30 16:18:44 +01:00
|
|
|
$search = get_parameter_get('head_search_keywords');
|
2009-07-24 12:27:14 +02:00
|
|
|
if (strlen($search) > 0) {
|
2019-01-30 16:18:44 +01:00
|
|
|
$config['search_keywords'] = io_safe_input(trim(io_safe_output(get_parameter('keywords'))));
|
2019-07-02 16:22:23 +02:00
|
|
|
// If not search category providad, we'll use an agent search.
|
2019-01-30 16:18:44 +01:00
|
|
|
$config['search_category'] = get_parameter('search_category', 'all');
|
2022-06-07 13:40:35 +02:00
|
|
|
if (($config['search_keywords'] !== 'Enter keywords to search') && (strlen($config['search_keywords']) > 0)) {
|
2019-01-30 16:18:44 +01:00
|
|
|
$searchPage = true;
|
|
|
|
|
}
|
2009-07-24 12:27:14 +02:00
|
|
|
}
|
|
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
// Login process.
|
2020-10-19 18:45:40 +02:00
|
|
|
enterprise_include_once('include/auth/saml.php');
|
2022-06-07 13:40:35 +02:00
|
|
|
if (isset($config['id_user']) === false) {
|
2019-03-26 15:31:51 +01:00
|
|
|
// Clear error messages.
|
|
|
|
|
unset($_COOKIE['errormsg']);
|
|
|
|
|
setcookie('errormsg', null, -1);
|
|
|
|
|
|
2022-06-07 13:40:35 +02:00
|
|
|
if (isset($_GET['login']) === true) {
|
2019-01-30 16:18:44 +01:00
|
|
|
include_once 'include/functions_db.php';
|
2019-07-02 16:22:23 +02:00
|
|
|
// Include it to use escape_string_sql function.
|
2019-01-30 16:18:44 +01:00
|
|
|
$config['auth_error'] = '';
|
2019-07-02 16:22:23 +02:00
|
|
|
// Set this to the error message from the authorization mechanism.
|
2019-01-30 16:18:44 +01:00
|
|
|
$nick = get_parameter_post('nick');
|
2019-07-02 16:22:23 +02:00
|
|
|
// This is the variable with the login.
|
2019-01-30 16:18:44 +01:00
|
|
|
$pass = get_parameter_post('pass');
|
2019-07-02 16:22:23 +02:00
|
|
|
// This is the variable with the password.
|
2019-01-30 16:18:44 +01:00
|
|
|
$nick = db_escape_string_sql($nick);
|
|
|
|
|
$pass = db_escape_string_sql($pass);
|
|
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
// Since now, only the $pass variable are needed.
|
2019-01-30 16:18:44 +01:00
|
|
|
unset($_GET['pass'], $_POST['pass'], $_REQUEST['pass']);
|
|
|
|
|
|
2022-09-12 12:41:09 +02:00
|
|
|
// IP allowed check.
|
|
|
|
|
$user_info = users_get_user_by_id($nick);
|
|
|
|
|
if ((bool) $user_info['allowed_ip_active'] === true) {
|
|
|
|
|
$userIP = $_SERVER['REMOTE_ADDR'];
|
2022-09-12 18:29:58 +02:00
|
|
|
$allowedIP = false;
|
|
|
|
|
$arrayIP = explode(',', $user_info['allowed_ip_list']);
|
|
|
|
|
// By default, if the IP definition is no correct, allows all.
|
|
|
|
|
if (empty($arrayIP) === true) {
|
|
|
|
|
$allowedIP = true;
|
|
|
|
|
} else {
|
|
|
|
|
$allowedIP = checkIPInRange($arrayIP, $userIP);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($allowedIP === false) {
|
2022-09-12 12:41:09 +02:00
|
|
|
$config['auth_error'] = 'IP not allowed';
|
|
|
|
|
$login_failed = true;
|
|
|
|
|
include_once 'general/login_page.php';
|
|
|
|
|
db_pandora_audit(
|
|
|
|
|
AUDIT_LOG_USER_REGISTRATION,
|
|
|
|
|
sprintf(
|
|
|
|
|
'IP %s not allowed for user %s',
|
|
|
|
|
$userIP,
|
|
|
|
|
$nick
|
|
|
|
|
),
|
2022-09-29 17:46:39 +02:00
|
|
|
$nick
|
2022-09-12 12:41:09 +02:00
|
|
|
);
|
|
|
|
|
while (ob_get_length() > 0) {
|
|
|
|
|
ob_end_flush();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
exit('</html>');
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
// If the auth_code exists, we assume the user has come from
|
|
|
|
|
// double authorization page.
|
2022-06-07 13:40:35 +02:00
|
|
|
if (isset($_POST['auth_code']) === true) {
|
2019-01-30 16:18:44 +01:00
|
|
|
$double_auth_success = false;
|
|
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
// The double authentication is activated and the user has
|
|
|
|
|
// surpassed the first step (the login).
|
2019-01-30 16:18:44 +01:00
|
|
|
// Now the authentication code provided will be checked.
|
2022-06-07 13:40:35 +02:00
|
|
|
if (isset($_SESSION['prepared_login_da']) === true) {
|
|
|
|
|
if (isset($_SESSION['prepared_login_da']['id_user']) === true
|
|
|
|
|
&& isset($_SESSION['prepared_login_da']['timestamp']) === true
|
2019-01-30 16:18:44 +01:00
|
|
|
) {
|
2019-07-02 16:22:23 +02:00
|
|
|
// The user has a maximum of 5 minutes to introduce
|
|
|
|
|
// the double auth code.
|
2019-01-30 16:18:44 +01:00
|
|
|
$dauth_period = SECONDS_2MINUTES;
|
|
|
|
|
$now = time();
|
|
|
|
|
$dauth_time = $_SESSION['prepared_login_da']['timestamp'];
|
|
|
|
|
|
|
|
|
|
if (($now - $dauth_period) < $dauth_time) {
|
2019-07-02 16:22:23 +02:00
|
|
|
// Nick.
|
2019-01-30 16:18:44 +01:00
|
|
|
$nick = $_SESSION['prepared_login_da']['id_user'];
|
2019-07-02 16:22:23 +02:00
|
|
|
// Code.
|
2019-01-30 16:18:44 +01:00
|
|
|
$code = (string) get_parameter_post('auth_code');
|
|
|
|
|
|
2021-05-21 13:59:54 +02:00
|
|
|
if (empty($code) === false) {
|
2019-01-30 16:18:44 +01:00
|
|
|
$result = validate_double_auth_code($nick, $code);
|
|
|
|
|
|
|
|
|
|
if ($result === true) {
|
2019-07-02 16:22:23 +02:00
|
|
|
// Double auth success.
|
2019-01-30 16:18:44 +01:00
|
|
|
$double_auth_success = true;
|
|
|
|
|
} else {
|
2019-07-02 16:22:23 +02:00
|
|
|
// Screen.
|
2019-01-30 16:18:44 +01:00
|
|
|
$login_screen = 'double_auth';
|
2019-07-02 16:22:23 +02:00
|
|
|
// Error message.
|
2019-01-30 16:18:44 +01:00
|
|
|
$config['auth_error'] = __('Invalid code');
|
|
|
|
|
|
2021-05-21 13:59:54 +02:00
|
|
|
if (isset($_SESSION['prepared_login_da']['attempts']) === false) {
|
2019-01-30 16:18:44 +01:00
|
|
|
$_SESSION['prepared_login_da']['attempts'] = 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$_SESSION['prepared_login_da']['attempts']++;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2019-07-02 16:22:23 +02:00
|
|
|
// Screen.
|
2019-01-30 16:18:44 +01:00
|
|
|
$login_screen = 'double_auth';
|
2019-07-02 16:22:23 +02:00
|
|
|
// Error message.
|
2019-01-30 16:18:44 +01:00
|
|
|
$config['auth_error'] = __("The code shouldn't be empty");
|
|
|
|
|
|
2022-06-07 13:40:35 +02:00
|
|
|
if (isset($_SESSION['prepared_login_da']['attempts']) !== false) {
|
2019-01-30 16:18:44 +01:00
|
|
|
$_SESSION['prepared_login_da']['attempts'] = 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$_SESSION['prepared_login_da']['attempts']++;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2019-07-02 16:22:23 +02:00
|
|
|
// Expired login.
|
2019-01-30 16:18:44 +01:00
|
|
|
unset($_SESSION['prepared_login_da']);
|
|
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
// Error message.
|
2019-01-30 16:18:44 +01:00
|
|
|
$config['auth_error'] = __('Expired login');
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2019-07-02 16:22:23 +02:00
|
|
|
// If the code doesn't exist, remove the prepared login.
|
2019-01-30 16:18:44 +01:00
|
|
|
unset($_SESSION['prepared_login_da']);
|
|
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
// Error message.
|
2019-01-30 16:18:44 +01:00
|
|
|
$config['auth_error'] = __('Login error');
|
|
|
|
|
}
|
2019-07-02 16:22:23 +02:00
|
|
|
} else {
|
|
|
|
|
// If $_SESSION['prepared_login_da'] doesn't exist, the user
|
|
|
|
|
// must login again.
|
|
|
|
|
// Error message.
|
2019-01-30 16:18:44 +01:00
|
|
|
$config['auth_error'] = __('Login error');
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
// Remove the authenticator code.
|
2019-01-30 16:18:44 +01:00
|
|
|
unset($_POST['auth_code'], $code);
|
|
|
|
|
|
|
|
|
|
if (!$double_auth_success) {
|
|
|
|
|
$login_failed = true;
|
|
|
|
|
include_once 'general/login_page.php';
|
|
|
|
|
db_pandora_audit(
|
2022-01-20 10:55:23 +01:00
|
|
|
AUDIT_LOG_USER_REGISTRATION,
|
2019-01-30 16:18:44 +01:00
|
|
|
'Invalid double auth login: '.$_SERVER['REMOTE_ADDR'],
|
|
|
|
|
$_SERVER['REMOTE_ADDR']
|
|
|
|
|
);
|
2021-02-09 10:25:08 +01:00
|
|
|
while (ob_get_length() > 0) {
|
|
|
|
|
ob_end_flush();
|
2019-01-30 16:18:44 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
exit('</html>');
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$login_button_saml = get_parameter('login_button_saml', false);
|
2020-10-06 17:02:58 +02:00
|
|
|
config_update_value('2Fa_auth', '');
|
2019-01-30 16:18:44 +01:00
|
|
|
if (isset($double_auth_success) && $double_auth_success) {
|
2019-07-02 16:22:23 +02:00
|
|
|
// This values are true cause there are checked before complete
|
|
|
|
|
// the 2nd auth step.
|
2019-01-30 16:18:44 +01:00
|
|
|
$nick_in_db = $_SESSION['prepared_login_da']['id_user'];
|
|
|
|
|
$expired_pass = false;
|
2022-06-07 13:40:35 +02:00
|
|
|
} else if (($config['auth'] === 'saml') && ($login_button_saml)) {
|
2020-10-19 10:59:46 +02:00
|
|
|
$saml_user_id = enterprise_hook('saml_process_user_login');
|
2019-07-09 18:13:46 +02:00
|
|
|
if (!$saml_user_id) {
|
2020-10-19 19:00:00 +02:00
|
|
|
$login_failed = true;
|
|
|
|
|
include_once 'general/login_page.php';
|
2021-02-09 10:25:08 +01:00
|
|
|
while (ob_get_length() > 0) {
|
|
|
|
|
ob_end_flush();
|
2020-10-19 19:00:00 +02:00
|
|
|
}
|
2019-07-09 18:13:46 +02:00
|
|
|
|
2020-10-19 19:00:00 +02:00
|
|
|
exit('</html>');
|
|
|
|
|
}
|
2019-07-09 18:13:46 +02:00
|
|
|
|
2019-01-30 16:18:44 +01:00
|
|
|
$nick_in_db = $saml_user_id;
|
|
|
|
|
if (!$nick_in_db) {
|
2020-10-19 17:42:50 +02:00
|
|
|
if ($config['auth'] === 'saml') {
|
2020-10-19 18:45:40 +02:00
|
|
|
enterprise_hook('saml_logout');
|
2020-10-16 14:00:38 +02:00
|
|
|
}
|
2020-10-19 17:42:50 +02:00
|
|
|
|
2020-10-19 18:51:18 +02:00
|
|
|
if (session_status() !== PHP_SESSION_NONE) {
|
|
|
|
|
$_SESSION = [];
|
|
|
|
|
session_destroy();
|
|
|
|
|
header_remove('Set-Cookie');
|
|
|
|
|
setcookie(session_name(), $_COOKIE[session_name()], (time() - 4800), '/');
|
|
|
|
|
}
|
2020-10-19 18:45:40 +02:00
|
|
|
|
2020-10-19 17:42:50 +02:00
|
|
|
// Process logout.
|
|
|
|
|
include 'general/logoff.php';
|
2019-01-30 16:18:44 +01:00
|
|
|
}
|
2022-01-11 13:10:47 +01:00
|
|
|
|
|
|
|
|
$validatedCSRF = true;
|
2019-01-30 16:18:44 +01:00
|
|
|
} else {
|
|
|
|
|
// process_user_login is a virtual function which should be defined in each auth file.
|
|
|
|
|
// It accepts username and password. The rest should be internal to the auth file.
|
|
|
|
|
// The auth file can set $config["auth_error"] to an informative error output or reference their internal error messages to it
|
2022-06-07 13:40:35 +02:00
|
|
|
// process_user_login should return false in case of errors or invalid login, the nickname if correct.
|
2019-01-30 16:18:44 +01:00
|
|
|
$nick_in_db = process_user_login($nick, $pass);
|
|
|
|
|
|
|
|
|
|
$expired_pass = false;
|
|
|
|
|
|
|
|
|
|
if (($nick_in_db != false) && ((!is_user_admin($nick)
|
|
|
|
|
|| $config['enable_pass_policy_admin']))
|
|
|
|
|
&& (file_exists(ENTERPRISE_DIR.'/load_enterprise.php'))
|
|
|
|
|
&& ($config['enable_pass_policy'])
|
|
|
|
|
) {
|
|
|
|
|
include_once ENTERPRISE_DIR.'/include/auth/mysql.php';
|
|
|
|
|
|
|
|
|
|
$blocked = login_check_blocked($nick);
|
|
|
|
|
|
|
|
|
|
if ($blocked) {
|
|
|
|
|
include_once 'general/login_page.php';
|
2022-01-20 10:55:23 +01:00
|
|
|
db_pandora_audit(
|
|
|
|
|
AUDIT_LOG_USER_MANAGEMENT,
|
|
|
|
|
'Password expired: '.$nick,
|
|
|
|
|
$nick
|
|
|
|
|
);
|
2021-02-09 10:25:08 +01:00
|
|
|
while (ob_get_length() > 0) {
|
|
|
|
|
ob_end_flush();
|
2019-01-30 16:18:44 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
exit('</html>');
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
// Checks if password has expired.
|
2019-01-30 16:18:44 +01:00
|
|
|
$check_status = check_pass_status($nick, $pass);
|
|
|
|
|
|
|
|
|
|
switch ($check_status) {
|
|
|
|
|
case PASSSWORD_POLICIES_FIRST_CHANGE:
|
2019-07-02 16:22:23 +02:00
|
|
|
// First change.
|
2019-01-30 16:18:44 +01:00
|
|
|
case PASSSWORD_POLICIES_EXPIRED:
|
2019-07-02 16:22:23 +02:00
|
|
|
// Pass expired.
|
2019-01-30 16:18:44 +01:00
|
|
|
$expired_pass = true;
|
|
|
|
|
login_change_password($nick, '', $check_status);
|
|
|
|
|
break;
|
2019-07-02 16:22:23 +02:00
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
// Ignore.
|
|
|
|
|
break;
|
2019-01-30 16:18:44 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-21 13:59:54 +02:00
|
|
|
// CSRF Validation not pass in login.
|
|
|
|
|
if ($validatedCSRF === false) {
|
|
|
|
|
$process_error_message = __(
|
|
|
|
|
'%s cannot verify the origin of the request. Try again, please.',
|
|
|
|
|
get_product_name()
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
include_once 'general/login_page.php';
|
|
|
|
|
// Finish the execution.
|
|
|
|
|
exit('</html>');
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-30 16:18:44 +01:00
|
|
|
if (($nick_in_db !== false) && $expired_pass) {
|
2019-07-02 16:22:23 +02:00
|
|
|
// Login ok and password has expired.
|
2019-01-30 16:18:44 +01:00
|
|
|
include_once 'general/login_page.php';
|
|
|
|
|
db_pandora_audit(
|
2022-01-20 10:55:23 +01:00
|
|
|
AUDIT_LOG_USER_MANAGEMENT,
|
2019-01-30 16:18:44 +01:00
|
|
|
'Password expired: '.$nick,
|
|
|
|
|
$nick
|
|
|
|
|
);
|
2021-02-09 10:25:08 +01:00
|
|
|
while (ob_get_length() > 0) {
|
|
|
|
|
ob_end_flush();
|
2019-01-30 16:18:44 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
exit('</html>');
|
|
|
|
|
} else if (($nick_in_db !== false) && (!$expired_pass)) {
|
2019-07-02 16:22:23 +02:00
|
|
|
// Login ok and password has not expired.
|
|
|
|
|
// Double auth check.
|
|
|
|
|
if ((!isset($double_auth_success)
|
|
|
|
|
|| !$double_auth_success)
|
|
|
|
|
&& is_double_auth_enabled($nick_in_db)
|
2022-09-22 08:59:39 +02:00
|
|
|
&& (bool) $config['double_auth_enabled'] === true
|
2019-07-02 16:22:23 +02:00
|
|
|
) {
|
|
|
|
|
// Store this values in the session to know if the user login
|
|
|
|
|
// was correct.
|
2019-01-30 16:18:44 +01:00
|
|
|
$_SESSION['prepared_login_da'] = [
|
|
|
|
|
'id_user' => $nick_in_db,
|
|
|
|
|
'timestamp' => time(),
|
|
|
|
|
'attempts' => 0,
|
|
|
|
|
];
|
|
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
// Load the page to introduce the double auth code.
|
2019-01-30 16:18:44 +01:00
|
|
|
$login_screen = 'double_auth';
|
|
|
|
|
include_once 'general/login_page.php';
|
2021-02-09 10:25:08 +01:00
|
|
|
while (ob_get_length() > 0) {
|
|
|
|
|
ob_end_flush();
|
2019-01-30 16:18:44 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
exit('</html>');
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
// Login ok and password has not expired.
|
2019-01-30 16:18:44 +01:00
|
|
|
$process_login = true;
|
|
|
|
|
|
|
|
|
|
if (is_user_admin($nick)) {
|
|
|
|
|
echo "<script type='text/javascript'>var process_login_ok = 1;</script>";
|
|
|
|
|
} else {
|
|
|
|
|
echo "<script type='text/javascript'>var process_login_ok = 0;</script>";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!isset($_GET['sec2']) && !isset($_GET['sec'])) {
|
|
|
|
|
// Avoid the show homepage when the user go to
|
|
|
|
|
// a specific section of pandora
|
2019-07-02 16:22:23 +02:00
|
|
|
// for example when timeout the sesion.
|
2019-01-30 16:18:44 +01:00
|
|
|
unset($_GET['sec2']);
|
|
|
|
|
$_GET['sec'] = 'general/logon_ok';
|
|
|
|
|
$home_page = '';
|
|
|
|
|
if (isset($nick)) {
|
|
|
|
|
$user_info = users_get_user_by_id($nick);
|
|
|
|
|
$home_page = io_safe_output($user_info['section']);
|
|
|
|
|
$home_url = $user_info['data_section'];
|
|
|
|
|
if ($home_page != '') {
|
|
|
|
|
switch ($home_page) {
|
|
|
|
|
case 'Event list':
|
|
|
|
|
$_GET['sec'] = 'eventos';
|
|
|
|
|
$_GET['sec2'] = 'operation/events/events';
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'Group view':
|
2019-11-13 11:24:25 +01:00
|
|
|
$_GET['sec'] = 'view';
|
2019-01-30 16:18:44 +01:00
|
|
|
$_GET['sec2'] = 'operation/agentes/group_view';
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'Alert detail':
|
2019-11-13 11:24:25 +01:00
|
|
|
$_GET['sec'] = 'view';
|
2019-01-30 16:18:44 +01:00
|
|
|
$_GET['sec2'] = 'operation/agentes/alerts_status';
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'Tactical view':
|
2019-11-13 11:24:25 +01:00
|
|
|
$_GET['sec'] = 'view';
|
2019-01-30 16:18:44 +01:00
|
|
|
$_GET['sec2'] = 'operation/agentes/tactical';
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'Default':
|
2019-07-02 16:22:23 +02:00
|
|
|
default:
|
2019-01-30 16:18:44 +01:00
|
|
|
$_GET['sec'] = 'general/logon_ok';
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'Dashboard':
|
|
|
|
|
$_GET['sec'] = 'reporting';
|
2020-03-26 12:29:38 +01:00
|
|
|
$_GET['sec2'] = 'operation/dashboard/dashboard';
|
|
|
|
|
$_GET['id_dashboard_select'] = $home_url;
|
2019-01-30 16:18:44 +01:00
|
|
|
$_GET['d_from_main_page'] = 1;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'Visual console':
|
|
|
|
|
$_GET['sec'] = 'network';
|
|
|
|
|
$_GET['sec2'] = 'operation/visual_console/index';
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'Other':
|
|
|
|
|
$home_url = io_safe_output($home_url);
|
|
|
|
|
$url_array = parse_url($home_url);
|
|
|
|
|
parse_str($url_array['query'], $res);
|
|
|
|
|
foreach ($res as $key => $param) {
|
|
|
|
|
$_GET[$key] = $param;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
$_GET['sec'] = 'general/logon_ok';
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-07-11 16:42:20 +02:00
|
|
|
if (is_reporting_console_node() === true) {
|
2022-07-08 13:40:20 +02:00
|
|
|
$_GET['sec'] = 'discovery';
|
|
|
|
|
$_GET['sec2'] = 'godmode/servers/discovery';
|
|
|
|
|
$_GET['wiz'] = 'tasklist';
|
|
|
|
|
$home_page = '';
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-30 16:18:44 +01:00
|
|
|
db_logon($nick_in_db, $_SERVER['REMOTE_ADDR']);
|
|
|
|
|
$_SESSION['id_usuario'] = $nick_in_db;
|
|
|
|
|
$config['id_user'] = $nick_in_db;
|
|
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
// Check if connection goes through F5 balancer. If it does, then
|
|
|
|
|
// don't call config_prepare_session() or user will be back to login
|
|
|
|
|
// all the time.
|
2019-01-30 16:18:44 +01:00
|
|
|
$prepare_session = true;
|
|
|
|
|
foreach ($_COOKIE as $key => $value) {
|
|
|
|
|
if (preg_match('/BIGipServer*/', $key)) {
|
|
|
|
|
$prepare_session = false;
|
2019-07-02 16:22:23 +02:00
|
|
|
break;
|
2019-01-30 16:18:44 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($prepare_session) {
|
2021-02-09 10:25:08 +01:00
|
|
|
config_prepare_session();
|
2019-01-30 16:18:44 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ==========================================================
|
|
|
|
|
// -------- SET THE CUSTOM CONFIGS OF USER ------------------
|
|
|
|
|
config_user_set_custom_config();
|
|
|
|
|
// ==========================================================
|
|
|
|
|
// Remove everything that might have to do with people's passwords or logins
|
|
|
|
|
unset($pass, $login_good);
|
|
|
|
|
|
|
|
|
|
$user_language = get_user_language($config['id_user']);
|
|
|
|
|
|
|
|
|
|
$l10n = null;
|
2022-01-20 10:55:23 +01:00
|
|
|
if (file_exists('./include/languages/'.$user_language.'.mo') === true) {
|
2019-07-02 16:22:23 +02:00
|
|
|
$cacheFileReader = new CachedFileReader(
|
|
|
|
|
'./include/languages/'.$user_language.'.mo'
|
|
|
|
|
);
|
|
|
|
|
$l10n = new gettext_reader($cacheFileReader);
|
2019-01-30 16:18:44 +01:00
|
|
|
$l10n->load_tables();
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2019-07-02 16:22:23 +02:00
|
|
|
// Login wrong.
|
2019-01-30 16:18:44 +01:00
|
|
|
$blocked = false;
|
|
|
|
|
|
2022-01-20 10:55:23 +01:00
|
|
|
if ((is_user_admin($nick) === false || (bool) $config['enable_pass_policy_admin'] === true)
|
|
|
|
|
&& file_exists(ENTERPRISE_DIR.'/load_enterprise.php') === true
|
2019-07-02 16:22:23 +02:00
|
|
|
) {
|
2019-01-30 16:18:44 +01:00
|
|
|
$blocked = login_check_blocked($nick);
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-20 10:55:23 +01:00
|
|
|
if ((bool) $blocked === false) {
|
|
|
|
|
if (file_exists(ENTERPRISE_DIR.'/load_enterprise.php') === true) {
|
2019-07-02 16:22:23 +02:00
|
|
|
// Checks failed attempts.
|
2019-01-30 16:18:44 +01:00
|
|
|
login_check_failed($nick);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$login_failed = true;
|
2022-01-20 10:55:23 +01:00
|
|
|
}
|
2019-01-30 16:18:44 +01:00
|
|
|
|
2022-01-20 10:55:23 +01:00
|
|
|
include_once 'general/login_page.php';
|
|
|
|
|
db_pandora_audit(
|
|
|
|
|
AUDIT_LOG_USER_REGISTRATION,
|
|
|
|
|
'Invalid login: '.$nick,
|
|
|
|
|
$nick
|
|
|
|
|
);
|
2019-01-30 16:18:44 +01:00
|
|
|
|
2022-01-20 10:55:23 +01:00
|
|
|
while (ob_get_length() > 0) {
|
|
|
|
|
ob_end_flush();
|
2019-01-30 16:18:44 +01:00
|
|
|
}
|
2022-01-20 10:55:23 +01:00
|
|
|
|
|
|
|
|
exit('</html>');
|
2019-01-30 16:18:44 +01:00
|
|
|
}
|
|
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
// Form the url.
|
2019-01-30 16:18:44 +01:00
|
|
|
$query_params_redirect = $_GET;
|
2019-07-02 16:22:23 +02:00
|
|
|
// Visual console do not want sec2.
|
2022-01-20 10:55:23 +01:00
|
|
|
if ($home_page === 'Visual console') {
|
2019-01-30 16:18:44 +01:00
|
|
|
unset($query_params_redirect['sec2']);
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-11 17:49:28 +02:00
|
|
|
// Dashboard do not want sec2.
|
2022-01-20 10:55:23 +01:00
|
|
|
if ($home_page === 'Dashboard') {
|
2020-06-11 17:49:28 +02:00
|
|
|
unset($query_params_redirect['sec2']);
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-30 16:18:44 +01:00
|
|
|
$redirect_url = '?logged=1';
|
|
|
|
|
foreach ($query_params_redirect as $key => $value) {
|
2022-01-20 10:55:23 +01:00
|
|
|
if ($key === 'login') {
|
2019-01-30 16:18:44 +01:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$redirect_url .= '&'.safe_url_extraclean($key).'='.safe_url_extraclean($value);
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-06 17:02:58 +02:00
|
|
|
$double_auth_enabled = (bool) db_get_value('id', 'tuser_double_auth', 'id_user', $config['id_user']);
|
|
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
header('Location: '.ui_get_full_url('index.php'.$redirect_url));
|
2019-01-30 16:18:44 +01:00
|
|
|
exit;
|
2019-02-12 17:45:25 +01:00
|
|
|
// Always exit after sending location headers.
|
2022-01-20 10:55:23 +01:00
|
|
|
} else if (isset($_GET['loginhash']) === true) {
|
2019-07-02 16:22:23 +02:00
|
|
|
// Hash login process.
|
2019-01-30 16:18:44 +01:00
|
|
|
$loginhash_data = get_parameter('loginhash_data', '');
|
|
|
|
|
$loginhash_user = str_rot13(get_parameter('loginhash_user', ''));
|
2017-12-11 16:30:09 +01:00
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
if ($config['loginhash_pwd'] != ''
|
|
|
|
|
&& $loginhash_data == md5(
|
|
|
|
|
$loginhash_user.io_output_password($config['loginhash_pwd'])
|
|
|
|
|
)
|
|
|
|
|
) {
|
2019-01-30 16:18:44 +01:00
|
|
|
db_logon($loginhash_user, $_SERVER['REMOTE_ADDR']);
|
2017-12-11 16:30:09 +01:00
|
|
|
$_SESSION['id_usuario'] = $loginhash_user;
|
2019-01-30 16:18:44 +01:00
|
|
|
$config['id_user'] = $loginhash_user;
|
|
|
|
|
} else {
|
|
|
|
|
include_once 'general/login_page.php';
|
2022-01-20 10:55:23 +01:00
|
|
|
db_pandora_audit(
|
|
|
|
|
AUDIT_LOG_USER_REGISTRATION,
|
|
|
|
|
'Loginhash failed',
|
|
|
|
|
'system'
|
|
|
|
|
);
|
2021-02-09 10:25:08 +01:00
|
|
|
while (ob_get_length() > 0) {
|
|
|
|
|
ob_end_flush();
|
2019-01-30 16:18:44 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
exit('</html>');
|
2017-12-11 16:30:09 +01:00
|
|
|
}
|
2020-10-19 10:59:46 +02:00
|
|
|
} else if (isset($_GET['bye']) === false) {
|
2019-02-12 17:45:25 +01:00
|
|
|
// There is no user connected.
|
2019-01-30 16:18:44 +01:00
|
|
|
if ($config['enterprise_installed']) {
|
|
|
|
|
enterprise_include_once('include/functions_reset_pass.php');
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-21 13:59:54 +02:00
|
|
|
// Boolean parameters.
|
2022-06-16 13:02:49 +02:00
|
|
|
$correct_pass_change = (bool) get_parameter('correct_pass_change', false);
|
|
|
|
|
$reset = (bool) get_parameter('reset', false);
|
|
|
|
|
$first = (bool) get_parameter('first', false);
|
2021-05-21 13:59:54 +02:00
|
|
|
// Strings.
|
|
|
|
|
$reset_hash = get_parameter('reset_hash');
|
|
|
|
|
$pass1 = get_parameter_post('pass1');
|
|
|
|
|
$pass2 = get_parameter_post('pass2');
|
|
|
|
|
$id_user = get_parameter_post('id_user');
|
|
|
|
|
|
|
|
|
|
if (empty($reset_hash) === false) {
|
2020-10-27 10:28:42 +01:00
|
|
|
$hash_data = explode(':::', $reset_hash);
|
|
|
|
|
$id_user = $hash_data[0];
|
|
|
|
|
$codified_hash = $hash_data[1];
|
|
|
|
|
|
|
|
|
|
$db_reset_pass_entry = db_get_value_filter('reset_time', 'treset_pass', ['id_user' => $id_user, 'cod_hash' => $id_user.':::'.$codified_hash]);
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-21 13:59:54 +02:00
|
|
|
if ($correct_pass_change === true
|
|
|
|
|
&& empty($pass1) === false
|
|
|
|
|
&& empty($pass2) === false
|
|
|
|
|
&& empty($id_user) === false
|
|
|
|
|
&& $db_reset_pass_entry !== false
|
|
|
|
|
) {
|
|
|
|
|
// The CSRF does not be validated.
|
|
|
|
|
if ($validatedCSRF === false) {
|
|
|
|
|
$process_error_message = __(
|
|
|
|
|
'%s cannot verify the origin of the request. Try again, please.',
|
|
|
|
|
get_product_name()
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
include_once 'general/login_page.php';
|
|
|
|
|
// Finish the execution.
|
|
|
|
|
exit('</html>');
|
|
|
|
|
} else {
|
|
|
|
|
delete_reset_pass_entry($id_user);
|
|
|
|
|
$correct_reset_pass_process = '';
|
|
|
|
|
$process_error_message = '';
|
2020-10-27 10:28:42 +01:00
|
|
|
|
2021-05-21 13:59:54 +02:00
|
|
|
if ($pass1 === $pass2) {
|
|
|
|
|
$res = update_user_password($id_user, $pass1);
|
|
|
|
|
if ($res) {
|
|
|
|
|
db_process_sql_insert(
|
|
|
|
|
'tsesion',
|
|
|
|
|
[
|
|
|
|
|
'id_sesion' => '',
|
|
|
|
|
'id_usuario' => $id_user,
|
|
|
|
|
'ip_origen' => $_SERVER['REMOTE_ADDR'],
|
|
|
|
|
'accion' => 'Reset change',
|
|
|
|
|
'descripcion' => 'Successful reset password process ',
|
|
|
|
|
'fecha' => date('Y-m-d H:i:s'),
|
|
|
|
|
'utimestamp' => time(),
|
|
|
|
|
]
|
|
|
|
|
);
|
2019-01-30 16:18:44 +01:00
|
|
|
|
2021-05-21 13:59:54 +02:00
|
|
|
$correct_reset_pass_process = __('Password changed successfully');
|
2019-01-30 16:18:44 +01:00
|
|
|
|
2021-05-21 13:59:54 +02:00
|
|
|
register_pass_change_try($id_user, 1);
|
|
|
|
|
} else {
|
|
|
|
|
register_pass_change_try($id_user, 0);
|
2019-01-30 16:18:44 +01:00
|
|
|
|
2021-05-21 13:59:54 +02:00
|
|
|
$process_error_message = __('Failed to change password');
|
|
|
|
|
}
|
2019-01-30 16:18:44 +01:00
|
|
|
} else {
|
|
|
|
|
register_pass_change_try($id_user, 0);
|
|
|
|
|
|
2021-05-21 13:59:54 +02:00
|
|
|
$process_error_message = __('Passwords must be the same');
|
2019-01-30 16:18:44 +01:00
|
|
|
}
|
|
|
|
|
|
2021-05-21 13:59:54 +02:00
|
|
|
include_once 'general/login_page.php';
|
2019-01-30 16:18:44 +01:00
|
|
|
}
|
|
|
|
|
} else {
|
2021-05-21 13:59:54 +02:00
|
|
|
if (empty($reset_hash) === false) {
|
2019-01-30 16:18:44 +01:00
|
|
|
$process_error_message = '';
|
|
|
|
|
|
|
|
|
|
if ($db_reset_pass_entry) {
|
|
|
|
|
if (($db_reset_pass_entry + SECONDS_2HOUR) < time()) {
|
|
|
|
|
register_pass_change_try($id_user, 0);
|
|
|
|
|
$process_error_message = __('Too much time since password change request');
|
|
|
|
|
include_once 'general/login_page.php';
|
|
|
|
|
} else {
|
|
|
|
|
include_once 'enterprise/include/process_reset_pass.php';
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
register_pass_change_try($id_user, 0);
|
|
|
|
|
$process_error_message = __('This user has not requested a password change');
|
|
|
|
|
include_once 'general/login_page.php';
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2021-05-21 13:59:54 +02:00
|
|
|
if ($reset === false) {
|
2019-01-30 16:18:44 +01:00
|
|
|
include_once 'general/login_page.php';
|
|
|
|
|
} else {
|
2021-05-21 13:59:54 +02:00
|
|
|
$user_reset_pass = get_parameter('user_reset_pass');
|
2019-01-30 16:18:44 +01:00
|
|
|
$error = '';
|
|
|
|
|
$mail = '';
|
|
|
|
|
$show_error = false;
|
|
|
|
|
|
2021-05-21 13:59:54 +02:00
|
|
|
if ($first === false) {
|
|
|
|
|
// The CSRF does not be validated.
|
|
|
|
|
if ($validatedCSRF === false) {
|
|
|
|
|
$process_error_message = __(
|
|
|
|
|
'%s cannot verify the origin of the request. Try again, please.',
|
|
|
|
|
get_product_name()
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
include_once 'general/login_page.php';
|
|
|
|
|
// Finish the execution.
|
|
|
|
|
exit('</html>');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (empty($user_reset_pass) === true) {
|
2019-02-12 17:45:25 +01:00
|
|
|
$reset = false;
|
|
|
|
|
$error = __('Id user cannot be empty');
|
|
|
|
|
$show_error = true;
|
|
|
|
|
} else {
|
|
|
|
|
$check_user = check_user_id($user_reset_pass);
|
|
|
|
|
|
2021-05-21 13:59:54 +02:00
|
|
|
if ($check_user === false) {
|
2019-01-30 16:18:44 +01:00
|
|
|
$reset = false;
|
2019-02-12 17:45:25 +01:00
|
|
|
register_pass_change_try($user_reset_pass, 0);
|
|
|
|
|
$error = __('Error in reset password request');
|
2019-01-30 16:18:44 +01:00
|
|
|
$show_error = true;
|
|
|
|
|
} else {
|
2019-02-12 17:45:25 +01:00
|
|
|
$check_mail = check_user_have_mail($user_reset_pass);
|
2019-01-30 16:18:44 +01:00
|
|
|
|
2019-02-12 17:45:25 +01:00
|
|
|
if (!$check_mail) {
|
2019-01-30 16:18:44 +01:00
|
|
|
$reset = false;
|
|
|
|
|
register_pass_change_try($user_reset_pass, 0);
|
2019-02-12 17:45:25 +01:00
|
|
|
$error = __('This user doesn\'t have a valid email address');
|
2019-01-30 16:18:44 +01:00
|
|
|
$show_error = true;
|
|
|
|
|
} else {
|
2019-02-12 17:45:25 +01:00
|
|
|
$mail = $check_mail;
|
2019-01-30 16:18:44 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-12 17:45:25 +01:00
|
|
|
$cod_hash = $user_reset_pass.'::::'.md5(rand(10, 1000000).rand(10, 1000000).rand(10, 1000000));
|
|
|
|
|
|
|
|
|
|
$subject = '['.io_safe_output(get_product_name()).'] '.__('Reset password');
|
|
|
|
|
$body = __('This is an automatically sent message for user ');
|
|
|
|
|
$body .= ' "<strong>'.$user_reset_pass.'"</strong>';
|
|
|
|
|
$body .= '<p />';
|
|
|
|
|
$body .= __('Please click the link below to reset your password');
|
|
|
|
|
$body .= '<p />';
|
2019-07-02 16:22:23 +02:00
|
|
|
$body .= '<a href="'.ui_get_full_url('index.php?reset_hash='.$cod_hash).'">'.__('Reset your password').'</a>';
|
2019-02-12 17:45:25 +01:00
|
|
|
$body .= '<p />';
|
|
|
|
|
$body .= get_product_name();
|
|
|
|
|
$body .= '<p />';
|
|
|
|
|
$body .= '<em>'.__('Please do not reply to this email.').'</em>';
|
2019-01-30 16:18:44 +01:00
|
|
|
|
2021-05-21 13:59:54 +02:00
|
|
|
$result = (bool) send_email_to_user($mail, $body, $subject);
|
2019-01-30 16:18:44 +01:00
|
|
|
|
2021-05-21 13:59:54 +02:00
|
|
|
if ($result === false) {
|
2019-02-12 17:45:25 +01:00
|
|
|
$process_error_message = __('Error at sending the email');
|
|
|
|
|
} else {
|
|
|
|
|
send_token_to_db($user_reset_pass, $cod_hash);
|
2019-01-30 16:18:44 +01:00
|
|
|
}
|
2019-02-12 17:45:25 +01:00
|
|
|
|
|
|
|
|
include_once 'general/login_page.php';
|
2019-01-30 16:18:44 +01:00
|
|
|
} else {
|
|
|
|
|
include_once 'enterprise/include/reset_pass.php';
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-09 10:25:08 +01:00
|
|
|
while (ob_get_length() > 0) {
|
|
|
|
|
ob_end_flush();
|
2017-12-11 16:30:09 +01:00
|
|
|
}
|
2019-01-30 16:18:44 +01:00
|
|
|
|
|
|
|
|
exit('</html>');
|
2017-12-11 16:30:09 +01:00
|
|
|
}
|
2019-01-30 16:18:44 +01:00
|
|
|
} else {
|
|
|
|
|
if (isset($_GET['loginhash_data'])) {
|
|
|
|
|
$loginhash_data = get_parameter('loginhash_data', '');
|
|
|
|
|
$loginhash_user = str_rot13(get_parameter('loginhash_user', ''));
|
|
|
|
|
$iduser = $_SESSION['id_usuario'];
|
|
|
|
|
unset($_SESSION['id_usuario']);
|
|
|
|
|
unset($iduser);
|
2017-12-11 16:30:09 +01:00
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
if ($config['loginhash_pwd'] != ''
|
|
|
|
|
&& $loginhash_data == md5(
|
|
|
|
|
$loginhash_user.io_output_password($config['loginhash_pwd'])
|
|
|
|
|
)
|
|
|
|
|
) {
|
2019-01-30 16:18:44 +01:00
|
|
|
db_logon($loginhash_user, $_SERVER['REMOTE_ADDR']);
|
|
|
|
|
$_SESSION['id_usuario'] = $loginhash_user;
|
|
|
|
|
$config['id_user'] = $loginhash_user;
|
|
|
|
|
} else {
|
|
|
|
|
include_once 'general/login_page.php';
|
2022-01-20 10:55:23 +01:00
|
|
|
db_pandora_audit(
|
|
|
|
|
AUDIT_LOG_USER_REGISTRATION,
|
|
|
|
|
'Loginhash failed',
|
|
|
|
|
'system'
|
|
|
|
|
);
|
2021-02-09 10:25:08 +01:00
|
|
|
while (ob_get_length() > 0) {
|
|
|
|
|
ob_end_flush();
|
2019-01-30 16:18:44 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
exit('</html>');
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$user_in_db = db_get_row_filter(
|
|
|
|
|
'tusuario',
|
|
|
|
|
['id_user' => $config['id_user']],
|
|
|
|
|
'*'
|
|
|
|
|
);
|
|
|
|
|
if ($user_in_db == false) {
|
2019-07-02 16:22:23 +02:00
|
|
|
// Logout.
|
2019-01-30 16:18:44 +01:00
|
|
|
$_REQUEST = [];
|
|
|
|
|
$_GET = [];
|
|
|
|
|
$_POST = [];
|
|
|
|
|
$config['auth_error'] = __("User doesn\'t exist.");
|
|
|
|
|
$iduser = $_SESSION['id_usuario'];
|
|
|
|
|
unset($_SESSION['id_usuario']);
|
|
|
|
|
unset($iduser);
|
|
|
|
|
include_once 'general/login_page.php';
|
2021-02-09 10:25:08 +01:00
|
|
|
while (ob_get_length() > 0) {
|
|
|
|
|
ob_end_flush();
|
2019-01-30 16:18:44 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
exit('</html>');
|
|
|
|
|
} else {
|
|
|
|
|
if (((bool) $user_in_db['is_admin'] === false)
|
2022-06-16 13:02:49 +02:00
|
|
|
&& ((bool) $user_in_db['not_login'] === true
|
2021-06-25 15:41:34 +02:00
|
|
|
|| (is_metaconsole() === false
|
|
|
|
|
&& has_metaconsole() === true
|
|
|
|
|
&& is_management_allowed() === false
|
|
|
|
|
&& (bool) $user_in_db['metaconsole_access_node'] === false))
|
2019-01-30 16:18:44 +01:00
|
|
|
) {
|
2019-07-02 16:22:23 +02:00
|
|
|
// Logout.
|
2019-01-30 16:18:44 +01:00
|
|
|
$_REQUEST = [];
|
|
|
|
|
$_GET = [];
|
|
|
|
|
$_POST = [];
|
|
|
|
|
$config['auth_error'] = __('User only can use the API.');
|
|
|
|
|
$iduser = $_SESSION['id_usuario'];
|
|
|
|
|
unset($_SESSION['id_usuario']);
|
|
|
|
|
unset($iduser);
|
2021-07-22 09:34:58 +02:00
|
|
|
$login_screen = 'disabled_access_node';
|
2019-01-30 16:18:44 +01:00
|
|
|
include_once 'general/login_page.php';
|
2021-02-09 10:25:08 +01:00
|
|
|
while (ob_get_length() > 0) {
|
|
|
|
|
ob_end_flush();
|
2019-01-30 16:18:44 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
exit('</html>');
|
2020-10-19 18:45:40 +02:00
|
|
|
} else {
|
|
|
|
|
if ($config['auth'] === 'saml') {
|
|
|
|
|
enterprise_hook('saml_login_status_verifier');
|
|
|
|
|
}
|
2019-01-30 16:18:44 +01:00
|
|
|
}
|
|
|
|
|
}
|
2017-01-18 11:57:15 +01:00
|
|
|
}
|
2017-05-05 12:26:34 +02:00
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
// Enterprise support.
|
2019-01-30 16:18:44 +01:00
|
|
|
if (file_exists(ENTERPRISE_DIR.'/load_enterprise.php')) {
|
|
|
|
|
include_once ENTERPRISE_DIR.'/load_enterprise.php';
|
2017-05-05 12:26:34 +02:00
|
|
|
}
|
|
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
// Log off.
|
2019-01-30 16:18:44 +01:00
|
|
|
if (isset($_GET['bye'])) {
|
|
|
|
|
$iduser = $_SESSION['id_usuario'];
|
|
|
|
|
|
2020-10-19 10:59:46 +02:00
|
|
|
if ($config['auth'] === 'saml') {
|
2020-10-19 17:42:50 +02:00
|
|
|
enterprise_hook('saml_logout');
|
2020-10-16 16:41:42 +02:00
|
|
|
}
|
2019-01-30 16:18:44 +01:00
|
|
|
|
|
|
|
|
$_SESSION = [];
|
|
|
|
|
session_destroy();
|
|
|
|
|
header_remove('Set-Cookie');
|
|
|
|
|
setcookie(session_name(), $_COOKIE[session_name()], (time() - 4800), '/');
|
|
|
|
|
|
2023-02-20 10:47:00 +01:00
|
|
|
generate_csrf_code();
|
2020-10-19 10:59:46 +02:00
|
|
|
// Process logout.
|
|
|
|
|
include 'general/logoff.php';
|
2019-01-30 16:18:44 +01:00
|
|
|
|
2021-02-09 10:25:08 +01:00
|
|
|
while (ob_get_length() > 0) {
|
|
|
|
|
ob_end_flush();
|
2019-01-30 16:18:44 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
exit('</html>');
|
2008-06-26 16:57:11 +02:00
|
|
|
}
|
2008-07-02 14:30:56 +02:00
|
|
|
|
2015-03-17 16:48:29 +01:00
|
|
|
clear_pandora_error_for_header();
|
|
|
|
|
|
2022-01-11 12:08:41 +01:00
|
|
|
if ((bool) ($config['node_deactivated'] ?? false) === true) {
|
2021-07-19 13:47:43 +02:00
|
|
|
// Prevent access node if not merged.
|
|
|
|
|
include 'general/node_deactivated.php';
|
|
|
|
|
|
|
|
|
|
while (ob_get_length() > 0) {
|
|
|
|
|
ob_end_flush();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
exit('</html>');
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-11 12:08:41 +01:00
|
|
|
if ((bool) ($config['maintenance_mode'] ?? false) === true
|
2021-07-19 13:47:43 +02:00
|
|
|
&& (bool) users_is_admin() === false
|
|
|
|
|
) {
|
|
|
|
|
// Show maintenance web-page. For non-admin users only.
|
|
|
|
|
include 'general/maintenance.php';
|
|
|
|
|
|
|
|
|
|
while (ob_get_length() > 0) {
|
|
|
|
|
ob_end_flush();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
exit('</html>');
|
|
|
|
|
}
|
|
|
|
|
|
2022-07-11 16:42:20 +02:00
|
|
|
if (is_reporting_console_node() === true
|
2022-07-08 13:40:20 +02:00
|
|
|
&& (bool) users_is_admin() === false
|
|
|
|
|
) {
|
|
|
|
|
include 'general/reporting_console_node.php';
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-30 16:18:44 +01:00
|
|
|
/*
|
2019-07-02 16:22:23 +02:00
|
|
|
* ----------------------------------------------------------------------
|
2021-02-09 10:25:08 +01:00
|
|
|
* EXTENSIONS
|
|
|
|
|
* ----------------------------------------------------------------------
|
|
|
|
|
*
|
|
|
|
|
* Load the basic configurations of extension and add extensions into menu.
|
|
|
|
|
* Load here, because if not, some extensions not load well, I don't why.
|
2011-09-26 21:59:49 +02:00
|
|
|
*/
|
2012-04-26 22:46:38 +02:00
|
|
|
|
2014-08-08 Miguel de Dios <miguel.dedios@artica.es>
* include/functions.php,
include/help/clippy/godmode_agentes_modificar_agente.php,
include/help/clippy/homepage.php,
include/help/clippy/godmode_agentes_configurar_agente.php,
include/javascript/intro.js,
include/javascript/introjs.css,
include/javascript/clippy.js,
include/functions_ui.php,
include/functions_clippy.php,
index.php,
general/header.php: first version of the new feature a annoying
clippy such as the lovely micro$oft mascot.
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@10393 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2014-08-08 17:11:00 +02:00
|
|
|
$config['logged'] = false;
|
2019-01-30 16:18:44 +01:00
|
|
|
extensions_load_extensions($process_login);
|
2016-06-08 13:51:34 +02:00
|
|
|
|
2012-04-13 12:39:28 +02:00
|
|
|
if ($process_login) {
|
2019-07-02 16:22:23 +02:00
|
|
|
// Call all extensions login function.
|
2019-01-30 16:18:44 +01:00
|
|
|
extensions_call_login_function();
|
|
|
|
|
|
|
|
|
|
unset($_SESSION['new_update']);
|
|
|
|
|
|
|
|
|
|
include_once 'include/functions_update_manager.php';
|
|
|
|
|
|
|
|
|
|
if ($config['autoupdate'] == 1) {
|
2021-06-14 13:56:42 +02:00
|
|
|
$result = update_manager_check_updates_available();
|
2019-01-30 16:18:44 +01:00
|
|
|
if ($result) {
|
|
|
|
|
$_SESSION['new_update'] = 'new';
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$config['logged'] = true;
|
2012-04-23 13:20:28 +02:00
|
|
|
}
|
2012-07-03 Miguel de Dios <miguel.dedios@artica.es>
* ajax.php: added support for the enterprise, because some case
this file can't call enterprise functions.
* godmode/reporting/visual_console_builder.wizard.php,
godmode/reporting/visual_console_builder.php,
godmode/reporting/visual_console_builder.editor.js,
godmode/reporting/visual_console_builder.elements.php,
godmode/reporting/visual_console_builder.editor.php,
godmode/reporting/visual_console_builder.constans.php (delete),
include/functions_visual_map_editor.php,
include/ajax/visual_console_builder.ajax.php,
include/functions_visual_map.php: some parts of code had been
refactored because it is necesary for to add enterprise feature to
Visual map.
* include/constants.php: cleaned source code style and added and
reordened the constants for visual maps.
* include/functions_html.php, include/styles/pandora.css,
include/functions_ui.php, include/functions.php, index.php: cleaned
source code style.
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@6732 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2012-07-03 17:39:37 +02:00
|
|
|
|
2019-05-13 17:55:41 +02:00
|
|
|
require_once 'general/register.php';
|
2019-01-30 16:18:44 +01:00
|
|
|
|
|
|
|
|
if (get_parameter('login', 0) !== 0) {
|
|
|
|
|
if ((!isset($config['skip_login_help_dialog']) || $config['skip_login_help_dialog'] == 0)
|
|
|
|
|
&& $display_previous_popup === false
|
|
|
|
|
&& $config['initial_wizard'] == 1
|
|
|
|
|
) {
|
|
|
|
|
include_once 'general/login_help_dialog.php';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$php_version = phpversion();
|
|
|
|
|
$php_version_array = explode('.', $php_version);
|
|
|
|
|
if ($php_version_array[0] < 7) {
|
2022-11-22 16:31:09 +01:00
|
|
|
include_once 'general/php_message.php';
|
2019-01-30 16:18:44 +01:00
|
|
|
}
|
2012-04-25 21:20:23 +02:00
|
|
|
}
|
|
|
|
|
|
2021-06-14 13:56:42 +02:00
|
|
|
|
2022-01-11 12:08:41 +01:00
|
|
|
if ((bool) ($config['maintenance_mode'] ?? false) === true
|
2021-06-14 13:56:42 +02:00
|
|
|
&& (bool) users_is_admin() === false
|
|
|
|
|
) {
|
|
|
|
|
// Show maintenance web-page. For non-admin users only.
|
|
|
|
|
include 'general/maintenance.php';
|
|
|
|
|
|
|
|
|
|
while (ob_get_length() > 0) {
|
|
|
|
|
ob_end_flush();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
exit('</html>');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2021-06-16 15:29:28 +02:00
|
|
|
// Pure.
|
2019-01-30 16:18:44 +01:00
|
|
|
if ($config['pure'] == 0) {
|
2021-06-16 15:29:28 +02:00
|
|
|
// Menu container prepared to autohide menu.
|
|
|
|
|
$menuCollapsed = (isset($_SESSION['menu_type']) === true && $_SESSION['menu_type'] !== 'classic');
|
|
|
|
|
$menuTypeClass = ($menuCollapsed === true) ? 'collapsed' : 'classic';
|
|
|
|
|
// Container.
|
|
|
|
|
echo '<div id="container">';
|
|
|
|
|
// Header.
|
|
|
|
|
echo '<div id="head">';
|
2019-03-05 12:54:11 +01:00
|
|
|
include 'general/header.php';
|
2021-06-16 15:29:28 +02:00
|
|
|
echo '</div>';
|
|
|
|
|
// Main menu.
|
|
|
|
|
echo sprintf('<div id="page" class="page_%s">', $menuTypeClass);
|
|
|
|
|
echo '<div id="menu">';
|
2019-03-25 19:37:45 +01:00
|
|
|
|
2019-03-05 12:54:11 +01:00
|
|
|
include 'general/main_menu.php';
|
2023-03-03 14:16:06 +01:00
|
|
|
echo html_print_go_top();
|
2019-01-30 16:18:44 +01:00
|
|
|
} else {
|
|
|
|
|
echo '<div id="main_pure">';
|
2019-07-02 16:22:23 +02:00
|
|
|
// Require menu only to build structure to use it in ACLs.
|
2019-01-30 16:18:44 +01:00
|
|
|
include 'operation/menu.php';
|
|
|
|
|
include 'godmode/menu.php';
|
2008-06-26 16:57:11 +02:00
|
|
|
}
|
|
|
|
|
|
2021-12-16 17:46:45 +01:00
|
|
|
if (has_metaconsole() === true
|
|
|
|
|
&& (bool) $config['centralized_management'] === true
|
|
|
|
|
) {
|
|
|
|
|
$MR = (float) $config['MR'];
|
|
|
|
|
// Node attached to a metaconsole.
|
|
|
|
|
$server_id = $config['metaconsole_node_id'];
|
|
|
|
|
|
|
|
|
|
// Connect to meta.
|
|
|
|
|
metaconsole_load_external_db(
|
|
|
|
|
[
|
|
|
|
|
'dbhost' => $config['replication_dbhost'],
|
|
|
|
|
'dbuser' => $config['replication_dbuser'],
|
|
|
|
|
'dbpass' => io_output_password($config['replication_dbpass']),
|
|
|
|
|
'dbname' => $config['replication_dbname'],
|
|
|
|
|
]
|
|
|
|
|
);
|
|
|
|
|
$metaMR = (float) db_get_value(
|
|
|
|
|
'value',
|
|
|
|
|
'tconfig',
|
|
|
|
|
'token',
|
|
|
|
|
'MR',
|
|
|
|
|
false,
|
|
|
|
|
false
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
// Return connection to node.
|
|
|
|
|
metaconsole_restore_db();
|
|
|
|
|
|
|
|
|
|
if ($MR !== $metaMR) {
|
|
|
|
|
$err = '<div id="err_msg_centralised">'.html_print_image(
|
|
|
|
|
'/images/warning_modern.png',
|
|
|
|
|
true
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$err .= '<div>'.__(
|
|
|
|
|
'Metaconsole MR (%d) is different than this one (%d)',
|
|
|
|
|
$metaMR,
|
|
|
|
|
$MR
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$err .= '<br>';
|
|
|
|
|
$err .= __('Please keep all environment updated to same version.');
|
|
|
|
|
$err .= '</div>';
|
|
|
|
|
?>
|
|
|
|
|
<script type="text/javascript">
|
2022-06-16 13:02:49 +02:00
|
|
|
$(document).ready(function() {
|
2021-12-16 17:46:45 +01:00
|
|
|
infoMessage({
|
|
|
|
|
title: '<?php echo __('Warning'); ?>',
|
|
|
|
|
text: '<?php echo $err; ?>',
|
|
|
|
|
simple: true,
|
|
|
|
|
})
|
|
|
|
|
})
|
|
|
|
|
</script>
|
|
|
|
|
<?php
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
/*
|
|
|
|
|
* Session locking concurrency speedup!
|
2021-02-09 10:25:08 +01:00
|
|
|
* http://es2.php.net/manual/en/ref.session.php#64525
|
2019-07-02 16:22:23 +02:00
|
|
|
*/
|
|
|
|
|
|
2019-01-30 16:18:44 +01:00
|
|
|
session_write_close();
|
2011-06-16 21:26:45 +02:00
|
|
|
|
2012-04-13 12:39:28 +02:00
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
// Main block of content.
|
2019-01-30 16:18:44 +01:00
|
|
|
if ($config['pure'] == 0) {
|
|
|
|
|
echo '<div id="main">';
|
2008-06-26 16:57:11 +02:00
|
|
|
}
|
2008-06-13 Sancho Lerena <slerena@gmail.com>
* index.php: Added pure (Fullscreen). HTML code cleanup and user session.
* pandoradb.sql: talert_snmp: Added priority field.
* pandoradb_data.sql: Changes default values in talerta. tconfig_os, tgrupo
and some links.
* header.php: Fixed some user session management.
* logon_ok.php: New design for welcome screen, odometer is over.
* menu.php, godmode/menu.php: Some ACL improvements.
* agent_disk_conf_editor.php: Minor fix in view link.
* configurar_agente.php, agent_manager.php: Added parent combo and better
ACL checks. New remote configuration control for get timestamp info of
config file.
* modify_alert.php: Changes to use new internal Mail alert.
* config.php: Some items moved to config_process. (font, attachment and
default style).
* functions.php: Added form_agent_combo(), form_event_type_combo(),
form_priority() and return_priority() functions.
* functions_db.php: Added smal_event_table() to render a variable table
with latest events (filtered).
* pandora.css. Added pure and priority colors.
* estado_alertas.php: Fixed ACL problems.
* stado_generalagente.php: Graph of modules now represents modules that
has generated events. Old graph is not used anymore. Also display parent.
* estado_grupo.php: Border of boxes is now thicker.
* tactical.php: New screen, almost all code changed. Odometer is not used
anymore, added some new items, like module LAG meter, module sanity, and
other general metrics.
* ver_agente.php: Now renders also event for each agent view. Alert manual
validation generate a new event.
* events.php: New event system. 90% new code. A LOT of new features,
including full screen, coloured (by priority) and filters by six fields.
* snmp_alert.php: Added support for alert priority.
* operation/users/user.php: No longer a user with UM privileges could
see any other user.
* render_view.php: Added fullscreen support for visual maps.
* fgraph.php: Added support for session checking in graphs (at least!).
New graphics for events (some changed it's function like events by group),
and feature added to progress GD implementation.
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@860 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2008-06-13 18:59:54 +02:00
|
|
|
|
2022-07-12 10:18:06 +02:00
|
|
|
if (is_reporting_console_node() === true) {
|
|
|
|
|
echo notify_reporting_console_node();
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
// Page loader / selector.
|
2009-07-24 12:27:14 +02:00
|
|
|
if ($searchPage) {
|
2019-01-30 16:18:44 +01:00
|
|
|
include 'operation/search_results.php';
|
|
|
|
|
} else {
|
|
|
|
|
if ($page != '') {
|
|
|
|
|
$main_sec = get_sec($sec);
|
|
|
|
|
if ($main_sec == false) {
|
|
|
|
|
if ($sec == 'extensions') {
|
|
|
|
|
$main_sec = get_parameter('extension_in_menu');
|
2019-03-25 12:22:18 +01:00
|
|
|
if (empty($main_sec) === true) {
|
|
|
|
|
$main_sec = $sec;
|
|
|
|
|
}
|
2019-01-30 16:18:44 +01:00
|
|
|
} else if ($sec == 'gextensions') {
|
2022-06-16 13:02:49 +02:00
|
|
|
$main_sec = get_parameter('extension_in_menu');
|
2020-08-24 10:16:25 +02:00
|
|
|
if (empty($main_sec) === true) {
|
|
|
|
|
$main_sec = $sec;
|
|
|
|
|
}
|
2019-01-30 16:18:44 +01:00
|
|
|
} else {
|
|
|
|
|
$main_sec = $sec;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$sec = $sec2;
|
|
|
|
|
$sec2 = '';
|
|
|
|
|
}
|
2008-06-26 16:57:11 +02:00
|
|
|
|
2022-08-08 13:51:07 +02:00
|
|
|
$tab = get_parameter('tab', '');
|
|
|
|
|
if (empty($tab) === true) {
|
|
|
|
|
$tab = get_parameter('wiz', '');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$acl_reporting_console_node = acl_reporting_console_node($page, $tab);
|
2022-07-08 13:40:20 +02:00
|
|
|
if ($acl_reporting_console_node === false) {
|
|
|
|
|
include 'general/reporting_console_node.php';
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-30 16:18:44 +01:00
|
|
|
$page .= '.php';
|
|
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
// Enterprise ACL check.
|
2019-01-30 16:18:44 +01:00
|
|
|
if (enterprise_hook(
|
|
|
|
|
'enterprise_acl',
|
|
|
|
|
[
|
|
|
|
|
$config['id_user'],
|
|
|
|
|
$main_sec,
|
|
|
|
|
$sec,
|
|
|
|
|
true,
|
|
|
|
|
$sec2,
|
|
|
|
|
]
|
|
|
|
|
) == false
|
|
|
|
|
) {
|
|
|
|
|
include 'general/noaccess.php';
|
|
|
|
|
} else {
|
|
|
|
|
$sec = $main_sec;
|
2021-06-01 10:04:53 +02:00
|
|
|
if (file_exists($page) === true) {
|
|
|
|
|
if ((bool) extensions_is_extension($page) === false) {
|
|
|
|
|
try {
|
|
|
|
|
include_once $page;
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
ui_print_error_message(
|
|
|
|
|
$e->getMessage().' in '.$e->getFile().':'.$e->getLine()
|
|
|
|
|
);
|
|
|
|
|
}
|
2019-01-30 16:18:44 +01:00
|
|
|
} else {
|
|
|
|
|
if ($sec[0] == 'g') {
|
|
|
|
|
extensions_call_godmode_function(basename($page));
|
|
|
|
|
} else {
|
|
|
|
|
extensions_call_main_function(basename($page));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
ui_print_error_message(__('Sorry! I can\'t find the page!'));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2019-07-02 16:22:23 +02:00
|
|
|
// Home screen chosen by the user.
|
2019-01-30 16:18:44 +01:00
|
|
|
$home_page = '';
|
2021-05-27 12:16:17 +02:00
|
|
|
if (isset($config['id_user']) === true) {
|
2019-01-30 16:18:44 +01:00
|
|
|
$user_info = users_get_user_by_id($config['id_user']);
|
|
|
|
|
$home_page = io_safe_output($user_info['section']);
|
|
|
|
|
$home_url = $user_info['data_section'];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($home_page != '') {
|
|
|
|
|
switch ($home_page) {
|
|
|
|
|
case 'Event list':
|
|
|
|
|
$_GET['sec'] = 'eventos';
|
|
|
|
|
$_GET['sec2'] = 'operation/events/events';
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'Group view':
|
|
|
|
|
$_GET['sec'] = 'view';
|
|
|
|
|
$_GET['sec2'] = 'operation/agentes/group_view';
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'Alert detail':
|
|
|
|
|
$_GET['sec'] = 'view';
|
|
|
|
|
$_GET['sec2'] = 'operation/agentes/alerts_status';
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'Tactical view':
|
|
|
|
|
$_GET['sec'] = 'view';
|
|
|
|
|
$_GET['sec2'] = 'operation/agentes/tactical';
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'Default':
|
2019-07-02 16:22:23 +02:00
|
|
|
default:
|
2019-01-30 16:18:44 +01:00
|
|
|
$_GET['sec2'] = 'general/logon_ok';
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'Dashboard':
|
2021-05-27 12:16:17 +02:00
|
|
|
$_GET['specialSec2'] = sprintf('operation/dashboard/dashboard&dashboardId=%s', $home_url);
|
|
|
|
|
$str = sprintf('sec=reporting&sec2=%s&d_from_main_page=1', $_GET['specialSec2']);
|
2019-01-30 16:18:44 +01:00
|
|
|
parse_str($str, $res);
|
|
|
|
|
foreach ($res as $key => $param) {
|
|
|
|
|
$_GET[$key] = $param;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'Visual console':
|
|
|
|
|
$id_visualc = db_get_value('id', 'tlayout', 'name', $home_url);
|
|
|
|
|
if (($home_url == '') || ($id_visualc == false)) {
|
|
|
|
|
$str = 'sec=network&sec2=operation/visual_console/index&refr=60';
|
|
|
|
|
} else {
|
2020-05-20 12:30:19 +02:00
|
|
|
$str = 'sec=network&sec2=operation/visual_console/render_view&id='.$id_visualc;
|
2019-01-30 16:18:44 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
parse_str($str, $res);
|
|
|
|
|
foreach ($res as $key => $param) {
|
|
|
|
|
$_GET[$key] = $param;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'Other':
|
|
|
|
|
$home_url = io_safe_output($home_url);
|
|
|
|
|
$url_array = parse_url($home_url);
|
|
|
|
|
parse_str($url_array['query'], $res);
|
|
|
|
|
foreach ($res as $key => $param) {
|
|
|
|
|
$_GET[$key] = $param;
|
|
|
|
|
}
|
|
|
|
|
break;
|
2020-11-27 12:54:28 +01:00
|
|
|
|
|
|
|
|
case 'External link':
|
|
|
|
|
$home_url = io_safe_output($home_url);
|
2022-12-23 12:07:27 +01:00
|
|
|
if (strlen($home_url) !== 0) {
|
|
|
|
|
echo '<script type="text/javascript">document.location="'.$home_url.'"</script>';
|
|
|
|
|
} else {
|
|
|
|
|
$_GET['sec2'] = 'general/logon_ok';
|
|
|
|
|
}
|
2020-11-27 12:54:28 +01:00
|
|
|
break;
|
2019-01-30 16:18:44 +01:00
|
|
|
}
|
|
|
|
|
|
2021-05-27 12:16:17 +02:00
|
|
|
if (isset($_GET['sec2']) === true) {
|
2019-01-30 16:18:44 +01:00
|
|
|
$file = $_GET['sec2'].'.php';
|
2020-01-22 17:20:13 +01:00
|
|
|
// Make file path absolute to prevent accessing remote files.
|
|
|
|
|
$file = __DIR__.'/'.$file;
|
2019-07-02 16:22:23 +02:00
|
|
|
// Translate some secs.
|
2019-01-30 16:18:44 +01:00
|
|
|
$main_sec = get_sec($_GET['sec']);
|
2019-07-02 16:22:23 +02:00
|
|
|
$_GET['sec'] = ($main_sec == false) ? $_GET['sec'] : $main_sec;
|
2020-01-22 17:20:13 +01:00
|
|
|
|
|
|
|
|
// Third condition is aimed to prevent from traversal attack.
|
2021-05-27 12:16:17 +02:00
|
|
|
if (file_exists($file) === false
|
2019-07-02 16:22:23 +02:00
|
|
|
|| ($_GET['sec2'] != 'general/logon_ok' && enterprise_hook(
|
2019-01-30 16:18:44 +01:00
|
|
|
'enterprise_acl',
|
|
|
|
|
[
|
|
|
|
|
$config['id_user'],
|
|
|
|
|
$_GET['sec'],
|
|
|
|
|
$_GET['sec2'],
|
|
|
|
|
true,
|
|
|
|
|
isset($_GET['sec3']) ? $_GET['sec3'] : '',
|
|
|
|
|
]
|
2020-01-22 17:20:13 +01:00
|
|
|
) == false
|
|
|
|
|
|| strpos(realpath($file), __DIR__) === false)
|
2019-01-30 16:18:44 +01:00
|
|
|
) {
|
|
|
|
|
unset($_GET['sec2']);
|
|
|
|
|
include 'general/noaccess.php';
|
|
|
|
|
} else {
|
|
|
|
|
include $file;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
include 'general/noaccess.php';
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
include 'general/logon_ok.php';
|
|
|
|
|
}
|
|
|
|
|
}
|
2011-03-01 17:42:12 +01:00
|
|
|
}
|
2019-01-30 16:18:44 +01:00
|
|
|
|
2023-01-25 16:46:13 +01:00
|
|
|
if (__PAN_XHPROF__ === 1) {
|
|
|
|
|
echo "<span style='font-size: 0.8em;'>";
|
|
|
|
|
echo __('Page generated at').' ';
|
|
|
|
|
echo date('D F d, Y H:i:s', $time).'</span>';
|
|
|
|
|
echo ' - ( ';
|
|
|
|
|
pandora_xhprof_display_result('node_index');
|
|
|
|
|
echo ' )';
|
|
|
|
|
echo '</center>';
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-30 16:18:44 +01:00
|
|
|
if ($config['pure'] == 0) {
|
2023-02-20 14:50:17 +01:00
|
|
|
// echo '<div id="both"></div>';
|
2019-01-30 16:18:44 +01:00
|
|
|
echo '</div>';
|
2019-07-02 16:22:23 +02:00
|
|
|
// Main.
|
2023-02-20 14:50:17 +01:00
|
|
|
// echo '<div id="both"> </div>';
|
2019-01-30 16:18:44 +01:00
|
|
|
echo '</div>';
|
2019-07-02 16:22:23 +02:00
|
|
|
// Page (id = page).
|
2019-01-30 16:18:44 +01:00
|
|
|
} else {
|
|
|
|
|
echo '</div>';
|
2019-07-02 16:22:23 +02:00
|
|
|
// Main pure.
|
2008-06-26 16:57:11 +02:00
|
|
|
}
|
|
|
|
|
|
2022-06-16 13:02:49 +02:00
|
|
|
echo html_print_div(
|
2021-06-16 15:29:28 +02:00
|
|
|
['id' => 'wiz_container'],
|
|
|
|
|
true
|
|
|
|
|
);
|
2019-05-14 17:15:28 +02:00
|
|
|
|
2022-06-16 13:02:49 +02:00
|
|
|
echo html_print_div(
|
2021-06-16 15:29:28 +02:00
|
|
|
['id' => 'um_msg_receiver'],
|
|
|
|
|
true
|
|
|
|
|
);
|
2012-04-21 11:06:22 +02:00
|
|
|
|
2020-06-19 23:03:37 +02:00
|
|
|
// Connection lost alert.
|
2020-11-04 16:41:25 +01:00
|
|
|
ui_require_javascript_file('connection_check');
|
2020-12-03 12:27:55 +01:00
|
|
|
set_js_value('absolute_homeurl', ui_get_full_url(false, false, false, false));
|
2020-06-19 23:03:37 +02:00
|
|
|
$conn_title = __('Connection with server has been lost');
|
|
|
|
|
$conn_text = __('Connection to the server has been lost. Please check your internet connection or contact with administrator.');
|
|
|
|
|
ui_print_message_dialog($conn_title, $conn_text, 'connection', '/images/error_1.png');
|
|
|
|
|
|
2019-01-30 16:18:44 +01:00
|
|
|
if ($config['pure'] == 0) {
|
|
|
|
|
echo '</div>';
|
2019-05-30 18:21:13 +02:00
|
|
|
// Container div.
|
|
|
|
|
echo '</div>';
|
2023-02-20 14:50:17 +01:00
|
|
|
// echo '<div id="both"></div>';
|
2021-05-27 15:49:20 +02:00
|
|
|
echo '</div>';
|
2008-06-26 16:57:11 +02:00
|
|
|
}
|
2014-08-08 Miguel de Dios <miguel.dedios@artica.es>
* include/functions.php,
include/help/clippy/godmode_agentes_modificar_agente.php,
include/help/clippy/homepage.php,
include/help/clippy/godmode_agentes_configurar_agente.php,
include/javascript/intro.js,
include/javascript/introjs.css,
include/javascript/clippy.js,
include/functions_ui.php,
include/functions_clippy.php,
index.php,
general/header.php: first version of the new feature a annoying
clippy such as the lovely micro$oft mascot.
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@10393 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2014-08-08 17:11:00 +02:00
|
|
|
|
2019-06-06 17:50:47 +02:00
|
|
|
// Clippy function.
|
2019-01-30 16:18:44 +01:00
|
|
|
require_once 'include/functions_clippy.php';
|
2014-08-08 Miguel de Dios <miguel.dedios@artica.es>
* include/functions.php,
include/help/clippy/godmode_agentes_modificar_agente.php,
include/help/clippy/homepage.php,
include/help/clippy/godmode_agentes_configurar_agente.php,
include/javascript/intro.js,
include/javascript/introjs.css,
include/javascript/clippy.js,
include/functions_ui.php,
include/functions_clippy.php,
index.php,
general/header.php: first version of the new feature a annoying
clippy such as the lovely micro$oft mascot.
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@10393 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2014-08-08 17:11:00 +02:00
|
|
|
clippy_start($sec2);
|
|
|
|
|
|
2021-02-09 10:25:08 +01:00
|
|
|
while (ob_get_length() > 0) {
|
|
|
|
|
ob_end_flush();
|
2019-01-30 16:18:44 +01:00
|
|
|
}
|
2009-02-25 13:24:06 +01:00
|
|
|
|
2019-01-30 16:18:44 +01:00
|
|
|
db_print_database_debug();
|
2009-02-09 Evi Vanoost <vanooste@rcbi.rochester.edu>
* general/header.php, general/footer.php: Made it comply with standards
* general/main_menu.php: Fixed some typo's.
* include/javascript/jquery.pandora.js: This was loading an extension
that has a separate file already
* include/functions.php: Added process_page_head and process_page_body
these are callback functions for ob_start and add functionality like
conditional loading and external scripts in the correct places. Also adds
override functionality to certain items (like refresh) from anywhere
* include/javascript/time_en.js: Added as a placeholder
* extensions/update_manager.php: Fixed some typos
* operation/agentes/exportdata.php, operation/agentes/networkmap.php,
operation/events/events.php, operation/extensions.php,
operation/incidents/incident_detail.php,
operation/reporting/reporting_viewer.php,
operation/visual_console/render_view.php,
godmode/agentes/alert_manager.php,
godmode/agentes/module_manager_editor.php,
godmode/agentes/planned_downtime.php,
godmode/alerts/configure_alert_template.php,
godmode/alerts/configure_alert_action.php,
godmode/groups/configure_group.php, godmode/reporting/graph_builder.php,
godmode/reporting/map_builder.php, godmode/reporting/reporting_builder.php
godmode/snmpconsole/snmp_alert.php: Changed javascript, css and jquery
loading to the new buffer callback handlers.
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1436 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2009-02-09 19:41:54 +01:00
|
|
|
echo '</html>';
|
2009-02-26 13:09:21 +01:00
|
|
|
|
2019-01-30 16:18:44 +01:00
|
|
|
$run_time = format_numeric((microtime(true) - $config['start_time']), 3);
|
2019-07-02 16:22:23 +02:00
|
|
|
echo "\n<!-- Page generated in ".$run_time." seconds -->\n";
|
2013-02-26 17:10:02 +01:00
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
// Values from PHP to be recovered from JAVASCRIPT.
|
2019-01-30 16:18:44 +01:00
|
|
|
require 'include/php_to_js_values.php';
|
2013-08-07 10:26:26 +02:00
|
|
|
?>
|
2013-06-03 13:10:20 +02:00
|
|
|
|
2013-08-07 10:26:26 +02:00
|
|
|
<script type="text/javascript" language="javascript">
|
2022-11-16 16:04:22 +01:00
|
|
|
// Handle the scroll.
|
|
|
|
|
$(document).ready(scrollFunction());
|
2023-02-15 13:43:42 +01:00
|
|
|
$(document).ready(menuActionButtonResizing());
|
2021-02-09 10:25:08 +01:00
|
|
|
// When there are less than 5 rows, all rows must be white
|
|
|
|
|
var theme = "<?php echo $config['style']; ?>";
|
2022-06-16 13:02:49 +02:00
|
|
|
if (theme === 'pandora') {
|
|
|
|
|
if ($('table.info_table tr').length < 5) {
|
2019-08-13 13:58:44 +02:00
|
|
|
$('table.info_table tbody > tr').css('background-color', '#fff');
|
|
|
|
|
}
|
2019-04-10 10:06:27 +02:00
|
|
|
}
|
|
|
|
|
|
2019-07-02 16:22:23 +02:00
|
|
|
// When the user scrolls down 400px from the top of the document, show the
|
|
|
|
|
// button.
|
2022-06-16 13:02:49 +02:00
|
|
|
window.onscroll = function() {
|
|
|
|
|
scrollFunction()
|
|
|
|
|
};
|
2019-03-04 08:39:56 +01:00
|
|
|
|
2022-11-16 16:04:22 +01:00
|
|
|
window.onresize = function() {
|
|
|
|
|
scrollFunction()
|
|
|
|
|
};
|
|
|
|
|
|
2022-06-16 13:02:49 +02:00
|
|
|
function first_time_identification() {
|
|
|
|
|
jQuery.post("ajax.php", {
|
2019-05-14 17:15:28 +02:00
|
|
|
"page": "general/register",
|
|
|
|
|
"load_wizards": 'initial'
|
|
|
|
|
},
|
2022-06-16 13:02:49 +02:00
|
|
|
function(data) {
|
|
|
|
|
$('#wiz_container').empty()
|
|
|
|
|
.html(data);
|
|
|
|
|
run_configuration_wizard();
|
2019-05-14 17:15:28 +02:00
|
|
|
},
|
|
|
|
|
"html"
|
|
|
|
|
);
|
|
|
|
|
|
2019-01-30 16:18:44 +01:00
|
|
|
}
|
|
|
|
|
|
2022-06-07 13:40:35 +02:00
|
|
|
<?php if (empty($errorFileOutput) === false) : ?>
|
|
|
|
|
// There are one issue with the file that you trying to catch. Show a dialog with message.
|
|
|
|
|
$(document).ready(function() {
|
2022-06-29 10:20:17 +02:00
|
|
|
confirmDialog({
|
|
|
|
|
title: "<?php echo __('Error'); ?>",
|
|
|
|
|
message: "<?php echo io_safe_output($errorFileOutput); ?>",
|
|
|
|
|
hideCancelButton: true,
|
2022-06-07 13:40:35 +02:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
<?php endif; ?>
|
|
|
|
|
|
2019-05-14 23:49:01 +02:00
|
|
|
function show_modal(id) {
|
|
|
|
|
var match = /notification-(.*)-id-([0-9]+)/.exec(id);
|
|
|
|
|
if (!match) {
|
|
|
|
|
console.error(
|
|
|
|
|
"Cannot handle toast click event. Id not valid: ",
|
|
|
|
|
event.target.id
|
2019-01-30 16:18:44 +01:00
|
|
|
);
|
2019-05-14 23:49:01 +02:00
|
|
|
return;
|
2019-01-30 16:18:44 +01:00
|
|
|
}
|
2022-06-16 13:02:49 +02:00
|
|
|
jQuery.post("ajax.php", {
|
2019-05-14 23:49:01 +02:00
|
|
|
"page": "godmode/setup/setup_notifications",
|
|
|
|
|
"get_notification": 1,
|
|
|
|
|
"id": match[2]
|
|
|
|
|
},
|
2022-06-16 13:02:49 +02:00
|
|
|
function(data) {
|
2019-05-14 23:49:01 +02:00
|
|
|
notifications_hide();
|
|
|
|
|
try {
|
|
|
|
|
var json = JSON.parse(data);
|
|
|
|
|
$('#um_msg_receiver')
|
2022-06-16 13:02:49 +02:00
|
|
|
.empty()
|
|
|
|
|
.html(json.mensaje);
|
2019-05-14 23:49:01 +02:00
|
|
|
|
|
|
|
|
$('#um_msg_receiver').prop('title', json.subject);
|
2022-06-16 13:02:49 +02:00
|
|
|
|
2019-05-14 23:49:01 +02:00
|
|
|
// Launch modal.
|
|
|
|
|
$("#um_msg_receiver").dialog({
|
|
|
|
|
resizable: true,
|
|
|
|
|
draggable: true,
|
|
|
|
|
modal: true,
|
|
|
|
|
width: 800,
|
2022-06-16 16:19:33 +02:00
|
|
|
height: 600,
|
2022-06-16 13:02:49 +02:00
|
|
|
buttons: [{
|
|
|
|
|
text: "OK",
|
|
|
|
|
click: function() {
|
|
|
|
|
$(this).dialog("close");
|
2019-05-14 23:49:01 +02:00
|
|
|
}
|
2022-06-16 13:02:49 +02:00
|
|
|
}],
|
2019-05-14 23:49:01 +02:00
|
|
|
overlay: {
|
2022-06-16 13:02:49 +02:00
|
|
|
opacity: 0.5,
|
|
|
|
|
background: "black"
|
|
|
|
|
},
|
2019-05-14 23:49:01 +02:00
|
|
|
closeOnEscape: false,
|
2022-06-16 13:02:49 +02:00
|
|
|
open: function(event, ui) {
|
|
|
|
|
$(".ui-dialog-titlebar-close").hide();
|
|
|
|
|
}
|
2019-05-14 23:49:01 +02:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
$(".ui-widget-overlay").css("background", "#000");
|
|
|
|
|
$(".ui-widget-overlay").css("opacity", 0.6);
|
|
|
|
|
$(".ui-draggable").css("cursor", "inherit");
|
|
|
|
|
|
|
|
|
|
} catch (error) {
|
|
|
|
|
console.log(error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
},
|
|
|
|
|
"html"
|
|
|
|
|
);
|
2019-01-30 16:18:44 +01:00
|
|
|
}
|
2023-01-26 16:00:08 +01:00
|
|
|
|
|
|
|
|
// Info messages action.
|
|
|
|
|
$(document).ready(function() {
|
|
|
|
|
var $autocloseTime = <?php echo ((int) $config['notification_autoclose_time'] * 1000); ?>;
|
|
|
|
|
var $listOfMessages = document.querySelectorAll('.info_box_autoclose');
|
|
|
|
|
$listOfMessages.forEach(
|
|
|
|
|
function(item) {
|
|
|
|
|
autoclose_info_box(item.id, $autocloseTime)
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
});
|
2023-02-20 15:16:27 +01:00
|
|
|
|
|
|
|
|
// Cog animations.
|
|
|
|
|
$(document).ready(function() {
|
|
|
|
|
$(".submitButton").click(function(){
|
|
|
|
|
$("#"+this.id+" > .subIcon.cog").addClass("rotation");
|
|
|
|
|
});
|
|
|
|
|
});
|
2013-06-03 13:10:20 +02:00
|
|
|
</script>
|
