tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2009-01-20 Evi Vanoost <vanooste@rcbi.rochester.edu> 

* ajax.php, include/config.inc.php, include/config_process.php,
	include/functions.php, include/functions_db.php, 
	include/functions_ui.php, index.php, install.php, 
	operation/users/user.php, operation/users/user_edit.php,
	reporting/fgraph.php: Added pluggable authentication and moved functions

	* general/login_page.php, general/logon_ok.php, 
	godmode/agentes/modificar_agente.php, 
	godmode/users/configure_users.php, godmode/users/user_list.php, 
	operation/agentes/estado_agente.php, operation/incidents/incident.php, 
	operation/incidents/incident_search.php: Updated functions

git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1366 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
guruevi 2009-01-20 18:21:20 +00:00
parent 93d789f748
commit 0f42b13670
22 changed files with 1163 additions and 278 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
pandora_console/ChangeLog
View File

@ -1,3 +1,17 @@
2009-01-20 Evi Vanoost <vanooste@rcbi.rochester.edu>
* ajax.php, include/config.inc.php, include/config_process.php,
include/functions.php, include/functions_db.php,
include/functions_ui.php, index.php, install.php,
operation/users/user.php, operation/users/user_edit.php,
reporting/fgraph.php: Added pluggable authentication and moved functions
* general/login_page.php, general/logon_ok.php,
godmode/agentes/modificar_agente.php,
godmode/users/configure_users.php, godmode/users/user_list.php,
operation/agentes/estado_agente.php, operation/incidents/incident.php,
operation/incidents/incident_search.php: Updated functions
2009-01-20 Esteban Sanchez <estebans@artica.es>
* ChangeLog: Fixed tabs. Removed some conflict markups and a bit of

8
pandora_console/ajax.php
View File

@ -24,8 +24,14 @@ require_once ('include/config.php');
require_once ('include/functions.php');
require_once ('include/functions_db.php');
if (!isset ($config["auth"])) {
require_once ("include/auth/mysql.php");
} else {
require_once ("include/auth/".$config["auth"]["scheme"].".php");
}
// Real start
session_start();
session_start ();
// Check user
check_login ();

2
pandora_console/general/login_page.php
View File

@ -32,7 +32,7 @@ echo '<div class="databox" id="login">
if (isset ($login_failed)) {
echo '<tr><td colspan="3">';
echo '<h3 class="error" style="width: 200px">'.__('Login failed').'</h3>';
echo '<h3 class="error" style="width: 200px">'.__('Login failed').': '.$config["auth_error"].'</h3>';
echo '</td></tr>';
}

2
pandora_console/general/logon_ok.php
View File

@ -116,7 +116,7 @@ $cells[3]["color"] = "#000";
$cells[3]["href"] = "index.php?sec=estado&sec2=operation/agentes/estado_alertas&refr=60";
$cells[4][0] = __('Users defined');
$cells[4][1] = count (list_users ());
$cells[4][1] = count (get_users ());
$cells[4]["color"] = "#000";
$cells[4]["href"] = "index.php?sec=usuarios&sec2=operation/users/user";

2
pandora_console/godmode/agentes/modificar_agente.php
View File

@ -116,7 +116,7 @@ if ($ag_group > 1){
AND $search_sql ORDER BY nombre";
} else {
// Is admin user ??
if (get_db_sql ("SELECT * FROM tusuario WHERE id_usuario ='".$config["id_user"]."'", "nivel") == 1){
if (is_user_admin ($config["id_user"])) {
$sql1 = "SELECT * FROM tagente WHERE $search_sql ORDER BY nombre, id_grupo LIMIT $offset, ".$config["block_size"];
$sql2="SELECT COUNT(id_agente) FROM tagente WHERE $search_sql ORDER BY nombre, id_grupo";
} else {

2
pandora_console/godmode/users/configure_user.php
View File

@ -263,7 +263,7 @@ if ($modo == "edicion") { // Only show groups for existing users
$color = 1;
}
echo '<td class="'.$tdcolor.'">';
echo "<b style='margin-left:10px'>".dame_perfil($row["id_perfil"])."</b> / ";
echo "<b style='margin-left:10px'>".get_profile_name ($row["id_perfil"])."</b> / ";
echo "<b>".get_group_name ($row["id_grupo"])."</b>";
echo '<td class="'.$tdcolor.'t"><a href="index.php?sec=gusuarios&sec2=godmode/users/configure_user&id_usuario_mio='.$id_usuario_mio.'&borrar_grupo='.$row["id_up"].' " onClick="if (!confirm(\' '.__('Are you sure?').'\')) return false;"><img border=0 src="images/cross.png"></a><tr>';
}

11
pandora_console/godmode/users/user_list.php
View File

@ -33,10 +33,7 @@ if (isset($_GET["borrar_usuario"])) { // if delete user
// Delete user
// Delete cols from table tgrupo_usuario
$sql = "DELETE FROM tgrupo_usuario WHERE usuario = '".$nombre."'";
$result = process_sql ($sql);
$sql = "DELETE FROM tusuario WHERE id_usuario = '".$nombre."'";
$result = process_sql ($sql);
$result = delete_user ($nombre);
if ($result === false) {
echo '<h3 class="error">'.__('There was a problem deleting user').'</h3>';
} else {
@ -78,8 +75,8 @@ $result = get_db_all_rows_in_table ('tusuario');
foreach ($result as $row) {
$data = array ();
$data[0] = '<a href="index.php?sec=gusuarios&sec2=godmode/users/configure_user&id_usuario_mio='.$row["id_usuario"].'"><b>'.$row["id_usuario"].'</b></a>';
$data[1] = $row["fecha_registro"];
$data[0] = print_username ($row["id_usuario"], true);
$data[1] = print_timestamp ($row["fecha_registro"], true);
if ($row["nivel"] == 1) {
$data[2] = '<img src="images/user_suit.png" />';
} else {
@ -94,7 +91,7 @@ foreach ($result as $row) {
}
foreach ($profiles as $profile) {
$data[2] .= dame_perfil ($profile["id_perfil"])." / ";
$data[2] .= get_profile_name ($profile["id_perfil"])." / ";
$data[2] .= get_group_name ($profile["id_grupo"])."<br />";
}

126
pandora_console/include/auth/dev.php Normal file
View File

@ -0,0 +1,126 @@
<?php
// Pandora FMS - the Flexible Monitoring System
// ============================================
// Copyright (c) 2009 Evi Vanoost, vanooste@rcbi.rochester.edu
// Please see http://pandora.sourceforge.net for full contribution list
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation for version 2.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// Database configuration (default ones)
if (!isset ($config)) {
die ('You cannot access this file directly!');
}
$config["user_can_update_password"] = false;
$config["admin_can_add_user"] = false;
$config["admin_can_delete_user"] = false;
$config["admin_can_disable_user"] = false;
//DON'T USE THIS IF YOU DON'T KNOW WHAT YOU'RE DOING
die ("This is a very dangerous authentication scheme. Only use for programming in case you should uncomment this line");
/**
* process_user_login accepts $login and $pass and handles it according to current authentication scheme
*
* @param string $login
* @param string $pass
*
* @return mixed False in case of error or invalid credentials, the username in case it's correct.
*/
function process_user_login ($login, $pass) {
return false; //Error
return $login; //Good
}
/**
* Checks if a user is administrator.
*
* @param string User id.
*
* @return bool True is the user is admin
*/
function is_user_admin ($user) {
return true; //User is admin
return false; //User isn't
}
/**
* Check is a user exists in the system
*
* @param string User id.
*
* @return bool True if the user exists.
*/
function is_user ($id_user) {
return true;
return false;
}
/**
* Gets the users real name
*
* @param string User id.
*
* @return string The users full name
*/
function get_user_realname ($id_user) {
return "admin";
return "";
return false;
}
/**
* Gets the users email
*
* @param string User id.
*
* @return string The users email address
*/
function get_user_email ($id_user) {
return "test@example.com";
return "";
return false;
}
/**
* Get a list of all users in an array [username] => real name
*
* @param string Field to order by (id_usuario, nombre_real or fecha_registro)
*
* @return array An array of users
*/
function get_users ($order = "nombre_real") {
return array ("admin" => "Admini Strator");
}
/**
* Sets the last login for a user
*
* @param string User id
*/
function update_user_contact ($id_user) {
//void
}
/**
* Deletes the user
*
* @param string User id
*/
function delete_user ($id_user) {
return true;
return false;
}
//Reference the global use authorization error to last ldap error.
$config["auth_error"] = &$dev_cache["auth_error"];
?>

518
pandora_console/include/auth/ldap.php Normal file
View File

@ -0,0 +1,518 @@
<?php
// Pandora FMS - the Flexible Monitoring System
// ============================================
// Copyright (c) 2009 Evi Vanoost, vanooste@rcbi.rochester.edu
// Please see http://pandora.sourceforge.net for full contribution list
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation for version 2.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// Database configuration (default ones)
if (!isset ($config)) {
die ('You cannot access this file directly!');
}
//TODO: Make the following 4 valid throughout Pandora FMS
$config["user_can_update_password"] = false;
$config["admin_can_add_user"] = false;
$config["admin_can_delete_user"] = false;
$config["admin_can_disable_user"] = false;
//Required and optional keys for this function to work
$req_keys = array ("ldap_server", "ldap_base_dn", "ldap_login_attr", "ldap_admin_group_name", "ldap_admin_group_attr", "ldap_admin_group_type", "ldap_user_filter", "ldap_user_attr");
$opt_keys = array ("ldap_port", "ldap_start_tls", "ldap_version", "ldap_admin_dn", "ldap_admin_pwd");
/**
* process_user_login accepts $login and $pass and handles it according to current authentication scheme
*
* @param string $login
* @param string $pass
*
* @return mixed False in case of error or invalid credentials, the username in case it's correct.
*/
function process_user_login ($login, $pass) {
if (!ldap_valid_login ($login, $pass)) {
return false;
}
global $config;
$profile = get_db_value ("id_usuario", "tusuario_perfil", "id_usuario", $login);
if ($profile === false && empty ($config["auth"]["create_user_undefined"])) {
$config["auth_error"] = "No profile"; //Error message, don't translate
return false; //User doesn't have a profile so doesn't have access
} elseif ($profile === false && !empty ($config["auth"]["create_user_undefined"])) {
$ret = create_user_profile ($login); //User doesn't have a profile but we are asked to create one
if ($ret === false) {
$config["auth_error"] = "Profile creation failed"; //Error message, don't translate
return false; //We couldn't create the profile for some or another reason
}
}
return $login;
}
/**
* Checks if a user is administrator.
*
* @param string User id.
*
* @return bool True is the user is admin
*/
function is_user_admin ($user_id) {
$admins = get_user_admins ();
if (in_array ($user_id, $admins)) {
return true;
}
return false;
}
/**
* Checks if a user exists
*
* @param string User id.
*
* @return bool True if the user exists
*/
function is_user ($id_user) {
$user = get_user_info ($id_user);
if (empty ($user))
return false;
return true;
}
/**
* Gets the users real name
*
* @param string User id.
*
* @return string The users full name
*/
function get_user_realname ($id_user) {
$info = get_user_info ($id_user);
if (empty ($info)) {
//User doesn't exist
return '';
}
return (string) $info["nombre_real"];
}
/**
* Gets the users email
*
* @param string User id.
*
* @return string The users email address
*/
function get_user_email ($id_user) {
$info = get_user_info ($id_user);
return (string) $info["direccion"];
}
/**
* Gets the users info
*
* @param string User id.
*
* @return array User info
*/
function get_user_info ($id_user) {
global $ldap_cache;
if (!empty ($ldap_cache[$id_user])) {
return $ldap_cache[$id_user];
}
$ldap_cache[$id_user] = ldap_load_user ($id_user);
if ($ldap_cache[$id_user] === false) {
return array ();
}
return $ldap_cache[$id_user];
}
/**
* Get all users that are defined in the admin group in LDAP
*
* @return array Array of users or empty array
*/
function get_user_admins () {
global $ldap_cache, $config;
if (! empty ($ldap_cache["cached_admins"])) {
return $ldap_cache["cached_admins"];
} else {
$ldap_cache["cached_admins"] = array ();
}
if (ldap_connect_bind ()) {
$search_filter = "(".$config["auth"]["ldap_admin_group_attr"]."=*)";
$sr = ldap_search ( $ldap_cache["ds"], $config["auth"]["ldap_admin_group_name"], $search_filter, array ($config["auth"]["ldap_admin_group_attr"]));
if (!$sr) {
$ldap_cache["error"] .= 'Error searching LDAP server (get_user_admins): ' . ldap_error ($ldap_cache["ds"]);
} else {
$admins = ldap_get_entries( $ldap_cache["ds"], $sr);
for( $x = 0; $x < $admins[0][$config["auth"]["ldap_admin_group_attr"]]['count']; $x++) {
if ($config["auth"]["ldap_admin_group_type"] != 'posixgroup') {
$ldap_cache["cached_admins"][] = stripdn ($admins[0][$config["auth"]["ldap_admin_group_attr"]][$x]);
} else {
$ldap_cache["cached_admins"][] = $admins[0][$config["auth"]["ldap_admin_group_attr"]][$x];
}
}
@ldap_free_result($sr);
}
@ldap_close ($ldap_cache["ds"]);
}
return $ldap_cache["cached_admins"];
}
/**
* Sets the last login for a user. LDAP doesn't have this (or it's inherent to the login process)
*
* @param string User id
*/
function update_user_contact ($id_user) {
//Empty function
}
/**
* LDAP user functions based on webcalendar's implementation
*
* File from webcalendar (GPL) project:
* $Id: user-ldap.php,v 1.42.2.1 2007/08/17 14:39:00 umcesrjones Exp $
*
* Note: this application assumes that usernames (logins) are unique.
*/
/**
* Function to search the dn for a given user. Error messages in $ldap_cache["error"];
*
* @param string User login
*
* @return mixed The DN if the user is found, false in other case
*/
function ldap_search_user ($login) {
global $ldap_cache, $config;
$nick = false;
if (ldap_connect_bind ()) {
$sr = @ldap_search ($ldap_cache["ds"], $config["auth"]["ldap_base_dn"], "(&(".$config["auth"]["ldap_login_attr"]."=".$login.")".$config["auth"]["ldap_user_filter"].")", array_values ($config["auth"]["ldap_user_attr"]));
if (!$sr) {
$ldap_cache["error"] .= 'Error searching LDAP server: ' . ldap_error ($ldap_cache["ds"]);
} else {
$info = @ldap_get_entries ($ldap_cache["ds"], $sr );
if ( $info['count'] != 1 ) {
$ldap_cache["error"] .= 'Invalid user';
} else {
$nick = $info[0]['dn'];
}
@ldap_free_result ($sr);
}
@ldap_close ($ldap_cache["ds"]);
}
return $nick;
}
/**
* Function to validate the user and password for a given login. Error messages in $ldap_cache["error"];
*
* @param string User login
* @param string User password (plain text)
*
* @return bool True if the login is correct, false in other case
*/
function ldap_valid_login ($login, $password) {
global $ldap_cache, $config;
if (! function_exists ("ldap_connect")) {
die ("Your installation of PHP does not support LDAP");
}
$ret = false;
if (!empty ($config["auth"]["ldap_port"])) {
$ds = @ldap_connect ($config["auth"]["ldap_server"], $config["auth"]["ldap_port"]); //Since this is a separate bind, we don't store it global
} else {
$ds = @ldap_connect ($config["auth"]["ldap_server"]); //Since this is a separate bind we don't store it global
}
if ($ds) {
if ($config["auth"]["ldap_version"] > 0) {
ldap_set_option ($ds, LDAP_OPT_PROTOCOL_VERSION, $config["auth"]["ldap_version"]);
}
if ($config["auth"]["ldap_start_tls"] && !@ldap_start_tls ($ds)) {
$ldap_cache["error"] .= 'Could not start TLS for LDAP connection';
return $ret;
}
if (ldap_search_user ($login)) {
$r = @ldap_bind ($ds, $config["auth"]["ldap_login_attr"]."=".$login.",".$config["auth"]["ldap_base_dn"], $password);
if (!$r) {
$ldap_cache["error"] .= 'Invalid login';
//$ldap_cache["error"] .= ': incorrect password'; // uncomment for debugging
} else {
$ret = true;
}
} else {
$ldap_cache["error"] .= 'Invalid login';
//$ldap_cache["error"] .= ': no such user';
}
@ldap_close ($ds);
} else {
$ldap_cache["error"] .= 'Error connecting to LDAP server';
}
return $ret;
}
/**
* Function to load user information according to PandoraFMS structure. Error messages in $ldap_cache["error"];
*
* @param string User login
*
* @return mixed Array with the information, false in other case
*/
function ldap_load_user ($login) {
global $ldap_cache, $config;
$ret = false;
if (ldap_connect_bind ()) {
$sr = ldap_search ($ldap_cache["ds"], $config["auth"]["ldap_base_dn"], "(&(".$config["auth"]["ldap_login_attr"]."=".$login.")".$config["auth"]["ldap_user_filter"].")", array_values ($config["auth"]["ldap_user_attr"]));
if (!$sr) {
$ldap_cache["error"] .= 'Error searching LDAP server (load_user): ' . ldap_error( $ldap_cache["ds"] );
} else {
$info = @ldap_get_entries ($ldap_cache["ds"], $sr);
if ($info['count'] != 1) {
$ldap_cache["error"] .= 'Invalid login';
//$ldap_cache["error"] .= ', could not load user'; //Uncomment for debugging
} else {
$ret = array ();
foreach ($config["auth"]["ldap_user_attr"] as $internal_key => $ldap_key) {
$ret["fecha_registro"] = get_system_time ();
$ret["nivel"] = is_user_admin ($info[0][$config["auth"]["ldap_user_attr"]["id_usuario"]][0]);
if (isset ($info[0][$ldap_key])) {
$ret[$internal_key] = $info[0][$ldap_key][0];
} else {
$ret[$internal_key] = '';
}
}
}
@ldap_free_result ($sr);
}
@ldap_close ( $ldap_cache["ds"] );
} else {
$ldap_cache["error"] .= 'Could not connect to LDAP server';
}
return $ret;
}
/**
* Function to create a new user. We don't do LDAP admin in Pandora, so not implemented.
*
* @return bool false
*/
function create_user () {
global $ldap_cache;
$ldap_cache["error"] .= 'Not yet supported.';
return false;
}
/**
* Function to update a user. We don't do LDAP admin in Pandora, so not implemented.
*
* @return bool false
*/
function update_user () {
global $ldap_cache;
$ldap_cache["error"] .= 'Not yet supported.';
return false;
}
/**
* Function to update a user password. We don't do LDAP admin in Pandora, so not implemented.
*
* @return bool false
*/
function update_user_password ( $user, $password ) {
global $ldap_cache;
$ldap_cache["error"] .= 'Not yet supported';
return false;
}
/**
* Delete a user (preferences etc.) from the pandora database (NOT from LDAP)
*
* @param string $user User to delete
*
* @return bool True if successfully deleted, false otherwise
*/
function delete_user ($user) {
global $ldap_cache;
$ldap_cache["error"] .= 'Not yet supported';
return false;
}
/**
* Function to get all users (for LDAP this also includes the admin users which you have to get separate)
*
* @param string Order currently not done for LDAP
*
* @return array List if successful, empty array otherwise
*/
function get_users ($order = false) {
global $ldap_cache, $config;
if (!empty ($ldap_cache["cached_users"])) {
return $ldap_cache["cached_users"];
}
$ldap_cache["cached_users"] = array ();
if (ldap_connect_bind ()) {
$sr = @ldap_search ($ldap_cache["ds"], $config["auth"]["ldap_base_dn"], $config["auth"]["ldap_user_filter"], array_values ($config["auth"]["ldap_user_attr"]));
if (!$sr) {
$ldap_cache["error"] .= 'Error searching LDAP server (get_users): ' . ldap_error( $ldap_cache["ds"] );
} else {
ldap_sort ($ldap_cache["ds"], $sr, $config["auth"]["ldap_user_attr"]["nombre_real"]);
$info = @ldap_get_entries( $ldap_cache["ds"], $sr );
for ( $i = 0; $i < $info['count']; $i++ ) {
foreach ($config["auth"]["ldap_user_attr"] as $internal_key => $ldap_key) {
$ret[$info[$i][$config["auth"]["ldap_user_attr"]["id_usuario"]][0]]["fecha_registro"] = get_system_time ();
if (isset ($info[$i][$ldap_key])) {
$ret[$info[$i][$config["auth"]["ldap_user_attr"]["id_usuario"]][0]][$internal_key] = $info[$i][$ldap_key][0];
} else {
$ret[$info[$i][$config["auth"]["ldap_user_attr"]["id_usuario"]][0]][$internal_key] = '';
}
$ret[$info[$i][$config["auth"]["ldap_user_attr"]["id_usuario"]][0]]["nivel"] = is_user_admin ($info[$i][$config["auth"]["ldap_user_attr"]["id_usuario"]][0]);
}
}
@ldap_free_result($sr);
}
@ldap_close ( $ldap_cache["ds"] );
}
//Admins are also users and since they can be in separate channels in LDAP, we merge them
$ldap_cache["cached_users"] = $ret;
return $ldap_cache["cached_users"];
}
// Strip everything but the username (uid) from a dn.
// params:
// $dn - the dn you want to strip the uid from.
// returns: string - userid
//
// ex: stripdn(uid=jeffh,ou=people,dc=example,dc=com) returns jeffh
function stripdn ($dn) {
list ($uid, $trash) = split (',', $dn, 2);
list ($trash, $user) = split ('=', $uid);
return ($user);
}
// Connects and binds to the LDAP server
// Tries to connect as $config["auth"]["ldap_admin_dn"] if we set it.
// returns: bind result or false
function ldap_connect_bind () {
global $ldap_cache, $config;
if (! function_exists ('ldap_connect')) {
die ('Your installation of PHP does not support LDAP');
}
$ret = false;
if (!empty ($config["auth"]["ldap_port"]) && !is_resource ($ldap_cache["ds"])) {
$ldap_cache["ds"] = @ldap_connect ($config["auth"]["ldap_server"], $config["auth"]["ldap_port"]);
} elseif (!is_resource ($ldap_cache["ds"])) {
$ldap_cache["ds"] = @ldap_connect ($config["auth"]["ldap_server"]);
} else {
return true;
}
if ($ldap_cache["ds"]) {
if (!empty ($config["auth"]["ldap_version"])) {
ldap_set_option($ldap_cache["ds"], LDAP_OPT_PROTOCOL_VERSION, $config["auth"]["ldap_version"]);
}
if (!empty ($config["auth"]["ldap_start_tls"])) {
if (!ldap_start_tls ($ldap_cache["ds"])) {
$ldap_cache["error"] .= 'Could not start TLS for LDAP connection';
return $ret;
}
}
if (!empty ($config["auth"]["ldap_admin_dn"])) {
$r = @ldap_bind ($ldap_cache["ds"], $config["auth"]["ldap_admin_dn"], $config["auth"]["ldap_admin_pwd"]);
} else {
$r = @ldap_bind ($ldap_cache["ds"]);
}
if (!$r) {
$ldap_cache["error"] .= 'Invalid bind login for LDAP Server or (in case of OpenLDAP 2.x) could not connect';
return $ret;
}
return true;
} else {
$ldap_cache["error"] .= 'Error connecting to LDAP server';
return $ret;
}
}
$ldap_cache = array ();
$ldap_cache["error"] = "";
$ldap_cache["ds"] = "";
//Put each required key in a variable.
foreach ($req_keys as $key) {
if (!isset ($config["auth"][$key])) {
user_error ("Required key ".$key." not set", E_USER_ERROR);
}
}
// Convert group name to lower case to prevent problems
$config["auth"]["ldap_admin_group_attr"] = strtolower ($config["auth"]["ldap_admin_group_attr"]);
$config["auth"]["ldap_admin_group_type"] = strtolower ($config["auth"]["ldap_admin_group_type"]);
foreach ($opt_keys as $key) {
if (!isset ($config["auth"][$key])) {
switch ($key) {
case "ldap_start_tls":
$config["auth"][$key] = false;
continue;
case "ldap_version":
$config["auth"][$key] = 0;
continue;
case "ldap_admin_dn":
case "ldap_admin_pwd":
$config["auth"][$key] = "";
continue;
default:
//Key not implemented
continue;
}
}
}
//Reference the global use authorization error to last ldap error.
$config["auth_error"] = &$ldap_cache["error"];
unset ($req_keys, $opt_keys);
?>

183
pandora_console/include/auth/mysql.php Normal file
View File

@ -0,0 +1,183 @@
<?php
if (!isset ($config)) {
die ('You cannot access this file directly!');
}
// Pandora FMS - the Flexible Monitoring System
// ============================================
// Copyright (c) 2009 Evi Vanoost, vanooste@rcbi.rochester.edu
// Please see http://pandora.sourceforge.net for full contribution list
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation for version 2.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// Database configuration (default ones)
$config["user_can_update_password"] = true;
$config["admin_can_add_user"] = true;
$config["admin_can_delete_user"] = true;
$config["admin_can_disable_user"] = true;
/**
* process_user_login accepts $login and $pass and handles it according to current authentication scheme
*
* @param string $login
* @param string $pass
*
* @return mixed False in case of error or invalid credentials, the username in case it's correct.
*/
function process_user_login ($login, $pass) {
global $mysql_cache;
// Connect to Database
$sql = sprintf ("SELECT `id_usuario`, `password` FROM `tusuario` WHERE `id_usuario` = '%s'", $login);
$row = get_db_row_sql ($sql);
//Check that row exists, that password is not empty and that password is the same hash
if ($row !== false && $row["password"] !== md5 ("") && $row["password"] == md5 ($pass)) {
// Login OK
// Nick could be uppercase or lowercase (select in MySQL
// is not case sensitive)
// We get DB nick to put in PHP Session variable,
// to avoid problems with case-sensitive usernames.
// Thanks to David Muñiz for Bug discovery :)
return $row["id_usuario"];
} else {
$mysql_cache["auth_error"] = "User not found in database or incorrect password";
}
return false;
}
/**
* Checks if a user is administrator.
*
* @param string User id.
*
* @return bool True is the user is admin
*/
function is_user_admin ($id_user) {
$level = get_db_value ('nivel', 'tusuario', 'id_usuario', $id_user);
if ($level == 1) {
return true;
} else {
return false;
}
}
/**
* Check is a user exists in the system
*
* @param string User id.
*
* @return bool True if the user exists.
*/
function is_user ($id_user) {
$user = get_db_row ('tusuario', 'id_usuario', $id_user);
if (! $user)
return false;
return true;
}
/**
* Gets the users real name
*
* @param string User id.
*
* @return string The users full name
*/
function get_user_realname ($id_user) {
return (string) get_db_value ('nombre_real', 'tusuario', 'id_usuario', $id_user);
}
/**
* Gets the users email
*
* @param string User id.
*
* @return string The users email address
*/
function get_user_email ($id_user) {
return (string) get_db_value ('direccion', 'tusuario', 'id_usuario', $id_user);
}
/**
* Gets a Users info
*
* @param string User id
*
* @return mixed An array of users
*/
function get_user_info ($id_user) {
return get_db_row ("tusuario", "id_usuario", $id_user);
}
/**
* Get a list of all users in an array [username] => array (userinfo)
* We can't simplify this because some auth schemes (like LDAP) automatically (or it's at least cheaper to) return all the information
* Functions like get_user_info allow selection of specifics (in functions_db)
*
* @param string Field to order by (id_usuario, nombre_real or fecha_registro)
*
* @return array An array of user information
*/
function get_users ($order = "nombre_real") {
switch ($order) {
case "id_usuario":
case "fecha_registro":
case "nombre_real":
break;
default:
$order = "nombre_real";
}
$output = array();
$result = get_db_all_rows_in_table ("tusuario", $order);
if ($result !== false) {
foreach ($result as $row) {
$output[$row["id_usuario"]] = $row;
}
}
return $output;
}
/**
* Sets the last login for a user
*
* @param string User id
*/
function update_user_contact ($id_user) {
$sql = sprintf ("UPDATE tusuario SET fecha_registro = NOW() WHERE id_usuario = '%s'", $id_user);
process_sql ($sql);
}
/**
* Deletes the user
*
* @param string User id
*/
function delete_user ($id_user) {
$sql = "DELETE FROM tgrupo_usuario WHERE usuario = '".$id_user."'";
$result = process_sql ($sql);
if ($result === false) {
return false;
}
$sql = "DELETE FROM tusuario WHERE id_usuario = '".$id_user."'";
$result = process_sql ($sql);
if ($result === false) {
return false;
}
return true;
}
//Reference the global use authorization error to last ldap error.
$config["auth_error"] = &$mysql_cache["auth_error"];
?>

69
pandora_console/include/config.inc.php
View File

@ -27,9 +27,78 @@
// $config["homedir"]="/var/www/pandora_console/";
// $config["homeurl"]="/pandora_console/";
///*************************** Start LDAP Config *****************************/
//------ LDAP General Server Settings ------//
//
//Name or address of the LDAP server
// For SSL (not TLS) use 'ldaps://localhost'
//$config["auth"]["ldap_server"] = 'ldap://rcbi.rochester.edu';
//
//OPTIONAL: Port LDAP listens on (usually 389). Some configurations require you to specify this no matter what
//$config["auth"]["ldap_port"] = 389;
//
//OPTIONAL: Use TLS for the connection (not the same as ldaps://)
//$config["auth"]["ldap_start_tls"] = true;
//
//OPTIONAL: Protocol version to use to connect to your server (3 for most installations)
//$config["auth"]["ldap_version"] = 0;
//
// base DN to search for user information (full dn)
// This is based on Mac OS X OpenDirectory, change accordingly
//$config["auth"]["ldap_base_dn"] = 'cn=users,dc=rcbi,dc=rochester,dc=edu';
//
// The ldap attribute used to find a user (login).
// E.g., if you use cn, your login might be "Jane Smith" -- untested!
// if you use uid, your login might be "jsmith"
//$config["auth"]["ldap_login_attr"] = 'uid';
//
// OPTIONAL: Account used to connect (bind) to the server and SEARCH for information.
// This user must have the correct rights to perform search on objects
// By default the search will be made anonymous.
// *** We do NOT recommend storing the root LDAP account or any type of admin/living person info here ***
//$config["auth"]["ldap_admin_dn"] = ''; // user DN
//$config["auth"]["ldap_admin_pwd"] = ''; // user password
//
//------ Admin Group Settings ------//
//
// A group name (complete DN) to find users with admin rights
//$config["auth"]["ldap_admin_group_name"] = 'cn=pandora_admins,cn=groups,dc=rcbi,dc=rochester,dc=edu';
//
// What type of group do we want (posixgroup, groupofnames, groupofuniquenames)
//$config["auth"]["ldap_admin_group_type"] = 'posixgroup';
//
// The LDAP attribute used to store member of a group
//$config["auth"]["ldap_admin_group_attr"] = 'memberuid';
//
//------ LDAP Filter Settings ------//
//
// LDAP filter used to limit search results and login authentication
//$config["auth"]["ldap_user_filter"] = '(&(objectclass=person)(!(sn=99)))';
//
// Attributes to fetch from LDAP and corresponding user variables in the
// application. Do change according to your LDAP Schema
//$config["auth"]["ldap_user_attr"] = array (
// // LDAP attribute //Pandora FMS variable
// 'id_usuario' => 'uid', //login
// 'lastname' => 'sn', //last (sur) name
// 'firstname' => 'givenname', //first (given) name
// 'nombre_real' => 'cn', //full (common) name
// 'comentarios' => 'description', //comments - you can set this to anything
// 'fecha_registro' => 'lastlogin', //last login utimestamp or don't define
// 'direccion' => 'mail', //email - not necessary will default to empty
// 'telefono' => 'phone' //phone
//);
///* You can uncomment the following only if you understand what it implies
//
// $config["auth"]["create_user_undefined"] = false; //Create a user with minimal rights if the user is in your authentication scheme but not in Pandora
//*/
///*************************** End LDAP Config *****************************/
// Do not display any ERROR
error_reporting(E_ALL);
// Display ALL errors
// error_reporting(E_ERROR);

16
pandora_console/include/config_process.php
View File

@ -81,8 +81,22 @@ foreach ($configs as $c) {
switch ($c["token"]) {
case "language_code":
$config['language'] = $c['value'];
break;
case "auth":
exit ('<html><head><title>Pandora FMS Error</title>
<link rel="stylesheet" href="./include/styles/pandora.css" type="text/css">
</head><body><div align="center">
<div id="db_f">
<div>
<a href="index.php"><img src="images/pandora_logo.png" border="0"></a>
</div>
<div id="db_ftxt">
<h1 id="log_f" class="error">Pandora FMS Console Error DB-003</h1>
Cannot override auth variables from database. Remove them from your database by executing:
DELETE FROM tconfig WHERE token = "auth";
<br />
</div>
</div></body></html>');
default:
$config[$c['token']] = $c['value'];
}

2
pandora_console/include/functions.php
View File

@ -988,7 +988,6 @@ if (!function_exists ("mb_strtoupper")) {
*
* @param string Text string to be stripped of magic_quotes protection
*/
function unsafe_string ($string) {
if (get_magic_quotes_gpc ())
return stripslashes ($string);
@ -1000,7 +999,6 @@ function unsafe_string ($string) {
*
* @param string Text string to be protected with quotes if magic_quotes protection is disabled
*/
function safe_sql_string ($string) {
if (get_magic_quotes_gpc () == 0)
return $string;

125
pandora_console/include/functions_db.php
View File

@ -27,14 +27,14 @@
function check_login () {
global $config;
if (! isset ($config["homedir"])) {
if (!isset ($config["homedir"])) {
// No exists $config. Exit inmediatly
include("general/noaccess.php");
exit;
}
if ((isset($_SESSION["id_usuario"])) AND ($_SESSION["id_usuario"] != "")) {
$id = get_db_value("id_usuario","tusuario","id_usuario",$_SESSION["id_usuario"]);
if ( $_SESSION["id_usuario"] == $id) {
if (is_user ($_SESSION["id_usuario"])) {
return 0;
}
}
@ -68,8 +68,8 @@ function give_acl ($id_user, $id_group, $access) {
// IF user is level = 1 then always return 1
global $config;
$nivel = get_db_value("nivel","tusuario","id_usuario",$id_user);
if ($nivel == 1) {
$nivel = is_user_admin ($id_user);
if ($nivel) {
return 1;
//Apparently nivel is 1 if user has full admin access
}
@ -153,8 +153,7 @@ function audit_db ($id, $ip, $accion, $descripcion){
function logon_db ($id_user, $ip) {
audit_db ($id_user, $ip, "Logon", "Logged in");
// Update last registry of user to set last logon. How do we audit when the user was created then?
$sql = sprintf ("UPDATE tusuario SET fecha_registro = NOW() WHERE id_usuario = '%s'", $id_user);
process_sql ($sql);
update_user_contact ($id_user);
}
/**
@ -174,10 +173,40 @@ function logoff_db ($id_user, $ip) {
*
* @return string Profile name of the given id
*/
function dame_perfil ($id_profile) {
function get_profile_name ($id_profile) {
return (string) get_db_value ('name', 'tperfil', 'id_perfil', (int) $id_profile);
}
/**
* Create Profile for User
*
* @param string User ID
* @param int Profile ID (default 1 => AR)
* @param int Group ID (default 1 => All)
*
* @return bool True if succesful, false if not
*/
function create_user_profile ($id_user, $id_profile = 1, $id_group = 1) {
global $config;
if (isset ($config["id_user"])) {
//Usually this is set unless we call it while logging in (user known by auth scheme but not by pandora)
$assign = $config["id_user"];
} else {
$assign = $id_user;
}
$insert = array (
"id_usuario" => $id_user,
"id_perfil" => $id_profile,
"id_grupo" => $id_group,
"assigned_by" => $assign
);
return (bool) process_sql_insert ("tusuario_perfil", $insert);
}
/**
* Get disabled field of a group
*
@ -366,11 +395,7 @@ function get_agent_name ($id_agent, $case = "upper") {
}
/**
* Get MD5 encrypted password of a user.
*
* @param string id_usuario User id.
*
* @return string Password of a user (should be compared to MD5 string)
* DEPRECATED: Don't use this anymore. Use pre-defined functions according to authorization scheme. Passwords can't always be retrieved
*/
function get_user_password ($id_user) {
return (string) get_db_value ('password', 'tusuario', 'id_usuario', $id_user);
@ -477,14 +502,10 @@ function get_agentmodule_type ($id_agentmodule) {
}
/**
* Get the real name of an user.
*
* @param string $id_user User id
*
* @return string Real name of given user.
* DEPRECATED: User get_user_realname
*/
function dame_nombre_real ($id_user) {
return (string) get_db_value ('nombre_real', 'tusuario', 'id_usuario', $id_user);
return get_user_realname ($id_user);
}
/**
@ -855,42 +876,17 @@ function get_os_name ($id_os) {
}
/**
* Update user last login timestamp.
*
* @param string $id_user User id
*/
function update_user_contact ($id_user) {
global $config;
$sql = sprintf ("UPDATE `tusuario` set `fecha_registro` = NOW() WHERE 'id_usuario' = %d",$id_user);
process_sql ($sql);
}
/**
* Get the user email
*
* @param string User id.
*
* @return string Get the email address of an user
* DEPRECATED: Use get_user_email
*/
function dame_email ($id_user) {
return (string) get_db_value ('direccion', 'tusuario', 'id_usuario', $id_user);
return get_user_email ($id_user);
}
/**
* Checks if a user is administrator.
*
* @param string User id.
*
* @return bool True is the user is admin
* DEPRECATED: Use is_user_admin
*/
function dame_admin ($id_user) {
$level = get_db_value ('nivel', 'tusuario', 'id_usuario', $id_user);
if ($level == 1) {
return true;
} else {
return false;
}
return is_user_admin ($id_user);
}
/**
@ -928,10 +924,7 @@ function check_alert_fired ($id_agent) {
* @return bool True if the user exists.
*/
function existe ($id_user) {
$user = get_db_row ('tusuario', 'id_usuario', $id_user);
if (! $user)
return false;
return true;
return is_user ($id_user);
}
/**
@ -1026,32 +1019,20 @@ function list_group2 ($id_user) {
}
/**
* Get a list of all users in an array [username] => real name
* Get a list of all users in an array [username] => (info)
*
* @param string Field to order by (id_usuario, nombre_real or fecha_registro)
* @param string Which info to get (defaults to nombre_real)
*
* @return array An array of users
*/
function list_users ($order = "nombre_real") {
switch ($order) {
case "id_usuario":
case "fecha_registro":
case "nombre_real":
break;
default:
$order = "nombre_real";
function get_users_info ($order = "nombre_real", $info = "nombre_real") {
$users = get_users ($order);
$ret = array ();
foreach ($users as $user_id => $user_info) {
$ret[$user_id] = $user_info[$info];
}
$output = array();
$result = get_db_all_rows_sql ("SELECT id_usuario, nombre_real FROM tusuario ORDER BY ".$order);
if ($result !== false) {
foreach ($result as $row) {
$output[$row["id_usuario"]] = $row["nombre_real"];
}
}
return $output;
return $ret;
}
/**

19
pandora_console/include/functions_ui.php
View File

@ -131,7 +131,7 @@ function print_timestamp ($unixtime, $return = false, $option = array ()) {
* @return string HTML code if return parameter is true.
*/
function print_username ($username, $return = false) {
$string = '<a href="index.php?sec=usuario&sec2=operation/users/user_edit&ver='.$username.'">'.dame_nombre_real ($username).'</a>';
$string = '<a href="index.php?sec=usuario&sec2=operation/users/user_edit&ver='.$username.'">'.get_user_realname ($username).'</a>';
if ($return)
return $string;
@ -291,4 +291,21 @@ function format_alert_row ($alert, $combined = false, $agent = true, $url = '')
return $data;
}
/**
* Prints a substracted string, length specified by cutoff, the full string will be in a rollover.
*
* @param string The string to be cut
* @param int At how much characters to cut
* @param bool Whether to return or print it out
*
* @return An HTML string
*/
function print_string_substr ($string, $cutoff = 16, $return = false) {
$string = '<span title="'.safe_input ($string).'">'.mb_substr ($string, 0, $cutoff, "UTF-8").(mb_strlen ($string. "UTF-8") > $cutoff ? '...' : '').'</span>';
if ($return === false) {
echo $string;
}
return $string;
}
?>

36
pandora_console/index.php
View File

@ -64,6 +64,12 @@ require_once ("include/config.php");
require_once ("include/functions.php");
require_once ("include/functions_db.php");
if (!isset ($config["auth"])) {
require_once ("include/auth/mysql.php");
} else {
require_once ("include/auth/".$config["auth"]["scheme"].".php");
}
/* Enterprise support */
if (file_exists (ENTERPRISE_DIR."/load_enterprise.php")) {
include (ENTERPRISE_DIR."/load_enterprise.php");
@ -161,34 +167,30 @@ if (! isset ($_SESSION['id_usuario']) && isset ($_GET["loginhash"])) {
// Login process
elseif (! isset ($_SESSION['id_usuario']) && isset ($_GET["login"])) {
$nick = get_parameter_post ("nick");
$pass = get_parameter_post ("pass");
// Connect to Database
$sql = sprintf ("SELECT `id_usuario`, `password` FROM `tusuario` WHERE `id_usuario` = '%s'", $nick);
$row = get_db_row_sql ($sql);
$config["auth_error"] = ""; //Set this to the error message from the authorization mechanism
$nick = get_parameter_post ("nick"); //This is the variable with the login
$pass = get_parameter_post ("pass"); //This is the variable with the password
// For every registry
if ($row !== false && $row["password"] == md5 ($pass)) {
// Login OK
// Nick could be uppercase or lowercase (select in MySQL
// is not case sensitive)
// We get DB nick to put in PHP Session variable,
// to avoid problems with case-sensitive usernames.
// Thanks to David Muñiz for Bug discovery :)
$nick = $row["id_usuario"];
// process_user_login is a virtual function which should be defined in each auth file.
// It accepts username and password. The rest should be internal to the auth file.
// The auth file can set $config["auth_error"] to an informative error output or reference their internal error messages to it
// process_user_login should return false in case of errors or invalid login, the nickname if correct
$nick = process_user_login ($nick, $pass);
if ($nick !== false) {
unset ($_GET["sec2"]);
$_GET["sec"] = "general/logon_ok";
update_user_contact ($nick);
logon_db ($nick, $REMOTE_ADDR);
$_SESSION['id_usuario'] = $nick;
$config['id_user'] = $nick;
unset ($_GET['pass'], $pass, $_POST['pass'], $_REQUEST['pass']);
//Remove everything that might have to do with people's passwords or logins
unset ($_GET['pass'], $pass, $_POST['pass'], $_REQUEST['pass'], $login_good);
} else {
// User not known
$login_failed = true;
require_once ('general/login_page.php');
audit_db ($nick, $REMOTE_ADDR, "Logon Failed",
"Invalid login: ".$nick);
audit_db ($nick, $REMOTE_ADDR, "Logon Failed", "Invalid login: ".$nick);
exit;
}
} elseif (! isset ($_SESSION['id_usuario'])) {

3
pandora_console/operation/agentes/estado_agente.php
View File

@ -89,8 +89,7 @@ if ($ag_group > 1){
// Not selected any specific group
} else {
// Is admin user ??
$sql = sprintf ("SELECT * FROM tusuario WHERE id_usuario ='%s'", $config['id_user']);
if (get_db_sql ($sql, "nivel") == 1) {
if (is_user_admin ($config["id_user"])) {
$sql = "SELECT * FROM tagente WHERE disabled = 0 $search_sql ORDER BY nombre, id_grupo LIMIT $offset, ".$config["block_size"];
$sql2 = "SELECT COUNT(id_agente) FROM tagente WHERE disabled = 0 $search_sql ORDER BY nombre, id_grupo";
// standard user

4
pandora_console/operation/incidents/incident_detail.php
View File

@ -223,9 +223,9 @@ echo '<td class="datos2"><b>'.__('Updated at').'</b><td class="datos2"><i>'.date
echo '<tr><td class="datos"><b>'.__('Owner').'</b></td><td class="datos">';
if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) {
print_select (list_users (), "usuario_form", $usuario, '', 'SYSTEM', '', false, false, true, "w135");
print_select (get_users_info (), "usuario_form", $usuario, '', 'SYSTEM', '', false, false, true, "w135");
} else {
print_select (list_users (), "usuario_form", $usuario, '', 'SYSTEM', '', false, false, true, "w135", true);
print_select (get_users_info (), "usuario_form", $usuario, '', 'SYSTEM', '', false, false, true, "w135", true);
}
echo '</td><td class="datos"><b>'.__('Status').'</b></td><td class="datos">';

2
pandora_console/operation/incidents/incident_search.php
View File

@ -34,7 +34,7 @@ echo '<div style="width:650px;"><div style="float:right;"><img src="images/pulpo
<table width="500px" cellpadding="4" cellspacing="4" class="databox">
<tr><td class="datos">'.__('Created by:').'</td><td class="datos">';
print_select (list_users (), "usuario", "All", '', __('All'), "All", false, false, false, "w120");
print_select (get_users_info (), "usuario", "All", '', __('All'), "All", false, false, false, "w120");
echo '</td></tr><tr><td class="datos2">'.__('Search text').': (*)</td>
<td class="datos2">';

269
pandora_console/operation/users/user.php
View File

@ -18,171 +18,126 @@
// Load global vars
require("include/config.php");
require_once ("include/config.php");
if (comprueba_login() == 0) {
check_login ();
?>
echo '<h2>'.__('Pandora users').' &gt '.__('Users defined in Pandora').'</h2>';
<h2><?php echo __('Pandora users') ?> &gt;
<?php echo __('Users defined in Pandora') ?></h2>
$table->cellpadding = 4;
$table->cellspacing = 4;
$table->width = 700;
$table->class = "databox";
$table->head = array ();
$table->data = array ();
$table->align = array ();
<table cellpadding="4" cellspacing="4" width="700" class='databox'>
<th width="80px"><?php echo __('UserID')?></th>
<th width="155px"><?php echo __('Last contact')?></th>
<th width="45px"><?php echo __('Profile')?></th>
<th width="120px"><?php echo __('Name')?></th>
<th><?php echo __('Description')?></th>
$table->head[0] = __('User ID');
$table->head[1] = __('Name');
$table->head[2] = __('Last contact');
$table->head[3] = __('Profile');
$table->head[4] = __('Description');
<?php
$color = 1;
$table->align[2] = "center";
$table->align[3] = "center";
if (give_acl($config["id_user"], 0, "UM") == 1)
$query1="SELECT * FROM tusuario";
else
$query1="SELECT * FROM tusuario WHERE id_usuario = '".$config["id_user"]."'";
$resq1=mysql_query($query1);
while ($rowdup=mysql_fetch_array($resq1)){
$name=$rowdup["id_usuario"];
$nivel=$rowdup["nivel"];
$real_name=$rowdup["nombre_real"];
$comments=$rowdup["comentarios"];
$fecha_registro =$rowdup["fecha_registro"];
if ($color == 1){
$tdcolor = "datos";
$color = 0;
$tip = "tip";
}
else {
$tdcolor = "datos2";
$color = 1;
$tip = "tip2";
}
echo "<tr><td class='$tdcolor'><a href='index.php?sec=usuarios&sec2=operation/users/user_edit&ver=".$name."'><b>".$name."</b></a>";
echo "<td class='$tdcolor'><font size=1>".$fecha_registro."</font>";
echo "<td class='$tdcolor'>";
if ($nivel == 1)
echo "<img src='images/user_suit.png'>";
else
echo "<img src='images/user_green.png'>";
$sql1='SELECT * FROM tusuario_perfil WHERE id_usuario = "'.$name.'"';
$result=mysql_query($sql1);
echo "<a href='#' class='$tip'>&nbsp;<span>";
if (mysql_num_rows($result)){
while ($row=mysql_fetch_array($result)){
echo dame_perfil ($row["id_perfil"])."/ ";
echo get_group_name ($row["id_grupo"])."<br>";
}
}
else { echo __('This user doesn\'t have any assigned profile/group'); }
echo "</span></a>";
echo "<td class='$tdcolor' width='100'>".substr($real_name,0,16)."</td>";
echo "<td class='$tdcolor'>".$comments."</td>";
echo "</tr>";
$info = array ();
if (give_acl ($config["id_user"], 0, "UM") == 1) {
$info = get_users ();
} else {
$info[$config["id_user"]] = get_user_info ($config["id_user"]);
}
echo "</table><br>";
?>
<h3><?php echo __('Profiles defined in Pandora') ?></h3>
<table cellpadding='4' cellspacing='4' class='databox'>
<?php
$query_del1="SELECT * FROM tperfil";
$resq1=mysql_query($query_del1);
echo "<tr>";
echo "<th width='180px'>
<font size=1>".__('Profiles')."</th>";
echo "<th width='40px'><font size=1>IR";
print_help_tip (__('System incidents reading'));
echo "</font></th>";
echo "<th width='40px'><font size=1>IW";
print_help_tip (__('System incidents writing'));
echo "</font></th>";
echo "<th width='40px'><font size=1>IM";
print_help_tip (__('System incidents management'));
echo "</font></th>";
echo "<th width='40px'><font size=1>AR";
print_help_tip (__('Agents reading'));
echo "</font></th>";
echo "<th width='40px'><font size=1>AW";
print_help_tip (__('Agents management'));
echo "</font></th>";
echo "<th width='40px'><font size=1>LW";
print_help_tip (__('Alerts edition'));
echo "</font></th>";
echo "<th width='40px'><font size=1>UM";
print_help_tip (__('Users management'));
echo "</font></th>";
echo "<th width='40px'><font size=1>DM";
print_help_tip (__('Database management'));
echo "</font></th>";
echo "<th width='40px'><font size=1>LM";
print_help_tip (__('Alerts management'));
echo "</font></th>";
echo "<th width='40px'><font size=1>PM";
print_help_tip (__('Pandora system management'));
echo "</font></th>";
$color = 1;
while ($rowdup=mysql_fetch_array($resq1)){
$id_perfil = $rowdup["id_perfil"];
$nombre=$rowdup["name"];
$incident_view = $rowdup["incident_view"];
$incident_edit = $rowdup["incident_edit"];
$incident_management = $rowdup["incident_management"];
$agent_view = $rowdup["agent_view"];
$agent_edit =$rowdup["agent_edit"];
$alert_edit = $rowdup["alert_edit"];
$user_management = $rowdup["user_management"];
$db_management = $rowdup["db_management"];
$alert_management = $rowdup["alert_management"];
$pandora_management = $rowdup["pandora_management"];
if ($color == 1){
$tdcolor = "datos";
$color = 0;
}
else {
$tdcolor = "datos2";
$color = 1;
}
echo "<tr><td class='$tdcolor"."_id'>".$nombre;
echo "<td class='$tdcolor'>";
if ($incident_view == 1) echo "<img src='images/ok.png' border=0>";
echo "<td class='$tdcolor'>";
if ($incident_edit == 1) echo "<img src='images/ok.png' border=0>";
echo "<td class='$tdcolor'>";
if ($incident_management == 1) echo "<img src='images/ok.png' border=0>";
echo "<td class='$tdcolor'>";
if ($agent_view == 1) echo "<img src='images/ok.png' border=0>";
echo "<td class='$tdcolor'>";
if ($agent_edit == 1) echo "<img src='images/ok.png' border=0>";
echo "<td class='$tdcolor'>";
if ($alert_edit == 1) echo "<img src='images/ok.png' border=0>";
echo "<td class='$tdcolor'>";
if ($user_management == 1) echo "<img src='images/ok.png' border=0>";
echo "<td class='$tdcolor'>";
if ($db_management == 1) echo "<img src='images/ok.png' border=0>";
echo "<td class='$tdcolor'>";
if ($alert_management == 1) echo "<img src='images/ok.png' border=0>";
echo "<td class='$tdcolor'>";
if ($pandora_management == 1) echo "<img src='images/ok.png' border=0>";
foreach ($info as $user_id => $user_info) {
$data[0] = $user_id;
$data[1] = $user_info["nombre_real"];
$data[2] = print_timestamp ($user_info["fecha_registro"], true);
if ($user_info["nivel"]) {
$data[3] = '<img src="images/user_suit.png" />&nbsp;';
} else {
$data[3] = '<img src="images/user_green.png" />&nbsp;';
}
} //end of page
$data[3] .= '<a href="#" class="tip"><span>';
$result = get_db_all_rows_field_filter ("tusuario_perfil", "id_usuario", $user_id);
if ($result !== false) {
foreach ($result as $row) {
$data[3] .= get_profile_name ($row["id_perfil"]);
$data[3] .= " / ";
$data[3] .= get_group_name ($row["id_grupo"]);
$data[3] .= "<br />";
}
} else {
$data[3] .= __('The user doesn\'t have any assigned profile/group');
}
$data[3] .= "</span></a>";
$data[4] = print_string_substr ($user_info["comentarios"], 24, true);
array_push ($table->data, $data);
}
print_table ($table);
unset ($table);
echo '<h3>'.__('Profiles defined in Pandora').'</h3>';
$table->cellpadding = 4;
$table->cellspacing = 4;
$table->class = 'databox';
$table->width = 700;
$table->head = array ();
$table->data = array ();
$table->size = array ();
$table->head[0] = __('Profiles');
$table->head[1] = "IR".print_help_tip (__('System incidents reading'), true);
$table->head[2] = "IW".print_help_tip (__('System incidents writing'), true);
$table->head[3] = "IM".print_help_tip (__('System incidents management'), true);
$table->head[4] = "AR".print_help_tip (__('Agents reading'), true);
$table->head[5] = "AW".print_help_tip (__('Agents management'), true);
$table->head[6] = "LW".print_help_tip (__('Alerts editing'), true);
$table->head[7] = "UM".print_help_tip (__('Users management'), true);
$table->head[8] = "DM".print_help_tip (__('Database management'), true);
$table->head[9] = "LM".print_help_tip (__('Alerts management'), true);
$table->head[10] = "PM".print_help_tip (__('Systems management'), true);
$table->size[1] = 40;
$table->size[2] = 40;
$table->size[3] = 40;
$table->size[4] = 40;
$table->size[5] = 40;
$table->size[6] = 40;
$table->size[7] = 40;
$table->size[8] = 40;
$table->size[9] = 40;
$table->size[10] = 40;
$profiles = get_db_all_rows_in_table ("tperfil");
$img = print_image ("images/ok.png", true, array ("border" => 0));
foreach ($profiles as $profile) {
$data[0] = $profile["name"];
$data[1] = ($profile["incident_view"] ? $img : '');
$data[2] = ($profile["incident_edit"] ? $img : '');
$data[3] = ($profile["incident_management"] ? $img : '');
$data[4] = ($profile["agent_view"] ? $img : '');
$data[5] = ($profile["agent_edit"] ? $img : '');
$data[6] = ($profile["alert_edit"] ? $img : '');
$data[7] = ($profile["user_management"] ? $img : '');
$data[8] = ($profile["db_management"] ? $img : '');
$data[9] = ($profile["alert_management"] ? $img : '');
$data[10] = ($profile["pandora_management"] ? $img : '');
array_push ($table->data, $data);
}
print_table ($table);
unset ($table);
?>
</tr></table>

15
pandora_console/operation/users/user_edit.php
View File

@ -1,5 +1,4 @@
<?php
// Pandora FMS - the Flexible Monitoring System
// ============================================
// Copyright (c) 2008 Artica Soluciones Tecnologicas, http://www.artica.es
@ -16,22 +15,24 @@
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// Load global vars
require ("include/config.php");
require_once ("include/config.php");
check_login ();
$view_mode = 0;
if (isset ($_GET["ver"])){ // Only view mode,
$id = $_GET["ver"]; // ID given as parameter
if ($config['id_user'] == $id)
$id = get_parameter_get ("ver"); // ID given as parameter
if ($config['id_user'] == $id) {
$view_mode = 0;
else
} else {
$view_mode = 1;
}
}
$query1="SELECT * FROM tusuario WHERE id_usuario = '".$id."'";
$resq1=mysql_query($query1);
$rowdup=mysql_fetch_array($resq1);
@ -153,7 +154,7 @@ if (mysql_num_rows ($result)) {
$color = 1;
}
echo '<td class="'.$tdcolor.'">';
echo "<b>".dame_perfil($row["id_perfil"])."</b> / ";
echo "<b>".get_profile_name ($row["id_perfil"])."</b> / ";
echo "<b>".get_group_name ($row["id_grupo"])."</b><tr>";
}
} else {

13
pandora_console/reporting/fgraph.php
View File

@ -18,18 +18,23 @@
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
require_once ('../include/config.php');
if (!isset ($config["auth"])) {
require_once ($config["homedir"]."/include/auth/mysql.php");
} else {
require_once ($config["homedir"]."/include/auth/".$config["auth"]["scheme"].".php");
}
require_once ($config["homedir"].'/include/functions.php');
require_once ($config["homedir"].'/include/functions_db.php');
require_once ('Image/Graph.php');
ini_set ('display_errors', 0); //This is to prevent notices from making the thing not graph
global $config;
if (!isset($_SESSION["id_user"])){
session_start();
session_write_close();
session_start ();
session_write_close ();
}
$config["id_user"] = $_SESSION["id_usuario"];
// Session check