From 22c1b6e872eefe155b1ec7ac2846c50906f2bd94 Mon Sep 17 00:00:00 2001
From: Daniel Cebrian <daniel.cebrian@pandorafms.com>
Date: Thu, 11 Apr 2024 10:26:53 +0200
Subject: [PATCH] #13035 refactored password_hash

---
 .../reporting_builder.item_editor.php         | 49 +------------------
 .../include/ajax/reporting.ajax.php           | 32 ------------
 pandora_console/include/functions_events.php  | 32 ++----------
 .../include/functions_inventory.php           |  9 ++--
 .../include/functions_networkmap.php          |  4 +-
 pandora_console/include/functions_ui.php      | 12 ++---
 pandora_console/operation/events/events.php   | 40 +++------------
 7 files changed, 20 insertions(+), 158 deletions(-)

diff --git a/pandora_console/godmode/reporting/reporting_builder.item_editor.php b/pandora_console/godmode/reporting/reporting_builder.item_editor.php
index 806e9e980d..8226d63b03 100755
--- a/pandora_console/godmode/reporting/reporting_builder.item_editor.php
+++ b/pandora_console/godmode/reporting/reporting_builder.item_editor.php
@@ -6635,26 +6635,6 @@ function create_custom_graph() {
             $("#meta_target_servers").css('display', 'inline');
         }
         else {
-            var hash_data;
-            var params1 = [];
-            params1.push("get_metaconsole_hash_data=1");
-            params1.push("server_name=" + target_server);
-            params1.push("page=include/ajax/reporting.ajax");
-            jQuery.ajax ({
-                data: params1.join ("&"),
-                type: 'POST',
-                url: action=
-                <?php
-                echo '"'.ui_get_full_url(false, false, false, false).'"';
-                ?>
-                + "/ajax.php",
-                async: false,
-                timeout: 10000,
-                success: function (data) {
-                    hash_data = data;
-                }
-            });
-
             var server_url;
             var params1 = [];
             params1.push("get_metaconsole_server_url=1");
@@ -6680,7 +6660,7 @@ function create_custom_graph() {
                 }
             });
 
-            window.location.href = server_url + "/index.php?sec=reporting&sec2=godmode/reporting/graph_builder&create=Create graph" + hash_data;
+            redirectNode(server_url + "/index.php?sec=reporting&sec2=godmode/reporting/graph_builder&create=Create graph", "_self");
         }
         <?php
     } else {
@@ -6709,31 +6689,6 @@ function edit_custom_graph() {
             id_server = agent_server_temp[1];
         }
 
-        var hash_data;
-        var params1 = [];
-        params1.push("get_metaconsole_hash_data=1");
-        params1.push("server_name=" + id_server);
-        params1.push("page=include/ajax/reporting.ajax");
-        jQuery.ajax ({
-            data: params1.join ("&"),
-            type: 'POST',
-            url: action=
-            <?php
-            echo '"'.ui_get_full_url(
-                false,
-                false,
-                false,
-                false
-            ).'"';
-            ?>
-            + "/ajax.php",
-            async: false,
-            timeout: 10000,
-            success: function (data) {
-                hash_data = data;
-            }
-        });
-
         var server_url;
         var params1 = [];
         params1.push("get_metaconsole_server_url=1");
@@ -6759,7 +6714,7 @@ function edit_custom_graph() {
             }
         });
 
-        window.location.href = server_url + "index.php?sec=reporting&sec2=godmode/reporting/graph_builder&edit_graph=1&id=" + id_element_graph + hash_data;        
+        redirectNode(server_url + "index.php?sec=reporting&sec2=godmode/reporting/graph_builder&edit_graph=1&id=" + id_element_graph, "_self");
         <?php
     } else {
         ?>
diff --git a/pandora_console/include/ajax/reporting.ajax.php b/pandora_console/include/ajax/reporting.ajax.php
index 5f83d79b88..e5b42c67cf 100755
--- a/pandora_console/include/ajax/reporting.ajax.php
+++ b/pandora_console/include/ajax/reporting.ajax.php
@@ -37,7 +37,6 @@ $add_sla = get_parameter('add_sla', 0);
 $add_general = get_parameter('add_general', 0);
 $id = get_parameter('id', 0);
 $truncate_text = get_parameter('truncate_text', 0);
-$get_metaconsole_hash_data = get_parameter('get_metaconsole_hash_data', 0);
 $get_metaconsole_server_url = get_parameter('get_metaconsole_server_url', 0);
 $change_custom_fields_macros_report = (bool) get_parameter(
     'change_custom_fields_macros_report',
@@ -186,37 +185,6 @@ if ($truncate_text) {
     return ui_print_truncate_text($text, GENERIC_SIZE_TEXT, true, false);
 }
 
-if ($get_metaconsole_hash_data) {
-    $server_name = get_parameter('server_name');
-
-    enterprise_include_once('include/functions_metaconsole.php');
-
-    $server = enterprise_hook('metaconsole_get_connection', [$server_name]);
-
-    // Bad data
-    if (empty($server)) {
-        echo '';
-        return;
-    }
-
-    // Deserialization of auth_token
-    $auth_serialized = json_decode($server['auth_token'], true);
-
-    $auth_token = '';
-
-    if (is_array($auth_serialized)) {
-        $auth_token = $auth_serialized['auth_token'];
-        $api_password = $auth_serialized['api_password'];
-        $console_user = $auth_serialized['console_user'];
-        $console_password = $auth_serialized['console_password'];
-    }
-
-    $url_hash = metaconsole_get_servers_url_hash($server);
-
-    echo $url_hash;
-    return;
-}
-
 if ($get_metaconsole_server_url) {
     $server_name = get_parameter('server_name');
 
diff --git a/pandora_console/include/functions_events.php b/pandora_console/include/functions_events.php
index be880a3655..927c814f74 100644
--- a/pandora_console/include/functions_events.php
+++ b/pandora_console/include/functions_events.php
@@ -4357,12 +4357,9 @@ function events_page_details($event, $server_id=0)
     global $config;
 
     // If metaconsole switch to node to get details and custom fields.
-    $hashstring = '';
     $serverstring = '';
     if (is_metaconsole() === true && empty($server_id) === false) {
         $server = metaconsole_get_connection_by_id($server_id);
-        $hashdata = metaconsole_get_server_hashdata($server);
-        $hashstring = '&amp;loginhash=auto&loginhash_data='.$hashdata.'&loginhash_user='.str_rot13($config['id_user']);
         $serverstring = $server['server_url'].'/';
 
         if (metaconsole_connect($server) !== NOERR) {
@@ -4403,28 +4400,7 @@ function events_page_details($event, $server_id=0)
                 true
             ).ui_print_help_tip(__('This agent belongs to metaconsole, is not possible display it'), true);
         } else if (can_user_access_node() && is_metaconsole()) {
-            // Workaround to pass login hash data in POST body instead of directly in the URL.
-            parse_str($hashstring, $url_hash_array);
-            $redirection_form = "<form id='agent-redirection' method='POST' action='".$serverstring.'index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente='.$event['id_agente']."'>";
-            $redirection_form .= html_print_input_hidden(
-                'loginhash',
-                $url_hash_array['loginhash'],
-                true
-            );
-            $redirection_form .= html_print_input_hidden(
-                'loginhash_data',
-                $url_hash_array['loginhash_data'],
-                true
-            );
-            $redirection_form .= html_print_input_hidden(
-                'loginhash_user',
-                $url_hash_array['loginhash_user'],
-                true
-            );
-            $redirection_form .= '</form>';
-
-            $data[1] = $redirection_form;
-            $data[1] .= "<a target=_blank onclick='event.preventDefault(); document.getElementById(\"agent-redirection\").submit();' href='#'>";
+            $data[1] = '<a target=_blank onclick="redirectNode(\''.$serverstring.'index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente='.$event['id_agente'].'\')" href="#">';
             $data[1] .= '<b>'.$agent['alias'].'</b>';
             $data[1] .= '</a>';
         } else if (can_user_access_node()) {
@@ -4435,7 +4411,7 @@ function events_page_details($event, $server_id=0)
                 '',
                 false,
                 $serverstring,
-                $hashstring,
+                '',
                 $agent['alias']
             );
         } else {
@@ -4568,7 +4544,7 @@ function events_page_details($event, $server_id=0)
                 'id_mg',
                 $id_module_group
             );
-            $data[1] = '<a href="'.$serverstring.'index.php?sec=view&amp;sec2=operation/agentes/status_monitor&amp;status=-1&amp;modulegroup='.$id_module_group.$hashstring.'">';
+            $data[1] = '<a href="#" onclick="redirectNode(\''.$serverstring.'index.php?sec=view&amp;sec2=operation/agentes/status_monitor&amp;status=-1&amp;modulegroup='.$id_module_group.'\')">';
             $data[1] .= $module_group;
             $data[1] .= '</a>';
         }
@@ -4634,7 +4610,7 @@ function events_page_details($event, $server_id=0)
     if ($event['id_alert_am'] != 0) {
         $data = [];
         $data[0] = '<div class="normal_weight mrgn_lft_20px">'.__('Source').'</div>';
-        $data[1] = '<a href="'.$serverstring.'index.php?sec=estado&amp;sec2=operation/agentes/ver_agente&amp;id_agente='.$event['id_agente'].'&amp;tab=alert'.$hashstring.'">';
+        $data[1] = '<a href="#" onclick="redirectNode(\''.$serverstring.'index.php?sec=estado&amp;sec2=operation/agentes/ver_agente&amp;id_agente='.$event['id_agente'].'&amp;tab=alert\')">';
         $standby = db_get_value('standby', 'talert_template_modules', 'id', $event['id_alert_am']);
         if (!$standby) {
             $data[1] .= html_print_image(
diff --git a/pandora_console/include/functions_inventory.php b/pandora_console/include/functions_inventory.php
index 5f9e3bd62d..7c7ed8fc8e 100644
--- a/pandora_console/include/functions_inventory.php
+++ b/pandora_console/include/functions_inventory.php
@@ -418,12 +418,10 @@ function inventory_get_data(
 
             // Setting for link the agent with the proper server.
             if (is_metaconsole() === true && empty($node) === false) {
-                $loginHash = metaconsole_get_servers_url_hash($node);
                 $urlToAgent = sprintf(
-                    '%sindex.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=%s%s',
+                    '%sindex.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=%s',
                     $node['server_url'],
-                    $row['id_agente'],
-                    $loginHash
+                    $row['id_agente']
                 );
             } else {
                 $urlToAgent = sprintf(
@@ -440,8 +438,9 @@ function inventory_get_data(
 
             $table->data[$rowTable][0] = html_print_anchor(
                 [
-                    'href'    => $urlToAgent,
+                    'href'    => (is_metaconsole() === true) ? '#' : $urlToAgent,
                     'content' => '<strong>'.$agent_name.'</strong>',
+                    'onClick' => (is_metaconsole() === true) ? 'redirectNode(\''.$urlToAgent.'\')' : '',
                 ],
                 true
             );
diff --git a/pandora_console/include/functions_networkmap.php b/pandora_console/include/functions_networkmap.php
index f5115a73e9..23a09feabb 100644
--- a/pandora_console/include/functions_networkmap.php
+++ b/pandora_console/include/functions_networkmap.php
@@ -773,13 +773,11 @@ function networkmap_create_agent_node(
     if (empty($server_data) === true) {
         $server_name = '';
         $server_id = '';
-        $url_hash = '';
         $console_url = '';
     } else {
         $server_name = $server_data['server_name'];
         $server_id = $server_data['id'];
         $console_url = $server_data['server_url'].'/';
-        $url_hash = metaconsole_get_servers_url_hash($server_data);
     }
 
     // Set node status.
@@ -870,7 +868,7 @@ function networkmap_create_agent_node(
         }
 
         if (can_user_access_node()) {
-            $url_node_link = ', URL="'.$console_url.'index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente='.$agent['id_agente'].$url_hash.'"';
+            $url_node_link = ', URL="'.$console_url.'index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente='.$agent['id_agente'].'"';
         } else {
             $url_node_link = '';
         }
diff --git a/pandora_console/include/functions_ui.php b/pandora_console/include/functions_ui.php
index 177536c358..50fffbcd12 100755
--- a/pandora_console/include/functions_ui.php
+++ b/pandora_console/include/functions_ui.php
@@ -1165,16 +1165,10 @@ function ui_format_alert_row(
     global $config;
 
     if (!isset($alert['server_data'])) {
-        $server_name = '';
         $server_id = '';
-        $url_hash = '';
-        $console_url = '';
     } else {
         $server_data = $alert['server_data'];
-        $server_name = $server_data['server_name'];
         $server_id = $server_data['id'];
-        $console_url = $server_data['server_url'].'/';
-        $url_hash = metaconsole_get_servers_url_hash($server_data);
     }
 
     $actionText = '';
@@ -1445,13 +1439,13 @@ function ui_format_alert_row(
         if (is_metaconsole() === true) {
             // Do not show link if user cannot access node
             if ((bool) can_user_access_node() === true) {
-                $hashdata = metaconsole_get_server_hashdata($server);
-                $url = $server['server_url'].'/index.php?sec=estado&sec2=operation/agentes/ver_agente&amp;loginhash=auto&loginhash_data='.$hashdata.'&loginhash_user='.str_rot13($config['id_user']).'&id_agente='.$agente['id_agente'];
+                $url = $server['server_url'].'/index.php?sec=estado&sec2=operation/agentes/ver_agente&amp;&id_agente='.$agente['id_agente'];
                 $data[$index['agent_name']] .= html_print_anchor(
                     [
-                        'href'    => $url,
+                        'href'    => '#',
                         'content' => '<span class="bolder" title="'.$agente['nombre'].'">'.$agente['alias'].'</span>',
                         'target'  => '_blank',
+                        'onClick' => 'redirectNode(\''.$url.'\');',
                     ],
                     true
                 );
diff --git a/pandora_console/operation/events/events.php b/pandora_console/operation/events/events.php
index 420c3eb375..e8d9d1f1c0 100644
--- a/pandora_console/operation/events/events.php
+++ b/pandora_console/operation/events/events.php
@@ -483,7 +483,6 @@ if (is_ajax() === true) {
             }
 
             if (empty($events) === false) {
-                $redirection_form_id = 0;
                 if ((int) $filter['group_rep'] > 0) {
                     $events_comments = [];
                 } else {
@@ -492,7 +491,7 @@ if (is_ajax() === true) {
 
                 $data = array_reduce(
                     $events,
-                    function ($carry, $item) use ($table_id, &$redirection_form_id, $filter, $compact_date, $external_url, $compact_name_event, $regex, $events_comments) {
+                    function ($carry, $item) use ($table_id, $filter, $compact_date, $external_url, $compact_name_event, $regex, $events_comments) {
                         global $config;
 
                         $tmp = (object) $item;
@@ -500,7 +499,6 @@ if (is_ajax() === true) {
 
                         // phpcs:disable Squiz.NamingConventions.ValidVariableName.MemberNotCamelCaps
                         $server_url = '';
-                        $hashdata = '';
                         if ($tmp->meta === true) {
                             if ($tmp->server_name !== null) {
                                 $data_server = metaconsole_get_servers(
@@ -512,9 +510,6 @@ if (is_ajax() === true) {
                                     && $data_server !== false
                                 ) {
                                     $server_url = $data_server['server_url'];
-                                    $hashdata = metaconsole_get_servers_url_hash(
-                                        $data_server
-                                    );
                                 }
                             }
                         }
@@ -1166,40 +1161,18 @@ if (is_ajax() === true) {
                         $url_link = ui_get_full_url(
                             'index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente='
                         );
-                        $url_link_hash = '';
+
                         if ($tmp->meta === true) {
                             $url_link = $server_url;
                             $url_link .= '/index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=';
-                            $url_link_hash = $hashdata;
-
-                            parse_str($url_link_hash, $url_hash_array);
-
-                            $redirection_form = "<form id='agent-table-redirection-".$redirection_form_id."' class='invisible' method='POST' action='".$url_link.$tmp->id_agente."'>";
-                            $redirection_form .= html_print_input_hidden(
-                                'loginhash',
-                                $url_hash_array['loginhash'],
-                                true
-                            );
-                            $redirection_form .= html_print_input_hidden(
-                                'loginhash_data',
-                                $url_hash_array['loginhash_data'],
-                                true
-                            );
-                            $redirection_form .= html_print_input_hidden(
-                                'loginhash_user',
-                                $url_hash_array['loginhash_user'],
-                                true
-                            );
-                            $redirection_form .= '</form>';
                         }
 
                         // Agent name link.
                         if ($tmp->id_agente > 0) {
                             if ($tmp->meta === true) {
-                                $draw_agent_name = $redirection_form;
-                                $draw_agent_name .= "<a target=_blank onclick='event.preventDefault(); document.getElementById(\"agent-table-redirection-".$redirection_form_id."\").submit();' href='#'>";
+                                $draw_agent_name = '<a target=_blank onclick="redirectNode(\''.$url_link.$tmp->id_agente.'\')" href="#">';
                             } else {
-                                $draw_agent_name = '<a href="'.$url_link.$tmp->id_agente.$url_link_hash.'">';
+                                $draw_agent_name = '<a href="'.$url_link.$tmp->id_agente.'">';
                             }
 
                             $draw_agent_name .= $tmp->agent_name;
@@ -1212,10 +1185,9 @@ if (is_ajax() === true) {
                         // Agent ID link.
                         if ($tmp->id_agente > 0) {
                             if ($tmp->meta === true) {
-                                $draw_agent_id = "<a target=_blank onclick='event.preventDefault(); document.getElementById(\"agent-table-redirection-".$redirection_form_id."\").submit();' href='#'>";
-                                $redirection_form_id++;
+                                $draw_agent_id = '<a target=_blank onclick="redirectNode(\''.$url_link.$tmp->id_agente.'\')" href="#">';
                             } else {
-                                $draw_agent_id = '<a href="'.$url_link.$tmp->id_agente.$url_link_hash.'">';
+                                $draw_agent_id = '<a href="'.$url_link.$tmp->id_agente.'">';
                             }
 
                             $draw_agent_id .= $tmp->id_agente;