From 480b6828b6250067f77f0f01e58cf1e3eef1cc69 Mon Sep 17 00:00:00 2001
From: Calvo <luis.calvo@pandorafms.com>
Date: Wed, 11 Oct 2023 14:25:58 +0200
Subject: [PATCH] chart generator secured with apipass

---
 pandora_console/include/chart_generator.php | 26 ++++++++++++++++++++-
 pandora_console/include/functions.php       |  3 +++
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/pandora_console/include/chart_generator.php b/pandora_console/include/chart_generator.php
index 59c605d47d..74c18ed460 100644
--- a/pandora_console/include/chart_generator.php
+++ b/pandora_console/include/chart_generator.php
@@ -67,13 +67,37 @@ global $config;
 $config['id_user'] = $id_user;
 $_SESSION['id_usuario'] = $id_user;
 
+// Checks for server api req.
+$bypassLogin = false;
+if ($data_decoded['apipass'] !== null
+    && ($config['server_unique_identifier'] === $_SESSION['id_usuario'])
+) {
+    $apiPassword = io_output_password(
+        db_get_value_filter(
+            'value',
+            'tconfig',
+            ['token' => 'api_password']
+        )
+    );
+
+    hd($apiPassword);
+
+    if ($apiPassword === $data_decoded['apipass']) {
+        $bypassLogin = true;
+    }
+} else {
+    echo 'hola';
+}
+
+
 if (!isset($config[$slicebar])) {
     $config[$slicebar] = $slicebar_value;
 }
 
 // Try to initialize session using existing php session id.
 $user = new PandoraFMS\User(['phpsessionid' => $session_id]);
-if (check_login(false) === false && $config['server_unique_identifier'] == ! $_SESSION['id_usuario']) {
+
+if (check_login(false) === false && $bypassLogin !== true) {
     // Error handler.
     ?>
 <!DOCTYPE html>
diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php
index 52409c14a6..d03b8d7412 100644
--- a/pandora_console/include/functions.php
+++ b/pandora_console/include/functions.php
@@ -4336,6 +4336,8 @@ function generator_chart_to_pdf(
             'id_user'          => $config['id_user'],
             'slicebar'         => $_SESSION['slicebar'],
             'slicebar_value'   => $config[$_SESSION['slicebar']],
+            'apipass'          => get_parameter('apipass', null),
+
         ];
     } else {
         $data = [
@@ -4345,6 +4347,7 @@ function generator_chart_to_pdf(
             'id_user'        => $config['id_user'],
             'slicebar'       => $_SESSION['slicebar'],
             'slicebar_value' => $config[$_SESSION['slicebar']],
+            'apipass'        => get_parameter('apipass', null),
         ];
     }