2008-12-23 Evi Vanoost <vanooste@rcbi.rochester.edu>

* index.php: Cleaned up some old stuff and fixed the order of GET/POST * general/header.php: Added tags for custom branding and todo * general/login_page.php: Cleaned up some old stuff and fixed always redirecting the user to the overview if they followed a link. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1306 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2008-12-23 21:41:05 +00:00 · 2008-12-23 21:41:05 +00:00 · 4d584537e3
parent 10b172d9fb
commit 4d584537e3
4 changed files with 67 additions and 56 deletions
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@ -1,3 +1,12 @@
+2008-12-23  Evi Vanoost <vanooste@rcbi.rochester.edu>
+
+	* index.php: Cleaned up some old stuff and fixed the order of GET/POST
+	
+	* general/header.php: Added tags for custom branding and todo
+	
+	* general/login_page.php: Cleaned up some old stuff and fixed always
+	redirecting the user to the overview if they followed a link.
+
 2008-12-23  Ramon Novoa  <rnovoa@artica.es>

 	* godmode/agentes/configurar_agente.php: Properly insert the custom ID
--- a/pandora_console/general/header.php
+++ b/pandora_console/general/header.php
@ -19,10 +19,15 @@
 //First column (logo)
 echo '<table width="100%" cellpadding="0" cellspacing="0" style="margin:0px; padding:0px;" border="0"><tr><td>';

-// Yes, put here your corporate logo instead pandora_logo_head.png
-// The style specifies width and height so that oversized images get resized.
-// Optimally your logo would be this size.
+/* CUSTOM BRANDING STARTS HERE */
+/* TODO: Put the branding in it's own file, variables or database 
+ Yes, put here your corporate logo instead pandora_logo_head.png
+ The style specifies width and height so that oversized images get resized.
+ Optimally your logo would be this size.
+*/
 echo '<a href="index.php"><img src="images/pandora_logo_head.png" alt="logo" style="border-width:0px; width:140px; height:60px;" /></a>';
+/* CUSTOM BRANDING ENDS HERE */
+

 // Margin to logo
 echo '</td><td width="20">&nbsp;</td>';
--- a/pandora_console/general/login_page.php
+++ b/pandora_console/general/login_page.php
@ -16,27 +16,38 @@
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

-$addr = "";
-if (isset($_GET['sec'])){
-	$addr = 'http' . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE ? 's': '') . '://' . $_SERVER['SERVER_NAME'];
-	
-	if ($_SERVER['SERVER_PORT'] != 80 && (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE && $_SERVER['SERVER_PORT'] != 443))
-		$query .= ":" . $_SERVER['SERVER_PORT'];
-	
-	$addr .= $_SERVER['REQUEST_URI'];
-	
-	$addr = urlencode($addr);
+//These variables come from index.php
+if (!empty ($page) && !empty ($sec)) {
+	$url = '?login=1';
+	foreach ($_GET as $key => $value) {
+		$url .= '&'.$key.'='.$value;
+	}
+	foreach ($_POST as $key => $value) {
+		$url .= '&'.$key.'='.$value;
+	}
+} else {
+	$url = '?login=1';
 }

 echo '<div class="databox" id="login">
 	<h1 id="log">'.__('Pandora FMS Web Console').'</h1><br>
 	<div class="databox" id="login_in">
-		<form method="post" action="index.php?login=1">
+		<form method="post" action="index.php'.$url.'">
 		<table cellpadding="4" cellspacing="1" width="400">
-		<tr><td rowspan="3" align="left" style="border-right: solid 1px #678;">
-			<a href="index.php"><img src="images/pandora_logo.png" border="0" alt="logo"></a><br />
-			'.$pandora_version.(($develop_bypass == 1) ? ' '.__('Build').' '.$build_version : '').'
-		</td><td class="f9b">
+		<tr><td rowspan="3" align="left" style="border-right: solid 1px #678;">';
+
+//TODO: Put branding in variables (external file) or database
+/* CUSTOM BRANDING STARTS HERE */
+
+//Replace the following with your own URL and logo. A mashup of the Pandora FMS logo and your companies highly preferred ;-)
+echo '<a href="http://pandorafms.org" title="Go to pandorafms.org..." alt="Pandora FMS - Free Monitoring System"><img src="images/pandora_logo.png" border="0" alt="logo"></a><br />';
+
+//This prints the current pandora console version. For stable/live function it might be wise to comment it out
+echo $pandora_version.(($develop_bypass == 1) ? ' '.__('Build').' '.$build_version : ''); 
+	
+/* CUSTOM BRANDING ENDS HERE */
+
+echo '</td><td class="f9b">
 			'.__('Login').':<br />'.print_input_text_extended ("nick", '', "nick", '', '', '' , false, '', 'class="login"', true).'
 		</td></tr>
 		<tr><td class="f9b">
@ -46,10 +57,9 @@ echo '<div class="databox" id="login">
 			'.print_submit_button ("Login",'',false,'class="sub next"',true).'
 		</td></tr>
 		</table>
-		'.((strlen($addr) > 0) ? print_input_hidden("redirect",$addr,true) : '').'
 		</form>
 	</div>
-	<div id="ip">IP: <b class="f10">'.$REMOTE_ADDR.'</b>
+	<div id="ip">'.__('Your IP').': <b class="f10">'.$config["remote_addr"].'</b>
 </div>

 	</div><script type="text/javascript">document.getElementById(\'nick\').focus();</script>';
--- a/pandora_console/index.php
+++ b/pandora_console/index.php
@ -74,36 +74,29 @@ load_extensions ($config['extensions']);
 echo '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head>';

 // Pure mode (without menu, header and footer).
-$config["pure"] = get_parameter ("pure", 0);
+$config["pure"] = (bool) get_parameter ("pure", 0);

 // Auto Refresh page
-$config["refr"] = get_parameter ("refr", 0);
+$config["refr"] = (int) get_parameter ("refr", 0);
 if ($config["refr"] > 0) {
 	// Agent selection filters and refresh
 	$query = 'http' . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE ? 's': '') . '://' . $_SERVER['SERVER_NAME'];
-	if ($_SERVER['SERVER_PORT'] != 80 && (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE && $_SERVER['SERVER_PORT'] != 443))
+	if ($_SERVER['SERVER_PORT'] != 80 && (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE && $_SERVER['SERVER_PORT'] != 443)) {
 		$query .= ":" . $_SERVER['SERVER_PORT'];
+	}
 	
 	$query .= $_SERVER['SCRIPT_NAME'];
-	if (isset ($_REQUEST["refr"])) {
-		$query .= '?';
+	$query .= '?1=1'; //Some (old) browsers don't like the ?&key=var
 		
-		foreach ($_POST as $key => $value) {
-			$query .= '&'.$key.'='.$value;
-		}
-		foreach ($_GET as $key => $value) {
-			$query .= '&'.$key.'='.$value;
-		}
+	//We don't clean these variables up as they're only being passed along
+	foreach ($_GET as $key => $value) {
+		$query .= '&'.$key.'='.$value;
 	}
-	if (isset ($_POST["ag_group"])) {
-		$ag_group = $_POST["ag_group"];
-		$query = 'http' . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE ? 's': '') . '://' . $_SERVER['SERVER_NAME'];
-		if ($_SERVER['SERVER_PORT'] != 80 && (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE && $_SERVER['SERVER_PORT'] != 443))
-			$query .= ":" . $_SERVER['SERVER_PORT'];
-		$query .= $_SERVER['REQUEST_URI'] . '&ag_group_refresh=' . $ag_group;
-	} else {
-		echo '<meta http-equiv="refresh" content="' . $config["refr"] . '; URL=' . $query . '">';
+	foreach ($_POST as $key => $value) {
+		$query .= '&'.$key.'='.$value;
 	}
+	
+	echo '<meta http-equiv="refresh" content="' . $config["refr"] . '; URL=' . $query . '">';
 }

 enterprise_include ('index.php');
@ -136,6 +129,14 @@ if ($config["pure"] == 0) {
 $REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
 $config["remote_addr"] = $_SERVER['REMOTE_ADDR'];

+$sec2 = get_parameter_get ('sec2');
+$sec2 = safe_url_extraclean ($sec2);
+$page = $sec2; //Reference variable for old time sake
+
+$sec = get_parameter_get ('sec');
+$sec = safe_url_extraclean ($sec);
+	
+
 // Login process 
 if (! isset ($_SESSION['id_usuario']) && isset ($_GET["login"])) {
 	$nick = get_parameter_post ("nick");
@ -157,7 +158,7 @@ if (! isset ($_SESSION['id_usuario']) && isset ($_GET["login"])) {
 			unset ($_GET["sec2"]);
 			$_GET["sec"] = "general/logon_ok";
 			update_user_contact ($nick);
-			logon_db ($nick, $REMOTE_ADDR);
+			logon_db ($nick, $config["remote_addr"]);
 			$_SESSION['id_usuario'] = $nick;
 			$config['id_user'] = $nick;
 			unset ($_GET['pass'], $pass);
@ -169,7 +170,7 @@ if (! isset ($_SESSION['id_usuario']) && isset ($_GET["login"])) {
 			// $primera = substr ($pass,0,1);
 			// $ultima = substr ($pass, strlen ($pass) - 1, 1);
 			// $pass = $primera . "****" . $ultima;
-			audit_db ($nick, $REMOTE_ADDR, "Logon Failed",
+			audit_db ($nick, $config["remote_addr"], "Logon Failed",
 				"Incorrect password: " . $nick);
 			exit;
 		}
@ -182,7 +183,7 @@ if (! isset ($_SESSION['id_usuario']) && isset ($_GET["login"])) {
 		//$primera = substr ($pass, 0, 1);
 		//$ultima = substr ($pass, strlen ($pass) - 1, 1);
 		//$pass = $primera . "****" . $ultima;
-		audit_db ($nick, $REMOTE_ADDR, "Logon Failed",
+		audit_db ($nick, $config["remote_addr"], "Logon Failed",
 			"Invalid username: " . $nick);
 		exit;
 	}
@ -204,20 +205,6 @@ if (isset ($_GET["bye"])) {
 	session_unregister ("id_usuario");
 	exit;
 }
-$page = "";
-$sec2 = "";
-$sec = "";
-if (isset ($_GET["sec2"])) {
-	$sec2 = get_parameter_get ('sec2');
-	$sec2 = safe_url_extraclean ($sec2);
-	$page = $sec2;
-}
-
-if (isset ($_GET["sec"])) {
-	$sec = get_parameter_get ('sec');
-	$sec = safe_url_extraclean ($sec);
-	$page = $sec2;
-}

 // http://es2.php.net/manual/en/ref.session.php#64525
 // Session locking concurrency speedup!