From b011b746c0a643cf5adb6d18a6c2c5baabd42083 Mon Sep 17 00:00:00 2001 From: Jonathan Date: Wed, 24 Apr 2024 09:49:03 +0200 Subject: [PATCH 1/3] #13591 public dashboard and visual console permisions user not logged --- .../include/lib/Dashboard/Manager.php | 27 +++++++++++++++++++ pandora_console/include/lib/User.php | 2 +- 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/pandora_console/include/lib/Dashboard/Manager.php b/pandora_console/include/lib/Dashboard/Manager.php index 36769c4338..e55cdd5d1e 100644 --- a/pandora_console/include/lib/Dashboard/Manager.php +++ b/pandora_console/include/lib/Dashboard/Manager.php @@ -411,6 +411,33 @@ class Manager implements PublicLogin $config['public_dashboard'] = true; $config['force_instant_logout'] = true; return true; + } else { + $dashboards = self::getDashboards(); + $dashboards = array_reduce( + $dashboards, + function ($carry, $item) { + $carry[$item['id']] = $item['name']; + return $carry; + }, + [] + ); + + foreach ($dashboards as $key => $layout) { + $hash_compare = self::generatePublicHash($key); + if (hash_equals($hash, $hash_compare)) { + // "Log" user in. + if (session_status() !== PHP_SESSION_ACTIVE) { + session_start(); + } + + $_SESSION['id_usuario'] = get_parameter('id_user'); + session_write_close(); + + $config['public_dashboard'] = true; + $config['force_instant_logout'] = true; + return true; + } + } } // Remove id user from config array if authentication has failed. diff --git a/pandora_console/include/lib/User.php b/pandora_console/include/lib/User.php index d11c92e22a..5baace3b12 100644 --- a/pandora_console/include/lib/User.php +++ b/pandora_console/include/lib/User.php @@ -230,7 +230,7 @@ class User extends Entity implements PublicLogin global $config; $str = $config['dbpass']; - $str .= $config['id_user']; + $str .= ($config['id_user'] ?? get_parameter('id_user')); $str .= $other_secret; return hash('sha256', $str); } From c3867e623bb3f9f5c45f8cfa4d3c45eeea713cdb Mon Sep 17 00:00:00 2001 From: Jonathan Date: Wed, 24 Apr 2024 15:18:57 +0200 Subject: [PATCH 2/3] #13591 no dashboarid enabled --- pandora_console/operation/dashboard/public_dashboard.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pandora_console/operation/dashboard/public_dashboard.php b/pandora_console/operation/dashboard/public_dashboard.php index 7ef9f07d4a..b53c4b80b8 100644 --- a/pandora_console/operation/dashboard/public_dashboard.php +++ b/pandora_console/operation/dashboard/public_dashboard.php @@ -38,6 +38,13 @@ ob_start(); // Fullscreen by default. $config['pure'] = get_parameter('pure', 1); +$dashboardId = get_parameter('dashboardId', null); +if ($dashboardId !== null) { + include 'general/noaccess.php'; + return; +} + + require_once 'dashboard.php'; // Clean session to avoid direct access. From e3fe2b01a23df7fe580017e352422f6c26504f00 Mon Sep 17 00:00:00 2001 From: Jonathan Date: Wed, 24 Apr 2024 15:28:20 +0200 Subject: [PATCH 3/3] #13591 no id_layout enabled --- pandora_console/operation/visual_console/public_view.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pandora_console/operation/visual_console/public_view.php b/pandora_console/operation/visual_console/public_view.php index d7e85f88bc..ff6f7763e0 100644 --- a/pandora_console/operation/visual_console/public_view.php +++ b/pandora_console/operation/visual_console/public_view.php @@ -13,6 +13,12 @@ // GNU General Public License for more details. require_once '../../include/config.php'; +$id_layout = get_parameter('id_layout', null); +if ($id_layout !== null) { + include '../../general/noaccess.php'; + return; +} + use PandoraFMS\User; // Set root on homedir, as defined in setup.