tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-13591-sin-acceso-a-public-link-en-dashboards' into 'develop' 

Ent 13591 sin acceso a public link en dashboards

See merge request artica/pandorafms!7271
This commit is contained in:
Jose Martin 2024-04-25 06:29:37 +00:00
parent c43387f9fe e3fe2b01a2
commit 5f794a417b
4 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
pandora_console/include/lib/Dashboard/Manager.php
View File

@ -411,6 +411,33 @@ class Manager implements PublicLogin
$config['public_dashboard'] = true; $config['public_dashboard'] = true;
$config['force_instant_logout'] = true; $config['force_instant_logout'] = true;
return true; return true;
} else {
$dashboards = self::getDashboards();
$dashboards = array_reduce(
$dashboards,
function ($carry, $item) {
$carry[$item['id']] = $item['name'];
return $carry;
},
[]
);
foreach ($dashboards as $key => $layout) {
$hash_compare = self::generatePublicHash($key);
if (hash_equals($hash, $hash_compare)) {
// "Log" user in.
if (session_status() !== PHP_SESSION_ACTIVE) {
session_start();
}
$_SESSION['id_usuario'] = get_parameter('id_user');
session_write_close();
$config['public_dashboard'] = true;
$config['force_instant_logout'] = true;
return true;
}
}
} }
// Remove id user from config array if authentication has failed. // Remove id user from config array if authentication has failed.

2
pandora_console/include/lib/User.php
View File

@ -230,7 +230,7 @@ class User extends Entity implements PublicLogin
global $config; global $config;
$str = $config['dbpass']; $str = $config['dbpass'];
$str .= $config['id_user']; $str .= ($config['id_user'] ?? get_parameter('id_user'));
$str .= $other_secret; $str .= $other_secret;
return hash('sha256', $str); return hash('sha256', $str);
} }

7
pandora_console/operation/dashboard/public_dashboard.php
View File

@ -38,6 +38,13 @@ ob_start();
// Fullscreen by default. // Fullscreen by default.
$config['pure'] = get_parameter('pure', 1); $config['pure'] = get_parameter('pure', 1);
$dashboardId = get_parameter('dashboardId', null);
if ($dashboardId !== null) {
include 'general/noaccess.php';
return;
}
require_once 'dashboard.php'; require_once 'dashboard.php';
// Clean session to avoid direct access. // Clean session to avoid direct access.

6
pandora_console/operation/visual_console/public_view.php
View File

@ -13,6 +13,12 @@
// GNU General Public License for more details. // GNU General Public License for more details.
require_once '../../include/config.php'; require_once '../../include/config.php';
$id_layout = get_parameter('id_layout', null);
if ($id_layout !== null) {
include '../../general/noaccess.php';
return;
}
use PandoraFMS\User; use PandoraFMS\User;
// Set root on homedir, as defined in setup. // Set root on homedir, as defined in setup.