tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2009-01-07 Esteban Sanchez <estebans@artica.es> 

* include/functions_ui.php: Added to repository. Functions that prints
	UI elements for Pandora. Let's make functions_html.php a single HTML
	library instead of mixing it up with Pandora specific elements.

	* include/functions.php: Fixed inline doc. Added functions_ui.php.

	* include/functions_html.php: Functions moved to functions_ui.php.
	Fixed checkbox ids in print_checkbox_extended().

	* general/main_menu.php: Make refr attribute optional. Do not print
	class attribut tag if no class was given.

	* general/login_page.php: Show login error message if login fails.
	Put POST values into the form instead of the URL.

	* index.php: Cleaned up login code to become easier.


git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1319 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
Esteban Sanchez 2009-01-07 10:42:38 +00:00
parent 353c861ea8
commit 976278eec0
7 changed files with 332 additions and 283 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
pandora_console/ChangeLog
View File

@ -1,3 +1,22 @@
2009-01-07 Esteban Sanchez <estebans@artica.es>
* include/functions_ui.php: Added to repository. Functions that prints
UI elements for Pandora. Let's make functions_html.php a single HTML
library instead of mixing it up with Pandora specific elements.
* include/functions.php: Fixed inline doc. Added functions_ui.php.
* include/functions_html.php: Functions moved to functions_ui.php.
Fixed checkbox ids in print_checkbox_extended().
* general/main_menu.php: Make refr attribute optional. Do not print
class attribut tag if no class was given.
* general/login_page.php: Show login error message if login fails.
Put POST values into the form instead of the URL.
* index.php: Cleaned up login code to become easier.
2009-01-06 Raul Mateos <raulofpandora@gmail.com>
* index.php: Updated build.

54
pandora_console/general/login_page.php
View File

@ -16,48 +16,60 @@
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
$url = '?login=1';
//These variables come from index.php
if (!empty ($page) && !empty ($sec)) {
$url = '?login=1';
foreach ($_GET as $key => $value) {
$url .= '&'.$key.'='.$value;
}
foreach ($_POST as $key => $value) {
$url .= '&'.$key.'='.$value;
}
} else {
$url = '?login=1';
}
echo '<div class="databox" id="login">
<h1 id="log">'.__('Pandora FMS Web Console').'</h1><br>
<div class="databox" id="login_in">
<form method="post" action="index.php'.$url.'">
<table cellpadding="4" cellspacing="1" width="400">
<tr><td rowspan="3" align="left" style="border-right: solid 1px #678;">';
<table cellpadding="4" cellspacing="1" width="400">';
if (isset ($login_failed)) {
echo '<tr><td colspan="3">';
echo '<h3 class="error" style="width: 200px">'.__('Login failed').'</h3>';
echo '</td></tr>';
}
echo '<tr><td rowspan="3" align="left" style="border-right: solid 1px #678;">';
if (!empty ($page) && !empty ($sec)) {
foreach ($_POST as $key => $value) {
print_input_hidden ($key, $vale);
}
}
//TODO: Put branding in variables (external file) or database
/* CUSTOM BRANDING STARTS HERE */
//Replace the following with your own URL and logo. A mashup of the Pandora FMS logo and your companies highly preferred ;-)
echo '<a href="http://pandorafms.org" title="Go to pandorafms.org..." alt="Pandora FMS - Free Monitoring System"><img src="images/pandora_logo.png" border="0" alt="logo"></a><br />';
// Replace the following with your own URL and logo.
// A mashup of the Pandora FMS logo and your companies highly preferred
echo '<a href="http://pandorafms.org" title="Go to pandorafms.org..." alt="Pandora FMS - Free Monitoring System">';
echo '<img src="images/pandora_logo.png" border="0" alt="logo" />';
echo '</a><br />';
//This prints the current pandora console version. For stable/live function it might be wise to comment it out
// This prints the current pandora console version.
// For stable/live function it might be wise to comment it out
echo $pandora_version.(($develop_bypass == 1) ? ' '.__('Build').' '.$build_version : '');
/* CUSTOM BRANDING ENDS HERE */
echo '</td><td class="f9b">
'.__('Login').':<br />'.print_input_text_extended ("nick", '', "nick", '', '', '' , false, '', 'class="login"', true).'
</td></tr>
<tr><td class="f9b">
'.__('Password').':<br />'.print_input_text_extended ("pass", '', "pass", '', '', '' ,false, '', 'class="login"', true, true).'
</td></tr>
<tr><td align="center">
'.print_submit_button ("Login",'',false,'class="sub next"',true).'
</td></tr>
</table>
</form>
'.__('Login').':<br />'.print_input_text_extended ("nick", '', "nick", '', '', '' , false, '', 'class="login"', true).'
</td></tr>
<tr><td class="f9b">
'.__('Password').':<br />'.print_input_text_extended ("pass", '', "pass", '', '', '' ,false, '', 'class="login"', true, true).'
</td></tr>
<tr><td align="center">
'.print_submit_button ("Login",'',false,'class="sub next"',true).'
</td></tr>
</table>
</form>
</div>
<div id="ip">'.__('Your IP').': <b class="f10">'.$config["remote_addr"].'</b>
</div>

26
pandora_console/general/main_menu.php
View File

@ -32,7 +32,11 @@ function temp_print_menu ($menu, $type) {
//Set class
if (!isset ($main["sub"])) {
$main["sub"] = array ();
}
}
if (!isset ($main["refr"])) {
$main["refr"] = 0;
}
if ($sec == $mainsec) {
$class = 'selected';
@ -44,11 +48,15 @@ function temp_print_menu ($menu, $type) {
}
//Print out the first level
echo '<ul class="'.$class.'"><li class="mainmenu '.$class.'" id="'.$main["id"].'"><a href="index.php?sec='.$mainsec.'&amp;sec2='.$main["sec2"].'&amp;refr='.$main["refr"].'">'.$main["text"].'</a></li>';
echo '<ul'.($class ? ' class="'.$class.'"' : '').'>';
echo '<li class="mainmenu '.$class.'" id="'.$main["id"].'">';
echo '<a href="index.php?sec='.$mainsec.'&amp;sec2='.$main["sec2"].'&amp;refr='.$main["refr"].'">'.$main["text"].'</a>';
echo '</li>';
foreach ($main["sub"] as $subsec2 => $sub) {
//Set class
if (($sec2 == $subsec2) && (isset ($sub[$subsec2]["options"])) && (get_parameter_get ($sub[$subsec2]["options"]["name"]) == $sub[$subsec2]["options"]["value"])) {
if (($sec2 == $subsec2) && (isset ($sub[$subsec2]["options"]))
&& (get_parameter_get ($sub[$subsec2]["options"]["name"]) == $sub[$subsec2]["options"]["value"])) {
//If the subclass is selected and there are options and that options value is true
$class = 'submenu selected';
} elseif ($sec2 == $subsec2 && (!isset ($sub[$subsec2]["options"]))) {
@ -62,17 +70,23 @@ function temp_print_menu ($menu, $type) {
$class = 'submenu invisible';
}
if (!isset ($sub["refr"])) {
$sub["refr"] = 0;
}
if (isset ($sub["type"]) && $sub["type"] == "direct") {
//This is an external link
echo '<li class="'.$class.'"><a href="'.$subsec2.'">'.$sub["text"].'</a></li>';
} else {
//This is an internal link
if (isset($sub[$subsec2]["options"])) {
if (isset ($sub[$subsec2]["options"])) {
$link_add = "&amp;".$sub[$subsec2]["options"]["name"]."=".$sub[$subsec2]["options"]["value"];
} else {
$link_add = "";
}
echo '<li class="'.$class.'"><a href="index.php?sec='.$mainsec.'&amp;sec2='.$subsec2.'&amp;refr='.$sub["refr"].$link_add.'">'.$sub["text"].'</a></li>';
echo '<li'.($class ? ' class="'.$class.'"' : '').'>';
echo '<a href="index.php?sec='.$mainsec.'&amp;sec2='.$subsec2.'&amp;refr='.$sub["refr"].$link_add.'">'.$sub["text"].'</a>';
echo '</li>';
}
}
echo '</ul>';
@ -93,4 +107,4 @@ temp_print_menu ($menu, "int");
unset ($menu);
require ("links_menu.php");
?>
?>

22
pandora_console/include/functions.php
View File

@ -18,6 +18,7 @@
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
require_once ('functions_html.php');
require_once ('functions_ui.php');
define ('ENTERPRISE_NOT_HOOK', -1);
@ -42,7 +43,7 @@ function pandora_help ($help_id, $return = false) {
* entities. UTF-8 is necessary for foreign chars like asian
* and our databases are (or should be) UTF-8
*
* @param value String or array of strings to be cleaned.
* @param mixed String or array of strings to be cleaned.
*
* @return The cleaned string.
*/
@ -59,11 +60,12 @@ function safe_input ($value) {
/**
* Cleans an object or an array and casts all values as integers
*
* @param value String or array of strings to be cleaned
* @param mixed String or array of strings to be cleaned
* @param min If value is smaller than min it will return false
* @param max if value is larger than max it will return false
*
* @return The cleaned string. If an array was passed, the invalid values will have been removed
* @return The cleaned string. If an array was passed, the invalid values would
* be removed
*/
function safe_int ($value, $min = false, $max = false) {
if (is_array ($value)) {
@ -91,8 +93,8 @@ function safe_int ($value, $min = false, $max = false) {
*
* It prints a variable value and a message.
*
* @param var Variable to be displayed
* @param mesg Message to be displayed
* @param mixed Variable to be displayed
* @param string Message to be displayed
*/
function pandora_debug ($var, $msg) {
echo "[Pandora DEBUG (".$var."): (".$msg.")<br />";
@ -101,9 +103,9 @@ function pandora_debug ($var, $msg) {
/**
* Clean a string.
*
* @param string
* @param string String to be cleaned
*
* @return
* @return Cleaned given string
*/
function salida_limpia ($string) {
$quote_style = ENT_QUOTES;
@ -375,7 +377,9 @@ function pagination ($count, $url, $offset, $pagination = 0) {
* @return
*/
function format_numeric ($number, $decimals = 1) {
$number = (float) $number; //Translate to float in case there are characters in the string so fmod doesn't throw a notice
//Translate to float in case there are characters in the string so
// fmod doesn't throw a notice
$number = (float) $number;
if ($number == 0)
return 0;
@ -386,7 +390,7 @@ function format_numeric ($number, $decimals = 1) {
$thousands_sep = __(",");
/* If has decimals */
if (fmod ($number , 1) > 0)
if (fmod ($number, 1) > 0)
return number_format ($number, $decimals, $dec_point, $thousands_sep);
return number_format ($number, 0, $dec_point, $thousands_sep);
}

210
pandora_console/include/functions_html.php
View File

@ -500,6 +500,7 @@ function print_table (&$table, $return = false) {
$output .= '<td colspan="'. $countcols .'"><div class="tabledivider"></div></td>';
continue;
}
/* It's a normal row */
foreach ($row as $key => $item) {
if (!isset ($size[$key])) {
@ -614,11 +615,8 @@ function print_radio_button ($name, $value, $label = '', $checkedvalue = '', $re
* @return string HTML code if return parameter is true.
*/
function print_checkbox_extended ($name, $value, $checked, $disabled, $script, $attributes, $return = false) {
static $idcounter = 0;
$htmlid = 'checkbox'.sprintf ('%04d', ++$idcounter);
$output = '<input name="'.$name.'" type="checkbox" value="'.$value.'" '. ($checked ? 'checked': '');
$output .= ' id="'.$htmlid.'"';
$output .= ' id="checkbox-'.$name.'"';
if ($script != '') {
$output .= ' onClick="'. $script . '"';
@ -711,208 +709,4 @@ function print_image ($src, $return = false, $options = false) {
return $output;
echo $output;
}
/**
* Evaluates a result using empty () and then prints an error message or a
* success message
*
* @param mixed $result the results to evaluate. 0, NULL, false, '' or array()
* is bad, the rest is good
* @param string $good the string to be displayed if the result was good
* @param string $bad the string to be displayed if the result was bad
* @param string $attributes any other attributes to be set for the h3
* @param bool $return whether to output the string or return it
* @param string $tag what tag to use (you could specify something else than
* h3 like div or h2
*
* @return string HTML code if return parameter is true.
*/
function print_error_message ($result, $good = '', $bad = '', $attributes = '', $return = false, $tag = 'h3') {
if ($good == '' || $good === false)
$good = __('Request successfully processed');
if ($bad == '' || $bad === false)
$bad = __('Error processing request');
if (empty ($result)) {
$output = '<'.$tag.' class="error" '.$attributes.'>'.$bad.'</'.$tag.'>';
} else {
$output = '<'.$tag.' class="suc" '.$attributes.'>'.$good.'</'.$tag.'>';
}
if ($return === false)
echo $output;
return $output;
}
/**
* Evaluates a unix timestamp and returns a span (or whatever tag specified)
* with as title the correctly formatted full timestamp and a time comparation
* in the tag
*
* @param int $unixtime: Any type of timestamp really, but we prefer unixtime
* @param bool $return whether to output the string or return it
* @param array $option: An array with different options for this function
* Key html_attr: which html attributes to add (defaults to none)
* Key tag: Which html tag to use (defaults to span)
* Key prominent: Overrides user preference and display "comparation" or "timestamp"
*
* @return string HTML code if return parameter is true.
*/
function print_timestamp ($unixtime, $return = false, $option = array ()) {
global $config;
//TODO: Add/use a javascript timer for the seconds so it automatically updates as time passes by
if (isset ($option["html_attr"])) {
$attributes = $option["html_attr"];
} else {
$attributes = "";
}
if (isset ($option["tag"])) {
$tag = $option["tag"];
} else {
$tag = "span";
}
if (!empty ($option["prominent"])) {
$prominent = $option["prominent"];
} else {
$prominent = $config["prominent_time"];
}
if (!is_numeric ($unixtime)) {
$unixtime = strtotime ($unixtime);
}
//prominent_time is either timestamp or comparation
if ($unixtime == 0) {
$title = __('Never');
$data = __('Never');
} elseif ($prominent == "timestamp") {
$title = human_time_comparation ($unixtime);
$data = date ($config["date_format"], $unixtime);
} else {
$title = date ($config["date_format"], $unixtime);
$data = human_time_comparation ($unixtime);
}
$output = '<'.$tag;
switch ($tag) {
default:
//Usually tags have title attributes, so by default we add, then fall through to add attributes and data
$output .= ' title="'.$title.'"';
case "h1":
case "h2":
case "h3":
//Above tags don't have title attributes
$output .= ' '.$attributes.'>'.$data.'</'.$tag.'>';
}
if ($return === false) {
echo $output;
}
return $output;
}
/**
* Prints a username with real name, link to the user_edit page etc.
*
* @param string $username The username to render
* @param bool $return Whether to return or print
*
* @return string HTML code if return parameter is true.
*/
function print_username ($username, $return = false) {
$string = '<a href="index.php?sec=usuario&sec2=operation/users/user_edit&ver='.$username.'">'.dame_nombre_real ($username).'</a>';
if ($return === false) {
echo $string;
}
return $string;
}
/**
* Print group icon within a link
*
* @param string $id_group Group id
* @param bool $return Whether to return or print
* @param string $path What path to use (relative to images/). Defaults to groups_small
* @return string HTML code if return parameter is true.
*/
function print_group_icon ($id_group, $return = false, $path = "groups_small") {
$icon = (string) get_db_value ('icon', 'tgrupo', 'id_grupo', (int) $id_group);
if (empty ($icon)) {
return "-";
}
$return = '<a href="index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=60&group_id='.$id_group.'">';
$return .= '<img class="bot" src="images/'.$path.'/'.$icon.'.png" alt="'.get_group_name ($id_group).'" title="'.get_group_name ($id_group).'" />';
$return .= '</a>';
if ($return === false) {
echo $return;
}
return $return;
}
/**
* Get the icon of an operating system.
*
* @param int $id_os Operating system id
* @param bool $name Whether to also append the name of the OS after the icon
* @param bool $return Whether to return or echo the result
*
* @return string HTML with icon of the OS
*/
function print_os_icon ($id_os, $name = true, $return = false) {
$icon = (string) get_db_value ('icon_name', 'tconfig_os', 'id_os', (int) $id_os);
$os_name = get_os_name ($id_os);
if (empty ($icon)) {
return "-";
}
$output = '<img src="images/'.$icon.'" border="0" alt="'.$os_name.'" title="'.$os_name.'" />';
if ($name === true) {
$output .= ' - '.$os_name;
}
if ($return === false) {
echo $output;
}
return $output;
}
/**
* Prints an agent name with the correct link
*
* @param int $agent Agent id
* @param bool $return Whether to return the string or echo it too
* @param int $cutoff After how much characters to cut off the inside of the link. The full agent name will remain in the roll-over
*
* @return string HTML with agent name and link
**/
function print_agent_name ($id_agent, $return = false, $cutoff = 0) {
$agent_name = (string) get_agent_name ($id_agent);
$output = '<a href="index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente='.$id_agent.'" title="'.$agent_name.'"><b>';
if ($cutoff > 0 && (mb_strlen ($agent_name, "UTF-8") > $cutoff)) {
$output .= mb_substr (utf8_decode ($agent_name), 0, $cutoff, "UTF-8").'...';
} else {
$output .= $agent_name;
}
$output .= '</b></a>';
//TODO: Add a pretty javascript (using jQuery) popup-box with agent details
if ($return === false) {
echo $output;
}
return $output;
}
?>

224
pandora_console/include/functions_ui.php Normal file
View File

@ -0,0 +1,224 @@
<?php
// Pandora FMS - the Flexible Monitoring System
// ============================================
// Copyright (c) 2008 Artica Soluciones Tecnologicas, http://www.artica.es
// Please see http://pandora.sourceforge.net for full contribution list
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU Lesser General Public License (LGPL)
// as published by the Free Software Foundation for version 2.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
/**
* Evaluates a result using empty () and then prints an error message or a
* success message
*
* @param mixed $result the results to evaluate. 0, NULL, false, '' or array()
* is bad, the rest is good
* @param string $good the string to be displayed if the result was good
* @param string $bad the string to be displayed if the result was bad
* @param string $attributes any other attributes to be set for the h3
* @param bool $return whether to output the string or return it
* @param string $tag what tag to use (you could specify something else than
* h3 like div or h2
*
* @return string HTML code if return parameter is true.
*/
function print_error_message ($result, $good = '', $bad = '', $attributes = '', $return = false, $tag = 'h3') {
if ($good == '' || $good === false)
$good = __('Request successfully processed');
if ($bad == '' || $bad === false)
$bad = __('Error processing request');
if (empty ($result)) {
$output = '<'.$tag.' class="error" '.$attributes.'>'.$bad.'</'.$tag.'>';
} else {
$output = '<'.$tag.' class="suc" '.$attributes.'>'.$good.'</'.$tag.'>';
}
if ($return)
return $output;
echo $output;
}
/**
* Evaluates a unix timestamp and returns a span (or whatever tag specified)
* with as title the correctly formatted full timestamp and a time comparation
* in the tag
*
* @param int $unixtime: Any type of timestamp really, but we prefer unixtime
* @param bool $return whether to output the string or return it
* @param array $option: An array with different options for this function
* Key html_attr: which html attributes to add (defaults to none)
* Key tag: Which html tag to use (defaults to span)
* Key prominent: Overrides user preference and display "comparation" or "timestamp"
*
* @return string HTML code if return parameter is true.
*/
function print_timestamp ($unixtime, $return = false, $option = array ()) {
global $config;
//TODO: Add/use a javascript timer for the seconds so it automatically updates as time passes by
if (isset ($option["html_attr"])) {
$attributes = $option["html_attr"];
} else {
$attributes = "";
}
if (isset ($option["tag"])) {
$tag = $option["tag"];
} else {
$tag = "span";
}
if (!empty ($option["prominent"])) {
$prominent = $option["prominent"];
} else {
$prominent = $config["prominent_time"];
}
if (!is_numeric ($unixtime)) {
$unixtime = strtotime ($unixtime);
}
//prominent_time is either timestamp or comparation
if ($unixtime == 0) {
$title = __('Never');
$data = __('Never');
} elseif ($prominent == "timestamp") {
$title = human_time_comparation ($unixtime);
$data = date ($config["date_format"], $unixtime);
} else {
$title = date ($config["date_format"], $unixtime);
$data = human_time_comparation ($unixtime);
}
$output = '<'.$tag;
switch ($tag) {
default:
//Usually tags have title attributes, so by default we add, then fall through to add attributes and data
$output .= ' title="'.$title.'"';
case "h1":
case "h2":
case "h3":
//Above tags don't have title attributes
$output .= ' '.$attributes.'>'.$data.'</'.$tag.'>';
}
if ($return)
return $output;
echo $output;
}
/**
* Prints a username with real name, link to the user_edit page etc.
*
* @param string $username The username to render
* @param bool $return Whether to return or print
*
* @return string HTML code if return parameter is true.
*/
function print_username ($username, $return = false) {
$string = '<a href="index.php?sec=usuario&sec2=operation/users/user_edit&ver='.$username.'">'.dame_nombre_real ($username).'</a>';
if ($return)
return $string;
echo $string;
}
/**
* Print group icon within a link
*
* @param string $id_group Group id
* @param bool $return Whether to return or print
* @param string $path What path to use (relative to images/). Defaults to groups_small
*
* @return string HTML code if return parameter is true.
*/
function print_group_icon ($id_group, $return = false, $path = "groups_small") {
$icon = (string) get_db_value ('icon', 'tgrupo', 'id_grupo', (int) $id_group);
if (empty ($icon)) {
return "-";
}
$return = '<a href="index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=60&group_id='.$id_group.'">';
$return .= '<img class="bot" src="images/'.$path.'/'.$icon.'.png" alt="'.get_group_name ($id_group).'" title="'.get_group_name ($id_group).'" />';
$return .= '</a>';
if ($return)
return $return;
echo $return;
}
/**
* Get the icon of an operating system.
*
* @param int Operating system id
* @param bool Whether to also append the name of the OS after the icon
* @param bool Whether to return or echo the result
*
* @return string HTML with icon of the OS
*/
function print_os_icon ($id_os, $name = true, $return = false) {
$icon = (string) get_db_value ('icon_name', 'tconfig_os', 'id_os', (int) $id_os);
$os_name = get_os_name ($id_os);
if (empty ($icon)) {
return "-";
}
$output = '<img src="images/'.$icon.'" border="0" alt="'.$os_name.'" title="'.$os_name.'" />';
if ($name === true) {
$output .= ' - '.$os_name;
}
if ($return)
return $output;
echo $output;
}
/**
* Prints an agent name with the correct link
*
* @param int $agent Agent id
* @param bool $return Whether to return the string or echo it too
* @param int $cutoff After how much characters to cut off the inside of the link.
* The full agent name will remain in the roll-over
*
* @return string HTML with agent name and link
**/
function print_agent_name ($id_agent, $return = false, $cutoff = 0) {
$agent_name = (string) get_agent_name ($id_agent);
$output = '<a href="index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente='.$id_agent.'" title="'.$agent_name.'"><b>';
if ($cutoff > 0 && (mb_strlen ($agent_name, "UTF-8") > $cutoff)) {
$output .= mb_substr (utf8_decode ($agent_name), 0, $cutoff, "UTF-8").'...';
} else {
$output .= $agent_name;
}
$output .= '</b></a>';
//TODO: Add a pretty javascript (using jQuery) popup-box with agent details
if ($return)
return $output;
echo $output;
}
?>

60
pandora_console/index.php
View File

@ -151,50 +151,32 @@ if (! isset ($_SESSION['id_usuario']) && isset ($_GET["login"])) {
$row = get_db_row_sql ($sql);
// For every registry
if ($row !== false) {
if ($row["password"] == md5 ($pass)) {
// Login OK
// Nick could be uppercase or lowercase (select in MySQL
// is not case sensitive)
// We get DB nick to put in PHP Session variable,
// to avoid problems with case-sensitive usernames.
// Thanks to David Muñiz for Bug discovery :)
$nick = $row["id_usuario"];
unset ($_GET["sec2"]);
$_GET["sec"] = "general/logon_ok";
update_user_contact ($nick);
logon_db ($nick, $config["remote_addr"]);
$_SESSION['id_usuario'] = $nick;
$config['id_user'] = $nick;
unset ($_GET['pass'], $pass);
} else {
// Login failed (bad password)
unset ($_GET["sec2"]);
require "general/logon_failed.php";
// change password to do not show any string
// $primera = substr ($pass,0,1);
// $ultima = substr ($pass, strlen ($pass) - 1, 1);
// $pass = $primera . "****" . $ultima;
audit_db ($nick, $config["remote_addr"], "Logon Failed",
"Incorrect password: " . $nick);
exit;
}
if ($row !== false && $row["password"] == md5 ($pass)) {
// Login OK
// Nick could be uppercase or lowercase (select in MySQL
// is not case sensitive)
// We get DB nick to put in PHP Session variable,
// to avoid problems with case-sensitive usernames.
// Thanks to David Muñiz for Bug discovery :)
$nick = $row["id_usuario"];
unset ($_GET["sec2"]);
$_GET["sec"] = "general/logon_ok";
update_user_contact ($nick);
logon_db ($nick, $REMOTE_ADDR);
$_SESSION['id_usuario'] = $nick;
$config['id_user'] = $nick;
unset ($_GET['pass'], $pass);
} else {
// User not known
unset ($_GET["sec2"]);
require "general/logon_failed.php";
// do not show any password string. Unsafe especially with
// short passwords
//$primera = substr ($pass, 0, 1);
//$ultima = substr ($pass, strlen ($pass) - 1, 1);
//$pass = $primera . "****" . $ultima;
audit_db ($nick, $config["remote_addr"], "Logon Failed",
"Invalid username: " . $nick);
$login_failed = true;
require_once ('general/login_page.php');
audit_db ($nick, $REMOTE_ADDR, "Logon Failed",
"Invalid login: ".$nick);
exit;
}
} elseif (! isset ($_SESSION['id_usuario'])) {
// There is no user connected
include "general/login_page.php";
require_once ('general/login_page.php');
echo '</body></html>';
exit;
} else {
@ -269,4 +251,4 @@ if ($config["pure"] == 0) {
}
echo '</body></html>';
?>
?>