2008-09-02 Sancho Lerena <slerena@gmail.com>

* functions.php: Added function to clean SQL string.

	* setup/news.php: Fixed problem adding new news.

	* setup/link.php: Added mysql recheck to input var.

	* login_page.php: Removed "Welcome", added a blank line before title.

	* logon_failed.php: Was rending bad in IE.

	* footer.php: Added Firefox button and tooltip about best view in Firefox.

	* header.php: Old rendering was crazy in IE. New code to set render exactly
	equal on IE and Firefox. PLEASE DO NOT USE TABULAR phpp functions here, this is 
	pure HTML formatting.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1069 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f

pandora_console/ChangeLog

@@ -1,3 +1,22 @@
+
+2008-09-02  Sancho Lerena <slerena@gmail.com>
+
+	* functions.php: Added function to clean SQL string.
+
+	* setup/news.php: Fixed problem adding new news.
+
+	* setup/link.php: Added mysql recheck to input var.
+
+	* login_page.php: Removed "Welcome", added a blank line before title.
+
+	* logon_failed.php: Was rending bad in IE.
+
+	* footer.php: Added Firefox button and tooltip about best view in Firefox.
+
+	* header.php: Old rendering was crazy in IE. New code to set render exactly
+	equal on IE and Firefox. PLEASE DO NOT USE TABULAR phpp functions here, this is 
+	pure HTML formatting.
+
 2008-09-02  Esteban Sanchez  <estebans@artica.es>
 
 	* extensions/update_manager/lib/*: Update Manager has its own license

pandora_console/general/footer.php

@@ -20,13 +20,19 @@ if (isset($_SERVER['REQUEST_TIME'])) {
 } else {
 	$time = time();
 }
-									
+
+
+echo "<center>";
+
+
 echo '<a class="white_bold" target="_new" href="general/license/pandora_info_'.$config["language"].'.html">Pandora FMS '.$pandora_version.' - Build '.$build_version.'<br>';
-echo __('is an OpenSource Software Project, licensed under GPL terms').'</a><br/>';
 echo '<a class="white">'. __('Page generated at') . ' '. format_datetime ($time);
 
 if ((isset($develop_bypass)) AND ($develop_bypass == 1)) {
 	echo ' - Saved '.format_numeric ($sql_cache["saved"]).' Queries';
 }
 echo '</a><br>';
+echo "<a href='http://www.mozilla.org'><img src='images/firefox.gif' align='middle' title='Pandora FMS console is best viewed with firefox'></a>";
+echo "</center>";
+
 ?>

pandora_console/general/header.php

@@ -16,9 +16,61 @@
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
-echo '<div id="head_r"><span id="logo_text1">Pandora</span> <span id="logo_text2">FMS</span></div>
-<div id="head_l"><a href="index.php"><img src="images/pandora_logo_head.png" border="0" alt="logo" /></a></div><div id="head_m">';
+echo "<table width=100% cellpadding=0 cellspacing=0 style='margin:0px; padding:0px;' border=0>";
+echo "<tr>";
+echo "<td>";
 
+// Yes, put here your corporate logo instead pandora_logo_head.png
+
+echo '<a href="index.php"><img src="images/pandora_logo_head.png" border="0" alt="logo" /></a>';
+
+// Margin to logo
+
+echo "<td width=20>";
+
+// First column
+echo "<td>";
+echo '<img src="images/user_'.((dame_admin ($_SESSION["id_usuario"]) == 1) ? 'suit' : 'green' ).'.png" class="bot">&nbsp;'.'<a class="white">'.__('You are ').'[<b>'.$_SESSION["id_usuario"].'</b>]</a>';
+
+echo "<br><br>";
+
+echo '<a class="white_bold" href="index.php?bye=bye"><img src="images/lock.png" class="bot">&nbsp;'. __('Logout').'</a>';
+
+
+
+// Second column
+echo "<td>";
+echo '<a class="white_bold" href="index.php?sec=main"><img src="images/information.png" class="bot">&nbsp;'.__('General information').'</a>';
+
+echo "<br><br>";
+
+echo '<a class="white_bold" href="index.php?sec=estado_server&sec2=operation/servers/view_server&refr=60">';
+if (check_server_status () == 0)
+	echo '<img src="images/error.png" class="bot" />&nbsp;'.__('Server status: DOWN');
+else
+    echo '<img src="images/ok.png" class="bot" />&nbsp;'.__('System ready');
+echo "</a>";
+
+
+// Third column
+// Autorefresh
+echo "<td>";
+if (get_parameter ("refr") != 0) 
+	echo '<a class="white_grey_bold" href="'.((substr($_SERVER['REQUEST_URI'],-1) != "/") ? $_SERVER['REQUEST_URI'] : 'index.php?' ).'&refr=0"><img src="images/page_lightning.png" class="bot" />&nbsp;'. __('Autorefresh').'</a>';
+else
+	echo '<a class="white_bold" href="'.((substr($_SERVER['REQUEST_URI'],-1) != "/") ? $_SERVER['REQUEST_URI'] : "index.php?" ).'&refr=5"><img src="images/page_lightning.png" class="bot" />&nbsp;'.__('Autorefresh').'</a>';
+
+echo "<br><br>";
+
+echo '<a class="white_bold" href="index.php?sec=eventos&sec2=operation/events/events&refr=5"><img src="images/lightning_go.png" class="bot" />&nbsp;'.__('Events').'</a>';
+
+// logo
+
+echo "<td>";
+echo '<div id="head_r"><span id="logo_text1">Pandora</span> <span id="logo_text2">FMS</span></div>';
+
+echo "</table>";
+/*
 if(!isset ($_SESSION["id_usuario"])) {
 	echo "</div>";
 	return;
@@ -58,5 +110,6 @@ $table->data[] = array (
 print_table ($table);
 unset ($table);
 echo "</div>";
+*/
 
 ?>

pandora_console/general/login_page.php

@@ -29,7 +29,7 @@ if (isset($_GET['sec'])){
 }
 
 echo '<div class="databox" id="login">
-	<h1 id="log">'.__('Welcome to Pandora FMS Web Console').'</h1>
+	<h1 id="log">'.__('Pandora FMS Web Console').'</h1><br>
 	<div class="databox" id="login_in">
 		<form method="post" action="index.php?login=1">
 		<table cellpadding="4" cellspacing="1" width="400">
@@ -49,6 +49,8 @@ echo '<div class="databox" id="login">
 		'.((strlen($addr) > 0) ? print_input_hidden("redirect",$addr,true) : '').'
 		</form>
 	</div>
-	<div id="ip">IP: <b class="f10">'.$REMOTE_ADDR.'</b></div>
+	<div id="ip">IP: <b class="f10">'.$REMOTE_ADDR.'</b>
+</div>
+
 	</div><script type="text/javascript">document.getElementById(\'nick\').focus();</script>';
 ?>

pandora_console/general/logon_failed.php

@@ -20,14 +20,16 @@
 <div class='databox' id='login'>
 	<div id='login_f' class='databox'>
 		<h1 id="log_f" style='margin-top: 0px;' class="error"><?php echo __('Authentication Error'); ?></h1>
-		<div id='noa' style='width:50px' >
-			<img src='images/noaccess.png' alt='No access'>
-		</div>
-
+	
 		<div style='width: 350px'>
 			<a href="index.php"><img src="images/pandora_logo.png" border="0"></a><br>
 			<?php echo $pandora_version; ?>
 		</div>
+		<center>
+		<div>
+			<img src='images/noaccess.png' alt='No access'>
+		</div>
+		</center>
 
 		<div class="msg"><?php echo __('Either, your password or your login are incorrect. Please check your CAPS LOCK key, username and password are case SeNSiTiVe.<br><br>All actions, included failed login attempts are logged in Pandora FMS System logs, and these can be reviewed by each user, please report to admin any incident or malfunction.'); ?></div>
 	</div>

pandora_console/godmode/setup/links.php

@@ -32,7 +32,8 @@ if (! give_acl ($config['id_user'], 0, "PM") || ! dame_admin ($config['id_user']
 	if (isset($_POST["create"])){ // If create
 		$name = entrada_limpia($_POST["name"]);
 		$link = entrada_limpia($_POST["link"]);
-		$sql_insert="INSERT INTO tlink (name,link) VALUES ('$name','$link') ";
+		$link = safe_sql_string ($link);
+		$sql_insert = "INSERT INTO tlink (name,link) VALUES ('$name','$link')";
 		$result=mysql_query($sql_insert);	
 		if (! $result)
 			echo "<h3 class='error'>".__('There was a problem creating link')."</h3>";

pandora_console/godmode/setup/news.php

@@ -31,11 +31,13 @@ if (! give_acl ($config['id_user'], 0, "PM")) {
 if (isset ($_POST["create"])) { // If create
 	$subject = get_parameter ("subject");
 	$text = get_parameter ("text");
+	$text = safe_sql_string ($text);
+
 	$timestamp = $ahora = date ("Y/m/d H:i:s");
 	$author = $config['id_user'];
 	
 	$sql = "INSERT INTO tnews (subject, text, author, timestamp) VALUES ('$subject','$text', '$author', '$timestamp') ";
-	$result = mysql_query ($sql_insert);
+	$result = mysql_query ($sql);
 	if (! $result) {
 		echo "<h3 class='error'>".__('Not created. Error inserting data')."</h3>";
 	} else {

pandora_console/include/functions.php

@@ -1195,4 +1195,10 @@ function unsafe_string ($string) {
 	return $string;
 }
 
+function safe_sql_string ($string){
+	if (get_magic_quotes_gpc() == 0) 
+    	$string = mysql_escape_string ($string);
+	return $string;
+}
+
 ?>