From 9a4725dd3e018298c6ddc6d76a21942cd6b333e6 Mon Sep 17 00:00:00 2001
From: slerena <slerena@gmail.com>
Date: Tue, 2 Sep 2008 16:08:11 +0000
Subject: [PATCH] 2008-09-02  Sancho Lerena <slerena@gmail.com>

	* functions.php: Added function to clean SQL string.

	* setup/news.php: Fixed problem adding new news.

	* setup/link.php: Added mysql recheck to input var.

	* login_page.php: Removed "Welcome", added a blank line before title.

	* logon_failed.php: Was rending bad in IE.

	* footer.php: Added Firefox button and tooltip about best view in Firefox.

	* header.php: Old rendering was crazy in IE. New code to set render exactly
	equal on IE and Firefox. PLEASE DO NOT USE TABULAR phpp functions here, this is
	pure HTML formatting.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1069 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
 pandora_console/ChangeLog                |  19 ++++++++
 pandora_console/general/footer.php       |  10 +++-
 pandora_console/general/header.php       |  57 ++++++++++++++++++++++-
 pandora_console/general/login_page.php   |   6 ++-
 pandora_console/general/logon_failed.php |  10 ++--
 pandora_console/godmode/setup/links.php  |   3 +-
 pandora_console/godmode/setup/news.php   |   4 +-
 pandora_console/images/firefox.gif       | Bin 0 -> 1267 bytes
 pandora_console/include/functions.php    |   6 +++
 9 files changed, 103 insertions(+), 12 deletions(-)
 create mode 100644 pandora_console/images/firefox.gif

diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog
index 912f238582..f8d1b3cf8a 100644
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@@ -1,3 +1,22 @@
+
+2008-09-02  Sancho Lerena <slerena@gmail.com>
+
+	* functions.php: Added function to clean SQL string.
+
+	* setup/news.php: Fixed problem adding new news.
+
+	* setup/link.php: Added mysql recheck to input var.
+
+	* login_page.php: Removed "Welcome", added a blank line before title.
+
+	* logon_failed.php: Was rending bad in IE.
+
+	* footer.php: Added Firefox button and tooltip about best view in Firefox.
+
+	* header.php: Old rendering was crazy in IE. New code to set render exactly
+	equal on IE and Firefox. PLEASE DO NOT USE TABULAR phpp functions here, this is 
+	pure HTML formatting.
+
 2008-09-02  Esteban Sanchez  <estebans@artica.es>
 
 	* extensions/update_manager/lib/*: Update Manager has its own license
diff --git a/pandora_console/general/footer.php b/pandora_console/general/footer.php
index adf37ea546..8492d4da93 100644
--- a/pandora_console/general/footer.php
+++ b/pandora_console/general/footer.php
@@ -20,13 +20,19 @@ if (isset($_SERVER['REQUEST_TIME'])) {
 } else {
 	$time = time();
 }
-									
+
+
+echo "<center>";
+
+
 echo '<a class="white_bold" target="_new" href="general/license/pandora_info_'.$config["language"].'.html">Pandora FMS '.$pandora_version.' - Build '.$build_version.'<br>';
-echo __('is an OpenSource Software Project, licensed under GPL terms').'</a><br/>';
 echo '<a class="white">'. __('Page generated at') . ' '. format_datetime ($time);
 
 if ((isset($develop_bypass)) AND ($develop_bypass == 1)) {
 	echo ' - Saved '.format_numeric ($sql_cache["saved"]).' Queries';
 }
 echo '</a><br>';
+echo "<a href='http://www.mozilla.org'><img src='images/firefox.gif' align='middle' title='Pandora FMS console is best viewed with firefox'></a>";
+echo "</center>";
+
 ?>
diff --git a/pandora_console/general/header.php b/pandora_console/general/header.php
index 06966473ba..b9931ea944 100644
--- a/pandora_console/general/header.php
+++ b/pandora_console/general/header.php
@@ -16,9 +16,61 @@
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
-echo '<div id="head_r"><span id="logo_text1">Pandora</span> <span id="logo_text2">FMS</span></div>
-<div id="head_l"><a href="index.php"><img src="images/pandora_logo_head.png" border="0" alt="logo" /></a></div><div id="head_m">';
+echo "<table width=100% cellpadding=0 cellspacing=0 style='margin:0px; padding:0px;' border=0>";
+echo "<tr>";
+echo "<td>";
 
+// Yes, put here your corporate logo instead pandora_logo_head.png
+
+echo '<a href="index.php"><img src="images/pandora_logo_head.png" border="0" alt="logo" /></a>';
+
+// Margin to logo
+
+echo "<td width=20>";
+
+// First column
+echo "<td>";
+echo '<img src="images/user_'.((dame_admin ($_SESSION["id_usuario"]) == 1) ? 'suit' : 'green' ).'.png" class="bot">&nbsp;'.'<a class="white">'.__('You are ').'[<b>'.$_SESSION["id_usuario"].'</b>]</a>';
+
+echo "<br><br>";
+
+echo '<a class="white_bold" href="index.php?bye=bye"><img src="images/lock.png" class="bot">&nbsp;'. __('Logout').'</a>';
+
+
+
+// Second column
+echo "<td>";
+echo '<a class="white_bold" href="index.php?sec=main"><img src="images/information.png" class="bot">&nbsp;'.__('General information').'</a>';
+
+echo "<br><br>";
+
+echo '<a class="white_bold" href="index.php?sec=estado_server&sec2=operation/servers/view_server&refr=60">';
+if (check_server_status () == 0)
+	echo '<img src="images/error.png" class="bot" />&nbsp;'.__('Server status: DOWN');
+else
+    echo '<img src="images/ok.png" class="bot" />&nbsp;'.__('System ready');
+echo "</a>";
+
+
+// Third column
+// Autorefresh
+echo "<td>";
+if (get_parameter ("refr") != 0) 
+	echo '<a class="white_grey_bold" href="'.((substr($_SERVER['REQUEST_URI'],-1) != "/") ? $_SERVER['REQUEST_URI'] : 'index.php?' ).'&refr=0"><img src="images/page_lightning.png" class="bot" />&nbsp;'. __('Autorefresh').'</a>';
+else
+	echo '<a class="white_bold" href="'.((substr($_SERVER['REQUEST_URI'],-1) != "/") ? $_SERVER['REQUEST_URI'] : "index.php?" ).'&refr=5"><img src="images/page_lightning.png" class="bot" />&nbsp;'.__('Autorefresh').'</a>';
+
+echo "<br><br>";
+
+echo '<a class="white_bold" href="index.php?sec=eventos&sec2=operation/events/events&refr=5"><img src="images/lightning_go.png" class="bot" />&nbsp;'.__('Events').'</a>';
+
+// logo
+
+echo "<td>";
+echo '<div id="head_r"><span id="logo_text1">Pandora</span> <span id="logo_text2">FMS</span></div>';
+
+echo "</table>";
+/*
 if(!isset ($_SESSION["id_usuario"])) {
 	echo "</div>";
 	return;
@@ -58,5 +110,6 @@ $table->data[] = array (
 print_table ($table);
 unset ($table);
 echo "</div>";
+*/
 
 ?>
diff --git a/pandora_console/general/login_page.php b/pandora_console/general/login_page.php
index 8640e78ea6..b8fe4e16fd 100644
--- a/pandora_console/general/login_page.php
+++ b/pandora_console/general/login_page.php
@@ -29,7 +29,7 @@ if (isset($_GET['sec'])){
 }
 
 echo '<div class="databox" id="login">
-	<h1 id="log">'.__('Welcome to Pandora FMS Web Console').'</h1>
+	<h1 id="log">'.__('Pandora FMS Web Console').'</h1><br>
 	<div class="databox" id="login_in">
 		<form method="post" action="index.php?login=1">
 		<table cellpadding="4" cellspacing="1" width="400">
@@ -49,6 +49,8 @@ echo '<div class="databox" id="login">
 		'.((strlen($addr) > 0) ? print_input_hidden("redirect",$addr,true) : '').'
 		</form>
 	</div>
-	<div id="ip">IP: <b class="f10">'.$REMOTE_ADDR.'</b></div>
+	<div id="ip">IP: <b class="f10">'.$REMOTE_ADDR.'</b>
+</div>
+
 	</div><script type="text/javascript">document.getElementById(\'nick\').focus();</script>';
 ?>
diff --git a/pandora_console/general/logon_failed.php b/pandora_console/general/logon_failed.php
index 32326c917e..0fe4b0db13 100644
--- a/pandora_console/general/logon_failed.php
+++ b/pandora_console/general/logon_failed.php
@@ -20,14 +20,16 @@
 <div class='databox' id='login'>
 	<div id='login_f' class='databox'>
 		<h1 id="log_f" style='margin-top: 0px;' class="error"><?php echo __('Authentication Error'); ?></h1>
-		<div id='noa' style='width:50px' >
-			<img src='images/noaccess.png' alt='No access'>
-		</div>
-
+	
 		<div style='width: 350px'>
 			<a href="index.php"><img src="images/pandora_logo.png" border="0"></a><br>
 			<?php echo $pandora_version; ?>
 		</div>
+		<center>
+		<div>
+			<img src='images/noaccess.png' alt='No access'>
+		</div>
+		</center>
 
 		<div class="msg"><?php echo __('Either, your password or your login are incorrect. Please check your CAPS LOCK key, username and password are case SeNSiTiVe.<br><br>All actions, included failed login attempts are logged in Pandora FMS System logs, and these can be reviewed by each user, please report to admin any incident or malfunction.'); ?></div>
 	</div>
diff --git a/pandora_console/godmode/setup/links.php b/pandora_console/godmode/setup/links.php
index 891c17e1ad..372968fdf2 100644
--- a/pandora_console/godmode/setup/links.php
+++ b/pandora_console/godmode/setup/links.php
@@ -32,7 +32,8 @@ if (! give_acl ($config['id_user'], 0, "PM") || ! dame_admin ($config['id_user']
 	if (isset($_POST["create"])){ // If create
 		$name = entrada_limpia($_POST["name"]);
 		$link = entrada_limpia($_POST["link"]);
-		$sql_insert="INSERT INTO tlink (name,link) VALUES ('$name','$link') ";
+		$link = safe_sql_string ($link);
+		$sql_insert = "INSERT INTO tlink (name,link) VALUES ('$name','$link')";
 		$result=mysql_query($sql_insert);	
 		if (! $result)
 			echo "<h3 class='error'>".__('There was a problem creating link')."</h3>";
diff --git a/pandora_console/godmode/setup/news.php b/pandora_console/godmode/setup/news.php
index 3ad1b54e6a..273bf628e9 100644
--- a/pandora_console/godmode/setup/news.php
+++ b/pandora_console/godmode/setup/news.php
@@ -31,11 +31,13 @@ if (! give_acl ($config['id_user'], 0, "PM")) {
 if (isset ($_POST["create"])) { // If create
 	$subject = get_parameter ("subject");
 	$text = get_parameter ("text");
+	$text = safe_sql_string ($text);
+
 	$timestamp = $ahora = date ("Y/m/d H:i:s");
 	$author = $config['id_user'];
 	
 	$sql = "INSERT INTO tnews (subject, text, author, timestamp) VALUES ('$subject','$text', '$author', '$timestamp') ";
-	$result = mysql_query ($sql_insert);
+	$result = mysql_query ($sql);
 	if (! $result) {
 		echo "<h3 class='error'>".__('Not created. Error inserting data')."</h3>";
 	} else {
diff --git a/pandora_console/images/firefox.gif b/pandora_console/images/firefox.gif
new file mode 100644
index 0000000000000000000000000000000000000000..50d88f7332dc4aff7b1c5a2f1df9d402df992662
GIT binary patch
literal 1267
zcmZ?wbhEHb3}E1A_|5<ZlDZ6v)=Z*#{F156@<j~VAq>jt3|hGi#%T<Or3|K3hH^gQ
z9#ITVRScfRI*v}}UIB(-u@-^3@fy6rmYOx%((ZQd31%+A@mXnUX$-cF3{IU4p4|))
z%?#nw8N%i;L@#DYo5_&6ls#h^L-snRx)lt?8yHHrFw|~luh_y@yOXtP4MWR5hR*Fg
z&HDtJ_A~SzVVHE3Vdfe3+2{EupW&Q!Qn34o=!BD;i?50;yD6~pro`I&GFzX??Rr(y
z-8oZ6vcp1nlAiH8d5*2D4EseG7Adl<R%cnS$G*f;a*G<%c4M~vR&1+7H1@ix?#(ip
z5bxERSg<?aVM$%aX-$UfwhU+7`HnjYU36f&;m>~8o8^kH*p*PhbIGbtf|;I2aXgF=
ze3>NhK27R*p5m)g&G&WspRyFc<f%VzviQ(o`>DhFa97;*DRIZziVjW7d(rRzx!?Ii
zf55ld0Z(V-zFJc8ZFSbfiF@B1@Bego!I?8>o;`c^?%lheuO58={{8>||B&DxB?mAB
zbU=24@&W_LKZbe^8IKJM4mNWLYpL8|ac*Q}7AW~)kkry8ZeH=@MhEjTE+P9r9WtJq
zmYkfd5xh#|Bs-6+HH$#b3xmQV{hInEUv5+;w{lI;ZswA$D&iB@<Ka_?*pTSlW|674
z=YeDBab8h-XQ8{NzNXCA3p?Z#dAO~2igEfRpA8!qv-L=6hh12(aO>*Wb=B((Zcb9`
zn`2daWQO78hSpvg%e*T$8fUyap+CXZ>7SD2CV7S#u1pu^%>4Z9^jydOKQ)z0=BY*=
zYMJ@RwMW80%;$uIk2QO*WR&LQD}O6YPM$wt`d=<C$|BRgazn<)Lp7UT>3iwzm|&Rv
z?vA8U(eI5mJGZAlT;O>#neCqCj`tI57a7E#m)azx>aF20!Eyh-Z*M1gf3lN{u_^rU
zZ{jj{vDc>8<;24F6t=VI9eI$zqkARwW|{Ci_c@i18_j3cKiC?$pm9R0qMLZdj*AT(
znp+k;;?%rSdc9lQ(vd~<jiou8WU7r|BfIi~2ah>qN**ZnxJ<j!E)Xh`q1>0X;Nt;y
z)j0}JIed8|pG<YX6tOtld>UiBj9f>+p&7|}3mT?|3+-eVh!We;BIu?d*uWrKBH-j&
o(RSdVQ_Z)R%N?CXJ}L^k%QU(Ou&F$7U{`2)@M1AH3k!oa00-J|eE<Le

literal 0
HcmV?d00001

diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php
index 85ad339473..a6d73ecada 100644
--- a/pandora_console/include/functions.php
+++ b/pandora_console/include/functions.php
@@ -1195,4 +1195,10 @@ function unsafe_string ($string) {
 	return $string;
 }
 
+function safe_sql_string ($string){
+	if (get_magic_quotes_gpc() == 0) 
+    	$string = mysql_escape_string ($string);
+	return $string;
+}
+
 ?>