tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2009-11-27 Sancho lerena <slerena@artica.es> 

* operation/menu.php: User section has no ACL check, always can be seen.

	* index.php: Added suppor for user-defined custom language (this code was
	on my disk for 3 months, pending to be commited!).

	* include/functions_db.php,
	* include/functions_agents.php,
	* godmode/alerts/alert_list.php,
	* godmode/agentes/modificar_agente.php, 
	* godmode/agentes/configurar_agente.php: Added audit calls to several 
	management operations who don't have or have insufficient audit info.

	* godmode/users/configure_user.php: Fixed several annoyings bugs. Added
	custom language support, and added more audit info on management operations.

	* godmode/users/user_list.php: More audit info.

	* include/config_process.php: Add new debug option to render error log to
	/pandora_console.log. Also set timezone if not defined (this makes warnings
	on several PHP 5.x setups). Added user custom language support.

	* include/functions_events.php: More audit info. Fixed problems with HTML
	encoding render.

	* functions_io.php: Some cleaning.

	* include/functions_messages.php: Fixed problems with HTML
	encoding render.

	* functions_ui.php: Fixed problems with HTML encoding render in 
	print_string_substr() function.

	* auth/mysql.php: is_user_admin() functions seems to be broken ¿?¿!. Fixed.

	* styles/pandora.css: removed green colored left border in default style.

	* message.php, incident*:  Fixed problems with HTML encoding render.

	* user.php: Better ACL check before let user to view/edit another user.

	* user_edit: Removed some un-used form fields, some arrangements in layout,
	and FIXED forever problems with password change (new code written).  

	* users/user_statistics.php: Now user can see its own audit records.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@2139 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
slerena 2009-11-27 20:02:12 +00:00
parent 864840773b
commit b8d839b5c7
23 changed files with 381 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
pandora_console/ChangeLog
View File

@ -1,3 +1,50 @@
2009-11-27 Sancho lerena <slerena@artica.es>
* operation/menu.php: User section has no ACL check, always can be seen.
* index.php: Added suppor for user-defined custom language (this code was
on my disk for 3 months, pending to be commited!).
* include/functions_db.php,
* include/functions_agents.php,
* godmode/alerts/alert_list.php,
* godmode/agentes/modificar_agente.php,
* godmode/agentes/configurar_agente.php: Added audit calls to several
management operations who don't have or have insufficient audit info.
* godmode/users/configure_user.php: Fixed several annoyings bugs. Added
custom language support, and added more audit info on management operations.
* godmode/users/user_list.php: More audit info.
* include/config_process.php: Add new debug option to render error log to
/pandora_console.log. Also set timezone if not defined (this makes warnings
on several PHP 5.x setups). Added user custom language support.
* include/functions_events.php: More audit info. Fixed problems with HTML
encoding render.
* functions_io.php: Some cleaning.
* include/functions_messages.php: Fixed problems with HTML
encoding render.
* functions_ui.php: Fixed problems with HTML encoding render in
print_string_substr() function.
* auth/mysql.php: is_user_admin() functions seems to be broken ¿?¿!. Fixed.
* styles/pandora.css: removed green colored left border in default style.
* message.php, incident*: Fixed problems with HTML encoding render.
* user.php: Better ACL check before let user to view/edit another user.
* user_edit: Removed some un-used form fields, some arrangements in layout,
and FIXED forever problems with password change (new code written).
* users/user_statistics.php: Now user can see its own audit records.
2009-11-27 Miguel de Dios <miguel.dedios@artica.es>
* include/functions_html.php: add disabled parameter in functions,

24
pandora_console/godmode/agentes/configurar_agente.php
View File

@ -145,6 +145,9 @@ if ($create_agent) {
agent_add_address ($id_agente, $direccion_agente);
$agent_created_ok = true;
audit_db ($config['id_user'], $REMOTE_ADDR, "Agent management",
"Created agent $nombre_agente");
// Create special module agent_keepalive
$id_agent_module = process_sql_insert ('tagente_modulo',
@ -345,6 +348,9 @@ if (isset($_POST["update_agent"])) { // if modified some agent paramenter
} else {
enterprise_hook ('update_agent', array ($id_agente));
print_success_message (__('Successfully updated'));
audit_db ($config['id_user'], $REMOTE_ADDR, "Agent management",
"Updated agent $nombre_agente");
}
}
}
@ -483,6 +489,11 @@ if ($update_module) {
echo '<h3 class="suc">'.__('Module successfully updated').'</h3>';
$id_agent_module = false;
$edit_module = false;
$agent = get_db_row ('tagente', 'id_agente', $id_agente);
audit_db ($config['id_user'], $REMOTE_ADDR, "Agent management",
"Updated module '$name' for agent ".$agent["nombre"]);
}
}
@ -537,6 +548,10 @@ if ($create_module) {
echo '<h3 class="suc">'.__('Module added successfully').'</h3>';
$id_agent_module = false;
$edit_module = false;
$agent = get_db_row ('tagente', 'id_agente', $id_agente);
audit_db ($config['id_user'], $REMOTE_ADDR, "Agent management",
"Added module '$name' for agent ".$agent["nombre"]);
}
}
@ -544,7 +559,8 @@ if ($create_module) {
// =================
if (isset ($_GET["delete_module"])){ // DELETE agent module !
$id_borrar_modulo = (int) get_parameter_get ("delete_module",0);
$id_grupo = (int) dame_id_grupo ($id_agente);
$module_data = get_db_row ('tagente_modulo', 'id_agente_modulo', $id_borrar_modulo);
$id_grupo = (int) dame_id_grupo ($id_agente);
if (! give_acl ($config["id_user"], $id_grupo, "AW")) {
audit_db($config["id_user"],$REMOTE_ADDR, "ACL Violation",
@ -556,7 +572,7 @@ if (isset ($_GET["delete_module"])){ // DELETE agent module !
if ($id_borrar_modulo < 1) {
audit_db ($config["id_user"],$REMOTE_ADDR, "HACK Attempt",
"Expected variable from form is not correct");
die ("Nice try buddy");
require ("general/noaccess.php");
exit;
}
@ -585,6 +601,10 @@ if (isset ($_GET["delete_module"])){ // DELETE agent module !
} else {
process_sql_commit ();
print_success_message (__('Module deleted succesfully'));
$agent = get_db_row ('tagente', 'id_agente', $id_agente);
audit_db ($config['id_user'], $REMOTE_ADDR, "Agent management",
"Deleted module '".$module_data["nombre"]."' for agent ".$agent["nombre"]);
}
}

3
pandora_console/godmode/agentes/modificar_agente.php
View File

@ -42,8 +42,7 @@ if (isset ($_GET["borrar_agente"])) { // if delete agent
$id_grupo = dame_id_grupo ($id_agente);
if (give_acl ($config["id_user"], $id_grupo, "AW")==1) {
$id_agentes[0] = $id_agente;
if (delete_agent ($id_agentes))
audit_db($config["id_user"],$REMOTE_ADDR, "Agent \'$agent_name\' deleted", "Agent Management");
delete_agent ($id_agentes);
} else { // NO permissions.
audit_db ($config["id_user"],$REMOTE_ADDR, "ACL Violation",
"Trying to delete agent \'$agent_name\'");

20
pandora_console/godmode/alerts/alert_list.php
View File

@ -118,6 +118,16 @@ if ($create_alert) {
}
else {
$id = create_alert_agent_module ($id_agent_module, $id_alert_template);
//get_db_value ('name', 'tperfil', 'id_perfil', (int) $id_profile);
$alert_template_name = get_db_value ("name", "talert_templates","id", $id_alert_template);
$module_name = get_db_value ("nombre", "tagente_modulo","id_agente_modulo", $id_agent_module);
$agent_name = get_agent_name (get_db_value ("id_agente", "tagente_modulo","id_agente_modulo", $id_agent_module));
audit_db ($config["id_user"],$REMOTE_ADDR, "Alert management",
"Added alert '$alert_template_name' for module '$module_name' in agent '$agent_name'");
print_result_message ($id,
__('Successfully created'),
__('Could not be created'));
@ -138,6 +148,16 @@ if ($create_alert) {
if ($delete_alert) {
$id_alert_agent_module = (int) get_parameter ('id_alert');
$temp = get_db_row ("talert_template_modules","id", $id_alert_agent_module);
$id_alert_template = $temp["id_alert_template"];
$id_agent_module = $temp["id_agent_module"];
$alert_template_name = get_db_value ("name", "talert_templates","id", $id_alert_template);
$module_name = get_db_value ("nombre", "tagente_modulo","id_agente_modulo", $id_agent_module);
$agent_name = get_agent_name (get_db_value ("id_agente", "tagente_modulo","id_agente_modulo", $id_agent_module));
audit_db ($config["id_user"],$REMOTE_ADDR, "Alert management",
"Deleted alert '$alert_template_name' for module '$module_name' in agent '$agent_name'");
$result = delete_alert_agent_module ($id_alert_agent_module);
print_result_message ($id,
__('Successfully deleted'),

61
pandora_console/godmode/users/configure_user.php
View File

@ -19,6 +19,9 @@ require_once ('include/config.php');
check_login ();
$id = get_parameter ('id', $config['id_user']); // ID given as parameter
$user_info = get_user_info ($id);
if ($user_info["language"] == ""){
$user_info["language"] = $config["language"];
}
$id = $user_info['id_user'];
if (! give_acl ($config['id_user'], 0, "UM")) {
@ -50,6 +53,7 @@ if ($new_user && $config['admin_can_add_user']) {
$user_info['phone'] = '';
$user_info['comments'] = '';
$user_info['is_admin'] = 0;
$user_info['language'] = $config["language"];
}
if ($create_user) {
@ -63,12 +67,13 @@ if ($create_user) {
$values['fullname'] = (string) get_parameter ('fullname');
$values['firstname'] = (string) get_parameter ('firstname');
$values['lastname'] = (string) get_parameter ('lastname');
$password_new = (string) get_parameter ('password_new');
$password_confirm = (string) get_parameter ('password_confirm');
$password_new = (string) get_parameter ('password_new', '');
$password_confirm = (string) get_parameter ('password_confirm', '');
$values['email'] = (string) get_parameter ('email');
$values['phone'] = (string) get_parameter ('phone');
$values['comments'] = (string) get_parameter ('comments');
$values['is_admin'] = $is_admin = (bool) get_parameter ('is_admin', 0);
$values['is_admin'] = get_parameter ('is_admin', 0);
$values['language'] = get_parameter ('language', $config["language"]);
if ($password_new == '') {
print_error_message (__('Passwords cannot be empty'));
@ -86,15 +91,19 @@ if ($create_user) {
}
else {
$result = create_user ($id, $password_new, $values);
audit_db ($config['id_user'], $REMOTE_ADDR, "User management",
"Created user ".safe_input($id));
print_result_message ($result,
__('Successfully created'),
__('Could not be created'));
$user_info = get_user_info ($id);
$password_new = '';
$password_confirm = '';
$new_user = false;
}
$user_info['is_admin'] = $is_admin;
}
if ($update_user) {
@ -105,14 +114,15 @@ if ($update_user) {
$values['email'] = (string) get_parameter ('email');
$values['phone'] = (string) get_parameter ('phone');
$values['comments'] = (string) get_parameter ('comments');
$values['is_admin'] = (bool) get_parameter ('is_admin');
$values['is_admin'] = get_parameter ('is_admin', 0 );
$values['language'] = (string) get_parameter ('language', $config["language"]);
$res1 = update_user ($id, $values);
if ($config['user_can_update_password']) {
$password_new = (string) get_parameter ('password_new');
$password_confirm = (string) get_parameter ('password_confirm');
if ($password_new !== '') {
$password_new = (string) get_parameter ('password_new', '');
$password_confirm = (string) get_parameter ('password_confirm', '');
if ($password_new != '') {
if ($password_confirm == $password_new) {
$res2 = update_user_password ($id, $password_new);
print_result_message ($res1 || $res2,
@ -122,6 +132,8 @@ if ($update_user) {
print_error_message (__('Passwords does not match'));
}
} else {
audit_db ($config['id_user'], $REMOTE_ADDR, "User management",
"Updated user ".safe_input($id));
print_result_message ($res1,
__('User info successfully updated'),
__('Error updating user info (no change?)'));
@ -136,20 +148,24 @@ if ($update_user) {
}
if ($add_profile) {
$id = (string) get_parameter ('id_user');
$group = (int) get_parameter ('assign_group');
$profile = (int) get_parameter ('assign_profile');
$return = create_user_profile ($id, $profile, $group);
$id2 = (string) get_parameter ('id_user');
$group2 = (int) get_parameter ('assign_group');
$profile2 = (int) get_parameter ('assign_profile');
audit_db ($config['id_user'], $REMOTE_ADDR, "User management",
"Added profile for user ".safe_input($id2));
$return = create_user_profile ($id2, $profile2, $group2);
print_result_message ($return,
__('Successfully created'),
__('Could not be created'));
__('Profile added successfully'),
__('Profile cannot be added'));
}
if ($delete_profile) {
$id = (string) get_parameter ('id_user');
$id_up = (int) get_parameter ('id_user_profile');
audit_db ($config['id_user'], $REMOTE_ADDR, "User management",
"Deleted profile for user ".safe_input($id));
$return = delete_user_profile ($id, $id_up);
print_result_message ($return,
__('Successfully deleted'),
@ -158,7 +174,7 @@ if ($delete_profile) {
echo "<h2>".__('Pandora users')." &raquo; ".__('User detail editor')."</h2>";
$table->width = '50%';
$table->width = '80%';
$table->data = array ();
$table->colspan = array ();
$table->size = array ();
@ -175,6 +191,11 @@ $table->data[1][0] = __('Full (display) name');
$table->data[1][1] = print_input_text_extended ('fullname', $user_info['fullname'],
'', '', 30, 255, $view_mode, '', '', true);
$table->data[2][0] = __('Language');
$table->data[2][1] = print_select_from_sql ('SELECT id_language, name FROM tlanguage',
'language', $user_info["language"], '', '', '', true);
/*
$table->data[2][0] = __('First name');
$table->data[2][1] = print_input_text_extended ('firstname', $user_info['firstname'],
'', '', 30, 255, $view_mode, '', '', true);
@ -182,6 +203,7 @@ $table->data[2][1] = print_input_text_extended ('firstname', $user_info['firstna
$table->data[3][0] = __('Last name');
$table->data[3][1] = print_input_text_extended ('lastname', $user_info['lastname'],
'', '', 30, 255, $view_mode, '', '', true);
*/
if ($config['user_can_update_password']) {
$table->data[4][0] = __('Password');
@ -194,7 +216,6 @@ if ($config['user_can_update_password']) {
if ($config['admin_can_make_admin']) {
$table->data[6][0] = __('Global Profile');
$table->data[6][1] = print_radio_button ('is_admin', 1, '', $user_info['is_admin'], true);
$table->data[6][1] .= __('Administrator');
$table->data[6][1] .= print_help_tip (__("This user has permissions to manage all. This is admin user and overwrites all permissions given in profiles/groups"), true);
@ -214,7 +235,7 @@ $table->data[8][1] = print_input_text_extended ("phone", $user_info['phone'],
'', '', 10, 30, $view_mode, '', '', true);
$table->data[9][0] = __('Comments');
$table->data[9][1] = print_textarea ("comments", 5, 55, $user_info['comments'],
$table->data[9][1] = print_textarea ("comments", 2, 65, $user_info['comments'],
($view_mode ? 'readonly="readonly"' : ''), true);
echo '<form method="post">';

4
pandora_console/godmode/users/user_list.php
View File

@ -28,6 +28,10 @@ if (! give_acl ($config['id_user'], 0, "UM")) {
if (isset ($_GET["user_del"])) { //delete user
$id_user = get_parameter_post ("delete_user");
$result = delete_user ($id_user);
audit_db ($config['id_user'], $REMOTE_ADDR, "User management",
"Deleted user ".safe_input($id_user));
print_result_message ($result,
__('Successfully deleted'),
__('There was a problem deleting the user'));

5
pandora_console/include/auth/mysql.php
View File

@ -67,11 +67,14 @@ function process_user_login ($login, $pass) {
* @return bool True is the user is admin
*/
function is_user_admin ($id_user) {
/* This code below was here, but I don't understand WHY. This always returns TRUE ¿?¿?
static $is_admin = -1;
if ($is_admin !== -1)
return $is_admin;
*/
$is_admin = (bool) get_db_value ('is_admin', 'tusuario', 'id_user', $id_user);
return $is_admin;
}

28
pandora_console/include/config_process.php
View File

@ -22,12 +22,25 @@
/**
* Pandora build version and version
*/
$build_version = 'PC091103';
$pandora_version = 'v3.0RC2';
$build_version = 'PC091127';
$pandora_version = 'v3.0RC3-dev';
/* Help to debug problems. Override global PHP configuration */
error_reporting(E_ERROR);
ini_set("display_errors", 0);
ini_set("error_log", $config["homedir"]."/pandora_console.log");
// Set a default timezone default if not configured
// to avoid warnings and bad timestamp calculation in PHP > 5.1
if (ini_get('date.timezone') == ""){
date_default_timezone_set("Europe/Berlin");
}
$config['start_time'] = microtime (true);
//Non-persistent connection. If you want persistent conn change it to mysql_pconnect()
// Non-persistent connection: This will help to avoid mysql errors like "has gone away" or locking problems
// If you want persistent connections change it to mysql_pconnect().
$config['dbconnection'] = mysql_connect ($config["dbhost"], $config["dbuser"], $config["dbpass"]);
if (! $config['dbconnection']) {
include ($config["homedir"]."/general/error_authconfig.php");
@ -44,6 +57,15 @@ process_config ();
require_once ('streams.php');
require_once ('gettext.php');
// Set user language if provided, overriding System language
if (isset ($config['id_user'])){
$userinfo = get_user_info ($config['id_user']);
if ($userinfo["language"] != ""){
$config['language'] = $userinfo["language"];
}
}
$l10n = NULL;
if (file_exists ('./include/languages/'.$config["language"].'.mo')) {
$l10n = new gettext_reader (new CachedFileReader ('./include/languages/'.$config["language"].'.mo'));

3
pandora_console/include/functions_agents.php
View File

@ -91,6 +91,9 @@ function create_agent ($name, $id_group, $interval, $ip_address, $values = false
process_sql_commit ();
audit_db ($config['id_user'], $REMOTE_ADDR, "Agent management",
"New agent '$name' created");
return $id_agent;
}

12
pandora_console/include/functions_db.php
View File

@ -1489,6 +1489,10 @@ function agent_delete_address ($id_agent, $ip_address) {
$sql = sprintf ("DELETE FROM taddress_agent WHERE id_ag = %d",$id_ag);
process_sql ($sql);
}
$agent_name = get_agent_name($id_agent, "");
audit_db ($config['id_user'], $REMOTE_ADDR, "Agent management",
"Deleted IP $ip_address from agent '$agent_name'");
// Need to change main address?
if (get_agent_address ($id_agent) == $ip_address) {
$new_ips = get_agent_addresses ($id_agent);
@ -2761,6 +2765,8 @@ function delete_agent ($id_agents) {
if ($id_agent < 1)
continue;
$agent_name = get_agent_name($id_agent, "");
/* Check for deletion permissions */
$id_group = get_agent_group ($id_agent);
if (! give_acl ($config['id_user'], $id_group, "AW")) {
@ -2828,7 +2834,7 @@ function delete_agent ($id_agents) {
// Delete remote configuration
if (isset ($config["remote_config"])) {
$agent_md5 = md5 (get_agent_name ($id_agent,'none'), FALSE);
$agent_md5 = md5 ($agent_name, FALSE);
if (file_exists ($config["remote_config"]."/md5/".$agent_md5.".md5")) {
// Agent remote configuration editor
@ -2842,6 +2848,10 @@ function delete_agent ($id_agents) {
//And at long last, the agent
temp_sql_delete ("tagente", "id_agente", $id_agent);
audit_db ($config['id_user'], $REMOTE_ADDR, "Agent management",
"Deleted agent '$agent_name'");
/* Break the loop on error */
if ($error)

12
pandora_console/include/functions_events.php
View File

@ -123,8 +123,10 @@ function delete_event ($id_event, $similar = true) {
//Check ACL
audit_db ($config["id_user"], $config["remote_addr"], "ACL Violation", "Attempted deleting event #".$event);
} elseif ($ret !== false) {
audit_db ($config["id_user"], $config["remote_addr"], "Event deleted", "Deleted event #".$event);
//ACL didn't fail nor did return
continue;
}
$errors++;
@ -135,9 +137,6 @@ function delete_event ($id_event, $similar = true) {
process_sql_rollback ();
return false;
} else {
foreach ($id_event as $event) {
audit_db ($config["id_user"], $config["remote_addr"], "Event deleted", "Deleted event #".$event);
}
process_sql_commit ();
return true;
}
@ -351,8 +350,11 @@ function print_events_table ($filter = "", $limit = 10, $width = 440, $return =
// Event description wrap around by default at 44 or ~3 lines (10 seems to be a good ratio to wrap around for most sizes. Smaller number gets longer strings)
$wrap = floor ($width / 10);
$data[3] = '<span class="'.get_priority_class ($event["criticity"]).'f9" title="'.safe_input ($event["evento"]).'">'.safe_input ($event["evento"]).'</span>';
$data[3] = '<span class="'.get_priority_class ($event["criticity"]).'f9">'. print_string_substr ($event["evento"],45,true). '</span>';
if ($event["id_agente"] > 0) {
// Agent name
$data[4] = print_agent_name ($event["id_agente"], true);

55
pandora_console/include/functions_io.php
View File

@ -36,6 +36,34 @@ function safe_input($value) {
return $valueHtmlEncode;
}
/**
* Convert the $value encode in html entity to clear char string. This function
* should be called always to "clean" HTML encoded data; to render to a text
* plain ascii file, to render to console, or to put in any kind of data field
* who doesn't make the HTML render by itself.
*
* @param mixed String or array of strings to be cleaned.
*
* @return unknown_type
*/
function safe_output($value)
{
if (is_numeric($value))
return $value;
if (is_array($value)) {
array_walk($value, "safe_output");
return $value;
}
if (! mb_check_encoding ($value, 'UTF-8'))
$value = utf8_encode ($value);
$valueHtmlEncode = html_entity_decode ($value, ENT_QUOTES, "UTF-8");
return $valueHtmlEncode;
}
/**
* Use to clean HTML entities when get_parameter or safe_input functions dont work
*
@ -105,28 +133,5 @@ function unsafe_string ($string) {
return $string;
}
/**
* Convert the $value encode in html entity to clear char string.
*
* @param mixed String or array of strings to be cleaned.
*
* @return unknown_type
*/
function safe_output($value)
{
if (is_numeric($value))
return $value;
if (is_array($value)) {
array_walk($value, "safe_output");
return $value;
}
if (! mb_check_encoding ($value, 'UTF-8'))
$value = utf8_encode ($value);
$valueHtmlEncode = html_entity_decode ($value, ENT_QUOTES, "UTF-8");
return $valueHtmlEncode;
}
?>
?>

8
pandora_console/include/functions_messages.php
View File

@ -40,8 +40,8 @@ function create_message ($usuario_origen, $usuario_destino, $subject, $mensaje)
$values = array ();
$values["id_usuario_origen"] = $usuario_origen;
$values["id_usuario_destino"] = $usuario_destino;
$values["subject"] = safe_input ($subject);
$values["mensaje"] = safe_input ($mensaje);
$values["subject"] = $subject;
$values["mensaje"] = $mensaje;
$values["timestamp"] = get_system_time ();
$return = process_sql_insert ("tmensajes", $values);
@ -146,8 +146,8 @@ function get_message ($message_id) {
}
$return["sender"] = $row["id_usuario_origen"];
$return["subject"] = safe_input ($row["subject"]); //Although not strictly necessary, we don't know what other systems might dump in this. So we clean up
$return["message"] = safe_input ($row["mensaje"]);
$return["subject"] = $row["subject"];
$return["message"] = $row["mensaje"];
$return["timestamp"] = $row["timestamp"];
return $return;

12
pandora_console/include/functions_ui.php
View File

@ -419,7 +419,17 @@ function print_string_substr ($string, $cutoff = 16, $return = false) {
if (empty ($string)) {
return "";
}
$string = '<span title="'.safe_input ($string).'">'.mb_substr ($string, 0, $cutoff, "UTF-8").(mb_strlen ($string. "UTF-8") > $cutoff ? '...' : '').'</span>';
$string2 = safe_output ($string);
if (mb_strlen($string2, "UTF-8") > $cutoff){
$string3 = "...";
} else {
$string3 = "";
}
$string = '<span title="'.safe_input($string2).'">'.mb_substr ($string2, 0, $cutoff, "UTF-8").$string3.'</span>';
if ($return === false) {
echo $string;
}

2
pandora_console/include/styles/pandora.css
View File

@ -628,7 +628,7 @@ span.rmess, span.nrmess {
background-color: #fafafa;
}
.databox_color {
border-left: 4px solid #786;
background-color: #fafafa;
}
#head_l {
float: left;

14
pandora_console/index.php
View File

@ -165,6 +165,18 @@ if (! isset ($config['id_user']) && isset ($_GET["loginhash"])) {
$config['id_user'] = $nick;
//Remove everything that might have to do with people's passwords or logins
unset ($_GET['pass'], $pass, $_POST['pass'], $_REQUEST['pass'], $login_good);
// Set user language if provided, overriding System language
$userinfo = get_user_info ($config['id_user']);
if ($userinfo["language"] != ""){
$config['language'] = $userinfo["language"];
}
$l10n = NULL;
if (file_exists ('./include/languages/'.$config["language"].'.mo')) {
$l10n = new gettext_reader (new CachedFileReader ('./include/languages/'.$config["language"].'.mo'));
$l10n->load_tables();
}
} else {
// User not known
$login_failed = true;
@ -260,4 +272,4 @@ echo '</html>';
$run_time = format_numeric (microtime (true) - $config['start_time'], 3);
echo "\n<!-- Page generated in $run_time seconds -->\n";
?>
?>

2
pandora_console/operation/incidents/incident.php
View File

@ -290,7 +290,7 @@ if ($count < 1) {
$data[1] = print_incidents_status_img ($row["estado"], true);
$data[2] = '<a href="index.php?sec=incidencias&amp;sec2=operation/incidents/incident_detail&amp;id='.$row["id_incidencia"].'">'.safe_input (substr ($row["titulo"],0,45)).'</a>';
$data[2] = '<a href="index.php?sec=incidencias&amp;sec2=operation/incidents/incident_detail&amp;id='.$row["id_incidencia"].'">'.substr(safe_output($row["titulo"]),0,45).'</a>';
$data[3] = print_incidents_priority_img ($row["prioridad"], true);

7
pandora_console/operation/incidents/incident_detail.php
View File

@ -286,12 +286,13 @@ if (empty ($id_creator)) {
echo '</td></tr><tr><td class="datos2" colspan="4">';
if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) {
print_textarea ("descripcion", 15, 80, safe_input ($texto), 'style="height:200px;"');
print_textarea ("descripcion", 15, 80, $texto, 'style="height:200px;"');
} else {
print_textarea ("descripcion", 15, 80, safe_input ($texto), 'style="height:200px;" disabled');
print_textarea ("descripcion", 15, 80, $texto, 'style="height:200px;" disabled');
}
echo '</td></tr></table><div style="width: 600px; text-align:right;">';
// Only if user is the used who opened incident or (s)he is admin
if (isset ($id_inc) AND ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"]))) {
print_submit_button (__('Update incident'), "accion", false, 'class="sub upd"');
@ -337,7 +338,7 @@ if (isset ($id_inc)) {
if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($row["id_usuario"] == $config["id_user"])) {
$data[0] .= print_input_image ("delete_nota", "images/cross.png", $row["id_nota"], 'border:0px;" onClick="if (!confirm(\' '.__('Are you sure?').'\')) return false;', true);
}
$data[1] = safe_input ($row["nota"]);
$data[1] = $row["nota"];
array_push ($table->data, $data);
}

42
pandora_console/operation/menu.php
View File

@ -132,24 +132,30 @@ if (give_acl ($config['id_user'], 0, "AR")) {
$sub["operation/events/events_marquee.php"]["type"] = "direct";
$menu["eventos"]["sub"] = $sub;
// Users
$menu["usuarios"]["text"] = __('View users');
$menu["usuarios"]["sec2"] = "operation/users/user";
$menu["usuarios"]["id"] = "oper-users";
$sub = array ();
$sub["operation/users/user_edit"]["text"] = __('Edit my user');
$sub["operation/users/user_edit"]["options"]["name"] = "ver";
$sub["operation/users/user_edit"]["options"]["value"] = $config["id_user"];
if (give_acl ($config["id_user"], 0, "UM")) {
$sub["operation/users/user_statistics"]["text"] = __('Statistics');
}
$menu["usuarios"]["sub"] = $sub;
//End of Users
}
// ANY user can view itself !
// Users
$menu["usuarios"]["text"] = __('View users');
$menu["usuarios"]["sec2"] = "operation/users/user";
$menu["usuarios"]["id"] = "oper-users";
$sub = array ();
$sub["operation/users/user_edit"]["text"] = __('Edit my user');
$sub["operation/users/user_edit"]["options"]["name"] = "ver";
$sub["operation/users/user_edit"]["options"]["value"] = $config["id_user"];
if (give_acl ($config["id_user"], 0, "UM")) {
$sub["operation/users/user_statistics"]["text"] = __('Statistics');
}
$menu["usuarios"]["sub"] = $sub;
//End of Users
// Rest of options, all with AR privilege (or should events be with incidents?)
if (give_acl ($config['id_user'], 0, "AR")) {
//SNMP Console
$menu["snmpconsole"]["text"] = __('SNMP console');
$menu["snmpconsole"]["refr"] = 60;

6
pandora_console/operation/messages/message.php
View File

@ -65,7 +65,7 @@ if (isset ($_GET["mark_read"]) || isset ($_GET["mark_unread"])) {
if (isset ($_GET["new_msg"])) { //create message
echo "<h2>".__('Messages')." &raquo; ".__('New message').'</h2>';
echo '<form method="POST" action="index.php?sec=messages&amp;sec2=operation/messages/message&amp;send_message=1">
<table width="600" class="databox_color" cellpadding="4" cellspacing="4">
<table width="85%" class="databox_color" cellpadding="4" cellspacing="4">
<tr>
<td class="datos">'.__('From').':</td>
<td class="datos"><b>'.print_username ($config["id_user"], true).'</b></td>
@ -158,7 +158,7 @@ if (isset ($_GET["read_message"]) || !isset ($_GET["new_msg"])) {
if (empty ($messages)) {
echo '<div class="nf">'.__('There are no messages').'</div>';
} else {
$table->width = "100%";
$table->width = "85%";
$table->class = "databox";
$table->cellpadding = 4;
$table->cellspacing = 4;
@ -217,7 +217,7 @@ if (isset ($_GET["read_message"]) || !isset ($_GET["new_msg"])) {
print_table ($table);
echo '</form>';
}
echo '<div class="action-buttons" style="width:100%">';
echo '<div class="action-buttons" style="width:85%">';
echo '<form method="post" action="index.php?sec=messages&amp;sec2=operation/messages/message&amp;new_msg=1">';
print_submit_button (__('New message'), "send_mes", false, 'class="sub next"');
echo '</form></div>';

6
pandora_console/operation/users/user.php
View File

@ -56,7 +56,11 @@ foreach ($info as $user_id => $user_info) {
$rowPair = !$rowPair;
$iterator++;
$data[0] = '<a href="index.php?sec=usuarios&amp;sec2=operation/users/user_edit&amp;id='.$user_id.'">'.$user_id.'</a>';
if ((check_acl ($config["id_user"], get_user_groups ($user_id), "UM")) OR ($config["id_user"] == $user_id)){
$data[0] = '<b><a href="index.php?sec=usuarios&amp;sec2=operation/users/user_edit&amp;id='.$user_id.'">'.$user_id.'</a></b>';
} else {
$data[0] = $user_id;
}
$data[1] = $user_info["fullname"].'<a href="#" class="tip"><span>';
$data[1] .= __('First name').': '.$user_info["firstname"].'<br />';
$data[1] .= __('Last name').': '.$user_info["lastname"].'<br />';

93
pandora_console/operation/users/user_edit.php
View File

@ -21,10 +21,13 @@ check_login ();
$id = get_parameter_get ("id", $config["id_user"]); // ID given as parameter
$user_info = get_user_info ($id);
if ($user_info["language"] == ""){
$user_info["language"] = $config["language"];
}
$id = $user_info["id_user"]; //This is done in case there are problems with uppercase/lowercase (MySQL auth has that problem)
if (!give_acl ($config["id_user"], get_user_groups ($id), "UM")){
if ((!give_acl ($config["id_user"], get_user_groups ($id), "UM")) AND ($id != $config["id_user"])){
audit_db ($config["id_user"], $config["remote_addr"], "ACL Violation","Trying to view a user without privileges");
require ("general/noaccess.php");
exit;
@ -42,27 +45,35 @@ if (isset ($_GET["modified"]) && !$view_mode) {
$upd_info["fullname"] = get_parameter_post ("fullname", $user_info["fullname"]);
$upd_info["firstname"] = get_parameter_post ("firstname", $user_info["firstname"]);
$upd_info["lastname"] = get_parameter_post ("lastname", $user_info["lastname"]);
$password_old = get_parameter_post ("password_old", "-");
$password_new = get_parameter_post ("password_new", "-");
$password_confirm = get_parameter_post ("password_confirm", "-");
$password_new = get_parameter_post ("password_new", "");
$password_confirm = get_parameter_post ("password_conf", "");
$upd_info["email"] = get_parameter_post ("email", $user_info["email"]);
$upd_info["phone"] = get_parameter_post ("phone", $user_info["phone"]);
$upd_info["comments"] = get_parameter_post ("comments", $user_info["comments"]);
$upd_info["language"] = get_parameter_post ("language", $user_info["language"]);
//If User can update password and the new password is not the same as the old one, it's not the default and it's not empty and the new password is the same as the confirmed one
if ($config["user_can_update_password"] && $password_old !== $password_new && $password_new !== "-" && !empty ($password_new) && $password_confirm == $password_new) {
$return = process_user_password ($id, $pass);
print_result_message ($return,
__('Password successfully updated'),
__('Error updating passwords: %s', $config['auth_error']));
} elseif ($password_new !== "-") {
print_error_message (__('Passwords didn\'t match or other problem encountered while updating passwords'));
if ( !empty ($password_new)) {
if ($config["user_can_update_password"] && $password_confirm == $password_new) {
$return = update_user_password ($id, $password_new);
print_result_message ($return,
__('Password successfully updated'),
__('Error updating passwords: %s', $config['auth_error']));
} elseif ($password_new !== "NON-INIT") {
print_error_message (__('Passwords didn\'t match or other problem encountered while updating passwords'));
}
}
// No need to display "error" here, because when no update is needed (no changes in data)
// SQL function returns 0 (FALSE), but is not an error, just no change. Previous error
// message could be confussing to the user.
$return = update_user ($id, $upd_info);
print_result_message ($return,
__('User info successfully updated'),
__('Error updating user info'));
if ($return > 0) {
print_result_message ($return,
__('User info successfully updated'),
__('Error updating user info'));
}
$user_info = $upd_info;
}
@ -70,53 +81,69 @@ echo "<h2>".__('Pandora users')." &raquo; ".__('User detail editor')."</h2>";
echo '<form name="user_mod" method="post" action="index.php?sec=usuarios&amp;sec2=operation/users/user_edit&amp;modified=1&amp;id='.$id.'">';
echo '<table cellpadding="4" cellspacing="4" class="databox_color" width="600">';
echo '<table cellpadding="4" cellspacing="4" class="databox" width="90%">';
echo '<tr><td class="datos">'.__('User ID').'</td>';
echo '<td class="datos">';
print_input_text_extended ("id_user", $id, '', '', '', '', $view_mode, '', 'class="input"');
echo "<b>$id</b>";
echo "</td>";
// Show "Picture" (in future versions, why not, allow users to upload it's own avatar here.
echo "<td rowspan=4>";
if (is_user_admin ($id)) {
echo "<img src='images/people_1.png'>";
}
else {
echo "<img src='images/people_2.png'>";
}
echo '</td></tr><tr><td class="datos2">'.__('Full (display) name').'</td><td class="datos2">';
print_input_text_extended ("fullname", $user_info["fullname"], '', '', '', '', $view_mode, '', 'class="input"');
print_input_text_extended ("fullname", $user_info["fullname"], '', '', 35, 100, $view_mode, '', 'class="input"');
// Not used anymore. In 3.0 database schema continues storing it, but will be removed in the future, or we will 'reuse'
// the database fields for anything more useful.
/*
echo '</td></tr><tr><td class="datos">'.__('First name').'</td><td class="datos">';
print_input_text_extended ("firstname", $user_info["firstname"], '', '', '', '', $view_mode, '', 'class="input"');
print_input_text_extended ("firstname", $user_info["firstname"], '', '', 25, 100, $view_mode, '', 'class="input"');
echo '</td></tr><tr><td class="datos2">'.__('Last name').'</td><td class="datos2">';
print_input_text_extended ("lastname", $user_info["lastname"], '', '', '', '', $view_mode, '', 'class="input"');
print_input_text_extended ("lastname", $user_info["lastname"], '', '', 25, 100, $view_mode, '', 'class="input"');
*/
if ($view_mode === false) {
echo '</td></tr><tr><td class="datos">'.__('Current password').'</td><td class="datos">';
if ($config["user_can_update_password"]) {
print_input_text_extended ("password_old", "-", '', '', '', '', $view_mode, '', 'class="input"', false, true);
echo '</td></tr><tr><td class="datos">'.__('New Password').'</td><td class="datos">';
print_input_text_extended ("password_new", "-", '', '', '', '', $view_mode, '', 'class="input"', false, true);
print_input_text_extended ("password_new", "", '', '', '15', '25', $view_mode, '', 'class="input"', false, true);
echo '</td></tr><tr><td class="datos">'.__('Password confirmation').'</td><td class="datos">';
print_input_text_extended ("password_conf", "-", '', '', '', '', $view_mode, '', 'class="input"', false, true);
print_input_text_extended ("password_conf", "", '', '', '15', '25', $view_mode, '', 'class="input"', false, true);
} else {
echo '<i>'.__('You can not change your password from Pandora FMS under the current authentication scheme').'</i>';
}
}
echo '</td></tr><tr><td class="datos2">'.__('E-mail').'</td><td class="datos2">';
print_input_text_extended ("email", $user_info["email"], '', '', '', '', $view_mode, '', 'class="input"');
print_input_text_extended ("email", $user_info["email"], '', '', '40', '100', $view_mode, '', 'class="input"');
echo '</td></tr><tr><td class="datos">'.__('Phone number').'</td><td class="datos">';
print_input_text_extended ("phone", $user_info["phone"], '', '', '', '', $view_mode, '', 'class="input"');
print_input_text_extended ("phone", $user_info["phone"], '', '', '10', '30', $view_mode, '', 'class="input"');
echo '</td></tr><tr><td class="datos2">'.__('Comments').'</td><td class="datos2">';
print_textarea ("comments", 4, 55, $user_info["comments"], ($view_mode ? 'readonly="readonly"' : ''));
echo '</td></tr><tr><td class="datos">'.__('Language').'</td><td class="datos2">';
echo print_select_from_sql ('SELECT id_language, name FROM tlanguage',
'language', $user_info["language"], '', '', '', true);
echo '</td></tr><tr><td class="datos2">'.__('Comments').'</td><td class="datos">';
print_textarea ("comments", 2, 60, $user_info["comments"], ($view_mode ? 'readonly="readonly"' : ''));
echo '</td></tr></table>';
echo '<div style="width:600px; text-align:right;">';
echo '<div style="width:90%; text-align:right;">';
if (!$config["user_can_update_info"]) {
echo '<i>'.__('You can not change your user info from Pandora FMS under the current authentication scheme').'</i>';
} else {
print_submit_button (__('Update'), 'uptbutton', $view_mode, 'class="sub upd"');
}
echo '</div></form><br />';
echo '</div></form>';
echo '<h3>'.__('Profiles/Groups assigned to this user').'</h3>';

40
pandora_console/operation/users/user_statistics.php
View File

@ -29,4 +29,44 @@ if ($config['flash_charts']) {
} else {
print_image ("include/fgraph.php?tipo=user_activity", false, array ("border" => 0));
}
echo '<div id="activity" style="width:700px;">';
// Show last activity from this user
echo "<h2>" . __('This is your last activity in Pandora FMS console') . "</h2>";
$table->width = 650; //Don't specify px
$table->data = array ();
$table->size = array ();
$table->size[2] = '130px';
$table->size[4] = '200px';
$table->head = array ();
$table->head[0] = __('User');
$table->head[1] = __('Category');
$table->head[2] = __('Date');
$table->head[3] = __('Source IP');
$table->head[4] = __('Comments');
$sql = sprintf ("SELECT id_usuario,accion,fecha,ip_origen,descripcion
FROM tsesion
WHERE (`utimestamp` > UNIX_TIMESTAMP(NOW()) - 604800)
AND `id_usuario` = '%s' ORDER BY `fecha` DESC LIMIT 50", $config["id_user"]);
$sessions = get_db_all_rows_sql ($sql);
if ($sessions === false)
$sessions = array ();
foreach ($sessions as $session) {
$data = array ();
$data[0] = '<strong>'.$session['id_usuario'].'</strong>';
$data[1] = $session['accion'];
$data[2] = $session['fecha'];
$data[3] = $session['ip_origen'];
$data[4] = $session['descripcion'];
array_push ($table->data, $data);
}
print_table ($table);
echo "</div>"; // activity
?>