diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index e5b6b59642..8a91395731 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,50 @@ +2009-11-27 Sancho lerena + + * operation/menu.php: User section has no ACL check, always can be seen. + + * index.php: Added suppor for user-defined custom language (this code was + on my disk for 3 months, pending to be commited!). + + * include/functions_db.php, + * include/functions_agents.php, + * godmode/alerts/alert_list.php, + * godmode/agentes/modificar_agente.php, + * godmode/agentes/configurar_agente.php: Added audit calls to several + management operations who don't have or have insufficient audit info. + + * godmode/users/configure_user.php: Fixed several annoyings bugs. Added + custom language support, and added more audit info on management operations. + + * godmode/users/user_list.php: More audit info. + + * include/config_process.php: Add new debug option to render error log to + /pandora_console.log. Also set timezone if not defined (this makes warnings + on several PHP 5.x setups). Added user custom language support. + + * include/functions_events.php: More audit info. Fixed problems with HTML + encoding render. + + * functions_io.php: Some cleaning. + + * include/functions_messages.php: Fixed problems with HTML + encoding render. + + * functions_ui.php: Fixed problems with HTML encoding render in + print_string_substr() function. + + * auth/mysql.php: is_user_admin() functions seems to be broken ¿?¿!. Fixed. + + * styles/pandora.css: removed green colored left border in default style. + + * message.php, incident*: Fixed problems with HTML encoding render. + + * user.php: Better ACL check before let user to view/edit another user. + + * user_edit: Removed some un-used form fields, some arrangements in layout, + and FIXED forever problems with password change (new code written). + + * users/user_statistics.php: Now user can see its own audit records. + 2009-11-27 Miguel de Dios * include/functions_html.php: add disabled parameter in functions, diff --git a/pandora_console/godmode/agentes/configurar_agente.php b/pandora_console/godmode/agentes/configurar_agente.php index 4fdb619516..176651f185 100644 --- a/pandora_console/godmode/agentes/configurar_agente.php +++ b/pandora_console/godmode/agentes/configurar_agente.php @@ -145,6 +145,9 @@ if ($create_agent) { agent_add_address ($id_agente, $direccion_agente); $agent_created_ok = true; + + audit_db ($config['id_user'], $REMOTE_ADDR, "Agent management", + "Created agent $nombre_agente"); // Create special module agent_keepalive $id_agent_module = process_sql_insert ('tagente_modulo', @@ -345,6 +348,9 @@ if (isset($_POST["update_agent"])) { // if modified some agent paramenter } else { enterprise_hook ('update_agent', array ($id_agente)); print_success_message (__('Successfully updated')); + audit_db ($config['id_user'], $REMOTE_ADDR, "Agent management", + "Updated agent $nombre_agente"); + } } } @@ -483,6 +489,11 @@ if ($update_module) { echo '

'.__('Module successfully updated').'

'; $id_agent_module = false; $edit_module = false; + + $agent = get_db_row ('tagente', 'id_agente', $id_agente); + + audit_db ($config['id_user'], $REMOTE_ADDR, "Agent management", + "Updated module '$name' for agent ".$agent["nombre"]); } } @@ -537,6 +548,10 @@ if ($create_module) { echo '

'.__('Module added successfully').'

'; $id_agent_module = false; $edit_module = false; + + $agent = get_db_row ('tagente', 'id_agente', $id_agente); + audit_db ($config['id_user'], $REMOTE_ADDR, "Agent management", + "Added module '$name' for agent ".$agent["nombre"]); } } @@ -544,7 +559,8 @@ if ($create_module) { // ================= if (isset ($_GET["delete_module"])){ // DELETE agent module ! $id_borrar_modulo = (int) get_parameter_get ("delete_module",0); - $id_grupo = (int) dame_id_grupo ($id_agente); + $module_data = get_db_row ('tagente_modulo', 'id_agente_modulo', $id_borrar_modulo); + $id_grupo = (int) dame_id_grupo ($id_agente); if (! give_acl ($config["id_user"], $id_grupo, "AW")) { audit_db($config["id_user"],$REMOTE_ADDR, "ACL Violation", @@ -556,7 +572,7 @@ if (isset ($_GET["delete_module"])){ // DELETE agent module ! if ($id_borrar_modulo < 1) { audit_db ($config["id_user"],$REMOTE_ADDR, "HACK Attempt", "Expected variable from form is not correct"); - die ("Nice try buddy"); + require ("general/noaccess.php"); exit; } @@ -585,6 +601,10 @@ if (isset ($_GET["delete_module"])){ // DELETE agent module ! } else { process_sql_commit (); print_success_message (__('Module deleted succesfully')); + + $agent = get_db_row ('tagente', 'id_agente', $id_agente); + audit_db ($config['id_user'], $REMOTE_ADDR, "Agent management", + "Deleted module '".$module_data["nombre"]."' for agent ".$agent["nombre"]); } } diff --git a/pandora_console/godmode/agentes/modificar_agente.php b/pandora_console/godmode/agentes/modificar_agente.php index e41c4805f0..bfc10c1fd0 100644 --- a/pandora_console/godmode/agentes/modificar_agente.php +++ b/pandora_console/godmode/agentes/modificar_agente.php @@ -42,8 +42,7 @@ if (isset ($_GET["borrar_agente"])) { // if delete agent $id_grupo = dame_id_grupo ($id_agente); if (give_acl ($config["id_user"], $id_grupo, "AW")==1) { $id_agentes[0] = $id_agente; - if (delete_agent ($id_agentes)) - audit_db($config["id_user"],$REMOTE_ADDR, "Agent \'$agent_name\' deleted", "Agent Management"); + delete_agent ($id_agentes); } else { // NO permissions. audit_db ($config["id_user"],$REMOTE_ADDR, "ACL Violation", "Trying to delete agent \'$agent_name\'"); diff --git a/pandora_console/godmode/alerts/alert_list.php b/pandora_console/godmode/alerts/alert_list.php index 131e16a40c..4326858881 100644 --- a/pandora_console/godmode/alerts/alert_list.php +++ b/pandora_console/godmode/alerts/alert_list.php @@ -118,6 +118,16 @@ if ($create_alert) { } else { $id = create_alert_agent_module ($id_agent_module, $id_alert_template); +//get_db_value ('name', 'tperfil', 'id_perfil', (int) $id_profile); + + + $alert_template_name = get_db_value ("name", "talert_templates","id", $id_alert_template); + $module_name = get_db_value ("nombre", "tagente_modulo","id_agente_modulo", $id_agent_module); + $agent_name = get_agent_name (get_db_value ("id_agente", "tagente_modulo","id_agente_modulo", $id_agent_module)); + + audit_db ($config["id_user"],$REMOTE_ADDR, "Alert management", + "Added alert '$alert_template_name' for module '$module_name' in agent '$agent_name'"); + print_result_message ($id, __('Successfully created'), __('Could not be created')); @@ -138,6 +148,16 @@ if ($create_alert) { if ($delete_alert) { $id_alert_agent_module = (int) get_parameter ('id_alert'); + $temp = get_db_row ("talert_template_modules","id", $id_alert_agent_module); + $id_alert_template = $temp["id_alert_template"]; + $id_agent_module = $temp["id_agent_module"]; + $alert_template_name = get_db_value ("name", "talert_templates","id", $id_alert_template); + $module_name = get_db_value ("nombre", "tagente_modulo","id_agente_modulo", $id_agent_module); + $agent_name = get_agent_name (get_db_value ("id_agente", "tagente_modulo","id_agente_modulo", $id_agent_module)); + + audit_db ($config["id_user"],$REMOTE_ADDR, "Alert management", + "Deleted alert '$alert_template_name' for module '$module_name' in agent '$agent_name'"); + $result = delete_alert_agent_module ($id_alert_agent_module); print_result_message ($id, __('Successfully deleted'), diff --git a/pandora_console/godmode/users/configure_user.php b/pandora_console/godmode/users/configure_user.php index be7db5513c..1ea477dd5a 100644 --- a/pandora_console/godmode/users/configure_user.php +++ b/pandora_console/godmode/users/configure_user.php @@ -19,6 +19,9 @@ require_once ('include/config.php'); check_login (); $id = get_parameter ('id', $config['id_user']); // ID given as parameter $user_info = get_user_info ($id); +if ($user_info["language"] == ""){ + $user_info["language"] = $config["language"]; +} $id = $user_info['id_user']; if (! give_acl ($config['id_user'], 0, "UM")) { @@ -50,6 +53,7 @@ if ($new_user && $config['admin_can_add_user']) { $user_info['phone'] = ''; $user_info['comments'] = ''; $user_info['is_admin'] = 0; + $user_info['language'] = $config["language"]; } if ($create_user) { @@ -63,12 +67,13 @@ if ($create_user) { $values['fullname'] = (string) get_parameter ('fullname'); $values['firstname'] = (string) get_parameter ('firstname'); $values['lastname'] = (string) get_parameter ('lastname'); - $password_new = (string) get_parameter ('password_new'); - $password_confirm = (string) get_parameter ('password_confirm'); + $password_new = (string) get_parameter ('password_new', ''); + $password_confirm = (string) get_parameter ('password_confirm', ''); $values['email'] = (string) get_parameter ('email'); $values['phone'] = (string) get_parameter ('phone'); $values['comments'] = (string) get_parameter ('comments'); - $values['is_admin'] = $is_admin = (bool) get_parameter ('is_admin', 0); + $values['is_admin'] = get_parameter ('is_admin', 0); + $values['language'] = get_parameter ('language', $config["language"]); if ($password_new == '') { print_error_message (__('Passwords cannot be empty')); @@ -86,15 +91,19 @@ if ($create_user) { } else { $result = create_user ($id, $password_new, $values); + + audit_db ($config['id_user'], $REMOTE_ADDR, "User management", + "Created user ".safe_input($id)); + print_result_message ($result, __('Successfully created'), __('Could not be created')); $user_info = get_user_info ($id); $password_new = ''; $password_confirm = ''; + $new_user = false; } - $user_info['is_admin'] = $is_admin; } if ($update_user) { @@ -105,14 +114,15 @@ if ($update_user) { $values['email'] = (string) get_parameter ('email'); $values['phone'] = (string) get_parameter ('phone'); $values['comments'] = (string) get_parameter ('comments'); - $values['is_admin'] = (bool) get_parameter ('is_admin'); - + $values['is_admin'] = get_parameter ('is_admin', 0 ); + $values['language'] = (string) get_parameter ('language', $config["language"]); + $res1 = update_user ($id, $values); if ($config['user_can_update_password']) { - $password_new = (string) get_parameter ('password_new'); - $password_confirm = (string) get_parameter ('password_confirm'); - if ($password_new !== '') { + $password_new = (string) get_parameter ('password_new', ''); + $password_confirm = (string) get_parameter ('password_confirm', ''); + if ($password_new != '') { if ($password_confirm == $password_new) { $res2 = update_user_password ($id, $password_new); print_result_message ($res1 || $res2, @@ -122,6 +132,8 @@ if ($update_user) { print_error_message (__('Passwords does not match')); } } else { + audit_db ($config['id_user'], $REMOTE_ADDR, "User management", + "Updated user ".safe_input($id)); print_result_message ($res1, __('User info successfully updated'), __('Error updating user info (no change?)')); @@ -136,20 +148,24 @@ if ($update_user) { } if ($add_profile) { - $id = (string) get_parameter ('id_user'); - $group = (int) get_parameter ('assign_group'); - $profile = (int) get_parameter ('assign_profile'); - - $return = create_user_profile ($id, $profile, $group); + $id2 = (string) get_parameter ('id_user'); + $group2 = (int) get_parameter ('assign_group'); + $profile2 = (int) get_parameter ('assign_profile'); + audit_db ($config['id_user'], $REMOTE_ADDR, "User management", + "Added profile for user ".safe_input($id2)); + $return = create_user_profile ($id2, $profile2, $group2); print_result_message ($return, - __('Successfully created'), - __('Could not be created')); + __('Profile added successfully'), + __('Profile cannot be added')); } if ($delete_profile) { $id = (string) get_parameter ('id_user'); $id_up = (int) get_parameter ('id_user_profile'); - + + audit_db ($config['id_user'], $REMOTE_ADDR, "User management", + "Deleted profile for user ".safe_input($id)); + $return = delete_user_profile ($id, $id_up); print_result_message ($return, __('Successfully deleted'), @@ -158,7 +174,7 @@ if ($delete_profile) { echo "

".__('Pandora users')." » ".__('User detail editor')."

"; -$table->width = '50%'; +$table->width = '80%'; $table->data = array (); $table->colspan = array (); $table->size = array (); @@ -175,6 +191,11 @@ $table->data[1][0] = __('Full (display) name'); $table->data[1][1] = print_input_text_extended ('fullname', $user_info['fullname'], '', '', 30, 255, $view_mode, '', '', true); +$table->data[2][0] = __('Language'); +$table->data[2][1] = print_select_from_sql ('SELECT id_language, name FROM tlanguage', + 'language', $user_info["language"], '', '', '', true); + +/* $table->data[2][0] = __('First name'); $table->data[2][1] = print_input_text_extended ('firstname', $user_info['firstname'], '', '', 30, 255, $view_mode, '', '', true); @@ -182,6 +203,7 @@ $table->data[2][1] = print_input_text_extended ('firstname', $user_info['firstna $table->data[3][0] = __('Last name'); $table->data[3][1] = print_input_text_extended ('lastname', $user_info['lastname'], '', '', 30, 255, $view_mode, '', '', true); +*/ if ($config['user_can_update_password']) { $table->data[4][0] = __('Password'); @@ -194,7 +216,6 @@ if ($config['user_can_update_password']) { if ($config['admin_can_make_admin']) { $table->data[6][0] = __('Global Profile'); - $table->data[6][1] = print_radio_button ('is_admin', 1, '', $user_info['is_admin'], true); $table->data[6][1] .= __('Administrator'); $table->data[6][1] .= print_help_tip (__("This user has permissions to manage all. This is admin user and overwrites all permissions given in profiles/groups"), true); @@ -214,7 +235,7 @@ $table->data[8][1] = print_input_text_extended ("phone", $user_info['phone'], '', '', 10, 30, $view_mode, '', '', true); $table->data[9][0] = __('Comments'); -$table->data[9][1] = print_textarea ("comments", 5, 55, $user_info['comments'], +$table->data[9][1] = print_textarea ("comments", 2, 65, $user_info['comments'], ($view_mode ? 'readonly="readonly"' : ''), true); echo '
'; diff --git a/pandora_console/godmode/users/user_list.php b/pandora_console/godmode/users/user_list.php index 1811956078..a731fdf332 100644 --- a/pandora_console/godmode/users/user_list.php +++ b/pandora_console/godmode/users/user_list.php @@ -28,6 +28,10 @@ if (! give_acl ($config['id_user'], 0, "UM")) { if (isset ($_GET["user_del"])) { //delete user $id_user = get_parameter_post ("delete_user"); $result = delete_user ($id_user); + + audit_db ($config['id_user'], $REMOTE_ADDR, "User management", + "Deleted user ".safe_input($id_user)); + print_result_message ($result, __('Successfully deleted'), __('There was a problem deleting the user')); diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php index 0024a66c07..761fff5d66 100644 --- a/pandora_console/include/auth/mysql.php +++ b/pandora_console/include/auth/mysql.php @@ -67,11 +67,14 @@ function process_user_login ($login, $pass) { * @return bool True is the user is admin */ function is_user_admin ($id_user) { + /* This code below was here, but I don't understand WHY. This always returns TRUE ¿?¿? + static $is_admin = -1; if ($is_admin !== -1) return $is_admin; - + */ + $is_admin = (bool) get_db_value ('is_admin', 'tusuario', 'id_user', $id_user); return $is_admin; } diff --git a/pandora_console/include/config_process.php b/pandora_console/include/config_process.php index da5e6779cc..27aa60555b 100644 --- a/pandora_console/include/config_process.php +++ b/pandora_console/include/config_process.php @@ -22,12 +22,25 @@ /** * Pandora build version and version */ -$build_version = 'PC091103'; -$pandora_version = 'v3.0RC2'; +$build_version = 'PC091127'; +$pandora_version = 'v3.0RC3-dev'; + +/* Help to debug problems. Override global PHP configuration */ +error_reporting(E_ERROR); +ini_set("display_errors", 0); +ini_set("error_log", $config["homedir"]."/pandora_console.log"); + +// Set a default timezone default if not configured +// to avoid warnings and bad timestamp calculation in PHP > 5.1 + +if (ini_get('date.timezone') == ""){ + date_default_timezone_set("Europe/Berlin"); +} $config['start_time'] = microtime (true); -//Non-persistent connection. If you want persistent conn change it to mysql_pconnect() +// Non-persistent connection: This will help to avoid mysql errors like "has gone away" or locking problems +// If you want persistent connections change it to mysql_pconnect(). $config['dbconnection'] = mysql_connect ($config["dbhost"], $config["dbuser"], $config["dbpass"]); if (! $config['dbconnection']) { include ($config["homedir"]."/general/error_authconfig.php"); @@ -44,6 +57,15 @@ process_config (); require_once ('streams.php'); require_once ('gettext.php'); + +// Set user language if provided, overriding System language +if (isset ($config['id_user'])){ + $userinfo = get_user_info ($config['id_user']); + if ($userinfo["language"] != ""){ + $config['language'] = $userinfo["language"]; + } +} + $l10n = NULL; if (file_exists ('./include/languages/'.$config["language"].'.mo')) { $l10n = new gettext_reader (new CachedFileReader ('./include/languages/'.$config["language"].'.mo')); diff --git a/pandora_console/include/functions_agents.php b/pandora_console/include/functions_agents.php index a4e7fb6079..2a35edca24 100644 --- a/pandora_console/include/functions_agents.php +++ b/pandora_console/include/functions_agents.php @@ -91,6 +91,9 @@ function create_agent ($name, $id_group, $interval, $ip_address, $values = false process_sql_commit (); + audit_db ($config['id_user'], $REMOTE_ADDR, "Agent management", + "New agent '$name' created"); + return $id_agent; } diff --git a/pandora_console/include/functions_db.php b/pandora_console/include/functions_db.php index d3eff5e005..d2e6b54c4c 100644 --- a/pandora_console/include/functions_db.php +++ b/pandora_console/include/functions_db.php @@ -1489,6 +1489,10 @@ function agent_delete_address ($id_agent, $ip_address) { $sql = sprintf ("DELETE FROM taddress_agent WHERE id_ag = %d",$id_ag); process_sql ($sql); } + $agent_name = get_agent_name($id_agent, ""); + audit_db ($config['id_user'], $REMOTE_ADDR, "Agent management", + "Deleted IP $ip_address from agent '$agent_name'"); + // Need to change main address? if (get_agent_address ($id_agent) == $ip_address) { $new_ips = get_agent_addresses ($id_agent); @@ -2761,6 +2765,8 @@ function delete_agent ($id_agents) { if ($id_agent < 1) continue; + $agent_name = get_agent_name($id_agent, ""); + /* Check for deletion permissions */ $id_group = get_agent_group ($id_agent); if (! give_acl ($config['id_user'], $id_group, "AW")) { @@ -2828,7 +2834,7 @@ function delete_agent ($id_agents) { // Delete remote configuration if (isset ($config["remote_config"])) { - $agent_md5 = md5 (get_agent_name ($id_agent,'none'), FALSE); + $agent_md5 = md5 ($agent_name, FALSE); if (file_exists ($config["remote_config"]."/md5/".$agent_md5.".md5")) { // Agent remote configuration editor @@ -2842,6 +2848,10 @@ function delete_agent ($id_agents) { //And at long last, the agent temp_sql_delete ("tagente", "id_agente", $id_agent); + + audit_db ($config['id_user'], $REMOTE_ADDR, "Agent management", + "Deleted agent '$agent_name'"); + /* Break the loop on error */ if ($error) diff --git a/pandora_console/include/functions_events.php b/pandora_console/include/functions_events.php index 6b92beb02d..0bb773cfee 100644 --- a/pandora_console/include/functions_events.php +++ b/pandora_console/include/functions_events.php @@ -123,8 +123,10 @@ function delete_event ($id_event, $similar = true) { //Check ACL audit_db ($config["id_user"], $config["remote_addr"], "ACL Violation", "Attempted deleting event #".$event); } elseif ($ret !== false) { + audit_db ($config["id_user"], $config["remote_addr"], "Event deleted", "Deleted event #".$event); //ACL didn't fail nor did return continue; + } $errors++; @@ -135,9 +137,6 @@ function delete_event ($id_event, $similar = true) { process_sql_rollback (); return false; } else { - foreach ($id_event as $event) { - audit_db ($config["id_user"], $config["remote_addr"], "Event deleted", "Deleted event #".$event); - } process_sql_commit (); return true; } @@ -351,8 +350,11 @@ function print_events_table ($filter = "", $limit = 10, $width = 440, $return = // Event description wrap around by default at 44 or ~3 lines (10 seems to be a good ratio to wrap around for most sizes. Smaller number gets longer strings) $wrap = floor ($width / 10); - $data[3] = ''.safe_input ($event["evento"]).''; - + + + + $data[3] = ''. print_string_substr ($event["evento"],45,true). ''; + if ($event["id_agente"] > 0) { // Agent name $data[4] = print_agent_name ($event["id_agente"], true); diff --git a/pandora_console/include/functions_io.php b/pandora_console/include/functions_io.php index 9226c329fb..c50de50e03 100755 --- a/pandora_console/include/functions_io.php +++ b/pandora_console/include/functions_io.php @@ -36,6 +36,34 @@ function safe_input($value) { return $valueHtmlEncode; } +/** + * Convert the $value encode in html entity to clear char string. This function + * should be called always to "clean" HTML encoded data; to render to a text + * plain ascii file, to render to console, or to put in any kind of data field + * who doesn't make the HTML render by itself. + * + * @param mixed String or array of strings to be cleaned. + * + * @return unknown_type + */ +function safe_output($value) +{ + if (is_numeric($value)) + return $value; + + if (is_array($value)) { + array_walk($value, "safe_output"); + return $value; + } + + if (! mb_check_encoding ($value, 'UTF-8')) + $value = utf8_encode ($value); + + $valueHtmlEncode = html_entity_decode ($value, ENT_QUOTES, "UTF-8"); + + return $valueHtmlEncode; +} + /** * Use to clean HTML entities when get_parameter or safe_input functions dont work * @@ -105,28 +133,5 @@ function unsafe_string ($string) { return $string; } -/** - * Convert the $value encode in html entity to clear char string. - * - * @param mixed String or array of strings to be cleaned. - * - * @return unknown_type - */ -function safe_output($value) -{ - if (is_numeric($value)) - return $value; - - if (is_array($value)) { - array_walk($value, "safe_output"); - return $value; - } - - if (! mb_check_encoding ($value, 'UTF-8')) - $value = utf8_encode ($value); - - $valueHtmlEncode = html_entity_decode ($value, ENT_QUOTES, "UTF-8"); - - return $valueHtmlEncode; -} -?> \ No newline at end of file + +?> diff --git a/pandora_console/include/functions_messages.php b/pandora_console/include/functions_messages.php index 04bd0fc1f5..86c9ec9de5 100644 --- a/pandora_console/include/functions_messages.php +++ b/pandora_console/include/functions_messages.php @@ -40,8 +40,8 @@ function create_message ($usuario_origen, $usuario_destino, $subject, $mensaje) $values = array (); $values["id_usuario_origen"] = $usuario_origen; $values["id_usuario_destino"] = $usuario_destino; - $values["subject"] = safe_input ($subject); - $values["mensaje"] = safe_input ($mensaje); + $values["subject"] = $subject; + $values["mensaje"] = $mensaje; $values["timestamp"] = get_system_time (); $return = process_sql_insert ("tmensajes", $values); @@ -146,8 +146,8 @@ function get_message ($message_id) { } $return["sender"] = $row["id_usuario_origen"]; - $return["subject"] = safe_input ($row["subject"]); //Although not strictly necessary, we don't know what other systems might dump in this. So we clean up - $return["message"] = safe_input ($row["mensaje"]); + $return["subject"] = $row["subject"]; + $return["message"] = $row["mensaje"]; $return["timestamp"] = $row["timestamp"]; return $return; diff --git a/pandora_console/include/functions_ui.php b/pandora_console/include/functions_ui.php index 14de15b777..aa03857208 100644 --- a/pandora_console/include/functions_ui.php +++ b/pandora_console/include/functions_ui.php @@ -419,7 +419,17 @@ function print_string_substr ($string, $cutoff = 16, $return = false) { if (empty ($string)) { return ""; } - $string = ''.mb_substr ($string, 0, $cutoff, "UTF-8").(mb_strlen ($string. "UTF-8") > $cutoff ? '...' : '').''; + + $string2 = safe_output ($string); + if (mb_strlen($string2, "UTF-8") > $cutoff){ + $string3 = "..."; + } else { + $string3 = ""; + } + + + $string = ''.mb_substr ($string2, 0, $cutoff, "UTF-8").$string3.''; + if ($return === false) { echo $string; } diff --git a/pandora_console/include/styles/pandora.css b/pandora_console/include/styles/pandora.css index 98f26ede3f..38b50084ee 100644 --- a/pandora_console/include/styles/pandora.css +++ b/pandora_console/include/styles/pandora.css @@ -628,7 +628,7 @@ span.rmess, span.nrmess { background-color: #fafafa; } .databox_color { - border-left: 4px solid #786; + background-color: #fafafa; } #head_l { float: left; diff --git a/pandora_console/index.php b/pandora_console/index.php index f5d00eec89..2fcc029dd4 100644 --- a/pandora_console/index.php +++ b/pandora_console/index.php @@ -165,6 +165,18 @@ if (! isset ($config['id_user']) && isset ($_GET["loginhash"])) { $config['id_user'] = $nick; //Remove everything that might have to do with people's passwords or logins unset ($_GET['pass'], $pass, $_POST['pass'], $_REQUEST['pass'], $login_good); + + // Set user language if provided, overriding System language + $userinfo = get_user_info ($config['id_user']); + if ($userinfo["language"] != ""){ + $config['language'] = $userinfo["language"]; + } + + $l10n = NULL; + if (file_exists ('./include/languages/'.$config["language"].'.mo')) { + $l10n = new gettext_reader (new CachedFileReader ('./include/languages/'.$config["language"].'.mo')); + $l10n->load_tables(); + } } else { // User not known $login_failed = true; @@ -260,4 +272,4 @@ echo ''; $run_time = format_numeric (microtime (true) - $config['start_time'], 3); echo "\n\n"; -?> \ No newline at end of file +?> diff --git a/pandora_console/operation/incidents/incident.php b/pandora_console/operation/incidents/incident.php index 1757031079..7db708dd4b 100644 --- a/pandora_console/operation/incidents/incident.php +++ b/pandora_console/operation/incidents/incident.php @@ -290,7 +290,7 @@ if ($count < 1) { $data[1] = print_incidents_status_img ($row["estado"], true); - $data[2] = ''.safe_input (substr ($row["titulo"],0,45)).''; + $data[2] = ''.substr(safe_output($row["titulo"]),0,45).''; $data[3] = print_incidents_priority_img ($row["prioridad"], true); diff --git a/pandora_console/operation/incidents/incident_detail.php b/pandora_console/operation/incidents/incident_detail.php index b3532d5d7c..2d0238a202 100644 --- a/pandora_console/operation/incidents/incident_detail.php +++ b/pandora_console/operation/incidents/incident_detail.php @@ -286,12 +286,13 @@ if (empty ($id_creator)) { echo ''; if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { - print_textarea ("descripcion", 15, 80, safe_input ($texto), 'style="height:200px;"'); + print_textarea ("descripcion", 15, 80, $texto, 'style="height:200px;"'); } else { - print_textarea ("descripcion", 15, 80, safe_input ($texto), 'style="height:200px;" disabled'); + print_textarea ("descripcion", 15, 80, $texto, 'style="height:200px;" disabled'); } echo '
'; + // Only if user is the used who opened incident or (s)he is admin if (isset ($id_inc) AND ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"]))) { print_submit_button (__('Update incident'), "accion", false, 'class="sub upd"'); @@ -337,7 +338,7 @@ if (isset ($id_inc)) { if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($row["id_usuario"] == $config["id_user"])) { $data[0] .= print_input_image ("delete_nota", "images/cross.png", $row["id_nota"], 'border:0px;" onClick="if (!confirm(\' '.__('Are you sure?').'\')) return false;', true); } - $data[1] = safe_input ($row["nota"]); + $data[1] = $row["nota"]; array_push ($table->data, $data); } diff --git a/pandora_console/operation/menu.php b/pandora_console/operation/menu.php index 17b58ef86b..b59a7d2e6e 100644 --- a/pandora_console/operation/menu.php +++ b/pandora_console/operation/menu.php @@ -132,24 +132,30 @@ if (give_acl ($config['id_user'], 0, "AR")) { $sub["operation/events/events_marquee.php"]["type"] = "direct"; $menu["eventos"]["sub"] = $sub; - - // Users - $menu["usuarios"]["text"] = __('View users'); - $menu["usuarios"]["sec2"] = "operation/users/user"; - $menu["usuarios"]["id"] = "oper-users"; - - $sub = array (); - $sub["operation/users/user_edit"]["text"] = __('Edit my user'); - $sub["operation/users/user_edit"]["options"]["name"] = "ver"; - $sub["operation/users/user_edit"]["options"]["value"] = $config["id_user"]; - - if (give_acl ($config["id_user"], 0, "UM")) { - $sub["operation/users/user_statistics"]["text"] = __('Statistics'); - } - - $menu["usuarios"]["sub"] = $sub; - //End of Users - +} + +// ANY user can view itself ! + +// Users +$menu["usuarios"]["text"] = __('View users'); +$menu["usuarios"]["sec2"] = "operation/users/user"; +$menu["usuarios"]["id"] = "oper-users"; + +$sub = array (); +$sub["operation/users/user_edit"]["text"] = __('Edit my user'); +$sub["operation/users/user_edit"]["options"]["name"] = "ver"; +$sub["operation/users/user_edit"]["options"]["value"] = $config["id_user"]; + +if (give_acl ($config["id_user"], 0, "UM")) { + $sub["operation/users/user_statistics"]["text"] = __('Statistics'); +} + +$menu["usuarios"]["sub"] = $sub; +//End of Users + +// Rest of options, all with AR privilege (or should events be with incidents?) +if (give_acl ($config['id_user'], 0, "AR")) { + //SNMP Console $menu["snmpconsole"]["text"] = __('SNMP console'); $menu["snmpconsole"]["refr"] = 60; diff --git a/pandora_console/operation/messages/message.php b/pandora_console/operation/messages/message.php index ec8fb46ae2..17c7f7ab76 100644 --- a/pandora_console/operation/messages/message.php +++ b/pandora_console/operation/messages/message.php @@ -65,7 +65,7 @@ if (isset ($_GET["mark_read"]) || isset ($_GET["mark_unread"])) { if (isset ($_GET["new_msg"])) { //create message echo "

".__('Messages')." » ".__('New message').'

'; echo ' - +
@@ -158,7 +158,7 @@ if (isset ($_GET["read_message"]) || !isset ($_GET["new_msg"])) { if (empty ($messages)) { echo '
'.__('There are no messages').'
'; } else { - $table->width = "100%"; + $table->width = "85%"; $table->class = "databox"; $table->cellpadding = 4; $table->cellspacing = 4; @@ -217,7 +217,7 @@ if (isset ($_GET["read_message"]) || !isset ($_GET["new_msg"])) { print_table ($table); echo ''; } - echo '
'; + echo '
'; echo '
'; print_submit_button (__('New message'), "send_mes", false, 'class="sub next"'); echo '
'; diff --git a/pandora_console/operation/users/user.php b/pandora_console/operation/users/user.php index 1032062868..abf27ab69e 100644 --- a/pandora_console/operation/users/user.php +++ b/pandora_console/operation/users/user.php @@ -56,7 +56,11 @@ foreach ($info as $user_id => $user_info) { $rowPair = !$rowPair; $iterator++; - $data[0] = ''.$user_id.''; + if ((check_acl ($config["id_user"], get_user_groups ($user_id), "UM")) OR ($config["id_user"] == $user_id)){ + $data[0] = ''.$user_id.''; + } else { + $data[0] = $user_id; + } $data[1] = $user_info["fullname"].''; $data[1] .= __('First name').': '.$user_info["firstname"].'
'; $data[1] .= __('Last name').': '.$user_info["lastname"].'
'; diff --git a/pandora_console/operation/users/user_edit.php b/pandora_console/operation/users/user_edit.php index 0ccd00f604..f9a3b1aa54 100644 --- a/pandora_console/operation/users/user_edit.php +++ b/pandora_console/operation/users/user_edit.php @@ -21,10 +21,13 @@ check_login (); $id = get_parameter_get ("id", $config["id_user"]); // ID given as parameter $user_info = get_user_info ($id); +if ($user_info["language"] == ""){ + $user_info["language"] = $config["language"]; +} + $id = $user_info["id_user"]; //This is done in case there are problems with uppercase/lowercase (MySQL auth has that problem) - -if (!give_acl ($config["id_user"], get_user_groups ($id), "UM")){ +if ((!give_acl ($config["id_user"], get_user_groups ($id), "UM")) AND ($id != $config["id_user"])){ audit_db ($config["id_user"], $config["remote_addr"], "ACL Violation","Trying to view a user without privileges"); require ("general/noaccess.php"); exit; @@ -42,27 +45,35 @@ if (isset ($_GET["modified"]) && !$view_mode) { $upd_info["fullname"] = get_parameter_post ("fullname", $user_info["fullname"]); $upd_info["firstname"] = get_parameter_post ("firstname", $user_info["firstname"]); $upd_info["lastname"] = get_parameter_post ("lastname", $user_info["lastname"]); - $password_old = get_parameter_post ("password_old", "-"); - $password_new = get_parameter_post ("password_new", "-"); - $password_confirm = get_parameter_post ("password_confirm", "-"); + $password_new = get_parameter_post ("password_new", ""); + $password_confirm = get_parameter_post ("password_conf", ""); $upd_info["email"] = get_parameter_post ("email", $user_info["email"]); $upd_info["phone"] = get_parameter_post ("phone", $user_info["phone"]); $upd_info["comments"] = get_parameter_post ("comments", $user_info["comments"]); + $upd_info["language"] = get_parameter_post ("language", $user_info["language"]); - //If User can update password and the new password is not the same as the old one, it's not the default and it's not empty and the new password is the same as the confirmed one - if ($config["user_can_update_password"] && $password_old !== $password_new && $password_new !== "-" && !empty ($password_new) && $password_confirm == $password_new) { - $return = process_user_password ($id, $pass); - print_result_message ($return, - __('Password successfully updated'), - __('Error updating passwords: %s', $config['auth_error'])); - } elseif ($password_new !== "-") { - print_error_message (__('Passwords didn\'t match or other problem encountered while updating passwords')); + if ( !empty ($password_new)) { + if ($config["user_can_update_password"] && $password_confirm == $password_new) { + $return = update_user_password ($id, $password_new); + print_result_message ($return, + __('Password successfully updated'), + __('Error updating passwords: %s', $config['auth_error'])); + } elseif ($password_new !== "NON-INIT") { + print_error_message (__('Passwords didn\'t match or other problem encountered while updating passwords')); + } } - + + // No need to display "error" here, because when no update is needed (no changes in data) + // SQL function returns 0 (FALSE), but is not an error, just no change. Previous error + // message could be confussing to the user. + $return = update_user ($id, $upd_info); - print_result_message ($return, - __('User info successfully updated'), - __('Error updating user info')); + if ($return > 0) { + print_result_message ($return, + __('User info successfully updated'), + __('Error updating user info')); + } + $user_info = $upd_info; } @@ -70,53 +81,69 @@ echo "

".__('Pandora users')." » ".__('User detail editor')."

"; echo '
'; -echo '
'.__('From').': '.print_username ($config["id_user"], true).'
'; +echo '
'; echo ''; echo '"; + +// Show "Picture" (in future versions, why not, allow users to upload it's own avatar here. +echo "
'.__('User ID').''; -print_input_text_extended ("id_user", $id, '', '', '', '', $view_mode, '', 'class="input"'); +echo "$id"; +echo ""; +if (is_user_admin ($id)) { + echo ""; +} +else { + echo ""; +} echo '
'.__('Full (display) name').''; -print_input_text_extended ("fullname", $user_info["fullname"], '', '', '', '', $view_mode, '', 'class="input"'); +print_input_text_extended ("fullname", $user_info["fullname"], '', '', 35, 100, $view_mode, '', 'class="input"'); +// Not used anymore. In 3.0 database schema continues storing it, but will be removed in the future, or we will 'reuse' +// the database fields for anything more useful. + +/* echo '
'.__('First name').''; -print_input_text_extended ("firstname", $user_info["firstname"], '', '', '', '', $view_mode, '', 'class="input"'); +print_input_text_extended ("firstname", $user_info["firstname"], '', '', 25, 100, $view_mode, '', 'class="input"'); echo '
'.__('Last name').''; -print_input_text_extended ("lastname", $user_info["lastname"], '', '', '', '', $view_mode, '', 'class="input"'); +print_input_text_extended ("lastname", $user_info["lastname"], '', '', 25, 100, $view_mode, '', 'class="input"'); +*/ if ($view_mode === false) { - echo '
'.__('Current password').''; if ($config["user_can_update_password"]) { - print_input_text_extended ("password_old", "-", '', '', '', '', $view_mode, '', 'class="input"', false, true); echo '
'.__('New Password').''; - print_input_text_extended ("password_new", "-", '', '', '', '', $view_mode, '', 'class="input"', false, true); + print_input_text_extended ("password_new", "", '', '', '15', '25', $view_mode, '', 'class="input"', false, true); echo '
'.__('Password confirmation').''; - print_input_text_extended ("password_conf", "-", '', '', '', '', $view_mode, '', 'class="input"', false, true); + print_input_text_extended ("password_conf", "", '', '', '15', '25', $view_mode, '', 'class="input"', false, true); } else { echo ''.__('You can not change your password from Pandora FMS under the current authentication scheme').''; } } echo '
'.__('E-mail').''; -print_input_text_extended ("email", $user_info["email"], '', '', '', '', $view_mode, '', 'class="input"'); +print_input_text_extended ("email", $user_info["email"], '', '', '40', '100', $view_mode, '', 'class="input"'); echo '
'.__('Phone number').''; -print_input_text_extended ("phone", $user_info["phone"], '', '', '', '', $view_mode, '', 'class="input"'); +print_input_text_extended ("phone", $user_info["phone"], '', '', '10', '30', $view_mode, '', 'class="input"'); -echo '
'.__('Comments').''; -print_textarea ("comments", 4, 55, $user_info["comments"], ($view_mode ? 'readonly="readonly"' : '')); +echo '
'.__('Language').''; +echo print_select_from_sql ('SELECT id_language, name FROM tlanguage', + 'language', $user_info["language"], '', '', '', true); + +echo '
'.__('Comments').''; +print_textarea ("comments", 2, 60, $user_info["comments"], ($view_mode ? 'readonly="readonly"' : '')); echo '
'; -echo '
'; +echo '
'; if (!$config["user_can_update_info"]) { echo ''.__('You can not change your user info from Pandora FMS under the current authentication scheme').''; } else { print_submit_button (__('Update'), 'uptbutton', $view_mode, 'class="sub upd"'); } -echo '

'; - +echo '
'; echo '

'.__('Profiles/Groups assigned to this user').'

'; diff --git a/pandora_console/operation/users/user_statistics.php b/pandora_console/operation/users/user_statistics.php index ed53b58b56..227fb3616d 100644 --- a/pandora_console/operation/users/user_statistics.php +++ b/pandora_console/operation/users/user_statistics.php @@ -29,4 +29,44 @@ if ($config['flash_charts']) { } else { print_image ("include/fgraph.php?tipo=user_activity", false, array ("border" => 0)); } + +echo '
'; +// Show last activity from this user +echo "

" . __('This is your last activity in Pandora FMS console') . "

"; + +$table->width = 650; //Don't specify px +$table->data = array (); +$table->size = array (); +$table->size[2] = '130px'; +$table->size[4] = '200px'; +$table->head = array (); +$table->head[0] = __('User'); +$table->head[1] = __('Category'); +$table->head[2] = __('Date'); +$table->head[3] = __('Source IP'); +$table->head[4] = __('Comments'); + +$sql = sprintf ("SELECT id_usuario,accion,fecha,ip_origen,descripcion + FROM tsesion + WHERE (`utimestamp` > UNIX_TIMESTAMP(NOW()) - 604800) + AND `id_usuario` = '%s' ORDER BY `fecha` DESC LIMIT 50", $config["id_user"]); +$sessions = get_db_all_rows_sql ($sql); + +if ($sessions === false) + $sessions = array (); + +foreach ($sessions as $session) { + $data = array (); + + $data[0] = ''.$session['id_usuario'].''; + $data[1] = $session['accion']; + $data[2] = $session['fecha']; + $data[3] = $session['ip_origen']; + $data[4] = $session['descripcion']; + + array_push ($table->data, $data); +} +print_table ($table); +echo "
"; // activity + ?>