tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-30 17:25:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-3105-comportamiento-public_url' into 'develop'

Browse Source 
Ent 3105 comportamiento public url

See merge request artica/pandorafms!2568
This commit is contained in:
Alejandro Fraguas 2019-07-12 13:02:42 +02:00
commit bfc267691b
6 changed files with 446 additions and 275 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
pandora_console/godmode/setup/setup.php
View File

@ -86,7 +86,7 @@ $buttons = [];
// Draws header.
$buttons['general'] = [
'active' => false,
'text' => '<a href="index.php?sec=gsetup&sec2=godmode/setup/setup&amp;section=general">'.html_print_image('images/gm_setup.png', true, ['title' => __('General')]).'</a>',
'text' => '<a href="'.ui_get_full_url('index.php?sec=gsetup&sec2=godmode/setup/setup&amp;section=general').'">'.html_print_image('images/gm_setup.png', true, ['title' => __('General')]).'</a>',
];
if (enterprise_installed()) {
@ -95,37 +95,37 @@ if (enterprise_installed()) {
$buttons['auth'] = [
'active' => false,
'text' => '<a href="index.php?sec=gsetup&sec2=godmode/setup/setup&amp;section=auth">'.html_print_image('images/key.png', true, ['title' => __('Authentication')]).'</a>',
'text' => '<a href="'.ui_get_full_url('index.php?sec=gsetup&sec2=godmode/setup/setup&amp;section=auth').'">'.html_print_image('images/key.png', true, ['title' => __('Authentication')]).'</a>',
];
$buttons['perf'] = [
'active' => false,
'text' => '<a href="index.php?sec=gsetup&sec2=godmode/setup/setup&amp;section=perf">'.html_print_image('images/performance.png', true, ['title' => __('Performance')]).'</a>',
'text' => '<a href="'.ui_get_full_url('index.php?sec=gsetup&sec2=godmode/setup/setup&amp;section=perf').'">'.html_print_image('images/performance.png', true, ['title' => __('Performance')]).'</a>',
];
$buttons['vis'] = [
'active' => false,
'text' => '<a href="index.php?sec=gsetup&sec2=godmode/setup/setup&amp;section=vis">'.html_print_image('images/chart.png', true, ['title' => __('Visual styles')]).'</a>',
'text' => '<a href="'.ui_get_full_url('index.php?sec=gsetup&sec2=godmode/setup/setup&amp;section=vis').'">'.html_print_image('images/chart.png', true, ['title' => __('Visual styles')]).'</a>',
];
if (check_acl($config['id_user'], 0, 'AW')) {
if ($config['activate_netflow']) {
$buttons['net'] = [
'active' => false,
'text' => '<a href="index.php?sec=gsetup&sec2=godmode/setup/setup&amp;section=net">'.html_print_image('images/op_netflow.png', true, ['title' => __('Netflow')]).'</a>',
'text' => '<a href="'.ui_get_full_url('index.php?sec=gsetup&sec2=godmode/setup/setup&amp;section=net').'">'.html_print_image('images/op_netflow.png', true, ['title' => __('Netflow')]).'</a>',
];
}
}
$buttons['ehorus'] = [
'active' => false,
'text' => '<a href="index.php?sec=gsetup&sec2=godmode/setup/setup&section=ehorus">'.html_print_image('images/ehorus/ehorus.png', true, ['title' => __('eHorus')]).'</a>',
'text' => '<a href="'.ui_get_full_url('index.php?sec=gsetup&sec2=godmode/setup/setup&section=ehorus').'">'.html_print_image('images/ehorus/ehorus.png', true, ['title' => __('eHorus')]).'</a>',
];
// FIXME: Not definitive icon
$buttons['notifications'] = [
'active' => false,
'text' => '<a href="index.php?sec=gsetup&sec2=godmode/setup/setup&section=notifications">'.html_print_image('images/alerts_template.png', true, ['title' => __('Notifications')]).'</a>',
'text' => '<a href="'.ui_get_full_url('index.php?sec=gsetup&sec2=godmode/setup/setup&section=notifications').'">'.html_print_image('images/alerts_template.png', true, ['title' => __('Notifications')]).'</a>',
];
$help_header = '';

294
pandora_console/godmode/setup/setup_general.php
View File

@ -1,5 +1,13 @@
<?php
/**
* General setup.
*
* @category Setup
* @package Pandora FMS
* @subpackage Opensource
* @version 1.0.0
* @license See below
*
* ______ ___ _______ _______ ________
* | __ \.-----.--.--.--| |.-----.----.-----. | ___| | | __|
* | __/| _ | | _ || _ | _| _ | | ___| |__ |
@ -18,8 +26,36 @@
* ============================================================================
*/
// File begin.
/**
* Return sounds path.
*
* @return string Path.
*/
function get_sounds()
{
global $config;
$return = [];
$files = scandir($config['homedir'].'/include/sounds');
foreach ($files as $file) {
if (strstr($file, 'wav') !== false) {
$return['include/sounds/'.$file] = $file;
}
}
return $return;
}
// Begin.
global $config;
check_login();
$table = new StdClass();
@ -33,35 +69,18 @@ $table->style[0] = 'font-weight:bold';
$table->size[1] = '70%';
// Current config["language"] could be set by user, not taken from global setup !
switch ($config['dbtype']) {
case 'mysql':
$current_system_lang = db_get_sql(
'SELECT `value`
FROM tconfig WHERE `token` = "language"'
);
break;
case 'postgresql':
$current_system_lang = db_get_sql(
'SELECT "value"
FROM tconfig WHERE "token" = \'language\''
);
break;
case 'oracle':
$current_system_lang = db_get_sql(
'SELECT value
FROM tconfig WHERE token = \'language\''
);
break;
}
$current_system_lang = db_get_sql(
'SELECT `value` FROM tconfig WHERE `token` = "language"'
);
if ($current_system_lang == '') {
$current_system_lang = 'en';
}
$table->data[0][0] = __('Language code');
$table->data[0][1] = html_print_select_from_sql(
$i = 0;
$table->data[$i][0] = __('Language code');
$table->data[$i++][1] = html_print_select_from_sql(
'SELECT id_language, name FROM tlanguage',
'language',
$current_system_lang,
@ -71,68 +90,67 @@ $table->data[0][1] = html_print_select_from_sql(
true
);
$table->data[1][0] = __('Remote config directory').ui_print_help_tip(__('Directory where agent remote configuration is stored.'), true);
$table->data[$i][0] = __('Remote config directory').ui_print_help_tip(__('Directory where agent remote configuration is stored.'), true);
$table->data[$i++][1] = html_print_input_text('remote_config', io_safe_output($config['remote_config']), '', 30, 100, true);
$table->data[1][1] = html_print_input_text('remote_config', io_safe_output($config['remote_config']), '', 30, 100, true);
$table->data[$i][0] = __('Phantomjs bin directory').ui_print_help_tip(__('Directory where phantomjs binary file exists and has execution grants.'), true);
$table->data[$i++][1] = html_print_input_text('phantomjs_bin', io_safe_output($config['phantomjs_bin']), '', 30, 100, true);
$table->data[2][0] = __('Phantomjs bin directory').ui_print_help_tip(__('Directory where phantomjs binary file exists and has execution grants.'), true);
$table->data[$i][0] = __('Auto login (hash) password');
$table->data[$i++][1] = html_print_input_password('loginhash_pwd', io_output_password($config['loginhash_pwd']), '', 15, 15, true);
$table->data[2][1] = html_print_input_text('phantomjs_bin', io_safe_output($config['phantomjs_bin']), '', 30, 100, true);
$table->data[6][0] = __('Auto login (hash) password');
$table->data[6][1] = html_print_input_password('loginhash_pwd', io_output_password($config['loginhash_pwd']), '', 15, 15, true);
$table->data[9][0] = __('Time source');
$table->data[$i][0] = __('Time source');
$sources['system'] = __('System');
$sources['sql'] = __('Database');
$table->data[9][1] = html_print_select($sources, 'timesource', $config['timesource'], '', '', '', true);
$table->data[$i++][1] = html_print_select($sources, 'timesource', $config['timesource'], '', '', '', true);
$table->data[10][0] = __('Automatic check for updates');
$table->data[10][1] = html_print_checkbox_switch('autoupdate', 1, $config['autoupdate'], true);
$table->data[$i][0] = __('Automatic check for updates');
$table->data[$i++][1] = html_print_checkbox_switch('autoupdate', 1, $config['autoupdate'], true);
echo "<div id='dialog' title='".__('Enforce https Information')."' style='display:none;'>";
echo "<p style='text-align: center;'>".__('If SSL is not properly configured you will lose access to ').get_product_name().__(' Console').'</p>';
echo '</div>';
$table->data[11][0] = __('Enforce https');
$table->data[11][1] = html_print_checkbox_switch_extended('https', 1, $config['https'], false, '', '', true);
$table->data[$i][0] = __('Enforce https');
$table->data[$i++][1] = html_print_checkbox_switch_extended('https', 1, $config['https'], false, '', '', true);
$table->data[12][0] = __('Use cert of SSL');
$table->data[12][1] = html_print_checkbox_switch_extended('use_cert', 1, $config['use_cert'], false, '', '', true);
$table->data[$i][0] = __('Use cert of SSL');
$table->data[$i++][1] = html_print_checkbox_switch_extended('use_cert', 1, $config['use_cert'], false, '', '', true);
$table->rowstyle[13] = 'display: none;';
$table->data[13][0] = __('Path of SSL Cert.').ui_print_help_tip(__('Path where you put your cert and name of this cert. Remember your cert only in .pem extension.'), true);
$table->data[13][1] = html_print_input_text('cert_path', io_safe_output($config['cert_path']), '', 50, 255, true);
$table->rowstyle[$i] = 'display: none;';
$table->rowid[$i] = 'ssl-path-tr';
$table->data[$i][0] = __('Path of SSL Cert.').ui_print_help_tip(__('Path where you put your cert and name of this cert. Remember your cert only in .pem extension.'), true);
$table->data[$i++][1] = html_print_input_text('cert_path', io_safe_output($config['cert_path']), '', 50, 255, true);
$table->data[14][0] = __('Attachment store').ui_print_help_tip(__('Directory where temporary data is stored.'), true);
$table->data[14][1] = html_print_input_text('attachment_store', io_safe_output($config['attachment_store']), '', 50, 255, true);
$table->data[$i][0] = __('Attachment store').ui_print_help_tip(__('Directory where temporary data is stored.'), true);
$table->data[$i++][1] = html_print_input_text('attachment_store', io_safe_output($config['attachment_store']), '', 50, 255, true);
$table->data[15][0] = __('IP list with API access');
$table->data[$i][0] = __('IP list with API access');
if (isset($_POST['list_ACL_IPs_for_API'])) {
$list_ACL_IPs_for_API = get_parameter_post('list_ACL_IPs_for_API');
} else {
$list_ACL_IPs_for_API = get_parameter_get('list_ACL_IPs_for_API', implode("\n", $config['list_ACL_IPs_for_API']));
}
$table->data[15][1] = html_print_textarea('list_ACL_IPs_for_API', 2, 25, $list_ACL_IPs_for_API, 'style="height: 50px; width: 300px"', true);
$table->data[$i++][1] = html_print_textarea('list_ACL_IPs_for_API', 2, 25, $list_ACL_IPs_for_API, 'style="height: 50px; width: 300px"', true);
$table->data[16][0] = __('API password').ui_print_help_tip(__('Please be careful if you put a password put https access.'), true);
$table->data[16][1] = html_print_input_password('api_password', io_output_password($config['api_password']), '', 25, 255, true);
$table->data[$i][0] = __('API password').ui_print_help_tip(__('Please be careful if you put a password put https access.'), true);
$table->data[$i++][1] = html_print_input_password('api_password', io_output_password($config['api_password']), '', 25, 255, true);
$table->data[17][0] = __('Enable GIS features');
$table->data[17][1] = html_print_checkbox_switch('activate_gis', 1, $config['activate_gis'], true);
$table->data[$i][0] = __('Enable GIS features');
$table->data[$i++][1] = html_print_checkbox_switch('activate_gis', 1, $config['activate_gis'], true);
$table->data[19][0] = __('Enable Netflow');
$table->data[$i][0] = __('Enable Netflow');
$rbt_disabled = false;
if (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN') {
$rbt_disabled = true;
$table->data[19][0] .= ui_print_help_tip(__('Not supported in Windows systems'), true);
$table->data[$i][0] .= ui_print_help_tip(__('Not supported in Windows systems'), true);
}
$table->data[19][1] = html_print_checkbox_switch_extended('activate_netflow', 1, $config['activate_netflow'], $rbt_disabled, '', '', true);
$table->data[$i++][1] = html_print_checkbox_switch_extended('activate_netflow', 1, $config['activate_netflow'], $rbt_disabled, '', '', true);
$table->data[21][0] = __('Enable Network Traffic Analyzer');
$table->data[21][1] = html_print_switch(
$table->data[$i][0] = __('Enable Network Traffic Analyzer');
$table->data[$i++][1] = html_print_switch(
[
'name' => 'activate_nta',
'value' => $config['activate_nta'],
@ -171,11 +189,11 @@ foreach ($timezones as $timezone) {
}
}
$table->data[23][0] = __('Timezone setup').' '.ui_print_help_tip(
$table->data[$i][0] = __('Timezone setup').' '.ui_print_help_tip(
__('Must have the same time zone as the system or database to avoid mismatches of time.'),
true
);
$table->data[23][1] = html_print_input_text_extended(
$table->data[$i][1] = html_print_input_text_extended(
'timezone_text',
$config['timezone'],
'text-timezone_text',
@ -187,47 +205,63 @@ $table->data[23][1] = html_print_input_text_extended(
'readonly',
true
);
$table->data[23][1] .= '<a id="change_timezone">'.html_print_image('images/pencil.png', true, ['title' => __('Change timezone')]).'</a>';
$table->data[23][1] .= '&nbsp;&nbsp;'.html_print_select($zone_name, 'zone', $zone_selected, 'show_timezone();', '', '', true);
$table->data[23][1] .= '&nbsp;&nbsp;'.html_print_select($timezone_n, 'timezone', $config['timezone'], '', '', '', true);
$table->data[$i][1] .= '<a id="change_timezone">'.html_print_image('images/pencil.png', true, ['title' => __('Change timezone')]).'</a>';
$table->data[$i][1] .= '&nbsp;&nbsp;'.html_print_select($zone_name, 'zone', $zone_selected, 'show_timezone();', '', '', true);
$table->data[$i++][1] .= '&nbsp;&nbsp;'.html_print_select($timezone_n, 'timezone', $config['timezone'], '', '', '', true);
$sounds = get_sounds();
$table->data[24][0] = __('Sound for Alert fired');
$table->data[24][1] = html_print_select($sounds, 'sound_alert', $config['sound_alert'], 'replaySound(\'alert\');', '', '', true);
$table->data[24][1] .= ' <a href="javascript: toggleButton(\'alert\');">'.html_print_image('images/control_play_col.png', true, ['id' => 'button_sound_alert', 'style' => 'vertical-align: middle;', 'width' => '16', 'title' => __('Play sound')]).'</a>';
$table->data[24][1] .= '<div id="layer_sound_alert"></div>';
$table->data[$i][0] = __('Sound for Alert fired');
$table->data[$i][1] = html_print_select($sounds, 'sound_alert', $config['sound_alert'], 'replaySound(\'alert\');', '', '', true);
$table->data[$i][1] .= ' <a href="javascript: toggleButton(\'alert\');">'.html_print_image('images/control_play_col.png', true, ['id' => 'button_sound_alert', 'style' => 'vertical-align: middle;', 'width' => '16', 'title' => __('Play sound')]).'</a>';
$table->data[$i++][1] .= '<div id="layer_sound_alert"></div>';
$table->data[25][0] = __('Sound for Monitor critical');
$table->data[25][1] = html_print_select($sounds, 'sound_critical', $config['sound_critical'], 'replaySound(\'critical\');', '', '', true);
$table->data[25][1] .= ' <a href="javascript: toggleButton(\'critical\');">'.html_print_image('images/control_play_col.png', true, ['id' => 'button_sound_critical', 'style' => 'vertical-align: middle;', 'width' => '16', 'title' => __('Play sound')]).'</a>';
$table->data[25][1] .= '<div id="layer_sound_critical"></div>';
$table->data[$i][0] = __('Sound for Monitor critical');
$table->data[$i][1] = html_print_select($sounds, 'sound_critical', $config['sound_critical'], 'replaySound(\'critical\');', '', '', true);
$table->data[$i][1] .= ' <a href="javascript: toggleButton(\'critical\');">'.html_print_image('images/control_play_col.png', true, ['id' => 'button_sound_critical', 'style' => 'vertical-align: middle;', 'width' => '16', 'title' => __('Play sound')]).'</a>';
$table->data[$i++][1] .= '<div id="layer_sound_critical"></div>';
$table->data[26][0] = __('Sound for Monitor warning');
$table->data[26][1] = html_print_select($sounds, 'sound_warning', $config['sound_warning'], 'replaySound(\'warning\');', '', '', true);
$table->data[26][1] .= ' <a href="javascript: toggleButton(\'warning\');">'.html_print_image('images/control_play_col.png', true, ['id' => 'button_sound_warning', 'style' => 'vertical-align: middle;', 'width' => '16', 'title' => __('Play sound')]).'</a>';
$table->data[26][1] .= '<div id="layer_sound_warning"></div>';
$table->data[$i][0] = __('Sound for Monitor warning');
$table->data[$i][1] = html_print_select($sounds, 'sound_warning', $config['sound_warning'], 'replaySound(\'warning\');', '', '', true);
$table->data[$i][1] .= ' <a href="javascript: toggleButton(\'warning\');">'.html_print_image('images/control_play_col.png', true, ['id' => 'button_sound_warning', 'style' => 'vertical-align: middle;', 'width' => '16', 'title' => __('Play sound')]).'</a>';
$table->data[$i++][1] .= '<div id="layer_sound_warning"></div>';
$table->data[28][0] = __('Public URL');
$table->data[28][0] .= ui_print_help_tip(
$table->data[$i][0] = __('Public URL');
$table->data[$i][0] .= ui_print_help_tip(
__('Set this value when your %s across inverse proxy or for example with mod_proxy of Apache.', get_product_name()).' '.__('Without the index.php such as http://domain/console_url/'),
true
);
$table->data[28][1] = html_print_input_text('public_url', $config['public_url'], '', 40, 255, true);
$table->data[$i++][1] = html_print_input_text('public_url', $config['public_url'], '', 40, 255, true);
$table->data[29][0] = __('Referer security');
$table->data[29][0] .= ui_print_help_tip(__("If enabled, actively checks if the user comes from %s's URL", get_product_name()), true);
$table->data[29][1] = html_print_checkbox_switch('referer_security', 1, $config['referer_security'], true);
$table->data[$i][0] = __('Force use Public URL');
$table->data[$i][0] .= ui_print_help_tip(__('Force using defined public URL).', get_product_name()), true);
$table->data[$i++][1] = html_print_switch(
[
'name' => 'force_public_url',
'value' => $config['force_public_url'],
]
);
$table->data[30][0] = __('Event storm protection');
$table->data[30][0] .= ui_print_help_tip(__('If set to yes no events or alerts will be generated, but agents will continue receiving data.'), true);
$table->data[30][1] = html_print_checkbox_switch('event_storm_protection', 1, $config['event_storm_protection'], true);
echo "<div id='force_public_url_dialog' title='".__('Enforce public URL usage information')."' style='display:none;'>";
echo "<p style='text-align: center;'>".__('If public URL is not properly configured you will lose access to ').get_product_name().__(' Console').'</p>';
echo '</div>';
$table->data[$i][0] = __('Public URL host exclusions');
$table->data[$i++][1] = html_print_textarea('public_url_exclusions', 2, 25, $config['public_url_exclusions'], 'style="height: 50px; width: 300px"', true);
$table->data[$i][0] = __('Referer security');
$table->data[$i][0] .= ui_print_help_tip(__("If enabled, actively checks if the user comes from %s's URL", get_product_name()), true);
$table->data[$i++][1] = html_print_checkbox_switch('referer_security', 1, $config['referer_security'], true);
$table->data[$i][0] = __('Event storm protection');
$table->data[$i][0] .= ui_print_help_tip(__('If set to yes no events or alerts will be generated, but agents will continue receiving data.'), true);
$table->data[$i++][1] = html_print_checkbox_switch('event_storm_protection', 1, $config['event_storm_protection'], true);
$table->data[31][0] = __('Command Snapshot').ui_print_help_tip(__('The string modules with several lines show as command output'), true);
$table->data[31][1] = html_print_checkbox_switch('command_snapshot', 1, $config['command_snapshot'], true);
$table->data[$i][0] = __('Command Snapshot').ui_print_help_tip(__('The string modules with several lines show as command output'), true);
$table->data[$i++][1] = html_print_checkbox_switch('command_snapshot', 1, $config['command_snapshot'], true);
$table->data[32][0] = __('Server logs directory').ui_print_help_tip(__('Directory where the server logs are stored.'), true);
$table->data[32][1] = html_print_input_text(
$table->data[$i][0] = __('Server logs directory').ui_print_help_tip(__('Directory where the server logs are stored.'), true);
$table->data[$i++][1] = html_print_input_text(
'server_log_dir',
$config['server_log_dir'],
'',
@ -236,8 +270,8 @@ $table->data[32][1] = html_print_input_text(
true
);
$table->data[33][0] = __('Log size limit in system logs viewer extension').ui_print_help_tip(__('Max size (in bytes) for the logs to be shown.'), true);
$table->data[33][1] = html_print_input_text(
$table->data[$i][0] = __('Log size limit in system logs viewer extension').ui_print_help_tip(__('Max size (in bytes) for the logs to be shown.'), true);
$table->data[$i++][1] = html_print_input_text(
'max_log_size',
$config['max_log_size'],
'',
@ -251,8 +285,8 @@ $modes_tutorial = [
'on_demand' => __('On demand'),
'expert' => __('Expert'),
];
$table->data['tutorial_mode'][0] = __('Tutorial mode').ui_print_help_tip(__("Configuration of our clippy, 'full mode' show the icon in the header and the contextual helps and it is noise, 'on demand' it is equal to full but it is not noise and 'expert' the icons in the header and the context is not."), true);
$table->data['tutorial_mode'][1] = html_print_select(
$table->data[$i][0] = __('Tutorial mode').ui_print_help_tip(__("Configuration of our clippy, 'full mode' show the icon in the header and the contextual helps and it is noise, 'on demand' it is equal to full but it is not noise and 'expert' the icons in the header and the context is not."), true);
$table->data[$i++][1] = html_print_select(
$modes_tutorial,
'tutorial_mode',
$config['tutorial_mode'],
@ -263,11 +297,11 @@ $table->data['tutorial_mode'][1] = html_print_select(
);
$config['past_planned_downtimes'] = isset($config['past_planned_downtimes']) ? $config['past_planned_downtimes'] : 1;
$table->data[34][0] = __('Allow create planned downtimes in the past').ui_print_help_tip(__('The planned downtimes created in the past will affect the SLA reports'), true);
$table->data[34][1] = html_print_checkbox_switch('past_planned_downtimes', 1, $config['past_planned_downtimes'], true);
$table->data[$i][0] = __('Allow create planned downtimes in the past').ui_print_help_tip(__('The planned downtimes created in the past will affect the SLA reports'), true);
$table->data[$i++][1] = html_print_checkbox_switch('past_planned_downtimes', 1, $config['past_planned_downtimes'], true);
$table->data[35][0] = __('Limit for bulk operations').ui_print_help_tip(__('Your PHP environment is set to 1000 max_input_vars. This parameter should have the same value or lower.', ini_get('max_input_vars')), true);
$table->data[35][1] = html_print_input_text(
$table->data[$i][0] = __('Limit for bulk operations').ui_print_help_tip(__('Your PHP environment is set to 1000 max_input_vars. This parameter should have the same value or lower.', ini_get('max_input_vars')), true);
$table->data[$i++][1] = html_print_input_text(
'limit_parameters_massive',
$config['limit_parameters_massive'],
'',
@ -276,17 +310,17 @@ $table->data[35][1] = html_print_input_text(
true
);
$table->data[36][0] = __('Include agents manually disabled');
$table->data[36][1] = html_print_checkbox_switch('include_agents', 1, $config['include_agents'], true);
$table->data[$i][0] = __('Include agents manually disabled');
$table->data[$i++][1] = html_print_checkbox_switch('include_agents', 1, $config['include_agents'], true);
$table->data[37][0] = __('Audit log directory').ui_print_help_tip(__('Directory where audit log is stored.'), true);
$table->data[37][1] = html_print_input_text('auditdir', io_safe_output($config['auditdir']), '', 30, 100, true);
$table->data[$i][0] = __('Audit log directory').ui_print_help_tip(__('Directory where audit log is stored.'), true);
$table->data[$i++][1] = html_print_input_text('auditdir', io_safe_output($config['auditdir']), '', 30, 100, true);
$table->data[38][0] = __('Set alias as name by default in agent creation');
$table->data[38][1] = html_print_checkbox_switch('alias_as_name', 1, $config['alias_as_name'], true);
$table->data[$i][0] = __('Set alias as name by default in agent creation');
$table->data[$i++][1] = html_print_checkbox_switch('alias_as_name', 1, $config['alias_as_name'], true);
$table->data[39][0] = __('Unique IP').ui_print_help_tip(__('Set the primary IP address as the unique IP, preventing the same primary IP address from being used in more than one agent'), true);
$table->data[39][1] = html_print_checkbox_switch('unique_ip', 1, $config['unique_ip'], true);
$table->data[$i][0] = __('Unique IP').ui_print_help_tip(__('Set the primary IP address as the unique IP, preventing the same primary IP address from being used in more than one agent'), true);
$table->data[$i++][1] = html_print_checkbox_switch('unique_ip', 1, $config['unique_ip'], true);
echo '<form id="form_setup" method="post" action="index.php?sec=gsetup&sec2=godmode/setup/setup&amp;section=general&amp;pure='.$config['pure'].'">';
@ -352,44 +386,50 @@ $(document).ready (function () {
});
if ($("input[name=use_cert]").is(':checked')) {
$('#setup_general-13').show();
$('#ssl-path-tr').show();
}
$("input[name=use_cert]").change(function () {
if( $(this).is(":checked") )
$('#setup_general-13').show();
$('#ssl-path-tr').show();
else
$('#setup_general-13').hide();
$('#ssl-path-tr').hide();
});
$("input[name=https]").change(function (){
if($("input[name=https]").prop('checked')) {
$("#dialog").css({'display': 'inline', 'font-weight': 'bold'}).dialog({
$("#dialog").dialog({
modal: true,
buttons:{
"<?php echo __('Close'); ?>": function(){
$(this).dialog("close");
width: 500,
buttons:[
{
class: 'ui-widget ui-state-default ui-corner-all ui-button-text-only sub upd submit-next',
text: "<?php echo __('OK'); ?>",
click: function(){
$(this).dialog("close");
}
}
}
]
});
}
})
$("input[name=force_public_url]").change(function (){
if($("input[name=force_public_url]").prop('checked')) {
$("#force_public_url_dialog").dialog({
modal: true,
width: 500,
buttons: [
{
class: 'ui-widget ui-state-default ui-corner-all ui-button-text-only sub upd submit-next',
text: "<?php echo __('OK'); ?>",
click: function(){
$(this).dialog("close");
}
}
]
});
}
})
});
</script>
<?php
function get_sounds()
{
global $config;
$return = [];
$files = scandir($config['homedir'].'/include/sounds');
foreach ($files as $file) {
if (strstr($file, 'wav') !== false) {
$return['include/sounds/'.$file] = $file;
}
}
return $return;
}

8
pandora_console/include/functions_config.php
View File

@ -266,6 +266,14 @@ function config_update_config()
$error_update[] = __('Public URL');
}
if (!config_update_value('force_public_url', get_parameter_switch('force_public_url'))) {
$error_update[] = __('Force use Public URL');
}
if (!config_update_value('public_url_exclusions', get_parameter('public_url_exclusions'))) {
$error_update[] = __('Public URL host exclusions');
}
if (!config_update_value('referer_security', get_parameter('referer_security'))) {
$error_update[] = __('Referer security');
}

3
pandora_console/include/functions_html.php
View File

@ -77,8 +77,7 @@ function html_debug_print($var, $file='', $oneline=false)
fprintf($f, '%s', $output);
fclose($f);
} else {
echo '<pre>'.date('Y/m/d H:i:s').' ('.gettype($var).') '.$more_info.'</pre>';
echo '<pre>';
echo '<pre style="z-index: 10000; background: #fff; padding: 1em;">'.date('Y/m/d H:i:s').' ('.gettype($var).') '.$more_info."\n";
print_r($var);
echo '</pre>';
}

38
pandora_console/include/functions_ui.php
View File

@ -3730,6 +3730,24 @@ function ui_get_url_refresh($params=false, $relative=true, $add_post=true)
}
/**
* Checks if public_url usage is being forced to target 'visitor'.
*
* @return boolean
*/
function ui_forced_public_url()
{
global $config;
$exclusions = preg_split("/[\n\s,]+/", io_safe_output($config['public_url_exclusions']));
if (in_array($_SERVER['REMOTE_ADDR'], $exclusions)) {
return false;
}
return (bool) $config['force_public_url'];
}
/**
* Returns a full URL in Pandora. (with the port and https in some systems)
*
@ -3776,12 +3794,18 @@ function ui_get_full_url($url='', $no_proxy=false, $add_name_php_file=false, $me
}
if (!$no_proxy) {
// Check if the PandoraFMS runs across the proxy like as
// mod_proxy of Apache
// and check if public_url is set.
if (!empty($config['public_url'])
// Check proxy.
$proxy = false;
if (ui_forced_public_url()) {
$proxy = true;
$fullurl = $config['public_url'];
if ($url == 'index.php' && is_metaconsole()) {
$fullurl .= '/'.ENTERPRISE_DIR.'/meta';
}
} else if (!empty($config['public_url'])
&& (!empty($_SERVER['HTTP_X_FORWARDED_HOST']))
) {
// Forced to use public url when being forwarder by a reverse proxy.
$fullurl = $config['public_url'];
$proxy = true;
} else {
@ -3813,7 +3837,7 @@ function ui_get_full_url($url='', $no_proxy=false, $add_name_php_file=false, $me
$url = $config['homeurl_static'].'/';
}
if (defined('METACONSOLE') && $metaconsole_root) {
if (is_metaconsole() && $metaconsole_root) {
$url .= 'enterprise/meta/';
}
} else if (!strstr($url, '.php')) {
@ -3823,7 +3847,7 @@ function ui_get_full_url($url='', $no_proxy=false, $add_name_php_file=false, $me
$fullurl .= $config['homeurl_static'].'/';
}
if (defined('METACONSOLE') && $metaconsole_root) {
if (is_metaconsole() && $metaconsole_root) {
$fullurl .= 'enterprise/meta/';
}
} else {
@ -3835,7 +3859,7 @@ function ui_get_full_url($url='', $no_proxy=false, $add_name_php_file=false, $me
} else {
$fullurl .= $config['homeurl_static'].'/';
if (defined('METACONSOLE') && $metaconsole_root) {
if (is_metaconsole() && $metaconsole_root) {
$fullurl .= 'enterprise/meta/';
}
}

364
pandora_console/index.php
View File

@ -1,17 +1,32 @@
<?php
/**
* Index.
*
* @category Main entrypoint.
* @package Pandora FMS
* @subpackage Opensource.
* @version 1.0.0
* @license See below
*
* ______ ___ _______ _______ ________
* | __ \.-----.--.--.--| |.-----.----.-----. | ___| | | __|
* | __/| _ | | _ || _ | _| _ | | ___| |__ |
* |___| |___._|__|__|_____||_____|__| |___._| |___| |__|_|__|_______|
*
* ============================================================================
* Copyright (c) 2005-2019 Artica Soluciones Tecnologicas
* Please see http://pandorafms.org for full contribution list
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation for version 2.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* ============================================================================
*/
// Pandora FMS - http://pandorafms.com
// ==================================================
// Copyright (c) 2005-2012 Artica Soluciones Tecnologicas
// Please see http://pandorafms.org for full contribution list
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU Lesser General Public License
// as published by the Free Software Foundation; version 2
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// Enable profiler for testing
// Begin.
if (!defined('__PAN_XHPROF__')) {
define('__PAN_XHPROF__', 0);
}
@ -24,17 +39,18 @@ if (__PAN_XHPROF__ === 1) {
}
}
// Set character encoding to UTF-8 - fixes a lot of multibyte character headaches
// Set character encoding to UTF-8
// fixes a lot of multibyte character issues.
if (function_exists('mb_internal_encoding')) {
mb_internal_encoding('UTF-8');
}
// Set to 1 to do not check for installer or config file (for development!).
// Activate gives more error information, not useful for production sites
// Activate gives more error information, not useful for production sites.
$develop_bypass = 0;
if ($develop_bypass != 1) {
// If no config file, automatically try to install
// If no config file, automatically try to install.
if (! file_exists('include/config.php')) {
if (! file_exists('install.php')) {
$url = explode('/', $_SERVER['REQUEST_URI']);
@ -74,14 +90,14 @@ if ($develop_bypass != 1) {
}
}
// Check for installer presence
// Check installer presence.
if (file_exists('install.php')) {
$login_screen = 'error_install';
include 'general/error_screen.php';
exit;
}
// Check perms for config.php
// Check perms for config.php.
if (strtoupper(substr(PHP_OS, 0, 3)) != 'WIN') {
if ((substr(sprintf('%o', fileperms('include/config.php')), -4) != '0600')
&& (substr(sprintf('%o', fileperms('include/config.php')), -4) != '0660')
@ -110,15 +126,18 @@ if ($develop_bypass != 1) {
}
}
if ((! file_exists('include/config.php')) || (! is_readable('include/config.php'))) {
if ((! file_exists('include/config.php'))
|| (! is_readable('include/config.php'))
) {
$login_screen = 'error_noconfig';
include 'general/error_screen.php';
exit;
}
//
// PLEASE DO NOT CHANGE ORDER //////
//
/*
* DO NOT CHANGE ORDER OF FOLLOWING REQUIRES.
*/
require_once 'include/config.php';
require_once 'include/functions_config.php';
@ -128,11 +147,11 @@ if (isset($config['error'])) {
exit;
}
// If metaconsole activated, redirect to it
if ($config['metaconsole'] == 1 && $config['enterprise_installed'] == 1) {
header('Location: '.$config['homeurl'].'enterprise/meta');
// If metaconsole activated, redirect to it.
if (is_metaconsole()) {
header('Location: '.ui_get_full_url('index.php'));
// Always exit after sending location headers.
exit;
// Always exit after sending location headers
}
if (file_exists(ENTERPRISE_DIR.'/include/functions_login.php')) {
@ -141,12 +160,12 @@ if (file_exists(ENTERPRISE_DIR.'/include/functions_login.php')) {
if (!empty($config['https']) && empty($_SERVER['HTTPS'])) {
$query = '';
if (sizeof($_REQUEST)) {
// Some (old) browsers don't like the ?&key=var
if (count($_REQUEST)) {
// Some (old) browsers don't like the ?&key=var.
$query .= '?1=1';
}
// We don't clean these variables up as they're only being passed along
// We don't clean these variables up as they're only being passed along.
foreach ($_GET as $key => $value) {
if ($key == 1) {
continue;
@ -162,12 +181,12 @@ if (!empty($config['https']) && empty($_SERVER['HTTPS'])) {
$url = ui_get_full_url($query);
// Prevent HTTP response splitting attacks
// http://en.wikipedia.org/wiki/HTTP_response_splitting
// http://en.wikipedia.org/wiki/HTTP_response_splitting.
$url = str_replace("\n", '', $url);
header('Location: '.$url);
// Always exit after sending location headers.
exit;
// Always exit after sending location headers
}
// Pure mode (without menu, header and footer).
@ -188,20 +207,21 @@ echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www
echo '<html xmlns="http://www.w3.org/1999/xhtml">'."\n";
echo '<head>'."\n";
// This starts the page head. In the call back function, things from $page['head'] array will be processed into the head
// This starts the page head. In the callback function,
// $page['head'] array content will be processed into the head.
ob_start('ui_process_page_head');
// Enterprise main
// Enterprise main.
enterprise_include('index.php');
echo '<script type="text/javascript">';
echo 'var dispositivo = navigator.userAgent.toLowerCase();';
echo 'if( dispositivo.search(/iphone|ipod|ipad|android/) > -1 ){';
echo 'document.location = "'.$config['homeurl'].'mobile"; }';
echo 'document.location = "'.ui_get_full_url('/mobile').'"; }';
echo '</script>';
// This tag is included in the buffer passed to ui_process_page_head so
// technically it can be stripped
// technically it can be stripped.
echo '</head>'."\n";
require_once 'include/functions_themes.php';
@ -212,13 +232,13 @@ $config['remote_addr'] = $_SERVER['REMOTE_ADDR'];
$sec2 = get_parameter_get('sec2');
$sec2 = safe_url_extraclean($sec2);
$page = $sec2;
// Reference variable for old time sake
// Reference variable for old time sake.
$sec = get_parameter_get('sec');
$sec = safe_url_extraclean($sec);
$process_login = false;
// Update user password
// Update user password.
$change_pass = get_parameter_post('renew_password', 0);
if ($change_pass == 1) {
@ -235,14 +255,14 @@ $searchPage = false;
$search = get_parameter_get('head_search_keywords');
if (strlen($search) > 0) {
$config['search_keywords'] = io_safe_input(trim(io_safe_output(get_parameter('keywords'))));
// If not search category providad, we'll use an agent search
// If not search category providad, we'll use an agent search.
$config['search_category'] = get_parameter('search_category', 'all');
if (($config['search_keywords'] != 'Enter keywords to search') && (strlen($config['search_keywords']) > 0)) {
$searchPage = true;
}
}
// Login process
// Login process.
if (! isset($config['id_user'])) {
// Clear error messages.
unset($_COOKIE['errormsg']);
@ -250,50 +270,53 @@ if (! isset($config['id_user'])) {
if (isset($_GET['login'])) {
include_once 'include/functions_db.php';
// Include it to use escape_string_sql function
// Include it to use escape_string_sql function.
$config['auth_error'] = '';
// Set this to the error message from the authorization mechanism
// Set this to the error message from the authorization mechanism.
$nick = get_parameter_post('nick');
// This is the variable with the login
// This is the variable with the login.
$pass = get_parameter_post('pass');
// This is the variable with the password
// This is the variable with the password.
$nick = db_escape_string_sql($nick);
$pass = db_escape_string_sql($pass);
// Since now, only the $pass variable are needed
// Since now, only the $pass variable are needed.
unset($_GET['pass'], $_POST['pass'], $_REQUEST['pass']);
// If the auth_code exists, we assume the user has come through the double auth page
// If the auth_code exists, we assume the user has come from
// double authorization page.
if (isset($_POST['auth_code'])) {
$double_auth_success = false;
// The double authentication is activated and the user has surpassed the first step (the login).
// The double authentication is activated and the user has
// surpassed the first step (the login).
// Now the authentication code provided will be checked.
if (isset($_SESSION['prepared_login_da'])) {
if (isset($_SESSION['prepared_login_da']['id_user'])
&& isset($_SESSION['prepared_login_da']['timestamp'])
) {
// The user has a maximum of 5 minutes to introduce the double auth code
// The user has a maximum of 5 minutes to introduce
// the double auth code.
$dauth_period = SECONDS_2MINUTES;
$now = time();
$dauth_time = $_SESSION['prepared_login_da']['timestamp'];
if (($now - $dauth_period) < $dauth_time) {
// Nick
// Nick.
$nick = $_SESSION['prepared_login_da']['id_user'];
// Code
// Code.
$code = (string) get_parameter_post('auth_code');
if (!empty($code)) {
$result = validate_double_auth_code($nick, $code);
if ($result === true) {
// Double auth success
// Double auth success.
$double_auth_success = true;
} else {
// Screen
// Screen.
$login_screen = 'double_auth';
// Error message
// Error message.
$config['auth_error'] = __('Invalid code');
if (!isset($_SESSION['prepared_login_da']['attempts'])) {
@ -303,9 +326,9 @@ if (! isset($config['id_user'])) {
$_SESSION['prepared_login_da']['attempts']++;
}
} else {
// Screen
// Screen.
$login_screen = 'double_auth';
// Error message
// Error message.
$config['auth_error'] = __("The code shouldn't be empty");
if (!isset($_SESSION['prepared_login_da']['attempts'])) {
@ -315,27 +338,27 @@ if (! isset($config['id_user'])) {
$_SESSION['prepared_login_da']['attempts']++;
}
} else {
// Expired login
// Expired login.
unset($_SESSION['prepared_login_da']);
// Error message
// Error message.
$config['auth_error'] = __('Expired login');
}
} else {
// If the code doesn't exist, remove the prepared login
// If the code doesn't exist, remove the prepared login.
unset($_SESSION['prepared_login_da']);
// Error message
// Error message.
$config['auth_error'] = __('Login error');
}
}
// If $_SESSION['prepared_login_da'] doesn't exist, the user have to do the login again
else {
// Error message
} else {
// If $_SESSION['prepared_login_da'] doesn't exist, the user
// must login again.
// Error message.
$config['auth_error'] = __('Login error');
}
// Remove the authenticator code
// Remove the authenticator code.
unset($_POST['auth_code'], $code);
if (!$double_auth_success) {
@ -347,6 +370,8 @@ if (! isset($config['id_user'])) {
$_SERVER['REMOTE_ADDR']
);
while (@ob_end_flush()) {
// Dumping...
continue;
}
exit('</html>');
@ -355,7 +380,8 @@ if (! isset($config['id_user'])) {
$login_button_saml = get_parameter('login_button_saml', false);
if (isset($double_auth_success) && $double_auth_success) {
// This values are true cause there are checked before complete the 2nd auth step
// This values are true cause there are checked before complete
// the 2nd auth step.
$nick_in_db = $_SESSION['prepared_login_da']['id_user'];
$expired_pass = false;
} else if (($config['auth'] == 'saml') && ($login_button_saml)) {
@ -400,28 +426,34 @@ if (! isset($config['id_user'])) {
include_once 'general/login_page.php';
db_pandora_audit('Password expired', 'Password expired: '.$nick, $nick);
while (@ob_end_flush()) {
// Dumping...
continue;
}
exit('</html>');
}
// Checks if password has expired
// Checks if password has expired.
$check_status = check_pass_status($nick, $pass);
switch ($check_status) {
case PASSSWORD_POLICIES_FIRST_CHANGE:
// first change
// First change.
case PASSSWORD_POLICIES_EXPIRED:
// pass expired
// Pass expired.
$expired_pass = true;
login_change_password($nick, '', $check_status);
break;
default:
// Ignore.
break;
}
}
}
if (($nick_in_db !== false) && $expired_pass) {
// login ok and password has expired
// Login ok and password has expired.
include_once 'general/login_page.php';
db_pandora_audit(
'Password expired',
@ -429,30 +461,38 @@ if (! isset($config['id_user'])) {
$nick
);
while (@ob_end_flush()) {
// Dumping...
continue;
}
exit('</html>');
} else if (($nick_in_db !== false) && (!$expired_pass)) {
// login ok and password has not expired
// Double auth check
if ((!isset($double_auth_success) || !$double_auth_success) && is_double_auth_enabled($nick_in_db)) {
// Store this values in the session to know if the user login was correct
// Login ok and password has not expired.
// Double auth check.
if ((!isset($double_auth_success)
|| !$double_auth_success)
&& is_double_auth_enabled($nick_in_db)
) {
// Store this values in the session to know if the user login
// was correct.
$_SESSION['prepared_login_da'] = [
'id_user' => $nick_in_db,
'timestamp' => time(),
'attempts' => 0,
];
// Load the page to introduce the double auth code
// Load the page to introduce the double auth code.
$login_screen = 'double_auth';
include_once 'general/login_page.php';
while (@ob_end_flush()) {
// Dumping...
continue;
}
exit('</html>');
}
// login ok and password has not expired
// Login ok and password has not expired.
$process_login = true;
if (is_user_admin($nick)) {
@ -464,7 +504,7 @@ if (! isset($config['id_user'])) {
if (!isset($_GET['sec2']) && !isset($_GET['sec'])) {
// Avoid the show homepage when the user go to
// a specific section of pandora
// for example when timeout the sesion
// for example when timeout the sesion.
unset($_GET['sec2']);
$_GET['sec'] = 'general/logon_ok';
$home_page = '';
@ -495,6 +535,7 @@ if (! isset($config['id_user'])) {
break;
case 'Default':
default:
$_GET['sec'] = 'general/logon_ok';
break;
@ -530,11 +571,14 @@ if (! isset($config['id_user'])) {
$_SESSION['id_usuario'] = $nick_in_db;
$config['id_user'] = $nick_in_db;
// Check if connection goes through F5 balancer. If it does, then don't call config_prepare_session() or user will be back to login all the time
// Check if connection goes through F5 balancer. If it does, then
// don't call config_prepare_session() or user will be back to login
// all the time.
$prepare_session = true;
foreach ($_COOKIE as $key => $value) {
if (preg_match('/BIGipServer*/', $key)) {
$prepare_session = false;
break;
}
}
@ -543,9 +587,13 @@ if (! isset($config['id_user'])) {
}
if (is_user_admin($config['id_user'])) {
// PHP configuration values
$PHPupload_max_filesize = config_return_in_bytes(ini_get('upload_max_filesize'));
$PHPmemory_limit = config_return_in_bytes(ini_get('memory_limit'));
// PHP configuration values.
$PHPupload_max_filesize = config_return_in_bytes(
ini_get('upload_max_filesize')
);
$PHPmemory_limit = config_return_in_bytes(
ini_get('memory_limit')
);
$PHPmax_execution_time = ini_get('max_execution_time');
if ($PHPmax_execution_time !== '0') {
@ -580,43 +628,60 @@ if (! isset($config['id_user'])) {
$l10n = null;
if (file_exists('./include/languages/'.$user_language.'.mo')) {
$l10n = new gettext_reader(new CachedFileReader('./include/languages/'.$user_language.'.mo'));
$cacheFileReader = new CachedFileReader(
'./include/languages/'.$user_language.'.mo'
);
$l10n = new gettext_reader($cacheFileReader);
$l10n->load_tables();
}
} else {
// login wrong
// Login wrong.
$blocked = false;
if ((!is_user_admin($nick) || $config['enable_pass_policy_admin']) && file_exists(ENTERPRISE_DIR.'/load_enterprise.php')) {
if ((!is_user_admin($nick) || $config['enable_pass_policy_admin'])
&& file_exists(ENTERPRISE_DIR.'/load_enterprise.php')
) {
$blocked = login_check_blocked($nick);
}
if (!$blocked) {
if (file_exists(ENTERPRISE_DIR.'/load_enterprise.php')) {
// Checks failed attempts.
login_check_failed($nick);
// Checks failed attempts
}
$login_failed = true;
include_once 'general/login_page.php';
db_pandora_audit('Logon Failed', 'Invalid login: '.$nick, $nick);
db_pandora_audit(
'Logon Failed',
'Invalid login: '.$nick,
$nick
);
while (@ob_end_flush()) {
// Dumping...
continue;
}
exit('</html>');
} else {
include_once 'general/login_page.php';
db_pandora_audit('Logon Failed', 'Invalid login: '.$nick, $nick);
db_pandora_audit(
'Logon Failed',
'Invalid login: '.$nick,
$nick
);
while (@ob_end_flush()) {
// Dumping...
continue;
}
exit('</html>');
}
}
// Form the url
// Form the url.
$query_params_redirect = $_GET;
// Visual console do not want sec2
// Visual console do not want sec2.
if ($home_page == 'Visual console') {
unset($query_params_redirect['sec2']);
}
@ -630,15 +695,19 @@ if (! isset($config['id_user'])) {
$redirect_url .= '&'.safe_url_extraclean($key).'='.safe_url_extraclean($value);
}
header('Location: '.$config['homeurl'].'index.php'.$redirect_url);
header('Location: '.ui_get_full_url('index.php'.$redirect_url));
exit;
// Always exit after sending location headers.
} else if (isset($_GET['loginhash'])) {
// Hash login process
// Hash login process.
$loginhash_data = get_parameter('loginhash_data', '');
$loginhash_user = str_rot13(get_parameter('loginhash_user', ''));
if ($config['loginhash_pwd'] != '' && $loginhash_data == md5($loginhash_user.io_output_password($config['loginhash_pwd']))) {
if ($config['loginhash_pwd'] != ''
&& $loginhash_data == md5(
$loginhash_user.io_output_password($config['loginhash_pwd'])
)
) {
db_logon($loginhash_user, $_SERVER['REMOTE_ADDR']);
$_SESSION['id_usuario'] = $loginhash_user;
$config['id_user'] = $loginhash_user;
@ -646,6 +715,8 @@ if (! isset($config['id_user'])) {
include_once 'general/login_page.php';
db_pandora_audit('Logon Failed (loginhash', '', 'system');
while (@ob_end_flush()) {
// Dumping...
continue;
}
exit('</html>');
@ -767,7 +838,7 @@ if (! isset($config['id_user'])) {
$body .= '<p />';
$body .= __('Please click the link below to reset your password');
$body .= '<p />';
$body .= '<a href="'.$config['homeurl'].'index.php?reset_hash='.$cod_hash.'">'.__('Reset your password').'</a>';
$body .= '<a href="'.ui_get_full_url('index.php?reset_hash='.$cod_hash).'">'.__('Reset your password').'</a>';
$body .= '<p />';
$body .= get_product_name();
$body .= '<p />';
@ -790,6 +861,8 @@ if (! isset($config['id_user'])) {
}
while (@ob_end_flush()) {
// Dumping...
continue;
}
exit('</html>');
@ -799,11 +872,20 @@ if (! isset($config['id_user'])) {
$loginhash_data = get_parameter('loginhash_data', '');
$loginhash_user = str_rot13(get_parameter('loginhash_user', ''));
$iduser = $_SESSION['id_usuario'];
// logoff_db ($iduser, $_SERVER["REMOTE_ADDR"]); check why is not available
/*
* Check why is not available.
* logoff_db ($iduser, $_SERVER["REMOTE_ADDR"]);
*/
unset($_SESSION['id_usuario']);
unset($iduser);
if ($config['loginhash_pwd'] != '' && $loginhash_data == md5($loginhash_user.io_output_password($config['loginhash_pwd']))) {
if ($config['loginhash_pwd'] != ''
&& $loginhash_data == md5(
$loginhash_user.io_output_password($config['loginhash_pwd'])
)
) {
db_logon($loginhash_user, $_SERVER['REMOTE_ADDR']);
$_SESSION['id_usuario'] = $loginhash_user;
$config['id_user'] = $loginhash_user;
@ -811,6 +893,8 @@ if (! isset($config['id_user'])) {
include_once 'general/login_page.php';
db_pandora_audit('Logon Failed (loginhash', '', 'system');
while (@ob_end_flush()) {
// Dumping...
continue;
}
exit('</html>');
@ -823,7 +907,7 @@ if (! isset($config['id_user'])) {
'*'
);
if ($user_in_db == false) {
// logout
// Logout.
$_REQUEST = [];
$_GET = [];
$_POST = [];
@ -834,6 +918,8 @@ if (! isset($config['id_user'])) {
unset($iduser);
include_once 'general/login_page.php';
while (@ob_end_flush()) {
// Dumping...
continue;
}
exit('</html>');
@ -841,7 +927,7 @@ if (! isset($config['id_user'])) {
if (((bool) $user_in_db['is_admin'] === false)
&& ((bool) $user_in_db['not_login'] === true)
) {
// logout
// Logout.
$_REQUEST = [];
$_GET = [];
$_POST = [];
@ -852,6 +938,8 @@ if (! isset($config['id_user'])) {
unset($iduser);
include_once 'general/login_page.php';
while (@ob_end_flush()) {
// Dumping...
continue;
}
exit('</html>');
@ -859,12 +947,12 @@ if (! isset($config['id_user'])) {
}
}
// Enterprise support
// Enterprise support.
if (file_exists(ENTERPRISE_DIR.'/load_enterprise.php')) {
include_once ENTERPRISE_DIR.'/load_enterprise.php';
}
// Log off
// Log off.
if (isset($_GET['bye'])) {
include 'general/logoff.php';
$iduser = $_SESSION['id_usuario'];
@ -877,11 +965,13 @@ if (isset($_GET['bye'])) {
if ($config['auth'] == 'saml') {
include_once $config['saml_path'].'simplesamlphp/lib/_autoload.php';
$as = new SimpleSAML_Auth_Simple($config['saml_source']);
$as = new SimpleSAML_Auth_Simple('PandoraFMS');
$as->logout();
}
while (@ob_end_flush()) {
// Dumping...
continue;
}
exit('</html>');
@ -889,10 +979,11 @@ if (isset($_GET['bye'])) {
clear_pandora_error_for_header();
// ----------------------------------------------------------------------
// EXTENSIONS
// ----------------------------------------------------------------------
/*
* ----------------------------------------------------------------------
* EXTENSIONS
* ----------------------------------------------------------------------
*
* Load the basic configurations of extension and add extensions into menu.
* Load here, because if not, some extensions not load well, I don't why.
*/
@ -901,7 +992,7 @@ $config['logged'] = false;
extensions_load_extensions($process_login);
if ($process_login) {
// Call all extensions login function
// Call all extensions login function.
extensions_call_login_function();
unset($_SESSION['new_update']);
@ -992,7 +1083,7 @@ if (get_parameter('login', 0) !== 0) {
}
}
// Header
// Header.
if ($config['pure'] == 0) {
echo '<div id="container"><div id="head">';
include 'general/header.php';
@ -1008,24 +1099,27 @@ if ($config['pure'] == 0) {
echo '<button onclick="topFunction()" id="top_btn" title="Go to top"></button>';
} else {
echo '<div id="main_pure">';
// Require menu only to build structure to use it in ACLs
// Require menu only to build structure to use it in ACLs.
include 'operation/menu.php';
include 'godmode/menu.php';
}
// http://es2.php.net/manual/en/ref.session.php#64525
// Session locking concurrency speedup!
/*
* Session locking concurrency speedup!
* http://es2.php.net/manual/en/ref.session.php#64525
*/
session_write_close();
// Main block of content
// Main block of content.
if ($config['pure'] == 0) {
echo '<div id="main">';
}
// Page loader / selector
// Page loader / selector.
if ($searchPage) {
include 'operation/search_results.php';
} else {
@ -1049,7 +1143,7 @@ if ($searchPage) {
$page .= '.php';
// Enterprise ACL check
// Enterprise ACL check.
if (enterprise_hook(
'enterprise_acl',
[
@ -1079,7 +1173,7 @@ if ($searchPage) {
}
}
} else {
// home screen chosen by the user
// Home screen chosen by the user.
$home_page = '';
if (isset($config['id_user'])) {
$user_info = users_get_user_by_id($config['id_user']);
@ -1110,6 +1204,7 @@ if ($searchPage) {
break;
case 'Default':
default:
$_GET['sec2'] = 'general/logon_ok';
break;
@ -1148,12 +1243,11 @@ if ($searchPage) {
if (isset($_GET['sec2'])) {
$file = $_GET['sec2'].'.php';
// Translate some secs
// Translate some secs.
$main_sec = get_sec($_GET['sec']);
$_GET['sec'] = $main_sec == false ? $_GET['sec'] : $main_sec;
$_GET['sec'] = ($main_sec == false) ? $_GET['sec'] : $main_sec;
if (!file_exists($file)
|| ( $_GET['sec2'] != 'general/logon_ok'
&& enterprise_hook(
|| ($_GET['sec2'] != 'general/logon_ok' && enterprise_hook(
'enterprise_acl',
[
$config['id_user'],
@ -1162,7 +1256,7 @@ if ($searchPage) {
true,
isset($_GET['sec3']) ? $_GET['sec3'] : '',
]
) == false )
) == false)
) {
unset($_GET['sec2']);
include 'general/noaccess.php';
@ -1181,13 +1275,13 @@ if ($searchPage) {
if ($config['pure'] == 0) {
echo '<div style="clear:both"></div>';
echo '</div>';
// main
// Main.
echo '<div style="clear:both">&nbsp;</div>';
echo '</div>';
// page (id = page)
// Page (id = page).
} else {
echo '</div>';
// main_pure
// Main pure.
}
echo '<div id="wiz_container">';
@ -1211,31 +1305,31 @@ require_once 'include/functions_clippy.php';
clippy_start($sec2);
while (@ob_end_flush()) {
// Dump.
// Dumping...
continue;
}
db_print_database_debug();
echo '</html>';
$run_time = format_numeric((microtime(true) - $config['start_time']), 3);
echo "\n<!-- Page generated in $run_time seconds -->\n";
echo "\n<!-- Page generated in ".$run_time." seconds -->\n";
// Values from PHP to be recovered from JAVASCRIPT
// Values from PHP to be recovered from JAVASCRIPT.
require 'include/php_to_js_values.php';
?>
<script type="text/javascript" language="javascript">
// When there are less than 5 rows, all rows must be white
var theme = "<?php echo $config['style']; ?>";
if(theme === 'pandora'){
if($('table.info_table tr').length < 5){
$('table.info_table tbody > tr').css('background-color', '#fff');
}
// When there are less than 5 rows, all rows must be white.
if($('table.info_table tr').length < 5){
$('table.info_table tbody > tr').css('background-color', '#fff');
}
// When the user scrolls down 400px from the top of the document, show the button.
// When the user scrolls down 400px from the top of the document, show the
// button.
window.onscroll = function() {scrollFunction()};
function scrollFunction() {
@ -1248,18 +1342,24 @@ require 'include/php_to_js_values.php';
// When the user clicks on the button, scroll to the top of the document.
function topFunction() {
//document.body.scrollTop = 0; // For Safari.
//document.documentElement.scrollTop = 0; // For Chrome, Firefox, IE and Opera.
/*
* Safari.
* document.body.scrollTop = 0;
* For Chrome, Firefox, IE and Opera.
* document.documentElement.scrollTop = 0;
*/
$("HTML, BODY").animate({ scrollTop: 0 }, 500);
}
//Initial load of page
// Initial load of page.
$(document).ready(adjustFooter);
//Every resize of window
// Every resize of window.
$(window).resize(adjustFooter);
//Every show/hide call may need footer re-layout
// Every show/hide call may need footer re-layout.
(function() {
var oShow = jQuery.fn.show;
var oHide = jQuery.fn.hide;