2011-02-14 Miguel de Dios <miguel.dedios@artica.es>

* include/functions_config.php, include/api.php, godmode/setup/setup.php:
	added the check by password the actions on API.
	
	Pending tasks: #3180793



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3831 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
mdtrooper 2011-02-14 16:56:17 +00:00
parent df09714aa1
commit c414923f18
4 changed files with 53 additions and 20 deletions

View File

@ -1,3 +1,10 @@
2011-02-14 Miguel de Dios <miguel.dedios@artica.es>
* include/functions_config.php, include/api.php, godmode/setup/setup.php:
added the check by password the actions on API.
Pending tasks: #3180793
2011-02-14 Miguel de Dios <miguel.dedios@artica.es>
* include/functions_db.php: fixed the include of extensions, mysql or

View File

@ -101,28 +101,32 @@ $table->data[15][0] = __('IP list with API access') .
$list_ACL_IPs_for_API = get_parameter('list_ACL_IPs_for_API', implode("\n", $config['list_ACL_IPs_for_API']));
$table->data[15][1] = print_textarea('list_ACL_IPs_for_API', 2, 25, $list_ACL_IPs_for_API, 'style="height: 50px; width: 300px"', true);
$table->data[16][0] = __('Enable GIS features in Pandora Console');
$table->data[16][1] = __('Yes').'&nbsp;'.print_radio_button ('activate_gis', 1, '', $config["activate_gis"], true).'&nbsp;&nbsp;';
$table->data[16][1] .= __('No').'&nbsp;'.print_radio_button ('activate_gis', 0, '', $config["activate_gis"], true);
$table->data[16][0] = __('API password') .
print_help_tip (__("Please be careful if you put a password put https access."), true);
$table->data[16][1] = print_input_text('api_password', $config['api_password'], '', 25, 255, true);
$table->data[19][0] = __('Timezone setup');
$table->data[19][1] = print_input_text ('timezone', $config["timezone"], '', 25, 25, true);
$table->data[17][0] = __('Enable GIS features in Pandora Console');
$table->data[17][1] = __('Yes').'&nbsp;'.print_radio_button ('activate_gis', 1, '', $config["activate_gis"], true).'&nbsp;&nbsp;';
$table->data[17][1] .= __('No').'&nbsp;'.print_radio_button ('activate_gis', 0, '', $config["activate_gis"], true);
$table->data[20][0] = __('Timezone setup');
$table->data[20][1] = print_input_text ('timezone', $config["timezone"], '', 25, 25, true);
$sounds = get_sounds();
$table->data[20][0] = __('Sound for Alert fired');
$table->data[20][1] = print_select($sounds, 'sound_alert', $config['sound_alert'], 'replaySound(\'alert\');', '', '', true);
$table->data[20][1] .= ' <a href="javascript: toggleButton(\'alert\');">' . print_image("images/control_play.png", true, array("id" => "button_sound_alert", "style" => "vertical-align: middle;", "width" => "16")) . '</a>';
$table->data[20][1] .= '<div id="layer_sound_alert"></div>';
$table->data[21][0] = __('Sound for Alert fired');
$table->data[21][1] = print_select($sounds, 'sound_alert', $config['sound_alert'], 'replaySound(\'alert\');', '', '', true);
$table->data[21][1] .= ' <a href="javascript: toggleButton(\'alert\');">' . print_image("images/control_play.png", true, array("id" => "button_sound_alert", "style" => "vertical-align: middle;", "width" => "16")) . '</a>';
$table->data[21][1] .= '<div id="layer_sound_alert"></div>';
$table->data[21][0] = __('Sound for Monitor critical');
$table->data[21][1] = print_select($sounds, 'sound_critical', $config['sound_critical'], 'replaySound(\'critical\');', '', '', true);
$table->data[21][1] .= ' <a href="javascript: toggleButton(\'critical\');">' . print_image("images/control_play.png", true, array("id" => "button_sound_critical", "style" => "vertical-align: middle;", "width" => "16")) . '</a>';
$table->data[21][1] .= '<div id="layer_sound_critical"></div>';
$table->data[22][0] = __('Sound for Monitor critical');
$table->data[22][1] = print_select($sounds, 'sound_critical', $config['sound_critical'], 'replaySound(\'critical\');', '', '', true);
$table->data[22][1] .= ' <a href="javascript: toggleButton(\'critical\');">' . print_image("images/control_play.png", true, array("id" => "button_sound_critical", "style" => "vertical-align: middle;", "width" => "16")) . '</a>';
$table->data[22][1] .= '<div id="layer_sound_critical"></div>';
$table->data[22][0] = __('Sound for Monitor warning');
$table->data[22][1] = print_select($sounds, 'sound_warning', $config['sound_warning'], 'replaySound(\'warning\');', '', '', true);
$table->data[22][1] .= ' <a href="javascript: toggleButton(\'warning\');">' . print_image("images/control_play.png", true, array("id" => "button_sound_warning", "style" => "vertical-align: middle;", "width" => "16")) . '</a>';
$table->data[22][1] .= '<div id="layer_sound_warning"></div>';
$table->data[23][0] = __('Sound for Monitor warning');
$table->data[23][1] = print_select($sounds, 'sound_warning', $config['sound_warning'], 'replaySound(\'warning\');', '', '', true);
$table->data[23][1] .= ' <a href="javascript: toggleButton(\'warning\');">' . print_image("images/control_play.png", true, array("id" => "button_sound_warning", "style" => "vertical-align: middle;", "width" => "16")) . '</a>';
$table->data[23][1] .= '<div id="layer_sound_warning"></div>';
?>
<script type="text/javascript">
function toggleButton(type) {

View File

@ -27,10 +27,25 @@ $id2 = get_parameter('id2');
$otherSerialize = get_parameter('other');
$otherMode = get_parameter('other_mode', 'url_encode');
$returnType = get_parameter('return_type', 'string');
$password = get_parameter('pass', '');
$other = parseOtherParameter($otherSerialize, $otherMode);
if (isInACL($ipOrigin)) {
$apiPassword = get_db_value_filter('value', 'tconfig', array('token' => 'api_password'));
$correctLogin = false;
if (!empty($apiPassword)) {
if ($password === $apiPassword) {
$correctLogin = true;
}
}
else {
if (isInACL($ipOrigin)) {
$correctLogin = true;
}
}
if ($correctLogin) {
if (($op !== 'get') && ($op !== 'set') && ($op !== 'help'))
returnError('no_set_no_get_no_help', $returnType);
else {

View File

@ -231,6 +231,8 @@ function update_config () {
update_config_value ('sound_critical', get_parameter('sound_critical', $config['sound_critical']));
update_config_value ('sound_warning', get_parameter('sound_warning', $config['sound_warning']));
update_config_value ('api_password', get_parameter('api_password', $config['api_password']));
$enterprise = enterprise_include_once('include/functions_policies.php');
if ($enterprise !== ENTERPRISE_NOT_HOOK) {
$locked = enterprise_hook('semaphore_policy_test_and_set');
@ -326,7 +328,7 @@ function process_config () {
if (!isset ($config['status_images_set'])) {
update_config_value ('status_images_set', 'default');
}
// Load user session
if (isset ($_SESSION['id_usuario']))
$config["id_user"] = $_SESSION["id_usuario"];
@ -399,6 +401,7 @@ function process_config () {
unset($config[$keyConfig]);
}
// This is not set here. The first time, when no
// setup is done, update_manager extension manage it
@ -601,6 +604,10 @@ function process_config () {
if (!isset ($config['can_block_policies'])) {
update_config_value ( 'can_block_policies', 0);
}
if (!isset ($config['api_password'])) {
update_config_value( 'api_password', '');
}
if (!isset ($config['relative_path']) && (isset ($_POST['nick']) || isset ($config['id_user']))) {
@ -614,6 +621,6 @@ function process_config () {
}
}
/* Finally, check if any value was overwritten in a form */
update_config ();
update_config();
}
?>