From cdf5485aee3eb097479926a98a9b94eba528b4ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Gonz=C3=A1lez?= <jose.gonzalez@pandorafms.com>
Date: Mon, 27 Jun 2022 18:06:51 +0200
Subject: [PATCH] Updated api checker extension

---
 pandora_console/extensions/api_checker.php | 128 ++++++++++++++++-----
 1 file changed, 98 insertions(+), 30 deletions(-)

diff --git a/pandora_console/extensions/api_checker.php b/pandora_console/extensions/api_checker.php
index b4af7c77ee..ed2053036e 100755
--- a/pandora_console/extensions/api_checker.php
+++ b/pandora_console/extensions/api_checker.php
@@ -1,43 +1,101 @@
 <?php
+/**
+ * Pandora FMS API Checker Extension.
+ *
+ * @category   API
+ * @package    Pandora FMS
+ * @subpackage Extensions
+ * @version    1.0.0
+ * @license    See below
+ *
+ *    ______                 ___                    _______ _______ ________
+ *   |   __ \.-----.--.--.--|  |.-----.----.-----. |    ___|   |   |     __|
+ *  |    __/|  _  |     |  _  ||  _  |   _|  _  | |    ___|       |__     |
+ * |___|   |___._|__|__|_____||_____|__| |___._| |___|   |__|_|__|_______|
+ *
+ * ============================================================================
+ * Copyright (c) 2005-2022 Artica Soluciones Tecnologicas
+ * Please see http://pandorafms.org for full contribution list
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation for version 2.
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * ============================================================================
+ */
 
-// Pandora FMS - http://pandorafms.com
-// ==================================================
-// Copyright (c) 2005-2021 Artica Soluciones Tecnologicas
-// Please see http://pandorafms.org for full contribution list
-// This program is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License
-// as published by the Free Software Foundation; version 2
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-function api_execute($url, $ip, $pandora_url, $apipass, $user, $password, $op, $op2, $id, $id2, $return_type, $other, $other_mode)
-{
-    if (empty($url)) {
+// Begin.
+
+
+/**
+ * Api Execution.
+ *
+ * @param string $url         Url.
+ * @param string $ip          Ip.
+ * @param string $pandora_url Pandora_url.
+ * @param string $apipass     Apipass.
+ * @param string $user        User.
+ * @param string $password    Password.
+ * @param string $op          Op.
+ * @param string $op2         Op2.
+ * @param string $id          Id.
+ * @param string $id2         Id2.
+ * @param string $return_type Return_type.
+ * @param string $other       Other.
+ * @param string $other_mode  Other_mode.
+ * @param string $token       Token.
+ *
+ * @return array.
+ */
+function api_execute(
+    string $url,
+    string $ip,
+    string $pandora_url,
+    string $apipass,
+    string $user,
+    string $password,
+    string $op,
+    string $op2,
+    string $id='',
+    string $id2='',
+    string $return_type='',
+    string $other='',
+    string $other_mode='',
+    string $token=''
+) {
+    if (empty($url) === true) {
         $url = 'http://'.$ip.$pandora_url.'/include/api.php';
-
         $url .= '?';
-        $url .= 'apipass='.$apipass;
-        $url .= '&user='.$user;
-        $url .= '&pass='.$password;
         $url .= '&op='.$op;
         $url .= '&op2='.$op2;
-        if ($id !== '') {
+
+        if (empty($id) === false) {
             $url .= '&id='.$id;
         }
 
-        if ($id2 !== '') {
+        if (empty($id2) === false) {
             $url .= '&id2='.$id2;
         }
 
-        if ($return_type !== '') {
+        if (empty($return_type) === false) {
             $url .= '&return_type='.$return_type;
         }
 
-        if ($other !== '') {
+        if (empty($other) === false) {
             $url .= '&other_mode='.$other_mode;
             $url .= '&other='.$other;
         }
+
+        // If token is reported, have priority.
+        if (empty($token) === false) {
+            $url .= 'token='.$token;
+        } else {
+            $url .= 'apipass='.$apipass;
+            $url .= '&user='.$user;
+            $url .= '&pass='.$password;
+        }
     }
 
     $curlObj = curl_init();
@@ -46,22 +104,25 @@ function api_execute($url, $ip, $pandora_url, $apipass, $user, $password, $op, $
     $result = curl_exec($curlObj);
     curl_close($curlObj);
 
-    $return = [
+    return [
         'url'    => $url,
         'result' => $result,
     ];
-
-    return $return;
 }
 
 
+/**
+ * Perform API Checker
+ *
+ * @return void.
+ */
 function extension_api_checker()
 {
     global $config;
 
     check_login();
 
-    if (! check_acl($config['id_user'], 0, 'PM')) {
+    if ((bool) check_acl($config['id_user'], 0, 'PM') === false) {
         db_pandora_audit(
             AUDIT_LOG_ACL_VIOLATION,
             'Trying to access Profile Management'
@@ -85,11 +146,12 @@ function extension_api_checker()
     $return_type = io_safe_output(get_parameter('return_type', ''));
     $other = io_safe_output(get_parameter('other', ''));
     $other_mode = io_safe_output(get_parameter('other_mode', 'url_encode_separator_|'));
+    $token = get_parameter('token');
 
-    $api_execute = get_parameter('api_execute', 0);
+    $api_execute = (bool) get_parameter('api_execute', false);
 
     $return_call_api = '';
-    if ($api_execute) {
+    if ($api_execute === true) {
         $return_call_api = api_execute(
             $url,
             $ip,
@@ -103,7 +165,8 @@ function extension_api_checker()
             urlencode($id2),
             $return_type,
             urlencode($other),
-            $other_mode
+            $other_mode,
+            $token
         );
     }
 
@@ -182,6 +245,11 @@ function extension_api_checker()
     $row[] = html_print_input_text('other_mode', $other_mode, '', 50, 255, true);
     $table2->data[] = $row;
 
+    $row = [];
+    $row[] = __('API Token');
+    $row[] = html_print_input_text('token', $token, '', 50, 255, true);
+    $table2->data[] = $row;
+
     $table3 = new stdClass();
     $table3->data = [];
 
@@ -214,7 +282,7 @@ function extension_api_checker()
     echo '</div>';
     echo '</form>';
 
-    if ($api_execute) {
+    if ($api_execute === true) {
         echo '<fieldset>';
         echo '<legend>'.__('Result').'</legend>';
         echo __('URL').'<br />';