From daccd18dfd0534839f1257f2b3428caf56a9268e Mon Sep 17 00:00:00 2001
From: guruevi <noreply@pandorafms.org>
Date: Tue, 23 Dec 2008 21:41:05 +0000
Subject: [PATCH] 2008-12-23  Evi Vanoost <vanooste@rcbi.rochester.edu>

	* index.php: Cleaned up some old stuff and fixed the order of GET/POST

	* general/header.php: Added tags for custom branding and todo

	* general/login_page.php: Cleaned up some old stuff and fixed always
	redirecting the user to the overview if they followed a link.

git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1306 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
 pandora_console/ChangeLog              |  9 ++++
 pandora_console/general/header.php     | 11 +++--
 pandora_console/general/login_page.php | 44 +++++++++++--------
 pandora_console/index.php              | 59 ++++++++++----------------
 4 files changed, 67 insertions(+), 56 deletions(-)

diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog
index a30b6e50a1..208d6e669b 100644
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@@ -1,3 +1,12 @@
+2008-12-23  Evi Vanoost <vanooste@rcbi.rochester.edu>
+
+	* index.php: Cleaned up some old stuff and fixed the order of GET/POST
+	
+	* general/header.php: Added tags for custom branding and todo
+	
+	* general/login_page.php: Cleaned up some old stuff and fixed always
+	redirecting the user to the overview if they followed a link.
+
 2008-12-23  Ramon Novoa  <rnovoa@artica.es>
 
 	* godmode/agentes/configurar_agente.php: Properly insert the custom ID
diff --git a/pandora_console/general/header.php b/pandora_console/general/header.php
index fd7fa9e1e5..e4af273559 100644
--- a/pandora_console/general/header.php
+++ b/pandora_console/general/header.php
@@ -19,10 +19,15 @@
 //First column (logo)
 echo '<table width="100%" cellpadding="0" cellspacing="0" style="margin:0px; padding:0px;" border="0"><tr><td>';
 
-// Yes, put here your corporate logo instead pandora_logo_head.png
-// The style specifies width and height so that oversized images get resized.
-// Optimally your logo would be this size.
+/* CUSTOM BRANDING STARTS HERE */
+/* TODO: Put the branding in it's own file, variables or database 
+ Yes, put here your corporate logo instead pandora_logo_head.png
+ The style specifies width and height so that oversized images get resized.
+ Optimally your logo would be this size.
+*/
 echo '<a href="index.php"><img src="images/pandora_logo_head.png" alt="logo" style="border-width:0px; width:140px; height:60px;" /></a>';
+/* CUSTOM BRANDING ENDS HERE */
+
 
 // Margin to logo
 echo '</td><td width="20">&nbsp;</td>';
diff --git a/pandora_console/general/login_page.php b/pandora_console/general/login_page.php
index b8fe4e16fd..02b2a5c0c7 100644
--- a/pandora_console/general/login_page.php
+++ b/pandora_console/general/login_page.php
@@ -16,27 +16,38 @@
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
-$addr = "";
-if (isset($_GET['sec'])){
-	$addr = 'http' . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE ? 's': '') . '://' . $_SERVER['SERVER_NAME'];
-	
-	if ($_SERVER['SERVER_PORT'] != 80 && (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE && $_SERVER['SERVER_PORT'] != 443))
-		$query .= ":" . $_SERVER['SERVER_PORT'];
-	
-	$addr .= $_SERVER['REQUEST_URI'];
-	
-	$addr = urlencode($addr);
+//These variables come from index.php
+if (!empty ($page) && !empty ($sec)) {
+	$url = '?login=1';
+	foreach ($_GET as $key => $value) {
+		$url .= '&'.$key.'='.$value;
+	}
+	foreach ($_POST as $key => $value) {
+		$url .= '&'.$key.'='.$value;
+	}
+} else {
+	$url = '?login=1';
 }
 
 echo '<div class="databox" id="login">
 	<h1 id="log">'.__('Pandora FMS Web Console').'</h1><br>
 	<div class="databox" id="login_in">
-		<form method="post" action="index.php?login=1">
+		<form method="post" action="index.php'.$url.'">
 		<table cellpadding="4" cellspacing="1" width="400">
-		<tr><td rowspan="3" align="left" style="border-right: solid 1px #678;">
-			<a href="index.php"><img src="images/pandora_logo.png" border="0" alt="logo"></a><br />
-			'.$pandora_version.(($develop_bypass == 1) ? ' '.__('Build').' '.$build_version : '').'
-		</td><td class="f9b">
+		<tr><td rowspan="3" align="left" style="border-right: solid 1px #678;">';
+
+//TODO: Put branding in variables (external file) or database
+/* CUSTOM BRANDING STARTS HERE */
+
+//Replace the following with your own URL and logo. A mashup of the Pandora FMS logo and your companies highly preferred ;-)
+echo '<a href="http://pandorafms.org" title="Go to pandorafms.org..." alt="Pandora FMS - Free Monitoring System"><img src="images/pandora_logo.png" border="0" alt="logo"></a><br />';
+
+//This prints the current pandora console version. For stable/live function it might be wise to comment it out
+echo $pandora_version.(($develop_bypass == 1) ? ' '.__('Build').' '.$build_version : ''); 
+	
+/* CUSTOM BRANDING ENDS HERE */
+
+echo '</td><td class="f9b">
 			'.__('Login').':<br />'.print_input_text_extended ("nick", '', "nick", '', '', '' , false, '', 'class="login"', true).'
 		</td></tr>
 		<tr><td class="f9b">
@@ -46,10 +57,9 @@ echo '<div class="databox" id="login">
 			'.print_submit_button ("Login",'',false,'class="sub next"',true).'
 		</td></tr>
 		</table>
-		'.((strlen($addr) > 0) ? print_input_hidden("redirect",$addr,true) : '').'
 		</form>
 	</div>
-	<div id="ip">IP: <b class="f10">'.$REMOTE_ADDR.'</b>
+	<div id="ip">'.__('Your IP').': <b class="f10">'.$config["remote_addr"].'</b>
 </div>
 
 	</div><script type="text/javascript">document.getElementById(\'nick\').focus();</script>';
diff --git a/pandora_console/index.php b/pandora_console/index.php
index a281e188c7..32252ae3be 100644
--- a/pandora_console/index.php
+++ b/pandora_console/index.php
@@ -74,36 +74,29 @@ load_extensions ($config['extensions']);
 echo '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head>';
 
 // Pure mode (without menu, header and footer).
-$config["pure"] = get_parameter ("pure", 0);
+$config["pure"] = (bool) get_parameter ("pure", 0);
 
 // Auto Refresh page
-$config["refr"] = get_parameter ("refr", 0);
+$config["refr"] = (int) get_parameter ("refr", 0);
 if ($config["refr"] > 0) {
 	// Agent selection filters and refresh
 	$query = 'http' . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE ? 's': '') . '://' . $_SERVER['SERVER_NAME'];
-	if ($_SERVER['SERVER_PORT'] != 80 && (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE && $_SERVER['SERVER_PORT'] != 443))
+	if ($_SERVER['SERVER_PORT'] != 80 && (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE && $_SERVER['SERVER_PORT'] != 443)) {
 		$query .= ":" . $_SERVER['SERVER_PORT'];
+	}
 	
 	$query .= $_SERVER['SCRIPT_NAME'];
-	if (isset ($_REQUEST["refr"])) {
-		$query .= '?';
+	$query .= '?1=1'; //Some (old) browsers don't like the ?&key=var
 		
-		foreach ($_POST as $key => $value) {
-			$query .= '&'.$key.'='.$value;
-		}
-		foreach ($_GET as $key => $value) {
-			$query .= '&'.$key.'='.$value;
-		}
+	//We don't clean these variables up as they're only being passed along
+	foreach ($_GET as $key => $value) {
+		$query .= '&'.$key.'='.$value;
 	}
-	if (isset ($_POST["ag_group"])) {
-		$ag_group = $_POST["ag_group"];
-		$query = 'http' . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE ? 's': '') . '://' . $_SERVER['SERVER_NAME'];
-		if ($_SERVER['SERVER_PORT'] != 80 && (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE && $_SERVER['SERVER_PORT'] != 443))
-			$query .= ":" . $_SERVER['SERVER_PORT'];
-		$query .= $_SERVER['REQUEST_URI'] . '&ag_group_refresh=' . $ag_group;
-	} else {
-		echo '<meta http-equiv="refresh" content="' . $config["refr"] . '; URL=' . $query . '">';
+	foreach ($_POST as $key => $value) {
+		$query .= '&'.$key.'='.$value;
 	}
+	
+	echo '<meta http-equiv="refresh" content="' . $config["refr"] . '; URL=' . $query . '">';
 }
 
 enterprise_include ('index.php');
@@ -136,6 +129,14 @@ if ($config["pure"] == 0) {
 $REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
 $config["remote_addr"] = $_SERVER['REMOTE_ADDR'];
 
+$sec2 = get_parameter_get ('sec2');
+$sec2 = safe_url_extraclean ($sec2);
+$page = $sec2; //Reference variable for old time sake
+
+$sec = get_parameter_get ('sec');
+$sec = safe_url_extraclean ($sec);
+	
+
 // Login process 
 if (! isset ($_SESSION['id_usuario']) && isset ($_GET["login"])) {
 	$nick = get_parameter_post ("nick");
@@ -157,7 +158,7 @@ if (! isset ($_SESSION['id_usuario']) && isset ($_GET["login"])) {
 			unset ($_GET["sec2"]);
 			$_GET["sec"] = "general/logon_ok";
 			update_user_contact ($nick);
-			logon_db ($nick, $REMOTE_ADDR);
+			logon_db ($nick, $config["remote_addr"]);
 			$_SESSION['id_usuario'] = $nick;
 			$config['id_user'] = $nick;
 			unset ($_GET['pass'], $pass);
@@ -169,7 +170,7 @@ if (! isset ($_SESSION['id_usuario']) && isset ($_GET["login"])) {
 			// $primera = substr ($pass,0,1);
 			// $ultima = substr ($pass, strlen ($pass) - 1, 1);
 			// $pass = $primera . "****" . $ultima;
-			audit_db ($nick, $REMOTE_ADDR, "Logon Failed",
+			audit_db ($nick, $config["remote_addr"], "Logon Failed",
 				"Incorrect password: " . $nick);
 			exit;
 		}
@@ -182,7 +183,7 @@ if (! isset ($_SESSION['id_usuario']) && isset ($_GET["login"])) {
 		//$primera = substr ($pass, 0, 1);
 		//$ultima = substr ($pass, strlen ($pass) - 1, 1);
 		//$pass = $primera . "****" . $ultima;
-		audit_db ($nick, $REMOTE_ADDR, "Logon Failed",
+		audit_db ($nick, $config["remote_addr"], "Logon Failed",
 			"Invalid username: " . $nick);
 		exit;
 	}
@@ -204,20 +205,6 @@ if (isset ($_GET["bye"])) {
 	session_unregister ("id_usuario");
 	exit;
 }
-$page = "";
-$sec2 = "";
-$sec = "";
-if (isset ($_GET["sec2"])) {
-	$sec2 = get_parameter_get ('sec2');
-	$sec2 = safe_url_extraclean ($sec2);
-	$page = $sec2;
-}
-
-if (isset ($_GET["sec"])) {
-	$sec = get_parameter_get ('sec');
-	$sec = safe_url_extraclean ($sec);
-	$page = $sec2;
-}
 
 // http://es2.php.net/manual/en/ref.session.php#64525
 // Session locking concurrency speedup!