tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-29 16:55:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

2009-02-17 Evi Vanoost <vanooste@rcbi.rochester.edu>

Browse Source 
* general/login_page.php: Fixed HTML and use print_image function
	
	* include/functions.php: Added version compare for alternative to
	double encoding HTML for PHP < 5.2.3
	
	* include/functions_ui.php: Check for empty string on print_string_substr
	so we don't print empty spans
	
	* include/functions_html.php: Better validation and correct output on
	print_input_text_extended. Now accepts an array for attributes
	
	* operations/user/user.php, operations/user/user_edit.php, 
	godmode/user/user_list.php: Small cosmetic fixes
	
	* index.php: flush and print closing html tag on exits. This prevents
	automatic flushing to print tags after </html>.

git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1463 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
guruevi 2009-02-17 18:20:04 +00:00
parent 1b74ca3bef
commit f908647932
9 changed files with 111 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
pandora_console/ChangeLog
View File

@ -1,3 +1,22 @@
2009-02-17 Evi Vanoost <vanooste@rcbi.rochester.edu>
* general/login_page.php: Fixed HTML and use print_image function
* include/functions.php: Added version compare for alternative to
double encoding HTML for PHP < 5.2.3
* include/functions_ui.php: Check for empty string on print_string_substr
so we don't print empty spans
* include/functions_html.php: Better validation and correct output on
print_input_text_extended. Now accepts an array for attributes
* operations/user/user.php, operations/user/user_edit.php,
godmode/user/user_list.php: Small cosmetic fixes
* index.php: flush and print closing html tag on exits. This prevents
automatic flushing to print tags after </html>.
2009-02-17 Esteban Sanchez <estebans@artica.es> 2009-02-17 Esteban Sanchez <estebans@artica.es>
* godmode/agentes/module_manager_editor.php: Added * godmode/agentes/module_manager_editor.php: Added

6
pandora_console/general/login_page.php
View File

@ -25,7 +25,7 @@ if (!empty ($page) && !empty ($sec)) {
} }
echo '<div class="databox" id="login"> echo '<div class="databox" id="login">
<h1 id="log">'.__('Pandora FMS Web Console').'</h1><br> <h1 id="log">'.__('Pandora FMS Web Console').'</h1><br />
<div class="databox" id="login_in"> <div class="databox" id="login_in">
<form method="post" action="index.php'.$url.'"> <form method="post" action="index.php'.$url.'">
<table cellpadding="4" cellspacing="1" width="400">'; <table cellpadding="4" cellspacing="1" width="400">';
@ -49,8 +49,8 @@ if (!empty ($page) && !empty ($sec)) {
// Replace the following with your own URL and logo. // Replace the following with your own URL and logo.
// A mashup of the Pandora FMS logo and your companies highly preferred // A mashup of the Pandora FMS logo and your companies highly preferred
echo '<a href="http://pandorafms.org" title="Go to pandorafms.org..." alt="Pandora FMS - Free Monitoring System">'; echo '<a href="http://pandorafms.org" title="Go to pandorafms.org...">';
echo '<img src="images/pandora_logo.png" border="0" alt="logo" />'; print_image ("images/pandora_logo.png", false, array ("alt" => "logo", "border" => 0));
echo '</a><br />'; echo '</a><br />';
// This prints the current pandora console version. // This prints the current pandora console version.

12
pandora_console/godmode/users/user_list.php
View File

@ -65,7 +65,7 @@ $info = array ();
$info = get_users (); $info = get_users ();
foreach ($info as $user_id => $user_info) { foreach ($info as $user_id => $user_info) {
$data[0] = '<a href="index.php?sec=gusuarios&sec2=godmode/users/configure_user&id='.$user_id.'">'.$user_id.'</a>'; $data[0] = '<a href="index.php?sec=gusuarios&amp;sec2=godmode/users/configure_user&amp;id='.$user_id.'">'.$user_id.'</a>';
$data[1] = $user_info["fullname"].'<a href="#" class="tip"><span>'; $data[1] = $user_info["fullname"].'<a href="#" class="tip"><span>';
$data[1] .= __('First name').': '.$user_info["firstname"].'<br />'; $data[1] .= __('First name').': '.$user_info["firstname"].'<br />';
$data[1] .= __('Last name').': '.$user_info["lastname"].'<br />'; $data[1] .= __('Last name').': '.$user_info["lastname"].'<br />';
@ -75,9 +75,9 @@ foreach ($info as $user_id => $user_info) {
$data[2] = print_timestamp ($user_info["last_connect"], true); $data[2] = print_timestamp ($user_info["last_connect"], true);
if ($user_info["is_admin"]) { if ($user_info["is_admin"]) {
$data[3] = '<img src="images/user_suit.png" />&nbsp;'; $data[3] = print_image ("images/user_suit.png", true, array ("alt" => __('Admin'), "title" => __('Administrator'))).'&nbsp;';
} else { } else {
$data[3] = '<img src="images/user_green.png" />&nbsp;'; $data[3] = print_image ("images/user_green.png", true, array ("alt" => __('User'), "title" => __('Standard User'))).'&nbsp;';
} }
$data[3] .= '<a href="#" class="tip"><span>'; $data[3] .= '<a href="#" class="tip"><span>';
@ -103,7 +103,7 @@ foreach ($info as $user_id => $user_info) {
array_push ($table->data, $data); array_push ($table->data, $data);
} }
echo '<form method="post" action="index.php?sec=gusuarios&sec2=godmode/users/user_list&user_del=1">'; echo '<form method="post" action="index.php?sec=gusuarios&amp;sec2=godmode/users/user_list&amp;user_del=1">';
print_table ($table); print_table ($table);
echo '</form>'; echo '</form>';
unset ($table); unset ($table);
@ -111,7 +111,7 @@ unset ($table);
echo '<div style="width:680px; text-align:right">'; echo '<div style="width:680px; text-align:right">';
if ($config["admin_can_add_user"] !== false) { if ($config["admin_can_add_user"] !== false) {
echo '<form method="post" action="index.php?sec=gusuarios&sec2=godmode/users/configure_user&create=1">'; echo '<form method="post" action="index.php?sec=gusuarios&amp;sec2=godmode/users/configure_user&amp;create=1">';
print_submit_button (__('Create user'), "crt", false, 'class="sub next"'); print_submit_button (__('Create user'), "crt", false, 'class="sub next"');
echo '</form>'; echo '</form>';
} else { } else {
@ -170,7 +170,7 @@ foreach ($profiles as $profile) {
array_push ($table->data, $data); array_push ($table->data, $data);
} }
echo '<form method="post" action="index.php?sec=gusuarios&sec2=godmode/users/user_list&profile_del=1">'; echo '<form method="post" action="index.php?sec=gusuarios&amp;sec2=godmode/users/user_list&amp;profile_del=1">';
print_table ($table); print_table ($table);
echo '</form>'; echo '</form>';
unset ($table); unset ($table);

10
pandora_console/include/functions.php
View File

@ -34,11 +34,19 @@ define ('ENTERPRISE_NOT_HOOK', -1);
function safe_input ($value) { function safe_input ($value) {
if (is_numeric ($value)) if (is_numeric ($value))
return $value; return $value;
if (is_array ($value)) { if (is_array ($value)) {
array_walk ($value, 'safe_input'); array_walk ($value, 'safe_input');
return $value; return $value;
} }
return htmlentities (utf8_encode ($value), ENT_QUOTES, "UTF-8", false);
if (version_compare(PHP_VERSION, '5.2.3') === 1) {
return htmlentities (utf8_encode ($value), ENT_QUOTES, "UTF-8", false);
} else {
$translation_table = get_html_translation_table (HTML_ENTITIES,ENT_QUOTES);
$translation_table[chr(38)] = '&';
return preg_replace ("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/", "&amp;", strtr ($value, $translation_table));
}
} }
/** /**

83
pandora_console/include/functions_html.php
View File

@ -130,12 +130,12 @@ function print_select_from_sql ($sql, $name, $selected = '', $script = '', $noth
* @param string $name Input name. * @param string $name Input name.
* @param string $value Input value. * @param string $value Input value.
* @param string $id Input HTML id. * @param string $id Input HTML id.
* @param string $alt Alternative HTML string. * @param string $alt Do not use, invalid for text and password. Use print_input_image
* @param int $size Size of the input. * @param int $size Size of the input.
* @param int $maxlength Maximum length allowed. * @param int $maxlength Maximum length allowed.
* @param bool $disabled Disable the button (optional, button enabled by default). * @param bool $disabled Disable the button (optional, button enabled by default).
* @param string $script JavaScript to attach to this * @param string $script JavaScript to attach to this
* @param string $attributes Attributes to add to this tag * @param mixed $attributes Attributes to add to this tag. Should be an array for correction.
* @param bool $return Whether to return an output string or echo now (optional, echo by default). * @param bool $return Whether to return an output string or echo now (optional, echo by default).
* @param bool $password Whether it is a password input or not. Not password by default. * @param bool $password Whether it is a password input or not. Not password by default.
* *
@ -146,38 +146,50 @@ function print_input_text_extended ($name, $value, $id, $alt, $size, $maxlength,
++$idcounter; ++$idcounter;
$type = $password ? 'password' : 'text'; $valid_attrs = array ("accept", "disabled", "maxlength", "name", "readonly", "size", "value",
"accesskey", "class", "dir", "id", "lang", "style", "tabindex", "title", "xml:lang",
"onfocus", "onblur", "onselect", "onchange", "onclick", "ondblclick", "onmousedown",
"onmouseup", "onmouseover", "onmousemove", "onmouseout", "onkeypress", "onkeydown", "onkeyup");
if (empty ($name)) { $output = '<input '.($password ? 'type="password" ' : 'type="text" ');
$name = 'unnamed';
if ($disabled && (!is_array ($attributes) || !array_key_exists ("disabled", $attributes))) {
$output .= 'readonly="readonly" ';
} }
if (empty ($alt)) { if (is_array ($attributes)) {
$alt = 'textfield'; foreach ($attributes as $attribute => $value) {
} if (!in_array ($valid_attrs)) {
continue;
if (! empty ($maxlength)) { }
$maxlength = ' maxlength="'.$maxlength.'" '; $output .= $attribute.'="'.$value.'" ';
} }
$output = '<input name="'.$name.'" type="'.$type.'" value="'.$value.'" size="'.$size.'" '.$maxlength.' alt="'.$alt.'" ';
if ($id != '') {
$output .= ' id="'.$id.'"';
} else { } else {
$htmlid = 'text-'.sprintf ('%04d', $idcounter); $output .= trim ($attributes)." ";
$output .= ' id="'.$htmlid.'"'; $attributes = array ();
} }
if ($disabled) //We want readonly, not disabled - disabled disables copying from the field as well
$output .= ' readonly="readonly"';
if ($attributes != '') //Attributes specified by function call
$output .= ' '.$attributes; $attrs = array ("name" => "unnamed", "value" => "", "id" => "text-".sprintf ('%04d', $idcounter), "size" => "", "maxlength" => "");
$output .= ' />';
if ($return) foreach ($attrs as $attribute => $default) {
return $output; if (array_key_exists ($attribute, $attributes)) {
echo $output; continue;
} //If the attribute was already processed, skip
if ($$attribute) {
$output .= $attribute.'="'.$$attribute.'" ';
} elseif ($default != '') {
$output .= $attribute.'="'.$default.'" ';
}
}
$output .= '/>';
if (!$return)
echo $output;
return $output;
} }
/** /**
@ -238,7 +250,10 @@ function print_input_text ($name, $value, $alt = '', $size = 50, $maxlength = 0,
* @return string HTML code if return parameter is true. * @return string HTML code if return parameter is true.
*/ */
function print_input_image ($name, $src, $value, $style = '', $return = false) { function print_input_image ($name, $src, $value, $style = '', $return = false) {
$output = '<input id="image-'.$name.'" src="'.$src.'" style="'.$style.'" name="'.$name.'" type="image" value="'.$value.'" />'; static $idcounter = 0;
++$idcounter;
$output = '<input id="image-'.$name.$idcounter.'" src="'.$src.'" style="'.$style.'" name="'.$name.'" type="image" value="'.$value.'" />';
if ($return) if ($return)
return $output; return $output;
@ -278,16 +293,18 @@ function print_input_hidden ($name, $value, $return = false) {
* @return string HTML code if return parameter is true. * @return string HTML code if return parameter is true.
*/ */
function print_submit_button ($label = 'OK', $name = '', $disabled = false, $attributes = '', $return = false) { function print_submit_button ($label = 'OK', $name = '', $disabled = false, $attributes = '', $return = false) {
$output = ''; if (!$name) {
$name="unnamed";
}
$output .= '<input type="submit" id="submit-'.$name.'" name="'.$name.'" value="'. $label .'" '. $attributes; $output = '<input type="submit" id="submit-'.$name.'" name="'.$name.'" value="'. $label .'" '. $attributes;
if ($disabled) if ($disabled)
$output .= ' disabled="disabled"'; $output .= ' disabled="disabled"';
$output .= ' />'; $output .= ' />';
if ($return) if (!$return)
return $output; echo $output;
echo $output; return $output;
} }
/** /**

3
pandora_console/include/functions_ui.php
View File

@ -314,6 +314,9 @@ function format_alert_row ($alert, $compound = false, $agent = true, $url = '')
* @return An HTML string * @return An HTML string
*/ */
function print_string_substr ($string, $cutoff = 16, $return = false) { function print_string_substr ($string, $cutoff = 16, $return = false) {
if (empty ($string)) {
return "";
}
$string = '<span title="'.safe_input ($string).'">'.mb_substr ($string, 0, $cutoff, "UTF-8").(mb_strlen ($string. "UTF-8") > $cutoff ? '...' : '').'</span>'; $string = '<span title="'.safe_input ($string).'">'.mb_substr ($string, 0, $cutoff, "UTF-8").(mb_strlen ($string. "UTF-8") > $cutoff ? '...' : '').'</span>';
if ($return === false) { if ($return === false) {
echo $string; echo $string;

13
pandora_console/index.php
View File

@ -137,7 +137,8 @@ if (! isset ($_SESSION['id_usuario']) && isset ($_GET["loginhash"])) {
} else { } else {
require_once ('general/login_page.php'); require_once ('general/login_page.php');
audit_db ("system", $REMOTE_ADDR, "Logon Failed (loginhash", ""); audit_db ("system", $REMOTE_ADDR, "Logon Failed (loginhash", "");
exit; while (@ob_end_flush ());
exit ("</html>");
} }
} elseif (! isset ($_SESSION['id_usuario']) && isset ($_GET["login"])) { } elseif (! isset ($_SESSION['id_usuario']) && isset ($_GET["login"])) {
// Login process // Login process
@ -165,13 +166,14 @@ if (! isset ($_SESSION['id_usuario']) && isset ($_GET["loginhash"])) {
$login_failed = true; $login_failed = true;
require_once ('general/login_page.php'); require_once ('general/login_page.php');
audit_db ($nick, $REMOTE_ADDR, "Logon Failed", "Invalid login: ".$nick); audit_db ($nick, $REMOTE_ADDR, "Logon Failed", "Invalid login: ".$nick);
exit; while (@ob_end_flush ());
exit ("</html>");
} }
} elseif (! isset ($_SESSION['id_usuario'])) { } elseif (! isset ($_SESSION['id_usuario'])) {
// There is no user connected // There is no user connected
require_once ('general/login_page.php'); require_once ('general/login_page.php');
echo '</body></html>'; while (@ob_end_flush ());
exit; exit ("</html>");
} else { } else {
// There is session for id_usuario // There is session for id_usuario
$config["id_user"] = $_SESSION["id_usuario"]; $config["id_user"] = $_SESSION["id_usuario"];
@ -183,7 +185,8 @@ if (isset ($_GET["bye"])) {
$iduser = $_SESSION["id_usuario"]; $iduser = $_SESSION["id_usuario"];
logoff_db ($iduser, $REMOTE_ADDR); logoff_db ($iduser, $REMOTE_ADDR);
session_unregister ("id_usuario"); session_unregister ("id_usuario");
exit; while (@ob_end_flush ());
exit ("</html>");
} }
// http://es2.php.net/manual/en/ref.session.php#64525 // http://es2.php.net/manual/en/ref.session.php#64525

11
pandora_console/operation/users/user.php
View File

@ -22,7 +22,7 @@ require_once ("include/config.php");
check_login (); check_login ();
echo '<h2>'.__('Pandora users').' &gt '.__('Users defined in Pandora').'</h2>'; echo '<h2>'.__('Pandora users').' &gt; '.__('Users defined in Pandora').'</h2>';
$table->cellpadding = 4; $table->cellpadding = 4;
$table->cellspacing = 4; $table->cellspacing = 4;
@ -49,7 +49,7 @@ if (give_acl ($config["id_user"], 0, "UM") == 1) {
} }
foreach ($info as $user_id => $user_info) { foreach ($info as $user_id => $user_info) {
$data[0] = '<a href="index.php?sec=usuarios&sec2=operation/users/user_edit&id='.$user_id.'">'.$user_id.'</a>'; $data[0] = '<a href="index.php?sec=usuarios&amp;sec2=operation/users/user_edit&amp;id='.$user_id.'">'.$user_id.'</a>';
$data[1] = $user_info["fullname"].'<a href="#" class="tip"><span>'; $data[1] = $user_info["fullname"].'<a href="#" class="tip"><span>';
$data[1] .= __('First name').': '.$user_info["firstname"].'<br />'; $data[1] .= __('First name').': '.$user_info["firstname"].'<br />';
$data[1] .= __('Last name').': '.$user_info["lastname"].'<br />'; $data[1] .= __('Last name').': '.$user_info["lastname"].'<br />';
@ -59,14 +59,14 @@ foreach ($info as $user_id => $user_info) {
$data[2] = print_timestamp ($user_info["last_connect"], true); $data[2] = print_timestamp ($user_info["last_connect"], true);
if ($user_info["is_admin"]) { if ($user_info["is_admin"]) {
$data[3] = '<img src="images/user_suit.png" />&nbsp;'; $data[3] = print_image ("images/user_suit.png", true, array ("alt" => __('Admin'), "title" => __('Administrator'))).'&nbsp;';
} else { } else {
$data[3] = '<img src="images/user_green.png" />&nbsp;'; $data[3] = print_image ("images/user_green.png", true, array ("alt" => __('User'), "title" => __('Standard User'))).'&nbsp;';
} }
$data[3] .= '<a href="#" class="tip"><span>'; $data[3] .= '<a href="#" class="tip"><span>';
$result = get_db_all_rows_field_filter ("tusuario_perfil", "id_usuario", $user_id); $result = get_db_all_rows_field_filter ("tusuario_perfil", "id_usuario", $user_id);
if ($result !== false) { if (!empty ($result)) {
foreach ($result as $row) { foreach ($result as $row) {
$data[3] .= get_profile_name ($row["id_perfil"]); $data[3] .= get_profile_name ($row["id_perfil"]);
$data[3] .= " / "; $data[3] .= " / ";
@ -79,6 +79,7 @@ foreach ($info as $user_id => $user_info) {
$data[3] .= "</span></a>"; $data[3] .= "</span></a>";
$data[4] = print_string_substr ($user_info["comments"], 24, true); $data[4] = print_string_substr ($user_info["comments"], 24, true);
array_push ($table->data, $data); array_push ($table->data, $data);
} }

6
pandora_console/operation/users/user_edit.php
View File

@ -58,9 +58,9 @@ if (isset ($_GET["modified"]) && !$view_mode) {
echo "<h2>".__('Pandora users')." &gt; ".__('User detail editor')."</h2>"; echo "<h2>".__('Pandora users')." &gt; ".__('User detail editor')."</h2>";
echo '<form name="user_mod" method="post" action="index.php?sec=usuarios&sec2=operation/users/user_edit&modified=1&id='.$id.'">'; echo '<form name="user_mod" method="post" action="index.php?sec=usuarios&amp;sec2=operation/users/user_edit&amp;modified=1&amp;id='.$id.'">';
echo '<table cellpadding="4" cellspacing="4" class="databox_color" width="600px">'; echo '<table cellpadding="4" cellspacing="4" class="databox_color" width="600">';
echo '<tr><td class="datos">'.__('User ID').'</td>'; echo '<tr><td class="datos">'.__('User ID').'</td>';
echo '<td class="datos">'; echo '<td class="datos">';
@ -95,7 +95,7 @@ echo '</td></tr><tr><td class="datos">'.__('Phone number').'</td><td class="dato
print_input_text_extended ("phone", $user_info["phone"], '', '', '', '', $view_mode, '', 'class="input"'); print_input_text_extended ("phone", $user_info["phone"], '', '', '', '', $view_mode, '', 'class="input"');
echo '</td></tr><tr><td class="datos2">'.__('Comments').'</td><td class="datos2">'; echo '</td></tr><tr><td class="datos2">'.__('Comments').'</td><td class="datos2">';
print_textarea ("comments", 4, 55, $user_info["comments"], ($view_mode ? 'readonly' : '')); print_textarea ("comments", 4, 55, $user_info["comments"], ($view_mode ? 'readonly="readonly"' : ''));
echo '</td></tr></table>'; echo '</td></tr></table>';