From fdad32e4f07510ea1b71dfe299f68fff60b84a12 Mon Sep 17 00:00:00 2001
From: daniel <daniel.barbero@artica.es>
Date: Wed, 22 Jul 2020 10:56:16 +0200
Subject: [PATCH] Add public link dashboards

---
 pandora_console/ajax.php                      |  74 +++++++++--
 .../include/functions_reporting.php           |   9 +-
 .../include/functions_treeview.php            |  39 +++---
 pandora_console/include/functions_ui.php      |   5 +-
 .../include/javascript/pandora_dashboards.js  |  73 ++++++++---
 .../include/javascript/tree/TreeController.js |  25 ++--
 .../include/lib/Dashboard/Manager.php         | 121 ++++++++++++++++--
 .../lib/Dashboard/Widgets/network_map.php     |   6 +-
 .../lib/Dashboard/Widgets/tree_view.php       |  14 +-
 .../Widgets/wux_transaction_stats.php         |   4 +
 .../operation/dashboard/dashboard.php         |   4 -
 .../operation/dashboard/public_dashboard.php  |  66 ++++++++++
 pandora_console/views/dashboard/header.php    |  37 +++++-
 pandora_console/views/dashboard/layout.php    |   7 +-
 14 files changed, 392 insertions(+), 92 deletions(-)
 create mode 100644 pandora_console/operation/dashboard/public_dashboard.php

diff --git a/pandora_console/ajax.php b/pandora_console/ajax.php
index 9ccb73b8ae..7d7619ff95 100644
--- a/pandora_console/ajax.php
+++ b/pandora_console/ajax.php
@@ -41,7 +41,9 @@ if (__PAN_XHPROF__ === 1) {
     }
 }
 
-if ((! file_exists('include/config.php')) || (! is_readable('include/config.php'))) {
+if ((! file_exists('include/config.php'))
+    || (! is_readable('include/config.php'))
+) {
     exit;
 }
 
@@ -52,7 +54,9 @@ require_once 'include/functions.php';
 require_once 'include/functions_db.php';
 require_once 'include/auth/mysql.php';
 
-if (isset($config['console_log_enabled']) && $config['console_log_enabled'] == 1) {
+if (isset($config['console_log_enabled']) === true
+    && $config['console_log_enabled'] == 1
+) {
     ini_set('log_errors', 1);
     ini_set('error_log', $config['homedir'].'/log/console.log');
 } else {
@@ -60,14 +64,15 @@ if (isset($config['console_log_enabled']) && $config['console_log_enabled'] == 1
     ini_set('error_log', 0);
 }
 
-
-// Hash login process
-if (isset($_GET['loginhash'])) {
+// Hash login process.
+if (isset($_GET['loginhash']) === true) {
     $loginhash_data = get_parameter('loginhash_data', '');
     $loginhash_user = str_rot13(get_parameter('loginhash_user', ''));
 
     if ($config['loginhash_pwd'] != ''
-        && $loginhash_data == md5($loginhash_user.io_output_password($config['loginhash_pwd']))
+        && $loginhash_data == md5(
+            $loginhash_user.io_output_password($config['loginhash_pwd'])
+        )
     ) {
         db_logon($loginhash_user, $_SERVER['REMOTE_ADDR']);
         $_SESSION['id_usuario'] = $loginhash_user;
@@ -76,14 +81,38 @@ if (isset($_GET['loginhash'])) {
         include_once 'general/login_page.php';
         db_pandora_audit('Logon Failed (loginhash', '', 'system');
         while (@ob_end_flush()) {
+            // Dumping...
+            continue;
         }
 
         exit('</html>');
     }
 }
 
+$auth_class = io_safe_output(
+    get_parameter('auth_class', 'PandoraFMS\Dashboard\Manager')
+);
+$public_hash = get_parameter('auth_hash', false);
+$public_login = false;
 // Check user.
-check_login();
+if (class_exists($auth_class) === false || $public_hash === false) {
+    check_login();
+} else {
+    if ($auth_class::validatePublicHash($public_hash) === false) {
+        db_pandora_audit(
+            'Invalid public hash',
+            'Trying to access public dashboard'
+        );
+        include 'general/noaccess.php';
+        exit;
+    }
+
+    // OK. Simulated user log in. If you want to use your own auth_class
+    // remember to set $config['force_instant_logout'] to true to avoid
+    // persistent user login.
+}
+
+ob_start();
 
 // Enterprise support.
 if (file_exists(ENTERPRISE_DIR.'/load_enterprise.php')) {
@@ -98,7 +127,10 @@ $page .= '.php';
 $config['id_user'] = $_SESSION['id_usuario'];
 $isFunctionSkins = enterprise_include_once('include/functions_skins.php');
 if ($isFunctionSkins !== ENTERPRISE_NOT_HOOK) {
-    $config['relative_path'] = enterprise_hook('skins_set_image_skin_path', [$config['id_user']]);
+    $config['relative_path'] = enterprise_hook(
+        'skins_set_image_skin_path',
+        [$config['id_user']]
+    );
 }
 
 if (is_metaconsole()) {
@@ -115,3 +147,29 @@ if (file_exists($page)) {
 if (__PAN_XHPROF__ === 1) {
     pandora_xhprof_display_result('ajax', 'console');
 }
+
+
+if ($config['force_instant_logout'] === true) {
+    // Force user logout.
+    if (session_status() !== PHP_SESSION_ACTIVE) {
+        session_start();
+    }
+
+    $iduser = $_SESSION['id_usuario'];
+    $_SESSION = [];
+    session_destroy();
+    header_remove('Set-Cookie');
+    setcookie(session_name(), $_COOKIE[session_name()], (time() - 4800), '/');
+
+    if ($config['auth'] == 'saml') {
+        include_once $config['saml_path'].'simplesamlphp/lib/_autoload.php';
+        $as = new SimpleSAML_Auth_Simple('PandoraFMS');
+        $as->logout();
+    }
+}
+
+
+while (@ob_end_flush()) {
+    // Dumping...
+    continue;
+}
diff --git a/pandora_console/include/functions_reporting.php b/pandora_console/include/functions_reporting.php
index 09d3b009de..33729dc5b0 100755
--- a/pandora_console/include/functions_reporting.php
+++ b/pandora_console/include/functions_reporting.php
@@ -11739,7 +11739,6 @@ function reporting_get_stats_servers()
     $table_srv->style[1] = $table_srv->style[3] = 'text-align: left; padding: 5px;';
 
     $tdata = [];
-    '<span class="big_data">'.format_numeric($server_performance['total_local_modules']).'</span>';
     $tdata[0] = html_print_image('images/module.png', true, ['title' => __('Total running modules')]);
     $tdata[1] = '<span class="big_data">'.format_numeric($server_performance['total_modules']).'</span>';
     $tdata[2] = '<span class="med_data">'.format_numeric($server_performance['total_modules_rate'], 2).'</span>';
@@ -11846,12 +11845,6 @@ function reporting_get_stats_servers()
     );
     $tdata[1] = '<span class="big_data" id="total_events">'.html_print_image('images/spinner.gif', true).'</span>';
 
-        /*
-            Hello there! :)
-            We added some of what seems to be "buggy" messages to the openSource version recently. This is not to force open-source users to move to the enterprise version, this is just to inform people using Pandora FMS open source that it requires skilled people to maintain and keep it running smoothly without professional support. This does not imply open-source version is limited in any way. If you check the recently added code, it contains only warnings and messages, no limitations except one: we removed the option to add custom logo in header. In the Update Manager section, it warns about the 'danger’ of applying automated updates without a proper backup, remembering in the process that the Enterprise version comes with a human-tested package. Maintaining an OpenSource version with more than 500 agents is not so easy, that's why someone using a Pandora with 8000 agents should consider asking for support. It's not a joke, we know of many setups with a huge number of agents, and we hate to hear that “its becoming unstable and slow” :(
-            You can of course remove the warnings, that's why we include the source and do not use any kind of trick. And that's why we added here this comment, to let you know this does not reflect any change in our opensource mentality of does the last 14 years.
-        */
-
     if ($system_events > 50000 && !enterprise_installed()) {
         $tdata[2] = "<div id='monitoreventsmodal' class='publienterprise' title='Community version' style='text-align:left'><img data-title='Enterprise version' class='img_help forced_title' data-use_title_for_force_title='1' src='images/alert_enterprise.png'></div>";
     } else {
@@ -11865,7 +11858,7 @@ function reporting_get_stats_servers()
     $output = '<fieldset class="databox tactical_set">
                 <legend>'.__('Server performance').'</legend>'.html_print_table($table_srv, true).'</fieldset>';
 
-    $public_hash = get_parameter('hash', false);
+    $public_hash = get_parameter('auth_hash', false);
     if ($public_hash === false) {
         $output .= '<script type="text/javascript">';
             $output .= '$(document).ready(function () {';
diff --git a/pandora_console/include/functions_treeview.php b/pandora_console/include/functions_treeview.php
index 384e99dd3c..96f8c0dfa9 100755
--- a/pandora_console/include/functions_treeview.php
+++ b/pandora_console/include/functions_treeview.php
@@ -19,7 +19,7 @@ function treeview_printModuleTable($id_module, $server_data=false, $no_head=fals
         $server_name = '';
         $server_id = '';
         $url_hash = '';
-        $console_url = '';
+        $console_url = ui_get_full_url('/');
     } else {
         $server_name = $server_data['server_name'];
         $server_id = $server_data['id'];
@@ -500,7 +500,7 @@ function treeview_printTable($id_agente, $server_data=[], $no_head=false)
         $server_name = '';
         $server_id = '';
         $url_hash = '';
-        $console_url = '';
+        $console_url = ui_get_full_url('/');
     } else {
         $server_name = $server_data['server_name'];
         $server_id = $server_data['id'];
@@ -567,7 +567,7 @@ function treeview_printTable($id_agente, $server_data=[], $no_head=false)
     $table->head = [];
     $table->data = [];
 
-    // Agent name
+    // Agent name.
     if ($agent['disabled']) {
         $cellName = '<em>';
     } else {
@@ -576,10 +576,10 @@ function treeview_printTable($id_agente, $server_data=[], $no_head=false)
 
     if (is_metaconsole()) {
         $pwd = $server_data['auth_token'];
-        // Create HASH login info
+        // Create HASH login info.
         $user = $config['id_user'];
 
-        // Extract auth token from serialized field
+        // Extract auth token from serialized field.
         $pwd_deserialiced = json_decode($pwd, true);
         $hashdata = $user.$pwd_deserialiced['auth_token'];
 
@@ -588,7 +588,11 @@ function treeview_printTable($id_agente, $server_data=[], $no_head=false)
 
         $cellName .= '<a href="'.$url.'">'.'<b><span style="font-weight:bold;text-transform:uppercase;" title="'.$agent['nombre'].'">'.$agent['alias'].'</span></b></a>';
     } else {
-        $cellName .= '<a href="index.php?sec=estado&amp;sec2=operation/agentes/ver_agente&amp;id_agente='.$agent['id_agente'].'">'.'<b><span style="font-weight:bold;text-transform:uppercase;" title="'.$agent['nombre'].'">'.$agent['alias'].'</span></b></a>';
+        $url = ui_get_full_url(
+            'index.php?sec=estado&amp;sec2=operation/agentes/ver_agente&amp;id_agente='.$agent['id_agente']
+        );
+        $cellName .= '<a href="'.$url.'">';
+        $cellName .= '<b><span style="font-weight:bold;text-transform:uppercase;" title="'.$agent['nombre'].'">'.$agent['alias'].'</span></b></a>';
     }
 
     if ($agent['disabled']) {
@@ -600,7 +604,7 @@ function treeview_printTable($id_agente, $server_data=[], $no_head=false)
     $row['data'] = $cellName;
     $table->data['name'] = $row;
 
-    // Addresses
+    // Addresses.
     $ips = [];
     $addresses = agents_get_addresses($id_agente);
     $address = agents_get_address($id_agente);
@@ -611,8 +615,11 @@ function treeview_printTable($id_agente, $server_data=[], $no_head=false)
         }
     }
 
-    if (!empty($addresses)) {
-        $address .= ui_print_help_tip(__('Other IP addresses').': <br>'.implode('<br>', $addresses), true);
+    if (empty($addresses) === false) {
+        $address .= ui_print_help_tip(
+            __('Other IP addresses').': <br>'.implode('<br>', $addresses),
+            true
+        );
     }
 
     $row = [];
@@ -620,25 +627,27 @@ function treeview_printTable($id_agente, $server_data=[], $no_head=false)
     $row['data'] = $address;
     $table->data['address'] = $row;
 
-    // Agent Interval
+    // Agent Interval.
     $row = [];
     $row['title'] = __('Interval');
     $row['data'] = human_time_description_raw($agent['intervalo']);
     $table->data['interval'] = $row;
 
-    // Comments
+    // Comments.
     $row = [];
     $row['title'] = __('Description');
     $row['data'] = $agent['comentarios'];
     $table->data['description'] = $row;
 
-    // Last contact
+    // Last contact.
     $last_contact = ui_print_timestamp($agent['ultimo_contacto'], true);
 
     if ($agent['ultimo_contacto_remoto'] == '01-01-1970 00:00:00') {
         $last_remote_contact = __('Never');
     } else {
-        $last_remote_contact = date_w_fixed_tz($agent['ultimo_contacto_remoto']);
+        $last_remote_contact = date_w_fixed_tz(
+            $agent['ultimo_contacto_remoto']
+        );
     }
 
     $row = [];
@@ -646,7 +655,7 @@ function treeview_printTable($id_agente, $server_data=[], $no_head=false)
     $row['data'] = "$last_contact / $last_remote_contact";
     $table->data['contact'] = $row;
 
-    // Next contact (agent)
+    // Next contact (agent).
     $progress = agents_get_next_contact($id_agente);
 
     $row = [];
@@ -660,7 +669,7 @@ function treeview_printTable($id_agente, $server_data=[], $no_head=false)
     );
     $table->data['next_contact'] = $row;
 
-    // End of table
+    // End of table.
     $agent_table = html_print_table($table, true);
 
     if ($user_access_node && check_acl($config['id_user'], $agent['id_grupo'], 'AW')) {
diff --git a/pandora_console/include/functions_ui.php b/pandora_console/include/functions_ui.php
index 16f3319a06..3fdc9611b5 100755
--- a/pandora_console/include/functions_ui.php
+++ b/pandora_console/include/functions_ui.php
@@ -1708,9 +1708,8 @@ function ui_process_page_head($string, $bitfield)
 		<meta name="author" content="'.get_copyright_notice().'" />
 		<meta name="copyright" content="(c) '.get_copyright_notice().'" />
 		<meta name="robots" content="index, follow" />';
-        $output .= '<link rel="icon" href="'.ui_get_favicon().'" type="image/ico" />';
-        $output .= '	
-		<link rel="shortcut icon" href="'.ui_get_favicon().'" type="image/x-icon" />
+        $output .= '<link rel="icon" href="'.ui_get_full_url('/').ui_get_favicon().'" type="image/ico" />';
+        $output .= '<link rel="shortcut icon" href="'.ui_get_full_url('/').ui_get_favicon().'" type="image/x-icon" />
 		<link rel="alternate" href="operation/events/events_rss.php" title="Pandora RSS Feed" type="application/rss+xml" />';
 
     if ($config['language'] != 'en') {
diff --git a/pandora_console/include/javascript/pandora_dashboards.js b/pandora_console/include/javascript/pandora_dashboards.js
index 8b2cd8c8e1..e50204b8e5 100644
--- a/pandora_console/include/javascript/pandora_dashboards.js
+++ b/pandora_console/include/javascript/pandora_dashboards.js
@@ -86,11 +86,14 @@ function initialiceLayout(data) {
       data: {
         page: data.page,
         method: "getCellsLayout",
-        dashboardId: data.dashboardId
+        dashboardId: data.dashboardId,
+        auth_class: data.auth.class,
+        auth_hash: data.auth.hash,
+        id_user: data.auth.user
       },
       dataType: "json",
-      success: function(data) {
-        loadLayout(data);
+      success: function(d) {
+        loadLayout(d);
       },
       error: function(error) {
         console.error(error);
@@ -136,7 +139,8 @@ function initialiceLayout(data) {
         position.maxWidth,
         position.minHeight,
         position.maxHeight,
-        widgetId
+        widgetId,
+        false
       );
     });
     // Commit.
@@ -167,7 +171,10 @@ function initialiceLayout(data) {
         dashboardId: data.dashboardId,
         cellId: id,
         widgetId: widgetId,
-        gridWidth: gridWidth
+        gridWidth: gridWidth,
+        auth_class: data.auth.class,
+        auth_hash: data.auth.hash,
+        id_user: data.auth.user
       },
       dataType: "html",
       success: function(cellData) {
@@ -205,7 +212,10 @@ function initialiceLayout(data) {
             widgetId: widgetId,
             newWidth: newWidth,
             newHeight: newHeight,
-            gridWidth: gridWidth
+            gridWidth: gridWidth,
+            auth_class: data.auth.class,
+            auth_hash: data.auth.hash,
+            id_user: data.auth.user
           },
           dataType: "html",
           success: function(widgetData) {
@@ -291,7 +301,10 @@ function initialiceLayout(data) {
         page: data.page,
         method: "saveLayout",
         dashboardId: data.dashboardId,
-        items: items
+        items: items,
+        auth_class: data.auth.class,
+        auth_hash: data.auth.hash,
+        id_user: data.auth.user
       },
       dataType: "html",
       success: function(data) {
@@ -313,11 +326,14 @@ function initialiceLayout(data) {
         page: data.page,
         dashboardId: data.dashboardId,
         method: "deleteCell",
-        cellId: cellId
+        cellId: cellId,
+        auth_class: data.auth.class,
+        auth_hash: data.auth.hash,
+        id_user: data.auth.user
       },
       dataType: "json",
       success: function(data) {
-        // For defect x and y = 0
+        // By default x and y = 0
         // width and height = 4
         // position auto = true.
         if (data.result !== 0) {
@@ -338,11 +354,14 @@ function initialiceLayout(data) {
       data: {
         page: data.page,
         method: "insertCellLayout",
-        dashboardId: data.dashboardId
+        dashboardId: data.dashboardId,
+        auth_class: data.auth.class,
+        auth_hash: data.auth.hash,
+        id_user: data.auth.user
       },
       dataType: "json",
       success: function(data) {
-        // For defect x and y = 0
+        // By default x and y = 0
         // width and height = 4
         // position auto = true.
         if (data.cellId !== 0) {
@@ -536,7 +555,10 @@ function initialiceLayout(data) {
         method: "drawAddWidget",
         cellId: cellId,
         offset: offset,
-        search: search
+        search: search,
+        auth_class: data.auth.class,
+        auth_hash: data.auth.hash,
+        id_user: data.auth.user
       },
       dataType: "html",
       success: function(data) {
@@ -606,7 +628,10 @@ function initialiceLayout(data) {
         cellId: cellId,
         widgetId: widgetId,
         gridWidth: gridWidth,
-        redraw: true
+        redraw: true,
+        auth_class: data.auth.class,
+        auth_hash: data.auth.hash,
+        id_user: data.auth.user
       },
       dataType: "html",
       success: function(cellData) {
@@ -633,7 +658,10 @@ function initialiceLayout(data) {
             newWidth: newWidth,
             newHeight: newHeight,
             gridWidth: gridWidth,
-            widgetId: widgetId
+            widgetId: widgetId,
+            auth_class: data.auth.class,
+            auth_hash: data.auth.hash,
+            id_user: data.auth.user
           },
           dataType: "html",
           success: function(dataWidget) {
@@ -755,8 +783,9 @@ function dashboardLoadNetworkMap(settings) {
       x_offset: settings.x_offset,
       y_offset: settings.y_offset,
       zoom_dash: settings.zoom_dash,
-      id_user: settings.id_user,
-      hash: settings.hash
+      auth_class: settings.auth_class,
+      auth_hash: settings.auth_hash,
+      id_user: settings.id_user
     },
     dataType: "html",
     success: function(data) {
@@ -784,6 +813,8 @@ function dashboardLoadWuxStats(settings) {
       id_agent: settings.id_agent,
       transaction: settings.transaction,
       view_all_stats: settings.view_all_stats,
+      auth_class: settings.auth_class,
+      auth_hash: settings.auth_hash,
       id_user: settings.id_user
     },
     dataType: "html",
@@ -821,9 +852,10 @@ function processTreeSearch(settings) {
     data: {
       getChildren: 1,
       page: settings.page,
-      id_user: settings.user,
-      hash: settings.hash,
       type: settings.type,
+      auth_class: settings.auth_class,
+      auth_hash: settings.auth_hash,
+      id_user: settings.id_user,
       filter: filters
     },
     success: function(data) {
@@ -858,8 +890,11 @@ function processTreeSearch(settings) {
           emptyMessage: settings.translate.emptyMessage,
           foundMessage: settings.translate.foundMessage,
           tree: data.tree,
-          baseURL: settings.baseURL,
+          auth_hash: settings.auth_hash,
+          auth_class: settings.auth_class,
+          id_user: settings.id_user,
           ajaxURL: settings.ajaxUrl,
+          baseURL: settings.baseUrl,
           filter: filters,
           counterTitles: {
             total: {
diff --git a/pandora_console/include/javascript/tree/TreeController.js b/pandora_console/include/javascript/tree/TreeController.js
index 332870d6d1..fdcf6421bb 100644
--- a/pandora_console/include/javascript/tree/TreeController.js
+++ b/pandora_console/include/javascript/tree/TreeController.js
@@ -450,7 +450,10 @@ var TreeController = {
             var postData = {
               page: controller.ajaxPage,
               getDetail: 1,
-              type: type
+              type: type,
+              auth_class: controller.auth_class,
+              id_user: controller.id_user,
+              auth_hash: controller.auth_hash
             };
 
             if (typeof id !== "undefined") postData.id = id;
@@ -970,11 +973,6 @@ var TreeController = {
               });
             }
           }
-          // Get hash and user.
-          var public_hash = $("#hidden-publi_dash_tree_view_hash").val();
-          if (typeof public_hash === "undefined") public_hash = 0;
-          var public_user = $("#hidden-publi_dash_tree_view_id_user").val();
-          if (typeof public_user === "undefined") public_user = 0;
 
           if (
             typeof element.searchChildren != "undefined" &&
@@ -1014,8 +1012,9 @@ var TreeController = {
                       rootType: element.rootType,
                       metaID: element.metaID,
                       filter: controller.filter,
-                      hash: public_hash,
-                      id_user: public_user
+                      auth_class: controller.auth_class,
+                      id_user: controller.id_user,
+                      auth_hash: controller.auth_hash
                     },
                     complete: function(xhr, textStatus) {
                       $node.removeClass("leaf-loading");
@@ -1150,6 +1149,16 @@ var TreeController = {
           this.filter = data.filter;
         }
 
+        if (typeof data.auth_class !== "undefined") {
+          this.auth_class = data.auth_class;
+        }
+        if (typeof data.id_user !== "undefined") {
+          this.id_user = data.id_user;
+        }
+        if (typeof data.auth_hash !== "undefined") {
+          this.auth_hash = data.auth_hash;
+        }
+
         this.load();
       },
       remove: function() {
diff --git a/pandora_console/include/lib/Dashboard/Manager.php b/pandora_console/include/lib/Dashboard/Manager.php
index cd03419a60..0318df2863 100644
--- a/pandora_console/include/lib/Dashboard/Manager.php
+++ b/pandora_console/include/lib/Dashboard/Manager.php
@@ -183,8 +183,25 @@ class Manager
     {
         global $config;
 
-        // Check access.
-        check_login();
+        // Check ACL.
+        $hash = get_parameter('hash', false);
+        // Check user access.
+        if ($hash === false) {
+            check_login();
+            if (check_acl($config['id_user'], 0, 'RR') === 0) {
+                include 'general/noaccess.php';
+                return;
+            }
+        } else {
+            if (self::validatePublicHash($hash) === false) {
+                db_pandora_audit(
+                    'Invalid public hash',
+                    'Trying to access public dashboard'
+                );
+                include 'general/noaccess.php';
+                exit;
+            }
+        }
 
         // User is admin.
         $this->isAdmin = (bool) \is_user_admin($config['id_user']);
@@ -259,6 +276,86 @@ class Manager
     }
 
 
+    /**
+     * Generates a hash to authenticate in public dashboards.
+     *
+     * @param string|null $other_secret To authenticate some parts
+     * of public dashboards (like visual consoles or wux widgets)
+     * another hash is needed. Other secret avoid
+     * to reuse the main hash to view other components.
+     *
+     * @return string Returns a hash with the authenticaction.
+     */
+    public static function generatePublicHash(?string $other_secret=''):string
+    {
+        global $config;
+
+        $str = $config['dbpass'];
+        $str .= $config['id_user'];
+        $str .= $other_secret;
+        return hash('sha256', $str);
+    }
+
+
+    /**
+     * Validates a hash to authenticate in public dashboards.
+     *
+     * @param string $hash         Hash to be checked.
+     * @param string $other_secret Yo need to provide it to
+     * authenticate some parts of widgets.
+     *
+     * @return boolean Returns true if hash is valid.
+     */
+    public static function validatePublicHash(
+        string $hash,
+        string $other_secret=''
+    ):bool {
+        global $config;
+
+        if (isset($config['id_user']) === true) {
+            // Already logged in.
+            return true;
+        }
+
+        $userFromParams = false;
+        // Try to get id_user from parameters if it is missing.
+        if (isset($config['id_user']) === false) {
+            $userFromParams = true;
+            $config['id_user'] = get_parameter('id_user', false);
+            // It is impossible to authenticate without an id user.
+            if ($config['id_user'] === false) {
+                unset($config['id_user']);
+                return false;
+            }
+        } else {
+            $config['public_dashboard'] = false;
+        }
+
+        // Build a hash to check.
+        $hashCheck = self::generatePublicHash($other_secret);
+        if ($hashCheck === $hash) {
+            // "Log" user in.
+            if (session_status() !== PHP_SESSION_ACTIVE) {
+                session_start();
+            }
+
+            $_SESSION['id_usuario'] = $config['id_user'];
+            session_write_close();
+
+            $config['public_dashboard'] = true;
+            $config['force_instant_logout'] = true;
+            return true;
+        }
+
+        // Remove id user from config array if authentication has failed.
+        if ($userFromParams === true) {
+            unset($config['id_user']);
+        }
+
+        return false;
+    }
+
+
     /**
      * Instance Widget.
      *
@@ -854,7 +951,7 @@ class Manager
             'dashboardId'  => $this->dashboardId,
         ];
 
-        exit(json_encode($result));
+        echo json_encode($result);
 
     }
 
@@ -889,6 +986,7 @@ class Manager
                     'refr'           => $this->refr,
                     'url'            => $this->url,
                     'dashboardName'  => $this->dashboardFields['name'],
+                    'hash'           => self::generatePublicHash(),
                 ]
             );
         } else {
@@ -920,7 +1018,9 @@ class Manager
                     'url'             => \ui_get_full_url('ajax.php'),
                     'createDashboard' => $this->createDashboard,
                     'updateDashboard' => $this->updateDashboard,
-                    'cellIdCreate'    => get_parameter('cellIdCreate', 0),
+                    'cellIdCreate'    => \get_parameter('cellIdCreate', 0),
+                    'class'           => (($config['public_dashboard'] === true) ? quotemeta(__CLASS__) : ''),
+                    'hash'            => (($config['public_dashboard'] === true) ? self::generatePublicHash() : ''),
                 ]
             );
         } else {
@@ -938,9 +1038,6 @@ class Manager
                     'widgetId'    => $cellData['id_widget'],
                     'cellId'      => $this->cellId,
                 ];
-            } else {
-                // TODO:XXX
-                $output = 'no tiene widget';
             }
 
             View::render(
@@ -991,7 +1088,7 @@ class Manager
             );
         }
 
-        exit(json_encode($result));
+        echo json_encode($result);
     }
 
 
@@ -1016,7 +1113,7 @@ class Manager
 
         $result = ['cellId' => $dataCell['id']];
 
-        exit(json_encode($result));
+        echo json_encode($result);
     }
 
 
@@ -1149,7 +1246,7 @@ class Manager
             }
         }
 
-        exit(json_encode($result));
+        echo json_encode($result);
     }
 
 
@@ -1171,7 +1268,7 @@ class Manager
 
         $result = ['result' => $res];
 
-        exit(json_encode($result));
+        echo json_encode($result);
     }
 
 
@@ -1264,7 +1361,7 @@ class Manager
             ];
         }
 
-        exit(json_encode($result));
+        echo json_encode($result);
     }
 
 
diff --git a/pandora_console/include/lib/Dashboard/Widgets/network_map.php b/pandora_console/include/lib/Dashboard/Widgets/network_map.php
index 27880e71cb..4c9eeb0010 100644
--- a/pandora_console/include/lib/Dashboard/Widgets/network_map.php
+++ b/pandora_console/include/lib/Dashboard/Widgets/network_map.php
@@ -28,6 +28,8 @@
 
 namespace PandoraFMS\Dashboard;
 
+use PandoraFMS\Dashboard\Manager;
+
 /**
  * Network map Widgets.
  */
@@ -389,8 +391,8 @@ class NetworkMapWidget extends Widget
                 'y_offset'      => $y_offset,
                 'zoom_dash'     => $zoom_dash,
                 'id_user'       => $config['id_user'],
-                'hash'          => $hash,
-
+                'auth_class'    => 'PandoraFMS\Dashboard\Manager',
+                'auth_hash'     => Manager::generatePublicHash(),
             ]
         );
 
diff --git a/pandora_console/include/lib/Dashboard/Widgets/tree_view.php b/pandora_console/include/lib/Dashboard/Widgets/tree_view.php
index 994cceac73..fb1f8afcdc 100644
--- a/pandora_console/include/lib/Dashboard/Widgets/tree_view.php
+++ b/pandora_console/include/lib/Dashboard/Widgets/tree_view.php
@@ -28,6 +28,8 @@
 
 namespace PandoraFMS\Dashboard;
 
+use PandoraFMS\Dashboard\Manager;
+
 /**
  * Tree view Widgets.
  */
@@ -547,12 +549,7 @@ class TreeViewWidget extends Widget
             true
         );
 
-        $base_url = \ui_get_full_url(
-            false,
-            false,
-            false,
-            \is_metaconsole()
-        );
+        $base_url = \ui_get_full_url('/');
 
         // Spinner.
         $output .= \html_print_image(
@@ -585,8 +582,9 @@ class TreeViewWidget extends Widget
 
         $settings = [
             'page'         => 'include/ajax/tree.ajax',
-            'user'         => $config['id_user'],
-            'hash'         => $hash,
+            'id_user'      => $config['id_user'],
+            'auth_class'   => 'PandoraFMS\Dashboard\Manager',
+            'auth_hash'    => Manager::generatePublicHash(),
             'type'         => $tab,
             'cellId'       => $id_cell,
             'ajaxUrl'      => ui_get_full_url('ajax.php', false, false, false),
diff --git a/pandora_console/include/lib/Dashboard/Widgets/wux_transaction_stats.php b/pandora_console/include/lib/Dashboard/Widgets/wux_transaction_stats.php
index 49187dcb05..c40fe74941 100644
--- a/pandora_console/include/lib/Dashboard/Widgets/wux_transaction_stats.php
+++ b/pandora_console/include/lib/Dashboard/Widgets/wux_transaction_stats.php
@@ -28,6 +28,8 @@
 
 namespace PandoraFMS\Dashboard;
 
+use PandoraFMS\Dashboard\Manager;
+
 /**
  * Wux transaction stats Widgets.
  */
@@ -342,6 +344,8 @@ class WuxStatsWidget extends Widget
                 'transaction'    => $transaction,
                 'view_all_stats' => $view_all_stats,
                 'id_user'        => $config['id_user'],
+                'auth_class'     => 'PandoraFMS\Dashboard\Manager',
+                'auth_hash'      => Manager::generatePublicHash(),
                 'cellId'         => $this->cellId,
             ]
         );
diff --git a/pandora_console/operation/dashboard/dashboard.php b/pandora_console/operation/dashboard/dashboard.php
index 7767f4f629..502d79cc2f 100644
--- a/pandora_console/operation/dashboard/dashboard.php
+++ b/pandora_console/operation/dashboard/dashboard.php
@@ -42,7 +42,6 @@ try {
 } catch (Exception $e) {
     if (is_ajax() === true) {
         echo json_encode(['error' => '[Dashboards]'.$e->getMessage() ]);
-        exit;
     } else {
         echo '[Dashboards]'.$e->getMessage();
     }
@@ -64,9 +63,6 @@ if (is_ajax() === true) {
     } else {
         $cs->error('Method not found. ['.$method.']');
     }
-
-    // Stop any execution.
-    exit;
 } else {
     // Run.
     $cs->run();
diff --git a/pandora_console/operation/dashboard/public_dashboard.php b/pandora_console/operation/dashboard/public_dashboard.php
new file mode 100644
index 0000000000..a8b8b63b8a
--- /dev/null
+++ b/pandora_console/operation/dashboard/public_dashboard.php
@@ -0,0 +1,66 @@
+<?php
+/**
+ * Public access to dashboard.
+ *
+ * @category   Dashboards
+ * @package    Pandora FMS
+ * @subpackage Community
+ * @version    1.0.0
+ * @license    See below
+ *
+ *    ______                 ___                    _______ _______ ________
+ *   |   __ \.-----.--.--.--|  |.-----.----.-----. |    ___|   |   |     __|
+ *  |    __/|  _  |     |  _  ||  _  |   _|  _  | |    ___|       |__     |
+ * |___|   |___._|__|__|_____||_____|__| |___._| |___|   |__|_|__|_______|
+ *
+ * ============================================================================
+ * Copyright (c) 2005-2019 Artica Soluciones Tecnologicas
+ * Please see http://pandorafms.org for full contribution list
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation for version 2.
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * ============================================================================
+ */
+
+// Begin.
+require_once __DIR__.'/../../include/config.php';
+
+global $config;
+
+chdir($config['homedir']);
+ob_start('ui_process_page_head');
+ob_start();
+
+// Fullscreen by default.
+$config['pure'] = get_parameter('pure', 1);
+
+require_once 'dashboard.php';
+
+// Clean session to avoid direct access.
+if ($config['force_instant_logout'] === true) {
+    // Force user logout.
+    $iduser = $_SESSION['id_usuario'];
+    if (session_status() !== PHP_SESSION_ACTIVE) {
+        session_start();
+    }
+
+    $_SESSION = [];
+    session_destroy();
+    header_remove('Set-Cookie');
+    setcookie(session_name(), $_COOKIE[session_name()], (time() - 4800), '/');
+
+    if ($config['auth'] == 'saml') {
+        include_once $config['saml_path'].'simplesamlphp/lib/_autoload.php';
+        $as = new SimpleSAML_Auth_Simple('PandoraFMS');
+        $as->logout();
+    }
+}
+
+while (@ob_end_flush()) {
+    // Dumping...
+    continue;
+}
diff --git a/pandora_console/views/dashboard/header.php b/pandora_console/views/dashboard/header.php
index f37519de91..47fe96079c 100644
--- a/pandora_console/views/dashboard/header.php
+++ b/pandora_console/views/dashboard/header.php
@@ -101,12 +101,35 @@ $slides['text'] .= html_print_image(
 );
 $slides['text'] .= '</a>';
 
-// Refresh selector time dashboards.
-$queryRefresh = [
+// Public Url.
+$queryPublic = [
     'dashboardId' => $dashboardId,
+    'hash'        => $hash,
+    'id_user'     => $config['id_user'],
     'pure'        => 1,
 ];
-$urlRefresh = $url.'&'.http_build_query($queryRefresh);
+$publicUrl = ui_get_full_url(
+    'operation/dashboard/public_dashboard.php?'.http_build_query($queryPublic)
+);
+$publiclink['text'] = '<a id="public_link" href="'.$publicUrl.'" target="_blank">';
+$publiclink['text'] .= html_print_image(
+    'images/camera_mc.png',
+    true,
+    ['title' => __('Show link to public dashboard')]
+);
+$publiclink['text'] .= '</a>';
+
+// Refresh selector time dashboards.
+if ($config['public_dashboard'] === true) {
+    $urlRefresh = $publicUrl;
+} else {
+    $queryRefresh = [
+        'dashboardId' => $dashboardId,
+        'pure'        => 1,
+    ];
+    $urlRefresh = $url.'&'.http_build_query($queryRefresh);
+}
+
 $comboRefresh['text'] = '<div class="dashboard-countdown" style="display: inline;"></div>';
 $comboRefresh['text'] .= '<form id="refr-form" method="post" action="'.$urlRefresh.'">';
 $comboRefresh['text'] .= __('Refresh').':';
@@ -165,7 +188,12 @@ $newWidget['text'] .= html_print_image(
 );
 $newWidget['text'] .= '</a>';
 
-if ($config['pure']) {
+if ($config['public_dashboard'] === true) {
+    $buttons = [
+        'combo_refresh_one_dashboard' => $comboRefresh,
+        // 'slides'                      => $slides,
+    ];
+} else if ($config['pure']) {
     $buttons = [
         'back_to_dashboard_list'      => $back_to_dashboard_list,
         'save_layout'                 => $save_layout_dashboard,
@@ -180,6 +208,7 @@ if ($config['pure']) {
         'back_to_dashboard_list' => $back_to_dashboard_list,
         'fullscreen'             => $fullscreen,
         'slides'                 => $slides,
+        'public_link'            => $publiclink,
         'combo_dashboard'        => $combo_dashboard,
         'options'                => $options,
         'newWidget'              => $newWidget,
diff --git a/pandora_console/views/dashboard/layout.php b/pandora_console/views/dashboard/layout.php
index a7137be0c7..516c5e5180 100644
--- a/pandora_console/views/dashboard/layout.php
+++ b/pandora_console/views/dashboard/layout.php
@@ -63,7 +63,12 @@ echo $output;
         initialiceLayout({
             page: '<?php echo $ajaxController; ?>',
             url: '<?php echo $url; ?>',
-            dashboardId: '<?php echo $dashboardId; ?>'
+            dashboardId: '<?php echo $dashboardId; ?>',
+            auth: {
+                class: '<?php echo $class; ?>',
+                hash: '<?php echo $hash; ?>',
+                user: '<?php echo $config['id_user']; ?>'
+            }
         });
 
         // Mode for create new dashboard.