0){ // Agent selection filters and refresh $query = 'http' . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE ? 's': '') . '://' . $_SERVER['SERVER_NAME']; if ($_SERVER['SERVER_PORT'] != 80) $query .= ":" . $_SERVER['SERVER_PORT']; $query .= $_SERVER['REQUEST_URI']; if (isset ($_POST["refr"])) $query .= '&refr=' . $intervalo; if (isset ($_POST["ag_group"])) { $ag_group = $_POST["ag_group"]; $query = 'http://' . $_SERVER['SERVER_NAME']; if ($_SERVER['SERVER_PORT'] != 80) $query .= ":" . $_SERVER['SERVER_PORT']; $query .= $_SERVER['REQUEST_URI'] . '&ag_group_refresh=' . $ag_group; } else echo ''; } ?> Pandora FMS - <?php echo lang_string("header_title"); ?> '; ?> '; else echo ''; $REMOTE_ADDR = getenv ("REMOTE_ADDR"); // Login process if ( (! isset ($_SESSION['id_usuario'])) AND (isset ($_GET["login"]))) { $nick = get_parameter_post ("nick"); $pass = get_parameter_post ("pass"); // Connect to Database $sql1 = 'SELECT * FROM tusuario WHERE id_usuario = "'.$nick.'"'; $result = mysql_query ($sql1); // For every registry if ($row = mysql_fetch_array ($result)){ if ($row["password"] == md5 ($pass)){ // Login OK // Nick could be uppercase or lowercase (select in MySQL // is not case sensitive) // We get DB nick to put in PHP Session variable, // to avoid problems with case-sensitive usernames. // Thanks to David Muñiz for Bug discovery :) $nick = $row["id_usuario"]; unset ($_GET["sec2"]); $_GET["sec"] = "general/logon_ok"; update_user_contact ($nick); logon_db ($nick, $REMOTE_ADDR); $_SESSION['id_usuario'] = $nick; } else { // Login failed (bad password) unset ($_GET["sec2"]); include "general/logon_failed.php"; // change password to do not show all string $primera = substr ($pass,0,1); $ultima = substr ($pass, strlen ($pass) - 1, 1); $pass = $primera . "****" . $ultima; audit_db ($nick, $REMOTE_ADDR, "Logon Failed", "Incorrect password: " . $nick . " / " . $pass); exit; } } else { // User not known unset ($_GET["sec2"]); include "general/logon_failed.php"; $primera = substr ($pass, 0, 1); $ultima = substr ($pass, strlen ($pass) - 1, 1); $pass = $primera . "****" . $ultima; audit_db ($nick, $REMOTE_ADDR, "Logon Failed", "Invalid username: " . $nick . " / " . $pass); exit; } } elseif (! isset ($_SESSION['id_usuario'])) { // There is no user connected include "general/login_page.php"; exit; } else { // There is session for id_usuario $config["id_user"] = $_SESSION["id_usuario"]; //$id_usuario = entrada_limpia ($_SESSION["id_usuario"]); //$id_user = entrada_limpia ($_SESSION["id_usuario"]); } // Log off if (isset ($_GET["bye"])) { include "general/logoff.php"; $iduser = $_SESSION["id_usuario"]; logoff_db ($iduser, $REMOTE_ADDR); session_unregister ("id_usuario"); exit; } $pagina = ""; if (isset ($_GET["sec2"])){ $sec2 = get_parameter_get ('sec2'); $sec2 = parameter_extra_clean ($sec2); $pagina = $sec2; } else $sec2 = ""; if (isset ($_GET["sec"])){ $sec = get_parameter_get ('sec'); $sec = parameter_extra_clean ($sec); $pagina = $sec2; } else $sec = ""; // http://es2.php.net/manual/en/ref.session.php#64525 // Session locking concurrency speedup! session_write_close(); // Header if ($config["pure"] == 0){ echo '
'; echo ''; echo '
'; echo ' '; } else { echo '
'; } // Main block of content if ($config["pure"] == 0){ echo '
'; } // Page loader / selector if ($pagina != ""){ if (file_exists ($pagina . ".php")) { require ($pagina . ".php"); } else { echo "
".lang_string("Sorry! I can't find the page!").""; } } else require ("general/logon_ok.php"); //default if ($config["pure"] == 0){ echo '
'; // main echo '
'; echo '
'; // page } else { echo "
"; } if ($config["pure"] == 0){ echo ''; echo '
'; } echo ''; ?>