<?php // Pandora FMS - http://pandorafms.com // ================================================== // Copyright (c) 2005-2012 Artica Soluciones Tecnologicas // Please see http://pandorafms.org for full contribution list // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public License // as published by the Free Software Foundation; version 2 // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. //Set character encoding to UTF-8 - fixes a lot of multibyte character headaches if (function_exists ('mb_internal_encoding')) { mb_internal_encoding ("UTF-8"); } // Set to 1 to do not check for installer or config file (for development!). // Activate gives more error information, not useful for production sites $develop_bypass = 0; if ($develop_bypass != 1) { // If no config file, automatically try to install if (! file_exists ("include/config.php")) { if (! file_exists ("install.php")) { $login_screen = 'error_noconfig'; require('general/error_screen.php'); exit; } else { include ("install.php"); exit; } } if (filesize("include/config.php") == 0) { include ("install.php"); exit; } // Check for installer presence if (file_exists ("install.php")) { $login_screen = 'error_install'; require('general/error_screen.php'); exit; } // Check perms for config.php if ((substr (sprintf ('%o', fileperms('include/config.php')), -4) != "0600") && (substr (sprintf ('%o', fileperms('include/config.php')), -4) != "0660") && (substr (sprintf ('%o', fileperms('include/config.php')), -4) != "0640")) { $login_screen = 'error_perms'; require('general/error_screen.php'); exit; } } if ((! file_exists ("include/config.php")) || (! is_readable ("include/config.php"))) { $login_screen = 'error_noconfig'; require('general/error_screen.php'); exit; } // Real start session_start (); require_once ("include/config.php"); // If metaconsole activated, redirect to it if ($config['metaconsole'] == 1 && $config['enterprise_installed'] == 1) { header ("Location: " . $config['homeurl'] . "enterprise/meta"); } /* Enterprise support */ if (file_exists (ENTERPRISE_DIR . "/load_enterprise.php")) { include_once (ENTERPRISE_DIR . "/load_enterprise.php"); } if (file_exists (ENTERPRISE_DIR . "/include/functions_login.php")) { include_once (ENTERPRISE_DIR . "/include/functions_login.php"); } if (!empty ($config["https"]) && empty ($_SERVER['HTTPS'])) { $query = ''; if (sizeof ($_REQUEST)) //Some (old) browsers don't like the ?&key=var $query .= '?1=1'; //We don't clean these variables up as they're only being passed along foreach ($_GET as $key => $value) { if ($key == 1) continue; $query .= '&'.$key.'='.$value; } foreach ($_POST as $key => $value) { $query .= '&'.$key.'='.$value; } $url = ui_get_full_url($query); // Prevent HTTP response splitting attacks // http://en.wikipedia.org/wiki/HTTP_response_splitting $url = str_replace ("\n", "", $url); header ('Location: '.$url); exit; //Always exit after sending location headers } // Pure mode (without menu, header and footer). $config["pure"] = (bool) get_parameter ("pure"); // Auto Refresh page (can now be disabled anywhere in the script) if (get_parameter ("refr")) $config["refr"] = (int) get_parameter ("refr"); ob_start (); echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">' . "\n"; echo '<html xmlns="http://www.w3.org/1999/xhtml">' . "\n"; echo '<head>' . "\n"; //This starts the page head. In the call back function, things from $page['head'] array will be processed into the head ob_start ('ui_process_page_head'); // Enterprise main enterprise_include ('index.php'); // This tag is included in the buffer passed to ui_process_page_head so // technically it can be stripped echo '</head>' . "\n"; require_once ("include/functions_themes.php"); ob_start ('ui_process_page_body'); $config["remote_addr"] = $_SERVER['REMOTE_ADDR']; $sec2 = get_parameter_get ('sec2'); $sec2 = safe_url_extraclean ($sec2); $page = $sec2; //Reference variable for old time sake $sec = get_parameter_get ('sec'); $sec = safe_url_extraclean ($sec); $process_login = false; // Update user password $change_pass = get_parameter_post('renew_password', 0); if ($change_pass == 1) { $password_new = (string) get_parameter_post ('new_password', ''); $password_confirm = (string) get_parameter_post ('confirm_new_password', ''); $id = (string) get_parameter_post ('login', ''); $changed_pass = login_update_password_check ($password_new, $password_confirm, $id); } $searchPage = false; $search = get_parameter_get("head_search_keywords"); if (strlen($search) > 0) { $config['search_keywords'] = trim(get_parameter('keywords')); // If not search category providad, we'll use an agent search $config['search_category'] = get_parameter('search_category', 'all'); if (($config['search_keywords'] != 'Enter keywords to search') && (strlen($config['search_keywords']) > 0)) $searchPage = true; } // Hash login process if (! isset ($config['id_user']) && isset ($_GET["loginhash"])) { $loginhash_data = get_parameter("loginhash_data", ""); $loginhash_user = get_parameter("loginhash_user", ""); if ($config["loginhash_pwd"] != "" && $loginhash_data == md5($loginhash_user.$config["loginhash_pwd"])) { db_logon ($loginhash_user, $_SERVER['REMOTE_ADDR']); $_SESSION['id_usuario'] = $loginhash_user; $config["id_user"] = $loginhash_user; } else { require_once ('general/login_page.php'); db_pandora_audit("Logon Failed (loginhash", "", "system"); while (@ob_end_flush ()); exit ("</html>"); } } elseif (! isset ($config['id_user']) && isset ($_GET["login"])) { // Login process include_once('include/functions_db.php'); //Include it to use escape_string_sql function $config["auth_error"] = ""; //Set this to the error message from the authorization mechanism $nick = get_parameter_post ("nick"); //This is the variable with the login $pass = get_parameter_post ("pass"); //This is the variable with the password $nick = db_escape_string_sql($nick); $pass = db_escape_string_sql($pass); // process_user_login is a virtual function which should be defined in each auth file. // It accepts username and password. The rest should be internal to the auth file. // The auth file can set $config["auth_error"] to an informative error output or reference their internal error messages to it // process_user_login should return false in case of errors or invalid login, the nickname if correct $nick_in_db = process_user_login ($nick, $pass); $expired_pass = false; if (($nick_in_db != false) && ((!is_user_admin($nick) || $config['enable_pass_policy_admin'])) && (defined('PANDORA_ENTERPRISE')) && ($config['enable_pass_policy'])) { include_once(ENTERPRISE_DIR."/include/auth/mysql.php"); $blocked = login_check_blocked($nick); if ($blocked) { require_once ('general/login_page.php'); db_pandora_audit("Password expired", "Password expired: ".$nick, $nick); while (@ob_end_flush ()); exit ("</html>"); } //Checks if password has expired $check_status = check_pass_status($nick, $pass); switch ($check_status) { case PASSSWORD_POLICIES_FIRST_CHANGE: //first change case PASSSWORD_POLICIES_EXPIRED: //pass expired $expired_pass = true; login_change_password($nick); break; } } if (($nick_in_db !== false) && $expired_pass) { //login ok and password has expired require_once ('general/login_page.php'); db_pandora_audit("Password expired", "Password expired: ".$nick, $nick); while (@ob_end_flush ()); exit ("</html>"); } else if (($nick_in_db !== false) && (!$expired_pass)) { //login ok and password has not expired $process_login = true; echo "<script type='text/javascript'>var process_login_ok = 1;</script>"; unset ($_GET["sec2"]); $_GET["sec"] = "general/logon_ok"; $home_page =''; if (isset($nick)) { $user_info = users_get_user_by_id($nick); $home_page = io_safe_output($user_info['section']); $home_url = $user_info['data_section']; if ($home_page != '') { switch($home_page) { case 'Event list': $_GET["sec"] = "eventos"; $_GET["sec2"] = "operation/events/events"; break; case 'Group view': $_GET["sec"] = "estado"; $_GET["sec2"] = "operation/agentes/group_view"; break; case 'Alert detail': $_GET["sec"] = "estado"; $_GET["sec2"] = "operation/agentes/alerts_status"; break; case 'Tactical view': $_GET["sec"] = "estado"; $_GET["sec2"] = "operation/agentes/tactical"; break; case 'Default': $_GET["sec"] = "general/logon_ok"; break; case 'Dashboard': $_GET["sec"] = "dashboard"; $_GET["sec2"] = ENTERPRISE_DIR.'/dashboard/main_dashboard'; break; case 'Visual console': $_GET["sec"] = "visualc"; $_GET["sec2"] = "operation/visual_console/index"; break; case 'Other': $home_url = io_safe_output($home_url); parse_str ($home_url, $res); $_GET["sec"] = $res["sec"]; $_GET["sec2"] = $res["sec2"]; break; } } else { $_GET["sec"] = "general/logon_ok"; } } db_logon ($nick_in_db, $_SERVER['REMOTE_ADDR']); $_SESSION['id_usuario'] = $nick_in_db; $config['id_user'] = $nick_in_db; //Remove everything that might have to do with people's passwords or logins unset ($_GET['pass'], $pass, $_POST['pass'], $_REQUEST['pass'], $login_good); $user_language = get_user_language ($config['id_user']); $l10n = NULL; if (file_exists ('./include/languages/'.$user_language.'.mo')) { $l10n = new gettext_reader (new CachedFileReader ('./include/languages/'.$user_language.'.mo')); $l10n->load_tables(); } } else { //login wrong $blocked = false; if ((!is_user_admin($nick) || $config['enable_pass_policy_admin']) && defined('PANDORA_ENTERPRISE')) { $blocked = login_check_blocked($nick); } if (!$blocked) { if (defined('PANDORA_ENTERPRISE')) { login_check_failed($nick); //Checks failed attempts } $login_failed = true; require_once ('general/login_page.php'); db_pandora_audit("Logon Failed", "Invalid login: ".$nick, $nick); while (@ob_end_flush ()); exit ("</html>"); } else { require_once ('general/login_page.php'); db_pandora_audit("Logon Failed", "Invalid login: ".$nick, $nick); while (@ob_end_flush ()); exit ("</html>"); } } } elseif (! isset ($config['id_user'])) { // There is no user connected require_once ('general/login_page.php'); while (@ob_end_flush ()); exit ("</html>"); } // Log off if (isset ($_GET["bye"])) { include ("general/logoff.php"); $iduser = $_SESSION["id_usuario"]; db_logoff ($iduser, $_SERVER['REMOTE_ADDR']); // Unregister Session (compatible with 5.2 and 6.x, old code was deprecated unset($_SESSION['id_usuario']); unset($iduser); while (@ob_end_flush ()); exit ("</html>"); } /** * Load the basic configurations of extension and add extensions into menu. * Load here, because if not, some extensions not load well, I don't why. */ extensions_load_extensions ($config['extensions']); if ($process_login) { /* Call all extensions login function */ extensions_call_login_function (); //Set the initial global counter for chat. users_get_last_global_counter('session'); } //Get old parameters before navigation. $old_sec = ''; $old_sec2 = ''; $old_page = ''; if (isset($_SERVER['HTTP_REFERER'])) $old_page = $_SERVER['HTTP_REFERER']; $chunks = explode('?', $old_page); if (count($chunks) == 2) { $chunks = explode('&', $chunks[1]); foreach ($chunks as $chunk) { if (strstr($chunk, 'sec=') !== false) { $old_sec = str_replace('sec=', '', $chunk); } if (strstr($chunk, 'sec2=') !== false) { $old_sec = str_replace('sec2=', '', $chunk); } } } $_SESSION['new_chat'] = false; if ($old_sec2 == 'operation/users/webchat') { users_get_last_global_counter('session'); } if ($page == 'operation/users/webchat') { //Reload the global counter. users_get_last_global_counter('session'); } if (isset($_SESSION['global_counter_chat'])) $old_global_counter_chat = $_SESSION['global_counter_chat']; else $old_global_counter_chat = users_get_last_global_counter('return'); $now_global_counter_chat = users_get_last_global_counter('return'); if ($old_global_counter_chat != $now_global_counter_chat) { if (!users_is_last_system_message()) $_SESSION['new_chat'] = true; } // Display login help info dialog if (get_parameter ('login', 0) !== 0) { // If it's configured to not skip this if (!isset($config['skip_login_help_dialog']) || $config['skip_login_help_dialog'] == 0) { include_once("general/login_help_dialog.php"); } } // Header if ($config["pure"] == 0) { echo '<div id="container"><div id="head">'; require ("general/header.php"); echo '</div><div id="page"><div id="menu">'; require ("general/main_menu.php"); echo '</div>'; } else { echo '<div id="main_pure">'; // Require menu only to build structure to use it in ACLs require ("operation/menu.php"); require ("godmode/menu.php"); } // http://es2.php.net/manual/en/ref.session.php#64525 // Session locking concurrency speedup! session_write_close (); // Main block of content if ($config["pure"] == 0) { echo '<div id="main">'; } // Page loader / selector if ($searchPage) { require ('operation/search_results.php'); } else { if ($page != "") { $page .= '.php'; // Enterprise ACL check if (enterprise_hook ('enterprise_acl', array ($config['id_user'], $sec, $sec2, true)) == false) { require ("general/noaccess.php"); } elseif (file_exists ($page)) { if (! extensions_is_extension ($page)) { require_once($page); } else { if ($sec[0] == 'g') extensions_call_godmode_function (basename ($page)); else extensions_call_main_function (basename ($page)); } } else { ui_print_error_message(__('Sorry! I can\'t find the page!')); } } else { //home screen chosen by the user $home_page =''; if (isset($config['id_user'])) { $user_info = users_get_user_by_id($config['id_user']); $home_page = io_safe_output($user_info['section']); $home_url = $user_info['data_section']; } if ($home_page != '') { switch($home_page) { case 'Event list': require ('operation/events/events.php'); break; case 'Group view': require ('operation/agentes/group_view.php'); break; case 'Alert detail': require ('operation/agentes/alerts_status.php'); break; case 'Tactical view': require ('operation/agentes/tactical.php'); break; case 'Default': require ('general/logon_ok.php'); break; case 'Dashboard': $id_dashboard = db_get_value('id', 'tdashboard', 'name', $home_url); $str = 'sec=visualc&sec2='.ENTERPRISE_DIR.'/dashboard/main_dashboard&id='.$id_dashboard; parse_str($str, $res); foreach ($res as $key => $param) { $_GET[$key] = $param; } require(ENTERPRISE_DIR.'/dashboard/main_dashboard.php'); break; case 'Visual console': $id_visualc = db_get_value('id', 'tlayout', 'name', $home_url); if (($home_url == '') || ($id_visualc == false)) { $str = 'sec=visualc&sec2=operation/visual_console/index&refr=60'; } else $str = 'sec=visualc&sec2=operation/visual_console/render_view&id='.$id_visualc .'&refr=60'; parse_str($str, $res); foreach ($res as $key => $param) { $_GET[$key] = $param; } require($_GET["sec2"].'.php'); break; case 'Other': $home_url = io_safe_output($home_url); parse_str ($home_url, $res); foreach ($res as $key => $param) { $_GET[$key] = $param; } if (isset($_GET['sec2'])) { $file = $_GET['sec2'].'.php'; if (!file_exists ($file)) { unset($_GET['sec2']); require('general/logon_ok.php'); } else { require($file); } } break; } } else { require("general/logon_ok.php"); } } require("general/shortcut_bar.php"); } if ($config["pure"] == 0) { echo '<div style="clear:both"></div>'; echo '</div>'; // main echo '<div style="clear:both"> </div>'; echo '</div>'; // page (id = page) } else { echo "</div>"; // main_pure } if ($config["pure"] == 0) { echo '</div>'; //container div echo '<div style="clear:both"></div>'; echo '<div id="foot">'; require ("general/footer.php"); echo '</div>'; } while (@ob_end_flush ()); db_print_database_debug (); echo '</html>'; $run_time = format_numeric (microtime (true) - $config['start_time'], 3); echo "\n<!-- Page generated in $run_time seconds -->\n"; // Values from PHP to be recovered from JAVASCRIPT require('include/php_to_js_values.php'); ?> <script type="text/javascript" language="javascript"> //Initial load of page $(document).ready(adjustFooter); //Every resize of window $(window).resize(adjustFooter); //Every show/hide call may need footer re-layout (function() { var oShow = jQuery.fn.show; var oHide = jQuery.fn.hide; jQuery.fn.show = function () { var rv = oShow.apply(this, arguments); adjustFooter(); return rv; }; jQuery.fn.hide = function () { var rv = oHide.apply(this, arguments); adjustFooter(); return rv; }; })(); //Dynamically assign footer position and width. function adjustFooter() { if (document.readyState !== 'complete' || $('#container').position() == undefined) { return; } // minimum top value (upper limit) for div#foot var ulim = $('#container').position().top + $('#container').outerHeight(true); // window height. $(window).height() returns wrong value on Opera and Google Chrome. var wh = document.documentElement.clientHeight; // save div#foot's height for latter use var h = $('#foot').height(); // new top value for div#foot var t = (ulim + $('#foot').outerHeight() > wh) ? ulim : wh - $('#foot').outerHeight(); if ($('#foot').position().top != t) { $('#foot').css({ position: "absolute", top: t, left: $('#foot').offset().left}); $('#foot').height(h); } if ($('#foot').width() != $(window).width()) { $('#foot').width($(window).width()); } } </script>