<?php /** * Ajax handler. * * @category Ajax handler. * @package Pandora FMS. * @subpackage OpenSource. * @version 1.0.0 * @license See below * * ______ ___ _______ _______ ________ * | __ \.-----.--.--.--| |.-----.----.-----. | ___| | | __| * | __/| _ | | _ || _ | _| _ | | ___| |__ | * |___| |___._|__|__|_____||_____|__| |___._| |___| |__|_|__|_______| * * ============================================================================ * Copyright (c) 2005-2019 Artica Soluciones Tecnologicas * Please see http://pandorafms.org for full contribution list * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation for version 2. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * ============================================================================ */ // Begin. require 'vendor/autoload.php'; define('AJAX', true); if (!defined('__PAN_XHPROF__')) { define('__PAN_XHPROF__', 0); } if (__PAN_XHPROF__ === 1) { if (function_exists('tideways_xhprof_enable')) { tideways_xhprof_enable(); } } if ((! file_exists('include/config.php')) || (! is_readable('include/config.php')) ) { exit; } // Don't start a session before this import. // The session is configured and started inside the config process. require_once 'include/config.php'; require_once 'include/functions.php'; require_once 'include/functions_db.php'; require_once 'include/auth/mysql.php'; if (isset($config['console_log_enabled']) === true && $config['console_log_enabled'] == 1 ) { ini_set('log_errors', 1); ini_set('error_log', $config['homedir'].'/log/console.log'); } else { ini_set('log_errors', 0); ini_set('error_log', 0); } // Hash login process. if (isset($_GET['loginhash']) === true) { $loginhash_data = get_parameter('loginhash_data', ''); $loginhash_user = str_rot13(get_parameter('loginhash_user', '')); if ($config['loginhash_pwd'] != '' && $loginhash_data == md5( $loginhash_user.io_output_password($config['loginhash_pwd']) ) ) { db_logon($loginhash_user, $_SERVER['REMOTE_ADDR']); $_SESSION['id_usuario'] = $loginhash_user; $config['id_user'] = $loginhash_user; } else { include_once 'general/login_page.php'; db_pandora_audit('Logon Failed (loginhash', '', 'system'); while (@ob_end_flush()) { // Dumping... continue; } exit('</html>'); } } $auth_class = io_safe_output( get_parameter('auth_class', 'PandoraFMS\Dashboard\Manager') ); $public_hash = get_parameter('auth_hash', false); $public_login = false; // Check user. if (class_exists($auth_class) === false || $public_hash === false) { check_login(); } else { if ($auth_class::validatePublicHash($public_hash) === false) { db_pandora_audit( 'Invalid public hash', 'Trying to access public dashboard' ); include 'general/noaccess.php'; exit; } // OK. Simulated user log in. If you want to use your own auth_class // remember to set $config['force_instant_logout'] to true to avoid // persistent user login. } ob_start(); // Enterprise support. if (file_exists(ENTERPRISE_DIR.'/load_enterprise.php')) { include_once ENTERPRISE_DIR.'/load_enterprise.php'; } $config['remote_addr'] = $_SERVER['REMOTE_ADDR']; $page = (string) get_parameter('page'); $page = safe_url_extraclean($page); $page .= '.php'; $config['id_user'] = $_SESSION['id_usuario']; $isFunctionSkins = enterprise_include_once('include/functions_skins.php'); if ($isFunctionSkins !== ENTERPRISE_NOT_HOOK) { $config['relative_path'] = enterprise_hook( 'skins_set_image_skin_path', [$config['id_user']] ); } if (is_metaconsole()) { // Backward compatibility. define('METACONSOLE', true); } if (file_exists($page)) { include_once $page; } else { echo '<br /><b class="error">Sorry! I can\'t find the page '.$page.'!</b>'; } if (__PAN_XHPROF__ === 1) { pandora_xhprof_display_result('ajax', 'console'); } if ($config['force_instant_logout'] === true) { // Force user logout. if (session_status() !== PHP_SESSION_ACTIVE) { session_start(); } $iduser = $_SESSION['id_usuario']; $_SESSION = []; session_destroy(); header_remove('Set-Cookie'); setcookie(session_name(), $_COOKIE[session_name()], (time() - 4800), '/'); if ($config['auth'] == 'saml') { include_once $config['saml_path'].'simplesamlphp/lib/_autoload.php'; $as = new SimpleSAML_Auth_Simple('PandoraFMS'); $as->logout(); } } while (@ob_end_flush()) { // Dumping... continue; }