Pandora FMS - '.__('the Flexible Monitoring System').'

'; // Pure mode (without menu, header and footer). $config["pure"] = get_parameter ("pure", 0); // Auto Refresh page $intervalo = get_parameter ("refr", 0); if ($intervalo > 0) { // Agent selection filters and refresh $query = 'http' . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE ? 's': '') . '://' . $_SERVER['SERVER_NAME']; if ($_SERVER['SERVER_PORT'] != 80 && (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE && $_SERVER['SERVER_PORT'] != 443)) $query .= ":" . $_SERVER['SERVER_PORT']; $query .= $_SERVER['SCRIPT_NAME']; if (isset ($_REQUEST["refr"])) { $query .= '?'; foreach ($_POST as $key => $value) { $query .= '&'.$key.'='.$value; } foreach ($_GET as $key => $value) { $query .= '&'.$key.'='.$value; } } if (isset ($_POST["ag_group"])) { $ag_group = $_POST["ag_group"]; $query = 'http' . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE ? 's': '') . '://' . $_SERVER['SERVER_NAME']; if ($_SERVER['SERVER_PORT'] != 80 && (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE && $_SERVER['SERVER_PORT'] != 443)) $query .= ":" . $_SERVER['SERVER_PORT']; $query .= $_SERVER['REQUEST_URI'] . '&ag_group_refresh=' . $ag_group; } else { echo ''; } } enterprise_include ('index.php'); echo 'Pandora FMS - '.__('the Flexible Monitoring System').' '; enterprise_hook ('load_html_header'); echo ''; // Show custom background if ($config["pure"] == 0) { echo ''; } else { echo ''; } $REMOTE_ADDR = $_SERVER['REMOTE_ADDR']; $config["remote_addr"] = $_SERVER['REMOTE_ADDR']; // Login process if (! isset ($_SESSION['id_usuario']) && isset ($_GET["login"])) { $nick = get_parameter_post ("nick"); $pass = get_parameter_post ("pass"); // Connect to Database $sql = sprintf ("SELECT `id_usuario`, `password` FROM `tusuario` WHERE `id_usuario` = '%s'", $nick); $row = get_db_row_sql ($sql); // For every registry if ($row !== false) { if ($row["password"] == md5 ($pass)) { // Login OK // Nick could be uppercase or lowercase (select in MySQL // is not case sensitive) // We get DB nick to put in PHP Session variable, // to avoid problems with case-sensitive usernames. // Thanks to David Muñiz for Bug discovery :) $nick = $row["id_usuario"]; unset ($_GET["sec2"]); $_GET["sec"] = "general/logon_ok"; update_user_contact ($nick); logon_db ($nick, $REMOTE_ADDR); $_SESSION['id_usuario'] = $nick; $config['id_user'] = $nick; unset ($_GET['pass'], $pass); } else { // Login failed (bad password) unset ($_GET["sec2"]); require "general/logon_failed.php"; // change password to do not show any string // $primera = substr ($pass,0,1); // $ultima = substr ($pass, strlen ($pass) - 1, 1); // $pass = $primera . "****" . $ultima; audit_db ($nick, $REMOTE_ADDR, "Logon Failed", "Incorrect password: " . $nick); exit; } } else { // User not known unset ($_GET["sec2"]); require "general/logon_failed.php"; // do not show any password string. Unsafe especially with // short passwords //$primera = substr ($pass, 0, 1); //$ultima = substr ($pass, strlen ($pass) - 1, 1); //$pass = $primera . "****" . $ultima; audit_db ($nick, $REMOTE_ADDR, "Logon Failed", "Invalid username: " . $nick); exit; } } elseif (! isset ($_SESSION['id_usuario'])) { // There is no user connected include "general/login_page.php"; echo ''; exit; } else { // There is session for id_usuario $config["id_user"] = $_SESSION["id_usuario"]; } // Log off if (isset ($_GET["bye"])) { include "general/logoff.php"; $iduser = $_SESSION["id_usuario"]; logoff_db ($iduser, $REMOTE_ADDR); session_unregister ("id_usuario"); exit; } $page = ""; $sec2 = ""; $sec = ""; if (isset ($_GET["sec2"])) { $sec2 = get_parameter_get ('sec2'); $sec2 = safe_url_extraclean ($sec2); $page = $sec2; } if (isset ($_GET["sec"])) { $sec = get_parameter_get ('sec'); $sec = safe_url_extraclean ($sec); $page = $sec2; } // http://es2.php.net/manual/en/ref.session.php#64525 // Session locking concurrency speedup! session_write_close(); // Header if ($config["pure"] == 0) { echo '

'; require ("general/header.php"); echo '

'; } else { echo '

'; } // Main block of content if ($config["pure"] == 0) { echo '

'; } // Page loader / selector if ($page != "") { $page .= '.php'; if (file_exists ($page)) { if (! is_extension ($page)) { require ($page); } else { if ($sec[0] == 'g') { extension_call_godmode_function (basename ($page)); } else { extension_call_main_function (basename ($page)); } } } else { echo '
'.__('Sorry! I can\'t find the page!').''; } } else { if (enterprise_hook ('load_logon_ok') === ENTERPRISE_NOT_HOOK) { require ("general/logon_ok.php"); } } if ($config["pure"] == 0) { echo '

'; // main echo '

'; echo '

'; // page (id = page) } else { echo "

"; // main_pure } if ($config["pure"] == 0) { echo '

'; require ("general/footer.php"); echo '

'; echo '

'; } echo ''; ?>