<?php
//Pandora FMS- http://pandorafms.com
// ==================================================
// Copyright (c) 2005-2011 Artica Soluciones Tecnologicas
// Please see http://pandorafms.org for full contribution list

// This program is free software; you can redistribute it and/or
// modify it under the terms of the  GNU Lesser General Public License
// as published by the Free Software Foundation; version 2

// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.

require_once ("config.php");
require_once("functions_api.php");

global $config;

define("DEBUG", 0);
define("VERBOSE", 0);

//TESTING THE UPDATE MANAGER


enterprise_include_once ('include/functions_enterprise_api.php');

$ipOrigin = $_SERVER['REMOTE_ADDR'];

//Get the parameters and parse if necesary.
$op = get_parameter('op');
$op2 = get_parameter('op2');
$ext_name = get_parameter('ext_name');
$ext_function = get_parameter('ext_function');
$id = get_parameter('id');
$id2 = get_parameter('id2');
$otherSerialize = get_parameter('other');
$otherMode = get_parameter('other_mode', 'url_encode');
$returnType = get_parameter('return_type', 'string');
$api_password = get_parameter('apipass', '');
$password = get_parameter('pass', '');
$user = get_parameter('user', '');
$info = get_parameter('info', '');

$other = parseOtherParameter($otherSerialize, $otherMode);

$apiPassword = io_output_password(db_get_value_filter('value', 'tconfig', array('token' => 'api_password')));

$correctLogin = false;
$user_in_db = null;
$no_login_msg = "";

// Clean unwanted output
ob_clean();

// Special call without checks to retrieve version and build of the Pandora FMS
// This info is avalable from the web console without login
// Don't change the format, it is parsed by applications
switch($info) {
	case 'version':
		if (!$config["MR"]) {
			$config["MR"] = 0;
		}
		
		echo io_safe_output(get_product_name()) . ' ' . $pandora_version . ' - ' . $build_version . " MR" . $config["MR"];

		exit;
}

if (isInACL($ipOrigin)) {
	if (empty($apiPassword) || (!empty($apiPassword) && $api_password === $apiPassword)) {
		$user_in_db = process_user_login($user, $password, true);
		
		if ($user_in_db !== false) {
			$config['id_user'] = $user_in_db;
			$correctLogin = true;
			
			//XXXX
			session_start();
			$_SESSION["id_usuario"] = $user;
			session_write_close();

			file_put_contents(session_save_path() . DIRECTORY_SEPARATOR . "pansess_" . session_id(), $user);

		}
		else {
			$no_login_msg = "Incorrect user credentials";
		}
	}
	else {
		$no_login_msg = "Incorrect given API password";
	}
}
else {
	$no_login_msg = "IP $ipOrigin is not in ACL list";
}

if ($correctLogin) {
	if (($op !== 'get') && ($op !== 'set') && ($op !== 'help'))
		returnError('no_set_no_get_no_help', $returnType);
	else {
		$function_name = '';
		
		// Check if is an extension function and get the function name
		if ($op2 == 'extension') {
			$extension_api_url = $config["homedir"]."/".EXTENSIONS_DIR."/$ext_name/$ext_name.api.php";
			// The extension API file must exist and the extension must be enabled
			if (file_exists($extension_api_url) && !in_array($ext_name,extensions_get_disabled_extensions())) {
				include_once($extension_api_url);
				$function_name = 'apiextension_' . $op .'_' . $ext_function;
			}
		}
		else {
			$function_name = 'api_' . $op . '_' . $op2;
			
			if ($op == "set" && $id){
				switch ($op2) {
                        case "update_agent":
												
												case "add_module_in_conf":
												case "update_module_in_conf":
												case "delete_module_in_conf":
												
													$id_os = db_get_value_sql('select id_os from tagente where id_agente = '.$id);
													
													if($id_os == 100){
														returnError('not_allowed_operation_cluster', $returnType);
														return false;
													}
													
													break;
												 
                        case "create_network_module":
												case "create_plugin_module":
												case "create_data_module":
												case "create_synthetic_module":
												case "create_snmp_module":
												case "delete_module":
												case "delete_agent":
												
													$id_os = db_get_value_sql('select id_os from tagente where nombre = "'.$id.'"');
													
													if($id_os == 100){
														returnError('not_allowed_operation_cluster', $returnType);
														return false;
													}
													
													break;
												
												case "update_network_module":
												case "update_plugin_module":
												case "update_data_module":
												case "update_snmp_module":
												
													$id_os = db_get_value_sql('select id_os from tagente where id_agente = (select id_agente from tagente_modulo where id_agente_modulo ='.$id.')');
													
													if($id_os == 100){
														returnError('not_allowed_operation_cluster', $returnType);
														return false;
													}
												
													break;
												
												default:
												
													// break;
                    }
			}
		}
			
		// Check if the function exists
		if (function_exists($function_name)) {
			if (!DEBUG) {
				error_reporting(0);
			}
			if (VERBOSE) {
				error_reporting(E_ALL);
				ini_set("display_errors", 1);
			}
			
			call_user_func($function_name, $id, $id2, $other, $returnType, $user_in_db);
		}
		else {
			returnError('no_exist_operation', $returnType);
		}
	}

	//XXXXX
	if (file_exists(session_save_path() . DIRECTORY_SEPARATOR . "pansess_" . session_id())) {
		unlink(session_save_path() . DIRECTORY_SEPARATOR . "pansess_" . session_id());
	}
}
else {
	// TODO: Implement a new switch in config to enable / disable
	// ACL auth failure: if enabled and have lots of traffic can produce millions
	// of records and a considerable OVERHEAD in the system :(
	
	//db_pandora_audit("API access Failed", $no_login_msg, $user, $ipOrigin);
	sleep (15);
	
	//Protection on DoS attacks
	echo 'auth error';
}
?>