80 lines
2.3 KiB
PHP
80 lines
2.3 KiB
PHP
<?php
|
|
//Pandora FMS- http://pandorafms.com
|
|
// ==================================================
|
|
// Copyright (c) 2005-2011 Artica Soluciones Tecnologicas
|
|
// Please see http://pandorafms.org for full contribution list
|
|
|
|
// This program is free software; you can redistribute it and/or
|
|
// modify it under the terms of the GNU Lesser General Public License
|
|
// as published by the Free Software Foundation; version 2
|
|
|
|
// This program is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU General Public License for more details.
|
|
|
|
require_once ("config.php");
|
|
require_once("functions_api.php");
|
|
|
|
global $config;
|
|
|
|
enterprise_include_once ('include/functions_enterprise_api.php');
|
|
|
|
$ipOrigin = $_SERVER['REMOTE_ADDR'];
|
|
|
|
//Get the parameters and parse if necesary.
|
|
$op = get_parameter('op');
|
|
$op2 = get_parameter('op2');
|
|
$id = get_parameter('id');
|
|
$id2 = get_parameter('id2');
|
|
$otherSerialize = get_parameter('other');
|
|
$otherMode = get_parameter('other_mode', 'url_encode');
|
|
$returnType = get_parameter('return_type', 'string');
|
|
$password = get_parameter('pass', '');
|
|
$user = get_parameter('user', '');
|
|
|
|
$other = parseOtherParameter($otherSerialize, $otherMode);
|
|
|
|
$apiPassword = db_get_value_filter('value', 'tconfig', array('token' => 'api_password'));
|
|
|
|
$correctLogin = false;
|
|
$user_in_db = null;
|
|
if (!empty($apiPassword)) {
|
|
if (($password === $apiPassword) && (empty($user))) {
|
|
$correctLogin = true;
|
|
}
|
|
else {
|
|
$user_in_db = process_user_login($user, $password);
|
|
if ($user_in_db !== false) {
|
|
$config['id_user'] = $user_in_db;
|
|
$correctLogin = true;
|
|
}
|
|
}
|
|
}
|
|
else {
|
|
$user_in_db = process_user_login($user, $password);
|
|
if ($user_in_db !== false) {
|
|
$config['id_user'] = $user_in_db;
|
|
$correctLogin = true;
|
|
}
|
|
else if (isInACL($ipOrigin)) {
|
|
$correctLogin = true;
|
|
}
|
|
}
|
|
|
|
if ($correctLogin) {
|
|
if (($op !== 'get') && ($op !== 'set') && ($op !== 'help'))
|
|
returnError('no_set_no_get_no_help', $returnType);
|
|
else {
|
|
if (!function_exists($op.'_'.$op2))
|
|
returnError('no_exist_operation', $returnType);
|
|
else {
|
|
call_user_func($op.'_'.$op2, $id, $id2, $other, $returnType, $user_in_db);
|
|
}
|
|
}
|
|
}
|
|
else {
|
|
echo 'ERROR: Your IP (' . $ipOrigin . ') is not in ACL IP list.';
|
|
}
|
|
?>
|