197 lines
5.8 KiB
PHP
197 lines
5.8 KiB
PHP
<?php
|
|
/**
|
|
* Ajax handler.
|
|
*
|
|
* @category Ajax handler.
|
|
* @package Pandora FMS.
|
|
* @subpackage OpenSource.
|
|
* @version 1.0.0
|
|
* @license See below
|
|
*
|
|
* ______ ___ _______ _______ ________
|
|
* | __ \.-----.--.--.--| |.-----.----.-----. | ___| | | __|
|
|
* | __/| _ | | _ || _ | _| _ | | ___| |__ |
|
|
* |___| |___._|__|__|_____||_____|__| |___._| |___| |__|_|__|_______|
|
|
*
|
|
* ============================================================================
|
|
* Copyright (c) 2005-2023 Pandora FMS
|
|
* Please see https://pandorafms.com/community/ for full contribution list
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation for version 2.
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
* ============================================================================
|
|
*/
|
|
|
|
// Begin.
|
|
require 'vendor/autoload.php';
|
|
|
|
define('AJAX', true);
|
|
|
|
if (defined('__PAN_XHPROF__') === false) {
|
|
define('__PAN_XHPROF__', 0);
|
|
}
|
|
|
|
if (__PAN_XHPROF__ === 1) {
|
|
if (function_exists('tideways_xhprof_enable') === true) {
|
|
tideways_xhprof_enable();
|
|
}
|
|
}
|
|
|
|
if (file_exists('include/config.php') === false
|
|
|| is_readable('include/config.php') === false
|
|
) {
|
|
exit;
|
|
}
|
|
|
|
// Don't start a session before this import.
|
|
// The session is configured and started inside the config process.
|
|
require_once 'include/config.php';
|
|
require_once 'include/functions.php';
|
|
require_once 'include/functions_db.php';
|
|
require_once 'include/auth/mysql.php';
|
|
|
|
if (isset($config['console_log_enabled']) === true
|
|
&& $config['console_log_enabled'] == 1
|
|
) {
|
|
ini_set('log_errors', true);
|
|
ini_set('error_log', $config['homedir'].'/log/console.log');
|
|
} else {
|
|
ini_set('log_errors', false);
|
|
ini_set('error_log', '');
|
|
}
|
|
|
|
// Sometimes input is badly retrieved from caller...
|
|
if (empty($_REQUEST) === true) {
|
|
$data = explode('&', urldecode(file_get_contents('php://input')));
|
|
foreach ($data as $d) {
|
|
$r = explode('=', $d, 2);
|
|
$_POST[$r[0]] = $r[1];
|
|
$_GET[$r[0]] = $r[1];
|
|
}
|
|
}
|
|
|
|
// Hash login process.
|
|
if (isset($_POST['auth_token']) === true && (bool) $config['JWT_signature'] !== false) {
|
|
include_once $config['homedir'].'/include/class/JWTRepository.class.php';
|
|
$jwt = new JWTRepository($config['JWT_signature']);
|
|
if ($jwt->setToken($_POST['auth_token']) && $jwt->validate()) {
|
|
$id_user = $jwt->payload()->get('id_user');
|
|
db_logon($id_user, $_SERVER['REMOTE_ADDR']);
|
|
$_SESSION['id_usuario'] = $id_user;
|
|
$config['id_user'] = $id_user;
|
|
} else {
|
|
include_once 'general/login_page.php';
|
|
db_pandora_audit(
|
|
AUDIT_LOG_USER_REGISTRATION,
|
|
'Login token failed',
|
|
'system'
|
|
);
|
|
while (ob_get_length() > 0) {
|
|
ob_end_flush();
|
|
}
|
|
|
|
exit('</html>');
|
|
}
|
|
}
|
|
|
|
// Another auth class example: PandoraFMS\Dashboard\Manager.
|
|
$auth_class = io_safe_output(
|
|
get_parameter('auth_class', 'PandoraFMS\User')
|
|
);
|
|
|
|
$page = (string) get_parameter('page');
|
|
$page = safe_url_extraclean($page);
|
|
$page .= '.php';
|
|
$page = realpath($page);
|
|
$public_hash = get_parameter('auth_hash', false);
|
|
$public_login = false;
|
|
|
|
|
|
if (false === ((bool) get_parameter('doLogin', false) === true
|
|
&& $page === realpath('include/rest-api/index.php'))
|
|
) {
|
|
// Check user.
|
|
if (class_exists($auth_class) === false || $public_hash === false) {
|
|
check_login();
|
|
} else {
|
|
if ($auth_class::validatePublicHash($public_hash) === false) {
|
|
db_pandora_audit(
|
|
AUDIT_LOG_USER_REGISTRATION,
|
|
'Trying to access public dashboard (Invalid public hash)'
|
|
);
|
|
include 'general/noaccess.php';
|
|
exit;
|
|
}
|
|
|
|
// OK. Simulated user log in. If you want to use your own auth_class
|
|
// remember to set $config['force_instant_logout'] to true to avoid
|
|
// persistent user login.
|
|
}
|
|
}
|
|
|
|
ob_start();
|
|
|
|
// Enterprise support.
|
|
if (file_exists(ENTERPRISE_DIR.'/load_enterprise.php') === true) {
|
|
include_once ENTERPRISE_DIR.'/load_enterprise.php';
|
|
}
|
|
|
|
$config['remote_addr'] = $_SERVER['REMOTE_ADDR'];
|
|
|
|
$config['id_user'] = $_SESSION['id_usuario'];
|
|
$isFunctionSkins = enterprise_include_once('include/functions_skins.php');
|
|
if ($isFunctionSkins !== ENTERPRISE_NOT_HOOK) {
|
|
$config['relative_path'] = enterprise_hook(
|
|
'skins_set_image_skin_path',
|
|
[$config['id_user']]
|
|
);
|
|
}
|
|
|
|
if (is_metaconsole() === true) {
|
|
// Backward compatibility.
|
|
define('METACONSOLE', true);
|
|
}
|
|
|
|
if (file_exists($page) === true) {
|
|
include_once $page;
|
|
} else {
|
|
echo '<br /><b class="error">Sorry! I can\'t find the page '.$page.'!</b>';
|
|
}
|
|
|
|
if (__PAN_XHPROF__ === 1) {
|
|
pandora_xhprof_display_result('ajax', 'console');
|
|
}
|
|
|
|
|
|
if (isset($config['force_instant_logout']) === true
|
|
&& $config['force_instant_logout'] === true
|
|
) {
|
|
// Force user logout.
|
|
if (session_status() !== PHP_SESSION_ACTIVE) {
|
|
session_start();
|
|
}
|
|
|
|
$iduser = $_SESSION['id_usuario'];
|
|
$_SESSION = [];
|
|
session_destroy();
|
|
header_remove('Set-Cookie');
|
|
if (isset($_COOKIE[session_name()]) === true) {
|
|
setcookie(session_name(), $_COOKIE[session_name()], (time() - 4800), '/');
|
|
}
|
|
|
|
if ($config['auth'] === 'saml' && empty($public_hash) === true) {
|
|
include_once $config['saml_path'].'simplesamlphp/lib/_autoload.php';
|
|
$as = new SimpleSAML_Auth_Simple('PandoraFMS');
|
|
$as->logout();
|
|
}
|
|
}
|
|
|
|
|
|
while (ob_get_length() > 0) {
|
|
ob_end_flush();
|
|
}
|