2017-05-22 11:24:21 +02:00
|
|
|
<?php
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
//
|
|
|
|
// NagiosQL
|
2019-04-17 11:40:50 +02:00
|
|
|
//
|
2017-05-22 11:24:21 +02:00
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
//
|
2019-04-17 11:40:50 +02:00
|
|
|
// (c) 2005-2018 by Martin Willisegger
|
2017-05-22 11:24:21 +02:00
|
|
|
//
|
|
|
|
// Project : NagiosQL
|
|
|
|
// Component : Preprocessing script
|
2019-04-17 11:40:50 +02:00
|
|
|
// Website : https://sourceforge.net/projects/nagiosql/
|
|
|
|
// Version : 3.4.0
|
|
|
|
// GIT Repo : https://gitlab.com/wizonet/NagiosQL
|
2017-05-22 11:24:21 +02:00
|
|
|
//
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
error_reporting(E_ALL & ~E_STRICT);
|
|
|
|
//
|
|
|
|
// Timezone settings (>=PHP5.1)
|
|
|
|
// ============================
|
2019-04-17 11:40:50 +02:00
|
|
|
if (function_exists('date_default_timezone_set') and function_exists('date_default_timezone_get')) {
|
|
|
|
date_default_timezone_set(date_default_timezone_get());
|
2017-05-22 11:24:21 +02:00
|
|
|
}
|
|
|
|
//
|
|
|
|
// Process post/get parameters
|
|
|
|
// ===========================
|
2019-04-17 11:40:50 +02:00
|
|
|
$chkInsName = filter_input(INPUT_POST, 'tfUsername', FILTER_SANITIZE_STRING);
|
|
|
|
$chkInsPasswd = filter_input(INPUT_POST, 'tfPassword', FILTER_SANITIZE_STRING);
|
|
|
|
$chkLogout = filter_input(INPUT_GET, 'logout', FILTER_SANITIZE_STRING, array('options' => array('default' => 'rr')));
|
2017-05-22 11:24:21 +02:00
|
|
|
//
|
|
|
|
// Define common variables
|
|
|
|
// =======================
|
2019-04-17 11:40:50 +02:00
|
|
|
if ((filter_input(INPUT_GET, 'SETS') != null) || (filter_input(INPUT_POST, 'SETS') != null)) {
|
|
|
|
$SETS = ''; // For security reason
|
|
|
|
}
|
|
|
|
$strErrorMessage = ''; // All error messages (red)
|
|
|
|
$strInfoMessage = ''; // All information messages (green)
|
|
|
|
$strConsistMessage = ''; // Consistency message
|
|
|
|
$tplHeaderVar = '';
|
|
|
|
$chkDomainId = 0;
|
|
|
|
$chkGroupAdm = 0;
|
|
|
|
$intError = 0;
|
|
|
|
$setDBVersion = 'unknown';
|
|
|
|
$setFileVersion = '3.4.0';
|
2017-05-22 11:24:21 +02:00
|
|
|
//
|
|
|
|
// Start PHP session
|
|
|
|
// =================
|
|
|
|
session_start();
|
|
|
|
//
|
|
|
|
// Check path settings
|
|
|
|
// ===================
|
2019-04-17 11:40:50 +02:00
|
|
|
if (substr_count(filter_input(INPUT_SERVER, 'SCRIPT_NAME', FILTER_SANITIZE_STRING), 'index.php') != 0) {
|
|
|
|
$preBasePath = str_replace('//', '/', dirname(filter_input(
|
|
|
|
INPUT_SERVER,
|
|
|
|
'SCRIPT_FILENAME',
|
|
|
|
FILTER_SANITIZE_STRING
|
|
|
|
)). '/');
|
|
|
|
$preBaseURL = str_replace('//', '/', dirname(filter_input(
|
|
|
|
INPUT_SERVER,
|
|
|
|
'SCRIPT_NAME',
|
|
|
|
FILTER_SANITIZE_STRING
|
|
|
|
)). '/');
|
|
|
|
$_SESSION['SETS']['path']['base_url'] = $preBaseURL;
|
|
|
|
$_SESSION['SETS']['path']['base_path'] = $preBasePath;
|
|
|
|
} elseif (!isset($_SESSION['SETS']['path']['base_url']) || !isset($_SESSION['SETS']['path']['base_path'])) {
|
|
|
|
header('Location: ../index.php');
|
|
|
|
exit;
|
2017-05-22 11:24:21 +02:00
|
|
|
} else {
|
2019-04-17 11:40:50 +02:00
|
|
|
$preBaseURL = $_SESSION['SETS']['path']['base_url'];
|
|
|
|
$preBasePath = $_SESSION['SETS']['path']['base_path'];
|
2017-05-22 11:24:21 +02:00
|
|
|
}
|
|
|
|
//
|
|
|
|
// Start installer
|
|
|
|
// ===============
|
|
|
|
$preIniFile = $preBasePath.'config/settings.php';
|
2019-04-17 11:40:50 +02:00
|
|
|
if (!file_exists($preIniFile) || !is_readable($preIniFile)) {
|
|
|
|
header('Location: '.$preBaseURL.'install/index.php');
|
|
|
|
exit;
|
2017-05-22 11:24:21 +02:00
|
|
|
}
|
|
|
|
//
|
|
|
|
// Read file settings
|
|
|
|
// ==================
|
2019-04-17 11:40:50 +02:00
|
|
|
$SETS = parse_ini_file($preBasePath.'config/settings.php', true);
|
|
|
|
if (!isset($_SESSION['SETS']['db'])) {
|
|
|
|
$_SESSION['SETS']['db'] = $SETS['db'];
|
|
|
|
}
|
2017-05-22 11:24:21 +02:00
|
|
|
//
|
2019-04-17 11:40:50 +02:00
|
|
|
// Include external function/class files
|
|
|
|
// =====================================
|
|
|
|
require $preBasePath.'functions/Autoloader.php';
|
|
|
|
require $preBasePath.'functions/translator.php';
|
|
|
|
functions\Autoloader::register($preBasePath);
|
2017-05-22 11:24:21 +02:00
|
|
|
//
|
|
|
|
// Initialize classes - part 1
|
|
|
|
// ===========================
|
2019-04-17 11:40:50 +02:00
|
|
|
$myDBClass = new functions\MysqliDbClass;
|
|
|
|
$myDBClass->arrParams = $_SESSION['SETS']['db'];
|
|
|
|
$myDBClass->hasDBConnection();
|
2017-05-22 11:24:21 +02:00
|
|
|
if ($myDBClass->error == true) {
|
2019-04-17 11:40:50 +02:00
|
|
|
$strDBMessage = $myDBClass->strErrorMessage;
|
|
|
|
$booError = $myDBClass->error;
|
|
|
|
$intError = 1;
|
2017-05-22 11:24:21 +02:00
|
|
|
}
|
|
|
|
//
|
|
|
|
// Get additional configuration from the table tbl_settings
|
|
|
|
// ========================================================
|
|
|
|
if ($intError == 0) {
|
2019-04-17 11:40:50 +02:00
|
|
|
$strSQL = 'SELECT `category`,`name`,`value` FROM `tbl_settings`';
|
|
|
|
$booReturn = $myDBClass->hasDataArray($strSQL, $arrDataLines, $intDataCount);
|
|
|
|
if ($booReturn == false) {
|
|
|
|
$strErrorMessage .= translate('Error while selecting data from database:'). '::' .$myDBClass->strErrorMessage;
|
|
|
|
$intError = 1;
|
|
|
|
} elseif ($intDataCount != 0) {
|
|
|
|
if (isset($_SESSION['SETS']['data']['locale']) && ($_SESSION['SETS']['data']['locale'] != '')) {
|
|
|
|
$strStoreLanguage = $_SESSION['SETS']['data']['locale'];
|
|
|
|
}
|
|
|
|
// Save additional configuration information
|
|
|
|
for ($i = 0; $i < $intDataCount; $i++) {
|
|
|
|
// We use the path settings from file
|
|
|
|
if ($arrDataLines[$i]['name'] == 'base_url') {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
if ($arrDataLines[$i]['name'] == 'base_path') {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
$SETS[$arrDataLines[$i]['category']][$arrDataLines[$i]['name']] = $arrDataLines[$i]['value'];
|
|
|
|
}
|
|
|
|
if (isset($strStoreLanguage) && ($strStoreLanguage != '')) {
|
|
|
|
$SETS['data']['locale'] = $strStoreLanguage;
|
|
|
|
}
|
|
|
|
}
|
2017-05-22 11:24:21 +02:00
|
|
|
}
|
|
|
|
//
|
|
|
|
// Enable PHP gettext functionality
|
|
|
|
// ================================
|
|
|
|
if ($intError == 0) {
|
2019-04-17 11:40:50 +02:00
|
|
|
$arrLocale = explode('.', $SETS['data']['locale']);
|
|
|
|
$strDomain = $arrLocale[0];
|
|
|
|
$strLocale = setlocale(
|
|
|
|
LC_ALL,
|
|
|
|
$SETS['data']['locale'],
|
|
|
|
$SETS['data']['locale']. '.utf-8',
|
|
|
|
$SETS['data']['locale']. '.utf-8',
|
|
|
|
$SETS['data']['locale']. '.utf8',
|
|
|
|
'en_GB',
|
|
|
|
'en_GB.utf-8',
|
|
|
|
'en_GB.utf8'
|
|
|
|
);
|
|
|
|
if (!isset($strLocale)) {
|
|
|
|
$strErrorMessage .= translate('Error setting the correct locale. Please report this error with the associated '
|
|
|
|
. "output of 'locale -a'"). '::';
|
|
|
|
$intError = 1;
|
|
|
|
}
|
|
|
|
putenv('LC_ALL=' .$SETS['data']['locale']. '.utf-8');
|
|
|
|
putenv('LANG=' .$SETS['data']['locale']. '.utf-8');
|
|
|
|
bindtextdomain($strDomain, $preBasePath. 'config/locale');
|
|
|
|
bind_textdomain_codeset($strDomain, $SETS['data']['encoding']);
|
|
|
|
textdomain($strDomain);
|
|
|
|
}
|
2017-05-22 11:24:21 +02:00
|
|
|
//
|
|
|
|
// Include external function/class files
|
|
|
|
// =====================================
|
2019-04-17 11:40:50 +02:00
|
|
|
require_once $preBasePath.'libraries/pear/HTML/Template/IT.php';
|
2017-05-22 11:24:21 +02:00
|
|
|
if (isset($preFieldvars) && ($preFieldvars == 1)) {
|
2019-04-17 11:40:50 +02:00
|
|
|
require $preBasePath.'config/fieldvars.php';
|
2017-05-22 11:24:21 +02:00
|
|
|
}
|
|
|
|
//
|
|
|
|
// Check path settings
|
|
|
|
// ===================
|
|
|
|
if (!isset($SETS['path']['base_path']) || ($preBasePath != $SETS['path']['base_path'])) {
|
2019-04-17 11:40:50 +02:00
|
|
|
$SETS['path']['base_path'] = $preBasePath;
|
2017-05-22 11:24:21 +02:00
|
|
|
}
|
|
|
|
if (!isset($SETS['path']['base_url']) || ($preBaseURL != $SETS['path']['base_url'])) {
|
2019-04-17 11:40:50 +02:00
|
|
|
$SETS['path']['base_url'] = $preBaseURL;
|
2017-05-22 11:24:21 +02:00
|
|
|
}
|
|
|
|
//
|
|
|
|
// Add data to the session
|
|
|
|
// =======================
|
2019-04-17 11:40:50 +02:00
|
|
|
$_SESSION['SETS'] = $SETS;
|
|
|
|
$_SESSION['strLoginMessage'] = '';
|
|
|
|
$_SESSION['startsite'] = $_SESSION['SETS']['path']['base_url']. 'admin.php';
|
|
|
|
if (!isset($_SESSION['logged_in'])) {
|
|
|
|
$_SESSION['logged_in'] = 0;
|
|
|
|
}
|
|
|
|
// Reload locale after logout
|
|
|
|
if (isset($chkLogout) && ($chkLogout == 'yes')) {
|
|
|
|
$_SESSION = array();
|
|
|
|
$_SESSION['SETS'] = $SETS;
|
|
|
|
$_SESSION['logged_in'] = 0;
|
|
|
|
$_SESSION['userid'] = 0;
|
|
|
|
$_SESSION['groupadm'] = 0;
|
|
|
|
$_SESSION['strLoginMessage'] = '';
|
|
|
|
$_SESSION['startsite'] = $_SESSION['SETS']['path']['base_url']. 'admin.php';
|
|
|
|
// Get default language
|
|
|
|
$strSQL = "SELECT `value` FROM `tbl_settings` WHERE `category`='data' AND `name`='locale'";
|
|
|
|
$strLocaleDB = $myDBClass->getFieldData($strSQL);
|
|
|
|
if ($strLocaleDB != '') {
|
|
|
|
$_SESSION['SETS']['data']['locale'] = $strLocaleDB;
|
|
|
|
$SETS['data']['locale'] = $strLocaleDB;
|
|
|
|
}
|
|
|
|
$arrLocale = explode('.', $SETS['data']['locale']);
|
|
|
|
$strDomain = $arrLocale[0];
|
|
|
|
$strLocale = setlocale(
|
|
|
|
LC_ALL,
|
|
|
|
$SETS['data']['locale'],
|
|
|
|
$SETS['data']['locale']. '.utf-8',
|
|
|
|
$SETS['data']['locale']. '.utf-8',
|
|
|
|
$SETS['data']['locale']. '.utf8',
|
|
|
|
'en_GB',
|
|
|
|
'en_GB.utf-8',
|
|
|
|
'en_GB.utf8'
|
|
|
|
);
|
|
|
|
if (!isset($strLocale)) {
|
|
|
|
$strErrorMessage .= translate('Error in setting the correct locale, please report this error with the '
|
|
|
|
. "associated output of 'locale -a' to bugs@nagiosql.org"). '::';
|
|
|
|
$intError = 1;
|
|
|
|
}
|
|
|
|
putenv('LC_ALL=' .$SETS['data']['locale']. '.utf-8');
|
|
|
|
putenv('LANG=' .$SETS['data']['locale']. '.utf-8');
|
|
|
|
bindtextdomain($strDomain, $preBasePath . 'config/locale');
|
|
|
|
bind_textdomain_codeset($strDomain, $SETS['data']['encoding']);
|
|
|
|
textdomain($strDomain);
|
|
|
|
}
|
|
|
|
// Hide menu
|
|
|
|
if (filter_input(INPUT_GET, 'menu') != null) {
|
|
|
|
if (filter_input(INPUT_GET, 'menu', FILTER_SANITIZE_STRING) == 'visible') {
|
|
|
|
$_SESSION['menu'] = 'visible';
|
|
|
|
} elseif (filter_input(INPUT_GET, 'menu', FILTER_SANITIZE_STRING) == 'invisible') {
|
|
|
|
$_SESSION['menu'] = 'invisible';
|
|
|
|
}
|
|
|
|
}
|
2017-05-22 11:24:21 +02:00
|
|
|
//
|
|
|
|
// Initialize classes
|
|
|
|
// ==================
|
2019-04-17 11:40:50 +02:00
|
|
|
$myVisClass = new functions\NagVisualClass($_SESSION);
|
|
|
|
$myDataClass = new functions\NagDataClass($_SESSION);
|
|
|
|
$myConfigClass = new functions\NagConfigClass($_SESSION);
|
|
|
|
$myContentClass = new functions\NagContentClass($_SESSION);
|
2017-05-22 11:24:21 +02:00
|
|
|
//
|
|
|
|
// Propagating the classes themselves
|
|
|
|
// ==================================
|
2019-04-17 11:40:50 +02:00
|
|
|
$myVisClass->myDBClass =& $myDBClass;
|
|
|
|
$myVisClass->myConfigClass =& $myConfigClass;
|
|
|
|
//
|
|
|
|
$myDataClass->myDBClass =& $myDBClass;
|
|
|
|
$myDataClass->myVisClass =& $myVisClass;
|
|
|
|
$myDataClass->myConfigClass =& $myConfigClass;
|
|
|
|
//
|
|
|
|
$myConfigClass->myDBClass =& $myDBClass;
|
|
|
|
$myConfigClass->myDataClass =& $myDataClass;
|
|
|
|
//
|
|
|
|
$myContentClass->myDBClass =& $myDBClass;
|
|
|
|
$myContentClass->myVisClass =& $myVisClass;
|
|
|
|
$myContentClass->myConfigClass =& $myConfigClass;
|
|
|
|
if (isset($arrDescription)) {
|
|
|
|
$myContentClass->arrDescription = $arrDescription;
|
|
|
|
}
|
2017-05-22 11:24:21 +02:00
|
|
|
//
|
|
|
|
// Version management
|
|
|
|
// ==================
|
|
|
|
if ($intError == 0) {
|
2019-04-17 11:40:50 +02:00
|
|
|
$setDBVersion = $SETS['db']['version'];
|
2017-05-22 11:24:21 +02:00
|
|
|
}
|
|
|
|
//
|
|
|
|
// Version check
|
|
|
|
// =============
|
2019-04-17 11:40:50 +02:00
|
|
|
if (version_compare($setFileVersion, $setDBVersion, '>') && (file_exists($preBasePath. 'install') &&
|
|
|
|
is_readable($preBasePath. 'install'))) {
|
|
|
|
header('Location: '. $_SESSION['SETS']['path']['base_url'].'install/index.php');
|
|
|
|
exit;
|
2017-05-22 11:24:21 +02:00
|
|
|
}
|
2019-04-17 11:40:50 +02:00
|
|
|
//
|
2017-05-22 11:24:21 +02:00
|
|
|
// Browser Check
|
|
|
|
// =============
|
|
|
|
$preBrowser = $myVisClass->browserCheck();
|
|
|
|
//
|
|
|
|
// Login process
|
|
|
|
// ==============
|
2019-04-17 11:40:50 +02:00
|
|
|
$strRemoteUser = filter_input(INPUT_SERVER, 'REMOTE_USER', FILTER_SANITIZE_STRING);
|
|
|
|
if (isset($strRemoteUser) && ($strRemoteUser != '') && ($_SESSION['logged_in'] == 0) &&
|
|
|
|
($chkLogout != 'yes') && ($chkInsName == '')) {
|
|
|
|
$strSQL = "SELECT * FROM `tbl_user` WHERE `username`='".$strRemoteUser."' AND `wsauth`='1' AND `active`='1'";
|
|
|
|
$booReturn = $myDBClass->hasDataArray($strSQL, $arrDataUser, $intDataCount);
|
|
|
|
if ($booReturn && ($intDataCount == 1)) {
|
|
|
|
// Set session variables
|
|
|
|
$_SESSION['username'] = $arrDataUser[0]['username'];
|
|
|
|
$_SESSION['userid'] = $arrDataUser[0]['id'];
|
|
|
|
$_SESSION['groupadm'] = $arrDataUser[0]['admin_enable'];
|
|
|
|
$_SESSION['startsite'] = $_SESSION['SETS']['path']['base_url']. 'admin.php';
|
|
|
|
$_SESSION['timestamp'] = time();
|
|
|
|
$_SESSION['logged_in'] = 1;
|
|
|
|
$_SESSION['domain'] = $arrDataUser[0]['domain'];
|
|
|
|
// Update language settings
|
|
|
|
$strSQL = 'SELECT `locale` FROM `tbl_language` '
|
|
|
|
. "WHERE `id`='".$arrDataUser[0]['language']."' AND `active`='1'";
|
|
|
|
$strUserLocale = $myDBClass->getFieldData($strSQL);
|
|
|
|
if ($strUserLocale != '') {
|
|
|
|
$_SESSION['SETS']['data']['locale'] = $strUserLocale;
|
|
|
|
$SETS['data']['locale'] = $strUserLocale;
|
|
|
|
}
|
|
|
|
// Update last login time
|
|
|
|
$strSQLUpdate = 'UPDATE `tbl_user` SET `last_login`=NOW() '
|
|
|
|
. "WHERE `username`='".$myDBClass->realEscape($chkInsName)."'";
|
|
|
|
$booReturn = $myDBClass->insertData($strSQLUpdate);
|
|
|
|
$myDataClass->strUserName = $arrDataUser[0]['username'];
|
|
|
|
$myDataClass->writeLog(translate('Webserver login successfull'));
|
|
|
|
$_SESSION['strLoginMessage'] = '';
|
|
|
|
// Redirect to start page
|
|
|
|
header('Location: ' .$_SESSION['SETS']['path']['protocol']. '://' .
|
|
|
|
filter_input(INPUT_SERVER, 'HTTP_HOST', FILTER_SANITIZE_STRING).$_SESSION['startsite']);
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (($_SESSION['logged_in'] == 0) && isset($chkInsName) && ($chkInsName != '') && ($intError == 0)) {
|
|
|
|
$chkInsName = $myDBClass->realEscape($chkInsName);
|
|
|
|
$chkInsPasswd = $myDBClass->realEscape($chkInsPasswd);
|
|
|
|
$strSQL = 'SELECT * FROM `tbl_user` '
|
|
|
|
. "WHERE `username`='".$chkInsName."' AND `password`=MD5('".$chkInsPasswd."') AND `active`='1'";
|
|
|
|
$booReturn = $myDBClass->hasDataArray($strSQL, $arrDataUser, $intDataCount);
|
|
|
|
if ($booReturn == false) {
|
|
|
|
$strErrorMessage = str_replace('::', '<br>', $strErrorMessage);
|
|
|
|
$myVisClass->processMessage(translate('Error while selecting data from database:'), $strErrorMessage);
|
|
|
|
$myVisClass->processMessage($myDBClass->strErrorMessage, $strErrorMessage);
|
|
|
|
$_SESSION['strLoginMessage'] = $strErrorMessage;
|
|
|
|
} elseif ($intDataCount == 1) {
|
|
|
|
// Set session variables
|
|
|
|
$_SESSION['username'] = $arrDataUser[0]['username'];
|
|
|
|
$_SESSION['userid'] = $arrDataUser[0]['id'];
|
|
|
|
$_SESSION['groupadm'] = $arrDataUser[0]['admin_enable'];
|
|
|
|
$_SESSION['startsite'] = $_SESSION['SETS']['path']['base_url'] . 'admin.php';
|
|
|
|
$_SESSION['timestamp'] = time();
|
|
|
|
$_SESSION['logged_in'] = 1;
|
|
|
|
$_SESSION['domain'] = $arrDataUser[0]['domain'];
|
|
|
|
// Update language settings
|
|
|
|
$strSQL = 'SELECT `locale` FROM `tbl_language` '
|
|
|
|
. "WHERE `id`='".$arrDataUser[0]['language']."' AND `active`='1'";
|
|
|
|
$strUserLocale = $myDBClass->getFieldData($strSQL);
|
|
|
|
if ($strUserLocale != '') {
|
|
|
|
$_SESSION['SETS']['data']['locale'] = $strUserLocale;
|
|
|
|
$SETS['data']['locale'] = $strUserLocale;
|
|
|
|
}
|
|
|
|
// Update last login time
|
|
|
|
$strSQLUpdate = 'UPDATE `tbl_user` SET `last_login`=NOW() '
|
|
|
|
. "WHERE `username`='".$myDBClass->realEscape($chkInsName)."'";
|
|
|
|
$booReturn = $myDBClass->insertData($strSQLUpdate);
|
|
|
|
$myDataClass->strUserName = $arrDataUser[0]['username'];
|
|
|
|
$myDataClass->writeLog(translate('Login successfull'));
|
|
|
|
$_SESSION['strLoginMessage'] = '';
|
|
|
|
// Redirect to start page
|
|
|
|
header('Location: ' .$_SESSION['SETS']['path']['protocol']. '://' .
|
|
|
|
filter_input(INPUT_SERVER, 'HTTP_HOST', FILTER_SANITIZE_STRING).$_SESSION['startsite']);
|
|
|
|
exit;
|
|
|
|
} else {
|
|
|
|
$_SESSION['strLoginMessage'] = translate('Login failed!');
|
|
|
|
$myDataClass->writeLog(translate('Login failed!'). ' - Username: ' .$chkInsName);
|
|
|
|
$preNoMain = 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (($_SESSION['logged_in'] == 0) && (!isset($intPageID) || ($intPageID != 0)) &&
|
|
|
|
(!isset($chkInsName) || ($chkInsName == ''))) {
|
|
|
|
header('Location: ' .$_SESSION['SETS']['path']['protocol']. '://' .
|
|
|
|
filter_input(INPUT_SERVER, 'HTTP_HOST', FILTER_SANITIZE_STRING).
|
|
|
|
$_SESSION['SETS']['path']['base_url']. 'index.php');
|
|
|
|
exit;
|
2017-05-22 11:24:21 +02:00
|
|
|
}
|
|
|
|
if (!isset($_SESSION['userid']) && ($_SESSION['logged_in'] == 1)) {
|
2019-04-17 11:40:50 +02:00
|
|
|
$_SESSION['logged_in'] = 0;
|
|
|
|
header('Location: ' .$_SESSION['SETS']['path']['protocol']. '://' .
|
|
|
|
filter_input(INPUT_SERVER, 'HTTP_HOST', FILTER_SANITIZE_STRING).
|
|
|
|
$_SESSION['SETS']['path']['base_url']. 'index.php');
|
|
|
|
exit;
|
2017-05-22 11:24:21 +02:00
|
|
|
}
|
|
|
|
//
|
|
|
|
// Review and update login
|
|
|
|
// =======================
|
|
|
|
if (($_SESSION['logged_in'] == 1) && ($intError == 0)) {
|
2019-04-17 11:40:50 +02:00
|
|
|
$strSQL = "SELECT * FROM `tbl_user` WHERE `username`='".$myDBClass->realEscape($_SESSION['username'])."'";
|
|
|
|
$booReturn = $myDBClass->hasDataArray($strSQL, $arrDataUser, $intDataCount);
|
|
|
|
if ($booReturn == false) {
|
|
|
|
$strErrorMessage = str_replace('::', '<br>', $strErrorMessage);
|
|
|
|
$myVisClass->processMessage(translate('Error while selecting data from database:'), $strErrorMessage);
|
|
|
|
$myVisClass->processMessage($myDBClass->strErrorMessage, $strErrorMessage);
|
|
|
|
} elseif ($intDataCount == 1) {
|
|
|
|
// Time expired?
|
|
|
|
if (time() - $_SESSION['timestamp'] > $_SESSION['SETS']['security']['logofftime']) {
|
|
|
|
// Force new login
|
|
|
|
$myDataClass->writeLog(translate('Session timeout reached - Seconds:'). ' ' .
|
|
|
|
(time() - $_SESSION['timestamp']. ' - User: ' .$_SESSION['username']));
|
|
|
|
$_SESSION['logged_in'] = 0;
|
|
|
|
|
|
|
|
header('Location: ' .$_SESSION['SETS']['path']['protocol']. '://' .
|
|
|
|
filter_input(INPUT_SERVER, 'HTTP_HOST', FILTER_SANITIZE_STRING).
|
|
|
|
$_SESSION['SETS']['path']['base_url']. 'index.php');
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
// Check rights
|
|
|
|
if (isset($preAccess) && ($preAccess == 1) && (isset($prePageId) && ($prePageId != 0))) {
|
|
|
|
$strKey = $myDBClass->getFieldData("SELECT `mnuGrpId` FROM `tbl_menu` WHERE `mnuId`=$prePageId");
|
|
|
|
$intResult = $myVisClass->checkAccountGroup($strKey, 'read');
|
|
|
|
// If no rights - redirect to index page
|
|
|
|
if ($intResult != 0) {
|
|
|
|
$myDataClass->writeLog(translate('Restricted site accessed:'). ' ' .
|
|
|
|
filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_STRING));
|
|
|
|
header('Location: ' .$_SESSION['SETS']['path']['protocol']. '://' .
|
|
|
|
filter_input(INPUT_SERVER, 'HTTP_HOST', FILTER_SANITIZE_STRING).
|
|
|
|
$_SESSION['SETS']['path']['base_url']. 'index.php');
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// Update login time
|
|
|
|
$_SESSION['timestamp'] = time();
|
|
|
|
if (isset($preContent) && ($preContent == 'index.htm.tpl')) {
|
|
|
|
header('Location: ' .$_SESSION['SETS']['path']['protocol']. '://' .
|
|
|
|
filter_input(INPUT_SERVER, 'HTTP_HOST', FILTER_SANITIZE_STRING).$_SESSION['startsite']);
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
// Force new login
|
|
|
|
$myDataClass->writeLog(translate('User not found in database'));
|
|
|
|
$_SESSION['logged_in'] = 0;
|
|
|
|
header('Location: ' .$_SESSION['SETS']['path']['protocol']. '://' .
|
|
|
|
filter_input(INPUT_SERVER, 'HTTP_HOST', FILTER_SANITIZE_STRING).
|
|
|
|
$_SESSION['SETS']['path']['base_url']. 'index.php');
|
|
|
|
exit;
|
|
|
|
}
|
2017-05-22 11:24:21 +02:00
|
|
|
}
|
|
|
|
//
|
|
|
|
// Check access to current site
|
|
|
|
// ============================
|
|
|
|
if (isset($prePageId) && ($prePageId != 1)) {
|
|
|
|
if (!isset($_SESSION['userid'])) {
|
2019-04-17 11:40:50 +02:00
|
|
|
header('Location: ' .$_SESSION['SETS']['path']['protocol']. '://' .
|
|
|
|
filter_input(INPUT_SERVER, 'HTTP_HOST', FILTER_SANITIZE_STRING).
|
|
|
|
$_SESSION['SETS']['path']['base_url']. 'index.php');
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
$strSQL = "SELECT `mnuGrpId` FROM `tbl_menu` WHERE `mnuId`=$prePageId";
|
|
|
|
$prePageKey = (int)$myDBClass->getFieldData($strSQL);
|
|
|
|
if ($myVisClass->checkAccountGroup($prePageKey, 'read') != 0) {
|
|
|
|
header('Location: ' .$_SESSION['SETS']['path']['protocol']. '://' .
|
|
|
|
filter_input(INPUT_SERVER, 'HTTP_HOST', FILTER_SANITIZE_STRING).
|
|
|
|
$_SESSION['startsite']);
|
|
|
|
exit;
|
|
|
|
}
|
2017-05-22 11:24:21 +02:00
|
|
|
}
|
|
|
|
//
|
|
|
|
// Insert main template
|
|
|
|
// ====================
|
2019-04-17 11:40:50 +02:00
|
|
|
if (isset($preContent) && ($preContent != '') && (!isset($preNoMain) || ($preNoMain != 1))) {
|
|
|
|
$arrTplOptions = array('use_preg' => false);
|
|
|
|
$maintp = new HTML_Template_IT($preBasePath . 'templates/');
|
|
|
|
$maintp->loadTemplatefile('main.htm.tpl', true, true);
|
|
|
|
$maintp->setOptions($arrTplOptions);
|
|
|
|
$maintp->setVariable('META_DESCRIPTION', 'NagiosQL System Monitoring Administration Tool');
|
|
|
|
$maintp->setVariable('AUTHOR', 'NagiosQL Team');
|
|
|
|
$maintp->setVariable('LANGUAGE', 'de');
|
|
|
|
$maintp->setVariable('PUBLISHER', 'NagiosQL @ Sourceforge');
|
|
|
|
if ($_SESSION['logged_in'] == 1) {
|
|
|
|
$maintp->setVariable('ADMIN', '<a href="' . $_SESSION['SETS']['path']['base_url'] . 'admin.php" '
|
|
|
|
. 'class="top-link">' .translate('Administration'). '</a>');
|
|
|
|
//$maintp->setVariable("PLUGINS","<a href=\"".$_SESSION['SETS']['path']['base_url']."/plugin.php\"
|
|
|
|
//class=\"top-link\">".translate('Plugins')."</a>");
|
|
|
|
}
|
|
|
|
$maintp->setVariable('BASE_PATH', $_SESSION['SETS']['path']['base_url']);
|
|
|
|
$maintp->setVariable('ROBOTS', 'noindex,nofollow');
|
|
|
|
$maintp->setVariable('PAGETITLE', 'NagiosQL - Version ' .$setDBVersion);
|
|
|
|
$maintp->setVariable('IMAGEDIR', $_SESSION['SETS']['path']['base_url'] . 'images/');
|
|
|
|
if (isset($prePageId) && ($intError == 0)) {
|
|
|
|
$maintp->setVariable('POSITION', $myVisClass->getPosition($prePageId, translate('Administration')));
|
|
|
|
}
|
|
|
|
$maintp->parse('header');
|
|
|
|
$tplHeaderVar = $maintp->get('header');
|
|
|
|
//
|
|
|
|
// Read domain list
|
|
|
|
// ================
|
|
|
|
if (($_SESSION['logged_in'] == 1) && ($intError == 0)) {
|
|
|
|
$intDomain = filter_input(
|
|
|
|
INPUT_POST,
|
|
|
|
'selDomain',
|
|
|
|
FILTER_VALIDATE_INT,
|
|
|
|
array('options' => array('default' => -1))
|
|
|
|
);
|
|
|
|
if ($intDomain != -1) {
|
|
|
|
$_SESSION['domain'] = $intDomain;
|
|
|
|
$myVisClass->intDomainId = $intDomain;
|
|
|
|
$myDataClass->intDomainId = $intDomain;
|
|
|
|
$myConfigClass->intDomainId = $intDomain;
|
|
|
|
$myContentClass->intDomainId = $intDomain;
|
|
|
|
}
|
|
|
|
$arrDataDomain = array();
|
|
|
|
$strSQL = "SELECT * FROM `tbl_datadomain` WHERE `active` <> '0' ORDER BY `domain`";
|
|
|
|
$booReturn = $myDBClass->hasDataArray($strSQL, $arrDataDomain, $intDataCount);
|
|
|
|
if ($booReturn == false) {
|
|
|
|
$strErrorMessage = str_replace('::', '<br>', $strErrorMessage);
|
|
|
|
$myVisClass->processMessage(translate('Error while selecting data from database:'), $strErrorMessage);
|
|
|
|
$myVisClass->processMessage($myDBClass->strErrorMessage, $strErrorMessage);
|
|
|
|
} else {
|
|
|
|
$intDomain = 0;
|
|
|
|
if ($intDataCount > 0) {
|
|
|
|
foreach ($arrDataDomain as $elem) {
|
|
|
|
$intIsDomain = 0;
|
|
|
|
// Check access rights
|
|
|
|
if ($myVisClass->checkAccountGroup($elem['access_group'], 'read') == 0) {
|
|
|
|
$maintp->setVariable('DOMAIN_VALUE', $elem['id']);
|
|
|
|
$maintp->setVariable('DOMAIN_TEXT', $elem['domain']);
|
|
|
|
if (isset($_SESSION['domain']) && ($_SESSION['domain'] == $elem['id'])) {
|
|
|
|
$maintp->setVariable('DOMAIN_SELECTED', 'selected');
|
|
|
|
$intDomain = $elem['id'];
|
|
|
|
$intIsDomain = 1;
|
|
|
|
}
|
|
|
|
if ($intDomain == -1) {
|
|
|
|
$intDomain = $elem['id'];
|
|
|
|
$intIsDomain = 1;
|
|
|
|
}
|
|
|
|
$maintp->parse('domainsel');
|
|
|
|
}
|
|
|
|
if ($intIsDomain == 0) {
|
|
|
|
// Select available an domain
|
|
|
|
$strDomAcc = $myVisClass->getAccessGroups('read');
|
|
|
|
$strSQL = 'SELECT id FROM `tbl_datadomain` '
|
|
|
|
. "WHERE `active` <> '0' AND `access_group` IN (".$strDomAcc. ') '
|
|
|
|
. 'ORDER BY domain LIMIT 1';
|
|
|
|
$booReturn = $myDBClass->hasDataArray($strSQL, $arrDataDomain, $intDataCount);
|
|
|
|
if ($booReturn == false) {
|
|
|
|
$strErrorMessage = str_replace('::', '<br>', $strErrorMessage);
|
|
|
|
$myVisClass->processMessage(
|
|
|
|
translate('Error while selecting data from database:'),
|
|
|
|
$strErrorMessage
|
|
|
|
);
|
|
|
|
$myVisClass->processMessage($myDBClass->strErrorMessage, $strErrorMessage);
|
|
|
|
} else {
|
|
|
|
if ($intDataCount != 0) {
|
|
|
|
$intDomain = $arrDataDomain[0]['id'];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
$maintp->setVariable('DOMAIN_INFO', translate('Domain'). ':');
|
|
|
|
$maintp->parse('dselect');
|
|
|
|
$tplHeaderVar .= $maintp->get('dselect');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
//
|
|
|
|
// Show login information
|
|
|
|
// ======================
|
|
|
|
if ($_SESSION['logged_in'] == 1) {
|
|
|
|
$maintp->setVariable('LOGIN_INFO', translate('Logged in:'). ' ' .$_SESSION['username']);
|
|
|
|
$maintp->setVariable('LOGOUT_INFO', '<a href="' .$_SESSION['SETS']['path']['base_url'].
|
|
|
|
'index.php?logout=yes">' .translate('Logout'). '</a>');
|
|
|
|
} else {
|
|
|
|
$maintp->setVariable('LOGOUT_INFO', ' ');
|
|
|
|
}
|
|
|
|
//
|
|
|
|
// Build content menu
|
|
|
|
// ==================
|
|
|
|
if (isset($prePageId) && ($prePageId != 0)) {
|
|
|
|
$maintp->setVariable('MAINMENU', $myVisClass->getMenu($prePageId));
|
|
|
|
}
|
|
|
|
$maintp->parse('header2');
|
|
|
|
$tplHeaderVar .= $maintp->get('header2');
|
|
|
|
if (!isset($preShowHeader) || $preShowHeader == 1) {
|
|
|
|
echo $tplHeaderVar;
|
|
|
|
}
|
2017-05-22 11:24:21 +02:00
|
|
|
}
|
|
|
|
//
|
|
|
|
// Insert content and master template
|
|
|
|
// ======================================
|
2019-04-17 11:40:50 +02:00
|
|
|
if (isset($preContent) && ($preContent != '')) {
|
|
|
|
$arrTplOptions = array('use_preg' => false);
|
|
|
|
if (!file_exists($preBasePath . 'templates/' .$preContent) ||
|
|
|
|
!is_readable($preBasePath . 'templates/' .$preContent)) {
|
|
|
|
echo '<span style="color:#F00">' .translate('Warning - template file not found or not readable, please '
|
|
|
|
. 'check your file permissions! - File: ');
|
|
|
|
echo str_replace('//', '/', $preBasePath . 'templates/' .$preContent). '</span><br>';
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
$conttp = new HTML_Template_IT($preBasePath . 'templates/');
|
|
|
|
$conttp->loadTemplatefile($preContent, true, true);
|
|
|
|
$conttp->setOptions($arrTplOptions);
|
|
|
|
$strRootPath = $_SESSION['SETS']['path']['base_url'];
|
|
|
|
if (substr($strRootPath, -1) != '/') {
|
|
|
|
$conttp->setVariable('BASE_PATH', $strRootPath);
|
|
|
|
$conttp->setVariable('IMAGE_PATH', $strRootPath. 'images/');
|
|
|
|
} else {
|
|
|
|
$conttp->setVariable('BASE_PATH', $strRootPath);
|
|
|
|
$conttp->setVariable('IMAGE_PATH', $strRootPath. 'images/');
|
|
|
|
}
|
|
|
|
$mastertp = new HTML_Template_IT($preBasePath . 'templates/');
|
|
|
|
if (isset($preListTpl) && ($preListTpl != '')) {
|
|
|
|
$mastertp->loadTemplatefile($preListTpl, true, true);
|
|
|
|
}
|
|
|
|
$mastertp->setOptions($arrTplOptions);
|
2017-05-22 11:24:21 +02:00
|
|
|
}
|
|
|
|
//
|
|
|
|
// Process standard get/post parameters
|
|
|
|
// ====================================
|
2019-04-17 11:40:50 +02:00
|
|
|
$arrSortDir = array('ASC', 'DESC');
|
|
|
|
$arrSortBy = array(1, 2);
|
|
|
|
$chkModus = 'display';
|
|
|
|
$chkModusGet = filter_input(INPUT_GET, 'modus', 513, array('options' => array('default' => 'display')));
|
|
|
|
$chkOrderBy = filter_input(INPUT_GET, 'orderby', FILTER_SANITIZE_STRING);
|
|
|
|
$chkOrderDir = filter_input(INPUT_GET, 'orderdir', FILTER_SANITIZE_STRING);
|
|
|
|
$chkLimitGet = filter_input(INPUT_GET, 'limit', FILTER_VALIDATE_INT);
|
|
|
|
$chkModusPost = filter_input(INPUT_POST, 'modus', 513, array('options' => array('default' => 'display')));
|
|
|
|
$chkHidModify = filter_input(INPUT_POST, 'hidModify', FILTER_SANITIZE_STRING);
|
|
|
|
$chkSelModify = filter_input(INPUT_POST, 'selModify', FILTER_SANITIZE_STRING);
|
|
|
|
$hidSortDir = filter_input(INPUT_POST, 'hidSortDir', FILTER_SANITIZE_STRING);
|
|
|
|
$hidSortBy = filter_input(INPUT_POST, 'hidSortBy', FILTER_VALIDATE_INT);
|
|
|
|
$chkLimit = filter_input(INPUT_POST, 'hidLimit', FILTER_VALIDATE_INT, array('options' => array('default' => 0)));
|
|
|
|
$chkSelTarDom = filter_input(INPUT_POST, 'selTarDom', FILTER_VALIDATE_INT, array('options' => array('default' => 0)));
|
|
|
|
$chkListId = filter_input(INPUT_POST, 'hidListId', FILTER_VALIDATE_INT, array('options' => array('default' => 0)));
|
|
|
|
$chkDataId = filter_input(INPUT_POST, 'hidId', FILTER_VALIDATE_INT, array('options' => array('default' => 0)));
|
|
|
|
$chkActive = filter_input(INPUT_POST, 'chbActive', FILTER_VALIDATE_INT, array('options' => array('default' => 0)));
|
|
|
|
$chkRegister = filter_input(INPUT_POST, 'chbRegister', FILTER_VALIDATE_INT, array('options' => array('default' => 0)));
|
|
|
|
$hidActive = filter_input(INPUT_POST, 'hidActive', FILTER_VALIDATE_INT, array('options' => array('default' => 0)));
|
|
|
|
$hidSort = filter_input(INPUT_POST, 'hidSort', FILTER_VALIDATE_INT, array('options' => array('default' => 0)));
|
|
|
|
$chkStatus = filter_input(INPUT_POST, 'hidStatus', FILTER_VALIDATE_INT, array('options' => array('default' => 0)));
|
|
|
|
if ($chkModusGet != 'display') {
|
|
|
|
$chkModus = $chkModusGet;
|
|
|
|
}
|
|
|
|
if ($chkModusPost != 'display') {
|
|
|
|
$chkModus = $chkModusPost;
|
|
|
|
}
|
|
|
|
if (!in_array($hidSortDir, $arrSortDir, true)) {
|
|
|
|
$hidSortDir = 'ASC';
|
|
|
|
}
|
|
|
|
if (!in_array($hidSortBy, $arrSortBy, true)) {
|
|
|
|
$hidSortBy = 1;
|
|
|
|
}
|
|
|
|
if (in_array($chkOrderDir, $arrSortDir, true)) {
|
|
|
|
$hidSortDir = $chkOrderDir;
|
|
|
|
}
|
|
|
|
if (in_array($chkOrderBy, $arrSortBy, true)) {
|
|
|
|
$hidSortBy = $chkOrderBy;
|
|
|
|
}
|
2017-05-22 11:24:21 +02:00
|
|
|
//
|
|
|
|
// Setting some variables
|
|
|
|
// ======================
|
2019-04-17 11:40:50 +02:00
|
|
|
if ($chkModus == 'add') {
|
|
|
|
$chkSelModify = '';
|
|
|
|
}
|
|
|
|
if ($chkHidModify != '') {
|
|
|
|
$chkSelModify = $chkHidModify;
|
|
|
|
}
|
|
|
|
if (isset($chkLimitGet)) {
|
|
|
|
$chkLimit = $chkLimitGet;
|
|
|
|
}
|
|
|
|
if (isset($_SESSION['domain'])) {
|
|
|
|
$chkDomainId = $_SESSION['domain'];
|
|
|
|
}
|
|
|
|
if (isset($_SESSION['groupadm'])) {
|
|
|
|
$chkGroupAdm = $_SESSION['groupadm'];
|
|
|
|
}
|
|
|
|
if (isset($_SESSION['strLoginMessage'])) {
|
|
|
|
$_SESSION['strLoginMessage'] .= str_replace('::', '<br>', $strErrorMessage);
|
|
|
|
}
|
|
|
|
$myConfigClass->getDomainData('version', $intVersion);
|
|
|
|
$myConfigClass->getDomainData('enable_common', $setEnableCommon);
|
2017-05-22 11:24:21 +02:00
|
|
|
if (isset($preTableName)) {
|
2019-04-17 11:40:50 +02:00
|
|
|
if ($setEnableCommon != 0) {
|
|
|
|
$strDomainWhere = " (`$preTableName`.`config_id`=$chkDomainId OR `$preTableName`.`config_id`=0) ";
|
|
|
|
$strDomainWhere2 = " (`config_id`=$chkDomainId OR `config_id`=0) ";
|
|
|
|
} else {
|
|
|
|
$strDomainWhere = " (`$preTableName`.`config_id`=$chkDomainId) ";
|
|
|
|
$strDomainWhere2 = " (`config_id`=$chkDomainId) ";
|
|
|
|
}
|
2017-05-22 11:24:21 +02:00
|
|
|
}
|
|
|
|
// Row sort variables
|
2019-04-17 11:40:50 +02:00
|
|
|
if ($hidSortDir == 'ASC') {
|
|
|
|
$setSortDir = 'DESC';
|
|
|
|
} else {
|
|
|
|
$setSortDir = 'ASC';
|
|
|
|
}
|
|
|
|
if (isset($preContent) && ($preContent != '')) {
|
|
|
|
if ($hidSortBy == 2) {
|
|
|
|
$mastertp->setVariable('SORT_IMAGE_1', '');
|
|
|
|
} else {
|
|
|
|
$hidSortBy = 1;
|
|
|
|
$mastertp->setVariable('SORT_IMAGE_2', '');
|
|
|
|
}
|
|
|
|
$setSortPicture = $_SESSION['SETS']['path']['base_url']. 'images/sort_' .strtolower($hidSortDir). '.png';
|
|
|
|
$mastertp->setVariable('SORT_DIR_' .$hidSortBy, $setSortDir);
|
|
|
|
$mastertp->setVariable('SORT_IMAGE_' .$hidSortBy, "<img src=\"$setSortPicture\" alt=\"$hidSortDir\" "
|
|
|
|
. "title=\"$hidSortDir\" width=\"15\" height=\"14\" border=\"0\">");
|
|
|
|
$mastertp->setVariable('SORT_DIR', $hidSortDir);
|
|
|
|
$mastertp->setVariable('SORT_BY', $hidSortBy);
|
2017-05-22 11:24:21 +02:00
|
|
|
}
|
|
|
|
//
|
|
|
|
// Set class variables
|
|
|
|
// ===================
|
2019-04-17 11:40:50 +02:00
|
|
|
if (isset($preContent) && ($preContent != '')) {
|
|
|
|
$myVisClass->myContentTpl = $conttp;
|
|
|
|
$myVisClass->intDataId = $chkListId;
|
2017-05-22 11:24:21 +02:00
|
|
|
}
|