1<?php 2/////////////////////////////////////////////////////////////////////////////// 3// 4// NagiosQL 5// 6/////////////////////////////////////////////////////////////////////////////// 7// 8// (c) 2005-2020 by Martin Willisegger 9// 10// Project : NagiosQL 11// Component : Preprocessing script 12// Website : https://sourceforge.net/projects/nagiosql/ 13// Version : 3.4.1 14// GIT Repo : https://gitlab.com/wizonet/NagiosQL 15// 16/////////////////////////////////////////////////////////////////////////////// 17error_reporting(E_ALL & ~E_STRICT); 18// 19// Timezone settings (>=PHP5.1) 20// ============================ 21if (function_exists('date_default_timezone_set') and function_exists('date_default_timezone_get')) { 22 date_default_timezone_set(date_default_timezone_get()); 23} 24// 25// Process post/get parameters 26// =========================== 27$chkInsName = filter_input(INPUT_POST, 'tfUsername', FILTER_SANITIZE_STRING); 28$chkInsPasswd = filter_input(INPUT_POST, 'tfPassword', FILTER_SANITIZE_STRING); 29$chkLogout = filter_input(INPUT_GET, 'logout', FILTER_SANITIZE_STRING, array('options' => array('default' => 'rr'))); 30// 31// Define common variables 32// ======================= 33if ((filter_input(INPUT_GET, 'SETS') != null) || (filter_input(INPUT_POST, 'SETS') != null)) { 34 $SETS = ''; // For security reason 35} 36$strErrorMessage = ''; // All error messages (red) 37$strInfoMessage = ''; // All information messages (green) 38$strConsistMessage = ''; // Consistency message 39$tplHeaderVar = ''; 40$chkDomainId = 0; 41$chkGroupAdm = 0; 42$intError = 0; 43$setDBVersion = 'unknown'; 44$setFileVersion = '3.4.1'; 45$setGITVersion = '2020-01-19'; 46// 47// Start PHP session 48// ================= 49session_start(); 50// 51// Check path settings 52// =================== 53if (substr_count(filter_input(INPUT_SERVER, 'SCRIPT_NAME', FILTER_SANITIZE_STRING), 'index.php') != 0) { 54 $preBasePath = str_replace('//', '/', dirname(filter_input( 55 INPUT_SERVER, 56 'SCRIPT_FILENAME', 57 FILTER_SANITIZE_STRING 58 )). '/'); 59 $preBaseURL = str_replace('//', '/', dirname(filter_input( 60 INPUT_SERVER, 61 'SCRIPT_NAME', 62 FILTER_SANITIZE_STRING 63 )). '/'); 64 $_SESSION['SETS']['path']['base_url'] = $preBaseURL; 65 $_SESSION['SETS']['path']['base_path'] = $preBasePath; 66} elseif (!isset($_SESSION['SETS']['path']['base_url']) || !isset($_SESSION['SETS']['path']['base_path'])) { 67 header('Location: ../index.php'); 68 exit; 69} else { 70 $preBaseURL = $_SESSION['SETS']['path']['base_url']; 71 $preBasePath = $_SESSION['SETS']['path']['base_path']; 72} 73// 74// Start installer 75// =============== 76$preIniFile = $preBasePath.'config/settings.php'; 77if (!file_exists($preIniFile) || !is_readable($preIniFile)) { 78 header('Location: '.$preBaseURL.'install/index.php'); 79 exit; 80} 81// 82// Read file settings 83// ================== 84$SETS = parse_ini_file($preBasePath.'config/settings.php', true); 85if (!isset($_SESSION['SETS']['db'])) { 86 $_SESSION['SETS']['db'] = $SETS['db']; 87} 88// 89// Include external function/class files 90// ===================================== 91require $preBasePath.'functions/Autoloader.php'; 92require $preBasePath.'functions/translator.php'; 93functions\Autoloader::register($preBasePath); 94// 95// Initialize classes - part 1 96// =========================== 97$myDBClass = new functions\MysqliDbClass; 98$myDBClass->arrParams = $_SESSION['SETS']['db']; 99$myDBClass->hasDBConnection(); 100if ($myDBClass->error == true) { 101 $strDBMessage = $myDBClass->strErrorMessage; 102 $booError = $myDBClass->error; 103 $intError = 1; 104} 105// 106// Get additional configuration from the table tbl_settings 107// ======================================================== 108if ($intError == 0) { 109 $strSQL = 'SELECT `category`,`name`,`value` FROM `tbl_settings`'; 110 $booReturn = $myDBClass->hasDataArray($strSQL, $arrDataLines, $intDataCount); 111 if ($booReturn == false) { 112 $strErrorMessage .= translate('Error while selecting data from database:'). '::' .$myDBClass->strErrorMessage; 113 $intError = 1; 114 } elseif ($intDataCount != 0) { 115 if (isset($_SESSION['SETS']['data']['locale']) && ($_SESSION['SETS']['data']['locale'] != '')) { 116 $strStoreLanguage = $_SESSION['SETS']['data']['locale']; 117 } 118 // Save additional configuration information 119 for ($i = 0; $i < $intDataCount; $i++) { 120 // We use the path settings from file 121 if ($arrDataLines[$i]['name'] == 'base_url') { 122 continue; 123 } 124 if ($arrDataLines[$i]['name'] == 'base_path') { 125 continue; 126 } 127 $SETS[$arrDataLines[$i]['category']][$arrDataLines[$i]['name']] = $arrDataLines[$i]['value']; 128 } 129 if (isset($strStoreLanguage) && ($strStoreLanguage != '')) { 130 $SETS['data']['locale'] = $strStoreLanguage; 131 } 132 } 133} 134// 135// Enable PHP gettext functionality 136// ================================ 137if ($intError == 0) { 138 $arrLocale = explode('.', $SETS['data']['locale']); 139 $strDomain = $arrLocale[0]; 140 $strLocale = setlocale( 141 LC_ALL, 142 $SETS['data']['locale'], 143 $SETS['data']['locale']. '.utf-8', 144 $SETS['data']['locale']. '.utf-8', 145 $SETS['data']['locale']. '.utf8', 146 'en_GB', 147 'en_GB.utf-8', 148 'en_GB.utf8' 149 ); 150 if (!isset($strLocale)) { 151 $strErrorMessage .= translate('Error setting the correct locale. Please report this error with the associated ' 152 . "output of 'locale -a'"). '::'; 153 $intError = 1; 154 } 155 putenv('LC_ALL=' .$SETS['data']['locale']. '.utf-8'); 156 putenv('LANG=' .$SETS['data']['locale']. '.utf-8'); 157 bindtextdomain($strDomain, $preBasePath. 'config/locale'); 158 bind_textdomain_codeset($strDomain, $SETS['data']['encoding']); 159 textdomain($strDomain); 160} 161// 162// Include external function/class files 163// ===================================== 164require_once $preBasePath.'libraries/pear/HTML/Template/IT.php'; 165if (isset($preFieldvars) && ($preFieldvars == 1)) { 166 require $preBasePath.'config/fieldvars.php'; 167} 168// 169// Check path settings 170// =================== 171if (!isset($SETS['path']['base_path']) || ($preBasePath != $SETS['path']['base_path'])) { 172 $SETS['path']['base_path'] = $preBasePath; 173} 174if (!isset($SETS['path']['base_url']) || ($preBaseURL != $SETS['path']['base_url'])) { 175 $SETS['path']['base_url'] = $preBaseURL; 176} 177// 178// Add data to the session 179// ======================= 180$_SESSION['SETS'] = $SETS; 181$_SESSION['strLoginMessage'] = ''; 182$_SESSION['startsite'] = $_SESSION['SETS']['path']['base_url']. 'admin.php'; 183if (!isset($_SESSION['logged_in'])) { 184 $_SESSION['logged_in'] = 0; 185} 186// Reload locale after logout 187if (isset($chkLogout) && ($chkLogout == 'yes')) { 188 $_SESSION = array(); 189 $_SESSION['SETS'] = $SETS; 190 $_SESSION['logged_in'] = 0; 191 $_SESSION['userid'] = 0; 192 $_SESSION['groupadm'] = 0; 193 $_SESSION['strLoginMessage'] = ''; 194 $_SESSION['startsite'] = $_SESSION['SETS']['path']['base_url']. 'admin.php'; 195 // Get default language 196 $strSQL = "SELECT `value` FROM `tbl_settings` WHERE `category`='data' AND `name`='locale'"; 197 $strLocaleDB = $myDBClass->getFieldData($strSQL); 198 if ($strLocaleDB != '') { 199 $_SESSION['SETS']['data']['locale'] = $strLocaleDB; 200 $SETS['data']['locale'] = $strLocaleDB; 201 } 202 $arrLocale = explode('.', $SETS['data']['locale']); 203 $strDomain = $arrLocale[0]; 204 $strLocale = setlocale( 205 LC_ALL, 206 $SETS['data']['locale'], 207 $SETS['data']['locale']. '.utf-8', 208 $SETS['data']['locale']. '.utf-8', 209 $SETS['data']['locale']. '.utf8', 210 'en_GB', 211 'en_GB.utf-8', 212 'en_GB.utf8' 213 ); 214 if (!isset($strLocale)) { 215 $strErrorMessage .= translate('Error in setting the correct locale, please report this error with the ' 216 . "associated output of 'locale -a' to bugs@nagiosql.org"). '::'; 217 $intError = 1; 218 } 219 putenv('LC_ALL=' .$SETS['data']['locale']. '.utf-8'); 220 putenv('LANG=' .$SETS['data']['locale']. '.utf-8'); 221 bindtextdomain($strDomain, $preBasePath . 'config/locale'); 222 bind_textdomain_codeset($strDomain, $SETS['data']['encoding']); 223 textdomain($strDomain); 224} 225// Hide menu 226if (filter_input(INPUT_GET, 'menu') != null) { 227 if (filter_input(INPUT_GET, 'menu', FILTER_SANITIZE_STRING) == 'visible') { 228 $_SESSION['menu'] = 'visible'; 229 } elseif (filter_input(INPUT_GET, 'menu', FILTER_SANITIZE_STRING) == 'invisible') { 230 $_SESSION['menu'] = 'invisible'; 231 } 232} 233// 234// Initialize classes 235// ================== 236$myVisClass = new functions\NagVisualClass($_SESSION); 237$myDataClass = new functions\NagDataClass($_SESSION); 238$myConfigClass = new functions\NagConfigClass($_SESSION); 239$myContentClass = new functions\NagContentClass($_SESSION); 240// 241// Propagating the classes themselves 242// ================================== 243$myVisClass->myDBClass =& $myDBClass; 244$myVisClass->myConfigClass =& $myConfigClass; 245// 246$myDataClass->myDBClass =& $myDBClass; 247$myDataClass->myVisClass =& $myVisClass; 248$myDataClass->myConfigClass =& $myConfigClass; 249// 250$myConfigClass->myDBClass =& $myDBClass; 251$myConfigClass->myDataClass =& $myDataClass; 252// 253$myContentClass->myDBClass =& $myDBClass; 254$myContentClass->myVisClass =& $myVisClass; 255$myContentClass->myConfigClass =& $myConfigClass; 256if (isset($arrDescription)) { 257 $myContentClass->arrDescription = $arrDescription; 258} 259// 260// Version management 261// ================== 262if ($intError == 0) { 263 $setDBVersion = $SETS['db']['version']; 264} 265// 266// Version check 267// ============= 268if (version_compare($setFileVersion, $setDBVersion, '>') && (file_exists($preBasePath. 'install') && 269 is_readable($preBasePath. 'install'))) { 270 header('Location: '. $_SESSION['SETS']['path']['base_url'].'install/index.php'); 271 exit; 272} 273// 274// Browser Check 275// ============= 276$preBrowser = $myVisClass->browserCheck(); 277// 278// Login process 279// ============== 280$strRemoteUser = filter_input(INPUT_SERVER, 'REMOTE_USER', FILTER_SANITIZE_STRING); 281if (isset($strRemoteUser) && ($strRemoteUser != '') && ($_SESSION['logged_in'] == 0) && 282 ($chkLogout != 'yes') && ($chkInsName == '')) { 283 $strSQL = "SELECT * FROM `tbl_user` WHERE `username`='".$strRemoteUser."' AND `wsauth`='1' AND `active`='1'"; 284 $booReturn = $myDBClass->hasDataArray($strSQL, $arrDataUser, $intDataCount); 285 if ($booReturn && ($intDataCount == 1)) { 286 // Set session variables 287 $_SESSION['username'] = $arrDataUser[0]['username']; 288 $_SESSION['userid'] = $arrDataUser[0]['id']; 289 $_SESSION['groupadm'] = $arrDataUser[0]['admin_enable']; 290 $_SESSION['startsite'] = $_SESSION['SETS']['path']['base_url']. 'admin.php'; 291 $_SESSION['timestamp'] = time(); 292 $_SESSION['logged_in'] = 1; 293 $_SESSION['domain'] = $arrDataUser[0]['domain']; 294 // Update language settings 295 $strSQL = 'SELECT `locale` FROM `tbl_language` ' 296 . "WHERE `id`='".$arrDataUser[0]['language']."' AND `active`='1'"; 297 $strUserLocale = $myDBClass->getFieldData($strSQL); 298 if ($strUserLocale != '') { 299 $_SESSION['SETS']['data']['locale'] = $strUserLocale; 300 $SETS['data']['locale'] = $strUserLocale; 301 } 302 // Update last login time 303 $strSQLUpdate = 'UPDATE `tbl_user` SET `last_login`=NOW() ' 304 . "WHERE `username`='".$myDBClass->realEscape($chkInsName)."'"; 305 $booReturn = $myDBClass->insertData($strSQLUpdate); 306 $myDataClass->strUserName = $arrDataUser[0]['username']; 307 $myDataClass->writeLog(translate('Webserver login successfull')); 308 $_SESSION['strLoginMessage'] = ''; 309 // Redirect to start page 310 header('Location: ' .$_SESSION['SETS']['path']['protocol']. '://' . 311 filter_input(INPUT_SERVER, 'HTTP_HOST', FILTER_SANITIZE_STRING).$_SESSION['startsite']); 312 exit; 313 } 314} 315if (($_SESSION['logged_in'] == 0) && isset($chkInsName) && ($chkInsName != '') && ($intError == 0)) { 316 $chkInsName = $myDBClass->realEscape($chkInsName); 317 $chkInsPasswd = $myDBClass->realEscape($chkInsPasswd); 318 $strSQL = 'SELECT * FROM `tbl_user` ' 319 . "WHERE `username`='".$chkInsName."' AND `password`=MD5('".$chkInsPasswd."') AND `active`='1'"; 320 $booReturn = $myDBClass->hasDataArray($strSQL, $arrDataUser, $intDataCount); 321 if ($booReturn == false) { 322 $strErrorMessage = str_replace('::', '<br>', $strErrorMessage); 323 $myVisClass->processMessage(translate('Error while selecting data from database:'), $strErrorMessage); 324 $myVisClass->processMessage($myDBClass->strErrorMessage, $strErrorMessage); 325 $_SESSION['strLoginMessage'] = $strErrorMessage; 326 } elseif ($intDataCount == 1) { 327 // Set session variables 328 $_SESSION['username'] = $arrDataUser[0]['username']; 329 $_SESSION['userid'] = $arrDataUser[0]['id']; 330 $_SESSION['groupadm'] = $arrDataUser[0]['admin_enable']; 331 $_SESSION['startsite'] = $_SESSION['SETS']['path']['base_url'] . 'admin.php'; 332 $_SESSION['timestamp'] = time(); 333 $_SESSION['logged_in'] = 1; 334 $_SESSION['domain'] = $arrDataUser[0]['domain']; 335 // Update language settings 336 $strSQL = 'SELECT `locale` FROM `tbl_language` ' 337 . "WHERE `id`='".$arrDataUser[0]['language']."' AND `active`='1'"; 338 $strUserLocale = $myDBClass->getFieldData($strSQL); 339 if ($strUserLocale != '') { 340 $_SESSION['SETS']['data']['locale'] = $strUserLocale; 341 $SETS['data']['locale'] = $strUserLocale; 342 } 343 // Update last login time 344 $strSQLUpdate = 'UPDATE `tbl_user` SET `last_login`=NOW() ' 345 . "WHERE `username`='".$myDBClass->realEscape($chkInsName)."'"; 346 $booReturn = $myDBClass->insertData($strSQLUpdate); 347 $myDataClass->strUserName = $arrDataUser[0]['username']; 348 $myDataClass->writeLog(translate('Login successfull')); 349 $_SESSION['strLoginMessage'] = ''; 350 // Redirect to start page 351 header('Location: ' .$_SESSION['SETS']['path']['protocol']. '://' . 352 filter_input(INPUT_SERVER, 'HTTP_HOST', FILTER_SANITIZE_STRING).$_SESSION['startsite']); 353 exit; 354 } else { 355 $_SESSION['strLoginMessage'] = translate('Login failed!'); 356 $myDataClass->writeLog(translate('Login failed!'). ' - Username: ' .$chkInsName); 357 $preNoMain = 0; 358 } 359} 360if (($_SESSION['logged_in'] == 0) && (!isset($intPageID) || ($intPageID != 0)) && 361 (!isset($chkInsName) || ($chkInsName == ''))) { 362 header('Location: ' .$_SESSION['SETS']['path']['protocol']. '://' . 363 filter_input(INPUT_SERVER, 'HTTP_HOST', FILTER_SANITIZE_STRING). 364 $_SESSION['SETS']['path']['base_url']. 'index.php'); 365 exit; 366} 367if (!isset($_SESSION['userid']) && ($_SESSION['logged_in'] == 1)) { 368 $_SESSION['logged_in'] = 0; 369 header('Location: ' .$_SESSION['SETS']['path']['protocol']. '://' . 370 filter_input(INPUT_SERVER, 'HTTP_HOST', FILTER_SANITIZE_STRING). 371 $_SESSION['SETS']['path']['base_url']. 'index.php'); 372 exit; 373} 374// 375// Review and update login 376// ======================= 377if (($_SESSION['logged_in'] == 1) && ($intError == 0)) { 378 $strSQL = "SELECT * FROM `tbl_user` WHERE `username`='".$myDBClass->realEscape($_SESSION['username'])."'"; 379 $booReturn = $myDBClass->hasDataArray($strSQL, $arrDataUser, $intDataCount); 380 if ($booReturn == false) { 381 $strErrorMessage = str_replace('::', '<br>', $strErrorMessage); 382 $myVisClass->processMessage(translate('Error while selecting data from database:'), $strErrorMessage); 383 $myVisClass->processMessage($myDBClass->strErrorMessage, $strErrorMessage); 384 } elseif ($intDataCount == 1) { 385 // Time expired? 386 if (time() - $_SESSION['timestamp'] > $_SESSION['SETS']['security']['logofftime']) { 387 // Force new login 388 $myDataClass->writeLog(translate('Session timeout reached - Seconds:'). ' ' . 389 (time() - $_SESSION['timestamp']. ' - User: ' .$_SESSION['username'])); 390 $_SESSION['logged_in'] = 0; 391 392 header('Location: ' .$_SESSION['SETS']['path']['protocol']. '://' . 393 filter_input(INPUT_SERVER, 'HTTP_HOST', FILTER_SANITIZE_STRING). 394 $_SESSION['SETS']['path']['base_url']. 'index.php'); 395 exit; 396 } 397 // Check rights 398 if (isset($preAccess) && ($preAccess == 1) && (isset($prePageId) && ($prePageId != 0))) { 399 $strKey = $myDBClass->getFieldData("SELECT `mnuGrpId` FROM `tbl_menu` WHERE `mnuId`=$prePageId"); 400 $intResult = $myVisClass->checkAccountGroup($strKey, 'read'); 401 // If no rights - redirect to index page 402 if ($intResult != 0) { 403 $myDataClass->writeLog(translate('Restricted site accessed:'). ' ' . 404 filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_STRING)); 405 header('Location: ' .$_SESSION['SETS']['path']['protocol']. '://' . 406 filter_input(INPUT_SERVER, 'HTTP_HOST', FILTER_SANITIZE_STRING). 407 $_SESSION['SETS']['path']['base_url']. 'index.php'); 408 exit; 409 } 410 } 411 // Update login time 412 $_SESSION['timestamp'] = time(); 413 if (isset($preContent) && ($preContent == 'index.htm.tpl')) { 414 header('Location: ' .$_SESSION['SETS']['path']['protocol']. '://' . 415 filter_input(INPUT_SERVER, 'HTTP_HOST', FILTER_SANITIZE_STRING).$_SESSION['startsite']); 416 exit; 417 } 418 } else { 419 // Force new login 420 $myDataClass->writeLog(translate('User not found in database')); 421 $_SESSION['logged_in'] = 0; 422 header('Location: ' .$_SESSION['SETS']['path']['protocol']. '://' . 423 filter_input(INPUT_SERVER, 'HTTP_HOST', FILTER_SANITIZE_STRING). 424 $_SESSION['SETS']['path']['base_url']. 'index.php'); 425 exit; 426 } 427} 428// 429// Check access to current site 430// ============================ 431if (isset($prePageId) && ($prePageId != 1)) { 432 if (!isset($_SESSION['userid'])) { 433 header('Location: ' .$_SESSION['SETS']['path']['protocol']. '://' . 434 filter_input(INPUT_SERVER, 'HTTP_HOST', FILTER_SANITIZE_STRING). 435 $_SESSION['SETS']['path']['base_url']. 'index.php'); 436 exit; 437 } 438 $strSQL = "SELECT `mnuGrpId` FROM `tbl_menu` WHERE `mnuId`=$prePageId"; 439 $prePageKey = (int)$myDBClass->getFieldData($strSQL); 440 if ($myVisClass->checkAccountGroup($prePageKey, 'read') != 0) { 441 header('Location: ' .$_SESSION['SETS']['path']['protocol']. '://' . 442 filter_input(INPUT_SERVER, 'HTTP_HOST', FILTER_SANITIZE_STRING). 443 $_SESSION['startsite']); 444 exit; 445 } 446} 447// 448// Insert main template 449// ==================== 450if (isset($preContent) && ($preContent != '') && (!isset($preNoMain) || ($preNoMain != 1))) { 451 $arrTplOptions = array('use_preg' => false); 452 $maintp = new HTML_Template_IT($preBasePath . 'templates/'); 453 $maintp->loadTemplatefile('main.htm.tpl', true, true); 454 $maintp->setOptions($arrTplOptions); 455 $maintp->setVariable('META_DESCRIPTION', 'NagiosQL System Monitoring Administration Tool'); 456 $maintp->setVariable('AUTHOR', 'NagiosQL Team'); 457 $maintp->setVariable('LANGUAGE', 'de'); 458 $maintp->setVariable('PUBLISHER', 'NagiosQL @ Sourceforge'); 459 if ($_SESSION['logged_in'] == 1) { 460 $maintp->setVariable('ADMIN', '<a href="' . $_SESSION['SETS']['path']['base_url'] . 'admin.php" ' 461 . 'class="top-link">' .translate('Administration'). '</a>'); 462 //$maintp->setVariable("PLUGINS","<a href=\"".$_SESSION['SETS']['path']['base_url']."/plugin.php\" 463 //class=\"top-link\">".translate('Plugins')."</a>"); 464 } 465 $maintp->setVariable('BASE_PATH', $_SESSION['SETS']['path']['base_url']); 466 $maintp->setVariable('ROBOTS', 'noindex,nofollow'); 467 $maintp->setVariable('PAGETITLE', 'NagiosQL - Version ' .$setDBVersion); 468 $maintp->setVariable('IMAGEDIR', $_SESSION['SETS']['path']['base_url'] . 'images/'); 469 if (isset($prePageId) && ($intError == 0)) { 470 $maintp->setVariable('POSITION', $myVisClass->getPosition($prePageId, translate('Administration'))); 471 } 472 $maintp->parse('header'); 473 $tplHeaderVar = $maintp->get('header'); 474 // 475 // Read domain list 476 // ================ 477 if (($_SESSION['logged_in'] == 1) && ($intError == 0)) { 478 $intDomain = filter_input( 479 INPUT_POST, 480 'selDomain', 481 FILTER_VALIDATE_INT, 482 array('options' => array('default' => -1)) 483 ); 484 if ($intDomain != -1) { 485 $_SESSION['domain'] = $intDomain; 486 $myVisClass->intDomainId = $intDomain; 487 $myDataClass->intDomainId = $intDomain; 488 $myConfigClass->intDomainId = $intDomain; 489 $myContentClass->intDomainId = $intDomain; 490 } 491 $arrDataDomain = array(); 492 $strSQL = "SELECT * FROM `tbl_datadomain` WHERE `active` <> '0' ORDER BY `domain`"; 493 $booReturn = $myDBClass->hasDataArray($strSQL, $arrDataDomain, $intDataCount); 494 if ($booReturn == false) { 495 $strErrorMessage = str_replace('::', '<br>', $strErrorMessage); 496 $myVisClass->processMessage(translate('Error while selecting data from database:'), $strErrorMessage); 497 $myVisClass->processMessage($myDBClass->strErrorMessage, $strErrorMessage); 498 } else { 499 $intDomain = 0; 500 if ($intDataCount > 0) { 501 foreach ($arrDataDomain as $elem) { 502 $intIsDomain = 0; 503 // Check access rights 504 if ($myVisClass->checkAccountGroup($elem['access_group'], 'read') == 0) { 505 $maintp->setVariable('DOMAIN_VALUE', $elem['id']); 506 $maintp->setVariable('DOMAIN_TEXT', $elem['domain']); 507 if (isset($_SESSION['domain']) && ($_SESSION['domain'] == $elem['id'])) { 508 $maintp->setVariable('DOMAIN_SELECTED', 'selected'); 509 $intDomain = $elem['id']; 510 $intIsDomain = 1; 511 } 512 if ($intDomain == -1) { 513 $intDomain = $elem['id']; 514 $intIsDomain = 1; 515 } 516 $maintp->parse('domainsel'); 517 } 518 if ($intIsDomain == 0) { 519 // Select available an domain 520 $strDomAcc = $myVisClass->getAccessGroups('read'); 521 $strSQL = 'SELECT id FROM `tbl_datadomain` ' 522 . "WHERE `active` <> '0' AND `access_group` IN (".$strDomAcc. ') ' 523 . 'ORDER BY domain LIMIT 1'; 524 $booReturn = $myDBClass->hasDataArray($strSQL, $arrDataDomain, $intDataCount); 525 if ($booReturn == false) { 526 $strErrorMessage = str_replace('::', '<br>', $strErrorMessage); 527 $myVisClass->processMessage( 528 translate('Error while selecting data from database:'), 529 $strErrorMessage 530 ); 531 $myVisClass->processMessage($myDBClass->strErrorMessage, $strErrorMessage); 532 } else { 533 if ($intDataCount != 0) { 534 $intDomain = $arrDataDomain[0]['id']; 535 } 536 } 537 } 538 } 539 $maintp->setVariable('DOMAIN_INFO', translate('Domain'). ':'); 540 $maintp->parse('dselect'); 541 $tplHeaderVar .= $maintp->get('dselect'); 542 } 543 } 544 } 545 // 546 // Show login information 547 // ====================== 548 if ($_SESSION['logged_in'] == 1) { 549 $maintp->setVariable('LOGIN_INFO', translate('Logged in:'). ' ' .$_SESSION['username']); 550 $maintp->setVariable('LOGOUT_INFO', '<a href="' .$_SESSION['SETS']['path']['base_url']. 551 'index.php?logout=yes">' .translate('Logout'). '</a>'); 552 } else { 553 $maintp->setVariable('LOGOUT_INFO', ' '); 554 } 555 // 556 // Build content menu 557 // ================== 558 if (isset($prePageId) && ($prePageId != 0)) { 559 $maintp->setVariable('MAINMENU', $myVisClass->getMenu($prePageId)); 560 } 561 $maintp->parse('header2'); 562 $tplHeaderVar .= $maintp->get('header2'); 563 if (!isset($preShowHeader) || $preShowHeader == 1) { 564 echo $tplHeaderVar; 565 } 566} 567// 568// Insert content and master template 569// ====================================== 570if (isset($preContent) && ($preContent != '')) { 571 $arrTplOptions = array('use_preg' => false); 572 if (!file_exists($preBasePath . 'templates/' .$preContent) || 573 !is_readable($preBasePath . 'templates/' .$preContent)) { 574 echo '<span style="color:#F00">' .translate('Warning - template file not found or not readable, please ' 575 . 'check your file permissions! - File: '); 576 echo str_replace('//', '/', $preBasePath . 'templates/' .$preContent). '</span><br>'; 577 exit; 578 } 579 $conttp = new HTML_Template_IT($preBasePath . 'templates/'); 580 $conttp->loadTemplatefile($preContent, true, true); 581 $conttp->setOptions($arrTplOptions); 582 $strRootPath = $_SESSION['SETS']['path']['base_url']; 583 if (substr($strRootPath, -1) != '/') { 584 $conttp->setVariable('BASE_PATH', $strRootPath); 585 $conttp->setVariable('IMAGE_PATH', $strRootPath. 'images/'); 586 } else { 587 $conttp->setVariable('BASE_PATH', $strRootPath); 588 $conttp->setVariable('IMAGE_PATH', $strRootPath. 'images/'); 589 } 590 $mastertp = new HTML_Template_IT($preBasePath . 'templates/'); 591 if (isset($preListTpl) && ($preListTpl != '')) { 592 $mastertp->loadTemplatefile($preListTpl, true, true); 593 } 594 $mastertp->setOptions($arrTplOptions); 595} 596// 597// Process standard get/post parameters 598// ==================================== 599$arrSortDir = array('ASC', 'DESC'); 600$arrSortBy = array(1, 2); 601$chkModus = 'display'; 602$chkModusGet = filter_input(INPUT_GET, 'modus', 513, array('options' => array('default' => 'display'))); 603$chkOrderBy = filter_input(INPUT_GET, 'orderby', FILTER_SANITIZE_STRING); 604$chkOrderDir = filter_input(INPUT_GET, 'orderdir', FILTER_SANITIZE_STRING); 605$chkLimitGet = filter_input(INPUT_GET, 'limit', FILTER_VALIDATE_INT); 606$chkModusPost = filter_input(INPUT_POST, 'modus', 513, array('options' => array('default' => 'display'))); 607$chkHidModify = filter_input(INPUT_POST, 'hidModify', FILTER_SANITIZE_STRING); 608$chkSelModify = filter_input(INPUT_POST, 'selModify', FILTER_SANITIZE_STRING); 609$hidSortDir = filter_input(INPUT_POST, 'hidSortDir', FILTER_SANITIZE_STRING); 610$hidSortBy = filter_input(INPUT_POST, 'hidSortBy', FILTER_VALIDATE_INT); 611$chkLimit = filter_input(INPUT_POST, 'hidLimit', FILTER_VALIDATE_INT, array('options' => array('default' => 0))); 612$chkSelTarDom = filter_input(INPUT_POST, 'selTarDom', FILTER_VALIDATE_INT, array('options' => array('default' => 0))); 613$chkListId = filter_input(INPUT_POST, 'hidListId', FILTER_VALIDATE_INT, array('options' => array('default' => 0))); 614$chkDataId = filter_input(INPUT_POST, 'hidId', FILTER_VALIDATE_INT, array('options' => array('default' => 0))); 615$chkActive = filter_input(INPUT_POST, 'chbActive', FILTER_VALIDATE_INT, array('options' => array('default' => 0))); 616$chkRegister = filter_input(INPUT_POST, 'chbRegister', FILTER_VALIDATE_INT, array('options' => array('default' => 0))); 617$hidActive = filter_input(INPUT_POST, 'hidActive', FILTER_VALIDATE_INT, array('options' => array('default' => 0))); 618$hidSort = filter_input(INPUT_POST, 'hidSort', FILTER_VALIDATE_INT, array('options' => array('default' => 0))); 619$chkStatus = filter_input(INPUT_POST, 'hidStatus', FILTER_VALIDATE_INT, array('options' => array('default' => 0))); 620if ($chkModusGet != 'display') { 621 $chkModus = $chkModusGet; 622} 623if ($chkModusPost != 'display') { 624 $chkModus = $chkModusPost; 625} 626if (!in_array($hidSortDir, $arrSortDir, true)) { 627 $hidSortDir = 'ASC'; 628} 629if (!in_array($hidSortBy, $arrSortBy, true)) { 630 $hidSortBy = 1; 631} 632if (in_array($chkOrderDir, $arrSortDir, true)) { 633 $hidSortDir = $chkOrderDir; 634} 635if (in_array($chkOrderBy, $arrSortBy, true)) { 636 $hidSortBy = $chkOrderBy; 637} 638// 639// Setting some variables 640// ====================== 641if ($chkModus == 'add') { 642 $chkSelModify = ''; 643} 644if ($chkHidModify != '') { 645 $chkSelModify = $chkHidModify; 646} 647if (isset($chkLimitGet)) { 648 $chkLimit = $chkLimitGet; 649} 650if (isset($_SESSION['domain'])) { 651 $chkDomainId = $_SESSION['domain']; 652} 653if (isset($_SESSION['groupadm'])) { 654 $chkGroupAdm = $_SESSION['groupadm']; 655} 656if (isset($_SESSION['strLoginMessage'])) { 657 $_SESSION['strLoginMessage'] .= str_replace('::', '<br>', $strErrorMessage); 658} 659$myConfigClass->getDomainData('version', $intVersion); 660$myConfigClass->getDomainData('enable_common', $setEnableCommon); 661if (isset($preTableName)) { 662 if ($setEnableCommon != 0) { 663 $strDomainWhere = " (`$preTableName`.`config_id`=$chkDomainId OR `$preTableName`.`config_id`=0) "; 664 $strDomainWhere2 = " (`config_id`=$chkDomainId OR `config_id`=0) "; 665 } else { 666 $strDomainWhere = " (`$preTableName`.`config_id`=$chkDomainId) "; 667 $strDomainWhere2 = " (`config_id`=$chkDomainId) "; 668 } 669} 670// Row sort variables 671if ($hidSortDir == 'ASC') { 672 $setSortDir = 'DESC'; 673} else { 674 $setSortDir = 'ASC'; 675} 676if (isset($preContent) && ($preContent != '')) { 677 if ($hidSortBy == 2) { 678 $mastertp->setVariable('SORT_IMAGE_1', ''); 679 } else { 680 $hidSortBy = 1; 681 $mastertp->setVariable('SORT_IMAGE_2', ''); 682 } 683 $setSortPicture = $_SESSION['SETS']['path']['base_url']. 'images/sort_' .strtolower($hidSortDir). '.png'; 684 $mastertp->setVariable('SORT_DIR_' .$hidSortBy, $setSortDir); 685 $mastertp->setVariable('SORT_IMAGE_' .$hidSortBy, "<img src=\"$setSortPicture\" alt=\"$hidSortDir\" " 686 . "title=\"$hidSortDir\" width=\"15\" height=\"14\" border=\"0\">"); 687 $mastertp->setVariable('SORT_DIR', $hidSortDir); 688 $mastertp->setVariable('SORT_BY', $hidSortBy); 689} 690// 691// Set class variables 692// =================== 693if (isset($preContent) && ($preContent != '')) { 694 $myVisClass->myContentTpl = $conttp; 695 $myVisClass->intDataId = $chkListId; 696} 697