1<?php
2/*
3** Zabbix
4** Copyright (C) 2001-2021 Zabbix SIA
5**
6** This program is free software; you can redistribute it and/or modify
7** it under the terms of the GNU General Public License as published by
8** the Free Software Foundation; either version 2 of the License, or
9** (at your option) any later version.
10**
11** This program is distributed in the hope that it will be useful,
12** but WITHOUT ANY WARRANTY; without even the implied warranty of
13** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14** GNU General Public License for more details.
15**
16** You should have received a copy of the GNU General Public License
17** along with this program; if not, write to the Free Software
18** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
19**/
20
21
22require_once 'include/menu.inc.php';
23
24function local_generateHeader($data) {
25	// only needed for zbx_construct_menu
26	global $page;
27
28	header('Content-Type: text/html; charset=UTF-8');
29	header('X-Content-Type-Options: nosniff');
30	header('X-XSS-Protection: 1; mode=block');
31
32	if (X_FRAME_OPTIONS !== null) {
33		if (strcasecmp(X_FRAME_OPTIONS, 'SAMEORIGIN') == 0 || strcasecmp(X_FRAME_OPTIONS, 'DENY') == 0) {
34			$x_frame_options = X_FRAME_OPTIONS;
35		}
36		else {
37			$x_frame_options = 'SAMEORIGIN';
38			$allowed_urls = explode(',', X_FRAME_OPTIONS);
39			$url_to_check = array_key_exists('HTTP_REFERER', $_SERVER)
40				? parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST)
41				: null;
42
43			if ($url_to_check) {
44				foreach ($allowed_urls as $allowed_url) {
45					if (strcasecmp(trim($allowed_url), $url_to_check) == 0) {
46						$x_frame_options = 'ALLOW-FROM '.$allowed_url;
47						break;
48					}
49				}
50			}
51		}
52
53		header('X-Frame-Options: '.$x_frame_options);
54	}
55
56	// construct menu
57	$main_menu = [];
58	$sub_menus = [];
59
60	zbx_construct_menu($main_menu, $sub_menus, $page, $data['controller']['action']);
61
62	$pageHeader = new CView('layout.htmlpage.header', [
63		'javascript' => [
64			'files' => $data['javascript']['files']
65		],
66		'page' => [
67			'title' => $data['page']['title']
68		],
69		'user' => [
70			'lang' => CWebUser::$data['lang'],
71			'theme' => CWebUser::$data['theme']
72		]
73	]);
74	echo $pageHeader->getOutput();
75
76	if ($data['fullscreen'] == 0) {
77		global $ZBX_SERVER_NAME;
78
79		$pageMenu = new CView('layout.htmlpage.menu', [
80			'server_name' => isset($ZBX_SERVER_NAME) ? $ZBX_SERVER_NAME : '',
81			'menu' => [
82				'main_menu' => $main_menu,
83				'sub_menus' => $sub_menus,
84				'selected' => $page['menu']
85			],
86			'user' => [
87				'is_guest' => CWebUser::isGuest(),
88				'alias' => CWebUser::$data['alias'],
89				'name' => CWebUser::$data['name'],
90				'surname' => CWebUser::$data['surname']
91			]
92		]);
93		echo $pageMenu->getOutput();
94	}
95
96	echo '<div class="'.ZBX_STYLE_ARTICLE.'">';
97
98	// should be replaced with addPostJS() at some point
99	zbx_add_post_js('initMessages({});');
100
101	// if a user logs in after several unsuccessful attempts, display a warning
102	if ($failedAttempts = CProfile::get('web.login.attempt.failed', 0)) {
103		$attempt_ip = CProfile::get('web.login.attempt.ip', '');
104		$attempt_date = CProfile::get('web.login.attempt.clock', 0);
105
106		$error_msg = _n('%4$s failed login attempt logged. Last failed attempt was from %1$s on %2$s at %3$s.',
107			'%4$s failed login attempts logged. Last failed attempt was from %1$s on %2$s at %3$s.',
108			$attempt_ip,
109			zbx_date2str(DATE_FORMAT, $attempt_date),
110			zbx_date2str(TIME_FORMAT, $attempt_date),
111			$failedAttempts
112		);
113		error($error_msg);
114
115		CProfile::update('web.login.attempt.failed', 0, PROFILE_TYPE_INT);
116	}
117
118	show_messages();
119}
120
121function local_generateFooter($fullscreen) {
122	$pageFooter = new CView('layout.htmlpage.footer', [
123		'fullscreen' => $fullscreen,
124		'user' => [
125			'alias' => CWebUser::$data['alias'],
126			'debug_mode' => CWebUser::$data['debug_mode']
127		]
128	]);
129	echo $pageFooter->getOutput();
130}
131
132function local_showMessage() {
133	global $ZBX_MESSAGES;
134
135	if (CSession::keyExists('messageOk') || CSession::keyExists('messageError')) {
136		if (CSession::keyExists('messages')) {
137			$ZBX_MESSAGES = CSession::getValue('messages');
138			CSession::unsetValue(['messages']);
139		}
140
141		if (CSession::keyExists('messageOk')) {
142			show_messages(true, CSession::getValue('messageOk'));
143		}
144		else {
145			show_messages(false, null, CSession::getValue('messageError'));
146		}
147
148		CSession::unsetValue(['messageOk', 'messageError']);
149	}
150}
151
152local_generateHeader($data);
153local_showMessage();
154echo $data['javascript']['pre'];
155echo $data['main_block'];
156echo $data['javascript']['post'];
157
158local_generateFooter($data['fullscreen']);
159
160show_messages();
161
162echo '</body></html>';
163