1<?php 2/* 3** Zabbix 4** Copyright (C) 2001-2021 Zabbix SIA 5** 6** This program is free software; you can redistribute it and/or modify 7** it under the terms of the GNU General Public License as published by 8** the Free Software Foundation; either version 2 of the License, or 9** (at your option) any later version. 10** 11** This program is distributed in the hope that it will be useful, 12** but WITHOUT ANY WARRANTY; without even the implied warranty of 13** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14** GNU General Public License for more details. 15** 16** You should have received a copy of the GNU General Public License 17** along with this program; if not, write to the Free Software 18** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19**/ 20 21 22require_once 'include/menu.inc.php'; 23 24function local_generateHeader($data) { 25 // only needed for zbx_construct_menu 26 global $page; 27 28 header('Content-Type: text/html; charset=UTF-8'); 29 header('X-Content-Type-Options: nosniff'); 30 header('X-XSS-Protection: 1; mode=block'); 31 32 if (X_FRAME_OPTIONS !== null) { 33 if (strcasecmp(X_FRAME_OPTIONS, 'SAMEORIGIN') == 0 || strcasecmp(X_FRAME_OPTIONS, 'DENY') == 0) { 34 $x_frame_options = X_FRAME_OPTIONS; 35 } 36 else { 37 $x_frame_options = 'SAMEORIGIN'; 38 $allowed_urls = explode(',', X_FRAME_OPTIONS); 39 $url_to_check = array_key_exists('HTTP_REFERER', $_SERVER) 40 ? parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) 41 : null; 42 43 if ($url_to_check) { 44 foreach ($allowed_urls as $allowed_url) { 45 if (strcasecmp(trim($allowed_url), $url_to_check) == 0) { 46 $x_frame_options = 'ALLOW-FROM '.$allowed_url; 47 break; 48 } 49 } 50 } 51 } 52 53 header('X-Frame-Options: '.$x_frame_options); 54 } 55 56 // construct menu 57 $main_menu = []; 58 $sub_menus = []; 59 60 zbx_construct_menu($main_menu, $sub_menus, $page, $data['controller']['action']); 61 62 $pageHeader = new CView('layout.htmlpage.header', [ 63 'javascript' => [ 64 'files' => $data['javascript']['files'] 65 ], 66 'page' => [ 67 'title' => $data['page']['title'] 68 ], 69 'user' => [ 70 'lang' => CWebUser::$data['lang'], 71 'theme' => CWebUser::$data['theme'] 72 ] 73 ]); 74 echo $pageHeader->getOutput(); 75 76 if ($data['fullscreen'] == 0) { 77 global $ZBX_SERVER_NAME; 78 79 $pageMenu = new CView('layout.htmlpage.menu', [ 80 'server_name' => isset($ZBX_SERVER_NAME) ? $ZBX_SERVER_NAME : '', 81 'menu' => [ 82 'main_menu' => $main_menu, 83 'sub_menus' => $sub_menus, 84 'selected' => $page['menu'] 85 ], 86 'user' => [ 87 'is_guest' => CWebUser::isGuest(), 88 'alias' => CWebUser::$data['alias'], 89 'name' => CWebUser::$data['name'], 90 'surname' => CWebUser::$data['surname'] 91 ] 92 ]); 93 echo $pageMenu->getOutput(); 94 } 95 96 echo '<div class="'.ZBX_STYLE_ARTICLE.'">'; 97 98 // should be replaced with addPostJS() at some point 99 zbx_add_post_js('initMessages({});'); 100 101 // if a user logs in after several unsuccessful attempts, display a warning 102 if ($failedAttempts = CProfile::get('web.login.attempt.failed', 0)) { 103 $attempt_ip = CProfile::get('web.login.attempt.ip', ''); 104 $attempt_date = CProfile::get('web.login.attempt.clock', 0); 105 106 $error_msg = _n('%4$s failed login attempt logged. Last failed attempt was from %1$s on %2$s at %3$s.', 107 '%4$s failed login attempts logged. Last failed attempt was from %1$s on %2$s at %3$s.', 108 $attempt_ip, 109 zbx_date2str(DATE_FORMAT, $attempt_date), 110 zbx_date2str(TIME_FORMAT, $attempt_date), 111 $failedAttempts 112 ); 113 error($error_msg); 114 115 CProfile::update('web.login.attempt.failed', 0, PROFILE_TYPE_INT); 116 } 117 118 show_messages(); 119} 120 121function local_generateFooter($fullscreen) { 122 $pageFooter = new CView('layout.htmlpage.footer', [ 123 'fullscreen' => $fullscreen, 124 'user' => [ 125 'alias' => CWebUser::$data['alias'], 126 'debug_mode' => CWebUser::$data['debug_mode'] 127 ] 128 ]); 129 echo $pageFooter->getOutput(); 130} 131 132function local_showMessage() { 133 global $ZBX_MESSAGES; 134 135 if (CSession::keyExists('messageOk') || CSession::keyExists('messageError')) { 136 if (CSession::keyExists('messages')) { 137 $ZBX_MESSAGES = CSession::getValue('messages'); 138 CSession::unsetValue(['messages']); 139 } 140 141 if (CSession::keyExists('messageOk')) { 142 show_messages(true, CSession::getValue('messageOk')); 143 } 144 else { 145 show_messages(false, null, CSession::getValue('messageError')); 146 } 147 148 CSession::unsetValue(['messageOk', 'messageError']); 149 } 150} 151 152local_generateHeader($data); 153local_showMessage(); 154echo $data['javascript']['pre']; 155echo $data['main_block']; 156echo $data['javascript']['post']; 157 158local_generateFooter($data['fullscreen']); 159 160show_messages(); 161 162echo '</body></html>'; 163