1<?php
2/*
3** Zabbix
4** Copyright (C) 2001-2021 Zabbix SIA
5**
6** This program is free software; you can redistribute it and/or modify
7** it under the terms of the GNU General Public License as published by
8** the Free Software Foundation; either version 2 of the License, or
9** (at your option) any later version.
10**
11** This program is distributed in the hope that it will be useful,
12** but WITHOUT ANY WARRANTY; without even the implied warranty of
13** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14** GNU General Public License for more details.
15**
16** You should have received a copy of the GNU General Public License
17** along with this program; if not, write to the Free Software
18** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
19**/
20
21
22require_once 'include/menu.inc.php';
23
24function local_generateHeader($data) {
25	// only needed for zbx_construct_menu
26	global $page;
27
28	header('Content-Type: text/html; charset=UTF-8');
29	header('X-Content-Type-Options: nosniff');
30	header('X-XSS-Protection: 1; mode=block');
31
32	if (X_FRAME_OPTIONS !== null) {
33		if (strcasecmp(X_FRAME_OPTIONS, 'SAMEORIGIN') == 0 || strcasecmp(X_FRAME_OPTIONS, 'DENY') == 0) {
34			$x_frame_options = X_FRAME_OPTIONS;
35		}
36		else {
37			$x_frame_options = 'SAMEORIGIN';
38			$allowed_urls = explode(',', X_FRAME_OPTIONS);
39			$url_to_check = array_key_exists('HTTP_REFERER', $_SERVER)
40				? parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST)
41				: null;
42
43			if ($url_to_check) {
44				foreach ($allowed_urls as $allowed_url) {
45					if (strcasecmp(trim($allowed_url), $url_to_check) == 0) {
46						$x_frame_options = 'ALLOW-FROM '.$allowed_url;
47						break;
48					}
49				}
50			}
51		}
52
53		header('X-Frame-Options: '.$x_frame_options);
54	}
55
56
57	// construct menu
58	$main_menu = [];
59	$sub_menus = [];
60
61	zbx_construct_menu($main_menu, $sub_menus, $page, $data['controller']['action']);
62
63	$pageHeader = new CView('layout.htmlpage.header', [
64		'javascript' => [
65			'files' => $data['javascript']['files']
66		],
67		'page' => [
68			'title' => $data['page']['title']
69		],
70		'user' => [
71			'lang' => CWebUser::$data['lang'],
72			'theme' => CWebUser::$data['theme']
73		],
74		'web_layout_mode' => $data['web_layout_mode']
75	]);
76	echo $pageHeader->getOutput();
77
78	if ($data['web_layout_mode'] === ZBX_LAYOUT_NORMAL) {
79		global $ZBX_SERVER_NAME;
80
81		$pageMenu = new CView('layout.htmlpage.menu', [
82			'server_name' => isset($ZBX_SERVER_NAME) ? $ZBX_SERVER_NAME : '',
83			'menu' => [
84				'main_menu' => $main_menu,
85				'sub_menus' => $sub_menus,
86				'selected' => $page['menu']
87			],
88			'user' => [
89				'is_guest' => CWebUser::isGuest(),
90				'alias' => CWebUser::$data['alias'],
91				'name' => CWebUser::$data['name'],
92				'surname' => CWebUser::$data['surname']
93			],
94			'support_url' => getSupportUrl(CWebUser::getLang())
95		]);
96		echo $pageMenu->getOutput();
97	}
98
99	echo '<main>';
100
101	// if a user logs in after several unsuccessful attempts, display a warning
102	if ($failedAttempts = CProfile::get('web.login.attempt.failed', 0)) {
103		$attempt_ip = CProfile::get('web.login.attempt.ip', '');
104		$attempt_date = CProfile::get('web.login.attempt.clock', 0);
105
106		$error_msg = _n('%4$s failed login attempt logged. Last failed attempt was from %1$s on %2$s at %3$s.',
107			'%4$s failed login attempts logged. Last failed attempt was from %1$s on %2$s at %3$s.',
108			$attempt_ip,
109			zbx_date2str(DATE_FORMAT, $attempt_date),
110			zbx_date2str(TIME_FORMAT, $attempt_date),
111			$failedAttempts
112		);
113		error($error_msg);
114
115		CProfile::update('web.login.attempt.failed', 0, PROFILE_TYPE_INT);
116	}
117
118	show_messages();
119}
120
121function local_generateFooter($data) {
122	$pageFooter = new CView('layout.htmlpage.footer', [
123		'user' => [
124			'alias' => CWebUser::$data['alias'],
125			'debug_mode' => CWebUser::$data['debug_mode']
126		],
127		'web_layout_mode' => $data['web_layout_mode']
128	]);
129	echo '</main>'."\n";
130	echo $pageFooter->getOutput();
131}
132
133function local_showMessage() {
134	global $ZBX_MESSAGES;
135
136	if (CSession::keyExists('messageOk') || CSession::keyExists('messageError')) {
137		if (CSession::keyExists('messages')) {
138			$ZBX_MESSAGES = CSession::getValue('messages');
139			CSession::unsetValue(['messages']);
140		}
141
142		if (CSession::keyExists('messageOk')) {
143			show_messages(true, CSession::getValue('messageOk'));
144		}
145		else {
146			show_messages(false, null, CSession::getValue('messageError'));
147		}
148
149		CSession::unsetValue(['messageOk', 'messageError']);
150	}
151}
152
153$data['web_layout_mode'] = CView::getLayoutMode();
154
155local_generateHeader($data);
156local_showMessage();
157echo $data['javascript']['pre'];
158echo $data['main_block'];
159echo $data['javascript']['post'];
160local_generateFooter($data);
161show_messages();
162
163echo '</body></html>';
164