Beispiel #1
0
/**
 * Renders an "access denied" message and stops the execution of the script.
 *
 * The $mode parameters controls the layout of the message for logged in users:
 * - ACCESS_DENY_OBJECT     - render the message when denying access to a specific object
 * - ACCESS_DENY_PAGE       - render a complete access denied page
 *
 * If visitor is without any access permission then layout of the message is same as in ACCESS_DENY_PAGE mode.
 *
 * @param int $mode
 */
function access_deny($mode = ACCESS_DENY_OBJECT)
{
    // deny access to an object
    if ($mode == ACCESS_DENY_OBJECT && CWebUser::isLoggedIn()) {
        require_once dirname(__FILE__) . '/page_header.php';
        show_error_message(_('No permissions to referred object or it does not exist!'));
        require_once dirname(__FILE__) . '/page_footer.php';
    } else {
        // url to redirect the user to after he loggs in
        $url = (new CUrl(!empty($_REQUEST['request']) ? $_REQUEST['request'] : ''))->removeArgument('sid');
        $url = urlencode($url->toString());
        // if the user is logged in - render the access denied message
        if (CWebUser::isLoggedIn()) {
            $data = ['header' => _('Access denied'), 'messages' => [_s('You are logged in as "%1$s".', CWebUser::$data['alias']) . ' ' . _('You have no permissions to access this page.'), _('If you think this message is wrong, please consult your administrators about getting the necessary permissions.')], 'buttons' => []];
            // display the login button only for guest users
            if (CWebUser::isGuest()) {
                $data['buttons'][] = (new CButton('login', _('Login')))->onClick('javascript: document.location = "index.php?request=' . $url . '";');
            }
            $data['buttons'][] = (new CButton('back', _('Go to dashboard')))->onClick('javascript: document.location = "zabbix.php?action=dashboard.view"');
        } else {
            $data = ['header' => _('You are not logged in'), 'messages' => [_('You must login to view this page.'), _('If you think this message is wrong, please consult your administrators about getting the necessary permissions.')], 'buttons' => [(new CButton('login', _('Login')))->onClick('javascript: document.location = "index.php?request=' . $url . '";')]];
        }
        $data['theme'] = getUserTheme(CWebUser::$data);
        (new CView('general.warning', $data))->render();
        exit;
    }
}
Beispiel #2
0
/**
 * Renders an "access denied" message and stops the execution of the script.
 *
 * The $mode parameters controls the layout of the message:
 * - ACCESS_DENY_OBJECT     - render the message when denying access to a specific object
 * - ACCESS_DENY_PAGE       - render a complete access denied page
 *
 * @param int $mode
 */
function access_deny($mode = ACCESS_DENY_OBJECT)
{
    // deny access to an object
    if ($mode == ACCESS_DENY_OBJECT) {
        require_once dirname(__FILE__) . '/page_header.php';
        show_error_message(_('No permissions to referred object or it does not exist!'));
        require_once dirname(__FILE__) . '/page_footer.php';
    } else {
        // url to redirect the user to after he loggs in
        $url = new CUrl(!empty($_REQUEST['request']) ? $_REQUEST['request'] : '');
        $url->setArgument('sid', null);
        $url = urlencode($url->toString());
        // if the user is logged in - render the access denied message
        if (CWebUser::isLoggedIn()) {
            $header = _('Access denied.');
            $message = array(_('Your are logged in as'), ' ', bold(CWebUser::$data['alias']), '. ', _('You have no permissions to access this page.'), BR(), _('If you think this message is wrong, please consult your administrators about getting the necessary permissions.'));
            $buttons = array();
            // display the login button only for guest users
            if (CWebUser::isGuest()) {
                $buttons[] = new CButton('login', _('Login'), 'javascript: document.location = "index.php?request=' . $url . '";', 'formlist');
            }
            $buttons[] = new CButton('back', _('Go to dashboard'), 'javascript: document.location = "dashboard.php"', 'formlist');
        } else {
            $header = _('You are not logged in.');
            $message = array(_('You must login to view this page.'), BR(), _('If you think this message is wrong, please consult your administrators about getting the necessary permissions.'));
            $buttons = array(new CButton('login', _('Login'), 'javascript: document.location = "index.php?request=' . $url . '";', 'formlist'));
        }
        $warning = new CWarning($header, $message);
        $warning->setButtons($buttons);
        $warningView = new CView('general.warning', array('warning' => $warning));
        $warningView->render();
        exit;
    }
}
Beispiel #3
0
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
**/
require_once dirname(__FILE__) . '/include/config.inc.php';
require_once dirname(__FILE__) . '/include/users.inc.php';
require_once dirname(__FILE__) . '/include/forms.inc.php';
require_once dirname(__FILE__) . '/include/media.inc.php';
$page['title'] = _('User profile');
$page['file'] = 'profile.php';
$page['scripts'] = ['class.cviewswitcher.js'];
ob_start();
if (CWebUser::isGuest() || !CWebUser::isLoggedIn()) {
    access_deny(ACCESS_DENY_PAGE);
}
require_once dirname(__FILE__) . '/include/page_header.php';
$themes = array_keys(Z::getThemes());
$themes[] = THEME_DEFAULT;
//	VAR			TYPE	OPTIONAL FLAGS	VALIDATION	EXCEPTION
$fields = ['password1' => [T_ZBX_STR, O_OPT, null, null, 'isset({update}) && isset({form}) && ({form} != "update") && isset({change_password})'], 'password2' => [T_ZBX_STR, O_OPT, null, null, 'isset({update}) && isset({form}) && ({form} != "update") && isset({change_password})'], 'lang' => [T_ZBX_STR, O_OPT, null, null, null], 'theme' => [T_ZBX_STR, O_OPT, null, IN('"' . implode('","', $themes) . '"'), 'isset({update})'], 'autologin' => [T_ZBX_INT, O_OPT, null, IN('1'), null], 'autologout' => [T_ZBX_INT, O_OPT, null, BETWEEN(90, 10000), null, _('Auto-logout (min 90 seconds)')], 'autologout_visible' => [T_ZBX_STR, O_OPT, null, IN('1'), null], 'url' => [T_ZBX_STR, O_OPT, null, null, 'isset({update})'], 'refresh' => [T_ZBX_INT, O_OPT, null, BETWEEN(0, SEC_PER_HOUR), 'isset({update})', _('Refresh (in seconds)')], 'rows_per_page' => [T_ZBX_INT, O_OPT, null, BETWEEN(1, 999999), 'isset({update})', _('Rows per page')], 'change_password' => [T_ZBX_STR, O_OPT, null, null, null], 'user_medias' => [T_ZBX_STR, O_OPT, null, NOT_EMPTY, null], 'user_medias_to_del' => [T_ZBX_STR, O_OPT, null, null, null], 'new_media' => [T_ZBX_STR, O_OPT, null, null, null], 'enable_media' => [T_ZBX_INT, O_OPT, null, null, null], 'disable_media' => [T_ZBX_INT, O_OPT, null, null, null], 'messages' => [T_ZBX_STR, O_OPT, null, null, null], 'update' => [T_ZBX_STR, O_OPT, P_SYS | P_ACT, null, null], 'cancel' => [T_ZBX_STR, O_OPT, P_SYS, null, null], 'del_user_media' => [T_ZBX_STR, O_OPT, P_SYS | P_ACT, null, null], 'form' => [T_ZBX_STR, O_OPT, P_SYS, null, null], 'form_refresh' => [T_ZBX_INT, O_OPT, null, null, null]];
check_fields($fields);
$_REQUEST['autologin'] = getRequest('autologin', 0);
// secondary actions
if (isset($_REQUEST['new_media'])) {
    $_REQUEST['user_medias'] = getRequest('user_medias', []);
    array_push($_REQUEST['user_medias'], $_REQUEST['new_media']);
} elseif (isset($_REQUEST['user_medias']) && isset($_REQUEST['enable_media'])) {
    if (isset($_REQUEST['user_medias'][$_REQUEST['enable_media']])) {