if (ZBX_SESSION_ACTIVE == $session['status'] && $session['lastaccess'] + $online_time >= time()) { $online = new CCol(S_YES . ' (' . date('r', $session['lastaccess']) . ')', 'enabled'); } else { $online = new CCol(S_NO . ' (' . date('r', $session['lastaccess']) . ')', 'disabled'); } } $user['users_status'] = check_perm2system($userid); $user['gui_access'] = get_user_auth($userid); $users_status = $user['users_status'] ? S_ENABLED : S_DISABLED; $gui_access = user_auth_type2str($user['gui_access']); $users_status = new CSpan($users_status, $user['users_status'] ? 'green' : 'red'); $gui_access = new CSpan($gui_access, $user['gui_access'] == GROUP_GUI_ACCESS_DISABLED ? 'orange' : 'green'); $user['api_access'] = get_user_api_access($userid); $api_access = $user['api_access'] ? S_ENABLED : S_DISABLED; $api_access = new CSpan($api_access, $user['api_access'] == GROUP_API_ACCESS_DISABLED ? 'green' : 'orange'); $user['debug_mode'] = get_user_debug_mode($userid); $debug_mode = $user['debug_mode'] ? S_ENABLED : S_DISABLED; $debug_mode = new CSpan($debug_mode, $user['debug_mode'] == GROUP_DEBUG_MODE_DISABLED ? 'green' : 'orange'); $table->addRow(array(new CCheckBox('group_userid[' . $userid . ']', NULL, NULL, $userid), new CLink($user['alias'], 'users.php?form=update&userid=' . $userid . '#form'), $user['name'], $user['surname'], user_type2str($user['type']), isset($users_groups[$userid]) ? $users_groups[$userid] : '', $online, $gui_access, $api_access, $debug_mode, $users_status)); $row_count++; } //----- GO ------ $goBox = new CComboBox('go'); $goBox->addItem('delete', S_DELETE_SELECTED); // goButton name is necessary!!! $goButton = new CButton('goButton', S_GO . ' (0)'); $goButton->setAttribute('id', 'goButton'); zbx_add_post_js('chkbxRange.pageGoName = "group_userid";'); $table->setFooter(new CCol(array($goBox, $goButton))); //---- $form->addItem($table);
/** * Check if session ID is authenticated * * {@source} * @access public * @static * @since 1.8 * @version 1 * * @param _array $session * @param array $session['sessionid'] Session ID * @return boolean */ public static function checkAuthentication($user = null) { global $USER_DETAILS; global $ZBX_LOCALNODEID; global $ZBX_NODES; $sessionid = is_null($user) ? null : $user['sessionid']; $USER_DETAILS = NULL; $login = FALSE; if (!is_null($sessionid)) { $sql = 'SELECT u.*,s.* ' . ' FROM sessions s,users u' . ' WHERE s.sessionid=' . zbx_dbstr($sessionid) . ' AND s.status=' . ZBX_SESSION_ACTIVE . ' AND s.userid=u.userid' . ' AND ((s.lastaccess+u.autologout>' . time() . ') OR (u.autologout=0))' . ' AND ' . DBin_node('u.userid', $ZBX_LOCALNODEID); $login = $USER_DETAILS = DBfetch(DBselect($sql)); if (!$USER_DETAILS) { $incorrect_session = true; } else { if ($login['attempt_failed']) { DBexecute('UPDATE users SET attempt_failed=0 WHERE userid=' . $login['userid']); } } } if (!$USER_DETAILS && !isset($_SERVER['PHP_AUTH_USER'])) { $sql = 'SELECT u.* ' . ' FROM users u ' . ' WHERE u.alias=' . zbx_dbstr(ZBX_GUEST_USER) . ' AND ' . DBin_node('u.userid', $ZBX_LOCALNODEID); $login = $USER_DETAILS = DBfetch(DBselect($sql)); if (!$USER_DETAILS) { $missed_user_guest = true; } else { $sessionid = zbx_session_start($USER_DETAILS['userid'], ZBX_GUEST_USER, ''); } } // Perm to login, perm to system if ($login) { $login = check_perm2login($USER_DETAILS['userid']) && check_perm2system($USER_DETAILS['userid']); } if (!$login) { $USER_DETAILS = NULL; } if ($login && $sessionid && !isset($incorrect_session)) { zbx_setcookie('zbx_sessionid', $sessionid, $USER_DETAILS['autologin'] ? time() + 86400 * 31 : 0); //1 month DBexecute('UPDATE sessions SET lastaccess=' . time() . ' WHERE sessionid=' . zbx_dbstr($sessionid)); if ($USER_DETAILS['autologout'] > 0) { DBexecute('DELETE FROM sessions WHERE userid=' . $USER_DETAILS['userid'] . ' AND status=' . ZBX_SESSION_ACTIVE . ' AND lastaccess<' . (time() - $USER_DETAILS['autologout'])); } } else { self::logout($sessionid); } if ($USER_DETAILS) { if (isset($ZBX_NODES[$ZBX_LOCALNODEID])) { $USER_DETAILS['node'] = $ZBX_NODES[$ZBX_LOCALNODEID]; } else { $USER_DETAILS['node'] = array(); $USER_DETAILS['node']['name'] = '- unknown -'; $USER_DETAILS['node']['nodeid'] = $ZBX_LOCALNODEID; } $USER_DETAILS['debug_mode'] = get_user_debug_mode($USER_DETAILS['userid']); } else { $USER_DETAILS = array('alias' => ZBX_GUEST_USER, 'userid' => 0, 'lang' => 'en_gb', 'type' => '0', 'node' => array('name' => '- unknown -', 'nodeid' => 0)); } $userip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; $USER_DETAILS['userip'] = $userip; if (!$login || isset($incorrect_session) || isset($missed_user_guest)) { if (isset($incorrect_session)) { $message = 'Session terminated, re-login, please'; } else { if (isset($missed_user_guest)) { $row = DBfetch(DBselect('SELECT count(u.userid) as user_cnt FROM users u')); if (!$row || $row['user_cnt'] == 0) { $message = 'Table users is empty. Possible database corruption.'; // S_CUSER_ERROR_TABLE_USERS_EMPTY } } } if (!isset($_REQUEST['message']) && isset($message)) { $_REQUEST['message'] = $message; } return false; } return true; }
function check_authentication($sessionid = null) { global $DB; global $page; global $PHP_AUTH_USER, $PHP_AUTH_PW; global $USER_DETAILS; global $ZBX_LOCALNODEID; global $ZBX_NODES; $USER_DETAILS = NULL; $login = FALSE; if (!is_null($sessionid)) { $sql = 'SELECT u.*,s.* ' . ' FROM sessions s,users u' . ' WHERE s.sessionid=' . zbx_dbstr($sessionid) . ' AND s.status=' . ZBX_SESSION_ACTIVE . ' AND s.userid=u.userid' . ' AND ((s.lastaccess+u.autologout>' . time() . ') OR (u.autologout=0))' . ' AND ' . DBin_node('u.userid', $ZBX_LOCALNODEID); $login = $USER_DETAILS = DBfetch(DBselect($sql)); if (!$USER_DETAILS) { $incorrect_session = true; } else { if ($login['attempt_failed']) { error(new CScript(array(bold($login['attempt_failed']), 'failed login attempts logged. Last failed attempt was from ', bold($login['attempt_ip']), ' on ', bold(date('d.m.Y H:i', $login['attempt_clock'])), '.'))); DBexecute('UPDATE users SET attempt_failed=0 WHERE userid=' . $login['userid']); } } } if (!$USER_DETAILS && !isset($_SERVER['PHP_AUTH_USER'])) { $sql = 'SELECT u.* ' . ' FROM users u ' . ' WHERE u.alias=' . zbx_dbstr(ZBX_GUEST_USER) . ' AND ' . DBin_node('u.userid', $ZBX_LOCALNODEID); $login = $USER_DETAILS = DBfetch(DBselect($sql)); if (!$USER_DETAILS) { $missed_user_guest = true; } else { $sessionid = zbx_session_start($USER_DETAILS['userid'], ZBX_GUEST_USER, ''); } } if ($login) { $login = check_perm2login($USER_DETAILS['userid']) && check_perm2system($USER_DETAILS['userid']); } if (!$login) { $USER_DETAILS = NULL; } if ($login && $sessionid && !isset($incorrect_session)) { zbx_setcookie('zbx_sessionid', $sessionid, $USER_DETAILS['autologin'] ? time() + 86400 * 31 : 0); //1 month DBexecute('UPDATE sessions SET lastaccess=' . time() . ' WHERE sessionid=' . zbx_dbstr($sessionid)); } else { zbx_unsetcookie('zbx_sessionid'); DBexecute('UPDATE sessions SET status=' . ZBX_SESSION_PASSIVE . ' WHERE sessionid=' . zbx_dbstr($sessionid)); unset($sessionid); } if ($USER_DETAILS) { // $USER_DETAILS['node'] = DBfetch(DBselect('SELECT * FROM nodes WHERE nodeid='.id2nodeid($USER_DETAILS['userid']))); if (isset($ZBX_NODES[$ZBX_LOCALNODEID])) { $USER_DETAILS['node'] = $ZBX_NODES[$ZBX_LOCALNODEID]; } else { $USER_DETAILS['node'] = array(); $USER_DETAILS['node']['name'] = '- unknown -'; $USER_DETAILS['node']['nodeid'] = $ZBX_LOCALNODEID; } $USER_DETAILS['debug_mode'] = get_user_debug_mode($USER_DETAILS['userid']); } else { $USER_DETAILS = array('alias' => ZBX_GUEST_USER, 'userid' => 0, 'lang' => 'en_gb', 'type' => '0', 'node' => array('name' => '- unknown -', 'nodeid' => 0)); } $userip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; $USER_DETAILS['userip'] = $userip; if (!$login || isset($incorrect_session) || isset($missed_user_guest)) { if (isset($incorrect_session)) { $message = 'Session terminated, please re-login!'; } else { if (isset($missed_user_guest)) { $row = DBfetch(DBselect('SELECT count(u.userid) as user_cnt FROM users u')); if (!$row || $row['user_cnt'] == 0) { $message = 'Table users is empty. Possible database corruption.'; } } } if (!isset($_REQUEST['message']) && isset($message)) { $_REQUEST['message'] = $message; } return false; } return true; }