/** * Delete Maintenances. * * @param array $maintenanceids * * @return array */ public function delete(array $maintenanceids) { if (self::$userData['type'] == USER_TYPE_ZABBIX_USER) { self::exception(ZBX_API_ERROR_PERMISSIONS, _('You do not have permission to perform this operation.')); } $options = ['output' => ['maintenanceid', 'name'], 'maintenanceids' => $maintenanceids, 'editable' => true, 'preservekeys' => true]; $maintenances = $this->get($options); foreach ($maintenanceids as $maintenanceid) { if (!isset($maintenances[$maintenanceid])) { self::exception(ZBX_API_ERROR_PERMISSIONS, _('You do not have permission to perform this operation.')); } } $timeperiodids = []; $dbTimeperiods = DBselect('SELECT DISTINCT tp.timeperiodid' . ' FROM timeperiods tp,maintenances_windows mw' . ' WHERE ' . dbConditionInt('mw.maintenanceid', $maintenanceids) . ' AND tp.timeperiodid=mw.timeperiodid'); while ($timeperiod = DBfetch($dbTimeperiods)) { $timeperiodids[] = $timeperiod['timeperiodid']; } $midCond = ['maintenanceid' => $maintenanceids]; // remove maintenanceid from hosts table $options = ['real_hosts' => true, 'output' => ['hostid'], 'filter' => ['maintenanceid' => $maintenanceids]]; $hosts = API::Host()->get($options); if (!empty($hosts)) { DB::update('hosts', ['values' => ['maintenanceid' => 0], 'where' => ['hostid' => zbx_objectValues($hosts, 'hostid')]]); } DB::delete('timeperiods', ['timeperiodid' => $timeperiodids]); DB::delete('maintenances_windows', $midCond); DB::delete('maintenances_hosts', $midCond); DB::delete('maintenances_groups', $midCond); DB::delete('maintenances', $midCond); foreach ($maintenances as $maintenanceid => $maintenance) { add_audit_details(AUDIT_ACTION_DELETE, AUDIT_RESOURCE_MAINTENANCE, $maintenanceid, $maintenance['name'], null); } return ['maintenanceids' => $maintenanceids]; }
$rmv_row = get_request('rmv_row', 0); DBexecute('UPDATE screens SET vsize=(vsize-1) WHERE screenid=' . zbx_dbstr($screen['screenid'])); DBexecute('DELETE FROM screens_items WHERE screenid=' . zbx_dbstr($screen['screenid']) . ' AND y=' . zbx_dbstr($rmv_row)); DBexecute('UPDATE screens_items SET y=(y-1) WHERE screenid=' . zbx_dbstr($screen['screenid']) . ' AND y>' . zbx_dbstr($rmv_row)); add_audit_details(AUDIT_ACTION_UPDATE, AUDIT_RESOURCE_SCREEN, $screen['screenid'], $screen['name'], 'Row deleted'); } else { error(_('Screen should contain at least one row and column.')); show_error_message(_('Impossible to remove last row and column.')); } } elseif (isset($_REQUEST['rmv_col'])) { if ($screen['hsize'] > 1) { $rmv_col = get_request('rmv_col', 0); DBexecute('UPDATE screens SET hsize=(hsize-1) WHERE screenid=' . zbx_dbstr($screen['screenid'])); DBexecute('DELETE FROM screens_items WHERE screenid=' . zbx_dbstr($screen['screenid']) . ' AND x=' . zbx_dbstr($rmv_col)); DBexecute('UPDATE screens_items SET x=(x-1) WHERE screenid=' . zbx_dbstr($screen['screenid']) . ' AND x>' . zbx_dbstr($rmv_col)); add_audit_details(AUDIT_ACTION_UPDATE, AUDIT_RESOURCE_SCREEN, $screen['screenid'], $screen['name'], 'Column deleted'); } else { error(_('Screen should contain at least one row and column.')); show_error_message(_('Impossible to remove last row and column.')); } } /* * Display */ $data = array('screenid' => get_request('screenid', 0)); // getting updated screen, so we wont have to refresh the page to see changes $data['screen'] = API::Screen()->get($options); if (empty($data['screen'])) { $data['screen'] = API::TemplateScreen()->get($options); if (empty($data['screen'])) { access_deny();
$screenids[] = $_REQUEST['screenid']; } $screens = API::Screen()->get(array('screenids' => $screenids, 'output' => API_OUTPUT_EXTEND, 'editable' => true)); if (!empty($screens)) { $goResult = API::Screen()->delete($screenids); if ($goResult) { foreach ($screens as $screen) { add_audit_details(AUDIT_ACTION_DELETE, AUDIT_RESOURCE_SCREEN, $screen['screenid'], $screen['name']); } } } else { $goResult = API::TemplateScreen()->delete($screenids); if ($goResult) { $templatedScreens = API::TemplateScreen()->get(array('screenids' => $screenids, 'output' => API_OUTPUT_EXTEND, 'editable' => true)); foreach ($templatedScreens as $screen) { add_audit_details(AUDIT_ACTION_DELETE, AUDIT_RESOURCE_SCREEN, $screen['screenid'], $screen['name']); } } } if ($goResult) { unset($_REQUEST['screenid'], $_REQUEST['form']); } show_messages($goResult, _('Screen deleted'), _('Cannot delete screen')); clearCookies($goResult); } /* * Display */ if (isset($_REQUEST['form'])) { $data = array('form' => get_request('form', null), 'screenid' => get_request('screenid', null), 'templateid' => get_request('templateid', null)); // screen
** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. **/ require_once dirname(__FILE__) . '/include/config.inc.php'; require_once dirname(__FILE__) . '/include/forms.inc.php'; $page['title'] = _('ZABBIX'); $page['file'] = 'index.php'; // VAR TYPE OPTIONAL FLAGS VALIDATION EXCEPTION $fields = ['name' => [T_ZBX_STR, O_NO, null, null, 'isset({enter})', _('Username')], 'password' => [T_ZBX_STR, O_OPT, null, null, 'isset({enter})'], 'sessionid' => [T_ZBX_STR, O_OPT, null, null, null], 'reconnect' => [T_ZBX_INT, O_OPT, P_SYS | P_ACT, BETWEEN(0, 65535), null], 'enter' => [T_ZBX_STR, O_OPT, P_SYS, null, null], 'autologin' => [T_ZBX_INT, O_OPT, null, null, null], 'request' => [T_ZBX_STR, O_OPT, null, null, null]]; check_fields($fields); // logout if (isset($_REQUEST['reconnect'])) { DBstart(); add_audit_details(AUDIT_ACTION_LOGOUT, AUDIT_RESOURCE_USER, CWebUser::$data['userid'], '', _('Manual Logout'), CWebUser::$data['userid']); DBend(true); CWebUser::logout(); redirect('index.php'); } $config = select_config(); if ($config['authentication_type'] == ZBX_AUTH_HTTP) { if (!empty($_SERVER['PHP_AUTH_USER'])) { $_REQUEST['enter'] = _('Sign in'); $_REQUEST['name'] = $_SERVER['PHP_AUTH_USER']; } else { access_deny(ACCESS_DENY_PAGE); } } // login via form if (isset($_REQUEST['enter']) && $_REQUEST['enter'] == _('Sign in')) {
$screenItem['y'] = getRequest('y'); $result = API::ScreenItem()->create($screenItem); } if ($result) { add_audit_details(AUDIT_ACTION_UPDATE, AUDIT_RESOURCE_SCREEN, $screen['screenid'], $screen['name'], 'Cell changed ' . (hasRequest('screenitemid') ? 'screen itemid "' . getRequest('screenitemid') . '"' : '') . (hasRequest('x') && hasRequest('y') ? ' coordinates "' . getRequest('x') . ',' . getRequest('y') . '"' : '') . (hasRequest('resourcetype') ? ' resource type "' . getRequest('resourcetype') . '"' : '')); unset($_REQUEST['form']); } $result = DBend($result); show_messages($result, _('Screen updated'), _('Cannot update screen')); } elseif (hasRequest('delete')) { DBstart(); $screenitemid = API::ScreenItem()->delete([getRequest('screenitemid')]); if ($screenitemid) { $screenitemid = reset($screenitemid); $screenitemid = reset($screenitemid); add_audit_details(AUDIT_ACTION_DELETE, AUDIT_RESOURCE_SCREEN, $screen['screenid'], $screen['name'], 'Screen itemid "' . $screenitemid . '"'); } unset($_REQUEST['x']); $result = DBend($screenitemid); show_messages($result, _('Screen updated'), _('Cannot update screen')); } elseif (hasRequest('add_row')) { addScreenRow($screen, getRequest('add_row')); } elseif (hasRequest('add_col')) { addScreenColumn($screen, getRequest('add_col')); } elseif (hasRequest('rmv_row')) { delScreenRow($screen, getRequest('rmv_row')); } elseif (hasRequest('rmv_col')) { delScreenColumn($screen, getRequest('rmv_col')); } show_messages(); /*
/** * Disable actions. * * @param array $actionids */ protected function disableActions(array $actionids) { $update = ['values' => ['status' => ACTION_STATUS_DISABLED], 'where' => ['actionid' => $actionids]]; DB::update('actions', $update); foreach ($actionids as $actionid) { add_audit_details(AUDIT_ACTION_DISABLE, AUDIT_RESOURCE_ACTION, $actionid, '', _('Action disabled due to deletion of user group.'), null); } }
/** * Login user. * * @param array $user * @param array $user['user'] User alias * @param array $user['password'] User password * * @return string session id */ public function login($user) { $name = $user['user']; $password = md5($user['password']); $userInfo = DBfetch(DBselect('SELECT u.userid,u.attempt_failed,u.attempt_clock,u.attempt_ip' . ' FROM users u' . ' WHERE u.alias=' . zbx_dbstr($name))); if (!$userInfo) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Login name or password is incorrect.')); } // check if user is blocked if ($userInfo['attempt_failed'] >= ZBX_LOGIN_ATTEMPTS) { if (time() - $userInfo['attempt_clock'] < ZBX_LOGIN_BLOCK) { self::exception(ZBX_API_ERROR_PARAMETERS, _s('Account is blocked for %s seconds', ZBX_LOGIN_BLOCK - (time() - $userInfo['attempt_clock']))); } DBexecute('UPDATE users SET attempt_clock=' . time() . ' WHERE alias=' . zbx_dbstr($name)); } // check system permissions if (!check_perm2system($userInfo['userid'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('No permissions for system access.')); } $dbAccess = DBfetch(DBselect('SELECT MAX(g.gui_access) AS gui_access' . ' FROM usrgrp g,users_groups ug' . ' WHERE ug.userid=' . zbx_dbstr($userInfo['userid']) . ' AND g.usrgrpid=ug.usrgrpid')); if (zbx_empty($dbAccess['gui_access'])) { $guiAccess = GROUP_GUI_ACCESS_SYSTEM; } else { $guiAccess = $dbAccess['gui_access']; } $config = select_config(); $authType = $config['authentication_type']; switch ($guiAccess) { case GROUP_GUI_ACCESS_INTERNAL: $authType = $authType == ZBX_AUTH_HTTP ? ZBX_AUTH_HTTP : ZBX_AUTH_INTERNAL; break; case GROUP_GUI_ACCESS_DISABLED: /* fall through */ /* fall through */ case GROUP_GUI_ACCESS_SYSTEM: /* fall through */ } if ($authType == ZBX_AUTH_HTTP) { // if PHP_AUTH_USER is not set, it means that HTTP authentication is not enabled if (!isset($_SERVER['PHP_AUTH_USER'])) { self::exception(ZBX_API_ERROR_PARAMETERS, _('Cannot login.')); } elseif ($name !== $_SERVER['PHP_AUTH_USER']) { self::exception(ZBX_API_ERROR_PARAMETERS, _s('Login name "%1$s" does not match the name "%2$s" used to pass HTTP authentication.', $name, $_SERVER['PHP_AUTH_USER'])); } } try { switch ($authType) { case ZBX_AUTH_LDAP: $this->ldapLogin($user); break; case ZBX_AUTH_INTERNAL: $this->dbLogin($user); break; case ZBX_AUTH_HTTP: } } catch (APIException $e) { $ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; $userInfo['attempt_failed']++; DBexecute('UPDATE users' . ' SET attempt_failed=' . zbx_dbstr($userInfo['attempt_failed']) . ',' . ' attempt_clock=' . time() . ',' . ' attempt_ip=' . zbx_dbstr($ip) . ' WHERE userid=' . zbx_dbstr($userInfo['userid'])); add_audit_details(AUDIT_ACTION_LOGIN, AUDIT_RESOURCE_USER, $userInfo['userid'], '', _s('Login failed "%s".', $name), $userInfo['userid']); self::exception(ZBX_API_ERROR_PARAMETERS, $e->getMessage()); } // start session $sessionid = md5(time() . $password . $name . rand(0, 10000000)); DBexecute('INSERT INTO sessions (sessionid,userid,lastaccess,status)' . ' VALUES (' . zbx_dbstr($sessionid) . ',' . zbx_dbstr($userInfo['userid']) . ',' . time() . ',' . ZBX_SESSION_ACTIVE . ')'); $userData = $this->_getUserData($userInfo['userid']); $userData['sessionid'] = $sessionid; $userData['gui_access'] = $guiAccess; $userData['userid'] = $userInfo['userid']; if ($userInfo['attempt_failed']) { DBexecute('UPDATE users SET attempt_failed=0 WHERE userid=' . zbx_dbstr($userInfo['userid'])); } CWebUser::$data = self::$userData = $userData; return isset($user['userData']) ? $userData : $userData['sessionid']; }
/** * Remove screen column. * * @param array $screen * @param int $col_num */ function delScreenColumn(array $screen, $col_num) { foreach ($screen['screenitems'] as $key => &$screen_item) { if ($screen_item['x'] == $col_num) { unset($screen['screenitems'][$key]); } elseif ($screen_item['x'] > $col_num) { $screen_item['x']--; } } unset($screen_item); DBstart(); $result = API::Screen()->update(['screenid' => $screen['screenid'], 'hsize' => $screen['hsize'] - 1, 'screenitems' => $screen['screenitems']]); if ($result) { add_audit_details(AUDIT_ACTION_UPDATE, AUDIT_RESOURCE_SCREEN, $screen['screenid'], $screen['name'], _('Column deleted')); } DBend($result); }