/**
* Renders an "access denied" message and stops the execution of the script.
*
* The $mode parameters controls the layout of the message for logged in users:
* - ACCESS_DENY_OBJECT - render the message when denying access to a specific object
* - ACCESS_DENY_PAGE - render a complete access denied page
*
* If visitor is without any access permission then layout of the message is same as in ACCESS_DENY_PAGE mode.
*
* @param int $mode
*/
function access_deny($mode = ACCESS_DENY_OBJECT)
{
// deny access to an object
if ($mode == ACCESS_DENY_OBJECT && CWebUser::isLoggedIn()) {
require_once dirname(__FILE__) . '/page_header.php';
show_error_message(_('No permissions to referred object or it does not exist!'));
require_once dirname(__FILE__) . '/page_footer.php';
} else {
// url to redirect the user to after he loggs in
$url = (new CUrl(!empty($_REQUEST['request']) ? $_REQUEST['request'] : ''))->removeArgument('sid');
$url = urlencode($url->toString());
// if the user is logged in - render the access denied message
if (CWebUser::isLoggedIn()) {
$data = ['header' => _('Access denied'), 'messages' => [_s('You are logged in as "%1$s".', CWebUser::$data['alias']) . ' ' . _('You have no permissions to access this page.'), _('If you think this message is wrong, please consult your administrators about getting the necessary permissions.')], 'buttons' => []];
// display the login button only for guest users
if (CWebUser::isGuest()) {
$data['buttons'][] = (new CButton('login', _('Login')))->onClick('javascript: document.location = "index.php?request=' . $url . '";');
}
$data['buttons'][] = (new CButton('back', _('Go to dashboard')))->onClick('javascript: document.location = "zabbix.php?action=dashboard.view"');
} else {
$data = ['header' => _('You are not logged in'), 'messages' => [_('You must login to view this page.'), _('If you think this message is wrong, please consult your administrators about getting the necessary permissions.')], 'buttons' => [(new CButton('login', _('Login')))->onClick('javascript: document.location = "index.php?request=' . $url . '";')]];
}
$data['theme'] = getUserTheme(CWebUser::$data);
(new CView('general.warning', $data))->render();
exit;
}
}
/**
* Renders an "access denied" message and stops the execution of the script.
*
* The $mode parameters controls the layout of the message:
* - ACCESS_DENY_OBJECT - render the message when denying access to a specific object
* - ACCESS_DENY_PAGE - render a complete access denied page
*
* @param int $mode
*/
function access_deny($mode = ACCESS_DENY_OBJECT)
{
// deny access to an object
if ($mode == ACCESS_DENY_OBJECT) {
require_once dirname(__FILE__) . '/page_header.php';
show_error_message(_('No permissions to referred object or it does not exist!'));
require_once dirname(__FILE__) . '/page_footer.php';
} else {
// url to redirect the user to after he loggs in
$url = new CUrl(!empty($_REQUEST['request']) ? $_REQUEST['request'] : '');
$url->setArgument('sid', null);
$url = urlencode($url->toString());
// if the user is logged in - render the access denied message
if (CWebUser::isLoggedIn()) {
$header = _('Access denied.');
$message = array(_('Your are logged in as'), ' ', bold(CWebUser::$data['alias']), '. ', _('You have no permissions to access this page.'), BR(), _('If you think this message is wrong, please consult your administrators about getting the necessary permissions.'));
$buttons = array();
// display the login button only for guest users
if (CWebUser::isGuest()) {
$buttons[] = new CButton('login', _('Login'), 'javascript: document.location = "index.php?request=' . $url . '";', 'formlist');
}
$buttons[] = new CButton('back', _('Go to dashboard'), 'javascript: document.location = "dashboard.php"', 'formlist');
} else {
$header = _('You are not logged in.');
$message = array(_('You must login to view this page.'), BR(), _('If you think this message is wrong, please consult your administrators about getting the necessary permissions.'));
$buttons = array(new CButton('login', _('Login'), 'javascript: document.location = "index.php?request=' . $url . '";', 'formlist'));
}
$warning = new CWarning($header, $message);
$warning->setButtons($buttons);
$warningView = new CView('general.warning', array('warning' => $warning));
$warningView->render();
exit;
}
}
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
**/
require_once dirname(__FILE__) . '/include/config.inc.php';
require_once dirname(__FILE__) . '/include/users.inc.php';
require_once dirname(__FILE__) . '/include/forms.inc.php';
require_once dirname(__FILE__) . '/include/media.inc.php';
$page['title'] = _('User profile');
$page['file'] = 'profile.php';
$page['scripts'] = ['class.cviewswitcher.js'];
ob_start();
if (CWebUser::isGuest() || !CWebUser::isLoggedIn()) {
access_deny(ACCESS_DENY_PAGE);
}
require_once dirname(__FILE__) . '/include/page_header.php';
$themes = array_keys(Z::getThemes());
$themes[] = THEME_DEFAULT;
// VAR TYPE OPTIONAL FLAGS VALIDATION EXCEPTION
$fields = ['password1' => [T_ZBX_STR, O_OPT, null, null, 'isset({update}) && isset({form}) && ({form} != "update") && isset({change_password})'], 'password2' => [T_ZBX_STR, O_OPT, null, null, 'isset({update}) && isset({form}) && ({form} != "update") && isset({change_password})'], 'lang' => [T_ZBX_STR, O_OPT, null, null, null], 'theme' => [T_ZBX_STR, O_OPT, null, IN('"' . implode('","', $themes) . '"'), 'isset({update})'], 'autologin' => [T_ZBX_INT, O_OPT, null, IN('1'), null], 'autologout' => [T_ZBX_INT, O_OPT, null, BETWEEN(90, 10000), null, _('Auto-logout (min 90 seconds)')], 'autologout_visible' => [T_ZBX_STR, O_OPT, null, IN('1'), null], 'url' => [T_ZBX_STR, O_OPT, null, null, 'isset({update})'], 'refresh' => [T_ZBX_INT, O_OPT, null, BETWEEN(0, SEC_PER_HOUR), 'isset({update})', _('Refresh (in seconds)')], 'rows_per_page' => [T_ZBX_INT, O_OPT, null, BETWEEN(1, 999999), 'isset({update})', _('Rows per page')], 'change_password' => [T_ZBX_STR, O_OPT, null, null, null], 'user_medias' => [T_ZBX_STR, O_OPT, null, NOT_EMPTY, null], 'user_medias_to_del' => [T_ZBX_STR, O_OPT, null, null, null], 'new_media' => [T_ZBX_STR, O_OPT, null, null, null], 'enable_media' => [T_ZBX_INT, O_OPT, null, null, null], 'disable_media' => [T_ZBX_INT, O_OPT, null, null, null], 'messages' => [T_ZBX_STR, O_OPT, null, null, null], 'update' => [T_ZBX_STR, O_OPT, P_SYS | P_ACT, null, null], 'cancel' => [T_ZBX_STR, O_OPT, P_SYS, null, null], 'del_user_media' => [T_ZBX_STR, O_OPT, P_SYS | P_ACT, null, null], 'form' => [T_ZBX_STR, O_OPT, P_SYS, null, null], 'form_refresh' => [T_ZBX_INT, O_OPT, null, null, null]];
check_fields($fields);
$_REQUEST['autologin'] = getRequest('autologin', 0);
// secondary actions
if (isset($_REQUEST['new_media'])) {
$_REQUEST['user_medias'] = getRequest('user_medias', []);
array_push($_REQUEST['user_medias'], $_REQUEST['new_media']);
} elseif (isset($_REQUEST['user_medias']) && isset($_REQUEST['enable_media'])) {
if (isset($_REQUEST['user_medias'][$_REQUEST['enable_media']])) {