WebApps/Observium_CE
1
0
Fork 0
Code Pull Requests Activity

Commit version 24.12.13800

Browse Source
This commit is contained in:
Chris Hammer
2025-01-06 17:35:06 -05:00
parent b7f6a79c2c
commit 55d9218816
6133 changed files with 4239740 additions and 1374287 deletions
Download Patch File Download Diff File Expand all files Collapse all files

407
html/ajax/actions.php
View File

@ -6,286 +6,249 @@
*
* @package observium
* @subpackage ajax
* @copyright (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
* @copyright (C) Adam Armstrong
*
*/
$config['install_dir'] = "../..";
include_once("../../includes/observium.inc.php");
include_once("../../includes/sql-config.inc.php");
include($config['html_dir'] . "/includes/functions.inc.php");
include($config['html_dir'] . "/includes/authenticate.inc.php");
if (!$_SESSION['authenticated'])
{
print_json_status('failed', 'Unauthorized.');
exit();
if (!$_SESSION['authenticated']) {
print_json_status('failed', 'Unauthorized.');
exit();
}
$vars = get_vars([ 'JSON', 'POST' ]); // Got a JSON payload. Replace $var.
$readonly = $_SESSION['userlevel'] < 7;
$readonly = $_SESSION['userlevel'] < 7;
$limitwrite = $_SESSION['userlevel'] >= 9;
$readwrite = $_SESSION['userlevel'] >= 10;
switch ($vars['action']) {
case "theme":
$pref = 'web_theme_default';
if ($vars['value'] === 'reset') {
session_unset_var("theme");
if ($config['web_theme_default'] === 'system') {
// Override default
session_unset_var("theme_default");
}
case "theme":
$pref = 'web_theme_default';
if ($vars['value'] === 'reset') {
session_unset_var("theme");
if ($config['web_theme_default'] === 'system') {
// Override default
session_unset_var("theme_default");
}
if (del_user_pref($_SESSION['user_id'], $pref)) {
print_json_status('ok', 'Theme reset.');
}
} elseif (isset($config['themes'][$vars['value']]) || $vars['value'] === 'system') {
if (set_user_pref($_SESSION['user_id'], $pref, serialize($vars['value']))) {
print_json_status('ok', 'Theme set.');
}
} else {
print_json_status('failed', 'Invalid theme.');
}
break;
if (del_user_pref($_SESSION['user_id'], $pref)) {
print_json_status('ok', 'Theme reset.');
}
} elseif (isset($config['themes'][$vars['value']]) || $vars['value'] === 'system') {
if (set_user_pref($_SESSION['user_id'], $pref, serialize($vars['value']))) {
print_json_status('ok', 'Theme set.');
}
} else {
print_json_status('failed', 'Invalid theme.');
}
break;
case "big_graphs":
$pref = 'graphs|size';
if (set_user_pref($_SESSION['user_id'], $pref, serialize('big'))) {
print_json_status('ok', 'Big graphs set.');
session_unset_var("big_graphs"); // clear old
}
//session_set_var("big_graphs", TRUE);
//print_json_status('ok', 'Big graphs set.');
break;
case "big_graphs":
$pref = 'graphs|size';
if (set_user_pref($_SESSION['user_id'], $pref, serialize('big'))) {
print_json_status('ok', 'Big graphs set.');
session_unset_var("big_graphs"); // clear old
}
break;
case "normal_graphs":
$pref = 'graphs|size';
if (set_user_pref($_SESSION['user_id'], $pref, serialize('normal'))) {
print_json_status('ok', 'Normal graphs set.');
session_unset_var("big_graphs"); // clear old
}
//session_unset_var("big_graphs");
//print_json_status('ok', 'Small graphs set.');
break;
case "normal_graphs":
$pref = 'graphs|size';
if (set_user_pref($_SESSION['user_id'], $pref, serialize('normal'))) {
print_json_status('ok', 'Normal graphs set.');
session_unset_var("big_graphs"); // clear old
}
break;
case "touch_on":
session_set_var("touch", TRUE);
print_json_status('ok', 'Touch mode enabled.');
break;
case "touch_on":
session_set_var("touch", TRUE);
print_json_status('ok', 'Touch mode enabled.');
break;
case "touch_off":
session_unset_var("touch");
print_json_status('ok', 'Touch mode disabled.');
break;
case "touch_off":
session_unset_var("touch");
print_json_status('ok', 'Touch mode disabled.');
break;
case "set_refresh":
session_set_var("dark_mode", TRUE);
print_json_status('ok', 'Dark mode set.');
break;
case "save_grid": // Save current layout of dashboard grid
case "alert_assoc_edit":
// Currently edit allowed only for Admins
if ($readonly) {
print_json_status('failed', 'Action not allowed.');
exit();
}
// Currently edit allowed only for Admins
if (!$readwrite) {
print_json_status('failed', 'Action not allowed.');
exit();
}
foreach ($vars['grid'] as $w) {
dbUpdate(['x' => $w['x'], 'y' => $w['y'], 'width' => $w['width'], 'height' => $w['height'],], 'dash_widgets',
'`widget_id` = ?', [$w['id']]
);
}
break;
if (dbFetchRow("SELECT * FROM `alert_tests` WHERE `alert_test_id` = ?", array($vars['alert_test_id']))) {
case "add_widget": // Add widget of 'widget_type' to dashboard 'dash_id'
$rows_updated = dbUpdate([ 'alert_assoc' => $vars['alert_assoc'] ], 'alert_tests', '`alert_test_id` = ?', [ $vars['alert_test_id'] ]);
// Currently edit allowed only for Admins
if ($readonly) {
print_json_status('failed', 'Action not allowed.');
exit();
}
if ($rows_updated) {
update_alert_table($vars['alert_test_id']);
print_json_status('ok', '', [ 'id' => $vars['alert_test_id'],
'redirect' => generate_url([ 'page' => 'alert_check', 'alert_test_id' => $vars['alert_test_id'] ]) ]);
} else {
print_json_status('failed', 'Database was not updated.');
}
} else {
print_json_status('failed', 'Alert Checker does not exist: [' . $vars['alert_test_id'] . ']');
}
break;
if (isset($vars['dash_id']) && isset($vars['widget_type'])) {
$widget_id = dbInsert(['dash_id' => $vars['dash_id'], 'widget_config' => json_encode([]), 'widget_type' => $vars['widget_type']],
'dash_widgets'
);
}
case "save_grid": // Save current layout of dashboard grid
if ($widget_id) {
print_json_status('ok', '', ['id' => $widget_id]);
} else {
//print_r($vars); // For debugging
}
break;
// Currently edit allowed only for Admins
if ($readonly) {
print_json_status('failed', 'Action not allowed.');
exit();
}
case "delete_ap":
foreach ($vars['grid'] as $w) {
dbUpdate(array('x' => $w['x'], 'y' => $w['y'], 'width' => $w['width'], 'height' => $w['height'],), 'dash_widgets',
'`widget_id` = ?', array($w['id'])
);
}
break;
// Currently edit allowed only for Admins
if ($readonly) {
print_json_status('failed', 'Action not allowed.');
exit();
}
case "add_widget": // Add widget of 'widget_type' to dashboard 'dash_id'
if (is_numeric($vars['id'])) {
$rows_deleted = dbDelete('wifi_aps', '`wifi_ap_id` = ?', [$vars['id']]);
}
// Currently edit allowed only for Admins
if ($readonly) {
print_json_status('failed', 'Action not allowed.');
exit();
}
if ($rows_deleted) {
print_json_status('ok', 'AP Deleted', ['id' => $vars['id']]);
}
if (isset($vars['dash_id']) && isset($vars['widget_type'])) {
$widget_id = dbInsert(array('dash_id' => $vars['dash_id'], 'widget_config' => json_encode(array()), 'widget_type' => $vars['widget_type']),
'dash_widgets'
);
}
break;
if ($widget_id) {
print_json_status('ok', '', [ 'id' => $widget_id ]);
} else {
//print_r($vars); // For debugging
}
break;
case "del_widget":
case "delete_ap":
// Currently edit allowed only for Admins
if ($readonly) {
print_json_status('failed', 'Action not allowed.');
exit();
}
// Currently edit allowed only for Admins
if ($readonly) {
print_json_status('failed', 'Action not allowed.');
exit();
}
if (is_numeric($vars['widget_id'])) {
$rows_deleted = dbDelete('dash_widgets', '`widget_id` = ?', [$vars['widget_id']]);
}
if (is_numeric($vars['id'])) {
$rows_deleted = dbDelete('wifi_aps', '`wifi_ap_id` = ?', array($vars['id']));
}
if ($rows_deleted) {
print_json_status('ok', 'Widget Deleted.', ['id' => $vars['widget_id']]);
}
break;
if ($rows_deleted) {
print_json_status('ok', 'AP Deleted', [ 'id' => $vars['id'] ]);
}
case "dash_rename":
break;
// Currently edit allowed only for Admins
if ($readonly) {
print_json_status('failed', 'Action not allowed.');
exit();
}
case "del_widget":
if (is_numeric($vars['dash_id'])) {
$rows_updated = dbUpdate(['dash_name' => $vars['dash_name']], 'dashboards', '`dash_id` = ?', [$vars['dash_id']]);
} else {
print_json_status('failed', 'Invalid Dashboard ID.');
}
// Currently edit allowed only for Admins
if ($readonly) {
print_json_status('failed', 'Action not allowed.');
exit();
}
if ($rows_updated) {
print_json_status('ok', 'Dashboard Name Updated.', ['id' => $vars['dash_id']]);
} else {
print_json_status('failed', 'Update Failed.');
}
if (is_numeric($vars['widget_id'])) {
$rows_deleted = dbDelete('dash_widgets', '`widget_id` = ?', array($vars['widget_id']));
}
break;
if ($rows_deleted) {
print_json_status('ok', 'Widget Deleted.', [ 'id' => $vars['widget_id'] ]);
}
break;
case "dash_delete":
case "dash_rename":
// Currently edit allowed only for Admins
if ($readonly) {
print_json_status('failed', 'Action not allowed.');
exit();
}
// Currently edit allowed only for Admins
if ($readonly) {
print_json_status('failed', 'Action not allowed.');
exit();
}
if (is_numeric($vars['dash_id'])) {
$rows_deleted = dbDelete('dash_widgets', '`dash_id` = ?', [$vars['dash_id']]);
$rows_deleted += dbDelete('dashboards', '`dash_id` = ?', [$vars['dash_id']]);
} else {
print_json_status('failed', 'Invalid Dashboard ID.');
}
if (is_numeric($vars['dash_id'])) {
$rows_updated = dbUpdate(array('dash_name' => $vars['dash_name']), 'dashboards', '`dash_id` = ?', array($vars['dash_id']));
} else {
print_json_status('failed', 'Invalid Dashboard ID.');
}
if ($rows_deleted) {
print_json_status('ok', 'Dashboard Deleted.', ['id' => $vars['dash_id']]);
} else {
print_json_status('failed', 'Deletion Failed.');
}
if ($rows_updated) {
print_json_status('ok', 'Dashboard Name Updated.', [ 'id' => $vars['dash_id'] ]);
} else {
print_json_status('failed', 'Update Failed.');
}
break;
break;
case "update_widget_config":
case "dash_delete":
//print_r($vars);
// Currently edit allowed only for Admins
if ($readonly) {
print_json_status('failed', 'Action not allowed.');
exit();
}
// Currently edit allowed only for Admins
if ($readonly) {
print_json_status('failed', 'Action not allowed.');
exit();
}
if (is_numeric($vars['dash_id'])) {
$rows_deleted = dbDelete('dash_widgets', '`dash_id` = ?', array($vars['dash_id']));
$rows_deleted += dbDelete('dashboards', '`dash_id` = ?', array($vars['dash_id']));
} else {
print_json_status('failed', 'Invalid Dashboard ID.');
}
$widget = dbFetchRow("SELECT * FROM `dash_widgets` WHERE `widget_id` = ?", [$vars['widget_id']]);
$widget['widget_config'] = safe_json_decode($widget['widget_config']);
if ($rows_deleted) {
print_json_status('ok', 'Dashboard Deleted.', [ 'id' => $vars['dash_id'] ]);
} else {
print_json_status('failed', 'Deletion Failed.');
}
// Verify config value applies to this widget here
break;
$default_on = ['legend'];
case "update_widget_config":
if (isset($vars['config_field']) && isset($vars['config_value'])) {
if (empty($vars['config_value']) ||
(in_array($vars['config_field'], $default_on) && get_var_true($vars['config_value'])) ||
(!in_array($vars['config_field'], $default_on) && get_var_false($vars['config_value']))) {
// Just unset the value if it's empty or it's a default value.
unset($widget['widget_config'][$vars['config_field']]);
} else {
$widget['widget_config'][$vars['config_field']] = $vars['config_value'];
}
//print_r($vars);
dbUpdate(['widget_config' => json_encode($widget['widget_config'])], 'dash_widgets',
'`widget_id` = ?', [$widget['widget_id']]
);
// Currently edit allowed only for Admins
if ($readonly) {
print_json_status('failed', 'Action not allowed.');
exit();
}
//echo dbError();
$widget = dbFetchRow("SELECT * FROM `dash_widgets` WHERE `widget_id` = ?", array($vars['widget_id']));
$widget['widget_config'] = safe_json_decode($widget['widget_config']);
print_json_status('ok', 'Widget Updated.', ['id' => $widget['widget_id']]);
} else {
print_json_status('failed', 'Update Failed.');
}
// Verify config value applies to this widget here
break;
$default_on = [ 'legend' ];
default:
if (isset($vars['config_field']) && isset($vars['config_value'])) {
if ( empty($vars['config_value']) ||
(in_array($vars['config_field'], $default_on) && get_var_true($vars['config_value'])) ||
(!in_array($vars['config_field'], $default_on) && get_var_false($vars['config_value'])) ) {
// Just unset the value if it's empty or it's a default value.
unset($widget['widget_config'][$vars['config_field']]);
} else {
$widget['widget_config'][$vars['config_field']] = $vars['config_value'];
}
// Validate CSRF Token
//r($vars);
$json = '';
if (!str_contains_array($vars['action'], ['widget', 'dash', 'settings_user']) && // widget & dashboard currently not send request token
!request_token_valid($vars, $json)) {
$json = safe_json_decode($json);
$json['reload'] = TRUE;
print_json_status('failed', 'CSRF Token missing. Reload page.', $json);
exit();
}
unset($json);
dbUpdate(array('widget_config' => json_encode($widget['widget_config'])), 'dash_widgets',
'`widget_id` = ?', array($widget['widget_id'])
);
//echo dbError();
print_json_status('ok', 'Widget Updated.', [ 'id' => $widget['widget_id'] ]);
} else {
print_json_status('failed', 'Update Failed.');
}
break;
default:
// Validate CSRF Token
//r($vars);
$json = '';
if (!str_contains_array($vars['action'], [ 'widget', 'dash', 'settings_user' ]) && // widget & dashboard currently not send request token
!request_token_valid($vars, $json)) {
$json = safe_json_decode($json);
$json['reload'] = TRUE;
print_json_status('failed', 'CSRF Token missing. Reload page.', $json);
exit();
}
unset($json);
$action_path = __DIR__ . '/actions/'. $vars['action'] . '.inc.php';
if (is_alpha($vars['action']) && is_file($action_path))
{
include $action_path;
} else {
print_json_status('failed', 'Unknown action requested.');
}
$action_path = __DIR__ . '/actions/' . $vars['action'] . '.inc.php';
if (is_alpha($vars['action']) && is_file($action_path)) {
include $action_path;
} else {
print_json_status('failed', 'Unknown action requested.');
}
}
// EOF