Fixed the lost hash user in the links from metaconsole to the nodes.

pandora_console/ajax.php

@@ -30,7 +30,7 @@
 if (isset ($_GET["loginhash"])) {
 
 	$loginhash_data = get_parameter("loginhash_data", "");
-	$loginhash_user = get_parameter("loginhash_user", "");
+	$loginhash_user = str_rot13(get_parameter("loginhash_user", ""));
 
 	if ($config["loginhash_pwd"] != ""
 		&& $loginhash_data == md5($loginhash_user.$config["loginhash_pwd"])) {

pandora_console/extras/sample_login.php

@@ -10,6 +10,6 @@
 echo "DEBUG md5sum $data user $user Pass $pwd<br>";
 echo '<form name=test method=post action="http://192.168.61.41/pandora_console/index.php?loginhash=auto&sec=estado&sec2=operation/agentes/estado_agente&refr=60">';
 echo '<input type="hidden" name="loginhash_data" value="'.$data.'">';
-echo '<input type="hidden" name="loginhash_user" value="'.$user.'">';
+echo '<input type="hidden" name="loginhash_user" value="' . str_rot13($user) . '">';
 echo '<input type="submit">';
 echo '</form>';

pandora_console/include/ajax/reporting.ajax.php

@@ -191,8 +191,8 @@
 	}
 
 	$pwd = $auth_token; // Create HASH login info
-	$user = $config["id_user"];
-	$hashdata = $user.$pwd;
+	$user = str_rot13($config["id_user"]);
+	$hashdata = $user . $pwd;
 	$hashdata = md5($hashdata);
 	$url_hash = "&loginhash=auto&loginhash_data=$hashdata&loginhash_user=$user";
 

pandora_console/include/functions_events.php

@@ -1801,7 +1801,10 @@ function events_page_details ($event, $server = "") {
 	// If server is provided, get the hash parameters
 	if (!empty($server)) { 
 		$hashdata = metaconsole_get_server_hashdata($server);
-		$hashstring = "&loginhash=auto&loginhash_data=" . $hashdata . "&loginhash_user=" . $config["id_user"];
+		$hashstring = "&" .
+			"loginhash=auto&" .
+			"loginhash_data=" . $hashdata . "&" .
+			"loginhash_user=" . str_rot13($config["id_user"]);
 		$serverstring = $server['server_url'] . "/";
 	}
 	else {

pandora_console/include/graphs/flot/pandora.flot.js

@@ -1117,7 +1117,7 @@ function get_event_details (event_ids) {
 		inputs.push ("page=include/ajax/events");
 
 		// Autologin
-		if($('#hidden-loginhash').val() != undefined) {
+		if ($('#hidden-loginhash').val() != undefined) {
 			inputs.push ("loginhash=" + $('#hidden-loginhash').val());
 			inputs.push ("loginhash_data=" + $('#hidden-loginhash_data').val());
 			inputs.push ("loginhash_user=" + $('#hidden-loginhash_user').val());
@@ -1139,7 +1139,7 @@ function get_event_details (event_ids) {
 
 	return table;
 }
-	
+
 function adjust_left_width_canvas(adapter_id, adapted_id) {
 	adapter_left_margin = $('#'+adapter_id+' .yAxis .tickLabel').css('width');
 

pandora_console/index.php

@@ -318,7 +318,7 @@
 elseif (! isset ($config['id_user']) && isset ($_GET["loginhash"])) {
 	$loginhash_data = get_parameter("loginhash_data", "");
 	$loginhash_user = str_rot13(get_parameter("loginhash_user", ""));
-
+	
 	if ($config["loginhash_pwd"] != "" && $loginhash_data == md5($loginhash_user.$config["loginhash_pwd"])) {
 		db_logon ($loginhash_user, $_SERVER['REMOTE_ADDR']);
 		$_SESSION['id_usuario'] = $loginhash_user;

pandora_console/operation/agentes/interface_traffic_graph_win.php

@@ -32,7 +32,7 @@
 // Hash login process
 if (! isset ($config['id_user']) && get_parameter("loginhash", 0)) {
 	$loginhash_data = get_parameter("loginhash_data", "");
-	$loginhash_user = get_parameter("loginhash_user", "");
+	$loginhash_user = str_rot13(get_parameter("loginhash_user", ""));
 
 	if ($config["loginhash_pwd"] != "" && $loginhash_data == md5($loginhash_user.$config["loginhash_pwd"])) {
 		db_logon ($loginhash_user, $_SERVER['REMOTE_ADDR']);
@@ -166,9 +166,13 @@ function show_others() {
 		$side_layer_params['body_text'] .= html_print_input_hidden("params", base64_encode($params_json), true);
 
 		if (isset($hash_connection_data)) {
-			$side_layer_params['body_text'] .= html_print_input_hidden("loginhash", "auto", true);
-			$side_layer_params['body_text'] .= html_print_input_hidden("loginhash_data", $loginhash_data, true);
-			$side_layer_params['body_text'] .= html_print_input_hidden("loginhash_user", $loginhash_user, true);
+			$side_layer_params['body_text'] .=
+				html_print_input_hidden("loginhash", "auto", true);
+			$side_layer_params['body_text'] .=
+				html_print_input_hidden("loginhash_data", $loginhash_data, true);
+			$side_layer_params['body_text'] .=
+				html_print_input_hidden("loginhash_user",
+					str_rot13($loginhash_user), true);
 		}
 
 		// FORM TABLE
@@ -180,7 +184,7 @@ function show_others() {
 		$table->style[1] = 'text-align:left;';
 		$table->styleTable = 'border-spacing: 4px;';
 		$table->class = 'alternate';
-
+		
 		$data = array();
 		$data[0] = __('Refresh time');
 		$data[1] = html_print_extended_select_for_time("refresh", $refresh, '', '', 0, 7, true);

pandora_console/operation/agentes/stat_win.php

@@ -31,7 +31,7 @@
 // Hash login process
 if (! isset ($config['id_user']) && get_parameter("loginhash", 0)) {
 	$loginhash_data = get_parameter("loginhash_data", "");
-	$loginhash_user = get_parameter("loginhash_user", "");
+	$loginhash_user = str_rot13((get_parameter("loginhash_user", ""));
 
 	if ($config["loginhash_pwd"] != ""
 		&& $loginhash_data == md5($loginhash_user.$config["loginhash_pwd"])) {
@@ -220,9 +220,13 @@ function show_others() {
 		$params['body_text'] .= html_print_input_hidden ("label", $label);
 
 		if (isset($hash_connection_data)) {
-			$params['body_text'] .= html_print_input_hidden("loginhash", "auto", true);
-			$params['body_text'] .= html_print_input_hidden("loginhash_data", $loginhash_data, true);
-			$params['body_text'] .= html_print_input_hidden("loginhash_user", $loginhash_user, true);
+			$params['body_text'] .=
+				html_print_input_hidden("loginhash", "auto", true);
+			$params['body_text'] .=
+				html_print_input_hidden("loginhash_data", $loginhash_data, true);
+			$params['body_text'] .=
+				html_print_input_hidden("loginhash_user",
+					str_rot13($loginhash_user), true);
 		}
 
 		$params['body_text'] .= html_print_input_hidden ("id", $id, true);

pandora_console/operation/agentes/status_monitor.php

@@ -868,10 +868,13 @@
 				$console_password = $auth_serialized["console_password"];
 			}
 
-			$user = $config["id_user"];
+			$user = str_rot13($config["id_user"]);
 			$hashdata = $user.$pwd;
 			$hashdata = md5($hashdata);
-			$url_hash = "&loginhash=auto&loginhash_data=$hashdata&loginhash_user=$user";
+			$url_hash = "&" .
+				"loginhash=auto&" .
+				"loginhash_data=$hashdata&" .
+				"loginhash_user=$user";
 
 			foreach ($result_server as $result_element_key => $result_element_value) {
 
@@ -1052,8 +1055,17 @@
 
 	// TODO: Calculate hash access before to use it more simply like other sections. I.E. Events view
 	if (defined('METACONSOLE')) {
-		$agent_link = '<a href="'. $row["server_url"] .'index.php?sec=estado&amp;sec2=operation/agentes/ver_agente&amp;id_agente='. $row["id_agent"] . '&amp;loginhash=auto&amp;loginhash_data=' . $row["hashdata"] . '&amp;loginhash_user=' . $row["user"] . '">'; 
-		$agent_name = ui_print_truncate_text($row["agent_name"], 'agent_small', false, true, false, '[&hellip;]', 'font-size:7.5pt;');
+		$agent_link = '<a href="'.
+			$row["server_url"] .'index.php?' .
+				'sec=estado&amp;' .
+				'sec2=operation/agentes/ver_agente&amp;' .
+				'id_agente='. $row["id_agent"] . '&amp;' .
+				'loginhash=auto&amp;' .
+				'loginhash_data=' . $row["hashdata"] . '&amp;' .
+				'loginhash_user=' . str_rot13($row["user"]) . '">'; 
+		$agent_name = ui_print_truncate_text($row["agent_name"],
+			'agent_small', false, true, false, '[&hellip;]',
+			'font-size:7.5pt;');
 		if (can_user_access_node ()) {
 			$data[1] = $agent_link . '<b>' . $agent_name . '</b></a>';
 		}