- [CRITICAL FIX] fixed permission system (Eugene)

git-svn-id: svn://svn.zabbix.com/trunk@3582 97f52cf1-0a1b-0410-bd0e-c28be96e8082

3 files changed, 118 insertions, 69 deletions

diff --git a/frontends/php/include/config.inc.php b/frontends/php/include/config.inc.php
index 86d51247..11c55f6f 100644
--- a/frontends/php/include/config.inc.php
+++ b/frontends/php/include/config.inc.php
@@ -90,62 +90,74 @@ function VDP($var, $msg=null) { echo "DEBUG DUMP: "; if(isset($msg)) echo '"'.$m
 		error($errstr.'['.$errfile.':'.$errline.']');
 	}
 	
+	/********** START INITIALIZATION *********/
+
 	set_error_handler('zbx_err_handler');
 
-	read_configuration_file();
+	global $ZBX_LOCALNODEID, $ZBX_CONFIGURATION_FILE, $DB_TYPE, $DB_SERVER, $DB_DATABASE, $DB_USER, $DB_PASSWORD;
+
+	$ZBX_LOCALNODEID = 0;
+
+	$ZBX_CONFIGURATION_FILE = './conf/zabbix.conf.php';
 
-	$error = '';
-	if(!DBconnect($error))
+	if(file_exists($ZBX_CONFIGURATION_FILE))
 	{
-		global	$_REQUEST;
+		include $ZBX_CONFIGURATION_FILE;
 
-		$_REQUEST['message'] = $error;
-		define('ZBX_DISTRIBUTED', false);
-		include_once "setup.php";
-	}
-	unset($error);
+		$error = '';
+		if(!DBconnect($error))
+		{
+			global	$_REQUEST;
 
-	global $ZBX_LOCALNODEID;
+			$_REQUEST['message'] = $error;
+			
+			define('ZBX_DISTRIBUTED', false);
+			$show_setup = true;
+		}
+		else
+		{
+			global $ZBX_LOCALNODEID;
 
-	/* Init LOCAL NODE ID */
-	if($local_node_data = DBfetch(DBselect('select nodeid from nodes where nodetype=1 order by nodeid')))
-	{
-		$ZBX_LOCALNODEID = $local_node_data['nodeid'];
-		define('ZBX_DISTRIBUTED', true);
+			/* Init LOCAL NODE ID */
+			if($local_node_data = DBfetch(DBselect('select nodeid from nodes where nodetype=1 order by nodeid')))
+			{
+				$ZBX_LOCALNODEID = $local_node_data['nodeid'];
+				define('ZBX_DISTRIBUTED', true);
+			}
+			else
+			{
+				define('ZBX_DISTRIBUTED', false);
+			}
+			unset($local_node_data);
+		}
+		unset($error);
 	}
 	else
 	{
-		$ZBX_LOCALNODEID = 0;
+		define('ZBX_PAGE_NO_AUTHERIZATION', true);
 		define('ZBX_DISTRIBUTED', false);
+		$show_setup = true;
 	}
-	unset($local_node_data);
-
 
-	function	read_configuration_file($file='./conf/zabbix.conf.php')
+	if(isset($_COOKIE['ZBX_CONFIG']))
 	{
-		global $ZBX_CONFIGURATION_FILE;
-
-		global $DB_TYPE, $DB_SERVER, $DB_DATABASE, $DB_USER, $DB_PASSWORD;
-
-		$ZBX_CONFIGURATION_FILE = $file;
+		$show_setup = true;
+	}
 
-		if(!file_exists($file) || isset($_COOKIE['ZBX_CONFIG']))
-		{
-			define('ZBX_DISTRIBUTED', false);
-			include_once "setup.php";
-		}
-		else
-		{
-			include $ZBX_CONFIGURATION_FILE;
-		}
+	if(isset($show_setup))
+	{
+		unset($show_setup);
+		include_once "setup.php";
 	}
 
+	/********** END INITIALIZATION ************/
+
 	function	access_deny()
 	{
 		include_once "include/page_header.php";
 
 		show_error_message(S_NO_PERMISSIONS);
-		
+
 		include_once "include/page_footer.php";
 	}
 
@@ -1782,4 +1794,21 @@ else if (document.getElementById)
 		else
 			ImagePNG($image);
 	}
+
+
+	/* function:
+	 *      zbx_setcookie
+	 *
+	 * description:
+	 *      set cookies after authorisation.
+	 *      require including of 'include/page_header.php'
+	 *
+	 * author: Eugene Grigorjev
+	 */
+	function	zbx_setcookie($name, $value, $time=null)
+	{
+		global $ZBX_PAGE_COOCIES;
+
+		$ZBX_PAGE_COOCIES[] = array($name, $value, $time);
+	}
 ?>
diff --git a/frontends/php/include/page_header.php b/frontends/php/include/page_header.php
index b5921767..487b06c2 100644
--- a/frontends/php/include/page_header.php
+++ b/frontends/php/include/page_header.php
@@ -74,7 +74,7 @@ COpt::profiling_start("page");
 			$ZBX_CURNODEID = $ZBX_LOCALNODEID;
 		}
 		
-		setcookie("current_nodeid",$ZBX_CURNODEID);
+		zbx_setcookie("current_nodeid",$ZBX_CURNODEID);
 	}
 	else
 	{
@@ -94,37 +94,22 @@ COpt::profiling_start("page");
 			break;
 		case PAGE_TYPE_HTML:
 		default:
-?>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-  <head>
-<?php
-		if(isset($page['title']) && defined($page['title']))	$page['title'] = constant($page['title']);
-		
-		if(!isset($page['title'])) $page['title'] = 'ZABBIX';
-		
-		if(defined('ZBX_DISTRIBUTED'))
-		{
-			if($curr_node_data = DBfetch(DBselect('select * from nodes where nodeid='.$ZBX_CURNODEID)))
-				$page['title'] .= ' ('.$curr_node_data['name'].')';
-		}
-		
-		if(defined('ZBX_PAGE_DO_REFRESH') && $USER_DETAILS["refresh"])
-		{
-?>
-    <meta http-equiv="refresh" content="<?php echo $USER_DETAILS["refresh"] ?>">
-<?php
-			$page['title'] .= ' [refreshed every '.$USER_DETAILS['refresh'].' sec]';
-		}
-	
-?>
-    <title><?php echo $page['title'] ?></title>
-    <link rel="stylesheet" href="css.css">
-    <meta http-equiv="Content-Type" content="text/html; charset=<?php echo S_HTML_CHARSET ?>">
-    <meta name="Author" content="ZABBIX SIA">
-  </head>
-<body>
-<?php
+			header('Content-Type: text/html; charset='.S_HTML_CHARSET);
+
+			if(isset($page['title']) && defined($page['title']))	$page['title'] = constant($page['title']);
+			
+			if(!isset($page['title'])) $page['title'] = 'ZABBIX';
+			
+			if(defined('ZBX_DISTRIBUTED'))
+			{
+				if($curr_node_data = DBfetch(DBselect('select * from nodes where nodeid='.$ZBX_CURNODEID)))
+					$page['title'] .= ' ('.$curr_node_data['name'].')';
+			}
+			if(defined('ZBX_PAGE_DO_REFRESH') && $USER_DETAILS["refresh"])
+			{
+				$page['title'] .= ' [refreshed every '.$USER_DETAILS['refresh'].' sec]';
+				/* header('Refresh: '.$USER_DETAILS["refresh"]); */ /* is not part of the official HTTP specification */
+			}
 		break; /* case PAGE_TYPE_HTML */
 	} /* switch($page["type"]) */
 
@@ -342,6 +327,41 @@ COpt::profiling_start("page");
 		unset($menu_url, $class);
 	}
 
+	if((!isset($page_exist) && $page['type']!=PAGE_TYPE_XML))
+	{
+		$denyed_page_requested = true;
+	}
+
+	if(isset($denyed_page_requested))	$unset_cookie = time() - 3600;
+
+	global $ZBX_PAGE_COOCIES;
+
+	if(isset($ZBX_PAGE_COOCIES))
+	{
+		foreach($ZBX_PAGE_COOCIES as $coockie)
+		{
+			setcookie($coockie[0], $coockie[1], isset($unset_cookie) ? $unset_cookie : $coockie[2]);
+		}
+		unset($ZBX_PAGE_COOCIES);
+	}
+
+	if($page["type"] == PAGE_TYPE_HTML)
+	{
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+  <head>
+    <title><?php echo $page['title'] ?></title>
+<?php if(defined('ZBX_PAGE_DO_REFRESH') && $USER_DETAILS["refresh"]) { ?>
+    <meta http-equiv="refresh" content="<?php echo $USER_DETAILS["refresh"]; ?>">
+<?php } ?>
+    <link rel="stylesheet" href="css.css">
+    <meta name="Author" content="ZABBIX SIA">
+  </head>
+<body>
+<?php
+	}
+
 	if(!defined('ZBX_PAGE_NO_MENU'))
 	{
 COpt::compare_files_with_menu($ZBX_MENU);
@@ -417,7 +437,7 @@ COpt::compare_files_with_menu($ZBX_MENU);
 	unset($db_nodes, $node_data);
 	unset($sub_menu_table, $sub_menu_row);
 
-	if(((!isset($page_exist) && $page['type']!=PAGE_TYPE_XML) || isset($denyed_page_requested)) && !isset($_REQUEST['message']))
+	if(isset($denyed_page_requested))
 	{
 		access_deny();
 	}
diff --git a/frontends/php/include/perm.inc.php b/frontends/php/include/perm.inc.php
index 9c3f468e..2fafe178 100644
--- a/frontends/php/include/perm.inc.php
+++ b/frontends/php/include/perm.inc.php
@@ -56,7 +56,7 @@
 				" and ((s.lastaccess+u.autologout>".time().") or (u.autologout=0))".
 				" and ".DBid2nodeid('u.userid')." = ".$ZBX_LOCALNODEID))))
 			{
-				setcookie("sessionid",$sessionid,time()-3600);
+				setcookie("sessionid",$sessionid,time()-3600); /* NOTE: don't use zbx_setcookie */
 				DBexecute("delete from sessions where sessionid=".zbx_dbstr($sessionid));
 				unset($_COOKIE["sessionid"]);
 				unset($sessionid);
@@ -65,7 +65,7 @@
 			}
 			else
 			{
-				setcookie("sessionid",$sessionid);
+				zbx_setcookie("sessionid",$sessionid);
 				DBexecute("update sessions set lastaccess=".time()." where sessionid=".zbx_dbstr($sessionid));
 			}
 		}