* honoring config option `force_ip_to_sysname` in bill creation and editing
* refactored variable name to match it in edit.inc.php
* forgot one variable
* and one more :S
* Update new_bill.inc.php
* Update edit.inc.php
* Update new_bill.inc.php
* Update edit.inc.php
* Update edit.inc.php
* Update edit.inc.php
Co-authored-by: Neil Lathwood <gh+n@laf.io>
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Remove auth use of $_SESSION
Will break plugins that depend on $_SESSION, Weathermap was already fixed.
Port them to use Auth::check()/Auth::user()/Auth:id()
* revert accidental replacement
* Added configuration options to aggregate input and output bits before making 95th percentile billing calculations
* Changed aggregate to per-bill instead of global. Added config options for making aggregate the default selected option. Refactored out mres() calls in touched files. Changed to Config::get where appropriate.
* Fixed documentation typo
* Fixed scope of aggregate default config option to be under billing
* Security fix: unauthorized access
Affects nginx users:
Moved php files outside of public html directory (Apache was protected by .htaccess)
Affects all users:
Some files did not check for authentication and could disclose some info.
Better checks before including files from user input
* git mv html/includes/ includes/html
git mv html/pages/ includes/html/
