mirror of
https://github.com/librenms/librenms.git
synced 2024-10-07 16:52:45 +00:00
36431dd296
* Security fix: unauthorized access Affects nginx users: Moved php files outside of public html directory (Apache was protected by .htaccess) Affects all users: Some files did not check for authentication and could disclose some info. Better checks before including files from user input * git mv html/includes/ includes/html git mv html/pages/ includes/html/
45 lines
1.3 KiB
PHP
45 lines
1.3 KiB
PHP
<?php
|
|
|
|
use LibreNMS\Authentication\LegacyAuth;
|
|
|
|
echo "<h3>Authlog</h3>";
|
|
if (LegacyAuth::user()->hasGlobalAdmin()) {
|
|
echo '<table id="authlogtable" class="table table-hover table-condensed">';
|
|
echo "<thead><th data-column-id='timestamp'>Timestamp</th><th data-column-id='user'>User</th><th data-column-id='ip'>IP Address</th><th data-column-id='authres'>Result</th></thead><tbody>";
|
|
foreach (dbFetchRows("SELECT *,DATE_FORMAT(datetime, '".$config['dateformat']['mysql']['compact']."') as humandate FROM `authlog` ORDER BY `datetime` DESC LIMIT 0,250") as $entry) {
|
|
if ($bg == $config['list_colour']['even']) {
|
|
$bg = $config['list_colour']['odd'];
|
|
} else {
|
|
$bg = $config['list_colour']['even'];
|
|
}
|
|
|
|
echo "<tr>
|
|
<td>
|
|
".$entry['datetime'].'
|
|
</td>
|
|
<td>
|
|
'.$entry['user'].'
|
|
</td>
|
|
<td>
|
|
'.$entry['address'].'
|
|
</td>
|
|
<td>
|
|
'.$entry['result'].'
|
|
</td>
|
|
';
|
|
}//end foreach
|
|
|
|
$pagetitle[] = 'Authlog';
|
|
|
|
echo '</tbody></table>';
|
|
} else {
|
|
include 'includes/html/error-no-perm.inc.php';
|
|
}//end if
|
|
?>
|
|
<script>
|
|
$('#authlogtable').bootgrid({
|
|
rowCount: [50, 100, 250, -1],
|
|
columnSelection: true,
|
|
});
|
|
</script>
|