diff options
101 files changed, 2319 insertions, 2166 deletions
diff --git a/license.txt b/license.txt index c29218a..f69175b 100644 --- a/license.txt +++ b/license.txt @@ -1,4 +1,4 @@ -Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. +Copyright (c) 2004-2016 Electric Sheep Fencing, LLC. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: diff --git a/src/conf.default/config.xml b/src/conf.default/config.xml index 3eab8c8..acec3ac 100644 --- a/src/conf.default/config.xml +++ b/src/conf.default/config.xml @@ -1,6 +1,6 @@ <?xml version="1.0"?> <pfsense> - <version>13.2</version> + <version>13.4</version> <lastchange/> <system> <optimization>normal</optimization> diff --git a/src/etc/inc/captiveportal.inc b/src/etc/inc/captiveportal.inc index 0730962..8b9d33e 100644 --- a/src/etc/inc/captiveportal.inc +++ b/src/etc/inc/captiveportal.inc @@ -310,9 +310,9 @@ EOD; /* write elements */ captiveportal_write_elements(); - /* kill any running mini_httpd */ - killbypid("{$g['varrun_path']}/lighty-{$cpzone}-CaptivePortal.pid"); - killbypid("{$g['varrun_path']}/lighty-{$cpzone}-CaptivePortal-SSL.pid"); + /* kill any running CP nginx instances */ + killbypid("{$g['varrun_path']}/nginx-{$cpzone}-CaptivePortal.pid"); + killbypid("{$g['varrun_path']}/nginx-{$cpzone}-CaptivePortal-SSL.pid"); /* start up the webserving daemon */ captiveportal_init_webgui_zone($cpcfg); @@ -337,8 +337,8 @@ EOD; } } else { - killbypid("{$g['varrun_path']}/lighty-{$cpzone}-CaptivePortal.pid"); - killbypid("{$g['varrun_path']}/lighty-{$cpzone}-CaptivePortal-SSL.pid"); + killbypid("{$g['varrun_path']}/nginx-{$cpzone}-CaptivePortal.pid"); + killbypid("{$g['varrun_path']}/nginx-{$cpzone}-CaptivePortal-SSL.pid"); killbypid("{$g['varrun_path']}/cp_prunedb_{$cpzone}.pid"); @unlink("{$g['varetc_path']}/captiveportal_{$cpzone}.html"); @unlink("{$g['varetc_path']}/captiveportal-{$cpzone}-error.html"); @@ -417,35 +417,35 @@ function captiveportal_init_webgui_zone($cpcfg) { $key = base64_decode($cert['prv']); $ca = ca_chain($cert); - /* generate lighttpd configuration */ + /* generate nginx configuration */ if (!empty($cpcfg['listenporthttps'])) { $listenporthttps = $cpcfg['listenporthttps']; } else { $listenporthttps = 8001 + $cpcfg['zoneid']; } - system_generate_lighty_config("{$g['varetc_path']}/lighty-{$cpzone}-CaptivePortal-SSL.conf", - $crt, $key, $ca, "lighty-{$cpzone}-CaptivePortal-SSL.pid", $listenporthttps, "/usr/local/captiveportal", + system_generate_nginx_config("{$g['varetc_path']}/nginx-{$cpzone}-CaptivePortal-SSL.conf", + $crt, $key, $ca, "nginx-{$cpzone}-CaptivePortal-SSL.pid", $listenporthttps, "/usr/local/captiveportal", "cert-{$cpzone}-portal.pem", "ca-{$cpzone}-portal.pem", $cpzone); } - /* generate lighttpd configuration */ + /* generate nginx configuration */ if (!empty($cpcfg['listenporthttp'])) { $listenporthttp = $cpcfg['listenporthttp']; } else { $listenporthttp = 8000 + $cpcfg['zoneid']; } - system_generate_lighty_config("{$g['varetc_path']}/lighty-{$cpzone}-CaptivePortal.conf", - "", "", "", "lighty-{$cpzone}-CaptivePortal.pid", $listenporthttp, "/usr/local/captiveportal", + system_generate_nginx_config("{$g['varetc_path']}/nginx-{$cpzone}-CaptivePortal.conf", + "", "", "", "nginx-{$cpzone}-CaptivePortal.pid", $listenporthttp, "/usr/local/captiveportal", "", "", $cpzone); - @unlink("{$g['varrun']}/lighty-{$cpzone}-CaptivePortal.pid"); - /* attempt to start lighttpd */ - $res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-{$cpzone}-CaptivePortal.conf"); + @unlink("{$g['varrun']}/nginx-{$cpzone}-CaptivePortal.pid"); + /* attempt to start nginx */ + $res = mwexec("/usr/local/sbin/nginx -c {$g['varetc_path']}/nginx-{$cpzone}-CaptivePortal.conf"); /* fire up https instance */ if (isset($cpcfg['httpslogin'])) { - @unlink("{$g['varrun']}/lighty-{$cpzone}-CaptivePortal-SSL.pid"); - $res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-{$cpzone}-CaptivePortal-SSL.conf"); + @unlink("{$g['varrun']}/nginx-{$cpzone}-CaptivePortal-SSL.pid"); + $res = mwexec("/usr/local/sbin/nginx -c {$g['varetc_path']}/nginx-{$cpzone}-CaptivePortal-SSL.conf"); } } diff --git a/src/etc/inc/dyndns.class b/src/etc/inc/dyndns.class index 1d1641b..41ac192 100644 --- a/src/etc/inc/dyndns.class +++ b/src/etc/inc/dyndns.class @@ -716,9 +716,7 @@ $hostData = array( "content" => "{$this->_dnsIP}", "type" => "A", - "name" => "{$this->_dnsHost}", - "proxiable" => false, - "proxied" => false + "name" => "{$this->_dnsHost}" ); $data_json = json_encode($hostData); $updateHostId = "https://{$dnsServer}/client/v4/zones/{$zone}/dns_records/{$host}"; diff --git a/src/etc/inc/filter_log.inc b/src/etc/inc/filter_log.inc index 32ba9da..1a34c03 100644 --- a/src/etc/inc/filter_log.inc +++ b/src/etc/inc/filter_log.inc @@ -535,24 +535,39 @@ function find_action_image($action) { } /* AJAX specific handlers */ -function handle_ajax($nentries, $tail = 50) { +function handle_ajax() { global $config; - if ($_GET['lastsawtime'] or $_POST['lastsawtime']) { - global $filter_logfile, $filterent; - if ($_GET['lastsawtime']) { - $lastsawtime = $_GET['lastsawtime']; - } - if ($_POST['lastsawtime']) { - $lastsawtime = $_POST['lastsawtime']; + if (($_GET['lastsawtime'] or $_POST['lastsawtime']) and ($_GET['logfile'] or $_POST['logfile'])) { + + $lastsawtime = getGETPOSTsettingvalue('lastsawtime', null); + $logfile = getGETPOSTsettingvalue('logfile', null); + $nentries = getGETPOSTsettingvalue('nentries', null); + $type = getGETPOSTsettingvalue('type', null); + $filter = getGETPOSTsettingvalue('filter', null); + $interfacefilter = getGETPOSTsettingvalue('interfacefilter', null); + + if (!empty(trim($filter)) || is_numeric($filter)) { + $filter = json_decode($filter, true); # Filter Fields Array or Filter Text } + /* compare lastsawrule's time stamp to filter logs. * afterwards return the newer records so that client * can update AJAX interface screen. */ $new_rules = ""; - $filterlog = conv_log_filter($filter_logfile, $nentries, $tail); + + $filterlog = conv_log_filter($logfile, $nentries, $nentries + 100, $filter, $interfacefilter); + /* We need this to always be in forward order for the AJAX update to work properly */ - $filterlog = isset($config['syslog']['reverse']) ? array_reverse($filterlog) : $filterlog; + /* Since the lines are in reverse order, flip them around if needed based on the user's preference */ + # First get the "General Logging Options" (global) chronological order setting. Then apply specific log override if set. + $reverse = isset($config['syslog']['reverse']); + $specific_log = basename($logfile, '.log') . '_settings'; + if ($config['syslog'][$specific_log]['cronorder'] == 'forward') $reverse = false; + if ($config['syslog'][$specific_log]['cronorder'] == 'reverse') $reverse = true; + + $filterlog = ($reverse) ? array_reverse($filterlog) : $filterlog; + foreach ($filterlog as $log_row) { $row_time = strtotime($log_row['time']); if ($row_time > $lastsawtime) { diff --git a/src/etc/inc/globals.inc b/src/etc/inc/globals.inc index a1fd43d..1098342 100644 --- a/src/etc/inc/globals.inc +++ b/src/etc/inc/globals.inc @@ -58,6 +58,9 @@ define(COLLAPSIBLE, 0x08); define(SEC_CLOSED, 0x04); define(SEC_OPEN, 0x00); +// AddPassword method defines +define(DMYPWD, "********"); + global $g; $g = array( "base_packages" => "siproxd", @@ -96,7 +99,7 @@ $g = array( "disablecrashreporter" => false, "crashreporterurl" => "https://crashreporter.pfsense.org/crash_reporter.php", "debug" => false, - "latest_config" => "13.2", + "latest_config" => "13.5", "nopkg_platforms" => array("cdrom"), "minimum_ram_warning" => "101", "minimum_ram_warning_text" => "128 MB", diff --git a/src/etc/inc/gwlb.inc b/src/etc/inc/gwlb.inc index 8225c25..9c60587 100644 --- a/src/etc/inc/gwlb.inc +++ b/src/etc/inc/gwlb.inc @@ -38,8 +38,8 @@ function return_dpinger_defaults() { "losslow" => "10", "losshigh" => "20", "interval" => "250", - "loss_interval" => "500", - "time_period" => "25000", + "loss_interval" => "1250", + "time_period" => "30000", "alert_interval" => "1000"); } @@ -110,6 +110,7 @@ function start_dpinger($gateway) { $alarm_cmd = "{$g['etc_path']}/rc.gateway_alarm"; $params = "-S "; /* Log warnings via syslog */ + $params .= "-r 0 "; /* Disable unused reporting thread */ $params .= "-i {$gateway['name']} "; /* Identifier */ $params .= "-B {$gateway['gwifip']} "; /* Bind src address */ $params .= "-p {$pidfile} "; /* PID filename */ @@ -152,7 +153,11 @@ function start_dpinger($gateway) { : $dpinger_defaults['losshigh'] ) . " "; - mwexec_bg("/usr/local/bin/dpinger {$params} {$gateway['monitor']}"); + /* Make sure we don't end up with 2 process for the same GW */ + stop_dpinger($gateway['name']); + + /* Redirect stdout to /dev/null to avoid exec() to wait for dpinger */ + return mwexec("/usr/local/bin/dpinger {$params} {$gateway['monitor']} >/dev/null"); } /* @@ -176,7 +181,7 @@ function setup_gateways_monitor() { } if (empty($gateway['monitor']) || !is_ipaddr($gateway['monitor'])) { if (is_ipaddr($gateway['gateway'])) { - $gateway['monitor'] = $gateway['gateway']; + $gateways_arr[$gwname]['monitor'] = $gateway['gateway']; } else { /* No chance to get an ip to monitor skip target. */ continue; } @@ -223,33 +228,25 @@ function setup_gateways_monitor() { pfSense_kill_states("0.0.0.0/0", $gateway['monitor'], $gateway['interface'], "icmp"); } } else if ($gateway['ipprotocol'] == "inet6") { // This is an IPv6 gateway... - if ($gateway['monitor'] == $gateway['gateway']) { - /* link locals really need a different src ip */ - if (is_linklocal($gateway['gateway'])) { - if (!strpos($gateway['gateway'], '%')) { - $gateway['gateway'] .= '%' . $gateway['interface']; - } - $gwifip = find_interface_ipv6_ll($gateway['interface'], true); - } else { - $gwifip = find_interface_ipv6($gateway['interface'], true); + if (is_linklocal($gateway['gateway']) && + get_ll_scope($gateway['gateway']) == '') { + $gateways_arr[$gwname]['gateway'] .= '%' . $gateway['interface']; + } + + if (is_linklocal($gateway['monitor'])) { + if (get_ll_scope($gateway['monitor']) == '') { + $gateways_arr[$gwname]['monitor'] .= '%' . $gateway['interface']; + } + + $gwifip = find_interface_ipv6_ll($gateway['interface'], true); + + if (get_ll_scope($gwifip) == '') { + $gwifip .= '%' . $gateway['interface']; } } else { - /* 'monitor' has been set, so makes sure it has precedence over - * 'gateway' in defining the source IP. Otherwise if 'gateway' - * is a local link and 'monitor' is global routable then the - * ICMP6 response would not find its way back home... - */ $gwifip = find_interface_ipv6($gateway['interface'], true); } - /* Make sure srcip and target have scope defined when they are ll */ - if (is_linklocal($gwifip) && !strpos($gwifip, '%')) { - $gwifip .= '%' . $gateway['interface']; - } - if (is_linklocal($gateway['monitor']) && !strpos($gateway['monitor'], '%')) { - $gateway['monitor'] .= "%{$gateway['interface']}"; - } - if (!is_ipaddrv6($gwifip)) { continue; //Skip this target } @@ -285,12 +282,17 @@ function setup_gateways_monitor() { /* Start new processes */ foreach ($gateways_arr as $gateway) { - if (isset($gateway['enable_dpinger'])) { - start_dpinger($gateway); + if (!isset($gateway['enable_dpinger'])) { + continue; + } + + if (start_dpinger($gateway) != 0) { + log_error("Error starting gateway monitor for " . + $gateway['name']); } } - return 0; + return; } function get_dpinger_status($gwname) { diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc index 8b6643b..49fd2ca 100644 --- a/src/etc/inc/interfaces.inc +++ b/src/etc/inc/interfaces.inc @@ -1855,10 +1855,18 @@ EOD; if (empty($mtus[$pid])) { $mtus[$pid] = $defaultmtu; } - $mpdconf .= <<<EOD + if ($type == "pppoe") { + if ($mtus[$pid] > (get_interface_mtu($port) - 8)) { + $mtus[$pid] = get_interface_mtu($port) - 8; + } + } + if (! ($type == "pppoe" && $mtus[$pid] > 1492) ) { + // N.B. MTU for PPPoE with MTU > 1492 is set using pppoe max-payload - see below + $mpdconf .= <<<EOD set link mtu {$mtus[$pid]} EOD; + } if (!empty($mrus[$pid])) { $mpdconf .= <<<EOD @@ -1928,6 +1936,12 @@ EOD; EOD; } + if ($type == "pppoe" && $mtus[$pid] > 1492) { + $mpdconf .= <<<EOD + set pppoe max-payload {$mtus[$pid]} + +EOD; + } if ($type == "pppoe") { $mpdconf .= <<<EOD set pppoe iface {$port} @@ -3029,6 +3043,10 @@ function interface_vlan_mtu_configured($realhwif, $mtu) { $mtu = $config['interfaces'][$assignedport]['mtu']; } } + $pppoe_mtu = interface_mtu_wanted_for_pppoe($vlan['vlanif']); + if ($pppoe_mtu > $mtu) { + $mtu = $pppoe_mtu; + } } } @@ -3045,20 +3063,69 @@ function interface_vlan_adapt_mtu($vlanifs, $mtu) { /* All vlans need to use the same mtu value as their parent. */ foreach ($vlanifs as $vlan) { $assignedport = convert_real_interface_to_friendly_interface_name($vlan['vlanif']); + $pppoe_mtu = interface_mtu_wanted_for_pppoe($vlan['vlanif']); if (!empty($assignedport)) { if (!empty($config['interfaces'][$assignedport]['mtu'])) { pfSense_interface_mtu($vlan['vlanif'], $config['interfaces'][$assignedport]['mtu']); + } else if ($pppoe_mtu != 0) { + pfSense_interface_mtu($vlan['vlanif'], $pppoe_mtu); } else { - if (get_interface_mtu($vlan['vlanif']) != $mtu) { - pfSense_interface_mtu($vlan['vlanif'], $mtu); + if (get_interface_mtu($vlan['vlanif']) != (($mtu > 1500) ? 1500 : $mtu)) { + pfSense_interface_mtu($vlan['vlanif'], (($mtu > 1500) ? 1500 : $mtu)); } } - } else if (get_interface_mtu($vlan['vlanif']) != $mtu) { - pfSense_interface_mtu($vlan['vlanif'], $mtu); + } else { + if ($pppoe_mtu != 0) { + pfSense_interface_mtu($vlan['vlanif'], $pppoe_mtu); + } else if (get_interface_mtu($vlan['vlanif']) != (($mtu > 1500) ? 1500 : $mtu)) { + pfSense_interface_mtu($vlan['vlanif'], (($mtu > 1500) ? 1500 : $mtu)); + } } } } +function interface_mtu_wanted_for_pppoe($realif) { + global $config; + + $mtu = 0; + + if (is_array($config['ppps']) && is_array($config['ppps']['ppp'])) { + foreach ($config['ppps']['ppp'] as $ppp) { + if ($ppp['type'] == "pppoe") { + $ports = explode(',',$ppp['ports']); + $mtu_wanted = 1500; + foreach ($ports as $pid => $port) { + if (get_real_interface($port) == $realif) { + // use the MTU configured on the interface ... + if (is_array($config['interfaces'])) { + foreach ($config['interfaces'] as $interface) { + if ($interface['if'] != $ppp['if']) { + continue; + } + if (!empty($interface['mtu'])) { + $mtu_wanted = intval($interface['mtu']) + 8; + } + } + } + // ... unless there is an MTU configured on the port in question + if (!empty($ppp['mtu'])) { + $mtus = explode(',',$ppp['mtu']); + if (!empty($mtus[$pid])) { + $mtu_wanted = intval($mtus[$pid]) + 8; + } + } + if ($mtu_wanted > $mtu) { + $mtu = $mtu_wanted; + } + } + } + } + } + } + + return $mtu; +} + function interface_configure($interface = "wan", $reloadall = false, $linkupevent = false) { global $config, $g; global $interface_sn_arr_cache, $interface_ip_arr_cache; @@ -3177,52 +3244,87 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven interfaces_bring_up($wancfg['if']); } - if (!empty($wancfg['mtu'])) { - if (stristr($realif, "_vlan")) { - $assignedparent = convert_real_interface_to_friendly_interface_name($realhwif); - if (!empty($assignedparent) && !empty($config['interfaces'][$assignedparent]['mtu'])) { - $parentmtu = $config['interfaces'][$assignedparent]['mtu']; - if ($wancfg['mtu'] > $parentmtu) { - log_error("There is a conflict on MTU between parent {$realhwif} and VLAN({$realif})"); + $mtuif = $realif; + $mtuhwif = $realhwif; + $wantedmtu = 0; + + /* adjust MTU of parent interface of PPPoE interface if this does not violate explicit configuration */ + if (interface_isppp_type($interface)) { + $mtuif = $realhwif; + $mtuhwif_array = get_parent_interface($mtuif); + $mtuhwif = $mtuhwif_array[0]; + $parent_mtu_configured = false; + if (is_array($config['interfaces'])) { + foreach ($config['interfaces'] as $tmpinterface) { + if ($tmpinterface['if'] == $mtuif && !empty($tmpinterface['mtu'])) { + $parent_mtu_configured = true; + break; } - } else { - $parentmtu = 0; } + } + if (!$parent_mtu_configured) { + $wantedmtu = interface_mtu_wanted_for_pppoe($mtuif); + } + } + + if (is_array($config['interfaces'])) { + foreach ($config['interfaces'] as $tmpinterface) { + if ($tmpinterface['if'] == $mtuif && !empty($tmpinterface['mtu'])) { + $wantedmtu = $tmpinterface['mtu']; + break; + } + } + } - $parentmtu = interface_vlan_mtu_configured($realhwif, $parentmtu); + // Set the MTU to 1500 if no explicit MTU configured + if ($wantedmtu == 0) { + $wantedmtu = 1500; /* Default */ + } - if (get_interface_mtu($realhwif) != $parentmtu) { - pfSense_interface_mtu($realhwif, $parentmtu); + if (stristr($mtuif, "_vlan")) { + $assignedparent = convert_real_interface_to_friendly_interface_name($mtuhwif); + if (!empty($assignedparent) && !empty($config['interfaces'][$assignedparent]['mtu'])) { + $parentmtu = $config['interfaces'][$assignedparent]['mtu']; + if ($wancfg['mtu'] > $parentmtu) { + log_error("There is a conflict on MTU between parent {$mtuhwif} and VLAN({$mtuif})"); } + } else { + $parentmtu = 0; + } - /* All vlans need to use the same mtu value as their parent. */ - interface_vlan_adapt_mtu(link_interface_to_vlans($realhwif), $parentmtu); - } else if (substr($realif, 0, 4) == 'lagg') { - /* LAGG interface must be destroyed and re-created to change MTU */ - if ($wancfg['mtu'] != get_interface_mtu($realif)) { - if (isset($config['laggs']['lagg']) && is_array($config['laggs']['lagg'])) { - foreach ($config['laggs']['lagg'] as $lagg) { - if ($lagg['laggif'] == $realif) { - interface_lagg_configure($lagg); - break; - } + $parentmtu = interface_vlan_mtu_configured($mtuhwif, $parentmtu); + + if (get_interface_mtu($mtuhwif) != $parentmtu) { + pfSense_interface_mtu($mtuhwif, $parentmtu); + } + + /* All vlans need to use the same mtu value as their parent. */ + interface_vlan_adapt_mtu(link_interface_to_vlans($mtuhwif), $parentmtu); + } else if (substr($mtuif, 0, 4) == 'lagg') { + /* LAGG interface must be destroyed and re-created to change MTU */ + if ($wantedmtu != get_interface_mtu($mtuif)) { + if (isset($config['laggs']['lagg']) && is_array($config['laggs']['lagg'])) { + foreach ($config['laggs']['lagg'] as $lagg) { + if ($lagg['laggif'] == $mtuif) { + interface_lagg_configure($lagg); + break; } } } - } else { - if ($wancfg['mtu'] != get_interface_mtu($realif)) { - pfSense_interface_mtu($realif, $wancfg['mtu']); - } + } + } else { + if ($wantedmtu != get_interface_mtu($mtuif)) { + pfSense_interface_mtu($mtuif, $wantedmtu); + } - /* This case is needed when the parent of vlans is being configured */ - $vlans = link_interface_to_vlans($realif); - if (is_array($vlans)) { - interface_vlan_adapt_mtu($vlans, $wancfg['mtu']); - } - unset($vlans); + /* This case is needed when the parent of vlans is being configured */ + $vlans = link_interface_to_vlans($mtuif); + if (is_array($vlans)) { + interface_vlan_adapt_mtu($vlans, $wantedmtu); } - /* XXX: What about gre/gif/.. ? */ + unset($vlans); } + /* XXX: What about gre/gif/.. ? */ switch ($wancfg['ipaddr']) { case 'dhcp': @@ -4522,6 +4624,20 @@ function get_parent_interface($interface, $avoidrecurse = false) { } if (empty($parents)) { + // Handle _vlans not assigned to an interface + if (strpos($realif, '_vlan') !== FALSE) { + if (is_array($config['vlans']['vlan'])) { + foreach ($config['vlans']['vlan'] as $vlanidx => $vlan) { + if ($realif == $vlan['vlanif']) { + $parents[0] = $vlan['if']; + break; + } + } + } + } + } + + if (empty($parents)) { $parents[0] = $realif; } diff --git a/src/etc/inc/pkg-utils.inc b/src/etc/inc/pkg-utils.inc index 426a043..fc0a126 100644 --- a/src/etc/inc/pkg-utils.inc +++ b/src/etc/inc/pkg-utils.inc @@ -113,7 +113,7 @@ function pkg_update($force = false) { } } - $rc = pkg_call("update"); + $rc = pkg_call("update -f"); if ($rc) { file_put_contents($last_update_file, $now . "\n"); @@ -122,8 +122,27 @@ function pkg_update($force = false) { return $rc; } +/* return an array with necessary environment vars for pkg */ +function pkg_env() { + global $config, $g; + + $pkg_env_vars = array( + "HTTP_USER_AGENT" => $user_agent, + "ASSUME_ALWAYS_YES" => "true", + "REPO_AUTOUPDATE" => "false" + ); + + if ($g['platform'] == "nanobsd" || + isset($config['system']['use_mfs_tmpvar'])) { + $pkg_env_vars['PKG_DBDIR'] = '/root/var/db/pkg'; + $pkg_env_vars['PKG_CACHEDIR'] = '/root/var/cache/pkg'; + } + + return $pkg_env_vars; +} + /* Execute a pkg call */ -function pkg_call($params, $mute = false) { +function pkg_call($params, $mute = false, $readonly = false) { global $g, $config; if (empty($params)) { @@ -135,21 +154,23 @@ function pkg_call($params, $mute = false) { $user_agent .= ' : ' . get_single_sysctl('kern.hostuuid'); } - $env = array( - "HTTP_USER_AGENT" => $user_agent, - "ASSUME_ALWAYS_YES" => "true", - "REPO_AUTOUPDATE" => "false" - ); - $descriptorspec = array( 1 => array("pipe", "w"), /* stdout */ 2 => array("pipe", "w") /* stderr */ ); + if (!$readonly) { + conf_mount_rw(); + } + pkg_debug("pkg_call(): {$params}\n"); - $process = proc_open("/usr/sbin/pkg {$params}", $descriptorspec, $pipes, '/', $env); + $process = proc_open("/usr/sbin/pkg {$params}", $descriptorspec, $pipes, + '/', pkg_env()); if (!is_resource($process)) { + if (!$readonly) { + conf_mount_ro(); + } return false; } @@ -201,6 +222,10 @@ function pkg_call($params, $mute = false) { fclose($pipes[2]); proc_close($process); + if (!$readonly) { + conf_mount_ro(); + } + if (!isset($rc)) { $rc = $status['exitcode']; } @@ -221,7 +246,7 @@ function pkg_call($params, $mute = false) { } /* Execute pkg with $params, fill stdout and stderr and return pkg rc */ -function pkg_exec($params, &$stdout, &$stderr) { +function pkg_exec($params, &$stdout, &$stderr, $readonly = false) { global $g, $config; if (empty($params)) { @@ -233,21 +258,23 @@ function pkg_exec($params, &$stdout, &$stderr) { $user_agent .= ' : ' . get_single_sysctl('kern.hostuuid'); } - $env = array( - "HTTP_USER_AGENT" => $user_agent, - "ASSUME_ALWAYS_YES" => "true", - "REPO_AUTOUPDATE" => "false" - ); - $descriptorspec = array( 1 => array("pipe", "w"), /* stdout */ 2 => array("pipe", "w") /* stderr */ ); + if (!$readonly) { + conf_mount_rw(); + } + pkg_debug("pkg_exec(): {$params}\n"); - $process = proc_open("/usr/sbin/pkg {$params}", $descriptorspec, $pipes, '/', $env); + $process = proc_open("/usr/sbin/pkg {$params}", $descriptorspec, $pipes, + '/', pkg_env()); if (!is_resource($process)) { + if (!$readonly) { + conf_mount_ro(); + } return -1; } @@ -263,6 +290,10 @@ function pkg_exec($params, &$stdout, &$stderr) { } fclose($pipes[2]); + if (!$readonly) { + conf_mount_ro(); + } + return proc_close($process); } @@ -277,7 +308,7 @@ function pkg_version_compare($v1, $v2) { return '?'; } - $rc = pkg_exec("version -t '{$v1}' '{$v2}'", $stdout, $stderr); + $rc = pkg_exec("version -t '{$v1}' '{$v2}'", $stdout, $stderr, true); if ($rc != 0) { return '?'; @@ -294,7 +325,7 @@ function is_pkg_installed($pkg_name) { return false; } - return pkg_call("info -e " . $pkg_name, true); + return pkg_call("info -e " . $pkg_name, true, true); } /* Install package, $pkg_name should not contain prefix */ @@ -404,7 +435,7 @@ function get_pkg_info($pkgs = 'all', $info = 'all') { return array(); } - $rc = pkg_exec("search -U --raw-format json-compact " . $pkgs, $out, $err); + $rc = pkg_exec("search -U --raw-format json-compact " . $pkgs, $out, $err, true); if ($rc != 0) { update_status("\n" . gettext( @@ -439,7 +470,7 @@ function get_pkg_info($pkgs = 'all', $info = 'all') { if (is_pkg_installed($pkg_info['name'])) { $pkg_info['installed'] = true; - $rc = pkg_exec("query %v {$pkg_info['name']}", $out, $err); + $rc = pkg_exec("query %v {$pkg_info['name']}", $out, $err, true); if ($rc != 0) { update_status("\n" . gettext( diff --git a/src/etc/inc/service-utils.inc b/src/etc/inc/service-utils.inc index ca72d5f..ea4b0c5 100644 --- a/src/etc/inc/service-utils.inc +++ b/src/etc/inc/service-utils.inc @@ -439,9 +439,9 @@ function get_service_status($service) { $running = is_pid_running("{$g['varrun_path']}/openvpn_{$service['mode']}{$service['vpnid']}.pid"); break; case "captiveportal": - $running = is_pid_running("{$g['varrun_path']}/lighty-{$service['zone']}-CaptivePortal.pid"); + $running = is_pid_running("{$g['varrun_path']}/nginx-{$service['zone']}-CaptivePortal.pid"); if (isset($config['captiveportal'][$service['zone']]['httpslogin'])) { - $running = $running && is_pid_running("{$g['varrun_path']}/lighty-{$service['zone']}-CaptivePortal-SSL.pid"); + $running = $running && is_pid_running("{$g['varrun_path']}/nginx-{$service['zone']}-CaptivePortal-SSL.pid"); } break; case "vhosts-http": @@ -665,8 +665,8 @@ function service_control_stop($name, $extras) { break; case 'captiveportal': $zone = htmlspecialchars($extras['zone']); - killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal.pid"); - killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal-SSL.pid"); + killbypid("{$g['varrun_path']}/nginx-{$zone}-CaptivePortal.pid"); + killbypid("{$g['varrun_path']}/nginx-{$zone}-CaptivePortal-SSL.pid"); break; case 'ntpd': killbyname("ntpd"); @@ -736,8 +736,8 @@ function service_control_restart($name, $extras) { break; case 'captiveportal': $zone = htmlspecialchars($extras['zone']); - killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal.pid"); - killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal-SSL.pid"); + killbypid("{$g['varrun_path']}/nginx-{$zone}-CaptivePortal.pid"); + killbypid("{$g['varrun_path']}/nginx-{$zone}-CaptivePortal-SSL.pid"); captiveportal_init_webgui_zonename($zone); break; case 'ntpd': diff --git a/src/etc/inc/shaper.inc b/src/etc/inc/shaper.inc index 9b57170..25afd86 100644 --- a/src/etc/inc/shaper.inc +++ b/src/etc/inc/shaper.inc @@ -4188,80 +4188,10 @@ class dnqueue_class extends dummynet_class { )); } - $bandwidth = $this->GetBandwidth(); - - // Delete a row - if (isset($_GET['delbwrow']) && (count($bandwidth) > 0)) { - unset($bandwidth[$_GET['delbwrow']]); - } - - // Add a row - if ($_GET['newbwrow']) { - array_push($bandwidth, array(count($bandwidth) => array('bw' => '', 'burst' => '', 'bwscale' => 'Kb', 'bwsched' => 'none') )); - - } - - if (is_array($bandwidth)) { - $row = 0; - $numrows = count($bandwidth) - 1; - - if ($numrows >= 0) { - foreach ($bandwidth as $bwidx => $bw) { - $group = new Form_Group($row == 0 ? 'Bandwidth':null); - - $group->add(new Form_Input( - 'bandwidth' . $bwidx, - null, - 'text', - $bw['bw'] - ))->setHelp($row == $numrows ? 'Bandwidth':null); - - $group->add(new Form_Select( - 'bwtype' . $bwidx, - null, - $bw['bwscale'], - array('Kb' => 'Kbit/s', 'Mb' => 'Mbit/s', 'Gb' => 'Gbit/s', 'b' => 'Bit/s') - ))->setHelp($row == $numrows ? 'Bw Type':null);; - - $group->add(new Form_Select( - 'bwsched' . $bwidx, - null, - $bw['bwsched'], - $schedules - ))->setHelp($row == $numrows ? 'Schedule':null);; - - $group->add(new Form_Button( - 'delete' + $bwidx, - 'Delete', - 'firewall_shaper_vinterface.php?pipe=' . $pipe . '&queue=' . $qname . '&action=' . $action . '&delbwrow=' . $bwidx - ))->removeClass('btn-primary')->addClass('btn-danger btn-sm'); - - if ($row == $numrows) { - $group->setHelp('Bandwidth is the rate (e.g. Mbit/s) to which traffic in this limiter will be restricted.'); - } - - $section->add($group); - $row++; - } - } - else { // The $bandwidth array exists, but is empty - $section->addInput(new Form_StaticText( - 'Bandwidth', - 'No schedules configured for this limiter.' - )); - } - - $section->addInput(new Form_Button( - 'addsched', - 'Add new schedule', - 'firewall_shaper_vinterface.php?pipe=' . $pipe . '&queue=' . $qname . '&action=' . $action . '&newbwrow=yes' - ))->removeClass('btn-primary')->addClass('btn-success btn-sm'); - } - $mask = $this->GetMask(); $section->addInput(new Form_Select( - 'scheduler', + 'mask', 'Mask', $mask['type'], array('none' => 'None', 'srcaddress' => 'Source addresses', 'dstaddress' => 'Destination addresses') diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc index c125bc2..9d02a1e 100644 --- a/src/etc/inc/system.inc +++ b/src/etc/inc/system.inc @@ -780,14 +780,16 @@ function system_syslogd_get_remote_servers($syslogcfg, $facility = "*.*") { $remote_servers = ""; $pad_to = max(strlen($facility), 56); $padding = ceil(($pad_to - strlen($facility))/8)+1; - if ($syslogcfg['remoteserver']) { - $remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver']) . "\n"; - } - if ($syslogcfg['remoteserver2']) { - $remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver2']) . "\n"; - } - if ($syslogcfg['remoteserver3']) { - $remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver3']) . "\n"; + if (isset($syslogcfg['enable'])) { + if ($syslogcfg['remoteserver']) { + $remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver']) . "\n"; + } + if ($syslogcfg['remoteserver2']) { + $remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver2']) . "\n"; + } + if ($syslogcfg['remoteserver3']) { + $remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver3']) . "\n"; + } } return $remote_servers; } @@ -814,7 +816,7 @@ function clear_all_log_files($restart = false) { global $g; exec("/usr/bin/killall syslogd"); - $log_files = array("system", "filter", "dhcpd", "vpn", "pptps", "poes", "l2tps", "openvpn", "portalauth", "ipsec", "ppp", "relayd", "wireless", "lighttpd", "ntpd", "gateways", "resolver", "routing"); + $log_files = array("system", "filter", "dhcpd", "vpn", "pptps", "poes", "l2tps", "openvpn", "portalauth", "ipsec", "ppp", "relayd", "wireless", "nginx", "ntpd", "gateways", "resolver", "routing"); foreach ($log_files as $lfile) { clear_log_file("{$g['varlog_path']}/{$lfile}.log", false); } @@ -963,6 +965,7 @@ function system_syslogd_start() { $syslogconf .= <<<EOD local3.* {$log_directive}{$g['varlog_path']}/vpn.log local4.* {$log_directive}{$g['varlog_path']}/portalauth.log +local5.* {$log_directive}{$g['varlog_path']}/nginx.log local7.* {$log_directive}{$g['varlog_path']}/dhcpd.log *.notice;kern.debug;lpr.info;mail.crit;daemon.none;news.err;local0.none;local3.none;local4.none;local7.none;security.*;auth.info;authpriv.info;daemon.info {$log_directive}{$g['varlog_path']}/system.log auth.info;authpriv.info |exec /usr/local/sbin/sshlockout_pf 15 @@ -1124,20 +1127,20 @@ function system_webgui_start() { $ca = ca_chain($cert); } - /* generate lighttpd configuration */ - system_generate_lighty_config("{$g['varetc_path']}/lighty-webConfigurator.conf", - $crt, $key, $ca, "lighty-webConfigurator.pid", $portarg, "/usr/local/www/", - "cert.pem", "ca.pem"); + /* generate nginx configuration */ + system_generate_nginx_config("{$g['varetc_path']}/nginx-webConfigurator.conf", + $crt, $key, $ca, "nginx-webConfigurator.pid", $portarg, "/usr/local/www/", + "cert.crt", "cert.key"); - /* kill any running lighttpd */ - killbypid("{$g['varrun_path']}/lighty-webConfigurator.pid"); + /* kill any running nginx */ + killbypid("{$g['varrun_path']}/nginx-webConfigurator.pid"); sleep(1); - @unlink("{$g['varrun_path']}/lighty-webConfigurator.pid"); + @unlink("{$g['varrun_path']}/nginx-webConfigurator.pid"); - /* attempt to start lighthttpd */ - $res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-webConfigurator.conf"); + /* start nginx */ + $res = mwexec("/usr/local/sbin/nginx -c {$g['varetc_path']}/nginx-webConfigurator.conf"); if (platform_booting()) { if ($res == 0) { @@ -1150,57 +1153,56 @@ function system_webgui_start() { return $res; } -function system_generate_lighty_config($filename, +function system_generate_nginx_config($filename, $cert, $key, $ca, $pid_file, $port = 80, $document_root = "/usr/local/www/", - $cert_location = "cert.pem", - $ca_location = "ca.pem", + $cert_location = "cert.crt", + $key_location = "cert.key", $captive_portal = false) { global $config, $g; - if (!is_dir("{$g['tmp_path']}/lighttpdcompress")) { - mkdir("{$g['tmp_path']}/lighttpdcompress"); - } - if (isset($config['system']['developerspew'])) { $mt = microtime(); - echo "system_generate_lighty_config() being called $mt\n"; + echo "system_generate_nginx_config() being called $mt\n"; } if ($captive_portal !== false) { - $captiveportal = ",\"mod_rewrite\",\"mod_evasive\""; - $captive_portal_rewrite = "url.rewrite-once = ( \"(.*captiveportal.*)\" => \"$1\", \"(.*)\" => \"/index.php?zone={$captive_portal}&redirurl=$1\" )\n"; + $cp_interfaces = explode(",", $config['captiveportal'][$captive_portal]['interface']); + $cp_hostcheck = ""; + foreach ($cp_interfaces as $cpint) { + $cpint_ip = get_interface_ip($cpint); + if (is_ipaddr($cpint_ip)) { + $cp_hostcheck .= "\t\tif (\$http_host = $cpint_ip) {\n"; + $cp_hostcheck .= "\t\t\tset \$cp_redirect no;\n"; + $cp_hostcheck .= "\t\t}\n"; + } + } + if (isset($config['captiveportal'][$captive_portal]['httpsname'])) { + $cp_hostcheck .= "\t\tif (\$http_host = {$config['captiveportal'][$captive_portal]['httpsname']}) {\n"; + $cp_hostcheck .= "\t\t\tset \$cp_redirect no;\n"; + $cp_hostcheck .= "\t\t}\n"; + } + $cp_rewrite = "\t\tif (\$cp_redirect = '') {\n"; + $cp_rewrite .= "\t\t\trewrite ^ /index.php?zone=$captive_portal&redirurl=\$request_uri break;\n"; + $cp_rewrite .= "\t\t}\n"; $maxprocperip = $config['captiveportal'][$captive_portal]['maxprocperip']; if (empty($maxprocperip)) { $maxprocperip = 10; } - $captive_portal_mod_evasive = "evasive.max-conns-per-ip = {$maxprocperip}"; + $captive_portal_maxprocperip = "\t\tlimit_conn addr $maxprocperip;\n"; - $server_upload_dirs = "server.upload-dirs = ( \"{$g['tmp_path']}/captiveportal/\" )\n"; - if (!is_dir("{$g['tmp_path']}/captiveportal")) { - @mkdir("{$g['tmp_path']}/captiveportal", 0555); - } - $server_max_request_size = "server.max-request-size = 384"; - $cgi_config = ""; - } else { - $captiveportal = ",\"mod_cgi\""; - $captive_portal_rewrite = ""; - $captive_portal_mod_evasive = ""; - $server_upload_dirs = "server.upload-dirs = ( \"{$g['upload_path']}/\", \"{$g['tmp_path']}/\", \"/var/\" )\n"; - $server_max_request_size = "server.max-request-size = 2097152"; - $cgi_config = "cgi.assign = ( \".cgi\" => \"\" )"; } if (empty($port)) { - $lighty_port = "80"; + $nginx_port = "80"; } else { - $lighty_port = $port; + $nginx_port = $port; } $memory = get_memory(); @@ -1222,304 +1224,159 @@ function system_generate_lighty_config($filename, } else if ($realmem > 512) { $max_procs += 4; // 6 worker processes } - if ($max_procs > 1) { - $max_php_children = intval($max_procs/2); - } else { - $max_php_children = 1; - } - - } else { - if ($realmem < 78) { - $max_php_children = 0; - } else { - $max_php_children = 1; - } } - if (!isset($config['syslog']['nologlighttpd'])) { - $lighty_use_syslog = <<<EOD -## where to send error-messages to -server.errorlog-use-syslog="enable" -EOD; - } + $nginx_config = <<<EOD +# +# nginx configuration file +pid {$g['varrun_path']}/{$pid_file}; - if ($captive_portal !== false) { - $fast_cgi_path = "{$g['tmp_path']}/php-fastcgi-{$captive_portal}.socket"; - $fastcgi_config = <<<EOD -#### fastcgi module -## read fastcgi.txt for more info -fastcgi.server = ( ".php" => - ( "localhost" => - ( - "socket" => "{$fast_cgi_path}", - "max-procs" => {$max_procs}, - "bin-environment" => ( - "PHP_FCGI_CHILDREN" => "{$max_php_children}", - "PHP_FCGI_MAX_REQUESTS" => "500" - ), - "bin-path" => "/usr/local/bin/php-cgi" - ) - ) -) +user root wheel; +worker_processes {$max_procs}; EOD; - } else { - $fast_cgi_path = "{$g['varrun_path']}/php-fpm.socket"; - $fastcgi_config = <<<EOD -#### fastcgi module -## read fastcgi.txt for more info -fastcgi.server = ( ".php" => - ( "localhost" => - ( - "socket" => "{$fast_cgi_path}", - "broken-scriptfilename" => "enable" - ) - ) -) - -EOD; - } +if (!isset($config['syslog']['nolognginx'])) { + $nginx_config .= "error_log syslog:server=unix:/var/run/log,facility=local5;\n"; +} - $lighty_config = <<<EOD -# -# lighttpd configuration file -# -# use a it as base for lighttpd 1.0.0 and above -# -############ Options you really have to take care of #################### - -## FreeBSD! -server.event-handler = "freebsd-kqueue" -server.network-backend = "writev" -#server.use-ipv6 = "enable" - -## modules to load -server.modules = ( "mod_access", "mod_expire", "mod_compress", "mod_redirect", - {$captiveportal}, "mod_fastcgi" -) - -server.max-keep-alive-requests = 15 -server.max-keep-alive-idle = 30 - -## a static document-root, for virtual-hosting take look at the -## server.virtual-* options -server.document-root = "{$document_root}" -{$captive_portal_rewrite} - -# Maximum idle time with nothing being written (php downloading) -server.max-write-idle = 999 - -{$lighty_use_syslog} - -# files to check for if .../ is requested -server.indexfiles = ( "index.php", "index.html", - "index.htm", "default.htm" ) - -# mimetype mapping -mimetype.assign = ( - ".pdf" => "application/pdf", - ".sig" => "application/pgp-signature", - ".spl" => "application/futuresplash", - ".class" => "application/octet-stream", - ".ps" => "application/postscript", - ".torrent" => "application/x-bittorrent", - ".dvi" => "application/x-dvi", - ".gz" => "application/x-gzip", - ".pac" => "application/x-ns-proxy-autoconfig", - ".swf" => "application/x-shockwave-flash", - ".tar.gz" => "application/x-tgz", - ".tgz" => "application/x-tgz", - ".tar" => "application/x-tar", - ".zip" => "application/zip", - ".mp3" => "audio/mpeg", - ".m3u" => "audio/x-mpegurl", - ".wma" => "audio/x-ms-wma", - ".wax" => "audio/x-ms-wax", - ".ogg" => "audio/x-wav", - ".wav" => "audio/x-wav", - ".gif" => "image/gif", - ".jpg" => "image/jpeg", - ".jpeg" => "image/jpeg", - ".png" => "image/png", - ".svg" => "image/svg+xml", - ".xbm" => "image/x-xbitmap", - ".xpm" => "image/x-xpixmap", - ".xwd" => "image/x-xwindowdump", - ".css" => "text/css", - ".html" => "text/html", - ".htm" => "text/html", - ".js" => "text/javascript", - ".asc" => "text/plain", - ".c" => "text/plain", - ".conf" => "text/plain", - ".text" => "text/plain", - ".txt" => "text/plain", - ".dtd" => "text/xml", - ".xml" => "text/xml", - ".mpeg" => "video/mpeg", - ".mpg" => "video/mpeg", - ".mov" => "video/quicktime", - ".qt" => "video/quicktime", - ".avi" => "video/x-msvideo", - ".asf" => "video/x-ms-asf", - ".asx" => "video/x-ms-asf", - ".wmv" => "video/x-ms-wmv", - ".bz2" => "application/x-bzip", - ".tbz" => "application/x-bzip-compressed-tar", - ".tar.bz2" => "application/x-bzip-compressed-tar" - ) - -# Use the "Content-Type" extended attribute to obtain mime type if possible -#mimetypes.use-xattr = "enable" - -## deny access the file-extensions -# -# ~ is for backupfiles from vi, emacs, joe, ... -# .inc is often used for code includes which should in general not be part -# of the document-root -url.access-deny = ( "~", ".inc" ) +$nginx_config .= <<<EOD +events { + worker_connections 1024; +} -######### Options that are good to be but not necessary to be changed ####### +http { + include /usr/local/etc/nginx/mime.types; + default_type application/octet-stream; + add_header X-Frame-Options SAMEORIGIN; + server_tokens off; -## disable server header -server.tag = "" + sendfile on; + keepalive_timeout 65; -## bind to port (default: 80) + access_log syslog:server=unix:/var/run/log,facility=local5 combined; EOD; - $lighty_config .= "server.bind = \"0.0.0.0\"\n"; - $lighty_config .= "server.port = {$lighty_port}\n"; - $lighty_config .= "\$SERVER[\"socket\"] == \"0.0.0.0:{$lighty_port}\" { }\n"; - $lighty_config .= "\$SERVER[\"socket\"] == \"[::]:{$lighty_port}\" { \n"; - if ($cert <> "" and $key <> "") { - $lighty_config .= "\n"; - $lighty_config .= "## ssl configuration\n"; - $lighty_config .= "ssl.engine = \"enable\"\n"; - $lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n"; - if ($ca <> "") { - $lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n"; - } - } - $lighty_config .= " }\n"; - - - $lighty_config .= <<<EOD - -## error-handler for status 404 -#server.error-handler-404 = "/error-handler.html" -#server.error-handler-404 = "/error-handler.php" - -## to help the rc.scripts -server.pid-file = "{$g['varrun_path']}/{$pid_file}" +if ($captive_portal !== false) { + $nginx_config .= "\tlimit_conn_zone \$binary_remote_addr zone=addr:10m;\n"; +} -## virtual directory listings -server.dir-listing = "disable" +$nginx_config .= <<<EOD -## enable debugging -debug.log-request-header = "disable" -debug.log-response-header = "disable" -debug.log-request-handling = "disable" -debug.log-file-not-found = "disable" + server { + listen {$nginx_port}; + listen [::]:{$nginx_port}; -# gzip compression -compress.cache-dir = "{$g['tmp_path']}/lighttpdcompress/" -compress.filetype = ("text/plain","text/css", "text/xml", "text/javascript" ) +EOD; -{$server_upload_dirs} + if ($cert <> "" and $key <> "") { + $nginx_config .= "\t\tssl on;\n"; + $nginx_config .= "\t\tssl_certificate {$g['varetc_path']}/{$cert_location};\n"; + $nginx_config .= "\t\tssl_certificate_key {$g['varetc_path']}/{$key_location};\n"; + $nginx_config .= "\t\tssl_session_timeout 10m;\n"; + $nginx_config .= "\t\tkeepalive_timeout 70;\n"; + $nginx_config .= "\t\tssl_session_cache shared:SSL:100m;\n"; + $nginx_config .= "\t\tssl_protocols TLSv1 TLSv1.1 TLSv1.2;\n"; + $nginx_config .= "\t\tssl_ciphers \"EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH\";\n"; + $nginx_config .= "\t\tssl_prefer_server_ciphers on;\n"; + $nginx_config .= "\t\tadd_header Strict-Transport-Security \"max-age=31536000\";\n"; + $nginx_config .= "\t\tadd_header X-Content-Type-Options nosniff;\n"; + $nginx_config .= "\t\tssl_session_tickets off;\n"; + $nginx_config .= "\t\tssl_stapling on;\n"; + $nginx_config .= "\t\tssl_stapling_verify on;\n"; + $nginx_config .= "\n"; + } -{$server_max_request_size} + if ($captive_portal !== false) { + $nginx_config .= <<<EOD +$captive_portal_maxprocperip +$cp_hostcheck +$cp_rewrite -{$fastcgi_config} +EOD; -{$cgi_config} + } -{$captive_portal_mod_evasive} + $nginx_config .= <<<EOD + root "{$document_root}"; + location / { + index index.html index.htm index.php; + } -expire.url = ( - "" => "access 50 hours", - ) + location ~ \.php$ { + try_files \$uri =404; # This line closes a potential security hole + # ensuring users can't execute uploaded files + # see: http://forum.nginx.org/read.php?2,88845,page=3 + fastcgi_pass unix:{$g['varrun_path']}/php-fpm.socket; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; + include /usr/local/etc/nginx/fastcgi_params; + } + } EOD; $cert = str_replace("\r", "", $cert); $key = str_replace("\r", "", $key); - $ca = str_replace("\r", "", $ca); $cert = str_replace("\n\n", "\n", $cert); $key = str_replace("\n\n", "\n", $key); - $ca = str_replace("\n\n", "\n", $ca); if ($cert <> "" and $key <> "") { $fd = fopen("{$g['varetc_path']}/{$cert_location}", "w"); if (!$fd) { - printf(gettext("Error: cannot open cert.pem in system_webgui_start().%s"), "\n"); + printf(gettext("Error: cannot open certificate file in system_webgui_start().%s"), "\n"); return 1; } chmod("{$g['varetc_path']}/{$cert_location}", 0600); - fwrite($fd, $cert); - fwrite($fd, "\n"); - fwrite($fd, $key); - fclose($fd); - if (!(empty($ca) || (strlen(trim($ca)) == 0))) { - $fd = fopen("{$g['varetc_path']}/{$ca_location}", "w"); - if (!$fd) { - printf(gettext("Error: cannot open ca.pem in system_webgui_start().%s"), "\n"); - return 1; - } - chmod("{$g['varetc_path']}/{$ca_location}", 0600); - fwrite($fd, $ca); - fclose($fd); + if ($ca <> "") { + $cert_chain = $cert . "\n" . $ca; + } else { + $cert_chain = $cert; } - $lighty_config .= "\n"; - $lighty_config .= "## " . gettext("ssl configuration") . "\n"; - $lighty_config .= "ssl.engine = \"enable\"\n"; - $lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n"; - - // SSLv2/3 is deprecated, force use of TLS - $lighty_config .= "ssl.use-sslv2 = \"disable\"\n"; - $lighty_config .= "ssl.use-sslv3 = \"disable\"\n"; - - // where ssl.cipher-list is set, this is automatically enabled, but set it explicitly anyway. - $lighty_config .= "ssl.honor-cipher-order = \"enable\"\n"; - - $lighty_config .= "ssl.cipher-list = \"AES128+EECDH:AES256+EECDH:AES128+EDH:AES256+EDH:AES128-SHA:AES256-SHA:!aNULL:!eNULL:!DSS\"\n"; - - if (!(empty($ca) || (strlen(trim($ca)) == 0))) { - $lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n"; + fwrite($fd, $cert_chain); + fclose($fd); + $fd = fopen("{$g['varetc_path']}/{$key_location}", "w"); + if (!$fd) { + printf(gettext("Error: cannot open certificate key file in system_webgui_start().%s"), "\n"); + return 1; } + chmod("{$g['varetc_path']}/{$key_location}", 0600); + fwrite($fd, $key); + fclose($fd); } // Add HTTP to HTTPS redirect if ($captive_portal === false && $config['system']['webgui']['protocol'] == "https" && !isset($config['system']['webgui']['disablehttpredirect'])) { - if ($lighty_port != "443") { - $redirectport = ":{$lighty_port}"; + if ($nginx_port != "443") { + $redirectport = ":{$nginx_port}"; } - $lighty_config .= <<<EOD -\$SERVER["socket"] == ":80" { - \$HTTP["host"] =~ "(.*)" { - url.redirect = ( "^/(.*)" => "https://%1{$redirectport}/$1" ) - } -} -\$SERVER["socket"] == "[::]:80" { - \$HTTP["host"] =~ "(.*)" { - url.redirect = ( "^/(.*)" => "https://%1{$redirectport}/$1" ) + $nginx_config .= <<<EOD + server { + listen 80; + listen [::]:80; + rewrite ^ https://\$http_host$redirectport\$request_uri? permanent; } -} + EOD; } + $nginx_config .= "}\n"; + $fd = fopen("{$filename}", "w"); if (!$fd) { - printf(gettext("Error: cannot open %s in system_generate_lighty_config().%s"), $filename, "\n"); + printf(gettext("Error: cannot open %s in system_generate_nginx_config().%s"), $filename, "\n"); return 1; } - fwrite($fd, $lighty_config); + fwrite($fd, $nginx_config); fclose($fd); + /* nginx will fail to start if this directory does not exist. */ + safe_mkdir("/var/tmp/nginx/"); + return 0; } @@ -2216,11 +2073,12 @@ EOD; return 0; } -/* attempt to identify the specific platform (for embedded systems) - Returns an array with two elements: - name => platform string (e.g. 'wrap', 'alix' etc.) - descr => human-readable description (e.g. "PC Engines WRAP") -*/ +/* + * attempt to identify the specific platform (for embedded systems) + * Returns an array with two elements: + * name => platform string (e.g. 'wrap', 'alix' etc.) + * descr => human-readable description (e.g. "PC Engines WRAP") + */ function system_identify_specific_platform() { global $g; diff --git a/src/etc/inc/upgrade_config.inc b/src/etc/inc/upgrade_config.inc index 6867522..ec25a23 100644 --- a/src/etc/inc/upgrade_config.inc +++ b/src/etc/inc/upgrade_config.inc @@ -2157,10 +2157,6 @@ function upgrade_054_to_055() { @unlink("{$g['tmp_path']}/{$xmldump}"); @unlink("{$g['tmp_path']}/{$xmldumpnew}"); } - /* let apinger recreate required files */ - if (!platform_booting()) { - setup_gateways_monitor(); - } /* build a list of traffic and packets databases */ $databases = return_dir_as_array($rrddbpath, '/-(traffic|packets)\.rrd$/'); @@ -4203,4 +4199,74 @@ function upgrade_131_to_132() { clear_all_log_files(false); } } + +function upgrade_132_to_133() { + global $config; + + if (isset($config['ipsec']['phase1']) && + is_array($config['ipsec']['phase1'])) { + foreach ($config['ipsec']['phase1'] as &$p1) { + if (isset($p1['encryption-algorithm']['name']) && + $p1['encryption-algorithm']['name'] == 'des') { + $p1['disabled'] = true; + file_notice("IPsec", + "DES is no longer supported, IPsec phase 1 " . + "item '{$p1['descr']}' is being disabled."); + } + } + } + + if (isset($config['ipsec']['phase2']) && + is_array($config['ipsec']['phase2'])) { + foreach ($config['ipsec']['phase2'] as &$p2) { + if (!isset($p2['encryption-algorithm-option']) || + !is_array($p2['encryption-algorithm-option'])) { + continue; + } + + foreach ($p2['encryption-algorithm-option'] as $ealgo) { + if ($ealgo['name'] == 'des') { + $p2['disabled'] = true; + file_notice("IPsec", + "DES is no longer supported, IPsec phase 2 " . + "item '{$p2['descr']}' is being disabled."); + } + } + } + } +} + +// Determine the highest column number in use and set dashboardcolumns accordingly +function upgrade_133_to_134() { + global $config; + + if (!isset($config['widgets']['sequence']) || isset($config['system']['webgui']['dashboardcolumns'])) { + return; + } + + $cur_widgets = explode(',', trim($config['widgets']['sequence'])); + $maxcols = 2; + + foreach ($cur_widgets as $widget) { + list($file, $col, $display) = explode(':', $widget); + + if (($display != 'none') && ($display != 'hide')) { + preg_match('#[0-9]+$#', $col, $column); + if ($column[0] > $maxcols) { + $maxcols = $column[0]; + } + } + } + + $config['system']['webgui']['dashboardcolumns'] = $maxcols % 10; +} + +function upgrade_134_to_135() { + global $config; + + if (isset($config['syslog']['nologlighttpd'])) { + unset($config['syslog']['nologlighttpd']); + $config['syslog']['nolognginx'] = true; + } +} ?> diff --git a/src/etc/pfSense.obsoletedfiles b/src/etc/pfSense.obsoletedfiles index 5b5b7d0..ec737bc 100644 --- a/src/etc/pfSense.obsoletedfiles +++ b/src/etc/pfSense.obsoletedfiles @@ -443,6 +443,7 @@ /usr/local/bin/spawn-fcgi /usr/local/bin/tickadj /usr/local/bin/verifysig +/usr/local/etc/lighttpd /usr/local/etc/pkg.conf /usr/local/info /usr/local/lib/engines @@ -515,66 +516,7 @@ /usr/local/lib/libsyslog-ng-3.4.7.so /usr/local/lib/libsyslog-ng-3.5.4.1.so /usr/local/lib/libxml2.so.5 -/usr/local/lib/lighttpd/mod_access.a -/usr/local/lib/lighttpd/mod_access.la -/usr/local/lib/lighttpd/mod_accesslog.a -/usr/local/lib/lighttpd/mod_accesslog.la -/usr/local/lib/lighttpd/mod_alias.a -/usr/local/lib/lighttpd/mod_alias.la -/usr/local/lib/lighttpd/mod_auth.a -/usr/local/lib/lighttpd/mod_auth.la -/usr/local/lib/lighttpd/mod_cgi.a -/usr/local/lib/lighttpd/mod_cgi.la -/usr/local/lib/lighttpd/mod_cml.a -/usr/local/lib/lighttpd/mod_cml.la -/usr/local/lib/lighttpd/mod_compress.a -/usr/local/lib/lighttpd/mod_compress.la -/usr/local/lib/lighttpd/mod_dirlisting.a -/usr/local/lib/lighttpd/mod_dirlisting.la -/usr/local/lib/lighttpd/mod_evasive.a -/usr/local/lib/lighttpd/mod_evasive.la -/usr/local/lib/lighttpd/mod_evhost.a -/usr/local/lib/lighttpd/mod_evhost.la -/usr/local/lib/lighttpd/mod_expire.a -/usr/local/lib/lighttpd/mod_expire.la -/usr/local/lib/lighttpd/mod_fastcgi.a -/usr/local/lib/lighttpd/mod_fastcgi.la -/usr/local/lib/lighttpd/mod_flv_streaming.a -/usr/local/lib/lighttpd/mod_flv_streaming.la -/usr/local/lib/lighttpd/mod_indexfile.a -/usr/local/lib/lighttpd/mod_indexfile.la -/usr/local/lib/lighttpd/mod_mysql_vhost.a -/usr/local/lib/lighttpd/mod_mysql_vhost.la -/usr/local/lib/lighttpd/mod_proxy.a -/usr/local/lib/lighttpd/mod_proxy.la -/usr/local/lib/lighttpd/mod_redirect.a -/usr/local/lib/lighttpd/mod_redirect.la -/usr/local/lib/lighttpd/mod_rewrite.a -/usr/local/lib/lighttpd/mod_rewrite.la -/usr/local/lib/lighttpd/mod_rrdtool.a -/usr/local/lib/lighttpd/mod_rrdtool.la -/usr/local/lib/lighttpd/mod_scgi.a -/usr/local/lib/lighttpd/mod_scgi.la -/usr/local/lib/lighttpd/mod_secdownload.a -/usr/local/lib/lighttpd/mod_secdownload.la -/usr/local/lib/lighttpd/mod_setenv.a -/usr/local/lib/lighttpd/mod_setenv.la -/usr/local/lib/lighttpd/mod_simple_vhost.a -/usr/local/lib/lighttpd/mod_simple_vhost.la -/usr/local/lib/lighttpd/mod_ssi.a -/usr/local/lib/lighttpd/mod_ssi.la -/usr/local/lib/lighttpd/mod_staticfile.a -/usr/local/lib/lighttpd/mod_staticfile.la -/usr/local/lib/lighttpd/mod_status.a -/usr/local/lib/lighttpd/mod_status.la -/usr/local/lib/lighttpd/mod_trigger_b4_dl.a -/usr/local/lib/lighttpd/mod_trigger_b4_dl.la -/usr/local/lib/lighttpd/mod_userdir.a -/usr/local/lib/lighttpd/mod_userdir.la -/usr/local/lib/lighttpd/mod_usertrack.a -/usr/local/lib/lighttpd/mod_usertrack.la -/usr/local/lib/lighttpd/mod_webdav.a -/usr/local/lib/lighttpd/mod_webdav.la +/usr/local/lib/lighttpd /usr/local/lib/mysql/libmysqlclient.so.15 /usr/local/lib/olsrd_dot_draw.so.0.3 /usr/local/lib/olsrd_dyn_gw.so.0.4 @@ -634,6 +576,8 @@ /usr/local/sbin/ipfw_context /usr/local/sbin/ipfw-classifyd /usr/local/sbin/kbdcheck +/usr/local/sbin/lighttpd +/usr/local/sbin/lighttpd-angel /usr/local/sbin/mdnsd /usr/local/sbin/mini_httpd /usr/local/sbin/mpd @@ -1021,5 +965,7 @@ /var/db/rrd/index.html /var/dhcpd/lib/libc.so.6 /var/etc/pppoe-vpn +/var/log/lighttpd +/var/log/lighttpd.log /var/mail/_relayd /var/mail/unbound diff --git a/src/etc/phpshellsessions/gitsync b/src/etc/phpshellsessions/gitsync index 3aa072f..feaf3dd 100644 --- a/src/etc/phpshellsessions/gitsync +++ b/src/etc/phpshellsessions/gitsync @@ -305,8 +305,6 @@ if (isset($args["--minimal"])) { // Save new commit ID for later minimal file copies exec("cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && {$GIT_BIN} rev-parse -q --verify HEAD > /etc/version.gitsync"); -exec("mkdir -p /tmp/lighttpd/cache/compress/"); - // Remove files that we do not want to overwrite the system with @unlink("{$CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/etc/crontab"); @unlink("{$CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/etc/master.passwd"); @@ -359,7 +357,7 @@ if (!$upgrading) { echo "===> Checkout complete.\n"; echo "\n"; if (!$upgrading) { - echo "Your system is now sync'd and PHP and Lighty will be restarted in 5 seconds.\n\n"; + echo "Your system is now sync'd and PHP and nginx will be restarted in 5 seconds.\n\n"; } else { echo "Your system is now sync'd.\n\n"; } @@ -389,16 +387,13 @@ function post_cvssync_commands() { echo "===> Locking down the console if needed...\n"; reload_ttys(); - echo "===> Signaling PHP and Lighty restart..."; - $fd = fopen("/tmp/restart_lighty", "w"); + echo "===> Signaling PHP and nginx restart..."; + $fd = fopen("/tmp/restart_nginx", "w"); fwrite($fd, "#!/bin/sh\n"); fwrite($fd, "sleep 5\n"); fwrite($fd, "/usr/local/sbin/pfSctl -c 'service restart webgui'\n"); - if (file_exists("/var/etc/lighty-CaptivePortal.conf")) { - fwrite($fd, "/usr/local/sbin/lighttpd -f /var/etc/lighty-CaptivePortal.conf\n"); - } fclose($fd); - mwexec_bg("sh /tmp/restart_lighty"); + mwexec_bg("sh /tmp/restart_nginx"); echo "\n"; } @@ -185,7 +185,7 @@ echo cat /etc/ascii-art/pfsense-logo-small.txt echo echo -echo "Welcome to ${product} ${version} ${platformbanner} ..." +echo "Welcome to ${product} ${version}${platformbanner}..." echo /sbin/conscontrol mute off >/dev/null @@ -308,7 +308,7 @@ trap "echo 'Reboot interrupted'; exit 1" 3 echo -n "." DISABLESYSLOGCLOG=$(/usr/local/sbin/read_xml_tag.sh boolean system/disablesyslogclog) -LOG_FILES="system filter dhcpd vpn pptps poes l2tps openvpn portalauth ipsec ppp relayd wireless lighttpd ntpd gateways resolver routing" +LOG_FILES="system filter dhcpd vpn pptps poes l2tps openvpn portalauth ipsec ppp relayd wireless nginx ntpd gateways resolver routing" DEFAULT_LOG_FILE_SIZE=$(/usr/local/sbin/read_xml_tag.sh string syslog/logfilesize) DEFAULT_LOG_FILE_SIZE=${DEFAULT_LOG_FILE_SIZE:-"511488"} @@ -388,7 +388,6 @@ export fcgipath=/var/run/php-fpm.socket # let the PHP-based configuration subsystem set up the system now echo -n "Launching the init system..." /bin/rm -f /cf/conf/backup/backup.cache -/bin/rm -f /root/lighttpd* /usr/bin/touch $varrunpath/booting if [ "${PLATFORM}" = "nanobsd" ]; then diff --git a/src/etc/rc.banner b/src/etc/rc.banner index 8974a05..6204d29 100755 --- a/src/etc/rc.banner +++ b/src/etc/rc.banner @@ -84,6 +84,9 @@ case "track6": $class6 = "/t6"; break; + default: + $class6 = ""; + break; } $ipaddr = get_interface_ip($ifname); $subnet = get_interface_subnet($ifname); diff --git a/src/etc/rc.php_ini_setup b/src/etc/rc.php_ini_setup index 7d1054e..dbc5af0 100755 --- a/src/etc/rc.php_ini_setup +++ b/src/etc/rc.php_ini_setup @@ -285,7 +285,7 @@ daemonize = yes events.mechanism = kqueue process.max = ${PHPFPMMAX} -[lighty] +[nginx] user = root group = wheel ;mode = 0600 diff --git a/src/etc/rc.restart_webgui b/src/etc/rc.restart_webgui index 7a0bcd3..d65b4d3 100755 --- a/src/etc/rc.restart_webgui +++ b/src/etc/rc.restart_webgui @@ -10,12 +10,7 @@ require_once("rrd.inc"); echo "Restarting webConfigurator..."; -sigkillbyname("lighttpd", "KILL"); - -while (is_process_running("lighttpd")) { - echo '.'; - sleep(1); -} +sigkillbypid("{$g['varrun_path']}/nginx-webConfigurator.pid", "TERM"); system_webgui_start(); diff --git a/src/etc/version b/src/etc/version index df3f865..b223756 100644 --- a/src/etc/version +++ b/src/etc/version @@ -1 +1 @@ -2.3-ALPHA +2.3-BETA diff --git a/src/usr/local/pkg/miniupnpd.inc b/src/usr/local/pkg/miniupnpd.inc index 8b258e0..ecf187b 100644 --- a/src/usr/local/pkg/miniupnpd.inc +++ b/src/usr/local/pkg/miniupnpd.inc @@ -224,6 +224,9 @@ $config_text .= "system_uptime=yes\n"; } + /* set secure_mode */ + $config_text .= "secure_mode=yes\n"; + /* set webgui url */ if (!empty($config['system']['webgui']['protocol'])) { $config_text .= "presentation_url={$config['system']['webgui']['protocol']}://{$webgui_ip}"; diff --git a/src/usr/local/share/locale/en/LC_MESSAGES/pfSense.pot b/src/usr/local/share/locale/en/LC_MESSAGES/pfSense.pot index 7342e22..e786d02 100644 --- a/src/usr/local/share/locale/en/LC_MESSAGES/pfSense.pot +++ b/src/usr/local/share/locale/en/LC_MESSAGES/pfSense.pot @@ -8260,7 +8260,7 @@ msgstr "" #: usr/local/www/diag_logs_settings.php:333 msgid "" -"Hint: If this is checked, errors from the lighttpd web server process for " +"Hint: If this is checked, errors from the web server process for " "the GUI or Captive Portal will appear in the main system log." msgstr "" @@ -16466,10 +16466,6 @@ msgstr "" msgid "1999-2014 The PHP Group. All rights reserved." msgstr "" -#: usr/local/www/license.php:96 -msgid "LightTPD" -msgstr "" - #: usr/local/www/license.php:97 msgid "2004, Jan Knescke, incremental" msgstr "" diff --git a/src/usr/local/share/locale/ja/LC_MESSAGES/pfSense.po b/src/usr/local/share/locale/ja/LC_MESSAGES/pfSense.po index b9d66c6..8539301 100644 --- a/src/usr/local/share/locale/ja/LC_MESSAGES/pfSense.po +++ b/src/usr/local/share/locale/ja/LC_MESSAGES/pfSense.po @@ -24029,10 +24029,6 @@ msgstr "本製品は、から無料で入手PHPを含み" msgid "1999 - 2003 The PHP Group. All rights reserved" msgstr "1999 - 2003ザ· PHPのグループ。無断複写·転載を禁じます" -#: usr/local/www/license.php:163 usr/local/www/license.php:163 -msgid "LightTPD" -msgstr "lighttpdの" - #: usr/local/www/license.php:164 msgid " 2004 by Jan Kneschke " msgstr "2004ヤンKneschkeによる" diff --git a/src/usr/local/share/locale/pt_BR/LC_MESSAGES/pfSense.po b/src/usr/local/share/locale/pt_BR/LC_MESSAGES/pfSense.po index b013681..82e25c5 100644 --- a/src/usr/local/share/locale/pt_BR/LC_MESSAGES/pfSense.po +++ b/src/usr/local/share/locale/pt_BR/LC_MESSAGES/pfSense.po @@ -2843,8 +2843,8 @@ msgstr "configuração ssl" #: etc/inc/system.inc:1161 etc/inc/system.inc:1213 etc/inc/system.inc:1193 #: etc/inc/system.inc:1142 etc/inc/system.inc:1169 #, php-format -msgid "Error: cannot open %s in system_generate_lighty_config().%s" -msgstr "Erro: não pôde abrir %s em system_generate_lighty_config().%s" +msgid "Error: cannot open %s in system_generate_nginx_config().%s" +msgstr "Erro: não pôde abrir %s em system_generate_nginx_config().%s" #: etc/inc/system.inc:1181 etc/inc/system.inc:1233 etc/inc/system.inc:1213 #: etc/inc/system.inc:1162 etc/inc/system.inc:1189 @@ -20496,10 +20496,6 @@ msgstr "Esse produto inclui PHP, disponível de graça por" msgid "1999 - 2003 The PHP Group. All rights reserved" msgstr "1999 - 2003 The PHP Group. Todos os direitos reservados" -#: usr/local/www/license.php:163 -msgid "LightTPD" -msgstr "LightTPD" - #: usr/local/www/license.php:164 msgid " 2004 by Jan Kneschke " msgstr " 2004 por Jan Kneschke " @@ -40785,7 +40781,7 @@ msgid "Log errors from the web server process." msgstr "" #: usr/local/www/diag_logs_settings.php:291 -msgid "Hint: If this is checked, errors from the lighttpd web server process for the GUI or Captive Portal will appear in the main system log." +msgid "Hint: If this is checked, errors from the web server process for the GUI or Captive Portal will appear in the main system log." msgstr "" #: usr/local/www/interfaces_gre_edit.php:216 diff --git a/src/usr/local/share/locale/tr/LC_MESSAGES/pfSense.po b/src/usr/local/share/locale/tr/LC_MESSAGES/pfSense.po index 07b6eac..162f41c 100644 --- a/src/usr/local/share/locale/tr/LC_MESSAGES/pfSense.po +++ b/src/usr/local/share/locale/tr/LC_MESSAGES/pfSense.po @@ -5293,8 +5293,8 @@ msgstr "ssl yapılandırması" #: etc/inc/system.inc:1360 #, php-format -msgid "Error: cannot open %s in system_generate_lighty_config().%s" -msgstr "Hata: system_generate_lighty_config().%s içindeki %s açılamadı" +msgid "Error: cannot open %s in system_generate_nginx_config().%s" +msgstr "Hata: system_generate_nginx_config().%s içindeki %s açılamadı" #: etc/inc/system.inc:1380 msgid "Setting timezone..." @@ -8531,7 +8531,7 @@ msgstr "" #: usr/local/www/diag_logs_settings.php:333 msgid "" -"Hint: If this is checked, errors from the lighttpd web server process for " +"Hint: If this is checked, errors from the web server process for " "the GUI or Captive Portal will appear in the main system log." msgstr "" @@ -17311,10 +17311,6 @@ msgstr "Bu ürün PHP içerir, ücretsiz olarak" msgid "1999-2014 The PHP Group. All rights reserved." msgstr "" -#: usr/local/www/license.php:96 -msgid "LightTPD" -msgstr "LightTPD" - #: usr/local/www/license.php:97 msgid "2004, Jan Knescke, incremental" msgstr "2004, Jan Knescke, incremental" diff --git a/src/usr/local/www/bootstrap/css/pfSense-dark-BETA.css b/src/usr/local/www/bootstrap/css/pfSense-dark-BETA.css new file mode 100644 index 0000000..46f9283 --- /dev/null +++ b/src/usr/local/www/bootstrap/css/pfSense-dark-BETA.css @@ -0,0 +1,3 @@ +@import url("/bootstrap/css/pfSense-dark.css"); + +/*** Experimental Changes Go Here ***/ diff --git a/src/usr/local/www/classes/Form/Button.class.php b/src/usr/local/www/classes/Form/Button.class.php index 0b2a9de..a6f2ef3 100644 --- a/src/usr/local/www/classes/Form/Button.class.php +++ b/src/usr/local/www/classes/Form/Button.class.php @@ -64,6 +64,9 @@ class Form_Button extends Form_Input } parent::__construct($name, $title, null); + + if (isset($link)) + unset($this->_attributes['name']); } protected function _getInput() diff --git a/src/usr/local/www/classes/Form/Input.class.php b/src/usr/local/www/classes/Form/Input.class.php index 9482c2b..e8dd000 100644 --- a/src/usr/local/www/classes/Form/Input.class.php +++ b/src/usr/local/www/classes/Form/Input.class.php @@ -75,11 +75,32 @@ class Form_Input extends Form_Element return $this->_title; } + public function getValue() + { + return $this->_attributes['value']; + } + public function getName() { return $this->_attributes['name']; } + public function setName($nm) + { + $this->_attributes['name'] = $nm; + $this->_attributes['id'] = $nm; + } + + public function setValue($val) + { + $this->_attributes['value'] = $val; + } + + public function setType($tp) + { + $this->_attributes['type'] = $tp; + } + public function getId() { return $this->_attributes['id']; @@ -143,6 +164,13 @@ class Form_Input extends Form_Element return $this; } + public function setIsRequired() + { + $this->_attributes['required'] = true; + + return $this; + } + public function toggles($selector = null, $type = 'collapse') { if (isset($selector)) diff --git a/src/usr/local/www/classes/Form/Section.class.php b/src/usr/local/www/classes/Form/Section.class.php index 1d4c67f..631562c 100644 --- a/src/usr/local/www/classes/Form/Section.class.php +++ b/src/usr/local/www/classes/Form/Section.class.php @@ -68,6 +68,27 @@ class Form_Section extends Form_Element return $input; } + // Shortcut, adds a group with a password and a confirm password field. + // The confirm password element is created by apprnding "_confirm" to the name supplied + // The value is overwritten with a default pattern (So the user cannot see it) + public function addPassword(Form_Input $input) + { + $group = new Form_Group($input->getTitle()); + if($input->getValue() != "") { + $input->setValue(DMYPWD); + } + + $input->setType("password"); + $group->add($input); + $confirm = clone $input; + $confirm->setName($confirm->getName() . "_confirm"); + $confirm->setHelp("Confirm"); + $group->add($confirm); + $this->add($group); + + return $input; + } + public function __toString() { $element = parent::__toString(); diff --git a/src/usr/local/www/classes/Form/Textarea.class.php b/src/usr/local/www/classes/Form/Textarea.class.php index 1ca879e..1f4938a 100644 --- a/src/usr/local/www/classes/Form/Textarea.class.php +++ b/src/usr/local/www/classes/Form/Textarea.class.php @@ -51,7 +51,7 @@ class Form_Textarea extends Form_Input public function setNoWrap() { - $this->_attributes['wrap'] = 'none'; + $this->_attributes['style'] = 'white-space: nowrap; width: auto;'; return $this; } diff --git a/src/usr/local/www/csrf/csrf-magic.js b/src/usr/local/www/csrf/csrf-magic.js index d358b0f..a889773 100644 --- a/src/usr/local/www/csrf/csrf-magic.js +++ b/src/usr/local/www/csrf/csrf-magic.js @@ -40,10 +40,13 @@ CsrfMagic.prototype = { send: function(data) { if (!this.csrf_isPost) return this.csrf_send(data); prepend = csrfMagicName + '=' + csrfMagicToken + '&'; - if (this.csrf_purportedLength === undefined) { - this.csrf_setRequestHeader("Content-length", this.csrf_purportedLength + prepend.length); - delete this.csrf_purportedLength; - } + + // Removed to eliminate 'Refused to set unsafe header "Content-length" ' errors in modern browsers + // if (this.csrf_purportedLength === undefined) { + // this.csrf_setRequestHeader("Content-length", this.csrf_purportedLength + prepend.length); + // delete this.csrf_purportedLength; + // } + delete this.csrf_isPost; return this.csrf_send(prepend + data); }, diff --git a/src/usr/local/www/diag_arp.php b/src/usr/local/www/diag_arp.php index d456be9..8ec4623 100644 --- a/src/usr/local/www/diag_arp.php +++ b/src/usr/local/www/diag_arp.php @@ -333,6 +333,10 @@ $data = msort($data, "dnsresolve"); // Load MAC-Manufacturer table $mac_man = load_mac_manufacturer_table(); ?> +<div class="panel panel-default"> + <div class="panel-heading"><h2 class="panel-title"><?=gettext('ARP Table')?></h2></div> + <div class="panel-body"> + <div class="table-responsive"> <table class="sortable-theme-bootstrap table table-striped table-hover" data-sortable> <thead> @@ -368,6 +372,9 @@ $mac_man = load_mac_manufacturer_table(); </table> </div> + </div> +</div> + <script type="text/javascript"> //<![CDATA[ // Clear the "loading" div once the page has loaded" diff --git a/src/usr/local/www/diag_backup.php b/src/usr/local/www/diag_backup.php index bcf3619..074ae28 100644 --- a/src/usr/local/www/diag_backup.php +++ b/src/usr/local/www/diag_backup.php @@ -225,12 +225,9 @@ if ($_POST) { if ($mode) { if ($mode == "download") { if ($_POST['encrypt']) { - if (!$_POST['encrypt_password'] || !$_POST['encrypt_passconf']) { + if (!$_POST['encrypt_password']) { $input_errors[] = gettext("You must supply and confirm the password for encryption."); } - if ($_POST['encrypt_password'] != $_POST['encrypt_passconf']) { - $input_errors[] = gettext("The supplied 'Password' and 'Confirm' field values must match."); - } } if (!$input_errors) { @@ -303,12 +300,9 @@ if ($_POST) { if ($mode == "restore") { if ($_POST['decrypt']) { - if (!$_POST['decrypt_password'] || !$_POST['decrypt_passconf']) { + if (!$_POST['decrypt_password']) { $input_errors[] = gettext("You must supply and confirm the password for decryption."); } - if ($_POST['decrypt_password'] != $_POST['decrypt_passconf']) { - $input_errors[] = gettext("The supplied 'Password' and 'Confirm' field values must match."); - } } if (!$input_errors) { @@ -661,18 +655,9 @@ $section->addInput(new Form_Checkbox( $section->addInput(new Form_Input( 'encrypt_password', - null, - 'password', - null, - ['placeholder' => 'Password'] -)); - -$section->addInput(new Form_Input( - 'encrypt_passconf', - null, + 'Password', 'password', - null, - ['placeholder' => 'Confirm password'] + null )); $group = new Form_Group(''); @@ -714,20 +699,12 @@ $section->addInput(new Form_Checkbox( $section->addInput(new Form_Input( 'decrypt_password', - null, + 'Password', 'password', null, ['placeholder' => 'Password'] )); -$section->addInput(new Form_Input( - 'decrypt_passconf', - null, - 'password', - null, - ['placeholder' => 'Confirm password'] -)); - $group = new Form_Group(''); $group->add(new Form_Button( 'Submit', @@ -782,9 +759,9 @@ events.push(function() { decryptHide = !($('input[name="decrypt"]').is(':checked')); hideInput('encrypt_password', encryptHide); - hideInput('encrypt_passconf', encryptHide); + hideInput('encrypt_password_confirm', encryptHide); hideInput('decrypt_password', decryptHide); - hideInput('decrypt_passconf', decryptHide); + hideInput('decrypt_password_confirm', decryptHide); } // ---------- Click handlers ------------------------------------------------------------------ diff --git a/src/usr/local/www/diag_ndp.php b/src/usr/local/www/diag_ndp.php index b542552..348002d 100644 --- a/src/usr/local/www/diag_ndp.php +++ b/src/usr/local/www/diag_ndp.php @@ -129,6 +129,10 @@ $pgtitle = array(gettext("Diagnostics"), gettext("NDP Table")); include("head.inc"); ?> +<div class="panel panel-default"> + <div class="panel-heading"><h2 class="panel-title"><?=gettext('NDP Table')?></h2></div> + <div class="panel-body"> + <div class="table-responsive"> <table class="table table-striped table-condensed table-hover sortable-theme-bootstrap" data-sortable> <thead> @@ -173,4 +177,7 @@ include("head.inc"); </table> </div> + </div> +</div> + <?php include("foot.inc"); diff --git a/src/usr/local/www/diag_reboot.php b/src/usr/local/www/diag_reboot.php index b53fc9b..9547755 100755 --- a/src/usr/local/www/diag_reboot.php +++ b/src/usr/local/www/diag_reboot.php @@ -79,7 +79,7 @@ include("head.inc"); if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (DEBUG) { - print_info_box("Not actually rebooting (DEBUG is set true)", success); + print_info_box("Not actually rebooting (DEBUG is set true)", 'success'); } else { print('<div><pre>'); system_reboot(); diff --git a/src/usr/local/www/firewall_aliases.php b/src/usr/local/www/firewall_aliases.php index bf0bccc..9862ebb 100644 --- a/src/usr/local/www/firewall_aliases.php +++ b/src/usr/local/www/firewall_aliases.php @@ -207,10 +207,14 @@ if (is_subsystem_dirty('aliases')) { print_info_box_np(gettext("The alias list has been changed.") . "<br />" . gettext("You must apply the changes in order for them to take effect.")); } - display_top_tabs($tab_array); ?> + +<div class="panel panel-default"> + <div class="panel-heading"><h2 class="panel-title"><?=gettext('Firewall Aliases') . " " . $bctab?></h2></div> + <div class="panel-body"> + <div class="table-responsive"> <table class="table table-striped table-hover"> <thead> @@ -290,6 +294,9 @@ display_top_tabs($tab_array); </table> </div> + </div> +</div> + <nav class="action-buttons"> <a href="firewall_aliases_edit.php?tab=<?=$tab?>" role="button" class="btn btn-success btn-sm"> <i class="fa fa-plus icon-embed-btn"></i> diff --git a/src/usr/local/www/firewall_aliases_edit.php b/src/usr/local/www/firewall_aliases_edit.php index 6a23610..a9f0c5ab 100755 --- a/src/usr/local/www/firewall_aliases_edit.php +++ b/src/usr/local/www/firewall_aliases_edit.php @@ -699,7 +699,7 @@ while ($counter < count($addresses)) { 'address' . $counter, 'Address', $address - ))->addMask('address_subnet' . $counter, $address_subnet)->setWidth(4)->setPattern('[0-9, a-z, A-Z and .'); + ))->addMask('address_subnet' . $counter, $address_subnet)->setWidth(4)->setPattern('[a-zA-Z0-9\-\.\:]+'); $group->add(new Form_Input( 'detail' . $counter, diff --git a/src/usr/local/www/firewall_nat_1to1_edit.php b/src/usr/local/www/firewall_nat_1to1_edit.php index 20c7bb6..7e76b35 100644 --- a/src/usr/local/www/firewall_nat_1to1_edit.php +++ b/src/usr/local/www/firewall_nat_1to1_edit.php @@ -461,7 +461,7 @@ $group->add(new Form_IpAddress( 'src', null, is_specialnet($pconfig['src']) ? '': $pconfig['src'] -))->addMask('srcmask', $pconfig['srcmask'], 31)->setHelp('Address/mask')->setPattern('[0-9, a-z, A-Z and .'); +))->addMask('srcmask', $pconfig['srcmask'], 31)->setHelp('Address/mask')->setPattern('[a-zA-Z0-9\.\:\_]+'); $group->setHelp('Enter the internal (LAN) subnet for the 1:1 mapping. ' . 'The subnet size specified for the internal subnet will be applied to the external subnet.'); @@ -488,7 +488,7 @@ $group->add(new Form_IpAddress( 'dst', null, is_specialnet($pconfig['dst']) ? '': $pconfig['dst'] -))->addMask('dstmask', $pconfig['dstmask'], 31)->setHelp('Address/mask')->setPattern('[0-9, a-z, A-Z and .'); +))->addMask('dstmask', $pconfig['dstmask'], 31)->setHelp('Address/mask')->setPattern('[a-zA-Z0-9\.\:\_]+'); $group->setHelp('The 1:1 mapping will only be used for connections to or from the specified destination. Hint: this is usually "Any".'); diff --git a/src/usr/local/www/firewall_nat_edit.php b/src/usr/local/www/firewall_nat_edit.php index 2e34597..2018ac8 100644 --- a/src/usr/local/www/firewall_nat_edit.php +++ b/src/usr/local/www/firewall_nat_edit.php @@ -771,8 +771,8 @@ $group->add(new Form_Select( $group->add(new Form_Input( 'srcbeginport_cust', null, - 'text', - $pconfig['srcbeginport'], + 'number', + is_numeric($pconfig['srcbeginport']) ? $pconfig['srcbeginport'] : null, ['min' => '1', 'max' => '65536'] ))->setHelp('Custom'); @@ -786,8 +786,8 @@ $group->add(new Form_Select( $group->add(new Form_Input( 'srcendport_cust', null, - 'text', - $pconfig['srcendport'], + 'number', + is_numeric($pconfig['srcendport']) ? $pconfig['srcendport'] : null, ['min' => '1', 'max' => '65536'] ))->setHelp('Custom'); @@ -834,8 +834,8 @@ $group->add(new Form_Select( $group->add(new Form_Input( 'dstbeginport_cust', null, - 'text', - $pconfig['dstbeginport'], + 'number', + is_numeric($pconfig['dstbeginport']) ? $pconfig['dstbeginport'] : null, ['min' => '1', 'max' => '65536'] ))->setHelp('Custom'); @@ -849,8 +849,8 @@ $group->add(new Form_Select( $group->add(new Form_Input( 'dstendport_cust', null, - 'text', - $pconfig['dstendport'], + 'number', + is_numeric($pconfig['dstendport']) ? $pconfig['dstendport'] : null, ['min' => '1', 'max' => '65536'] ))->setHelp('Custom'); @@ -883,8 +883,8 @@ $group->setHelp('Specify the port on the machine with the IP address entered abo $group->add(new Form_Input( 'localbeginport_cust', null, - 'text', - $pconfig['localbeginport'], + 'number', + is_numeric($pconfig['localbeginport']) ? $pconfig['localbeginport'] : null, ['min' => '1', 'max' => '65536'] ))->setHelp('Custom'); @@ -1060,7 +1060,7 @@ events.push(function() { } else { disableInput('srcbeginport', false); disableInput('srcendport', false); - disableInput('localbeginport_cust', false); +// disableInput('localbeginport_cust', false); if (dstenabled) { disableInput('dstbeginport', false); disableInput('dstendport', false); diff --git a/src/usr/local/www/firewall_nat_out_edit.php b/src/usr/local/www/firewall_nat_out_edit.php index 0836d4e..e4aebde 100644 --- a/src/usr/local/www/firewall_nat_out_edit.php +++ b/src/usr/local/www/firewall_nat_out_edit.php @@ -517,7 +517,7 @@ $group->add(new Form_IpAddress( 'source', null, $pconfig['source'] -))->addMask('source_subnet', $pconfig['source_subnet'])->setHelp('Source network for the outbound NAT mapping.')->setPattern('[0-9, a-z, A-Z and .'); +))->addMask('source_subnet', $pconfig['source_subnet'])->setHelp('Source network for the outbound NAT mapping.')->setPattern('[a-zA-Z0-9\_\.\:]+'); $group->add(new Form_Input( 'sourceport', @@ -541,7 +541,7 @@ $group->add(new Form_IpAddress( 'destination', null, $pconfig['destination'] == "any" ? "":$pconfig['destination'] -))->addMask('destination_subnet', $pconfig['destination_subnet'])->setHelp('Destination network for the outbound NAT mapping.')->setPattern('[0-9, a-z, A-Z and .'); +))->addMask('destination_subnet', $pconfig['destination_subnet'])->setHelp('Destination network for the outbound NAT mapping.')->setPattern('[a-zA-Z0-9\_\.\:]+'); $group->add(new Form_Input( 'dstport', @@ -596,13 +596,13 @@ $section->addInput(new Form_Select( 'bitmask' => 'Bit mask' ) ))->setHelp('Only Round Robin types work with Host Aliases. Any type can be used with a Subnet.' . '<br />' . - '<ul>' . - '<li>' . 'Round Robin: Loops through the translation addresses.' . '</li>' . '<br />' . - '<li>' . 'Random: Selects an address from the translation address pool at random.' . '</li>' . '<br />' . - '<li>' . 'Source Hash: Uses a hash of the source address to determine the translation address, ensuring that the redirection address is always the same for a given source.' . '</li>' . '<br />' . - '<li>' . 'Bitmask: Applies the subnet mask and keeps the last portion identical; 10.0.1.50 -> x.x.x.50.' . '</li>' . '<br />' . + '</span><ul class="help-block">' . + '<li>' . 'Round Robin: Loops through the translation addresses.' . '</li>' . + '<li>' . 'Random: Selects an address from the translation address pool at random.' . '</li>' . + '<li>' . 'Source Hash: Uses a hash of the source address to determine the translation address, ensuring that the redirection address is always the same for a given source.' . '</li>' . + '<li>' . 'Bitmask: Applies the subnet mask and keeps the last portion identical; 10.0.1.50 -> x.x.x.50.' . '</li>' . '<li>' . 'Sticky Address: The Sticky Address option can be used with the Random and Round Robin pool types to ensure that a particular source address is always mapped to the same translation address.' . '</li>' . - '</ul>'); + '</ul><span class="help-block">'); $group = new Form_Group('Port'); $group->addClass('natportgrp'); diff --git a/src/usr/local/www/firewall_rules.php b/src/usr/local/www/firewall_rules.php index 5cc9ea4..2a4c970 100644 --- a/src/usr/local/www/firewall_rules.php +++ b/src/usr/local/www/firewall_rules.php @@ -276,7 +276,7 @@ display_top_tabs($tab_array); <div class="panel panel-default"> <div class="panel-heading"><?=gettext("Rules (Drag to change order)")?></div> <div id="mainarea" class="table-responsive panel-body"> - <table name="ruletable" class="table table-hover table-striped table-condensed"> + <table class="table table-hover table-striped table-condensed"> <thead> <tr> <th><!-- checkbox --></th> @@ -301,7 +301,7 @@ display_top_tabs($tab_array); ((count($config['interfaces']) == 1) && ($if == 'wan')))): $alports = implode('<br />', filter_get_antilockout_ports(true)); ?> - <tr id="antilockout" class="hover-success"> + <tr id="antilockout"> <td></td> <td title="<?=gettext("traffic is passed")?>"><i class="fa fa-check text-success"></i></td> <td>*</td> @@ -312,14 +312,14 @@ display_top_tabs($tab_array); <td>*</td> <td>*</td> <td></td> - <td class="bg-info"><?=gettext("Anti-Lockout Rule");?></td> + <td><?=gettext("Anti-Lockout Rule");?></td> <td> <a href="system_advanced_admin.php" title="<?=gettext("Settings");?>"><i class="fa fa-cog"></i></a> </td> </tr> <?php endif;?> <?php if (isset($config['interfaces'][$if]['blockpriv'])): ?> - <tr id="frrfc1918" class="hover-danger"> + <tr id="frrfc1918"> <td></td> <td title="<?=gettext("traffic is blocked")?>"><i class="fa fa-times text-danger"></i></td> <td>*</td> @@ -330,14 +330,14 @@ display_top_tabs($tab_array); <td>*</td> <td>*</td> <td></td> - <td class="bg-info"><?=gettext("Block private networks");?></td> + <td><?=gettext("Block private networks");?></td> <td> <a href="interfaces.php?if=<?=htmlspecialchars($if)?>" title="<?=gettext("Settings");?>"><i class="fa fa-cog"></i></a> </td> </tr> <?php endif;?> <?php if (isset($config['interfaces'][$if]['blockbogons'])): ?> - <tr id="frrfc1918" class="hover-danger"> + <tr id="frrfc1918"> <td></td> <td title="<?=gettext("traffic is blocked")?>"><i class="fa fa-times text-danger"></i></td> <td>*</td> @@ -348,7 +348,7 @@ display_top_tabs($tab_array); <td>*</td> <td>*</td> <td></td> - <td class="bg-info"><?=gettext("Block bogon networks");?></td> + <td><?=gettext("Block bogon networks");?></td> <td> <a href="interfaces.php?if=<?=htmlspecialchars($if)?>" title="<?=gettext("Settings");?>"><i class="fa fa-cog"></i></a> </td> @@ -634,7 +634,7 @@ for ($i = 0; isset($a_filter[$i]); $i++): <?php } ?> <?=$schedule_span_begin;?><?=htmlspecialchars($filterent['sched']);?> <?=$schedule_span_end;?> </td> - <td class="bg-info"> + <td> <?=htmlspecialchars($filterent['descr']);?> </td> <td class="action-icons"> @@ -724,6 +724,7 @@ for ($i = 0; isset($a_filter[$i]); $i++): } ?> </div> + </div> </div> <script type="text/javascript"> diff --git a/src/usr/local/www/firewall_rules_edit.php b/src/usr/local/www/firewall_rules_edit.php index 4c64853..3918866 100644 --- a/src/usr/local/www/firewall_rules_edit.php +++ b/src/usr/local/www/firewall_rules_edit.php @@ -1291,7 +1291,7 @@ foreach (['src' => 'Source', 'dst' => 'Destination'] as $type => $name) { $type, $name .' Address', $pconfig[$type] - ))->addMask($type .'mask', $pconfig[$type.'mask'])->setPattern('[0-9, a-z, A-Z and .'); + ))->addMask($type .'mask', $pconfig[$type.'mask'])->setPattern('[a-zA-Z0-9\_\.\:]+'); $section->add($group); diff --git a/src/usr/local/www/firewall_schedule_edit.php b/src/usr/local/www/firewall_schedule_edit.php index c40f4fc..190a1d0 100644 --- a/src/usr/local/www/firewall_schedule_edit.php +++ b/src/usr/local/www/firewall_schedule_edit.php @@ -701,7 +701,7 @@ events.push(function() { $('[id^=Delete]').prop('type', 'button'); $('[id^=Delete]').click(function(event) { - delete_row(event.target.id.slice(6)); + fse_delete_row(event.target.id.slice(6)); }); }); //]]> @@ -1170,7 +1170,7 @@ function insertElements(tempFriendlyTime, starttimehour, starttimemin, stoptimeh $(rowhtml.replace(/@/g, counter)).insertBefore(node); $('[id^=delete]').click(function(event) { - delete_row(event.target.id.slice(6)); + fse_delete_row(event.target.id.slice(6)); }); counter++; @@ -1184,7 +1184,7 @@ function insertElements(tempFriendlyTime, starttimehour, starttimemin, stoptimeh } // If only everything were this simple -function delete_row(row) { +function fse_delete_row(row) { $('.schedulegrp' + row).remove(); } //]]> diff --git a/src/usr/local/www/firewall_shaper.php b/src/usr/local/www/firewall_shaper.php index a4e35f7..4b008d4 100644 --- a/src/usr/local/www/firewall_shaper.php +++ b/src/usr/local/www/firewall_shaper.php @@ -198,7 +198,7 @@ if ($_GET) { } else if ($addnewaltq) { $q = new altq_root_queue(); } else { - $input_errors[] = gettext("Could not create new queue/discipline!"); + $input_errors[] = gettext("Could not create new queue/discipline! Did you remember to apply any recent changes?"); } if ($q) { @@ -461,7 +461,7 @@ if (count($altq_list_queues) > 0) { <td> <?php -if (!$dfltmsg) { +if (!$dfltmsg && $sform) { // Add global buttons if (!$dontshow || $newqueue) { if ($can_add || $addnewaltq) { diff --git a/src/usr/local/www/firewall_shaper_vinterface.php b/src/usr/local/www/firewall_shaper_vinterface.php index 506a525..41f5c32 100644 --- a/src/usr/local/www/firewall_shaper_vinterface.php +++ b/src/usr/local/www/firewall_shaper_vinterface.php @@ -189,8 +189,6 @@ if ($_GET) { if ($dnpipe) { $q = new dnqueue_class(); $q->SetPipe($pipe); - $output_form .= "<input type=\"hidden\" name=\"parentqueue\" id=\"parentqueue\""; - $output_form .= " value=\"".$pipe."\" />"; } else if ($addnewpipe) { $q = new dnpipe_class(); $q->SetQname($pipe); @@ -200,10 +198,19 @@ if ($_GET) { if ($q) { $sform = $q->build_form(); + if ($dnpipe) { + $sform->addGlobal(new Form_Input( + 'parentqueue', + null, + 'hidden', + $pipe + )); + } $newjavascript = $q->build_javascript(); unset($q); $newqueue = true; } + break; case "show": if ($queue) { @@ -429,9 +436,9 @@ if ($dfltmsg) { if (!$dontshow || $newqueue) { if ($can_add || $addnewaltq) { if ($queue) { - $url = 'href="firewall_shaper_vinterface.php?pipe=' . $pipe . '&queue=' . $queue->GetQname() . '&action=add'; + $url = 'firewall_shaper_vinterface.php?pipe=' . $pipe . '&queue=' . $queue->GetQname() . '&action=add'; } else { - $url = 'firewall_shaper.php?pipe='. $pipe . '&action=add'; + $url = 'firewall_shaper_vinterface.php?pipe='. $pipe . '&action=add'; } $sform->addGlobal(new Form_Button( @@ -455,7 +462,7 @@ if ($dfltmsg) { } // Print the form - if($sform) { + if ($sform) { $sform->setAction("firewall_shaper_vinterface.php"); print($sform); } diff --git a/src/usr/local/www/firewall_virtual_ip_edit.php b/src/usr/local/www/firewall_virtual_ip_edit.php index 0e379bc..a4a91f1 100644 --- a/src/usr/local/www/firewall_virtual_ip_edit.php +++ b/src/usr/local/www/firewall_virtual_ip_edit.php @@ -209,6 +209,10 @@ if ($_POST) { $input_errors[] = gettext("You must specify a CARP password that is shared between the two VHID members."); } + if ($_POST['password'] != $_POST['password_confirm']) { + $input_errors[] = gettext("Password and confirm password must match"); + } + if ($_POST['interface'] == 'lo0') { $input_errors[] = gettext("For this type of vip localhost is not allowed."); } else if (strpos($_POST['interface'], '_vip')) { @@ -271,7 +275,12 @@ if ($_POST) { $vipent['uniqid'] = $_POST['uniqid']; $vipent['advskew'] = $_POST['advskew']; $vipent['advbase'] = $_POST['advbase']; - $vipent['password'] = $_POST['password']; + + if ($_POST['password'] != DMYPWD) { + $vipent['password'] = $_POST['password']; + } else { + $vipent['password'] = $a_vip[$id]['password']; + } } /* Common fields */ @@ -419,7 +428,7 @@ $section->addInput(new Form_Checkbox( isset($pconfig['noexpand']) )); -$section->addInput(new Form_Input( +$section->addPassword(new Form_Input( 'password', 'Virtual IP Password', 'password', @@ -513,6 +522,7 @@ events.push(function() { disableInput('subnet_bits', true); disableInput('type', true); disableInput('password', true); + disableInput('password_confirm', true); hideCheckbox('noexpand', true); if (mode == 'ipalias') { @@ -526,6 +536,7 @@ events.push(function() { disableInput('advbase', false); disableInput('advskew', false); disableInput('password', false); + disableInput('password_confirm', false); disableInput('subnet_bits', false); $('#type').val('single'); } else if (mode == 'proxyarp') { diff --git a/src/usr/local/www/guiconfig.inc b/src/usr/local/www/guiconfig.inc index a30696e..c5372df 100644 --- a/src/usr/local/www/guiconfig.inc +++ b/src/usr/local/www/guiconfig.inc @@ -1183,6 +1183,24 @@ function get_flash_message() { } } +/* Retrieve GET or POST Value/State + * Eample Usage: + * $value = getGETPOSTsettingvalue('get/post parameter name', ""); + * $value = getGETPOSTsettingvalue('get/post parameter name', null); + * $state = getGETPOSTsettingvalue('get/post parameter name', null); + * $state = getGETPOSTsettingvalue('get/post parameter name', false); + */ +function getGETPOSTsettingvalue($settingname, $default) { + $settingvalue = $default; + if ($_GET[$settingname]) { + $settingvalue = $_GET[$settingname]; + } + if ($_POST[$settingname]) { + $settingvalue = $_POST[$settingname]; + } + return $settingvalue; +} + /* set timezone */ if (isset($config['system']['timezone']) && !empty($config['system']['timezone'])) { diff --git a/src/usr/local/www/head.inc b/src/usr/local/www/head.inc index c8e99dd..bf5eb6f 100755 --- a/src/usr/local/www/head.inc +++ b/src/usr/local/www/head.inc @@ -488,7 +488,7 @@ echo '<li>'. get_shortcut_log_link($shortcut_section, false). '</li>'; ?> <?php if (!$g['disablehelpicon']): ?> <li> - <a href="<?=$helpurl?>" title="<?=gettext("Help for items on this page")?>" class="help-icon"> + <a href="<?=$helpurl?>" target="_blank" title="<?=gettext("Help for items on this page")?>" class="help-icon"> <i class="fa fa-question-circle"></i> </a> </li> diff --git a/src/usr/local/www/interfaces.php b/src/usr/local/www/interfaces.php index 104a1bf..0ad0958 100644 --- a/src/usr/local/www/interfaces.php +++ b/src/usr/local/www/interfaces.php @@ -947,6 +947,19 @@ if ($_POST['apply']) { } } } + + if ($_POST['ppp_password'] != $_POST['ppp_password_confirm']) { + $input_errors[] = gettext("PPP Password and confirmed password must match!"); + } + + if ($_POST['pppoe_password'] != $_POST['pppoe_password_confirm']) { + $input_errors[] = gettext("PPPoE Password and confirmed password must match!"); + } + + if ($_POST['pptp_password'] != $_POST['pptp_password_confirm']) { + $input_errors[] = gettext("PTPP Password and confirmed password must match!"); + } + if (!$input_errors) { // These 3 fields can be a list of multiple data items when used for MLPPP. // The UI in this code only processes the first of the list, so save the data here then we can preserve any other entries. @@ -1125,7 +1138,9 @@ if ($_POST['apply']) { $a_ppps[$pppid]['if'] = $_POST['type'].$_POST['ptpid']; $a_ppps[$pppid]['ports'] = $_POST['port']; $a_ppps[$pppid]['username'] = $_POST['ppp_username']; - $a_ppps[$pppid]['password'] = base64_encode($_POST['ppp_password']); + if ($_POST['ppp_password'] != DMYPWD) { + $a_ppps[$pppid]['password'] = base64_encode($_POST['ppp_password']); + } $a_ppps[$pppid]['phone'] = $_POST['phone']; $a_ppps[$pppid]['apn'] = $_POST['apn']; $wancfg['if'] = $_POST['type'] . $_POST['ptpid']; @@ -1142,7 +1157,9 @@ if ($_POST['apply']) { $a_ppps[$pppid]['ports'] = $wancfg['if']; } $a_ppps[$pppid]['username'] = $_POST['pppoe_username']; - $a_ppps[$pppid]['password'] = base64_encode($_POST['pppoe_password']); + if ($_POST['pppoe_password'] != DMYPWD) { + $a_ppps[$pppid]['password'] = base64_encode($_POST['pppoe_password']); + } if (!empty($_POST['provider'])) { $a_ppps[$pppid]['provider'] = $_POST['provider']; } else { @@ -1178,7 +1195,9 @@ if ($_POST['apply']) { $a_ppps[$pppid]['ports'] = $wancfg['if']; } $a_ppps[$pppid]['username'] = $_POST['pptp_username']; - $a_ppps[$pppid]['password'] = base64_encode($_POST['pptp_password']); + if ($_POST['pptp_password'] != DMYPWD) { + $a_ppps[$pppid]['password'] = base64_encode($_POST['pptp_password']); + } // Replace the first (0) entry with the posted data. Preserve any other entries that might be there. $poriginal['pptp_localip'][0] = $_POST['pptp_local0']; $a_ppps[$pppid]['localip'] = implode(',', $poriginal['pptp_localip']); @@ -2452,7 +2471,7 @@ $section->addInput(new Form_Input( $pconfig['ppp_username'] )); -$section->addInput(new Form_Input( +$section->addPassword(new Form_Input( 'ppp_password', 'Password', 'password', @@ -2518,7 +2537,7 @@ $section->addInput(new Form_Input( $pconfig['pppoe_username'] )); -$section->addInput(new Form_Input( +$section->addPassword(new Form_Input( 'pppoe_password', 'Password', 'password', @@ -2649,7 +2668,7 @@ $section->addInput(new Form_Input( $pconfig['pptp_username'] )); -$section->addInput(new Form_Input( +$section->addPassword(new Form_Input( 'pptp_password', 'Password', 'password', diff --git a/src/usr/local/www/interfaces_assign.php b/src/usr/local/www/interfaces_assign.php index 3c92a2c..95f949d 100644 --- a/src/usr/local/www/interfaces_assign.php +++ b/src/usr/local/www/interfaces_assign.php @@ -528,6 +528,7 @@ display_top_tabs($tab_array); <tr> <th><?=gettext("Interface")?></th> <th><?=gettext("Network port")?></th> + <th> </th> </tr> </thead> <tbody> diff --git a/src/usr/local/www/interfaces_ppps_edit.php b/src/usr/local/www/interfaces_ppps_edit.php index 843402a..0233eed 100644 --- a/src/usr/local/www/interfaces_ppps_edit.php +++ b/src/usr/local/www/interfaces_ppps_edit.php @@ -257,6 +257,9 @@ if ($_POST) { $input_errors[] = gettext("Please choose a Link Type."); break; } + if ($_POST['passwordfld'] != $_POST['passwordfld_confirm']) { + $input_errors[] = gettext("Password and confirmed password must match."); + } if ($_POST['type'] == "ppp" && count($_POST['interfaces']) > 1) { $input_errors[] = gettext("Multilink connections (MLPPP) using the PPP link type is not currently supported. Please select only one Link Interface."); } @@ -320,7 +323,11 @@ if ($_POST) { $ppp['if'] = $ppp['type'].$ppp['ptpid']; $ppp['ports'] = implode(',', $_POST['interfaces']); $ppp['username'] = $_POST['username']; - $ppp['password'] = base64_encode($_POST['passwordfld']); + if ($_POST['passwordfld'] != DMYPWD) { + $ppp['password'] = base64_encode($_POST['passwordfld']); + } else { + $ppp['password'] = $a_ppps[$id]['password']; + } $ppp['ondemand'] = $_POST['ondemand'] ? true : false; if (!empty($_POST['idletimeout'])) { $ppp['idletimeout'] = $_POST['idletimeout']; @@ -597,7 +604,7 @@ $section->addInput(new Form_Input( $pconfig['username'] )); -$section->addInput(new Form_Input( +$section->addPassword(new Form_Input( 'passwordfld', 'Password', 'password', diff --git a/src/usr/local/www/interfaces_vlan.php b/src/usr/local/www/interfaces_vlan.php index 041a131..acad30e 100644 --- a/src/usr/local/www/interfaces_vlan.php +++ b/src/usr/local/www/interfaces_vlan.php @@ -138,6 +138,7 @@ display_top_tabs($tab_array); <th><?=gettext('VLAN tag');?></th> <th><?=gettext('Priority');?></th> <th><?=gettext('Description');?></th> + <th></th> </tr> </thead> <?php diff --git a/src/usr/local/www/license.php b/src/usr/local/www/license.php index 255f0ed..8a25e9d 100644 --- a/src/usr/local/www/license.php +++ b/src/usr/local/www/license.php @@ -118,11 +118,11 @@ include("head.inc"); FreeBSD (<a href="http://www.freebsd.org" target="_blank">http://www.freebsd.org</a>)<br /> <?=gettext("Copyright")?> ©<?=gettext("1992-2015 The FreeBSD Project. All rights reserved")?>.<br /> <br /> - <?=gettext("This product includes PHP, freely available from")?><a href="http://www.php.net/" target="_blank">http://www.php.net</a>.<br /> - <?=gettext("Copyright"); ?> © <?=gettext("1999-2015 The PHP Group. All rights reserved.")?>.<br /> + <?=gettext("This product includes PHP, freely available from")?> <a href="http://www.php.net/" target="_blank">http://www.php.net</a>.<br /> + <?=gettext("Copyright"); ?> © <?=gettext("1999-2015 The PHP Group. All rights reserved.")?><br /> <br /> - <?=gettext("LightTPD"); ?> (<a href="http://www.lighttpd.net" target="_blank">http://www.lighttpd.net)</a><br /> - <?=gettext("Copyright"); ?> ©<?=gettext("2004, Jan Knescke, incremental")?><jan@kneschke.de> + <?=gettext("nginx"); ?> (<a href="http://www.nginx.org" target="_blank">http://www.nginx.org)</a><br /> + <?=gettext("Copyright"); ?> ©<?=gettext("2011-2015 Nginx, Inc.")?> <?=gettext("All rights reserved.")?><br /> <br /> <?=gettext("ISC DHCP server ")?>(<a href="http://www.isc.org/products/DHCP/" target="_blank">http://www.isc.org/products/DHCP</a>)<br /> diff --git a/src/usr/local/www/pkg_mgr.php b/src/usr/local/www/pkg_mgr.php index 669cebd..1c6c9fa 100644 --- a/src/usr/local/www/pkg_mgr.php +++ b/src/usr/local/www/pkg_mgr.php @@ -67,7 +67,7 @@ require_once("globals.inc"); require_once("guiconfig.inc"); require_once("pkg-utils.inc"); -/* if upgrade in progress, alert user */ +// if upgrade in progress, alert user if (is_subsystem_dirty('packagelock')) { $pgtitle = array(gettext("System"), gettext("Package Manager")); include("head.inc"); @@ -76,10 +76,7 @@ if (is_subsystem_dirty('packagelock')) { exit; } -$pkg_info = get_pkg_info(); - $pgtitle = array(gettext("System"), gettext("Package Manager"), gettext("Available Packages")); - include("head.inc"); $tab_array = array(); @@ -87,9 +84,10 @@ $tab_array[] = array(gettext("Available Packages"), true, "pkg_mgr.php"); $tab_array[] = array(gettext("Installed Packages"), false, "pkg_mgr_installed.php"); display_top_tabs($tab_array); +$pkg_info = get_pkg_info(); if ($pkg_info) { - //Check categories - $categories=array(); + // Check categories + $categories = array(); foreach ($pkg_info as $pkg_data) { if (isset($pkg_data['categories'][0])) { $categories[$pkg_data['categories'][0]]++; @@ -97,16 +95,16 @@ if ($pkg_info) { } ksort($categories, SORT_STRING|SORT_FLAG_CASE); - $cm_count=0; + $cm_count = 0; $tab_array = array(); - $visible_categories=array(); - $categories_min_count=($g['pkg_categories_min_count'] ? $g['pkg_categories_min_count'] : 3); - $categories_max_display=($g['pkg_categories_max_display'] ? $g['pkg_categories_max_display'] : 6); + $visible_categories = array(); + $categories_min_count = ($g['pkg_categories_min_count'] ? $g['pkg_categories_min_count'] : 3); + $categories_max_display = ($g['pkg_categories_max_display'] ? $g['pkg_categories_max_display'] : 6); - /* check selected category or define default category to show */ + // check selected category or define default category to show if (isset($_REQUEST['category'])) { $menu_category = $_REQUEST['category']; - } else if (isset($g['pkg_default_category'])) { + } elseif (isset($g['pkg_default_category'])) { $menu_category = $g['pkg_default_category']; } else { $menu_category = "All"; @@ -119,7 +117,7 @@ if ($pkg_info) { foreach ($categories as $category => $c_count) { if ($c_count >= $categories_min_count && $cm_count <= $categories_max_display) { $tab_array[] = array(gettext($category) , $menu_category == $category ? true : false, "pkg_mgr.php?category={$category}"); - $visible_categories[]=$category; + $visible_categories[] = $category; $cm_count++; } } @@ -130,12 +128,12 @@ if ($pkg_info) { // display_top_tabs($tab_array); } -if (!$pkg_info || !is_array($pkg_info)): -?> +if (!$pkg_info || !is_array($pkg_info)):?> + <div class="alert alert-warning"> <?=gettext("There are currently no packages available for installation.")?> </div> -<?php else: ?> +<?php else:?> <div class="panel panel-default" id="search-panel"> <div class="panel-heading"><?=gettext('Search')?> @@ -145,10 +143,10 @@ if (!$pkg_info || !is_array($pkg_info)): </a> </span> </div> - <div id='search-panel_panel-body' class="panel-body collapse in"> + <div id="search-panel_panel-body" class="panel-body collapse in"> <div class="form-group"> <label class="col-sm-2 control-label"> - Search term + <?=gettext("Search term")?> </label> <div class="col-sm-5"><input class="form-control" name="searchstr" id="searchstr" type="text"/></div> <div class="col-sm-2"> @@ -176,75 +174,61 @@ if (!$pkg_info || !is_array($pkg_info)): <thead> <tr> <th><?=gettext("Name")?></th> -<?php if (!$g['disablepackagehistory']):?> <th><?=gettext("Version")?></th> -<?php endif;?> - <th><?=gettext("Description")?></th> <th></th> </tr> </thead> <tbody> -<?php - - foreach ($pkg_info as $index): - if (isset($index['installed'])) { - continue; - } - if ($menu_category != "All" && $index['categories'][0] != $menu_category && !($menu_category == "Other" && !in_array($index['categories'][0], $visible_categories))) { - continue; - } +<?php foreach ($pkg_info as $index): + if (isset($index['installed'])) { + continue; + } + if ($menu_category != "All" && $index['categories'][0] != $menu_category && + !($menu_category == "Other" && !in_array($index['categories'][0], $visible_categories))) { + continue; + } ?> <tr> <td> <?php if ($index['www']):?> <a title="<?=gettext("Visit official website")?>" target="_blank" href="<?=htmlspecialchars($index['www'])?>"> -<?php endif; ?> +<?php endif;?> <?=htmlspecialchars($index['shortname'])?> </a> </td> - -<?php - if (!$g['disablepackagehistory']): -?> <td> - <?=htmlspecialchars($index['version'])?> +<?php if (!$g['disablepackagehistory']):?> + <a target="_blank" title="<?=gettext("View changelog")?>" href="<?=htmlspecialchars($index['changeloglink'])?>"> + <?=htmlspecialchars($index['version'])?></a> +<?php else:?> + <?=htmlspecialchars($index['version'])?> +<?php endif;?> </td> -<?php - endif; -?> <td> <?=$index['desc']?> -<?php if (is_array($index['deps']) && count($index['deps'])): ?> - <br /><br /><?= gettext("Package Dependencies") ?>: - <?php foreach ($index['deps'] as $pdep): ?> - <br /><i class="fa fa-paperclip"></i> <?= basename($pdep['origin']) ?>-<?= $pdep['version'] ?> - <?php endforeach; ?> -<?php endif; ?> +<?php if (is_array($index['deps']) && count($index['deps'])):?> + <br /><br /><?= gettext("Package Dependencies")?>:<ul> + <?php foreach ($index['deps'] as $pdep):?> + <a target="_blank" href="https://freshports.org/<?=$pdep['origin']?>" class="fa fa-globe"><small> <?= basename($pdep['origin']) . '-' . $pdep['version']?></small></a>  + <?php endforeach;?></ul> +<?php endif;?> </td> <td> <a title="<?=gettext("Click to install")?>" href="pkg_mgr_install.php?id=<?=$index['name']?>" class="btn btn-success btn-sm">install</a> -<?php - if (!$g['disablepackageinfo'] && $index['pkginfolink'] && $index['pkginfolink'] != $index['www']): -?> +<?php if (!$g['disablepackageinfo'] && $index['pkginfolink'] && $index['pkginfolink'] != $index['www']):?> <a target="_blank" title="<?=gettext("View more information")?>" href="<?=htmlspecialchars($index['pkginfolink'])?>" class="btn btn-default btn-sm">info</a> -<?php - endif; -?> +<?php endif;?> </td> </tr> -<?php - endforeach; -?> +<?php endforeach;?> </tbody> </table> </div> </div> -<?php -endif; -?> +<?php endif;?> <script type="text/javascript"> //<![CDATA[ @@ -314,4 +298,4 @@ events.push(function() { </script> <?php include("foot.inc"); -?>
\ No newline at end of file +?> diff --git a/src/usr/local/www/pkg_mgr_installed.php b/src/usr/local/www/pkg_mgr_installed.php index 604ad92..dfef675 100644 --- a/src/usr/local/www/pkg_mgr_installed.php +++ b/src/usr/local/www/pkg_mgr_installed.php @@ -73,7 +73,6 @@ if (is_subsystem_dirty('packagelock')) { } $pgtitle = array(gettext("System"), gettext("Package Manager"), gettext("Installed Packages")); - include("head.inc"); $tab_array = array(); @@ -94,9 +93,9 @@ if (empty($installed_packages)):?> <div class="alert alert-warning"> <?=gettext("There are no packages currently installed.")?> </div> -<?php else: ?> +<?php else:?> <div class="panel panel-default"> - <div class="panel-heading"><h2 class="panel-title"><?=gettext('Installed packages')?></h2></div> + <div class="panel-heading"><h2 class="panel-title"><?=gettext('Installed Packages')?></h2></div> <div class="table-responsive"> <table class="table table-striped table-hover table-condensed"> <thead> @@ -153,13 +152,13 @@ if (empty($installed_packages)):?> ?> <tr> <td> -<?php if ($upgradeavail) { ?> +<?php if ($upgradeavail):?> <a title="<?=$status?>" href="pkg_mgr_install.php?mode=reinstallpkg&pkg=<?=$pkg['name']?><?=$vergetstr?>" class="fa fa-refresh"></a> -<?php } else if ($missing) { ?> - <font color="red"><i title="<?=$status?>" class="fa fa-exclamation"></i></font> -<?php } else { ?> +<?php elseif ($missing):?> + <span class="text-danger"><i title="<?=$status?>" class="fa fa-exclamation"></i></span> +<?php else:?> <i title="<?=$status?>" class="fa fa-check"></i> -<?php } ?> +<?php endif;?> </td> <td> <span class="<?=$txtcolor?>"><?=$pkg['shortname']?></span> @@ -170,32 +169,33 @@ if (empty($installed_packages)):?> <td> <?php if (!$g['disablepackagehistory']):?> <a target="_blank" title="<?=gettext("View changelog")?>" href="<?=htmlspecialchars($pkg['changeloglink'])?>"> -<?php endif;?> + <?=htmlspecialchars($pkg['installed_version'])?></a> +<?php else:?> <?=htmlspecialchars($pkg['installed_version'])?> -<?php if (!$g['disablepackagehistory']):?> - </a> <?php endif;?> </td> <td> <?=$pkg['desc']?> -<?php if (is_array($pkg['deps']) && count($pkg['deps'])): ?> - <br /><br /><?= gettext("Package Dependencies") ?>: - <?php foreach ($pkg['deps'] as $pdep): ?> - <br /><i class="fa fa-paperclip"></i> <?= basename($pdep['origin']) ?>-<?= $pdep['version'] ?> - <?php endforeach; ?> -<?php endif; ?> +<?php if (is_array($pkg['deps']) && count($pkg['deps'])):?> + <br /><br /><?= gettext("Package Dependencies")?>:<ul> + <?php foreach ($pkg['deps'] as $pdep):?> + <a target="_blank" href="https://freshports.org/<?=$pdep['origin']?>" class="fa fa-globe"><small> <?= basename($pdep['origin']) . '-' . $pdep['version']?></small></a>  + <?php endforeach;?></ul> +<?php endif;?> </td> <td> - <a title="<?=gettext("Remove")?>" href="pkg_mgr_install.php?mode=delete&pkg=<?=$pkg['name']?>" class="fa fa-trash"></a> -<?php if ($upgradeavail) { ?> - <a title="<?=gettext("Update")?>" href="pkg_mgr_install.php?mode=reinstallpkg&pkg=<?=$pkg['name']?><?=$vergetstr?>" class="fa fa-refresh"></a> -<?php } else { ?> - <a title="<?=gettext("Reinstall")?>" href="pkg_mgr_install.php?mode=reinstallpkg&pkg=<?=$pkg['name']?>" class="fa fa-retweet"></a> -<?php } ?> + <div class="row"> + <a title="<?=gettext("Remove")?>" href="pkg_mgr_install.php?mode=delete&pkg=<?=$pkg['name']?>" class="fa fa-trash"></a> +<?php if ($upgradeavail):?> + <a title="<?=gettext("Update")?>" href="pkg_mgr_install.php?mode=reinstallpkg&pkg=<?=$pkg['name']?><?=$vergetstr?>" class="fa fa-refresh"></a> +<?php else:?> + <a title="<?=gettext("Reinstall")?>" href="pkg_mgr_install.php?mode=reinstallpkg&pkg=<?=$pkg['name']?>" class="fa fa-retweet"></a> +<?php endif;?> <?php if (!isset($g['disablepackageinfo']) && $pkg['www'] != 'UNKNOWN'):?> - <a target="_blank" title="<?=gettext("View more information")?>" href="<?=htmlspecialchars($pkg['www'])?>" class="fa fa-info"></a> -<?php endif; ?> + <a target="_blank" title="<?=gettext("View more information")?>" href="<?=htmlspecialchars($pkg['www'])?>" class="fa fa-info"></a> +<?php endif;?> + </div> </td> </tr> <?php endforeach;?> diff --git a/src/usr/local/www/services_captiveportal_vouchers.php b/src/usr/local/www/services_captiveportal_vouchers.php index 73f7976..100e4cc 100644 --- a/src/usr/local/www/services_captiveportal_vouchers.php +++ b/src/usr/local/www/services_captiveportal_vouchers.php @@ -278,6 +278,9 @@ if ($_POST) { if ($_POST['vouchersyncdbip'] && (is_ipaddr_configured($_POST['vouchersyncdbip']))) { $input_errors[] = gettext("You cannot sync the voucher database to this host (itself)."); } + if ($_POST['vouchersyncpass'] != $_POST['vouchersyncpass_confirm']) { + $input_errors[] = gettext("Password and confirmed password must match."); + } } if (!$input_errors) { @@ -313,7 +316,11 @@ if ($_POST) { $newvoucher['vouchersyncdbip'] = $_POST['vouchersyncdbip']; $newvoucher['vouchersyncport'] = $_POST['vouchersyncport']; $newvoucher['vouchersyncusername'] = $_POST['vouchersyncusername']; - $newvoucher['vouchersyncpass'] = $_POST['vouchersyncpass']; + if ($_POST['vouchersyncpass'] != DMYPWD ) { + $newvoucher['vouchersyncpass'] = $_POST['vouchersyncpass']; + } else { + $newvoucher['vouchersyncpass'] = $config['voucher'][$cpzone]['vouchersyncpass']; + } if ($newvoucher['vouchersyncpass'] && $newvoucher['vouchersyncusername'] && $newvoucher['vouchersyncport'] && $newvoucher['vouchersyncdbip']) { // Synchronize the voucher DB from the master node @@ -605,7 +612,7 @@ $section->addInput(new Form_Input( $pconfig['vouchersyncusername'] ))->setHelp('This is the username of the master voucher nodes webConfigurator.'); -$section->addInput(new Form_Input( +$section->addPassword(new Form_Input( 'vouchersyncpass', 'Voucher sync password', 'password', diff --git a/src/usr/local/www/services_captiveportal_zones.php b/src/usr/local/www/services_captiveportal_zones.php index bcf15fc..125bea4 100644 --- a/src/usr/local/www/services_captiveportal_zones.php +++ b/src/usr/local/www/services_captiveportal_zones.php @@ -95,7 +95,7 @@ $shortcut_section = "captiveportal"; include("head.inc"); if ($savemsg) { - print_info_box($savemsg, success); + print_info_box($savemsg, 'success'); } if (is_subsystem_dirty('captiveportal')) { diff --git a/src/usr/local/www/services_dhcp.php b/src/usr/local/www/services_dhcp.php index 657cbc8..da24b93 100644 --- a/src/usr/local/www/services_dhcp.php +++ b/src/usr/local/www/services_dhcp.php @@ -136,6 +136,12 @@ if (is_array($config['dhcpd'][$if])) { } else { $dhcpdconf = &$config['dhcpd'][$if]; } + + if (!is_array($config['dhcpd'][$if]['staticmap'])) { + $dhcpdconf['staticmap'] = array(); + } + + $a_maps = &$config['dhcpd'][$if]['staticmap']; } if (is_array($dhcpdconf)) { // Global Options @@ -156,12 +162,6 @@ if (is_array($dhcpdconf)) { } $pconfig['dhcpleaseinlocaltime'] = $dhcpleaseinlocaltime; - - if (!is_array($dhcpdconf['staticmap'])) { - $dhcpdconf['staticmap'] = array(); - } - - $a_maps = &$dhcpdconf['staticmap']; } else { // Options that exist only in pools $pconfig['descr'] = $dhcpdconf['descr']; @@ -403,20 +403,17 @@ if (isset($_POST['submit'])) { $subnet_start = ip2ulong(long2ip32(ip2long($ifcfgip) & gen_subnet_mask_long($ifcfgsn))); $subnet_end = ip2ulong(long2ip32(ip2long($ifcfgip) | (~gen_subnet_mask_long($ifcfgsn)))); - if ((ip2ulong($_POST['range_from']) < $subnet_start) || (ip2ulong($_POST['range_from']) > $subnet_end) || - (ip2ulong($_POST['range_to']) < $subnet_start) || (ip2ulong($_POST['range_to']) > $subnet_end)) { - $input_errors[] = gettext("The specified range lies outside of the current subnet."); - } - if (ip2ulong($_POST['range_from']) > ip2ulong($_POST['range_to'])) { $input_errors[] = gettext("The range is invalid (first element higher than second element)."); } - if (is_numeric($pool) || ($act == "newpool")) { - $rfrom = $config['dhcpd'][$if]['range']['from']; - $rto = $config['dhcpd'][$if]['range']['to']; + if (ip2ulong($_POST['range_from']) < $subnet_start || ip2ulong($_POST['range_to']) > $subnet_end) { + $input_errors[] = gettext("The specified range lies outside of the current subnet."); + } - if (is_inrange_v4($_POST['range_from'], $rfrom, $rto) || is_inrange_v4($_POST['range_to'], $rfrom, $rto)) { + if (is_numeric($pool) || ($act == "newpool")) { + if (!((ip2ulong($_POST['range_from']) > ip2ulong($config['dhcpd'][$if]['range']['to'])) || + (ip2ulong($_POST['range_to']) < ip2ulong($config['dhcpd'][$if]['range']['from'])))) { $input_errors[] = gettext("The specified range must not be within the DHCP range for this interface."); } } @@ -426,8 +423,8 @@ if (isset($_POST['submit'])) { continue; } - if (is_inrange_v4($_POST['range_from'], $p['range']['from'], $p['range']['to']) || - is_inrange_v4($_POST['range_to'], $p['range']['from'], $p['range']['to'])) { + if (!((ip2ulong($_POST['range_from']) > ip2ulong($p['range']['to'])) || + (ip2ulong($_POST['range_to']) < ip2ulong($p['range']['from'])))) { $input_errors[] = gettext("The specified range must not be within the range configured on a DHCP pool for this interface."); break; } @@ -445,8 +442,8 @@ if (isset($_POST['submit'])) { if (empty($map['ipaddr'])) { continue; } - if ((ip2ulong($map['ipaddr']) > $dynsubnet_start) && - (ip2ulong($map['ipaddr']) < $dynsubnet_end)) { + if ((ip2ulong($map['ipaddr']) >= $dynsubnet_start) && + (ip2ulong($map['ipaddr']) <= $dynsubnet_end)) { $input_errors[] = sprintf(gettext("The DHCP range cannot overlap any static DHCP mappings.")); break; } diff --git a/src/usr/local/www/services_dhcp_relay.php b/src/usr/local/www/services_dhcp_relay.php index e1f287d..2ddbd6e 100644 --- a/src/usr/local/www/services_dhcp_relay.php +++ b/src/usr/local/www/services_dhcp_relay.php @@ -100,6 +100,7 @@ if (is_array($config['dhcpd'])) { } if ($_POST) { + unset($input_errors); $pconfig = $_POST; @@ -137,7 +138,7 @@ if ($_POST) { $config['dhcrelay']['enable'] = $_POST['enable'] ? true : false; $config['dhcrelay']['interface'] = implode(",", $_POST['interface']); $config['dhcrelay']['agentoption'] = $_POST['agentoption'] ? true : false; - $config['dhcrelay']['server'] = $pconfig['server']; + $config['dhcrelay']['server'] = $svrlist; write_config(); @@ -148,6 +149,8 @@ if ($_POST) { } } +$pconfig['server'] = $config['dhcrelay']['server']; + $pgtitle = array(gettext("Services"), gettext("DHCP Relay")); $shortcut_section = "dhcp"; include("head.inc"); @@ -189,7 +192,6 @@ $section->addInput(new Form_Checkbox( 'agentoption', '', 'Append circuit ID and agent ID to requests', - 'yes', $pconfig['agentoption'] ))->setHelp( 'If this is checked, the DHCP relay will append the circuit ID (%s interface number) and the agent ID to the DHCP request.', @@ -204,15 +206,15 @@ function createDestinationServerInputGroup($value = null) { 'server', 'Destination server', $value - ))->setWidth(4)->setHelp( - 'This is the IP address of the server to which DHCP requests are relayed.' - )->setIsRepeated(); + ))->setWidth(4) + ->setHelp('This is the IP address of the server to which DHCP requests are relayed.') + ->setIsRepeated(); $group->enableDuplication(null, true); // Buttons are in-line with the input return $group; } -if (!isset($pconfig['server']) || count($pconfig['server']) < 1) { +if (!isset($pconfig['server'])) { $section->add(createDestinationServerInputGroup()); } else { foreach (explode(',', $pconfig['server']) as $server) { diff --git a/src/usr/local/www/services_dhcpv6_relay.php b/src/usr/local/www/services_dhcpv6_relay.php index 77b9a0e..93ca9e9 100644 --- a/src/usr/local/www/services_dhcpv6_relay.php +++ b/src/usr/local/www/services_dhcpv6_relay.php @@ -63,23 +63,15 @@ ##|-PRIV require("guiconfig.inc"); -function filterDestinationServers(array $destinationServers) { - return array_unique( - array_filter($destinationServers) - ); -} $pconfig['enable'] = isset($config['dhcrelay6']['enable']); + if (empty($config['dhcrelay6']['interface'])) { $pconfig['interface'] = array(); } else { $pconfig['interface'] = explode(",", $config['dhcrelay6']['interface']); } -$pconfig['server'] = filterDestinationServers( - explode(',', $config['dhcrelay6']['server']) -); - $pconfig['agentoption'] = isset($config['dhcrelay6']['agentoption']); $iflist = array_intersect_key( @@ -112,10 +104,6 @@ if ($_POST) { unset($input_errors); - if ($_POST['server']) { - $_POST['server'] = filterDestinationServers($_POST['server']); - } - $pconfig = $_POST; /* input validation */ @@ -125,11 +113,22 @@ if ($_POST) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); + $svrlist = ''; + if ($_POST['server']) { - foreach ($_POST['server'] as $srv) { - if (!is_ipaddrv6($srv)) { + foreach ($_POST['server'] as $checksrv => $srv) { + if (!is_ipaddrv6($srv[0])) { $input_errors[] = gettext("A valid Destination Server IPv6 address must be specified."); } + + + if (!empty($srv[0])) { // Filter out any empties + if (!empty($svrlist)) { + $svrlist .= ','; + } + + $svrlist .= $srv[0]; + } } } } @@ -138,7 +137,7 @@ if ($_POST) { $config['dhcrelay6']['enable'] = $_POST['enable'] ? true : false; $config['dhcrelay6']['interface'] = implode(",", $_POST['interface']); $config['dhcrelay6']['agentoption'] = $_POST['agentoption'] ? true : false; - $config['dhcrelay6']['server'] = $_POST['server']; + $config['dhcrelay6']['server'] = $svrlist; write_config(); @@ -148,6 +147,8 @@ if ($_POST) { } } +$pconfig['server'] = $config['dhcrelay6']['server']; + $pgtitle = array(gettext("Services"), gettext("DHCPv6 Relay")); $shortcut_section = "dhcp6"; include("head.inc"); @@ -190,7 +191,6 @@ $section->addInput(new Form_Checkbox( 'agentoption', '', 'Append circuit ID and agent ID to requests', - 'yes', $pconfig['agentoption'] ))->setHelp( 'If this is checked, the DHCPv6 relay will append the circuit ID (%s interface number) and the agent ID to the DHCPv6 request.', @@ -199,23 +199,24 @@ $section->addInput(new Form_Checkbox( function createDestinationServerInputGroup($value = null) { $group = new Form_Group('Destination server'); - $group->enableDuplication(); $group->add(new Form_IpAddress( 'server', 'Destination server', $value - ))->setHelp( - 'This is the IPv6 address of the server to which DHCPv6 requests are relayed.' - )->setIsRepeated(); + ))->setWidth(4) + ->setHelp('This is the IPv6 address of the server to which DHCPv6 requests are relayed.') + ->setIsRepeated(); + + $group->enableDuplication(null, true); // Buttons are in-line with the input return $group; } -if (!isset($pconfig['server']) || count($pconfig['server']) < 1) { +if (!isset($pconfig['server'])) { $section->add(createDestinationServerInputGroup()); } else { - foreach ($pconfig['server'] as $idx => $server) { + foreach (explode(',', $pconfig['server']) as $server) { $section->add(createDestinationServerInputGroup($server)); } } diff --git a/src/usr/local/www/services_dnsmasq.php b/src/usr/local/www/services_dnsmasq.php index c6f230d..3936420 100644 --- a/src/usr/local/www/services_dnsmasq.php +++ b/src/usr/local/www/services_dnsmasq.php @@ -189,6 +189,8 @@ if ($_GET['act'] == "del") { } function build_if_list() { + global $pconfig; + $interface_addresses = get_possible_listen_ips(true); $iflist = array('options' => array(), 'selected' => array()); diff --git a/src/usr/local/www/services_dyndns_edit.php b/src/usr/local/www/services_dyndns_edit.php index 7330874..e28dc3e 100644 --- a/src/usr/local/www/services_dyndns_edit.php +++ b/src/usr/local/www/services_dyndns_edit.php @@ -136,6 +136,10 @@ if ($_POST) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); + if ($_POST['passwordfld'] != $_POST['passwordfld_confirm']) { + $input_errors[] = gettext("Password and confirmed password must match."); + } + if (isset($_POST['host']) && in_array("host", $reqdfields)) { /* Namecheap can have a @. in hostname */ if ($pconfig['type'] == "namecheap" && substr($_POST['host'], 0, 2) == '@.') { @@ -163,7 +167,11 @@ if ($_POST) { $dyndns = array(); $dyndns['type'] = $_POST['type']; $dyndns['username'] = $_POST['username']; - $dyndns['password'] = $_POST['passwordfld']; + if ($_POST['passwordfld'] != DMYPWD) { + $dyndns['password'] = $_POST['passwordfld']; + } else { + $dyndns['password'] = $a_dyndns[$id]['password'];; + } $dyndns['host'] = $_POST['host']; $dyndns['mx'] = $_POST['mx']; $dyndns['wildcard'] = $_POST['wildcard'] ? true : false; @@ -349,7 +357,7 @@ $section->addInput(new Form_Input( 'GleSYS: Enter your API user.' . '<br />' . 'For Custom Entries, Username and Password represent HTTP Authentication username and passwords.'); -$section->addInput(new Form_Input( +$section->addPassword(new Form_Input( 'passwordfld', 'Password', 'password', diff --git a/src/usr/local/www/services_igmpproxy.php b/src/usr/local/www/services_igmpproxy.php index 7face46..4e531ce 100644 --- a/src/usr/local/www/services_igmpproxy.php +++ b/src/usr/local/www/services_igmpproxy.php @@ -111,6 +111,11 @@ if (is_subsystem_dirty('igmpproxy')) { ?> <form action="services_igmpproxy.php" method="post"> + +<div class="panel panel-default"> + <div class="panel-heading"><h2 class="panel-title"><?=gettext('IGMP Proxy')?></h2></div> + <div class="panel-body"> + <div class="table-responsive"> <table class="table table-striped table-hover table-condensed"> <thead> @@ -161,6 +166,10 @@ endforeach; </tbody> </table> </div> + + </div> +</div> + </form> <nav class="action-buttons"> diff --git a/src/usr/local/www/services_igmpproxy_edit.php b/src/usr/local/www/services_igmpproxy_edit.php index 371b85a..ff86376 100644 --- a/src/usr/local/www/services_igmpproxy_edit.php +++ b/src/usr/local/www/services_igmpproxy_edit.php @@ -257,7 +257,7 @@ foreach ($item as $ww) { null, $address, ['placeholder' => 'Address'] - ))->sethelp($tracker == $rows ? 'Network/CIDR':null)->addMask('address_subnet' . $tracker, $address_subnet)->setWidth(4)->setPattern('[0-9, a-z, A-Z and .'); + ))->sethelp($tracker == $rows ? 'Network/CIDR':null)->addMask('address_subnet' . $tracker, $address_subnet)->setWidth(4)->setPattern('[a-zA-Z0-9\_\.\:]+'); $group->add(new Form_Button( 'deleterow' . $counter, diff --git a/src/usr/local/www/services_pppoe.php b/src/usr/local/www/services_pppoe.php index 109520b..fc40515 100644 --- a/src/usr/local/www/services_pppoe.php +++ b/src/usr/local/www/services_pppoe.php @@ -126,7 +126,11 @@ if (is_subsystem_dirty('vpnpppoe')) { } ?> -<div class="table-responsive"> +<div class="panel panel-default"> + <div class="panel-heading"><h2 class="panel-title"><?=gettext('PPPoE Server')?></h2></div> + <div class="panel-body"> + + <div class="table-responsive"> <table class="table table-striped table-hover table-condensed"> <thead> <tr> @@ -168,6 +172,9 @@ endforeach; </table> </div> + </div> +</div> + <nav class="action-buttons"> <a href="services_pppoe_edit.php" class="btn btn-success"> <i class="fa fa-plus icon-embed-btn"></i> diff --git a/src/usr/local/www/services_pppoe_edit.php b/src/usr/local/www/services_pppoe_edit.php index 03284bb..b1b53ad 100644 --- a/src/usr/local/www/services_pppoe_edit.php +++ b/src/usr/local/www/services_pppoe_edit.php @@ -151,12 +151,20 @@ if ($_POST) { if (($_POST['localip'] && !is_ipaddr($_POST['localip']))) { $input_errors[] = gettext("A valid server address must be specified."); } - if (($_POST['pppoe_subnet'] && !is_ipaddr($_POST['remoteip']))) { + if (($_POST['remoteip'] && !is_ipaddr($_POST['remoteip']))) { $input_errors[] = gettext("A valid remote start address must be specified."); } if (($_POST['radiusserver'] && !is_ipaddr($_POST['radiusserver']))) { $input_errors[] = gettext("A valid RADIUS server address must be specified."); } + if (!is_numericint($_POST['n_pppoe_units']) || $_POST['n_pppoe_units'] > 255) { + $input_errors[] = gettext("Number of PPPoE users must be between 1 and 255"); + } + if (!is_numeric($_POST['pppoe_subnet']) || + $_POST['pppoe_subnet'] < 0 || + $_POST['pppoe_subnet'] > 32) { + $input_errors[] = gettext("Subnet mask must be an interger between 0 and 32"); + } $_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $_POST['pppoe_subnet']); $subnet_start = ip2ulong($_POST['remoteip']); @@ -206,7 +214,9 @@ if ($_POST) { $pppoecfg['radius']['server'] = array(); $pppoecfg['radius']['server']['ip'] = $_POST['radiusserver']; - $pppoecfg['radius']['server']['secret'] = $_POST['radiussecret']; + if ($_POST['radiussecret'] != DMYPWD) { + $pppoecfg['radius']['server']['secret'] = $_POST['radiussecret']; + } $pppoecfg['radius']['server']['port'] = $_POST['radiusserverport']; $pppoecfg['radius']['server']['acctport'] = $_POST['radiusserveracctport']; } @@ -215,7 +225,9 @@ if ($_POST) { $pppoecfg['radius']['server2'] = array(); $pppoecfg['radius']['server2']['ip'] = $_POST['radiusserver2']; - $pppoecfg['radius']['server2']['secret2'] = $_POST['radiussecret2']; + if ($_POST['radiussecret2'] != DMYPWD) { + $pppoecfg['radius']['server2']['secret2'] = $_POST['radiussecret2']; + } $pppoecfg['radius']['server2']['port'] = $_POST['radiusserver2port']; $pppoecfg['radius']['server2']['acctport'] = $_POST['radiusserver2acctport']; } @@ -342,7 +354,7 @@ $section->addInput(new Form_Select( 'n_pppoe_units', 'No. of PPPoE Users', $pconfig['n_pppoe_units'], - array_combine(range(0, 255, 1), range(0, 255, 1)) + array_combine(range(1, 255, 1), range(1, 255, 1)) )); $section->addInput(new Form_IpAddress( @@ -447,7 +459,7 @@ $group->setHelp('Standard ports are 1812 (authentication) and 1813 (accounting)' $section->add($group); -$section->addInput(new Form_Input( +$section->addPassword(new Form_Input( 'radiussecret', 'RADIUS primary shared secret', 'password', @@ -480,7 +492,7 @@ $group->setHelp('Standard ports are 1812 (authentication) and 1813 (accounting)' $section->add($group); -$section->addInput(new Form_Input( +$section->addPassword(new Form_Input( 'radiussecret2', 'RADIUS secondary shared secret', 'password', @@ -590,6 +602,7 @@ events.push(function() { disableInput('radacct_enable', hide); disableInput('radiusserver', hide); disableInput('radiussecret', hide); + disableInput('radiussecret_confirm', hide); disableInput('radiusserverport', hide); disableInput('radiusserveracctport', hide); disableInput('radiusissueips', hide); @@ -604,6 +617,7 @@ events.push(function() { function hide_radius2(hide) { disableInput('radiusserver2', hide); disableInput('radiussecret2', hide); + disableInput('radiussecret2_confirm', hide); disableInput('radiusserver2port', hide); disableInput('radiusserver2acctport', hide); } diff --git a/src/usr/local/www/services_router_advertisements.php b/src/usr/local/www/services_router_advertisements.php index 1693b4a..2222ca5 100644 --- a/src/usr/local/www/services_router_advertisements.php +++ b/src/usr/local/www/services_router_advertisements.php @@ -372,7 +372,7 @@ for ($idx=1; $idx<=3; $idx++) { 'radns' . $idx, 'Server ' . $idx, $pconfig['radns' . $idx] - ))->setPattern('[0-9, a-z, A-Z and .')->setHelp(($idx < 3) ? '':'Leave blank to use the system default DNS servers - this interface\'s IP if DNS Forwarder or Resolver is enabled, otherwise the servers configured on the General page'); + ))->setPattern('[a-zA-Z0-9\_\.\:]+')->setHelp(($idx < 3) ? '':'Leave blank to use the system default DNS servers - this interface\'s IP if DNS Forwarder or Resolver is enabled, otherwise the servers configured on the General page'); } $section->addInput(new Form_Input( diff --git a/src/usr/local/www/services_unbound_advanced.php b/src/usr/local/www/services_unbound_advanced.php index b4af8a0..cfef93d 100644 --- a/src/usr/local/www/services_unbound_advanced.php +++ b/src/usr/local/www/services_unbound_advanced.php @@ -133,28 +133,28 @@ if ($_POST) { $input_errors[] = "A valid value must be specified for EDNS Buffer Size."; } if (isset($_POST['num_queries_per_thread']) && !in_array($_POST['num_queries_per_thread'], array('512', '1024', '2048'), true)) { - $input_errors[] = "A valid value must be specified for Number of queries per thread."; + $input_errors[] = "A valid value must be specified for Number of Queries per Thread."; } if (isset($_POST['jostle_timeout']) && !in_array($_POST['jostle_timeout'], array('100', '200', '500', '1000'), true)) { $input_errors[] = "A valid value must be specified for Jostle Timeout."; } if (isset($_POST['cache_max_ttl']) && (!is_numericint($_POST['cache_max_ttl']) || ($_POST['cache_max_ttl'] < 0))) { - $input_errors[] = "'Maximum TTL for RRsets and messages' must be a positive integer."; + $input_errors[] = "'Maximum TTL for RRsets and Messages' must be a positive integer."; } if (isset($_POST['cache_min_ttl']) && (!is_numericint($_POST['cache_min_ttl']) || ($_POST['cache_min_ttl'] < 0))) { - $input_errors[] = "'Minimum TTL for RRsets and messages' must be a positive integer."; + $input_errors[] = "'Minimum TTL for RRsets and Messages' must be a positive integer."; } if (isset($_POST['infra_host_ttl']) && !in_array($_POST['infra_host_ttl'], array('60', '120', '300', '600', '900'), true)) { - $input_errors[] = "A valid value must be specified for TTL for Host cache entries."; + $input_errors[] = "A valid value must be specified for TTL for Host Cache Entries."; } if (isset($_POST['infra_cache_numhosts']) && !in_array($_POST['infra_cache_numhosts'], array('1000', '5000', '10000', '20000', '50000'), true)) { - $input_errors[] = "A valid value must be specified for Number of Hosts to cache."; + $input_errors[] = "A valid value must be specified for Number of Hosts to Cache."; } if (isset($_POST['unwanted_reply_threshold']) && !in_array($_POST['unwanted_reply_threshold'], array('disabled', '5000000', '10000000', '20000000', '40000000', '50000000'), true)) { $input_errors[] = "A valid value must be specified for Unwanted Reply Threshold."; } if (isset($_POST['log_verbosity']) && !in_array($_POST['log_verbosity'], array('0', '1', '2', '3', '4', '5'), true)) { - $input_errors[] = "A valid value must be specified for Log level verbosity."; + $input_errors[] = "A valid value must be specified for Log Level."; } if (isset($_POST['dnssecstripped']) && !isset($config['unbound']['dnssec'])) { $input_errors[] = "Harden DNSSEC Data option can only be enabled if DNSSEC support is enabled."; @@ -246,21 +246,21 @@ $section = new Form_Section('Advanced Resolver Options'); $section->addInput(new Form_Checkbox( 'hideidentity', - 'Hide identity', + 'Hide Identity', 'id.server and hostname.bind queries are refused', $pconfig['hideidentity'] )); $section->addInput(new Form_Checkbox( 'hideversion', - 'Hide version', + 'Hide Version', 'version.server and version.bind queries are refused', $pconfig['hideversion'] )); $section->addInput(new Form_Checkbox( 'prefetch', - 'Prefetch support', + 'Prefetch Support', 'Message cache elements are prefetched before they expire to help keep the cache up to date', $pconfig['prefetch'] ))->setHelp('When enabled, this option can cause an increase of around 10% more DNS traffic and load on the server, but frequently requested items will not expire from the cache'); @@ -274,35 +274,35 @@ $section->addInput(new Form_Checkbox( $section->addInput(new Form_Checkbox( 'dnssecstripped', - 'Harden DNSSEC data', + 'Harden DNSSEC Data', 'DNSSEC data is required for trust-anchored zones.', $pconfig['dnssecstripped'] ))->setHelp('If such data is absent, the zone becomes bogus. If Disabled and no DNSSEC data is received, then the zone is made insecure. '); $section->addInput(new Form_Select( 'msgcachesize', - 'Message Cache size', + 'Message Cache Size', $pconfig['msgcachesize'], array_combine(array("4", "10", "20", "50", "100", "250", "512"), array("4 MB", "10 MB", "20 MB", "50 MB", "100 MB", "250 MB", "512 MB")) -))->setHelp('Size of the message cache. The message cache stores DNS rcodes and validation statuses. The RRSet cache will automatically be set to twice this amount. The RRSet cache contains the actual RR data. The default is 4 megabytes.'); +))->setHelp('Size of the message cache. The message cache stores DNS response codes and validation statuses. The Resource Record Set (RRSet) cache will automatically be set to twice this amount. The RRSet cache contains the actual RR data. The default is 4 megabytes.'); $section->addInput(new Form_Select( 'outgoing_num_tcp', 'Outgoing TCP Buffers', $pconfig['outgoing_num_tcp'], array_combine(array("0", "10", "20", "30", "50", "50"), array("0", "10", "20", "30", "50", "50")) -))->setHelp('The number of outgoing TCP buffers to allocate per thread. The default value is 10. If 0 is selected then no TCP queries, to authoritative servers, are done.'); +))->setHelp('The number of outgoing TCP buffers to allocate per thread. The default value is 10. If 0 is selected then TCP queries are not sent to authoritative servers.'); $section->addInput(new Form_Select( 'incoming_num_tcp', 'Incoming TCP Buffers', $pconfig['incoming_num_tcp'], array_combine(array("0", "10", "20", "30", "50", "50"), array("0", "10", "20", "30", "50", "50")) -))->setHelp('The number of incoming TCP buffers to allocate per thread. The default value is 10. If 0 is selected then no TCP queries, to authoritative servers, are done.'); +))->setHelp('The number of incoming TCP buffers to allocate per thread. The default value is 10. If 0 is selected then TCP queries are not accepted from clients.'); $section->addInput(new Form_Select( 'edns_buffer_size', - 'EDNS Buffer size', + 'EDNS Buffer Size', $pconfig['edns_buffer_size'], array_combine(array("512", "1480", "4096"), array("512", "1480", "4096")) ))->setHelp('Number of bytes size to advertise as the EDNS reassembly buffer size. This is the value that is used in UDP datagrams sent to peers. ' . @@ -311,7 +311,7 @@ $section->addInput(new Form_Select( $section->addInput(new Form_Select( 'num_queries_per_thread', - 'Number of queries per thread', + 'Number of Queries per Thread', $pconfig['num_queries_per_thread'], array_combine(array("512", "1024", "2048"), array("512", "1024", "2048")) ))->setHelp('The number of queries that every thread will service simultaneously. If more queries arrive that need to be serviced, and no queries can be jostled, then these queries are dropped'); @@ -325,34 +325,34 @@ $section->addInput(new Form_Select( $section->addInput(new Form_Input( 'cache_max_ttl', - 'Maximum TTL for RRsets and messages', + 'Maximum TTL for RRsets and Messages', 'text', $pconfig['cache_max_ttl'] -))->setHelp('Configure a maximum Time to live for RRsets and messages in the cache. The default is 86400 seconds (1 day). ' . +))->setHelp('The Maximum Time to Live for RRsets and messages in the cache. The default is 86400 seconds (1 day). ' . 'When the internal TTL expires the cache item is expired. This can be configured to force the resolver to query for data more often and not trust (very large) TTL values'); $section->addInput(new Form_Input( 'cache_min_ttl', - 'Minimum TTL for RRsets and messages', + 'Minimum TTL for RRsets and Messages', 'text', $pconfig['cache_min_ttl'] -))->setHelp('Configure a minimum Time to live for RRsets and messages in the cache. ' . +))->setHelp('The Minimum Time to Live for RRsets and messages in the cache. ' . 'The default is 0 seconds. If the minimum value kicks in, the data is cached for longer than the domain owner intended, and thus less queries are made to look up the data. ' . 'The 0 value ensures the data in the cache is as the domain owner intended. High values can lead to trouble as the data in the cache might not match up with the actual data anymore.'); $section->addInput(new Form_Select( 'infra_host_ttl', - 'TTL for Host Cache entries', + 'TTL for Host Cache Entries', $pconfig['infra_host_ttl'], array_combine(array("60", "120", "300", "600", "900"), array("1 minute", "2 minutes", "5 minutes", "10 minutes", "15 minutes")) -))->setHelp('This timeout is used for when the server is very busy. This protects against denial of service by slow queries or high query rates. The default value is 200 milliseconds. '); +))->setHelp('Time to Live, in seconds, for entries in the infrastructure host cache. The infrastructure host cache contains round trip timing, lameness, and EDNS support information for DNS servers. The default value is 15 minutes.'); $section->addInput(new Form_Select( 'infra_cache_numhosts', 'Number of Hosts to Cache', $pconfig['infra_cache_numhosts'], array_combine(array("1000", "5000", "10000", "20000", "50000"), array("1000", "5000", "10000", "20000", "50000")) -))->setHelp('Number of hosts for which information is cached. The default is 10,000.'); +))->setHelp('Number of infrastructure hosts for which information is cached. The default is 10,000.'); $section->addInput(new Form_Select( 'unwanted_reply_threshold', @@ -366,14 +366,14 @@ $section->addInput(new Form_Select( $section->addInput(new Form_Select( 'log_verbosity', - 'Log level', + 'Log Level', $pconfig['log_verbosity'], array_combine(array("0", "1", "2", "3", "4", "5"), array("Level 0", "Level 1", "Level 2", "Level 3", "Level 4", "Level 5")) ))->setHelp('Select the log verbosity.'); $section->addInput(new Form_Checkbox( 'disable_auto_added_access_control', - 'Disable auto-added access control', + 'Disable Auto-added Access Control', 'disable the automatically-added access control entries', $pconfig['disable_auto_added_access_control'] ))->setHelp('By default, IPv4 and IPv6 networks residing on internal interfaces of this system are permitted. ' . diff --git a/src/usr/local/www/status_gateway_groups.php b/src/usr/local/www/status_gateway_groups.php index b88c7cd..d244b88 100755 --- a/src/usr/local/www/status_gateway_groups.php +++ b/src/usr/local/www/status_gateway_groups.php @@ -92,6 +92,9 @@ $tab_array[0] = array(gettext("Gateways"), false, "status_gateways.php"); $tab_array[1] = array(gettext("Gateway Groups"), true, "status_gateway_groups.php"); display_top_tabs($tab_array); ?> +<div class="panel panel-default"> + <div class="panel-heading"><h2 class="panel-title"><?=gettext('Gateway Groups')?></h2></div> + <div class="panel-body"> <div class="table-responsive"> <table class="table table-hover table-condensed table-striped"> @@ -204,4 +207,7 @@ display_top_tabs($tab_array); </table> </div> + </div> +</div> + <?php include("foot.inc"); diff --git a/src/usr/local/www/status_gateways.php b/src/usr/local/www/status_gateways.php index 97c0051..f6ad489 100644 --- a/src/usr/local/www/status_gateways.php +++ b/src/usr/local/www/status_gateways.php @@ -87,6 +87,9 @@ $tab_array[] = array(gettext("Gateways"), true, "status_gateways.php"); $tab_array[] = array(gettext("Gateway Groups"), false, "status_gateway_groups.php"); display_top_tabs($tab_array); ?> +<div class="panel panel-default"> + <div class="panel-heading"><h2 class="panel-title"><?=gettext('Gateways')?></h2></div> + <div class="panel-body"> <div class="table-responsive"> <table class="table table-striped table-hover table-condensed sortable-theme-bootstrap" data-sortable> @@ -188,4 +191,7 @@ display_top_tabs($tab_array); </table> </div> + </div> +</div> + <?php include("foot.inc"); ?> diff --git a/src/usr/local/www/status_graph.php b/src/usr/local/www/status_graph.php index 39ea7f0..8625682 100644 --- a/src/usr/local/www/status_graph.php +++ b/src/usr/local/www/status_graph.php @@ -193,6 +193,7 @@ $group->add(new Form_Select( array ( '' => 'IP Address', 'hostname' => 'Host Name', + 'descr' => 'Description', 'fqdn' => 'FQDN' ) ))->setHelp('Display'); diff --git a/src/usr/local/www/status_logs.php b/src/usr/local/www/status_logs.php index 4a1ff52..963932e 100755 --- a/src/usr/local/www/status_logs.php +++ b/src/usr/local/www/status_logs.php @@ -63,8 +63,8 @@ ##|*MATCH=status_logs.php ##|-PRIV -require("guiconfig.inc"); -require_once("filter_log.inc"); +require_once("status_logs_common.inc"); + /* Build a list of allowed log files so we can reject others to prevent the page @@ -108,179 +108,23 @@ if (!$_GET['logfile']) { } } -$system_logfile = "{$g['varlog_path']}/" . basename($logfile) . ".log"; - - -function getGETPOSTsettingvalue($settingname, $default) { - $settingvalue = $default; - if ($_GET[$settingname]) { - $settingvalue = $_GET[$settingname]; - } - if ($_POST[$settingname]) { - $settingvalue = $_POST[$settingname]; - } - return $settingvalue; -} - - -$filtersubmit = getGETPOSTsettingvalue('filtersubmit', null); - -if ($filtersubmit) { - $filter_active = true; - $filtertext = getGETPOSTsettingvalue('filtertext', ""); - $filterlogentries_qty = getGETPOSTsettingvalue('filterlogentries_qty', null); -} - -$filterlogentries_submit = getGETPOSTsettingvalue('filterlogentries_submit', null); - -if ($filterlogentries_submit) { - $filter_active = true; - $filterfieldsarray = array(); - - $filterfieldsarray['time'] = getGETPOSTsettingvalue('filterlogentries_time', null); - $filterfieldsarray['process'] = getGETPOSTsettingvalue('filterlogentries_process', null); - $filterfieldsarray['pid'] = getGETPOSTsettingvalue('filterlogentries_pid', null); - $filterfieldsarray['message'] = getGETPOSTsettingvalue('filterlogentries_message', null); - $filterlogentries_qty = getGETPOSTsettingvalue('filterlogentries_qty', null); -} - - -# Manage Log - Code - -$specific_log = basename($logfile) . '_settings'; - -# All -$pconfig['cronorder'] = $config['syslog'][$specific_log]['cronorder']; -$pconfig['nentries'] = $config['syslog'][$specific_log]['nentries']; -$pconfig['logfilesize'] = $config['syslog'][$specific_log]['logfilesize']; -$pconfig['format'] = $config['syslog'][$specific_log]['format']; - -# System General (main) Specific -$pconfig['loglighttpd'] = !isset($config['syslog']['nologlighttpd']); - -$save_settings = getGETPOSTsettingvalue('save_settings', null); - -if ($save_settings) { - - # All - $cronorder = getGETPOSTsettingvalue('cronorder', null); - $nentries = getGETPOSTsettingvalue('nentries', null); - $logfilesize = getGETPOSTsettingvalue('logfilesize', null); - $format = getGETPOSTsettingvalue('format', null); - - # System General (main) Specific - $loglighttpd = getGETPOSTsettingvalue('loglighttpd', null); - - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - # All - if (isset($nentries) && (strlen($nentries) > 0)) { - if (!is_numeric($nentries) || ($nentries < 5) || ($nentries > 2000)) { - $input_errors[] = gettext("Number of log entries to show must be between 5 and 2000."); - } - } - - if (isset($logfilesize) && (strlen($logfilesize) > 0)) { - if (!is_numeric($logfilesize) || ($logfilesize < 100000)) { - $input_errors[] = gettext("Log file size must be numeric and greater than or equal to 100000."); - } - } - - if (!$input_errors) { - - # Clear out the specific log settings and leave only the applied settings to override the general logging options (global) settings. - unset($config['syslog'][$specific_log]); - - # All - if ($cronorder != '') { # if not using the general logging options setting (global) - $config['syslog'][$specific_log]['cronorder'] = $cronorder; - } - - if (isset($nentries) && (strlen($nentries) > 0)) { - $config['syslog'][$specific_log]['nentries'] = (int)$nentries; - } - - if (isset($logfilesize) && (strlen($logfilesize) > 0)) { - $config['syslog'][$specific_log]['logfilesize'] = (int)$logfilesize; - } - - if ($format != '') { # if not using the general logging options setting (global) - $config['syslog'][$specific_log]['format'] = $format; - } - - # System General (main) Specific - if ($logfile == 'system') { - $oldnologlighttpd = isset($config['syslog']['nologlighttpd']); - $config['syslog']['nologlighttpd'] = $loglighttpd ? false : true; - - if ($oldnologlighttpd !== $config['syslog']['nologlighttpd']) { - $logging_changed = $lighttpd_logging_changed = true; - } - } - - - // If any of the logging settings were changed then backup and sync (standard write_config). Otherwise only write config (don't backup, don't sync). - if ($logging_changed) { - write_config($desc = "Log Display Settings Saved: " . gettext($allowed_logs[$logfile]["name"]), $backup = true, $write_config_only = false); - $retval = 0; - $retval = system_syslogd_start(); - } else { - write_config($desc = "Log Display Settings Saved (no backup, no sync): " . gettext($allowed_logs[$logfile]["name"]), $backup = false, $write_config_only = true); - } - - $savemsg = gettext("The changes have been applied successfully."); - - # System General (main) Specific - if ($logfile == 'system') { - if ($lighttpd_logging_changed) { - ob_flush(); - flush(); - log_error(gettext("webConfigurator configuration has changed. Restarting webConfigurator.")); - send_event("service restart webgui"); - $savemsg .= "<br />" . gettext("WebGUI process is restarting."); - } - } - } -} - -# Formatted/Raw Display -if ($config['syslog'][$specific_log]['format'] == 'formatted') { - $rawfilter = false; -} else if ($config['syslog'][$specific_log]['format'] == 'raw') { - $rawfilter = true; -} else { # Use the general logging options setting (global). - $rawfilter = isset($config['syslog']['rawfilter']); -} +// Log Filter Submit - System +log_filter_form_system_submit(); -isset($config['syslog'][$specific_log]['nentries']) ? $nentries = $config['syslog'][$specific_log]['nentries'] : $nentries = $config['syslog']['nentries']; +// Manage Log Section - Code +manage_log_code(); -# Override Display Quantity -if ($filterlogentries_qty) { - $nentries = $filterlogentries_qty; -} -if (!$nentries || !is_numeric($nentries)) { - $nentries = 50; -} +// Status Logs Common - Code +status_logs_common_code(); -if ($_POST['clear']) { - clear_log_file($system_logfile); -} if ($filtertext) { $filtertextmeta="?filtertext=$filtertext"; } -/* Setup shortcuts if they exist */ - -if (!empty($allowed_logs[$logfile]["shortcut"])) { - $shortcut_section = $allowed_logs[$logfile]["shortcut"]; -} - $pgtitle = array(gettext("Status"), gettext("System logs"), gettext($allowed_logs[$logfile]["name"])); include("head.inc"); @@ -289,137 +133,20 @@ if (!$input_errors && $savemsg) { $manage_log_active = false; } -$tab_array = array(); -$tab_array[] = array(gettext("System"), ($logfile == 'system'), "status_logs.php"); -$tab_array[] = array(gettext("Firewall"), false, "status_logs_filter.php"); -$tab_array[] = array(gettext("DHCP"), ($logfile == 'dhcpd'), "status_logs.php?logfile=dhcpd"); -$tab_array[] = array(gettext("Portal Auth"), ($logfile == 'portalauth'), "status_logs.php?logfile=portalauth"); -$tab_array[] = array(gettext("IPsec"), ($logfile == 'ipsec'), "status_logs.php?logfile=ipsec"); -$tab_array[] = array(gettext("PPP"), ($logfile == 'ppp'), "status_logs.php?logfile=ppp"); -$tab_array[] = array(gettext("VPN"), false, "status_logs_vpn.php"); -$tab_array[] = array(gettext("Load Balancer"), ($logfile == 'relayd'), "status_logs.php?logfile=relayd"); -$tab_array[] = array(gettext("OpenVPN"), ($logfile == 'openvpn'), "status_logs.php?logfile=openvpn"); -$tab_array[] = array(gettext("NTP"), ($logfile == 'ntpd'), "status_logs.php?logfile=ntpd"); -$tab_array[] = array(gettext("Settings"), false, "status_logs_settings.php"); -display_top_tabs($tab_array); - -$tab_array = array(); -if (in_array($logfile, array('system', 'gateways', 'routing', 'resolver', 'wireless'))) { - $tab_array[] = array(gettext("General"), ($logfile == 'system'), "/status_logs.php"); - $tab_array[] = array(gettext("Gateways"), ($logfile == 'gateways'), "/status_logs.php?logfile=gateways"); - $tab_array[] = array(gettext("Routing"), ($logfile == 'routing'), "/status_logs.php?logfile=routing"); - $tab_array[] = array(gettext("Resolver"), ($logfile == 'resolver'), "/status_logs.php?logfile=resolver"); - $tab_array[] = array(gettext("Wireless"), ($logfile == 'wireless'), "/status_logs.php?logfile=wireless"); - display_top_tabs($tab_array, false, 'nav nav-tabs'); -} - -if ($filter_active) { - $filter_state = SEC_OPEN; -} else { - $filter_state = SEC_CLOSED; -} - -if (!$rawfilter) { // Advanced log filter form - $form = new Form(false); +// Tab Array +tab_array_logs_common(); - $section = new Form_Section('Advanced Log Filter', 'adv-filter-panel', COLLAPSIBLE|$filter_state); - $group = new Form_Group(''); +// Filter Section/Form - System +filter_form_system(); - $group->add(new Form_Input( - 'filterlogentries_time', - null, - 'text', - $filterfieldsarray['time'] - ))->setWidth(3)->setHelp('Time'); - - $group->add(new Form_Input( - 'filterlogentries_process', - null, - 'text', - $filterfieldsarray['process'] - ))->setWidth(2)->setHelp('Process'); - - $group->add(new Form_Input( - 'filterlogentries_pid', - null, - 'text', - $filterfieldsarray['pid'] - ))->setWidth(2)->setHelp('PID'); - - $group->add(new Form_Input( - 'filterlogentries_qty', - null, - 'number', - $filterlogentries_qty, - ['placeholder' => $nentries] - ))->setWidth(2)->setHelp('Quantity'); - - $section->add($group); - - $group = new Form_Group(''); - - $group->add(new Form_Input( - 'filterlogentries_message', - null, - 'text', - $filterfieldsarray['message'] - ))->setWidth(7)->setHelp('Message'); - - $btnsubmit = new Form_Button( - 'filterlogentries_submit', - ' ' . gettext('Apply Filter'), - null, - 'fa-filter' - ); -} else { // Simple log filter form - $form = new Form(false); - - $section = new Form_Section('Log Filter', 'basic-filter-panel', COLLAPSIBLE|$filter_state); - - $group = new Form_Group(''); - - $group->add(new Form_Input( - 'filtertext', - null, - 'text', - $filtertext - ))->setWidth(6)->setHelp('Filter Expression'); - - $group->add(new Form_Input( - 'filterlogentries_qty', - null, - 'number', - $filterlogentries_qty, - ['placeholder' => $nentries] - ))->setWidth(2)->setHelp('Quantity'); - - $btnsubmit = new Form_Button( - 'filtersubmit', - ' ' . gettext('Apply Filter'), - null, - 'fa-filter' - ); -} - -$btnsubmit->removeClass('btn-primary')->addClass('btn-success')->addClass('btn-sm'); - -$group->add(new Form_StaticText( - '', - $btnsubmit -)); - -$group->setHelp('<a target="_blank" href="http://www.php.net/manual/en/book.pcre.php">' . gettext('Regular expression reference') . '</a> ' . gettext('Precede with exclamation (!) to exclude match.')); -$section->add($group); -$form->add($section); -print $form; // Now the forms are complete we can draw the log table and its controls if (!$rawfilter) { if ($filterlogentries_submit) { - $filterlog = conv_log_filter($system_logfile, $nentries, $nentries + 100, $filterfieldsarray); + $filterlog = conv_log_filter($logfile_path, $nentries, $nentries + 100, $filterfieldsarray); } else { - $filterlog = conv_log_filter($system_logfile, $nentries, $nentries + 100, $filtertext); + $filterlog = conv_log_filter($logfile_path, $nentries, $nentries + 100, $filtertext); } ?> @@ -501,9 +228,9 @@ if (!$rawfilter) { } if ($filtertext) { - $rows = dump_clog($system_logfile, $nentries, true, array("$filtertext"), $inverse); + $rows = dump_clog($logfile_path, $nentries, true, array("$filtertext"), $inverse); } else { - $rows = dump_clog($system_logfile, $nentries, true, array(), $inverse); + $rows = dump_clog($logfile_path, $nentries, true, array(), $inverse); } ?> </tbody> @@ -521,161 +248,7 @@ if (!$rawfilter) { <?php # Manage Log - Section/Form - -if ($input_errors) { - print_input_errors($input_errors); - $manage_log_active = true; -} - -if ($manage_log_active) { - $manage_log_state = SEC_OPEN; -} else { - $manage_log_state = SEC_CLOSED; -} - -$form = new Form(false); - -$section = new Form_Section(gettext('Manage') . ' ' . gettext($allowed_logs[$logfile]["name"]) . ' ' . gettext('Log'), 'log-manager-panel', COLLAPSIBLE|$manage_log_state); - -$section->addInput(new Form_StaticText( - '', - 'These settings override the "General Logging Options" settings.' -)); - - -# All -$group = new Form_Group('Forward/Reverse Display'); - -$group->add(new Form_Checkbox( - 'cronorder', - null, - 'Forward', - ($pconfig['cronorder'] == 'forward') ? true : false, - 'forward' -))->displayAsRadio()->setHelp('(newest at bottom)'); - -$group->add(new Form_Checkbox( - 'cronorder', - null, - 'Reverse', - ($pconfig['cronorder'] == 'reverse') ? true : false, - 'reverse' -))->displayAsRadio()->setHelp('(newest at top)'); - -$group->add(new Form_Checkbox( - 'cronorder', - null, - 'General Logging Options Setting', - ($pconfig['cronorder'] == '') ? true : false, - '' -))->displayAsRadio(); - -$group->setHelp('Show log entries in forward or reverse order.'); -$section->add($group); - -$group = new Form_Group('GUI Log Entries'); - -# Use the general logging options setting (global) as placeholder. -$group->add(new Form_Input( - 'nentries', - 'GUI Log Entries', - 'number', - $pconfig['nentries'], - ['min' => 5, 'max' => 2000, 'placeholder' => $config['syslog']['nentries']] -))->setWidth(2); - -$group->setHelp('This is the number of log entries displayed in the GUI. It does not affect how many entries are contained in the log.'); -$section->add($group); - -$group = new Form_Group('Log file size (Bytes)'); - -# Use the general logging options setting (global) as placeholder. -$group->add(new Form_Input( - 'logfilesize', - 'Log file size (Bytes)', - 'number', - $pconfig['logfilesize'], - ['min' => 100000, 'placeholder' => $config['syslog']['logfilesize'] ? $config['syslog']['logfilesize'] : "511488"] -))->setWidth(2); -$group->setHelp("The log is held in a constant-size circular log file. This field controls how large the log file is, and thus how many entries may exist inside the log. The default is approximately 500KB." . - '<br /><br />' . - "NOTE: The log size is changed the next time it is cleared. To immediately change the log size, first save the options to set the size, then clear the log using the \"Clear Log\" action below. "); -$section->add($group); - -$group = new Form_Group('Formatted/Raw Display'); - -$group->add(new Form_Checkbox( - 'format', - null, - 'Formatted', - ($pconfig['format'] == 'formatted') ? true : false, - 'formatted' -))->displayAsRadio(); - -$group->add(new Form_Checkbox( - 'format', - null, - 'Raw', - ($pconfig['format'] == 'raw') ? true : false, - 'raw' -))->displayAsRadio(); - -$group->add(new Form_Checkbox( - 'format', - null, - 'General Logging Options Setting', - ($pconfig['format'] == '') ? true : false, - '' -))->displayAsRadio(); - -$group->setHelp('Show the log entries as formatted or raw output as generated by the service. The raw output will reveal more detailed information, but it is more difficult to read.'); -$section->add($group); - - -# System General (main) Specific -if ($logfile == 'system') { - $section->addInput(new Form_Checkbox( - 'loglighttpd', - 'Web Server Log', - 'Log errors from the web server process', - $pconfig['loglighttpd'] - ))->setHelp('If this is checked, errors from the lighttpd web server process for the GUI or Captive Portal will appear in the system log.'); -} - - -$group = new Form_Group('Action'); - -$btnsavesettings = new Form_Button( - 'save_settings', - gettext('Save'), - null -); - -$btnsavesettings->addClass('btn-sm'); - -$group->add(new Form_StaticText( - '', - $btnsavesettings -))->setHelp('Saves changed settings.'); - - -$btnclear = new Form_Button( - 'clear', - ' ' . gettext('Clear log'), - null, - 'fa-trash' -); - -$btnclear->removeClass('btn-primary')->addClass('btn-danger')->addClass('btn-sm'); - -$group->add(new Form_StaticText( - '', - $btnclear -))->setHelp('Clears local log file and reinitializes it as an empty log. Save any settings changes first.'); - -$section->add($group); -$form->add($section); -print $form; +manage_log_section(); ?> <?php include("foot.inc"); ?> diff --git a/src/usr/local/www/status_logs_common.inc b/src/usr/local/www/status_logs_common.inc new file mode 100644 index 0000000..51c0646 --- /dev/null +++ b/src/usr/local/www/status_logs_common.inc @@ -0,0 +1,898 @@ +<?php +/* + status_logs_common.inc +*/ +/* ==================================================================== + * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. + * + * Some or all of this file is based on the m0n0wall project which is + * Copyright (c) 2004 Manuel Kasper (BSD 2 clause) + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgment: + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution. (http://www.pfsense.org/). + * + * 4. The names "pfSense" and "pfSense Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * coreteam@pfsense.org. + * + * 5. Products derived from this software may not be called "pfSense" + * nor may "pfSense" appear in their names without prior written + * permission of the Electric Sheep Fencing, LLC. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution (http://www.pfsense.org/). + * + * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + * ==================================================================== + * + */ + +require_once("guiconfig.inc"); +require_once("filter_log.inc"); + + +// Status Logs Common - Code +function status_logs_common_code() { + global $g, $config, $specific_log, $nentries, $filterlogentries_qty, $logfile_path, $shortcut_section, $allowed_logs, $logfile; + + $logfile_path = "{$g['varlog_path']}/" . basename($logfile) . ".log"; + + isset($config['syslog'][$specific_log]['nentries']) ? $nentries = $config['syslog'][$specific_log]['nentries'] : $nentries = $config['syslog']['nentries']; + + // Override Display Quantity + if ($filterlogentries_qty) { + $nentries = $filterlogentries_qty; + } + + if (!$nentries || !is_numeric($nentries)) { + $nentries = 50; + } + + if ($_POST['clear']) { + clear_log_file($logfile_path); + } + + /* Setup shortcuts if they exist */ + + if (!empty($allowed_logs[$logfile]["shortcut"])) { + $shortcut_section = $allowed_logs[$logfile]["shortcut"]; + } +} + +// Tab Array +function tab_array_logs_common() { + global $tab_array, $logfile, $vpntype, $view; + + $tab_array = array(); + $tab_array[] = array(gettext("System"), ($logfile == 'system'), "status_logs.php"); + $tab_array[] = array(gettext("Firewall"), ($logfile == 'filter'), "status_logs_filter.php"); + $tab_array[] = array(gettext("DHCP"), ($logfile == 'dhcpd'), "status_logs.php?logfile=dhcpd"); + $tab_array[] = array(gettext("Portal Auth"), ($logfile == 'portalauth'), "status_logs.php?logfile=portalauth"); + $tab_array[] = array(gettext("IPsec"), ($logfile == 'ipsec'), "status_logs.php?logfile=ipsec"); + $tab_array[] = array(gettext("PPP"), ($logfile == 'ppp'), "status_logs.php?logfile=ppp"); + $tab_array[] = array(gettext("VPN"), ($logfile == 'vpn'), "status_logs_vpn.php"); + $tab_array[] = array(gettext("Load Balancer"), ($logfile == 'relayd'), "status_logs.php?logfile=relayd"); + $tab_array[] = array(gettext("OpenVPN"), ($logfile == 'openvpn'), "status_logs.php?logfile=openvpn"); + $tab_array[] = array(gettext("NTP"), ($logfile == 'ntpd'), "status_logs.php?logfile=ntpd"); + $tab_array[] = array(gettext("Settings"), false, "status_logs_settings.php"); + display_top_tabs($tab_array); + + $tab_array = array(); + if (in_array($logfile, array('system', 'gateways', 'routing', 'resolver', 'wireless'))) { + $tab_array[] = array(gettext("General"), ($logfile == 'system'), "/status_logs.php"); + $tab_array[] = array(gettext("Gateways"), ($logfile == 'gateways'), "/status_logs.php?logfile=gateways"); + $tab_array[] = array(gettext("Routing"), ($logfile == 'routing'), "/status_logs.php?logfile=routing"); + $tab_array[] = array(gettext("Resolver"), ($logfile == 'resolver'), "/status_logs.php?logfile=resolver"); + $tab_array[] = array(gettext("Wireless"), ($logfile == 'wireless'), "/status_logs.php?logfile=wireless"); + } + else if (in_array($logfile, array('filter'))) { + $tab_array[] = array(gettext("Normal View"), ($view == 'normal'), "/status_logs_filter.php"); + $tab_array[] = array(gettext("Dynamic View"), ($view == 'dynamic'), "/status_logs_filter_dynamic.php?logfile=filter&view=dynamic"); + $tab_array[] = array(gettext("Summary View"), ($view == 'summary'), "/status_logs_filter_summary.php?logfile=filter&view=summary"); + } + else if (in_array($logfile, array('poes', 'l2tp', 'vpn'))) { + $tab_array[] = array(gettext("PPPoE Logins"), + (($logfile == 'vpn') && ($vpntype == "poes")), + "/status_logs_vpn.php?logfile=vpn&vpntype=poes"); + $tab_array[] = array(gettext("PPPoE Raw"), + (($logfile == 'poes') && ($vpntype == "poes")), + "/status_logs_vpn.php?logfile=poes&vpntype=poes"); + $tab_array[] = array(gettext("L2TP Logins"), + (($logfile == 'vpn') && ($vpntype == "l2tp")), + "/status_logs_vpn.php?logfile=vpn&vpntype=l2tp"); + $tab_array[] = array(gettext("L2TP Raw"), + (($logfile == 'l2tps') && ($vpntype == "l2tp")), + "/status_logs_vpn.php?logfile=l2tps&vpntype=l2tp"); + } + display_top_tabs($tab_array, false, 'nav nav-tabs'); +} + + +// Log Filter Submit - System +function log_filter_form_system_submit() { + + global $filtersubmit, $interfacefilter, $filtertext; + global $filterlogentries_submit, $filterfieldsarray, $actpass, $actblock; + global $filter_active, $filterlogentries_qty; + + $filtersubmit = getGETPOSTsettingvalue('filtersubmit', null); + + if ($filtersubmit) { + $filter_active = true; + $filtertext = getGETPOSTsettingvalue('filtertext', ""); + $filterlogentries_qty = getGETPOSTsettingvalue('filterlogentries_qty', null); + } + + $filterlogentries_submit = getGETPOSTsettingvalue('filterlogentries_submit', null); + + if ($filterlogentries_submit) { + $filter_active = true; + $filterfieldsarray = array(); + + $filterfieldsarray['time'] = getGETPOSTsettingvalue('filterlogentries_time', null); + $filterfieldsarray['process'] = getGETPOSTsettingvalue('filterlogentries_process', null); + $filterfieldsarray['pid'] = getGETPOSTsettingvalue('filterlogentries_pid', null); + $filterfieldsarray['message'] = getGETPOSTsettingvalue('filterlogentries_message', null); + $filterlogentries_qty = getGETPOSTsettingvalue('filterlogentries_qty', null); + } +} + +// Filter Section/Form - System +function filter_form_system() { + + global $filter_active, $rawfilter, $filterfieldsarray, $filtertext, $filterlogentries_qty, $nentries, $Include_Act, $interfacefilter; + + if ($filter_active) { + $filter_state = SEC_OPEN; + } else { + $filter_state = SEC_CLOSED; + } + + if (!$rawfilter) { // Advanced log filter form + $form = new Form(false); + + $section = new Form_Section('Advanced Log Filter', 'adv-filter-panel', COLLAPSIBLE|$filter_state); + + $group = new Form_Group(''); + + $group->add(new Form_Input( + 'filterlogentries_time', + null, + 'text', + $filterfieldsarray['time'] + ))->setWidth(3)->setHelp('Time'); + + $group->add(new Form_Input( + 'filterlogentries_process', + null, + 'text', + $filterfieldsarray['process'] + ))->setWidth(2)->setHelp('Process'); + + $group->add(new Form_Input( + 'filterlogentries_pid', + null, + 'text', + $filterfieldsarray['pid'] + ))->setWidth(2)->setHelp('PID'); + + $group->add(new Form_Input( + 'filterlogentries_qty', + null, + 'number', + $filterlogentries_qty, + ['placeholder' => $nentries] + ))->setWidth(2)->setHelp('Quantity'); + + $section->add($group); + + $group = new Form_Group(''); + + $group->add(new Form_Input( + 'filterlogentries_message', + null, + 'text', + $filterfieldsarray['message'] + ))->setWidth(7)->setHelp('Message'); + + $btnsubmit = new Form_Button( + 'filterlogentries_submit', + ' ' . gettext('Apply Filter'), + null, + 'fa-filter' + ); + } else { // Simple log filter form + $form = new Form(false); + + $section = new Form_Section('Log Filter', 'basic-filter-panel', COLLAPSIBLE|$filter_state); + + $group = new Form_Group(''); + + $group->add(new Form_Input( + 'filtertext', + null, + 'text', + $filtertext + ))->setWidth(6)->setHelp('Filter Expression'); + + $group->add(new Form_Input( + 'filterlogentries_qty', + null, + 'number', + $filterlogentries_qty, + ['placeholder' => $nentries] + ))->setWidth(2)->setHelp('Quantity'); + + $btnsubmit = new Form_Button( + 'filtersubmit', + ' ' . gettext('Apply Filter'), + null, + 'fa-filter' + ); + } + + $btnsubmit->removeClass('btn-primary')->addClass('btn-success')->addClass('btn-sm'); + + $group->add(new Form_StaticText( + '', + $btnsubmit + )); + + $group->setHelp('<a target="_blank" href="http://www.php.net/manual/en/book.pcre.php">' . gettext('Regular expression reference') . '</a> ' . gettext('Precede with exclamation (!) to exclude match.')); + $section->add($group); + $form->add($section); + print $form; +} + + +// Log Filter Submit - Firewall +function log_filter_form_firewall_submit() { + + global $filtersubmit, $interfacefilter, $filtertext; + global $filterlogentries_submit, $filterfieldsarray, $actpass, $actblock; + global $filter_active, $filterlogentries_qty; + + $filtersubmit = getGETPOSTsettingvalue('filtersubmit', null); + + if ($filtersubmit) { + $filter_active = true; + $interfacefilter = getGETPOSTsettingvalue('interface', null); + $filtertext = getGETPOSTsettingvalue('filtertext', ""); + $filterlogentries_qty = getGETPOSTsettingvalue('filterlogentries_qty', null); + } + + $filterlogentries_submit = getGETPOSTsettingvalue('filterlogentries_submit', null); + + if ($filterlogentries_submit) { + $filter_active = true; + $filterfieldsarray = array(); + + $actpass = getGETPOSTsettingvalue('actpass', null); + $actblock = getGETPOSTsettingvalue('actblock', null); + $filterfieldsarray['act'] = str_replace(" ", " ", trim($actpass . " " . $actblock)); + $filterfieldsarray['act'] = $filterfieldsarray['act'] != "" ? $filterfieldsarray['act'] : 'All'; + $filterfieldsarray['time'] = getGETPOSTsettingvalue('filterlogentries_time', null); + $filterfieldsarray['interface'] = getGETPOSTsettingvalue('filterlogentries_interfaces', null); + $filterfieldsarray['srcip'] = getGETPOSTsettingvalue('filterlogentries_sourceipaddress', null); + $filterfieldsarray['srcport'] = getGETPOSTsettingvalue('filterlogentries_sourceport', null); + $filterfieldsarray['dstip'] = getGETPOSTsettingvalue('filterlogentries_destinationipaddress', null); + $filterfieldsarray['dstport'] = getGETPOSTsettingvalue('filterlogentries_destinationport', null); + $filterfieldsarray['proto'] = getGETPOSTsettingvalue('filterlogentries_protocol', null); + $filterfieldsarray['tcpflags'] = getGETPOSTsettingvalue('filterlogentries_protocolflags', null); + $filterlogentries_qty = getGETPOSTsettingvalue('filterlogentries_qty', null); + } +} + +// Filter Section/Form - Firewall +function filter_form_firewall() { + + global $filter_active, $rawfilter, $filterfieldsarray, $filtertext, $filterlogentries_qty, $nentries, $interfacefilter; + + $Include_Act = explode(",", str_replace(" ", ",", $filterfieldsarray['act'])); + if ($filterfieldsarray['interface'] == "All") { + $interface = ""; + } + + if ($filter_active) { + $filter_state = SEC_OPEN; + } else { + $filter_state = SEC_CLOSED; + } + + if (!$rawfilter) { // Advanced log filter form + $form = new Form(false); + + $section = new Form_Section('Advanced Log Filter', 'adv-filter-panel', COLLAPSIBLE|$filter_state); + + $group = new Form_Group(''); + + $group->add(new Form_Input( + 'filterlogentries_sourceipaddress', + null, + 'text', + $filterfieldsarray['srcip'] + ))->setHelp('Source IP Address'); + + $group->add(new Form_Input( + 'filterlogentries_destinationipaddress', + null, + 'text', + $filterfieldsarray['dstip'] + ))->setHelp('Destination IP Address'); + + $section->add($group); + $group = new Form_Group(''); + + $group->add(new Form_Checkbox( + 'actpass', + 'Pass', + 'Pass', + in_arrayi('Pass', $Include_Act), + 'Pass' + ))->setWidth(1); + + $group->add(new Form_Input( + 'filterlogentries_time', + null, + 'text', + $filterfieldsarray['time'] + ))->setWidth(3)->setHelp('Time'); + + $group->add(new Form_Input( + 'filterlogentries_sourceport', + null, + 'text', + $filterfieldsarray['srcport'] + ))->setWidth(2)->setHelp('Source Port'); + + $group->add(new Form_Input( + 'filterlogentries_protocol', + null, + 'text', + $filterfieldsarray['proto'] + ))->setWidth(2)->setHelp('Protocol'); + + $group->add(new Form_Input( + 'filterlogentries_qty', + null, + 'number', + $filterlogentries_qty, + ['placeholder' => $nentries] + ))->setWidth(2)->setHelp('Quantity'); + + $section->add($group); + + $group = new Form_Group(''); + + $group->add(new Form_Checkbox( + 'actblock', + 'Block', + 'Block', + in_arrayi('Block', $Include_Act), + 'Block' + ))->setWidth(1); + + $group->add(new Form_Input( + 'filterlogentries_interfaces', + null, + 'text', + $filterfieldsarray['interface'] + ))->setWidth(3)->setHelp('Interface'); + + $group->add(new Form_Input( + 'filterlogentries_destinationport', + null, + 'text', + $filterfieldsarray['dstport'] + ))->setWidth(2)->setHelp('Destination Port'); + + $group->add(new Form_Input( + 'filterlogentries_protocolflags', + null, + 'text', + $filterfieldsarray['tcpflags'] + ))->setWidth(2)->setHelp('Protocol Flags'); + + $btnsubmit = new Form_Button( + 'filterlogentries_submit', + ' ' . gettext('Apply Filter'), + null, + 'fa-filter' + ); + } else { // Simple log filter form + $form = new Form(false); + + $section = new Form_Section('Log Filter', 'basic-filter-panel', COLLAPSIBLE|$filter_state); + + $group = new Form_Group(''); + + $group->add(new Form_Select( + 'interface', + 'Interface', + $interfacefilter, + status_logs_build_if_list() + ))->setWidth(2)->setHelp('Interface'); + + $group->add(new Form_Input( + 'filterlogentries_qty', + null, + 'number', + $filterlogentries_qty, + ['placeholder' => $nentries] + ))->setWidth(2)->setHelp('Quantity'); + + $section->add($group); + + $group = new Form_Group(''); + + $group->add(new Form_Input( + 'filtertext', + null, + 'text', + $filtertext + ))->setWidth(6)->setHelp('Filter Expression'); + + $btnsubmit = new Form_Button( + 'filtersubmit', + ' ' . gettext('Apply Filter'), + null, + 'fa-filter' + ); + } + + $btnsubmit->removeClass('btn-primary')->addClass('btn-success')->addClass('btn-sm'); + + $group->add(new Form_StaticText( + '', + $btnsubmit + )); + + $group->setHelp('<a target="_blank" href="http://www.php.net/manual/en/book.pcre.php">' . gettext('Regular expression reference') . '</a> ' . gettext('Precede with exclamation (!) to exclude match.')); + $section->add($group); + $form->add($section); + print($form); +} + + +function status_logs_build_if_list() { + $iflist = get_configured_interface_with_descr(false, true); + //$iflist = get_interface_list(); + // Allow extending of the firewall edit interfaces + pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_interfaces_edit"); + foreach ($iflist as $if => $ifdesc) { + $interfaces[$if] = $ifdesc; + } + + if ($config['l2tp']['mode'] == "server") { + $interfaces['l2tp'] = "L2TP VPN"; + } + + if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) { + $interfaces['pppoe'] = "PPPoE Server"; + } + + /* add ipsec interfaces */ + if (ipsec_enabled()) { + $interfaces["enc0"] = "IPsec"; + } + + /* add openvpn/tun interfaces */ + if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) { + $interfaces["openvpn"] = "OpenVPN"; + } + + return($interfaces); +} + + +// Manage Log Section - Code +function manage_log_code() { + global $logfile, $specific_log, $config, $pconfig, $rawfilter, $save_settings, $input_errors; + + $specific_log = basename($logfile) . '_settings'; + + // Common to All Logs + $pconfig['cronorder'] = $config['syslog'][$specific_log]['cronorder']; + $pconfig['nentries'] = $config['syslog'][$specific_log]['nentries']; + $pconfig['logfilesize'] = $config['syslog'][$specific_log]['logfilesize']; + $pconfig['format'] = $config['syslog'][$specific_log]['format']; + + // Specific to System General (main) Log + if ($logfile == 'system') { + $pconfig['lognginx'] = !isset($config['syslog']['nolognginx']); + } + + // Specific to Firewall Log + if ($logfile == 'filter') { + $pconfig['logdefaultblock'] = !isset($config['syslog']['nologdefaultblock']); + $pconfig['logdefaultpass'] = isset($config['syslog']['nologdefaultpass']); + $pconfig['logbogons'] = !isset($config['syslog']['nologbogons']); + $pconfig['logprivatenets'] = !isset($config['syslog']['nologprivatenets']); + $pconfig['filterdescriptions'] = $config['syslog']['filterdescriptions']; + } + + $save_settings = getGETPOSTsettingvalue('save_settings', null); + + if ($save_settings) { + + // Common to All Logs + $cronorder = getGETPOSTsettingvalue('cronorder', null); + $nentries = getGETPOSTsettingvalue('nentries', null); + $logfilesize = getGETPOSTsettingvalue('logfilesize', null); + $format = getGETPOSTsettingvalue('format', null); + + // Specific to System General (main) Log + if ($logfile == 'system') { + $lognginx = getGETPOSTsettingvalue('lognginx', null); + } + + // Specific to Firewall Log + if ($logfile == 'filter') { + $logdefaultblock = getGETPOSTsettingvalue('logdefaultblock', null); + $logdefaultpass = getGETPOSTsettingvalue('logdefaultpass', null); + $logbogons = getGETPOSTsettingvalue('logbogons', null); + $logprivatenets = getGETPOSTsettingvalue('logprivatenets', null); + $filterdescriptions = getGETPOSTsettingvalue('filterdescriptions', null); + } + + unset($input_errors); + global $input_errors; + $pconfig = $_POST; + + /* input validation */ + // Common to All Logs + if (isset($nentries) && (strlen($nentries) > 0)) { + if (!is_numeric($nentries) || ($nentries < 5) || ($nentries > 2000)) { + $input_errors[] = gettext("Number of log entries to show must be between 5 and 2000."); + } + } + + if (isset($logfilesize) && (strlen($logfilesize) > 0)) { + if (!is_numeric($logfilesize) || ($logfilesize < 100000)) { + $input_errors[] = gettext("Log file size must be numeric and greater than or equal to 100000."); + } + } + + if (!$input_errors) { + + # Clear out the specific log settings and leave only the applied settings to override the general logging options (global) settings. + if (isset($config['syslog'][$specific_log])) { + unset($config['syslog'][$specific_log]); + } + + // Common to All Logs + if ($cronorder != '') { # if not using the general logging options setting (global) + $config['syslog'][$specific_log]['cronorder'] = $cronorder; + } + + if (isset($nentries) && (strlen($nentries) > 0)) { + $config['syslog'][$specific_log]['nentries'] = (int)$nentries; + } + + if (isset($logfilesize) && (strlen($logfilesize) > 0)) { + $config['syslog'][$specific_log]['logfilesize'] = (int)$logfilesize; + } + + if ($format != '') { # if not using the general logging options setting (global) + $config['syslog'][$specific_log]['format'] = $format; + } + + // Specific to System General (main) Log + if ($logfile == 'system') { + $oldnolognginx = isset($config['syslog']['nolognginx']); + $config['syslog']['nolognginx'] = $lognginx ? false : true; + + if ($oldnolognginx !== $config['syslog']['nolognginx']) { + $logging_changed = $nginx_logging_changed = true; + } + } + + // Specific to Firewall Log + if ($logfile == 'filter') { + $oldnologdefaultblock = isset($config['syslog']['nologdefaultblock']); + $oldnologdefaultpass = isset($config['syslog']['nologdefaultpass']); + $oldnologbogons = isset($config['syslog']['nologbogons']); + $oldnologprivatenets = isset($config['syslog']['nologprivatenets']); + + $config['syslog']['nologdefaultblock'] = $logdefaultblock ? false : true; + $config['syslog']['nologdefaultpass'] = $logdefaultpass ? true : false; + $config['syslog']['nologbogons'] = $logbogons ? false : true; + $config['syslog']['nologprivatenets'] = $logprivatenets ? false : true; + + if (is_numeric($filterdescriptions) && $filterdescriptions > 0) { + $config['syslog']['filterdescriptions'] = $filterdescriptions; + } else { + unset($config['syslog']['filterdescriptions']); + } + + if ( + ($oldnologdefaultblock !== $config['syslog']['nologdefaultblock']) || + ($oldnologdefaultpass !== $config['syslog']['nologdefaultpass']) || + ($oldnologbogons !== $config['syslog']['nologbogons']) || + ($oldnologprivatenets !== $config['syslog']['nologprivatenets'])) { + $logging_changed = $firewall_logging_changed = true; + } + } + + + // If any of the logging settings were changed then backup and sync (standard write_config). Otherwise only write config (don't backup, don't sync). + if ($logging_changed) { + write_config($desc = "Log Display Settings Saved: " . gettext($allowed_logs[$logfile]["name"]), $backup = true, $write_config_only = false); + $retval = 0; + $retval = system_syslogd_start(); + } else { + write_config($desc = "Log Display Settings Saved (no backup, no sync): " . gettext($allowed_logs[$logfile]["name"]), $backup = false, $write_config_only = true); + } + + $savemsg = gettext("The changes have been applied successfully."); + + // Specific to System General (main) Log + if ($logfile == 'system') { + if ($nginx_logging_changed) { + ob_flush(); + flush(); + log_error(gettext("webConfigurator configuration has changed. Restarting webConfigurator.")); + send_event("service restart webgui"); + $savemsg .= "<br />" . gettext("WebGUI process is restarting."); + } + } + + // Specific to Firewall Log + if ($logfile == 'filter') { + if ($firewall_logging_changed) { + require_once("filter.inc"); + $retval |= filter_configure(); + filter_pflog_start(true); + + $savemsg = get_std_save_message($retval); + } + } + } + } + + + // Formatted/Raw Display + if ($config['syslog'][$specific_log]['format'] == 'formatted') { + $rawfilter = false; + } else if ($config['syslog'][$specific_log]['format'] == 'raw') { + $rawfilter = true; + } else { // Use the general logging options setting (global). + $rawfilter = isset($config['syslog']['rawfilter']); + } +} + +# Manage Log Section/Form +function manage_log_section() { + + global $input_errors, $allowed_logs, $logfile, $config, $pconfig; + + if ($input_errors) { + print_input_errors($input_errors); + $manage_log_active = true; + } + + if ($manage_log_active) + $manage_log_state = SEC_OPEN; + else + $manage_log_state = SEC_CLOSED; + + $form = new Form(false); + + $section = new Form_Section(gettext('Manage') . ' ' . gettext($allowed_logs[$logfile]["name"]) . ' ' . gettext('Log'), 'log-manager-panel', COLLAPSIBLE|$manage_log_state); + + $section->addInput(new Form_StaticText( + '', + 'These settings override the "General Logging Options" settings.' + )); + + + // Common to All Logs + $group = new Form_Group('Forward/Reverse Display'); + + $group->add(new Form_Checkbox( + 'cronorder', + null, + 'Forward', + ($pconfig['cronorder'] == 'forward') ? true : false, + 'forward' + ))->displayAsRadio()->setHelp('(newest at bottom)'); + + $group->add(new Form_Checkbox( + 'cronorder', + null, + 'Reverse', + ($pconfig['cronorder'] == 'reverse') ? true : false, + 'reverse' + ))->displayAsRadio()->setHelp('(newest at top)'); + + $group->add(new Form_Checkbox( + 'cronorder', + null, + 'General Logging Options Setting', + ($pconfig['cronorder'] == '') ? true : false, + '' + ))->displayAsRadio(); + + $group->setHelp('Show log entries in forward or reverse order.'); + $section->add($group); + + $group = new Form_Group('GUI Log Entries'); + + // Use the general logging options setting (global) as placeholder. + $group->add(new Form_Input( + 'nentries', + 'GUI Log Entries', + 'number', + $pconfig['nentries'], + ['min' => 5, 'max' => 2000, 'placeholder' => $config['syslog']['nentries']] + ))->setWidth(2); + + $group->setHelp('This is the number of log entries displayed in the GUI. It does not affect how many entries are contained in the log.'); + $section->add($group); + + $group = new Form_Group('Log file size (Bytes)'); + + // Use the general logging options setting (global) as placeholder. + $group->add(new Form_Input( + 'logfilesize', + 'Log file size (Bytes)', + 'number', + $pconfig['logfilesize'], + ['min' => 100000, 'placeholder' => $config['syslog']['logfilesize'] ? $config['syslog']['logfilesize'] : "511488"] + ))->setWidth(2); + $group->setHelp("The log is held in a constant-size circular log file. This field controls how large the log file is, and thus how many entries may exist inside the log. The default is approximately 500KB." . + '<br /><br />' . + "NOTE: The log size is changed the next time it is cleared. To immediately change the log size, first save the options to set the size, then clear the log using the \"Clear Log\" action below. "); + $section->add($group); + + $group = new Form_Group('Formatted/Raw Display'); + + $group->add(new Form_Checkbox( + 'format', + null, + 'Formatted', + ($pconfig['format'] == 'formatted') ? true : false, + 'formatted' + ))->displayAsRadio(); + + $group->add(new Form_Checkbox( + 'format', + null, + 'Raw', + ($pconfig['format'] == 'raw') ? true : false, + 'raw' + ))->displayAsRadio(); + + $group->add(new Form_Checkbox( + 'format', + null, + 'General Logging Options Setting', + ($pconfig['format'] == '') ? true : false, + '' + ))->displayAsRadio(); + + $group->setHelp('Show the log entries as formatted or raw output as generated by the service. The raw output will reveal more detailed information, but it is more difficult to read.'); + $section->add($group); + + + // Specific to System General (main) Log + if ($logfile == 'system') { + $section->addInput(new Form_Checkbox( + 'lognginx', + 'Web Server Log', + 'Log errors from the web server process', + $pconfig['lognginx'] + ))->setHelp('If this is checked, errors from the nginx web server process for the GUI or Captive Portal will appear in the system log.'); + } + + + // Specific to Firewall Log + if ($logfile == 'filter') { + $section->addInput(new Form_Checkbox( + 'logdefaultblock', + 'Log firewall default blocks', + 'Log packets matched from the default block rules in the ruleset', + $pconfig['logdefaultblock'] + ))->setHelp('Packets that are blocked by the implicit default block rule will not be logged if this option is unchecked. Per-rule logging options are still respected.'); + + $section->addInput(new Form_Checkbox( + 'logdefaultpass', + null, + 'Log packets matched from the default pass rules put in the ruleset', + $pconfig['logdefaultpass'] + ))->setHelp('Packets that are allowed by the implicit default pass rule will be logged if this option is checked. Per-rule logging options are still respected. '); + + $section->addInput(new Form_Checkbox( + 'logbogons', + null, + 'Log packets blocked by \'Block Bogon Networks\' rules', + $pconfig['logbogons'] + )); + + $section->addInput(new Form_Checkbox( + 'logprivatenets', + null, + 'Log packets blocked by \'Block Private Networks\' rules', + $pconfig['logprivatenets'] + )); + + $section->addInput(new Form_Select( + 'filterdescriptions', + 'Where to show rule descriptions', + !isset($pconfig['filterdescriptions']) ? '0':$pconfig['filterdescriptions'], + array( + '0' => 'Dont load descriptions', + '1' => 'Display as column', + '2' => 'Display as second row' + ) + ))->setHelp('Show the applied rule description below or in the firewall log rows' . '<br />' . + 'Displaying rule descriptions for all lines in the log might affect performance with large rule sets'); + } + + + // Common to All Logs + $group = new Form_Group('Action'); + + $btnsavesettings = new Form_Button( + 'save_settings', + gettext('Save'), + null + ); + + $btnsavesettings->addClass('btn-sm'); + + $group->add(new Form_StaticText( + '', + $btnsavesettings + ))->setHelp('Saves changed settings.'); + + + $btnclear = new Form_Button( + 'clear', + ' ' . gettext('Clear log'), + null, + 'fa-trash' + ); + + $btnclear->removeClass('btn-primary')->addClass('btn-danger')->addClass('btn-sm'); + + $group->add(new Form_StaticText( + '', + $btnclear + ))->setHelp('Clears local log file and reinitializes it as an empty log. Save any settings changes first.'); + + $section->add($group); + + $form->add($section); + print $form; +} +?> diff --git a/src/usr/local/www/status_logs_filter.php b/src/usr/local/www/status_logs_filter.php index 132c76b..2a28239 100644 --- a/src/usr/local/www/status_logs_filter.php +++ b/src/usr/local/www/status_logs_filter.php @@ -63,9 +63,9 @@ ##|*MATCH=status_logs_filter.php* ##|-PRIV -require("guiconfig.inc"); +require_once("status_logs_common.inc"); require_once("ipsec.inc"); -require_once("filter_log.inc"); + # --- AJAX RESOLVE --- if (isset($_POST['resolve'])) { @@ -82,6 +82,7 @@ if (isset($_POST['resolve'])) { exit; } + /* Build a list of allowed log files so we can reject others to prevent the page from acting on unauthorized files. @@ -94,26 +95,20 @@ $allowed_logs = array( // The logs to display are specified in a GET argument. Default to 'system' logs if (!$_GET['logfile']) { $logfile = 'filter'; + $view = 'normal'; } else { $logfile = $_GET['logfile']; + $view = $_GET['view']; if (!array_key_exists($logfile, $allowed_logs)) { /* Do not let someone attempt to load an unauthorized log. */ $logfile = 'filter'; + $view = 'normal'; } } -$filter_logfile = "{$g['varlog_path']}/" . basename($logfile) . ".log"; - -function getGETPOSTsettingvalue($settingname, $default) { - $settingvalue = $default; - if ($_GET[$settingname]) { - $settingvalue = $_GET[$settingname]; - } - if ($_POST[$settingname]) { - $settingvalue = $_POST[$settingname]; - } - return $settingvalue; -} +if ($view == 'normal') { $view_title = gettext("Normal View"); } +if ($view == 'dynamic') { $view_title = gettext("Dynamic View"); } +if ($view == 'summary') { $view_title = gettext("Summary View"); } $rulenum = getGETPOSTsettingvalue('getrulenum', null); @@ -124,220 +119,20 @@ if ($rulenum) { exit; } -$filtersubmit = getGETPOSTsettingvalue('filtersubmit', null); - -if ($filtersubmit) { - $filter_active = true; - $interfacefilter = getGETPOSTsettingvalue('interface', null); - $filtertext = getGETPOSTsettingvalue('filtertext', ""); - $filterlogentries_qty = getGETPOSTsettingvalue('filterlogentries_qty', null); -} - -$filterlogentries_submit = getGETPOSTsettingvalue('filterlogentries_submit', null); - -if ($filterlogentries_submit) { - $filter_active = true; - $filterfieldsarray = array(); - - $actpass = getGETPOSTsettingvalue('actpass', null); - $actblock = getGETPOSTsettingvalue('actblock', null); - $filterfieldsarray['act'] = str_replace(" ", " ", trim($actpass . " " . $actblock)); - $filterfieldsarray['act'] = $filterfieldsarray['act'] != "" ? $filterfieldsarray['act'] : 'All'; - $filterfieldsarray['time'] = getGETPOSTsettingvalue('filterlogentries_time', null); - $filterfieldsarray['interface'] = getGETPOSTsettingvalue('filterlogentries_interfaces', null); - $filterfieldsarray['srcip'] = getGETPOSTsettingvalue('filterlogentries_sourceipaddress', null); - $filterfieldsarray['srcport'] = getGETPOSTsettingvalue('filterlogentries_sourceport', null); - $filterfieldsarray['dstip'] = getGETPOSTsettingvalue('filterlogentries_destinationipaddress', null); - $filterfieldsarray['dstport'] = getGETPOSTsettingvalue('filterlogentries_destinationport', null); - $filterfieldsarray['proto'] = getGETPOSTsettingvalue('filterlogentries_protocol', null); - $filterfieldsarray['tcpflags'] = getGETPOSTsettingvalue('filterlogentries_protocolflags', null); - $filterlogentries_qty = getGETPOSTsettingvalue('filterlogentries_qty', null); -} - -# Manage Log - Code - -$specific_log = basename($logfile) . '_settings'; - -# All -$pconfig['cronorder'] = $config['syslog'][$specific_log]['cronorder']; -$pconfig['nentries'] = $config['syslog'][$specific_log]['nentries']; -$pconfig['logfilesize'] = $config['syslog'][$specific_log]['logfilesize']; -$pconfig['format'] = $config['syslog'][$specific_log]['format']; - -# System General (main) Specific -$pconfig['loglighttpd'] = !isset($config['syslog']['nologlighttpd']); - -# Firewall Specific -$pconfig['logdefaultblock'] = !isset($config['syslog']['nologdefaultblock']); -$pconfig['logdefaultpass'] = isset($config['syslog']['nologdefaultpass']); -$pconfig['logbogons'] = !isset($config['syslog']['nologbogons']); -$pconfig['logprivatenets'] = !isset($config['syslog']['nologprivatenets']); -$pconfig['filterdescriptions'] = $config['syslog']['filterdescriptions']; - -$save_settings = getGETPOSTsettingvalue('save_settings', null); - -if ($save_settings) { - - # All - $cronorder = getGETPOSTsettingvalue('cronorder', null); - $nentries = getGETPOSTsettingvalue('nentries', null); - $logfilesize = getGETPOSTsettingvalue('logfilesize', null); - $format = getGETPOSTsettingvalue('format', null); - - # System General (main) Specific - $loglighttpd = getGETPOSTsettingvalue('loglighttpd', null); - # Firewall Specific - $logdefaultblock = getGETPOSTsettingvalue('logdefaultblock', null); - $logdefaultpass = getGETPOSTsettingvalue('logdefaultpass', null); - $logbogons = getGETPOSTsettingvalue('logbogons', null); - $logprivatenets = getGETPOSTsettingvalue('logprivatenets', null); - $filterdescriptions = getGETPOSTsettingvalue('filterdescriptions', null); +// Log Filter Submit - Firewall +log_filter_form_firewall_submit(); - unset($input_errors); - $pconfig = $_POST; - /* input validation */ - if (isset($nentries) && (strlen($nentries) > 0)) { - if (!is_numeric($nentries) || ($nentries < 5) || ($nentries > 2000)) { - $input_errors[] = gettext("Number of log entries to show must be between 5 and 2000."); - } - } - - if (isset($logfilesize) && (strlen($logfilesize) > 0)) { - if (!is_numeric($logfilesize) || ($logfilesize < 100000)) { - $input_errors[] = gettext("Log file size must be numeric and greater than or equal to 100000."); - } - } +// Manage Log Section - Code +manage_log_code(); - if (!$input_errors) { - # Clear out the specific log settings and leave only the applied settings to override the general logging options (global) settings. - unset($config['syslog'][$specific_log]); +// Status Logs Common - Code +status_logs_common_code(); - # All - if ($cronorder != '') { # if not using the general logging options setting (global) - $config['syslog'][$specific_log]['cronorder'] = $cronorder; - } - if (isset($nentries) && (strlen($nentries) > 0)) { - $config['syslog'][$specific_log]['nentries'] = (int)$nentries; - } - - if (isset($logfilesize) && (strlen($logfilesize) > 0)) { - $config['syslog'][$specific_log]['logfilesize'] = (int)$logfilesize; - } - - if ($format != '') { # if not using the general logging options setting (global) - $config['syslog'][$specific_log]['format'] = $format; - } - - # System General (main) Specific - if ($logfile == 'system') { - $oldnologlighttpd = isset($config['syslog']['nologlighttpd']); - $config['syslog']['nologlighttpd'] = $loglighttpd ? false : true; - - if ($oldnologlighttpd !== $config['syslog']['nologlighttpd']) { - $logging_changed = $lighttpd_logging_changed = true; - } - } - - # Firewall Specific - if ($logfile == 'filter') { - $oldnologdefaultblock = isset($config['syslog']['nologdefaultblock']); - $oldnologdefaultpass = isset($config['syslog']['nologdefaultpass']); - $oldnologbogons = isset($config['syslog']['nologbogons']); - $oldnologprivatenets = isset($config['syslog']['nologprivatenets']); - - $config['syslog']['nologdefaultblock'] = $logdefaultblock ? false : true; - $config['syslog']['nologdefaultpass'] = $logdefaultpass ? true : false; - $config['syslog']['nologbogons'] = $logbogons ? false : true; - $config['syslog']['nologprivatenets'] = $logprivatenets ? false : true; - - if (is_numeric($filterdescriptions) && $filterdescriptions > 0) { - $config['syslog']['filterdescriptions'] = $filterdescriptions; - } else { - unset($config['syslog']['filterdescriptions']); - } - - if ( - ($oldnologdefaultblock !== $config['syslog']['nologdefaultblock']) || - ($oldnologdefaultpass !== $config['syslog']['nologdefaultpass']) || - ($oldnologbogons !== $config['syslog']['nologbogons']) || - ($oldnologprivatenets !== $config['syslog']['nologprivatenets'])) { - $logging_changed = $firewall_logging_changed = true; - } - } - - - // If any of the logging settings were changed then backup and sync (standard write_config). Otherwise only write config (don't backup, don't sync). - if ($logging_changed) { - write_config($desc = "Log Display Settings Saved: " . gettext($allowed_logs[$logfile]["name"]), $backup = true, $write_config_only = false); - $retval = 0; - $retval = system_syslogd_start(); - } else { - write_config($desc = "Log Display Settings Saved (no backup, no sync): " . gettext($allowed_logs[$logfile]["name"]), $backup = false, $write_config_only = true); - } - - $savemsg = gettext("The changes have been applied successfully."); - - # System General (main) Specific - if ($logfile == 'system') { - if ($lighttpd_logging_changed) { - ob_flush(); - flush(); - log_error(gettext("webConfigurator configuration has changed. Restarting webConfigurator.")); - send_event("service restart webgui"); - $savemsg .= "<br />" . gettext("WebGUI process is restarting."); - } - } - - # Firewall Specific - if ($logfile == 'filter') { - if ($firewall_logging_changed) { - require_once("filter.inc"); - $retval |= filter_configure(); - filter_pflog_start(true); - - $savemsg = get_std_save_message($retval); - } - } - } -} - - -# Formatted/Raw Display -if ($config['syslog'][$specific_log]['format'] == 'formatted') { - $rawfilter = false; -} else if ($config['syslog'][$specific_log]['format'] == 'raw') { - $rawfilter = true; -} else { # Use the general logging options setting (global). - $rawfilter = isset($config['syslog']['rawfilter']); -} - - -isset($config['syslog'][$specific_log]['nentries']) ? $nentries = $config['syslog'][$specific_log]['nentries'] : $nentries = $config['syslog']['nentries']; - -# Override Display Quantity -if ($filterlogentries_qty) { - $nentries = $filterlogentries_qty; -} - -if (!$nentries || !is_numeric($nentries)) { - $nentries = 50; -} - -if ($_POST['clear']) { - clear_log_file($filter_logfile); -} - -/* Setup shortcuts if they exist */ - -if (!empty($allowed_logs[$logfile]["shortcut"])) { - $shortcut_section = $allowed_logs[$logfile]["shortcut"]; -} - -$pgtitle = array(gettext("Status"), gettext("System logs"), gettext($allowed_logs[$logfile]["name"])); +$pgtitle = array(gettext("Status"), gettext("System logs"), gettext($allowed_logs[$logfile]["name"]), $view_title); include("head.inc"); if (!$input_errors && $savemsg) { @@ -346,220 +141,13 @@ if (!$input_errors && $savemsg) { } -function build_if_list() { - $iflist = get_configured_interface_with_descr(false, true); - //$iflist = get_interface_list(); - // Allow extending of the firewall edit interfaces - pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_interfaces_edit"); - foreach ($iflist as $if => $ifdesc) { - $interfaces[$if] = $ifdesc; - } - - if ($config['l2tp']['mode'] == "server") { - $interfaces['l2tp'] = "L2TP VPN"; - } - - if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) { - $interfaces['pppoe'] = "PPPoE Server"; - } - - /* add ipsec interfaces */ - if (ipsec_enabled()) { - $interfaces["enc0"] = "IPsec"; - } - - /* add openvpn/tun interfaces */ - if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) { - $interfaces["openvpn"] = "OpenVPN"; - } - - return($interfaces); -} - -$Include_Act = explode(",", str_replace(" ", ",", $filterfieldsarray['act'])); - -if ($filterfieldsarray['interface'] == "All") { - $interface = ""; -} - -$tab_array = array(); -$tab_array[] = array(gettext("System"), ($logfile == 'system'), "status_logs.php"); -$tab_array[] = array(gettext("Firewall"), ($logfile == 'filter'), "status_logs_filter.php"); -$tab_array[] = array(gettext("DHCP"), ($logfile == 'dhcpd'), "status_logs.php?logfile=dhcpd"); -$tab_array[] = array(gettext("Portal Auth"), ($logfile == 'portalauth'), "status_logs.php?logfile=portalauth"); -$tab_array[] = array(gettext("IPsec"), ($logfile == 'ipsec'), "status_logs.php?logfile=ipsec"); -$tab_array[] = array(gettext("PPP"), ($logfile == 'ppp'), "status_logs.php?logfile=ppp"); -$tab_array[] = array(gettext("VPN"), false, "status_logs_vpn.php"); -$tab_array[] = array(gettext("Load Balancer"), ($logfile == 'relayd'), "status_logs.php?logfile=relayd"); -$tab_array[] = array(gettext("OpenVPN"), ($logfile == 'openvpn'), "status_logs.php?logfile=openvpn"); -$tab_array[] = array(gettext("NTP"), ($logfile == 'ntpd'), "status_logs.php?logfile=ntpd"); -$tab_array[] = array(gettext("Settings"), false, "status_logs_settings.php"); -display_top_tabs($tab_array); - -$tab_array = array(); -$tab_array[] = array(gettext("Normal View"), true, "/status_logs_filter.php"); -$tab_array[] = array(gettext("Dynamic View"), false, "/status_logs_filter_dynamic.php"); -$tab_array[] = array(gettext("Summary View"), false, "/status_logs_filter_summary.php"); -display_top_tabs($tab_array, false, 'nav nav-tabs'); - -if ($filter_active) { - $filter_state = SEC_OPEN; -} else { - $filter_state = SEC_CLOSED; -} - -if (!$rawfilter) { // Advanced log filter form - $form = new Form(false); - - $section = new Form_Section('Advanced Log Filter', 'adv-filter-panel', COLLAPSIBLE|$filter_state); - - $group = new Form_Group(''); - - $group->add(new Form_Input( - 'filterlogentries_sourceipaddress', - null, - 'text', - $filterfieldsarray['srcip'] - ))->setHelp('Source IP Address'); - - $group->add(new Form_Input( - 'filterlogentries_destinationipaddress', - null, - 'text', - $filterfieldsarray['dstip'] - ))->setHelp('Destination IP Address'); - - $section->add($group); - $group = new Form_Group(''); - - $group->add(new Form_Checkbox( - 'actpass', - null, - 'Pass', - in_arrayi('Pass', $Include_Act), - 'Pass' - ))->setWidth(1); - - $group->add(new Form_Input( - 'filterlogentries_time', - null, - 'text', - $filterfieldsarray['time'] - ))->setWidth(3)->setHelp('Time'); - - $group->add(new Form_Input( - 'filterlogentries_sourceport', - null, - 'text', - $filterfieldsarray['srcport'] - ))->setWidth(2)->setHelp('Source Port'); - - $group->add(new Form_Input( - 'filterlogentries_protocol', - null, - 'text', - $filterfieldsarray['proto'] - ))->setWidth(2)->setHelp('Protocol'); - - $group->add(new Form_Input( - 'filterlogentries_qty', - null, - 'number', - $filterlogentries_qty, - ['placeholder' => $nentries] - ))->setWidth(2)->setHelp('Quantity'); - - $section->add($group); +// Tab Array +tab_array_logs_common(); - $group = new Form_Group(''); - $group->add(new Form_Checkbox( - 'actblock', - null, - 'Block', - in_arrayi('Block', $Include_Act), - 'Block' - ))->setWidth(1); +// Filter Section/Form - Firewall +filter_form_firewall(); - $group->add(new Form_Input( - 'filterlogentries_interfaces', - null, - 'text', - $filterfieldsarray['interface'] - ))->setWidth(2)->setHelp('Interface'); - - $group->add(new Form_Input( - 'filterlogentries_destinationport', - null, - 'text', - $filterfieldsarray['dstport'] - ))->setWidth(2)->setHelp('Destination Port'); - - $group->add(new Form_Input( - 'filterlogentries_protocolflags', - null, - 'text', - $filterfieldsarray['tcpflags'] - ))->setWidth(2)->setHelp('Protocol Flags'); - - $btnsubmit = new Form_Button( - 'filterlogentries_submit', - ' ' . gettext('Apply Filter'), - null, - 'fa-filter' - ); -} else { // Simple log filter form - $form = new Form(false); - - $section = new Form_Section('Log Filter', 'basic-filter-panel', COLLAPSIBLE|$filter_state); - - $group = new Form_Group(''); - - $group->add(new Form_Select( - 'interface', - null, - $interfacefilter, - build_if_list() - ))->setWidth(2)->setHelp('Interface'); - - $group->add(new Form_Input( - 'filterlogentries_qty', - null, - 'number', - $filterlogentries_qty, - ['placeholder' => $nentries] - ))->setWidth(2)->setHelp('Quantity'); - - $section->add($group); - - $group = new Form_Group(''); - - $group->add(new Form_Input( - 'filtertext', - null, - 'text', - $filtertext - ))->setWidth(6)->setHelp('Filter Expression'); - - $btnsubmit = new Form_Button( - 'filtersubmit', - ' ' . gettext('Apply Filter'), - null, - 'fa-filter' - ); -} - -$btnsubmit->removeClass('btn-primary')->addClass('btn-success')->addClass('btn-sm'); - -$group->add(new Form_StaticText( - '', - $btnsubmit -)); - -$group->setHelp('<a target="_blank" href="http://www.php.net/manual/en/book.pcre.php">' . gettext('Regular expression reference') . '</a> ' . gettext('Precede with exclamation (!) to exclude match.')); -$section->add($group); -$form->add($section); -print($form); // Now the forms are complete we can draw the log table and its controls if (!$rawfilter) { @@ -570,9 +158,9 @@ if (!$rawfilter) { } if ($filterlogentries_submit) { - $filterlog = conv_log_filter($filter_logfile, $nentries, $nentries + 100, $filterfieldsarray); + $filterlog = conv_log_filter($logfile_path, $nentries, $nentries + 100, $filterfieldsarray); } else { - $filterlog = conv_log_filter($filter_logfile, $nentries, $nentries + 100, $filtertext, $interfacefilter); + $filterlog = conv_log_filter($logfile_path, $nentries, $nentries + 100, $filtertext, $interfacefilter); } ?> @@ -743,9 +331,9 @@ if (!$rawfilter) { <tbody> <?php if ($filtertext) { - $rows = dump_clog($filter_logfile, $nentries, true, array("$filtertext")); + $rows = dump_clog($logfile_path, $nentries, true, array("$filtertext")); } else { - $rows = dump_clog($filter_logfile, $nentries, true, array()); + $rows = dump_clog($logfile_path, $nentries, true, array()); } ?> </tbody> @@ -774,208 +362,9 @@ print_info_box('<a href="https://doc.pfsense.org/index.php/What_are_TCP_Flags%3F <?php # Manage Log - Section/Form - -if ($input_errors) { - print_input_errors($input_errors); - $manage_log_active = true; -} - -if ($manage_log_active) { - $manage_log_state = SEC_OPEN; -} else { - $manage_log_state = SEC_CLOSED; -} - -$form = new Form(false); - -$section = new Form_Section(gettext('Manage') . ' ' . gettext($allowed_logs[$logfile]["name"]) . ' ' . gettext('Log'), 'log-manager-panel', COLLAPSIBLE|$manage_log_state); - -$section->addInput(new Form_StaticText( - '', - 'These settings override the "General Logging Options" settings.' -)); - - -# All -$group = new Form_Group('Forward/Reverse Display'); - -$group->add(new Form_Checkbox( - 'cronorder', - null, - 'Forward', - ($pconfig['cronorder'] == 'forward') ? true : false, - 'forward' -))->displayAsRadio()->setHelp('(newest at bottom)'); - -$group->add(new Form_Checkbox( - 'cronorder', - null, - 'Reverse', - ($pconfig['cronorder'] == 'reverse') ? true : false, - 'reverse' -))->displayAsRadio()->setHelp('(newest at top)'); - -$group->add(new Form_Checkbox( - 'cronorder', - null, - 'General Logging Options Setting', - ($pconfig['cronorder'] == '') ? true : false, - '' -))->displayAsRadio(); - -$group->setHelp('Show log entries in forward or reverse order.'); -$section->add($group); - -$group = new Form_Group('GUI Log Entries'); - -# Use the general logging options setting (global) as placeholder. -$group->add(new Form_Input( - 'nentries', - 'GUI Log Entries', - 'number', - $pconfig['nentries'], - ['min' => 5, 'max' => 2000, 'placeholder' => $config['syslog']['nentries']] -))->setWidth(2); - -$group->setHelp('This is the number of log entries displayed in the GUI. It does not affect how many entries are contained in the log.'); -$section->add($group); - -$group = new Form_Group('Log file size (Bytes)'); - -# Use the general logging options setting (global) as placeholder. -$group->add(new Form_Input( - 'logfilesize', - 'Log file size (Bytes)', - 'number', - $pconfig['logfilesize'], - ['min' => 100000, 'placeholder' => $config['syslog']['logfilesize'] ? $config['syslog']['logfilesize'] : "511488"] -))->setWidth(2); -$group->setHelp("The log is held in a constant-size circular log file. This field controls how large the log file is, and thus how many entries may exist inside the log. The default is approximately 500KB." . - '<br /><br />' . - "NOTE: The log size is changed the next time it is cleared. To immediately change the log size, first save the options to set the size, then clear the log using the \"Clear Log\" action below. "); -$section->add($group); - -$group = new Form_Group('Formatted/Raw Display'); - -$group->add(new Form_Checkbox( - 'format', - null, - 'Formatted', - ($pconfig['format'] == 'formatted') ? true : false, - 'formatted' -))->displayAsRadio(); - -$group->add(new Form_Checkbox( - 'format', - null, - 'Raw', - ($pconfig['format'] == 'raw') ? true : false, - 'raw' -))->displayAsRadio(); - -$group->add(new Form_Checkbox( - 'format', - null, - 'General Logging Options Setting', - ($pconfig['format'] == '') ? true : false, - '' -))->displayAsRadio(); - -$group->setHelp('Show the log entries as formatted or raw output as generated by the service. The raw output will reveal more detailed information, but it is more difficult to read.'); -$section->add($group); - - -# System General (main) Specific -if ($logfile == 'system') { - $section->addInput(new Form_Checkbox( - 'loglighttpd', - 'Web Server Log', - 'Log errors from the web server process', - $pconfig['loglighttpd'] - ))->setHelp('If this is checked, errors from the lighttpd web server process for the GUI or Captive Portal will appear in the system log.'); -} - - -# Firewall Specific -if ($logfile == 'filter') { -$section->addInput(new Form_Checkbox( - 'logdefaultblock', - 'Log firewall default blocks', - 'Log packets matched from the default block rules in the ruleset', - $pconfig['logdefaultblock'] -))->setHelp('Packets that are blocked by the implicit default block rule will not be logged if this option is unchecked. Per-rule logging options are still respected.'); - -$section->addInput(new Form_Checkbox( - 'logdefaultpass', - null, - 'Log packets matched from the default pass rules put in the ruleset', - $pconfig['logdefaultpass'] -))->setHelp('Packets that are allowed by the implicit default pass rule will be logged if this option is checked. Per-rule logging options are still respected. '); - -$section->addInput(new Form_Checkbox( - 'logbogons', - null, - 'Log packets blocked by \'Block Bogon Networks\' rules', - $pconfig['logbogons'] -)); - -$section->addInput(new Form_Checkbox( - 'logprivatenets', - null, - 'Log packets blocked by \'Block Private Networks\' rules', - $pconfig['logprivatenets'] -)); - -$section->addInput(new Form_Select( - 'filterdescriptions', - 'Where to show rule descriptions', - !isset($pconfig['filterdescriptions']) ? '0':$pconfig['filterdescriptions'], - array( - '0' => 'Dont load descriptions', - '1' => 'Display as column', - '2' => 'Display as second row' - ) -))->setHelp('Show the applied rule description below or in the firewall log rows' . '<br />' . - 'Displaying rule descriptions for all lines in the log might affect performance with large rule sets'); -} - - -$group = new Form_Group('Action'); - -$btnsavesettings = new Form_Button( - 'save_settings', - gettext('Save'), - null -); - -$btnsavesettings->addClass('btn-sm'); - -$group->add(new Form_StaticText( - '', - $btnsavesettings -))->setHelp('Saves changed settings.'); - - -$btnclear = new Form_Button( - 'clear', - ' ' . gettext('Clear log'), - null, - 'fa-trash' -); - -$btnclear->removeClass('btn-primary')->addClass('btn-danger')->addClass('btn-sm'); - -$group->add(new Form_StaticText( - '', - $btnclear -))->setHelp('Clears local log file and reinitializes it as an empty log. Save any settings changes first.'); - -$section->add($group); -$form->add($section); -print $form; +manage_log_section(); ?> - <!-- AJAXY STUFF --> <script type="text/javascript"> //<![CDATA[ diff --git a/src/usr/local/www/status_logs_filter_dynamic.php b/src/usr/local/www/status_logs_filter_dynamic.php index 07b8fee..211b5c8 100755 --- a/src/usr/local/www/status_logs_filter_dynamic.php +++ b/src/usr/local/www/status_logs_filter_dynamic.php @@ -63,27 +63,78 @@ ##|*MATCH=status_logs_filter_dynamic.php* ##|-PRIV -require("guiconfig.inc"); -require_once("filter_log.inc"); -$filter_logfile = "{$g['varlog_path']}/filter.log"; +/* AJAX related routines */ +require_once("guiconfig.inc"); +require_once("filter_log.inc"); +handle_ajax(); -/* Hardcode this. AJAX doesn't do so well with large numbers */ -$nentries = 50; -/* AJAX related routines */ -handle_ajax($nentries, $nentries + 20); +require_once("status_logs_common.inc"); -if ($_POST['clear']) { - clear_log_file($filter_logfile); +/* +Build a list of allowed log files so we can reject others to prevent the page +from acting on unauthorized files. +*/ +$allowed_logs = array( + "filter" => array("name" => "Firewall", + "shortcut" => "filter"), +); + +// The logs to display are specified in a GET argument. Default to 'system' logs +if (!$_GET['logfile']) { + $logfile = 'filter'; + $view = 'normal'; +} else { + $logfile = $_GET['logfile']; + $view = $_GET['view']; + if (!array_key_exists($logfile, $allowed_logs)) { + /* Do not let someone attempt to load an unauthorized log. */ + $logfile = 'filter'; + $view = 'normal'; + } } -$filterlog = conv_log_filter($filter_logfile, $nentries, $nentries + 100); +if ($view == 'normal') { $view_title = gettext("Normal View"); } +if ($view == 'dynamic') { $view_title = gettext("Dynamic View"); } +if ($view == 'summary') { $view_title = gettext("Summary View"); } + + +// Log Filter Submit - Firewall +log_filter_form_firewall_submit(); + + +// Manage Log Section - Code +manage_log_code(); -$pgtitle = array(gettext("Status"), gettext("System logs"), gettext("Firewall"), gettext("Dynamic View")); -$shortcut_section = "firewall"; + +// Status Logs Common - Code +status_logs_common_code(); + + +$pgtitle = array(gettext("Status"), gettext("System logs"), gettext($allowed_logs[$logfile]["name"]), $view_title); include("head.inc"); +if (!$input_errors && $savemsg) { + print_info_box($savemsg); + $manage_log_active = false; +} + + +// Tab Array +tab_array_logs_common(); + + +// Log Filter Submit - Firewall +filter_form_firewall(); + + +// Now the forms are complete we can draw the log table and its controls +if ($filterlogentries_submit) { + $filterlog = conv_log_filter($logfile_path, $nentries, $nentries + 100, $filterfieldsarray); +} else { + $filterlog = conv_log_filter($logfile_path, $nentries, $nentries + 100, $filtertext, $interfacefilter); +} ?> <script type="text/javascript"> @@ -95,13 +146,31 @@ include("head.inc"); var isBusy = false; var isPaused = false; var nentries = <?=$nentries; ?>; + <?php - if (isset($config['syslog']['reverse'])) { + # Build query string. + if ($filterlogentries_submit) { # Formatted mode. + $filter_query_string = "type=formatted&filter=" . urlencode(json_encode($filterfieldsarray )); + } + if ($filtersubmit) { # Raw mode. + $filter_query_string = "type=raw&filter=" . urlencode(json_encode($filtertext )) . "&interfacefilter=" . $interfacefilter; + } + + + # First get the "General Logging Options" (global) chronological order setting. Then apply specific log override if set. + $reverse = isset($config['syslog']['reverse']); + $specific_log = basename($logfile, '.log') . '_settings'; + if ($config['syslog'][$specific_log]['cronorder'] == 'forward') $reverse = false; + if ($config['syslog'][$specific_log]['cronorder'] == 'reverse') $reverse = true; + + if ($reverse) { echo "var isReverse = true;\n"; } else { echo "var isReverse = false;\n"; } ?> + var filter_query_string = "<?=$filter_query_string . '&logfile=' . $logfile_path . '&nentries=' . $nentries?>"; + /* Called by the AJAX updater */ function format_log_line(row) { if (row[8] == '6') { @@ -183,7 +252,7 @@ function fetch_new_rules() { return; } isBusy = true; - getURL('status_logs_filter_dynamic.php?lastsawtime=' + lastsawtime, fetch_new_rules_callback); + getURL('status_logs_filter_dynamic.php?' + filter_query_string + '&lastsawtime=' + lastsawtime, fetch_new_rules_callback); } function fetch_new_rules_callback(callback_data) { @@ -325,27 +394,6 @@ function toggleListDescriptions() { //]]> </script> -<?php -$tab_array = array(); -$tab_array[] = array(gettext("System"), false, "status_logs.php"); -$tab_array[] = array(gettext("Firewall"), true, "status_logs_filter.php"); -$tab_array[] = array(gettext("DHCP"), false, "status_logs.php?logfile=dhcpd"); -$tab_array[] = array(gettext("Portal Auth"), false, "status_logs.php?logfile=portalauth"); -$tab_array[] = array(gettext("IPsec"), false, "status_logs.php?logfile=ipsec"); -$tab_array[] = array(gettext("PPP"), false, "status_logs.php?logfile=ppp"); -$tab_array[] = array(gettext("VPN"), false, "status_logs_vpn.php"); -$tab_array[] = array(gettext("Load Balancer"), false, "status_logs.php?logfile=relayd"); -$tab_array[] = array(gettext("OpenVPN"), false, "status_logs.php?logfile=openvpn"); -$tab_array[] = array(gettext("NTP"), false, "status_logs.php?logfile=ntpd"); -$tab_array[] = array(gettext("Settings"), false, "status_logs_settings.php"); -display_top_tabs($tab_array); - -$tab_array = array(); -$tab_array[] = array(gettext("Normal View"), false, "/status_logs_filter.php"); -$tab_array[] = array(gettext("Dynamic View"), true, "/status_logs_filter_dynamic.php"); -$tab_array[] = array(gettext("Summary View"), false, "/status_logs_filter_summary.php"); -display_top_tabs($tab_array, false, 'nav nav-tabs'); -?> <div class="panel panel-default"> <div class="panel-heading"> @@ -357,7 +405,7 @@ display_top_tabs($tab_array, false, 'nav nav-tabs'); <div class="table-responsive"> <table class="table table-striped table-hover table-condensed"> <thead> - <tr> + <tr class="text-nowrap"> <th><?=gettext("Act")?></th> <th><?=gettext("Time")?></th> <th><?=gettext("IF")?></th> @@ -394,7 +442,7 @@ display_top_tabs($tab_array, false, 'nav nav-tabs'); $dstPort = ""; } ?> - <tr> + <tr class="text-nowrap"> <td> <?php if ($filterent['act'] == "block") { @@ -425,14 +473,25 @@ display_top_tabs($tab_array, false, 'nav nav-tabs'); </div> </div> </div> -<?php +<?php if ($tcpcnt > 0) { +?> +<div id="infoblock"> +<?php print_info_box('<a href="https://doc.pfsense.org/index.php/What_are_TCP_Flags%3F">' . gettext("TCP Flags") . '</a>: F - FIN, S - SYN, A or . - ACK, R - RST, P - PSH, U - URG, E - ECE, C - CWR'); +?> +</div> +<?php } ?> +<?php +# Manage Log - Section/Form +manage_log_section(); +?> + <script type="text/javascript"> //<![CDATA[ events.push(function() { diff --git a/src/usr/local/www/status_logs_filter_summary.php b/src/usr/local/www/status_logs_filter_summary.php index ebb4db0..4e23f93 100644 --- a/src/usr/local/www/status_logs_filter_summary.php +++ b/src/usr/local/www/status_logs_filter_summary.php @@ -60,14 +60,58 @@ ##|*MATCH=status_logs_filter_summary.php* ##|-PRIV -require_once("guiconfig.inc"); -include_once("filter_log.inc"); +require_once("status_logs_common.inc"); -$filter_logfile = "{$g['varlog_path']}/filter.log"; $lines = 5000; $entriesperblock = 5; -$filterlog = conv_log_filter($filter_logfile, $lines, $lines); + +/* +Build a list of allowed log files so we can reject others to prevent the page +from acting on unauthorized files. +*/ +$allowed_logs = array( + "filter" => array("name" => "Firewall", + "shortcut" => "filter"), +); + +// The logs to display are specified in a GET argument. Default to 'system' logs +if (!$_GET['logfile']) { + $logfile = 'filter'; + $view = 'normal'; +} else { + $logfile = $_GET['logfile']; + $view = $_GET['view']; + if (!array_key_exists($logfile, $allowed_logs)) { + /* Do not let someone attempt to load an unauthorized log. */ + $logfile = 'filter'; + $view = 'normal'; + } +} + +if ($view == 'normal') { $view_title = gettext("Normal View"); } +if ($view == 'dynamic') { $view_title = gettext("Dynamic View"); } +if ($view == 'summary') { $view_title = gettext("Summary View"); } + + +// Status Logs Common - Code +status_logs_common_code(); + + +$pgtitle = array(gettext("Status"), gettext("System logs"), gettext($allowed_logs[$logfile]["name"]), $view_title); +include("head.inc"); + +if (!$input_errors && $savemsg) { + print_info_box($savemsg); + $manage_log_active = false; +} + + +// Tab Array +tab_array_logs_common(); + + +$filterlog = conv_log_filter($logfile_path, $lines, $lines); $gotlines = count($filterlog); $fields = array( 'act' => gettext("Actions"), @@ -88,6 +132,58 @@ foreach (array_keys($fields) as $f) { $totals = array(); + +foreach ($filterlog as $fe) { + $specialfields = array('srcport', 'dstport'); + foreach (array_keys($fields) as $field) { + if (!in_array($field, $specialfields)) { + $summary[$field][$fe[$field]]++; + } + } + /* Handle some special cases */ + if ($fe['srcport']) { + $summary['srcport'][$fe['proto'].'/'.$fe['srcport']]++; + } else { + $summary['srcport'][$fe['srcport']]++; + } + if ($fe['dstport']) { + $summary['dstport'][$fe['proto'].'/'.$fe['dstport']]++; + } else { + $summary['dstport'][$fe['dstport']]++; + } +} + + +print("<br />"); +$infomsg = sprintf('This is a summary of the last %1$s lines of the firewall log (Max %2$s).', $gotlines, $lines); +print_info_box($infomsg, info); +?> + +<script src="d3pie/d3pie.min.js"></script> +<script src="d3pie/d3.min.js"></script> + +<?php + +$chartnum=0; +foreach (array_keys($fields) as $field) { +?> +<div class="panel panel-default"> + <div class="panel-heading"><h2 class="panel-title"><?=$fields[$field]?></h2></div> + <div class="panel-body"> + <div id="pieChart<?=$chartnum?>" class="text-center"> +<?php + pie_block($summary, $field , $entriesperblock, $chartnum); + stat_block($summary, $field , $entriesperblock); + $chartnum++; +?> + </div> + </div> +</div> +<?php +} +?> + +<?php function cmp($a, $b) { if ($a == $b) { return 0; @@ -132,7 +228,9 @@ function stat_block($summary, $stat, $num) { print "</table>"; print('</div>'); } +?> +<?php // Create the JSON document for the chart to be displayed // Todo: Be good to investigate building this with json_encode and friends some time function pie_block($summary, $stat, $num, $chartnum) { @@ -248,77 +346,8 @@ var pie = new d3pie("pieChart<?=$chartnum?>", { </script> <?php } - -foreach ($filterlog as $fe) { - $specialfields = array('srcport', 'dstport'); - foreach (array_keys($fields) as $field) { - if (!in_array($field, $specialfields)) { - $summary[$field][$fe[$field]]++; - } - } - /* Handle some special cases */ - if ($fe['srcport']) { - $summary['srcport'][$fe['proto'].'/'.$fe['srcport']]++; - } else { - $summary['srcport'][$fe['srcport']]++; - } - if ($fe['dstport']) { - $summary['dstport'][$fe['proto'].'/'.$fe['dstport']]++; - } else { - $summary['dstport'][$fe['dstport']]++; - } -} - -$pgtitle = array(gettext("Status"), gettext("System logs"), gettext("Firewall"), gettext("Summary View")); -$shortcut_section = "firewall"; -include("head.inc"); - -$tab_array = array(); -$tab_array[] = array(gettext("System"), false, "status_logs.php"); -$tab_array[] = array(gettext("Firewall"), true, "status_logs_filter.php"); -$tab_array[] = array(gettext("DHCP"), false, "status_logs.php?logfile=dhcpd"); -$tab_array[] = array(gettext("Portal Auth"), false, "status_logs.php?logfile=portalauth"); -$tab_array[] = array(gettext("IPsec"), false, "status_logs.php?logfile=ipsec"); -$tab_array[] = array(gettext("PPP"), false, "status_logs.php?logfile=ppp"); -$tab_array[] = array(gettext("VPN"), false, "status_logs_vpn.php"); -$tab_array[] = array(gettext("Load Balancer"), false, "status_logs.php?logfile=relayd"); -$tab_array[] = array(gettext("OpenVPN"), false, "status_logs.php?logfile=openvpn"); -$tab_array[] = array(gettext("NTP"), false, "status_logs.php?logfile=ntpd"); -$tab_array[] = array(gettext("Settings"), false, "status_logs_settings.php"); -display_top_tabs($tab_array); - -$tab_array = array(); -$tab_array[] = array(gettext("Normal View"), false, "/status_logs_filter.php"); -$tab_array[] = array(gettext("Dynamic View"), false, "/status_logs_filter_dynamic.php"); -$tab_array[] = array(gettext("Summary View"), true, "/status_logs_filter_summary.php"); -display_top_tabs($tab_array, false, 'nav nav-tabs'); - -print("<br />"); -$infomsg = sprintf('This is a summary of the last %1$s lines of the firewall log (Max %2$s).', $gotlines, $lines); -print_info_box($infomsg, info); ?> -<script src="d3pie/d3pie.min.js"></script> -<script src="d3pie/d3.min.js"></script> - <?php - -$chartnum=0; -foreach (array_keys($fields) as $field) { -?> -<div class="panel panel-default"> - <div class="panel-heading"><h2 class="panel-title"><?=$fields[$field]?></h2></div> - <div class="panel-body"> - <div id="pieChart<?=$chartnum?>" align="center"> -<?php - pie_block($summary, $field , $entriesperblock, $chartnum); - stat_block($summary, $field , $entriesperblock); - $chartnum++; -?> - </div> - </div> -</div> -<?php -} - include("foot.inc"); +?>
\ No newline at end of file diff --git a/src/usr/local/www/status_logs_settings.php b/src/usr/local/www/status_logs_settings.php index 8fa193a..c11fcad 100644 --- a/src/usr/local/www/status_logs_settings.php +++ b/src/usr/local/www/status_logs_settings.php @@ -89,7 +89,7 @@ $pconfig['logdefaultblock'] = !isset($config['syslog']['nologdefaultblock']); $pconfig['logdefaultpass'] = isset($config['syslog']['nologdefaultpass']); $pconfig['logbogons'] = !isset($config['syslog']['nologbogons']); $pconfig['logprivatenets'] = !isset($config['syslog']['nologprivatenets']); -$pconfig['loglighttpd'] = !isset($config['syslog']['nologlighttpd']); +$pconfig['lognginx'] = !isset($config['syslog']['nolognginx']); $pconfig['rawfilter'] = isset($config['syslog']['rawfilter']); $pconfig['filterdescriptions'] = $config['syslog']['filterdescriptions']; $pconfig['disablelocallogging'] = isset($config['syslog']['disablelocallogging']); @@ -163,12 +163,12 @@ if ($_POST['resetlogs'] == gettext("Reset Log Files")) { $oldnologdefaultpass = isset($config['syslog']['nologdefaultpass']); $oldnologbogons = isset($config['syslog']['nologbogons']); $oldnologprivatenets = isset($config['syslog']['nologprivatenets']); - $oldnologlighttpd = isset($config['syslog']['nologlighttpd']); + $oldnolognginx = isset($config['syslog']['nolognginx']); $config['syslog']['nologdefaultblock'] = $_POST['logdefaultblock'] ? false : true; $config['syslog']['nologdefaultpass'] = $_POST['logdefaultpass'] ? true : false; $config['syslog']['nologbogons'] = $_POST['logbogons'] ? false : true; $config['syslog']['nologprivatenets'] = $_POST['logprivatenets'] ? false : true; - $config['syslog']['nologlighttpd'] = $_POST['loglighttpd'] ? false : true; + $config['syslog']['nolognginx'] = $_POST['lognginx'] ? false : true; $config['syslog']['rawfilter'] = $_POST['rawfilter'] ? true : false; if (is_numeric($_POST['filterdescriptions']) && $_POST['filterdescriptions'] > 0) { $config['syslog']['filterdescriptions'] = $_POST['filterdescriptions']; @@ -194,7 +194,7 @@ if ($_POST['resetlogs'] == gettext("Reset Log Files")) { $savemsg = get_std_save_message($retval); - if ($oldnologlighttpd !== isset($config['syslog']['nologlighttpd'])) { + if ($oldnolognginx !== isset($config['syslog']['nolognginx'])) { ob_flush(); flush(); log_error(gettext("webConfigurator configuration has changed. Restarting webConfigurator.")); @@ -220,10 +220,13 @@ $remoteloghelp = gettext("This option will allow the logging daemon to bind to a gettext("If you pick a single IP, remote syslog servers must all be of that IP type. If you wish to mix IPv4 and IPv6 remote syslog servers, you must bind to all interfaces.") . "<br /><br />" . gettext("NOTE: If an IP address cannot be located on the chosen interface, the daemon will bind to all addresses."); + if ($input_errors) { print_input_errors($input_errors); -} else if ($savemsg) { - print_info_box($savemsg); +} + +if ($savemsg) { + print_info_box($savemsg, 'success'); } $tab_array = array(); @@ -299,11 +302,11 @@ $section->addInput(new Form_Checkbox( )); $section->addInput(new Form_Checkbox( - 'loglighttpd', + 'lognginx', 'Web Server Log', 'Log errors from the web server process', - $pconfig['loglighttpd'] -))->setHelp('If this is checked, errors from the lighttpd web server process for the GUI or Captive Portal will appear in the main system log'); + $pconfig['lognginx'] +))->setHelp('If this is checked, errors from the web server process for the GUI or Captive Portal will appear in the main system log'); $section->addInput(new Form_Checkbox( 'rawfilter', diff --git a/src/usr/local/www/status_rrd_graph.php b/src/usr/local/www/status_rrd_graph.php index cbd084e..11a45d0 100644 --- a/src/usr/local/www/status_rrd_graph.php +++ b/src/usr/local/www/status_rrd_graph.php @@ -297,7 +297,7 @@ $graph_length = array( "year" => 31622400, "fouryear" => 126230400); -$pgtitle = array(gettext("Status"), gettext("RRD Graphs")); +$pgtitle = array(gettext("Status"), gettext("RRD Graphs"), gettext(ucfirst($curcat)." Graphs")); /* Load all CP zones */ if ($captiveportal && is_array($config['captiveportal'])) { diff --git a/src/usr/local/www/status_rrd_graph_settings.php b/src/usr/local/www/status_rrd_graph_settings.php index 2bd5231..7262c98 100644 --- a/src/usr/local/www/status_rrd_graph_settings.php +++ b/src/usr/local/www/status_rrd_graph_settings.php @@ -92,7 +92,6 @@ $periods = array("absolute" => gettext("Absolute Timespans"), if ($_POST['ResetRRD']) { mwexec('/bin/rm /var/db/rrd/*'); enable_rrd_graphing(); - setup_gateways_monitor(); $savemsg = "RRD data has been cleared. New RRD files have been generated."; } elseif ($_POST) { unset($input_errors); @@ -141,7 +140,7 @@ foreach ($databases as $database) { } } -$pgtitle = array(gettext("Status"), gettext("RRD Graphs")); +$pgtitle = array(gettext("Status"), gettext("RRD Graphs"), gettext("Settings")); include("head.inc"); $tab_array[] = array(gettext("System"), ($curcat == "system"), "status_rrd_graph.php?cat=system"); diff --git a/src/usr/local/www/status_services.php b/src/usr/local/www/status_services.php index a944696..905057a 100755 --- a/src/usr/local/www/status_services.php +++ b/src/usr/local/www/status_services.php @@ -118,6 +118,10 @@ if (count($services) > 0) { <input id="id" type="hidden" name="id" value=""/> <input id="zone" type="hidden" name="zone" value=""/> +<div class="panel panel-default"> + <div class="panel-heading"><h2 class="panel-title"><?=gettext('Services')?></h2></div> + <div class="panel-body"> + <div class="panel-body panel-default"> <div class="table-responsive"> <table class="table table-striped table-hover table-condensed sortable-theme-bootstrap" data-sortable> @@ -184,6 +188,10 @@ if (count($services) > 0) { </table> </div> </div> + + </div> +</div> + </form> <?php } else { diff --git a/src/usr/local/www/system.php b/src/usr/local/www/system.php index 8f0bd11..a69cb78 100644 --- a/src/usr/local/www/system.php +++ b/src/usr/local/www/system.php @@ -345,7 +345,7 @@ if ($input_errors) { } if ($savemsg) { - print_info_box($savemsg, success); + print_info_box($savemsg, 'success'); } ?> <div id="container"> diff --git a/src/usr/local/www/system_advanced_misc.php b/src/usr/local/www/system_advanced_misc.php index 389496d..b3d78a4 100644 --- a/src/usr/local/www/system_advanced_misc.php +++ b/src/usr/local/www/system_advanced_misc.php @@ -149,6 +149,10 @@ if ($_POST) { $input_errors[] = gettext("The proxy username contains invalid characters."); } + if($_POST['proxypass'] != $_POST['proxypass_confirm']) { + $input_errors[] = gettext("Proxy password and confirmation must match."); + } + if (!$input_errors) { if ($_POST['harddiskstandby'] <> "") { @@ -177,7 +181,9 @@ if ($_POST) { } if ($_POST['proxypass'] <> "") { - $config['system']['proxypass'] = $_POST['proxypass']; + if ($_POST['proxypass'] != DMYPWD) { + $config['system']['proxypass'] = $_POST['proxypass']; + } } else { unset($config['system']['proxypass']); } @@ -303,7 +309,7 @@ if ($input_errors) { } if ($savemsg) { - print_info_box($savemsg, success); + print_info_box($savemsg, 'success'); } $tab_array = array(); @@ -341,7 +347,7 @@ $section->addInput(new Form_Input( ))->setHelp('Username for authentication to proxy server. Optional, '. 'leave blank to not use authentication.'); -$section->addInput(new Form_Input( +$section->addPassword(new Form_Input( 'proxypass', 'Proxy Password', 'password', diff --git a/src/usr/local/www/system_advanced_notifications.php b/src/usr/local/www/system_advanced_notifications.php index 0c5ed03..99bec31 100644 --- a/src/usr/local/www/system_advanced_notifications.php +++ b/src/usr/local/www/system_advanced_notifications.php @@ -126,7 +126,14 @@ if ($_POST) { // Growl $config['notifications']['growl']['ipaddress'] = $_POST['ipaddress']; - $config['notifications']['growl']['password'] = $_POST['password']; + if ($_POST['password'] != DMYPWD) { + if ($_POST['password'] == $_POST['password_confirm']) { + $config['notifications']['growl']['password'] = $_POST['password']; + } else { + $input_errors[] = gettext("Growl passwords must match"); + } + } + $config['notifications']['growl']['name'] = $_POST['name']; $config['notifications']['growl']['notification_name'] = $_POST['notification_name']; @@ -153,7 +160,15 @@ if ($_POST) { $config['notifications']['smtp']['notifyemailaddress'] = $_POST['smtpnotifyemailaddress']; $config['notifications']['smtp']['username'] = $_POST['smtpusername']; - $config['notifications']['smtp']['password'] = $_POST['smtppassword']; + + if ($_POST['smtppassword'] != DMYPWD) { + if ($_POST['smtppassword'] == $_POST['smtppassword_confirm']) { + $config['notifications']['smtp']['password'] = $_POST['smtppassword']; + } else { + $input_errors[] = gettext("SMTP passwords must match"); + } + } + $config['notifications']['smtp']['authentication_mechanism'] = $_POST['smtpauthmech']; $config['notifications']['smtp']['fromaddress'] = $_POST['smtpfromaddress']; @@ -170,10 +185,12 @@ if ($_POST) { unset($config['system']['disablebeep']); } - write_config(); + if (!$input_errors) { + write_config(); - pfSenseHeader("system_advanced_notifications.php"); - return; + pfSenseHeader("system_advanced_notifications.php"); + return; + } } @@ -253,7 +270,7 @@ $section->addInput(new Form_Input( ))->setHelp('This is the IP address that you would like to send growl '. 'notifications to.'); -$section->addInput(new Form_Input( +$section->addPassword(new Form_Input( 'password', 'Password', 'text', @@ -337,12 +354,12 @@ $section->addInput(new Form_Input( ['autocomplete' => 'off'] ))->setHelp('Enter the e-mail address username for SMTP authentication.'); -$section->addInput(new Form_Input( +$section->addPassword(new Form_Input( 'smtppassword', 'Notification E-Mail auth password', 'password', $pconfig['smtppassword'] -))->setHelp('Enter the e-mail address password for SMTP authentication.'); +))->setHelp('Enter the e-mail account password for SMTP authentication.'); $section->addInput(new Form_Select( 'smtpauthmech', diff --git a/src/usr/local/www/system_certmanager.php b/src/usr/local/www/system_certmanager.php index 9fa7e51..3b4ebe6 100644 --- a/src/usr/local/www/system_certmanager.php +++ b/src/usr/local/www/system_certmanager.php @@ -777,7 +777,7 @@ $section->addInput(new Form_Input( $section->addInput(new Form_Input( 'dn_email', 'Email Address', - 'email', + 'text', $pconfig['dn_email'], ['placeholder' => 'e.g. admin@mycompany.com'] )); @@ -892,7 +892,7 @@ $section->addInput(new Form_Input( $section->addInput(new Form_Input( 'csr_dn_email', 'Email Address', - 'email', + 'text', $pconfig['csr_dn_email'], ['placeholder' => 'e.g. admin@mycompany.com'] )); diff --git a/src/usr/local/www/system_crlmanager.php b/src/usr/local/www/system_crlmanager.php index e2ef21e..5d3a3f5 100644 --- a/src/usr/local/www/system_crlmanager.php +++ b/src/usr/local/www/system_crlmanager.php @@ -364,7 +364,7 @@ if ($input_errors) { } if ($savemsg) { - print_info_box($savemsg, 'sucess'); + print_info_box($savemsg, 'success'); } $tab_array = array(); diff --git a/src/usr/local/www/system_gateways_edit.php b/src/usr/local/www/system_gateways_edit.php index 25441e5..7c71408 100644 --- a/src/usr/local/www/system_gateways_edit.php +++ b/src/usr/local/www/system_gateways_edit.php @@ -699,12 +699,20 @@ $section->addInput(new Form_Input( $pconfig['name'] ))->setHelp('Gateway name'); -$section->addInput(new Form_Input( +$egw = new Form_Input( 'gateway', 'Gateway', 'text', ($pconfig['dynamic'] ? 'dynamic' : $pconfig['gateway']) -))->setHelp('Gateway IP address'); +); + +$egw->setHelp('Gateway IP address'); + +if ($pconfig['dynamic']) { + $egw->setReadonly(); +} + +$section->addInput($egw); $section->addInput(new Form_Checkbox( 'defaultgw', diff --git a/src/usr/local/www/system_groupmanager_addprivs.php b/src/usr/local/www/system_groupmanager_addprivs.php index 5882727..be2b88f 100644 --- a/src/usr/local/www/system_groupmanager_addprivs.php +++ b/src/usr/local/www/system_groupmanager_addprivs.php @@ -176,7 +176,7 @@ if ($input_errors) { } if ($savemsg) { - print_info_box($savemsg, success); + print_info_box($savemsg, 'success'); } $tab_array = array(); diff --git a/src/usr/local/www/system_hasync.php b/src/usr/local/www/system_hasync.php index f5aca57..6104d5c 100755 --- a/src/usr/local/www/system_hasync.php +++ b/src/usr/local/www/system_hasync.php @@ -95,15 +95,25 @@ if ($_POST) { foreach ($checkbox_names as $name) { $a_hasync[$name] = $pconfig[$name] ? $pconfig[$name] : false; } - $a_hasync['pfsyncpeerip'] = $pconfig['pfsyncpeerip']; + $a_hasync['pfsyncpeerip'] = $pconfig['pfsyncpeerip']; $a_hasync['pfsyncinterface'] = $pconfig['pfsyncinterface']; $a_hasync['synchronizetoip'] = $pconfig['synchronizetoip']; - $a_hasync['username'] = $pconfig['username']; - $a_hasync['password'] = $pconfig['passwordfld']; - write_config("Updated High Availability Sync configuration"); - interfaces_sync_setup(); - header("Location: system_hasync.php"); - exit(); + $a_hasync['username'] = $pconfig['username']; + + if ($pconfig['passwordfld'] == $pconfig['passwordfld_confirm']) { + if ($pconfig['passwordfld'] != DMYPWD) { + $a_hasync['password'] = $pconfig['passwordfld']; + } + } else { + $input_errors[] = gettext("Password and confirmation must match."); + } + + if (!$input_errors) { + write_config("Updated High Availability Sync configuration"); + interfaces_sync_setup(); + header("Location: system_hasync.php"); + exit(); + } } foreach ($checkbox_names as $name) { @@ -129,6 +139,10 @@ foreach ($ifaces as $ifname => $iface) { include("head.inc"); +if ($input_errors) { + print_input_errors($input_errors); +} + $form = new Form; $section = new Form_Section('State Synchronization Settings (pfsync)'); @@ -184,7 +198,7 @@ $section->addInput(new Form_Input( ))->setHelp('Enter the webConfigurator username of the system entered above for synchronizing your configuration.<br />' . 'Do not use the Synchronize Config to IP and username option on backup cluster members!'); -$section->addInput(new Form_Input( +$section->addPassword(new Form_Input( 'passwordfld', 'Remote System Password', 'password', diff --git a/src/usr/local/www/system_usermanager.php b/src/usr/local/www/system_usermanager.php index 3f3b58a..c8ef99a 100644 --- a/src/usr/local/www/system_usermanager.php +++ b/src/usr/local/www/system_usermanager.php @@ -493,6 +493,7 @@ if (!($act == "new" || $act == "edit" || $input_errors)) { <th><?=gettext("Full name")?></th> <th><?=gettext("Disabled")?></th> <th><?=gettext("Groups")?></th> + <th> </th> </tr> </thead> <tbody> @@ -539,6 +540,7 @@ foreach ($a_user as $i => $userent): <?=gettext("Delete")?> </button> </nav> +</form> <div id="infoblock"> <?=print_info_box(gettext("Additional users can be added here. User permissions for accessing " . @@ -917,5 +919,5 @@ events.push(function() { //]]> </script> <?php - include('foot.inc'); +?>
\ No newline at end of file diff --git a/src/usr/local/www/system_usermanager_settings.php b/src/usr/local/www/system_usermanager_settings.php index 875837e..0d532d8 100644 --- a/src/usr/local/www/system_usermanager_settings.php +++ b/src/usr/local/www/system_usermanager_settings.php @@ -127,7 +127,7 @@ if ($input_errors) { } if ($savemsg) { - print_info_box($savemsg, success); + print_info_box($savemsg, 'success'); } if ($save_and_test) { diff --git a/src/usr/local/www/vpn_ipsec.php b/src/usr/local/www/vpn_ipsec.php index d1a7546..9c5b68c 100644 --- a/src/usr/local/www/vpn_ipsec.php +++ b/src/usr/local/www/vpn_ipsec.php @@ -306,13 +306,13 @@ display_top_tabs($tab_array); ?> <tr id="fr<?=$i?>" onclick="fr_toggle(<?=$i?>)" id="frd<?=$i?>" ondblclick="document.location='vpn_ipsec_phase1.php?p1index=<?=$i?>'" class="<?= $entryStatus ?>"> <td> - <input type="checkbox" id="frc<?=$i?>" name="p1entry[]" value="<?=$i?>" onclick="fr_bgcolor('<?=$i?>')" /> + <input type="checkbox" id="frc<?=$i?>" onclick="fr_toggle(<?=$i?>)" name="p1entry[]" value="<?=$i?>" /> <a class="fa fa-anchor" id="Xmove_<?=$i?>" title="<?=gettext("Move checked entries to here")?>"></a> </td> <td> <button value="toggle_<?=$i?>" name="toggle_<?=$i?>" title="<?=gettext("click to toggle enabled/disabled status")?>" class="btn btn-xs btn-default" type="submit"><?= ($entryStatus == 'disabled' ? 'enable' : 'disable') ?></button> </td> - <td onclick="fr_toggle(<?=$i?>)" id="frd<?=$i?>"> + <td id="frd<?=$i?>"> <?php if (empty($ph1ent['iketype']) || $ph1ent['iketype'] == "ikev1") { echo "V1"; @@ -357,7 +357,7 @@ display_top_tabs($tab_array); } ?> </td> - <td onclick="fr_toggle(<?=$i?>)" id="frd<?=$i?>"> + <td id="frd<?=$i?>"> <?=$spans?> <?php if (empty($ph1ent['iketype']) || $ph1ent['iketype'] == "ikev1") { @@ -366,7 +366,7 @@ display_top_tabs($tab_array); ?> <?=$spane?> </td> - <td onclick="fr_toggle(<?=$i?>)" id="frd<?=$i?>"> + <td id="frd<?=$i?>"> <?=$p1_ealgos[$ph1ent['encryption-algorithm']['name']]['name']?> <?php if ($ph1ent['encryption-algorithm']['keylen']) { diff --git a/src/usr/local/www/vpn_ipsec_keys.php b/src/usr/local/www/vpn_ipsec_keys.php index 7fcd642..c3886bb 100644 --- a/src/usr/local/www/vpn_ipsec_keys.php +++ b/src/usr/local/www/vpn_ipsec_keys.php @@ -128,6 +128,10 @@ if (is_subsystem_dirty('ipsec')) { display_top_tabs($tab_array); ?> +<div class="panel panel-default"> + <div class="panel-heading"><h2 class="panel-title"><?=gettext('Pre-Shared Keys')?></h2></div> + <div class="panel-body"> + <div class="table-responsive"> <table class="table table-striped table-hover"> <thead> @@ -196,6 +200,9 @@ if (is_subsystem_dirty('ipsec')) { </table> </div> + </div> +</div> + <nav class="action-buttons"> <a class="btn btn-success btn-sm" href="vpn_ipsec_keys_edit.php"> <i class="fa fa-plus icon-embed-btn"></i> diff --git a/src/usr/local/www/vpn_l2tp.php b/src/usr/local/www/vpn_l2tp.php index 17bb288..1251355 100644 --- a/src/usr/local/www/vpn_l2tp.php +++ b/src/usr/local/www/vpn_l2tp.php @@ -115,6 +115,18 @@ if ($_POST) { $input_errors[] = gettext("A valid RADIUS server address must be specified."); } + if ($_POST['secret'] != $_POST['secret_confirm']) { + $input_errors[] = gettext("Secret and confirmation must match"); + } + + if ($_POST['radiussecret'] != $_POST['radiussecret_confirm']) { + $input_errors[] = gettext("Secret and confirmation must match"); + } + + if (!is_numericint($_POST['n_l2tp_units']) || $_POST['n_l2tp_units'] > 255) { + $input_errors[] = gettext("Number of L2TP users must be between 1 and 255"); + } + /* if this is an AJAX caller then handle via JSON */ if (isAjax() && is_array($input_errors)) { input_errors2Ajax($input_errors); @@ -150,8 +162,14 @@ if ($_POST) { $l2tpcfg['interface'] = $_POST['interface']; $l2tpcfg['n_l2tp_units'] = $_POST['n_l2tp_units']; $l2tpcfg['radius']['server'] = $_POST['radiusserver']; - $l2tpcfg['radius']['secret'] = $_POST['radiussecret']; - $l2tpcfg['secret'] = $_POST['secret']; + if ($_POST['radiussecret'] != DMYPWD) { + $l2tpcfg['radius']['secret'] = $_POST['radiussecret']; + } + + if ($_POST['secret'] != DMYPWD) { + $l2tpcfg['secret'] = $_POST['secret']; + } + $l2tpcfg['paporchap'] = $_POST['paporchap']; @@ -268,15 +286,14 @@ $section->addInput(new Form_IpAddress( ))->addMask(l2tp_subnet, $pconfig['l2tp_subnet']) ->setHelp('Specify the starting address for the client IP address subnet.'); -$section->addInput(new Form_Input( +$section->addInput(new Form_Select( 'n_l2tp_units', 'Number of L2TP users', - 'number', $pconfig['n_l2tp_units'], - ['min' => 0, 'max' => 255] + array_combine(range(1, 255, 1), range(1, 255, 1)) )); -$section->addInput(new Form_Input( +$section->addPassword(new Form_Input( 'secret', 'Secret', 'password', @@ -333,7 +350,7 @@ $section->addInput(new Form_IpAddress( $pconfig['radiusserver'] ))->setHelp('Enter the IP address of the RADIUS server.'); -$section->addInput(new Form_Input( +$section->addPassword(new Form_Input( 'radiussecret', 'Secret', 'password', diff --git a/src/usr/local/www/vpn_l2tp_users.php b/src/usr/local/www/vpn_l2tp_users.php index 101889a..9364f65 100644 --- a/src/usr/local/www/vpn_l2tp_users.php +++ b/src/usr/local/www/vpn_l2tp_users.php @@ -102,7 +102,7 @@ if ($_GET['act'] == "del") { include("head.inc"); if ($savemsg) { - print_info_box($savemsg, success); + print_info_box($savemsg, 'success'); } if (isset($config['l2tp']['radius']['enable'])) { diff --git a/src/usr/local/www/vpn_l2tp_users_edit.php b/src/usr/local/www/vpn_l2tp_users_edit.php index 4a2078a..a0caea6 100644 --- a/src/usr/local/www/vpn_l2tp_users_edit.php +++ b/src/usr/local/www/vpn_l2tp_users_edit.php @@ -121,7 +121,7 @@ if ($_POST) { $input_errors[] = gettext("The password contains invalid characters."); } - if (($_POST['passwordfld']) && ($_POST['passwordfld'] != $_POST['passwordfld2'])) { + if (($_POST['passwordfld']) && ($_POST['passwordfld'] != $_POST['passwordfld_confirm'])) { $input_errors[] = gettext("The passwords do not match."); } if (($_POST['ip'] && !is_ipaddr($_POST['ip']))) { @@ -153,7 +153,7 @@ if ($_POST) { $secretent['name'] = $_POST['usernamefld']; $secretent['ip'] = $_POST['ip']; - if ($_POST['passwordfld']) { + if ($_POST['passwordfld'] && ($_POST['passwordfld'] != DMYPWD)) { $secretent['password'] = $_POST['passwordfld']; } @@ -175,60 +175,52 @@ if ($_POST) { } include("head.inc"); -?> -<?php if ($input_errors) { print_input_errors($input_errors); } -?> - -<form class="form-horizontal" action="vpn_l2tp_users_edit.php" method="post" name="iform" id="iform"> - <div class="panel panel-default"> - <div class="panel-heading"> - <h2 class="panel-title"><?=gettext('User'); ?></h2> - </div> - - <div class="panel-body"> - <div class="form-group"> - <label for="usernamefld" class="col-sm-2 control-label"><?=gettext("Username")?></label> - <div class="col-sm-10"> - <?=$mandfldhtml?><input name="usernamefld" type="text" class="formfld user form-control" id="usernamefld" size="20" value="<?=htmlspecialchars($pconfig['usernamefld'])?>" /> - </div> - </div> - <div class="form-group"> - <label for="passwordfld" class="col-sm-2 control-label"><?=gettext("Password")?></label> - <div class="col-sm-10"> - <?=$mandfldhtml?><input name="passwordfld" type="password" class="formfld pwd form-control" id="passwordfld" size="20" /> - </div> - </div> - <div class="form-group"> - <label for="passwordfld2" class="col-sm-2 control-label"><?=gettext('Confirm')?></label> - <div class="col-sm-10"> - <?=$mandfldhtml?><input name="passwordfld2" type="password" class="formfld pwd form-control" id="passwordfld2" size="20" /> -<?php if (isset($id) && $a_secret[$id]):?> - <span class="help-block"><?=gettext("If you want to change the users password, enter it here twice.")?></span> -<?php endif?> - </div> - </div> - <div class="form-group"> - <label for="ip" class="col-sm-2 control-label"><?=gettext("IP address")?></label> - <div class="col-sm-10"> - <input name="ip" type="text" class="formfld unknown form-control" id="ip" size="20" value="<?=htmlspecialchars($pconfig['ip'])?>" /> - <span class="help-block"><?=gettext("If you want the user to be assigned a specific IP address, enter it here.")?></span> - </div> - </div> - </div> - </div> - - <div class="col-sm-10 col-sm-offset-2"> - <input id="submit" name="Submit" type="submit" class="formbtn btn btn-primary" value="<?=gettext('Save')?>" /> - </div> - -<?php if (isset($id) && $a_secret[$id]):?> - <input name="id" type="hidden" value="<?=htmlspecialchars($id)?>" /> -<?php endif?> -</form> -<?php +$form = new Form(); + +$section = new Form_Section("User"); + +$section->addInput(new Form_Input( + 'usernamefld', + 'Username', + 'text', + $pconfig['usernamefld'] +)); + +$pwd = new Form_Input( + 'passwordfld', + 'Password', + 'text', + $pconfig['passwordfld'] +); + +if (isset($id) && $a_secret[$id]) { + $pwd->setHelp('If you want to change the users password, enter it here.'); +} + +$section->addPassword($pwd); + +$section->addInput(new Form_IpAddress( + 'ip', + 'IP Address', + $pconfig['ip'] +))->setHelp('If you want the user to be assigned a specific IP address, enter it here.'); + +$form->add($section); + +if (isset($id) && $a_secret[$id]) { + $form->addGlobal(new Form_Input( + 'id', + null, + 'hidden', + $i + )); +} + +print($form); + include("foot.inc"); diff --git a/src/usr/local/www/vpn_openvpn_client.php b/src/usr/local/www/vpn_openvpn_client.php index 2fe4fca..5763585 100644 --- a/src/usr/local/www/vpn_openvpn_client.php +++ b/src/usr/local/www/vpn_openvpn_client.php @@ -267,6 +267,10 @@ if ($_POST) { if (empty($pconfig['proxy_user']) || empty($pconfig['proxy_passwd'])) { $input_errors[] = gettext("User name and password are required for proxy with authentication."); } + + if ($pconfig['proxy_passwd'] != $pconfig['proxy_passwd_confirm']) { + $input_errors[] = gettext("Password and confirmation must match."); + } } } @@ -328,12 +332,20 @@ if ($_POST) { $input_errors[] = gettext("If no Client Certificate is selected, a username and/or password must be entered."); } + if ($pconfig['auth_pass'] != $pconfig['auth_pass_confirm']) { + $input_errors[] = gettext("Password and confirmation must match."); + } + if (!$input_errors) { $client = array(); foreach ($simplefields as $stat) { - update_if_changed($stat, $client[$stat], $_POST[$stat]); + if (($stat == 'auth_pass') && ($_POST[$stat] == DMYPWD)) { + $client[$stat] = $a_client[$id]['auth_pass']; + } else { + update_if_changed($stat, $client[$stat], $_POST[$stat]); + } } if ($vpnid) { @@ -356,7 +368,9 @@ if ($_POST) { $client['proxy_port'] = $pconfig['proxy_port']; $client['proxy_authtype'] = $pconfig['proxy_authtype']; $client['proxy_user'] = $pconfig['proxy_user']; - $client['proxy_passwd'] = $pconfig['proxy_passwd']; + if ($pconfig['proxy_passwd'] != DMYPWD) { + $client['proxy_passwd'] = $pconfig['proxy_passwd']; + } $client['description'] = $pconfig['description']; $client['mode'] = $pconfig['mode']; $client['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']); @@ -508,7 +522,7 @@ if ($act=="new" || $act=="edit"): $pconfig['proxy_user'] )); - $section->addInput(new Form_Input( + $section->addPassword(new Form_Input( 'proxy_passwd', 'Password', 'password', @@ -541,7 +555,7 @@ if ($act=="new" || $act=="edit"): $pconfig['auth_user'] ))->setHelp('Leave empty when no user name is needed'); - $section->addInput(new Form_Input( + $section->addPassword(new Form_Input( 'auth_pass', 'Password', 'password', diff --git a/src/usr/local/www/widgets/widgets/ipsec.widget.php b/src/usr/local/www/widgets/widgets/ipsec.widget.php index 1b91001..a3c418f 100644 --- a/src/usr/local/www/widgets/widgets/ipsec.widget.php +++ b/src/usr/local/www/widgets/widgets/ipsec.widget.php @@ -209,6 +209,8 @@ if (isset($config['ipsec']['phase1'])) { display_widget_tabs($tab_array); } +$mobile = ipsec_dump_mobile(); + if (isset($config['ipsec']['phase2'])): ?> <div id="ipsec-Overview" style="display:block;" class="table-responsive"> <table class="table table-striped table-hover"> diff --git a/src/usr/local/www/widgets/widgets/services_status.widget.php b/src/usr/local/www/widgets/widgets/services_status.widget.php index 8899886..bb64dfe 100644 --- a/src/usr/local/www/widgets/widgets/services_status.widget.php +++ b/src/usr/local/www/widgets/widgets/services_status.widget.php @@ -130,9 +130,15 @@ if (count($services) > 0) { <label for="inputPassword3" class="col-sm-3 control-label">Hidden services</label> <div class="col-sm-6"> <select multiple id="servicestatusfilter" name="servicestatusfilter[]" class="form-control"> - <?php foreach ($services as $service): ?> + <?php + foreach ($services as $service): + if (!empty(trim($service['name'])) || is_numeric($service['name'])) { + ?> <option <?=(in_array($service['name'], $skipservices)?'selected':'')?>><?=$service['name']?></option> - <?php endforeach; ?> + <?php + } + endforeach; + ?> </select> </div> </div> diff --git a/src/usr/local/www/widgets/widgets/traffic_graphs.widget.php b/src/usr/local/www/widgets/widgets/traffic_graphs.widget.php index 4d421ea..2360fc5 100644 --- a/src/usr/local/www/widgets/widgets/traffic_graphs.widget.php +++ b/src/usr/local/www/widgets/widgets/traffic_graphs.widget.php @@ -86,7 +86,7 @@ if (ipsec_enabled()) { } if ($_POST) { - if (isset($_POST["refreshinterval"]) && is_numeric($_POST["refreshinterval"])) { + if (isset($_POST["refreshinterval"]) && is_numericint($_POST["refreshinterval"])) { $a_config["refreshinterval"] = $_POST["refreshinterval"]; } @@ -117,7 +117,7 @@ if ($first_time) { $shown[$keys[0]] = true; } -if (isset($a_config["refreshinterval"])) { +if (isset($a_config["refreshinterval"]) && is_numericint($a_config["refreshinterval"])) { $refreshinterval = $a_config["refreshinterval"]; } else { $refreshinterval = 10; diff --git a/tools/conf/pfPorts/make.conf b/tools/conf/pfPorts/make.conf index fcee945..05f9e9e 100644 --- a/tools/conf/pfPorts/make.conf +++ b/tools/conf/pfPorts/make.conf @@ -4,8 +4,6 @@ OPTIONS_UNSET_FORCE= X11 DOCS EXAMPLES MAN INFO MANPAGES # Individual ports options www_elinks_UNSET_FORCE= FASTMEM -www_lighttpd_SET_FORCE= NODELAY - net_miniupnpd_SET_FORCE= PF_ENABLE_FILTER_RULES IPV6 UPNP_IGDV2 CHECK_PORTINUSE security_openssl_SET_FORCE= PADLOCK @@ -17,6 +15,8 @@ net_relayd_SET_FORCE= LIBEVENT_STATIC databases_rrdtool12_UNSET_FORCE= PERL +databases_rrdtool_UNSET_FORCE= PERL_MODULE GRAPH + security_snortsam_UNSET_FORCE= IPFW emulators_qemu_UNSET_FORCE= SDL diff --git a/tools/conf/pfPorts/poudriere_bulk b/tools/conf/pfPorts/poudriere_bulk index 02bb4a3..9431f11 100644 --- a/tools/conf/pfPorts/poudriere_bulk +++ b/tools/conf/pfPorts/poudriere_bulk @@ -1,3 +1,4 @@ +databases/rrdtool benchmarks/iperf benchmarks/iperf3 security/%%PRODUCT_NAME%% |
