forked from Poil/CGraphz
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathgraph.php
66 lines (57 loc) · 1.77 KB
/
graph.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
<?php
//session_cache_limiter("private");
//ob_start();
include './config/config.php';
session_name('CGRAPHZ');
session_start();
$connSQL=new DB();
$auth = new AUTH_USER();
if ($auth->verif_auth()) {
$plugin = validate_get(GET('p'), 'plugin');
$host=validate_get(GET('h'), 'host');
if (strpos($host,':')!=FALSE) {
$tmp=explode(':',$host);
$host=$tmp[0];
}
$width = empty($_GET['x']) ? $CONFIG['width'] : $_GET['x'];
$height = empty($_GET['y']) ? $CONFIG['height'] : $_GET['y'];
$s=intval($_GET['s']);
if (($width * $height) <= MAX_IMG_SIZE) {
if (validate_get(GET('h'), 'host') === NULL) {
error_log('CGRAPHZ ERROR: plugin contains unknown characters');
error_image();
}
if (!file_exists(DIR_FSROOT.'/plugin/'.$plugin.'.php')) {
error_log(sprintf('CGRAPHZ ERROR: plugin "%s" is not available', $plugin));
error_image();
}
$lib='
SELECT cs.server_name
FROM config_server cs
LEFT JOIN config_server_project csp
ON cs.id_config_server=csp.id_config_server
LEFT JOIN perm_project_group ppg
ON csp.id_config_project=ppg.id_config_project
LEFT JOIN auth_user_group aug
ON ppg.id_auth_group=aug.id_auth_group
WHERE ( cs.server_name=:host )
AND ( aug.id_auth_user=:user )
GROUP BY server_name
ORDER BY server_name';
$stmt = $connSQL->prepare($lib);
$stmt->bindValue(':host', $connSQL->escape($host));
$stmt->bindValue(':user',$connSQL->escape(intval($_SESSION['S_ID_USER'])));
$stmt->execute();
$authorized=$stmt->fetchObject();
if ($host==$authorized->server_name) {
# load plugin
include DIR_FSROOT.'/plugin/'.$plugin.'.php';
} else {
error_image();
}
} else {
error_log('CGRAPHZ ERROR: image request is too big');
error_image();
}
}
?>