meteo/Sentri
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v.1.1 changes 16-04-2026:

Browse Source 
- Minor changes to interface.
- Fixed different missing includes.
- Access now denied to api calls that are related to disabled modules.
- Fixed sorting of CPU and memory in server overview.
This commit is contained in:
Marco Mooij
2026-04-16 15:01:40 +02:00
parent 36b0ebd10c
commit eec1d13cf5
40 changed files with 26451 additions and 26428 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -2,4 +2,5 @@ pub/data/devices/*/documents/*
pub/data/devices/*/firmware/* pub/data/devices/*/firmware/*
.idea/* .idea/*
composer.* composer.*
CAcert.crt
pub/config.php pub/config.php

1
README.md
View File

@@ -0,0 +1 @@
v.1.1

9
pub/api/classes/API.php
View File

@@ -44,8 +44,11 @@ class API
public function __construct() public function __construct()
{ {
# Setup Database connection
require_once $_SERVER['DOCUMENT_ROOT'] . '/bin/php/db_connect.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/bin/php/db_connect.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/bin/php/Functions/globalFunctions.php';
# Setup Database connection
$this->conn = $GLOBALS['conn']; $this->conn = $GLOBALS['conn'];
if (!empty($_SESSION['user']['user_uuid'])) { if (!empty($_SESSION['user']['user_uuid'])) {
@@ -77,6 +80,9 @@ class API
} }
} }
# Get the enabled modules for the user
$GLOBALS['modules_enabled'] = getEnabledModules();
// Disable builder input for non-GET requests to prevent potential SQL injection vulnerabilities. // Disable builder input for non-GET requests to prevent potential SQL injection vulnerabilities.
// Also disable the builder for users with the 'frontend' user type as an extra security measure. // Also disable the builder for users with the 'frontend' user type as an extra security measure.
// The builder should only be active for API users making GET requests. // The builder should only be active for API users making GET requests.
@@ -98,7 +104,6 @@ class API
$this->user_type = 'frontend'; $this->user_type = 'frontend';
# Load the locale for the user, this is used for the return message in the frontend and other globalFunctions. # Load the locale for the user, this is used for the return message in the frontend and other globalFunctions.
include_once $_SERVER['DOCUMENT_ROOT'] . '/bin/php/Functions/globalFunctions.php';
$locale = getPreferredLocale(); $locale = getPreferredLocale();
global $translations; global $translations;
$translations = require $_SERVER['DOCUMENT_ROOT'] . "/bin/locales/{$locale}.php"; $translations = require $_SERVER['DOCUMENT_ROOT'] . "/bin/locales/{$locale}.php";

9
pub/api/v1/customers/companies/activate/index.php
View File

@@ -2,11 +2,6 @@
use api\classes\API_companies; use api\classes\API_companies;
if (!$GLOBALS['modules_enabled']['customers']) {
echo '405 Not Allowed';
exit;
}
session_start(); session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_companies.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_companies.php';
@@ -15,6 +10,10 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_companies.php';
# Check permissions # Check permissions
$API_companies = new API_companies(); $API_companies = new API_companies();
if (!$GLOBALS['modules_enabled']['customers']) {
echo '405 Not Allowed';
exit;
}
if ($API_companies->request_method === 'PUT') { if ($API_companies->request_method === 'PUT') {
$API_companies->checkPermissions('customer-companies', 'RW'); $API_companies->checkPermissions('customer-companies', 'RW');

12
pub/api/v1/office/stompjes/index.php
View File

@@ -2,17 +2,17 @@
use api\classes\API_office_stompjes; use api\classes\API_office_stompjes;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_office_stompjes.php';
$API_office_stompjes = new API_office_stompjes();
if (!$GLOBALS['modules_enabled']['office']) { if (!$GLOBALS['modules_enabled']['office']) {
echo '405 Not Allowed'; echo '405 Not Allowed';
exit; exit;
} }
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_office_stompjes.php';
$API_office_stompjes = new API_office_stompjes();
if ($API_office_stompjes->request_method === 'POST') { if ($API_office_stompjes->request_method === 'POST') {
$API_office_stompjes->checkPermissions('ofice-stompjes-canstomp', 'RW'); $API_office_stompjes->checkPermissions('ofice-stompjes-canstomp', 'RW');

10
pub/api/v1/servers/index.php
View File

@@ -2,17 +2,17 @@
use api\classes\API_servers; use api\classes\API_servers;
if (!$GLOBALS['modules_enabled']['servers']) {
echo '405 Not Allowed';
exit;
}
session_start(); session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_servers.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_servers.php';
$API_servers = new API_servers(); $API_servers = new API_servers();
if (!$GLOBALS['modules_enabled']['servers']) {
echo '405 Not Allowed';
exit;
}
if ($API_servers->request_method === 'POST') { if ($API_servers->request_method === 'POST') {
$API_servers->checkPermissions('servers', 'RW'); $API_servers->checkPermissions('servers', 'RW');

1
pub/bin/pages/customers/pageCompanies_company_view.php
View File

@@ -31,6 +31,7 @@ if (!$API_servers->checkPermissions('customer-companies', 'RO', true)) {
# JS Scripts to load for this page # JS Scripts to load for this page
$jsScriptLoadData['datepicker'] = true; $jsScriptLoadData['datepicker'] = true;
$jsScriptLoadData['breadCrumbs'] = true; $jsScriptLoadData['breadCrumbs'] = true;
$jsScriptLoadData['delete_confirmation'] = true;
$jsScriptLoadData['datatables'] = true; $jsScriptLoadData['datatables'] = true;
$jsScriptLoadData['multiFilterSelectServers'] = true; $jsScriptLoadData['multiFilterSelectServers'] = true;

9
pub/bin/pages/servers/pageServerOverview_server_view.php
View File

@@ -296,16 +296,17 @@ $pageNavbar->outPutNavbar();
</h2> </h2>
<div id="accordion"> <div id="accordion">
<div class="card"> <div class="card">
<?php foreach ($disks as $disk) { ?> <?php foreach ($disks as $i => $disk) {
<a data-bs-toggle="collapse" data-bs-target="#collapse<?php echo $disk['disk_name'] ?>"> $collapseId = 'collapseDisk' . $i; ?>
<div class="card-header py-1" id="heading<?php echo $disk['disk_name'] ?>"> <a data-bs-toggle="collapse" data-bs-target="#collapse<?php echo $collapseId ?>">
<div class="card-header py-1" id="heading<?php echo $collapseId ?>">
<h4 class="mb-0"> <h4 class="mb-0">
<i class="fa-solid fa-hard-drive text-secondary"></i> <?php echo $disk['disk_name'] ?> <i class="fa-solid fa-hard-drive text-secondary"></i> <?php echo $disk['disk_name'] ?>
</h4> </h4>
</div> </div>
</a> </a>
<div id="collapse<?php echo $disk['disk_name'] ?>" class="collapse" data-parent="#accordion"> <div id="collapse<?php echo $collapseId ?>" class="collapse" data-parent="#accordion">
<div class="card-body"> <div class="card-body">
<table class="table table-borderless table-sm"> <table class="table table-borderless table-sm">
<tr> <tr>

2
pub/bin/pages/system/pageAccessControl_user_group_view.php
View File

@@ -47,7 +47,7 @@ $stmt->execute([$user_group_uuid]);
$group_permissions = $stmt->fetchAll(PDO::FETCH_ASSOC); $group_permissions = $stmt->fetchAll(PDO::FETCH_ASSOC);
# Set breadcrumb data # Set breadcrumb data
array_push($GLOBALS['breadCrumbArray'], array('display' => __('user_gr1oups'), 'href' => '/accesscontrol/#user-groups')); array_push($GLOBALS['breadCrumbArray'], array('display' => __('user_groups'), 'href' => '/accesscontrol/#user-groups'));
array_push($GLOBALS['breadCrumbArray'], array('display' => $user_group['user_group_name'], 'href' => '')); array_push($GLOBALS['breadCrumbArray'], array('display' => $user_group['user_group_name'], 'href' => ''));
# Start page output # Start page output

14
pub/bin/pages/system/sources/pageSourceInserve.php
View File

@@ -102,7 +102,6 @@ $pageNavbar->outPutNavbar();
<div class="card"> <div class="card">
<div class="card-body"> <div class="card-body">
<h1 class="">Inserve actions</h1> <h1 class="">Inserve actions</h1>
<hr>
<div class="row row-cols-1 row-cols-md-3 g-2"> <div class="row row-cols-1 row-cols-md-3 g-2">
<?php if ($GLOBALS['modules_enabled']['customers'] && $API->checkPermissions('customer-companies', 'RW', true)) { ?> <?php if ($GLOBALS['modules_enabled']['customers'] && $API->checkPermissions('customer-companies', 'RW', true)) { ?>
<div class="col"> <div class="col">
@@ -112,10 +111,12 @@ $pageNavbar->outPutNavbar();
<form method="post" action="/api/v1/sources/inserve/sync-companies/"> <form method="post" action="/api/v1/sources/inserve/sync-companies/">
<input type="hidden" name="_return" value="/system/sources/inserve"> <input type="hidden" name="_return" value="/system/sources/inserve">
<p class="card-text">This API call retrieves all companies from Inserve and creates or updates them in Sentri.</p> <p class="card-text">This API call retrieves all companies from Inserve and creates or updates them in Sentri.</p>
</form>
</div>
<div class="card-footer">
<button class="btn btn-primary"> <button class="btn btn-primary">
<i class="fa-solid fa-arrow-rotate-right"></i> &nbsp;Sync. <i class="fa-solid fa-arrow-rotate-right"></i> &nbsp;Sync.
</button> </button>
</form>
</div> </div>
</div> </div>
</div> </div>
@@ -129,10 +130,12 @@ $pageNavbar->outPutNavbar();
<form method="post" action="/api/v1/sources/inserve/sync-cloud-distributor/"> <form method="post" action="/api/v1/sources/inserve/sync-cloud-distributor/">
<input type="hidden" name="_return" value="/system/sources/inserve"> <input type="hidden" name="_return" value="/system/sources/inserve">
<p class="card-text">This API call synchronizes active companies in Sentri with the corresponding cloud distributor companies in Inserve. These cloud distributor companies are required to associate Sentri server licenses with companies in Inserve.</p> <p class="card-text">This API call synchronizes active companies in Sentri with the corresponding cloud distributor companies in Inserve. These cloud distributor companies are required to associate Sentri server licenses with companies in Inserve.</p>
</form>
</div>
<div class="card-footer">
<button class="btn btn-primary"> <button class="btn btn-primary">
<i class="fa-solid fa-arrow-rotate-right"></i> &nbsp;Sync <i class="fa-solid fa-arrow-rotate-right"></i> &nbsp;Sync
</button> </button>
</form>
</div> </div>
</div> </div>
</div> </div>
@@ -146,10 +149,12 @@ $pageNavbar->outPutNavbar();
<form method="post" action="/api/v1/sources/inserve/sync-server-licenses/"> <form method="post" action="/api/v1/sources/inserve/sync-server-licenses/">
<input type="hidden" name="_return" value="/system/sources/inserve"> <input type="hidden" name="_return" value="/system/sources/inserve">
<p class="card-text">This API call first executes the sync-cloud-distributor action and then synchronizes all servers in an active, deleted, or trial state with Inserve licenses. It creates or updates server licenses in Inserve if they do not exist or if the license quantities differ from those in Sentri.</p> <p class="card-text">This API call first executes the sync-cloud-distributor action and then synchronizes all servers in an active, deleted, or trial state with Inserve licenses. It creates or updates server licenses in Inserve if they do not exist or if the license quantities differ from those in Sentri.</p>
</form>
</div>
<div class="card-footer">
<button class="btn btn-primary"> <button class="btn btn-primary">
<i class="fa-solid fa-arrow-rotate-right"></i> &nbsp;Sync <i class="fa-solid fa-arrow-rotate-right"></i> &nbsp;Sync
</button> </button>
</form>
</div> </div>
</div> </div>
</div> </div>
@@ -159,3 +164,4 @@ $pageNavbar->outPutNavbar();
</div> </div>
</div> </div>
</div> </div>
</div>

17
pub/bin/php/Classes/serverOverviewBuilder.php
View File

@@ -291,8 +291,10 @@ class serverOverviewBuilder
if ($mem == 0 && $demand == 0) { if ($mem == 0 && $demand == 0) {
$mem_assigned = 'N/A'; $mem_assigned = 'N/A';
$mem_assigned_sort = 0;
} else { } else {
$mem_assigned = $this->cleanNumber($mem) . "M"; $mem_assigned = $this->cleanNumber($mem) . "M";
$mem_assigned_sort = $this->cleanNumber($mem);
} }
$mem_demand_text_color = ''; $mem_demand_text_color = '';
@@ -315,7 +317,15 @@ class serverOverviewBuilder
} else { } else {
$mem_demand = "N/A"; $mem_demand = "N/A";
$mem_percent_numb = 'N/A'; $mem_percent_numb = 'N/A';
$mem_percent_sort = -1; $mem_percent_sort = 0;
}
if ($server['server_cpu']) {
$server_cpu = htmlspecialchars($server['server_cpu']);
$server_cpu_sort = (int)$server_cpu;
} else {
$server_cpu = "N/A";
$server_cpu_sort = 0;
} }
$ipv4_list = ''; $ipv4_list = '';
@@ -390,9 +400,8 @@ class serverOverviewBuilder
</td> </td>
<?php } ?> <?php } ?>
<td data-column="server_os" class="text-nowrap"><?php echo $server['server_os'] ?></td> <td data-column="server_os" class="text-nowrap"><?php echo $server['server_os'] ?></td>
<td data-column="server_cpu" class="text-nowrap"><?php echo $server['server_cpu'] ?> <td data-column="server_cpu" class="text-nowrap" data-filter="<?php echo $server_cpu ?>" data-sort="<?php echo $server_cpu_sort ?>"><?php echo $server_cpu ?></td>
</td> <td data-column="server_memory" class="text-nowrap" data-filter="<?php echo $mem_assigned; ?>" data-sort="<?php echo $mem_assigned_sort; ?>">
<td data-column="server_memory" class="text-nowrap" data-filter="<?php echo htmlspecialchars($mem); ?>" data-sort="<?php echo htmlspecialchars($mem); ?>">
<?php echo $mem_assigned ?> <?php echo $mem_assigned ?>
</td> </td>