Cheshire Cat Computing

[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/feed.php on line 173: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
[phpBB Debug] PHP Warning: in file [ROOT]/feed.php on line 174: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
Cheshire Cat Computing Software support and information 2003-12-30T06:52:52+13:00 http://www.steveshipway.org/forum/feed.php?f=2&t=100 2003-12-30T06:52:52+13:00 2003-12-30T06:52:52+13:00 http://www.steveshipway.org/forum/viewtopic.php?t=100&p=354#p354 <![CDATA[Best to keep a backup handy. :)]]>
added to routers2.cgi at +/- 1162, 1500, and 1522 (the 3 stops searching for Extensions)

( $security, $desc, $url, $icon, $targ ) = quotewords('\s+',0,$arg);
next if ($config{'routers.cgi-securitylevel'} <= $security);

The $security was added before the $desc as not to play with $targ see below. of course -> my ($security) = '0';<- was added to the top of the script.

routers.cgi*Extension[acsrtr1_to2_0]: 3 "Show current interface status" /mrtg/cgi/ifstatus.cgi camera2-sm.gif

A security number of 0 will show all the time.

Then to routers.conf

[user-admin]
archive = yes
routingtableurl = /mrtg/cgi/routingtable.cgi
securitylevel = 5

Statistics: Posted by BigDaddy — Tue Dec 30, 2003 6:52 am

]]> 2003-12-28T13:56:59+13:00 2003-12-28T13:56:59+13:00 http://www.steveshipway.org/forum/viewtopic.php?t=100&p=353#p353 <![CDATA[Security in Routers.cgi]]>
I'll look into implementing this (or somethnig similar) for the next release... I'll also see if I can make the Extension template include the authentication and routers2.conf-reading code.

Steve

Statistics: Posted by stevesh — Sun Dec 28, 2003 1:56 pm

]]> 2003-12-28T09:44:23+13:00 2003-12-28T09:44:23+13:00 http://www.steveshipway.org/forum/viewtopic.php?t=100&p=352#p352 <![CDATA[2nd Attempt at this post.]]>
Example 1
+/- line 1500 of routers.cgi

if( $buf =~ /^\s*routers\.cgi\*Extensions?\s*:\s*(\S.*)/i
and !$readinrouters and $usersec) {

Example 2
or in MRTG.cfg

routers.cgi*Extension[xyz]: "Show current interface status" /mrtg/cgi/ifstatus.cgi camera2-sm.gif 3 <--$security in cgi

and in routers.cgi

if( $buf =~ /^\s*routers\.cgi\*Extensions?\s*:\s*(\S.*)/i
and !$readinrouters and $security >2) {

Example 3
in routers.conf

[user-usera]

securitylevel=2

[user-admin]

securitylevel=5

in MRTG.cfg

routers.cgi*Extension[xyz]: "Show current interface status" /mrtg/cgi/ifstatus.cgi camera2-sm.gif 3 <--$security in cgi

and in routers.cgi

if( $buf =~ /^\s*routers\.cgi\*Extensions?\s*:\s*(\S.*)/i
and !$readinrouters and ($securitylevel >= $security)) {

usera doesn't see it, but admin does.

Statistics: Posted by BigDaddy — Sun Dec 28, 2003 9:44 am

]]> 2003-12-24T21:02:10+13:00 2003-12-24T21:02:10+13:00 http://www.steveshipway.org/forum/viewtopic.php?t=100&p=349#p349 <![CDATA[Security in Routers.cgi]]>
If you use the webserver for authentication, then you can just use your .htaccess file to extend this authentication to your new scripts, but if you use routers.cgi's internal authentication then it has no control over the other scripts.

Of course the pages containing the links will not be displayed until the user has logged in with sufficient rights to see the device, but this will not prevent someone from calling the script directly, since then it is completely out of the control of routers.cgi.

The only way to achieve this is to incorporate the authuser code from routers.cgi into your extension script, and have it exit if there is not a valid cookie attached to the request. This would also require a slight mod to the routers.cgi script itself to make the security cookie directory-wide or site-wide, rather than only for the routers.cgi script itself.

Maybe a future version of routers.cgi should pass the auth token to the script for verification? Maybe better to extend the cookie system, though.

Thoughts, anyone?

Statistics: Posted by stevesh — Wed Dec 24, 2003 9:02 pm

]]> 2003-12-24T11:48:53+13:00 2003-12-24T11:48:53+13:00 http://www.steveshipway.org/forum/viewtopic.php?t=100&p=346#p346 <![CDATA[Security in Routers.cgi]]>
I was wondering, I'm trying to create external scripts to use with Routers.cgi, but I want them to only be avaliable when you've logged into routers.cgi. (user-usera) etc. Is this possible?

Right now they are in the mrtg.cfg file, for each interface.

Something like allowscript = extension.cgi or something.

BTW, I love the new rev. twinmenu is a godsend.

Statistics: Posted by BigDaddy — Wed Dec 24, 2003 11:48 am

]]>