diff --git a/html/includes/graphs/graph.inc.php b/html/includes/graphs/graph.inc.php
index 21820b485..c36f27136 100644
--- a/html/includes/graphs/graph.inc.php
+++ b/html/includes/graphs/graph.inc.php
@@ -1,12 +1,17 @@
[A-Za-z0-9]+)_(?P.+)/', mres($_GET['type']), $graphtype);
+
+$type = $graphtype['type'];
+$subtype = $graphtype['subtype'];
+
+if ($debug) {print_r($graphtype);}
+
+$graphfile = $config['temp_dir'] . "/" . strgen() . ".png";
+
+if (is_file($config['install_dir'] . "/html/includes/graphs/$type/$subtype.inc.php"))
+{
+ if (isset($config['allow_unauth_graphs_cidr']) && count($config['allow_unauth_graphs_cidr']) > 0)
{
- $allow_unauth = TRUE;
- } else {
- if(!$_SESSION['authenticated']) { graph_error("Not authenticated"); exit; }
+ foreach ($config['allow_unauth_graphs_cidr'] as $range)
+ {
+ if (Net_IPv4::ipInNetwork($_SERVER['REMOTE_ADDR'], $range))
+ {
+ $auth = TRUE;
+ }
+ }
}
-
- preg_match('/^(?P[A-Za-z0-9]+)_(?P.+)/', mres($_GET['type']), $graphtype);
-
- $type = $graphtype['type'];
- $subtype = $graphtype['subtype'];
-
- if($debug) {print_r($graphtype);}
-
- $graphfile = $config['temp_dir'] . "/" . strgen() . ".png";
-
-if(is_file($config['install_dir'] . "/html/includes/graphs/$type/$subtype.inc.php")) {
- include($config['install_dir'] . "/html/includes/graphs/$type/auth.inc.php");
- if($auth) {
+ if (!$auth)
+ {
+ include($config['install_dir'] . "/html/includes/graphs/$type/auth.inc.php");
+ }
+ if ($auth)
+ {
include($config['install_dir'] . "/html/includes/graphs/$type/$subtype.inc.php");
}
-} else {
+}
+else
+{
graph_error("Graph Template Missing");
}
-function graph_error ($string)
+function graph_error($string)
{
global $width, $height;
header('Content-type: image/png');
- if($height > "99") { $width +=75; }
+ if ($height > "99") { $width +=75; }
$im = imagecreate($width, $height);
$orange = imagecolorallocate($im, 255, 225, 225);
$px = (imagesx($im) - 7.5 * strlen($string)) / 2;
@@ -69,9 +91,9 @@ function graph_error ($string)
exit();
}
-if(!$auth)
+if (!$auth)
{
- if($width < 200)
+ if ($width < 200)
{
graph_error("No Auth");
} else {
@@ -79,35 +101,41 @@ if(!$auth)
}
} else {
#$rrd_options .= " HRULE:0#999999";
- if($no_file)
+ if ($no_file)
{
- if($width < 200)
+ if ($width < 200)
{
graph_error("No RRD");
} else {
graph_error("Missing RRD Datafile");
}
} else {
- if($rrd_options)
+ if ($rrd_options)
{
- if($config['rrdcached']) { $rrd_switches = " --daemon ".$config['rrdcached'] . " "; }
+ if ($config['rrdcached']) { $rrd_switches = " --daemon ".$config['rrdcached'] . " "; }
$rrd_cmd = $config['rrdtool'] . " graph $graphfile $rrd_options" . $rrd_switches;
$woo = shell_exec($rrd_cmd);
- if($_GET['debug']) { echo("".$rrd_cmd."
"); }
- if(is_file($graphfile)) {
+ if ($_GET['debug']) { echo("".$rrd_cmd."
"); }
+ if (is_file($graphfile)) {
header('Content-type: image/png');
$fd = fopen($graphfile,'r');fpassthru($fd);fclose($fd);
unlink($graphfile);
- } else {
- if($width < 200)
+ }
+ else
+ {
+ if ($width < 200)
{
graph_error("Draw Error");
- } else {
+ }
+ else
+ {
graph_error("Error Drawing Graph");
}
}
- } else {
- if($width < 200)
+ }
+ else
+ {
+ if ($width < 200)
{
graph_error("Def Error");
} else {
@@ -117,4 +145,4 @@ if(!$auth)
}
}
-?>
+?>
\ No newline at end of file
diff --git a/includes/defaults.inc.php b/includes/defaults.inc.php
index 4f382e10d..9e0bc5ef7 100644
--- a/includes/defaults.inc.php
+++ b/includes/defaults.inc.php
@@ -171,6 +171,7 @@ $config['device_traffic_descr'] = array('/loopback/','/vlan/','/tunnel/','/:\d
### Authentication
$config['allow_unauth_graphs'] = 0; ## Allow graphs to be viewed by anyone
+$config['allow_unauth_graphs_cidr'] = array(); # Allow graphs to be viewed without authorisation from certain IP ranges
$config['auth_mechanism'] = "mysql"; # Auth Type.
### Sensors