monitor plugin - guest access restrictions

[zgamer]

While internal I have been using the monitor plugin now for a few years and it has served it's purpose well I have recently had the need to make the monitor page visible to others within the organization. Permissions have been adjusted to allow guest access to the plugin which does work well preferentially I wanted to not give access to the mouse-over statics to keep in mind a general defense in depth approach. In order to disable rendering for the guest account the mouse-overs a simple one-liner can accomplish this.

In the monitor.php code scroll down to around line 473. You will find a reference setting the $title variable.

Code: Select all

$title = "<table cellpadding=0 cellspacing=0><tr><td colspan=2><b>$name</b></td></tr><tr valign=top><td>Status:</td><td>$sdisplay</td></tr><tr valign=top><td>IP Address:</td><td>$hostname</td></tr><tr valign=top><td>Ping:</td><td>$ptime ms</td></tr><tr valign=top><td>Last Fail:</td><td>$d</td></tr><tr valign=top><td>Availability:&nbsp;&nbsp;</td><td>$avail%</td></tr></table>";

Insert on the line below the following code:

Code: Select all

if ($_SESSION["sess_user_id"] == "guest") { $title = "";}

Pretty simple change to help increase security, enjoy.[/code]