Project

General

Profile

Download (23 KB) Statistics
| Branch: | Tag: | Revision:
1
<?php
2
/*
3
 * diag_backup.php
4
 *
5
 * part of pfSense (https://www.pfsense.org)
6
 * Copyright (c) 2004-2016 Rubicon Communications, LLC (Netgate)
7
 * All rights reserved.
8
 *
9
 * originally based on m0n0wall (http://m0n0.ch/wall)
10
 * Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>.
11
 * All rights reserved.
12
 *
13
 * Licensed under the Apache License, Version 2.0 (the "License");
14
 * you may not use this file except in compliance with the License.
15
 * You may obtain a copy of the License at
16
 *
17
 * http://www.apache.org/licenses/LICENSE-2.0
18
 *
19
 * Unless required by applicable law or agreed to in writing, software
20
 * distributed under the License is distributed on an "AS IS" BASIS,
21
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22
 * See the License for the specific language governing permissions and
23
 * limitations under the License.
24
 */
25

    
26
##|+PRIV
27
##|*IDENT=page-diagnostics-backup-restore
28
##|*NAME=Diagnostics: Backup & Restore
29
##|*DESCR=Allow access to the 'Diagnostics: Backup & Restore' page.
30
##|*MATCH=diag_backup.php*
31
##|-PRIV
32

    
33
/* Allow additional execution time 0 = no limit. */
34
ini_set('max_execution_time', '0');
35
ini_set('max_input_time', '0');
36

    
37
/* omit no-cache headers because it confuses IE with file downloads */
38
$omit_nocacheheaders = true;
39
require_once("guiconfig.inc");
40
require_once("functions.inc");
41
require_once("filter.inc");
42
require_once("shaper.inc");
43

    
44
$rrddbpath = "/var/db/rrd";
45
$rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool";
46

    
47
function rrd_data_xml() {
48
	global $rrddbpath;
49
	global $rrdtool;
50

    
51
	$result = "\t<rrddata>\n";
52
	$rrd_files = glob("{$rrddbpath}/*.rrd");
53
	$xml_files = array();
54
	foreach ($rrd_files as $rrd_file) {
55
		$basename = basename($rrd_file);
56
		$xml_file = preg_replace('/\.rrd$/', ".xml", $rrd_file);
57
		exec("$rrdtool dump '{$rrd_file}' '{$xml_file}'");
58
		$xml_data = file_get_contents($xml_file);
59
		unlink($xml_file);
60
		if ($xml_data !== false) {
61
			$result .= "\t\t<rrddatafile>\n";
62
			$result .= "\t\t\t<filename>{$basename}</filename>\n";
63
			$result .= "\t\t\t<xmldata>" . base64_encode(gzdeflate($xml_data)) . "</xmldata>\n";
64
			$result .= "\t\t</rrddatafile>\n";
65
		}
66
	}
67
	$result .= "\t</rrddata>\n";
68
	return $result;
69
}
70

    
71
function restore_rrddata() {
72
	global $config, $g, $rrdtool, $input_errors;
73
	foreach ($config['rrddata']['rrddatafile'] as $rrd) {
74
		if ($rrd['xmldata']) {
75
			$rrd_file = "{$g['vardb_path']}/rrd/{$rrd['filename']}";
76
			$xml_file = preg_replace('/\.rrd$/', ".xml", $rrd_file);
77
			if (file_put_contents($xml_file, gzinflate(base64_decode($rrd['xmldata']))) === false) {
78
				log_error(sprintf(gettext("Cannot write %s"), $xml_file));
79
				continue;
80
			}
81
			$output = array();
82
			$status = null;
83
			exec("$rrdtool restore -f '{$xml_file}' '{$rrd_file}'", $output, $status);
84
			if ($status) {
85
				log_error("rrdtool restore -f '{$xml_file}' '{$rrd_file}' failed returning {$status}.");
86
				continue;
87
			}
88
			unlink($xml_file);
89
		} else if ($rrd['data']) {
90
			$rrd_file = "{$g['vardb_path']}/rrd/{$rrd['filename']}";
91
			$rrd_fd = fopen($rrd_file, "w");
92
			if (!$rrd_fd) {
93
				log_error(sprintf(gettext("Cannot write %s"), $rrd_file));
94
				continue;
95
			}
96
			$data = base64_decode($rrd['data']);
97
			/* Try to decompress the data. */
98
			$dcomp = @gzinflate($data);
99
			if ($dcomp) {
100
				/* If the decompression worked, write the decompressed data */
101
				if (fwrite($rrd_fd, $dcomp) === false) {
102
					log_error(sprintf(gettext("fwrite %s failed"), $rrd_file));
103
					continue;
104
				}
105
			} else {
106
				/* If the decompression failed, it wasn't compressed, so write raw data */
107
				if (fwrite($rrd_fd, $data) === false) {
108
					log_error(sprintf(gettext("fwrite %s failed"), $rrd_file));
109
					continue;
110
				}
111
			}
112
			if (fclose($rrd_fd) === false) {
113
				log_error(sprintf(gettext("fclose %s failed"), $rrd_file));
114
				continue;
115
			}
116
		}
117
	}
118
}
119

    
120
function add_base_packages_menu_items() {
121
	global $g, $config;
122
	$base_packages = explode(",", $g['base_packages']);
123
	$modified_config = false;
124
	foreach ($base_packages as $bp) {
125
		$basepkg_path = "/usr/local/pkg/{$bp}";
126
		$tmpinfo = pathinfo($basepkg_path, PATHINFO_EXTENSION);
127
		if ($tmpinfo['extension'] == "xml" && file_exists($basepkg_path)) {
128
			$pkg_config = parse_xml_config_pkg($basepkg_path, "packagegui");
129
			if ($pkg_config['menu'] != "") {
130
				if (is_array($pkg_config['menu'])) {
131
					foreach ($pkg_config['menu'] as $menu) {
132
						if (is_array($config['installedpackages']['menu'])) {
133
							foreach ($config['installedpackages']['menu'] as $amenu) {
134
								if ($amenu['name'] == $menu['name']) {
135
									continue;
136
								}
137
							}
138
						}
139
						$config['installedpackages']['menu'][] = $menu;
140
						$modified_config = true;
141
					}
142
				}
143
			}
144
		}
145
	}
146
	if ($modified_config) {
147
		write_config(gettext("Restored base_package menus after configuration restore."));
148
		$config = parse_config(true);
149
	}
150
}
151

    
152
function remove_bad_chars($string) {
153
	return preg_replace('/[^a-z_0-9]/i', '', $string);
154
}
155

    
156
function check_and_returnif_section_exists($section) {
157
	global $config;
158
	if (is_array($config[$section])) {
159
		return true;
160
	}
161
	return false;
162
}
163

    
164
if ($_POST['apply']) {
165
	ob_flush();
166
	flush();
167
	clear_subsystem_dirty("restore");
168
	exit;
169
}
170

    
171
if ($_POST) {
172
	unset($input_errors);
173
	if (stristr($_POST['Submit'], gettext("Restore configuration"))) {
174
		$mode = "restore";
175
	} else if (stristr($_POST['Submit'], gettext("Reinstall"))) {
176
		$mode = "reinstallpackages";
177
	} else if (stristr($_POST['Submit'], gettext("Clear Package Lock"))) {
178
		$mode = "clearpackagelock";
179
	} else if (stristr($_POST['Submit'], gettext("Download"))) {
180
		$mode = "download";
181
	} else if (stristr($_POST['Submit'], gettext("Restore version"))) {
182
		$mode = "restore_ver";
183
	}
184
	if ($_POST["nopackages"] <> "") {
185
		$options = "nopackages";
186
	}
187
	if ($_POST["ver"] <> "") {
188
		$ver2restore = $_POST["ver"];
189
	}
190
	if ($mode) {
191
		if ($mode == "download") {
192
			if ($_POST['encrypt']) {
193
				if (!$_POST['encrypt_password']) {
194
					$input_errors[] = gettext("A password for encryption must be supplied and confirmed.");
195
				}
196
			}
197

    
198
			if (!$input_errors) {
199

    
200
				//$lockbckp = lock('config');
201

    
202
				$host = "{$config['system']['hostname']}.{$config['system']['domain']}";
203
				$name = "config-{$host}-".date("YmdHis").".xml";
204
				$data = "";
205

    
206
				if ($options == "nopackages") {
207
					if (!$_POST['backuparea']) {
208
						/* backup entire configuration */
209
						$data = file_get_contents("{$g['conf_path']}/config.xml");
210
					} else {
211
						/* backup specific area of configuration */
212
						$data = backup_config_section($_POST['backuparea']);
213
						$name = "{$_POST['backuparea']}-{$name}";
214
					}
215
					$sfn = "{$g['tmp_path']}/config.xml.nopkg";
216
					file_put_contents($sfn, $data);
217
					exec("sed '/<installedpackages>/,/<\/installedpackages>/d' {$sfn} > {$sfn}-new");
218
					$data = file_get_contents($sfn . "-new");
219
				} else {
220
					if (!$_POST['backuparea']) {
221
						/* backup entire configuration */
222
						$data = file_get_contents("{$g['conf_path']}/config.xml");
223
					} else if ($_POST['backuparea'] === "rrddata") {
224
						$data = rrd_data_xml();
225
						$name = "{$_POST['backuparea']}-{$name}";
226
					} else {
227
						/* backup specific area of configuration */
228
						$data = backup_config_section($_POST['backuparea']);
229
						$name = "{$_POST['backuparea']}-{$name}";
230
					}
231
				}
232

    
233
				//unlock($lockbckp);
234

    
235
				/*
236
				 *	Backup RRD Data
237
				 */
238
				if ($_POST['backuparea'] !== "rrddata" && !$_POST['donotbackuprrd']) {
239
					$rrd_data_xml = rrd_data_xml();
240
					$closing_tag = "</" . $g['xml_rootobj'] . ">";
241
					$data = str_replace($closing_tag, $rrd_data_xml . $closing_tag, $data);
242
				}
243

    
244
				if ($_POST['encrypt']) {
245
					$data = encrypt_data($data, $_POST['encrypt_password']);
246
					tagfile_reformat($data, $data, "config.xml");
247
				}
248

    
249
				$size = strlen($data);
250
				header("Content-Type: application/octet-stream");
251
				header("Content-Disposition: attachment; filename={$name}");
252
				header("Content-Length: $size");
253
				if (isset($_SERVER['HTTPS'])) {
254
					header('Pragma: ');
255
					header('Cache-Control: ');
256
				} else {
257
					header("Pragma: private");
258
					header("Cache-Control: private, must-revalidate");
259
				}
260
				echo $data;
261

    
262
				exit;
263
			}
264
		}
265

    
266
		if ($mode == "restore") {
267
			if ($_POST['decrypt']) {
268
				if (!$_POST['decrypt_password']) {
269
					$input_errors[] = gettext("A password for decryption must be supplied and confirmed.");
270
				}
271
			}
272

    
273
			if (!$input_errors) {
274
				if (is_uploaded_file($_FILES['conffile']['tmp_name'])) {
275

    
276
					/* read the file contents */
277
					$data = file_get_contents($_FILES['conffile']['tmp_name']);
278
					if (!$data) {
279
						log_error(sprintf(gettext("Warning, could not read file %s"), $_FILES['conffile']['tmp_name']));
280
						return 1;
281
					}
282

    
283
					if ($_POST['decrypt']) {
284
						if (!tagfile_deformat($data, $data, "config.xml")) {
285
							$input_errors[] = gettext("The uploaded file does not appear to contain an encrypted pfsense configuration.");
286
							return 1;
287
						}
288
						$data = decrypt_data($data, $_POST['decrypt_password']);
289
					}
290

    
291
					if (stristr($data, "<m0n0wall>")) {
292
						log_error(gettext("Upgrading m0n0wall configuration to pfsense."));
293
						/* m0n0wall was found in config.  convert it. */
294
						$data = str_replace("m0n0wall", "pfsense", $data);
295
						$m0n0wall_upgrade = true;
296
					}
297
					if ($_POST['restorearea']) {
298
						/* restore a specific area of the configuration */
299
						if (!stristr($data, "<" . $_POST['restorearea'] . ">")) {
300
							$input_errors[] = gettext("An area to restore was selected but the correct xml tag could not be located.");
301
						} else {
302
							if (!restore_config_section($_POST['restorearea'], $data)) {
303
								$input_errors[] = gettext("An area to restore was selected but the correct xml tag could not be located.");
304
							} else {
305
								if ($config['rrddata']) {
306
									restore_rrddata();
307
									unset($config['rrddata']);
308
									unlink_if_exists("{$g['tmp_path']}/config.cache");
309
									write_config();
310
									add_base_packages_menu_items();
311
									convert_config();
312
								}
313
								filter_configure();
314
								$savemsg = gettext("The configuration area has been restored. The firewall may need to be rebooted.");
315
							}
316
						}
317
					} else {
318
						if (!stristr($data, "<" . $g['xml_rootobj'] . ">")) {
319
							$input_errors[] = sprintf(gettext("A full configuration restore was selected but a %s tag could not be located."), $g['xml_rootobj']);
320
						} else {
321
							/* restore the entire configuration */
322
							file_put_contents($_FILES['conffile']['tmp_name'], $data);
323
							if (config_install($_FILES['conffile']['tmp_name']) == 0) {
324
								/* this will be picked up by /index.php */
325
								mark_subsystem_dirty("restore");
326
								touch("/conf/needs_package_sync_after_reboot");
327
								/* remove cache, we will force a config reboot */
328
								if (file_exists("{$g['tmp_path']}/config.cache")) {
329
									unlink("{$g['tmp_path']}/config.cache");
330
								}
331
								$config = parse_config(true);
332
								if (file_exists("/boot/loader.conf")) {
333
									$loaderconf = file_get_contents("/boot/loader.conf");
334
									if (strpos($loaderconf, "console=\"comconsole")) {
335
										$config['system']['enableserial'] = true;
336
										write_config(gettext("Restore serial console enabling in configuration."));
337
									}
338
									unset($loaderconf);
339
								}
340
								/* extract out rrd items, unset from $config when done */
341
								if ($config['rrddata']) {
342
									restore_rrddata();
343
									unset($config['rrddata']);
344
									unlink_if_exists("{$g['tmp_path']}/config.cache");
345
									write_config();
346
									add_base_packages_menu_items();
347
									convert_config();
348
								}
349
								if ($m0n0wall_upgrade == true) {
350
									if ($config['system']['gateway'] <> "") {
351
										$config['interfaces']['wan']['gateway'] = $config['system']['gateway'];
352
									}
353
									unset($config['shaper']);
354
									/* optional if list */
355
									$ifdescrs = get_configured_interface_list(true, true);
356
									/* remove special characters from interface descriptions */
357
									if (is_array($ifdescrs)) {
358
										foreach ($ifdescrs as $iface) {
359
											$config['interfaces'][$iface]['descr'] = remove_bad_chars($config['interfaces'][$iface]['descr']);
360
										}
361
									}
362
									/* check for interface names with an alias */
363
									if (is_array($ifdescrs)) {
364
										foreach ($ifdescrs as $iface) {
365
											if (is_alias($config['interfaces'][$iface]['descr'])) {
366
												// Firewall rules
367
												$origname = $config['interfaces'][$iface]['descr'];
368
												$newname = $config['interfaces'][$iface]['descr'] . "Alias";
369
												update_alias_names_upon_change(array('filter', 'rule'), array('source', 'address'), $newname, $origname);
370
												update_alias_names_upon_change(array('filter', 'rule'), array('destination', 'address'), $newname, $origname);
371
												// NAT Rules
372
												update_alias_names_upon_change(array('nat', 'rule'), array('source', 'address'), $newname, $origname);
373
												update_alias_names_upon_change(array('nat', 'rule'), array('destination', 'address'), $newname, $origname);
374
												update_alias_names_upon_change(array('nat', 'rule'), array('target'), $newname, $origname);
375
												// Alias in an alias
376
												update_alias_names_upon_change(array('aliases', 'alias'), array('address'), $newname, $origname);
377
											}
378
										}
379
									}
380
									unlink_if_exists("{$g['tmp_path']}/config.cache");
381
									// Reset configuration version to something low
382
									// in order to force the config upgrade code to
383
									// run through with all steps that are required.
384
									$config['system']['version'] = "1.0";
385
									// Deal with descriptions longer than 63 characters
386
									for ($i = 0; isset($config["filter"]["rule"][$i]); $i++) {
387
										if (count($config['filter']['rule'][$i]['descr']) > 63) {
388
											$config['filter']['rule'][$i]['descr'] = substr($config['filter']['rule'][$i]['descr'], 0, 63);
389
										}
390
									}
391
									// Move interface from ipsec to enc0
392
									for ($i = 0; isset($config["filter"]["rule"][$i]); $i++) {
393
										if ($config['filter']['rule'][$i]['interface'] == "ipsec") {
394
											$config['filter']['rule'][$i]['interface'] = "enc0";
395
										}
396
									}
397
									// Convert icmp types
398
									// http://www.openbsd.org/cgi-bin/man.cgi?query=icmp&sektion=4&arch=i386&apropos=0&manpath=OpenBSD+Current
399
									$convert = array('echo' => 'echoreq', 'timest' => 'timereq', 'timestrep' => 'timerep');
400
									foreach ($config["filter"]["rule"] as $ruleid => &$ruledata) {
401
										if ($convert[$ruledata['icmptype']]) {
402
											$ruledata['icmptype'] = $convert[$ruledata['icmptype']];
403
										}
404
									}
405
									$config['diag']['ipv6nat'] = true;
406
									write_config();
407
									add_base_packages_menu_items();
408
									convert_config();
409
									$savemsg = gettext("The m0n0wall configuration has been restored and upgraded to pfSense.");
410
									mark_subsystem_dirty("restore");
411
								}
412
								if (is_array($config['captiveportal'])) {
413
									foreach ($config['captiveportal'] as $cp) {
414
										if (isset($cp['enable'])) {
415
											/* for some reason ipfw doesn't init correctly except on bootup sequence */
416
											mark_subsystem_dirty("restore");
417
											break;
418
										}
419
									}
420
								}
421
								setup_serial_port();
422
								if (is_interface_mismatch() == true) {
423
									touch("/var/run/interface_mismatch_reboot_needed");
424
									clear_subsystem_dirty("restore");
425
									convert_config();
426
									header("Location: interfaces_assign.php");
427
									exit;
428
								}
429
								if (is_interface_vlan_mismatch() == true) {
430
									touch("/var/run/interface_mismatch_reboot_needed");
431
									clear_subsystem_dirty("restore");
432
									convert_config();
433
									header("Location: interfaces_assign.php");
434
									exit;
435
								}
436
							} else {
437
								$input_errors[] = gettext("The configuration could not be restored.");
438
							}
439
						}
440
					}
441
				} else {
442
					$input_errors[] = gettext("The configuration could not be restored (file upload error).");
443
				}
444
			}
445
		}
446

    
447
		if ($mode == "reinstallpackages") {
448
			header("Location: pkg_mgr_install.php?mode=reinstallall");
449
			exit;
450
		} else if ($mode == "clearpackagelock") {
451
			clear_subsystem_dirty('packagelock');
452
			$savemsg = "Package lock cleared.";
453
		} else if ($mode == "restore_ver") {
454
			$input_errors[] = gettext("XXX - this feature may hose the config (do NOT backrev configs!) - billm");
455
			if ($ver2restore <> "") {
456
				$conf_file = "{$g['cf_conf_path']}/bak/config-" . strtotime($ver2restore) . ".xml";
457
				if (config_install($conf_file) == 0) {
458
					mark_subsystem_dirty("restore");
459
				} else {
460
					$input_errors[] = gettext("The configuration could not be restored.");
461
				}
462
			} else {
463
				$input_errors[] = gettext("No version selected.");
464
			}
465
		}
466
	}
467
}
468

    
469
$id = rand() . '.' . time();
470

    
471
$mth = ini_get('upload_progress_meter.store_method');
472
$dir = ini_get('upload_progress_meter.file.filename_template');
473

    
474
function build_area_list($showall) {
475
	global $config;
476

    
477
	$areas = array(
478
		"aliases" => gettext("Aliases"),
479
		"captiveportal" => gettext("Captive Portal"),
480
		"voucher" => gettext("Captive Portal Vouchers"),
481
		"dnsmasq" => gettext("DNS Forwarder"),
482
		"unbound" => gettext("DNS Resolver"),
483
		"dhcpd" => gettext("DHCP Server"),
484
		"dhcpdv6" => gettext("DHCPv6 Server"),
485
		"filter" => gettext("Firewall Rules"),
486
		"interfaces" => gettext("Interfaces"),
487
		"ipsec" => gettext("IPSEC"),
488
		"nat" => gettext("NAT"),
489
		"openvpn" => gettext("OpenVPN"),
490
		"installedpackages" => gettext("Package Manager"),
491
		"rrddata" => gettext("RRD Data"),
492
		"cron" => gettext("Scheduled Tasks"),
493
		"syslog" => gettext("Syslog"),
494
		"system" => gettext("System"),
495
		"staticroutes" => gettext("Static routes"),
496
		"sysctl" => gettext("System tunables"),
497
		"snmpd" => gettext("SNMP Server"),
498
		"shaper" => gettext("Traffic Shaper"),
499
		"vlans" => gettext("VLANS"),
500
		"wol" => gettext("Wake-on-LAN")
501
		);
502

    
503
	$list = array("" => gettext("All"));
504

    
505
	if ($showall) {
506
		return($list + $areas);
507
	} else {
508
		foreach ($areas as $area => $areaname) {
509
			if ($area === "rrddata" || check_and_returnif_section_exists($area) == true) {
510
				$list[$area] = $areaname;
511
			}
512
		}
513

    
514
		return($list);
515
	}
516
}
517

    
518
$pgtitle = array(gettext("Diagnostics"), htmlspecialchars(gettext("Backup & Restore")), htmlspecialchars(gettext("Backup & Restore")));
519
include("head.inc");
520

    
521
if ($input_errors) {
522
	print_input_errors($input_errors);
523
}
524

    
525
if ($savemsg) {
526
	print_info_box($savemsg, 'success');
527
}
528

    
529
if (is_subsystem_dirty('restore')):
530
?>
531
	<br/>
532
	<form action="diag_reboot.php" method="post">
533
		<input name="Submit" type="hidden" value="Yes" />
534
		<?php print_info_box(gettext("The firewall configuration has been changed.") . "<br />" . gettext("The firewall is now rebooting.")); ?>
535
		<br />
536
	</form>
537
<?php
538
endif;
539

    
540
$tab_array = array();
541
$tab_array[] = array(htmlspecialchars(gettext("Backup & Restore")), true, "diag_backup.php");
542
$tab_array[] = array(gettext("Config History"), false, "diag_confbak.php");
543
display_top_tabs($tab_array);
544

    
545
$form = new Form(false);
546
$form->setMultipartEncoding();	// Allow file uploads
547

    
548
$section = new Form_Section('Backup Configuration');
549

    
550
$section->addInput(new Form_Select(
551
	'backuparea',
552
	'Backup area',
553
	'',
554
	build_area_list(false)
555
));
556

    
557
$section->addInput(new Form_Checkbox(
558
	'nopackages',
559
	'Skip packages',
560
	'Do not backup package information.',
561
	false
562
));
563

    
564
$section->addInput(new Form_Checkbox(
565
	'donotbackuprrd',
566
	'Skip RRD data',
567
	'Do not backup RRD data (NOTE: RRD Data can consume 4+ megabytes of config.xml space!)',
568
	true
569
));
570

    
571
$section->addInput(new Form_Checkbox(
572
	'encrypt',
573
	'Encryption',
574
	'Encrypt this configuration file.',
575
	false
576
));
577

    
578
$section->addInput(new Form_Input(
579
	'encrypt_password',
580
	'Password',
581
	'password',
582
	null
583
));
584

    
585
$group = new Form_Group('');
586
// Note: ID attribute of each element created is to be unique.  Not being used, suppressing it.
587
$group->add(new Form_Button(
588
	'Submit',
589
	'Download configuration as XML',
590
	null,
591
	'fa-download'
592
))->setAttribute('id')->addClass('btn-primary');
593

    
594
$section->add($group);
595
$form->add($section);
596

    
597
$section = new Form_Section('Restore Backup');
598

    
599
$section->addInput(new Form_StaticText(
600
	null,
601
	sprintf(gettext("Open a %s configuration XML file and click the button below to restore the configuration."), $g['product_name'])
602
));
603

    
604
$section->addInput(new Form_Select(
605
	'restorearea',
606
	'Restore area',
607
	'',
608
	build_area_list(true)
609
));
610

    
611
$section->addInput(new Form_Input(
612
	'conffile',
613
	'Configuration file',
614
	'file',
615
	null
616
));
617

    
618
$section->addInput(new Form_Checkbox(
619
	'decrypt',
620
	'Encryption',
621
	'Configuration file is encrypted.',
622
	false
623
));
624

    
625
$section->addInput(new Form_Input(
626
	'decrypt_password',
627
	'Password',
628
	'password',
629
	null,
630
	['placeholder' => 'Password']
631
));
632

    
633
$group = new Form_Group('');
634
// Note: ID attribute of each element created is to be unique.  Not being used, suppressing it.
635
$group->add(new Form_Button(
636
	'Submit',
637
	'Restore Configuration',
638
	null,
639
	'fa-undo'
640
))->setHelp('The firewall will reboot after restoring the configuration.')->addClass('btn-danger restore')->setAttribute('id');
641

    
642
$section->add($group);
643

    
644
$form->add($section);
645

    
646
if (($config['installedpackages']['package'] != "") || (is_subsystem_dirty("packagelock"))) {
647
	$section = new Form_Section('Package Functions');
648

    
649
	if ($config['installedpackages']['package'] != "") {
650
		$group = new Form_Group('');
651
		// Note: ID attribute of each element created is to be unique.  Not being used, suppressing it.
652
		$group->add(new Form_Button(
653
			'Submit',
654
			'Reinstall Packages',
655
			null,
656
			'fa-retweet'
657
		))->setHelp('Click this button to reinstall all system packages.  This may take a while.')->addClass('btn-success')->setAttribute('id');
658

    
659
		$section->add($group);
660
	}
661

    
662
	if (is_subsystem_dirty("packagelock")) {
663
		$group = new Form_Group('');
664
		// Note: ID attribute of each element created is to be unique.  Not being used, suppressing it.
665
		$group->add(new Form_Button(
666
			'Submit',
667
			'Clear Package Lock',
668
			null,
669
			'fa-wrench'
670
		))->setHelp('Click this button to clear the package lock if a package fails to reinstall properly after an upgrade.')->addClass('btn-warning')->setAttribute('id');
671

    
672
		$section->add($group);
673
	}
674

    
675
	$form->add($section);
676
}
677

    
678
print($form);
679
?>
680
<script type="text/javascript">
681
//<![CDATA[
682
events.push(function() {
683

    
684
	// ------- Show/hide sections based on checkbox settings --------------------------------------
685

    
686
	function hideSections(hide) {
687
		hidePasswords();
688
	}
689

    
690
	function hidePasswords() {
691

    
692
		encryptHide = !($('input[name="encrypt"]').is(':checked'));
693
		decryptHide = !($('input[name="decrypt"]').is(':checked'));
694

    
695
		hideInput('encrypt_password', encryptHide);
696
		hideInput('encrypt_password_confirm', encryptHide);
697
		hideInput('decrypt_password', decryptHide);
698
		hideInput('decrypt_password_confirm', decryptHide);
699
	}
700

    
701
	// ---------- Click handlers ------------------------------------------------------------------
702

    
703
	$('input[name="encrypt"]').on('change', function() {
704
		hidePasswords();
705
	});
706

    
707
	$('input[name="decrypt"]').on('change', function() {
708
		hidePasswords();
709
	});
710

    
711
	$('#conffile').change(function () {
712
		if (document.getElementById("conffile").value) {
713
			$('.restore').prop('disabled', false);
714
		} else {
715
			$('.restore').prop('disabled', true);
716
		}
717
    });
718
	// ---------- On initial page load ------------------------------------------------------------
719

    
720
	hideSections();
721
	$('.restore').prop('disabled', true);
722
});
723
//]]>
724
</script>
725

    
726
<?php
727
include("foot.inc");
728

    
729
if (is_subsystem_dirty('restore')) {
730
	system_reboot();
731
}
(6-6/225)