v2.5.6

Need more security!! bugs
2018-06-01 18:27:58 +06:00 · 2018-06-01 18:27:58 +06:00 · c6c494c809
parent c85f7003f0
commit c6c494c809
25 changed files with 262 additions and 55 deletions
--- a/app/apachelogs.py
+++ b/app/apachelogs.py
@ -28,6 +28,7 @@ try:
 	user_id = cookie.get('uuid')
 	user = sql.get_user_name_by_uuid(user_id.value)
 	servers = [('haproxy-wi.error.log','error.log'), ('haproxy-wi.access.log','access.log')]
 	token = sql.get_token(user_id.value)
 except:
 	pass
@ -41,7 +42,8 @@ output_from_parsed_template = template.render(h2 = 1,
 												selects = servers,
 												serv = form.getvalue('serv'),
 												rows = rows,
-												grep = grep)											
+												grep = grep,
 												token = token)											
 print(output_from_parsed_template)
--- a/app/config.py
+++ b/app/config.py
@ -26,6 +26,7 @@ try:
 	user_id = cookie.get('uuid')
 	user = sql.get_user_name_by_uuid(user_id.value)
 	servers = sql.get_dick_permit()
 	token = sql.get_token(user_id.value)
 except:
 	pass
@ -92,5 +93,6 @@ output_from_parsed_template = template.render(h2 = 1, title = "Edit Runnig HAPro
 													selects = servers,
 													stderr = stderr,
 													error = error,
-													note = 1)
+													note = 1,
 													token = token)
 print(output_from_parsed_template)
--- a/app/configshow.py
+++ b/app/configshow.py
@ -16,6 +16,7 @@ try:
 	user_id = cookie.get('uuid')
 	user = sql.get_user_name_by_uuid(user_id.value)
 	servers = sql.get_dick_permit()
 	token = sql.get_token(user_id.value)
 except:
 	pass
@ -26,5 +27,6 @@ output_from_parsed_template = template.render(h2 = 1, title = "Show Runnig confi
 												select_id = "serv",
 												serv = serv,
 												selects = servers,
-												note = 0)											
+												note = 0,
 												token = token)											
 print(output_from_parsed_template)
--- a/app/configver.py
+++ b/app/configver.py
@ -26,6 +26,7 @@ try:
 	user_id = cookie.get('uuid')
 	user = sql.get_user_name_by_uuid(user_id.value)
 	servers = sql.get_dick_permit()
 	token = sql.get_token(user_id.value)
 except:
 	pass
@ -75,5 +76,6 @@ output_from_parsed_template = template.render(h2 = 1, title = "Old Versions HAPr
 													open = form.getvalue('open'),
 													onclick = "showUploadConfig()",
 													error = error,
-													note = 1)
+													note = 1,
 													token = token)
 print(output_from_parsed_template)
--- a/app/create_db.py
+++ b/app/create_db.py
@ -127,6 +127,11 @@ def create_table():
 			`username`	VARCHAR ( 64 ) NOT NULL,
 			`password`	VARCHAR ( 64 ) NOT NULL
 		);
 		CREATE TABLE IF NOT EXISTS `token` (
 			`user_id`	INTEGER,
 			`token`	varchar(64),
 			`exp`  DATETIME default '0000-00-00 00:00:00'
 		);
 		insert into cred('enable','username','password') values ('1', 'root','password');
 		"""
 		try:
@ -248,7 +253,7 @@ def update_db_v_2_5_3(**kwargs):
 		print(kwargs.get('silent'))
 		if kwargs.get('silent') != 1:
 			if e.args[0] == 'duplicate column name: enable':
-				print('Already updated. No run more. Thx =^.^=')
+				print('Updating... go to version 2.5.6')
 			else:
 				print("An error occurred:", e)
 		return False
@ -264,12 +269,66 @@ def update_db_v_2_5_3(**kwargs):
 	cur.close() 
 	con.close()
 def update_db_v_2_5_6(**kwargs):
 	con, cur = get_cur()
 	if mysql_enable == '1':
 		sql = """
 		ALTER TABLE `uuid` ADD COLUMN `exp` timestamp default '0000-00-00 00:00:00';
 		"""
 	else:
 		sql = """
 		ALTER TABLE `uuid` ADD COLUMN `exp` DATETIME default '0000-00-00 00:00:00';
 		"""
 	try:    
 		cur.execute(sql)
 		con.commit()
 	except sqltool.Error as e:
 		if kwargs.get('silent') != 1:
 			if e.args[0] == 'duplicate column name: exp' or e == "1060 (42S21): Duplicate column name 'exp' ":
 				print('Updating... go to version 2.5.6.1')
 			else:
 				print("An error occurred:", e)
 		return False
 	else:
 		print("DB was update to 2.5.6.1<br />")
 		return True
 	cur.close() 
 	con.close()
 def update_db_v_2_5_6_1(**kwargs):
 	con, cur = get_cur()
 	if mysql_enable == '1':
 		sql = """
 		CREATE TABLE IF NOT EXISTS `token` (`user_id` INTEGER, `token` varchar(64), `exp` timestamp default '0000-00-00 00:00:00');
 		"""
 	else:
 		sql = """
 		CREATE TABLE IF NOT EXISTS `token` (`user_id` INTEGER, `token` varchar(64), `exp`  DATETIME default '0000-00-00 00:00:00');
 		"""
 	try:    
 		cur.execute(sql)
 		con.commit()
 	except sqltool.Error as e:
 		if kwargs.get('silent') != 1:
 			if e.args[0] == 'duplicate column name: token' or e == "1060 (42S21): Duplicate column name 'token' ":
 				print('Already updated. No run more. Thx =^.^=')
 			else:
 				print("An error occurred:", e)
 			return False
 		else:
 			print("DB was update to 2.5.6.1<br />")
 			return True
 	cur.close() 
 	con.close()
 def update_all():
 	update_db_v_2_0_1()
 	update_db_v_2_0_1_1()
 	update_db_v_2_0_5()
 	update_db_v_2_4()
 	update_db_v_2_5_3()
 	update_db_v_2_5_6()
 	update_db_v_2_5_6_1()
 def update_all_silent():
 	update_db_v_2_0_1(silent=1)
@ -277,12 +336,6 @@ def update_all_silent():
 	update_db_v_2_0_5(silent=1)
 	update_db_v_2_4(silent=1)
 	update_db_v_2_5_3(silent=1)
 	update_db_v_2_5_6(silent=1)
 	update_db_v_2_5_6_1(silent=1)
 #if check_db():	
 #	create_table()
 #else:
 #	print('DB already exists, try update')
 #update_all()
 #if update_db_v_2_0_1():
 #	print('DB was property update to version 2.0.1.')
 #update_db_v_2_0_1_1()
--- a/app/delver.py
+++ b/app/delver.py
@ -23,6 +23,7 @@ try:
 	user_id = cookie.get('uuid')
 	user = sql.get_user_name_by_uuid(user_id.value)
 	servers = sql.get_dick_permit()
 	token = sql.get_token(user_id.value)
 except:
 	pass
@ -69,5 +70,6 @@ output_from_parsed_template = template.render(h2 = 1, title = "Delete old versio
 													stderr = stderr,
 													open = form.getvalue('open'),
 													Select = form.getvalue('del'),
-													file = file)
+													file = file,
 													token = token)
 print(output_from_parsed_template)
--- a/app/diff.py
+++ b/app/diff.py
@ -16,6 +16,7 @@ try:
 	user_id = cookie.get('uuid')
 	user = sql.get_user_name_by_uuid(user_id.value)
 	servers = sql.get_dick_permit()
 	token = sql.get_token(user_id.value)
 except:
 	pass
@ -24,5 +25,6 @@ output_from_parsed_template = template.render(h2 = 1, title = "Compare configs",
 												user = user,
 												onclick = "showCompareConfigs()",
 												select_id = "serv",
-												selects = servers)										
+												selects = servers,
 												token = token)										
 print(output_from_parsed_template)
--- a/app/edit.py
+++ b/app/edit.py
@ -16,6 +16,7 @@ try:
 	user_id = cookie.get('uuid')
 	user = sql.get_user_name_by_uuid(user_id.value)
 	servers = sql.get_dick_permit(virt=1)
 	token = sql.get_token(user_id.value)
 except:
 	pass
@ -25,5 +26,6 @@ output_from_parsed_template = template.render(h2 = 1,
 												user = user,
 												onclick = "showRuntime()",
 												select_id = "serv",
-												selects = servers)											
+												selects = servers,
 												token = token)											
 print(output_from_parsed_template)
--- a/app/funct.py
+++ b/app/funct.py
@ -17,12 +17,14 @@ def get_config_var(sec, var):
 		config = ConfigParser(interpolation=ExtendedInterpolation())
 		config.read(path_config)
 	except:
 		print('Content-type: text/html\n')
 		print('<center><div class="alert alert-danger">Check the config file, whether it exists and the path. Must be: app/haproxy-webintarface.config</div>')
 	try:
 		var = config.get(sec, var)
 		return var
 	except:
 		print('Content-type: text/html\n')
 		print('<center><div class="alert alert-danger">Check the config file. Presence section %s and parameter %s</div>' % (sec, var))
 def get_data(type):
@ -72,7 +74,10 @@ def check_login(**kwargs):
 	user_uuid = cookie.get('uuid')
 	ref = os.environ.get("SCRIPT_NAME")
 	sql.delete_old_uuid()
 	if user_uuid is not None:
 		sql.update_last_act_user(user_uuid.value)
 		if sql.get_user_name_by_uuid(user_uuid.value) is None:
 			print('<meta http-equiv="refresh" content="0; url=login.py?ref=%s">' % ref)
 	else:
--- a/app/ha.py
+++ b/app/ha.py
@ -19,6 +19,7 @@ try:
 	user_id = cookie.get('uuid')
 	user = sql.get_user_name_by_uuid(user_id.value)
 	servers = sql.get_dick_permit()
 	token = sql.get_token(user_id.value)
 except:
 	pass
@ -26,5 +27,6 @@ output_from_parsed_template = template.render(h2 = 1, title = "Configure HA",
 													role = sql.get_user_role_by_uuid(user_id.value),
 													user = user,
 													serv = serv,
-													selects = servers)
+													selects = servers,
 													token = token)
 print(output_from_parsed_template)
--- a/app/haproxy-webintarface.config
+++ b/app/haproxy-webintarface.config
@ -8,6 +8,8 @@ time_zone = UTC
 proxy = 
 #Time to live users sessions. In days
 session_ttl = 5
 #Time to live users tokens. In days
 token_ttl = 5
 [configs]
 #Server for save configs from HAproxy servers
--- a/app/haproxy-wi.db.sql
+++ b/app/haproxy-wi.db.sql
@ -10,3 +10,7 @@ INSERT INTO `role` (name, description) VALUES ('guest','Read only access');
 CREATE TABLE IF NOT EXISTS `groups` (`id`	INTEGER NOT NULL AUTO_INCREMENT,`name`	VARCHAR ( 80 ) UNIQUE,`description`	VARCHAR ( 255 ),PRIMARY KEY(`id`));
 INSERT INTO `groups` (name, description) VALUES ('All','All servers enter in this group');	
 CREATE TABLE IF NOT EXISTS `servers` (`id`	INTEGER NOT NULL AUTO_INCREMENT,`hostname`	VARCHAR ( 64 ) UNIQUE,`ip`	VARCHAR ( 64 ) UNIQUE,`groups`	VARCHAR ( 64 ),	PRIMARY KEY(`id`));
 CREATE TABLE IF NOT EXISTS `uuid` (`user_id` INTEGER NOT NULL, `uuid` varchar ( 64 ) );
 CREATE TABLE IF NOT EXISTS `cred` (`enable`	INTEGER NOT NULL DEFAULT 1, `username`	VARCHAR ( 64 ) NOT NULL, `password` VARCHAR ( 64 ) NOT NULL );
 insert into cred('enable','username','password') values ('1', 'root','password');
 CREATE TABLE IF NOT EXISTS `token` (`user_id` INTEGER, `token` varchar(64), `exp` timestamp default '0000-00-00 00:00:00');
--- a/app/ihap.py
+++ b/app/ihap.py
@ -16,6 +16,7 @@ try:
 	user_id = cookie.get('uuid')
 	user = sql.get_user_name_by_uuid(user_id.value)
 	servers = sql.get_dick_permit()
 	token = sql.get_token(user_id.value)
 except:
 	pass
@ -23,6 +24,7 @@ output_from_parsed_template = template.render(h2 = 1, title = "Installation HAPr
 													role = sql.get_user_role_by_uuid(user_id.value),
 													user = user,
 													select_id = "haproxyaddserv",
-													selects = servers)
+													selects = servers,
 													token = token)
 print(output_from_parsed_template)
--- a/app/keepalivedconfig.py
+++ b/app/keepalivedconfig.py
@ -28,6 +28,7 @@ try:
 	user_id = cookie.get('uuid')
 	user = sql.get_user_name_by_uuid(user_id.value)
 	servers = sql.is_master("123", master_slave=1)
 	token = sql.get_token(user_id.value)
 except:
 	pass
@ -85,5 +86,6 @@ output_from_parsed_template = template.render(h2 = 1, title = "Edit Runnig Keepa
 													selects = servers,
 													stderr = stderr,
 													error = error,
-													keepalived = 1)
+													keepalived = 1,
 													token = token)
 print(output_from_parsed_template)
--- a/app/login.py
+++ b/app/login.py
@ -64,6 +64,7 @@ if login is not None and password is not None:
 	session_ttl = config.getint('main', 'session_ttl')
 	expires = datetime.datetime.utcnow() + datetime.timedelta(days=session_ttl)
 	user_uuid = str(uuid.uuid4())
 	user_token = str(uuid.uuid4())
 	for users in USERS:	
 		if login in users[1] and password == users[3]:
@ -73,7 +74,7 @@ if login is not None and password is not None:
 			c["uuid"]["expires"] = expires.strftime("%a, %d %b %Y %H:%M:%S GMT")
 			print(c)
 			sql.write_user_uuid(login, user_uuid)
-				
+			sql.write_user_token(login, user_token)
 			print("Content-type: text/html\n")			
 			print('ok')
 			sys.exit()	
@ -89,6 +90,8 @@ if login is None:
 			create_db.update_all()
 			db_create = '<div class="alert alert-success">DB was created<br /><br />Now you can login, default: admin/admin</div>'
 create_db.update_all_silent()
 output_from_parsed_template = template.render(h2 = 1, title = "Login page. Enter please",
 													role = role,
 													user = user,
--- a/app/logs.py
+++ b/app/logs.py
@ -27,6 +27,7 @@ try:
 	user_id = cookie.get('uuid')
 	user = sql.get_user_name_by_uuid(user_id.value)
 	servers = sql.get_dick_permit()
 	token = sql.get_token(user_id.value)
 except:
 	pass
@ -40,7 +41,8 @@ output_from_parsed_template = template.render(h2 = 1,
 												selects = servers,
 												serv = form.getvalue('serv'),
 												rows = rows,
-												grep = grep)											
+												grep = grep,
 												token = token)											
 print(output_from_parsed_template)
--- a/app/map.py
+++ b/app/map.py
@ -16,6 +16,7 @@ try:
 	user_id = cookie.get('uuid')
 	user = sql.get_user_name_by_uuid(user_id.value)
 	servers = sql.get_dick_permit()
 	token = sql.get_token(user_id.value)
 except:
 	pass
@ -24,5 +25,6 @@ output_from_parsed_template = template.render(h2 = 1, title = "Show Map",
 												user = user,
 												onclick = "showMap()",
 												select_id = "serv",
-												selects = servers)											
+												selects = servers,
 												token = token)											
 print(output_from_parsed_template)
--- a/app/options.py
+++ b/app/options.py
@ -14,8 +14,13 @@ req = form.getvalue('req')
 serv = form.getvalue('serv')
 act = form.getvalue('act')
 backend = form.getvalue('backend')	
 print('Content-type: text/html\n')
 if form.getvalue('token') is None:
 	print("What the fuck?! U r hacker Oo?!")
 	sys.exit()
 if form.getvalue('getcert') is not None and serv is not None:
 	commands = [ "ls -1t /etc/ssl/certs/ |grep pem" ]
 	try:
@ -34,7 +39,7 @@ if form.getvalue('ssh_cert'):
 	else:
 		print('<div class="alert alert-success">Ssh key was save into: %s </div>' % ssh_keys)
 	try:
-		funct.logging("local", "users.py#ssh upload new ssl cert %s" % ssh_keys)
+		funct.logging("local", "users.py#ssh upload new ssh cert %s" % ssh_keys)
 	except:
 		pass
--- a/app/overview.py
+++ b/app/overview.py
@ -7,8 +7,8 @@ env = Environment(loader=FileSystemLoader('templates/'))
 template = env.get_template('ovw.html')
 print('Content-type: text/html\n')
 funct.check_login()
 create_db.update_all_silent()
 funct.check_login()
 try:
 	cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
@ -16,6 +16,7 @@ try:
 	user = sql.get_user_name_by_uuid(user_id.value)
 	users = sql.select_users()
 	groups = sql.select_groups()
 	token = sql.get_token(user_id.value)
 except:
 	pass
@ -25,5 +26,6 @@ output_from_parsed_template = template.render(h2 = 1,
 												role = sql.get_user_role_by_uuid(user_id.value),
 												user = user,
 												users = users,
-												groups = groups)
+												groups = groups,
 												token = token)
 print(output_from_parsed_template)											
--- a/app/sql.py
+++ b/app/sql.py
@ -271,22 +271,64 @@ def get_enable_checkbox(id, **kwargs):
 def write_user_uuid(login, user_uuid):
 	con, cur = create_db.get_cur()
 	session_ttl = funct.get_config_var('main', 'session_ttl')
 	session_ttl = int(session_ttl)
 	sql = """ select id from user where username = '%s' """ % login
 	try:    
 		cur.execute(sql)
 	except sqltool.Error as e:
 		print('<span class="alert alert-danger" id="error">An error occurred: ' + e.args[0] + ' <a title="Close" id="errorMess"><b>X</b></a></span>')
 	for id in cur.fetchall():
-		sql = """ insert into uuid (user_id, uuid) values('%s', '%s') """ % (id[0], user_uuid)
+		if mysql_enable == '1':
 			sql = """ insert into uuid (user_id, uuid, exp) values('%s', '%s',  now()+ INTERVAL %s day) """ % (id[0], user_uuid, session_ttl)
 		else:
 			sql = """ insert into uuid (user_id, uuid, exp) values('%s', '%s',  datetime('now', '+%s days')) """ % (id[0], user_uuid, session_ttl)
 	try:    
 		cur.execute(sql)
 		con.commit()
 	except sqltool.Error as e:
-		print('<span class="alert alert-danger" id="error">An error occurred: ' + e + ' <a title="Close" id="errorMess"><b>X</b></a></span>')
+		print('<span class="alert alert-danger" id="error">An error occurred: ' + e.args[0] + ' <a title="Close" id="errorMess"><b>X</b></a></span>')
 		con.rollback()
 	cur.close()    
 	con.close()
 def write_user_token(login, user_token):
 	con, cur = create_db.get_cur()
 	token_ttl = funct.get_config_var('main', 'token_ttl')	
 	sql = """ select id from user where username = '%s' """ % login
 	try:    
 		cur.execute(sql)
 	except sqltool.Error as e:
 		print('<span class="alert alert-danger" id="error">An error occurred: ' + e.args[0] + ' <a title="Close" id="errorMess"><b>X</b></a></span>')
 	for id in cur.fetchall():
 		if mysql_enable == '1':
 			sql = """ insert into token (user_id, token, exp) values('%s', '%s',  now()+ INTERVAL %s day) """ % (id[0], user_token, token_ttl)
 		else:
 			sql = """ insert into token (user_id, token, exp) values('%s', '%s',  datetime('now', '+%s days')) """ % (id[0], user_token, token_ttl)
 	try:    
 		cur.execute(sql)
 		con.commit()
 	except sqltool.Error as e:
 		print('<span class="alert alert-danger" id="error">An error occurred: ' + e.args[0] + ' <a title="Close" id="errorMess"><b>X</b></a></span>')
 		con.rollback()
 	cur.close()    
 	con.close()
 def get_token(uuid):
 	con, cur = create_db.get_cur()
 	sql = """ select token.token from token left join uuid as uuid on uuid.user_id = token.user_id where uuid.uuid = '%s' """ % uuid
 	try:    
 		cur.execute(sql)
 	except sqltool.Error as e:
 		print('<span class="alert alert-danger" id="error">An error occurred: ' + e.args[0] + ' <a title="Close" id="errorMess"><b>X</b></a></span>')
 	else:
 		for token in cur.fetchall():
 			return token[0]
 	cur.close()    
 	con.close()
 def delete_uuid(uuid):
 	con, cur = create_db.get_cur()
 	sql = """ delete from uuid where uuid = '%s' """ % uuid
@ -298,6 +340,41 @@ def delete_uuid(uuid):
 	cur.close()    
 	con.close() 
 def delete_old_uuid():
 	con, cur = create_db.get_cur()
 	if mysql_enable == '1':
 		sql = """ delete from uuid where exp < now() or exp is NULL """
 		sql1 = """ delete from token where exp < now() or exp is NULL """
 	else:
 		sql = """ delete from uuid where exp < datetime('now') or exp is NULL""" 
 		sql1 = """ delete from token where exp < datetime('now') or exp is NULL""" 
 	try:    
 		cur.execute(sql)
 		cur.execute(sql1)
 		con.commit()
 	except sqltool.Error as e:
 		print('<span class="alert alert-danger" id="error">An error occurred: ' + e.args[0] + ' <a title="Close" id="errorMess"><b>X</b></a></span>')
 		con.rollback()
 	cur.close()    
 	con.close()		
 def update_last_act_user(uuid):
 	con, cur = create_db.get_cur()
 	session_ttl = funct.get_config_var('main', 'session_ttl')
 	if mysql_enable == '1':
 		sql = """ update uuid set exp = now()+ INTERVAL %s day where uuid = '%s' """ % (session_ttl, uuid)
 	else:
 		sql = """ update uuid set exp = datetime('now', '+%s days') where uuid = '%s' """ % (session_ttl, uuid)
 	try:    
 		cur.execute(sql)
 		con.commit()
 	except sqltool.Error as e:
 		print('<div class="alert alert-danger" id="error">An error occurred: ' + e.args[0] + ' <a title="Close" id="errorMess"><b>X</b></a></div>')
 		con.rollback()
 	cur.close()    
 	con.close()
 def get_user_name_by_uuid(uuid):
 	con, cur = create_db.get_cur()
 	sql = """ select user.username from user left join uuid as uuid on user.id = uuid.user_id where uuid.uuid = '%s' """ % uuid
--- a/app/templates/base.html
+++ b/app/templates/base.html
@ -22,6 +22,7 @@
 		<script src="/inc/vertical_scrol/custom_scrollbar.min.js"></script>
 	</head>
 	<body>
 		<input type="hidden" id="token" value="{{ token }}">
 		<a name="top"></a>
 		<div class="show_menu" style="display: none;">
 			<a href="#" id="show_menu" title="Show menu" style="margin-top: 30px;position: absolute;">
@ -99,7 +100,7 @@
 					</ul>
 				</nav>
 				<div class="copyright-menu">
-					HAproxy-WI v2.5.5
+					HAproxy-WI v2.5.6
 					<br>
 					<a href="https://www.patreon.com/haproxy_wi" title="Donate" target="_blank" style="color: #fff; margin-left: 40px;">Patreon</a>
 				</div>
--- a/app/viewlogs.py
+++ b/app/viewlogs.py
@ -45,6 +45,7 @@ try:
 	cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
 	user_id = cookie.get('uuid')
 	user = sql.get_user_name_by_uuid(user_id.value)
 	token = sql.get_token(user_id.value)
 except:
 	pass
@ -64,5 +65,6 @@ output_from_parsed_template = template.render(h2 = 1,
 												select_id = "viewlogs",
 												selects = get_files(),
 												rows = rows,
-												grep = grep)										
+												grep = grep,
 												token = token)										
 print(output_from_parsed_template)
--- a/app/viewsttats.py
+++ b/app/viewsttats.py
@ -18,6 +18,7 @@ try:
 	user = sql.get_user_name_by_uuid(user_id.value)
 	role = sql.get_user_role_by_uuid(user_id.value)
 	servers = sql.get_dick_permit(virt=1)
 	token = sql.get_token(user_id.value)
 	if serv is None:
 		first_serv = sql.get_dick_permit()
@ -35,6 +36,7 @@ output_from_parsed_template = template.render(h2 = 1,
 												onclick = "showStats()",
 												select_id = "serv",
 												selects = servers,
-												serv = serv)											
+												serv = serv,
 												token = token)											
 print(output_from_parsed_template)
--- a/inc/script.js
+++ b/inc/script.js
@ -97,12 +97,14 @@ $( document ).ajaxSend(function( event, request, settings ) {
 $( document ).ajaxComplete(function( event, request, settings ) {
 	NProgress.done();
 });
 function showOverview() {	
 	showOverviewServers();
 	$.ajax( {
 		url: "options.py",
 		data: {
 			act: "overview",
 			token: $('#token').val()
 		},
 		type: "GET",
 		success: function( data ) {
@ -117,6 +119,7 @@ function showOverviewServers() {
 		url: "options.py",
 		data: {
 			act: "overviewServers",
 			token: $('#token').val()
 		},
 		type: "GET",
 		success: function( data ) {
@ -131,7 +134,8 @@ function showStats() {
 		url: "options.py",
 		data: {
 			act: "stats",
-			serv: $("#serv").val()
+			serv: $("#serv").val(),
 			token: $('#token').val()
 		},
 		type: "GET",
 		success: function( data ) {
@ -152,6 +156,7 @@ function showLog() {
 			minut: $('#time_range_out_minut').val(),
 			hour1: $('#time_range_out_hour1').val(),
 			minut1: $('#time_range_out_minut1').val(),
 			token: $('#token').val()
 		},
 		type: "GET",
 		success: function( data ) {
@ -166,7 +171,8 @@ function showMap() {
 		url: "options.py",
 		data: {
 			serv: $("#serv").val(),
-			act: "showMap"
+			act: "showMap",
 			token: $('#token').val()
 		},
 		type: "GET",
 		success: function( data ) {
@ -187,7 +193,8 @@ function showRuntime() {
 			servaction: $('#servaction').val(),
 			serv: $("#serv").val(),
 			servbackend: $("#servbackend").val(),
-			save: saveCheck
+			save: saveCheck,
 			token: $('#token').val()
 		},
 		type: "GET",
 		success: function( data ) {
@ -201,7 +208,8 @@ function showCompare() {
 		data: {
 			serv: $("#serv").val(),
 			left: $('#left').val(),
-			right: $("#right").val()
+			right: $("#right").val(),
 			token: $('#token').val()
 		},
 		type: "GET",
 		success: function( data ) {
@ -216,7 +224,8 @@ function showCompareConfigs() {
 		data: {
 			serv: $("#serv").val(),
 			act: "showCompareConfigs",
-			open: "open"
+			open: "open",
 			token: $('#token').val()
 		},
 		type: "GET",
 		success: function( data ) {
@ -230,7 +239,8 @@ function showConfig() {
 		url: "options.py",
 		data: {
 			serv: $("#serv").val(),
-			act: "configShow"
+			act: "configShow",
 			token: $('#token').val()
 		},
 		type: "GET",
 		success: function( data ) {
@ -246,7 +256,8 @@ function showUploadConfig() {
 		data: {
 			serv: $("#serv").val(),
 			act: "configShow",
-			configver: $('#configver').val()
+			configver: $('#configver').val(),
 			token: $('#token').val()
 		},
 		type: "GET",
 		success: function( data ) {
@ -268,6 +279,7 @@ function viewLogs() {
 			minut: $('#time_range_out_minut').val(),
 			hour1: $('#time_range_out_hour1').val(),
 			minut1: $('#time_range_out_minut1').val(),
 			token: $('#token').val()
 		},
 		type: "GET",
 		success: function( data ) {
@ -333,7 +345,7 @@ $( function() {
    });
 	var now = new Date(Date.now());
 	var date1 = now.getHours() * 60 - 1 * 60;
-	var date2 = now.getHours() * 60;
+	var date2 = now.getHours() * 60 + now.getMinutes();
 	$("#time-range").slider({	
 		range: true,
 		min: 0,
@ -361,7 +373,7 @@ $( function() {
 	$('#time_range_out_hour').val(date1/60);
 	$('#time_range_out_minut').val('00');
 	$('#time_range_out_hour1').val(date2/60);
-	$('#time_range_out_minut1').val('00');
+	$('#time_range_out_minut1').val(now.getMinutes());
 	$('#0').click(function() {
 		$('.auto-refresh-div').show("blind", "fast");
@ -612,7 +624,8 @@ $( function() {
 				url: "options.py",
 				data: {
 					ip: request.term,
-					serv: $("#serv").val()
+					serv: $("#serv").val(),
 					token: $('#token').val()
 				},
 				success: function( data ) {
 					data = data.replace(/\s+/g,' ');
@ -635,7 +648,8 @@ $( function() {
 				url: "options.py",
 				data: {
 					ip: request.term,
-					serv: $("#serv2").val()
+					serv: $("#serv2").val(),
 					token: $('#token').val()
 				},
 				success: function( data ) {
 					data = data.replace(/\s+/g,' ');
@ -655,7 +669,8 @@ $( function() {
 				url: "options.py",
 				data: {
 					backend: request.term,
-					serv: $("#serv2").val()
+					serv: $("#serv2").val(),
 					token: $('#token').val()
 				},
 				success: function( data ) {
 					response(data.split('"'));
@ -696,7 +711,8 @@ $( function() {
 				url: "options.py",
 				data: {
 					getcert:1,
-					serv: $("#serv").val()
+					serv: $("#serv").val(),
 					token: $('#token').val()
 				},
 				success: function( data ) {
 					data = data.replace(/\s+/g,' ');
@ -775,7 +791,8 @@ $( function() {
 				url: "options.py",
 				data: {
 					getcert:1,
-					serv: $("#serv2").val()
+					serv: $("#serv2").val(),
 					token: $('#token').val()
 				},
 				success: function( data ) {
 					data = data.replace(/\s+/g,' ');
@ -792,7 +809,8 @@ $( function() {
 				url: "options.py",
 				data: {
 					getcert:1,
-					serv: $("#serv3").val()
+					serv: $("#serv3").val(),
 					token: $('#token').val()
 				},
 				success: function( data ) {
 					data = data.replace(/\s+/g,' ');
@ -809,7 +827,8 @@ $( function() {
 				url: "options.py",
 				data: {
 					showif:1,
-					serv: $("#master").val()
+					serv: $("#master").val(),
 					token: $('#token').val()
 				},
 				success: function( data ) {
 					data = data.replace(/\s+/g,' ');
@ -826,7 +845,8 @@ $( function() {
 				url: "options.py",
 				data: {
 					showif:1,
-					serv: $("#master-add").val()
+					serv: $("#master-add").val(),
 					token: $('#token').val()
 				},
 				success: function( data ) {
 					data = data.replace(/\s+/g,' ');
@ -844,7 +864,8 @@ $( function() {
 			data: {
 				serv: $('#serv4').val(),
 				ssl_cert: $('#ssl_cert').val(),
-				ssl_name: $('#ssl_name').val()
+				ssl_name: $('#ssl_name').val(),
 				token: $('#token').val()
 			},
 			type: "GET",
 			success: function( data ) {
@ -868,7 +889,8 @@ $( function() {
 			url: "options.py",
 			data: {
 				serv: $('#serv5').val(),
-				getcert: "viewcert"
+				getcert: "viewcert",
 				token: $('#token').val()
 			},
 			type: "GET",
 			success: function( data ) {
--- a/inc/users.js
+++ b/inc/users.js
@ -36,7 +36,8 @@ $( function() {
 						slave: $('#slave').val(),
 						interface: $("#interface").val(),
 						vrrpip: $('#vrrp-ip').val(),
-						hap: hap
+						hap: hap,
 						token: $('#token').val()
 					},
 					type: "GET",
 					success: function( data ) { 
@ -73,7 +74,8 @@ $( function() {
 						slaveadd: $('#slave-add').val(),
 						interfaceadd: $("#interface-add").val(),
 						vrrpipadd: $('#vrrp-ip-add').val(),
-						kp: kp
+						kp: kp,
 						token: $('#token').val()
 					},
 					type: "GET",
 					success: function( data ) { 
@ -94,6 +96,7 @@ $( function() {
 			url: "options.py",
 			data: {
 				haproxyaddserv: $('#haproxyaddserv').val(),
 				token: $('#token').val()
 				},
 			type: "GET",
 			success: function( data ) { 
@ -470,7 +473,8 @@ function uploadSsh() {
 	$.ajax( {
 		url: "options.py",
 		data: {
-			ssh_cert: $('#ssh_cert').val()
+			ssh_cert: $('#ssh_cert').val(),
 			token: $('#token').val()
 		},
 		type: "GET",
 		success: function( data ) {
@ -531,6 +535,7 @@ function showApacheLog() {
 			minut: $('#time_range_out_minut').val(),
 			hour1: $('#time_range_out_hour1').val(),
 			minut1: $('#time_range_out_minut1').val(),
 			token: $('#token').val()
 		},
 		type: "GET",
 		success: function( data ) {