function get_network_status($conn, $data)
{
$id = $data['id'];
$location = $data['location'];
ossim_valid($id, OSS_HEX, 'illegal:' . _("Network ID"));
ossim_valid($location, OSS_HEX, 'illegal:' . _("Location ID"));
if (ossim_error()) {
$info_error = "Error: " . ossim_get_error();
ossim_clean_error();
$return['error'] = true;
$return['msg'] = $info_error;
return $return;
}
//aux variables
$answ['0'] = 'error';
$answ['1'] = 'ok';
$answ['2'] = 'info';
$types = array('ids', 'vulns', 'passive', 'active', 'netflow');
//net info
$net = Asset_net::get_object($conn, $id);
if ($net != NULL) {
$cidr = $net->get_ips();
$data['net_name'] = $net->get_name() . " (" . $cidr . ")";
$data['net_owner'] = Session::get_entity_name($conn, $net->get_ctx(), true);
$data['net_descr'] = $net->get_descr();
} else {
$data['net_name'] = _('Unknown');
$data['net_owner'] = _('Unknown');
$data['net_descr'] = _('Unknown');
}
$checks = Locations::get_location_checks($conn, $location);
foreach ($types as $t_pos => $t) {
if (strlen($checks) == 5 && $checks[$t_pos] == 0) {
$data[$t] = 'info';
} else {
$options = array("type" => $t, "percent" => false, "network" => $id);
$var = get_network_visibility($conn, $options);
$data[$t] = $answ[$var];
}
}
$options = array("type" => 'asset_network', "network" => $id);
$data['net_devices'] = get_asset_visibility($conn, $options);
$options = array("type" => 'asset_server', "network" => $id);
$data['servers'] = get_asset_visibility($conn, $options);
$return['error'] = false;
$return['data'] = $data;
return $return;
}
}
if ($type != 'eps') {
mydie(sprintf(_("Invalid param '%s' with value '%s'"), 'type', $type));
}
// Where to find the RRD file
$rrdpath = "/var/lib/ossim/rrd/event_stats/";
//
// Graph style
//
$font = $conf->get_conf('font_path');
$tmpfile = tempnam('/tmp', 'OSSIM');
register_shutdown_function('clean_tmp');
$ds = 'ds0';
$color1 = '#f000f0';
$color2 = '#000000';
$hostname = Session::get_entity_name($conn, $id);
//
// RRDTool cmd execution
//
if (!is_file("{$rrdpath}/{$id}.rrd")) {
//mydie(sprintf(_("No RRD available for: '%s' at '%s'") , $ip, $rrdpath));
$norrdfile = "../../pixmaps/norrd.png";
if (!($fp = @fopen($norrdfile, 'r'))) {
mydie(_("Could not read {$norrdfile} file"));
}
header("Content-Type: image/png");
header("Content-Length: " . filesize($norrdfile));
fpassthru($fp);
fclose($fp);
exit;
}
$ssh_arr = array();
foreach ($ssh_cred as $cred) {
$login_text = $cred['login'];
if ($login_text == '0' || valid_hex32($login_text)) {
$login_text = $login_text == '0' ? _('All') : Session::get_entity_name($conn, $cred['login']);
}
$cred_key = $cred['name'] . '#' . $cred['login'];
$ssh_arr[$cred_key]['selected'] = $cred_key == $ssh_credential ? 'selected="selected"' : '';
$ssh_arr[$cred_key]['name'] = $cred['name'] . ' (' . $login_text . ')';
}
$smb_cred = Vulnerabilities::get_credentials($conn, 'smb');
$smb_arr = array();
foreach ($smb_cred as $cred) {
$login_text = $cred['login'];
if ($login_text == '0' || valid_hex32($login_text)) {
$login_text = $login_text == '0' ? _('All') : Session::get_entity_name($conn, $cred['login']);
}
$cred_key = $cred['name'] . '#' . $cred['login'];
$smb_arr[$cred_key]['selected'] = $cred_key == $smb_credential ? 'selected="selected"' : '';
$smb_arr[$cred_key]['name'] = $cred['name'] . ' (' . $login_text . ')';
}
// fill targets
// array to fill the hidden field with the targets
$targets_list = array();
// array to fill the message when the window is closed
$asset_list = array();
if (empty($targets) == FALSE) {
$select_targets = get_targets($conn, $targets);
} else {
// load selected hosts and nets
if ($type == 'asset' || $type == 'network') {
function main_page($viewall, $sortby, $sortdir)
{
global $uroles, $username, $dbconn, $hosts;
global $arruser, $user;
$dbconn->SetFetchMode(ADODB_FETCH_BOTH);
$tz = Util::get_timezone();
if ($sortby == "") {
$sortby = "id";
}
if ($sortdir == "") {
$sortdir = "DESC";
}
$sql_order = "order by {$sortby} {$sortdir}";
if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
?>
<div style="width:50%; position: relative; height: 5px; float:left">
<div style="width:100%; position: absolute; top: -41px;left:0px;">
<div style="float:left; height:28px; margin:5px 5px 0px 0px;">
<a class="button" href="<?php
echo Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?smethod=schedule&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs');
?>
">
<?php
echo _("New Scan Job");
?>
</a>
</div>
<div style="float:left;height:28px;margin:5px 5px 0px -2px;">
<a class="greybox button av_b_secondary" href="import_nbe.php" title="<?php
echo _("Import nbe file");
?>
">
<?php
echo _("Import nbe file");
?>
</a>
</div>
</div>
</div>
<?php
}
if (intval($_GET['page']) != 0) {
$page = intval($_GET['page']);
} else {
$page = 1;
}
$pagesize = 10;
if ($username == "admin") {
$query = "SELECT count(id) as num FROM vuln_jobs";
} else {
$query = "SELECT count(id) as num FROM vuln_jobs where username='******'";
}
$result = $dbconn->Execute($query);
$jobCount = $result->fields["num"];
$num_pages = ceil($jobCount / $pagesize);
//echo "num_pages:[".$num_pages."]";
//echo "jobCount:[".$jobCount."]";
//echo "page:[".$page."]";
if (Vulnerabilities::scanner_type() == "omp") {
// We can display scan status with OMP protocol
echo Vulnerabilities::get_omp_running_scans($dbconn);
} else {
// Nessus
all_jobs(0, 10, "R");
}
?>
<?php
$schedulejobs = _("Scheduled Jobs");
echo <<<EOT
<table style='margin-top:20px;' class='w100 transparent'><tr><td class='sec_title'>{$schedulejobs}</td></tr></table>
<table summary="Job Schedules" class='w100 table_list'>
EOT;
if ($sortdir == "ASC") {
$sortdir = "DESC";
} else {
$sortdir = "ASC";
}
$arr = array("name" => "Name", "schedule_type" => "Schedule Type", "time" => "Time", "next_CHECK" => "Next Scan", "enabled" => "Status");
// modified by hsh to return all scan schedules
if (empty($arruser)) {
$query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id ";
} else {
$query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id WHERE username in ({$user}) ";
}
$query .= $sql_order;
$result = $dbconn->execute($query);
if ($result->EOF) {
echo "<tr><td class='empty_results' height='20' style='text-align:center;'>" . _("No Scheduled Jobs") . "</td></tr>";
}
if (!$result->EOF) {
echo "<tr>";
foreach ($arr as $order_by => $value) {
echo "<th><a href=\"manage_jobs.php?sortby={$order_by}&sortdir={$sortdir}\">" . _($value) . "</a></th>";
}
if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
echo "<th>" . _("Action") . "</th></tr>";
}
}
$colors = array("#FFFFFF", "#EEEEEE");
$color = 0;
while (!$result->EOF) {
list($profile, $targets, $schedid, $schedname, $schedtype, $sid, $timeout, $user, $schedstatus, $nextscan, $servers) = $result->fields;
$name = Av_sensor::get_name_by_id($dbconn, $servers);
$servers = $name != '' ? $name : "unknown";
$targets_to_resolve = explode("\n", $targets);
$ttargets = array();
foreach ($targets_to_resolve as $id_ip) {
if (preg_match("/^([a-f\\d]{32})#\\d+\\.\\d+\\.\\d+\\.\\d+\\/\\d{1,2}/i", $id_ip, $found) && Asset_net::is_in_db($dbconn, $found[1])) {
$ttargets[] = preg_replace("/^([a-f\\d]{32})#/i", "", $id_ip) . " (" . Asset_net::get_name_by_id($dbconn, $found[1]) . ")";
} else {
if (preg_match("/^([a-f\\d]{32})#\\d+\\.\\d+\\.\\d+\\.\\d+/i", $id_ip, $found) && Asset_host::is_in_db($dbconn, $found[1])) {
$ttargets[] = preg_replace("/^([a-f\\d]{32})#/i", "", $id_ip) . " (" . Asset_host::get_name_by_id($dbconn, $found[1]) . ")";
} else {
$ttargets[] = preg_replace("/[a-f\\d]{32}/i", "", $id_ip);
}
}
}
$targets = implode("<BR/>", $ttargets);
$tz = intval($tz);
$nextscan = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($nextscan) + 3600 * $tz);
preg_match("/\\d+\\-\\d+\\-\\d+\\s(\\d+:\\d+:\\d+)/", $nextscan, $found);
$time = $found[1];
switch ($schedtype) {
case "N":
$stt = _("Once (Now)");
break;
case "O":
$stt = _("Once");
break;
case "D":
$stt = _("Daily");
break;
case "W":
$stt = _("Weekly");
break;
case "M":
$stt = _("Monthly");
break;
case "Q":
$stt = _("Quarterly");
break;
case "H":
$stt = _("On Hold");
break;
case "NW":
$stt = _("N<sup>th</sup> weekday of the month");
break;
default:
$stt = " ";
break;
}
switch ($schedstatus) {
case "1":
$itext = _("Disable Scheduled Job");
$isrc = "images/stop_task.png";
$ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=0";
break;
default:
$itext = _("Enable Scheduled Job");
$isrc = "images/play_task.png";
$ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=1";
break;
}
if (!Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
$ilink = "javascript:return false;";
}
if ($schedstatus) {
$txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"green\">" . _("Enabled") . "</font></a></td>";
} else {
$txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"red\">" . _("Disabled") . "</font></a></td>";
}
require_once 'classes/Security.inc';
if (valid_hex32($user)) {
$user = Session::get_entity_name($dbconn, $user);
}
echo "<tr bgcolor=\"" . $colors[$color % 2] . "\">";
if ($profile == "") {
$profile = _("Default");
}
echo "<td><span class=\"tip\" title=\"<b>" . _("Owner") . ":</b> {$user}<br><b>" . _("Server") . ":</b> {$servers}<br /><b>" . _("Scheduled Job ID") . ":</b> {$schedid}<br><b>" . _("Profile") . ":</b> {$profile}<br><b>" . _("Targets") . ":</b><br>" . $targets . "\">{$schedname}</span></td>";
?>
<td><?php
echo $stt;
?>
</td>
<td><?php
echo $time;
?>
</td>
<td><?php
echo $nextscan;
?>
</td>
<?php
echo <<<EOT
{$txt_enabled}
<td style="padding-top:2px;"><a href="{$ilink}"><img alt="{$itext}" src="{$isrc}" border=0 title="{$itext}"></a>
EOT;
if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
echo "<a href='" . Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?disp=edit_sched&sched_id=' . $schedid, 'environment', 'vulnerabilities', 'scan_jobs') . "'><img src='images/pencil.png' title='" . _("Edit Scheduled") . "'></a> ";
echo "<a href='manage_jobs.php?disp=delete&schedid={$schedid}' onclick='return confirmDelete();'><img src='images/delete.gif' title='" . gettext("Delete Scheduled") . "'></a>";
}
echo "</td>";
echo <<<EOT
</tr>
EOT;
$result->MoveNext();
$color++;
}
echo <<<EOT
</table>
EOT;
?>
<br />
<?php
$out = all_jobs(($page - 1) * $pagesize, $pagesize);
?>
<table width="100%" align="center" class="transparent" cellspacing="0" cellpadding="0">
<tr>
<td class="nobborder" valign="top" style="padding-top:5px;">
<div class="fright">
<?php
if ($out != 0 && $num_pages != 1) {
$page_url = "manage_jobs.php";
if ($page == 1 && $page == $num_pages) {
echo '<a href="" class="link_paginate_disabled" onclick="return false">< ' . _("PREVIOUS") . '</a>';
echo '<a class="lmargin link_paginate_disabled" href="" onclick="return false">' . _("NEXT") . ' ></a>';
} elseif ($page == 1) {
echo '<a href="" class="link_paginate_disabled" onclick="return false">< ' . _("PREVIOUS") . '</a>';
echo '<a class="lmargin" href="' . $page_url . '?page=' . ($page + 1) . '">' . _("NEXT") . ' ></a> ';
} elseif ($page == $num_pages) {
echo '<a href="' . $page_url . '?page=' . ($page - 1) . '">< ' . _("PREVIOUS") . '</a>';
echo '<a class="lmargin link_paginate_disabled" href="" onclick="return false">' . _("NEXT") . ' ></a>';
} else {
echo '<a href="' . $page_url . '?page=' . ($page - 1) . '">< ' . _("PREVIOUS") . '</a><a class="lmargin" href="' . $page_url . '?page=' . ($page + 1) . '">' . _("NEXT") . ' ></a>';
}
}
?>
</div>
</td>
</tr>
</table>
<?php
}
continue;
}
$file_date = @filemtime($rrdpath . DIRECTORY_SEPARATOR . $rrdfile);
// Get files list modified after start date
if (isset($start) && $file_date !== false && $file_date > $start) {
// Draw graph
$id = RemoveExtension($rrdfile, ".rrd");
$entity_type = Session::get_entity_type($conn, $id);
if ($entity_type == 'context') {
// Ignore engines and Logical entities
?>
<tr>
<td style='padding-bottom:10px' align='center'>
<center>
<h4><i><?php
echo Session::get_entity_name($conn, $id);
?>
</i></h4>
<img src="<?php
echo "../report/graphs/draw_rrd.php?id={$id}&what=eps&start={$start}&end={$end}&type=eps";
?>
" border='0'/>
</center>
</td>
</tr>
<?php
}
}
}
closedir($gestordir);
}
<td class="nobborder"><br>
<div style='width:90%;margin:0 auto;text-align:center;'>
<table width="100%" align="center" class='dataTable table_data'>
<thead>
<th><?php
echo _('Available Reports');
?>
</th>
</thead>
<tbody>
<?php
$color = 0;
foreach ($creports as $report) {
$value = unserialize($report["value"]);
if ($value["entity"] != "-1" && $value["entity"] != "") {
$permissions = Session::get_entity_name($dbconn, $value["entity"]);
} elseif ($value["user"] != "-1") {
$permissions = $value["user"] == "0" ? _("All user") : $value["user"];
}
$tooltip = "<span style='font-weight:bold'>" . _("Owner:") . "</span> <span style='font-weight:normal'>" . $report["login"] . "</span>";
$tooltip .= "<br><span style='font-weight:bold'>" . _("Available for:") . "</span> <span style='font-weight:normal'>" . $permissions . "</span>";
$tooltip .= "<br><span style='font-weight:bold'>" . _("Creation date:") . "</span> <span style='font-weight:normal'>" . $value["cdate"] . "</span>";
if ($value["cdate"] == $value["mdate"]) {
$tooltip .= "<br><span style='font-weight:bold'>" . _("Modification date:") . "</span> <span style='font-weight:normal'>-</span>";
} else {
$tooltip .= "<br><span style='font-weight:bold'>" . _("Modification date:") . "</span> <span style='font-weight:normal'>" . $value["mdate"] . "</span>";
}
$tooltip .= "<br><span style='font-weight:bold'>" . _("Assets:") . "</span> <span style='font-weight:normal'>" . $value["assets"] . "</span>";
// Dates
if ($value["date_range"] == "custom" || $value["date_range"] == "") {
$tooltip .= "<br><span style='font-weight:bold'>" . _("Date from:") . "</span> <span style='font-weight:normal'>" . $value["date_from"] . "</span>";
function select_profile()
{
global $sid, $username, $dbconn, $version, $nessus_path;
$args = "";
if (!Session::am_i_admin()) {
list($owners, $sqlowners) = Vulnerabilities::get_users_and_entities_filter($dbconn);
$owners[] = '0';
$sql_perms .= " OR owner IN('" . implode("', '", $owners) . "')";
$args = "WHERE name='Default' OR name='Deep' OR name='Ultimate' " . $sql_perms;
}
$layouts = array();
$query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings {$args} ORDER BY name";
$dbconn->SetFetchMode(ADODB_FETCH_BOTH);
$result = $dbconn->execute($query);
echo "<CENTER>";
echo "<table class=\"transparent\"><tr><td class=\"sec_title\">" . _("Vulnerability Scan Profiles") . "</td></tr></table>";
echo "<p>";
echo _("Please select a profile to edit") . ":";
echo "</p>";
echo "<table class='table_list'>";
echo "<tr>";
echo "<th>" . _("Available for") . "</th>";
echo "<th>" . _("Profile") . "</th>";
echo "<th>" . _("Description") . "</th>";
echo "<th>" . _("Action") . "</th>";
echo "</tr>";
$color = 0;
while (!$result->EOF) {
$sid = $result->fields[0];
$sname = $result->fields[1];
$sdescription = $result->fields[2];
$sowner = $result->fields[3];
$stype = $result->fields[4];
echo "<tr id='profile{$sid}'>";
if ($sowner == "0") {
echo "<td>" . _("All") . "</td>";
} elseif (valid_hex32($sowner)) {
echo "<td style='padding:0px 2px 0px 2px;'>" . Session::get_entity_name($dbconn, $sowner) . "</td>";
} else {
echo "<td>" . Util::htmlentities($sowner) . "</td>";
}
echo "<td width='200'>" . Util::htmlentities($sname) . "</td>";
echo "<td width='450'>" . Util::htmlentities($sdescription) . "</td>";
echo "<td>";
if ($sname == "Default" || $sname == "Deep" || $sname == "Ultimate") {
echo "<img src=\"images/pencil.png\" class=\"tip disabled\" title=\"" . _("{$sname} profile can't be edited, clone it to make changes") . "\" />";
echo "<img src=\"images/delete.gif\" class=\"tip disabled\" title=\"" . _("{$sname} profile can't be deleted") . "\" />";
} else {
if (Vulnerabilities::can_modify_profile($dbconn, $sname, $sowner)) {
echo "<a href='settings.php?disp=edit&sid={$sid}'><img class='hand' id='edit_" . md5($sname . $sowner) . "' src='images/pencil.png' ></a>";
} else {
echo "<img class='disabled' src='images/pencil.png'>";
}
if (Vulnerabilities::can_delete_profile($dbconn, $sname, $sowner)) {
echo "<img class='hand' src='images/delete.gif' id='delete_" . md5($sname . $sowner) . "' onclick='deleteProfile({$sid})'>";
} else {
echo "<img class='disabled' src=\"images/delete.gif\" >";
}
}
echo "</td>";
echo "</tr>";
$result->MoveNext();
$color++;
}
echo "</table>";
echo "<center>";
echo "<form>";
echo "<br/>";
echo "<input type='button' onclick=\"document.location.href='settings.php?disp=new'\" id=\"new_profile\" value=\"" . _("Create New Profile") . "\"/>";
echo "</form>";
echo "</p>";
echo "</center>";
// end else
}
*
*/
require_once 'av_init.php';
Session::logcheck_ajax('environment-menu', 'PolicyHosts');
session_write_close();
$validate = array('asset_type' => array('validation' => 'OSS_LETTER', 'e_message' => 'illegal:' . _('Asset Type')));
$asset_type = POST('asset_type');
$validation_errors = validate_form_fields('POST', $validate);
if (!empty($validation_errors)) {
Util::response_bad_request(_('Sorry, asset data was not loaded due to a validation error'));
}
$db = new ossim_db();
$conn = $db->connect();
$ctx = Asset_host::get_common_ctx($conn);
if (!empty($ctx)) {
$ctx_name = Session::get_entity_name($conn, $ctx);
$ctx_name = Util::utf8_encode2($ctx_name);
//Check asset context
$ext_ctxs = Session::get_external_ctxs($conn);
if (!empty($ext_ctxs[$ctx])) {
// CTX is external, this CTX could not be edited
$ctx = NULL;
} else {
//Server related to CTX
$server_obj = Server::get_server_by_ctx($conn, $ctx);
$s_name = '';
$s_ip = '';
if ($r_server) {
$s_name = $server_obj->get_name();
$s_ip = $server_obj->get_ip();
}
$ctx_pro = array_shift(array_keys($entities));
return array($entities, $ctx_pro);
}
$db = new ossim_db();
$conn = $db->connect();
$pro = Session::is_pro();
$avmssp = true;
//intval($conf->get_conf("alienvault_mssp", FALSE));
$contexts = array();
$engines = array();
$ctx_prev = '';
if ($pro) {
list($entities, $ctx_prev) = get_policy_entities($conn, $ctx_pro);
} else {
$ctx_prev = Session::get_default_ctx();
$entities[$ctx_prev] = Session::get_entity_name($conn, $ctx_prev);
}
$ctx = GET("ctx") != "" ? GET("ctx") : $_SESSION['policy_ctx'];
$reorder = GET("reorder");
if (empty($ctx)) {
$ctx = $ctx_prev;
}
ossim_valid($ctx, OSS_HEX, 'illegal:' . _("ctx"));
ossim_valid($reorder, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Policy Option"));
if (ossim_error()) {
die(ossim_error());
}
$_SESSION['policy_ctx'] = $ctx;
$conf = $GLOBALS["CONF"];
$server_logger_if_priority = is_null($conf->get_conf("server_logger_if_priority", false)) ? 0 : $conf->get_conf("server_logger_if_priority");
$engines = Session::get_engines_by_ctx($conn, $ctx);
?>
?</a></span>
</th>
<td class="nobborder">
<input type="hidden" name="ctx" id="ctx" value="<?php
echo $ctx;
?>
" class="vfield"/>
<table class="transparent">
<tr>
<td class="nobborder"><div id="tree"></div></td>
</tr>
<tr>
<td class="nobborder">
<div id="entity_selected"><?php
echo _('Context selected') . ": <b>" . (empty($ctx) ? _('None') : Session::get_entity_name($conn, $ctx)) . "</b>";
?>
</div>
</td>
</tr>
</table>
</td>
</tr>
<?php
} else {
?>
<input type="hidden" name="ctx" id="ctx" value="<?php
echo Session::get_default_ctx();
?>
" class="vfield"/>
<?php
<?php
if (Session::show_entities()) {
?>
<td class='td_tree'>
<table id="t_tree">
<tr>
<td class="left noborder">
<div id="entity_selected">
<span><?php
echo _('Context selected') . ":";
?>
</span>
<span id='ctx_txt'>
<?php
echo empty($ctx) ? _('None') : Session::get_entity_name($conn, $ctx);
?>
</span>
</div>
</td>
</tr>
<tr>
<td class="left noborder">
<div id="tree"></div>
</td>
</tr>
</table>
</td>
<?php
}
?>
*/
require_once 'av_init.php';
Session::logcheck("environment-menu", "EventsVulnerabilitiesScan");
$db = new ossim_db();
$dbconn = $db->connect();
$data = REQUEST('credential');
$host_id_ip = POST('host_id_ip') != "" ? POST('host_id_ip') : POST('searchBox');
list($name, $login) = explode(";", $data);
ossim_valid($name, OSS_ALPHA, OSS_SCORE, OSS_SPACE, OSS_DOT, OSS_AT, 'illegal:' . _("Name"));
$login_text = $login;
if ($login != '0') {
if (!ossim_valid($login, OSS_HEX, 'illegal:' . _("Entity"))) {
ossim_clean_error();
ossim_valid($login, OSS_USER_2, 'illegal:' . _("login"));
} else {
$login_text = Session::get_entity_name($dbconn, $login);
}
} else {
$login_text = _("All");
}
if (preg_match("/#/", $host_id_ip)) {
list($host_id, $host_ip) = explode("#", $host_id_ip);
ossim_valid($host_ip, OSS_IP_ADDR, 'illegal:' . _("Host IP"));
ossim_valid($host_id, OSS_HEX, 'illegal:' . _("Host ID"));
} else {
// only IP
ossim_valid($host_id_ip, OSS_NULLABLE, OSS_IP_ADDR, 'illegal:' . _("Host IP"));
}
if (ossim_error()) {
die(ossim_error());
}
} else {
$total = 0;
}
$xml .= "<rows>\n";
$xml .= "<page>{$page}</page>\n";
$xml .= "<total>{$total}</total>\n";
foreach ($port_list as $port_group) {
$name = $port_group->get_name();
$id = $port_group->get_id();
$xml .= "<row id='" . $id . "'>";
$link_modify = "<a style='font-weight:bold;' href=\"./newportgroupform.php?id=" . $id . "\">" . Util::htmlentities($name) . "</a>";
$xml .= "<cell><![CDATA[" . $link_modify . "]]></cell>";
$ports = array();
foreach ($port_group->get_reference_ports($conn, $id) as $port) {
$ports[] = $port->get_port_number() . "-" . $port->get_protocol_name();
}
$ports = Port_group::group_ports($ports);
$xml .= "<cell><![CDATA[" . implode(', ', $ports) . "]]></cell>";
if (Session::show_entities()) {
$xml .= "<cell><![CDATA[" . Session::get_entity_name($conn, $port_group->get_ctx()) . "]]></cell>";
}
$desc = $port_group->get_descr();
if ($desc == "") {
$desc = " ";
}
$xml .= "<cell><![CDATA[" . utf8_encode($desc) . "]]></cell>";
$xml .= "</row>\n";
}
$xml .= "</rows>\n";
echo $xml;
$db->close();
function tab_discovery()
{
global $component, $uroles, $editdata, $scheduler, $username, $useremail, $dbconn, $disp, $enScanRequestImmediate, $enScanRequestRecur, $timeout, $smethod, $SVRid, $sid, $ip_list, $ip_exceptions_list, $schedule_type, $ROYEAR, $ROday, $ROMONTH, $time_hour, $time_min, $dayofweek, $dayofmonth, $sname, $user, $entity, $hosts_alive, $scan_locally, $version, $nthweekday, $semail, $not_resolve, $time_interval, $ssh_credential, $smb_credential, $net_id;
global $pluginOptions, $enComplianceChecks, $profileid;
$conf = $GLOBALS["CONF"];
$users = Session::get_users_to_assign($dbconn);
$entities_to_assign = Session::get_entities_to_assign($dbconn);
$pre_scan_locally_status = $conf->get_conf("nessus_pre_scan_locally");
$user_selected = $user;
$entity_selected = $entity;
$SVRid_selected = $SVRid;
$sid_selected = $sid != "" ? $sid : $editdata['meth_VSET'];
$timeout_selected = $editdata["meth_TIMEOUT"];
$ip_list_selected = str_replace("\\r\\n", "\n", str_replace(";;", "\n", $ip_list));
if (count($ip_exceptions_list) > 0) {
$ip_list_selected .= "\n" . implode("\n", $ip_exceptions_list);
}
$ROYEAR_selected = $ROYEAR;
$ROday_selected = $ROday;
$ROMONTH_selected = $ROMONTH;
$time_hour_selected = $time_hour;
$time_min_selected = $time_min;
$dayofweek_selected = $dayofweek;
$dayofmonth_selected = $dayofmonth;
$sname_selected = $sname;
if (preg_match("/^[a-f\\d]{32}\$/i", $net_id)) {
// Autofill new scan job from deployment
if (Asset_net::is_in_db($dbconn, $net_id)) {
$sname_selected = Asset_net::get_name_by_id($dbconn, $net_id);
$schedule_type = "M";
$ip_list = array();
$nips = explode(",", Asset_net::get_ips_by_id($dbconn, $net_id));
foreach ($nips as $nip) {
$ip_list[] = $net_id . "#" . trim($nip);
}
}
}
if ($schedule_type != "") {
$editdata['schedule_type'] = $schedule_type;
}
$cquery_like = "";
if ($component != "") {
$cquery_like = " AND component='{$component}'";
}
$today = date("Ymd");
$tyear = substr($today, 0, 4);
$nyear = $tyear + 1;
$tmonth = substr($today, 4, 2);
$tday = substr($today, 6, 2);
#SET VALUES UP IF EDIT SCHEDULER
if (isset($editdata['notify'])) {
$enotify = $editdata['notify'];
} else {
$enotify = "{$useremail}";
}
if (isset($editdata['time'])) {
list($time_hour, $time_min, $time_sec) = split(':', $editdata['time']);
$tz = Util::get_timezone();
$time_hour = $time_hour + $tz;
}
$arrTypes = array("N", "O", "D", "W", "M", "NW");
foreach ($arrTypes as $type) {
$sTYPE[$type] = "";
}
$arrJobTypes = array("C", "M", "R", "S");
foreach ($arrJobTypes as $type) {
$sjTYPE[$type] = "";
}
if (isset($editdata['schedule_type'])) {
$sTYPE[$editdata['schedule_type']] = "selected='selected'";
if ($editdata['schedule_type'] == 'D') {
$ni = 2;
} elseif ($editdata['schedule_type'] == 'O') {
$ni = 3;
} elseif ($editdata['schedule_type'] == 'W') {
$ni = 4;
} elseif ($editdata['schedule_type'] == 'NW') {
$ni = 6;
} else {
$ni = 5;
}
$show = "<br><script language=javascript>showLayer('idSched', {$ni});</script>";
} else {
if ($enScanRequestImmediate) {
$sTYPE['N'] = "selected='selected'";
$show = "<br><script language=javascript>showLayer('idSched', 1);</script>";
} else {
$sTYPE['O'] = "selected='selected'";
$show = "<br><script language=javascript>showLayer('idSched', 3);</script>";
}
}
if ($schedule_type != "") {
if ($schedule_type == "N") {
$show .= "<br><script language=javascript>showLayer('idSched', 1);</script>";
}
if ($schedule_type == "O") {
$show .= "<br><script language=javascript>showLayer('idSched', 3);</script>";
}
if ($schedule_type == "D") {
$show .= "<br><script language=javascript>showLayer('idSched', 2);</script>";
}
if ($schedule_type == "W") {
$show .= "<br><script language=javascript>showLayer('idSched', 4);</script>";
}
if ($schedule_type == "M") {
$show .= "<br><script language=javascript>showLayer('idSched', 5);</script>";
}
if ($schedule_type == "NW") {
$show .= "<br><script language=javascript>showLayer('idSched', 6);</script>";
}
}
if (isset($editdata['job_TYPE'])) {
$sjTYPE[$editdata['job_TYPE']] = "SELECTED";
} else {
$sjTYPE['M'] = "SELECTED";
}
if (isset($editdata['day_of_month'])) {
$dayofmonth = $editdata['day_of_month'];
}
if (isset($editdata['day_of_week'])) {
$day[$editdata['day_of_week']] = "SELECTED";
}
if ($dayofweek_selected != "") {
$day[$dayofweek_selected] = "SELECTED";
}
if (!$uroles['nessus']) {
$name = "sr-" . substr($username, 0, 6) . "-" . time();
$name = $editdata['name'] == "" ? $name : $editdata['name'];
$nameout = $name . "<input type=hidden style='width:210px' name='sname' value='{$name}'>";
} else {
$nameout = "<input type=text style='width:210px' name='sname' value='" . ($sname_selected != "" ? "{$sname_selected}" : "{$editdata['name']}") . "'>";
}
$discovery = "<input type=\"hidden\" name=\"save_scan\" value=\"1\">";
$discovery .= "<input type=\"hidden\" name=\"cred_type\" value=\"N\">";
$discovery .= "<table width=\"80%\" cellspacing=\"4\">";
$discovery .= "<tr>";
$discovery .= "<input type=\"hidden\" name=\"smethod\" value=\"{$smethod}\">";
$discovery .= "<td width=\"25%\" class='job_option'>" . Util::strong(_("Job Name") . ":") . "</td>";
$discovery .= "<td style=\"text-align:left;\">{$nameout}</td>";
$discovery .= "</tr>";
list($sensor_list, $total) = Av_sensor::get_list($dbconn);
$discovery .= "<tr>";
$discovery .= "<td class='job_option'>" . Util::strong(_("Select Server") . ":") . "</td>";
$discovery .= "<td style='text-align:left;'><select id='SVRid' style='width:212px' name='SVRid'>";
$discovery .= "<option value='Null'>" . _("First Available Server-Distributed") . "</option>";
foreach ($sensor_list as $_sensor_id => $sensor_data) {
if (intval($sensor_data['properties']['has_vuln_scanner']) == 1) {
$discovery .= "<option value=\"{$_sensor_id}\" ";
if ($editdata['email'] == $_sensor_id || $editdata['scan_ASSIGNED'] == $_sensor_id) {
$discovery .= " SELECTED";
}
if ($SVRid_selected == $_sensor_id) {
$discovery .= " SELECTED";
}
$discovery .= ">" . strtoupper($sensor_data['name']) . " [" . $sensor_data['ip'] . "] </option>";
}
}
$discovery .= <<<EOT
</select>
</td>
</tr>
<tr>
EOT;
$discovery .= "<td class='job_option'>" . Util::strong(_("Profile") . ":") . "</td>";
$discovery .= "<td style='text-align:left;'><select name='sid'>";
$query = "";
if ($username == "admin" || Session::am_i_admin()) {
$query = "SELECT distinct(t1.id), t1.name, t1.description \n FROM vuln_nessus_settings t1 WHERE deleted='0'\n ORDER BY t1.name";
} else {
if (Session::is_pro()) {
$users_and_entities = Acl::get_entities_to_assign($dbconn);
if (Acl::am_i_proadmin()) {
$users = Acl::get_my_users($dbconn, Session::get_session_user());
foreach ($users as $us) {
$users_and_entities[$us->get_login()] = $us->get_login();
}
$owner_list['0'] = '0';
$owner_list = array_keys($users_and_entities);
$owner_list = implode("','", $owner_list);
$query = "SELECT distinct(t1.id), t1.name, t1.description FROM vuln_nessus_settings t1\n WHERE deleted = '0' and (name='Default' or owner in ('" . $owner_list . "')) ORDER BY t1.name";
} else {
$owner_list['0'] = '0';
$owner_list[$username] = $username;
$owner_list = array_keys($users_and_entities);
$owner_list[] = Session::get_session_user();
$owner_list = implode("','", $owner_list);
$user_where = "owner in ('" . $owner_list . "')";
$query = "SELECT distinct(t1.id), t1.name, t1.description FROM vuln_nessus_settings t1\n WHERE deleted = '0' and (name='Default' or {$user_where}) ORDER BY t1.name";
}
} else {
$query = "SELECT distinct(t1.id), t1.name, t1.description FROM vuln_nessus_settings t1\n WHERE deleted = '0' and (name='Default' or owner in ('0','{$username}')) ORDER BY t1.name";
}
}
$dbconn->SetFetchMode(ADODB_FETCH_BOTH);
$result = $dbconn->execute($query);
$job_profiles = array();
$id_found = false;
$ipr = 0;
while (!$result->EOF) {
list($sid, $sname, $sdescription) = $result->fields;
if ($sid_selected == $sid) {
$id_found = true;
}
$job_profiles[$ipr]["sid"] = $sid;
$job_profiles[$ipr]["sname"] = $sname;
$job_profiles[$ipr]["sdescription"] = $sdescription;
$ipr++;
$result->MoveNext();
}
foreach ($job_profiles as $profile_data) {
$sid = $profile_data["sid"];
$sname = $profile_data["sname"];
$sdescription = $profile_data["sdescription"];
$discovery .= "<option value=\"{$sid}\" ";
if ($sid_selected == $sid) {
if ($sdescription != "") {
$discovery .= "selected>{$sname} - {$sdescription}</option>";
} else {
$discovery .= "selected>{$sname}</option>";
}
} else {
if ($sdescription != "") {
$discovery .= (preg_match("/default/i", $sname) && !$id_found ? 'selected="selected"' : "") . ">{$sname} - {$sdescription}</option>";
} else {
$discovery .= (preg_match("/default/i", $sname) && !$id_found ? 'selected="selected"' : "") . ">{$sname}</option>";
}
}
}
$discovery .= "</select>  <a href=\"" . Menu::get_menu_url('settings.php', 'environment', 'vulnerabilities', 'scan_jobs') . "\">[" . _("EDIT PROFILES") . "]</a></td>";
$discovery .= "</tr>";
$discovery .= "<tr>";
$discovery .= "<td class='job_option' style='vertical-align: top;'><div>" . Util::strong(_("Schedule Method") . ":") . "</div></td>";
$discovery .= "<td style='text-align:left'><div><select name='schedule_type' id='scheduleM'>";
$discovery .= "<option value='N' {$sTYPE['N']}>" . _("Immediately") . "</option>";
$discovery .= "<option value='O' {$sTYPE['O']}>" . _("Run Once") . "</option>";
$discovery .= "<option value='D' {$sTYPE['D']}>" . _("Daily") . "</option>";
$discovery .= "<option value='W' {$sTYPE['W']}>" . _("Day of the Week") . "</option>";
$discovery .= "<option value='M' {$sTYPE['M']}>" . _("Day of the Month") . "</option>";
$discovery .= "<option value='NW' {$sTYPE['NW']}>" . _("N<sup>th</sup> weekday of the month") . "</option>";
$discovery .= "</select></div></tr>";
$smethods = array("O", "D", "W", "M", "NW");
$smethodtr_display = in_array($editdata['schedule_type'], $smethods) ? "" : "style='display:none'";
$discovery .= "<tr {$smethodtr_display} id='smethodtr'><td> </td>";
$discovery .= <<<EOT
</td>
<td><div>
<div id="idSched1" class="forminput">
</div>
EOT;
// div to select start day
$discovery .= "<div id=\"idSched8\" class=\"forminput\">";
$discovery .= "<table cellspacing=\"2\" cellpadding=\"0\" width=\"100%\">";
$discovery .= "<tr><th width='35%'>" . _("Begin in") . "</th><td class='noborder' nowrap='nowrap'>" . gettext("Year") . " <select name='biyear'>";
$discovery .= "<option value=\"{$tyear}\" selected>{$tyear}</option>";
$discovery .= "<option value=\"{$nyear}\" >{$nyear}</option>";
$discovery .= "</select> " . gettext("Month") . " <select name='bimonth'>";
for ($i = 1; $i <= 12; $i++) {
$discovery .= "<option value=\"{$i}\" ";
if ($i == $tmonth) {
$discovery .= "selected";
}
$discovery .= ">{$i}</option>";
}
$discovery .= "</select> " . gettext("Day") . " <select name=\"biday\">";
for ($i = 1; $i <= 31; $i++) {
$discovery .= "<option value=\"{$i}\" ";
if ($i == $tday) {
$discovery .= "selected";
}
$discovery .= ">{$i}</option>";
}
$discovery .= "</select></td>";
$discovery .= "</tr>";
$discovery .= "</table>";
$discovery .= "</div>";
$discovery .= <<<EOT
<div id="idSched3" class="forminput">
<table cellspacing="2" cellpadding="0" width="100%">
EOT;
$discovery .= "<tr><th width='35%'>" . _("Day") . "</th><td colspan='6' class='noborder' nowrap='nowrap'>" . gettext("Year") . " <select name='ROYEAR'>";
$discovery .= "<option value=\"{$tyear}\" " . ($ROYEAR_selected == "" || $ROYEAR_selected == $tyear ? "selected" : "") . ">{$tyear}</option>";
$discovery .= "<option value=\"{$nyear}\" " . ($ROYEAR_selected == $nyear ? "selected" : "") . ">{$nyear}</option>";
$discovery .= "</select> " . gettext("Month") . " <select name='ROMONTH'>";
for ($i = 1; $i <= 12; $i++) {
$discovery .= "<option value=\"{$i}\" ";
if ($i == $tmonth && $ROMONTH_selected == "" || $ROMONTH_selected == $i) {
$discovery .= "selected";
}
$discovery .= ">{$i}</option>";
}
$discovery .= "</select> " . gettext("Day") . " <select name=\"ROday\">";
for ($i = 1; $i <= 31; $i++) {
$discovery .= "<option value=\"{$i}\" ";
if ($i == $tday && $ROday_selected == "" || $ROday_selected == $i) {
$discovery .= "selected";
}
$discovery .= ">{$i}</option>";
}
$discovery .= <<<EOT
</select></td>
</tr>
</table>
</div>
<div id="idSched4" class="forminput" >
<table width="100%">
<tr>
EOT;
$discovery .= "<th align=\"right\" width=\"35%\">" . _("Weekly") . "</th><td colspan=\"2\" class=\"noborder\">";
$discovery .= "<select name=\"dayofweek\">";
$discovery .= "<option value=\"Su\" SELECTED >" . gettext("Select week day to run") . "</option>";
$discovery .= "<option value=\"Su\" {$day['Su']} >" . gettext("Sunday") . "</option>";
$discovery .= "<option value=\"Mo\" {$day['Mo']} >" . gettext("Monday") . "</option>";
$discovery .= "<option value=\"Tu\" {$day['Tu']} >" . gettext("Tuesday") . "</option>";
$discovery .= "<option value=\"We\" {$day['We']} >" . gettext("Wednesday") . "</option>";
$discovery .= "<option value=\"Th\" {$day['Th']} >" . gettext("Thursday") . "</option>";
$discovery .= "<option value=\"Fr\" {$day['Fr']} >" . gettext("Friday") . "</option>";
$discovery .= "<option value=\"Sa\" {$day['Sa']} >" . gettext("Saturday") . "</option>";
$discovery .= "</select>";
$discovery .= "</td>";
$discovery .= <<<EOT
</tr>
</table>
</div>
<div id="idSched5" class="forminput">
<table width="100%">
<tr>
EOT;
$discovery .= "<th width='35%'>" . gettext("Select Day") . "</td>";
$discovery .= <<<EOT
<td colspan="2" class="noborder"><select name="dayofmonth">"
EOT;
for ($i = 1; $i <= 31; $i++) {
$discovery .= "<option value=\"{$i}\"";
if ($dayofmonth == $i && $dayofmonth_selected == "" || $dayofmonth_selected == $i) {
$discovery .= " selected";
}
$discovery .= ">{$i}</option>";
}
$discovery .= <<<EOT
</select></td>
</tr>
</table>
</div>
<div id="idSched6" class="forminput">
<table width="100%">
<tr>
EOT;
$discovery .= "<th width=\"35%\">" . gettext("Day of week") . "</th><td colspan=\"2\" class=\"noborder\">";
$discovery .= "<select name=\"nthdayofweek\">";
$discovery .= "<option value=\"Su\" SELECTED >" . gettext("Select week day to run") . "</option>";
$discovery .= "<option value=\"Su\" {$day['Su']} >" . gettext("Sunday") . "</option>";
$discovery .= "<option value=\"Mo\" {$day['Mo']} >" . gettext("Monday") . "</option>";
$discovery .= "<option value=\"Tu\" {$day['Tu']} >" . gettext("Tuesday") . "</option>";
$discovery .= "<option value=\"We\" {$day['We']} >" . gettext("Wednesday") . "</option>";
$discovery .= "<option value=\"Th\" {$day['Th']} >" . gettext("Thursday") . "</option>";
$discovery .= "<option value=\"Fr\" {$day['Fr']} >" . gettext("Friday") . "</option>";
$discovery .= "<option value=\"Sa\" {$day['Sa']} >" . gettext("Saturday") . "</option>";
$discovery .= "</select>";
$discovery .= "</td>";
$discovery .= <<<EOT
</tr>
</table>
<br>
<table width="100%">
<tr>
EOT;
$discovery .= "<th align='right'>" . gettext("N<sup>th</sup> weekday") . "</th><td colspan='2' class='noborder'>";
$discovery .= "<select name='nthweekday'>";
$discovery .= "<option value='1'>" . gettext("Select nth weekday to run") . "</option>";
$discovery .= "<option value='1'" . ($dayofmonth == 1 ? " selected" : "") . ">" . gettext("First") . "</option>";
$discovery .= "<option value='2'" . ($dayofmonth == 2 ? " selected" : "") . ">" . gettext("Second") . "</option>";
$discovery .= "<option value='3'" . ($dayofmonth == 3 ? " selected" : "") . ">" . gettext("Third") . "</option>";
$discovery .= "<option value='4'" . ($dayofmonth == 4 ? " selected" : "") . ">" . gettext("Fourth") . "</option>";
$discovery .= "<option value='5'" . ($dayofmonth == 5 ? " selected" : "") . ">" . gettext("Fifth") . "</option>";
$discovery .= "<option value='6'" . ($dayofmonth == 6 ? " selected" : "") . ">" . gettext("Sixth") . "</option>";
$discovery .= "<option value='7'" . ($dayofmonth == 7 ? " selected" : "") . ">" . gettext("Seventh") . "</option>";
$discovery .= "<option value='8'" . ($dayofmonth == 8 ? " selected" : "") . ">" . gettext("Eighth") . "</option>";
$discovery .= "<option value='9'" . ($dayofmonth == 9 ? " selected" : "") . ">" . gettext("Ninth") . "</option>";
$discovery .= "<option value='10'" . ($dayofmonth == 10 ? " selected" : "") . ">" . gettext("Tenth") . "</option>";
$discovery .= <<<EOT
</select>
</td>
</tr>
</table>
</div>
EOT;
$discovery .= "<div id='idSched7' class='forminput' style=margin-bottom:3px;>";
$discovery .= "<table width='100%'>";
$discovery .= "<tr>";
$discovery .= "<th width='35%'>" . _("Frequency") . "</th>";
$discovery .= "<td width='100%' style='text-align:center;' class='nobborder'>";
$discovery .= "<span style='margin-right:5px;'>" . _("Every") . "</span>";
$discovery .= "<select name='time_interval'>";
for ($itime = 1; $itime <= 30; $itime++) {
$discovery .= "<option value='" . $itime . "'" . ($editdata['time_interval'] == $itime ? " selected" : "") . ">" . $itime . "</option>";
}
$discovery .= "</select>";
$discovery .= "<span id='days' style='margin-left:5px'>" . _("day(s)") . "</span><span id='weeks' style='margin-left:5px'>" . _("week(s)") . "</span>";
$discovery .= "</td>";
$discovery .= "</tr>";
$discovery .= "</table>";
$discovery .= "</div>";
$discovery .= <<<EOT
<div id="idSched2" class="forminput">
<table width="100%">
EOT;
$discovery .= "<tr>";
$discovery .= "<th rowspan='2' align='right' width='35%'>" . gettext("Time") . "</td>";
$discovery .= "<td align='right'>" . gettext("Hour") . "</td>";
$discovery .= <<<EOT
<td align="left" class="noborder"><select name="time_hour">
EOT;
for ($i = 0; $i <= 23; $i++) {
$discovery .= "<option value=\"{$i}\"";
if ($time_hour == $i && $time_hour_selected == "" || $time_hour_selected == $i) {
$discovery .= " selected";
}
$discovery .= ">{$i}</option>";
}
$discovery .= "</select></td><td align='right'>" . gettext("Minutes") . "</td>\n <td class='noborder' align='left'><select name='time_min'>";
for ($i = 0; $i < 60; $i = $i + 15) {
$discovery .= "<option value=\"{$i}\"";
if ($time_min == $i && $time_min_selected == "" || $time_min_selected == $i) {
$discovery .= " selected";
}
$discovery .= ">{$i}</option>";
}
$discovery .= <<<EOT
</select></td>
</tr>
</table>
</div>
</tr>
EOT;
$discovery .= "<tr>";
$discovery .= "\t\t<td class='madvanced'><a class='section'><img id='advanced_arrow' border='0' align='absmiddle' src='../pixmaps/arrow_green.gif'>" . _("ADVANCED") . "</a></td>";
$discovery .= "\t\t<td> </td>";
$discovery .= "</tr>";
if ($_SESSION["scanner"] == "omp") {
$credentials = Vulnerabilities::get_credentials($dbconn, 'ssh');
preg_match("/(.*)\\|(.*)/", $editdata["credentials"], $found);
$discovery .= "<tr class='advanced'>";
$discovery .= "<td class='job_option'>" . Util::strong(_("SSH Credential:")) . "</td>";
$discovery .= "<td style='text-align:left'><select id='ssh_credential' name='ssh_credential'>";
$discovery .= "<option value=''>--</option>";
foreach ($credentials as $cred) {
$login_text = $cred["login"];
if ($cred["login"] == '0') {
$login_text = _("All");
} elseif (valid_hex32($cred["login"])) {
$login_text = Session::get_entity_name($dbconn, $cred["login"]);
}
$selected = $found[1] == $cred["name"] . "#" . $cred["login"] || $cred["name"] . "#" . $cred["login"] == $ssh_credential ? " selected='selected'" : "";
$discovery .= "<option value='" . $cred["name"] . "#" . $cred["login"] . "' {$selected}>" . $cred["name"] . " (" . $login_text . ")</option>";
}
$discovery .= "</select></td>";
$discovery .= "</tr>";
$credentials = Vulnerabilities::get_credentials($dbconn, 'smb');
$discovery .= "<tr class='advanced'>";
$discovery .= "<td class='job_option'>" . Util::strong(_("SMB Credential:")) . "</td>";
$discovery .= "<td style='text-align:left'><select id='smb_credential' name='smb_credential'>";
$discovery .= "<option value=''>--</option>";
foreach ($credentials as $cred) {
$login_text = $cred["login"];
if ($cred["login"] == '0') {
$login_text = _("All");
} elseif (valid_hex32($cred["login"])) {
$login_text = Session::get_entity_name($dbconn, $cred["login"]);
}
$selected = $found[2] == $cred["name"] . "#" . $cred["login"] || $cred["name"] . "#" . $cred["login"] == $smb_credential ? " selected='selected'" : "";
$discovery .= "<option value='" . $cred["name"] . "#" . $cred["login"] . "' {$selected}>" . $cred["name"] . " (" . $login_text . ")</option>";
}
$discovery .= "</select></td>";
$discovery .= "</tr>";
}
$discovery .= "<tr class='job_option advanced'>";
$discovery .= "<td class='job_option'>" . Util::strong(_("Timeout:")) . "</td>";
$discovery .= "<td style=\"text-align:left;\" nowrap><input type='text' style='width:80px' name='timeout' value='" . ($timeout_selected == "" ? "{$timeout}" : "{$timeout_selected}") . "'>";
$discovery .= "<font color='black'> " . _("Max scan run time in seconds") . " </font></td>";
$discovery .= "</tr>";
$discovery .= "<tr class='advanced'><td class='job_option'>" . Util::strong(_("Send an email notification:"));
$discovery .= "</td>";
$discovery .= "<td style=\"text-align:left;\">";
$discovery .= "<input type=\"radio\" name=\"semail\" value=\"0\"" . (count($editdata) <= 1 && intval($semail) == 0 || intval($editdata['meth_Wfile']) == 0 ? " checked" : "") . "/>" . _("No");
$discovery .= "<input type=\"radio\" name=\"semail\" value=\"1\"" . (count($editdata) <= 1 && intval($semail) == 1 || intval($editdata['meth_Wfile']) == 1 ? " checked" : "") . "/>" . _("Yes");
$discovery .= "</td></tr>";
$discovery .= "<tr class='advanced'>\n\t\t\t\t\t\t<td class='job_option'>" . Util::strong(_("Scan job visible for:")) . "</td>\n\t\t\t\t\t\t<td style='text-align: left'>\n\t\t\t\t\t\t\t<table cellspacing='0' cellpadding='0' class='transparent' style='margin: 5px 0px;'>\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<td class='nobborder'><span style='margin-right:3px'>" . _('User:'******'nobborder'>\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t<select name='user' id='user' onchange=\"switch_user('user');return false;\">";
$num_users = 0;
foreach ($users as $k => $v) {
$login = $v->get_login();
$selected = $editdata["username"] == $login || $user_selected == $login ? "selected='selected'" : "";
$options .= "<option value='" . $login . "' {$selected}>{$login}</option>\n";
$num_users++;
}
if ($num_users == 0) {
$discovery .= "<option value='' style='text-align:center !important;'>- " . _("No users found") . " -</option>";
} else {
$discovery .= "<option value='' style='text-align:center !important;'>- " . _("Select one user") . " -</option>\n";
$discovery .= $options;
}
$discovery .= "\t\t\t\t\t\t</select>\n\t\t\t\t\t\t\t\t\t</td>";
if (!empty($entities_to_assign)) {
$discovery .= "\t \t\t\t<td style='text-align:center; border:none; !important'><span style='padding:5px;'>" . _("OR") . "<span></td>\n\t\t\t\t\t\t\t\t\t<td class='nobborder'><span style='margin-right:3px'>" . _("Entity:") . "</span></td>\n\t\t\t\t\t\t\t\t\t<td class='nobborder'>\t\n\t\t\t\t\t\t\t\t\t\t<select name='entity' id='entity' onchange=\"switch_user('entity');return false;\">\n\t\t\t\t\t\t\t\t\t\t\t<option value='' style='text-align:center !important;'>-" . _("Select one entity") . "-</option>";
foreach ($entities_to_assign as $k => $v) {
$selected = $editdata["username"] == $k || $entity_selected == $k ? "selected='selected'" : "";
$discovery .= "<option value='{$k}' {$selected}>{$v}</option>";
}
$discovery .= "\t\t\t\t\t</select>\n\t\t\t\t\t\t\t\t\t</td>";
}
$discovery .= " \t \t</tr>\n\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t</td>\n\t\t\t\t\t</tr>";
$discovery .= "<tr><td valign=\"top\" width=\"15%\" class=\"job_option noborder\"><br>";
// conditions to exclude IPs
$condition1 = count($editdata) <= 1 && intval($hosts_alive) == 1 ? TRUE : FALSE;
$condition2 = preg_match('/' . EXCLUDING_IP2 . '/', trim($editdata["meth_TARGET"]));
$condition3 = intval($editdata['meth_CRED']) == 1 ? TRUE : FALSE;
$condition4 = count($ip_exceptions_list) > 0 ? TRUE : FALSE;
$host_alive_check = $condition1 || $condition2 || $condition3 || $condition4 ? ' checked' : '';
$host_alive_status = $condition2 || $condition4 ? ' disabled=\\"disabled\\"' : '';
$discovery .= "<input onclick=\"toggle_scan_locally()\" type=\"checkbox\" id=\"hosts_alive\" name=\"hosts_alive\" value=\"1\"" . $host_alive_check . $host_alive_status . ">" . Util::strong(_("Only scan hosts that are alive")) . "<br>(" . Util::strong(_("greatly speeds up the scanning process")) . ")<br><br>";
$discovery .= "<input type=\"checkbox\" id=\"scan_locally\" name=\"scan_locally\" value=\"1\"" . ($pre_scan_locally_status == 0 ? " disabled=\"disabled\"" : "") . ($pre_scan_locally_status == 1 && (intval($editdata['authorized']) == 1 || intval($scan_locally) == 1) ? " checked" : "") . ">" . Util::strong(_("Pre-Scan locally")) . "<br>(" . Util::strong(_("do not pre-scan from scanning sensor")) . ")<br><br>";
$discovery .= "<input type=\"checkbox\" id=\"not_resolve\" name=\"not_resolve\" value=\"1\" " . ($editdata['resolve_names'] === "0" || $not_resolve == "1" ? "checked=\"checked\"" : "") . "/>" . Util::strong(_("Do not resolve names"));
$discovery .= <<<EOT
</td>
EOT;
$discovery .= ' <td class="noborder" valign="top">';
$discovery .= ' <table width="100%" class="transparent" cellspacing="0" cellpadding="0">';
$discovery .= ' <tr>';
$discovery .= ' <td class="nobborder" style="vertical-align: top;text-align:left;padding:10px 0px 0px 0px;">';
$discovery .= ' <table class="transparent" cellspacing="4">';
$discovery .= ' <tr>';
$discovery .= ' <td class="nobborder" style="text-align:left;"><input class="greyfont" type="text" id="searchBox" value="' . _("Type here to search assets (Hosts/Networks)") . '" /></td>';
$discovery .= ' </tr>';
$discovery .= ' <tr>';
$discovery .= ' <td class="nobborder"><select id="targets" name="targets[]" multiple="multiple">';
if (!empty($editdata["meth_TARGET"])) {
$ip_list = explode("\n", trim($editdata["meth_TARGET"]));
}
if (!empty($ip_list)) {
foreach ($ip_list as $asset) {
if (preg_match("/([a-f\\d]+)#(.*)/i", $asset, $found)) {
if (Asset_host::is_in_db($dbconn, $found[1])) {
$_asset_name = Asset_host::get_name_by_id($dbconn, $found[1]) . " (" . $found[2] . ")";
} else {
$_asset_name = Asset_net::get_name_by_id($dbconn, $found[1]) . " (" . $found[2] . ")";
}
$discovery .= '<option value="' . $asset . '">' . $_asset_name . '</option>';
} else {
$discovery .= '<option value="' . $asset . '">' . $asset . '</option>';
}
}
foreach ($ip_exceptions_list as $asset) {
$discovery .= '<option value="' . $asset . '">' . $asset . '</option>';
}
}
$discovery .= ' </select></td>';
$discovery .= ' </tr>';
$discovery .= ' <tr>';
$discovery .= ' <td class="nobborder" style="text-align:right"><input type="button" value=" [X] " id="delete_target" class="av_b_secondary small"/>';
$discovery .= ' <input type="button" style="margin-right:0px;"value="Delete all" id="delete_all" class="av_b_secondary small"/></td>';
$discovery .= ' </tr>';
$discovery .= ' </table>';
$discovery .= ' </td>';
$discovery .= ' <td class="nobborder" width="450px;" style="vertical-align: top;padding:0px 0px 0px 5px;">';
$discovery .= ' <div id="vtree" style="text-align:left;width:100%;"></div>';
$discovery .= ' </td>';
$discovery .= ' </tr>';
$discovery .= ' </table>';
$discovery .= ' </td>';
$discovery .= '</tr>';
$discovery .= '</table>';
$discovery .= '</tr></td></table>';
$discovery .= $show;
return $discovery;
}
<th><?php
echo _("Available for");
?>
</th>
<th><?php
echo _("Action");
?>
</th>
</tr>
<?php
foreach ($list as $item) {
if ($item["login"] == '0') {
$available_for = _("All");
} elseif (valid_hex32($item["login"])) {
$available_for = Session::get_entity_name($conn, $item["login"]);
} else {
$available_for = $item["login"];
}
$credential_id = md5(trim($item["login"]) . trim($item["name"]));
?>
<tr>
<td id="credential_name_<?php
echo $credential_id;
?>
"><?php
echo $item["name"];
?>
</td>
<td id="credential_type_<?php
echo $credential_id;
$total = 0;
}
$xml .= "<rows>\n";
$xml .= "<page>{$page}</page>\n";
$xml .= "<total>{$total}</total>\n";
foreach ($port_list as $port_group) {
$name = $port_group->get_name();
$id = $port_group->get_id();
$xml .= "<row id='" . $id . "'>";
$link_modify = "<a style='font-weight:bold;' href=\"./newportgroupform.php?id=" . $id . "\">" . Util::htmlentities($name) . "</a>";
$xml .= "<cell><![CDATA[" . $link_modify . "]]></cell>";
$ports = array();
foreach ($port_group->get_reference_ports($conn, $id) as $port) {
$ports[] = $port->get_port_number() . "-" . $port->get_protocol_name();
}
$ports = Port_group::group_ports($ports);
$xml .= "<cell><![CDATA[" . implode(', ', $ports) . "]]></cell>";
if (Session::show_entities()) {
$e_name = Util::htmlentities(Session::get_entity_name($conn, $port_group->get_ctx()));
$xml .= "<cell><![CDATA[" . $e_name . "]]></cell>";
}
$desc = $port_group->get_descr();
if ($desc == "") {
$desc = " ";
}
$xml .= "<cell><![CDATA[" . Util::utf8_encode2($desc) . "]]></cell>";
$xml .= "</row>\n";
}
$xml .= "</rows>\n";
echo $xml;
$db->close();
