/* functions */ require dirname(__FILE__) . '/../../../functions/functions.php'; # initialize user object $Database = new Database_PDO(); $User = new User($Database); $Admin = new Admin($Database, false); $Sections = new Sections($Database); $Subnets = new Subnets($Database); $Tools = new Tools($Database); $Result = new Result(); # verify that user is logged in $User->check_user_session(); # create csrf token $csrf = $User->csrf_cookie("create", "folder"); # strip tags - XSS $_POST = $User->strip_input_tags($_POST); # validate action $Admin->validate_action($_POST['action'], true); # ID must be numeric if ($_POST['action'] != "add") { if (!is_numeric($_POST['subnetId'])) { $Result->show("danger", _("Invalid ID"), true, true); } } # verify that user has permissions to add subnet if ($_POST['action'] == "add") { if ($Sections->check_permission($User->user, $_POST['sectionId']) != 3) { $Result->show("danger", _('You do not have permissions to add new subnet in this section') . "!", true, true); } } else { if ($Subnets->check_permission($User->user, $_POST['subnetId']) != 3) {
/** * * Script to verify userentered input and verify it against database * * If successfull write values to session and go to main page! * */ /* functions */ require dirname(__FILE__) . '/../../functions/functions.php'; # initialize user object $Database = new Database_PDO(); $User = new User($Database); $Result = new Result(); $Log = new Logging($Database); # strip input tags form username only - password stip later because od LDAP $_POST['ipamusername'] = $User->strip_input_tags($_POST['ipamusername']); # Authenticate if (!empty($_POST['ipamusername']) && !empty($_POST['ipampassword'])) { # initialize array $ipampassword = array(); # check failed table $cnt = $User->block_check_ip(); # check for failed logins and captcha if ($User->blocklimit > $cnt) { // all good } elseif (!isset($_POST['captcha'])) { $Log->write("Login IP blocked", "Login from IP address {$_SERVER['REMOTE_ADDR']} was blocked because of 5 minute block after 5 failed attempts", 1); $Result->show("danger", _('You have been blocked for 5 minutes due to authentication failures'), true); } else { # check captcha if (strtolower($_POST['captcha']) != strtolower($_SESSION['securimage_code_value'])) {