* Script to confirm / reject IP address request
***********************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database, false);
$Addresses = new Addresses($Database);
$Subnets = new Subnets($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# fetch request
$request = $Admin->fetch_object("requests", "id", $_POST['requestId']);
//fail
if ($request === false) {
$Result->show("danger", _("Request does not exist"), true, true);
} else {
$request = (array) $request;
}
# verify permissions
if ($Subnets->check_permission($User->user, $request['subnetId']) != 3) {
$Result->show("danger", _('You do not have permissions to process this request') . "!", true, true);
}
# set IP address
# if provided (requested from logged in user) check if already in use, if it is warn and set next free
# else get next free
if (strlen($request['ip_addr']) > 0) {
// check if it exists
*************************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# fetch group and set title
if ($_POST['action'] == "add") {
$title = _('Add new group');
} else {
//fetch all group details
$group = (array) $Admin->fetch_object("userGroups", "g_id", $_POST['id']);
//false die
$group !== false ?: $Result->show("danger", _("Invalid ID"), true, true);
$title = ucwords($_POST['action']) . ' ' . _('group') . ' ' . $group['g_name'];
}
?>
<!-- header -->
<div class="pHeader"><?php
print $title;
?>
</div>
<!-- content -->
<div class="pContent">
/**
* Gets id of active user
*
* @access private
* @return void
*/
private function get_active_user_id()
{
# cache
if ($this->user_id === null) {
# null
$user_id = null;
if (!isset($_SESSION['ipamusername'])) {
// when API calls subnet_create we get:
// Error: SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'cuser' cannot be null
// so let's get a user_id
if (array_key_exists("HTTP_PHPIPAM_TOKEN", $_SERVER)) {
$admin = new Admin($this->Database, False);
$token = $admin->fetch_object("users", "token", $_SERVER['HTTP_PHPIPAM_TOKEN']);
if ($token === False) {
$this->user_id = null;
} else {
$user_id = $token;
}
} else {
$this->user_id = null;
}
} else {
try {
$user_id = $this->Database->getObjectQuery("select * from `users` where `username` = ? limit 1", array($_SESSION['ipamusername']));
} catch (Exception $e) {
$this->Result->show("danger", _("Database error: ") . $e->getMessage());
}
}
# save id
$this->user_id = $user_id->id;
# save user
$this->user = $user_id;
}
}
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
// checks
if (!is_numeric($_POST['newDomainId'])) {
$Result->show("danger", _("Invalid ID"), true);
}
if (!is_numeric($_POST['vlanId'])) {
$Result->show("danger", _("Invalid ID"), true);
}
// verify that new exists
$vlan_domain = $Admin->fetch_object("vlanDomains", "id", $_POST['newDomainId']);
if ($vlan_domain === false) {
$Result->show("danger", _("Invalid ID"), true);
}
//fetch vlan
$vlan = $Admin->fetch_object("vlans", "vlanId", $_POST['vlanId']);
if ($vlan === false) {
$Result->show("danger", _("Invalid ID"), true);
}
// check that it is not already set !
if ($User->settings->vlanDuplicate == 0) {
$check_vlan = $Admin->fetch_multiple_objects("vlans", "domainId", $vlan_domain->id, "vlanId");
if ($check_vlan !== false) {
foreach ($check_vlan as $v) {
if ($v->number == $vlan->number) {
$Result->show("danger", _("VLAN already exists"), true);
<?php
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# if edit check if protected?
if ($_POST['action'] != "add") {
$auth_method = $Admin->fetch_object("usersAuthMethod", "id", $_POST['id']);
if ($auth_method->protected == "Yes") {
$Result->show("danger", _("Method cannot be change as it is protected"), true, true);
}
}
# route to proper auth method editing
if (!file_exists(dirname(__FILE__) . "/edit-{$_POST['type']}.php")) {
$Result->show("danger", _("Invalid method type"), true, true);
} else {
include "edit-{$_POST['type']}.php";
}
*************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
/* checks */
$error = array();
# for edit check old details
if ($_POST['action'] == "edit" || $_POST['action'] == "delete") {
# old
$agent_old = $Admin->fetch_object("scanAgents", "id", $_POST['id']);
// invalid id
if ($agent_old === false) {
$error[] = "Invalid agent Id";
}
// remove type and code if direct
if (@$agent_old->type == "direct") {
unset($_POST['type'], $_POST['code']);
}
}
# die if direct and delete
if (@$agent_old->type == "direct" && $_POST['action'] == "delete") {
$Result->show("danger", _("Cannot remove localhost scan agent"), true);
}
# checks for edit / add
if ($_POST['action'] != "delete") {
/**
* remove item from nat
************************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# get NAT object
$nat = $Admin->fetch_object("nat", "id", $_POST['id']);
$nat !== false ?: $Result->show("danger", _("Invalid ID"), true);
# static NAT checks
if ($nat->type == "static") {
// static NAT can only have IP address
if ($_POST['object_type'] != "ipaddresses") {
$Result->show("danger", _("Static NAT can only contain IP address"), true);
}
// decode
$nat_src = json_decode($nat->src, true);
$nat_dst = json_decode($nat->dst, true);
// validate all objects
if (sizeof(@$nat_src['ipaddresses']) > 0) {
foreach ($nat_src['ipaddresses'] as $ik => $iv) {
if ($Tools->fetch_object("ipaddresses", "id", $iv) === false) {
unset($nat_src['ipaddresses'][$ik]);
/**
* Mail settings
**************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
require dirname(__FILE__) . '/../../../functions/classes/class.Mail.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# fetch mailer settings
$mail_settings = $Admin->fetch_object("settingsMail", "id", 1);
# initialize mailer
$phpipam_mail = new phpipam_mail($User->settings, $mail_settings);
//override settings
$phpipam_mail->override_settings($_POST);
//create object
$phpipam_mail->initialize_mailer();
# set content
$content = $phpipam_mail->generate_message("phpIPAM test HTML message");
$content_plain = "phpIPAM test text message";
# try to send
try {
$phpipam_mail->Php_mailer->setFrom($_POST['mAdminMail'], $_POST['mAdminName']);
$phpipam_mail->Php_mailer->addAddress($User->settings->siteAdminMail, $User->settings->siteAdminName);
$phpipam_mail->Php_mailer->Subject = 'phpIPAM localhost mail test';
$phpipam_mail->Php_mailer->msgHTML($content);
# verify that user is logged in
$User->check_user_session();
# validate csrf cookie
$_POST['csrf_cookie'] == $_SESSION['csrf_cookie'] ?: $Result->show("danger", _("Invalid CSRF cookie"), true);
# remove users from this group if delete and remove group from sections
if ($_POST['action'] == "delete") {
$Admin->remove_group_from_users($_POST['g_id']);
$Admin->remove_group_from_sections($_POST['g_id']);
} else {
if (strlen($_POST['g_name']) < 2) {
$Result->show("danger", _('Name must be at least 2 characters long') . "!", true);
}
}
# unique name
if ($_POST['action'] == "add") {
if ($Admin->fetch_object("userGroups", "g_name", $_POST['g_name']) !== false) {
$Result->show("danger", _('Group already exists') . "!", true);
}
}
# create array of values for modification
$values = array("g_id" => @$_POST['g_id'], "g_name" => $_POST['g_name'], "g_desc" => @$_POST['g_desc']);
/* try to execute */
if (!$Admin->object_modify("userGroups", $_POST['action'], "g_id", $values)) {
$Result->show("danger", _("Group {$_POST['action']} error") . "!", false);
} else {
$Result->show("success", _("Group {$_POST['action']} success") . "!", false);
}
# from list of usernames provided from AD result if some user matches add him to group
if (strlen($_POST['gmembers']) > 0) {
// save id
$gid = $Admin->lastId;
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Sections = new Sections($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "vrf");
# get VRF
if ($_POST['action'] != "add") {
$vrf = $Admin->fetch_object("vrf", "vrfId", $_POST['vrfId']);
$vrf !== false ?: $Result->show("danger", _("Invalid ID"), true, true);
$vrf = (array) $vrf;
}
# disable edit on delete
$readonly = $_POST['action'] == "delete" ? "readonly" : "";
# fetch custom fields
$custom = $Tools->fetch_custom_fields('vrf');
?>
<!-- header -->
<div class="pHeader"><?php
print ucwords(_("{$_POST['action']}"));
?>
<?php
if ($_POST['validity'] < date("Y-m-d H:i:s")) {
$Result->show("danger", _("Invalid date"), true);
}
if ($_POST['validity'] > date("Y-m-d H:i:s", strtotime("+ 7 days"))) {
$Result->show("danger", _("1 week is max validity time"), true);
}
# verify each recipient
if (strlen($_POST['email']) > 0) {
foreach (explode(",", $_POST['email']) as $rec) {
if (!filter_var(trim($rec), FILTER_VALIDATE_EMAIL)) {
$Result->show("danger", _("Invalid email address") . " - " . $rec, true);
}
}
}
# fetch object
$object = $Admin->fetch_object($_POST['type'], "id", $_POST['id']);
if ($_POST['type'] == "subnets") {
$tmp[] = "Share type: subnet";
$tmp[] = "\t" . $Subnets->transform_to_dotted($object->subnet) . "/{$object->mask}";
$tmp[] = "\t" . $object->description;
} else {
$tmp[] = "Share type: IP address";
$tmp[] = "\t" . $Subnets->transform_to_dotted($object->ip_addr);
$tmp[] = "\t" . $object->description;
}
# set new access
$new_access[$_POST['code']] = array("id" => $_POST['id'], "type" => $_POST['type'], "code" => $_POST['code'], "validity" => strtotime($_POST['validity']), "userId" => $User->user->id);
# create array of values for modification
$old_access = json_decode($User->settings->tempAccess, true);
if (!is_array($old_access)) {
$old_access = array();
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "widget");
# strip tags - XSS
$_POST = $User->strip_input_tags($_POST);
# validate action
$Admin->validate_action($_POST['action'], true);
# fetch widget
if ($_POST['action'] != "add") {
$w = $Admin->fetch_object("widgets", "wid", $_POST['wid']);
$w !== false ?: $Result->show("danger", _("Invalid ID"), true, true);
$w = (array) $w;
}
?>
<!-- header -->
<div class="pHeader"><?php
print ucwords($_POST['action']) . " widget";
?>
</div>
<!-- content -->
<div class="pContent">
<form id="widgetEdit" name="widgetEdit">
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# strip input tags
$_POST = $Admin->strip_input_tags($_POST);
# validate csrf cookie
$User->csrf_cookie("validate", "location", $_POST['csrf_cookie']) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : "";
# validations
if ($_POST['action'] == "delete" || $_POST['action'] == "edit") {
if ($Admin->fetch_object('locations', "id", $_POST['id']) === false) {
$Result->show("danger", _("Invalid Location object identifier"), false);
}
}
if ($_POST['action'] == "add" || $_POST['action'] == "edit") {
// name
if (strlen($_POST['name']) < 3) {
$Result->show("danger", _("Name must have at least 3 characters"), true);
}
// lat, long
if ($_POST['action'] !== "delete") {
// lat
if (strlen($_POST['lat']) > 0) {
if (!preg_match('/^(\\-?\\d+(\\.\\d+)?).\\s*(\\-?\\d+(\\.\\d+)?)$/', $_POST['lat'])) {
$Result->show("danger", _("Invalid Latitude"), true);
}
# id must be numeric
if (!is_numeric($_POST['gid'])) {
$Result->show("danger", _("Invalid ID"), true);
}
# parse result
foreach ($_POST as $k => $p) {
if (substr($k, 0, 4) == "user") {
$users[substr($k, 4)] = substr($k, 4);
}
}
# remove each user from group
if (sizeof($users) > 0) {
foreach ($users as $key => $u) {
if (!$Admin->remove_group_from_user($_POST['gid'], $u)) {
# get user details
$user = $Admin->fetch_object("users", "id", $u);
$errors[] = $user->real_name;
}
}
} else {
$errors[] = _("Please select user(s) to remove from group!");
}
# print result
if (isset($errors)) {
print "<div class='alert alert alert-danger'>";
print _("Failed to remove users") . ":<hr>";
print "<ul>";
foreach ($errors as $e) {
print "<li>{$e}</li>";
}
print "</ul>";
* Print all available nameserver sets and configurations
************************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Sections = new Sections($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# get Nameserver sets
if ($_POST['action'] != "add") {
$nameservers = $Admin->fetch_object("nameservers", "id", $_POST['nameserverId']);
$nameservers !== false ?: $Result->show("danger", _("Invalid ID"), true, true);
$nameservers = (array) $nameservers;
}
# disable edit on delete
$readonly = $_POST['action'] == "delete" ? "readonly" : "";
?>
<!-- header -->
<div class="pHeader"><?php
print ucwords(_("{$_POST['action']}"));
?>
<?php
print _('Nameserver set');
?>
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# strip input tags
$_POST = $Admin->strip_input_tags($_POST);
# validations
if ($_POST['object_type'] !== "subnets" && $_POST['object_type'] !== "ipaddresses") {
$Result->show("danger", _("Invalid type"), true, true);
}
$nat = $Admin->fetch_object("nat", "id", $_POST['id']);
if ($nat === false) {
$Result->show("danger", _("Invalid Id"), true, true);
}
$object = $Admin->fetch_object($_POST['object_type'], "id", $_POST['object_id']);
if ($object === false) {
$Result->show("danger", _("Invalid object Id"), true, true);
}
$n = $nat;
// translate json to array, links etc
$sources = $Tools->translate_nat_objects_for_display($n->src, NULL, NULL, "subnets", $subnet['id']);
$destinations = $Tools->translate_nat_objects_for_display($n->dst, NULL, NULL, "subnets", $subnet['id']);
// no src/dst
if ($sources === false) {
$sources = array("<span class='badge badge1 badge5 alert-danger'>" . _("None") . "</span>");
}
$csrf = $User->csrf_cookie("create", "user");
# strip tags - XSS
$_POST = $User->strip_input_tags($_POST);
# validate action
$Admin->validate_action($_POST['action'], true);
# fetch custom fields
$custom = $Tools->fetch_custom_fields('users');
# fetch all languages
$langs = $Admin->fetch_all_objects("lang", "l_id");
# fetch all auth types
$auth_types = $Admin->fetch_all_objects("usersAuthMethod", "id");
# fetch all groups
$groups = $Admin->fetch_all_objects("userGroups", "g_id");
# set header parameters and fetch user
if ($_POST['action'] != "add") {
$user = $Admin->fetch_object("users", "id", $_POST['id']);
//false
if ($user === false) {
$Result->show("danger", _("Invalid ID"), true, true);
} else {
$user = (array) $user;
}
} else {
$user = array();
//set default lang
$user['lang'] = $User->settings->defaultLang;
}
?>
<script type="text/javascript">
$(document).ready(function(){
$worksheet_sections->write($lineCount, $rowCount, _('Parent'), $format_header);
$rowCount++;
$lineCount++;
$rowCount = 0;
foreach ($sections_sorted as $section) {
//cast
$section = (array) $section;
if (isset($_GET['exportSection__' . str_replace(" ", "_", $section['name'])]) && $_GET['exportSection__' . str_replace(" ", "_", $section['name'])] == "on") {
$worksheet_sections->write($lineCount, $rowCount, $section['name'], $format_text);
$rowCount++;
$worksheet_sections->write($lineCount, $rowCount, $section['description'], $format_text);
$rowCount++;
//master Section
if ($section['masterSection'] != 0) {
# get section details
$ssec = $Admin->fetch_object("sections", "id", $section['masterSection']);
$worksheet_sections->write($lineCount, $rowCount, $ssec->name, $format_text);
$rowCount++;
} else {
$worksheet_sections->write($lineCount, $rowCount, "/", $format_text);
$rowCount++;
}
}
$lineCount++;
$rowCount = 0;
}
}
// sending HTTP headers
$workbook->send($filename);
// Let's send the file
$workbook->close();
/**
* Script to display usermod result
*************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
require dirname(__FILE__) . "/../../../functions/adLDAP/src/adLDAP.php";
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# fetch server
$server = $Admin->fetch_object("usersAuthMethod", "id", $_POST['server']);
$server !== false ?: $Result->show("danger", _("Invalid server ID"), true);
//parse parameters
$params = json_decode($server->params);
//no login parameters
if (strlen(@$params->adminUsername) == 0 || strlen(@$params->adminPassword) == 0) {
$Result->show("danger", _("Missing credentials"), true);
}
//at least 2 chars
if (strlen($_POST['dfilter']) < 2) {
$Result->show("danger", _('Please enter at least 2 characters'), true);
}
//open connection
try {
if ($server->type == "NetIQ") {
$params->account_suffix = "";
$User->csrf_cookie("validate", "requests", $_POST['csrf_cookie']) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : "";
# verify permissions
if ($Subnets->check_permission($User->user, $_POST['subnetId']) != 3) {
$Result->show("danger", _('You do not have permissions to process this request') . "!", true);
}
# fetch custom fields
$custom = $Tools->fetch_custom_fields('ipaddresses');
if (sizeof($custom) > 0) {
foreach ($custom as $myField) {
if (isset($_POST[$myField['name']])) {
$_POST[$myField['name']] = $_POST[$myField['name']];
}
}
}
# fetch subnet
$subnet = (array) $Admin->fetch_object("subnets", "id", $_POST['subnetId']);
/* if action is reject set processed and accepted to 1 and 0 */
if ($_POST['action'] == "reject") {
//set reject values
$values = array("id" => $_POST['requestId'], "processed" => 1, "accepted" => 0, "adminComment" => @$_POST['adminComment']);
if (!$Admin->object_modify("requests", "edit", "id", $values)) {
$Result->show("danger", _("Failed to reject IP request"), true);
} else {
$Result->show("success", _("Request has beed rejected"), false);
}
# send mail
$Tools->ip_request_send_mail("reject", $_POST);
} else {
// fetch subnet
$subnet_temp = $Addresses->transform_to_dotted($subnet['subnet']) . "/" . $subnet['mask'];
//verify IP and subnet
/**
* Script to print add / edit / delete group
*************************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# get lang details
if ($_POST['action'] == "edit" || $_POST['action'] == "delete") {
$lang = (array) $Admin->fetch_object("lang", "l_id", $_POST['langid']);
}
# set title
if ($_POST['action'] == "edit") {
$title = 'Edit language';
} elseif ($_POST['action'] == "delete") {
$title = 'Delete language';
} else {
$title = 'Add new language';
}
?>
<!-- header -->
<div class="pHeader"><?php
print _($title);
?>
<?php
/**
* Post-installation submit
*/
# functions
require dirname(__FILE__) . '/../../functions/functions.php';
# objects
$Database = new Database_PDO();
$Admin = new Admin($Database, false);
$Install = new Install($Database);
$User = new User($Database);
$Result = new Result();
# only permit if Admin user has default pass !!!
$admin = $Admin->fetch_object("users", "username", "Admin");
if ($admin->password != '$6$rounds=3000$JQEE6dL9NpvjeFs4$RK5X3oa28.Uzt/h5VAfdrsvlVe.7HgQUYKMXTJUsud8dmWfPzZQPbRbk8xJn1Kyyt4.dWm4nJIYhAV2mbOZ3g.') {
$Result->show("danger", "Not allowed!", true);
} else {
# check lenghts
if (strlen($_POST['password1']) < 8) {
$Result->show("danger", _("Password must be at least 8 characters long!"), true);
}
if (strlen($_POST['password2']) < 8) {
$Result->show("danger", _("Password must be at least 8 characters long!"), true);
}
# check password match
if ($_POST['password1'] != $_POST['password2']) {
$Result->show("danger", _("Passwords do not match"), true);
}
# Crypt password
$_POST['password1'] = $User->crypt_user_pass($_POST['password1']);
# update scan time
$Scan->ping_update_scanagent_checktime(1, $nowdate);
# send mail
if ($discovered > 0 && $send_mail) {
# check for recipients
foreach ($Admin->fetch_multiple_objects("users", "role", "Administrator") as $admin) {
if ($admin->mailNotify == "Yes") {
$recepients[] = array("name" => $admin->real_name, "email" => $admin->email);
}
}
# none?
if (!isset($recepients)) {
die;
}
# fetch mailer settings
$mail_settings = $Admin->fetch_object("settingsMail", "id", 1);
# fake user object, needed for create_link
$User = new StdClass();
@($User->settings->prettyLinks = $Scan->settings->prettyLinks);
# initialize mailer
$phpipam_mail = new phpipam_mail($Scan->settings, $mail_settings);
$phpipam_mail->initialize_mailer();
// set subject
$subject = "phpIPAM new addresses detected " . date("Y-m-d H:i:s");
//html
$content[] = "<h3>phpIPAM found {$discovered} new hosts</h3>";
$content[] = "<table style='margin-left:10px;margin-top:5px;width:auto;padding:0px;border-collapse:collapse;border:1px solid gray;'>";
$content[] = "<tr>";
$content[] = "\t<th style='padding:3px 8px;border:1px solid silver;border-bottom:2px solid gray;'>IP</th>";
$content[] = "\t<th style='padding:3px 8px;border:1px solid silver;border-bottom:2px solid gray;'>Subnet</th>";
$content[] = "\t<th style='padding:3px 8px;border:1px solid silver;border-bottom:2px solid gray;'>Section</th>";
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->create_csrf_cookie();
# ID must be numeric
if ($_POST['action'] != "add" && !is_numeric($_POST['tid'])) {
$Result->show("danger", _("Invalid ID"), true, true);
}
# set delete flag
$readonly = $_POST['action'] == "delete" ? "readonly" : "";
# fetch device type details
if ($_POST['action'] == "edit" || $_POST['action'] == "delete") {
$device = $Admin->fetch_object("deviceTypes", "tid", $_POST['tid']);
# fail if false
$device === false ? $Result->show("danger", _("Invalid ID"), true) : null;
}
?>
<!-- header -->
<div class="pHeader"><?php
print ucwords(_("{$_POST['action']}"));
?>
<?php
print _('device type');
?>
</div>
/**
* Script to replace fields in IP address list
***********************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
//verify post
if (empty($_POST['search'])) {
$Result->show("danger", _('Please enter something in search field') . '!', true);
}
//if device verify that it exists
if ($_POST['field'] == "switch") {
if (!($device1 = $Admin->fetch_object("devices", "hostname", $_POST['search']))) {
$Result->show("danger alert-absolute", _('Switch') . ' "<i>' . $_POST['search'] . '</i>" ' . _('does not exist, first create switch under admin menu') . '!', true);
}
if (!($device2 = $Admin->fetch_object("devices", "hostname", $_POST['replace']))) {
$Result->show("danger alert-absolute", _('Switch') . ' "<i>' . $_POST['search'] . '</i>" ' . _('does not exist, first create switch under admin menu') . '!', true);
}
//replace posts
$_POST['search'] = $device1->id;
$_POST['replace'] = $device2->id;
}
# update
$Admin->replace_fields($_POST['field'], $_POST['search'], $_POST['replace']);
$Tools = new Tools($Database);
$Racks = new phpipam_rack($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "rack");
# fetch custom fields
$custom = $Tools->fetch_custom_fields('racks');
# ID must be numeric
if ($_POST['action'] != "add" && !is_numeric($_POST['rackid'])) {
$Result->show("danger", _("Invalid ID"), true, true);
}
# fetch device details
if ($_POST['action'] == "edit" || $_POST['action'] == "delete") {
$rack = $Admin->fetch_object("racks", "id", $_POST['rackid']);
} else {
$rack = new StdClass();
$rack->size = 42;
}
# all locations
if ($User->settings->enableLocations == "1") {
$locations = $Tools->fetch_all_objects("locations");
}
# set readonly flag
$readonly = $_POST['action'] == "delete" ? "readonly" : "";
?>
<script type="text/javascript">
$(document).ready(function(){
if ($("[rel=tooltip]").length) { $("[rel=tooltip]").tooltip(); }
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "location");
# validate action
$Admin->validate_action($_POST['action'], true);
# get Location object
if ($_POST['action'] != "add") {
$location = $Admin->fetch_object("locations", "id", $_POST['id']);
$location !== false ?: $Result->show("danger", _("Invalid ID"), true, true);
}
# disable edit on delete
$readonly = $_POST['action'] == "delete" ? "readonly" : "";
$link = $readonly ? false : true;
# fetch custom fields
$custom = $Tools->fetch_custom_fields('locations');
?>
<!-- header -->
<div class="pHeader"><?php
print ucwords(_("{$_POST['action']}"));
?>
<?php
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# fetch custom fields
$custom = $Tools->fetch_custom_fields('devices');
# ID must be numeric
if ($_POST['action'] != "add" && !is_numeric($_POST['switchId'])) {
$Result->show("danger", _("Invalid ID"), true, true);
}
# fetch device details
if ($_POST['action'] == "edit" || $_POST['action'] == "delete") {
$device = (array) $Admin->fetch_object("devices", "id", $_POST['switchId']);
}
# set readonly flag
$readonly = $_POST['action'] == "delete" ? "readonly" : "";
?>
<script type="text/javascript">
$(document).ready(function(){
if ($("[rel=tooltip]").length) { $("[rel=tooltip]").tooltip(); }
});
</script>
<!-- header -->
<div class="pHeader"><?php
print ucwords(_("{$_POST['action']}"));
* Edit tag
*************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# validate csrf cookie
$_POST['csrf_cookie'] == $_SESSION['csrf_cookie'] ?: $Result->show("danger", _("Invalid CSRF cookie"), true);
# fetch old values
if ($_POST['action'] == "delete") {
$old_tag = $Admin->fetch_object("ipTags", "id", $_POST['id']);
} else {
$old_tag = new StdClass();
}
/* checks */
if ($_POST['action'] == "delete" && $old_tag->locked != "No") {
$Result->show("danger", _("Cannot delete locked tag"), true);
}
if ($_POST['action'] != "delete") {
if (strlen($_POST['type']) < 3) {
$Result->show("danger", _("Invalid tag name"), true);
}
if (strlen($_POST['bgcolor']) < 4) {
$Result->show("danger", _("Invalid bg color"), true);
}
if (strlen($_POST['fgcolor']) < 4) {
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "apiedit");
# validate action
$Admin->validate_action($_POST['action'], true);
# ID must be numeric
if ($_POST['action'] != "add" && !is_numeric($_POST['appid'])) {
$Result->show("danger", _("Invalid ID"), true, true);
}
# fetch api for edit / add
if ($_POST['action'] != "add") {
# fetch api details
$api = $Admin->fetch_object("api", "id", $_POST['appid']);
# null ?
$api === false ? $Result->show("danger", _("Invalid ID"), true) : null;
# title
$title = ucwords($_POST['action']) . ' ' . _('api') . ' ' . $api->app_id;
} else {
# generate new code
$api = new StdClass();
$api->app_code = str_shuffle(md5(microtime()));
# title
$title = _('Add new api key');
}
?>
<!-- header -->
