function select_profile() { global $sid, $username, $dbconn, $version, $nessus_path; $used_sids = array(); if (preg_match("/omp\\s*\$/i", $nessus_path)) { $omp = new OMP(); $used_sids = $omp->get_used_sids(); } $entities_nt = array(); $query = "SELECT ae.id as eid, ae.name as ename, aet.name as etype FROM acl_entities AS ae, acl_entities_types AS aet WHERE ae.type = aet.id"; $result_entities = $dbconn->Execute($query); while (!$result_entities->EOF) { $entities_nt[$result_entities->fields['eid']] = $result_entities->fields['ename'] . " [" . $result_entities->fields['etype'] . "]"; $result_entities->MoveNext(); } $query = ""; $normal_user_pro = false; if ($username == "admin") { $query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n WHERE deleted != '1' ORDER BY name"; } else { if (preg_match("/pro|demo/i", $version)) { if (Acl::am_i_proadmin()) { $pro_users = array(); $entities_list = array(); //list($entities_admin,$num) = Acl::get_entities_admin($dbconn,Session::get_session_user()); //$entities_list = array_keys($entities_admin); $entities_list = Acl::get_user_entities($current_user); $users = Acl::get_my_users($dbconn, Session::get_session_user()); foreach ($users as $us) { $pro_users[] = $us["login"]; } $query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n WHERE deleted != '1' and (name='Default' or owner in ('0','" . implode("', '", array_merge($entities_list, $pro_users)) . "')) ORDER BY name"; } else { $tmp = array(); $entities = Acl::get_user_entities($username); foreach ($entities as $entity) { $tmp[] = "'" . $entity . "'"; } if (count($tmp) > 0) { $user_where = "owner in ('0','{$username}'," . implode(", ", $tmp) . ")"; } else { $user_where = "owner in ('0','{$username}')"; } $query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n WHERE deleted != '1' and (name='Default' or {$user_where}) ORDER BY name"; $normal_user_pro = true; } } else { $query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n WHERE deleted != '1' and (name='Default' or owner in ('0','{$username}')) ORDER BY name"; } } //var_dump($query); $result = $dbconn->execute($query); //echo $query; echo "<CENTER>"; echo "<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"800\"><tr><td class=\"headerpr\" style=\"border:0;\">" . _("Vulnerability Scan Profiles") . "</td></tr></table>"; echo "<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"800\"><tr><td class=\"noborder\">"; echo "<p>"; echo _("Please select a profile to edit") . ":"; echo "</p>"; echo "<table align='center'>"; echo "<tr>"; if ($username == "admin" || Session::am_i_admin()) { echo "<th>" . _("Available for") . "</th>"; } echo " <th>" . _("Profile") . "</th>"; echo " <th>" . _("Description") . "</th>"; echo " <th>" . _("Action") . "</th>"; echo "</tr>"; while (!$result->EOF) { //<td>$sowner</td> //<td>$stype</td> list($sid, $sname, $sdescription, $sowner, $stype) = $result->fields; echo "<tr>"; if ($username == "admin" || Session::am_i_admin()) { if ($sowner == "0") { echo "<td>" . _("All") . "</td>"; } elseif (is_numeric($sowner)) { echo "<td style='padding:0px 2px 0px 2px;'>" . $entities_nt[$sowner] . "</td>"; } else { echo "<td>" . html_entity_decode($sowner) . "</td>"; } } echo "<td>" . html_entity_decode($sname) . "</td>"; echo "<td>" . html_entity_decode($sdescription) . "</td>"; echo "<td>"; //var_dump($normal_user_pro); //var_dump($sowner); //var_dump($username); //var_dump($used_sids); if ($normal_user_pro && $sowner != $username && $sname != "Default") { echo " "; } elseif ($username == "admin" || Session::am_i_admin()) { if (!in_array($sid, $used_sids)) { echo "<a href=\"settings.php?disp=edit&&sid={$sid}\"><img src=\"images/pencil.png\"></a>"; echo "<a href=\"settings.php?disp=edit&op=delete&sid={$sid}\" onclick=\"return confirmDelete();\"><img src=\"images/delete.gif\"></a>"; } else { echo "<img src=\"images/pencil.png\" title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\">"; echo "<img src=\"images/delete.gif\" title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\">"; } } elseif ($sname == "Default") { echo "[" . _("edit by admin") . "]"; } elseif ($sname != "Default") { if (!in_array($sid, $used_sids)) { echo "<a href=\"settings.php?disp=edit&&sid={$sid}\"><img src=\"images/pencil.png\"></a>"; echo "<a href=\"settings.php?disp=edit&op=delete&sid={$sid}\" onclick=\"return confirmDelete();\"><img src=\"images/delete.gif\"></a>"; } else { echo "<img title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\" src=\"images/pencil.png\">"; echo "<img title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\" src=\"images/delete.gif\">"; } } echo "</td>"; echo "</tr>"; $result->MoveNext(); } echo "</table>"; echo "<center>"; echo "<p>"; echo "<form>"; echo "<input type=button onclick=\"document.location.href='settings.php?disp=new'\" value=\"" . _("Create New Profile") . "\" class=\"button\"> "; if ($username == "admin" || Session::am_i_admin()) { echo "<input type=button onclick=\"document.location.href='defaults.php'\" value=\"" . _("Edit default profile") . "\" class=\"button\">"; } echo "</form>"; echo "</p>"; echo "</center>"; echo "<br><br>"; echo "</td></tr></table></center>"; // end else }