$user_group = $_POST['user_group'];
$user_department = $_POST['user_department'];
$user_contact = $_POST['user_contact'];
$user_address = $_POST['user_address'];
$user_phone = $_POST['user_phone'];
$user_email = $_POST['user_email'];
$user_pw_list = $_POST['user_pw_list'];
$user_pw_1 = $_POST['user_pw_1'];
$user_pw_2 = $_POST['user_pw_2'];
$GenRandomPw = $_POST['GenRandomPw'];
// check for our form type
if (!empty($_POST['AddUser']) || !empty($_POST['EditUser']) || !empty($_POST['DelUser'])) {
// check for empty variables
if (!empty($user_username) && !empty($user_fname) && !empty($user_lname) && !empty($user_access_level) && !empty($user_group) && !empty($user_department) && !empty($user_fname) && !empty($user_lname) && !empty($user_phone) && !empty($user_email)) {
// do some validation checks on submitted data
if ($val->ValidateAlphaChar($user_username) !== -1 && $val->ValidateString($user_fname) !== -1 && $val->ValidateString($user_lname) !== -1 && $val->ValidateString($user_access_level) !== -1 && $val->ValidateString($user_group) !== -1 && $val->ValidateParagraph($user_department) !== -1 && $val->ValidateString($user_contact) !== -1 && $val->ValidatePhone($user_phone) !== -1 && $val->ValidateEmail($user_email) !== -1) {
// leave the owner assignment alone if owner is not admin
if ($group === "admin") {
$group = $user_group;
}
// generate random password if this is a new user
if (!empty($_POST['AddUser'])) {
$user_password = $val->GenerateRandomPassword("12", "normal");
}
// setup our SQL statements for add, edit and deleting records
$insert = "INSERT INTO `auth_users` ( `username`, `password`, `level`, `group`, `dept`, `first`, `last`, `phone`, `email`, `ip`, `host`, `create_date`, `create_time`, `access_date`, `access_time`, `session`, `reset`, `owner` ) VALUES ( \"" . $user_username . "\", \"" . sha1($user_password) . "\", \"" . $user_access_level . "\", \"" . $user_group . "\", \"" . $user_deptartment . "\", \"" . $user_fname . "\", \"" . $user_lname . "\", \"" . $user_phone . "\", \"" . $user_email . "\", \"" . $user_ip . "\", \"" . $user_host . "\", \"" . $user_create_date . "\", \"" . $user_create_time . "\", \"" . $user_access_date . "\", \"" . $user_access_time . "\", \"" . $user_session . "\", \"TRUE\", \"" . $group . "\" )";
$update = "UPDATE `auth_users` SET `username` = \"" . $user_username . "\", `level` = \"" . $user_access_level . "\", `group` = \"" . $user_group . "\", `dept` = \"" . $user_department . "\", `first` = \"" . $user_fname . "\", `last` = \"" . $user_lname . "\", `phone` = \"" . $user_phone . "\", `email` = \"" . $user_email . "\", `ip` = \"" . $user_ip . "\", `host` = \"" . $user_host . "\", `owner` = \"" . $group . "\" WHERE `id` = \"" . $user_id . "\" LIMIT 1";
$delete = "DELETE FROM `auth_users` WHERE `id` = \"" . $user_id . "\" LIMIT 1";
// now perform a check to see which statement to use
if (!empty($_POST['AddUser'])) {
$sql = $insert;
function AuthUser($user, $pass, $token)
{
// our global config opts
global $defined;
// initialize classes
$db = new dbConn();
$val = new ValidateStrings();
$lib = new Authenticate();
$auth = new Encryption();
$sess = new Sessions();
$misc = new MiscFunctions();
$exit = new ExitApp();
// check our authentication requirements
if (empty($user) && empty($pass) && empty($token)) {
return -1;
}
// we have an existing authentication token present
if (!empty($token) && empty($user) && empty($pass)) {
$array = $auth->DecodeAuthToken($token);
$user = base64_decode($array[0]);
$pass = base64_decode($array[1]);
$time = $array[4];
$current = $misc->GenTime();
if ($lib->AuthTimeOut($defined['timeout'], $time, $current) === -1) {
return -2;
}
}
// perform validation on username and password
if ($val->ValidateAlphaChar($user) === -1 || $val->ValidateParagraph($pass) === -1) {
return -3;
}
// see if the user exists for authenticaiton
$data = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']);
$query = "SELECT * FROM `auth_users` WHERE `username` = \"{$user}\" AND `password` = sha1( \"{$pass}\" )";
$query = $val->ValidateSQL($query, $data);
// database problem
if (($value = $db->dbQuery($query, $data)) === -1) {
return -5;
}
// check user match
if ($db->dbNumRows($value) === -1 || $db->dbNumRows($value) === 0) {
return -4;
} else {
$return = 0;
}
// create our authentication session token
if (empty($token)) {
$array = $db->dbArrayResults($value);
$x = $auth->GeneratePrivateKey($defined['enckeygen']);
$access_date = $misc->GenDate();
$access_time = $misc->GenTimeRead();
$query = "UPDATE `auth_users` SET `access_date` = \"" . $access_date . "\", `access_time` = \"" . $access_time . "\", `session` = \"{$x}\" WHERE `id` = \"" . $array[0]['id'] . "\"";
$value = $val->ValidateSQL($query, $data);
if (($value = $db->dbQuery($value, $data)) === -1) {
return -5;
}
$x = $auth->EncodePrivToHex($x);
if (($token = $auth->EncodeAuthToken($array[0]['username'], $pass, $array[0]['level'], $array[0]['group'], $misc->GenTime(), $x)) !== -1) {
$sess->RegisterSession("token", $token);
$return = 0;
}
}
$db->dbFreeData($query);
$db->dbCloseConn($data);
return $return;
}
$scope_range_1 = $_POST['scope_range_1'];
$scope_range_2 = $_POST['scope_range_2'];
$bootp_filename = $_POST['bootp_filename'];
$bootp_server = $_POST['bootp_server'];
$broadcast_address = $_POST['broadcast_address'];
$ntp_servers = $_POST['ntp_servers'];
$netbios_servers = $_POST['netbios_servers'];
$default_lease = $_POST['default_lease'];
$min_lease = $_POST['min_lease'];
$max_lease = $_POST['max_lease'];
$permissions = $_POST['select_groups'];
$groups = $_POST['groups'];
// check each post element
if (!empty($subnet) && !empty($subnet_mask) && !empty($dns_server_1) && !empty($dns_server_2) && !empty($router) && !empty($subnet_name) && !empty($enable_scope)) {
// begin validation of configuration options
if ($val->ValidateIPv4($subnet) !== -1 && $val->ValidateIPv4($subnet_mask) !== -1 && $val->ValidateDomain($dns_server_1) !== -1 && $val->ValidateDomain($dns_server_2) !== -1 && $val->ValidateIPv4($router) !== -1 && $val->ValidateParagraph($subnet_name) !== -1 && $val->ValidateAlphaChar($pool_name) !== -1 || $pool_name === "---------------" && $val->ValidateString($enable_scope) !== -1 && $val->ValidateIPv4($scope_range_1) !== -1 && $val->ValidateIPv4($scope_range_2) !== -1 && $val->ValidateParagraph($bootp_filename) !== -1 && $val->ValidateDomain($bootp_server) !== -1 && $val->ValidateString($enable_forwarding) !== -1 && $val->ValidateDomain($broadcast_address) !== -1 && $val->ValidateDomain($ntp_servers) !== -1 && $val->ValidateDomain($netbios_servers) !== -1 && $val->ValidateInteger($default_lease) !== -1 && $val->ValidateInteger($min_lease) !== -1 && $val->ValidateInteger($max_lease) !== -1 && $val->ValidateBroadcast2List($interface_list, $subnet) === 0 && $val->ValidateBroadcast2List($interface_list, $broadcast_address) === 0) {
// fix pool var
if ($pool_name === "---------------") {
$pool_name = "";
}
// define our sql statements (exclude the group field if user is member of admin group)
if ($group !== "admin") {
$insert = "INSERT INTO `conf_subnets` ( `subnet`, `subnet-mask`, `dns-server-1`, `dns-server-2`, `router`, `subnet-name`, `pool`, `enable-scope`, `scope-range-1`, `scope-range-2`, `ip-forwarding`, `broadcast-address`, `ntp-servers`, `netbios-name-servers`, `default-lease-time`, `min-lease-time`, `max-lease-time`, `group` ) VALUES ( \"" . $subnet . "\",\"" . $subnet_mask . "\", \"" . $dns_server_1 . "\", \"" . $dns_server_2 . "\", \"" . $router . "\", \"" . $subnet_name . "\", \"" . $pool_name . "\", \"" . $enable_scope . "\", \"" . $scope_range_1 . "\", \"" . $scope_range_2 . "\", \"" . $enable_forwarding . "\", \"" . $broadcast_address . "\", \"" . $ntp_servers . "\", \"" . $netbios_servers . "\", \"" . $default_lease . "\", \"" . $min_lease . "\", \"" . $max_lease . "\", \"" . $group . "\" )";
if (empty($_POST['ex_group'])) {
$update = "UPDATE `conf_subnets` SET `subnet` = \"" . $subnet . "\", `subnet-mask` = \"" . $subnet_mask . "\", `dns-server-1` = \"" . $dns_server_1 . "\", `dns-server-2` = \"" . $dns_server_2 . "\", `router` = \"" . $router . "\", `subnet-name` = \"" . $subnet_name . "\", `pool` = \"" . $pool_name . "\", `enable-scope` = \"" . $enable_scope . "\", `scope-range-1` = \"" . $scope_range_1 . "\", `scope-range-2` = \"" . $scope_range_2 . "\", `ip-forwarding` = \"" . $enable_forwarding . "\", `broadcast-address` = \"" . $broadcast_address . "\", `ntp-servers` = \"" . $ntp_servers . "\", `netbios-name-servers` = \"" . $netbios_servers . "\", `default-lease-time` = \"" . $default_lease . "\", `min-lease-time` = \"" . $min_lease . "\", `max-lease-time` = \"" . $max_lease . "\", `group` = \"" . $group . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
} else {
$update = "UPDATE `conf_subnets` SET `subnet` = \"" . $subnet . "\", `subnet-mask` = \"" . $subnet_mask . "\", `dns-server-1` = \"" . $dns_server_1 . "\", `dns-server-2` = \"" . $dns_server_2 . "\", `router` = \"" . $router . "\", `subnet-name` = \"" . $subnet_name . "\", `pool` = \"" . $pool_name . "\", `enable-scope` = \"" . $enable_scope . "\", `scope-range-1` = \"" . $scope_range_1 . "\", `scope-range-2` = \"" . $scope_range_2 . "\", `bootp-filename` = \"" . $bootp_filename . "\", `bootp-server` = \"" . $bootp_server . "\", `ip-forwarding` = \"" . $enable_forwarding . "\", `broadcast-address` = \"" . $broadcast_address . "\", `ntp-servers` = \"" . $ntp_servers . "\", `netbios-name-servers` = \"" . $netbios_servers . "\", `default-lease-time` = \"" . $default_lease . "\", `min-lease-time` = \"" . $min_lease . "\", `max-lease-time` = \"" . $max_lease . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
}
} else {
$insert = "INSERT INTO `conf_subnets` ( `subnet`, `subnet-mask`, `dns-server-1`, `dns-server-2`, `router`, `subnet-name`, `enable-scope`, `scope-range-1`, `scope-range-2`, `bootp-filename`, `bootp_server`, `ip-forwarding`, `broadcast-address`, `ntp-servers`, `netbios-name-servers`, `default-lease-time`, `min-lease-time`, `max-lease-time` ) VALUES ( \"" . $subnet . "\",\"" . $subnet_mask . "\", \"" . $dns_server_1 . "\", \"" . $dns_server_2 . "\", \"" . $router . "\", \"" . $subnet_name . "\", \"" . $pool_name . "\", \"" . $enable_scope . "\", \"" . $scope_range_1 . "\", \"" . $scope_range_2 . "\", \"" . $bootp_filename . "\", \"" . $bootp_server . "\", \"" . $enable_forwarding . "\", \"" . $broadcast_address . "\", \"" . $ntp_servers . "\", \"" . $netbios_servers . "\", \"" . $default_lease . "\", \"" . $min_lease . "\", \"" . $max_lease . "\" )";
$update = "UPDATE `conf_subnets` SET `subnet` = \"" . $subnet . "\", `subnet-mask` = \"" . $subnet_mask . "\", `dns-server-1` = \"" . $dns_server_1 . "\", `dns-server-2` = \"" . $dns_server_2 . "\", `router` = \"" . $router . "\", `subnet-name` = \"" . $subnet_name . "\", `pool` = \"" . $pool_name . "\", `enable-scope` = \"" . $enable_scope . "\", `scope-range-1` = \"" . $scope_range_1 . "\", `scope-range-2` = \"" . $scope_range_2 . "\", `bootp-filename` = \"" . $bootp_filename . "\", `bootp-server` = \"" . $bootp_server . "\", `ip-forwarding` = \"" . $enable_forwarding . "\", `broadcast-address` = \"" . $broadcast_address . "\", `ntp-servers` = \"" . $ntp_servers . "\", `netbios-name-servers` = \"" . $netbios_servers . "\", `default-lease-time` = \"" . $default_lease . "\", `min-lease-time` = \"" . $min_lease . "\", `max-lease-time` = \"" . $max_lease . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
$emp = "TRUE";
$err1[$i]['substr_regex'] = $e;
$listop_empty .= "<li>The regex field is empty</li>";
}
// check formating of data to provide errors
if ($val->ValidateInteger($class_opts[$i]['substring_start']) === -1) {
$err1[$i]['substring'] = $e;
$stop = "TRUE";
$listop_val .= "<li>The substring start field is invalid, integers only</li>";
}
if ($val->ValidateInteger($class_opts[$i]['substring_end']) === -1) {
$err1[$i]['substring'] = $e;
$stop = "TRUE";
$listop_val .= "<li>The substring end field is invalid, integers only</li>";
}
if ($val->ValidateAlphaChar($class_opts[$i]['substr_regex']) === -1) {
$err1[$i]['substr_regex'] = $e;
$stop = "TRUE";
$listop_val .= "<li>The regex field is invalid, alpha numeric characters only</li>";
}
}
}
// check each post element
if (!empty($class_name) && $emp !== "TRUE") {
// get field type based on $class_option
$chk = "DESCRIBE `conf_classes_opts` `{$class_option}`";
if (($value = $db->dbQuery($val->ValidateSQL($chk, $dbconn), $dbconn)) !== -1) {
$chkvals = $db->dbArrayResultsAssoc($value);
}
// begin validation of configuration options
if ($val->ValidateParagraph($class_name) !== -1 && $stop !== "TRUE") {
