function saveprefs($sid)
{
global $username, $uroles, $dbconn, $nessus_path;
// get the profile prefs for use later
$sql = "SELECT t.nessusgroup, t.nessus_id, t.field, \n t.type, t.value, n.value, t.category\n FROM vuln_nessus_preferences_defaults t\n LEFT JOIN vuln_nessus_settings_preferences n\n ON t.nessus_id = n.nessus_id\n and n.sid = {$sid}\n order by category desc, nessusgroup, nessus_id";
$result = $dbconn->execute($sql);
if ($result === false) {
// SQL error
echo "Error: There was an error with the DB lookup: " . $dbconn->ErrorMsg() . "<br>";
}
$counter = 0;
// user requested Save, update the DB with the values
// Check to see if this is the owner doing the change
$foo = $dbconn->execute("select owner from vuln_nessus_settings where id = {$sid}");
list($myowner) = $foo->fields;
// if ($myowner <> $username && !$uroles[admin]) {
////logAccess( "$username : "******" : Access deined to profile" );
// echo "Access denied: You do not own this profile and are not an admin - (owner = $myowner).";
// //require_once('footer.php');
// die();
// }
$uuid = Util::get_system_uuid();
while (!$result->EOF) {
$counter++;
$vname = "form" . $counter;
if (isset($_POST[$vname])) {
${$vname} = Util::htmlentities(mysql_real_escape_string(trim($_POST[$vname])), ENT_QUOTES);
} elseif (isset($_GET[$vname])) {
$logh->log("{$username} : " . $_SERVER['SCRIPT_NAME'] . " : GET instead of POST method used - failed to save", PEAR_LOG_NOTICE);
echo "Please use the settings.php form to submit your changes.";
require_once 'footer.php';
die;
} else {
${$vname} = "";
}
list($nessusgroup, $nessus_id, $field, $type, $default, $value, $category) = $result->fields;
/* if (strstr($nessus_id, "[password]")) { // password field
if ($$vname!="" && !strstr($$vname,'ENC{')) { // not encrypted
$enc = new Crypt_CBC($dbk, $cipher);
$encrypted_val = $enc->encrypt($$vname);
$$vname = "ENC{" . base64_encode($encrypted_val) . "}";
}
}
*/
updatedb($nessus_id, ${$vname}, $dbconn, $type, $category, $sid, $uuid);
$result->MoveNext();
}
// end while loop
/*
* find all records in the vuln_nessus_settings_preferences table that
* have no matching value in vuln_nessus_preferences_defaults
* and delete them from vuln_nessus_preferences
*/
$sql = "select n.nessus_id \n\t\t from vuln_nessus_settings_preferences n\n\t\t left join vuln_nessus_preferences_defaults t\n on n.nessus_id = t.nessus_id\n where t.nessus_id is null";
$result = $dbconn->execute($sql);
while (!$result->EOF) {
list($pleasedeleteme) = $result->fields;
$sql2 = "delete from vuln_nessus_settings_preferences\n where nessus_id = \"{$pleasedeleteme}\"";
$result2 = $dbconn->execute($sql2);
$result->MoveNext();
}
// echo <<<EOT
//Nessus settings saved<BR>
//EOT;
// logAccess( "Edited Prefs for Profile $sid" );
if (preg_match("/omp\\s*\$/i", $nessus_path)) {
$omp = new OMP();
$omp->set_preferences($sid);
}
edit_serverprefs($sid);
//edit_profile($sid);
}
$CRS = querydb($sqlcmd, $db_conn);
$Count = $CRS[0]['ct'];
if (isset($_POST['textarea'])) {
if (!isset($_SESSION['LoginID']) || empty($_SESSION['LoginID'])) {
?>
<script>
alert("Please Login First!");
</script>
<?php
} else {
$ID = $_SESSION['LoginID'];
$MSG = mysql_real_escape_string($_POST['textarea']);
$T = getdate();
$TimeStamp = $T[0];
$sqlcmd = 'INSERT INTO Product_message VALUES (' . "{$TimeStamp},'{$UserIP}','{$ID}',{$pno},'{$MSG}','Y')";
$result = updatedb($sqlcmd, $db_conn);
header("Location:{$WebHost}" . "item.php?pno={$pno}");
exit;
}
}
if (isset($add)) {
$sqlcmd = "SELECT * FROM Product WHERE pno='{$add}'";
$VProduct = querydb($sqlcmd, $db_conn);
if (count($VProduct) > 0) {
if (isset($_COOKIE['kind'])) {
$Counter = $_COOKIE['kind'];
$Same = 0;
for ($i = 1; $i <= $Counter; $i++) {
if ($add == $_COOKIE["item{$i}"]) {
$Same = 1;
break;
if (isset($trandel)) {
$sqlcmd = "SELECT * FROM Transaction WHERE tno={$trandel}";
$rs = querydb($sqlcmd, $db_conn);
if (count($rs) > 0 && $rs[0]['state'] == 'G') {
$sqlcmd = "UPDATE Transaction SET state='C' WHERE tno={$trandel}";
$rs = updatedb($sqlcmd, $db_conn);
$sqlcmd = "SELECT COUNT(*) AS C FROM Orders WHERE tno={$trandel}";
$rs = querydb($sqlcmd, $db_conn);
$RecoverCount = $rs[0]['c'];
for ($i = 0; $i < $RecoverCount; $i++) {
$sqlcmd = "SELECT * FROM Orders WHERE tno={$trandel}";
$rs = querydb($sqlcmd, $db_conn);
$RecoverPno = $rs[$i]['pno'];
$RecoverNumber = $rs[$i]['amount'];
$sqlcmd = "UPDATE Product SET stock=stock+{$RecoverNumber} WHERE pno={$RecoverPno}";
$rs = updatedb($sqlcmd, $db_conn);
}
}
header("Location:info.php");
exit;
}
$PWD = $name = $mail = $phone = $addr = $birthStr = '';
$fileOK = $birth = $pic = 0;
$sex = 'M';
$ID = $_SESSION['LoginID'];
$MonArr = array('', 'January ', 'February ', 'March ', 'April ', 'May ', 'June ', 'July ', 'August ', 'September ', 'October ', 'November ', 'December ');
$Sexarr = array('M' => 'Male', 'F' => 'Female', 'O' => 'Other');
$stateArr = array('G' => 'In processing', 'F' => '<font color="#FF8F19">Completion</font>', 'D' => 'Delivering', 'C' => '<font color="D8AFFF">Cancelled</font>', 'O' => '<font color="red">Please Contact us</font>');
$sqlcmd = "SELECT * FROM Member WHERE id='{$ID}' AND state<>'N'";
$rs = querydb($sqlcmd, $db_conn);
if (count($rs) > 0) {
$counter = 0;
if ($submit == _("save")) {
logAccess("Save default profile");
while (!$result->EOF) {
$counter++;
$vname = "form" . $counter;
if (isset($_POST[$vname])) {
${$vname} = htmlspecialchars(mysql_escape_string(trim($_POST[$vname])), ENT_QUOTES);
} elseif (isset($_GET[$vname])) {
logAccess("GET instead of POST method used - failed to save");
die("Please use the default.php form to submit your changes.");
} else {
${$vname} = "";
}
list($nessusgroup, $nessus_id, $field, $type, $default, $value, $category) = $result->fields;
updatedb($nessus_id, ${$vname}, $dbconn, $type, $category);
$result->MoveNext();
}
# find all records in the vuln_nessus_preferences table that
# have no matching value in vuln_nessus_preferences_defaults
# and delete them from vuln_nessus_preferences
$sql = "select n.nessus_id from vuln_nessus_preferences n\n left join vuln_nessus_preferences_defaults t\n on n.nessus_id = t.nessus_id\n where t.nessus_id is null";
$result = $dbconn->execute($sql);
while (!$result->EOF) {
list($pleasedeleteme) = $result->fields;
$sql2 = "delete from vuln_nessus_preferences\n where nessus_id = \"{$pleasedeleteme}\"";
$result2 = $dbconn->execute($sql2);
logAccess("Deleted obselete config item {$pleasedeleteme}");
$result->MoveNext();
}
echo "<BR><BR><BR><CENTER><B>" . _("Nessus settings saved, please proceed to the") . " <A href=\"settings.php\">" . _("Profile Selection") . "</A> " . _("page") . ".</B></CENTER><BR>";
