forked from jakepaulus/collate-network
/
_blocks.php
147 lines (114 loc) · 4.02 KB
/
_blocks.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
<?php
require_once('include/common.php');
AccessControl('4', null, false); # null means no log, false means don't redirect
$op = (empty($_GET['op'])) ? 'default' : $_GET['op'];
if(isset($_GET['block_id']) && preg_match("/[0-9]*/", $_GET['block_id'])){
$block_id = $_GET['block_id'];
}
else{
header("HTTP/1.1 400 Bad Request"); // Tells Ajax.InPlaceEditor that an error has occured.
echo $COLLATE['languages']['selected']['selectblock'];
exit();
}
switch($op){
case "edit";
edit_block();
break;
case "delete";
delete_block();
break;
}
function edit_block(){
global $COLLATE;
global $block_id;
include 'include/validation_functions.php';
$dbo = getdbo();
$edit = (empty($_GET['edit'])) ? '' : clean($_GET['edit']);
$value = (empty($_POST['value'])) ? '' : clean($_POST['value']);
$username = (isset($COLLATE['user']['username'])) ? $COLLATE['user']['username'] : 'unknown';
if($edit == 'name'){
$return = validate_text($value,'blockname');
if($return['0'] === false){
header("HTTP/1.1 400 Bad Request");
echo $COLLATE['languages']['selected'][$return['error']];
exit();
}
else{
$value = $return['1'];
}
$sql = "SELECT id FROM blocks WHERE name='$value'";
$result = $dbo -> query($sql);
if($result -> rowCount()!= '0'){
# a block by this name exists already
$existing_block_id = $result -> fetchColumn();
if($existing_block_id !== $block_id){
header("HTTP/1.1 400 Bad Request");
echo $COLLATE['languages']['selected']['duplicatename'];
exit();
}
}
$sql = "SELECT name FROM blocks WHERE id='$block_id'";
$result = $dbo -> query($sql);
$name = $result -> fetchColumn();
collate_log('4', "Block $name has been updated to $value");
$sql = "UPDATE blocks SET name='$value', modified_by='$username', modified_at=NOW() WHERE id='$block_id'";
}
elseif($edit == 'note'){
$return = validate_text($value,'note');
if($return['0'] === false){
header("HTTP/1.1 400 Bad Request");
echo $COLLATE['languages']['selected'][$return['error']];
exit();
}
else{
$value = $return['1'];
}
$sql = "SELECT name FROM blocks WHERE id='$block_id'";
$result = $dbo -> query($sql);
$name = $result -> fetchColumn();
collate_log('4', "Block $name note edited");
$sql = "UPDATE blocks SET note='$value', modified_by='$username', modified_at=NOW() WHERE id='$block_id'";
}
else{
header("HTTP/1.1 400 Bad Request");
echo $COLLATE['languages']['selected']['invalidrequest'];
exit();
}
$dbo -> query($sql);
echo $value;
} // Ends edit_block function
function delete_block(){
global $COLLATE;
global $block_id;
$dbo = getdbo();
$block_ids = array();
$block_ids[] = $block_id;
$sql = "SELECT name FROM blocks WHERE id='$block_id'";
$result = $dbo -> query($sql);
if($result -> rowCount()!= '1'){
header("HTTP/1.1 400 Bad Request");
echo $COLLATE['languages']['selected']['selectblock'];
exit();
}
$name = $result -> fetchColumn();
collate_log("4", "Block $name has been deleted!");
if(find_child_blocks($block_id) !== false){ # this is a recursive function
$block_ids = array_merge($block_ids, find_child_blocks($block_id));
}
foreach($block_ids as $block_id){
// First delete all static IPs
$sql = "DELETE FROM statics WHERE subnet_id IN (SELECT id FROM subnets WHERE block_id='$block_id')";
$dbo -> query($sql);
// Next, remove the DHCP ACLs
$sql = "DELETE FROM acl WHERE subnet_id IN (SELECT id FROM subnets WHERE block_id='$block_id')";
$dbo -> query($sql);
// Next, remove the subnets
$sql = "DELETE FROM subnets WHERE block_id='$block_id'";
$dbo -> query($sql);
// Lastly, delete the IP block
$sql = "DELETE FROM blocks WHERE id='$block_id'";
$dbo -> query($sql);
}
# we don't output to the user on success. The row fades on the page to provide feedback.
} // Ends delete_block function
?>