Example #1
0
function create_new_profile($sname, $sdescription, $sautoenable, $stype, $cloneid, $auto_cat_status, $auto_fam_status, $tracker)
{
    global $dbconn, $nessus_path;
    $username = $stype;
    // Owner Profile
    if ($cloneid != '') {
        // get the data from the original profile
        $query = "SELECT autoenable, type\n                   FROM vuln_nessus_settings\n                   WHERE id = {$cloneid}";
        $result = $dbconn->GetArray($query);
        if ($result === false) {
            $errMsg[] = "Error selecting profile data for id = {$cloneid}: " . $dbconn->ErrorMsg();
            dispSQLError($errMsg, 1);
            require_once 'footer.php';
            die;
        } else {
            $orig = $result[0];
        }
        // create new entry in the vuln_nessus_settings table first and get
        // the new id
        $insert = "INSERT INTO vuln_nessus_settings\n                      (name, description, autoenable, type, owner, update_host_tracker )\n                    VALUES\n                      ('{$sname}', '{$sdescription}', '{$orig['autoenable']}', \n                       '{$orig['type']}', '{$username}', '{$tracker}' )";
        $result = $dbconn->execute($insert);
        if ($result === false) {
            $errMsg[] = "Error creating vuln_nessus_settings record: " . $dbconn->ErrorMsg();
            $error++;
            dispSQLError($errMsg, $error);
            require_once 'footer.php';
            die;
        } else {
            $newPID = $dbconn->Insert_ID();
        }
        /* now we need to copy all the data from the other tables with the
         * new sid = newPID
         * vuln_nessus_settings_users -> sid, username
         * vuln_nessus_settings_family
         * vuln_nessus_settings_category
         * vuln_nessus_settings_preferences
         * vuln_nessus_settings_plugins
         */
        //$query="insert into vuln_nessus_settings_users (sid, username)
        //        values ($newPID, '$username')";
        //$result=$dbconn->execute($query);
        //if($result === false) {
        //   $errMsg[] = "Error creating vuln_nessus_settings_users record: ".
        //               $dbconn->ErrorMsg();
        //  $error++;
        //}
        $query = "insert into vuln_nessus_settings_family\n                   (select {$newPID} as sid, fid, status \n                    from vuln_nessus_settings_family\n                    where sid={$cloneid})";
        $result = $dbconn->execute($query);
        if ($result === false) {
            $errMsg[] = "Error copying vuln_nessus_settings_family records: " . $dbconn->ErrorMsg();
            $error++;
        }
        $query = "insert into vuln_nessus_settings_category\n                   (select {$newPID} as sid, cid, status \n                    from vuln_nessus_settings_category\n                    where sid={$cloneid})";
        $result = $dbconn->execute($query);
        if ($result === false) {
            $errMsg[] = "Error copying vuln_nessus_settings_category records: " . $dbconn->ErrorMsg();
            $error++;
        }
        $query = "insert into vuln_nessus_settings_preferences \n                   (select {$newPID} as sid, id, nessus_id, value, \n                       category, type \n                    from vuln_nessus_settings_preferences\n                    where sid={$cloneid})";
        $result = $dbconn->execute($query);
        if ($result === false) {
            $errMsg[] = "Error copying vuln_nessus_settings_preferences records: " . $dbconn->ErrorMsg();
            $error++;
        }
        $query = "insert into vuln_nessus_settings_plugins \n                    (select id, {$newPID} as sid, enabled, category, \n                        family from vuln_nessus_settings_plugins \n                     where sid = {$cloneid})";
        $result = $dbconn->execute($query);
        if ($result === false) {
            $errMsg[] = "Error copying vuln_nessus_settings_plugins records: " . $dbconn->ErrorMsg();
            $error++;
        }
        $sid = $newPID;
        // necessary so that success links have the sid set
    } else {
        // create a new profile from scratch
        if ($sname != "" and ($sautoenable == "N" or $sautoenable == "C" or $sautoenable == "F")) {
            # see if this is duplicate name or not
            $query = "SELECT count(name)\n                    FROM vuln_nessus_settings\n                    WHERE name='{$sname}'";
            $result = $dbconn->execute($query);
            list($count) = $result->fields;
            if ($count > 0) {
                echo "Cannot create new profile. Duplicate profile name {$sname} exists.";
            } else {
                $type = $stype == "true" ? "G" : " ";
                $query = "INSERT into vuln_nessus_settings (name, description, autoenable, type, owner, auto_cat_status, auto_fam_status)\n                       values ('{$sname}', '{$sdescription}', '{$sautoenable}', '{$type}', '{$username}', {$auto_cat_status}, {$auto_fam_status})";
                $result = $dbconn->execute($query);
                if ($result === false) {
                    $errMsg[] = "Error creating vuln_nessus_settings record: " . $dbconn->ErrorMsg();
                    $error++;
                } else {
                    $sid = $dbconn->Insert_ID();
                }
                //$query="insert into vuln_nessus_settings_users ( sid, username ) values ($sid, '$username')";
                //$result=$dbconn->execute($query);
                //if($result === false) {
                //   $errMsg[] = "Error creating vuln_nessus_settings_users record: ".
                //               $dbconn->ErrorMsg();
                //   $error++;
                //}
                reset($_POST);
                // if form method="post"
                // improve logic here, only add these if this profile
                // is set to autoenable anything, otherwise skip this
                while (list($key, $value) = each($_POST)) {
                    $value = Util::htmlentities(mysql_real_escape_string(trim($value)), ENT_QUOTES);
                    if (substr($key, 0, 2) == "f_") {
                        $type = substr($key, 0, 1);
                        $key = substr($key, 2);
                        $query = "insert into vuln_nessus_settings_family values({$sid}, {$key}, {$value})";
                        $results = $dbconn->Execute($query);
                        if ($result === false) {
                            $errMsg[] = "Error creating vuln_nessus_settings_family records: " . $dbconn->ErrorMsg();
                            $error++;
                        }
                    } elseif (substr($key, 0, 2) == "c_") {
                        $type = substr($key, 0, 1);
                        $key = substr($key, 2);
                        $query = "insert into vuln_nessus_settings_category values({$sid}, {$key}, {$value})";
                        $results = $dbconn->Execute($query);
                        if ($result === false) {
                            $errMsg[] = "Error creating vuln_nessus_settings_category records: " . $dbconn->ErrorMsg();
                            $error++;
                        }
                    }
                }
                // not sure why we do this, there can't be any values in these tables
                // with sid=$sid as $sid is a new ID
                //               $query="select count(*)
                //                       from vuln_nessus_settings_preferences
                //                       where sid=$sid";
                //               $result=$dbconn->execute($query);
                //               list($count)=$result->fields;
                //
                //               if (!$count>0) {
                $query = "insert into vuln_nessus_settings_preferences \n                          select {$sid} as sid, id, nessus_id, value, \n                                 category, type \n                          from vuln_nessus_preferences";
                $result = $dbconn->execute($query);
                if ($result === false) {
                    $errMsg[] = "Error creating vuln_nessus_settings_preferences records: " . $dbconn->ErrorMsg();
                    $error++;
                }
                //               }
                //
                //               $query = "select count(*)
                //                         from vuln_nessus_settings_plugins
                //                         where sid=$sid";
                //               $result=$dbconn->execute($query);
                //               list($count)=$result->fields;
                //
                //               if (!$count>0) {
                $query = "insert into vuln_nessus_settings_plugins \n                            select id, {$sid} as sid, enabled, category, \n                                   family from vuln_nessus_plugins \n                            where deleted is null";
                $result = $dbconn->execute($query);
                if ($result === false) {
                    $errMsg[] = "Error creating vuln_nessus_settings_plugins records: " . $dbconn->ErrorMsg();
                    $error++;
                }
                //               }
                if ($sautoenable == "C") {
                    $query = "select t1.cid, t1.status \n                          from vuln_nessus_settings_category as t1, \n                               vuln_nessus_category as t2 \n                          where sid={$sid}";
                    $result = $dbconn->execute($query);
                    while (!$result->EOF) {
                        list($cid, $catstatus) = $result->fields;
                        if ($catstatus == 4) {
                            $query1 = "update vuln_nessus_settings_plugins \n                                 set enabled='N' \n                                 where category={$cid} \n                                       and sid={$sid}";
                            $result1 = $dbconn->execute($query1);
                            if ($result1 === false) {
                                $errMsg[] = "Error updating vuln_nessus_settings_plugins records: " . $dbconn->ErrorMsg();
                                $error++;
                            }
                        } elseif ($catstatus == 1) {
                            $query1 = "update vuln_nessus_settings_plugins \n                                 set enabled='Y' \n                                 where category={$cid} \n                                       and sid={$sid}";
                            $result1 = $dbconn->execute($query1);
                            if ($result1 === false) {
                                $errMsg[] = "Error updating vuln_nessus_settings_plugins records: " . $dbconn->ErrorMsg();
                                $error++;
                            }
                        }
                        $result->MoveNext();
                    }
                } elseif ($sautoenable == "F") {
                    $query = "select t1.fid, t1.status \n                          from vuln_nessus_settings_family as t1, \n                               vuln_nessus_category as t2 \n                          where sid={$sid}";
                    $result = $dbconn->execute($query);
                    while (!$result->EOF) {
                        list($fid, $catstatus) = $result->fields;
                        if ($catstatus == 4) {
                            $query1 = "update vuln_nessus_settings_plugins \n                                 set enabled='N' \n                                 where family={$fid} \n                                       and sid={$sid}";
                            $result1 = $dbconn->execute($query1);
                            if ($result1 === false) {
                                $errMsg[] = "Error updating vuln_nessus_settings_plugins records: " . $dbconn->ErrorMsg();
                                $error++;
                            }
                        } elseif ($catstatus == 1) {
                            $query1 = "update vuln_nessus_settings_plugins \n                                 set enabled='Y' \n                                 where family={$fid} \n                                       and sid={$sid}";
                            $result1 = $dbconn->execute($query1);
                            if ($result1 === false) {
                                $errMsg[] = "Error updating vuln_nessus_settings_plugins records: " . $dbconn->ErrorMsg();
                                $error++;
                            }
                        }
                        $result->MoveNext();
                    }
                }
            }
        } else {
            echo "Please specify profile name";
        }
    }
    if (!$error) {
        if (preg_match("/omp\\s*\$/i", $nessus_path)) {
            $omp = new OMP();
            $omp->create_new_config($sid);
        }
        //logAccess( "Created Profile $sid - $sname" );
        //         echo <<<EOT
        //Step 1. Done - Profile $sname created!!!<BR>
        //Step 2. <a href="settings.php?item=editusers&amp;sid=$sid">Edit Profile Users</a></br>
        //Step 3. <A href="settings.php?item=edit&amp;sid=$sid&amp;page=1">Edit profile details</A>
        //EOT;
        ?>
<script type="text/javascript">
        //<![CDATA[
        document.location.href='settings.php?hmenu=Vulnerabilities&smenu=ScanProfiles';
       //]]>
     </script><?php 
    } else {
        //logAccess( "Created Profile Failed $errMsg[0]" );
        dispSQLError($errMsg, $error);
    }
}
Example #2
0
function list_results($type, $value, $ctx_filter, $sortby, $sortdir)
{
    global $allres, $offset, $pageSize, $dbconn;
    global $user, $arruser;
    $dbconn->SetFetchMode(ADODB_FETCH_BOTH);
    $filteredView = FALSE;
    $selRadio = array("", "", "", "");
    $query_onlyuser = "";
    $url_filter = "";
    // Deprecated filter
    //if(!empty($arruser)) {$query_onlyuser = "******";}
    $sortby = "t1.results_sent DESC, t1.hostIP DESC";
    $sortdir = "";
    $queryw = "";
    $queryl = "";
    $querys = "SELECT distinct t1.hostIP, HEX(t1.ctx) as ctx, t1.scantime, t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t1.sid, t3.name as profile\n    FROM vuln_nessus_latest_reports AS t1 LEFT JOIN vuln_nessus_settings AS t3 ON t1.sid = t3.id, vuln_nessus_latest_results AS t5\n    WHERE\n    t1.hostIP      = t5.hostIP\n    AND t1.ctx     = t5.ctx\n    AND t1.deleted = '0' ";
    // set up the SQL query based on the search form input (if any)
    if ($type == "scantime" && $value != "") {
        $selRadio[0] = "CHECKED";
        $q = $value;
        $queryw = " AND t1.scantime LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
        $queryl = " limit {$offset},{$pageSize}";
        $stext = "<b>" . _("Search for Date/Time") . "</b> = '*{$q}*'";
        $url_filter = "&type={$type}&value={$value}";
    } else {
        if ($type == "service" && $value != "") {
            $selRadio[5] = "CHECKED";
            $q = $value;
            $queryw = " AND t5.service LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
            $queryl = " limit {$offset},{$pageSize}";
            $stext = "<b>" . _("Search for Service") . "</b> = '*" . html_entity_decode($q) . "*'";
            $url_filter = "&type={$type}&value={$value}";
        } else {
            if ($type == "freetext" && $value != "") {
                $selRadio[6] = "CHECKED";
                $q = $value;
                $queryw = " AND t5.msg LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
                $queryl = " limit {$offset},{$pageSize}";
                $stext = "<b>" . _("Search for Free Text") . "</b> = '*" . html_entity_decode($q) . "*'";
                $url_filter = "&type={$type}&value={$value}";
            } else {
                if ($type == "hostip" && $value != "") {
                    $selRadio[1] = "CHECKED";
                    $q = strtolower($value);
                    $queryw = " t1.hostIP LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
                    $queryl = " limit {$offset},{$pageSize}";
                    $stext = "<b>" . _("Search for Host-IP") . "</b> = '*{$q}*'";
                    $url_filter = "&type={$type}&value={$value}";
                } else {
                    if ($type == "fk_name" && $value != "") {
                        $selRadio[2] = "CHECKED";
                        $q = strtolower($value);
                        $queryw = " AND t1.fk_name LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
                        $queryl = " limit {$offset},{$pageSize}";
                        $stext = _("Search for Subnet/CIDR") . " = '*{$q}*'";
                        $url_filter = "&type={$type}&value={$value}";
                    } else {
                        if ($type == "username" && $value != "") {
                            $selRadio[3] = "CHECKED";
                            $q = strtolower($value);
                            $queryw = " AND t1.username LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
                            $queryl = " limit {$offset},{$pageSize}";
                            $stext = "<b>" . _("Search for user") . "</b> = '*{$q}*'";
                            $url_filter = "&type={$type}&value={$value}";
                        } else {
                            if ($type == "hn" && $value != "") {
                                if (!empty($ctx_filter)) {
                                    $queryw = " AND t1.ctx=UNHEX('{$ctx_filter}')";
                                }
                                $selRadio[4] = "CHECKED";
                                if (preg_match("/\\//", $value)) {
                                    $ip_range = array();
                                    $ip_range = Cidr::expand_CIDR($value, "SHORT");
                                    $queryw .= " AND (inet_aton(t1.hostIP) >= '" . $ip_range[0] . "' AND inet_aton(t1.hostIP) <='" . $ip_range[1] . "') {$query_onlyuser} order by {$sortby} {$sortdir}";
                                } elseif (preg_match("/\\,/", $value)) {
                                    $q = implode("','", explode(",", $value));
                                    $queryw .= " AND t1.hostIP in ('{$q}') {$query_onlyuser} order by {$sortby} {$sortdir}";
                                    $q = "Others";
                                } else {
                                    $q = $value;
                                    $queryw .= " AND t1.hostIP LIKE '{$q}' {$query_onlyuser} order by {$sortby} {$sortdir}";
                                }
                                $queryl = " limit {$offset},{$pageSize}";
                                if (!preg_match("/\\//", $value)) {
                                    $stext = "<b>" . _("Search for Host") . "</b> = '" . html_entity_decode($q) . "'";
                                } else {
                                    $stext = "<b>" . _("Search for Subnet/CIDR") . "</b> = '{$value}'";
                                }
                                $url_filter = "&type={$type}&value={$value}";
                            } else {
                                $selRadio[4] = "CHECKED";
                                $viewAll = FALSE;
                                $queryw = "{$query_onlyuser} order by {$sortby} {$sortdir}";
                                $queryl = " limit {$offset},{$pageSize}";
                                $stext = "";
                            }
                        }
                    }
                }
            }
        }
    }
    // set up the pager and search fields if viewing all hosts
    $reportCount = 0;
    if (!$filteredView) {
        $dbconn->Execute(str_replace("SELECT distinct", "SELECT SQL_CALC_FOUND_ROWS distinct", $querys) . $queryw);
        $reportCount = $dbconn->GetOne("SELECT FOUND_ROWS() as total");
        $previous = $offset - $pageSize;
        if ($previous < 0) {
            $previous = 0;
        }
        $last = intval($reportCount / $pageSize) * $pageSize;
        if ($last < 0) {
            $last = 0;
        }
        $next = $offset + $pageSize;
        $pageEnd = $offset + $pageSize;
        $value = html_entity_decode($value);
        //echo "<center><table cellspacing='0' cellpadding='0' border='0' width='100%'><tr><td class='headerpr' style='border:0;'>"._("Current Vulnerablities")."</td></tr></table>";
        // output the search form
        echo "<table class='w100 transparent'>";
        echo "<tr><td class='sec_title'>" . _("Asset Vulnerability Details") . "</td></tr>";
        echo "<tr><td style='padding:12px 0px 0px 0px;' class='transparent'>";
        ?>
    <div id='cvleftdiv'>
        <a id="new_scan_button" class="button" href="<?php 
        echo Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?action=create_scan&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs');
        ?>
" style="text-decoration:none;">
        <?php 
        echo _("New Scan Job");
        ?>
        </a>
    </div>
    <div id='cvrightdiv'>

<?php 
        echo '<form name="hostSearch" id="hostSearch" action="index.php" method="GET">
<input type="text" length="25" name="value" id="assets" class="assets" style="margin:0px !important;" value="' . Util::htmlentities($value) . '">';
        // cvfiltertype -> current vulnerabilities filter type
        echo "\n<input type=\"radio\" name=\"type\" value=\"service\" {$selRadio['5']}>" . _("Service") . "\n<input type=\"radio\" name=\"type\" value=\"freetext\" {$selRadio['6']}>" . _("Free text") . "\n<input type=\"radio\" name=\"type\" value=\"hn\" {$selRadio['4']}>" . _("Host/Net") . "\n";
        echo "<input type=\"submit\" name=\"submit\" value=\"" . _("Find") . "\" id=\"current_vulns_find_button\" class=\"av_b_secondary small\" style=\"margin-left:15px;\">";
        echo <<<EOT
</form>
</p>
EOT;
    } else {
        // get the search result count
        $queryc = "SELECT count( report_id ) FROM vuln_nessus_latest_reports WHERE t1.deleted = '0' ";
        $scount = $dbconn->GetOne($queryc . $queryw);
        echo "<p>{$scount} report";
        if ($scount != 1) {
            echo "s";
        } else {
        }
        echo " " . _("found matching search criteria") . " | ";
        echo " <a href='index.php' alt='" . _("View All Reports") . "'>" . _("View All Reports") . "</a></p>";
    }
    echo "<p>";
    echo $stext;
    echo "</p>";
    echo "</div></td></tr></table>";
    $result = array();
    // get the hosts to display
    $result = $dbconn->GetArray($querys . $queryw . $queryl);
    // main query
    //echo $querys.$queryw.$queryl;
    $delete_ids = array();
    if (count($result) > 0) {
        foreach ($result as $rpt) {
            $delete_ids[] = $dreport_id = $rpt["report_id"];
        }
    }
    $_SESSION["_dreport_ids"] = implode(",", $delete_ids);
    //echo "$querys$queryw$queryl";
    if ($result === false) {
        $errMsg[] = _("Error getting results") . ": " . $dbconn->ErrorMsg();
        $error++;
        dispSQLError($errMsg, $error);
    } else {
        $data['vInfo'] = 0;
        $data['vLow'] = 0;
        $data['vMed'] = 0;
        $data['vHigh'] = 0;
        $data['vSerious'] = 0;
        $perms_where = Asset_host::get_perms_where('host.', TRUE);
        if (!empty($perms_where)) {
            $queryt = "SELECT count(lr.result_id) AS total, lr.risk, lr.hostIP, HEX(lr.ctx) AS ctx\n                        FROM vuln_nessus_latest_results lr, host, host_ip hi\n                        WHERE host.id=hi.host_id AND inet6_ntoa(hi.ip)=lr.hostIP {$perms_where} AND falsepositive='N'\n                        GROUP BY risk, hostIP, ctx";
        } else {
            $queryt = "SELECT count(lr.result_id) AS total, risk, lr.hostIP, HEX(lr.ctx) AS ctx\n                        FROM vuln_nessus_latest_results lr\n                        WHERE falsepositive='N'\n                        GROUP BY risk, hostIP, ctx";
        }
        //echo "$queryt<br>";
        $resultt = $dbconn->Execute($queryt);
        while (!$resultt->EOF) {
            $riskcount = $resultt->fields['total'];
            $risk = $resultt->fields['risk'];
            if ($risk == 7) {
                $data['vInfo'] += $riskcount;
            } else {
                if ($risk == 6) {
                    $data['vLow'] += $riskcount;
                } else {
                    if ($risk == 3) {
                        $data['vMed'] += $riskcount;
                    } else {
                        if ($risk == 2) {
                            $data['vHigh'] += $riskcount;
                        } else {
                            if ($risk == 1) {
                                $data['vSerious'] += $riskcount;
                            }
                        }
                    }
                }
            }
            $resultt->MoveNext();
        }
        if ($data['vInfo'] == 0 && $data['vLow'] == 0 && $data['vMed'] == 0 && $data['vHigh'] == 0 && $data['vSerious'] == 0) {
            $tdata[] = array("report_id" => "All", "host_name" => "", "scantime" => "", "username" => "", "scantype" => "", "report_key" => "", "report_type" => "", "sid" => "", "profile" => "", "hlink" => "", "plink" => "", "xlink" => "", "vSerious" => $data['vSerious'], "vHigh" => $data['vHigh'], "vMed" => $data['vMed'], "vLow" => $data['vLow'], "vInfo" => $data['vInfo']);
        } else {
            $tdata[] = array("report_id" => "All", "host_name" => "", "scantime" => "", "username" => "", "scantype" => "", "report_key" => "", "report_type" => "", "sid" => "", "profile" => "", "hlink" => "lr_reshtml.php?ipl=all&disp=html&output=full&scantype=M", "plink" => "lr_respdf.php?ipl=all&scantype=M", "xlink" => "lr_rescsv.php?ipl=all&scantype=M", "dlink" => "", "vSerious" => $data['vSerious'], "vHigh" => $data['vHigh'], "vMed" => $data['vMed'], "vLow" => $data['vLow'], "vInfo" => $data['vInfo']);
        }
        foreach ($result as $data) {
            if (!Session::hostAllowed_by_ip_ctx($dbconn, $data["hostIP"], $data["ctx"])) {
                continue;
            }
            $host_id = key(Asset_host::get_id_by_ips($dbconn, $data["hostIP"], $data["ctx"]));
            if (valid_hex32($host_id)) {
                $data['host_name'] = Asset_host::get_name_by_id($dbconn, $host_id);
            }
            $data['vSerious'] = 0;
            $data['vHigh'] = 0;
            $data['vMed'] = 0;
            $data['vLow'] = 0;
            $data['vInfo'] = 0;
            // query for reports for each IP
            $query_risk = "SELECT distinct risk, port, protocol, app, scriptid, msg, hostIP FROM vuln_nessus_latest_results WHERE hostIP = '" . $data['hostIP'];
            $query_risk .= "' AND username = '******'username'] . "' AND sid =" . $data['sid'] . " AND ctx = UNHEX('" . $data['ctx'] . "') AND falsepositive='N'";
            $result_risk = $dbconn->Execute($query_risk);
            while (!$result_risk->EOF) {
                if ($result_risk->fields["risk"] == 7) {
                    $data['vInfo']++;
                } else {
                    if ($result_risk->fields["risk"] == 6) {
                        $data['vLow']++;
                    } else {
                        if ($result_risk->fields["risk"] == 3) {
                            $data['vMed']++;
                        } else {
                            if ($result_risk->fields["risk"] == 2) {
                                $data['vHigh']++;
                            } else {
                                if ($result_risk->fields["risk"] == 1) {
                                    $data['vSerious']++;
                                }
                            }
                        }
                    }
                }
                $result_risk->MoveNext();
            }
            $data['plink'] = "lr_respdf.php?treport=latest&ipl=" . urlencode($data['hostIP']) . "&ctx=" . $data['ctx'] . "&scantype=" . $data['scantype'];
            $data['hlink'] = "lr_reshtml.php?treport=latest&ipl=" . urlencode($data['hostIP']) . "&ctx=" . $data['ctx'] . "&scantype=" . $data['scantype'];
            $data['xlink'] = "lr_rescsv.php?treport=latest&ipl=" . urlencode($data['hostIP']) . "&ctx=" . $data['ctx'] . "&scantype=" . $data['scantype'];
            if (Session::am_i_admin()) {
                $data['dlink'] = "index.php?delete=" . $data['report_key'] . "&scantime=" . $data['scantime'];
            }
            $list = explode("\n", trim($data['meth_target']));
            if (count($list) == 1) {
                $list[0] = trim($list[0]);
                $data['target'] = resolve_asset($dbconn, $list[0]);
            } elseif (count($list) == 2) {
                $list[0] = trim($list[0]);
                $list[0] = resolve_asset($dbconn, $list[0]);
                $list[1] = trim($list[1]);
                $list[1] = resolve_asset($dbconn, $list[1]);
                $data['target'] = $list[0] . ' ' . $list[1];
            } else {
                $list[0] = trim($list[0]);
                $list[0] = resolve_asset($dbconn, $list[0]);
                $list[count($list) - 1] = trim($list[count($list) - 1]);
                $list[count($list) - 1] = resolve_asset($dbconn, $list[count($list) - 1]);
                $data['target'] = $list[0] . " ... " . $list[count($list) - 1];
            }
            $tdata[] = $data;
        }
        if ($sortdir == "ASC") {
            $sortdir = "DESC";
        } else {
            $sortdir = "ASC";
        }
        $url = $_SERVER['SCRIPT_NAME'] . "?offset={$offset}&sortby=%var%&sortdir={$sortdir}" . $url_filter;
        $fieldMapLinks = array();
        $fieldMapLinks = array(gettext("HTML Results") => array('url' => '%param%', 'param' => 'hlink', 'target' => 'main', 'icon' => 'images/html.png'), gettext("PDF Results") => array('url' => '%param%', 'param' => 'plink', 'target' => '_blank', 'icon' => 'images/pdf.png'), gettext("EXCEL Results") => array('url' => '%param%', 'param' => 'xlink', 'target' => '_blank', 'icon' => 'images/page_white_excel.png'));
        if (Session::am_i_admin()) {
            $fieldMapLinks["DELETE Results"] = array('url' => '%param%', 'param' => 'dlink', 'target' => 'main', 'icon' => 'images/delete.gif');
        }
        $fieldMap = array("Host - IP" => array('var' => 'hostip'), "Date/Time" => array('var' => 'scantime'), "Profile" => array('var' => 'profile'), "Serious" => array('var' => 'vSerious'), "High" => array('var' => 'vHigh'), "Medium" => array('var' => 'vMed'), "Low" => array('var' => 'vLow'), "Info" => array('var' => 'vInfo'), "Links" => $fieldMapLinks);
        // echo "<pre>";
        // var_dump($tdata);
        // echo "</pre>";
        if (count($tdata) > 1) {
            drawTableLatest($fieldMap, $tdata, "Hosts");
        } elseif (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
            echo "<br><span class='gray'>" . _("No results found: ") . "</span><a href='" . Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?action=create_scan&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs') . "'>" . _("Click here to run a Vulnerability Scan now") . "</a><br><br>";
        }
    }
    // draw the pager again, if viewing all hosts
    if (!$filteredView && $reportCount > 10) {
        ?>
    <div class="fright tmargin">
        <?php 
        if ($next > $pageSize) {
            ?>
	        <a href="index.php?<?php 
            echo "offset={$previous}{$url_filter}";
            ?>
" class="pager">< <?php 
            echo _("PREVIOUS");
            ?>
 </a>
	    <?php 
        } else {
            ?>
	        <a class='link_paginate_disabled' href="" onclick='return false'>< <?php 
            echo _("PREVIOUS");
            ?>
 </a>
		<?php 
        }
        if ($next <= $last) {
            ?>
            <a class='lmargin' href="index.php?<?php 
            echo "offset={$next}{$url_filter}";
            ?>
">  <?php 
            echo _("NEXT");
            ?>
 ></a>
        <?php 
        } else {
            ?>
            <a class='link_paginate_disabled lmargin' href="" onclick='return false'><?php 
            echo _("NEXT");
            ?>
 ></a>
        <?php 
        }
        ?>
    </div>
<?php 
    } else {
        echo "<p>&nbsp;</p>";
    }
}
Example #3
0
function list_results($type, $value, $sortby, $sortdir)
{
    global $scanstate, $isReportAdmin, $allres, $offset, $pageSize, $username, $uroles, $dbconn, $hosts;
    global $user, $arruser;
    $filteredView = FALSE;
    $selRadio = array("", "", "", "");
    $query_onlyuser = "";
    $url_filter = "";
    //if (!$isReportAdmin || (!$allres)) { $query_onlyuser="******"; }
    if (!in_array("admin", $arruser)) {
        $query_onlyuser = "******";
    }
    if ($sortby == "") {
        $sortby = "scantime";
    }
    if ($sortdir == "") {
        $sortdir = "DESC";
    }
    $queryw = "";
    $queryl = "";
    //$querys="SELECT distinct t1.report_id, t1.name as jobname, t4.meth_target, t1.scantime,
    //   t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t3.name as profile, t4.id as jobid, t4.meth_SCHED,
    //   t5.vSerious, t5.vHigh, t5.vMed, t5.vLow, t5.vInfo
    //      FROM vuln_nessus_reports t1
    //   LEFT JOIN vuln_nessus_settings t3 ON t1.sid=t3.id
    //   LEFT JOIN vuln_jobs t4 on t1.report_id = t4.report_id
    //   LEFT JOIN vuln_nessus_report_stats t5 on t1.report_id = t5.report_id
    //      WHERE t1.deleted = '0' ";
    /*    $querys="SELECT distinct t1.report_id, t4.name as jobname, t4.scan_submit, t4.meth_target, t1.scantime,
         t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t3.name as profile, t4.id as jobid, t4.meth_SCHED,
         t5.vSerious, t5.vHigh, t5.vMed, t5.vLow, t5.vInfo
         FROM vuln_nessus_reports t1
         LEFT JOIN vuln_nessus_settings t3 ON t1.sid=t3.id
         LEFT JOIN vuln_jobs t4 on t1.report_id = t4.report_id
         LEFT JOIN vuln_nessus_report_stats t5 on t1.report_id = t5.report_id
         WHERE t1.deleted = '0' ";*/
    $leftjoin = "";
    if ($type == "net" && trim($value) != "") {
        $leftjoin = "LEFT JOIN vuln_nessus_results t5 ON t5.report_id=t1.report_id";
    }
    $querys = "SELECT distinct t1.sid as sid, t1.report_id, t4.name as jobname, t4.scan_submit, t4.meth_target, t1.scantime,\n     t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t3.name as profile, t4.id as jobid, t4.meth_SCHED, t1.name as report_name\n     FROM vuln_nessus_reports t1\n     LEFT JOIN vuln_nessus_settings t3 ON t1.sid=t3.id\n     LEFT JOIN vuln_jobs t4 on t1.report_id = t4.report_id {$leftjoin}\n     WHERE t1.deleted = '0' AND t1.scantime IS NOT NULL ";
    // set up the SQL query based on the search form input (if any)
    switch ($type) {
        case "scantime":
            $selRadio[0] = "CHECKED";
            $q = $value;
            $queryw = " AND t1.scantime LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
            $queryl = " limit {$offset},{$pageSize}";
            $stext = "<b>" . _("Search for Date/Time") . "</b> = '*{$q}*'";
            $url_filter = "&type={$type}&value={$value}";
            break;
        case "jobname":
            $selRadio[1] = "CHECKED";
            $q = strtolower($value);
            $queryw = " AND t1.name LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
            $queryl = " limit {$offset},{$pageSize}";
            $stext = "<b>" . _("Search for Job Name") . "</b> = '*" . html_entity_decode($q) . "*'";
            $url_filter = "&type={$type}&value={$value}";
            break;
        case "fk_name":
            $selRadio[2] = "CHECKED";
            $q = strtolower($value);
            $queryw = " AND t1.fk_name LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
            $queryl = " limit {$offset},{$pageSize}";
            $stext = _("Search for Subnet/CIDR") . " = '*{$q}*'";
            $url_filter = "&type={$type}&value={$value}";
            break;
        case "username":
            $selRadio[3] = "CHECKED";
            $q = strtolower($value);
            $queryw = " AND t1.username LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
            $queryl = " limit {$offset},{$pageSize}";
            $stext = "<b>" . _("Search for user") . "</b> = '*{$q}*'";
            $url_filter = "&type={$type}&value={$value}";
            break;
        case "net":
            $selRadio[4] = "CHECKED";
            if (!preg_match("/\\//", $value)) {
                $q = $value;
            } else {
                $tokens = explode("/", $value);
                $bytes = explode(".", $tokens[0]);
                if ($tokens[1] == "24") {
                    $q = $bytes[0] . "." . $bytes[1] . "." . $bytes[2] . ".";
                } else {
                    if ($tokens[1] == "16") {
                        $q = $bytes[0] . "." . $bytes[1] . ".";
                    } else {
                        if ($tokens[1] == "8") {
                            $q = $bytes[0] . ".";
                        } else {
                            if ((int) $tokens[1] > 24) {
                                $q = $bytes[0] . "." . $bytes[1] . "." . $bytes[2] . "." . $bytes[3];
                            }
                        }
                    }
                }
            }
            $queryw = " AND (t4.meth_TARGET LIKE '%{$q}%' OR t5.hostIP LIKE '%{$q}%') {$query_onlyuser} order by {$sortby} {$sortdir}";
            $queryl = " limit {$offset},{$pageSize}";
            if (!preg_match("/\\//", $value)) {
                $stext = "<b>" . _("Search for Host") . "</b> = '*" . html_entity_decode($q) . "*'";
            } else {
                $stext = "<b>" . _("Search for Subnet/CIDR") . "</b> = '*{$q}*'";
            }
            $url_filter = "&type={$type}&value={$value}";
            break;
        default:
            $selRadio[1] = "CHECKED";
            $viewAll = FALSE;
            $queryw = "{$query_onlyuser} order by {$sortby} {$sortdir}";
            $queryl = " limit {$offset},{$pageSize}";
            $stext = "";
            break;
    }
    // put link to add new host
    //   if ($isReportAdmin) {
    //      $url_allres="&allres=";
    //      if ($allres=="" || !is_numeric($allres) || (!$allres)) {
    //         $allres=0;
    //         echo "<a href='results.php?offset=0".$url_allres."1'>Show all results</a><br>";
    //      } else {
    //         $allres=1;
    //         echo "<a href='results.php?offset=0".$url_allres."0'>Display only my Results</a><br>";
    //      }
    //      $url_allres .="$allres";
    //   }
    // echo the search criteria used
    // set up the pager and search fields if viewing all hosts
    $reportCount = 0;
    if (!$filteredView) {
        $queryc = "SELECT count(t1.report_id) FROM vuln_nessus_reports t1 LEFT JOIN vuln_jobs t2 on t1.report_id = t2.report_id WHERE t1.deleted = '0' AND t2.scan_submit IS NOT NULL ";
        $reportCount = $dbconn->GetOne($queryc . $queryw);
        $previous = $offset - $pageSize;
        if ($previous < 0) {
            $previous = 0;
        }
        $last = $reportCount - $pageSize;
        if ($last < 0) {
            $last = 0;
        }
        $next = $offset + $pageSize;
        if ($next > $last) {
            $next = $last;
        }
        $pageEnd = $offset + $pageSize;
        $value = html_entity_decode($value);
        echo "<center><table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"100%\"><tr><td class=\"headerpr\" style=\"border:0;\">" . _("Reports") . "</td></tr></table></center>";
        //echo "<p>There are $reportCount scans defined in the system.";
        // output the search form
        echo "<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"100%\">";
        echo "<tr><td style=\"padding-top:5px;\" class=\"nobborder\">";
        echo <<<EOT
<!--<form name="hostSearch" onSubmit="return OnSubmitForm();">-->
<center>
<form name="hostSearch" action="reports.php" method="GET">
<input type="text" length="25" name="value" value="{$value}">
EOT;
        echo "\n<input type=\"radio\" name=\"type\" value=\"scantime\" {$selRadio['0']}>" . _("Date") . "/" . _("Time") . "\n<input type=\"radio\" name=\"type\" value=\"jobname\" {$selRadio['1']}>" . _("Job Name") . "\n<!--<input type=\"radio\" name=\"type\" value=\"fk_name\" {$selRadio['2']}>Subnet Name-->\n<input type=\"radio\" name=\"type\" value=\"net\" {$selRadio['4']}>" . _("Host") . "/" . _("Net") . "\n<!--<input type=\"radio\" name=\"type\" value=\"username\" {$selRadio['3']}>Username-->\n";
        echo <<<EOT
<input type="hidden" name="sortby" value="{$sortby}">
<input type="hidden" name="allres" value="{$allres}">
<input type="hidden" name="op" value="search">&nbsp;&nbsp;&nbsp;
EOT;
        echo '<input type="hidden" name="withoutmenu" value="' . GET('withoutmenu') . '">';
        echo "<input type=\"submit\" name=\"submit\" value=\"" . _("Find") . "\" class=\"button\">";
        echo <<<EOT
</form>
</center>
</p>
EOT;
        // output the pager
        //echo "<p align=center><a href='reports.php?offset=0".$url_allres.$url_filter."' class='pager'>&lt&lt "._("First")."</a> | ";
        //if($offset != 0) {
        //   echo "<a href='reports.php?offset=$previous".$url_allres.$url_filter."' class='pager'>&lt "._("Previous")." </a> | ";
        //}
        //if($pageEnd >= $reportCount) { $pageEnd = $reportCount; }
        //echo "[ ".($offset+1)." - $pageEnd of $reportCount ] | ";
        //if($next < $last) {
        //   echo "<a href='reports.php?offset=$next".$url_allres.$url_filter."' class='pager'>| "._("Next")." &gt;</a> | ";
        //}
        //echo "<a href='reports.php?offset=$last".$url_allres.$url_filter."' class='pager'> "._("Last")." &gt;&gt;</a></p>";
    } else {
        // get the search result count
        $queryc = "SELECT count( report_id ) FROM vuln_nessus_reports WHERE t1.deleted = '0' ";
        $scount = $dbconn->GetOne($queryc . $queryw);
        echo "<p>{$scount} report";
        if ($scount != 1) {
            echo "s";
        } else {
        }
        echo " " . _("found matching search criteria") . " | ";
        echo " <a href='reports.php' alt='" . _("View All Reports") . "'>" . _("View All Reports") . "</a></p>";
    }
    echo "<p>";
    echo $stext;
    echo "</p>";
    echo "</td></tr></table>";
    // get the hosts to display
    //print_r($querys.$queryw.$queryl);
    $result = $dbconn->GetArray($querys . $queryw . $queryl);
    //echo "[$querys$queryw$queryl]";
    if ($result === false) {
        $errMsg[] = _("Error getting results") . ": " . $dbconn->ErrorMsg();
        $error++;
        dispSQLError($errMsg, $error);
    } else {
        $tdata = array();
        foreach ($result as $data) {
            $data['vSerious'] = 0;
            $data['vHigh'] = 0;
            $data['vMed'] = 0;
            $data['vLow'] = 0;
            $data['vInfo'] = 0;
            // query for reports for each IP
            $query_risk = "SELECT distinct risk, port, protocol, app, scriptid, msg, hostIP FROM vuln_nessus_results WHERE report_id = " . $data['report_id'];
            $query_risk .= " AND falsepositive='N'";
            $result_risk = $dbconn->Execute($query_risk);
            while (!$result_risk->EOF) {
                if ($result_risk->fields["risk"] == 7) {
                    $data['vInfo']++;
                } else {
                    if ($result_risk->fields["risk"] == 6) {
                        $data['vLow']++;
                    } else {
                        if ($result_risk->fields["risk"] == 3) {
                            $data['vMed']++;
                        } else {
                            if ($result_risk->fields["risk"] == 2) {
                                $data['vHigh']++;
                            } else {
                                if ($result_risk->fields["risk"] == 1) {
                                    $data['vSerious']++;
                                }
                            }
                        }
                    }
                }
                $result_risk->MoveNext();
            }
            $more = "&hmenu=Vulnerabilities&smenu=Vulnerabilities";
            $data['clink'] = "respdfc.php?scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . "&key=" . $data['report_key'] . $more;
            $data['plink'] = "respdf.php?scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . "&key=" . $data['report_key'] . $more;
            $data['hlink'] = "reshtml.php?hmenu=Vulnerabilities&smenu=Reports&disp=html&amp;output=full&scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'];
            $data['rerun'] = "sched.php?disp=rerun&job_id=" . $data['jobid'] . $more;
            $data['xlink'] = "rescsv.php?scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . "&key=" . $data['report_key'] . $more;
            $data['xbase'] = "restextsummary.php?scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . $more . "&key=" . $data['report_key'];
            /*
                                                $data['vSerious'] = "<a href=\"respdf.php?scantime=".$data['scantime']."&scantype=".$data['scantype']
                                                ."&key=".$data['report_key']."&critical=1\">".$data['vSerious']."</a>";
                                                $data['vHigh'] = "<a href=\"respdf.php?scantime=".$data['scantime']."&scantype=".$data['scantype']
                                                ."&key=".$data['report_key']."&critical=2\">".$data['vHigh']."</a>";
                                                $data['vMed'] = "<a href=\"respdf.php?scantime=".$data['scantime']."&scantype=".$data['scantype']
                                                ."&key=".$data['report_key']."&critical=3\">".$data['vMed']."</a>";
                                                $data['vLow'] = "<a href=\"respdf.php?scantime=".$data['scantime']."&scantype=".$data['scantype']
                                                ."&key=".$data['report_key']."&critical=6\">".$data['vLow']."</a>";	
                                                $data['vInfo'] = "<a href=\"respdf.php?scantime=".$data['scantime']."&scantype=".$data['scantype']
                                                ."&key=".$data['report_key']."&critical=7\">".$data['vInfo']."</a>";*/
            //$data['vSerious'] = $data['vSerious'];
            //$data['vHigh'] = $data['vHigh'];
            //$data['vMed'] = $data['vMed'];
            //$data['vLow'] = $data['vLow'];
            //$data['vInfo'] = $data['vInfo'];
            //$data['scan_submit'] = $data['scan_submit'];
            $list = array();
            if ($data["report_type"] == "I") {
                $result = $dbconn->execute("SELECT DISTINCT hostIP FROM vuln_nessus_results WHERE report_id =" . $data['report_id']);
                while (!$result->EOF) {
                    $list[] = $result->fields["hostIP"];
                    $result->MoveNext();
                }
            } else {
                $list = explode("\n", trim($data['meth_target']));
            }
            //var_dump($list);
            if (count($list) == 1) {
                $list[0] = trim($list[0]);
                if ($list[0] != "") {
                    if ($hosts[$list[0]] != "" && $hosts[$list[0]] != $list[0]) {
                        $data['target'] = $hosts[$list[0]] . " (" . $list[0] . ")";
                    } else {
                        $data['target'] = $list[0];
                    }
                } else {
                    $data['target'] = "-";
                }
            } elseif (count($list) == 2) {
                $list[0] = trim($list[0]);
                if ($hosts[$list[0]] != "" && $hosts[$list[0]] != $list[0]) {
                    $list[0] = $hosts[$list[0]] . " (" . $list[0] . ")";
                }
                $list[1] = trim($list[1]);
                if ($hosts[$list[1]] != "" && $hosts[$list[1]] != $list[1]) {
                    $list[1] = $hosts[$list[1]] . " (" . $list[1] . ")";
                }
                $data['target'] = $list[0] . ' ' . $list[1];
            } else {
                $list[0] = trim($list[0]);
                if ($hosts[$list[0]] != "" && $hosts[$list[0]] != $list[0]) {
                    $list[0] = $hosts[$list[0]] . " (" . $list[0] . ")";
                }
                $list[count($list) - 1] = trim($list[count($list) - 1]);
                if ($hosts[$list[count($list) - 1]] != "" && $hosts[$list[count($list) - 1]] != $list[count($list) - 1]) {
                    $list[count($list) - 1] = $hosts[$list[count($list) - 1]] . " (" . $list[count($list) - 1] . ")";
                }
                $data['target'] = $list[0] . " ... " . $list[count($list) - 1];
            }
            if ($data["report_type"] == "I") {
                $data["jobname"] = $data["report_name"];
            }
            $tdata[] = $data;
        }
        if ($sortdir == "ASC") {
            $sortdir = "DESC";
        } else {
            $sortdir = "ASC";
        }
        $url = $_SERVER['SCRIPT_NAME'] . "?offset={$offset}&sortby=%var%&sortdir={$sortdir}" . $url_allres . $url_filter;
        $fieldMapLinks = array();
        $fieldMapLinks = array(gettext("HTML Results") => array('url' => '%param%', 'param' => 'hlink', 'target' => 'main', 'icon' => 'images/html.png'), gettext("PDF Results") => array('url' => '%param%', 'param' => 'plink', 'target' => '_blank', 'icon' => 'images/pdf.png'), gettext("EXCEL Results") => array('url' => '%param%', 'param' => 'xlink', 'target' => '_blank', 'icon' => 'images/page_white_excel.png'));
        $fieldMap = array("Date/Time" => array('var' => 'scantime', 'link' => $url), "Job Name" => array('var' => 'jobname', 'link' => $url), "Targets" => array('var' => 'target', 'link' => $url), "Profile" => array('var' => 'profile', 'link' => $url), "Serious" => array('var' => 'vSerious', 'link' => $url), "High" => array('var' => 'vHigh', 'link' => $url), "Medium" => array('var' => 'vMed', 'link' => $url), "Low" => array('var' => 'vLow', 'link' => $url), "Info" => array('var' => 'vInfo', 'link' => $url), "Links" => $fieldMapLinks);
        drawTable($fieldMap, $tdata, "Hosts");
    }
    // draw the pager again, if viewing all hosts
    if (!$filteredView && $last != 0) {
        echo "<p align=center>\n<a href=\"reports.php?offset=0" . $url_allres . $url_filter . "\" class=\"pager\">&lt&lt " . _("First") . "</a>\n<a href=\"reports.php?offset={$previous}" . $url_allres . $url_filter . "\" class=\"pager\">&lt " . _("Previous") . " </a>";
        echo "&nbsp;&nbsp;&nbsp;[ " . ($offset + 1) . " - {$pageEnd} " . _("of") . " {$reportCount} ]&nbsp;&nbsp;&nbsp;";
        echo "<a href=\"reports.php?offset={$next}" . $url_allres . $url_filter . "\" class=\"pager\"> " . _("Next") . " &gt;</a>\n<a href=\"reports.php?offset={$last}" . $url_allres . $url_filter . "\" class=\"pager\"> " . _("Last") . " &gt;&gt;</a>\n</p>";
    } else {
        echo "<br>";
    }
}
Example #4
0
function list_results($type, $value, $sortby, $sortdir)
{
    global $scanstate, $isReportAdmin, $allres, $offset, $pageSize, $username, $uroles, $dbconn, $hosts;
    global $user, $arruser, $delete_selected;
    $filteredView = FALSE;
    $selRadio = array("", "", "", "");
    $query_onlyuser = "";
    $url_filter = "";
    //if (!$isReportAdmin || (!$allres)) { $query_onlyuser="******"; }
    if (!in_array("admin", $arruser)) {
        $query_onlyuser = "******";
    }
    //echo $query_onlyuser;
    //if ($sortby == "" ) { $sortby = "scantime"; }
    //if ($sortdir == "" ) { $sortdir = "DESC"; }
    $sortby = "t1.results_sent DESC, t1.name DESC";
    //$sortdir = "DESC";
    $sortdir = "";
    $queryw = "";
    $queryl = "";
    //$querys="SELECT distinct t1.report_id, t1.name as jobname, t4.meth_target, t1.scantime,
    //   t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t3.name as profile, t4.id as jobid, t4.meth_SCHED,
    //   t5.vSerious, t5.vHigh, t5.vMed, t5.vLow, t5.vInfo
    //      FROM vuln_nessus_latest_reports t1
    //   LEFT JOIN vuln_nessus_settings t3 ON t1.sid=t3.id
    //   LEFT JOIN vuln_jobs t4 on t1.report_id = t4.report_id
    //   LEFT JOIN vuln_nessus_report_stats t5 on t1.report_id = t5.report_id
    //      WHERE t1.deleted = '0' ";
    //  $querys="SELECT distinct t1.report_id, t4.name as jobname, t4.scan_submit, t4.meth_target, t1.scantime,
    // t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t3.name as profile, t4.id as jobid, t4.meth_SCHED,
    // t5.vSerious, t5.vHigh, t5.vMed, t5.vLow, t5.vInfo
    // FROM vuln_nessus_latest_reports t1
    // LEFT JOIN vuln_nessus_settings t3 ON t1.sid=t3.id
    // LEFT JOIN vuln_jobs t4 on t1.report_id = t4.report_id
    // LEFT JOIN vuln_nessus_report_stats t5 on t1.report_id = t5.report_id
    // WHERE t1.deleted = '0' ";
    /*$querys="SELECT distinct t1.report_id, t1.scantime,
      t1.username, t1.scantype, t1.report_key, t1.report_type as report_type,
      t3.name as profile, '0' as vSerious, '0' as High, '0' as vMed, '0' as vLow, '0' as vInfo
      FROM vuln_nessus_latest_reports t1
      LEFT JOIN vuln_nessus_settings t3 ON t1.sid=t3.id
      WHERE t1.deleted = '0' ";*/
    $querys = "SELECT distinct t1.report_id, t4.hostname as host_name, t1.scantime,\n     t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t1.sid,\n     t3.name as profile\n     FROM vuln_nessus_latest_reports t1\n     LEFT JOIN vuln_nessus_settings t3 ON t1.sid=t3.id\n     LEFT JOIN host t4 ON t4.ip=inet_ntoa(t1.report_id)\n     LEFT JOIN vuln_nessus_latest_results t5 ON t1.report_id=t5.report_id \n     WHERE t1.deleted = '0' ";
    // set up the SQL query based on the search form input (if any)
    if ($type == "scantime" && $value != "") {
        $selRadio[0] = "CHECKED";
        $q = $value;
        $queryw = " AND t1.scantime LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
        $queryl = " limit {$offset},{$pageSize}";
        $stext = "<b>" . _("Search for Date/Time") . "</b> = '*{$q}*'";
        $url_filter = "&type={$type}&value={$value}";
    } else {
        if ($type == "service" && $value != "") {
            $selRadio[5] = "CHECKED";
            $q = $value;
            $queryw = " AND t5.service LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
            $queryl = " limit {$offset},{$pageSize}";
            $stext = "<b>" . _("Search for Service") . "</b> = '*" . html_entity_decode($q) . "*'";
            $url_filter = "&type={$type}&value={$value}";
        } else {
            if ($type == "freetext" && $value != "") {
                $selRadio[6] = "CHECKED";
                $q = $value;
                $queryw = " AND t5.msg LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
                $queryl = " limit {$offset},{$pageSize}";
                $stext = "<b>" . _("Search for Free Text") . "</b> = '*" . html_entity_decode($q) . "*'";
                $url_filter = "&type={$type}&value={$value}";
            } else {
                if ($type == "hostip" && $value != "") {
                    $selRadio[1] = "CHECKED";
                    $q = strtolower($value);
                    $queryw = " AND (t4.hostname LIKE '%{$q}%' OR inet_ntoa(t1.report_id) LIKE '%{$q}%') {$query_onlyuser} order by {$sortby} {$sortdir}";
                    $queryl = " limit {$offset},{$pageSize}";
                    $stext = "<b>" . _("Search for Host-IP") . "</b> = '*{$q}*'";
                    $url_filter = "&type={$type}&value={$value}";
                } else {
                    if ($type == "fk_name" && $value != "") {
                        $selRadio[2] = "CHECKED";
                        $q = strtolower($value);
                        $queryw = " AND t1.fk_name LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
                        $queryl = " limit {$offset},{$pageSize}";
                        $stext = _("Search for Subnet/CIDR") . " = '*{$q}*'";
                        $url_filter = "&type={$type}&value={$value}";
                    } else {
                        if ($type == "username" && $value != "") {
                            $selRadio[3] = "CHECKED";
                            $q = strtolower($value);
                            $queryw = " AND t1.username LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
                            $queryl = " limit {$offset},{$pageSize}";
                            $stext = "<b>" . _("Search for user") . "</b> = '*{$q}*'";
                            $url_filter = "&type={$type}&value={$value}";
                        } else {
                            if ($type == "hn" && $value != "") {
                                $selRadio[4] = "CHECKED";
                                if (preg_match("/\\//", $value)) {
                                    /*$tokens = explode("/", $value);
                                              $bytes = explode(".",$tokens[0]);
                                    
                                              if($tokens[1]=="24")
                                                    $q = $bytes[0].".".$bytes[1].".".$bytes[2].".";
                                              else if ($tokens[1]=="16")
                                                    $q = $bytes[0].".".$bytes[1].".";
                                              else if ($tokens[1]=="8")
                                                    $q = $bytes[0].".";
                                              else if ((int)$tokens[1]>24)
                                                    $q = $bytes[0].".".$bytes[1].".".$bytes[2].".".$bytes[3];
                                              //
                                              */
                                    $ip_range = array();
                                    $ip_range = CIDR::expand_CIDR($value, "SHORT");
                                    $queryw = " AND (inet_aton(t1.name) >= '" . $ip_range[0] . "' AND inet_aton(t1.name) <='" . $ip_range[1] . "') {$query_onlyuser} order by {$sortby} {$sortdir}";
                                } elseif (preg_match("/\\,/", $value)) {
                                    $q = implode("','", explode(",", $value));
                                    $queryw = " AND t1.name in ('{$q}') {$query_onlyuser} order by {$sortby} {$sortdir}";
                                    $q = "Others";
                                } else {
                                    $q = $value;
                                    $queryw = " AND t1.name LIKE '{$q}' {$query_onlyuser} order by {$sortby} {$sortdir}";
                                }
                                $queryl = " limit {$offset},{$pageSize}";
                                if (!preg_match("/\\//", $value)) {
                                    $stext = "<b>" . _("Search for Host") . "</b> = '" . html_entity_decode($q) . "'";
                                } else {
                                    $stext = "<b>" . _("Search for Subnet/CIDR") . "</b> = '{$value}'";
                                }
                                $url_filter = "&type={$type}&value={$value}";
                            } else {
                                $selRadio[4] = "CHECKED";
                                $viewAll = FALSE;
                                $queryw = "{$query_onlyuser} order by {$sortby} {$sortdir}";
                                $queryl = " limit {$offset},{$pageSize}";
                                $stext = "";
                            }
                        }
                    }
                }
            }
        }
    }
    // put link to add new host
    //   if ($isReportAdmin) {
    //      $url_allres="&allres=";
    //      if ($allres=="" || !is_numeric($allres) || (!$allres)) {
    //         $allres=0;
    //         echo "<a href='results.php?offset=0".$url_allres."1'>Show all results</a><br>";
    //      } else {
    //         $allres=1;
    //         echo "<a href='results.php?offset=0".$url_allres."0'>Display only my Results</a><br>";
    //      }
    //      $url_allres .="$allres";
    //   }
    // echo the search criteria used
    // set up the pager and search fields if viewing all hosts
    $reportCount = 0;
    if (!$filteredView) {
        //$queryc = "SELECT count(report_id) FROM vuln_nessus_latest_reports t1 WHERE 1=1 ";
        $queryc = "SELECT SQL_CALC_FOUND_ROWS distinct t1.report_id, t4.hostname as host_name, t1.scantime,\n                t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t1.sid,\n                t3.name as profile\n                FROM vuln_nessus_latest_reports t1\n                LEFT JOIN vuln_nessus_settings t3 ON t1.sid=t3.id\n                LEFT JOIN host t4 ON t4.ip=inet_ntoa(t1.report_id)" . ($type == "service" || $type == "freetext" ? " LEFT JOIN vuln_nessus_latest_results t5 ON t1.report_id=t5.report_id " : " ") . "WHERE t1.deleted = '0' ";
        $dbconn->Execute($queryc . $queryw);
        $reportCount = $dbconn->GetOne("SELECT FOUND_ROWS() as total");
        $previous = $offset - $pageSize;
        if ($previous < 0) {
            $previous = 0;
        }
        $last = intval($reportCount / $pageSize) * $pageSize;
        if ($last < 0) {
            $last = 0;
        }
        $next = $offset + $pageSize;
        /*if ($next < $last) {
            $last = $next;
          }*/
        $pageEnd = $offset + $pageSize;
        $value = html_entity_decode($value);
        echo "<center><table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"900\"><tr><td class=\"headerpr\" style=\"border:0;\">" . _("Current Vulnerablities") . "</td></tr></table>";
        //echo "<p>There are $reportCount scans defined in the system.";
        // output the search form
        echo "<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"900\">";
        echo "<tr><td style=\"padding-top:5px;\" class=\"nobborder\">";
        echo <<<EOT
<center>
<form name="hostSearch" id="hostSearch" action="index.php" method="GET">
<input type="text" length="25" name="value" class="assets" id="assets" value="{$value}">
EOT;
        echo "\n<!--<input type=\"radio\" name=\"type\" value=\"scantime\" {$selRadio['0']}>" . _("Date") . "/" . _("Time") . "-->\n<!--<input type=\"radio\" name=\"type\" value=\"hostip\" {$selRadio['1']}>" . _("Host - IP") . "-->\n<!--<input type=\"radio\" name=\"type\" value=\"fk_name\" {$selRadio['2']}>Subnet Name-->\n<input type=\"radio\" name=\"type\" value=\"service\" {$selRadio['5']}>" . _("Service") . "\n<input type=\"radio\" name=\"type\" value=\"freetext\" {$selRadio['6']}>" . _("Free text") . "\n<input type=\"radio\" name=\"type\" value=\"hn\" {$selRadio['4']}>" . _("Host/Net") . "\n<!--<input type=\"radio\" name=\"type\" value=\"username\" {$selRadio['3']}>Username-->\n";
        /*     echo <<<EOT
        <input type="hidden" name="sortby" value="$sortby">
        <input type="hidden" name="allres" value="$allres">
        <input type="hidden" name="op" value="search">&nbsp;&nbsp;&nbsp;
        EOT;*/
        echo '<input type="hidden" name="withoutmenu" value="' . GET('withoutmenu') . '">';
        echo "<input type=\"submit\" name=\"submit\" value=\"" . _("Find") . "\" class=\"button\" style=\"margin-left:15px;\">";
        if (Session::am_i_admin() && (GET("submit") != "" || GET("type") != "") && GET("value") != "") {
            echo "<input style=\"margin-left:5px;\" type=\"button\" value=\"" . _("Delete selection") . "\" onclick=\"deleteSelected(this.form)\" class=\"button\">";
        }
        echo <<<EOT
</form>
</center>
</p>
EOT;
        // output the pager
        //echo "<p align=center><a href='index.php?offset=0".$url_allres.$url_filter."' class='pager'>&lt&lt "._("First")."</a> | ";
        //if($offset != 0) {
        //   echo "<a href='index.php?offset=$previous".$url_allres.$url_filter."' class='pager'>&lt "._("Previous")." </a> | ";
        //}
        //if($pageEnd >= $reportCount) { $pageEnd = $reportCount; }
        //echo "[ ".($offset+1)." - $pageEnd of $reportCount ] | ";
        //if($next < $last) {
        //   echo "<a href='index.php?offset=$next".$url_allres.$url_filter."' class='pager'>| "._("Next")." &gt;</a> | ";
        //}
        //echo "<a href='index.php?offset=$last".$url_allres.$url_filter."' class='pager'> "._("Last")." &gt;&gt;</a></p>";
    } else {
        // get the search result count
        $queryc = "SELECT count( report_id ) FROM vuln_nessus_latest_reports WHERE t1.deleted = '0' ";
        $scount = $dbconn->GetOne($queryc . $queryw);
        echo "<p>{$scount} report";
        if ($scount != 1) {
            echo "s";
        } else {
        }
        echo " " . _("found matching search criteria") . " | ";
        echo " <a href='index.php' alt='" . _("View All Reports") . "'>" . _("View All Reports") . "</a></p>";
    }
    echo "<p>";
    echo $stext;
    echo "</p>";
    echo "</td></tr></table>";
    // get the hosts to display
    $result = $dbconn->GetArray($querys . $queryw . $queryl);
    $delete_ids = array();
    foreach ($result as $rpt) {
        $delete_ids[] = $dreport_id = $rpt["report_id"];
    }
    $_SESSION["_dreport_ids"] = implode(",", $delete_ids);
    /*   if ($delete_selected!="") { // delete selected current vulns from latest tables defore display
            foreach ($result as $rpt) {
                $dreport_id = $rpt["report_id"];
    
                $query = "DELETE FROM vuln_nessus_latest_reports WHERE report_id=$dreport_id";
                $result=$dbconn->execute($query);
                
                $query = "DELETE FROM vuln_nessus_latest_results WHERE report_id=$dreport_id";
                $result=$dbconn->execute($query);
            }
        ?>
        <script type="text/javascript">
        //    document.location.href='index.php';
        </script>
        <?php
       }
    */
    //echo "[$querys$queryw$queryl]";
    if ($result === false) {
        $errMsg[] = _("Error getting results") . ": " . $dbconn->ErrorMsg();
        $error++;
        dispSQLError($errMsg, $error);
    } else {
        $data['vInfo'] = 0;
        $data['vLow'] = 0;
        $data['vMed'] = 0;
        $data['vHigh'] = 0;
        $data['vSerious'] = 0;
        $queryt = "SELECT count(*) AS total, risk, hostIP FROM (\n                    SELECT DISTINCT port, protocol, app, scriptid, msg, risk, hostIP\n                    FROM vuln_nessus_latest_results where falsepositive='N'" . (in_array("admin", $arruser) ? "" : " and username in ('" . $user . "')") . ") AS t GROUP BY risk, hostIP";
        //echo "$queryt<br>";
        $resultt = $dbconn->Execute($queryt);
        while (list($riskcount, $risk, $hostIP) = $resultt->fields) {
            if ($risk == 7) {
                $data['vInfo'] += $riskcount;
            } else {
                if ($risk == 6) {
                    $data['vLow'] += $riskcount;
                } else {
                    if ($risk == 3) {
                        $data['vMed'] += $riskcount;
                    } else {
                        if ($risk == 2) {
                            $data['vHigh'] += $riskcount;
                        } else {
                            if ($risk == 1) {
                                $data['vSerious'] += $riskcount;
                            }
                        }
                    }
                }
            }
            $resultt->MoveNext();
        }
        if ($data['vInfo'] == 0 && $data['vLow'] == 0 && $data['vMed'] == 0 && $data['vHigh'] == 0 && $data['vSerious'] == 0) {
            $tdata[] = array("report_id" => "All", "host_name" => "", "scantime" => "", "username" => "", "scantype" => "", "report_key" => "", "report_type" => "", "sid" => "", "profile" => "", "hlink" => "", "plink" => "", "xlink" => "", "vSerious" => $data['vSerious'], "vHigh" => $data['vHigh'], "vMed" => $data['vMed'], "vLow" => $data['vLow'], "vInfo" => $data['vInfo']);
        } else {
            $tdata[] = array("report_id" => "All", "host_name" => "", "scantime" => "", "username" => "", "scantype" => "", "report_key" => "", "report_type" => "", "sid" => "", "profile" => "", "hlink" => "reshtml.php?ipl=all&disp=html&output=full&scantype=M", "plink" => "respdf.php?ipl=all&scantype=M", "xlink" => "rescsv.php?ipl=all&scantype=M", "dlink" => "", "vSerious" => $data['vSerious'], "vHigh" => $data['vHigh'], "vMed" => $data['vMed'], "vLow" => $data['vLow'], "vInfo" => $data['vInfo']);
        }
        foreach ($result as $data) {
            $data['vSerious'] = 0;
            $data['vHigh'] = 0;
            $data['vMed'] = 0;
            $data['vLow'] = 0;
            $data['vInfo'] = 0;
            // query for reports for each IP
            $query_risk = "SELECT distinct risk, port, protocol, app, scriptid, msg, hostIP FROM vuln_nessus_latest_results WHERE report_id = " . $data['report_id'];
            $query_risk .= " AND username = '******'username'] . "' AND sid =" . $data['sid'] . " AND falsepositive='N'";
            //echo "[$query_risk]<br>";
            $result_risk = $dbconn->Execute($query_risk);
            while (!$result_risk->EOF) {
                if ($result_risk->fields["risk"] == 7) {
                    $data['vInfo']++;
                } else {
                    if ($result_risk->fields["risk"] == 6) {
                        $data['vLow']++;
                    } else {
                        if ($result_risk->fields["risk"] == 3) {
                            $data['vMed']++;
                        } else {
                            if ($result_risk->fields["risk"] == 2) {
                                $data['vHigh']++;
                            } else {
                                if ($result_risk->fields["risk"] == 1) {
                                    $data['vSerious']++;
                                }
                            }
                        }
                    }
                }
                $result_risk->MoveNext();
            }
            $more = "&hmenu=Vulnerabilities&smenu=Vulnerabilities";
            $data['clink'] = "respdfc.php?scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . "&key=" . $data['report_key'] . $more;
            $data['plink'] = "respdf.php?treport=latest&scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . "&key=" . $data['report_key'] . $more;
            $data['hlink'] = "reshtml.php?treport=latest&key=" . $data['report_key'] . "&disp=html&output=full&scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . $more;
            $data['rerun'] = "sched.php?disp=rerun&job_id=" . $data['jobid'] . $more;
            $data['xlink'] = "rescsv.php?treport=latest&scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . "&key=" . $data['report_key'] . $more;
            $data['xbase'] = "restextsummary.php?scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . $more . "&key=" . $data['report_key'];
            if (Session::am_i_admin()) {
                $data['dlink'] = "index.php?delete=" . $data['report_key'] . "&scantime=" . $data['scantime'];
            }
            /*
                                                $data['vSerious'] = "<a href=\"respdf.php?scantime=".$data['scantime']."&scantype=".$data['scantype']
                                                ."&key=".$data['report_key']."&critical=1\">".$data['vSerious']."</a>";
                                                $data['vHigh'] = "<a href=\"respdf.php?scantime=".$data['scantime']."&scantype=".$data['scantype']
                                                ."&key=".$data['report_key']."&critical=2\">".$data['vHigh']."</a>";
                                                $data['vMed'] = "<a href=\"respdf.php?scantime=".$data['scantime']."&scantype=".$data['scantype']
                                                ."&key=".$data['report_key']."&critical=3\">".$data['vMed']."</a>";
                                                $data['vLow'] = "<a href=\"respdf.php?scantime=".$data['scantime']."&scantype=".$data['scantype']
                                                ."&key=".$data['report_key']."&critical=6\">".$data['vLow']."</a>";	
                                                $data['vInfo'] = "<a href=\"respdf.php?scantime=".$data['scantime']."&scantype=".$data['scantype']
                                                ."&key=".$data['report_key']."&critical=7\">".$data['vInfo']."</a>";*/
            //$data['vSerious'] = $data['vSerious'];
            //$data['vHigh'] = $data['vHigh'];
            //$data['vMed'] = $data['vMed'];
            //$data['vLow'] = $data['vLow'];
            //$data['vInfo'] = $data['vInfo'];
            //$data['scan_submit'] = $data['scan_submit'];
            $list = explode("\n", trim($data['meth_target']));
            if (count($list) == 1) {
                $list[0] = trim($list[0]);
                if ($list[0] != "") {
                    if ($hosts[$list[0]] != "" && $hosts[$list[0]] != $list[0]) {
                        $data['target'] = $hosts[$list[0]] . " (" . $list[0] . ")";
                    } else {
                        $data['target'] = $list[0];
                    }
                } else {
                    $data['target'] = "-";
                }
            } elseif (count($list) == 2) {
                $list[0] = trim($list[0]);
                if ($hosts[$list[0]] != "" && $hosts[$list[0]] != $list[0]) {
                    $list[0] = $hosts[$list[0]] . " (" . $list[0] . ")";
                }
                $list[1] = trim($list[1]);
                if ($hosts[$list[1]] != "" && $hosts[$list[1]] != $list[1]) {
                    $list[1] = $hosts[$list[1]] . " (" . $list[1] . ")";
                }
                $data['target'] = $list[0] . ' ' . $list[1];
            } else {
                $list[0] = trim($list[0]);
                if ($hosts[$list[0]] != "" && $hosts[$list[0]] != $list[0]) {
                    $list[0] = $hosts[$list[0]] . " (" . $list[0] . ")";
                }
                $list[count($list) - 1] = trim($list[count($list) - 1]);
                if ($hosts[$list[count($list) - 1]] != "" && $hosts[$list[count($list) - 1]] != $list[count($list) - 1]) {
                    $list[count($list) - 1] = $hosts[$list[count($list) - 1]] . " (" . $list[count($list) - 1] . ")";
                }
                $data['target'] = $list[0] . " ... " . $list[count($list) - 1];
            }
            $tdata[] = $data;
        }
        if ($sortdir == "ASC") {
            $sortdir = "DESC";
        } else {
            $sortdir = "ASC";
        }
        $url = $_SERVER['SCRIPT_NAME'] . "?offset={$offset}&sortby=%var%&sortdir={$sortdir}" . $url_allres . $url_filter;
        $fieldMapLinks = array();
        $fieldMapLinks = array(gettext("HTML Results") => array('url' => '%param%', 'param' => 'hlink', 'target' => 'main', 'icon' => 'images/html.png'), gettext("PDF Results") => array('url' => '%param%', 'param' => 'plink', 'target' => '_blank', 'icon' => 'images/pdf.png'), gettext("EXCEL Results") => array('url' => '%param%', 'param' => 'xlink', 'target' => '_blank', 'icon' => 'images/page_white_excel.png'));
        if (Session::am_i_admin()) {
            $fieldMapLinks["DELETE Results"] = array('url' => '%param%', 'param' => 'dlink', 'target' => 'main', 'icon' => 'images/delete.gif');
        }
        $fieldMap = array("Host - IP" => array('var' => 'hostip'), "Date/Time" => array('var' => 'scantime'), "Profile" => array('var' => 'profile'), "Serious" => array('var' => 'vSerious'), "High" => array('var' => 'vHigh'), "Medium" => array('var' => 'vMed'), "Low" => array('var' => 'vLow'), "Info" => array('var' => 'vInfo'), "Links" => $fieldMapLinks);
        if (count($tdata) > 1) {
            drawTableLatest($fieldMap, $tdata, "Hosts");
        } else {
            echo "<br><b>" . _("No results found: ") . "<a href='sched.php?smethod=schedule&hosts_alive=1&scan_locally=1'>" . _("Click here to run a Vulnerability Scan now") . "</a><br><br></b>";
        }
    }
    // draw the pager again, if viewing all hosts
    if (!$filteredView && $reportCount > 10) {
        echo "<p align=center>\n<a href=\"index.php?offset=0" . $url_allres . $url_filter . "\" class=\"pager\">&lt&lt " . _("First") . "</a>\n<a href=\"index.php?offset={$previous}" . $url_allres . $url_filter . "\" class=\"pager\">&lt " . _("Previous") . " </a>";
        echo "&nbsp;&nbsp;&nbsp;[ " . ($offset + 1) . " - {$pageEnd} " . _("of") . " {$reportCount} ]&nbsp;&nbsp;&nbsp;";
        if ($reportCount > $pageEnd) {
            echo "<a href=\"index.php?offset={$next}" . $url_allres . $url_filter . "\" class=\"pager\"> " . _("Next") . " &gt;</a>\n    <a href=\"index.php?offset={$last}" . $url_allres . $url_filter . "\" class=\"pager\"> " . _("Last") . " &gt;&gt;</a>";
        }
        echo "</p>";
    }
}
Example #5
0
 $sq = "SELECT distinct settingSection\n          FROM vuln_settings\n          ORDER BY settingSection";
 $result = $dbconn->GetArray($sq);
 $query = "SELECT *\n           FROM vuln_settings \n           WHERE settingSection = ?";
 $stmt = $dbconn->Prepare($query);
 if ($result === false) {
     $errMsg[] = _("SQL Error getting settingSections") . ": " . $dbconn->ErrorMsg();
     dispSQLError($errMsg, 1);
 } else {
     echo "<form>";
     $i = 0;
     $numSections = count($result) - 1;
     foreach ($result as $section) {
         $result2 = $dbconn->GetArray($stmt, array($section['settingSection']));
         if ($result2 === false) {
             $errMsg[] = _("SQL Error getting data") . ": " . $dbconn->ErrorMsg();
             dispSQLError($errMsg, 1);
         } else {
             if ($settingTabs != "") {
                 $settingTabs .= "";
             }
             if ($section['settingSection'] == "Subnets" && $enableSub == "0") {
             } elseif ($section['settingSection'] != "Compliance" && $section['settingSection'] != "Lists" && $section['settingSection'] != "Mail") {
                 $settingTabs .= "<input id=\"b{$i}\" type=\"button\" onClick=\"showDivSettings({$i}, 'section',{$numSections});return false;\" value=\"" . $section['settingSection'] . "\" class=\"" . ($section['settingSection'] == "Auth" ? "buttonon" : "button") . "\">&nbsp;&nbsp;";
             }
             $settingContent .= createHiddenDiv($section['settingSection'], $i, $result2);
             $i++;
         }
     }
     echo "</form>";
 }
 echo "<div>";