public function checkEmail($email) { $exists = false; try { $sql = $this->db->prepare("\n\t\t\t\tSELECT email \n\t\t\t\tFROM users\n\t\t\t\tWHERE email = :email\n\t\t\t"); $sql->bindParam(":email", $email); $sql->execute(); $result = $sql->fetchAll(PDO::FETCH_OBJ); if (count($result) > 0) { $exists = true; } } catch (PDOException $e) { errormsg($e->getMessage()); } return $exists; }
public function run($rules = '') { echo 'RBAC'; exit; $this->Module = $rules['Module']; $this->Controller = $rules['Controller']; $this->Action = $rules['Action']; $this->p = []; //是否在需要验证的范围内 如果是false 直接跳过 $this->Actionin = empty($rules['behaviors']['access']['only']) ? true : in_array($this->Action, $rules['behaviors']['access']['only']) ? ture : false; //$this->Bmarch($rules['rules']['access'])->Umarch($rules['behaviors']['access']);; //基础行为匹配 $pary = $this->Umarch($rules['behaviors']['access']['rules'])->Get(); //基础行为匹配 if ($pary['deny']) { errormsg('用户权限不足'); } //==================================================== return true; }
public function get($key = '') { if ($key == 'debug.show') { return $this->show(); } if ($key == 'debug.display') { return $this->display(); } if (!$key) { errormsg('Error::Geter is not permit empty!!'); } $mc = explode('.', $key); $c = $mc[0] ?: ''; $c = ucfirst(strtolower($c)); //首字母大写 $a = $mc[1] ?: 'index'; $p = $mc[2] ?: ''; //=========================================================== //范围 $fw = $this->Config['FW'] ?: []; if (!in_array($c, $fw)) { errormsg('Error::out of Geter limit!'); } //超出范围 //=========================================================== $class = $this->getClass($c); //=========================================================== $methodfw = $class->show(); array_push($methodfw, 'show', 'ds', 'index'); //=========================================================== if (!in_array($a, $methodfw)) { errormsg('Error::out of Geter Method limit!'); } //超出范围 return $class->{$a}($p); }
<?php include_once "db_connect.php"; include_once "ldap_connect.php"; include_once "functions.php"; sec_session_start(); if (isset($_POST['username'], $_POST['password'])) { $username = $_POST['username']; $password = $_POST['password']; if (login($username, $password, $adldap, $mysqli) == true) { // Login success gohome(); } else { // Login failed, incorrect details errormsg('login failed'); } } elseif (!$_POST) { echo "\n\t<div class='panel panel-primary'>\n\t <div class='panel-heading center'>\n\t\t<h1 class='panel-title'>" . SITE_TITLE . " -- Login</h1>\n\t </div>\n\t</div>\n <form class='form-signin' action='" . SITE_URL . "/?do=login' method='post' name='login'>\n <h2 class='form-signin-heading'>Please sign in</h2>\n <label for='username' class='sr-only'>Username</label>\n <input type='text' id='username' name='username' class='form-control' placeholder='Username'/>\n <label for='password' class='sr-only'>Password</label>\n <input type='password' id='password' name='password' class='form-control' placeholder='Password'/>\n <button class='btn large primary btn-block' type='submit'>Sign in</button>\n </form>\n\t"; }
require_once "reqs/pdo.php"; require_once "reqs/auth.php"; $username = param($_POST, 'username', ''); $password = param($_POST, 'password', ''); if (empty($username)) { errormsg("Username required."); } if (empty($password)) { errormsg("Password required."); } $dbh = new PDB(); $db = $dbh->db; $site = new Site($db); $hashed = $site->hasher($username, $password); try { $st = $db->prepare("\n\t\tSELECT id, teamID, user_n, first_name, last_name FROM users WHERE user_n = :user AND user_p = :pass\n\t"); $st->bindParam(":user", $username); $st->bindParam(":pass", $hashed["hash"]); $st->execute(); } catch (PDOException $e) { errormsg($e->getMessage()); } $st->setFetchMode(PDO::FETCH_OBJ); $row = $st->fetch(); if ($st->rowCount() == 0) { errormsg("Username or password incorrect."); } session_start(); session_regenerate_id(true); $_SESSION['user'] = $row->id; exitjson(array("user" => $row));
if (add_domain($domain_name, $client_id, $mysqli)) { echo "\n\t\t\t\t\t\t<!-- Begin Content Division -->\n\t\t\t\t\t\t<div id='content'>\t\t\t\t\t\n\t\t\t\t\t\t\t<legend>Create Domain</legend>\n\t\t\t\t\t\t\t" . quickalert("success", "New domain '" . $domain_name . "' has been added to the database for client '" . $client_name . "'.") . "\n\t\t\t\t\t\t<!-- End Content Division -->\n\t\t\t\t\t\t</div>\n\t\t\t\t\t"; } else { errormsg("Failed to insert new record into the database"); } } else { errormsg("This domain is already in the database!"); } } else { errormsg("This client_id does not exist"); } } elseif (!$_POST) { echo "\n\t\t<!-- Begin Content Division -->\n\t\t<div id='content'>\n\t\t\t<form class='form-horizontal' action='" . SITE_URL . "/?do=create&object=domain' method='post' name='create_domain'>\n\t\t\t\t<fieldset>\n\t\t\t\t\n\t\t\t\t<legend>Create Domain</legend>\n\t\t\t\t" . quickalert("info", "Domain names must contain a valid fully qualified domain name.") . "\n\t\t\t\t\n\t\t\t\t<div class='form-group'>\n\t\t\t\t\t<label class='col-md-4 control-label' for='selectbasic'>Client</label>\n\t\t\t\t\t<div class='col-md-4'>\n\t\t\t\t\t<select id='client_id' name='client_id' class='form-control'>\n\t\t\t\t"; $query = "SELECT client_id,client_name FROM clients ORDER BY client_name"; if ($stmt = $mysqli->prepare($query)) { $stmt->execute(); $stmt->store_result(); if ($stmt->num_rows > 0) { $stmt->bind_result($client_id, $client_name); while ($row = $stmt->fetch()) { echo "<option value=" . $client_id . ">" . $client_name . "</option>"; } } } // free result set $stmt->close(); echo "\n\t\t\t\t\t</select>\n\t\t\t\t </div>\n\t\t\t\t</div>\n\t\t\t\t<div class='form-group'>\n\t\t\t\t <label class='col-md-4 control-label' for='textinput'>Domain Name</label>\n\t\t\t\t <div class='col-md-4'>\n\t\t\t\t <input\n\t\t\t\t \trequired\n\t\t\t\t \ttype='text'\n\t\t\t\t \tname='domain_name'\n\t\t\t\t \tplaceholder='e.g yourbusiness.com.au'\n\t\t\t\t \tclass='form-control input-md'\n\t\t\t\t \tpattern='^[-a-z0-9]{1,63}\\.(ac\\.nz|co\\.nz|geek\\.nz|gen\\.nz|kiwi\\.nz|maori\\.nz|net\\.nz|org\\.nz|school\\.nz|ae|ae\\.org|com\\.af|asia|asn\\.au|auz\\.info|auz\\.net|com\\.au|id\\.au|net\\.au|org\\.au|auz\\.biz|az|com\\.az|int\\.az|net\\.az|org\\.az|pp\\.az|biz\\.fj|com\\.fj|info\\.fj|name\\.fj|net\\.fj|org\\.fj|pro\\.fj|or\\.id|biz\\.id|co\\.id|my\\.id|web\\.id|biz\\.ki|com\\.ki|info\\.ki|ki|mobi\\.ki|net\\.ki|org\\.ki|phone\\.ki|biz\\.pk|com\\.pk|net\\.pk|org\\.pk|pk|web\\.pk|cc|cn|com\\.cn|net\\.cn|org\\.cn|co\\.in|firm\\.in|gen\\.in|in|in\\.net|ind\\.in|net\\.in|org\\.in|co\\.ir|ir|co\\.jp|jp|jp\\.net|ne\\.jp|or\\.jp|co\\.kr|kr|ne\\.kr|or\\.kr|co\\.th|in\\.th|com\\.bd|com\\.hk|hk|idv\\.hk|org\\.hk|com\\.jo|jo|com\\.kz|kz|org\\.kz|com\\.lk|lk|org\\.lk|com\\.my|my|com\\.nf|info\\.nf|net\\.nf|nf|web\\.nf|com\\.ph|ph|com\\.ps|net\\.ps|org\\.ps|ps|com\\.sa|com\\.sb|net\\.sb|org\\.sb|com\\.sg|edu\\.sg|org\\.sg|per\\.sg|sg|com\\.tw|tw|com\\.vn|net\\.vn|org\\.vn|vn|cx|fm|io|la|mn|nu|qa|tk|tl|tm|to|tv|ws|academy|careers|education|training|bike|biz|cat|co|com|info|me|mobi|name|net|org|pro|tel|travel|xxx|blackfriday|clothing|diamonds|shoes|tattoo|voyage|build|builders|construction|contractors|equipment|glass|lighting|plumbing|repair|solutions|buzz|sexy|singles|support|cab|limo|camera|camp|gallery|graphics|guitars|hiphop|photo|photography|photos|pics|center|florist|institute|christmas|coffee|kitchen|menu|recipes|company|enterprises|holdings|management|ventures|computer|systems|technology|directory|guru|tips|wiki|domains|link|estate|international|land|onl|pw|today|ac\\.im|co\\.im|com\\.im|im|ltd\\.co\\.im|net\\.im|org\\.im|plc\\.co\\.im|am|at|co\\.at|or\\.at|ba|be|bg|biz\\.pl|com\\.pl|info\\.pl|net\\.pl|org\\.pl|pl|biz\\.tr|com\\.tr|info\\.tr|tv\\.tr|web\\.tr|by|ch|co\\.ee|ee|co\\.gg|gg|co\\.gl|com\\.gl|co\\.hu|hu|co\\.il|org\\.il|co\\.je|je|co\\.nl|nl|co\\.no|no|co\\.rs|in\\.rs|rs|co\\.uk|org\\.uk|uk\\.net|com\\.de|de|com\\.es|es|nom\\.es|org\\.es|com\\.gr|gr|com\\.hr|com\\.mk|mk|com\\.mt|net\\.mt|org\\.mt|com\\.pt|pt|com\\.ro|ro|com\\.ru|net\\.ru|ru|su|com\\.ua|ua|cz|dk|eu|fi|fr|pm|re|tf|wf|yt|gb\\.net|ie|is|it|li|lt|lu|lv|md|mp|se|se\\.net|si|sk|ac|ag|co\\.ag|com\\.ag|net\\.ag|nom\\.ag|org\\.ag|ai|com\\.ai|com\\.ar|as|biz\\.pr|com\\.pr|net\\.pr|org\\.pr|pr|biz\\.tt|co\\.tt|com\\.tt|tt|bo|com\\.bo|com\\.br|net\\.br|tv\\.br|bs|com\\.bs|bz|co\\.bz|com\\.bz|net\\.bz|org\\.bz|ca|cl|co\\.cr|cr|co\\.dm|dm|co\\.gy|com\\.gy|gy|co\\.lc|com\\.lc|lc|co\\.ms|com\\.ms|ms|org\\.ms|co\\.ni|com\\.ni|co\\.ve|com\\.ve|co\\.vi|com\\.vi|com\\.co|net\\.co|nom\\.co|com\\.cu|cu|com\\.do|do|com\\.ec|ec|info\\.ec|net\\.ec|com\\.gt|gt|com\\.hn|hn|com\\.ht|ht|net\\.ht|org\\.ht|com\\.jm|com\\.kn|kn|com\\.mx|mx|com\\.pa|com\\.pe|pe|com\\.py|com\\.sv|com\\.uy|uy|com\\.vc|net\\.vc|org\\.vc|vc|gd|gs|north\\.am|south\\.am|us|us\\.org|sx|tc|vg|cd|cg|cm|co\\.cm|com\\.cm|net\\.cm|co\\.ke|or\\.ke|co\\.mg|com\\.mg|mg|net\\.mg|org\\.mg|co\\.mw|com\\.mw|coop\\.mw|mw|co\\.na|com\\.na|na|org\\.na|co\\.ug|ug|co\\.za|com\\.ly|ly|com\\.ng|ng|com\\.sc|sc|mu|rw|sh|so|st|club|kiwi|uno|email|ruhr)\$'/>\n\t\t\t\t <span class='help-block'>Enter the Domain Name here</span> \n\t\t\t\t </div>\n\t\t\t\t</div>\n\t\t\t\t\n\t\t\t\t<div class='form-group'>\n\t\t\t\t <label class='col-md-4 control-label' for='singlebutton'></label>\n\t\t\t\t <div class='col-md-4'>\n\t\t\t\t\t<button id='singlebutton' name='singlebutton' class='btn success large' type='submit'><span class='glyphicon glyphicon-plus-sign' id='logIcon'></span> Create </button>\n\t\t\t\t </div>\n\t\t\t\t</div>\n\t\t\t\t\n\t\t\t\t</fieldset>\n\t\t\t</form>\n\t\t<!-- End Content Division -->\n\t\t</div>\n\t\t"; } else { errormsg('no clients exist to create a domain for'); } }
function page_user_signup() { event("on_user_signup"); form_start("", "post", " name=signup_form "); form_input("Email", "email", form_post("email")); form_password("Password", "password", "", "", " class='password' "); form_password("Retype", "retype"); form_submit("Sign Up", "Signup", " id=signup_submit "); form_end(); $o = form(); if (form_post("email")) { if (!form_post("password") || !form_post("retype")) { $o .= "Please fill all fields."; } else { if (form_post("password") != form_post("retype")) { $o .= "Retype doesn't match password."; } else { $exists = db_result(db_query("SELECT id FROM users WHERE email='%s'", form_post("email"))); if ($exists) { $o .= errormsg("Such email (login) already in use."); } else { db_query("INSERT INTO users (email,password)\r\n VALUES ('%s','%s')", form_post("email"), form_post("password")); $_SESSION['userid'] = db_last_id(); redir(""); die; $o .= "Successfully signed up"; } } } } return "{$o}"; }
public function getTask($taskID) { try { $st = $this->db->prepare("\n\t\t\t\tSELECT tasks.*, projects.projectName, projects.clientID, clients.clientName, CONCAT(users.first_name, ' ', users.last_name) AS assignedTo \n\t\t\t\tFROM tasks \n\t\t\t\tLEFT JOIN projects ON projects.id = tasks.projectID \n\t\t\t\tLEFT JOIN clients ON clients.id = projects.clientID \n\t\t\t\tLEFT JOIN users on users.id = tasks.taskeeID \n\t\t\t\tWHERE tasks.id = :taskID \n\t\t\t"); $st->execute(array(":taskID" => $taskID)); } catch (PDOException $e) { errormsg($e->getMessage()); } $st->setFetchMode(PDO::FETCH_OBJ); $row = $st->fetch(); return $row; }
errormsg("address_id not valid"); } // get some more info } elseif (isset($_GET['id'])) { if (get_domain_name($_GET['id'], $mysqli)) { $address_id = $_GET['id']; if ($client_id = get_client_id_by_address_id($address_id, $mysqli)) { echo "\n\t\t\t\t<!-- Begin Content Division -->\n\t\t\t\t<div id='content'>\n\t\t\t\t\t<form class='form-horizontal' action='" . SITE_URL . "/?do=opt&object=changedomainowner' method='get' name='change_domain_owner'>\n\t\t\t\t\t\t<fieldset>\n\t\t\t\t\t\t\n\t\t\t\t\t\t<legend>Change Domain Owner</legend>\n\n\t\t\t\t\t\t<input type='hidden' name='do' value='opt'>\n\t\t\t\t\t\t<input type='hidden' name='object' value='changedomainowner'>\n\t\t\t\t\t\t<input type='hidden' name='id' value='" . $address_id . "'>\n\n\t\t\t\t\t\t<div class='form-group'>\n\t\t\t\t\t\t\t<label class='col-md-4 control-label' for='selectbasic'>New Owner</label>\n\t\t\t\t\t\t\t<div class='col-md-4'>\n\t\t\t\t\t\t\t<select id='client_id' name='client_id' class='form-control'>\n\t\t\t\t\t\t"; $query = "SELECT client_id,client_name FROM clients WHERE client_id != ? ORDER BY client_name"; if ($stmt = $mysqli->prepare($query)) { $stmt->bind_param('i', $client_id); $stmt->execute(); $stmt->store_result(); if ($stmt->num_rows > 0) { $stmt->bind_result($client_id, $client_name); while ($row = $stmt->fetch()) { echo "<option value=" . $client_id . ">" . $client_name . "</option>"; } } } // free result set $stmt->close(); echo "\n\t\t\t\t\t\t\t</select>\n\t\t\t\t\t\t </div>\n\t\t\t\t\t\t</div>\n\t\t\t\t\t\t<div class='form-group'>\n\t\t\t\t\t\t <label class='col-md-4 control-label' for='singlebutton'></label>\n\t\t\t\t\t\t <div class='col-md-4'>\n\t\t\t\t\t\t\t<button id='singlebutton' name='singlebutton' class='btn success large' type='submit'><span class='glyphicon glyphicon-plus-sign' id='logIcon'></span> Change </button>\n\t\t\t\t\t\t </div>\n\t\t\t\t\t\t</div>\n\t\t\t\t\t\t\n\t\t\t\t\t\t</fieldset>\n\t\t\t\t\t</form>\n\t\t\t\t<!-- End Content Division -->\n\t\t\t\t</div>\n\t\t\t\t"; } else { errormsg("address_id not valid"); } } } else { errormsg("invalid GET array"); } }
</div> </form> <?php } else { echo '<h3><span class="text-success">已向注册邮箱发送邮件!</span></h3>'; echo '<p>去邮箱查收邮件并点击重置密码链接</p>'; } } ?> <?php if ($classactive2) { ?> <form action="" method="post"> <?php errormsg($errors); ?> <h3>设置新密码:</h3> <p><input type="password" name="pass1" class="form-control input-lg" placeholder="输入新密码" autofocus></p> <h5>重复新密码:</h5> <p><input type="password" name="pass2" class="form-control input-lg" placeholder="重复新密码"></p> <p><input type="submit" value="确认提交" class="btn btn-block btn-primary btn-lg"></p> </form> <?php } ?> <?php if ($classactive3) { ?> <form>
if (empty($updata["id"])) { errormsg("The 'clientID' is required."); } $dbh = new PDB(); $db = $dbh->db; $site = new Site($db); try { $ct = 0; $sql = "UPDATE clients SET "; foreach ($updata as $key => $value) { if ($value != "" && $key != "id") { if ($ct != 0) { $sql .= ", "; } $sql .= $key . " = :" . $key; $ct++; } } $sql .= " WHERE id = :id"; $st = $db->prepare($sql); foreach ($updata as $key => &$value) { if ($value != "") { $st->bindParam(":" . $key, $value); } } $st->execute(); $newclient = $dbh->getClient($user, $updata["id"]); } catch (PDOException $e) { errormsg($e->getMessage()); } exitjson(array("client" => $newclient));
<?php include_once "config.php"; include_once "functions.php"; // are you logged in? if (!isset($_SESSION['username'])) { gohome(); } // are you in the correct group? if ($_SESSION['role_id'] < 1) { errormsg('Your role does not have access to this resource'); } else { echo "\n\t<!-- Begin Content Division -->\n\t<div id='content'>\n\t\t<div id='ajaxAlerts'>\n\t\t"; include_once dirname(__FILE__) . "/../../public_html/ajax_alerts.php"; echo "\n\t\t</div>\n\t\t<div id='ajaxInfo'>\n\t\t</div>\n\t<!-- End Content Division -->\n\t</div>\n\t\n\t"; }
<?php error_reporting(E_ALL); session_start(); session_regenerate_id(false); require_once "reqs/common.php"; require_once "reqs/pdo.php"; //require_once("reqs/auth.php"); $dbh = new PDB(); $db = $dbh->db; if (!isset($_SESSION["user"])) { errormsg("Not logged in."); } $userID = $_SESSION["user"]; $userdata = $dbh->getUser($userID); exitjson(array("user" => $userdata));
} else { errormsg($entity, "Could not open document: " . $entity_url); } break; // Use FTP functions // Use FTP functions case "ftp": if ($ftp = @ftp_connect($url["host"])) { if (@ftp_login($ftp, "anonymous", "*****@*****.**")) { $flist = ftp_nlist($ftp, $url["path"]); if (!count($flist)) { errormsg($entity, "unknown path: " . $url["path"] . " for ftp host: " . $url['host']); } } else { errormsg($entity, "could not login as anonymous to FTP host: " . $url["host"]); } ftp_quit($ftp); } else { errormsg($entity, "could not connect to " . $url["host"]); } break; } } } /*********************************************************************/ /* Here starts the functions part */ /*********************************************************************/ function errormsg($entity, $desc) { printf("%30s: %s\n", $entity, $desc); }
} else { // file doesnt exist errormsg("object type '" . $_GET['object'] . "' does not exist"); } } else { // no or wrong paramaters errormsg('missing or incorrect get request'); } } elseif (login_check($adldap, $mysqli) == false && $action_started == "false") { //not logged in. send to login echo "<script> location.replace('../?do=login'); </script>"; } } } else { // no or wrong paramaters errormsg('missing or incorrect get request'); } } elseif (empty($_GET)) { if (login_check($adldap, $mysqli) == false && $action_started == "false") { // not logged in, send to login echo "<script> location.replace('../?do=login'); </script>"; } elseif (login_check($adldap, $mysqli) == true && $action_started == "false") { // check setup is complete if (check_setup_status($mysqli)) { // logged in, display index include_once dirname(__FILE__) . "/../app/includes/menuloader.php"; include_once dirname(__FILE__) . "/../app/includes/stats.php"; } else { include_once dirname(__FILE__) . "/../app/includes/menuloader.php"; include_once dirname(__FILE__) . "/../app/includes/setup.php"; }
function checkLoggedIn() { if (!isset($_SESSION["user"])) { errormsg("Not logged in."); } }
include_once dirname(__FILE__) . "/../db_connect.php"; include_once dirname(__FILE__) . "/../functions.php"; if (session_status() == PHP_SESSION_NONE) { sec_session_start(); } // are you logged in? if (!isset($_SESSION['username'])) { gohome(); } // are you in the correct group? if ($_SESSION['role_id'] < 2) { errormsg('Your role does not have access to this resource'); } else { if ($stmta = $mysqli->prepare("UPDATE ms_config SET value = value + 1 WHERE `host`='confserialnumber' AND `option`='confserialnumber'")) { if ($stmta->execute()) { if ($stmtb = $mysqli->prepare("UPDATE ms_config SET value='false' WHERE `host`='confserialnumber' AND `option`='ruleset_changed'")) { if ($stmtb->execute()) { echo "\n\t\t\t\t\t<!-- Begin Content Division -->\n\t\t\t\t\t<div id='content'>\n\t\t\t\t\t<h2>Update Config Serial Number</h2>\n\t\t\t\t\t<p>Success!</p>\n\t\t\t\t\t<!-- End Content Division -->\n\t\t\t\t\t</div>\n\t\t\t\t\t"; } else { errormsg("Failed to update the record in the database"); } } } else { errormsg("Failed to update the record in the database"); } } } ?>
<?php include_once "db_connect.php"; include_once "config.php"; if (session_status() == PHP_SESSION_NONE) { sec_session_start(); } // are you logged in? if (!isset($_SESSION['username'])) { gohome(); } // are you in the correct group? if ($_SESSION['role_id'] < 3) { errormsg('Your role does not have access to run the setup'); } else { $rulesets = array("Add Watermark" => "watermarkadd", "Treat Invalid Watermarks With No Sender as Spam" => "watermarkinvalidspam", "Use Watermarking" => "watermarkuse", "Check Watermarks With No Sender" => "watermarkcheck", "Allow WebBugs" => "disarmwebugs", "Allow Script Tags" => "disarmscripttags", "Allow Form Tags" => "disarmformtags", "Allow IFrame Tags" => "disarmiframetags", "Disarmed Modify Subject" => "disarmmodifysubject", "Disarmed Subject Text" => "disarmsubjecttext", "Maximum Attachment Size" => "maxattachmentsize", "Maximum Attachments Per Message" => "maxattachmentspermessage", "Maximum Message Size" => "maxmessagesize", "Max Spam Check Size" => "maxspamchecksize", "Notify Senders" => "notifysenders", "Notify Senders Of Blocked Filenames Or Filetypes" => "notifysendersblockedfiles", "Notify Senders Of Blocked Size Attachments" => "notifysendersblockedoversize", "Notify Senders Of Other Blocked Content" => "notifysendersblockedother", "Notify Senders Of Viruses" => "notifysendersblockedvirus", "Allow Password-Protected Archives" => "blockpasswordarchive", "Check Filenames In Password-Protected Archives" => "filenamecheckpasswordarchive", "Block Encrypted Messages" => "blockencrypted", "Block Unencrypted Messages" => "blockunencrypted", "Find Phishing Fraud" => "findfraud", "Phishing Modify Subject" => "modifyfraudsubject", "Phishing Subject Text" => "fraudsubjecttext", "Reject Message" => "rejectmessage", "Scan Messages" => "scanmessages", "Spam Checks" => "spamchecks", "Virus Scanning" => "virusscan", "Sign Clean Messages" => "signcleanmessages", "Sign Messages Already Processed" => "signmessagesalreadyprocessed", "Convert HTML To Text" => "converthtmltxt", "Dangerous Content Scanning" => "dangerouscontentscanning"); // count the rows $tablerows = 0; // create table $table = "\n\t\t<!-- Begin viewtable Division -->\n\t\t<div id='viewtable'>\n\t\t<table border='0'>\n\t\t<tr>\n\t\t <th>Setup</th>\n\t\t <th>Result</th>\n\t\t</tr>\n\t\t"; // add confserialnumber if (add_ruleset("confserialnumber", "0", "confserialnumber", $mysqli)) { // success, update table $table .= "\n\t\t<tr>\n\t\t <td>MailScanner: Configuration Number</td>\n\t\t <td><font color='green'>Success</font></td>\n\t\t</tr>\n\t\t"; $tablerows++; } else { // failed! $table .= "\n\t\t<tr>\n\t\t <td>MailScanner: Configuration Number</td>\n\t\t <td><font color='red'>Fail</font></td>\n\t\t</tr>\n\t\t"; $tablerows++; } // add changed_ruleset_value
gohome(); } // are you in the correct group? if ($_SESSION['role_id'] < 2) { errormsg('Your role does not have access to this resource'); } else { if (isset($_POST['host_name']) && isset($_POST['host_alias'])) { // Setup POST data as a new variable $host_name = $_POST['host_name']; $host_alias = $_POST['host_alias']; $host_key = md5(uniqid(rand(), true)); if (!check_host_name_isfree($host_name, $mysqli)) { errormsg("host_name is already in use"); } if (!check_host_alias_isfree($host_alias, $mysqli)) { errormsg("host_alias is already in use"); } if (!check_host_key_isfree($host_key, $mysqli)) { errormsg("host_key is already in use"); } if (add_host($host_name, $host_alias, $host_key, $mysqli)) { echo "\n\t\t\t<!-- Begin Content Division -->\n\t\t\t<div id='content'>\t\t\t\t\t\n\t\t\t\t<legend>Create Host</legend>\n\t\t\t\t" . quickalert("success", "New host has been added.") . "\t\t\t\t\n\t\t\t<!-- End Content Division -->\n\t\t\t</div>\n\t\t\t"; } else { errormsg("Failed to insert new record into the database"); } } elseif (!$_POST) { echo "\n\t\t<!-- Begin Content Division -->\n\t\t<div id='content'>\n\t\t\t<form class='form-horizontal' action='" . SITE_URL . "/?do=create&object=host' method='post' name='create_host'>\n\t\t\t\t<fieldset>\n\t\t\t\t\n\t\t\t\t<legend>Create Host</legend>\n\t\t\t\t" . quickalert("info", "New host will need to be in the same layer2 network segment.") . "\n\t\t\t\t\n\t\t\t\t<div class='form-group'>\n\t\t\t\t <label class='col-md-4 control-label' for='textinput'>Host Address</label>\n\t\t\t\t <div class='col-md-4'>\n\t\t\t\t <input\n\t\t\t\t \trequired\n\t\t\t\t \ttype='text'\n\t\t\t\t \tname='host_name'\n\t\t\t\t \tplaceholder='e.g msc-scanner1.yourdomain.tld'\n\t\t\t\t \tclass='form-control input-md'\n\t\t\t\t \tsize='50'\n\t\t\t\t \tpattern='^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])|(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])\$'\n\t\t\t\t >\n\t\t\t\t <span class='help-block'>FQDN or IP address of the host</span> \n\t\t\t\t </div>\n\t\t\t\t</div>\n\t\t\t\t\n\t\t\t\t<div class='form-group'>\n\t\t\t\t <label class='col-md-4 control-label' for='textinput'>Host Alias</label> \n\t\t\t\t <div class='col-md-4'>\n\t\t\t\t <input required name='host_alias' name='host_alias' type='text' placeholder='e.g. Scanner1' pattern='^([a-zA-Z0-9]){3,50}\$' class='form-control input-md'>\n\t\t\t\t <span class='help-block'>Enter an Alias for the host</span> \n\t\t\t\t </div>\n\t\t\t\t</div>\n\t\t\t\t\n\t\t\t\t<div class='form-group'>\n\t\t\t\t <label class='col-md-4 control-label' for='singlebutton'></label>\n\t\t\t\t <div class='col-md-4'>\n\t\t\t\t\t<button id='singlebutton' name='singlebutton' class='btn success large' type='submit'><span class='glyphicon glyphicon-plus-sign' id='logIcon'></span> Create </button>\n\t\t\t\t </div>\n\t\t\t\t</div>\n\t\t\t\t\n\t\t\t\t</fieldset>\n\t\t\t</form>\n\t\t<!-- End Content Division -->\n\t\t</div>\n\t\t"; } else { errormsg('post error and create_transmap page'); } }
include_once dirname(__FILE__) . "/../db_connect.php"; include_once dirname(__FILE__) . "/../functions.php"; if (session_status() == PHP_SESSION_NONE) { sec_session_start(); } // are you logged in? if (!isset($_SESSION['username'])) { gohome(); } // are you in the correct group? if ($_SESSION['role_id'] < 2) { errormsg('Your role does not have access to this resource'); } else { if (isset($_POST['client_name'])) { // sanitise variables for security $client_name = filter_input(INPUT_POST, 'client_name', FILTER_SANITIZE_STRING); if (check_client_name_isfree($client_name, $mysqli)) { if (add_client($client_name, $mysqli)) { echo "\n\t\t\t\t\t\t<!-- Begin Content Division -->\n\t\t\t\t\t\t<div id='content'>\t\t\t\t\t\n\t\t\t\t\t\t\t<legend>Create Client</legend>\n\t\t\t\t\t\t\t" . quickalert("success", "New client '" . $client_name . "' has been added to the database.\n\t\t\t\t\t\t\t\t\t<a class='alert-link' href='" . SITE_URL . "/?do=create&object=domain'>Add Domain</a>") . "\n\t\t\t\t\t\t<!-- End Content Division -->\n\t\t\t\t\t\t</div>\n\t\t\t\t\t"; } else { errormsg("Failed to insert new record into the database"); } } else { errormsg("There is already a client called '" . $client_name . "' in the database!"); } } elseif (!$_POST) { echo "\n\t\t<!-- Begin Content Division -->\n\t\t<div id='content'>\n\t\t\t<form class='form-horizontal' action='" . SITE_URL . "/?do=create&object=client' method='post' name='create_client'>\n\t\t\t\t<fieldset>\n\t\t\t\t\n\t\t\t\t<legend>Create Client</legend>\n\t\t\t\t" . quickalert("info", "Client names must be alphanumeric. They can contain spaces, underscores and dashes.") . "\n\t\t\t\t<div class='form-group'>\n\t\t\t\t <label class='col-md-4 control-label' for='textinput'>Client Name</label> \n\t\t\t\t <div class='col-md-4'>\n\t\t\t\t <input required name='client_name' name='client_name' type='text' placeholder='InternetWigits' pattern='^([a-zA-Z0-9]){3,50}\$' class='form-control input-md'>\n\t\t\t\t <span class='help-block'>Enter the Clients Name Here.</span> \n\t\t\t\t </div>\n\t\t\t\t</div>\n\t\t\t\t\n\t\t\t\t<div class='form-group'>\n\t\t\t\t <label class='col-md-4 control-label' for='singlebutton'></label>\n\t\t\t\t <div class='col-md-4'>\n\t\t\t\t <button id='singlebutton' name='singlebutton' class='btn success large' type='submit'><span class='glyphicon glyphicon-plus-sign' id='logIcon'></span> Create </button>\n\t\t\t\t </div>\n\t\t\t\t</div>\n\t\t\t\t\n\t\t\t\t</fieldset>\n\t\t\t</form>\n\t\t<!-- End Content Division -->\n\t\t</div>\n\t\t"; } else { errormsg('POST error. Possible missing input.'); } }
<?php include_once "db_connect.php"; include_once "ldap_connect.php"; include_once "config.php"; echo "\n<html>\n<head>\n"; if (session_status() == PHP_SESSION_NONE) { sec_session_start(); } else { session_regenerate_id(true); } if (!isset($_SESSION['displayName'])) { $title = SITE_TITLE; } elseif (isset($_SESSION['displayName'])) { $title = SITE_TITLE . " - " . $_SESSION['displayName']; } else { errormsg('you shouldnt see this error message!!!'); } echo "\n<title>" . $title . "</title>\n<link rel='stylesheet' href='https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css'>\n<link rel='stylesheet' type='text/css' href='" . SITE_URL . "/main.css' />\n<link rel='stylesheet' type='text/css' href='" . SITE_URL . "/checkbox.css' />\n<!-- jQuery library -->\n<script src='http://code.jquery.com/jquery-latest.js'></script>\n<!-- Latest compiled JavaScript -->\n<script src='https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js'></script>\n<script>\n\$(document).ready(function () {\n setInterval(function () {\n \$('#ajaxAlerts').load('ajax_alerts.php');\n }, 1500);\n setInterval(function () {\n \$('#ajaxStats').load('ajax_stats.php');\n }, 6000);\n});\n</script>\n";