if (isset($a_vip[$id]['uniqid'])) {
$ignore_uniqid = $a_vip[$id]['uniqid'];
}
} else {
$ignore_if = $_POST['interface'];
$ignore_mode = $_POST['mode'];
}
if (!isset($ignore_uniqid)) {
$ignore_uniqid = $_POST['uniqid'];
}
if ($ignore_mode == 'carp') {
$ignore_if = "_vip{$ignore_uniqid}";
} else {
$ignore_if .= "_virtualip{$id}";
}
if (is_ipaddr_configured($_POST['subnet'], $ignore_if)) {
$input_errors[] = gettext("This IP address is being used by another interface or VIP.");
}
unset($ignore_if, $ignore_mode);
}
}
$natiflist = get_configured_interface_with_descr();
foreach ($natiflist as $natif => $natdescr) {
if ($_POST['interface'] == $natif && (empty($config['interfaces'][$natif]['ipaddr']) && empty($config['interfaces'][$natif]['ipaddrv6']))) {
$input_errors[] = gettext("The interface chosen for the VIP has no IPv4 or IPv6 address configured so it cannot be used as a parent for the VIP.");
}
}
/* ipalias and carp should not use network or broadcast address */
if ($_POST['mode'] == "ipalias" || $_POST['mode'] == "carp") {
if (is_ipaddrv4($_POST['subnet']) && $_POST['subnet_bits'] != "32") {
$network_addr = gen_subnet($_POST['subnet'], $_POST['subnet_bits']);
if ($_POST['rollbits'] && (!is_numeric($_POST['rollbits']) || $_POST['rollbits'] < 1 || $_POST['rollbits'] > 31)) {
$input_errors[] = gettext("# of Bits to store Roll Id needs to be between 1..31.");
}
if ($_POST['ticketbits'] && (!is_numeric($_POST['ticketbits']) || $_POST['ticketbits'] < 1 || $_POST['ticketbits'] > 16)) {
$input_errors[] = gettext("# of Bits to store Ticket Id needs to be between 1..16.");
}
if ($_POST['checksumbits'] && (!is_numeric($_POST['checksumbits']) || $_POST['checksumbits'] < 1 || $_POST['checksumbits'] > 31)) {
$input_errors[] = gettext("# of Bits to store checksum needs to be between 1..31.");
}
if ($_POST['publickey'] && !strstr($_POST['publickey'], "BEGIN PUBLIC KEY")) {
$input_errors[] = gettext("This doesn't look like an RSA Public key.");
}
if ($_POST['privatekey'] && !strstr($_POST['privatekey'], "BEGIN RSA PRIVATE KEY")) {
$input_errors[] = gettext("This doesn't look like an RSA Private key.");
}
if ($_POST['vouchersyncdbip'] && is_ipaddr_configured($_POST['vouchersyncdbip'])) {
$input_errors[] = gettext("You cannot sync the voucher database to this host (itself).");
}
}
if (!$input_errors) {
if (empty($config['voucher'][$cpzone])) {
$newvoucher = array();
} else {
$newvoucher = $config['voucher'][$cpzone];
}
if ($_POST['enable'] == "yes") {
$newvoucher['enable'] = true;
} else {
unset($newvoucher['enable']);
}
if (empty($_POST['vouchersyncusername'])) {
if ($_POST) {
unset($input_errors);
$pconfig = $_POST;
/* input validation */
if ($_POST['mode'] == "server") {
$reqdfields = explode(" ", "localip remoteip");
$reqdfieldsn = array(gettext("Server address"), gettext("Remote start address"));
if ($_POST['radiusenable']) {
$reqdfields = array_merge($reqdfields, explode(" ", "radiusserver radiussecret"));
$reqdfieldsn = array_merge($reqdfieldsn, array(gettext("RADIUS server address"), gettext("RADIUS shared secret")));
}
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
if ($_POST['localip'] && !is_ipaddr($_POST['localip'])) {
$input_errors[] = gettext("A valid server address must be specified.");
}
if (is_ipaddr_configured($_POST['localip'])) {
$input_errors[] = gettext("'Server address' parameter should NOT be set to any IP address currently in use on this firewall.");
}
if ($_POST['l2tp_subnet'] && !is_ipaddr($_POST['remoteip'])) {
$input_errors[] = gettext("A valid remote start address must be specified.");
}
if ($_POST['radiusserver'] && !is_ipaddr($_POST['radiusserver'])) {
$input_errors[] = gettext("A valid RADIUS server address must be specified.");
}
if ($_POST['secret'] != $_POST['secret_confirm']) {
$input_errors[] = gettext("Secret and confirmation must match");
}
if ($_POST['radiussecret'] != $_POST['radiussecret_confirm']) {
$input_errors[] = gettext("Secret and confirmation must match");
}
if (!is_numericint($_POST['n_l2tp_units']) || $_POST['n_l2tp_units'] > 255) {
}
foreach ($staticroutes as $route_subnet) {
list($network, $subnet) = explode("/", $route_subnet);
if ($pconfig['subnet'] == $subnet && $network == gen_subnet($pconfig['ipaddr'], $pconfig['subnet'])) {
$input_errors[] = gettext("This IPv4 address conflicts with a Static Route.");
break;
}
unset($network, $subnet);
}
}
}
if (!empty($pconfig['ipaddrv6'])) {
if (!is_ipaddrv6($pconfig['ipaddrv6'])) {
$input_errors[] = gettext("A valid IPv6 address must be specified.");
} else {
if (is_ipaddr_configured($pconfig['ipaddrv6'], $if, true)) {
$input_errors[] = gettext("This IPv6 address is being used by another interface or VIP.");
}
foreach ($staticroutes as $route_subnet) {
list($network, $subnet) = explode("/", $route_subnet);
if ($pconfig['subnetv6'] == $subnet && $network == gen_subnetv6($pconfig['ipaddrv6'], $pconfig['subnetv6'])) {
$input_errors[] = gettext("This IPv6 address conflicts with a Static Route.");
break;
}
unset($network, $subnet);
}
}
}
if (!empty($pconfig['subnet']) && !is_numeric($pconfig['subnet'])) {
$input_errors[] = gettext("A valid subnet bit count must be specified.");
}
}
foreach ($staticroutes as $route_subnet) {
list($network, $subnet) = explode("/", $route_subnet);
if ($_POST['subnet'] == $subnet && $network == gen_subnet($_POST['ipaddr'], $_POST['subnet'])) {
$input_errors[] = gettext("This IPv4 address conflicts with a Static Route.");
break;
}
unset($network, $subnet);
}
}
}
if ($_POST['ipaddrv6']) {
if (!is_ipaddrv6($_POST['ipaddrv6'])) {
$input_errors[] = gettext("A valid IPv6 address must be specified.");
} else {
if (is_ipaddr_configured($_POST['ipaddrv6'], $if, true)) {
$input_errors[] = gettext("This IPv6 address is being used by another interface or VIP.");
}
foreach ($staticroutes as $route_subnet) {
list($network, $subnet) = explode("/", $route_subnet);
if ($_POST['subnetv6'] == $subnet && $network == gen_subnetv6($_POST['ipaddrv6'], $_POST['subnetv6'])) {
$input_errors[] = gettext("This IPv6 address conflicts with a Static Route.");
break;
}
unset($network, $subnet);
}
}
}
if ($_POST['subnet'] && !is_numeric($_POST['subnet'])) {
$input_errors[] = gettext("A valid subnet bit count must be specified.");
}
$id = $pconfig['id'];
}
// perform form validations
$reqdfields = array("mode");
$reqdfieldsn = array(gettext("Type"));
do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
if (isset($pconfig['subnet'])) {
$pconfig['subnet'] = trim($pconfig['subnet']);
if (!is_ipaddr($pconfig['subnet'])) {
$input_errors[] = gettext("A valid IP address must be specified.");
} else {
$ignore_if = isset($id) ? $a_vip[$id]['interface'] : $pconfig['interface'];
if ($pconfig['mode'] == 'carp') {
$ignore_if .= "_vip{$pconfig['vhid']}";
}
if (is_ipaddr_configured($pconfig['subnet'], $ignore_if)) {
$input_errors[] = gettext("This IP address is being used by another interface or VIP.");
}
}
}
$natiflist = get_configured_interface_with_descr();
foreach ($natiflist as $natif => $natdescr) {
if ($pconfig['interface'] == $natif && (empty($config['interfaces'][$natif]['ipaddr']) && empty($config['interfaces'][$natif]['ipaddrv6']))) {
$input_errors[] = gettext("The interface chosen for the VIP has no IPv4 or IPv6 address configured so it cannot be used as a parent for the VIP.");
}
}
/* ipalias and carp should not use network or broadcast address */
if ($pconfig['mode'] == "ipalias" || $pconfig['mode'] == "carp") {
if (is_ipaddrv4($pconfig['subnet']) && $pconfig['subnet_bits'] != "32") {
$network_addr = gen_subnet($pconfig['subnet'], $pconfig['subnet_bits']);
$broadcast_addr = gen_subnet_max($pconfig['subnet'], $pconfig['subnet_bits']);
