function validate_network($subnet, $network_type = "subnet", $table_id = null, $overlapok = false)
{
$dbo = getdbo();
$function_return = array();
if (!strstr($subnet, '/')) {
# invalid mask
$function_return['0'] = false;
$function_return['error'] = 'invalidmask';
return $function_return;
}
list($ip, $mask) = explode('/', $subnet);
$long_ip = ip2decimal($ip);
if ($long_ip === false) {
# invalid ip
$function_return['0'] = false;
$function_return['error'] = 'invalidip';
return $function_return;
}
if (!strstr($mask, '.') && is_numeric($mask) && $mask > '0' && $mask < '32') {
# number of mask bits
$bin = str_pad('', $mask, '1');
$bin = str_pad($bin, '32', '0');
$mask = bindec(substr($bin, 0, 8)) . "." . bindec(substr($bin, 8, 8)) . "." . bindec(substr($bin, 16, 8)) . "." . bindec(substr($bin, 24, 8));
$mask = long2ip(ip2decimal($mask));
}
$long_mask = ip2decimal($mask);
if (!validate_netmask($mask) || $long_mask === false) {
#invalid mask
$function_return['0'] = false;
$function_return['error'] = 'invalidmask';
return $function_return;
}
$long_start_ip = $long_ip & $long_mask;
// This makes sure they entered the network address and not an IP inside the network
$start_ip = long2ip($long_start_ip);
$long_end_ip = $long_ip | ~$long_mask;
$end_ip = long2ip($long_end_ip);
if ($network_type == 'block') {
# make sure we don't overlap other blocks
$overlap_check_sql = "SELECT id FROM blocks WHERE \n ((CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) <= CAST('{$long_start_ip}' & 0xFFFFFFFF AS UNSIGNED) AND \n\t CAST(end_ip & 0xFFFFFFFF AS UNSIGNED) >= CAST('{$long_start_ip}' & 0xFFFFFFFF AS UNSIGNED)) \n\tOR \n (CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) <= CAST('{$long_end_ip}' & 0xFFFFFFFF AS UNSIGNED) AND \n\t CAST(end_ip & 0xFFFFFFFF AS UNSIGNED) >= CAST('{$long_end_ip}' & 0xFFFFFFFF AS UNSIGNED)) \n\tOR\n (CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) >= CAST('{$long_start_ip}' & 0xFFFFFFFF AS UNSIGNED) AND \n\t CAST(end_ip & 0xFFFFFFFF AS UNSIGNED) <= CAST('{$long_end_ip}' & 0xFFFFFFFF AS UNSIGNED)))";
$overlap_check_sql .= $table_id !== NULL ? " AND id!='{$table_id}'" : '';
$result = $dbo->query($overlap_check_sql);
if ($result->rowcount() != '0') {
$function_return['0'] = false;
$function_return['error'] = 'blockoverlap-notice';
return $function_return;
}
} elseif ($overlapok === false) {
# make sure we don't overlap other subnets
$sql = "SELECT id FROM subnets WHERE \n\t CAST('{$long_start_ip}' & 0xFFFFFFFF AS UNSIGNED) & CAST(mask & 0xFFFFFFFF AS UNSIGNED) = CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) OR \n\t CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) & CAST('{$long_mask}' & 0xFFFFFFFF AS UNSIGNED) = CAST('{$long_start_ip}' & 0xFFFFFFFF AS UNSIGNED)";
$result = $dbo->query($sql);
if ($result->rowcount() != '0') {
# subnet overlap
$function_return['0'] = false;
$function_return['error'] = 'subnetoverlap-notice';
return $function_return;
}
}
# everything is ok if we get here
$function_return['0'] = true;
$function_return['start_ip'] = $start_ip;
$function_return['long_start_ip'] = $long_start_ip;
$function_return['end_ip'] = $end_ip;
$function_return['long_end_ip'] = $long_end_ip;
$function_return['mask'] = $mask;
$function_return['long_mask'] = $long_mask;
return $function_return;
}
function search_subnets()
{
global $COLLATE;
global $dbo;
include 'include/validation_functions.php';
$search = empty($_GET['search']) ? '' : clean($_GET['search']);
$search_only = isset($_GET['searchonly']) && preg_match("/true/", $_GET['searchonly']) ? true : false;
$searchonlyparam = $search_only ? '&searchonly=true' : '';
$input_error = false;
if (empty($search)) {
exit;
}
if (!strstr($search, '/')) {
echo $COLLATE['languages']['selected']['IPSearchFormat'];
$input_error = true;
}
list($ip, $mask) = explode('/', $search);
if (ip2decimal($ip) == FALSE) {
echo $COLLATE['languages']['selected']['IPSearchFormat'];
$input_error = true;
}
$ip = long2ip(ip2decimal($ip));
if (!strstr($mask, '.') && ($mask <= '0' || $mask >= '32')) {
echo $COLLATE['languages']['selected']['IPSearchFormat'];
$input_error = true;
} elseif (!strstr($mask, '.')) {
$bin = str_pad('', $mask, '1');
$bin = str_pad($bin, '32', '0');
$mask = bindec(substr($bin, 0, 8)) . "." . bindec(substr($bin, 8, 8)) . "." . bindec(substr($bin, 16, 8)) . "." . bindec(substr($bin, 24, 8));
$mask = long2ip(ip2decimal($mask));
} elseif (!validate_netmask($mask)) {
echo $COLLATE['languages']['selected']['invalidmask'];
$input_error = true;
}
if (!$input_error) {
$long_ip = ip2decimal($ip);
$long_mask = ip2decimal($mask);
$long_end_ip = $long_ip | ~$long_mask;
$ipspace = array();
array_push($ipspace, $long_ip);
$sql = "SELECT start_ip, end_ip FROM subnets WHERE CAST((start_ip & 0xFFFFFFFF) AS UNSIGNED) >= CAST(('{$long_ip}' & 0xFFFFFFFF) AS UNSIGNED) AND " . "CAST((end_ip & 0xFFFFFFFF) AS UNSIGNED) <= CAST(('{$long_end_ip}' & 0xFFFFFFFF) AS UNSIGNED) ORDER BY start_ip ASC";
$subnet_rows = $dbo->query($sql);
while (list($subnet_long_start_ip, $subnet_long_end_ip) = $subnet_rows->fetch(PDO::FETCH_NUM)) {
array_push($ipspace, $subnet_long_start_ip, $subnet_long_end_ip);
}
array_push($ipspace, $long_end_ip);
$ipspace = array_reverse($ipspace);
$ipspace_count = count($ipspace);
}
if (!$search_only) {
echo "<p><a href=\"#\" onclick=\"\r\n new Effect.toggle('blockspace', 'blind', { delay: 0.1 }); \r\n \t\t new Effect.toggle('spacesearch', 'blind', { delay: 0.1 })\r\n \t\t \">" . $COLLATE['languages']['selected']['showblockspace'] . "</a></p>\n";
}
echo "<h3>" . $COLLATE['languages']['selected']['SearchIPSpace'] . "</h3><br />\n" . "<p><b>" . $COLLATE['languages']['selected']['Subnet'] . ":</b> <input id=\"subnetsearch\" type=\"text\" value=\"{$search}\"><br />" . "<button onclick=\"new Ajax.Updater('spacesearch', '_subnets.php?op=search{$searchonlyparam}&search=' + \$('subnetsearch').value);\")\"> " . $COLLATE['languages']['selected']['Go'] . " </button></p>";
if (!$input_error) {
echo "<h4>" . $COLLATE['languages']['selected']['Results'] . ":</h4>";
echo "<table style=\"width: 100%\"><tr><th>" . $COLLATE['languages']['selected']['StartingIP'] . "</th><th>" . $COLLATE['languages']['selected']['EndIP'] . "</th></tr>";
while (!empty($ipspace)) {
$long_start = array_pop($ipspace);
if (count($ipspace) != $ipspace_count - '1') {
// Don't subtract 1 from the very first start IP
$start = long2ip($long_start + 1);
} else {
$start = long2ip($long_start);
}
$long_end = array_pop($ipspace);
if (count($ipspace) > '1') {
$end = long2ip($long_end - 1);
} else {
$end = long2ip($long_end);
}
if ($long_start + 1 != $long_end && $long_start != $long_end) {
echo "<tr><td>{$start}</td><td>{$end}</td></tr>";
}
}
echo "</table>";
}
exit;
}
function build_search_sql()
{
global $COLLATE;
global $dbo;
include 'include/validation_functions.php';
$first = isset($_GET['first']) ? $_GET['first'] : '';
$second = isset($_GET['second']) ? $_GET['second'] : '';
$search = isset($_GET['search']) ? clean($_GET['search']) : '';
$fromdate = isset($_GET['fromdate']) ? $_GET['fromdate'] : '';
$todate = isset($_GET['todate']) ? $_GET['todate'] : '';
$when = $fromdate == $todate ? 'all' : 'dates';
if ($first === '0') {
// block search
$pattern = "/^ip\$|^name\$|^note\$/";
$invalidrequest = preg_match($pattern, $second) ? false : true;
} elseif ($first === '1') {
// subnet search
$pattern = "/^ip\$|^name\$|^note\$|^modified_by\$/";
$invalidrequest = preg_match($pattern, $second) ? false : true;
} elseif ($first === '2') {
// statics search
$pattern = "/^ip\$|^name\$|^contact\$|^note\$|^modified_by\$|^failed_scans\$/";
$invalidrequest = preg_match($pattern, $second) ? false : true;
} elseif ($first === '3') {
// logs search
$pattern = "/^username\$|^level\$|^message\$/";
$invalidrequest = preg_match($pattern, $second) ? false : true;
} else {
// error
$invalidrequest = true;
}
if ($when != 'all') {
$starttime = strtotime($fromdate);
$endtime = strtotime($todate);
if ($starttime === false || $endtime === false || $endtime <= $starttime) {
$invalidrequest = true;
}
}
if ($invalidrequest === true) {
$notice = "invalidrequest";
header("Location: search.php?notice={$notice}");
exit;
}
if (strlen($search) < "3" && $second != 'failed_scans') {
$notice = "shortsearch";
header("Location: search.php?notice={$notice}");
exit;
} elseif ($second == 'failed_scans' && !is_numeric($search)) {
$notice = "numericfailedscans";
header("Location: search.php?notice={$notice}");
exit;
}
// -----------------------------------------------Build our sort variable---------------------------------------------
if ($first == '0' || $first == '1') {
// block or subnet search
// use what they ask for or default to what they searched by
// $sort is what the URI uses, $order and $full_order go into the SQL query - $full_order includes ASC or DESC
if (!empty($_GET['sort']) && ($_GET['sort'] == 'network' || $_GET['sort'] == 'name')) {
$sort = $_GET['sort'];
} else {
$sort = $second;
}
$order = $sort;
if ($sort == 'network' || $sort == 'ip') {
$order = 'start_ip';
}
} else {
// IP blocks, statics, or logs (logs are always sorted by ID Desc. because they're logs and i'm lazy)
if (!empty($_GET['sort']) && ($_GET['sort'] == 'ip' || $_GET['sort'] == 'name' || $_GET['sort'] == 'contact' || $_GET['sort'] == 'failed_scans')) {
$sort = $_GET['sort'];
} else {
$sort = $second;
}
$order = $sort;
}
//-----------------------------------------------------------------------------------------------------------------------------
if (($first == '0' || $first == '1' || $first == '2') && $second == "ip") {
if (!strstr($search, '/')) {
$ip = $search;
$mask = '32';
} else {
list($ip, $mask) = explode('/', $search);
}
if (ip2decimal($ip) == FALSE) {
$notice = "invalidip";
header("Location: search.php?notice={$notice}");
exit;
}
$ip = long2ip(ip2decimal($ip));
if (!strstr($mask, '.') && ($mask <= '0' || $mask > '32')) {
$notice = "invalidmask";
header("Location: search.php?notice={$notice}");
exit;
} elseif (!strstr($mask, '.')) {
$bin = str_pad('', $mask, '1');
$bin = str_pad($bin, '32', '0');
$mask = bindec(substr($bin, 0, 8)) . "." . bindec(substr($bin, 8, 8)) . "." . bindec(substr($bin, 16, 8)) . "." . bindec(substr($bin, 24, 8));
$mask = long2ip(ip2decimal($mask));
} elseif (!validate_netmask($mask)) {
$notice = "invalidmask";
header("Location: search.php?notice={$notice}");
exit;
}
}
$long_ip = isset($ip) ? ip2decimal($ip) : '';
$long_mask = isset($mask) ? ip2decimal($mask) : '';
if ($when == "dates") {
$searchdescription = str_replace("%fromdate%", "{$fromdate}", $COLLATE['languages']['selected']['searchdatedesc']);
$searchdescription = str_replace("%todate%", "{$todate}", $searchdescription);
}
if ($first == "0") {
// Blocks search
$first = "blocks";
$First = "IP Blocks";
if ($second == 'ip') {
if ($mask == '255.255.255.255') {
# IP falls within block range
$sql = "SELECT id, name, start_ip, end_ip, note, type FROM blocks WHERE type='ipv4' AND\r\n\t CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) <= CAST('{$long_ip}' & 0xFFFFFFFF AS UNSIGNED) AND\r\n\t CAST(end_ip & 0xFFFFFFFF AS UNSIGNED) >= CAST('{$long_ip}' & 0xFFFFFFFF AS UNSIGNED)\r\n\t\t\t\tORDER BY `{$order}` ASC";
} else {
# block range falls within supernet given in search
$sql = "SELECT id, name, start_ip, end_ip, note, type FROM blocks WHERE type='ipv4' AND (\r\n\t\t CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) & CAST('{$long_mask}' & 0xFFFFFFFF AS UNSIGNED) = CAST('{$long_ip}' & 0xFFFFFFFF AS UNSIGNED) OR\r\n\t\t CAST(end_ip & 0xFFFFFFFF AS UNSIGNED) & CAST('{$long_mask}' & 0xFFFFFFFF AS UNSIGNED) = CAST('{$long_ip}' & 0xFFFFFFFF AS UNSIGNED))\r\n\t\t\t\tORDER BY `{$order}` ASC";
}
} else {
$sql = "SELECT id, name, start_ip, end_ip, note, type FROM blocks WHERE {$second} like '%{$search}%' ORDER BY `{$order}` ASC";
}
}
if ($first == "1") {
// Subnet search
$first = "subnets";
$First = "Subnets";
if ($when == "dates") {
if ($second == "ip") {
$sql = "SELECT id, name, start_ip, end_ip, mask, note, block_id FROM subnets WHERE \r\n\t\t ((CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) & CAST('{$long_mask}' & 0xFFFFFFFF AS UNSIGNED) = CAST('{$long_ip}' & 0xFFFFFFFF AS UNSIGNED)) OR\r\n\t\t (CAST('{$long_ip}' & 0xFFFFFFFF AS UNSIGNED) & CAST(mask & 0xFFFFFFFF AS UNSIGNED) = CAST(start_ip & 0xFFFFFFFF AS UNSIGNED))) AND\r\n modified_at > '{$fromdate} 00:00:00' AND modified_at < '{$todate} 23:59:59' ORDER BY `{$order}` ASC";
} else {
$sql = "SELECT id, name, start_ip, end_ip, mask, note, block_id FROM subnets WHERE {$second} LIKE '%{$search}%' AND\r\n modified_at > '{$fromdate} 00:00:00' AND modified_at < '{$todate} 23:59:59' ORDER BY `{$order}` ASC";
}
} else {
if ($second == "ip") {
$sql = "SELECT id, name, start_ip, end_ip, mask, note, block_id FROM subnets WHERE\r\n (CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) & CAST('{$long_mask}' & 0xFFFFFFFF AS UNSIGNED) = CAST('{$long_ip}' & 0xFFFFFFFF AS UNSIGNED)) OR\r\n (CAST('{$long_ip}' & 0xFFFFFFFF AS UNSIGNED) & CAST(mask & 0xFFFFFFFF AS UNSIGNED) = CAST(start_ip & 0xFFFFFFFF AS UNSIGNED))\r\n ORDER BY `{$order}` ASC";
} else {
$sql = "SELECT id, name, start_ip, end_ip, mask, note, block_id FROM subnets WHERE {$second} LIKE '%{$search}%' ORDER BY `{$order}` ASC";
}
}
} elseif ($first == "2") {
// Statics earch
$first = "static IPs";
if ($sort == 'failed_scans') {
$full_order = "`failed_scans` DESC";
} else {
$full_order = "`{$sort}` ASC";
}
if ($when == "dates") {
if ($second == "ip") {
$sql = "SELECT id, ip, name, contact, note, subnet_id, failed_scans FROM statics WHERE CAST(ip AS UNSIGNED) & CAST('{$long_mask}' AS UNSIGNED) = CAST('{$long_ip}' AS UNSIGNED) AND\r\n modified_at > '{$fromdate} 00:00:00' AND modified_at < '{$todate} 23:59:59' ORDER BY {$full_order}";
} elseif ($second == 'failed_scans') {
$sql = "SELECT id, ip, name, contact, note, subnet_id, failed_scans FROM statics WHERE \r\n (failed_scans >= '{$search}' OR failed_scans = '-1') AND modified_at > '{$fromdate} 00:00:00' \r\n AND modified_at < '{$todate} 23:59:59' ORDER BY {$full_order}";
} else {
$sql = "SELECT id, ip, name, contact, note, subnet_id, failed_scans FROM statics WHERE {$second} LIKE '%{$search}%' AND\r\n modified_at > '{$fromdate} 00:00:00' AND modified_at < '{$todate} 23:59:59' ORDER BY {$full_order}";
}
} else {
if ($second == "ip") {
$sql = "SELECT id, ip, name, contact, note, subnet_id, failed_scans FROM statics WHERE CAST(ip AS UNSIGNED) & CAST('{$long_mask}' AS UNSIGNED) = CAST('{$long_ip}' AS UNSIGNED) \r\n ORDER BY {$full_order}";
} elseif ($second == 'failed_scans') {
$sql = "SELECT id, ip, name, contact, note, subnet_id, failed_scans FROM statics WHERE (failed_scans >= '{$search}' \r\n OR failed_scans = '-1') ORDER BY {$full_order}";
} else {
$sql = "SELECT id, ip, name, contact, note, subnet_id, failed_scans FROM statics WHERE {$second} LIKE '%{$search}%' \r\n ORDER BY {$full_order}";
}
}
} elseif ($first == "3") {
// They're trying to search logs
$first = "logs";
$First = "Logs";
$Second = ucfirst($second);
if ($when == "dates") {
$sql = "SELECT occuredat, username, ipaddress, level, message FROM logs WHERE {$second} LIKE '%{$search}%' AND " . "occuredat>='{$fromdate} 00:00:00' AND occuredat<='{$todate} 23:59:59' ORDER BY `id` DESC";
} else {
$sql = "SELECT occuredat, username, ipaddress, level, message FROM logs WHERE {$second} LIKE '%{$search}%' ORDER BY `id` DESC";
}
}
if ($second == "username") {
$Second = "User";
}
$searchdescription = !isset($searchdescription) ? '' : $searchdescription;
$First = !isset($First) ? '' : $First;
$Second = !isset($Second) ? '' : $Second;
$resultarray = array("sql" => $sql, "searchdescription" => $searchdescription, "first" => $first, "First" => $First, "second" => $second, "Second" => $Second, "search" => $search, "when" => $when, "todate" => $todate, "fromdate" => $fromdate, "sort" => $sort);
return $resultarray;
}
