PHP Session::get_net_where Examples

Programming Language: PHP

Class/Type: Session

Method/Function: get_net_where

Examples at hotexamples.com: 11

PHP Session::get_net_where - 11 examples found. These are the top rated real world PHP examples of Session::get_net_where from package huge extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

getUser(30)

sendRedirect(30)

flash(30)

save(30)

add(30)

newInstance(30)

init(30)

singleton(30)

initNavigateListItems(30)

start(30)

flush(30)

notice(30)

addMessageAfterRedirect(30)

forget(30)

menu_perms(30)

delete(30)

getLoginUserID(30)

token(30)

addToNavigateListItems(30)

instance(30)

set(30)

getValue(30)

get_session_user(30)

remove(30)

has(30)

getUserID(30)

read(30)

error(30)

getUserId(30)

Set(30)

Messages(30)

create(30)

destroy(30)

getPluralNumber(30)

put(30)

push(30)

getSession(30)

pull(30)

set_flash(30)

exists(30)

haveRight(30)

haveRightsOr(30)

resetSessions(30)

getLoggedInUser(30)

clear(30)

language(30)

checkToken(30)

currentUser(30)

checkRight(30)

isLoggedIn(30)

Session Class Documentation

Example #1

Show file

File: sensor_filter.php Project: AntBean/alienvault-ossim

function make_asset_filter($type = 'event', $alias = 'acid_event')
{
    $where = '';
    $join = '';
    $hosts = Session::get_host_where();
    $nets = Session::get_net_where();
    if ($hosts != '') {
        if ($type == 'event') {
            $where = " AND ({$alias}.src_host in ({$hosts}) OR {$alias}.dst_host in ({$hosts})";
            if ($nets != '') {
                $where .= " OR {$alias}.src_net in ({$nets}) OR {$alias}.dst_net in ({$nets}))";
            } else {
                $where .= ')';
            }
        } else {
            $where = " AND alarm.backlog_id=alarm_hosts.id_alarm";
            if ($nets != '') {
                $where .= " AND alarm.backlog_id=alarm_nets.id_alarm AND (alarm_hosts.id_host in ({$hosts}) OR alarm_nets.id_net in ({$nets}))";
                $join = ",alarm_hosts, alarm_nets ";
            } else {
                $where .= " AND alarm_hosts.id_host in ({$hosts})";
                $join = ",alarm_hosts ";
            }
        }
    } elseif ($nets != '') {
        if ($type == 'event') {
            $where = " AND ({$alias}.src_net in ({$nets}) OR {$alias}.dst_net in ({$nets}))";
        } else {
            $where = " AND alarm.backlog_id=alarm_nets.id_alarm AND alarm_nets.id_net in ({$nets})";
            $join = ",alarm_nets ";
        }
    }
    return array($join, $where);
}

Example #2

Show file

File: base_common.php Project: jackpf/ossim-arc

function GetPerms($alias = "acid_event")
{
    $perms_sql = "";
    $domain = Session::get_ctx_where();
    if ($domain != "") {
        $perms_sql .= " AND {$alias}.ctx in ({$domain})";
    }
    // Asset filter
    $host_perms = Session::get_host_where();
    $net_perms = Session::get_net_where();
    if ($host_perms != "") {
        $perms_sql .= " AND ({$alias}.src_host in ({$host_perms}) OR {$alias}.dst_host in ({$host_perms})";
        if ($net_perms != "") {
            $perms_sql .= " OR {$alias}.src_net in ({$net_perms}) OR {$alias}.dst_net in ({$net_perms}))";
        } else {
            $perms_sql .= ")";
        }
    } elseif ($net_perms != "") {
        $perms_sql .= " AND ({$alias}.src_net in ({$net_perms}) OR {$alias}.dst_net in ({$net_perms}))";
    }
    return $perms_sql;
}

Example #3

Show file

File: import_all_nets.php Project: AntBean/alienvault-ossim

function import_assets_from_csv($filename, $iic, $ctx, $import_type)
{
    //Process status
    $summary = array('general' => array('status' => '', 'data' => '', 'statistics' => array('total' => 0, 'warnings' => 0, 'errors' => 0, 'saved' => 0)), 'by_nets' => array());
    $db = new ossim_db();
    $conn = $db->connect();
    $str_data = file_get_contents($filename);
    if ($str_data === FALSE) {
        $summary['general']['status'] = 'error';
        $summary['general']['data']['errors'] = _('Failed to read data from CSV file');
        $summary['general']['statistics']['errors'] = 1;
        return $summary;
    }
    $array_data = preg_split('/\\n|\\r/', $str_data);
    foreach ($array_data as $k => $v) {
        if (trim($v) != '') {
            $data[] = explode('";"', trim($v));
        }
    }
    set_time_limit(360);
    /*********************************************************************************************************************
     * From net section:
     *  - Version 4.x.x: "Netname"*;"CIDRs(CIDR1,CIDR2,...)"*;"Description";"Asset value"*;"Net ID"
     *  - Version 3.x.x: "Netname"*;"CIDRs(CIDR1,CIDR2,...)"*;"Description";"Asset value";"Sensors(Sensor1,Sensor2,...)"*
     *
     * From welcome wizard:
     *  - Version 4.x.x: "Netname"*;"CIDRs(CIDR1,CIDR2,...)"*;"Description"   
     *
     *********************************************************************************************************************/
    //Check file size
    if (count($data) <= 0 || count($data) == 1 && preg_match('/Netname/', $data[0][0])) {
        $summary['general']['status'] = 'error';
        $summary['general']['data'] = _('CSV file is empty');
        $summary['general']['statistics']['errors'] = 1;
        return $summary;
    }
    //Check importation type and headers
    $csv_headers = array();
    if ($import_type == 'networks') {
        if (preg_match('/Net ID/', $data[0][4]) || preg_match('/Sensors/', $data[0][4])) {
            $csv_headers = array_shift($data);
        } else {
            $summary['general']['status'] = 'error';
            $summary['general']['data'] = _('Headers not found');
            $summary['general']['statistics']['errors'] = 1;
            return $summary;
        }
    }
    //Setting total nets to import
    $summary['general']['statistics']['total'] = count($data);
    //Allowed sensors
    $filters = array('where' => "acl_sensors.entity_id = UNHEX('{$ctx}')");
    $a_sensors = Av_sensor::get_basic_list($conn, $filters);
    $sensor_ids = array_keys($a_sensors);
    if (count($sensor_ids) == 0) {
        $summary['general']['status'] = 'error';
        $s_error_msg = Session::is_pro() ? _('There is no sensor for this context') : _('There is no sensor for this net');
        $summary['general']['data'] = $s_error_msg;
        $summary['general']['statistics']['errors'] = 1;
        return $summary;
    }
    Util::disable_perm_triggers($conn, TRUE);
    foreach ($data as $k => $v) {
        //Clean previous errors
        ossim_clean_error();
        $num_line = $k + 1;
        //Set default status
        $summary['by_nets'][$num_line]['status'] = 'error';
        //Check file format
        $cnd_1 = $import_type == 'networks' && count($v) < 5;
        $cnd_2 = $import_type == 'welcome_wizard_nets' && count($v) < 3;
        if ($cnd_1 || $cnd_2) {
            $summary['by_nets'][$num_line]['errors']['Format'] = _('Number of fields is incorrect');
            $summary['general']['statistics']['errors']++;
            continue;
        }
        //Clean values
        $param = array();
        foreach ($v as $field) {
            $parameter = trim($field);
            $pattern = '/^\\"|\\"$|^\'|\'$/';
            $param[] = preg_replace($pattern, '', $parameter);
        }
        //Values
        $is_in_db = FALSE;
        $net_id = '';
        $name = $param[0];
        $cidrs = preg_replace("/[\n\r\t]+/", '', $param[1]);
        $descr = $param[2];
        $asset_value = $param[3] == '' ? 2 : intval($param[3]);
        $sensors = $sensor_ids;
        //Permissions
        $can_i_create_assets = Session::can_i_create_assets();
        $can_i_modify_ips = TRUE;
        //CIDRs
        if (!ossim_valid($cidrs, OSS_IP_CIDR, 'illegal:' . _('CIDR'))) {
            $summary['by_nets'][$num_line]['errors']['CIDRs'] = ossim_get_error_clean();
            $summary['general']['statistics']['errors']++;
            continue;
        }
        //Check Net ID �Is there a net registered in the System?
        $net_ids = Asset_net::get_id_by_ips($conn, $cidrs, $ctx);
        $net_id = key($net_ids);
        if (!empty($net_id)) {
            $is_in_db = TRUE;
        } else {
            $net_id = Util::uuid();
        }
        // Special case: Forced Net ID [Version 4.x.x]
        if ($import_type == 'networks' && preg_match('/Net ID/', $csv_headers[4])) {
            $csv_net_id = strtoupper($param[4]);
            if ($is_in_db == TRUE && $csv_net_id != $net_id) {
                $id_error_msg = _('Net is already registered in the System with another Net ID');
                $summary['by_nets'][$num_line]['errors']['Net'] = $id_error_msg;
                $summary['general']['statistics']['errors']++;
                continue;
            }
        }
        //Netname
        if (!empty($iic)) {
            $name = clean_iic($name);
        }
        if (!ossim_valid($name, OSS_NOECHARS, OSS_NET_NAME, 'illegal:' . _('Netname'))) {
            ossim_clean_error();
            $name = clean_iic($name);
            $name = clean_echars($name);
            $warning_msg = _('Netname has invalid characters') . '<br/>' . _('Netname will be replaced by') . ": <strong>{$name}</strong>";
            $summary['by_nets'][$num_line]['warnings']['Netname'] = $warning_msg;
            $summary['by_nets'][$num_line]['status'] = 'warning';
            $summary['general']['statistics']['warnings']++;
            if (!ossim_valid($name, OSS_NOECHARS, OSS_NET_NAME, 'illegal:' . _('Netname'))) {
                unset($summary['by_nets'][$num_line]['warnings']);
                $summary['general']['statistics']['warnings']--;
                $summary['by_nets'][$num_line]['status'] = 'error';
                $summary['by_nets'][$num_line]['errors']['Netname'] = ossim_get_error_clean();
                $summary['general']['statistics']['errors']++;
                continue;
            }
        }
        //Description
        if (!ossim_valid($descr, OSS_NULLABLE, OSS_AT, OSS_TEXT, '\\t', 'illegal:' . _('Description'))) {
            $summary['by_nets'][$num_line]['errors']['Description'] = ossim_get_error_clean();
            $summary['general']['statistics']['errors']++;
            continue;
        } else {
            if (mb_detect_encoding($descr . ' ', 'UTF-8,ISO-8859-1') == 'UTF-8') {
                $descr = mb_convert_encoding($descr, 'HTML-ENTITIES', 'UTF-8');
            }
        }
        //Sensor
        if ($is_in_db == FALSE) {
            //Only update net sensors with unregistered nets
            if ($import_type == 'networks' && preg_match('/Sensors/', $csv_headers[4])) {
                //Special case: Sensors in CSV file //[Version 3.x.x]
                $sensors = array();
                $_sensors = explode(',', $param[4]);
                if (is_array($_sensors) && !empty($_sensors)) {
                    $_sensors = array_flip($_sensors);
                    if (is_array($a_sensors) && !empty($a_sensors)) {
                        foreach ($a_sensors as $s_id => $s_data) {
                            if (array_key_exists($s_data['ip'], $_sensors)) {
                                $sensors[] = $s_id;
                            }
                        }
                    }
                }
                if (!is_array($sensors) || empty($sensors)) {
                    $s_error_msg = Session::is_pro() ? _('There is no sensors for this context') : _('There is no sensors for this IP');
                    $summary['by_nets'][$num_line]['errors']['Sensors'] = $s_error_msg;
                    $summary['general']['statistics']['errors']++;
                    continue;
                }
            }
        }
        /***********************************************************
         ********** Only for importation from net section **********
         ***********************************************************/
        if ($import_type == 'networks') {
            //Asset
            if (!ossim_valid($asset_value, OSS_DIGIT, 'illegal:' . _('Asset value'))) {
                $summary['by_nets'][$num_line]['errors']['Asset value'] = ossim_get_error_clean();
                $summary['general']['statistics']['errors']++;
                continue;
            }
        }
        //Insert/Update net in database
        if (count($summary['by_nets'][$num_line]['errors']) == 0) {
            try {
                $net = new Asset_net($net_id);
                if ($is_in_db == TRUE) {
                    $net->load_from_db($conn, $net_id);
                    $can_i_modify_ips = Asset_net::can_i_modify_ips($conn, $net_id);
                } else {
                    if ($can_i_create_assets == FALSE) {
                        $n_error_msg = _('Net') . ' ' . $name . ' ' . _("not allowed. You don't have permissions to import this net");
                        $summary['by_nets'][$num_line]['errors']['Net'] = $n_error_msg;
                        $summary['general']['statistics']['errors']++;
                        continue;
                    }
                }
                //Check CIDRs
                if ($can_i_modify_ips == TRUE) {
                    $aux_cidr = explode(',', $cidrs);
                    foreach ($aux_cidr as $cidr) {
                        $net_ids = Asset_net::get_id_by_ips($conn, $cidr, $ctx);
                        unset($net_ids[$net_id]);
                        if (!empty($net_ids)) {
                            $c_error_msg = _('CIDR') . ' ' . $cidrs . ' ' . _("not allowed. CIDR {$cidr} already exists for this entity");
                            $summary['by_nets'][$num_line]['errors']['CIDRs'] = $c_error_msg;
                            $summary['general']['statistics']['errors']++;
                            break;
                        } else {
                            if (Session::get_net_where() != '') {
                                if (!Asset_net::is_cidr_in_my_nets($conn, $cidr, $ctx)) {
                                    $c_error_msg = _('CIDR') . ' ' . $cidrs . ' ' . _("not allowed. CIDR {$cidr} out of range. Check your asset filter");
                                    $summary['by_nets'][$num_line]['errors']['CIDRs'] = $c_error_msg;
                                    $summary['general']['statistics']['errors']++;
                                    break;
                                }
                            }
                        }
                    }
                } else {
                    $c_error_msg = _('Net') . ' ' . $name . ': ' . _("CIDRs not allowed. CIDRs wasn't be modified");
                    $summary['by_nets'][$num_line]['status'] = 'warning';
                    $summary['general']['warnings']['errors']++;
                    $summary['by_nets'][$num_line]['warnings']['CIDRs'] = $c_error_msg;
                }
                //Setting new values
                if (count($summary['by_nets'][$num_line]['errors']) == 0) {
                    $net->set_ctx($ctx);
                    $net->set_name($name);
                    $net->set_descr($descr);
                    if ($is_in_db == FALSE) {
                        if ($can_i_modify_ips == TRUE) {
                            $net->set_ips($cidrs);
                        }
                        $net->set_sensors($sensors);
                    }
                    $net->set_asset_value($asset_value);
                    $net->save_in_db($conn, FALSE);
                    $summary['general']['statistics']['saved']++;
                    $summary['by_nets'][$num_line]['data'] = $is_in_db == TRUE ? _('Net updated') : _('New new inserted');
                    //Keep warnings
                    if ($summary['by_nets'][$num_line]['status'] != 'warning') {
                        $summary['by_nets'][$num_line]['status'] = 'success';
                    }
                }
            } catch (Exception $e) {
                $summary['by_nets'][$num_line]['errors']['Database error'] = $e->getMessage();
                $summary['general']['statistics']['errors']++;
            }
        }
    }
    if ($summary['general']['statistics']['saved'] > 0) {
        if ($summary['general']['statistics']['errors'] == 0) {
            $summary['general']['status'] = 'success';
            $summary['general']['data'] = _('All nets have been imported successfully');
        } else {
            $summary['general']['status'] = 'warning';
            $summary['general']['data'] = _('Some nets could not be imported successfully');
        }
        Util::disable_perm_triggers($conn, FALSE);
        try {
            Asset_net::report_changes($conn, 'nets');
        } catch (Exception $e) {
            error_log($e->getMessage(), 0);
        }
    } else {
        $summary['general']['statistics']['errors'] = count($data);
        //CSV file is not empty, but all lines are wrong
        if (empty($summary['general']['status'])) {
            $summary['general']['status'] = 'error';
            $summary['general']['data'] = _('Nets could not be imported');
        }
    }
    $db->close();
    return $summary;
}

Example #4

Show file

File: form_network.php Project: AntBean/alienvault-ossim

 if ((Session::get_host_where() != "" || Session::get_net_where() != "") && (GET('from') == "ANY" || GET('from_list') == "")) {
     $_GET["from"] = "LIST";
     $assets_aux = array();
     $_list_data = Asset_host::get_basic_list($conn);
     $_host_aux = array_keys($_list_data[1]);
     foreach ($_host_aux as $h_id) {
         $assets_aux[] = Util::uuid_format($h_id);
     }
     $_list_data = Asset_net::get_list($conn);
     $_net_aux = array_keys($_list_data[0]);
     foreach ($_net_aux as $n_id) {
         $assets_aux[] = Util::uuid_format($n_id);
     }
     $_GET["from_list"] = implode(",", $assets_aux);
 }
 if ((Session::get_host_where() != "" || Session::get_net_where() != "") && (GET('to') == "ANY" || GET('to_list') == "")) {
     $_GET["to"] = "LIST";
     $assets_aux = array();
     $_list_data = Asset_host::get_basic_list($conn);
     $_host_aux = array_keys($_list_data[1]);
     foreach ($_host_aux as $h_id) {
         $assets_aux[] = Util::uuid_format($h_id);
     }
     $_list_data = Asset_net::get_list($conn);
     $_net_aux = array_keys($_list_data[0]);
     foreach ($_net_aux as $n_id) {
         $assets_aux[] = Util::uuid_format($n_id);
     }
     $_GET["to_list"] = implode(",", $assets_aux);
 }
 if (GET("from") == "LIST") {

Example #5

Show file

File: mobile_option.php Project: jackpf/ossim-arc

function top_siem_events($conn, $limit)
{
    $data = array();
    $perms_sql = "WHERE 1=1";
    $domain = Session::get_ctx_where();
    if ($domain != "") {
        $perms_sql .= " AND ac.ctx in ({$domain})";
    }
    // Asset filter
    $hosts = Session::get_host_where();
    $nets = Session::get_net_where();
    if ($hosts != "") {
        $perms_sql .= " AND (ac.src_host in ({$hosts}) OR ac.dst_host in ({$hosts})";
        if ($nets != "") {
            $perms_sql .= " OR ac.src_net in ({$nets}) OR ac.dst_net in ({$nets}))";
        } else {
            $perms_sql .= ")";
        }
    } elseif ($nets != "") {
        $perms_sql .= " AND (ac.src_net in ({$nets}) OR ac.dst_net in ({$nets}))";
    }
    $query = "SELECT sum(ac.cnt) as num, plugin_sid.name FROM alienvault_siem.ac_acid_event AS ac LEFT JOIN alienvault.plugin_sid ON plugin_sid.plugin_id=ac.plugin_id AND plugin_sid.sid=ac.plugin_sid {$perms_sql} GROUP BY name ORDER BY num DESC LIMIT {$limit}";
    $rs = $conn->Execute($query);
    if (!$rs) {
        echo "error";
        die($conn->ErrorMsg());
    }
    while (!$rs->EOF) {
        $data[Util::signaturefilter($rs->fields["name"])] = $rs->fields["num"];
        $rs->MoveNext();
    }
    return $data;
}

Example #6

Show file

File: save_net.php Project: jackpf/ossim-arc

 if (Session::get_net_where() != '') {
     if (!Asset_net::is_cidr_in_my_nets($conn, $ips_string, $ctx)) {
         $validation_errors['cidr'] = _('The CIDR is not allowed. Please check with your account admin for more information');
     }
 }
 //Validating CIDRs
 $aux_ips = explode(',', $ips_string);
 if (empty($validation_errors['cidr'])) {
     foreach ($aux_ips as $cidr) {
         $net_ids = Asset_net::get_id_by_ips($conn, $cidr, $ctx);
         unset($net_ids[$id]);
         if (!empty($net_ids)) {
             $validation_errors['cidr'] = sprintf(_("The CIDR %s is not allowed. Please check with your account admin for more information"), $cidr);
             break;
         } else {
             if (Session::get_net_where() != '') {
                 if (!Asset_net::is_cidr_in_my_nets($conn, $cidr, $ctx)) {
                     $validation_errors['cidr'] = sprintf(_("The CIDR %s is not allowed. Please check with your account admin for more information"), $cidr);
                     break;
                 }
             }
         }
     }
 }
 //Validating Sensors
 if (is_array($sensors) && !empty($sensors)) {
     foreach ($sensors as $sensor) {
         if (!Av_sensor::is_allowed($conn, $sensor)) {
             $validation_errors['sboxs[]'] .= sprintf(_("Error! Sensor %s cannot be assigned to this network"), Av_sensor::get_name_by_id($conn, $sensor)) . "<br/>";
         }
     }

Example #7

Show file

File: import_all_hosts.php Project: jackpf/ossim-arc

function import_assets_from_csv($filename, $iic, $ctx, $import_type)
{
    //Process status
    $summary = array('general' => array('status' => '', 'data' => '', 'statistics' => array('total' => 0, 'warnings' => 0, 'errors' => 0, 'saved' => 0)), 'by_hosts' => array());
    $db = new ossim_db();
    $conn = $db->connect();
    $str_data = file_get_contents($filename);
    if ($str_data === FALSE) {
        $summary['general']['status'] = 'error';
        $summary['general']['data']['errors'] = _('Failed to read data from CSV file');
        $summary['general']['statistics']['errors'] = 1;
        return $summary;
    }
    $array_data = preg_split('/\\n|\\r/', $str_data);
    foreach ($array_data as $k => $v) {
        if (trim($v) != '') {
            $data[] = explode('";"', trim($v));
        }
    }
    /*************************************************************************************************************************************
     * From asset section:
     *  - Version 4.x.x or higher: "IP (IP1,IP2,...)";"Hostname";"FQDNs(FQDN1,FQDN2,...)";"Description";"Asset value";"Operating System";
     *                   "Latitude";"Longitude";"Host ID";"External Asset";"Device Types(Type1,Type2,...)"
     *
     *  - Version 3.x.x: "IP"*;"Hostname";"FQDNs(FQDN1,FQDN2,...)";"Description";"Asset value";"Sensors(Sensor1,Sensor2,...)";
     *                   "Operating System";"Latitude";"Longitude"
     *
     * From welcome wizard:
     *  - Version 4.x.x or higher: "IP (IP1,IP2,...)";"Hostname";"Description";"Operating System";"Device Type(Type1,Type2,...)"
     *
     **************************************************************************************************************************************/
    //Check file size
    if (count($data) <= 0 || count($data) == 1 && preg_match('/IP/', $data[0][0])) {
        $summary['general']['status'] = 'error';
        $summary['general']['data'] = _('CSV file is empty');
        $summary['general']['statistics']['errors'] = 1;
        return $summary;
    }
    //Check importation type and headers
    $csv_headers = array();
    if ($import_type == 'hosts') {
        if (preg_match('/Operating System/', $data[0][5]) || preg_match('/Sensors/', $data[0][5])) {
            $csv_headers = array_shift($data);
        } else {
            $summary['general']['status'] = 'error';
            $summary['general']['data'] = _('Headers not found');
            $summary['general']['statistics']['errors'] = 1;
            return $summary;
        }
    }
    //Setting total hosts to import
    $summary['general']['statistics']['total'] = count($data);
    //Getting all Operating System
    $all_os = Properties::get_all_os();
    //Getting devices types
    $all_devices = array();
    $aux_all_devices = Devices::get_all_for_filter($conn);
    $_all_devices = $aux_all_devices[0];
    foreach ($_all_devices as $d_data) {
        $d_key = $d_data['type_name'];
        $d_key .= $d_data['subtype_id'] != 0 ? ':' . $d_data['subtype_name'] : '';
        $all_devices[$d_key] = $d_data['type_id'] . ':' . $d_data['subtype_id'];
    }
    //Allowed sensors
    $filters = array('where' => "acl_sensors.entity_id = UNHEX('{$ctx}')");
    $a_sensors = Av_sensor::get_basic_list($conn, $filters);
    $sensor_ids = array_keys($a_sensors);
    if (count($sensor_ids) == 0) {
        $summary['general']['status'] = 'error';
        $s_error_msg = Session::is_pro() ? _('There is no sensors for this context') : _('There is no sensors for this IP address');
        $summary['general']['data'] = $s_error_msg;
        $summary['general']['statistics']['errors'] = 1;
        return $summary;
    }
    Util::disable_perm_triggers($conn, TRUE);
    foreach ($data as $k => $v) {
        //Clean previous errors
        ossim_clean_error();
        $num_line = $k + 1;
        //Set default status
        $summary['by_hosts'][$num_line]['status'] = 'error';
        //Check file format
        $cnd_1 = $import_type == 'hosts' && count($v) < 9;
        $cnd_2 = $import_type == 'welcome_wizard_hosts' && count($v) < 5;
        if ($cnd_1 || $cnd_2) {
            $summary['by_hosts'][$num_line]['errors']['Format'] = _('Number of fields is incorrect');
            $summary['general']['statistics']['errors']++;
            continue;
        }
        //Clean values
        $param = array();
        $index = 0;
        $max_index = count($v) - 1;
        foreach ($v as $field) {
            $parameter = trim($field);
            if ($index == 0) {
                $pattern = '/^\\"|^\'/';
                $param[] = preg_replace($pattern, '', $parameter);
            } else {
                if ($index == $max_index) {
                    $pattern = '/\\"$|\'$/';
                    $param[] = preg_replace($pattern, '', $parameter);
                } else {
                    $param[] = $parameter;
                }
            }
            $index++;
        }
        //Values
        $is_in_db = FALSE;
        $host_id = '';
        $sensors = $sensor_ids;
        $csv_ips = preg_replace("/\\s+/", '', $param[0]);
        if (!empty($param[1])) {
            $name = $param[1];
        } else {
            $aux_name = str_replace(' ', '', $csv_ips);
            $aux_name = str_replace(',', '-', $aux_name);
            $name = Asset_host::get_autodetected_name($aux_name);
        }
        if ($import_type == 'hosts') {
            $fqdns = $param[2];
            $descr = $param[3];
            $asset_value = !empty($param[4]) ? $param[4] : 2;
            if (preg_match('/Host ID/', $csv_headers[8])) {
                $os = $param[5];
                $latitude = floatval($param[6]);
                $longitude = floatval($param[7]);
                $external = empty($param[9]) ? 0 : intval($param[9]);
                $csv_devices = $param[10];
            } else {
                $os = $param[6];
                $latitude = floatval($param[7]);
                $longitude = floatval($param[8]);
                $external = 0;
                $csv_devices = '';
            }
        } else {
            $descr = $param[2];
            $os = $param[3];
            $latitude = 0;
            $longitude = 0;
            $asset_value = 2;
            $external = 0;
            $csv_devices = $param[4];
        }
        //Permissions
        $can_i_create_assets = Session::can_i_create_assets();
        $can_i_modify_ips = TRUE;
        //IPs
        if (!ossim_valid($csv_ips, OSS_IP_ADDR, 'illegal:' . _('IP'))) {
            $summary['by_hosts'][$num_line]['errors']['IP'] = ossim_get_error_clean();
            $summary['general']['statistics']['errors']++;
            continue;
        }
        //Check Host ID: Is there a host registered in the System?
        $host_ids = Asset_host::get_id_by_ips($conn, $csv_ips, $ctx);
        $host_id = key($host_ids);
        if (!empty($host_id)) {
            $is_in_db = TRUE;
        } else {
            $host_id = Util::uuid();
        }
        // Special case: Forced Host ID [Version 4.x.x or higher]
        if ($import_type == 'hosts' && preg_match('/Host ID/', $csv_headers[8]) && valid_hex32($param[8])) {
            $csv_hosts_id = strtoupper($param[8]);
            if ($is_in_db == TRUE && $csv_hosts_id != $host_id) {
                $id_error_msg = _('Host is already registered in the System with another Host ID');
                $summary['by_hosts'][$num_line]['errors']['Host'] = $id_error_msg;
                $summary['general']['statistics']['errors']++;
                continue;
            } else {
                if ($is_in_db == FALSE) {
                    $host_id = $csv_hosts_id;
                    // Save host ID to insert it
                }
            }
        }
        //Hostname
        if (!empty($iic)) {
            $name = clean_iic($name);
        }
        if (!ossim_valid($name, OSS_HOST_NAME, 'illegal:' . _('Hostname'))) {
            ossim_clean_error();
            $name = Asset_host::create_valid_name($name);
            $warning_msg = _('Hostname does not match with RFC 1123 specifications') . '<br/>' . _('Hostname will be replaced by') . ": <strong>{$name}</strong>";
            $summary['by_hosts'][$num_line]['warnings']['Hostname'] = $warning_msg;
            $summary['by_hosts'][$num_line]['status'] = 'warning';
            $summary['general']['statistics']['warnings']++;
            if (!ossim_valid($name, OSS_HOST_NAME, 'illegal:' . _('Hostname'))) {
                unset($summary['by_hosts'][$num_line]['warnings']);
                $summary['general']['statistics']['warnings']--;
                $summary['by_hosts'][$num_line]['status'] = 'error';
                $summary['by_hosts'][$num_line]['errors']['Hostname'] = ossim_get_error_clean();
                $summary['general']['statistics']['errors']++;
                continue;
            }
        }
        //Description
        if (!ossim_valid($descr, OSS_NULLABLE, OSS_ALL, 'illegal:' . _('Description'))) {
            $summary['by_hosts'][$num_line]['errors']['Description'] = ossim_get_error_clean();
            $summary['general']['statistics']['errors']++;
            continue;
        } else {
            if (mb_detect_encoding($descr . ' ', 'UTF-8,ISO-8859-1') == 'UTF-8') {
                $descr = mb_convert_encoding($descr, 'HTML-ENTITIES', 'UTF-8');
            }
        }
        //Operating System
        $os_pattern = '/' . preg_quote(implode('|', $all_os), '/') . '/';
        $os_pattern = str_replace('\\|', '|', $os_pattern);
        if (!empty($os) && !preg_match($os_pattern, $os)) {
            $warning_msg = _('Operating System unknown');
            $summary['by_hosts'][$num_line]['warnings']['Operating System'] = $warning_msg;
            $summary['by_hosts'][$num_line]['status'] = 'warning';
            $summary['general']['statistics']['warnings']++;
            $os = 'Unknown';
        }
        //Devices Types
        $devices = array();
        $unallowed_devices = array();
        if (!empty($csv_devices)) {
            $aux_devices = explode(',', $csv_devices);
            if (is_array($aux_devices) && !empty($aux_devices)) {
                foreach ($aux_devices as $d_name) {
                    $d_name = trim($d_name);
                    if (array_key_exists($d_name, $all_devices)) {
                        $devices[] = $all_devices[$d_name];
                    } else {
                        $unallowed_devices[] = $d_name;
                    }
                }
                if (!empty($unallowed_devices)) {
                    $warning_msg = _('Some devices could not be added (Type and/or subtype unknown)') . ': ' . implode(',', $unallowed_devices);
                    $summary['by_hosts'][$num_line]['warnings']['Devices'] = $warning_msg;
                    $summary['by_hosts'][$num_line]['status'] = 'warning';
                    $summary['general']['statistics']['warnings']++;
                }
            }
        }
        //Sensor
        if ($is_in_db == FALSE) {
            //Only update host sensors with unregistered hosts
            if ($import_type == 'hosts' && preg_match('/Sensors/', $csv_headers[5])) {
                //Special case: Sensors in CSV file //[Version 3.x.x]
                $sensors = array();
                $_sensors = explode(',', $param[4]);
                if (is_array($_sensors) && !empty($_sensors)) {
                    $_sensors = array_flip($_sensors);
                    if (is_array($a_sensors) && !empty($a_sensors)) {
                        foreach ($a_sensors as $s_id => $s_data) {
                            if (array_key_exists($s_data['ip'], $_sensors)) {
                                $sensors[] = $s_id;
                            }
                        }
                    }
                }
                if (!is_array($sensors) || empty($sensors)) {
                    $s_error_msg = Session::is_pro() ? _('There is no sensors for this context') : _('There is no sensors for this IP address');
                    $summary['by_hosts'][$num_line]['errors']['Sensors'] = $s_error_msg;
                    $summary['general']['statistics']['errors']++;
                    continue;
                }
            }
        }
        /***********************************************************
         ********** Only for importation from host section **********
         ***********************************************************/
        if ($import_type == 'hosts') {
            //FQDNs
            if (!ossim_valid($fqdns, OSS_FQDNS, OSS_NULLABLE, 'illegal:' . _('FQDN/Aliases'))) {
                $summary['by_hosts'][$num_line]['errors']['FQDN/Aliases'] = ossim_get_error_clean();
                $summary['general']['statistics']['errors']++;
                continue;
            }
            //Asset
            if (!ossim_valid($asset_value, OSS_DIGIT, 'illegal:' . _('Asset value'))) {
                $summary['by_hosts'][$num_line]['errors']['Asset value'] = ossim_get_error_clean();
                $summary['general']['statistics']['errors']++;
                continue;
            }
            //Latitude
            if (!empty($latitude)) {
                if (!ossim_valid(trim($latitude), OSS_NULLABLE, OSS_DIGIT, OSS_DOT, '\\-', 'illegal:' . _('Latitude'))) {
                    $summary['by_hosts'][$num_line]['errors']['Latitude'] = ossim_get_error_clean();
                    $summary['general']['statistics']['errors']++;
                    continue;
                }
            }
            //Longitude
            if (!empty($longitude)) {
                if (!ossim_valid(trim($longitude), OSS_NULLABLE, OSS_DIGIT, OSS_DOT, '\\-', 'illegal:' . _('Longitude'))) {
                    $summary['by_hosts'][$num_line]['errors']['Longitude'] = ossim_get_error_clean();
                    $summary['general']['statistics']['errors']++;
                    continue;
                }
            }
        }
        //Insert/Update host in database
        if (count($summary['by_hosts'][$num_line]['errors']) == 0) {
            try {
                $host = new Asset_host($conn, $host_id);
                if ($is_in_db == TRUE) {
                    $host->load_from_db($conn, $host_id);
                    $can_i_modify_ips = Asset_host::can_i_modify_ips($conn, $host_id);
                } else {
                    if ($can_i_create_assets == FALSE) {
                        $n_error_msg = _('Host') . ' ' . $name . ' ' . _("not allowed. You don't have permissions to import this host");
                        $summary['by_hosts'][$num_line]['errors']['Net'] = $n_error_msg;
                        $summary['general']['statistics']['errors']++;
                        continue;
                    }
                }
                //Check IPs
                if ($can_i_modify_ips == TRUE) {
                    $aux_ips = explode(',', $csv_ips);
                    foreach ($aux_ips as $ip) {
                        $host_ids = Asset_host::get_id_by_ips($conn, $ip, $ctx);
                        unset($host_ids[$host_id]);
                        if (!empty($host_ids)) {
                            $c_error_msg = _('IP') . ' ' . $csv_ips . ' ' . _("not allowed. IP {$ip} already exists for this entity");
                            $summary['by_hosts'][$num_line]['errors']['IP'] = $c_error_msg;
                            $summary['general']['statistics']['errors']++;
                            break;
                        } else {
                            $cnd_1 = Session::get_net_where() != '' && !Session::only_ff_net();
                            $cnd_2 = Asset_host::is_ip_in_cache_cidr($conn, $ip, $ctx, TRUE);
                            if ($cnd_1 && !$cnd_2) {
                                $c_error_msg = sprintf(_("Error! The IP %s is not allowed. Please check with your account admin for more information"), $csv_ips);
                                $summary['by_hosts'][$num_line]['errors']['IP'] = $c_error_msg;
                                $summary['general']['statistics']['errors']++;
                                break;
                            }
                        }
                    }
                } else {
                    $c_error_msg = _('Host') . ' ' . $name . ': ' . _("IP address not allowed. IP address cannot be modified");
                    $summary['by_hosts'][$num_line]['status'] = 'warning';
                    $summary['general']['warnings']['errors']++;
                    $summary['by_hosts'][$num_line]['warnings']['IP'] = $c_error_msg;
                }
                //Setting new values
                if (count($summary['by_hosts'][$num_line]['errors']) == 0) {
                    $host->set_ctx($ctx);
                    $host->set_name($name);
                    $host->set_descr($descr);
                    if ($is_in_db == FALSE) {
                        if ($can_i_modify_ips == TRUE) {
                            if (is_array($aux_ips) && !empty($aux_ips)) {
                                $ips = array();
                                foreach ($aux_ips as $ip) {
                                    $ips[$ip] = array('ip' => $ip, 'mac' => NULL);
                                }
                                $host->set_ips($ips);
                            }
                        }
                        $host->set_sensors($sensors);
                    }
                    if (!empty($fqdns)) {
                        $host->set_fqdns($fqdns);
                    }
                    $host->set_external($external);
                    $host->set_location($latitude, $longitude);
                    $host->set_asset_value($asset_value);
                    $host->set_devices($devices);
                    $host->save_in_db($conn, FALSE);
                    //Save Operating System
                    if (!empty($os)) {
                        Asset_host_properties::save_property_in_db($conn, $host_id, 3, $os, 2);
                    }
                    $summary['general']['statistics']['saved']++;
                    $summary['by_hosts'][$num_line]['data'] = $is_in_db == TRUE ? _('Asset updated') : _('New asset inserted');
                    //Keep warnings
                    if ($summary['by_hosts'][$num_line]['status'] != 'warning') {
                        $summary['by_hosts'][$num_line]['status'] = 'success';
                    }
                }
            } catch (Exception $e) {
                $summary['by_hosts'][$num_line]['errors']['Database error'] = $e->getMessage();
                $summary['general']['statistics']['errors']++;
            }
        }
    }
    if ($summary['general']['statistics']['saved'] > 0) {
        if ($summary['general']['statistics']['errors'] == 0) {
            $summary['general']['status'] = 'success';
            $summary['general']['data'] = _('All assets have been successfully imported ');
        } else {
            $summary['general']['status'] = 'warning';
            $summary['general']['data'] = _('Some assets cannot be imported');
        }
        Util::disable_perm_triggers($conn, FALSE);
        try {
            Asset_host::report_changes($conn, 'hosts');
        } catch (Exception $e) {
            Av_exception::write_log(Av_exception::USER_ERROR, $e->getMessage());
        }
    } else {
        $summary['general']['statistics']['errors'] = count($data);
        //CSV file is not empty, but all lines are wrong
        if (empty($summary['general']['status'])) {
            $summary['general']['status'] = 'error';
            $summary['general']['data'] = _('Assets cannot be imported');
        }
    }
    @$conn->Execute("REPLACE INTO alienvault.host_net_reference SELECT host.id,net_id FROM alienvault.host, alienvault.host_ip, alienvault.net_cidrs WHERE host.id = host_ip.host_id AND host_ip.ip >= net_cidrs.begin AND host_ip.ip <= net_cidrs.end");
    $db->close();
    return $summary;
}

Example #8

Show file

File: global_score.php Project: AntBean/alienvault-ossim

////////////////////////////////////////////////////////////////
$sql = "SELECT hex(net_id) as net_id FROM net_group_reference";
if (!($rs =& $conn->Execute($sql))) {
    die($conn->ErrorMsg());
}
$nets_grouped = array();
while (!$rs->EOF) {
    $nets_grouped[$rs->fields['net_id']]++;
    $rs->MoveNext();
}
$net_where = "";
if ($ctxs != "") {
    $net_where = " AND net.ctx in ({$ctxs})";
}
// Asset filter
$nets = Session::get_net_where();
if ($nets != "") {
    $net_where .= " AND net.id in ({$nets})";
}
$sql = "SELECT\n            net.name as net_name,\n            HEX(net.id) as net_id,\n            net.threshold_c as net_threshold_c,\n            net.threshold_a as net_threshold_a,\n            net.ips as net_address\n        FROM\n            net\n        WHERE\n            1=1 {$net_where} {$net_limit}";
if (!($rs =& $conn->Execute($sql))) {
    die($conn->ErrorMsg());
}
$networks = array();
$count = 1;
while (!$rs->EOF) {
    $has_perms = true;
    $net = $rs->fields['net_id'];
    if ($nets_grouped[$net] != "" || $count > $max) {
        $rs->MoveNext();
        continue;

Example #9

Show file

File: base_qry_common.php Project: AntBean/alienvault-ossim

function ProcessCriteria()
{
    global $db, $join_sql, $perms_sql, $where_sql, $criteria_sql, $sql, $debug_mode, $caller, $DBtype;
    /* XXX-SEC */
    global $cs, $timetz;
    $db_aux = new ossim_db();
    $conn_aux = $db_aux->connect();
    /* the JOIN criteria */
    $ip_join_sql = " LEFT JOIN iphdr ON acid_event.sid=iphdr.sid AND acid_event.cid=iphdr.cid ";
    // *************** DEPRECATED: TCP UDP ICMP join *********************
    //$tcp_join_sql = " LEFT JOIN tcphdr ON acid_event.sid=tcphdr.sid AND acid_event.cid=tcphdr.cid ";
    //$udp_join_sql = " LEFT JOIN udphdr ON acid_event.sid=udphdr.sid AND acid_event.cid=udphdr.cid ";
    //$icmp_join_sql = " LEFT JOIN icmphdr ON acid_event.sid=icmphdr.sid AND acid_event.cid=icmphdr.cid ";
    $rawip_join_sql = " LEFT JOIN iphdr ON acid_event.sid=iphdr.sid AND acid_event.cid=iphdr.cid ";
    $sig_join_sql = " LEFT JOIN alienvault.plugin_sid ON acid_event.plugin_id=plugin_sid.plugin_id AND acid_event.plugin_sid=plugin_sid.sid ";
    $sig_join = false;
    //$data_join_sql = " LEFT JOIN extra_data ON acid_event.sid=extra_data.sid AND acid_event.cid=extra_data.cid ";
    $data_join_sql = "";
    $ag_join_sql = " LEFT JOIN acid_ag_alert ON acid_event.sid=acid_ag_alert.ag_sid AND acid_event.cid=acid_ag_alert.ag_cid ";
    //$sig_join_sql = "";
    //SQL_CALC_FOUND_ROWS
    $sql = "SELECT acid_event.*, HEX(acid_event.ctx) AS ctx, HEX(acid_event.src_host) AS src_host, HEX(acid_event.dst_host) AS dst_host, HEX(acid_event.src_net) AS src_net, HEX(acid_event.dst_net) AS dst_net FROM acid_event";
    $where_sql = " WHERE ";
    //$where_sql = "";
    // $criteria_sql = " acid_event.sid > 0";
    // Initially show last 24hours events
    if ($_GET['time_range'] == "") {
        $criteria_sql = " ( timestamp >='" . gmdate("Y-m-d", $timetz) . "' ) ";
    } else {
        $criteria_sql = " 1 ";
    }
    //$criteria_sql = " ( timestamp <= CURDATE() ) ";
    //$criteria_sql = " 1 ";
    $join_sql = "";
    $use_ac = true;
    // Use ac_acid_event or not
    /* ********************** Meta Criteria ******************************************** */
    $sig = $cs->criteria['sig']->criteria;
    $sig_type = $cs->criteria['sig']->sig_type;
    $sig_class = $cs->criteria['sig_class']->criteria;
    $sig_priority = $cs->criteria['sig_priority']->criteria;
    $ag = $cs->criteria['ag']->criteria;
    $sensor = $cs->criteria['sensor']->criteria;
    $sensor_op = $cs->criteria['sensor']->param ? "not in" : "in";
    $plugin = $cs->criteria['plugin']->criteria;
    $plugingroup = $cs->criteria['plugingroup']->criteria;
    $networkgroup = $cs->criteria['networkgroup']->criteria;
    $userdata = $cs->criteria['userdata']->criteria;
    $idm_username = $cs->criteria['idm_username']->criteria;
    $idm_hostname = $cs->criteria['idm_hostname']->criteria;
    $idm_domain = $cs->criteria['idm_domain']->criteria;
    $sourcetype = $cs->criteria['sourcetype']->criteria;
    $category = $cs->criteria['category']->criteria;
    $rep = $cs->criteria['rep']->criteria;
    $time = $cs->criteria['time']->GetUTC();
    $real_time = $cs->criteria['time']->criteria;
    //print_r($time);
    $time_cnt = $cs->criteria['time']->GetFormItemCnt();
    $hostid = $cs->criteria['hostid']->criteria;
    $netid = $cs->criteria['netid']->criteria;
    $ctx = $cs->criteria['ctx']->criteria;
    $device = $cs->criteria['device']->criteria;
    $ip_addr = $cs->criteria['ip_addr']->criteria;
    $ip_addr_cnt = $cs->criteria['ip_addr']->GetFormItemCnt();
    $layer4 = $cs->criteria['layer4']->criteria;
    $ip_field = $cs->criteria['ip_field']->criteria;
    $ip_field_cnt = $cs->criteria['ip_field']->GetFormItemCnt();
    $tcp_port = $cs->criteria['tcp_port']->criteria;
    $tcp_port_cnt = $cs->criteria['tcp_port']->GetFormItemCnt();
    // DEPRECATED tcp flags
    //$tcp_flags = $cs->criteria['tcp_flags']->criteria;
    //$tcp_field = $cs->criteria['tcp_field']->criteria;
    //$tcp_field_cnt = $cs->criteria['tcp_field']->GetFormItemCnt();
    $udp_port = $cs->criteria['udp_port']->criteria;
    $udp_port_cnt = $cs->criteria['udp_port']->GetFormItemCnt();
    // DEPRECATED udp field icmp field
    //$udp_field = $cs->criteria['udp_field']->criteria;
    //$udp_field_cnt = $cs->criteria['udp_field']->GetFormItemCnt();
    //$icmp_field = $cs->criteria['icmp_field']->criteria;
    //$icmp_field_cnt = $cs->criteria['icmp_field']->GetFormItemCnt();
    $rawip_field = $cs->criteria['rawip_field']->criteria;
    $rawip_field_cnt = $cs->criteria['rawip_field']->GetFormItemCnt();
    $data = $cs->criteria['data']->criteria;
    $data_cnt = $cs->criteria['data']->GetFormItemCnt();
    $cs->criteria['data']->data_encode;
    //$data_encode[0] = "ascii"; $data_encode[1] = "hex";
    /* OSSIM */
    $ossim_type = $cs->criteria['ossim_type']->criteria;
    $ossim_priority = $cs->criteria['ossim_priority']->criteria;
    $ossim_reliability = $cs->criteria['ossim_reliability']->criteria;
    $ossim_asset_dst = $cs->criteria['ossim_asset_dst']->criteria;
    $ossim_risk_a = $cs->criteria['ossim_risk_a']->criteria;
    $tmp_meta = "";
    /* Sensor */
    if ($sensor != "" && $sensor != " ") {
        $tmp_meta = $tmp_meta . " AND acid_event.device_id {$sensor_op} ( " . preg_replace("/^\\!/", "", $sensor) . " )";
    } else {
        $cs->criteria['sensor']->Set("");
    }
    /* Device */
    if ($device != "") {
        $_ip = bin2hex(inet_pton($device));
        $tmp_meta .= " AND acid_event.device_id IN (SELECT id FROM device WHERE device_ip=UNHEX('" . $_ip . "'))";
    }
    /* Plugin */
    if ($plugin != "" && $plugin != " ") {
        if (preg_match("/(\\d+)\\-(\\d+)/", $plugin, $match)) {
            $tmp_meta = $tmp_meta . " AND acid_event.plugin_id between " . $match[1] . " and " . $match[2];
        } else {
            $tmp_meta = $tmp_meta . " AND acid_event.plugin_id in (" . $plugin . ")";
        }
    }
    /* Plugin Group */
    if ($plugingroup != "" && $plugingroup != " ") {
        $pg_ids = QueryOssimPluginGroup($plugingroup);
        if ($pg_ids != "") {
            $tmp_meta = $tmp_meta . " AND ({$pg_ids}) ";
        } else {
            $tmp_meta = $tmp_meta . " AND (acid_event.plugin_id=-1 AND acid_event.plugin_sid=-1)";
        }
    }
    /* Network Group */
    if ($networkgroup != "" && $networkgroup != " ") {
        $ng_ids = QueryOssimNetworkGroup($networkgroup);
        if ($ng_ids != "") {
            $tmp_meta = $tmp_meta . " AND ({$ng_ids}) ";
            $use_ac = false;
        }
    }
    /* User Data */
    //echo "User Data:$userdata";
    $rpl = array('EQ' => '=', 'NE' => '!=', 'LT' => '<', 'LOE' => '<=', 'GT' => '>', 'GOE' => '>=');
    if (trim($userdata[2]) != "") {
        $_q = parenthesis_encode(escape_sql($userdata[2], $conn_aux));
        $sql = "SELECT acid_event.*, HEX(acid_event.ctx) AS ctx, HEX(acid_event.src_host) AS src_host, \n                                  HEX(acid_event.dst_host) AS dst_host, HEX(acid_event.src_net) AS src_net, \n                                  HEX(acid_event.dst_net) AS dst_net,extra_data.* \n                           FROM acid_event";
        $data_join_sql .= ",extra_data ";
        $_nq = is_numeric($_q) ? $_q : "'" . $_q . "'";
        $flt = "extra_data." . $userdata[0] . " " . strtr($userdata[1], $rpl) . " " . ($userdata[1] == "like" ? "'%" . $_q . "%'" : $_nq);
        $tmp_meta .= " AND acid_event.id=extra_data.event_id AND ({$flt})";
        $use_ac = FALSE;
    }
    /* IDM */
    if (trim($idm_username[0]) != '' || trim($idm_domain[0]) != '') {
        $data_join_sql .= ",idm_data ";
        $tmp_meta .= " AND acid_event.id=idm_data.event_id";
        $use_ac = FALSE;
    }
    if ($idm_username[0] != '') {
        $_q = parenthesis_encode(escape_sql($idm_username[0], $conn_aux));
        if ($idm_username[1] == "both") {
            $tmpcrit = "idm_data.username='******'";
        } else {
            $tmpcrit = "(idm_data.username='******' AND idm_data.from_src=" . ($idm_username[1] == "src" ? "1" : "0") . ")";
        }
        $tmp_meta .= " AND {$tmpcrit}";
    }
    if ($idm_domain[0] != '') {
        $_q = parenthesis_encode(escape_sql($idm_domain[0], $conn_aux));
        if ($idm_domain[1] == "both") {
            $tmpcrit = "idm_data.domain='" . $_q . "'";
        } else {
            $tmpcrit = "(idm_data.domain='" . $_q . "' AND idm_data.from_src=" . ($idm_domain[1] == "src" ? "1" : "0") . ")";
        }
        $tmp_meta .= " AND {$tmpcrit}";
    }
    if ($idm_hostname[0] != '') {
        $_q = parenthesis_encode(escape_sql($idm_hostname[0], $conn_aux));
        if ($idm_hostname[1] == "both") {
            $tmpcrit = "(acid_event.src_hostname='" . $_q . "' OR acid_event.dst_hostname='" . $_q . "')";
        } else {
            $tmpcrit = "acid_event." . $idm_hostname[1] . "_hostname='" . $_q . "'";
        }
        $tmp_meta .= " AND {$tmpcrit}";
        $use_ac = FALSE;
    }
    /* Reputation */
    $rep_data = trim($rep[0]) != "" || trim($rep[1]) != "" ? true : false;
    if ($rep_data) {
        $data_join_sql .= ",reputation_data";
        $tmp_meta .= " AND acid_event.id=reputation_data.event_id";
        $use_ac = false;
    }
    if (trim($rep[0]) != "") {
        # Activity
        if (intval($rep[0])) {
            $aname = GetActivityName($rep[0], $db);
            $tmpcrit = "(reputation_data.rep_act_src like '%" . str_replace("'", "\\'", $aname) . "%' OR reputation_data.rep_act_dst like '%" . str_replace("'", "\\'", $aname) . "%')";
        } else {
            $tmpcrit = "(reputation_data.rep_act_src!='' OR reputation_data.rep_act_dst!='')";
        }
        $tmp_meta .= " AND {$tmpcrit}";
    }
    if (trim($rep[1]) != "") {
        # Severity
        switch ($rep[1]) {
            case "High":
                $tmpcrit = "(reputation_data.rep_prio_src>6 OR reputation_data.rep_prio_dst>6)";
                break;
            case "Medium":
                $tmpcrit = "(reputation_data.rep_prio_src in (3,4,5,6) OR reputation_data.rep_prio_dst in (3,4,5,6))";
                break;
            case "Low":
                $tmpcrit = "(reputation_data.rep_prio_src in (0,1,2) OR reputation_data.rep_prio_dst in (0,1,2))";
                break;
            default:
                $tmpcrit = "(reputation_data.rep_prio_src>0 OR reputation_data.rep_prio_dst>0)";
        }
        $tmp_meta .= " AND {$tmpcrit}";
    }
    /* Source Type */
    if (trim($sourcetype) != "") {
        $tmp_meta = $tmp_meta . " AND acid_event.plugin_id in (" . GetPluginListBySourceType($sourcetype) . ")";
    }
    /* Category */
    if ($category[0] != 0) {
        $sig_join = true;
        $tmp_meta = $tmp_meta . GetPluginListByCategory($category);
    }
    /* Signature */
    if (isset($sig[0]) && $sig[0] != " " && $sig[0] != "" && (isset($sig[1]) && $sig[1] != "")) {
        if ($sig_type == 1) {
            // sending sig[1]=plugin_id;plugin_sid
            $pidsid = preg_split("/[\\s;]+/", $sig[1]);
            $tmp_meta = $tmp_meta . " AND (acid_event.plugin_id=" . intval($pidsid[0]) . " AND acid_event.plugin_sid=" . intval($pidsid[1]) . ")";
        } else {
            // free string
            $sig_ids = QueryOssimSignature($sig[1], $sig[0], $sig[2]);
            $sig_join = true;
            $tmp_meta = $tmp_meta . " AND ({$sig_ids})";
            //if ($sig_ids != "")
            //  $tmp_meta = $tmp_meta . " AND ($sig_ids) ";
            //else
            //  $tmp_meta = $tmp_meta." AND (plugin_id=-1 AND plugin_sid=-1)";
        }
    } else {
        $cs->criteria['sig']->Set("");
    }
    /*
     * OSSIM Code
     */
    /* OSSIM Type */
    if ($ossim_type[1] != " " && $ossim_type[1] != "" && $ossim_type[1] != "0") {
        $tmp_meta = $tmp_meta . " AND acid_event.ossim_type = '" . $ossim_type[1] . "'";
        $use_ac = false;
    } else {
        if ($ossim_type[1] == "0") {
            $tmp_meta = $tmp_meta . " AND (acid_event.ossim_type is null OR acid_event.ossim_type = '0')";
            $use_ac = false;
        } else {
            $cs->criteria['ossim_type']->Set("");
        }
    }
    /* OSSIM Priority */
    if ($ossim_priority[1] != " " && $ossim_priority[1] != "" && $ossim_priority[1] != "0") {
        $tmp_meta = $tmp_meta . " AND acid_event.ossim_priority  " . $ossim_priority[0] . " '" . $ossim_priority[1] . "'";
        $use_ac = false;
    } else {
        if ($ossim_priority[1] == "0") {
            $use_ac = false;
            $tmp_meta = $ossim_priority[0] == "=" ? $tmp_meta . " AND (acid_event.ossim_priority is null OR acid_event.ossim_priority = '0')" : ($tmp_meta = $tmp_meta . " AND acid_event.ossim_priority  " . $ossim_priority[0] . " '" . $ossim_priority[1] . "'");
        } else {
            $cs->criteria['ossim_priority']->Set("");
        }
    }
    /* OSSIM Reliability */
    if ($ossim_reliability[1] != " " && $ossim_reliability[1] != "" && $ossim_reliability[1] != "0") {
        $tmp_meta = $tmp_meta . " AND acid_event.ossim_reliability " . $ossim_reliability[0] . " '" . $ossim_reliability[1] . "'";
        $use_ac = false;
    } else {
        if ($ossim_reliability[1] == "0") {
            $tmp_meta = $ossim_reliability[0] == "=" ? $tmp_meta . " AND (acid_event.ossim_reliability is null OR acid_event.ossim_reliability = '0')" : $tmp_meta . " AND acid_event.ossim_reliability " . $ossim_reliability[0] . " '" . $ossim_reliability[1] . "'";
            $use_ac = false;
        } else {
            $cs->criteria['ossim_reliability']->Set("");
        }
    }
    /* OSSIM Asset DST */
    if ($ossim_asset_dst[1] != " " && $ossim_asset_dst[1] != "" && $ossim_asset_dst[1] != "0") {
        $tmp_meta = $tmp_meta . " AND acid_event.ossim_asset_dst " . $ossim_asset_dst[0] . " '" . $ossim_asset_dst[1] . "'";
        $use_ac = false;
    } else {
        if ($ossim_asset_dst[1] == "0") {
            $tmp_meta = $ossim_asset_dst[0] == "=" ? $tmp_meta . " AND (acid_event.ossim_asset_dst is null OR acid_event.ossim_asset_dst = '0')" : $tmp_meta . " AND acid_event.ossim_asset_dst " . $ossim_asset_dst[0] . " '" . $ossim_asset_dst[1] . "'";
            $use_ac = false;
        } else {
            $cs->criteria['ossim_asset_dst']->Set("");
        }
    }
    /* OSSIM Risk A */
    if ($ossim_risk_a != " " && $ossim_risk_a != "" && $ossim_risk_a != "0") {
        if ($ossim_risk_a == "low") {
            //$tmp_meta = $tmp_meta." AND ossim_risk_a >= 1 AND ossim_risk_a <= 4 ";
            $tmp_meta = $tmp_meta . " AND acid_event.ossim_risk_a < 1 ";
            $use_ac = false;
        } else {
            if ($ossim_risk_a == "medium") {
                //$tmp_meta = $tmp_meta." AND ossim_risk_a >= 5 AND ossim_risk_a <= 7 ";
                $tmp_meta = $tmp_meta . " AND acid_event.ossim_risk_a = 1 ";
                $use_ac = false;
            } else {
                if ($ossim_risk_a == "high") {
                    //$tmp_meta = $tmp_meta." AND ossim_risk_a >= 8 AND ossim_risk_a <= 10 ";
                    $tmp_meta = $tmp_meta . " AND acid_event.ossim_risk_a > 1 ";
                    $use_ac = false;
                }
            }
        }
    } else {
        $cs->criteria['ossim_risk_a']->Set("");
    }
    /* Date/Time */
    $time_meta = "";
    $real_time_meta = "";
    DateTimeRows2sql($real_time, $time_cnt, $real_time_meta);
    // Time without utc conversion
    if (DateTimeRows2sql($time, $time_cnt, $time_meta) == 0) {
        $cs->criteria['time']->SetFormItemCnt(0);
    }
    $criteria_sql = $criteria_sql . $tmp_meta;
    /* ********************** PERMS ************************ */
    // Allowed CTX's y Asset Filter
    $perms_sql = "";
    $domain = Session::get_ctx_where();
    if ($domain != "") {
        $perms_sql .= " AND acid_event.ctx in ({$domain})";
    }
    // Asset filter
    $host_perms = Session::get_host_where();
    $net_perms = Session::get_net_where();
    if ($host_perms != "") {
        $perms_sql .= " AND (acid_event.src_host in ({$host_perms}) OR acid_event.dst_host in ({$host_perms})";
        if ($net_perms != "") {
            $perms_sql .= " OR acid_event.src_net in ({$net_perms}) OR acid_event.dst_net in ({$net_perms}))";
        } else {
            $perms_sql .= ")";
        }
    } elseif ($net_perms != "") {
        $perms_sql .= " AND (acid_event.src_net in ({$net_perms}) OR acid_event.dst_net in ({$net_perms}))";
    }
    $criteria_sql .= $perms_sql;
    /* Host ID */
    $op = $hostid[3] != '' ? $hostid[3] : 'IN';
    $and_or = $op == 'NOT IN' ? 'AND' : 'OR';
    // src_host, dst_host fields
    if ($hostid[0] != "") {
        $hostwhere = "UNHEX('" . implode("',UNHEX('", explode(",", $hostid[0])) . "')";
        if ($hostid[2] == "both") {
            $criteria_sql .= " AND (acid_event.src_host {$op} ({$hostwhere}) {$and_or} acid_event.dst_host {$op} ({$hostwhere}))";
        } else {
            $criteria_sql .= " AND acid_event." . $hostid[2] . "_host {$op} ({$hostwhere})";
        }
    }
    /* Network ID */
    if ($netid[0] != "") {
        // src_net, dst_net fields
        $netwhere = "UNHEX('" . implode("',UNHEX('", explode(",", $netid[0])) . "')";
        if ($netid[2] == "both") {
            $criteria_sql .= " AND (acid_event.src_net in ({$netwhere}) OR acid_event.dst_net in ({$netwhere}))";
        } else {
            $criteria_sql .= " AND acid_event." . $netid[2] . "_host in ({$netwhere})";
        }
    }
    /* ********************** IP Criteria ********************************************** */
    /* IP Addresses */
    $tmp2 = "";
    for ($i = 0; $i < $ip_addr_cnt; $i++) {
        $tmp = "";
        if (isset($ip_addr[$i][3]) && $ip_addr[$i][1] != " " && $ip_addr[$i][1] != "") {
            if ($ip_addr[$i][3] != "" && $ip_addr[$i][4] != "" && $ip_addr[$i][5] != "" && $ip_addr[$i][6] != "") {
                /* if use illegal 256.256.256.256 address then
                 *  this is the special case where need to search for portscans
                 */
                if ($ip_addr[$i][3] == "256" && $ip_addr[$i][4] == "256" && $ip_addr[$i][5] == "256" && $ip_addr[$i][6] == "256") {
                    $tmp = $tmp . " acid_event." . $ip_addr[$i][1] . " IS NULL" . " ";
                } else {
                    if ($ip_addr[$i][10] == "") {
                        $tmp = $tmp . " acid_event." . $ip_addr[$i][1] . $ip_addr[$i][2] . "unhex('" . baseIP2hex($ip_addr[$i][3] . "." . $ip_addr[$i][4] . "." . $ip_addr[$i][5] . "." . $ip_addr[$i][6]) . "') ";
                    } else {
                        $mask = getIPMask($ip_addr[$i][3] . "." . $ip_addr[$i][4] . "." . $ip_addr[$i][5] . "." . $ip_addr[$i][6], $ip_addr[$i][10]);
                        if ($ip_addr[$i][2] == "!=") {
                            $tmp_op = " NOT ";
                        } else {
                            $tmp_op = "";
                        }
                        $tmp = $tmp . $tmp_op . " acid_event." . $ip_addr[$i][1] . ">= unhex('" . baseIP2hex($mask[0]) . "') AND acid_event." . $ip_addr[$i][1] . "<= unhex('" . baseIP2hex($mask[1]) . "')";
                    }
                }
            }
            /* if have chosen the address type to be both source and destination */
            if (ereg("ip_both", $tmp)) {
                $tmp_src = ereg_replace("ip_both", "ip_src", $tmp);
                $tmp_dst = ereg_replace("ip_both", "ip_dst", $tmp);
                if ($ip_addr[$i][2] == '=') {
                    $tmp = "(" . $tmp_src . ') OR (' . $tmp_dst . ')';
                } else {
                    $tmp = "(" . $tmp_src . ') AND (' . $tmp_dst . ')';
                }
            }
            $aux_op = $ip_addr_cnt > 0 ? $ip_addr[$i][9] == "AND" || $ip_addr[$i][9] == "OR" ? $ip_addr[$i][9] : "AND" : "";
            if ($tmp != "") {
                $tmp = $ip_addr[$i][0] . "(" . $tmp . ")" . $ip_addr[$i][8] . $aux_op;
            }
        } else {
            if (isset($ip_addr[$i][3]) && $ip_addr[$i][3] != "" || $ip_addr[$i][1] != " " && $ip_addr[$i][1] != "") {
                /* IP_addr_type, but MALFORMED IP address */
                if ($ip_addr[$i][1] != " " && $ip_addr[$i][1] != "" && $ip_addr[$i][3] == "" && ($ip_addr[$i][4] != "" || $ip_addr[$i][5] != "" || $ip_addr[$i][6] != "")) {
                    ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("Invalid IP address criteria") . " ' *." . $ip_addr[$i][4] . "." . $ip_addr[$i][5] . "." . $ip_addr[$i][6] . " '");
                }
                /* ADDRESS, but NO IP_addr_type was given */
                if (isset($ip_addr[$i][3]) && $ip_addr[$i][1] == " " && $ip_addr[$i][1] == "") {
                    ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("A IP address of") . " '" . $ip_addr[$i][3] . "." . $ip_addr[$i][4] . "." . $ip_addr[$i][5] . "." . $ip_addr[$i][6] . "' " . gettext("was entered for as a criteria value, but the type of address (e.g. source, destination) was not specified."));
                }
                /* IP_addr_type IS FILLED, but no ADDRESS */
                if ($ip_addr[$i][1] != " " && $ip_addr[$i][1] != "" && $ip_addr[$i][1] != "" && $ip_addr[$i][3] == "") {
                    ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("An IP address of type") . " '" . $ip_addr[$i][1] . "' " . gettext("was selected (at #") . $i . ") " . gettext("indicating that an IP address should be a criteria, but no address on which to match was specified."));
                }
            }
        }
        $tmp2 = $tmp2 . $tmp;
        if ($i > 0 && ($ip_addr[$i - 1][9] != 'OR' && $ip_addr[$i - 1][9] != 'AND') && $ip_addr[$i - 1][3] != "") {
            ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("Multiple IP address criteria entered without a boolean operator (e.g. AND, OR) between IP Criteria") . " #{$i} and #" . ($i + 1) . ".");
        }
    }
    if ($tmp2 != "") {
        BalanceBrackets($tmp2);
        $criteria_sql = $criteria_sql . " AND ( " . $tmp2 . " )";
        $use_ac = false;
    } else {
        $cs->criteria['ip_addr']->SetFormItemCnt(0);
    }
    /* IP Fields */
    if (FieldRows2sql($ip_field, $ip_field_cnt, $criteria_sql) == 0) {
        $cs->criteria['ip_field']->SetFormItemCnt(0);
    } else {
        $use_ac = false;
    }
    /* CTX */
    if ($ctx != "") {
        $criteria_sql .= " AND acid_event.ctx = UNHEX('{$ctx}')";
    }
    /* Layer-4 encapsulation */
    if ($layer4 == "TCP") {
        $criteria_sql = $criteria_sql . " AND acid_event.ip_proto= '6'";
        $use_ac = false;
    } else {
        if ($layer4 == "UDP") {
            $criteria_sql = $criteria_sql . " AND acid_event.ip_proto= '17'";
            $use_ac = false;
        } else {
            if ($layer4 == "ICMP") {
                $criteria_sql = $criteria_sql . " AND acid_event.ip_proto= '1'";
                $use_ac = false;
            } else {
                if ($layer4 == "RawIP") {
                    $criteria_sql = $criteria_sql . " AND acid_event.ip_proto= '255'";
                    $use_ac = false;
                } else {
                    $cs->criteria['layer4']->Set("");
                }
            }
        }
    }
    /* Join the iphdr table if necessary */
    if (!$cs->criteria['ip_field']->isEmpty()) {
        $join_sql = $ip_join_sql . $join_sql;
    }
    /* ********************** TCP Criteria ********************************************** */
    if ($layer4 == "TCP") {
        $proto_tmp = "";
        /* TCP Ports */
        if (FieldRows2sql($tcp_port, $tcp_port_cnt, $proto_tmp) == 0) {
            $cs->criteria['tcp_port']->SetFormItemCnt(0);
        }
        $criteria_sql = $criteria_sql . $proto_tmp;
        $proto_tmp = "";
        // ****************** DEPRECATED: TCP Flags TCP Fields ********************
        /* TCP Flags */
        /*
        if (isset($tcp_flags) && sizeof($tcp_flags) == 8) {
            if ($tcp_flags[0] == "contains" || $tcp_flags[0] == "is") {
                $flag_tmp = $tcp_flags[1] + $tcp_flags[2] + $tcp_flags[3] + $tcp_flags[4] + $tcp_flags[5] + $tcp_flags[6] + $tcp_flags[7] + $tcp_flags[8];
                if ($tcp_flags[0] == "is") $proto_tmp = $proto_tmp . ' AND tcp_flags=' . $flag_tmp;
                else if ($tcp_flags[0] == "contains") $proto_tmp = $proto_tmp . ' AND (tcp_flags & ' . $flag_tmp . ' = ' . $flag_tmp . " )";
                else $proto_tmp = "";
            }
        }
        */
        /* TCP Fields */
        //if (FieldRows2sql($tcp_field, $tcp_field_cnt, $proto_tmp) == 0) $cs->criteria['tcp_field']->SetFormItemCnt(0);
        /* TCP Options
         *  - not implemented
         */
        //if (!$cs->criteria['tcp_port']->isEmpty() || !$cs->criteria['tcp_flags']->isEmpty() || !$cs->criteria['tcp_field']->isEmpty()) {
        //************************************************************************
        if (!$cs->criteria['tcp_port']->isEmpty()) {
            $criteria_sql = $criteria_sql . $proto_tmp;
            // DEPRECATED tcp_join_sql
            //if (!$cs->criteria['tcp_flags']->isEmpty() || !$cs->criteria['tcp_field']->isEmpty()) $join_sql = $tcp_join_sql . $join_sql;
        }
    }
    /* ********************** UDP Criteria ********************************************* */
    if ($layer4 == "UDP") {
        $proto_tmp = "";
        /* UDP Ports */
        if (FieldRows2sql($udp_port, $udp_port_cnt, $proto_tmp) == 0) {
            $cs->criteria['udp_port']->SetFormItemCnt(0);
        }
        $criteria_sql = $criteria_sql . $proto_tmp;
        $proto_tmp = "";
        // ********************** DEPRECATED UDP Fields *************************
        /* UDP Fields */
        //if (FieldRows2sql($udp_field, $udp_field_cnt, $proto_tmp) == 0) $cs->criteria['udp_field']->SetFormItemCnt(0);
        //if (!$cs->criteria['udp_port']->isEmpty() || !$cs->criteria['udp_field']->isEmpty()) {
        // **********************************************************************
        if (!$cs->criteria['udp_port']->isEmpty()) {
            $criteria_sql = $criteria_sql . $proto_tmp;
            // DEPRECATED udp_join_sql
            //if (!$cs->criteria['udp_field']->isEmpty()) $join_sql = $udp_join_sql . $join_sql;
        }
    }
    // DEPRECATED: ICMP
    /* ********************** ICMP Criteria ******************************************** */
    /*
    if ($layer4 == "ICMP") {
        $proto_tmp = "";
        // ICMP Fields
        if (FieldRows2sql($icmp_field, $icmp_field_cnt, $proto_tmp) == 0) $cs->criteria['icmp_field']->SetFormItemCnt(0);
        if (!$cs->criteria['icmp_field']->isEmpty()) {
            $criteria_sql = $criteria_sql . $proto_tmp;
            $join_sql = $icmp_join_sql . $join_sql;
        }
    }
    */
    /* ********************** Packet Scan Criteria ************************************* */
    if ($layer4 == "RawIP") {
        $proto_tmp = "";
        /* RawIP Fields */
        if (FieldRows2sql($rawip_field, $rawip_field_cnt, $proto_tmp) == 0) {
            $cs->criteria['rawip_field']->SetFormItemCnt(0);
        }
        if (!$cs->criteria['rawip_field']->isEmpty()) {
            $criteria_sql = $criteria_sql . $proto_tmp;
            $join_sql = $rawip_join_sql . $join_sql;
        }
    }
    /* ********************** Payload Criteria ***************************************** */
    //$tmp_payload = "";
    if (DataRows2sql($data, $data_cnt, $data_encode, $tmp_payload) == 0) {
        $cs->criteria['data']->SetFormItemCnt(0);
    } else {
        $use_ac = false;
    }
    //echo "<br><br><br>";
    //print_r($data);
    //print_r("data_cnt: [".$data_cnt."]");
    //print_r($cs->criteria['data']->isEmpty());
    //print_r("criteria_ sql: [".$criteria_sql."]");
    //print_r("tmp_payload: [".$tmp_payload."]");
    //print_r($data);
    if (!$cs->criteria['data']->isEmpty()) {
        $sql = "SELECT acid_event.*, HEX(acid_event.ctx) AS ctx, HEX(acid_event.src_host) AS src_host, HEX(acid_event.dst_host) AS dst_host, HEX(acid_event.src_net) AS src_net, HEX(acid_event.dst_net) AS dst_net, extra_data.* FROM acid_event";
        if (!preg_match("/extra_data/", $data_join_sql)) {
            $data_join_sql .= ",extra_data ";
        }
        $criteria_sql = $criteria_sql . $tmp_payload;
        $use_ac = false;
    }
    // special distinct for idm_username
    if (preg_match("/idm_data/", $data_join_sql)) {
        $sql = preg_replace("/^SELECT/", "SELECT DISTINCT", $sql);
    }
    if ($sig_join) {
        $join_sql = $join_sql . $sig_join_sql;
    }
    $join_sql = $join_sql . $data_join_sql;
    $csql[0] = $join_sql;
    // Ready to ac_acid_event
    $criteria1_sql = $criteria_sql . preg_replace("/ \\d\\d:\\d\\d:\\d\\d/", "", str_replace("timestamp", "day", $real_time_meta));
    $criteria1_sql = preg_replace("/AND\\s+\\)/", " )", preg_replace("/OR\\s+\\)/", " )", $criteria1_sql));
    // Ready to ac_acid_event next day
    $criteria2_sql = $criteria_sql . preg_replace("/ \\d\\d:\\d\\d:\\d\\d/", "", str_replace("timestamp", "day", $time_meta));
    $criteria2_sql = preg_replace("/AND\\s+\\)/", " )", preg_replace("/OR\\s+\\)/", " )", $criteria2_sql));
    // to acid_event
    $criteria_sql = $criteria_sql . $time_meta;
    $criteria_sql = preg_replace("/AND\\s+\\)/", " )", preg_replace("/OR\\s+\\)/", " )", $criteria_sql));
    $csql[1] = $criteria_sql;
    $csql[2] = $perms_sql . preg_replace("/ \\d\\d:\\d\\d:\\d\\d/", "", str_replace("timestamp", "day", $time_meta));
    // $real_time_criteria
    $csql[3] = $use_ac;
    // true if we use ac_acid_event instead acid_event
    $csql[4] = $criteria1_sql;
    $csql[5] = $criteria2_sql;
    $db_aux->close();
    //print_r($csql);
    return $csql;
}

Example #10

Show file

File: wizard_rule.php Project: jackpf/ossim-arc

 }
 // For taxonomy option, always detector type
 if (POST('type') == "") {
     $_POST["type"] = "detector";
 }
 if (POST("plugin_sid") == "LIST") {
     $_POST["plugin_sid"] = POST("plugin_sid_list");
 }
 if (POST("entity") == "LIST") {
     $_POST["entity"] = POST("entity_list");
 }
 if (POST("product") == "LIST") {
     $_POST["product"] = POST("product_list");
 }
 // Force assets when user perms, cannot be ANY
 $has_perms = Session::get_host_where() != "" || Session::get_net_where() != "" ? TRUE : FALSE;
 if ($has_perms && (POST('from') == "ANY" || POST('from') == "LIST" && count($_POST["fromselect"]) < 1)) {
     $_POST["from"] = "LIST";
     $assets_aux = array();
     $_list_data = Asset_host::get_basic_list($conn);
     $_host_aux = array_keys($_list_data[1]);
     foreach ($_host_aux as $h_id) {
         $assets_aux[] = Util::uuid_format($h_id);
     }
     $_list_data = Asset_net::get_list($conn);
     $_net_aux = array_keys($_list_data[0]);
     foreach ($_net_aux as $n_id) {
         $assets_aux[] = Util::uuid_format($n_id);
     }
     $_POST["fromselect"] = $assets_aux;
 }

Example #11

Show file

File: save_host.php Project: AntBean/alienvault-ossim

 if ($icon != '') {
     $image = @imagecreatefromstring($icon);
     if (!$image || imagesx($image) > 16 || imagesy($image) > 16) {
         $validation_errors['icon'] = _('Image format is not allowed. Allowed only 16x16 PNG images');
     }
 }
 //Validating IPs
 $aux_ips = explode(',', $ips_string);
 foreach ($aux_ips as $ip) {
     $host_ids = Asset_host::get_id_by_ips($conn, $ip, $ctx);
     unset($host_ids[$id]);
     if (!empty($host_ids)) {
         $validation_errors['ip'] = _('Error! IP not allowed.') . " IP {$ip} " . _('already exists for this entity');
         break;
     } else {
         $cnd_1 = Session::get_net_where() != '' && !Session::only_ff_net();
         $cnd_2 = Asset_host::is_ip_in_cache_cidr($conn, $ip, $ctx, TRUE);
         if ($cnd_1 && !$cnd_2) {
             $validation_errors['ip'] = _("Error! IP {$ip} not allowed.  Check your asset filter");
             break;
         }
     }
 }
 //Validating Sensors
 if (is_array($sensors) && !empty($sensors)) {
     foreach ($sensors as $sensor) {
         if (!Av_sensor::is_allowed($conn, $sensor)) {
             $validation_errors['sboxs[]'] = _('Error! Host could not be saved because there are unallowed sensors');
         }
     }
 } else {