Example #1
0
function is_indicator_allowed($conn, $type, $asset_id)
{
    $has_perm = 1;
    if (Session::am_i_admin()) {
        return $has_perm;
    }
    if ($type == 'host') {
        $has_perm = Session::hostAllowed($conn, $asset_id);
    } elseif ($type == 'sensor' || $type == 'server') {
        $has_perm = Session::sensorAllowed($asset_id);
    } elseif ($type == 'net') {
        $has_perm = Session::netAllowed($conn, $asset_id);
    } elseif ($type == 'host_group' || $type == 'hostgroup') {
        $has_perm = Session::groupHostAllowed($conn, $asset_id);
    } elseif ($type == 'net_group' || $type == 'netgroup') {
        $has_perm = Session::groupAllowed($conn, $asset_id);
    }
    return $has_perm;
}
Example #2
0
function print_indicators($map, $print_inputs = false, $linked = 1)
{
    require_once 'classes/Host.inc';
    require_once 'classes/Net.inc';
    require_once 'ossim_db.inc';
    $db = new ossim_db();
    $conn = $db->connect();
    list($sensors_aux, $hosts_aux) = Host::get_ips_and_hostname($conn, true);
    $all_nets = Net::get_list($conn);
    $hosts = array_flip($hosts_aux);
    $sensors = array_flip($sensors_aux);
    $nets = array();
    foreach ($all_nets as $k => $v) {
        $nets[$v->get_name()] = $v->get_name();
    }
    $query = "SELECT * FROM risk_indicators WHERE name <> 'rect' AND map= ?";
    $params = array($map);
    if (!($rs =& $conn->Execute($query, $params))) {
        print $conn->ErrorMsg();
    } else {
        while (!$rs->EOF) {
            if (Session::am_i_admin()) {
                $has_perm = 1;
            } else {
                $has_perm = indicatorAllowed($conn, $rs->fields['type'], $rs->fields['type_name'], $hosts, $sensors, $nets);
            }
            if ($has_perm) {
                $id = $rs->fields["id"];
                if ($print_inputs) {
                    $name = mb_detect_encoding($rs->fields["name"] . " ", 'UTF-8,ISO-8859-1') == 'UTF-8' ? $rs->fields["name"] : mb_convert_encoding($rs->fields["name"], 'UTF-8', 'ISO-8859-1');
                    $type = $rs->fields["type"];
                    $type_name = mb_detect_encoding($rs->fields["type_name"] . " ", 'UTF-8,ISO-8859-1') == 'UTF-8' ? $rs->fields["type_name"] : mb_convert_encoding($rs->fields["type_name"], 'UTF-8', 'ISO-8859-1');
                    $url = $rs->fields["url"];
                    $size = $rs->fields["size"];
                    $icon = preg_replace("/\\#.*/", "", $rs->fields["icon"]);
                    $val = preg_match("/\\#(.+)/", $rs->fields["icon"], $found) ? $found[1] : "";
                    echo "<input type='hidden' name='dataname" . $id . "'     id='dataname" . $id . "'     value='" . $name . "'/>\n";
                    echo "<input type='hidden' name='datatype" . $id . "'     id='datatype" . $id . "'     value='" . $type . "'/>\n";
                    echo "<input type='hidden' name='type_name" . $id . "'    id='type_name" . $id . "'    value='" . $type_name . "'/>\n";
                    echo "<input type='hidden' name='dataurl" . $id . "'     id='dataurl" . $id . "'      value='" . $url . "'/>\n";
                    echo "<input type='hidden' name='dataicon" . $id . "'     id='dataicon" . $id . "'     value='" . $icon . "'/>\n";
                    echo "<input type='hidden' name='dataiconsize" . $id . "' id='dataiconsize" . $id . "' value='" . $size . "'/>\n";
                    echo "<input type='hidden' name='dataiconbg" . $id . "'   id='dataiconbg" . $id . "'   value='" . $val . "'/>\n";
                }
                $style = "z-index:10;\r\n\t\t\t\t\t\t  border:1px solid transparent;\r\n\t\t\t\t\t\t  cursor:pointer;\r\n\t\t\t\t\t\t  background:url(../pixmaps/1x1.png);\r\n\t\t\t\t\t\t  visibility:hidden;\r\n\t\t\t\t\t\t  position:absolute;\r\n\t\t\t\t\t\t  left:" . $rs->fields["x"] . "px;\r\n\t\t\t\t\t\t  top:" . $rs->fields["y"] . "px;\r\n\t\t\t\t\t\t  height:" . $rs->fields["h"] . "px;\r\n\t\t\t\t\t\t  width:" . $rs->fields["w"] . "px;\r\n\t\t\t\t";
                ?>
				<div id="indicator<?php 
                echo $id;
                ?>
" class="itcanbemoved" style="<?php 
                echo $style;
                ?>
">
					<?php 
                print_indicator_content($conn, $rs, $linked);
                ?>
				</div>
				<?php 
            }
            $rs->MoveNext();
        }
    }
    $query = "SELECT * FROM risk_indicators WHERE name='rect' AND map = ?";
    $params = array($map);
    if (!($rs =& $conn->Execute($query, $params))) {
        print $conn->ErrorMsg();
    } else {
        while (!$rs->EOF) {
            $has_perm = 0;
            if (Session::am_i_admin()) {
                $has_perm = 1;
            } else {
                if ($type == "host") {
                    $has_perm = !empty($hosts[$type_name]) ? 1 : 0;
                } elseif ($type == "sensor" || $type == "server") {
                    $has_perm = !empty($sensors[$type_name]) ? 1 : 0;
                } elseif ($type == "net") {
                    $has_perm = !empty($nets[$type_name]) ? 1 : 0;
                } elseif ($type == "host_group") {
                    if (Session::groupHostAllowed($conn, $type_name)) {
                        $has_perm = 1;
                    }
                } else {
                    $has_perm = 1;
                }
            }
            if ($has_perm) {
                $id = $rs->fields["id"];
                if ($print_inputs) {
                    $name = $rs->fields["name"];
                    $url = $rs->fields["url"];
                    echo "<input type='hidden' name='dataname" . $id . "' id='dataname" . $id . "' value='" . $name . "'/>\n";
                    echo "<input type='hidden' name='dataurl" . $id . "' id='dataurl" . $id . "' value='" . $url . "'/>\n";
                }
                $style = "border:1px solid transparent;\r\n\t\t\t\t\t\t  cursor:pointer;\r\n\t\t\t\t\t\t  background:url(../pixmaps/1x1.png);\r\n\t\t\t\t\t\t  visibility:hidden;\r\n\t\t\t\t\t\t  position:absolute;\r\n\t\t\t\t\t\t  left:" . $rs->fields["x"] . "px;\r\n\t\t\t\t\t\t  top:" . $rs->fields["y"] . "px;\r\n\t\t\t\t\t\t  height:" . $rs->fields["h"] . "px;\r\n\t\t\t\t\t\t  width:" . $rs->fields["w"] . "px;\r\n\t\t\t\t";
                ?>
				
				<div id="rect<?php 
                echo $id;
                ?>
" class="itcanbemoved" style="<?php 
                echo $style;
                ?>
">
					<?php 
                print_rectangle_content($conn, $print_inputs);
                ?>
				</div>
				<?php 
            }
            $rs->MoveNext();
        }
    }
}