PHP User::csrf_cookie Examples

PHP User::csrf_cookie - 30 examples found. These are the top rated real world PHP examples of User::csrf_cookie extracted from open source projects. You can rate examples to help us improve the quality of examples.
Example #1
0
/*
 * Print resize split
 *********************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database, false);
$Subnets = new Subnets($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "split");
# ID must be numeric
if (!is_numeric($_POST['subnetId'])) {
    $Result->show("danger", _("Invalid ID"), true, true);
}
# get subnet details
$subnet = $Subnets->fetch_subnet(null, $_POST['subnetId']);
# verify that user has write permissions for subnet
$subnetPerm = $Subnets->check_permission($User->user, $subnet->id);
if ($subnetPerm < 3) {
    $Result->show("danger", _('You do not have permissions to resize subnet') . '!', true, true);
}
# check if it has slaves - if yes it cannot be splitted!
if ($Subnets->has_slaves($subnet->id)) {
    $Result->show("danger", _('Only subnets that have no nested subnets can be splitted') . "!", true, true);
}
 * Edit switch result
 ***************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# strip input tags
$_POST = $Admin->strip_input_tags($_POST);
# validate csrf cookie
$User->csrf_cookie("validate", "vlan_domain", $_POST['csrf_cookie']) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : "";
# we cannot delete default domain
if (@$_POST['id'] == 1 && $_POST['action'] == "delete") {
    $Result->show("danger", _("Default domain cannot be deleted"), true);
}
// ID must be numeric
if ($_POST['action'] != "add" && !is_numeric($_POST['id'])) {
    $Result->show("danger", _("Invalid ID"), true);
}
// Hostname must be present
if (@$_POST['name'] == "") {
    $Result->show("danger", _('Name is mandatory') . '!', true);
}
// set sections
if (@$_POST['id'] != 1) {
    foreach ($_POST as $key => $line) {
Example #3
0
 * Print edit folder
 *********************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database, false);
$Sections = new Sections($Database);
$Subnets = new Subnets($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "folder");
# strip tags - XSS
$_POST = $User->strip_input_tags($_POST);
# validate action
$Admin->validate_action($_POST['action'], true);
# ID must be numeric
if ($_POST['action'] != "add") {
    if (!is_numeric($_POST['subnetId'])) {
        $Result->show("danger", _("Invalid ID"), true, true);
    }
}
# verify that user has permissions to add subnet
if ($_POST['action'] == "add") {
    if ($Sections->check_permission($User->user, $_POST['sectionId']) != 3) {
        $Result->show("danger", _('You do not have permissions to add new subnet in this section') . "!", true, true);
    }
Example #4
0
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database, false);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# make sue user can edit
if ($User->is_admin(false) == false && $User->user->editVlan != "Yes") {
    $Result->show("danger", _("Not allowed to change VLANs"), true, true);
}
# create csrf token
$csrf = $User->csrf_cookie("create", "vlan");
# strip tags - XSS
$_POST = $User->strip_input_tags($_POST);
# validate action
$Admin->validate_action($_POST['action'], true);
# fetch vlan details
$vlan = $Admin->fetch_object("vlans", "vlanId", @$_POST['vlanId']);
$vlan = $vlan !== false ? (array) $vlan : array();
# fetch custom fields
$custom = $Tools->fetch_custom_fields('vlans');
# set readonly flag
$readonly = $_POST['action'] == "delete" ? "readonly" : "";
# set form name!
if (isset($_POST['fromSubnet'])) {
    $formId = "vlanManagementEditFromSubnet";
} else {
Example #5
0
/**
 * Script to print add / edit / delete users
 *************************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Subnets = new Subnets($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "user");
# strip tags - XSS
$_POST = $User->strip_input_tags($_POST);
# validate action
$Admin->validate_action($_POST['action'], true);
# fetch custom fields
$custom = $Tools->fetch_custom_fields('users');
# fetch all languages
$langs = $Admin->fetch_all_objects("lang", "l_id");
# fetch all auth types
$auth_types = $Admin->fetch_all_objects("usersAuthMethod", "id");
# fetch all groups
$groups = $Admin->fetch_all_objects("userGroups", "g_id");
# set header parameters and fetch user
if ($_POST['action'] != "add") {
    $user = $Admin->fetch_object("users", "id", $_POST['id']);
Example #6
0
/*
 * Print resize subnet
 *********************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database, false);
$Subnets = new Subnets($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "resize");
# ID must be numeric
if (!is_numeric($_POST['subnetId'])) {
    $Result->show("danger", _("Invalid ID"), true, true);
}
# verify that user has write permissions for subnet
if ($Subnets->check_permission($User->user, $_POST['subnetId']) < 3) {
    $Result->show("danger", _('You do not have permissions to resize subnet') . '!', true, true);
}
# fetch subnet details
$subnet = (array) $Subnets->fetch_subnet(null, $_POST['subnetId']);
?>

<!-- header -->
<div class="pHeader"><?php 
print _('Resize subnet');
Example #7
0
<?php

/**
 * Script to print add / edit / delete group
 *************************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "group");
# fetch group and set title
if ($_POST['action'] == "add") {
    $title = _('Add new group');
} else {
    //fetch all group details
    $group = (array) $Admin->fetch_object("userGroups", "g_id", $_POST['id']);
    //false die
    $group !== false ?: $Result->show("danger", _("Invalid ID"), true, true);
    $title = ucwords($_POST['action']) . ' ' . _('group') . ' ' . $group['g_name'];
}
?>

<!-- header -->
<div class="pHeader"><?php 
print $title;
Example #8
0
<?php

/**
 * Script to print add / edit / delete API
 *************************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "apiedit");
# validate action
$Admin->validate_action($_POST['action'], true);
# ID must be numeric
if ($_POST['action'] != "add" && !is_numeric($_POST['appid'])) {
    $Result->show("danger", _("Invalid ID"), true, true);
}
# fetch api for edit / add
if ($_POST['action'] != "add") {
    # fetch api details
    $api = $Admin->fetch_object("api", "id", $_POST['appid']);
    # null ?
    $api === false ? $Result->show("danger", _("Invalid ID"), true) : null;
    # title
    $title = ucwords($_POST['action']) . ' ' . _('api') . ' ' . $api->app_id;
} else {
Example #9
0
/**
 *	Edit powerDNS record
 ************************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database, false);
$Tools = new Tools($Database);
$Result = new Result();
$PowerDNS = new PowerDNS($Database);
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "record");
# save settings for powerDNS default
$pdns = $PowerDNS->db_settings;
# default post
$post = $_POST;
# get record
if ($_POST['action'] != "add") {
    $record = $PowerDNS->fetch_record($_POST['id']);
    $record !== false ?: $Result->show("danger", _("Invalid ID"), true, true);
} else {
    // from IP table
    // we provide record hostname and strip domain from it
    if (!is_numeric($_POST['domain_id']) && !is_numeric($_POST['id'])) {
        // fetch all domains
        $all_domains = $PowerDNS->fetch_all_domains();
        if ($all_domains !== false) {
Example #10
0
/**
 *	Edit device details
 ************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "device");
# strip tags - XSS
$_POST = $User->strip_input_tags($_POST);
# validate action
$Admin->validate_action($_POST['action'], true);
# fetch custom fields
$custom = $Tools->fetch_custom_fields('devices');
# ID must be numeric
if ($_POST['action'] != "add" && !is_numeric($_POST['switchId'])) {
    $Result->show("danger", _("Invalid ID"), true, true);
}
# fetch device details
if ($_POST['action'] == "edit" || $_POST['action'] == "delete") {
    $device = (array) $Admin->fetch_object("devices", "id", $_POST['switchId']);
    // false
    if ($device === false) {
Example #11
0
<?php

/**
 *	Edit device details
 ************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "device_types");
# ID must be numeric
if ($_POST['action'] != "add" && !is_numeric($_POST['tid'])) {
    $Result->show("danger", _("Invalid ID"), true, true);
}
# set delete flag
$readonly = $_POST['action'] == "delete" ? "readonly" : "";
# fetch device type details
if ($_POST['action'] == "edit" || $_POST['action'] == "delete") {
    $device = $Admin->fetch_object("deviceTypes", "tid", $_POST['tid']);
    # fail if false
    $device === false ? $Result->show("danger", _("Invalid ID"), true) : null;
}
?>

Example #12
0
<?php

/**
 * Script to print add / edit / delete scanAgent
 *************************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "agent");
# strip tags - XSS
$_POST = $User->strip_input_tags($_POST);
# validate action
$Admin->validate_action($_POST['action'], true);
# ID must be numeric
if ($_POST['action'] != "add" && !is_numeric($_POST['id'])) {
    $Result->show("danger", _("Invalid ID"), true, true);
}
# fetch api for edit / add
if ($_POST['action'] != "add") {
    # fetch api details
    $agent = $Admin->fetch_object("scanAgents", "id", $_POST['id']);
    # null ?
    $agent === false ? $Result->show("danger", _("Invalid ID"), true) : null;
    # title
Example #13
0
/**
 *	Print all available locations
 ************************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database, false);
$Tools = new Tools($Database);
$Addresses = new Addresses($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "pstn_number");
# check permissions
if ($Tools->check_prefix_permission($User->user) < 2) {
    $Result->show("danger", _('You do not have permission to manage PSTN numbers'), true, true);
}
# get Location object
if ($_POST['action'] != "add") {
    $number = $Admin->fetch_object("pstnNumbers", "id", $_POST['id']);
    $number !== false ?: $Result->show("danger", _("Invalid ID"), true, true);
    $prefix = $Admin->fetch_object("pstnPrefixes", "id", $number->prefix);
} else {
    # id is required
    if (isset($_POST['id'])) {
        $prefix = $Admin->fetch_object("pstnPrefixes", "id", $_POST['id']);
        $prefix !== false ?: $Result->show("danger", _("Invalid prefix ID"), true, true);
        $number = new StdClass();
Example #14
0
/*
 * Print edit sections form
 *************************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Sections = new Sections($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "section");
# fetch all sections for master section
$sections = $Sections->fetch_all_sections();
# fetch groups
$groups = $Admin->fetch_all_objects("userGroups", "g_id");
# fetch section
$section = (array) $Sections->fetch_section(null, @$_POST['sectionId']);
?>

<!-- header -->
<div class="pHeader"><?php 
print ucwords(_($_POST['action']));
?>
 <?php 
print _('Section');
?>
Example #15
0
 * Print edit subnet
 *********************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database, false);
$Sections = new Sections($Database);
$Subnets = new Subnets($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "subnet");
# strip tags - XSS
$_POST = $User->strip_input_tags($_POST);
# validate action
$Admin->validate_action($_POST['action'], true);
# verify that user has permissions to add subnet
if ($_POST['action'] == "add") {
    if ($Sections->check_permission($User->user, $_POST['sectionId']) != 3) {
        $Result->show("danger", _('You do not have permissions to add new subnet in this section') . "!", true, true);
    }
} else {
    if ($Subnets->check_permission($User->user, $_POST['subnetId']) != 3) {
        $Result->show("danger", _('You do not have permissions to add edit/delete this subnet') . "!", true, true);
    }
}
/**
Example #16
0
 ************************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# get NAT object
$nat = $Admin->fetch_object("nat", "id", $_POST['id']);
$nat !== false ?: $Result->show("danger", _("Invalid ID"), true, true);
// new cookie
$csrf_cookie = $User->csrf_cookie("create", "nat_add");
?>

<!-- header -->
<div class="pHeader"><?php 
print _('Add NAT item');
?>
</div>

<!-- content -->
<div class="pContent">

    <h4><?php 
print _("Search objects");
?>
</h4>
/**
 * Edit rack devices result
 ***************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# strip input tags
$_POST = $Admin->strip_input_tags($_POST);
# validate csrf cookie
$User->csrf_cookie("validate", "rack_devices", $_POST['csrf_cookie']) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : "";
# ID must be numeric
if (!is_numeric($_POST['rackid'])) {
    $Result->show("danger", _("Invalid ID"), true);
}
if (!is_numeric($_POST['deviceid'])) {
    $Result->show("danger", _("Invalid ID"), true);
}
if (!is_numeric($_POST['rack_start'])) {
    $Result->show("danger", _("Invalid start value"), true);
}
if (!is_numeric($_POST['rack_size'])) {
    $Result->show("danger", _("Invalid size value"), true);
}
# validate rack
$rack = $Admin->fetch_object("racks", "id", $_POST['rackid']);
Example #18
0
/*
 * Print truncate subnet
 *********************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database, false);
$Subnets = new Subnets($Database);
$Addresses = new Addresses($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "truncate");
# id must be numeric
if (!is_numeric($_POST['subnetId'])) {
    $Result->show("danger", _("Invalid ID"), true, true);
}
# get subnet details
$subnet = $Subnets->fetch_subnet(null, $_POST['subnetId']);
# verify that user has write permissions for subnet
$subnetPerm = $Subnets->check_permission($User->user, $subnet->id);
if ($subnetPerm < 3) {
    $Result->show("danger", _('You do not have permissions to resize subnet') . '!', true, true);
}
# set prefix - folder or subnet
$prefix = $subnet->isFolder == "1" ? "folder" : "subnet";
# reformat description
$subnet->description = strlen($subnet->description) > 0 ? "({$subnet->description})" : "";
Example #19
0
<?php

/**
 * Edit tag
 *************************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "tags");
# strip tags - XSS
$_POST = $User->strip_input_tags($_POST);
# validate action
$Admin->validate_action($_POST['action'], true);
# ID must be numeric
if ($_POST['action'] != "add" && !is_numeric($_POST['id'])) {
    $Result->show("danger", _("Invalid ID"), true, true);
}
# fetch api for edit / add
if ($_POST['action'] != "add") {
    # fetch api details
    $tag = $Admin->fetch_object("ipTags", "id", $_POST['id']);
    # null ?
    $tag === false ? $Result->show("danger", _("Invalid ID"), true, true) : null;
}
Example #20
0
 *
 * Fetches info from database
 *************************************************/
# include required scripts
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize required objects
$Database = new Database_PDO();
$Result = new Result();
$User = new User($Database);
$Subnets = new Subnets($Database);
$Tools = new Tools($Database);
$Addresses = new Addresses($Database);
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "address");
# validate action
$Tools->validate_action($_POST['action']);
# validate post
is_numeric($_POST['subnetId']) ?: $Result->show("danger", _("Invalid ID"), true);
is_numeric($_POST['id']) || strlen($_POST['id']) == 0 ?: $Result->show("danger", _("Invalid ID"), true);
# fetch address and subnet
$address = (array) $Addresses->fetch_address(null, $_POST['id']);
$subnet = (array) $Subnets->fetch_subnet(null, $_POST['subnetId']);
# fetch all slave subnets
$Subnets->fetch_subnet_slaves_recursive($subnet['id']);
?>

<!-- header -->
<div class="pHeader"><?php 
print _('Move IP address to different subnet');
Example #21
0
/**
 *	Edit rack details
 ************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Racks = new phpipam_rack($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "rack");
# fetch custom fields
$custom = $Tools->fetch_custom_fields('racks');
# ID must be numeric
if ($_POST['action'] != "add" && !is_numeric($_POST['rackid'])) {
    $Result->show("danger", _("Invalid ID"), true, true);
}
# fetch device details
if ($_POST['action'] == "edit" || $_POST['action'] == "delete") {
    $rack = $Admin->fetch_object("racks", "id", $_POST['rackid']);
} else {
    $rack = new StdClass();
    $rack->size = 42;
}
# all locations
if ($User->settings->enableLocations == "1") {
Example #22
0
$User->csrf_cookie("validate", "subnet", $_POST['csrf_cookie']) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : "";
# if show name than description must be set
if (@$_POST['showName'] == 1 && strlen($_POST['description']) == 0) {
    $Result->show("danger", _("Please enter subnet description to show as name!"), true);
}
# we need old values for mailing
if ($_POST['action'] == "edit" || $_POST['action'] == "delete") {
    $old_subnet_details = (array) $Subnets->fetch_subnet("id", $_POST['subnetId']);
}
# modify post parameters
$_POST['cidr'] = trim($_POST['subnet']);
$_POST['id'] = $_POST['subnetId'];
# get mask and subnet
$temp = explode("/", $_POST['subnet']);
$_POST['mask'] = trim($temp[1]);
$_POST['subnet'] = trim($temp[0]);
# get section details
$section = (array) $Sections->fetch_section(null, $_POST['sectionId']);
# fetch custom fields
$custom = $Tools->fetch_custom_fields('subnets');
# get master subnet details for folder overrides
if ($_POST['masterSubnetId'] != 0) {
    $master_section = (array) $Subnets->fetch_subnet(null, $_POST['masterSubnetId']);
    if ($master_section['isFolder'] == 1) {
        $parent_is_folder = true;
    } else {
        $parent_is_folder = false;
    }
} else {
    $parent_is_folder = false;
}
# If request came from IP address subnet edit and action2 is Delete then change action
if (@$_POST['action2'] == "delete") {
    $_POST['action'] = $_POST['action2'];
}
# new subnet checks
if ($_POST['action'] == "add") {
    // ID must be numberic value
    if (!is_numeric($_POST['sectionId'])) {
        $Result->show("danger", _("Invalid ID"), true);
    }
    // verify that user has permissions to add subnet
    if ($Sections->check_permission($User->user, $_POST['sectionId']) != 3) {
        $Result->show("danger", _('You do not have permissions to add new subnet in this section') . "!", true);
    }
    //verify cidr
    $cidr_check = $Subnets->verify_cidr_address($_POST['cidr']);
    if (strlen($cidr_check) > 5) {
        $errors[] = $cidr_check;
    }
    //disable checks for folders and if strict check enabled
    if ($section['strictMode'] == 1 && !$parent_is_folder) {
        // we are adding nested subnet
        if ($_POST['masterSubnetId'] != 0) {
            //verify that nested subnet is inside its parent
            if (!$Subnets->verify_subnet_nesting($_POST['masterSubnetId'], $_POST['cidr'])) {
                $errors[] = _('Nested subnet not in root subnet!');
            } else {
                //check for overlapping against existing subnets under same master
                $overlap = $Subnets->verify_nested_subnet_overlapping($_POST['sectionId'], $_POST['cidr'], $_POST['vrfId'], $_POST['masterSubnetId']);
                if ($overlap !== false) {
                    $errors[] = $overlap;
                }
            }
        } else {
            $overlap = $Subnets->verify_subnet_overlapping($_POST['sectionId'], $_POST['cidr'], $_POST['vrfId']);
            if ($overlap !== false) {
                $errors[] = $overlap;
            }
        }
    }
    # Set permissions if adding new subnet
    // root
    if ($_POST['masterSubnetId'] == 0) {
        $_POST['permissions'] = $section['permissions'];
    } else {
        # get parent
        $parent = $Subnets->fetch_subnet(null, $_POST['masterSubnetId']);
        $_POST['permissions'] = $parent->permissions;
    }
} elseif ($_POST['action'] == "edit") {
    // validate IDs
    if (!is_numeric($_POST['subnetId'])) {
        $Result->show("danger", _("Invalid ID"), true);
    }
    if (!is_numeric($_POST['sectionId'])) {
        $Result->show("danger", _("Invalid ID"), true);
    }
    // check subnet permissions
    if ($Subnets->check_permission($User->user, $_POST['subnetId']) != 3) {
        $Result->show("danger", _('You do not have permissions to add edit/delete this subnet') . "!", true);
    }
    // If section changes then do checks!
    if ($_POST['sectionId'] != @$_POST['sectionIdNew']) {
        //reset masterId - we are putting it to root
        $_POST['masterSubnetId'] = 0;
        //check for overlapping
        $sectionIdNew = (array) $Sections->fetch_section(null, $_POST['sectionIdNew']);
        if ($sectionIdNew['strictMode'] == 1 && !$parent_is_folder) {
            /* verify that no overlapping occurs if we are adding root subnet */
            $overlap = $Subnets->verify_subnet_overlapping($_POST['sectionIdNew'], $_POST['cidr'], $_POST['vrfId']);
            if ($overlap !== false) {
                $errors[] = $overlap;
            }
        }
    } elseif ($_POST['vrfId'] != @$_POST['vrfIdOld']) {
        if ($section['strictMode'] == 1 && !$parent_is_folder) {
            /* verify that no overlapping occurs if we are adding root subnet
                  only check for overlapping if vrf is empty or not exists!
              	*/
            $overlap = $Subnets->verify_subnet_overlapping($_POST['sectionId'], $_POST['cidr'], $_POST['vrfId']);
            if ($overlap !== false) {
                $errors[] = $overlap;
            }
        }
    } else {
        if ($section['strictMode'] == 1 && !$parent_is_folder) {
            /* verify that nested subnet is inside root subnet */
            if ($_POST['masterSubnetId'] != 0) {
                if (!($overlap = $Subnets->verify_subnet_nesting($_POST['masterSubnetId'], $_POST['cidr']))) {
                    $errors[] = _('Nested subnet not in root subnet!');
                }
            }
        }
        /* for nesting - MasterId cannot be the same as subnetId! */
        if ($_POST['masterSubnetId'] == $_POST['subnetId']) {
            $errors[] = _('Subnet cannot nest behind itself!');
        }
    }
} else {
    // validate IDs
    if (!is_numeric($_POST['subnetId'])) {
        $Result->show("danger", _("Invalid ID"), true);
    }
    if (!is_numeric($_POST['sectionId'])) {
        $Result->show("danger", _("Invalid ID"), true);
    }
    // check subnet permissions
    if ($Subnets->check_permission($User->user, $_POST['subnetId']) != 3) {
        $Result->show("danger", _('You do not have permissions to add edit/delete this subnet') . "!", true);
    }
}
//custom fields check
if (sizeof($custom) > 0) {
    foreach ($custom as $myField) {
        //booleans can be only 0 and 1!
        if ($myField['type'] == "tinyint(1)") {
            if ($_POST[$myField['name']] > 1) {
                $_POST[$myField['name']] = "";
            }
        }
        //not empty
        if ($myField['Null'] == "NO" && strlen($_POST[$myField['name']]) == 0) {
            $errors[] = "Field \"{$myField['name']}\" cannot be empty!";
        }
    }
}
/* If no errors are present execute request */
if (sizeof(@$errors) > 0) {
    print '<div class="alert alert-danger"><strong>' . _('Please fix following problems') . '</strong>:';
    foreach ($errors as $error) {
        print "<br>" . $error;
    }
    print '</div>';
    die;
} elseif ($_POST['action'] == "delete" && !isset($_POST['deleteconfirm'])) {
    # for ajax to prevent reload
    print "<div style='display:none'>alert alert-danger</div>";
    # result
    print "<div class='alert alert-warning'>";
    # print what will be deleted
    //fetch all slave subnets
    $Subnets->fetch_subnet_slaves_recursive($_POST['subnetId']);
    $subcnt = sizeof($Subnets->slaves);
    foreach ($Subnets->slaves as $s) {
        $slave_array[$s] = $s;
    }
    $ipcnt = $Addresses->count_addresses_in_multiple_subnets($slave_array);
    print "<strong>" . _("Warning") . "</strong>: " . _("I will delete") . ":<ul>";
    print "\t<li>{$subcnt} " . _("subnets") . "</li>";
    if ($ipcnt > 0) {
        print "\t<li>{$ipcnt} " . _("IP addresses") . "</li>";
    }
    print "</ul>";
    print "<hr><div style='text-align:right'>";
    print _("Are you sure you want to delete above items?") . " ";
    print "<div class='btn-group'>";
    print "\t<a class='btn btn-sm btn-danger editSubnetSubmitDelete' id='editSubnetSubmitDelete'>" . _("Confirm") . "</a>";
    print "</div>";
    print "</div>";
    print "</div>";
} else {
    # remove scanagent if not needed
    if (!isset($_POST['pingSubnet']) && !isset($_POST['discoverSubnet'])) {
        $_POST['scanAgent'] = 0;
    }
    # create array of default update values
    $values = array("id" => @$_POST['subnetId'], "isFolder" => 0, "masterSubnetId" => $_POST['masterSubnetId'], "subnet" => $Subnets->transform_to_decimal($_POST['subnet']), "mask" => $_POST['mask'], "description" => @$_POST['description'], "vlanId" => $_POST['vlanId'], "allowRequests" => $Admin->verify_checkbox(@$_POST['allowRequests']), "showName" => $Admin->verify_checkbox(@$_POST['showName']), "discoverSubnet" => $Admin->verify_checkbox(@$_POST['discoverSubnet']), "pingSubnet" => $Admin->verify_checkbox(@$_POST['pingSubnet']), "scanAgent" => @$_POST['scanAgent'], "DNSrecursive" => $Admin->verify_checkbox(@$_POST['DNSrecursive']), "DNSrecords" => $Admin->verify_checkbox(@$_POST['DNSrecords']), "nameserverId" => $_POST['nameserverId'], "location" => @$_POST['location_item'], "device" => $_POST['device'], "isFull" => $Admin->verify_checkbox($_POST['isFull']));
    # threshold
    if (isset($_POST['threshold'])) {
        if (!is_numeric($_POST['threshold'])) {
            $Result->show("danger", _("Invalid threshold value"), true);
        }
        $values['threshold'] = $_POST['threshold'];
    }
    # for new subnets we add permissions
    if ($_POST['action'] == "add") {
        $values['permissions'] = $_POST['permissions'];
        $values['sectionId'] = $_POST['sectionId'];
        // add vrf
        $values['vrfId'] = $_POST['vrfId'];
    } else {
        # if section change
        if (@$_POST['sectionId'] != @$_POST['sectionIdNew']) {
            $values['sectionId'] = $_POST['sectionIdNew'];
        }
        # if vrf change
        if (@$_POST['vrfId'] != @$_POST['vrfIdOld']) {
            $values['vrfId'] = $_POST['vrfId'];
        }
    }
    # append custom fields
    $custom = $Tools->fetch_custom_fields('subnets');
    if (sizeof($custom) > 0) {
        foreach ($custom as $myField) {
            //replace possible ___ back to spaces
            $myField['nameTest'] = str_replace(" ", "___", $myField['name']);
            if (isset($_POST[$myField['nameTest']])) {
                $_POST[$myField['name']] = $_POST[$myField['nameTest']];
            }
            //booleans can be only 0 and 1!
            if ($myField['type'] == "tinyint(1)") {
                if ($_POST[$myField['name']] > 1) {
                    $_POST[$myField['name']] = 0;
                }
            }
            //not null!
            if ($myField['Null'] == "NO" && strlen($_POST[$myField['name']]) == 0) {
                $Result->show("danger", $myField['name'] . '" can not be empty!', true);
            }
            # save to update array
            $values[$myField['name']] = $_POST[$myField['name']];
        }
    }
    # execute
    if (!$Subnets->modify_subnet($_POST['action'], $values)) {
        $Result->show("danger", _('Error editing subnet'), true);
    } else {
        # if add save id !
        if ($_POST['action'] == "add") {
            $new_subnet_id = $Subnets->lastInsertId;
        }
        # update also all slave subnets if section changes!
        if (isset($values['sectionId']) && $_POST['action'] == "edit" || $_POST['action'] == "delete") {
            $Subnets->reset_subnet_slaves_recursive();
            $Subnets->fetch_subnet_slaves_recursive($_POST['subnetId']);
            $Subnets->remove_subnet_slaves_master($_POST['subnetId']);
            if (sizeof($Subnets->slaves) > 0) {
                foreach ($Subnets->slaves as $slaveId) {
                    if ($_POST['action'] == "edit") {
                        $Admin->object_modify("subnets", "edit", "id", array("id" => $slaveId, "sectionId" => $_POST['sectionIdNew']));
                    } else {
                        $Admin->object_modify("subnets", "delete", "id", array("id" => $slaveId));
                    }
                }
            }
        }
        # edit success
        if ($_POST['action'] == "delete") {
            $Result->show("success", _('Subnet, IP addresses and all belonging subnets deleted successfully') . '!', false);
        } elseif ($_POST['action'] == "add") {
            $Result->show("success", _("Subnet {$_POST['action']} successfull") . '!<div class="hidden subnet_id_new">' . $new_subnet_id . '</div><div class="hidden section_id_new">' . $values['sectionId'] . '</div>', false);
        } else {
            $Result->show("success", _("Subnet {$_POST['action']} successfull") . '!', false);
        }
    }
    # propagate to slaves
    if (@$_POST['set_inheritance'] == "Yes" && $_POST['action'] == "edit") {
        # reset slaves
        if ($Subnets->slaves === NULL) {
            $Subnets->reset_subnet_slaves_recursive();
            $Subnets->fetch_subnet_slaves_recursive($_POST['subnetId']);
            $Subnets->remove_subnet_slaves_master($_POST['subnetId']);
        }
        # set what to update
        $values = array("vlanId" => $_POST['vlanId'], "vrfId" => $_POST['vrfId'], "nameserverId" => $_POST['nameserverId'], "scanAgent" => @$_POST['scanAgent'], "device" => $_POST['device']);
        # optional values
        if (isset($_POST['allowRequests'])) {
            $values['allowRequests'] = $Admin->verify_checkbox(@$_POST['allowRequests']);
        }
        if (isset($_POST['showName'])) {
            $values['showName'] = $Admin->verify_checkbox(@$_POST['showName']);
        }
        if (isset($_POST['discoverSubnet'])) {
            $values['discoverSubnet'] = $Admin->verify_checkbox(@$_POST['discoverSubnet']);
        }
        if (isset($_POST['pingSubnet'])) {
            $values['pingSubnet'] = $Admin->verify_checkbox(@$_POST['pingSubnet']);
        }
        # propagate changes
        if (sizeof($Subnets->slaves) > 0) {
            foreach ($Subnets->slaves as $slaveId) {
                $Admin->object_modify("subnets", "edit", "id", array_merge(array("id" => $slaveId), $values));
            }
        }
    }
    # powerDNS
    if ($User->settings->enablePowerDNS == 1) {
        # powerDNS class
        $PowerDNS = new PowerDNS($Database);
        if ($PowerDNS->db_check() === false) {
            $Result->show("danger", _("Cannot connect to powerDNS database"), true);
        }
        // set zone
        $zone = $_POST['action'] == "add" ? $PowerDNS->get_ptr_zone_name($_POST['subnet'], $_POST['mask']) : $PowerDNS->get_ptr_zone_name($old_subnet_details['ip'], $old_subnet_details['mask']);
        // try to fetch domain
        $domain = $PowerDNS->fetch_domain_by_name($zone);
        // POST DNSrecursive not set, fake it if old is also 0
        if (!isset($_POST['DNSrecursive']) && @$old_subnet_details['DNSrecursive'] == 0) {
            $_POST['DNSrecursive'] = 0;
        }
        // recreate csrf cookie
        $csrf = $User->csrf_cookie("create", "domain");
Example #23
0
		table		= name of the table
		action		= action
		fieldName	= field name to edit
*/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "custom_field");
# strip tags - XSS
$_POST = $User->strip_input_tags($_POST);
# validate action
$Admin->validate_action($_POST['action'], true);
/* reset field name for add! */
if ($_POST['action'] == "add") {
    $_POST['fieldName'] = "";
} else {
    $_POST['oldname'] = $_POST['fieldName'];
}
# fetch old field definition
$fieldval = (array) $Tools->fetch_full_field_definition($_POST['table'], $_POST['fieldName']);
?>

Example #24
0
/**
 * Script to print add / edit / delete widget
 *************************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "widget");
# strip tags - XSS
$_POST = $User->strip_input_tags($_POST);
# validate action
$Admin->validate_action($_POST['action'], true);
# fetch widget
if ($_POST['action'] != "add") {
    $w = $Admin->fetch_object("widgets", "wid", $_POST['wid']);
    $w !== false ?: $Result->show("danger", _("Invalid ID"), true, true);
    $w = (array) $w;
}
?>

<!-- header -->
<div class="pHeader"><?php 
print ucwords($_POST['action']) . " widget";
Example #25
0
/**
 *	Print all available nameserver sets and configurations
 ************************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "nat");
# get NAT object
if ($_POST['action'] != "add") {
    $nat = $Admin->fetch_object("nat", "id", $_POST['id']);
    $nat !== false ?: $Result->show("danger", _("Invalid ID"), true, true);
}
# disable edit on delete
$readonly = $_POST['action'] == "delete" ? "readonly" : "";
$link = $readonly ? false : true;
?>


<!-- header -->
<div class="pHeader"><?php 
print ucwords(_("{$_POST['action']}"));
?>
Example #26
0
/**
 *	Print all available VRFs and configurations
 ************************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Sections = new Sections($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "vrf");
# get VRF
if ($_POST['action'] != "add") {
    $vrf = $Admin->fetch_object("vrf", "vrfId", $_POST['vrfId']);
    $vrf !== false ?: $Result->show("danger", _("Invalid ID"), true, true);
    $vrf = (array) $vrf;
}
# disable edit on delete
$readonly = $_POST['action'] == "delete" ? "readonly" : "";
# fetch custom fields
$custom = $Tools->fetch_custom_fields('vrf');
?>


<!-- header -->
<div class="pHeader"><?php 
Example #27
0
/**
 *	Print all available locations
 ************************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "location");
# validate action
$Admin->validate_action($_POST['action'], true);
# get Location object
if ($_POST['action'] != "add") {
    $location = $Admin->fetch_object("locations", "id", $_POST['id']);
    $location !== false ?: $Result->show("danger", _("Invalid ID"), true, true);
}
# disable edit on delete
$readonly = $_POST['action'] == "delete" ? "readonly" : "";
$link = $readonly ? false : true;
# fetch custom fields
$custom = $Tools->fetch_custom_fields('locations');
?>

Example #28
0
<?php

/**
 *	Script to replace fields in IP address list
 ***********************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# validate csrf cookie
$User->csrf_cookie("validate", "replace_fields", $_POST['csrf_cookie']) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : "";
//verify post
if (empty($_POST['search'])) {
    $Result->show("danger", _('Please enter something in search field') . '!', true);
}
//if device verify that it exists
if ($_POST['field'] == "switch") {
    if (!($device1 = $Admin->fetch_object("devices", "hostname", $_POST['search']))) {
        $Result->show("danger  alert-absolute", _('Switch') . ' "<i>' . $_POST['search'] . '</i>" ' . _('does not exist, first create switch under admin menu') . '!', true);
    }
    if (!($device2 = $Admin->fetch_object("devices", "hostname", $_POST['replace']))) {
        $Result->show("danger  alert-absolute", _('Switch') . ' "<i>' . $_POST['search'] . '</i>" ' . _('does not exist, first create switch under admin menu') . '!', true);
    }
    //replace posts
    $_POST['search'] = $device1->id;
    $_POST['replace'] = $device2->id;
Example #29
0
/*
 * Print edit subnet
 *********************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Sections = new Sections($Database);
$Subnets = new Subnets($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "permissions");
# ID must be numeric
if (!is_numeric($_POST['subnetId'])) {
    $Result->show("danger", _("Invalid ID"), true, true);
}
# get all groups
$groups = $Admin->fetch_all_objects("userGroups", "g_name");
# get subnet details
$subnet = $Subnets->fetch_subnet(null, $_POST['subnetId']);
?>


<script type="text/javascript">
$(document).ready(function() {
/* bootstrap switch */
var switch_options = {
Example #30
0
<?php

/**
 *	Site settings
 **************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# validate csrf cookie
$User->csrf_cookie("validate", "pdns_settings", $_POST['csrf_cookie']) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : "";
// validations
if (strlen($_POST['name']) == 0) {
    $Result->show("danger", "Invalid database name", true);
}
if (strlen($_POST['port']) == 0) {
    $_POST['port'] = 3306;
} elseif (!is_numeric($_POST['port'])) {
    $Result->show("danger", "Invalid port number", true);
}
// formulate json
$values = new StdClass();
$values->host = $_POST['host'];
$values->name = $_POST['name'];
$values->username = $_POST['username'];
$values->password = $_POST['password'];