$id = $_POST['id']; $peer_name = $_POST['peer_name']; $primary = $_POST['primary']; $address = $_POST['address']; $port = $_POST['port']; $peer_address = $_POST['peer_address']; $peer_port = $_POST['peer_port']; $max_response_delay = $_POST['max_response_delay']; $max_unacked_updates = $_POST['max_unacked_updates']; $mclt = $_POST['mclt']; $split = $_POST['split']; $load_balance_max_seconds = $_POST['load_balance_max_seconds']; // check each post element if (!empty($peer_name) && !empty($primary) && !empty($address) && !empty($port) && !empty($peer_address) && !empty($peer_port)) { // begin validation of configuration options if ($val->ValidateDomain($peer_name) !== -1 && $val->ValidateString($primary) !== -1 && $val->ValidateDomain($address) !== -1 && $val->ValidateInteger($port) !== -1 && $val->ValidateDomain($peer_address) !== -1 && $val->ValidateInteger($peer_port) !== -1 && $val->ValidateInteger($max_response_delay) !== -1 && $val->ValidateInteger($max_unacked_updates) !== -1 && $val->ValidateInteger($mclt) !== -1 && $val->ValidateInteger($split) !== -1 && $val->ValidateInteger($load_balance_max_seconds) !== -1) { // define our sql statements $insert = "INSERT INTO `conf_failover` ( `peer name`, `type`, `address`, `port`, `peer address`, `peer port`, `max-response-delay`, `max-unacked-updates`, `mclt`, `split`, `load balance max seconds` ) VALUES ( \"" . $peer_name . "\",\"" . $primary . "\", \"" . $address . "\", \"" . $port . "\", \"" . $peer_address . "\", \"" . $peer_port . "\", \"" . $max_response_delay . "\", \"" . $max_unacked_updates . "\", \"" . $mclt . "\", \"" . $split . "\", \"" . $load_balance_max_seconds . "\" )"; $update = "UPDATE `conf_failover` SET `peer name` = \"" . $peer_name . "\", `type` = \"" . $primary . "\", `address` = \"" . $address . "\", `port` = \"" . $port . "\", `peer address` = \"" . $peer_address . "\", `peer port` = \"" . $peer_port . "\", `max-response-delay` = \"" . $max_response_delay . "\", `max-unacked-updates` = \"" . $max_unacked_updates . "\", `mclt` = \"" . $mclt . "\", `split` = \"" . $split . "\", `load balance max seconds` = \"" . $load_balance_max_seconds . "\" WHERE `id` = \"" . $id . "\" LIMIT 1"; $delete = "DELETE FROM `conf_failover` WHERE `id` = \"" . $id . "\" LIMIT 1"; // determine which button was clicked if (!empty($_POST['AddFailOverOpts'])) { $query = $insert; $db_msg_good = $errors['db_insert']; $db_msg_err = $errors['db_insert_err']; } if (!empty($_POST['EditFailOverOpts'])) { $query = $update; $db_msg_good = $errors['db_edit']; $db_msg_err = $errors['db_edit_err']; }
// get an array of subnets the ISC DHCPD service may listen on $query = "SELECT `name`, `broadcast` FROM `conf_adapters` ORDER BY `broadcast` ASC"; if (($value = $db->dbQuery($val->ValidateSQL($query, $dbconn), $dbconn)) === -1) { $error = $err->GenerateErrorLink("help/help.html", "#config_subnets", $defined['error'], $errors['db_select'], NULL, NULL); } else { $tmp = $db->dbArrayResultsAssoc($value); // filter for empty stuff for ($x = 0; $x < count($tmp); $x++) { if (!empty($tmp[$x]['broadcast'])) { $interface_list[$tmp[$x]['name']] = $tmp[$x]['broadcast']; } } } // Look for a GET id post to edit existing dnssec keys if (!empty($_GET['id'])) { if ($val->ValidateInteger($_GET['id']) === -1) { $error = $err->GenerateErrorLink("help/help.html", "#config_pools", $defined['error'], $errors['val_num'], NULL, NULL); } else { // populate the form with database information if already configured if ($group === "admin") { $query = "SELECT * FROM `conf_pools` WHERE `id` = \"" . $_GET['id'] . "\" LIMIT 1"; } else { $query = "SELECT * FROM `conf_pools` WHERE `group` = \"" . $group . "\" AND `id` = \"" . $_GET['id'] . "\" LIMIT 1"; } if (($value = $db->dbQuery($val->ValidateSQL($query, $dbconn), $dbconn)) === -1) { $error = $err->GenerateErrorLink("help/help.html", "#config_pools", $defined['error'], $errors['db_select'], NULL, NULL); } else { $data = $db->dbArrayResultsAssoc($value); $id = $data[0]['id']; $pool_name = $data[0]['pool-name']; $dns_server_1 = $data[0]['dns-server-1'];
$default_lease_time = $_POST['default_lease_time']; $max_lease_time = $_POST['max_lease_time']; $time_offset = $_POST['time_offset']; $routers = $_POST['routers']; $lpr_server_list = $_POST['lpr_server_list']; $broadcast_addr = $_POST['broadcast_addr']; $subnet_mask_addr = $_POST['subnet_mask_addr']; $server_ident = $_POST['server_ident']; $time_serv = $_POST['time_serv']; $ddns_update_style = $_POST['ddns_update_style']; $authoritative = $_POST['authoritative']; $bootp = $_POST['bootp']; // check each post element if (!empty($domain_name) && !empty($default_lease_time) && !empty($max_lease_time) && (!empty($ddns_update_style) || $ddns_update_style === "---------") && (!empty($authoritative) || $authoritative === "---------") && (!empty($bootp) || $bootp === "---------")) { // begin validation of configuration options if ($val->ValidateDomain($domain_name) !== -1 && $val->ValidateParagraph($dns_server_list) !== -1 && $val->ValidateInteger($default_lease_time) !== -1 && $val->ValidateInteger($max_lease_time) !== -1 && $val->ValidateParagraph($routers) !== -1 && $val->ValidateParagraph($ddns_update_style) !== -1 && $val->ValidateString($authoritative) !== -1 && $val->ValidateString($bootp) !== -1) { // define our sql statements $insert = "INSERT INTO `conf_global_opts` ( `option domain-name`, `option subnet-mask`, `default-lease-time`, `max-lease-time`, `option time-offset`, `option routers`, `option domain-name-servers`, `option lpr-servers`, `option-broadcast-addr`, `server-identifier`, `option time-serv`, `ddns-update-style`, `authoritative`, `bootp` ) VALUES ( \"" . $domain_name . "\", \"" . $subnet_mask_addr . "\", \"" . $default_lease_time . "\", \"" . $max_lease_time . "\", \"" . $time_offset . "\", \"" . $routers . "\", \"" . $dns_server_list . "\", \"" . $lpr_server_list . "\", \"" . $broadcast_addr . "\", \"" . $server_ident . "\", \"" . $time_serv . "\", \"" . $ddns_update_style . "\", \"" . $authoritative . "\", \"" . $bootp . "\" )"; $update = "UPDATE `conf_global_opts` SET `option domain-name` = \"" . $domain_name . "\", `option subnet-mask` = \"" . $subnet_mask_addr . "\", `default-lease-time` = \"" . $default_lease_time . "\", `max-lease-time` = \"" . $max_lease_time . "\", `option time-offset` = \"" . $time_offset . "\", `option routers` = \"" . $routers . "\", `option domain-name-servers` = \"" . $dns_server_list . "\", `option lpr-servers` = \"" . $lpr_server_list . "\", `option-broadcast-addr` = \"" . $broadcast_addr . "\", `server-identifier` = \"" . $server_ident . "\", `option time-serv` = \"" . $time_serv . "\", `ddns-update-style` = \"" . $ddns_update_style . "\", `authoritative` = \"" . $authoritative . "\", `bootp` = \"" . $bootp . "\" WHERE `id` = \"" . $id . "\" LIMIT 1"; $delete = "DELETE FROM `conf_global_opts` WHERE `id` = \"" . $id . "\" LIMIT 1"; // determine which button was clicked if (!empty($_POST['AddGlobalConfOpts'])) { $query = $insert; $db_msg_good = $errors['db_insert']; $db_msg_err = $errors['db_insert_err']; } if (!empty($_POST['EditGlobalConfOpts'])) { $query = $update; $db_msg_good = $errors['db_edit']; $db_msg_err = $errors['db_edit_err']; }
$JS = " hidediv('extras'); hidediv('perms');"; $FILE = "manage.leases.tpl"; // initialize a db connection handle $dbconn = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']); // provide count of online users $online = "SELECT * FROM `admin_sessions`"; $ret = $db->dbQuery($val->ValidateSQL($online, $dbconn), $dbconn); $usersoline = $db->dbNumRows($ret); // decode our authentication token to get our group membership $user_details = $encrypt->DecodeAuthToken($_SESSION['token']); $group = base64_decode($user_details[3]); // attempt to process leases if file changed $misc->GetCurrentLeases($defined['leases']); // Look for a GET id post to edit existing dnssec keys if (!empty($_GET['id'])) { if ($val->ValidateInteger($_GET['id']) === -1) { $error = $err->GenerateErrorLink("help/help.html", "#lease_search", $defined['error'], $errors['val_num'], NULL, NULL); } else { // populate the form with database information if already configured if ($group === "admin") { $query = "SELECT * FROM `conf_leases` WHERE `id` = \"" . $_GET['id'] . "\" LIMIT 1"; } else { $query = "SELECT * FROM `conf_leases` WHERE `group` = \"" . $group . "\" AND `id` = \"" . $_GET['id'] . "\" LIMIT 1"; } if (($value = $db->dbQuery($val->ValidateSQL($query, $dbconn), $dbconn)) === -1) { $error = $err->GenerateErrorLink("help/help.html", "#lease_search", $defined['error'], $errors['db_select'], NULL, NULL); } else { $data = $db->dbArrayResultsAssoc($value); $id = $data[0]['id']; $hostname = $data[0]['hostname']; $hardware = $data[0]['hardware'];
} } /* get array of resources available for this users group membership */ if ($group === "admin") { $sql = "SELECT * FROM `auth_groups_perms` WHERE `type` = \"subnet\" AND `allowed` = \"" . $group . "\""; } else { $sql = "SELECT * FROM `auth_groups_perms` WHERE `type` = \"subnet\""; } if (($x = $db->dbQuery($val->ValidateSQL($sql, $dbconn), $dbconn)) !== -1) { if ($db->dbNumRows($x) > 0) { $resources = $db->dbArrayResultsAssoc($x); } } // Look for a GET id post to edit existing dnssec keys if (!empty($_GET['id'])) { if ($val->ValidateInteger($_GET['id']) === -1) { $error = $err->GenerateErrorLink("help/help.html", "#config_subnets", $defined['error'], $errors['val_num'], NULL, NULL); } else { // populate the form with database information if already configured $query = "SELECT * FROM `conf_subnets` WHERE `id` = \"" . $_GET['id'] . "\" LIMIT 1"; if (($value = $db->dbQuery($val->ValidateSQL($query, $dbconn), $dbconn)) === -1) { $error = $err->GenerateErrorLink("help/help.html", "#config_subnets", $defined['error'], $errors['db_select'], NULL, NULL); } else { $data = $db->dbArrayResultsAssoc($value); /* check resource permissions */ if ($group !== "admin") { $resource = "SELECT * FROM `auth_groups_perms` WHERE ( `group` != \"" . $group . "\" OR `allowed` = \"" . $group . "\" ) AND `resource` = \"" . $data[0]['subnet-name'] . "\""; } else { $resource = "SELECT * FROM `auth_groups_perms` WHERE `resource` = \"" . $data[0]['subnet-name'] . "\""; } if (($value = $db->dbQuery($val->ValidateSQL($resource, $dbconn), $dbconn)) === -1) {
if ($level->ChkLevel($_SESSION['token']) === "admin" || $level->ChkLevel($_SESSION['token']) === "user") { // define some variables for the template etc. $JS = " hidediv('perms');"; $FILE = "manage.hosts.tpl"; // initialize a db connection handle $dbconn = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']); // provide count of online users $online = "SELECT * FROM `admin_sessions`"; $ret = $db->dbQuery($val->ValidateSQL($online, $dbconn), $dbconn); $usersoline = $db->dbNumRows($ret); // decode our authentication token to get our group membership $user_details = $encrypt->DecodeAuthToken($_SESSION['token']); $group = base64_decode($user_details[3]); // Look for a GET id post to edit existing host records if (!empty($_GET['id'])) { if ($val->ValidateInteger($_GET['id']) === -1) { $error = $err->GenerateErrorLink("help/help.html", "#host_search", $defined['error'], $errors['val_num'], NULL, NULL); } else { // populate the form with database information if already configured if ($group === "admin" || !empty($_GET['allow']) && $val->ValidateInteger($_GET['allow']) === 0) { $query = "SELECT * FROM `conf_hosts` WHERE `id` = \"" . $_GET['id'] . "\" LIMIT 1"; } else { $query = "SELECT * FROM `conf_hosts` WHERE `group` = \"" . $group . "\" AND `id` = \"" . $_GET['id'] . "\" LIMIT 1"; } if (($value = $db->dbQuery($val->ValidateSQL($query, $dbconn), $dbconn)) === -1) { $error = $err->GenerateErrorLink("help/help.html", "#host_search", $defined['error'], $errors['db_select'], NULL, NULL); } else { $data = $db->dbArrayResultsAssoc($value); /* check resource permissions */ if ($group !== "admin") { $resource = "SELECT * FROM `auth_groups_perms` WHERE ( `group` = \"" . $group . "\" OR `allowed` = \"" . $group . "\" ) AND `type` = \"host\" AND `resource` = \"" . $data[0]['mac-address'] . "\"";
$emp = "TRUE"; $err1[$i]['substring'] = $e; $listop_empty .= "<li>The substring start field is empty</li>"; } if (empty($class_opts[$i]['substring_end'])) { $emp = "TRUE"; $err1[$i]['substring'] = $e; $listop_empty .= "<li>The substring end field is empty</li>"; } if (empty($class_opts[$i]['substr_regex'])) { $emp = "TRUE"; $err1[$i]['substr_regex'] = $e; $listop_empty .= "<li>The regex field is empty</li>"; } // check formating of data to provide errors if ($val->ValidateInteger($class_opts[$i]['substring_start']) === -1) { $err1[$i]['substring'] = $e; $stop = "TRUE"; $listop_val .= "<li>The substring start field is invalid, integers only</li>"; } if ($val->ValidateInteger($class_opts[$i]['substring_end']) === -1) { $err1[$i]['substring'] = $e; $stop = "TRUE"; $listop_val .= "<li>The substring end field is invalid, integers only</li>"; } if ($val->ValidateAlphaChar($class_opts[$i]['substr_regex']) === -1) { $err1[$i]['substr_regex'] = $e; $stop = "TRUE"; $listop_val .= "<li>The regex field is invalid, alpha numeric characters only</li>"; } }