<?php

require_once 'include/common.php';
$authorization = AccessControl('3', null, false);
# null means no log, false means don't redirect
if ($authorization === false) {
    header("HTTP/1.1 401 Unauthorized");
    echo $COLLATE['languages']['selected'][$authorization['error']];
    exit;
}
$op = empty($_GET['op']) ? 'default' : $_GET['op'];
switch ($op) {
    case "edit":
        edit_subnet();
        break;
    case "delete":
        delete_subnet();
        break;
    case "search":
        search_subnets();
        break;
    case "toggle_stale-scan":
        toggle_stalescan();
        break;
}
function edit_subnet()
{
    global $COLLATE;
    global $dbo;
    include 'include/validation_functions.php';
    $subnet_id = empty($_GET['subnet_id']) ? '' : $_GET['subnet_id'];
function resize_subnet()
{
    global $COLLATE;
    global $dbo;
    include 'include/validation_functions.php';
    $subnet_id = isset($_POST['subnet_id']) && is_numeric($_POST['subnet_id']) ? $_POST['subnet_id'] : '';
    $new_subnet = isset($_POST['new_subnet']) ? $_POST['new_subnet'] : '';
    $confirm = isset($_POST['confirm']) ? true : false;
    $sql = "SELECT name, start_ip, end_ip, mask, block_id FROM subnets WHERE id='{$subnet_id}'";
    $result = $dbo->query($sql);
    if ($result->rowCount() != '1') {
        $notice = "invalidrequest";
        header("Location: blocks.php?notice={$notice}");
        exit;
    }
    list($original_subnet_name, $original_long_start_ip, $original_long_end_ip, $original_long_mask, $original_block_id) = $result->fetch(PDO::FETCH_NUM);
    $original_cidr = subnet2cidr($original_long_start_ip, $original_long_mask);
    $return = validate_network($new_subnet, 'subnet', null, true);
    #last parameter is saying it's ok if the subnet overlaps another
    if ($return['0'] === false) {
        $notice = "invalidrequest";
        header("Location: blocks.php?notice={$notice}");
        exit;
    }
    $new_start_ip = $return['start_ip'];
    $new_long_start_ip = $return['long_start_ip'];
    $new_end_ip = $return['end_ip'];
    $new_long_end_ip = $return['long_end_ip'];
    $new_long_mask = $return['long_mask'];
    $new_cidr = subnet2cidr($new_long_start_ip, $new_long_mask);
    if ($confirm === false) {
        require_once './include/header.php';
    } else {
        AccessControl('3', "Subnet {$original_subnet_name} resized from {$original_cidr} to {$new_cidr}");
    }
    # is new subnet larger or smaller?
    $original_binary_mask = sprintf("%032b", $original_long_mask);
    $new_binary_mask = sprintf("%032b", $new_long_mask);
    if (substr_count($original_binary_mask, '1') < substr_count($new_binary_mask, '1')) {
        # if smaller:
        #  * validate new network falls within the old one
        $test = $new_long_start_ip & $original_long_mask;
        if ($test != $original_long_start_ip) {
            $notice = "invalidshrink-notice";
            header("Location: subnets.php?op=modify&subnet_id={$subnet_id}&notice={$notice}");
            exit;
        }
        #  * list static IP addresses that would be lost
        if ($confirm === false) {
            $sql_action = "SELECT id, ip, name, contact, note, failed_scans FROM statics WHERE ";
            $sql_sort = ' ORDER BY `ip` ASC';
        } else {
            $sql_action = "DELETE FROM statics WHERE ";
        }
        # in old subnet, but not in new one
        $sql_selection = " CAST(ip & 0xFFFFFFFF AS UNSIGNED) & CAST('{$original_long_mask}' & 0xFFFFFFFF AS UNSIGNED) = \r\n\t                  CAST('{$original_long_start_ip}' & 0xFFFFFFFF AS UNSIGNED)\r\n                      AND CAST(ip & 0xFFFFFFFF AS UNSIGNED) & CAST('{$new_long_mask}' & 0xFFFFFFFF AS UNSIGNED) != \r\n                      CAST('{$new_long_start_ip}' & 0xFFFFFFFF AS UNSIGNED) ";
        $sql = $sql_action . $sql_selection;
        $sql = isset($sql_sort) ? $sql . $sql_sort : $sql;
        $result = $dbo->query($sql);
        if ($confirm === false) {
            $staticstobedeleted = str_replace("%original_subnet_name%", $original_subnet_name, $COLLATE['languages']['selected']['staticstodelete']);
            echo "<h1>{$staticstobedeleted}:</h1><br />\n";
            if ($result->rowCount() != '0') {
                echo "<table style=\"width: 100%\"><tr><th>" . $COLLATE['languages']['selected']['IPAddress'] . "</th><th>" . $COLLATE['languages']['selected']['Name'] . "</th><th>" . $COLLATE['languages']['selected']['Contact'] . "</th><th>" . $COLLATE['languages']['selected']['FailedScans'] . "</th></tr>" . "<tr><td colspan=\"5\"><hr class=\"head\" /></td></tr>\n";
                while (list($static_id, $ip, $name, $contact, $note, $failed_scans) = $result->fetch(PDO::FETCH_NUM)) {
                    $ip = long2ip($ip);
                    echo "<tr><td>{$ip}</td><td>{$name}</td><td>{$contact}</td><td>{$failed_scans}</td><td></td></tr>\n";
                    echo "<tr><td colspan=\"5\">{$note}</td></tr>\n";
                    echo "<tr><td colspan=\"5\"><hr class=\"division\" /></td></tr>\n";
                }
                echo "</table><br /><br />";
            } else {
                echo "<p>" . $COLLATE['languages']['selected']['nostaticsdeleted'] . "</p><br /><br />";
            }
        }
        #  * show how ACLs would be adjusted
        # Find acls matching original subnet_id and see if start and end fall within new subnet
        $sql = "SELECT id, name, start_ip, end_ip FROM acl WHERE subnet_id='{$subnet_id}' AND (\r\n           CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) & CAST('{$new_long_mask}' & 0xFFFFFFFF AS UNSIGNED) != \r\n           CAST('{$new_long_start_ip}' & 0xFFFFFFFF AS UNSIGNED)\r\n           OR CAST(end_ip & 0xFFFFFFFF AS UNSIGNED) & CAST('{$new_long_mask}' & 0xFFFFFFFF AS UNSIGNED) != \r\n           CAST('{$new_long_start_ip}' & 0xFFFFFFFF AS UNSIGNED))";
        $result = $dbo->query($sql);
        if ($confirm === false) {
            $aclstobechanged = str_replace("%original_subnet_name%", $original_subnet_name, $COLLATE['languages']['selected']['aclstobechanged']);
            echo "<h1>{$aclstobechanged}:</h1><br />\n";
            if ($result->rowCount() == '0') {
                echo "<p>" . $COLLATE['languages']['selected']['noaclschanged'] . "</p><br /><br />";
            } else {
                echo "<table style=\"width: 100%\">\n" . "<tr><th>" . $COLLATE['languages']['selected']['Name'] . "\r\n             </th><th>" . $COLLATE['languages']['selected']['StartingIP'] . "</th><th>" . $COLLATE['languages']['selected']['EndIP'] . "</th><th>" . $COLLATE['languages']['selected']['Modification'] . "</th></tr>\n" . "<tr><td colspan=\"4\"><hr class=\"head\" /></td></tr>";
            }
        }
        while (list($acl_id, $acl_name, $acl_long_start_ip, $acl_long_end_ip) = $result->fetch(PDO::FETCH_NUM)) {
            $note = "";
            # this might not get set below.
            $sql = "";
            if (($acl_long_start_ip & $new_long_mask) == $new_long_start_ip) {
                $new_acl_start_ip = long2ip($acl_long_start_ip);
            } else {
                $new_acl_start_ip = $new_start_ip;
                $note = "<b>" . $COLLATE['languages']['selected']['StartingIPmodified'] . "</b>";
                $sql = "UPDATE acl SET start_ip='{$new_long_start_ip}' WHERE id='{$acl_id}'";
            }
            if (($acl_long_end_ip & $new_long_mask) == $new_long_start_ip) {
                $new_acl_end_ip = long2ip($acl_long_end_ip);
            } else {
                $new_acl_end_ip = $new_end_ip;
                $note = "<b>" . $COLLATE['languages']['selected']['EndIPmodified'] . "</b>";
                $sql = "UPDATE acl SET end_ip='{$new_long_end_ip}' WHERE id='{$acl_id}'";
            }
            if ($new_acl_start_ip == $new_start_ip && $new_acl_end_ip == $new_end_ip) {
                # we wouldn't generally have an ACL reserve a whole subnet. We'll just ditch the ACL
                # and let the user make something new
                $new_acl_start_ip = long2ip($acl_long_start_ip);
                $new_acl_end_ip = long2ip($acl_long_end_ip);
                $note = "<b>" . $COLLATE['languages']['selected']['ToBeDeleted'] . "</b>";
                $sql = "DELETE FROM acl WHERE id='{$acl_id}'";
            }
            if ($confirm === false) {
                echo "<tr><td>{$acl_name}</td><td>{$new_acl_start_ip}</td><td>{$new_acl_end_ip}</td><td>{$note}</td></tr>\n";
            } elseif (!empty($sql)) {
                $dbo->query($sql);
            }
        }
        if ($confirm === false) {
            echo "</table>\n";
        }
    } else {
        # if larger:
        if (($original_long_start_ip & $new_long_mask) != $new_long_start_ip) {
            $notice = "invalidgrow-notice";
            header("Location: subnets.php?op=modify&subnet_id={$subnet_id}&notice={$notice}");
            exit;
        }
        #  * list all subnets that new network overlaps
        $sql = "SELECT `id`, `name`, `start_ip`, `end_ip`, `mask`, `note` FROM `subnets` WHERE\r\n            CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) & CAST('{$new_long_mask}' & 0xFFFFFFFF AS UNSIGNED) = \r\n            CAST('{$new_long_start_ip}' & 0xFFFFFFFF AS UNSIGNED) ORDER BY `start_ip` ASC";
        $results = $dbo->query($sql);
        $subnetstomerge = str_replace("%original_subnet_name%", $original_subnet_name, $COLLATE['languages']['selected']['subnetstomerge']);
        if ($confirm === false) {
            echo "<h1>{$subnetstomerge}:</h1><br />\n";
        }
        if ($results->rowCount() < '1' && $confirm === false) {
            echo "<p>" . $COLLATE['languages']['selected']['nosubnetsoverlap'] . "</p>";
        } else {
            if ($confirm === false) {
                echo "<table style=\"width: 100%\">" . "<tr><th style=\"text-align: left\">" . $COLLATE['languages']['selected']['SubnetName'] . "</th>" . "<th style=\"text-align: left\">" . $COLLATE['languages']['selected']['NetworkAddress'] . "</th>" . "<th style=\"text-align: left\">" . $COLLATE['languages']['selected']['SubnetMask'] . "</th>" . "<tr><td colspan=\"4\"><hr class=\"head\" /></td></tr>\n";
            }
            while (list($affected_subnet_id, $name, $long_start_ip, $long_end_ip, $long_mask, $note) = $results->fetch(PDO::FETCH_NUM)) {
                if ($confirm === false) {
                    $start_ip = long2ip($long_start_ip);
                    $mask = long2ip($long_mask);
                    echo "<tr><td><b>{$name}</b></td><td>{$start_ip}</td><td>{$mask}</td></tr>\n";
                    echo "<tr><td colspan=\"4\">{$note}</td></tr>\n";
                    echo "<tr><td colspan=\"5\"><hr class=\"division\" /></td></tr>\n";
                } else {
                    $sql = "UPDATE acl SET subnet_id='{$subnet_id}' WHERE subnet_id='{$affected_subnet_id}'";
                    $result = $dbo->query($sql);
                }
            }
            if ($confirm === false) {
                echo "</table>";
            } else {
                $sql = "DELETE FROM `subnets` WHERE CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) & CAST('{$new_long_mask}' & 0xFFFFFFFF AS UNSIGNED) = \r\n                CAST('{$new_long_start_ip}' & 0xFFFFFFFF AS UNSIGNED)\r\n                AND id != '{$subnet_id}'";
                $result = $dbo->query($sql);
                $sql = "UPDATE statics SET subnet_id='{$subnet_id}' WHERE \r\n\t\t       CAST(ip & 0xFFFFFFFF AS UNSIGNED) & CAST('{$new_long_mask}' & 0xFFFFFFFF AS UNSIGNED) = \r\n\t\t\t   CAST('{$new_long_start_ip}' & 0xFFFFFFFF AS UNSIGNED)";
                $result = $dbo->query($sql);
            }
        }
    }
    if ($confirm === false) {
        echo "<br /><br /><h3>" . $COLLATE['languages']['selected']['confirmproceed'] . "</h3><hr /><br />\n" . "<form action=\"subnets.php?op=resize\" method=\"post\">\n" . "<input type=\"hidden\" name=\"subnet_id\" value=\"{$subnet_id}\" />" . "<input type=\"hidden\" name=\"confirm\" value=\"true\" />" . "<input type=\"hidden\" name=\"new_subnet\" value=\"{$new_subnet}\" />" . "<p><input type=\"submit\" value=\" " . $COLLATE['languages']['selected']['Go'] . " \" /> | <a href=\"subnets.php?block_id={$original_block_id}\">" . $COLLATE['languages']['selected']['altcancel'] . "</a></p>" . "</form>";
    } else {
        $sql = "UPDATE subnets set start_ip='{$new_long_start_ip}', end_ip='{$new_long_end_ip}', mask='{$new_long_mask}' WHERE id='{$subnet_id}'";
        $result = $dbo->query($sql);
        $notice = "resized-notice";
        header("Location: subnets.php?block_id={$original_block_id}&notice={$notice}");
        exit;
    }
}
Exemple #3
0
<?php

require_once './include/common.php';
$op = empty($_GET['op']) ? 'default' : $_GET['op'];
switch ($op) {
    case "truncate":
        AccessControl("5", null);
        log_truncate();
        break;
    default:
        AccessControl("1", null);
        view_logs();
        break;
}
function log_truncate()
{
    global $COLLATE;
    global $dbo;
    include "include/validation_functions.php";
    if (isset($_GET['action'])) {
        $action = clean($_GET['action']);
    } else {
        $action = "show warning";
    }
    if ($action != "truncate") {
        // Show confirmation form
        require_once './include/header.php';
        echo $COLLATE['languages']['selected']['confirmtruncate'] . " \n" . "<br /><br /><a href=\"logs.php?op=truncate&amp;action=truncate\">" . "<img src=\"./images/apply.gif\" alt=\"" . $COLLATE['languages']['selected']['altconfirm'] . "\" /></a> &nbsp; <a href=\"logs.php\">" . "<img src=\"./images/cancel.gif\" alt=\"" . $COLLATE['languages']['selected']['altcancel'] . "\" /></a>";
        require_once './include/footer.php';
        exit;
    }
    case "ping":
        ping_host();
        break;
    case "guidance":
        ip_guidance();
        break;
    case "edit_guidance":
        AccessControl('3', null, false);
        # null means no log, false means don't redirect
        edit_guidance();
        break;
    case "delete":
        delete_static();
        break;
    case "delete_acl":
        AccessControl('3', null, false);
        # null means no log, false means don't redirect
        delete_acl();
        break;
    case "toggle_stale-scan":
        toggle_stalescan();
        break;
}
function edit_static()
{
    global $COLLATE;
    $dbo = getdbo();
    include 'include/validation_functions.php';
    $static_id = empty($_GET['static_id']) ? '' : $_GET['static_id'];
    $edit = empty($_GET['edit']) ? '' : $_GET['edit'];
    $edit = $edit == 'name' ? 'staticname' : $edit;
function submit_acl()
{
    global $dbo;
    include 'include/validation_functions.php';
    $subnet_id = isset($_GET['subnet_id']) && is_numeric($_GET['subnet_id']) ? $_GET['subnet_id'] : '';
    $acl_name = isset($_POST['acl_name']) ? $_POST['acl_name'] : '';
    $acl_start = isset($_POST['acl_start']) ? $_POST['acl_start'] : '';
    $acl_end = isset($_POST['acl_end']) ? $_POST['acl_end'] : '';
    if (empty($subnet_id)) {
        $notice = "invalidrequest";
        header("Location: blocks.php?notice={$notice}");
        exit;
    }
    if (empty($acl_name) || empty($acl_start) || empty($acl_end)) {
        $notice = "blankfield-notice";
        header("Location: statics.php?subnet_id={$subnet_id}&notice={$notice}");
        exit;
    }
    $result = validate_text($acl_name, 'aclname');
    if ($result['0'] === false) {
        $notice = $result['error'];
        header("Location: statics.php?subnet_id={$subnet_id}&notice={$notice}");
        exit;
    } else {
        $acl_name = $result['1'];
    }
    $result = validate_ip_range($acl_start, $acl_end, 'acl', $subnet_id);
    if ($result['0'] === false) {
        $notice = $result['error'];
        header("Location: statics.php?subnet_id={$subnet_id}&notice={$notice}");
        exit;
    } else {
        $long_acl_start = $result['long_start_ip'];
        $long_acl_end = $result['long_end_ip'];
        $subnet_name = $result['subnet_name'];
    }
    AccessControl('3', "{$acl_name} ACL for {$subnet_name} subnet edited");
    $sql = "INSERT INTO acl (name, start_ip, end_ip, subnet_id) VALUES ('{$acl_name}', '{$long_acl_start}', '{$long_acl_end}', '{$subnet_id}')";
    $dbo->query($sql);
    $notice = "acladded-notice";
    header("Location: statics.php?subnet_id={$subnet_id}&notice={$notice}");
    exit;
}
 * Also, I'm *so* sorry about the use of $first, $second in this file. 
 * $first is haystack, $second is needle-type.
 */
require_once './include/common.php';
$op = empty($_GET['op']) ? 'default' : $_GET['op'];
switch ($op) {
    case "download":
        AccessControl('1', null);
        download();
        break;
    case "search":
        AccessControl('1', null);
        search();
        break;
    default:
        AccessControl('1', null);
        require_once './include/header.php';
        show_form();
        break;
}
/*
 * The download function takes the same GET inputs as the search function but outputs an XML file that the user can download.
 * The download function has to be a separate page because we've already produced output 
 * to the browser in the search function that we don't want in the spreadsheet by the time we get to the actual search results.
 */
function download()
{
    global $COLLATE;
    global $dbo;
    $tmparray = build_search_sql();
    $sql = $tmparray["sql"];
<?php

require_once './include/common.php';
# All features in this page require privilege level 5. Logging
# is handled directly withion each function as needed.
AccessControl("5", null);
$op = empty($_GET['op']) ? 'default' : $_GET['op'];
switch ($op) {
    case "get":
        get_record();
        # some day..
        break;
    case "set":
        set_record();
        # some day..
        break;
    case "upload":
        process_file();
        break;
    default:
        show_form();
        break;
}
function process_file()
{
    global $COLLATE;
    global $dbo;
    include "include/header.php";
    include "include/validation_functions.php";
    echo "<h1>Upload Results</h1><br />";
    $uploaderror = isset($_FILES['file']['error']) ? $_FILES['file']['error'] : "UPLOAD_ERR_NO_FILE";
<?php

require_once './include/common.php';
AccessControl('5', null);
require_once './include/header.php';
form();
require_once './include/footer.php';
exit;
function form()
{
    global $COLLATE;
    global $dbo;
    ?>
  <h1><?php 
    echo $COLLATE['languages']['selected']['Settings'];
    ?>
</h1>
  <br />
  <h3><?php 
    echo $COLLATE['languages']['selected']['General'];
    ?>
</h3>
  <hr />
  <div id="generalnotice" class="tip"></div>
  <div style="margin-left: 25px;">
    <?php 
    foreach (glob("languages/*.php") as $filename) {
        include $filename;
    }
    ?>
	<p><b><?php 
function submit_block()
{
    #validation here might look messy, but it's essentially in order of parameters listed below by
    # 1. all checks that don't require db lookups
    # 2. all other checks
    global $COLLATE;
    global $dbo;
    include 'include/validation_functions.php';
    $block_id = isset($_POST['block_id']) ? $_POST['block_id'] : '';
    $name = isset($_POST['name']) ? $_POST['name'] : '';
    $note = isset($_POST['note']) ? $_POST['note'] : '';
    # this input is optional
    $ip = isset($_POST['ip']) ? $_POST['ip'] : '';
    $end_ip = isset($_POST['end_ip']) ? $_POST['end_ip'] : '';
    $username = empty($_SESSION['username']) ? 'system' : $_SESSION['username'];
    $update_block = isset($_POST['update_block']) ? $_POST['update_block'] : false;
    $submit_op = $update_block == 'true' ? "modify&block_id={$block_id}" : 'add';
    $parent_block = isset($_POST['parent_block']) ? $_POST['parent_block'] : '';
    $block_type = isset($_POST['block_type']) ? $_POST['block_type'] : '';
    if ($block_type == 'container') {
        #containers don't have IP ranges associated with them
        $ip = '';
        $end_ip = '';
    }
    if (empty($name) || !empty($end_ip) && empty($ip) || empty($block_type)) {
        $notice = "missingfield-notice";
        header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}&note={$note}&block_type={$block_type}&parent_block={$parent_block}&notice={$notice}");
        exit;
    }
    if (empty($parent_block) || !preg_match("/[0-9]*/", $parent_block) && $parent_block != 'null') {
        $notice = "invalidrequest";
        header("Location: blocks.php?notice={$notice}");
        exit;
    }
    $return = validate_text($name, 'blockname');
    if ($return['0'] === false) {
        $notice = $return['error'];
        header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}&note={$note}&block_type={$block_type}&parent_block={$parent_block}&notice={$notice}");
        exit;
    } else {
        $name = $return['1'];
    }
    unset($return);
    if (!preg_match('/^container$|^ipv4$/', $block_type)) {
        $notice = 'invalidrequest';
        header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}&note={$note}&parent_block={$parent_block}&notice={$notice}");
        exit;
    }
    if ($update_block === false) {
        # checking for duplicate block name
        $sql = "SELECT id from blocks where name='{$name}'";
        $result = $dbo->query($sql);
        if ($result->rowCount() != '0') {
            header("HTTP/1.1 400 Bad Request");
            $notice = 'duplicatename';
            header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}&note={$note}&block_type={$block_type}&parent_block={$parent_block}&notice={$notice}");
            exit;
        }
    } else {
        # checking that we're updating a block that actually exists
        $sql = "SELECT name FROM blocks WHERE id='{$block_id}'";
        $result = $dbo->query($sql);
        if ($result->rowCount() != '1') {
            header("HTTP/1.1 400 Bad Request");
            $notice = 'selectblock';
            header("Location: blocks.php?notice={$notice}");
            exit;
        }
        $old_block_name = $result->fetchColumn();
    }
    $return = validate_text($note, 'note');
    if ($return['0'] === false) {
        $notice = $return['error'];
        header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}&note={$note}&block_type={$block_type}&parent_block={$parent_block}&notice={$notice}");
        exit;
    } else {
        $note = $return['1'];
    }
    unset($return);
    if (empty($end_ip) && !empty($ip)) {
        # subnet supplied
        $return = validate_network($ip, 'block', $block_id);
    } elseif (!empty($ip)) {
        # range supplied
        $return = validate_ip_range($ip, $end_ip, 'block', $block_id);
    }
    if (isset($return) && $return['0'] === false) {
        $notice = $return['error'];
        header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}&note={$note}&block_type={$block_type}&parent_block={$parent_block}&notice={$notice}");
        exit;
    } elseif (isset($return)) {
        $long_start_ip = $return['long_start_ip'];
        $long_end_ip = $return['long_end_ip'];
    }
    unset($return);
    $result = '';
    if ($parent_block != 'null') {
        $sql = "SELECT id FROM blocks WHERE id='{$parent_block}'";
        $result = $dbo->query($sql);
        if ($result->rowCount() != '1') {
            $notice = "invalidrequest";
            header("Location: blocks.php?notice={$notice}");
            exit;
        }
        $parent_id = "'{$parent_block}'";
    } else {
        $parent_id = 'null';
    }
    if ($update_block === false) {
        # new block
        $old_parent_block = $parent_block;
        #we're going to redirect the user to the block they put this block into
    } else {
        $sql = "SELECT parent_id FROM blocks WHERE id='{$block_id}'";
        $result = $dbo->query($sql);
        $old_parent_block = $result->fetchColumn();
    }
    # If we're changing an existing block, we must make sure we don't orphan a child object
    if ($update_block !== false) {
        if ($block_type == 'ipv4' && find_child_blocks($block_id) !== false) {
            $notice = 'wouldorphanblocks';
            header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}&note={$note}&notice={$notice}");
            exit;
        } elseif ($block_type == 'container') {
            # just check this block for subnets
            $sql = "SELECT count(*) FROM subnets where block_id='{$block_id}'";
            $result = $dbo->query($sql);
            if ($result->fetchColumn() != '0') {
                $notice = 'wouldorphansubnets';
                header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}&note={$note}&parent_block={$parent_block}&notice={$notice}");
                exit;
            }
        }
    }
    if ($update_block) {
        $sql = "UPDATE blocks SET name='{$name}', start_ip='{$long_start_ip}', end_ip='{$long_end_ip}', note='{$note}', modified_by='{$username}', modified_at=now(),\r\n           parent_id={$parent_id}, type='{$block_type}' WHERE id='{$block_id}'";
    } else {
        $sql = "INSERT INTO blocks (name, start_ip, end_ip, note, modified_by, modified_at, parent_id, type) \r\n\t       VALUES('{$name}', '{$long_start_ip}', '{$long_end_ip}', '{$note}', '{$username}', now(), {$parent_id}, '{$block_type}')";
    }
    $accesslevel = "4";
    $message = $update_block ? "IP Block updated: {$name}" : "IP Block added: {$name}";
    $message .= $name != $old_block_name ? "(previously {$old_block_name})" : '';
    AccessControl($accesslevel, $message);
    // We don't want to generate logs when nothing is really happening, so this goes down here.
    $dbo->query($sql);
    $notice = $update_block ? 'blockupdated-notice' : 'blockadded-notice';
    if ($old_parent_block == 'null') {
        header("Location: blocks.php?notice={$notice}");
    } else {
        header("Location: blocks.php?block_id={$old_parent_block}&notice={$notice}");
    }
    exit;
}
Exemple #10
0
function show_panel()
{
    global $COLLATE;
    AccessControl("1", null);
    require_once 'include/header.php';
    ?>
<h1><?php 
    echo $COLLATE['languages']['selected']['ControlPanel'];
    ?>
</h1>
<table style="width: 100%">
<tr><td><br /></td></tr>
<tr>
  <?php 
    if (isset($COLLATE['user']['username'])) {
        ?>
  <td align="center" style="width: 25%">
    <a href="users.php?op=edit&username=<?php 
        echo $COLLATE['user']['username'];
        ?>
"><img height="48" width="48" alt="<?php 
        echo $COLLATE['languages']['selected']['UpdateProfile'];
        ?>
" src="./images/user.png" /></a>
    <br /><b><?php 
        echo $COLLATE['languages']['selected']['UpdateProfile'];
        ?>
</b>
  </td>
  <?php 
    }
    ?>
  <td align="center" style="width: 25%">
    <a href="./users.php"><img height="48" width="48" alt="<?php 
    echo $COLLATE['languages']['selected']['ManageUsers'];
    ?>
" src="./images/users.gif" /></a>
	<br /><b><?php 
    echo $COLLATE['languages']['selected']['ManageUsers'];
    ?>
</b>
  </td>
  <td align="center" style="width: 25%">
    <a href="http://www.collate.info/"><img height="48" width="48" alt="[?]" src="./images/help_large.gif" /></a>
	<br /><b><?php 
    echo $COLLATE['languages']['selected']['Documentation'];
    ?>
</b>
  </td>
  <td align="center" style="width: 25%">
    <a href="./logs.php"><img height="48" width="48" alt="[?]" src="./images/logs.gif" /></a>
	<br /><b><?php 
    echo $COLLATE['languages']['selected']['Logs'];
    ?>
</b>
  </td>
</tr>
<tr><td colspan="4"><br /></td></tr>
<tr>
  <td align="center" style="width: 25%">
    <a href="search.php?op=search&first=2&second=note&search=Added%20by%20discovery%20addon"><img height="48" width="48" alt="[+]" src="./images/discovered.png"></a>
	<br /><b><?php 
    echo $COLLATE['languages']['selected']['DiscoveredHosts'];
    ?>
</b>
  </td>
  <td align="center" style="width: 25%">
    <a href="search.php?op=search&first=2&second=failed_scans&search=4"><img height="48" width="48" alt="[-]" src="./images/stale.gif"></a>
	<br /><b><?php 
    echo $COLLATE['languages']['selected']['StaleHosts'];
    ?>
</b></td>
  <?php 
    if (isset($COLLATE['user']['ldapexempt']) && ($COLLATE['settings']['auth_type'] != 'ldap' || $COLLATE['user']['ldapexempt'] === true)) {
        ?>
    <td align="center" style="width: 25%">
	  <a href="./login.php?op=changepasswd"><img height="48" width="48" alt="" src="./images/password.gif" /></a>
	  <br /><b><?php 
        echo $COLLATE['languages']['selected']['changeyourpassword'];
        ?>
</b>
	</td>
  <?php 
    }
    ?>
  <td align="center" style="width: 25%">
    <a href="./settings.php"><img height="48" width="48" alt="Settings" src="./images/settings.gif" /></a>
	<br /><b><?php 
    echo $COLLATE['languages']['selected']['Settings'];
    ?>
</b>
  </td>
  <?php 
    if (!isset($COLLATE['user']['username']) || isset($COLLATE['user']['ldapexempt']) && ($COLLATE['settings']['auth_type'] != 'ldap' || $COLLATE['user']['ldapexempt'] === true)) {
        // If the change password icon is hidden, we want the bulk import icon to be on the second row, not the third unless the user is logged out
        ?>
</tr>
<tr><td colspan="4"><br /></td></tr>
<tr>
  <?php 
    }
    ?>
  <td align="center" style="width: 25%">
    <a href="./command.php"><img height="48" width="48" alt="" src="./images/bulkimport.png" /></a>
	<br /><b><?php 
    echo $COLLATE['languages']['selected']['BulkImport'];
    ?>
</b>
  </td>
</tr>
</table>
<br />
<br />

<?php 
}
Exemple #11
0
function submit_user()
{
    global $COLLATE;
    global $dbo;
    include 'include/validation_functions.php';
    # validations are organized by all checks that don't require db lookups, then all that do
    # in the order that the vars are listed below
    $username = isset($_POST['username']) ? $_POST['username'] : '';
    $tmppasswd = isset($_POST['tmppasswd']) && !empty($_POST['tmppasswd']) ? sha1(clean($_POST['tmppasswd'])) : '';
    $phone = isset($_POST['phone']) ? $_POST['phone'] : '';
    $email = isset($_POST['email']) ? $_POST['email'] : '';
    $language = isset($_POST['languages']) ? $_POST['languages'] : '';
    $perms = isset($_POST['perms']) && preg_match("/^[012345]{1}\$/", $_POST['perms']) ? $_POST['perms'] : '';
    $locked = isset($_POST['locked']) ? 'on' : 'off';
    $loginattempts = $locked == 'on' ? '9' : '0';
    $ldapexempt = isset($_POST['ldapexempt']) && $_POST['ldapexempt'] == "on" ? true : false;
    $edit = isset($_GET['edit']) && preg_match("/true|false/", $_GET['edit']) ? true : false;
    $logged_in_user = isset($COLLATE['user']['username']) ? $COLLATE['user']['username'] : '';
    if ($logged_in_user != $username) {
        AccessControl('5', null);
    }
    if ($edit === false) {
        $return = validate_text($username, 'username');
        if ($return['0'] === false) {
            $notice = $return['error'];
            header("Location: users.php?op=add&username={$username}&phone={$phone}&email={$email}&notice={$notice}");
            exit;
        }
        $action = 'add';
    } else {
        $action = 'edit';
    }
    $return = validate_text($phone, 'phone');
    if ($return['0'] === false) {
        $notice = $return['error'];
        header("Location: users.php?op={$action}&username={$username}&phone={$phone}&email={$email}&notice={$notice}");
        exit;
    }
    $return = validate_text($email, 'email');
    if ($return['0'] === false) {
        $notice = $return['error'];
        header("Location: users.php?op={$action}&username={$username}&phone={$phone}&email={$email}&notice={$notice}");
        exit;
    }
    if (empty($email) && empty($phone)) {
        $notice = "onecontact";
        header("Location: users.php?op={$action}&username={$username}&phone={$phone}&email={$email}&notice={$notice}");
        exit;
    }
    foreach (glob("languages/*.php") as $filename) {
        include $filename;
    }
    if (!isset($languages[$language]['isocode']) || $language != $languages[$language]['isocode']) {
        header("Location: users.php?op={$action}&username={$username}&phone={$phone}&email={$email}&notice=invalidrequest");
        exit;
    }
    $test = $dbo->query("SELECT id FROM users WHERE username='******'");
    if ($test->rowCount() > "0" && $edit === false) {
        #duplicate user
        $notice = "nameconflict-notice";
        header("Location: users.php?op=add&username={$username}&phone={$phone}&email={$email}&notice={$notice}");
        exit;
    } elseif ($test->rowCount() !== 1 && $edit !== false) {
        #can't edit a user that doesn't exist
        $notice = "invalidrequest";
        header("Location: users.php?op=add&username={$username}&phone={$phone}&email={$email}&notice={$notice}");
        exit;
    }
    if ($edit === false) {
        $sql = "INSERT INTO users (username, tmppasswd, accesslevel, phone, email, loginattempts, ldapexempt, language) \r\n           VALUES('{$username}', '{$tmppasswd}', '{$perms}', '{$phone}', '{$email}', '{$loginattempts}', '{$ldapexempt}', '{$language}')";
    } else {
        if ($COLLATE['user']['accesslevel'] == '5' || $COLLATE['settings']['perms'] > '5') {
            #can update all vars
            if (empty($tmppasswd)) {
                $sql = "UPDATE users SET accesslevel='{$perms}', phone='{$phone}', email='{$email}', loginattempts='{$loginattempts}', \r\n\t\t        ldapexempt='{$ldapexempt}', language='{$language}' \r\n\t            WHERE username='******'";
            } else {
                $sql = "UPDATE users SET tmppasswd='{$tmppasswd}', accesslevel='{$perms}', phone='{$phone}',\r\n\t            email='{$email}', loginattempts='{$loginattempts}', ldapexempt='{$ldapexempt}', language='{$language}' \r\n\t            WHERE username='******'";
            }
        } else {
            # can only update basic info
            $sql = "UPDATE users SET username='******', phone='{$phone}', email='{$email}', language='{$language}' \r\n\t          WHERE username='******'";
        }
    }
    if ($edit === false) {
        $message = "User added: {$username}";
        $notice = "useradded-notice";
    } else {
        $message = "User updated: {$username}";
        $notice = "userupdated-notice";
    }
    collate_log('5', $message);
    // adds and modifications are always logged
    $dbo->query($sql);
    header("Location: users.php?op=edit&username={$username}&notice={$notice}");
    exit;
}