function smarty_block_canDo($params, $content, &$smarty, &$repeat) { /* print block only if admin canDo "perm_name" if optional argument "username" is passed to this function it will checked with currently logged in user and block will be shown if "username" and authenticated user was the same. This is Useful for pages that admin can see his info always, and other admin infos when he has permission. WARNING: perm.php and auth.php should be included by smarty object creator */ if (is_null($content)) { if (isset($params["username"]) and getAuthUsername() == $params["username"]) { return; } if (canDo($params["perm_name"])) { return; } $repeat = FALSE; } else { return $content; } }
function canDo($perm_name, $admin_username = null) { /*check if authenticated admin can do a job needed permission with $perm_name perm_name(string) name of permission admin_username(string) if not null check canDo for this username, else use current logged on username other parameters of this function will be passed to core canDo function as optional arguments of permission */ if (is_null($admin_username)) { $admin_username = getAuthUsername(); } $arg_list = func_get_args(); $params = array(); for ($i = 2; $i < func_num_args(); $i++) { $params[] = $arg_list[$i]; } $can_do_request = new AdminCanDo($perm_name, $admin_username, $params); list($success, $ret_val) = $can_do_request->send(); if (!$success) { toLog("canDo Error:" . $ret_val->getErrorMsg()); return FALSE; } return $ret_val == TRUE ? TRUE : FALSE; }
$row = $result->FetchRow(); if (!in_array($row["admingrp"], $grps)) { myError($w, $p, my_("You may not send a registrar update for this customer as you are not a member of the customers admin group")); } $formerror = ""; $cnt = 0; foreach ($baseindex as $key => $value) { $value = floor($value); // dont trust values posted $result = $ds->GetBaseFromIndex($value); $row = $result->FetchRow(); $baseip = inet_ntoa($row["baseaddr"]); $size = $row["subnetsize"]; $swipmod = $row["swipmod"]; $swip = genSWIP($ds, $value, $baseip, inet_ntoa($row["baseaddr"] + $size - 1), $cust, $row["descrip"], $swipmod, $filename); insert($w, block("<pre>")); insert($w, text($swip)); insert($w, block("</pre><hr>")); $err = emailSWIP($swip); // on email error, fail if ($err) { $formerror .= my_("E-mail message was not sent") . "\n"; $formerror .= my_("Mailer Error: ") . $err; break; } $result =& $ds->ds->Execute("UPDATE base\n SET swipmod=" . $ds->ds->DBTimeStamp(time()) . "\n WHERE baseindex={$value}"); $ds->AuditLog(array("event" => 190, "action" => "send swip", "user" => getAuthUsername(), "baseaddr" => $baseip, "template" => $filename, "size" => $size, "cust" => $cust)); } myError($w, $p, $formerror, FALSE); insert($w, block("<p>")); printhtml($p);
if ($_GET) { // save the last customer used // must set path else Netscape gets confused! setcookie("ipplanCustomer", "{$cust}", time() + 10000000, "/"); // check if user belongs to customer admin group $result = $ds->GetCustomerGrp($cust); // can only be one row - does not matter if nothing is // found as array search will return false $row = $result->FetchRow(); if (!in_array($row["admingrp"], $grps)) { myError($w, $p, my_("You may not delete an area for this customer as you are not a member of the customers admin group")); } if ($areaindex > 0) { $result = $ds->GetArea($cust, $areaindex); $row = $result->FetchRow(); $areaip = inet_ntoa($row["areaaddr"]); $ds->DbfTransactionStart(); $result =& $ds->ds->Execute("DELETE FROM area\n WHERE areaindex={$areaindex}") and $ds->AuditLog(array("event" => 152, "action" => "delete area", "area" => $areaip, "user" => getAuthUsername(), "cust" => $cust)); if ($result) { $ds->DbfTransactionEnd(); Header("Location: " . location_uri("modifyarearange.php?cust={$cust}")); exit; //insert($w,text(my_("Area deleted"))); } else { insert($w, text(my_("Area could not be deleted"))); } } else { insert($w, text("Area index is invalid")); } } printhtml($p);
myError($w, $p, my_("You may not export a zone as you are not a member of the customers admin group")); } if (!$ds->FwdZoneExists($cust, $value)) { myError($w, $p, my_("Could not find the zone - possibly deleted by another user")); } $serialnum = $ds->ds->GetOne("SELECT serialnum\n FROM fwdzone\n WHERE customer={$cust} AND data_id={$value}"); $serialdate = $ds->ds->GetOne("SELECT serialdate\n FROM fwdzone\n WHERE customer={$cust} AND data_id={$value}"); $ds->SetSerial($serialdate, $serialnum); // dont really need customer, but required for now $ds->cust = $cust; $ds->DbfTransactionStart(); $tmpfname = $ds->FwdZoneExport($cust, $value); // could be non fatal errors $formerror .= $ds->errstr; if ($tmpfname and !$ds->err) { $ds->AuditLog(array("event" => 113, "action" => "export forward zone", "cust" => $cust, "user" => getAuthUsername(), "domain" => $ds->domain, "id" => $value, "tmpfname" => $tmpfname)); $ds->DbfTransactionEnd(); insert($w, textbr(sprintf(my_("Sent update to Backend Processor as file %s for domain %s"), $tmpfname, $ds->domain))); } else { $ds->DbfTransactionRollback(); $formerror .= sprintf(my_("Zone %s could not be exported. Try again."), $ds->domain) . "\n"; } } } // ##################### END OF Update DNS Servers ############################## // Now Setup Page... myError($w, $p, $formerror, FALSE); insert($w, heading(3, "{$title}.")); insert($w, text(my_("Create (manually and via a zone transfer) and maintain forward DNS zones."))); insert($w, block(my_(" Zones in bold and tagged with a ‡ have changed domain records, but have not been exported yet."))); insert($w, textbr());
function AuditLog($message) { if (AUDIT) { if (is_string($message)) { $this->ds->Execute("INSERT INTO auditlog\n (action, userid, dt)\n VALUES\n (" . $this->ds->qstr(substr($message, 0, 254)) . ",\n " . $this->ds->qstr(getAuthUsername()) . ",\n " . $this->ds->DBTimeStamp(time()) . ")"); } else { if (is_array($message)) { // step through array $newmsg = ""; foreach ($message as $key => $value) { $newmsg .= "{$key}={$value}, "; } $newmsg = substr($newmsg, 0, strlen($newmsg) - 2); // message could be long, so wrap over multiple log lines $msgarr = explode("\n", wordwrap($newmsg, 250, "\n... ")); foreach ($msgarr as $value) { $this->ds->Execute("INSERT INTO auditlog\n (action, userid, dt)\n VALUES\n (" . $this->ds->qstr(substr($value, 0, 254)) . ",\n " . $this->ds->qstr(getAuthUsername()) . ",\n " . $this->ds->DBTimeStamp(time()) . ")"); } // call external trigger function if (EXT_FUNCTION) { user_trigger($message); } } } } }
} while ($row = $result->FetchRow()); insert($w, block("<p>")); printhtml($p); exit; } // check if customer has DNS information (forward zone) $result =& $ds->ds->SelectLimit("SELECT customer\n FROM fwdzone\n WHERE customer={$cust}", 1); if ($row = $result->FetchRow()) { insert($w, text(my_("Cannot delete customer because customer has DNS zones defined"))); insert($w, block("<p>")); printhtml($p); exit; } // check if customer has DNS information (reverse zone) $result =& $ds->ds->SelectLimit("SELECT customer\n FROM zones\n WHERE customer={$cust}", 1); if ($row = $result->FetchRow()) { insert($w, text(my_("Cannot delete customer because customer has reverse DNS zones defined"))); insert($w, block("<p>")); printhtml($p); exit; } $ds->DbfTransactionStart(); // these deletes also appear in the admin/maintenance script! $result =& $ds->ds->Execute("DELETE FROM customer\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM custinfo\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM custadd\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM revdns\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM area\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM netrange\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM fwdzone\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM fwdzoneadd\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM fwdzonerec\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM zones\n WHERE customer={$cust}") and $ds->AuditLog(array("event" => 182, "action" => "delete customer", "user" => getAuthUsername(), "cust" => $cust)); if ($result) { $ds->DbfTransactionEnd(); insert($w, text(my_("Customer deleted"))); } else { insert($w, text(my_("Customer could not be deleted"))); } printhtml($p);
} } // End of template support for base // Changed - End [FE] $ds->AuditLog(sprintf(my_("User %s modified subnet details %s size %u customer cust %u"), getAuthUsername(), inet_ntoa($base), $size, $cust)); } else { // if not duplicate, fall through to here if ($size > 1) { if (TestBaseAddr(inet_aton3($ipaddr), $size)) { insert($w, text(my_("Invalid base address!"))); break; } } // use the first group user belongs to create subnet if ($baseindex = $ds->CreateSubnet($base, $size, $descrip, $cust, 0, $admingrp)) { $ds->AuditLog(sprintf(my_("User %s created new subnet %s size %u cust %u"), getAuthUsername(), inet_ntoa($base), $size, $cust)); // Changed - Begin [FE] // Start of template support for base if (!empty($info)) { // First, try to insert. $result =& $ds->ds->Execute("INSERT INTO baseadd\n (info, baseindex)\n VALUES\n (" . $ds->ds->qstr($info) . ",\n {$baseindex})"); // Second, try to update. if ($result == FALSE) { $result =& $ds->ds->Execute("UPDATE baseadd\n SET info=" . $ds->ds->qstr($info) . " \n WHERE baseindex={$baseindex}"); if ($result == FALSE) { insert($w, block("<b>" . my_("Error inserting/updating info.") . "</b>")); } } } // End of template support for base // Changed - End [FE]
function RevZoneExport($cust, $zoneid) { // use local function variables as they may change $this->cust = $cust; $this->Serial(); $result = $this->ds->Execute("UPDATE zones " . "set serialdate=" . $this->ds->qstr($this->serialdate) . ", userid=" . $this->ds->qstr(getAuthUsername()) . ", lastexp=" . $this->ds->DBTimeStamp(time()) . ", error_message=" . $this->ds->qstr("") . ", serialnum={$this->serialnum} " . " WHERE customer={$cust} AND id={$zoneid}"); if ($result) { $sqllastmod = $this->ds->SQLDate("M d Y H:i:s", 'lastmod'); $result = $this->ds->Execute("SELECT id, zoneip, zonesize, zone, serialdate, \n serialnum, ttl, refresh, retry, expire, minimum, zonefilepath1, \n zonefilepath2, responsiblemail, customer, {$sqllastmod} AS lastmod, \n userid, slaveonly\n FROM zones\n WHERE customer={$cust} AND id={$zoneid}"); $row = $result->FetchRow(); $this->zone = $row["zone"]; $this->zoneip = $row["zoneip"]; $this->size = $row["zonesize"]; $prefix = inet_bits($row["zonesize"]); $tmpfname = tempnam(DNSEXPORTPATH, "revzone_" . $this->zone . "_"); if (!$tmpfname) { $this->err = 80; $this->errstr .= my_("Could not create temporary file!"); return; } $fp = fopen("{$tmpfname}", "w"); // header of document $output = '<?xml version="1.0" ?>'; fputs($fp, $output); fputs($fp, "\n"); $ip = inet_ntoa($row["zoneip"]); list($octet1, $octet2, $octet3, $octet4) = explode(".", $ip); fputs($fp, sprintf('<zone domain="%s" zoneip="%s" zonesize="%s" prefix="%s" slaveonly="%s" octect1="%s" octect2="%s" octect3="%s" octect4="%s">', $row["zone"], $ip, $row["zonesize"], $prefix, empty($row["slaveonly"]) ? "N" : $row["slaveonly"], $octet1, $octet2, $octet3, $octet4)); fputs($fp, "\n"); fputs($fp, sprintf("<path>\n<primary>\n%s\n</primary>\n", htmlspecialchars($row["zonefilepath1"]))); fputs($fp, sprintf("<primaryfile>\n%s\n</primaryfile>\n", htmlspecialchars(basename($row["zonefilepath1"])))); fputs($fp, sprintf("<primarydir>\n%s\n</primarydir>\n", htmlspecialchars(dirname($row["zonefilepath1"])))); fputs($fp, sprintf("<secondary>\n%s\n</secondary>\n", htmlspecialchars($row["zonefilepath2"]))); fputs($fp, sprintf("<secondaryfile>\n%s\n</secondaryfile>\n", htmlspecialchars(basename($row["zonefilepath2"])))); fputs($fp, sprintf("<secondarydir>\n%s\n</secondarydir>\n", htmlspecialchars(dirname($row["zonefilepath2"])))); fputs($fp, "</path>\n"); // SOA portion fputs($fp, sprintf('<soa serialdate="%s" serialnum="%02d" ttl="%s" retry="%s" refresh="%s" expire="%s" minimumttl="%s" email="%s" />', $this->serialdate, $this->serialnum, $row["ttl"], $row["retry"], $row["refresh"], $row["expire"], $row["minimum"], $row["responsiblemail"])); fputs($fp, "\n"); // nameservers $result1 = $this->ds->Execute("SELECT hname FROM zonedns\n WHERE id={$zoneid}\n ORDER BY horder"); $cnt = 0; while ($row1 = $result1->FetchRow()) { fputs($fp, '<record><NS>'); fputs($fp, sprintf('<iphostname>%s</iphostname>', $row1["hname"])); fputs($fp, '</NS></record>'); fputs($fp, "\n"); $cnt++; } if ($cnt < 2) { fclose($fp); unlink($tmpfname); $this->err = 90; $this->errstr .= my_("Invalid zone - zone should have at least two name servers defined"); return; } // get records from main ipplan ipaddr tables $result1 = $this->ds->Execute("SELECT ipaddr.ipaddr, ipaddr.hname\n FROM base, ipaddr\n WHERE base.customer = {$cust} AND\n base.baseindex = ipaddr.baseindex AND\n ipaddr.ipaddr >= " . $row["zoneip"] . " AND\n ipaddr.ipaddr <= " . ($row["zoneip"] + $row["zonesize"]) . "\n ORDER BY ipaddr.ipaddr"); while ($row1 = $result1->FetchRow()) { $ip = inet_ntoa($row1["ipaddr"]); // ignore blank records if (empty($row1["hname"])) { continue; } // test for valid domain name if (!preg_match('/^(([\\w][\\w\\-\\.]*)\\.)?([\\w][\\w\\-]+)(\\.([\\w][\\w\\.]*))?$/', $row1["hname"])) { $this->errstr .= sprintf(my_("Invalid record - ignored: %s %s"), $ip, $row1["hname"]); continue; } fputs($fp, '<record><PTR>'); fputs($fp, sprintf('<host>%s</host>', $row1["hname"])); list($octet1, $octet2, $octet3, $octet4) = explode(".", $ip); fputs($fp, sprintf('<octet1>%s</octet1>', $octet1)); fputs($fp, sprintf('<octet2>%s</octet2>', $octet2)); fputs($fp, sprintf('<octet3>%s</octet3>', $octet3)); fputs($fp, sprintf('<octet4>%s</octet4>', $octet4)); fputs($fp, "\n"); fputs($fp, sprintf('<iphostname>%s</iphostname>', $ip)); fputs($fp, '</PTR></record>'); fputs($fp, "\n"); } // close zone fputs($fp, '</zone>'); fputs($fp, "\n"); fclose($fp); // give file proper extension rename($tmpfname, $tmpfname . ".xml"); @chmod($tmpfname . ".xml", 0644); $this->err = 0; return $tmpfname . ".xml"; } //return $tmpfname; // database error? /* // Update DNS Database Serial Count. Update Serial Count only when we export. $result = $this->ds->Execute("UPDATE fwdzone ". "set serialdate=".$this->ds->qstr($this->serialdate). ", userid=".$this->ds->qstr(getAuthUsername()). ", serialnum=$this->serialnum". " WHERE customer=$cust AND data_id=".$zoneid); if ($result) { $result = $this->ds->Execute("SELECT * FROM fwdzone WHERE customer=$cust AND data_id=$zoneid"); $row = $result->FetchRow(); $this->domain=$row["domain"]; $tmpfname = tempnam (DNSEXPORTPATH, "zone_") or myError($w,$p, my_("Could not create temporary file!")); $fp = fopen ("$tmpfname", "w"); // header of document $output='<?xml version="1.0" ?>'; fputs($fp, $output); fputs($fp, "\n"); fputs($fp, sprintf('<zone domain="%s" slaveonly="%s">', $row["domain"], (empty($row["slaveonly"]) ? "N" : $row["slaveonly"]))); fputs($fp, "\n"); // SOA portion fputs($fp, sprintf('<soa serialdate="%s" serialnum="%02d" ttl="%s" retry="%s" refresh="%s" expire="%s" minimumttl="%s" email="%s" />', $this->serialdate, $this->serialnum, $row["ttl"], $row["retry"], $row["refresh"], $row["expire"], $row["minimum"], $row["responsiblemail"] )); fputs($fp, "\n"); // nameservers $result1 = $this->ds->Execute("SELECT hname FROM fwddns WHERE id=$zoneid ORDER BY horder"); $cnt=0; while($row1 = $result1->FetchRow()) { fputs($fp, '<record><NS>'); fputs($fp, sprintf('<iphostname>%s</iphostname>', $row1["hname"])); fputs($fp, '</NS></record>'); fputs($fp, "\n"); $cnt++; } if ($cnt < 2) { insert($w,textbr(my_("Invalid zone - zone should have at least two name servers defined"))); } $result = $this->ds->Execute("SELECT * FROM fwdzonerec WHERE customer=$cust AND data_id=$zoneid ORDER BY sortorder"); // loop through each host record while($row = $result->FetchRow()) { fputs($fp, sprintf('<record><%s>', $row["recordtype"])); fputs($fp, sprintf('<host>%s</host>', $row["host"])); // MX records are in format "10 hostname.com" in database field ip_hostname if ($row["recordtype"]=="MX") { list($preference, $iphost) = explode(" ", $row["ip_hostname"], 2); if (is_numeric($preference) and $preference >= 0) { fputs($fp, sprintf('<preference>%s</preference>', $preference)); fputs($fp, sprintf('<iphostname>%s</iphostname>', $iphost)); } else { fputs($fp, '<preference>10</preference>'); fputs($fp, sprintf('<iphostname>%s</iphostname>', $row["ip_hostname"])); } } else { fputs($fp, sprintf('<iphostname>%s</iphostname>', $row["ip_hostname"])); } fputs($fp, sprintf('</%s></record>', $row["recordtype"])); fputs($fp, "\n"); } // close zone fputs($fp, '</zone>'); fputs($fp, "\n"); fclose($fp); } return $tmpfname; */ }
} while ($row = $result->FetchRow()); setdefault("cell", ""); insert($w, block("<p>")); } // check if user belongs to customer admin group $result = $ds->GetCustomerGrp($cust); // can only be one row - does not matter if nothing is // found as array search will return false $row = $result->FetchRow(); if (!in_array($row["admingrp"], $grps)) { myError($w, $p, my_("You may not create a subnet for this customer as you are not a member of the customers admin group")); } $ds->DbfTransactionStart(); // use the first group user belongs to create subnet if ($id = $ds->CreateSubnet($base, $size, $descrip, $cust, $dhcp, $admingrp)) { $ds->AuditLog(array("event" => 170, "action" => "create subnet", "descrip" => $descrip, "user" => getAuthUsername(), "baseaddr" => inet_ntoa($base), "size" => $size, "cust" => $cust)); insert($w, text(sprintf(my_("Subnet %s created"), inet_ntoa($base)))); // fill new subnet with nmap if (NMAP != "" and $addnmapinfo and $size >= 4 and $size <= 1024) { if (ProcessNmap($ds, $base, $id, $size)) { insert($w, textbr()); myError($w, $p, my_("NMAP data not in XML format or XML not available"), FALSE); } } else { if ($addhostinfo and $size > 0) { // remember to skip broadcast and network addresses! for ($i_dns = 1; $i_dns < $size - 1; $i_dns++) { $hname = gethostbyaddr(inet_ntoa($base + $i_dns)); if ($hname != inet_ntoa($base + $i_dns)) { $ds->AddIP($base + $i_dns, $id, "", "", "", "", "", $hname, ""); }
} foreach ((array) $zoneid as $value) { if (!$ds->RevZoneExists($cust, $value)) { myError($w, $p, my_("Could not find the zone - possibly deleted by another user")); } $serialnum = $ds->ds->GetOne("SELECT serialnum\n FROM zones\n WHERE customer={$cust} AND id={$value}"); $serialdate = $ds->ds->GetOne("SELECT serialdate\n FROM zones\n WHERE customer={$cust} AND id={$value}"); $ds->SetSerial($serialdate, $serialnum); // dont really need customer, but required for now $ds->cust = $cust; $ds->DbfTransactionStart(); $tmpfname = $ds->RevZoneExport($cust, $value); // could be non fatal errors $formerror .= $ds->errstr; if ($tmpfname and !$ds->err) { $ds->AuditLog(array("event" => 103, "action" => "export reverse zone", "cust" => $cust, "user" => getAuthUsername(), "id" => $value, "zone" => $ds->zone, "zoneip" => inet_ntoa($ds->zoneip), "size" => $ds->size, "tmpfname" => $tmpfname)); $ds->DbfTransactionEnd(); insert($w, textbr(sprintf(my_("Sent update to Backend Processor as file %s for domain %s zone ip %s zone size %s"), $tmpfname, $ds->zone, inet_ntoa($ds->zoneip), $ds->size))); } else { $ds->DbfTransactionRollback(); $formerror .= my_("Zone could not be exported. Try again.") . "\n"; } } } // ##################### END OF Export Zone ############################## // Now Setup Page... myError($w, $p, $formerror, FALSE); insert($w, heading(3, "{$title}.")); insert($w, text(my_("Create and maintain reverse DNS zones. Reverse zone records are extracted from the host field of subnets created for this customer."))); insert($w, block(my_(" Zones in bold and tagged with a ‡ have changed domain records, but have not been exported yet."))); insert($w, textbrbr(my_("NOTE: Changed domain records are IP records that have been modified since the domain serial date. Thus even after an export the zone may still show changed as the resolution of the serial date is one day. The last modified date is the date when the SOA details for this zone have last changed.")));
} $ds->AuditLog(array("event" => 180, "action" => "create customer", "user" => getAuthUsername(), "cust" => $cust, "descrip" => $custdescrip)); $ds->DbfTransactionEnd(); } } else { // always need to test - customer could have been deleted // result used later $result = $ds->GetCustomerInfo($cust); // should only be one row here if (!($row = $result->FetchRow())) { myError($w, $p, my_("Customer cannot be found!")); } $result =& $ds->ds->Execute("UPDATE customer\n SET custdescrip=" . $ds->ds->qstr($custdescrip) . ",\n crm=" . $ds->ds->qstr($crm) . ",\n admingrp=" . $ds->ds->qstr($grp) . "\n WHERE customer={$cust}"); // did not fail due to key error? if ($result) { $ds->AuditLog(array("event" => 181, "action" => "modify customer", "user" => getAuthUsername(), "cust" => $cust, "descrip" => $custdescrip)); $ds->DbfTransactionEnd(); } } // test for CRM duplicates - this is not a unique key and cannot be if (!empty($crm)) { $recs = $ds->ds->GetOne("SELECT count(*) AS cnt FROM customer \n WHERE crm=" . $ds->ds->qstr($crm)); if ($recs > 1) { //duplicate ? insert($w, text(my_("The CRM field has already been used for another customer"), array("color" => "#FF0000"))); insert($w, textbr()); //$formerror .= my_("Duplicate CRM field")."\n"; } } // transaction could be rolled back if insert below fails - must // start new transaction here
$dom_id = $ds->ds->GetOne("SELECT data_id\n FROM fwdzone\n WHERE customer={$cust} AND domain=" . $ds->ds->qstr($domain)); // Updated DB here. // Log the Transaction. $ds->DbfTransactionStart(); // do update of ip record with hostname as part of transaction if ($updateiprec) { $fqdn = substr($host, -1, 1) == "." ? substr($host, 0, -1) : "{$host}.{$domain}"; $result = $ds->GetBaseFromIP(inet_aton($iphostname), $cust); if ($row = $result->FetchRow()) { $baseindex = $row["baseindex"]; $ds->ModifyIP(array(inet_aton($iphostname)), $baseindex, "", "", "", "", "", $fqdn, ""); // not really an error, but a warning? $formerror .= my_("Subnet IP record updated with hostname: ") . "{$fqdn}\n"; } } $result =& $ds->ds->Execute("UPDATE fwdzonerec SET sortorder=" . $sortorder . ", host=" . $ds->ds->qstr($host) . ", lastmod=" . $ds->ds->DBTimeStamp(time()) . ", recordtype=" . $ds->ds->qstr($recordtype) . ", userid=" . $ds->ds->qstr(getAuthUsername()) . ", ip_hostname=" . $ds->ds->qstr($iphostname) . " WHERE customer={$cust} AND recidx=" . $dataid) and $ds->ds->Execute("UPDATE fwdzone \n SET error_message=" . $ds->ds->qstr("E") . ",\n lastmod=" . $ds->ds->DBTimeStamp(time()) . " WHERE customer={$cust} AND data_id=" . $dom_id) and $ds->AuditLog(array("event" => 122, "action" => "modified zone record", "cust" => $cust, "user" => getAuthUsername(), "domain" => $domain, "host" => $host, "recordtype" => $recordtype, "iphostname" => $iphostname)); if ($result) { $ds->DbfTransactionEnd(); insert($w, textbr(my_("Host Record Modified"))); $zone = ""; } else { $ds->DbfTransactionRollback(); $formerror .= my_("Host record could not be modifed. Try again.") . "\n"; } } // ##################### END OF Edit ############################## myError($w, $p, $formerror, FALSE); insert($w, heading(3, "{$title}.")); insert($w, textbr(my_("Maintain forward zone domain records."))); // start form insert($w, $f1 = form(array("name" => "THISFORM", "method" => "post", "action" => $_SERVER["PHP_SELF"])));
if ($action == "split") { // user may have pressed browser reload, so check size again if ($size < 2) { myError($w, $p, my_("Subnets cannot be split - host network!")); } // halve size of subnet $result =& $ds->ds->Execute("UPDATE base\n SET subnetsize={$size}/2,\n lastmod=" . $ds->ds->DBTimeStamp(time()) . ",\n userid=" . $ds->ds->qstr(getAuthUsername()) . "\n WHERE baseindex={$baseindex}"); // ... and create new subnet $timetmp = time(); // check that new decsription fits into 80 column field $basetmp = $ds->CreateSubnet($base + $size / 2, $size / 2, substr($descriptmp, 0, 80 - (strlen($timetmp) + 3)) . " - " . $timetmp, $cust, 0, $admingrp); // ... and then link half of ip records to new subnet if ($basetmp) { $ds->ds->Execute("UPDATE ipaddr\n SET baseindex={$basetmp}\n WHERE baseindex={$baseindex} AND\n ipaddr >= " . ($base + $size / 2) . " AND\n ipaddr <= " . ($base + $size - 1)); } $ds->AuditLog(array("event" => 174, "action" => "split subnet", "user" => getAuthUsername(), "baseaddr" => $baseip, "size" => $size / 2, "cust" => $cust)); } } $ds->DbfTransactionEnd(); insert($w, textbr(my_("Subnet split or joined"))); } } // set start and end address according to range if ($rangeindex) { // should only return one row here! $result = $ds->GetRange($cust, $rangeindex); $row = $result->FetchRow(); $start = inet_ntoa($row["rangeaddr"]); $end = inet_ntoa($row["rangeaddr"] + $row["rangesize"] - 1); $site = " (" . $row["descrip"] . ")"; } else {
} if (!$formerror) { $base = inet_aton($ipaddr); // check if user belongs to customer admin group $result = $ds->GetCustomerGrp($cust); // can only be one row - does not matter if nothing is // found as array search will return false $row = $result->FetchRow(); if (!in_array($row["admingrp"], $grps)) { myError($w, $p, my_("You may not create/modify an area for this customer as you are not a member of the customers admin group")); } $ds->DbfTransactionStart(); if ($action == "modify") { $result =& $ds->ds->Execute("UPDATE area SET areaaddr={$base}, \n descrip=" . $ds->ds->qstr($descrip) . " WHERE areaindex={$areaindex}") and $ds->AuditLog(array("event" => 151, "action" => "modify area", "descrip" => $descrip, "user" => getAuthUsername(), "area" => $ipaddr, "cust" => $cust)); } else { $result =& $ds->ds->Execute("INSERT INTO area\n (areaaddr, descrip, customer)\n VALUES\n ({$base}, " . $ds->ds->qstr($descrip) . ", {$cust})") and $ds->AuditLog(array("event" => 150, "action" => "create area", "descrip" => $descrip, "user" => getAuthUsername(), "area" => $ipaddr, "cust" => $cust)); } if ($result) { $ds->DbfTransactionEnd(); if ($action == "modify") { Header("Location: " . location_uri("modifyarearange.php?cust={$cust}")); //insert($w,textbr(my_("Area modified"))); //printhtml($p); exit; } else { insert($w, textbr(my_("Area created"))); } $ipaddr = ""; $descrip = ""; } else { $ds->DbfTransactionRollback();
function myheading($q, $title, $displaymenu = true) { // Generate the correct prefix for URLs in menu. $BASE_URL = base_url(); $BASE_DIR = base_dir(); $myDirPath = $BASE_DIR . '/menus/'; $myWwwPath = $BASE_URL . '/menus/'; // these files should probably not be here require_once $myDirPath . 'lib/PHPLIB.php'; require_once $myDirPath . 'lib/layersmenu-common.inc.php'; require_once $myDirPath . 'lib/layersmenu.inc.php'; require_once $BASE_DIR . '/menudefs.php'; eval("\$ADMIN_MENU = \"{$ADMIN_MENU}\";"); // create the html page HEAD section insert($q, $header = wheader("IPPlan - {$title}")); insert($q, $w = container("div", array("class" => "matte"))); insert($header, generic("meta", array("http-equiv" => "Content-Type", "content" => "text/html; charset=UTF-8"))); if ($displaymenu) { insert($header, generic("link", array("rel" => "stylesheet", "href" => "{$myWwwPath}" . "layersmenu-gtk2.css"))); // insert($header, generic("link",array("rel"=>"stylesheet","href"=>"$myWwwPath"."layersmenu-demo.css"))); } // Konqueror and Safari browsers do not support overflow: auto css tag so use custom stylesheet if (stristr($_SERVER["HTTP_USER_AGENT"], "konqueror") or stristr($_SERVER["HTTP_USER_AGENT"], "safari")) { insert($header, generic("link", array("rel" => "stylesheet", "href" => "{$BASE_URL}" . "/themes/default-safari.css"))); } else { // Added theme support. $themecookie = isset($_COOKIE["ipplanTheme"]) ? $_COOKIE["ipplanTheme"] : ""; global $config_themes; // obtained from config.php file which is global if (!empty($themecookie) and $config_themes[$themecookie] != "") { insert($header, generic("link", array("rel" => "stylesheet", "href" => "{$BASE_URL}" . "/themes/{$config_themes[$themecookie]}"))); } else { insert($header, generic("link", array("rel" => "stylesheet", "href" => "{$BASE_URL}" . "/themes/default.css"))); } } if ($displaymenu) { insert($w, script("", array("language" => "JavaScript", "type" => "text/javascript", "src" => $myWwwPath . "libjs/layersmenu-browser_detection.js"))); insert($w, script("", array("language" => "JavaScript", "type" => "text/javascript", "src" => $myWwwPath . 'libjs/layersmenu-library.js'))); insert($w, script("", array("language" => "JavaScript", "type" => "text/javascript", "src" => $myWwwPath . 'libjs/layersmenu.js'))); $mid = new LayersMenu(6, 7, 2, 1); $mid->setDirroot($BASE_DIR . '/menus/'); $mid->setLibjsdir($BASE_DIR . '/menus/libjs/'); $mid->setImgdir($BASE_DIR . '/menus/menuimages/'); $mid->setImgwww($BASE_URL . '/menus/menuimages/'); $mid->setIcondir($BASE_DIR . '/menus/menuicons/'); $mid->setIconwww($BASE_URL . '/menus/menuicons/'); $mid->setTpldir($BASE_DIR . '/menus/templates/'); $mid->SetMenuStructureString($ADMIN_MENU); $mid->setIconsize(16, 16); $mid->parseStructureForMenu('hormenu1'); $mid->newHorizontalMenu('hormenu1'); } // draw header box insert($w, $con = container("div", array("class" => "headerbox", "align" => "center"))); insert($con, heading(1, my_("IPPlan - IP Address Management and Tracking"))); insert($con, block("<br>")); insert($con, heading(3, $title)); if ($displaymenu) { // draw menu box here insert($w, $con = container("div", array("class" => "menubox"))); insert($con, $t = table(array("cols" => "2", "width" => "100%"))); insert($t, $c1 = cell()); insert($t, $c2 = cell(array("align" => "right"))); insert($c1, block($mid->getHeader())); insert($c1, block($mid->getMenu('hormenu1'))); insert($c1, block($mid->getFooter())); // find a place to display logged in user insert($c2, $uc = container("div", array("class" => "userbox"))); if (getAuthUsername() != "") { insert($uc, block(sprintf(my_("Logged in as %s"), getAuthUsername()))); } } insert($w, $con = container("div", array("class" => "normalbox"))); insert($w, $con1 = container("div", array("class" => "footerbox"))); insert($con1, block("IPPlan v4.92b")); return $con; }
function serveFile($file, $page, $ftype) { $filename = getAuthUsername() . $page . time(); // append file extension type if ($ftype == "csv") { $filename .= ".csv"; } elseif ($ftype == "plain") { $filename .= ".txt"; } elseif ($ftype == "tab") { $filename .= ".txt"; } elseif ($ftype == "xml") { $filename .= ".xml"; } //$file = file_get_contents($tempfname); // change content type based on file extension if ($ftype == "csv") { header('Content-Type: text/csv'); } elseif ($ftype == "plain") { header('Content-Type: text/plain'); } elseif ($ftype == "tab") { header('Content-Type: text/plain'); } elseif ($ftype == "xml") { header('Content-Type: application/xml'); } header("Content-Disposition: attachment; filename={$filename}"); header('Content-Length: ' . strlen($file)); echo $file; }
// previous contents - this is not good $template->Merge($userfld); if ($err = $template->Verify($w)) { $formerror .= my_("Additional information error") . "\n"; } if ($template->is_blank() == FALSE) { $info = $template->encode(); } } $recs = $ds->ds->GetOne("SELECT count(*) AS cnt\n FROM requestip"); if ($recs > MAXREQUESTS) { $formerror .= my_("Maximum number of outstanding IP requests exceeded") . "\n"; } if (!$formerror) { $ds->DbfTransactionStart(); $result =& $ds->ds->Execute("INSERT INTO requestip\n (customer, requestdesc, userinf, location, descrip,\n hname, telno, macaddr, info)\n VALUES\n ({$cust},\n " . $ds->ds->qstr($request) . ",\n " . $ds->ds->qstr($user) . ",\n " . $ds->ds->qstr($location) . ",\n " . $ds->ds->qstr($descrip) . ",\n " . $ds->ds->qstr($hname) . ",\n " . $ds->ds->qstr($telno) . ",\n " . $ds->ds->qstr($newmacaddr) . ",\n " . $ds->ds->qstr($info) . ")") and $ds->AuditLog(array("event" => 200, "action" => "request ip", "descrip" => $descrip, "user" => getAuthUsername(), "userinf" => $user, "location" => $location, "hname" => $hname, "telno" => $telno, "macaddr" => $macaddr)); if ($result) { $ds->DbfTransactionEnd(); insert($w, textbr(my_("IP address request created"))); $custdescrip = $ds->GetCustomerDescrip($cust); //Send email notification that IP Request was entered require "../class.phpmailer.php"; $mail = new PHPMailer(); $mail->IsSMTP(); // telling the class to use SMTP $mail->SetLanguage("en", "../"); $mail->Host = EMAILSERVER; // SMTP server $mail->From = HELPDESKEMAIL; $mail->IsHTML(false); $mail->FromName = "IP Plan";
$base = $row["baseaddr"]; $baseip = inet_ntoa($row["baseaddr"]); // test if subnet to update is within bounds foreach ($grps as $value) { if ($extst = $ds->TestBounds($base, $size, $value)) { // got an overlap, allowed to create break; } } // could not find new subnet within any of the defined bounds // so do not create if (!$extst) { myError($w, $p, sprintf(my_("Subnet %s not modified - out of defined authority boundary"), $baseip) . "\n"); } $ds->DbfTransactionStart(); $result =& $ds->ds->Execute("UPDATE base\n SET descrip=" . $ds->ds->qstr($descrip) . ",\n admingrp=" . $ds->ds->qstr($grp) . ",\n lastmod=" . $ds->ds->DBTimeStamp(time()) . ",\n baseopt={$dhcp},\n userid=" . $ds->ds->qstr($userid) . "\n WHERE baseindex={$baseindex}") and $ds->AuditLog(array("event" => 171, "action" => "modify subnet", "descrip" => $descrip, "user" => getAuthUsername(), "baseaddr" => inet_ntoa($base), "size" => $size, "cust" => $cust)); if ($dhcp) { // use dhcp template (for additional subnet information) $template = new IPplanIPTemplate("basetemplate-dhcp", $cust); } else { // use base template (for additional subnet information) $template = new IPplanIPTemplate("basetemplate", $cust); } $info = ""; if ($template->is_error() == FALSE) { // PROBLEM HERE: if template create suddenly returns error (template file // permissions, xml error etc), then each submit thereafter will erase // previous contents - this is not good $template->Merge($userfld); $err = $template->Verify($w); if ($template->is_blank() == FALSE) {
// save the last customer used // must set path else Netscape gets confused! setcookie("ipplanCustomer", "{$cust}", time() + 10000000, "/"); // check if user belongs to customer admin group $result = $ds->GetCustomerGrp($cust); // can only be one row - does not matter if nothing is // found as array search will return false $row = $result->FetchRow(); if (!in_array($row["admingrp"], $grps)) { myError($w, $p, my_("You may not delete an area for this customer as you are not a member of the customers admin group")); } if ($rangeindex > 0) { $result = $ds->GetRange($cust, $rangeindex); $row = $result->FetchRow(); $rangeip = inet_ntoa($row["rangeaddr"]); $rangesize = $row["rangesize"]; $ds->DbfTransactionStart(); $result =& $ds->ds->Execute("DELETE FROM netrange\n WHERE rangeindex={$rangeindex}") and $ds->AuditLog(array("event" => 162, "action" => "delete range", "baseaddr" => $rangeip, "user" => getAuthUsername(), "size" => $rangesize, "cust" => $cust)); if ($result) { $ds->DbfTransactionEnd(); Header("Location: " . location_uri("modifyarearange.php?cust={$cust}")); exit; //insert($w,text(my_("Range deleted"))); } else { insert($w, text(my_("Range could not be deleted"))); } } else { insert($w, text(my_("Range index is invalid"))); } } printhtml($p);
function UpdateLnk($ds, $w, $cust, $baseindex, $lnk, $ip) { /* // got link address, see if there is a subnet for this link // if no subnet found, do nothing $result=$ds->GetBaseFromIndex($baseindex); $row = $result->FetchRow(); $cust=$row["customer"]; */ $result = $ds->GetBaseFromIP(inet_aton($lnk), $cust); // yep found one, now see if a record exists if ($row = $result->FetchRow()) { $lnkidx = $row["baseindex"]; if (!$ds->TestCustomerGrp($lnkidx, getAuthUsername())) { return sprintf(my_("Destination linked address %s IP record not created as you are not a member of the customers admin group"), $lnk) . "\n"; } if (!($result = $ds->GetIPDetails($lnkidx, inet_aton($lnk)))) { // no row in subnet, then add one // NEED TO CHECK DESTINATION OWNERSHIP BEFORE ADDING RECORD $ds->ModifyIP(inet_aton($lnk), $lnkidx, "", "", "", "", "Linked address from " . inet_ntoa($ip), "", ""); insert($w, textbr(sprintf(my_("Destination linked address %s IP record created"), $lnk))); } } }
// end while: loop through ips of subnet. // Loop through the dynamic IPs above, and print the ranges. $iprange_start = $iprange_dynamicIPs[0]; for ($i = 0; $i < count($iprange_dynamicIPs); $i++) { if ($iprange_dynamicIPs[$i] + 1 != $iprange_dynamicIPs[$i + 1]) { fputs($fp, sprintf("\t<iprange type=\"dynamic\" firstip=\"%s\" lastip=\"%s\" />\n", htmlspecialchars(inet_ntoa($iprange_start)), htmlspecialchars(inet_ntoa($iprange_dynamicIPs[$i])))); $iprange_start = $iprange_dynamicIPs[$i + 1]; } } $iprange_start = $iprange_fixedIPs[0]; for ($i = 0; $i < count($iprange_fixedIPs); $i++) { if ($iprange_fixedIPs[$i] + 1 != $iprange_fixedIPs[$i + 1]) { fputs($fp, sprintf("\t<iprange type=\"static\" firstip=\"%s\" lastip=\"%s\" />\n", htmlspecialchars(inet_ntoa($iprange_start)), htmlspecialchars(inet_ntoa($iprange_fixedIPs[$i])))); $iprange_start = $iprange_fixedIPs[$i + 1]; } } fputs($fp, sprintf("</network>\n")); } // end while if ($cnt) { fputs($fp, sprintf("</dhcp>\n")); fclose($fp); $ds->AuditLog(array("event" => 913, "action" => "export DHCP subnets", "cust" => $cust, "user" => getAuthUsername(), "tmpfname" => $tmpfname)); insert($w, textbr(sprintf(my_("Sent update to Backend Processor as file %s"), $tmpfname))); } else { myError($w, $p, my_("No DHCP subnets could be found.")); } printhtml($p); ?>
$result = $ds->GetCustomerGrp($cust); // can only be one row - does not matter if nothing is // found as array search will return false $row = $result->FetchRow(); if (!in_array($row["admingrp"], $grps)) { myError($w, $p, my_("You may not create/modify a range for this customer as you are not a member of the customers admin group")); } // cast type correctly to prevent blank area! $areaindex = (int) $areaindex; $ds->DbfTransactionStart(); // the fact that the range is unique prevents the range // being added to more than one area! if ($action == "modify") { $result =& $ds->ds->Execute("UPDATE netrange SET areaindex={$areaindex}, \n descrip=" . $ds->ds->qstr($descrip) . ",\n rangeaddr={$base}, rangesize={$size}\n WHERE rangeindex={$rangeindex}") and $ds->AuditLog(array("event" => 161, "action" => "modify range", "descrip" => $descrip, "user" => getAuthUsername(), "areaindex" => $areaindex, "baseaddr" => $ipaddr, "size" => $size, "cust" => $cust)); } else { $result =& $ds->ds->Execute("INSERT INTO netrange\n (rangeaddr, rangesize, areaindex, descrip,\n customer)\n VALUES\n ({$base}, {$size}, {$areaindex},\n " . $ds->ds->qstr($descrip) . ",\n {$cust})") and $ds->AuditLog(array("event" => 160, "action" => "create range", "descrip" => $descrip, "user" => getAuthUsername(), "areaindex" => $areaindex, "baseaddr" => $ipaddr, "size" => $size, "cust" => $cust)); } if ($result) { $ds->DbfTransactionEnd(); if ($action == "modify") { Header("Location: " . location_uri("modifyarearange.php?cust={$cust}")); //insert($w,textbr(my_("Range modified"))); //printhtml($p); exit; } else { insert($w, textbr(my_("Range created"))); } $ipaddr = ""; $descrip = ""; } else { $ds->DbfTransactionRollback();
$result =& $ds->ds->Execute("UPDATE users\n SET password="******"\n WHERE userid=" . $ds->ds->qstr($userid)); $ds->AuditLog(sprintf(my_("User %s changed password"), $userid)); if ($result) { $ds->DbfTransactionEnd(); insert($w, text(my_("Password changed"))); } else { $formerror .= my_("Password could not be changed") . "\n"; } } } if (!$_POST || $formerror) { myError($w, $p, $formerror, FALSE); if ($user) { insert($w, heading(3, sprintf(my_("Change password for user %s"), $user))); } else { insert($w, heading(3, sprintf(my_("Change password for user %s"), getAuthUsername()))); } // start form insert($w, $f = form(array("method" => "post", "action" => $_SERVER["PHP_SELF"]))); insert($f, $con = container("fieldset", array("class" => "fieldset"))); insert($con, $legend = container("legend", array("class" => "legend"))); insert($legend, text($title)); // display opening text if ($user) { insert($con, hidden(array("name" => "user", "value" => "{$user}"))); } insert($con, textbr(my_("New password (case sensitive!):"))); insert($con, password(array("name" => "password1", "value" => "{$password1}", "size" => "40", "maxlength" => "40"))); insert($con, textbrbr(my_("New password (again):"))); insert($con, password(array("name" => "password2", "value" => "{$password2}", "size" => "40", "maxlength" => "40"))); insert($con, generic("br"));
$files = ""; // so that array test fails? //unset($files); } // add serialized info after file deteled $ds->ds->Execute("UPDATE ipaddradd\n SET infobin=" . $ds->ds->qstr(empty($files) ? "" : serialize($files)) . "\n WHERE baseindex={$baseindex} AND\n ipaddr={$ip}") and $ds->AuditLog(array("event" => 141, "action" => "delete file", "ip" => $iptemp, "user" => getAuthUsername(), "baseindex" => $baseindex, "filename" => $filename)); $ds->DbfTransactionEnd(); } else { $formerror .= my_("File could not be deleted - delete failed probably due to directory permission problem") . "\n"; } } else { if ($action == "filedownload") { // use basename again - just incase somebody tampered with array? if (is_readable(UPLOADDIRECTORY . "/" . basename($files[$ind]["tmp_name"]))) { $ds->DbfTransactionStart(); $ds->AuditLog(array("event" => 142, "action" => "download file", "ip" => $iptemp, "user" => getAuthUsername(), "baseindex" => $baseindex, "tmpname" => $files[$ind]["tmp_name"], "filename" => $files[$ind]["name"])); $ds->DbfTransactionEnd(); // force file download due to bad mime type header("Content-Description: File Transfer"); header("Content-Type: application/force-download"); header("Content-Type: application/octet-stream"); header("Content-Length: " . $files[$ind]["size"]); header("Content-Transfer-Encoding: binary"); header("Content-Disposition: attachment; filename=" . $files[$ind]["name"] . ";"); readfile(UPLOADDIRECTORY . "/" . $files[$ind]["tmp_name"]); exit; } else { $formerror .= my_("File could not be downloaded - download failed probably due to directory permission problem") . "\n"; } } }