protected function ConstructField($mData, $sKey, $sFormat = '') { // Are we dealing with a Complex Key? if (strpos($sFormat, '|') !== false) { return $this->BuildComplexKey($mData, $sKey, $sFormat); } else { switch ($sFormat) { case 'email': return '<a href="mailto:' . $mData[$sKey] . '">' . $mData[$sKey] . '</a>'; case 'ip_address': return $mData[$sKey] ? inet_ntoa($mData[$sKey]) : '<i>empty</i>'; case 'coordinates': if (!empty($mData[$sKey])) { $aCoords = explode(',', $mData[$sKey]); if (count($aCoords) == 2) { $sUrl = 'http://maps.google.com/?ll=' . $aCoords[0] . ',' . $aCoords[1] . '&z=16'; return '<a href="' . $sUrl . '"><img src="' . BuildImage('16x16/map-pin.png') . '" align="left" /> ' . $aCoords[0] . ', ' . $aCoords[1] . '</a>'; } else { return '<i>Invalid Coords</i>'; } } else { return '<i>No Coords</i>'; } break; case 'relative_time': return $mData[$sKey] ? RelativeTime($mData[$sKey]) : '<i>empty</i>'; case 'datetime': return $mData[$sKey] ? date('Y-m-d H:i:s', $mData[$sKey]) : '<i>empty</i>'; case 'date': return $mData[$sKey] ? date('Y-m-d', $mData[$sKey]) : '<i>empty</i>'; case 'time': return $mData[$sKey] ? date('H:i:s', $mData[$sKey]) : '<i>empty</i>'; default: if (!is_array($mData)) { return !empty($mData) ? $mData : ' '; } else { return !empty($mData[$sKey]) ? $mData[$sKey] : ' '; } } } }
if (isset($val["dbfsize"])) { insert($t, $c = cell()); if ($val["dbfsize"] == 1) { insert($c, text($val["dbfbase"])); } else { insert($c, anchor("displaysubnet.php?baseindex=" . $val["baseindex"], $val["dbfbase"])); } insert($t, $c = cell()); if ($val["dbfsize"] == 1) { insert($c, text(my_("Host"))); } else { insert($c, text($val["dbfsize"])); } insert($t, $c = cell()); if ($val["dbfsize"]) { insert($c, text(inet_ntoa(inet_aton(ALLNETS) + 1 - $val["dbfsize"]) . "/" . inet_bits($val["dbfsize"]))); } insert($t, $c = cell()); insert($c, text($val["dbfdescrip"])); } else { insert($t, $c = cell()); insert($t, $c = cell()); insert($t, $c = cell()); insert($t, $c = cell()); } $cnt++; } insert($w, block("<p>")); insert($w, textb(sprintf(my_("Total records: %u"), $cnt))); $result->Close(); printhtml($p);
function FetchBase($cust, $areaindex, $rangeindex) { // use local function variables as they may change $this->cust = $cust; $this->rangeindex = $rangeindex; $this->areaindex = $areaindex; // set start and end address according to netrange if ($this->rangeindex) { // should only return one row here! $result = $this->GetRange($this->cust, $this->rangeindex); $row = $result->FetchRow(); $this->start = inet_ntoa($row["rangeaddr"]); $this->end = inet_ntoa($row["rangeaddr"] + $row["rangesize"] - 1); $this->site = " (" . $row["descrip"] . ")"; } else { if ($this->ipaddr) { if ($this->subnetsize) { $this->start = $this->ipaddr; $this->end = inet_ntoa(inet_aton($this->ipaddr) + $this->subnetsize - 1); } else { $this->start = completeIP($this->ipaddr, 1); $this->end = completeIP($this->ipaddr, 2); } if (testIP($this->start) or testIP($this->end)) { $this->err = 50; // Invalid IP address! $this->errstr = my_("Invalid IP address!"); return FALSE; } } else { $this->start = DEFAULTROUTE; $this->end = ALLNETS; } } $startnum = inet_aton($this->start); $endnum = inet_aton($this->end); // pager could have made cust = 0 if ($this->cust == 0) { $this->custdescrip = "All"; } else { $this->custdescrip = $this->GetCustomerDescrip($this->cust); } if (strtolower($this->custdescrip) == "all") { $this->cust = 0; } if ($this->areaindex == -1) { // all subnets not part of an area $result = $this->GetBaseNoArea($this->descrip, $this->cust, $this->grps); } else { if ($this->areaindex and !$this->rangeindex) { $result = $this->GetBaseFromArea($this->areaindex, $this->descrip, $this->cust, $this->grps); } else { // search in subnet - finds subnets with exact ip address match // useful for finding from where an attack comes if you have IP if ($this->searchin == 0) { $result = $this->GetBase($startnum, $endnum, $this->descrip, $this->cust, $this->grps); } else { if ($this->cust == 0) { $result = $this->GetDuplicateSubnetAll($startnum, 1, $this->grps); } else { $result = $this->GetDuplicateSubnet($startnum, 1, $this->cust); } } } } return $result; }
} insert($t, $c = cell()); insert($c, anchor("displaysubnet.php?baseindex=" . $row["baseindex"], inet_ntoa($row["baseaddr"]))); $export->addCell(inet_ntoa($row["baseaddr"])); if ($row["subnetsize"] == 1) { insert($t, $c = cell()); insert($c, text(my_("Host"))); $export->addCell(my_("Host")); } else { insert($t, $c = cell()); insert($c, text($row["subnetsize"])); $export->addCell($row["subnetsize"]); } insert($t, $c = cell()); insert($c, text(inet_ntoa(inet_aton(ALLNETS) + 1 - $row["subnetsize"]) . "/" . inet_bits($row["subnetsize"]))); $export->addCell(inet_ntoa(inet_aton(ALLNETS) + 1 - $row["subnetsize"]) . "/" . inet_bits($row["subnetsize"])); insert($t, $c = cell()); insert($c, text($row["descrip"])); $export->addCell($row["descrip"]); insert($t, $c = cell()); insert($c, block("<small>")); insert($c, block($result->UserTimeStamp($row["lastmod"], "M d Y H:i:s"))); insert($c, block("</small>")); $export->addCell($row["lastmod"]); insert($t, $c = cell()); insert($c, text($row["userid"])); $export->addCell($row["userid"]); if (REGENABLED) { insert($t, $c = cell()); insert($c, block("<small>")); insert($c, block($result->UserTimeStamp($row["swipmod"], "M d Y H:i:s")));
// explicitly cast variables as security measure against SQL injection list($baseindex, $block, $ip, $search, $expr, $ipplanParanoid) = myRegister("I:baseindex I:block A:ip S:search S:expr I:ipplanParanoid"); //$ip=array($ip); // type array if (!$_POST) { myError($w, $p, my_("You cannot reload or bookmark this page!")); } // basic sequence is connect, search, interpret search // result, close connection $ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database")); // save md5str for check in displaysubnet.php to see if info has // been modified since start of edit $md5str = $ds->GetMD5($ip, $baseindex); insert($w, block("<h3>")); insert($w, text(my_("IP Addresses to modify: "))); foreach ($ip as $value) { insert($w, text(inet_ntoa($value) . " ")); } insert($w, block("<small>")); if (isset($_SERVER['HTTP_REFERER']) and stristr($_SERVER['HTTP_REFERER'], "displaysubnet.php")) { insert($w, anchor($_SERVER['HTTP_REFERER'], my_("Back to subnet"))); } insert($w, block("</small>")); insert($w, block("</h3>")); // start form insert($w, $f = form(array("name" => "MODIFY", "method" => "post", "action" => "displaysubnet.php"))); myFocus($p, "MODIFY", "user"); insert($f, $con = container("fieldset", array("class" => "fieldset"))); insert($con, $legend = container("legend", array("class" => "legend"))); insert($legend, text(my_("User information"))); insert($con, textbr(my_("User"))); insert($con, input_text(array("name" => "user", "size" => "80", "maxlength" => "80")));
} } // End of template support for base // Changed - End [FE] $ds->AuditLog(sprintf(my_("User %s modified subnet details %s size %u customer cust %u"), getAuthUsername(), inet_ntoa($base), $size, $cust)); } else { // if not duplicate, fall through to here if ($size > 1) { if (TestBaseAddr(inet_aton3($ipaddr), $size)) { insert($w, text(my_("Invalid base address!"))); break; } } // use the first group user belongs to create subnet if ($baseindex = $ds->CreateSubnet($base, $size, $descrip, $cust, 0, $admingrp)) { $ds->AuditLog(sprintf(my_("User %s created new subnet %s size %u cust %u"), getAuthUsername(), inet_ntoa($base), $size, $cust)); // Changed - Begin [FE] // Start of template support for base if (!empty($info)) { // First, try to insert. $result =& $ds->ds->Execute("INSERT INTO baseadd\n (info, baseindex)\n VALUES\n (" . $ds->ds->qstr($info) . ",\n {$baseindex})"); // Second, try to update. if ($result == FALSE) { $result =& $ds->ds->Execute("UPDATE baseadd\n SET info=" . $ds->ds->qstr($info) . " \n WHERE baseindex={$baseindex}"); if ($result == FALSE) { insert($w, block("<b>" . my_("Error inserting/updating info.") . "</b>")); } } } // End of template support for base // Changed - End [FE]
function searchOverlap($ds, &$w, $cust1, $cust2) { global $block; // dont trust variables $cust1 = floor($cust1); $cust2 = floor($cust2); $custdescrip1 = $ds->GetCustomerDescrip($cust1); $custdescrip2 = $ds->GetCustomerDescrip($cust2); // this query is not quick as indexes cannot be used!!! // must have first baseaddr called baseaddr else block pager // will not work - may break databases other than mysql $result =& $ds->ds->Execute("SELECT t1.baseaddr AS baseaddr,\n t1.baseindex AS baseindex1,\n t1.subnetsize AS subnetsize1,\n t1.descrip AS descrip1,\n t2.baseaddr AS baseaddr2,\n t2.baseindex AS baseindex2,\n t2.subnetsize AS subnetsize2,\n t2.descrip AS descrip2\n FROM base t1, base t2\n WHERE ((t1.baseaddr BETWEEN t2.baseaddr AND\n t2.baseaddr+t2.subnetsize-1) OR\n (t1.baseaddr+t1.subnetsize-1\n BETWEEN t2.baseaddr AND\n t2.baseaddr+t2.subnetsize-1) OR\n (t1.baseaddr < t2.baseaddr AND\n t1.baseaddr+t1.subnetsize >\n t2.baseaddr+t2.subnetsize)) AND\n t1.customer={$cust1} AND\n t2.customer={$cust2}\n ORDER BY t1.baseaddr"); $totcnt = 0; $vars = ""; // fastforward till first record if not first block of data while ($block and $totcnt < $block * MAXTABLESIZE and $row = $result->FetchRow()) { $vars = DisplayBlock($w, $row, $totcnt, "&cust1[]=" . $cust1 . "&cust2[]=" . $cust2); $totcnt++; } insert($w, block("<p>")); $cnt = 0; while ($row = $result->FetchRow()) { // draw heading only if there are records to display if ($cnt == 0) { // create a table insert($w, $t = table(array("cols" => "8", "class" => "outputtable"))); // draw heading setdefault("cell", array("class" => "heading")); insert($t, $c = cell(array("colspan" => "4"))); insert($c, block("<center>")); insert($c, text($custdescrip1)); insert($c, block("</center>")); insert($t, $c = cell(array("colspan" => "4"))); insert($c, block("<center>")); insert($c, text($custdescrip2)); insert($c, block("</center>")); insert($t, $c = cell()); if (!empty($vars)) { insert($c, anchor($vars, "<<")); } insert($c, text(my_("Base address"))); insert($t, $c = cell()); insert($c, text(my_("Subnet size"))); insert($t, $c = cell()); insert($c, text(my_("Subnet mask"))); insert($t, $c = cell()); insert($c, text(my_("Description"))); insert($t, $c = cell()); insert($c, text(my_("Base address"))); insert($t, $c = cell()); insert($c, text(my_("Subnet size"))); insert($t, $c = cell()); insert($c, text(my_("Subnet mask"))); insert($t, $ck = cell()); insert($ck, text(my_("Description"))); setdefault("cell", array("class" => color_flip_flop())); } // customer 1 if ($row["subnetsize1"] == 1) { insert($t, $c = cell()); insert($c, text(inet_ntoa($row["baseaddr"]))); } else { insert($t, $c = cell()); insert($c, anchor("displaysubnet.php?baseindex=" . $row["baseindex1"], inet_ntoa($row["baseaddr"]))); } if ($row["subnetsize1"] == 1) { insert($t, $c = cell()); insert($c, text("Host")); } else { insert($t, $c = cell()); insert($c, text($row["subnetsize1"])); } insert($t, $c = cell()); insert($c, text(inet_ntoa(inet_aton(ALLNETS) + 1 - $row["subnetsize1"]) . "/" . inet_bits($row["subnetsize1"]))); insert($t, $c = cell()); insert($c, text($row["descrip1"])); // customer 2 if ($row["subnetsize2"] == 1) { insert($t, $c = cell()); insert($c, text(inet_ntoa($row["baseaddr2"]))); } else { insert($t, $c = cell()); insert($c, anchor("displaysubnet.php?baseindex=" . $row["baseindex2"], inet_ntoa($row["baseaddr2"]))); } if ($row["subnetsize2"] == 1) { insert($t, $c = cell()); insert($c, text(my_("Host"))); } else { insert($t, $c = cell()); insert($c, text($row["subnetsize2"])); } insert($t, $c = cell()); insert($c, text(inet_ntoa(inet_aton(ALLNETS) + 1 - $row["subnetsize2"]) . "/" . inet_bits($row["subnetsize2"]))); insert($t, $c = cell()); insert($c, text($row["descrip2"])); if ($totcnt % MAXTABLESIZE == MAXTABLESIZE - 1) { break; } $cnt++; $totcnt++; } insert($w, block("<p>")); if ($cnt) { $vars = ""; $printed = 0; while ($row = $result->FetchRow()) { $totcnt++; $vars = DisplayBlock($w, $row, $totcnt, "&cust1[]=" . $cust1 . "&cust2[]=" . $cust2); if (!empty($vars) and !$printed) { insert($ck, anchor($vars, ">>")); $printed = 1; } } } }
function ProcessNmap($ds, $base, $id, $size) { global $addhostinfo; $resarr = array(); if ($addhostinfo) { $command = NMAP . " -sP " . escapeshellarg(inet_ntoa($base) . "/" . inet_bits($size)) . " -oX -"; } else { $command = NMAP . " -n -sP " . escapeshellarg(inet_ntoa($base) . "/" . inet_bits($size)) . " -oX -"; } exec($command, $resarr, $retval); // did NMAP fail due to safe mode or other error? if ($retval) { return 1; } else { // no error require_once "../xmllib.php"; $input = implode("", $resarr); // nmap parser always returns arrays for tags of form // [tagname][0...x][element] // array index will mostly be zero if one as most results // return 1 tag $xml_parser = new xmlnmap("HOST"); if (!$xml_parser->parser) { return 1; // XML parser failure - probably not compiled in } $output = $xml_parser->parse($input); if (!$output) { return 1; // not XML format } foreach ($output as $value) { if ($value["STATUS"][0]["STATE"] == "up") { // need to loop through ADDR array here! Check that // ["ADDRESS"][0]["ADDRTYPE"]=="ipv4" or // ["ADDRESS"][0]["ADDRTYPE"]=="mac" $newbase = inet_aton($value["ADDRESS"][0]["ADDR"]); $newmac = ""; if ($value["ADDRESS"][1]["ADDRTYPE"] == "mac") { $newmac = str_replace(array(":", "-", " "), "", $value["ADDRESS"][1]["ADDR"]); } if (empty($value["OSMATCH"][0]["NAME"])) { $newuser = ""; } else { $newuser = $value["OSMATCH"][0]["NAME"]; } $newdescrip = "active"; if (!empty($value["HOSTNAME"][0]["NAME"])) { $newhname = $value["HOSTNAME"][0]["NAME"]; } else { $newhname = ""; } // check within range of subnet before adding to ignore // broadcast and network addresses if ($newbase > $base and $newbase < $base + $size - 1) { $ds->AddIP($newbase, $id, $newuser, "", "", $newmac, $newdescrip, $newhname, ""); // address was polled? So add polled status $ds->UpdateIPPoll($id, $newbase); } } } return 0; } }
function RevZoneExport($cust, $zoneid) { // use local function variables as they may change $this->cust = $cust; $this->Serial(); $result = $this->ds->Execute("UPDATE zones " . "set serialdate=" . $this->ds->qstr($this->serialdate) . ", userid=" . $this->ds->qstr(getAuthUsername()) . ", lastexp=" . $this->ds->DBTimeStamp(time()) . ", error_message=" . $this->ds->qstr("") . ", serialnum={$this->serialnum} " . " WHERE customer={$cust} AND id={$zoneid}"); if ($result) { $sqllastmod = $this->ds->SQLDate("M d Y H:i:s", 'lastmod'); $result = $this->ds->Execute("SELECT id, zoneip, zonesize, zone, serialdate, \n serialnum, ttl, refresh, retry, expire, minimum, zonefilepath1, \n zonefilepath2, responsiblemail, customer, {$sqllastmod} AS lastmod, \n userid, slaveonly\n FROM zones\n WHERE customer={$cust} AND id={$zoneid}"); $row = $result->FetchRow(); $this->zone = $row["zone"]; $this->zoneip = $row["zoneip"]; $this->size = $row["zonesize"]; $prefix = inet_bits($row["zonesize"]); $tmpfname = tempnam(DNSEXPORTPATH, "revzone_" . $this->zone . "_"); if (!$tmpfname) { $this->err = 80; $this->errstr .= my_("Could not create temporary file!"); return; } $fp = fopen("{$tmpfname}", "w"); // header of document $output = '<?xml version="1.0" ?>'; fputs($fp, $output); fputs($fp, "\n"); $ip = inet_ntoa($row["zoneip"]); list($octet1, $octet2, $octet3, $octet4) = explode(".", $ip); fputs($fp, sprintf('<zone domain="%s" zoneip="%s" zonesize="%s" prefix="%s" slaveonly="%s" octect1="%s" octect2="%s" octect3="%s" octect4="%s">', $row["zone"], $ip, $row["zonesize"], $prefix, empty($row["slaveonly"]) ? "N" : $row["slaveonly"], $octet1, $octet2, $octet3, $octet4)); fputs($fp, "\n"); fputs($fp, sprintf("<path>\n<primary>\n%s\n</primary>\n", htmlspecialchars($row["zonefilepath1"]))); fputs($fp, sprintf("<primaryfile>\n%s\n</primaryfile>\n", htmlspecialchars(basename($row["zonefilepath1"])))); fputs($fp, sprintf("<primarydir>\n%s\n</primarydir>\n", htmlspecialchars(dirname($row["zonefilepath1"])))); fputs($fp, sprintf("<secondary>\n%s\n</secondary>\n", htmlspecialchars($row["zonefilepath2"]))); fputs($fp, sprintf("<secondaryfile>\n%s\n</secondaryfile>\n", htmlspecialchars(basename($row["zonefilepath2"])))); fputs($fp, sprintf("<secondarydir>\n%s\n</secondarydir>\n", htmlspecialchars(dirname($row["zonefilepath2"])))); fputs($fp, "</path>\n"); // SOA portion fputs($fp, sprintf('<soa serialdate="%s" serialnum="%02d" ttl="%s" retry="%s" refresh="%s" expire="%s" minimumttl="%s" email="%s" />', $this->serialdate, $this->serialnum, $row["ttl"], $row["retry"], $row["refresh"], $row["expire"], $row["minimum"], $row["responsiblemail"])); fputs($fp, "\n"); // nameservers $result1 = $this->ds->Execute("SELECT hname FROM zonedns\n WHERE id={$zoneid}\n ORDER BY horder"); $cnt = 0; while ($row1 = $result1->FetchRow()) { fputs($fp, '<record><NS>'); fputs($fp, sprintf('<iphostname>%s</iphostname>', $row1["hname"])); fputs($fp, '</NS></record>'); fputs($fp, "\n"); $cnt++; } if ($cnt < 2) { fclose($fp); unlink($tmpfname); $this->err = 90; $this->errstr .= my_("Invalid zone - zone should have at least two name servers defined"); return; } // get records from main ipplan ipaddr tables $result1 = $this->ds->Execute("SELECT ipaddr.ipaddr, ipaddr.hname\n FROM base, ipaddr\n WHERE base.customer = {$cust} AND\n base.baseindex = ipaddr.baseindex AND\n ipaddr.ipaddr >= " . $row["zoneip"] . " AND\n ipaddr.ipaddr <= " . ($row["zoneip"] + $row["zonesize"]) . "\n ORDER BY ipaddr.ipaddr"); while ($row1 = $result1->FetchRow()) { $ip = inet_ntoa($row1["ipaddr"]); // ignore blank records if (empty($row1["hname"])) { continue; } // test for valid domain name if (!preg_match('/^(([\\w][\\w\\-\\.]*)\\.)?([\\w][\\w\\-]+)(\\.([\\w][\\w\\.]*))?$/', $row1["hname"])) { $this->errstr .= sprintf(my_("Invalid record - ignored: %s %s"), $ip, $row1["hname"]); continue; } fputs($fp, '<record><PTR>'); fputs($fp, sprintf('<host>%s</host>', $row1["hname"])); list($octet1, $octet2, $octet3, $octet4) = explode(".", $ip); fputs($fp, sprintf('<octet1>%s</octet1>', $octet1)); fputs($fp, sprintf('<octet2>%s</octet2>', $octet2)); fputs($fp, sprintf('<octet3>%s</octet3>', $octet3)); fputs($fp, sprintf('<octet4>%s</octet4>', $octet4)); fputs($fp, "\n"); fputs($fp, sprintf('<iphostname>%s</iphostname>', $ip)); fputs($fp, '</PTR></record>'); fputs($fp, "\n"); } // close zone fputs($fp, '</zone>'); fputs($fp, "\n"); fclose($fp); // give file proper extension rename($tmpfname, $tmpfname . ".xml"); @chmod($tmpfname . ".xml", 0644); $this->err = 0; return $tmpfname . ".xml"; } //return $tmpfname; // database error? /* // Update DNS Database Serial Count. Update Serial Count only when we export. $result = $this->ds->Execute("UPDATE fwdzone ". "set serialdate=".$this->ds->qstr($this->serialdate). ", userid=".$this->ds->qstr(getAuthUsername()). ", serialnum=$this->serialnum". " WHERE customer=$cust AND data_id=".$zoneid); if ($result) { $result = $this->ds->Execute("SELECT * FROM fwdzone WHERE customer=$cust AND data_id=$zoneid"); $row = $result->FetchRow(); $this->domain=$row["domain"]; $tmpfname = tempnam (DNSEXPORTPATH, "zone_") or myError($w,$p, my_("Could not create temporary file!")); $fp = fopen ("$tmpfname", "w"); // header of document $output='<?xml version="1.0" ?>'; fputs($fp, $output); fputs($fp, "\n"); fputs($fp, sprintf('<zone domain="%s" slaveonly="%s">', $row["domain"], (empty($row["slaveonly"]) ? "N" : $row["slaveonly"]))); fputs($fp, "\n"); // SOA portion fputs($fp, sprintf('<soa serialdate="%s" serialnum="%02d" ttl="%s" retry="%s" refresh="%s" expire="%s" minimumttl="%s" email="%s" />', $this->serialdate, $this->serialnum, $row["ttl"], $row["retry"], $row["refresh"], $row["expire"], $row["minimum"], $row["responsiblemail"] )); fputs($fp, "\n"); // nameservers $result1 = $this->ds->Execute("SELECT hname FROM fwddns WHERE id=$zoneid ORDER BY horder"); $cnt=0; while($row1 = $result1->FetchRow()) { fputs($fp, '<record><NS>'); fputs($fp, sprintf('<iphostname>%s</iphostname>', $row1["hname"])); fputs($fp, '</NS></record>'); fputs($fp, "\n"); $cnt++; } if ($cnt < 2) { insert($w,textbr(my_("Invalid zone - zone should have at least two name servers defined"))); } $result = $this->ds->Execute("SELECT * FROM fwdzonerec WHERE customer=$cust AND data_id=$zoneid ORDER BY sortorder"); // loop through each host record while($row = $result->FetchRow()) { fputs($fp, sprintf('<record><%s>', $row["recordtype"])); fputs($fp, sprintf('<host>%s</host>', $row["host"])); // MX records are in format "10 hostname.com" in database field ip_hostname if ($row["recordtype"]=="MX") { list($preference, $iphost) = explode(" ", $row["ip_hostname"], 2); if (is_numeric($preference) and $preference >= 0) { fputs($fp, sprintf('<preference>%s</preference>', $preference)); fputs($fp, sprintf('<iphostname>%s</iphostname>', $iphost)); } else { fputs($fp, '<preference>10</preference>'); fputs($fp, sprintf('<iphostname>%s</iphostname>', $row["ip_hostname"])); } } else { fputs($fp, sprintf('<iphostname>%s</iphostname>', $row["ip_hostname"])); } fputs($fp, sprintf('</%s></record>', $row["recordtype"])); fputs($fp, "\n"); } // close zone fputs($fp, '</zone>'); fputs($fp, "\n"); fclose($fp); } return $tmpfname; */ }
insert($f, hidden(array("name" => "cust", "value" => "{$cust}"))); insert($f, heading(3, my_("{$myTitle} a Zone"))); insert($f, textbr(my_("Maintain reverse zone SOA information"))); insert($f, $con = container("fieldset", array("class" => "fieldset"))); insert($con, $legend = container("legend", array("class" => "legend"))); insert($legend, text(my_("Reverse zone information"))); myFocus($p, "ENTRY", "zone"); insert($con, textbr(my_("Zone (Domain Name)"))); if ($action == "add") { insert($con, span(my_("Separate multiple domain names with ;"), array("class" => "textSmall"))); insert($con, span(my_("Sample domain would be 20.172.in-addr.arpa"), array("class" => "textSmall"))); } insert($con, input_text(array("name" => "zone", "value" => "{$zone}", "size" => "30", "maxlength" => "253"))); insert($con, checkbox(array("name" => "slaveonly"), "Slave Zone?", $slaveonly == "Y" ? "on" : "")); insert($con, textbrbr(my_("Zone (Base IP of Zone)"))); insert($con, input_text(array("name" => "zoneip", "value" => empty($zoneip) ? "" : inet_ntoa($zoneip), "size" => "15", "maxlength" => "15"))); //insert($f,generic("br")); insert($con, textbrbr(my_("Reverse zone size/mask"))); insert($con, selectbox(array("4" => "255.255.255.252/30 - 4 hosts", "8" => "255.255.255.248/29 - 8 hosts", "16" => "255.255.255.240/28 - 16 hosts", "32" => "255.255.255.224/27 - 32 hosts", "64" => "255.255.255.192/26 - 64 hosts", "128" => "255.255.255.128/25 - 128 hosts", "256" => "255.255.255.0/24 - 256 hosts (class C)", "512" => "255.255.254.0/23 - 512 hosts", "1024" => "255.255.252.0/22 - 1k hosts", "2048" => "255.255.248.0/21 - 2k hosts", "4096" => "255.255.240.0/20 - 4k hosts", "8192" => "255.255.224.0/19 - 8k hosts", "16384" => "255.255.192.0/18 - 16k hosts", "32768" => "255.255.128.0/17 - 32k hosts", "65536" => "255.255.0.0/16 - 64k hosts (class B)", "131072" => "255.254.0.0/15 - 128k hosts", "262144" => "255.252.0.0/14 - 256k hosts"), array("name" => "size"), $size)); // if creating new zone, get dns servers from revdns table if ($action == "add") { // give option of reading zone from existing DNS server via zone transfer insert($con, textbrbr(my_("Zone transfer from DNS server"))); insert($con, span(my_("Blank for no zone transfer"), array("class" => "textSmall"))); insert($con, span(my_("Slave zones only import SOA information, not zone records"), array("class" => "textSmall"))); insert($con, input_text(array("name" => "server", "size" => "30", "maxlength" => "30"))); $result2 =& $ds->ds->Execute("SELECT hname \n FROM revdns\n WHERE customer={$cust}"); } else { $result2 =& $ds->ds->Execute("SELECT hname \n FROM zonedns\n WHERE id={$zoneid}"); } insert($f, $con = container("fieldset", array("class" => "fieldset")));
$export->addCell($row["lastmod"]); insert($c, block("<br>")); insert($c, block($result->UserTimeStamp($row["lastexp"], "M d Y H:i:s"))); insert($c, block("</small>")); $export->addCell($row["lastexp"]); insert($t, $c = cell()); insert($c, text($row["userid"])); $export->addCell($row["userid"]); $export->saveRow(); insert($t, $c = cell()); insert($c, block("<small>")); insert($c, anchor($_SERVER["PHP_SELF"] . "?cust={$cust}&zoneid=" . $row["id"] . "&zoneip=" . inet_ntoa($row["zoneip"]) . "&zone=" . urlencode($row["zone"]) . "&action=delete", my_("Delete Zone"), $ipplanParanoid ? array("onclick" => "return confirm('" . my_("Are you sure?") . "')") : FALSE)); insert($c, block(" | ")); insert($c, anchor("modifyzoneform.php?cust={$cust}&zoneid=" . $row["id"] . "&action=edit" . "&zone=" . urlencode($row["zone"]) . "&zoneip=" . $row["zoneip"] . "&responsiblemail=" . urlencode($row["responsiblemail"]) . "&size=" . $row["zonesize"] . "&serialdate=" . $row["serialdate"] . "&serialnum=" . $row["serialnum"] . "&ttl=" . $row["ttl"] . "&retry=" . $row["retry"] . "&refresh=" . $row["refresh"] . "&expire=" . $row["expire"] . "&minimum=" . $row["minimum"] . "&slaveonly=" . $row["slaveonly"] . "&zonepath=" . urlencode($row["zonefilepath1"]) . "&seczonepath=" . urlencode($row["zonefilepath2"]), my_("Edit Zone"))); insert($c, block(" | ")); insert($c, anchor($_SERVER["PHP_SELF"] . "?cust={$cust}&zoneid=" . $row["id"] . "&action=export" . "&zoneip=" . inet_ntoa($row["zoneip"]) . "&zone=" . urlencode($row["zone"]) . "&serialdate=" . $row["serialdate"] . "&serialnum=" . $row["serialnum"], my_("Export Zone"), $ipplanParanoid ? array("onclick" => "return confirm('" . my_("Are you sure?") . "')") : FALSE)); insert($c, block("</small>")); if ($totcnt % MAXTABLESIZE == MAXTABLESIZE - 1) { break; } $cnt++; $totcnt++; } insert($w, block("<p>")); $vars = ""; $printed = 0; while ($row = $result->FetchRow()) { $totcnt++; $vars = DisplayBlock($w, $row, $totcnt, "&zone=" . urlencode($zone) . "&cust=" . $cust . "&expr={$expr}&descrip=" . urlencode($descrip), "zone"); if (!empty($vars) and !$printed) { insert($ck, anchor($vars, ">>"));
insert($t, $ck = cell()); insert($ck, text(my_("Last modified"))); $cnt = 0; $prevrow = ""; while ($row = $result->FetchRow()) { setdefault("cell", array("class" => color_flip_flop())); // customer is 0, display all customers with customer description // on customer change if ($cust == 0 and $row["custdescrip"] != $prevrow) { insert($t, $c = cell(array("colspan" => "6"))); insert($c, generic("b")); insert($c, anchor($_SERVER["PHP_SELF"] . "?cust=" . $row["customer"] . "&areaindex=&rangeindex=&ipaddr=&search=" . urlencode($search) . "&field={$field}&tmplfield={$tmplfield}", $row["custdescrip"])); $prevrow = $row["custdescrip"]; } insert($t, $c = cell()); insert($c, anchor("modifyipform.php?ip=" . $row["baseaddr"] . "&baseindex=" . $row["baseindex"], inet_ntoa($row["baseaddr"]))); insert($t, $c = cell()); // check if userinf field has an encoded linked address in format of LNKx.x.x.x // where x.x.x.x is an ip address $lnk = ""; $userinf = $row["userinf"]; if (preg_match("/^LNK[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}/", $userinf)) { list($lnk, $userinf) = preg_split("/[\\s]+/", $userinf, 2); $lnk = substr($lnk, 3); } insert($c, textbr($userinf)); if (!empty($lnk)) { insert($c, block("<small><i>")); insert($c, anchor("displaybase.php?ipaddr={$lnk}&cust={$cust}&searchin=1", my_(sprintf("Follow link to %s", $lnk)))); insert($c, block("</i></small>")); }
function __FetchSubnet($params) { global $xmlrpcerruser; // import user errcode value // $params is an Array of xmlrpcval objects $errstr = ""; $err = 0; if (IPPLAN_API_VER != DBF_API_VER) { return new xmlrpcresp(0, $xmlrpcerruser + 3, "Incorrect API version"); } // get the first param $baseindexobj = $params->getParam(0); // if it's there and the correct type if (isset($baseindexobj) && $baseindexobj->scalartyp() == "int") { // extract the value of the state number $baseindex = $baseindexobj->scalarval(); if (!($ds = new IPplanDbf())) { return new xmlrpcresp(0, $xmlrpcerruser + 1, "Could not connect to database"); } // get info from base table $result = $ds->GetSubnetDetails($baseindex); while ($row = $result->FetchRow()) { $myVal[] = new xmlrpcval(array("ipaddr" => new xmlrpcval(inet_ntoa($row["ipaddr"])), "userinf" => new xmlrpcval($row["userinf"]), "location" => new xmlrpcval($row["location"]), "descrip" => new xmlrpcval($row["descrip"]), "telno" => new xmlrpcval($row["telno"]), "lastmod" => new xmlrpcval($result->UserTimeStamp($row["lastmod"], "M d Y H:i:s"))), "struct"); } } else { // parameter mismatch, complain $err = 2; $errstr = "Incorrect parameters"; } if ($err) { // this is an error condition return new xmlrpcresp(0, $xmlrpcerruser + 1, $errstr); } else { // this is a successful value being returned return new xmlrpcresp(new xmlrpcval($myVal, "array")); } }
insert($t, $ck = cell()); insert($ck, text(my_("Action"))); $cnt = 0; while ($row = $result->FetchRow()) { setdefault("cell", array("class" => color_flip_flop())); insert($t, $c = cell()); insert($c, anchor("displaysubnet.php?baseindex=" . $row["baseindex"] . "&cust=" . $cust, inet_ntoa($row["baseaddr"]))); if ($row["subnetsize"] == 1) { insert($t, $c = cell()); insert($c, text(my_("Host"))); } else { insert($t, $c = cell()); insert($c, text($row["subnetsize"])); } insert($t, $c = cell()); insert($c, text(inet_ntoa(inet_aton(ALLNETS) + 1 - $row["subnetsize"]) . "/" . inet_bits($row["subnetsize"]))); insert($t, $c = cell()); insert($c, text($row["descrip"])); insert($t, $c = cell()); insert($c, block("<small>")); insert($c, anchor("../admin/usermanager.php?action=groupeditform&grp=" . urlencode($row["admingrp"]), $row["admingrp"])); insert($c, block("</small>")); insert($t, $c = cell()); insert($c, block("<small>")); insert($c, checkbox(array("name" => "baseindex[]", "value" => $row["baseindex"]), "")); insert($c, anchor($_SERVER["PHP_SELF"] . "?baseindex=" . $row["baseindex"] . "&cust=" . $cust . "&areaindex=" . $areaindex . "&rangeindex=" . $rangeindex . "&descrip=" . urlencode($descrip) . "&block=" . $block . "&ipaddr=" . $ipaddr . "&action=delete", my_("Delete Subnet"), $ipplanParanoid ? array("onclick" => "return confirm('" . my_("Are you sure?") . "')") : FALSE)); insert($c, block(" | ")); insert($c, anchor("modifysubnet.php?baseindex=" . $row["baseindex"] . "&areaindex=" . $areaindex . "&rangeindex=" . $rangeindex . "&cust=" . $cust . "&descrip=" . urlencode($row["descrip"]) . "&ipaddr=" . urlencode($ipaddr) . "&search=" . urlencode($descrip) . "&grp=" . urlencode($row["admingrp"]), my_("Modify/Copy/Move subnet details"))); insert($c, block(" | ")); insert($c, anchor($_SERVER["PHP_SELF"] . "?baseindex=" . $row["baseindex"] . "&cust=" . $cust . "&areaindex=" . $areaindex . "&rangeindex=" . $rangeindex . "&descrip=" . urlencode($descrip) . "&block=" . $block . "&ipaddr=" . $ipaddr . "&action=join", my_("Join Subnet"), $ipplanParanoid ? array("onclick" => "return confirm('" . my_("Are you sure?") . "')") : FALSE)); if ($row["subnetsize"] > 1) {
// found as array search will return false $row = $result->FetchRow(); if (!in_array($row["admingrp"], $grps)) { myError($w, $p, my_("You may not send a registrar update for this customer as you are not a member of the customers admin group")); } $formerror = ""; $cnt = 0; foreach ($baseindex as $key => $value) { $value = floor($value); // dont trust values posted $result = $ds->GetBaseFromIndex($value); $row = $result->FetchRow(); $baseip = inet_ntoa($row["baseaddr"]); $size = $row["subnetsize"]; $swipmod = $row["swipmod"]; $swip = genSWIP($ds, $value, $baseip, inet_ntoa($row["baseaddr"] + $size - 1), $cust, $row["descrip"], $swipmod, $filename); insert($w, block("<pre>")); insert($w, text($swip)); insert($w, block("</pre><hr>")); $err = emailSWIP($swip); // on email error, fail if ($err) { $formerror .= my_("E-mail message was not sent") . "\n"; $formerror .= my_("Mailer Error: ") . $err; break; } $result =& $ds->ds->Execute("UPDATE base\n SET swipmod=" . $ds->ds->DBTimeStamp(time()) . "\n WHERE baseindex={$value}"); $ds->AuditLog(array("event" => 190, "action" => "send swip", "user" => getAuthUsername(), "baseaddr" => $baseip, "template" => $filename, "size" => $size, "cust" => $cust)); } myError($w, $p, $formerror, FALSE); insert($w, block("<p>"));
$formerror .= my_("Subnet could not be modified") . "\n"; } } } if (!$_POST || $formerror) { myError($w, $p, $formerror, FALSE); $result = $ds->GetBaseFromIndex($baseindex); if (!($row = $result->FetchRow())) { myError($w, $p, my_("Subnet cannot be found!")); } $size = $row["subnetsize"]; $baseaddr = $row["baseaddr"]; $baseip = inet_ntoa($row["baseaddr"]); $dhcp = $row["baseopt"] & 1; insert($w, block("<h3>")); insert($w, text(my_("Subnet:") . " " . inet_ntoa($baseaddr) . " " . my_("Mask:") . " " . inet_ntoa(inet_aton(ALLNETS) + 1 - $size) . "/" . inet_bits($size))); insert($w, textbr()); insert($w, text(my_("Description:") . " " . $row["descrip"])); insert($w, block("</h3>")); // start form insert($w, $f1 = form(array("name" => "THISFORM", "method" => "get", "action" => $_SERVER["PHP_SELF"]))); $cust = myCustomerDropDown($ds, $f1, $cust, $grps) or myError($w, $p, my_("No customers")); insert($f1, hidden(array("name" => "descrip", "value" => "{$descrip}"))); insert($f1, hidden(array("name" => "search", "value" => "{$search}"))); insert($f1, hidden(array("name" => "ipaddr", "value" => "{$ipaddr}"))); insert($f1, hidden(array("name" => "areaindex", "value" => "{$areaindex}"))); insert($f1, hidden(array("name" => "rangeindex", "value" => "{$rangeindex}"))); insert($f1, hidden(array("name" => "baseindex", "value" => "{$baseindex}"))); insert($f1, hidden(array("name" => "grp", "value" => "{$grp}"))); insert($f1, hidden(array("name" => "origcust", "value" => "{$origcust}"))); $result = $ds->GetGrps();
function myRangeDropDown($ds, $f2, $cust, $areaindex) { $cust = floor($cust); // dont trust $cust as it could // come from form post $areaindex = floor($areaindex); // display range drop down list if ($areaindex) { $result = $ds->GetRangeInArea($cust, $areaindex); } else { $result = $ds->GetRange($cust, 0); } // don't bother if there are no records, will always display "No range" insert($f2, textbrbr(my_("Range (optional)"))); $lst = array(); $lst["0"] = my_("No range selected"); while ($row = $result->FetchRow()) { $col = $row["rangeindex"]; $lst["{$col}"] = inet_ntoa($row["rangeaddr"]) . "/" . inet_ntoa(inet_aton(ALLNETS) - $row["rangesize"] + 1) . "/" . inet_bits($row["rangesize"]) . " - " . $row["descrip"]; } insert($f2, selectbox($lst, array("name" => "rangeindex"))); }
function UpdateLnk($ds, $w, $cust, $baseindex, $lnk, $ip) { /* // got link address, see if there is a subnet for this link // if no subnet found, do nothing $result=$ds->GetBaseFromIndex($baseindex); $row = $result->FetchRow(); $cust=$row["customer"]; */ $result = $ds->GetBaseFromIP(inet_aton($lnk), $cust); // yep found one, now see if a record exists if ($row = $result->FetchRow()) { $lnkidx = $row["baseindex"]; if (!$ds->TestCustomerGrp($lnkidx, getAuthUsername())) { return sprintf(my_("Destination linked address %s IP record not created as you are not a member of the customers admin group"), $lnk) . "\n"; } if (!($result = $ds->GetIPDetails($lnkidx, inet_aton($lnk)))) { // no row in subnet, then add one // NEED TO CHECK DESTINATION OWNERSHIP BEFORE ADDING RECORD $ds->ModifyIP(inet_aton($lnk), $lnkidx, "", "", "", "", "Linked address from " . inet_ntoa($ip), "", ""); insert($w, textbr(sprintf(my_("Destination linked address %s IP record created"), $lnk))); } } }
} } $menustring = $menustring . ".|" . htmlspecialchars($custrow["custdescrip"]) . "|displaybase.php?cust=" . $custrow["customer"] . "||||{$expanded}\n"; $menustring = $menustring . "..|" . my_("All subnets not part of range") . "|displaybase.php?cust=" . $custrow["customer"] . "&areaindex=-1||||\n"; $arearesult = $ds->GetArea($custrow["customer"], 0); //area while ($arearow = $arearesult->Fetchrow()) { $menustring = $menustring . "..|" . htmlspecialchars(inet_ntoa($arearow["areaaddr"]) . " (" . $arearow["descrip"] . ")") . "|displaybase.php?cust=" . $custrow["customer"] . "&areaindex=" . $arearow["areaindex"] . "||||\n"; $rangeresult = $ds->GetRangeInArea($custrow["customer"], $arearow["areaindex"]); //range while ($rangerow = $rangeresult->Fetchrow()) { $menustring = $menustring . "...|" . htmlspecialchars(inet_ntoa($rangerow["rangeaddr"]) . " (" . $rangerow["descrip"] . ")") . "|displaybase.php?cust=" . $custrow["customer"] . "&areaindex=" . $arearow["areaindex"] . "&rangeindex=" . $rangerow["rangeindex"] . "&descrip=&sortby=Base+Address" . "||||\n"; $baseresult = $ds->GetBase($rangerow["rangeaddr"], $rangerow["rangeaddr"] + $rangerow["rangesize"] - 1, "", $custrow["customer"]); //subnet (base) while ($baserow = $baseresult->Fetchrow()) { $menustring = $menustring . "....|" . htmlspecialchars(inet_ntoa($baserow["baseaddr"]) . " /" . inet_bits($baserow["subnetsize"]) . " (" . $baserow["descrip"] . ")") . "|displaysubnet.php?baseindex=" . $baserow["baseindex"] . "||||\n"; } } } } $mid = new TreeMenu(); $mid->setDirroot('../menus'); $mid->setLibjsdir('../menus/libjs/'); $mid->setImgdir('../menus/menuimages/'); $mid->setImgwww('../menus/menuimages/'); $mid->setIcondir('../menus/menuicons/'); $mid->setIconwww('../menus/menuicons/'); if (!$menustring) { myError($w, $p, my_("No customers")); } $mid->setMenuStructureString($menustring);
insert($w, heading(3, sprintf(my_("Search for IP subnets between %s and %s %s for customer '%s'"), $start, $end, $site, $custdescrip))); $result = $ds->GetBase($startnum, $endnum, $descrip, $cust); } if ($ipaddr) { insert($w, textb(my_("IP address filter: "))); insert($w, textbr($ipaddr)); } if ($descrip) { insert($w, textb(my_("Description filter: "))); insert($w, textbr($descrip)); } insert($w, $f = form(array("name" => "swiptosend", "method" => "post", "action" => "emailswip.php"))); $cnt = 0; while ($row = $result->FetchRow()) { $temparray2 = array(); $swip = genSWIP($ds, $row["baseindex"], inet_ntoa($row["baseaddr"]), inet_ntoa($row["baseaddr"] + $row["subnetsize"] - 1), $cust, $row["descrip"], $row["swipmod"], $filename); if ($swip == FALSE) { myError($w, $p, my_("Error reading template!")); } insert($f, block("<pre>")); insert($f, text($swip)); insert($f, block("</pre>")); $ind = $row["baseindex"]; insert($f, checkbox(array("name" => "baseindex[]", "value" => "{$ind}"), my_("E-mail this entry?"))); if ($row["swipmod"]) { insert($f, text(" " . my_("Previously sent:") . " ")); insert($f, block($result->UserTimeStamp($row["swipmod"], "M d Y H:i:s"))); } insert($f, block("<hr>")); $cnt++; }
$result =& $ds->ds->SelectLimit("SELECT baseaddr, descrip\n FROM base\n WHERE customer={$cust}\n ORDER BY baseaddr", 100); if ($row = $result->FetchRow()) { insert($w, text(my_("Cannot delete customer because the following subnets are assigned to the customer (limited to first 100):"))); insert($w, block("<p>")); // create a table insert($w, $t = table(array("cols" => "2", "class" => "outputtable"))); // draw heading setdefault("cell", array("class" => "heading")); insert($t, $c = cell()); insert($c, text(my_("Base address"))); insert($t, $c = cell()); insert($c, text(my_("Subnet description"))); do { setdefault("cell", array("class" => color_flip_flop())); insert($t, $c = cell()); insert($c, text(inet_ntoa($row["baseaddr"]))); insert($t, $c = cell()); insert($c, text($row["descrip"])); } while ($row = $result->FetchRow()); insert($w, block("<p>")); printhtml($p); exit; } // check if customer has DNS information (forward zone) $result =& $ds->ds->SelectLimit("SELECT customer\n FROM fwdzone\n WHERE customer={$cust}", 1); if ($row = $result->FetchRow()) { insert($w, text(my_("Cannot delete customer because customer has DNS zones defined"))); insert($w, block("<p>")); printhtml($p); exit; }
$export->addRow(NULL); setdefault("cell", array("class" => color_flip_flop())); insert($t, $c = cell()); // no point in making this a hyperlink - there are no ranges so search will // always return nothing! insert($c, text(inet_ntoa($row["areaaddr"]))); $export->addCell(inet_ntoa($row["areaaddr"])); insert($t, $c = cell()); insert($c, text($row["adescrip"])); $export->addCell($row["adescrip"]); $export->addCell(my_("No range")); $export->addCell(""); $export->addCell(""); $export->addCell(my_("No range in this area")); $export->saveRow(); insert($t, $c = cell()); insert($c, block("<small>")); insert($c, anchor("deletearea.php?areaindex=" . $row["areaindex"] . "&cust=" . $cust, my_("Delete Area"), $ipplanParanoid ? array("onclick" => "return confirm('" . my_("Are you sure?") . "')") : FALSE)); insert($c, block(" | ")); insert($c, anchor("createarea.php?action=modify&areaindex=" . $row["areaindex"] . "&ipaddr=" . inet_ntoa($row["areaaddr"]) . "&cust=" . $cust . "&descrip=" . urlencode($row["adescrip"]), my_("Modify Area"))); insert($c, block("</small>")); $cnt++; } insert($w, block("<p>")); insert($w, textb(sprintf(my_("Total records: %u"), $cnt))); $temp2 = $cnt; $result->Close(); // create the export view form $export->setInfo(array(array("customer_ID", "customer_description", "total_ranges_and_areas_with_ranges", "total_areas_without_ranges"), array($cust, $ds->getCustomerDescrip($cust), $temp1, $temp2))); $export->createExportForm($w, NULL); printhtml($p);
if ($_GET) { // save the last customer used // must set path else Netscape gets confused! setcookie("ipplanCustomer", "{$cust}", time() + 10000000, "/"); // check if user belongs to customer admin group $result = $ds->GetCustomerGrp($cust); // can only be one row - does not matter if nothing is // found as array search will return false $row = $result->FetchRow(); if (!in_array($row["admingrp"], $grps)) { myError($w, $p, my_("You may not delete an area for this customer as you are not a member of the customers admin group")); } if ($rangeindex > 0) { $result = $ds->GetRange($cust, $rangeindex); $row = $result->FetchRow(); $rangeip = inet_ntoa($row["rangeaddr"]); $rangesize = $row["rangesize"]; $ds->DbfTransactionStart(); $result =& $ds->ds->Execute("DELETE FROM netrange\n WHERE rangeindex={$rangeindex}") and $ds->AuditLog(array("event" => 162, "action" => "delete range", "baseaddr" => $rangeip, "user" => getAuthUsername(), "size" => $rangesize, "cust" => $cust)); if ($result) { $ds->DbfTransactionEnd(); Header("Location: " . location_uri("modifyarearange.php?cust={$cust}")); exit; //insert($w,text(my_("Range deleted"))); } else { insert($w, text(my_("Range could not be deleted"))); } } else { insert($w, text(my_("Range index is invalid"))); } }
$cnt++; if ($arr[$i]["subnetsize"] > 2) { $cntsubnets += 2; } } // handle end of range if ($cnt and $showused != 2) { if ($endnum != $arr[$i - 1]["baseaddr"] + $arr[$i - 1]["subnetsize"] - 1) { // work out size up to end of range $newsize = $endnum + 1 - $arr[$i - 1]["baseaddr"] - $arr[$i - 1]["subnetsize"]; //display only subnets with free space between from/to size if ($newsize >= $size_from && $newsize <= $size_to) { insert($t, $c = cell(array("class" => "greencell"))); insert($c, anchor("createsubnetform.php?ipaddr=" . inet_ntoa($arr[$i - 1]["baseaddr"] + $arr[$i - 1]["subnetsize"]) . "&cust=" . $cust, inet_ntoa($arr[$i - 1]["baseaddr"] + $arr[$i - 1]["subnetsize"]))); $export->addRow(NULL); $export->addCell(inet_ntoa($arr[$i - 1]["baseaddr"] + $arr[$i - 1]["subnetsize"])); insert($t, $c = cell()); insert($c, text($newsize)); $export->addCell($newsize); $export->addCell(""); insert($t, $c = cell()); insert($t, $c = cell()); insert($c, text(my_("Free space"))); $export->addCell(my_("Free space")); $export->addCell(""); $export->saveRow(); insert($t, $c = cell()); insert($t, $c = cell()); $width = 100; insert($c, block("<img height=\"10\" width=\"{$width}\" src=\"../images/square_green.jpg\">")); }
// result, close connection // explicitly cast variables as security measure against SQL injection list($cust) = myRegister("I:cust"); $ds = new IPplanDbf() or die(my_("Could not connect to database")); // force file download due to bad mime type header("Content-Type: bad/type"); header("Content-Disposition: attachment; filename=ipaddr.txt"); header("Pragma: no-cache"); header("Expires: 0"); // if a specific network template exists, use that, else use generic template $template = new IPplanIPTemplate("iptemplate", $cust); $err = $template->is_error(); $result =& $ds->ds->Execute("SELECT ipaddr.userinf, ipaddr.location, ipaddr.telno, \n ipaddr.descrip, ipaddr.hname, ipaddr.ipaddr AS ip,\n ipaddr.baseindex AS baseip, ipaddr.macaddr\n FROM ipaddr, base\n WHERE ipaddr.baseindex=base.baseindex AND\n base.customer={$cust}\n ORDER BY\n ipaddr.ipaddr"); // main loop while ($row = $result->FetchRow()) { echo inet_ntoa($row["ip"]) . FIELDS_TERMINATED_BY . $row["userinf"] . FIELDS_TERMINATED_BY . $row["location"] . FIELDS_TERMINATED_BY . $row["descrip"] . FIELDS_TERMINATED_BY . $row["hname"] . FIELDS_TERMINATED_BY . $row["telno"] . FIELDS_TERMINATED_BY . $row["macaddr"]; if (!$err) { $restmp =& $ds->ds->Execute("SELECT info, infobin\n FROM ipaddradd\n WHERE ipaddr=" . $row["ip"] . " AND baseindex=" . $row["baseip"]); if ($rowadd = $restmp->FetchRow()) { $template->Merge($template->decode($rowadd["info"])); foreach ($template->userfld as $arr) { $tmpfield = csv_escape($arr["value"]); echo FIELDS_TERMINATED_BY . $tmpfield; } } } echo "\n"; } // wrap any multiline string with quotes function csv_escape($str) {
function parseDeleteForms($w, $ds) { // NOTE: don't change order of if's!!! // This code is a crime against humanity and needs to be fixed ASAP. // // THIS FUNCTION PARTIALLY DEPRECATED. SEE BELOW. list($userid, $usergrp, $grp, $ref) = myRegister("S:userid S:usergrp S:grp S:ref"); $formerror = ""; // delete a user if ($userid) { $ds->DbfTransactionStart(); $result =& $ds->ds->Execute("DELETE FROM users\n WHERE userid=" . $ds->ds->qstr($userid)) and $result =& $ds->ds->Execute("DELETE FROM usergrp\n WHERE userid=" . $ds->ds->qstr($userid)); if ($result) { $ds->DbfTransactionEnd(); insert($w, text(my_("User {$userid} deleted"))); } else { $formerror .= my_("User could not be deleted"); } } else { if ($usergrp) { $userid = $usergrp; $ds->DbfTransactionStart(); $result =& $ds->ds->Execute("DELETE FROM usergrp\n WHERE userid=" . $ds->ds->qstr($userid) . " AND\n grp=" . $ds->ds->qstr($grp)); if ($result) { $ds->DbfTransactionEnd(); insert($w, text(sprintf(my_("User %s deleted from group"), $userid))); if ($ref == "user") { insertEditUserForm($w, $ds); } if ($ref == "grp") { insertEditGroupForm($w, $ds); } } else { $formerror .= my_("User could not be deleted from group"); } } else { if ($grp and !$usergrp) { // check if grp has customers $result =& $ds->ds->Execute("SELECT custdescrip\n FROM customer\n WHERE admingrp=" . $ds->ds->qstr($grp)); if ($row = $result->FetchRow()) { $formerror .= my_("Cannot delete group because the following customers are assigned to the group:"); do { $formerror .= $row["custdescrip"]; } while ($row = $result->FetchRow()); } // check if grp has subnets $result =& $ds->ds->Execute("SELECT baseaddr, descrip\n FROM base\n WHERE admingrp=" . $ds->ds->qstr($grp) . "\n ORDER BY baseaddr"); if ($row = $result->FetchRow()) { $formerror .= my_("Cannot delete group because the following subnets are assigned to the group:"); do { $formerror .= inet_ntoa($row["baseaddr"]) . " - " . $row["descrip"]; } while ($row = $result->FetchRow()); } $ds->DbfTransactionStart(); $result =& $ds->ds->Execute("DELETE FROM grp\n WHERE grp=" . $ds->ds->qstr($grp)) and $result =& $ds->ds->Execute("DELETE FROM usergrp\n WHERE grp=" . $ds->ds->qstr($grp)) and $result =& $ds->ds->Execute("DELETE FROM bounds\n WHERE grp=" . $ds->ds->qstr($grp)); if ($result) { $ds->DbfTransactionEnd(); insert($w, text(sprintf(my_("Group %s deleted"), $grp))); } else { $formerror .= my_("Group could not be deleted"); } } } } // endif }
} fputs($fp, "\t</host>\n"); } // end while: loop through ips of subnet. // Loop through the dynamic IPs above, and print the ranges. $iprange_start = $iprange_dynamicIPs[0]; for ($i = 0; $i < count($iprange_dynamicIPs); $i++) { if ($iprange_dynamicIPs[$i] + 1 != $iprange_dynamicIPs[$i + 1]) { fputs($fp, sprintf("\t<iprange type=\"dynamic\" firstip=\"%s\" lastip=\"%s\" />\n", htmlspecialchars(inet_ntoa($iprange_start)), htmlspecialchars(inet_ntoa($iprange_dynamicIPs[$i])))); $iprange_start = $iprange_dynamicIPs[$i + 1]; } } $iprange_start = $iprange_fixedIPs[0]; for ($i = 0; $i < count($iprange_fixedIPs); $i++) { if ($iprange_fixedIPs[$i] + 1 != $iprange_fixedIPs[$i + 1]) { fputs($fp, sprintf("\t<iprange type=\"static\" firstip=\"%s\" lastip=\"%s\" />\n", htmlspecialchars(inet_ntoa($iprange_start)), htmlspecialchars(inet_ntoa($iprange_fixedIPs[$i])))); $iprange_start = $iprange_fixedIPs[$i + 1]; } } fputs($fp, sprintf("</network>\n")); } // end while if ($cnt) { fputs($fp, sprintf("</dhcp>\n")); fclose($fp); $ds->AuditLog(array("event" => 913, "action" => "export DHCP subnets", "cust" => $cust, "user" => getAuthUsername(), "tmpfname" => $tmpfname)); insert($w, textbr(sprintf(my_("Sent update to Backend Processor as file %s"), $tmpfname))); } else { myError($w, $p, my_("No DHCP subnets could be found.")); } printhtml($p);
if ($_GET) { // save the last customer used // must set path else Netscape gets confused! setcookie("ipplanCustomer", "{$cust}", time() + 10000000, "/"); // check if user belongs to customer admin group $result = $ds->GetCustomerGrp($cust); // can only be one row - does not matter if nothing is // found as array search will return false $row = $result->FetchRow(); if (!in_array($row["admingrp"], $grps)) { myError($w, $p, my_("You may not delete an area for this customer as you are not a member of the customers admin group")); } if ($areaindex > 0) { $result = $ds->GetArea($cust, $areaindex); $row = $result->FetchRow(); $areaip = inet_ntoa($row["areaaddr"]); $ds->DbfTransactionStart(); $result =& $ds->ds->Execute("DELETE FROM area\n WHERE areaindex={$areaindex}") and $ds->AuditLog(array("event" => 152, "action" => "delete area", "area" => $areaip, "user" => getAuthUsername(), "cust" => $cust)); if ($result) { $ds->DbfTransactionEnd(); Header("Location: " . location_uri("modifyarearange.php?cust={$cust}")); exit; //insert($w,text(my_("Area deleted"))); } else { insert($w, text(my_("Area could not be deleted"))); } } else { insert($w, text("Area index is invalid")); } } printhtml($p);
// explicitly cast variables as security measure against SQL injection list($cust) = myRegister("I:cust"); $ds = new IPplanDbf() or die(my_("Could not connect to database")); // force file download due to bad mime type header("Content-Type: bad/type"); header("Content-Disposition: attachment; filename=base.txt"); header("Pragma: no-cache"); header("Expires: 0"); $startnum = inet_aton(DEFAULTROUTE); $endnum = inet_aton(ALLNETS); // if a specific network template exists, use that, else use generic template $template = new IPplanIPTemplate("basetemplate", $cust); $err = $template->is_error(); $result = $ds->GetBase($startnum, $endnum, '', $cust); while ($row = $result->FetchRow()) { echo inet_ntoa($row["baseaddr"]) . FIELDS_TERMINATED_BY . $row["descrip"] . FIELDS_TERMINATED_BY . inet_ntoa(inet_aton(ALLNETS) + 1 - $row["subnetsize"]) . FIELDS_TERMINATED_BY; if (!$err) { $result_template =& $ds->ds->Execute("SELECT info, infobin\n FROM baseadd\n WHERE baseindex=" . $row["baseindex"]); if ($rowadd = $result_template->FetchRow()) { $template->Merge($template->decode($rowadd["info"])); foreach ($template->userfld as $arr) { $tmpfield = csv_escape($arr["value"]); echo FIELDS_TERMINATED_BY . $arr["value"]; } } } echo "\n"; } // wrap any multiline string with quotes // this function only works with php 5 and above function csv_escape($str)
insert($fdel, hidden(array("name" => "baseindex", "value" => "{$baseindex}"))); insert($fdel, hidden(array("name" => "ip", "value" => "{$ip}"))); insert($fdel, hidden(array("name" => "subnetsize", "value" => "{$subnetsize}"))); insert($fdel, hidden(array("name" => "action", "value" => "delete"))); insert($fdel, hidden(array("name" => "block", "value" => "{$block}"))); insert($fdel, hidden(array("name" => "search", "value" => "{$search}"))); insert($fdel, hidden(array("name" => "expr", "value" => "{$expr}"))); insert($fdel, hidden(array("name" => "md5str", "value" => "{$md5str}"))); insert($fdel, hidden(array("name" => "close", "value" => "{$close}"))); insert($fdel, submit(array("value" => my_("Delete record")))); insert($fdel, text(my_("WARNING: Deleting an entry does not preserve the last modified information as the record is completely removed from the database to conserve space. "))); if (is_array($files)) { myError($fdel, $p, my_("Deleting this record will delete all associated uploaded files!") . "\n", FALSE); } // end of delete form // dummy form for "follow" function $settings = array("name" => "DUMMY", "method" => "get", "action" => "displaybase.php"); insert($w, $f = form($settings)); insert($f, hidden(array("name" => "ipaddr", "value" => $lnk))); insert($f, hidden(array("name" => "cust", "value" => $cust))); insert($f, hidden(array("name" => "searchin", "value" => "1"))); insert($f, hidden(array("name" => "jump", "value" => "1"))); // create the export view form $export = new exportForm(); $export->addRow(array("user", "location", "description", "hostname", "telephone", "mac_addr", "linked_addr")); $export->saveRow(); $export->addRow(array($userinf, $location, $descrip, $hname, $telno, $macaddr, $lnk)); $export->saveRow(); $export->setInfo(array(array("subnet_ID", "subnet_addr", "subnet_mask", "subnet_description", "ip_address"), array($baseindex, inet_ntoa($baseaddr), inet_ntoa(inet_aton(ALLNETS) + 1 - $subnetsize) . "/" . inet_bits($subnetsize), $netdescrip, $ip))); $export->createExportForm($w, $template); printhtml($p);