function submit_static()
{
global $COLLATE;
global $dbo;
include 'include/validation_functions.php';
$name = empty($_POST['name']) ? '' : clean($_POST['name']);
$ip_addr = empty($_POST['ip_addr']) ? '' : clean($_POST['ip_addr']);
$long_ip_addr = ip2decimal($ip_addr);
$note = empty($_POST['note']) ? '' : clean($_POST['note']);
$contact = empty($_POST['contact']) ? '' : clean($_POST['contact']);
$subnet_id = empty($_POST['subnet_id']) ? '' : clean($_POST['subnet_id']);
$username = !isset($COLLATE['user']['username']) ? 'system' : $COLLATE['user']['username'];
if (empty($name) || empty($ip_addr) || empty($contact) || empty($subnet_id)) {
$notice = "blankfield-notice";
header("Location: statics.php?op=add&subnet_id={$subnet_id}&name={$name}&ip_addr={$ip_addr}&contact={$contact}¬e={$note}¬ice={$notice}");
exit;
}
$validate_ip = validate_static_ip($ip_addr);
if ($validate_ip['0'] === false) {
$notice = $validate_ip['error'];
header("Location: statics.php?op=add&subnet_id={$subnet_id}&name={$name}&ip_addr={$ip_addr}&contact={$contact}¬e={$note}¬ice={$notice}");
exit;
} else {
$long_mask = $validate_ip['long_mask'];
$mask = long2ip($long_mask);
}
$sql = "INSERT INTO statics (ip, name, contact, note, subnet_id, modified_by, modified_at) \r\n VALUES('{$long_ip_addr}', '{$name}', '{$contact}', '{$note}', '{$subnet_id}', '{$username}', now())";
$accesslevel = "2";
$message = "Static IP Reserved: {$ip_addr} ({$name})";
AccessControl($accesslevel, $message);
// No need to generate logs if nothing is happening. Here, we know data is about to be written to the db.
$dbo->query($sql);
// Everything looks good so here's a success page with all of the information.
require_once './include/header.php';
$sql = "SELECT ip FROM statics WHERE subnet_id = '{$subnet_id}' AND note = 'Default Gateway'";
$result = $dbo->query($sql);
if ($result->rowCount() == '1') {
$long_gateway = $result->fetchColumn();
$gateway = long2ip($long_gateway);
$error = '';
#none
} else {
$gateway = "*";
$error = "<p><b>*</b>" . $COLLATE['languages']['selected']['nogateway'] . "</p><br />";
}
echo "<h1>" . $COLLATE['languages']['selected']['IPReserved'] . "</h1><br />\n" . "<p><b>" . $COLLATE['languages']['selected']['Name'] . ":</b> {$name}</p>\n" . "<p><b>" . $COLLATE['languages']['selected']['IPAddress'] . ":</b> {$ip_addr}</p>\n" . "<p><b>" . $COLLATE['languages']['selected']['SubnetMask'] . ":</b> {$mask}</p>\n" . "<p><b>" . $COLLATE['languages']['selected']['Gateway'] . ":</b> {$gateway}</p>\n" . "<p><b>" . $COLLATE['languages']['selected']['DNSServers'] . ":</b> " . $COLLATE['settings']['dns'] . "</p><br />\n" . "{$error}" . "<br />\n" . "<p><b><a href=\"statics.php?subnet_id={$subnet_id}\">" . $COLLATE['languages']['selected']['continuetostatics'] . "</a></b></p>\n";
}
$sql = "SELECT ip FROM statics WHERE name = '' OR name='discovered-host'";
$result = $dbo->query($sql);
$hoststoresolve = $result->rowCount();
if ($hoststoresolve < '1') {
break;
}
while ($long_ip = $result->fetchColumn()) {
$ip = long2ip($long_ip);
// Do dns lookups
foreach ($dnsserver as &$server) {
//exec ( string $command [, array &$output [, int &$return_var ]] )
exec("{$dnscommand} @{$server} -x {$ip} +short", $name, $return);
$name = empty($name['0']) ? '' : $name['0'];
if (!empty($name)) {
// a server responded
$long_ip_addr = ip2decimal($ip);
$sql = "UPDATE statics set name='{$name}', modified_by='system', modified_at=now() WHERE ip='{$long_ip_addr}'";
$dbo->query($sql);
// Log what we've added to the DB
$sql = "INSERT INTO logs (occuredat, username, ipaddress, level, message) VALUES(NOW(), 'system', '', 'normal', 'Static IP name updated by discovery addon: {$ip} ({$name})')";
$dbo->query($sql);
$namesupdated++;
if ($verbose == 'on') {
echo '!';
}
break;
} elseif ($name == ';; connection timed out; no servers could be reach') {
echo "invalid DNS server configured at the top of this script";
exit(2);
} elseif ($verbose == 'on') {
echo '.';
function submit_subnet()
{
global $dbo;
include 'include/validation_functions.php';
$block_id = isset($_POST['block_id']) && is_numeric($_POST['block_id']) ? $_POST['block_id'] : '';
$name = isset($_POST['name']) ? $_POST['name'] : '';
$ip = isset($_POST['ip']) ? $_POST['ip'] : '';
$gateway = isset($_POST['gateway']) ? $_POST['gateway'] : '';
$acl_name = isset($_POST['acl_name']) ? $_POST['acl_name'] : '';
$acl_start = isset($_POST['acl_start']) ? $_POST['acl_start'] : '';
$acl_end = isset($_POST['acl_end']) ? $_POST['acl_end'] : '';
$note = isset($_POST['note']) ? $_POST['note'] : '';
$guidance = isset($_POST['guidance']) ? $_POST['guidance'] : '';
if (empty($block_id)) {
$notice = 'invalidrequest';
header("Location: blocks.php?notice={$notice}");
exit;
}
if (empty($name) || empty($ip)) {
$notice = "blankfield-notice";
$guidance = urlencode($guidance);
header("Location: subnets.php?op=add&block_id={$block_id}&name={$name}&ip={$ip}&gateway={$gateway}&acl_start={$acl_start}&acl_end={$acl_end}¬e={$note}&guidance={$guidance}¬ice={$notice}");
exit;
}
$result = validate_text($name, 'subnetname');
if ($result['0'] === false) {
$notice = $result['error'];
$guidance = urlencode($guidance);
header("Location: subnets.php?op=add&block_id={$block_id}&name={$name}&ip={$ip}&gateway={$gateway}&acl_start={$acl_start}&acl_end={$acl_end}¬e={$note}&guidance={$guidance}¬ice={$notice}");
exit;
} else {
$name = $result['1'];
}
$result = validate_network($ip);
if ($result['0'] === false) {
$notice = $result['error'];
$guidance = urlencode($guidance);
header("Location: subnets.php?op=add&block_id={$block_id}&name={$name}&ip={$ip}&gateway={$gateway}&acl_start={$acl_start}&acl_end={$acl_end}¬e={$note}&guidance={$guidance}¬ice={$notice}");
exit;
} else {
$start_ip = $result['start_ip'];
$end_ip = $result['end_ip'];
$mask = $result['mask'];
$long_start_ip = $result['long_start_ip'];
$long_end_ip = $result['long_end_ip'];
$long_mask = $result['long_mask'];
}
$dbo->beginTransaction();
$username = !isset($COLLATE['user']['username']) ? 'system' : $COLLATE['user']['username'];
$sql = "INSERT INTO subnets (name, start_ip, end_ip, mask, note, block_id, modified_by, modified_at, guidance) \r\n VALUES('{$name}', '{$long_start_ip}', '{$long_end_ip}', '{$long_mask}', '{$note}', '{$block_id}', '{$username}', now(), '{$guidance}')";
$dbo->query($sql);
$subnet_id = $dbo->lastInsertId();
if (!empty($acl_start) && !empty($acl_end)) {
$result = validate_ip_range($acl_start, $acl_end, 'acl');
if ($result['0'] === false) {
$dbo->rollBack();
$notice = $result['error'];
$guidance = urlencode($guidance);
header("Location: subnets.php?op=add&block_id={$block_id}&name={$name}&ip={$ip}&gateway={$gateway}&acl_start={$acl_start}&acl_end={$acl_end}¬e={$note}&guidance={$guidance}¬ice={$notice}");
exit;
} else {
$long_acl_start = $result['long_start_ip'];
$long_acl_end = $result['long_end_ip'];
}
// Add an ACL for the acl range so users don't assign a static IP inside a acl scope.
$sql = "INSERT INTO acl (name, start_ip, end_ip, subnet_id) VALUES('{$acl_name}', '{$long_acl_start}', '{$long_acl_end}', '{$subnet_id}')";
$dbo->query($sql);
}
// Add static IP for the Default Gateway
if (!empty($gateway)) {
$long_gateway = ip2decimal($gateway);
$subnet_test = $long_gateway & $long_mask;
if ($subnet_test !== $long_start_ip) {
$dbo->rollBack();
$notice = 'invalidip';
$guidance = urlencode($guidance);
header("Location: subnets.php?op=add&block_id={$block_id}&name={$name}&ip={$ip}&gateway={$gateway}&acl_start={$acl_start}&acl_end={$acl_end}¬e={$note}&guidance={$guidance}¬ice={$notice}");
exit;
}
$validate_gateway = validate_static_ip($gateway);
if ($validate_gateway['0'] === false) {
$dbo->rollBack();
$notice = $validate_gateway['error'];
$guidance = urlencode($guidance);
header("Location: subnets.php?op=add&block_id={$block_id}&name={$name}&ip={$ip}&gateway={$gateway}&acl_start={$acl_start}&acl_end={$acl_end}¬e={$note}&guidance={$guidance}¬ice={$notice}");
exit;
}
$sql = "INSERT INTO statics (ip, name, contact, note, subnet_id, modified_by, modified_at) \r\n VALUES('{$long_gateway}', 'Gateway', 'Network Admin', 'Default Gateway', '{$subnet_id}', '{$username}', now())";
$dbo->query($sql);
}
$dbo->commit();
$cidr = subnet2cidr($long_start_ip, $long_mask);
$accesslevel = "3";
$message = "Subnet {$name} ({$cidr}) has been created";
AccessControl($accesslevel, $message);
// No need to generate logs when nothing is really happening. This
// goes down here where we know stuff has actually been written. Access
// Control actually happened before submit_subnet() was called.
$notice = "subnetadded-notice";
header("Location: subnets.php?block_id={$block_id}¬ice={$notice}");
exit;
}
function search_subnets()
{
global $COLLATE;
global $dbo;
include 'include/validation_functions.php';
$search = empty($_GET['search']) ? '' : clean($_GET['search']);
$search_only = isset($_GET['searchonly']) && preg_match("/true/", $_GET['searchonly']) ? true : false;
$searchonlyparam = $search_only ? '&searchonly=true' : '';
$input_error = false;
if (empty($search)) {
exit;
}
if (!strstr($search, '/')) {
echo $COLLATE['languages']['selected']['IPSearchFormat'];
$input_error = true;
}
list($ip, $mask) = explode('/', $search);
if (ip2decimal($ip) == FALSE) {
echo $COLLATE['languages']['selected']['IPSearchFormat'];
$input_error = true;
}
$ip = long2ip(ip2decimal($ip));
if (!strstr($mask, '.') && ($mask <= '0' || $mask >= '32')) {
echo $COLLATE['languages']['selected']['IPSearchFormat'];
$input_error = true;
} elseif (!strstr($mask, '.')) {
$bin = str_pad('', $mask, '1');
$bin = str_pad($bin, '32', '0');
$mask = bindec(substr($bin, 0, 8)) . "." . bindec(substr($bin, 8, 8)) . "." . bindec(substr($bin, 16, 8)) . "." . bindec(substr($bin, 24, 8));
$mask = long2ip(ip2decimal($mask));
} elseif (!validate_netmask($mask)) {
echo $COLLATE['languages']['selected']['invalidmask'];
$input_error = true;
}
if (!$input_error) {
$long_ip = ip2decimal($ip);
$long_mask = ip2decimal($mask);
$long_end_ip = $long_ip | ~$long_mask;
$ipspace = array();
array_push($ipspace, $long_ip);
$sql = "SELECT start_ip, end_ip FROM subnets WHERE CAST((start_ip & 0xFFFFFFFF) AS UNSIGNED) >= CAST(('{$long_ip}' & 0xFFFFFFFF) AS UNSIGNED) AND " . "CAST((end_ip & 0xFFFFFFFF) AS UNSIGNED) <= CAST(('{$long_end_ip}' & 0xFFFFFFFF) AS UNSIGNED) ORDER BY start_ip ASC";
$subnet_rows = $dbo->query($sql);
while (list($subnet_long_start_ip, $subnet_long_end_ip) = $subnet_rows->fetch(PDO::FETCH_NUM)) {
array_push($ipspace, $subnet_long_start_ip, $subnet_long_end_ip);
}
array_push($ipspace, $long_end_ip);
$ipspace = array_reverse($ipspace);
$ipspace_count = count($ipspace);
}
if (!$search_only) {
echo "<p><a href=\"#\" onclick=\"\r\n new Effect.toggle('blockspace', 'blind', { delay: 0.1 }); \r\n \t\t new Effect.toggle('spacesearch', 'blind', { delay: 0.1 })\r\n \t\t \">" . $COLLATE['languages']['selected']['showblockspace'] . "</a></p>\n";
}
echo "<h3>" . $COLLATE['languages']['selected']['SearchIPSpace'] . "</h3><br />\n" . "<p><b>" . $COLLATE['languages']['selected']['Subnet'] . ":</b> <input id=\"subnetsearch\" type=\"text\" value=\"{$search}\"><br />" . "<button onclick=\"new Ajax.Updater('spacesearch', '_subnets.php?op=search{$searchonlyparam}&search=' + \$('subnetsearch').value);\")\"> " . $COLLATE['languages']['selected']['Go'] . " </button></p>";
if (!$input_error) {
echo "<h4>" . $COLLATE['languages']['selected']['Results'] . ":</h4>";
echo "<table style=\"width: 100%\"><tr><th>" . $COLLATE['languages']['selected']['StartingIP'] . "</th><th>" . $COLLATE['languages']['selected']['EndIP'] . "</th></tr>";
while (!empty($ipspace)) {
$long_start = array_pop($ipspace);
if (count($ipspace) != $ipspace_count - '1') {
// Don't subtract 1 from the very first start IP
$start = long2ip($long_start + 1);
} else {
$start = long2ip($long_start);
}
$long_end = array_pop($ipspace);
if (count($ipspace) > '1') {
$end = long2ip($long_end - 1);
} else {
$end = long2ip($long_end);
}
if ($long_start + 1 != $long_end && $long_start != $long_end) {
echo "<tr><td>{$start}</td><td>{$end}</td></tr>";
}
}
echo "</table>";
}
exit;
}
function validate_network($subnet, $network_type = "subnet", $table_id = null, $overlapok = false)
{
$dbo = getdbo();
$function_return = array();
if (!strstr($subnet, '/')) {
# invalid mask
$function_return['0'] = false;
$function_return['error'] = 'invalidmask';
return $function_return;
}
list($ip, $mask) = explode('/', $subnet);
$long_ip = ip2decimal($ip);
if ($long_ip === false) {
# invalid ip
$function_return['0'] = false;
$function_return['error'] = 'invalidip';
return $function_return;
}
if (!strstr($mask, '.') && is_numeric($mask) && $mask > '0' && $mask < '32') {
# number of mask bits
$bin = str_pad('', $mask, '1');
$bin = str_pad($bin, '32', '0');
$mask = bindec(substr($bin, 0, 8)) . "." . bindec(substr($bin, 8, 8)) . "." . bindec(substr($bin, 16, 8)) . "." . bindec(substr($bin, 24, 8));
$mask = long2ip(ip2decimal($mask));
}
$long_mask = ip2decimal($mask);
if (!validate_netmask($mask) || $long_mask === false) {
#invalid mask
$function_return['0'] = false;
$function_return['error'] = 'invalidmask';
return $function_return;
}
$long_start_ip = $long_ip & $long_mask;
// This makes sure they entered the network address and not an IP inside the network
$start_ip = long2ip($long_start_ip);
$long_end_ip = $long_ip | ~$long_mask;
$end_ip = long2ip($long_end_ip);
if ($network_type == 'block') {
# make sure we don't overlap other blocks
$overlap_check_sql = "SELECT id FROM blocks WHERE \n ((CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) <= CAST('{$long_start_ip}' & 0xFFFFFFFF AS UNSIGNED) AND \n\t CAST(end_ip & 0xFFFFFFFF AS UNSIGNED) >= CAST('{$long_start_ip}' & 0xFFFFFFFF AS UNSIGNED)) \n\tOR \n (CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) <= CAST('{$long_end_ip}' & 0xFFFFFFFF AS UNSIGNED) AND \n\t CAST(end_ip & 0xFFFFFFFF AS UNSIGNED) >= CAST('{$long_end_ip}' & 0xFFFFFFFF AS UNSIGNED)) \n\tOR\n (CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) >= CAST('{$long_start_ip}' & 0xFFFFFFFF AS UNSIGNED) AND \n\t CAST(end_ip & 0xFFFFFFFF AS UNSIGNED) <= CAST('{$long_end_ip}' & 0xFFFFFFFF AS UNSIGNED)))";
$overlap_check_sql .= $table_id !== NULL ? " AND id!='{$table_id}'" : '';
$result = $dbo->query($overlap_check_sql);
if ($result->rowcount() != '0') {
$function_return['0'] = false;
$function_return['error'] = 'blockoverlap-notice';
return $function_return;
}
} elseif ($overlapok === false) {
# make sure we don't overlap other subnets
$sql = "SELECT id FROM subnets WHERE \n\t CAST('{$long_start_ip}' & 0xFFFFFFFF AS UNSIGNED) & CAST(mask & 0xFFFFFFFF AS UNSIGNED) = CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) OR \n\t CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) & CAST('{$long_mask}' & 0xFFFFFFFF AS UNSIGNED) = CAST('{$long_start_ip}' & 0xFFFFFFFF AS UNSIGNED)";
$result = $dbo->query($sql);
if ($result->rowcount() != '0') {
# subnet overlap
$function_return['0'] = false;
$function_return['error'] = 'subnetoverlap-notice';
return $function_return;
}
}
# everything is ok if we get here
$function_return['0'] = true;
$function_return['start_ip'] = $start_ip;
$function_return['long_start_ip'] = $long_start_ip;
$function_return['end_ip'] = $end_ip;
$function_return['long_end_ip'] = $long_end_ip;
$function_return['mask'] = $mask;
$function_return['long_mask'] = $long_mask;
return $function_return;
}
function toggle_stalescan()
{
global $COLLATE;
global $dbo;
$static_ip = isset($_GET['static_ip']) ? $_GET['static_ip'] : '';
$long_ip = ip2decimal($static_ip);
$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : './search.php?notice=';
if (stristr($referer, 'notice')) {
$referer = preg_replace("/¬ice=.*/", "", $referer);
}
$referer = $referer . '¬ice=';
if (empty($long_ip) || $long_ip === false) {
header("HTTP/1.1 400 Bad Request");
echo "test1";
exit;
}
# make sure we aren't being asked to toggle for a subnet that has stale scan disabled:
$sql = "SELECT stalescan_enabled FROM subnets WHERE \r\n CAST('{$long_ip}' & 0xFFFFFFFF AS UNSIGNED) & CAST(mask & 0xFFFFFFFF AS UNSIGNED) = CAST(start_ip & 0xFFFFFFFF AS UNSIGNED)";
$result = $dbo->query($sql);
$subnet_status = $result->fetchColumn();
if ($subnet_status == false) {
header("HTTP/1.1 400 Bad Request");
exit;
}
$sql = "SELECT failed_scans from statics where ip='{$long_ip}'";
$result = $dbo->query($sql);
$current_count = $result->fetchColumn();
if ($current_count == -1) {
$new_status = 'on';
$new_count = 0;
$new_icon = 'scanning.png';
$new_icon_text = $COLLATE['languages']['selected']['disablestalescan'];
} else {
$new_status = 'off';
$new_count = -1;
$new_icon = 'skipping.png';
$new_icon_text = $COLLATE['languages']['selected']['enablestalescan'];
}
collate_log('2', "Stale Scan toggled {$new_status} for IP: {$static_ip}");
$sql = "UPDATE statics SET failed_scans='{$new_count}' WHERE ip='{$long_ip}' LIMIT 1";
$dbo->query($sql);
echo "<img src=\"./images/{$new_icon}\" alt=\"\" title=\"{$new_icon_text}\" />";
exit;
}
/**
* Function name: validateIP
* Description:
* Access: public
* Input:
* - $ip: IP need validated
* - $fromip: start from ip
* - $toip: end from ip
* - $type: allowed / denied
* Output: boolean
*/
function validateIP($ip, $fromip, $toip, $type = 'allowed')
{
$dec_ip = ip2decimal($ip);
$dec_fromip = ip2decimal($fromip);
$dec_toip = ip2decimal($toip);
if ($dec_fromip <= $dec_ip && $dec_ip <= $dec_toip) {
if ($type == 'allowed') {
return true;
} else {
return false;
}
} else {
if ($type == 'allowed') {
return false;
} else {
return true;
}
}
}
function build_search_sql()
{
global $COLLATE;
global $dbo;
include 'include/validation_functions.php';
$first = isset($_GET['first']) ? $_GET['first'] : '';
$second = isset($_GET['second']) ? $_GET['second'] : '';
$search = isset($_GET['search']) ? clean($_GET['search']) : '';
$fromdate = isset($_GET['fromdate']) ? $_GET['fromdate'] : '';
$todate = isset($_GET['todate']) ? $_GET['todate'] : '';
$when = $fromdate == $todate ? 'all' : 'dates';
if ($first === '0') {
// block search
$pattern = "/^ip\$|^name\$|^note\$/";
$invalidrequest = preg_match($pattern, $second) ? false : true;
} elseif ($first === '1') {
// subnet search
$pattern = "/^ip\$|^name\$|^note\$|^modified_by\$/";
$invalidrequest = preg_match($pattern, $second) ? false : true;
} elseif ($first === '2') {
// statics search
$pattern = "/^ip\$|^name\$|^contact\$|^note\$|^modified_by\$|^failed_scans\$/";
$invalidrequest = preg_match($pattern, $second) ? false : true;
} elseif ($first === '3') {
// logs search
$pattern = "/^username\$|^level\$|^message\$/";
$invalidrequest = preg_match($pattern, $second) ? false : true;
} else {
// error
$invalidrequest = true;
}
if ($when != 'all') {
$starttime = strtotime($fromdate);
$endtime = strtotime($todate);
if ($starttime === false || $endtime === false || $endtime <= $starttime) {
$invalidrequest = true;
}
}
if ($invalidrequest === true) {
$notice = "invalidrequest";
header("Location: search.php?notice={$notice}");
exit;
}
if (strlen($search) < "3" && $second != 'failed_scans') {
$notice = "shortsearch";
header("Location: search.php?notice={$notice}");
exit;
} elseif ($second == 'failed_scans' && !is_numeric($search)) {
$notice = "numericfailedscans";
header("Location: search.php?notice={$notice}");
exit;
}
// -----------------------------------------------Build our sort variable---------------------------------------------
if ($first == '0' || $first == '1') {
// block or subnet search
// use what they ask for or default to what they searched by
// $sort is what the URI uses, $order and $full_order go into the SQL query - $full_order includes ASC or DESC
if (!empty($_GET['sort']) && ($_GET['sort'] == 'network' || $_GET['sort'] == 'name')) {
$sort = $_GET['sort'];
} else {
$sort = $second;
}
$order = $sort;
if ($sort == 'network' || $sort == 'ip') {
$order = 'start_ip';
}
} else {
// IP blocks, statics, or logs (logs are always sorted by ID Desc. because they're logs and i'm lazy)
if (!empty($_GET['sort']) && ($_GET['sort'] == 'ip' || $_GET['sort'] == 'name' || $_GET['sort'] == 'contact' || $_GET['sort'] == 'failed_scans')) {
$sort = $_GET['sort'];
} else {
$sort = $second;
}
$order = $sort;
}
//-----------------------------------------------------------------------------------------------------------------------------
if (($first == '0' || $first == '1' || $first == '2') && $second == "ip") {
if (!strstr($search, '/')) {
$ip = $search;
$mask = '32';
} else {
list($ip, $mask) = explode('/', $search);
}
if (ip2decimal($ip) == FALSE) {
$notice = "invalidip";
header("Location: search.php?notice={$notice}");
exit;
}
$ip = long2ip(ip2decimal($ip));
if (!strstr($mask, '.') && ($mask <= '0' || $mask > '32')) {
$notice = "invalidmask";
header("Location: search.php?notice={$notice}");
exit;
} elseif (!strstr($mask, '.')) {
$bin = str_pad('', $mask, '1');
$bin = str_pad($bin, '32', '0');
$mask = bindec(substr($bin, 0, 8)) . "." . bindec(substr($bin, 8, 8)) . "." . bindec(substr($bin, 16, 8)) . "." . bindec(substr($bin, 24, 8));
$mask = long2ip(ip2decimal($mask));
} elseif (!validate_netmask($mask)) {
$notice = "invalidmask";
header("Location: search.php?notice={$notice}");
exit;
}
}
$long_ip = isset($ip) ? ip2decimal($ip) : '';
$long_mask = isset($mask) ? ip2decimal($mask) : '';
if ($when == "dates") {
$searchdescription = str_replace("%fromdate%", "{$fromdate}", $COLLATE['languages']['selected']['searchdatedesc']);
$searchdescription = str_replace("%todate%", "{$todate}", $searchdescription);
}
if ($first == "0") {
// Blocks search
$first = "blocks";
$First = "IP Blocks";
if ($second == 'ip') {
if ($mask == '255.255.255.255') {
# IP falls within block range
$sql = "SELECT id, name, start_ip, end_ip, note, type FROM blocks WHERE type='ipv4' AND\r\n\t CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) <= CAST('{$long_ip}' & 0xFFFFFFFF AS UNSIGNED) AND\r\n\t CAST(end_ip & 0xFFFFFFFF AS UNSIGNED) >= CAST('{$long_ip}' & 0xFFFFFFFF AS UNSIGNED)\r\n\t\t\t\tORDER BY `{$order}` ASC";
} else {
# block range falls within supernet given in search
$sql = "SELECT id, name, start_ip, end_ip, note, type FROM blocks WHERE type='ipv4' AND (\r\n\t\t CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) & CAST('{$long_mask}' & 0xFFFFFFFF AS UNSIGNED) = CAST('{$long_ip}' & 0xFFFFFFFF AS UNSIGNED) OR\r\n\t\t CAST(end_ip & 0xFFFFFFFF AS UNSIGNED) & CAST('{$long_mask}' & 0xFFFFFFFF AS UNSIGNED) = CAST('{$long_ip}' & 0xFFFFFFFF AS UNSIGNED))\r\n\t\t\t\tORDER BY `{$order}` ASC";
}
} else {
$sql = "SELECT id, name, start_ip, end_ip, note, type FROM blocks WHERE {$second} like '%{$search}%' ORDER BY `{$order}` ASC";
}
}
if ($first == "1") {
// Subnet search
$first = "subnets";
$First = "Subnets";
if ($when == "dates") {
if ($second == "ip") {
$sql = "SELECT id, name, start_ip, end_ip, mask, note, block_id FROM subnets WHERE \r\n\t\t ((CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) & CAST('{$long_mask}' & 0xFFFFFFFF AS UNSIGNED) = CAST('{$long_ip}' & 0xFFFFFFFF AS UNSIGNED)) OR\r\n\t\t (CAST('{$long_ip}' & 0xFFFFFFFF AS UNSIGNED) & CAST(mask & 0xFFFFFFFF AS UNSIGNED) = CAST(start_ip & 0xFFFFFFFF AS UNSIGNED))) AND\r\n modified_at > '{$fromdate} 00:00:00' AND modified_at < '{$todate} 23:59:59' ORDER BY `{$order}` ASC";
} else {
$sql = "SELECT id, name, start_ip, end_ip, mask, note, block_id FROM subnets WHERE {$second} LIKE '%{$search}%' AND\r\n modified_at > '{$fromdate} 00:00:00' AND modified_at < '{$todate} 23:59:59' ORDER BY `{$order}` ASC";
}
} else {
if ($second == "ip") {
$sql = "SELECT id, name, start_ip, end_ip, mask, note, block_id FROM subnets WHERE\r\n (CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) & CAST('{$long_mask}' & 0xFFFFFFFF AS UNSIGNED) = CAST('{$long_ip}' & 0xFFFFFFFF AS UNSIGNED)) OR\r\n (CAST('{$long_ip}' & 0xFFFFFFFF AS UNSIGNED) & CAST(mask & 0xFFFFFFFF AS UNSIGNED) = CAST(start_ip & 0xFFFFFFFF AS UNSIGNED))\r\n ORDER BY `{$order}` ASC";
} else {
$sql = "SELECT id, name, start_ip, end_ip, mask, note, block_id FROM subnets WHERE {$second} LIKE '%{$search}%' ORDER BY `{$order}` ASC";
}
}
} elseif ($first == "2") {
// Statics earch
$first = "static IPs";
if ($sort == 'failed_scans') {
$full_order = "`failed_scans` DESC";
} else {
$full_order = "`{$sort}` ASC";
}
if ($when == "dates") {
if ($second == "ip") {
$sql = "SELECT id, ip, name, contact, note, subnet_id, failed_scans FROM statics WHERE CAST(ip AS UNSIGNED) & CAST('{$long_mask}' AS UNSIGNED) = CAST('{$long_ip}' AS UNSIGNED) AND\r\n modified_at > '{$fromdate} 00:00:00' AND modified_at < '{$todate} 23:59:59' ORDER BY {$full_order}";
} elseif ($second == 'failed_scans') {
$sql = "SELECT id, ip, name, contact, note, subnet_id, failed_scans FROM statics WHERE \r\n (failed_scans >= '{$search}' OR failed_scans = '-1') AND modified_at > '{$fromdate} 00:00:00' \r\n AND modified_at < '{$todate} 23:59:59' ORDER BY {$full_order}";
} else {
$sql = "SELECT id, ip, name, contact, note, subnet_id, failed_scans FROM statics WHERE {$second} LIKE '%{$search}%' AND\r\n modified_at > '{$fromdate} 00:00:00' AND modified_at < '{$todate} 23:59:59' ORDER BY {$full_order}";
}
} else {
if ($second == "ip") {
$sql = "SELECT id, ip, name, contact, note, subnet_id, failed_scans FROM statics WHERE CAST(ip AS UNSIGNED) & CAST('{$long_mask}' AS UNSIGNED) = CAST('{$long_ip}' AS UNSIGNED) \r\n ORDER BY {$full_order}";
} elseif ($second == 'failed_scans') {
$sql = "SELECT id, ip, name, contact, note, subnet_id, failed_scans FROM statics WHERE (failed_scans >= '{$search}' \r\n OR failed_scans = '-1') ORDER BY {$full_order}";
} else {
$sql = "SELECT id, ip, name, contact, note, subnet_id, failed_scans FROM statics WHERE {$second} LIKE '%{$search}%' \r\n ORDER BY {$full_order}";
}
}
} elseif ($first == "3") {
// They're trying to search logs
$first = "logs";
$First = "Logs";
$Second = ucfirst($second);
if ($when == "dates") {
$sql = "SELECT occuredat, username, ipaddress, level, message FROM logs WHERE {$second} LIKE '%{$search}%' AND " . "occuredat>='{$fromdate} 00:00:00' AND occuredat<='{$todate} 23:59:59' ORDER BY `id` DESC";
} else {
$sql = "SELECT occuredat, username, ipaddress, level, message FROM logs WHERE {$second} LIKE '%{$search}%' ORDER BY `id` DESC";
}
}
if ($second == "username") {
$Second = "User";
}
$searchdescription = !isset($searchdescription) ? '' : $searchdescription;
$First = !isset($First) ? '' : $First;
$Second = !isset($Second) ? '' : $Second;
$resultarray = array("sql" => $sql, "searchdescription" => $searchdescription, "first" => $first, "First" => $First, "second" => $second, "Second" => $Second, "search" => $search, "when" => $when, "todate" => $todate, "fromdate" => $fromdate, "sort" => $sort);
return $resultarray;
}
function edit_ldap()
{
global $COLLATE;
$dbo = getdbo();
include 'include/validation_functions.php';
$id = isset($_GET['id']) && is_numeric($_GET['id']) ? $_GET['id'] : '';
$object = isset($_GET['object']) && ($_GET['object'] === 'domain' || $_GET['object'] === 'server') ? $_GET['object'] : '';
$value = isset($_POST['value']) ? $_POST['value'] : '';
if (empty($id) || empty($object) || empty($value)) {
header("HTTP/1.1 400 Bad Request");
echo "{$id}, {$object}, {$value}";
exit;
echo $COLLATE['languages']['selected']['invalidrequest'];
exit;
}
if ($object == 'server' && ip2decimal($value) === false) {
echo $COLLATE['languages']['selected']['invalidip'];
exit;
}
if ($object == 'domain') {
$return = validate_text($value, 'domain');
if ($return['0'] === false) {
header("HTTP/1.1 400 Bad Request");
echo $COLLATE['languages']['selected'][$return['error']];
exit;
}
}
$sql = "select count(*) from `ldap-servers` where id='{$id}'";
$result = $dbo->query($sql);
if ($result->fetchColumn() != '1') {
header("HTTP/1.1 400 Bad Request");
echo $COLLATE['languages']['selected']['invalidrequest'];
exit;
}
$sql = "update `ldap-servers` set {$object}='{$value}' where id='{$id}'";
$result = $dbo->query($sql);
echo $value;
collate_log('5', "Settings Updated: LDAP server entry modified");
exit;
}
function read_in_csv_row($row)
{
global $COLLATE;
global $dbo;
$recordtype = $row['0'];
$fieldcount = count($row);
$result = array();
/*
* Record format:
* block: (5 fields)
* 'block','$block_name','$start_ip','$end_ip','$block_note'
*
* subnet: (5 fields)
* 'subnet','$block_name','$subnet_name','$subnet','$subnet_note'
*
* acl: (4 fields)
* 'acl','$acl_name','$start_ip','$end_ip'
*
* static ip: (5 fields)
* 'static','$static_name','$ip_address','$static_contact','$static_note'
*/
if ($recordtype == 'block' && $fieldcount != '5' || $recordtype == 'subnet' && $fieldcount != '5' || $recordtype == 'acl' && $fieldcount != '4' || $recordtype == 'static' && $fieldcount != '5') {
$result['error'] = true;
$result['errormessage'] = 'badfieldcount';
return $result;
}
$last_modified_by = !isset($COLLATE['user']['username']) ? 'system' : $COLLATE['user']['username'];
if ($recordtype == 'block') {
$block_name = $row['1'];
$block_start_ip = $row['2'];
$block_end_ip = $row['3'];
$block_note = $row['4'];
$validate = validate_text($block_name, 'blockname');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$block_name = $validate['1'];
}
$query_result = $dbo->query("SELECT id from blocks where name='{$block_name}'");
if ($query_result->rowCount() != '0') {
$result['error'] = true;
$result['errormessage'] = 'duplicatename';
return $result;
}
if (preg_match('/^\\s*$/', $block_start_ip) && preg_match('/^\\s*$/', $block_end_ip)) {
// block with no associated IP information
$block_start_ip = '';
$block_long_start_ip = '';
$block_end_ip = '';
$block_long_end_ip = '';
} elseif (empty($block_end_ip) || ip2decimal($block_end_ip) === false) {
// subnet
$validate = validate_network($block_start_ip, 'block');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$block_start_ip = $validate['start_ip'];
$block_long_start_ip = $validate['long_start_ip'];
$block_end_ip = $validate['end_ip'];
$block_long_end_ip = $validate['long_end_ip'];
}
} else {
// range
$validate = validate_ip_range($block_start_ip, $block_end_ip, 'block');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$block_start_ip = $validate['start_ip'];
$block_long_start_ip = $validate['long_start_ip'];
$block_end_ip = $validate['end_ip'];
$block_long_end_ip = $validate['long_end_ip'];
}
}
$validate = validate_text($block_note, 'note');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$block_note = $validate['1'];
}
$row_result['error'] = false;
$row_result['sql'] = "INSERT INTO blocks (name, start_ip, end_ip, note, modified_by, modified_at) \r\n\t VALUES('{$block_name}', '{$block_long_start_ip}', '{$block_long_end_ip}', '{$block_note}', '{$last_modified_by}', now())";
return $row_result;
} elseif ($recordtype == 'subnet') {
$block_name = $row['1'];
$subnet_name = $row['2'];
$subnet = $row['3'];
$subnet_note = $row['4'];
$validate = validate_text($block_name, 'blockname');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$block_name = $validate['1'];
}
$query_result = $dbo->query("SELECT id from blocks where name='{$block_name}'");
if ($query_result->rowCount() != '1') {
$result['error'] = true;
$result['errormessage'] = 'blocknotfound';
return $result;
} else {
$block_id = $query_result->fetchColumn();
}
$validate = validate_text($subnet_name, 'subnetname');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$subnet_name = $validate['1'];
}
$validate = validate_network($subnet);
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$subnet_start_ip = $validate['start_ip'];
$subnet_long_start_ip = $validate['long_start_ip'];
$subnet_end_ip = $validate['end_ip'];
$subnet_long_end_ip = $validate['long_end_ip'];
$subnet_mask = $validate['mask'];
$subnet_long_mask = $validate['long_mask'];
}
$validate = validate_text($subnet_note, 'note');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$subnet_note = $validate['1'];
}
$return['error'] = false;
$return['sql'] = "INSERT INTO subnets (name, start_ip, end_ip, mask, note, block_id, modified_by, modified_at) \r\n VALUES('{$subnet_name}', '{$subnet_long_start_ip}', '{$subnet_long_end_ip}', '{$subnet_long_mask}', \r\n\t\t\t\t\t '{$subnet_note}', '{$block_id}', '{$last_modified_by}', now())";
return $return;
} elseif ($recordtype == 'acl') {
$acl_name = $row['1'];
$acl_start_ip = $row['2'];
$acl_end_ip = $row['3'];
$validate = validate_text($acl_name, 'blockname');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$acl_name = $validate['1'];
}
$validate = validate_ip_range($acl_start_ip, $acl_end_ip, 'acl', null);
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$subnet_id = $validate['subnet_id'];
$acl_start_ip = $validate['start_ip'];
$acl_long_start_ip = $validate['long_start_ip'];
$acl_end_ip = $validate['end_ip'];
$acl_long_end_ip = $validate['long_end_ip'];
}
$return['error'] = false;
$return['sql'] = "INSERT INTO acl (name, start_ip, end_ip, subnet_id) \r\n\t VALUES ('{$acl_name}', '{$acl_long_start_ip}', '{$acl_long_end_ip}', '{$subnet_id}')";
return $return;
} else {
// $recordtype == static
$static_name = $row['1'];
$static_ip = $row['2'];
$static_long_ip = ip2decimal($static_ip);
$static_contact = $row['3'];
$static_note = $row['4'];
$validate = validate_text($static_name, 'staticname');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$static_name = $validate['1'];
}
if ($static_long_ip === false) {
$result['error'] = true;
$result['errormessage'] = 'invalidip';
return $result;
}
$sql = "SELECT id from subnets where CAST('{$static_long_ip}' AS UNSIGNED) & CAST(mask AS UNSIGNED) = CAST(start_ip AS UNSIGNED)";
$subnet_result = $dbo->query($sql);
if ($subnet_result->rowCount() != '1') {
$result['error'] = true;
$result['errormessage'] = 'subnetnotfound';
return $result;
} else {
$subnet_id = $subnet_result->fetchColumn();
}
// Make sure the static IP isn't in use already or excluded from use via an ACL
$validate = validate_static_ip($static_ip);
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
}
$validate = validate_text($static_contact, 'contact');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$static_contact = $validate['1'];
}
$validate = validate_text($static_note, 'note');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$static_note = $validate['1'];
}
$return['error'] = false;
$return['sql'] = "INSERT INTO statics (ip, name, contact, note, subnet_id, modified_by, modified_at)\r\n VALUES('{$static_long_ip}', '{$static_name}', '{$static_contact}', '{$static_note}', \r\n\t\t\t\t\t '{$subnet_id}', '{$last_modified_by}', now())";
return $return;
}
// We should never get here
exit;
}