function submit_static()
{
global $COLLATE;
global $dbo;
include 'include/validation_functions.php';
$name = empty($_POST['name']) ? '' : clean($_POST['name']);
$ip_addr = empty($_POST['ip_addr']) ? '' : clean($_POST['ip_addr']);
$long_ip_addr = ip2decimal($ip_addr);
$note = empty($_POST['note']) ? '' : clean($_POST['note']);
$contact = empty($_POST['contact']) ? '' : clean($_POST['contact']);
$subnet_id = empty($_POST['subnet_id']) ? '' : clean($_POST['subnet_id']);
$username = !isset($COLLATE['user']['username']) ? 'system' : $COLLATE['user']['username'];
if (empty($name) || empty($ip_addr) || empty($contact) || empty($subnet_id)) {
$notice = "blankfield-notice";
header("Location: statics.php?op=add&subnet_id={$subnet_id}&name={$name}&ip_addr={$ip_addr}&contact={$contact}¬e={$note}¬ice={$notice}");
exit;
}
$validate_ip = validate_static_ip($ip_addr);
if ($validate_ip['0'] === false) {
$notice = $validate_ip['error'];
header("Location: statics.php?op=add&subnet_id={$subnet_id}&name={$name}&ip_addr={$ip_addr}&contact={$contact}¬e={$note}¬ice={$notice}");
exit;
} else {
$long_mask = $validate_ip['long_mask'];
$mask = long2ip($long_mask);
}
$sql = "INSERT INTO statics (ip, name, contact, note, subnet_id, modified_by, modified_at) \r\n VALUES('{$long_ip_addr}', '{$name}', '{$contact}', '{$note}', '{$subnet_id}', '{$username}', now())";
$accesslevel = "2";
$message = "Static IP Reserved: {$ip_addr} ({$name})";
AccessControl($accesslevel, $message);
// No need to generate logs if nothing is happening. Here, we know data is about to be written to the db.
$dbo->query($sql);
// Everything looks good so here's a success page with all of the information.
require_once './include/header.php';
$sql = "SELECT ip FROM statics WHERE subnet_id = '{$subnet_id}' AND note = 'Default Gateway'";
$result = $dbo->query($sql);
if ($result->rowCount() == '1') {
$long_gateway = $result->fetchColumn();
$gateway = long2ip($long_gateway);
$error = '';
#none
} else {
$gateway = "*";
$error = "<p><b>*</b>" . $COLLATE['languages']['selected']['nogateway'] . "</p><br />";
}
echo "<h1>" . $COLLATE['languages']['selected']['IPReserved'] . "</h1><br />\n" . "<p><b>" . $COLLATE['languages']['selected']['Name'] . ":</b> {$name}</p>\n" . "<p><b>" . $COLLATE['languages']['selected']['IPAddress'] . ":</b> {$ip_addr}</p>\n" . "<p><b>" . $COLLATE['languages']['selected']['SubnetMask'] . ":</b> {$mask}</p>\n" . "<p><b>" . $COLLATE['languages']['selected']['Gateway'] . ":</b> {$gateway}</p>\n" . "<p><b>" . $COLLATE['languages']['selected']['DNSServers'] . ":</b> " . $COLLATE['settings']['dns'] . "</p><br />\n" . "{$error}" . "<br />\n" . "<p><b><a href=\"statics.php?subnet_id={$subnet_id}\">" . $COLLATE['languages']['selected']['continuetostatics'] . "</a></b></p>\n";
}
function submit_subnet()
{
global $dbo;
include 'include/validation_functions.php';
$block_id = isset($_POST['block_id']) && is_numeric($_POST['block_id']) ? $_POST['block_id'] : '';
$name = isset($_POST['name']) ? $_POST['name'] : '';
$ip = isset($_POST['ip']) ? $_POST['ip'] : '';
$gateway = isset($_POST['gateway']) ? $_POST['gateway'] : '';
$acl_name = isset($_POST['acl_name']) ? $_POST['acl_name'] : '';
$acl_start = isset($_POST['acl_start']) ? $_POST['acl_start'] : '';
$acl_end = isset($_POST['acl_end']) ? $_POST['acl_end'] : '';
$note = isset($_POST['note']) ? $_POST['note'] : '';
$guidance = isset($_POST['guidance']) ? $_POST['guidance'] : '';
if (empty($block_id)) {
$notice = 'invalidrequest';
header("Location: blocks.php?notice={$notice}");
exit;
}
if (empty($name) || empty($ip)) {
$notice = "blankfield-notice";
$guidance = urlencode($guidance);
header("Location: subnets.php?op=add&block_id={$block_id}&name={$name}&ip={$ip}&gateway={$gateway}&acl_start={$acl_start}&acl_end={$acl_end}¬e={$note}&guidance={$guidance}¬ice={$notice}");
exit;
}
$result = validate_text($name, 'subnetname');
if ($result['0'] === false) {
$notice = $result['error'];
$guidance = urlencode($guidance);
header("Location: subnets.php?op=add&block_id={$block_id}&name={$name}&ip={$ip}&gateway={$gateway}&acl_start={$acl_start}&acl_end={$acl_end}¬e={$note}&guidance={$guidance}¬ice={$notice}");
exit;
} else {
$name = $result['1'];
}
$result = validate_network($ip);
if ($result['0'] === false) {
$notice = $result['error'];
$guidance = urlencode($guidance);
header("Location: subnets.php?op=add&block_id={$block_id}&name={$name}&ip={$ip}&gateway={$gateway}&acl_start={$acl_start}&acl_end={$acl_end}¬e={$note}&guidance={$guidance}¬ice={$notice}");
exit;
} else {
$start_ip = $result['start_ip'];
$end_ip = $result['end_ip'];
$mask = $result['mask'];
$long_start_ip = $result['long_start_ip'];
$long_end_ip = $result['long_end_ip'];
$long_mask = $result['long_mask'];
}
$dbo->beginTransaction();
$username = !isset($COLLATE['user']['username']) ? 'system' : $COLLATE['user']['username'];
$sql = "INSERT INTO subnets (name, start_ip, end_ip, mask, note, block_id, modified_by, modified_at, guidance) \r\n VALUES('{$name}', '{$long_start_ip}', '{$long_end_ip}', '{$long_mask}', '{$note}', '{$block_id}', '{$username}', now(), '{$guidance}')";
$dbo->query($sql);
$subnet_id = $dbo->lastInsertId();
if (!empty($acl_start) && !empty($acl_end)) {
$result = validate_ip_range($acl_start, $acl_end, 'acl');
if ($result['0'] === false) {
$dbo->rollBack();
$notice = $result['error'];
$guidance = urlencode($guidance);
header("Location: subnets.php?op=add&block_id={$block_id}&name={$name}&ip={$ip}&gateway={$gateway}&acl_start={$acl_start}&acl_end={$acl_end}¬e={$note}&guidance={$guidance}¬ice={$notice}");
exit;
} else {
$long_acl_start = $result['long_start_ip'];
$long_acl_end = $result['long_end_ip'];
}
// Add an ACL for the acl range so users don't assign a static IP inside a acl scope.
$sql = "INSERT INTO acl (name, start_ip, end_ip, subnet_id) VALUES('{$acl_name}', '{$long_acl_start}', '{$long_acl_end}', '{$subnet_id}')";
$dbo->query($sql);
}
// Add static IP for the Default Gateway
if (!empty($gateway)) {
$long_gateway = ip2decimal($gateway);
$subnet_test = $long_gateway & $long_mask;
if ($subnet_test !== $long_start_ip) {
$dbo->rollBack();
$notice = 'invalidip';
$guidance = urlencode($guidance);
header("Location: subnets.php?op=add&block_id={$block_id}&name={$name}&ip={$ip}&gateway={$gateway}&acl_start={$acl_start}&acl_end={$acl_end}¬e={$note}&guidance={$guidance}¬ice={$notice}");
exit;
}
$validate_gateway = validate_static_ip($gateway);
if ($validate_gateway['0'] === false) {
$dbo->rollBack();
$notice = $validate_gateway['error'];
$guidance = urlencode($guidance);
header("Location: subnets.php?op=add&block_id={$block_id}&name={$name}&ip={$ip}&gateway={$gateway}&acl_start={$acl_start}&acl_end={$acl_end}¬e={$note}&guidance={$guidance}¬ice={$notice}");
exit;
}
$sql = "INSERT INTO statics (ip, name, contact, note, subnet_id, modified_by, modified_at) \r\n VALUES('{$long_gateway}', 'Gateway', 'Network Admin', 'Default Gateway', '{$subnet_id}', '{$username}', now())";
$dbo->query($sql);
}
$dbo->commit();
$cidr = subnet2cidr($long_start_ip, $long_mask);
$accesslevel = "3";
$message = "Subnet {$name} ({$cidr}) has been created";
AccessControl($accesslevel, $message);
// No need to generate logs when nothing is really happening. This
// goes down here where we know stuff has actually been written. Access
// Control actually happened before submit_subnet() was called.
$notice = "subnetadded-notice";
header("Location: subnets.php?block_id={$block_id}¬ice={$notice}");
exit;
}
function read_in_csv_row($row)
{
global $COLLATE;
global $dbo;
$recordtype = $row['0'];
$fieldcount = count($row);
$result = array();
/*
* Record format:
* block: (5 fields)
* 'block','$block_name','$start_ip','$end_ip','$block_note'
*
* subnet: (5 fields)
* 'subnet','$block_name','$subnet_name','$subnet','$subnet_note'
*
* acl: (4 fields)
* 'acl','$acl_name','$start_ip','$end_ip'
*
* static ip: (5 fields)
* 'static','$static_name','$ip_address','$static_contact','$static_note'
*/
if ($recordtype == 'block' && $fieldcount != '5' || $recordtype == 'subnet' && $fieldcount != '5' || $recordtype == 'acl' && $fieldcount != '4' || $recordtype == 'static' && $fieldcount != '5') {
$result['error'] = true;
$result['errormessage'] = 'badfieldcount';
return $result;
}
$last_modified_by = !isset($COLLATE['user']['username']) ? 'system' : $COLLATE['user']['username'];
if ($recordtype == 'block') {
$block_name = $row['1'];
$block_start_ip = $row['2'];
$block_end_ip = $row['3'];
$block_note = $row['4'];
$validate = validate_text($block_name, 'blockname');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$block_name = $validate['1'];
}
$query_result = $dbo->query("SELECT id from blocks where name='{$block_name}'");
if ($query_result->rowCount() != '0') {
$result['error'] = true;
$result['errormessage'] = 'duplicatename';
return $result;
}
if (preg_match('/^\\s*$/', $block_start_ip) && preg_match('/^\\s*$/', $block_end_ip)) {
// block with no associated IP information
$block_start_ip = '';
$block_long_start_ip = '';
$block_end_ip = '';
$block_long_end_ip = '';
} elseif (empty($block_end_ip) || ip2decimal($block_end_ip) === false) {
// subnet
$validate = validate_network($block_start_ip, 'block');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$block_start_ip = $validate['start_ip'];
$block_long_start_ip = $validate['long_start_ip'];
$block_end_ip = $validate['end_ip'];
$block_long_end_ip = $validate['long_end_ip'];
}
} else {
// range
$validate = validate_ip_range($block_start_ip, $block_end_ip, 'block');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$block_start_ip = $validate['start_ip'];
$block_long_start_ip = $validate['long_start_ip'];
$block_end_ip = $validate['end_ip'];
$block_long_end_ip = $validate['long_end_ip'];
}
}
$validate = validate_text($block_note, 'note');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$block_note = $validate['1'];
}
$row_result['error'] = false;
$row_result['sql'] = "INSERT INTO blocks (name, start_ip, end_ip, note, modified_by, modified_at) \r\n\t VALUES('{$block_name}', '{$block_long_start_ip}', '{$block_long_end_ip}', '{$block_note}', '{$last_modified_by}', now())";
return $row_result;
} elseif ($recordtype == 'subnet') {
$block_name = $row['1'];
$subnet_name = $row['2'];
$subnet = $row['3'];
$subnet_note = $row['4'];
$validate = validate_text($block_name, 'blockname');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$block_name = $validate['1'];
}
$query_result = $dbo->query("SELECT id from blocks where name='{$block_name}'");
if ($query_result->rowCount() != '1') {
$result['error'] = true;
$result['errormessage'] = 'blocknotfound';
return $result;
} else {
$block_id = $query_result->fetchColumn();
}
$validate = validate_text($subnet_name, 'subnetname');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$subnet_name = $validate['1'];
}
$validate = validate_network($subnet);
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$subnet_start_ip = $validate['start_ip'];
$subnet_long_start_ip = $validate['long_start_ip'];
$subnet_end_ip = $validate['end_ip'];
$subnet_long_end_ip = $validate['long_end_ip'];
$subnet_mask = $validate['mask'];
$subnet_long_mask = $validate['long_mask'];
}
$validate = validate_text($subnet_note, 'note');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$subnet_note = $validate['1'];
}
$return['error'] = false;
$return['sql'] = "INSERT INTO subnets (name, start_ip, end_ip, mask, note, block_id, modified_by, modified_at) \r\n VALUES('{$subnet_name}', '{$subnet_long_start_ip}', '{$subnet_long_end_ip}', '{$subnet_long_mask}', \r\n\t\t\t\t\t '{$subnet_note}', '{$block_id}', '{$last_modified_by}', now())";
return $return;
} elseif ($recordtype == 'acl') {
$acl_name = $row['1'];
$acl_start_ip = $row['2'];
$acl_end_ip = $row['3'];
$validate = validate_text($acl_name, 'blockname');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$acl_name = $validate['1'];
}
$validate = validate_ip_range($acl_start_ip, $acl_end_ip, 'acl', null);
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$subnet_id = $validate['subnet_id'];
$acl_start_ip = $validate['start_ip'];
$acl_long_start_ip = $validate['long_start_ip'];
$acl_end_ip = $validate['end_ip'];
$acl_long_end_ip = $validate['long_end_ip'];
}
$return['error'] = false;
$return['sql'] = "INSERT INTO acl (name, start_ip, end_ip, subnet_id) \r\n\t VALUES ('{$acl_name}', '{$acl_long_start_ip}', '{$acl_long_end_ip}', '{$subnet_id}')";
return $return;
} else {
// $recordtype == static
$static_name = $row['1'];
$static_ip = $row['2'];
$static_long_ip = ip2decimal($static_ip);
$static_contact = $row['3'];
$static_note = $row['4'];
$validate = validate_text($static_name, 'staticname');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$static_name = $validate['1'];
}
if ($static_long_ip === false) {
$result['error'] = true;
$result['errormessage'] = 'invalidip';
return $result;
}
$sql = "SELECT id from subnets where CAST('{$static_long_ip}' AS UNSIGNED) & CAST(mask AS UNSIGNED) = CAST(start_ip AS UNSIGNED)";
$subnet_result = $dbo->query($sql);
if ($subnet_result->rowCount() != '1') {
$result['error'] = true;
$result['errormessage'] = 'subnetnotfound';
return $result;
} else {
$subnet_id = $subnet_result->fetchColumn();
}
// Make sure the static IP isn't in use already or excluded from use via an ACL
$validate = validate_static_ip($static_ip);
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
}
$validate = validate_text($static_contact, 'contact');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$static_contact = $validate['1'];
}
$validate = validate_text($static_note, 'note');
if ($validate['0'] === false) {
$result['error'] = true;
$result['errormessage'] = $validate['error'];
return $result;
} else {
$static_note = $validate['1'];
}
$return['error'] = false;
$return['sql'] = "INSERT INTO statics (ip, name, contact, note, subnet_id, modified_by, modified_at)\r\n VALUES('{$static_long_ip}', '{$static_name}', '{$static_contact}', '{$static_note}', \r\n\t\t\t\t\t '{$subnet_id}', '{$last_modified_by}', now())";
return $return;
}
// We should never get here
exit;
}
