CIDR PHP Exemples de code

Exemple #1

0

Afficher le fichier

Fichier : functions.php Projet : jhbsz/ossimTest

function build_query($sql, $value, $match = "", $match_type = "")
{
    if ($match == "" && ($match_type == "text" || $match_type == "ip")) {
        $match = "LIKE";
    }
    // LIKE as default
    if ($match == "eq" || $match == "") {
        $match = "=";
    }
    if ($match == "LIKE" && $match_type != "network") {
        $value = "%" . $value . "%";
    }
    if ($match_type == "network") {
        $ip_range = CIDR::expand_CIDR($value, "SHORT", "IP");
        $value = "INET_ATON('" . $ip_range[0] . "') AND INET_ATON('" . $ip_range[1] . "')";
        $sql = str_replace("?", $value, $sql);
        // ? replace breaks in library, do it here
    }
    // Date
    if (preg_match("/(\\d\\d)\\/(\\d\\d)\\/(\\d\\d\\d\\d)/", $value)) {
        $value = preg_replace("/(\\d\\d)\\/(\\d\\d)\\/(\\d\\d\\d\\d)/", "\\3-\\1-\\2", $value);
    }
    $sql = str_replace("%op%", $match, $sql);
    if ($sql != "") {
        $count = substr_count($sql, "?", 0, strlen($sql));
    }
    $params = array();
    for ($i = 0; $i < $count; $i++) {
        $params[] = $value;
    }
    return array($sql, $params);
}

Exemple #2

0

Afficher le fichier

Fichier : twofactor_gauthenticator.php Projet : alexandregz/twofactor_gauthenticator

 function check_2FAlogin($p)
 {
     $rcmail = rcmail::get_instance();
     $config_2FA = self::__get2FAconfig();
     if ($config_2FA['activate']) {
         // with IP allowed, we don't need to check anything
         if ($rcmail->config->get('whitelist')) {
             foreach ($rcmail->config->get('whitelist') as $ip_to_check) {
                 if (CIDR::match($_SERVER['REMOTE_ADDR'], $ip_to_check)) {
                     if ($rcmail->task === 'login') {
                         $this->__goingRoundcubeTask('mail');
                     }
                     return $p;
                 }
             }
         }
         $code = rcube_utils::get_input_value('_code_2FA', RCUBE_INPUT_POST);
         $remember = rcube_utils::get_input_value('_remember_2FA', RCUBE_INPUT_POST);
         if ($code) {
             if (self::__checkCode($code) || self::__isRecoveryCode($code)) {
                 if (self::__isRecoveryCode($code)) {
                     self::__consumeRecoveryCode($code);
                 }
                 if (rcube_utils::get_input_value('_remember_2FA', RCUBE_INPUT_POST) === 'yes') {
                     $this->__cookie($set = true);
                 }
                 $this->__goingRoundcubeTask('mail');
             } else {
                 if ($this->_enable_logs) {
                     $this->__logError();
                 }
                 $this->__exitSession();
             }
         } elseif ($rcmail->task !== 'login' && !$_SESSION['twofactor_gauthenticator_2FA_login'] >= $_SESSION['twofactor_gauthenticator_2FA_login']) {
             $this->__exitSession();
         }
     } elseif ($rcmail->config->get('force_enrollment_users') && ($rcmail->task !== 'settings' || $rcmail->action !== 'plugin.twofactor_gauthenticator')) {
         if ($rcmail->task !== 'login') {
             $this->__goingRoundcubeTask('settings', 'plugin.twofactor_gauthenticator');
         }
     }
     return $p;
 }

Exemple #3

0

Afficher le fichier

Fichier : gethost.php Projet : jhbsz/ossimTest

// Numeric ORDER for IP
if (!empty($order)) {
    $order .= POST('sortorder') == "asc" ? "" : " desc";
}
$search = GET('query');
if (empty($search)) {
    $search = POST('query');
}
$field = POST('qtype');
$page = !empty($_POST['page']) ? POST('page') : 1;
$rp = !empty($_POST['rp']) ? POST('rp') : 20;
$lsearch = $search;
if (!empty($search)) {
    // The CIDR validation is not working...
    if (preg_match("/^\\s*([0-9]{1,3}\\.){3}[0-9]{1,3}\\/(3[0-2]|[1-2][0-9]|[0-9])\\s*\$/", $search)) {
        $ip_range = CIDR::expand_CIDR($search, "SHORT", "IP");
        ossim_valid($ip_range[0], OSS_IP_ADDR, 'illegal:' . _("search cidr"));
        ossim_valid($ip_range[1], OSS_IP_ADDR, 'illegal:' . _("search cidr"));
    } else {
        if (preg_match("/^\\s*([0-9]{1,3}\\.){3}[0-9]{1,3}\\s*\$/", $search)) {
            $by_ip = true;
        } else {
            ossim_valid($search, OSS_NULLABLE, OSS_SPACE, OSS_SCORE, OSS_ALPHA, OSS_DOT, OSS_DIGIT, 'illegal:' . _("search"));
        }
    }
}
ossim_valid($page, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("page"));
ossim_valid($rp, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("rp"));
ossim_valid($field, OSS_ALPHA, OSS_SPACE, OSS_PUNC, OSS_NULLABLE, 'illegal:' . _("field"));
ossim_valid($order, "()", OSS_NULLABLE, OSS_SPACE, OSS_SCORE, OSS_ALPHA, OSS_DIGIT, 'illegal:' . _("order"));
if (ossim_error()) {

Exemple #4

0

Afficher le fichier

Fichier : draw_tree.php Projet : jhbsz/ossimTest

     echo $buffer;
 } else {
     if (preg_match("/^.class_(.*)/", $key, $found)) {
         $buffer = Net::draw_nets_by_class($conn, $key, $filter, $length_name, 1);
         echo $buffer;
     } else {
         if (preg_match("/net_(.*)/", $key, $found)) {
             $hostin = array();
             $length_hn = $length_name + 5;
             if ($net_list1 = Net::get_list($conn, "name='" . base64_decode($found[1]) . "'")) {
                 require_once "classes/CIDR.inc";
                 foreach ($net_list1 as $net) {
                     $net_name = $net->get_name();
                     $nets_ips = explode(",", $net->get_ips());
                     foreach ($nets_ips as $net_ips) {
                         $net_range = CIDR::expand_CIDR($net_ips, "SHORT", "IP");
                         $host_list_aux = Host::get_list($conn, "WHERE inet_aton(ip)>=inet_aton('" . $net_range[0] . "') && inet_aton(ip)<=inet_aton('" . $net_range[1] . "')", "ORDER BY ip");
                         foreach ($host_list_aux as $h) {
                             $hostin[$h->get_ip()] = $h->get_hostname();
                         }
                     }
                 }
             }
             $k = 0;
             $net_name = base64_decode($found[1]);
             $ips_data = $net_list1[0]->get_ips();
             $ips = "<font style=\"font-size:80%\">(" . $ips_data . ")</font>";
             $tooltip = "!" . $ips_data . " (" . $net_name . ")";
             $buffer .= "[";
             if ($page == 1) {
                 $title = "<span style=\"color: #B3B5DD;\">!" . $ips_data . " <font style=\"font-weight:normal;font-size:80%\">(" . $net_name . ")</font></span>";

Exemple #5

0

Afficher le fichier

Fichier : get_host.php Projet : AntBean/alienvault-ossim

$db = new ossim_db(TRUE);
$conn = $db->connect();
$order = 'host.hostname';
$maxrows = $maxrows > 50 ? 50 : $maxrows;
$torder = $torder == 1 ? 'ASC' : 'DESC';
$to = $maxrows;
$user = Session::get_session_user();
$filters = array();
$tables = '';
$filters['order_by'] = $order . ' ' . $torder;
$filters['limit'] = $from . ', ' . $to;
if ($search != '') {
    if (is_ip($search) || is_cidr($search)) {
        $cidr = preg_match('/\\/[0-9]+/', $search) ? $search : $search . '/32';
        //If it is an ip, we add '/32'
        list($from, $to) = CIDR::expand_CIDR($cidr, 'SHORT', 'IP');
        $tables = ', host_ip hi ';
        $filters['where'] = "host.id=hi.host_id AND hi.ip BETWEEN INET6_PTON('{$from}') AND INET6_PTON('{$to}') ";
    } else {
        $search = utf8_decode($search);
        $search = escape_sql($search, $conn);
        $filters['where'] = 'host.hostname LIKE "%' . $search . '%"';
    }
}
try {
    list($assets, $total) = Asset_host::get_list($conn, $tables, $filters, TRUE);
} catch (Exception $e) {
    $assets = array();
    $total = 0;
}
$results = array();

Exemple #6

0

Afficher le fichier

Fichier : CIDRTest.php Projet : alexkuk/ipv6calc

 public function testSubnetHostsRange()
 {
     $cidr = new CIDR('2001:db8:85a3:8d3::7334/6');
     $this->assertEquals(array('2000:0000:0000:0000:0000:0000:0000:0000', '23ff:ffff:ffff:ffff:ffff:ffff:ffff:ffff'), $cidr->getSubnetHostsRange());
     $cidr = new CIDR('2d81:db8:85a3:8d3::7334/7');
     $this->assertEquals(array('2c00:0000:0000:0000:0000:0000:0000:0000', '2dff:ffff:ffff:ffff:ffff:ffff:ffff:ffff'), $cidr->getSubnetHostsRange());
     $cidr = new CIDR('2d81:db8:85a3:8d3::7334/19');
     $this->assertEquals(array('2d81:0000:0000:0000:0000:0000:0000:0000', '2d81:1fff:ffff:ffff:ffff:ffff:ffff:ffff'), $cidr->getSubnetHostsRange());
     $cidr = new CIDR('2d81:db8:85a3:8d3::7334/32');
     $this->assertEquals(array('2d81:0db8:0000:0000:0000:0000:0000:0000', '2d81:0db8:ffff:ffff:ffff:ffff:ffff:ffff'), $cidr->getSubnetHostsRange());
     $cidr = new CIDR('2d81:db8:85a3:8d3::7334/0');
     $this->assertEquals(array('0000:0000:0000:0000:0000:0000:0000:0000', 'ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff'), $cidr->getSubnetHostsRange());
     $cidr = new CIDR('2d81:db8:85a3:8d3::7334/128');
     $this->assertEquals(array('2d81:0db8:85a3:08d3:0000:0000:0000:7334', '2d81:0db8:85a3:08d3:0000:0000:0000:7334'), $cidr->getSubnetHostsRange());
 }

Exemple #7

0

Afficher le fichier

Fichier : host_report.php Projet : jhbsz/ossimTest

        }
    }
    if ($sensor_str == "") {
        $sensor_str = "0";
    }
    $sensor_where = " AND sid in (" . $sensor_str . ")";
}
$hostname = Host::ip2hostname($conn_ossim, $host);
if ($hostname != $host) {
    $title = $hostname . "({$host})";
} else {
    $title = $host;
}
$_SESSION['host_report'] = $host;
if (preg_match("/\\/\\d+/", $host)) {
    $exp = CIDR::expand_CIDR($host, "SHORT", "IP");
    $src_s_range = $exp[0];
    $src_e_range = end($exp);
    $ip_where = "ip_src>=INET_ATON('{$src_s_range}') AND ip_src<=INET_ATON('{$src_e_range}') and";
} elseif ($host == 'any') {
    $ip_where = "";
} else {
    $ip_where = "ip_src=INET_ATON('{$host}') and";
}
$time_week = strftime("%Y-%m-%d", time() - 24 * 60 * 60 * 7);
$query = "select count(*) as howmany,plugin_id from acid_event force index(ip_src) where {$ip_where} timestamp>='{$time_week}'{$sensor_where} group by plugin_id order by howmany desc limit 10;";
if (!($rs =& $conn->Execute($query))) {
    print $conn->ErrorMsg();
    exit;
}
$values = array();

Exemple #8

0

Afficher le fichier

Fichier : index.php Projet : jhbsz/ossimTest

function list_results($type, $value, $sortby, $sortdir)
{
    global $scanstate, $isReportAdmin, $allres, $offset, $pageSize, $username, $uroles, $dbconn, $hosts;
    global $user, $arruser, $delete_selected;
    $filteredView = FALSE;
    $selRadio = array("", "", "", "");
    $query_onlyuser = "";
    $url_filter = "";
    //if (!$isReportAdmin || (!$allres)) { $query_onlyuser="******"; }
    if (!in_array("admin", $arruser)) {
        $query_onlyuser = "******";
    }
    //echo $query_onlyuser;
    //if ($sortby == "" ) { $sortby = "scantime"; }
    //if ($sortdir == "" ) { $sortdir = "DESC"; }
    $sortby = "t1.results_sent DESC, t1.name DESC";
    //$sortdir = "DESC";
    $sortdir = "";
    $queryw = "";
    $queryl = "";
    //$querys="SELECT distinct t1.report_id, t1.name as jobname, t4.meth_target, t1.scantime,
    //   t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t3.name as profile, t4.id as jobid, t4.meth_SCHED,
    //   t5.vSerious, t5.vHigh, t5.vMed, t5.vLow, t5.vInfo
    //      FROM vuln_nessus_latest_reports t1
    //   LEFT JOIN vuln_nessus_settings t3 ON t1.sid=t3.id
    //   LEFT JOIN vuln_jobs t4 on t1.report_id = t4.report_id
    //   LEFT JOIN vuln_nessus_report_stats t5 on t1.report_id = t5.report_id
    //      WHERE t1.deleted = '0' ";
    //  $querys="SELECT distinct t1.report_id, t4.name as jobname, t4.scan_submit, t4.meth_target, t1.scantime,
    // t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t3.name as profile, t4.id as jobid, t4.meth_SCHED,
    // t5.vSerious, t5.vHigh, t5.vMed, t5.vLow, t5.vInfo
    // FROM vuln_nessus_latest_reports t1
    // LEFT JOIN vuln_nessus_settings t3 ON t1.sid=t3.id
    // LEFT JOIN vuln_jobs t4 on t1.report_id = t4.report_id
    // LEFT JOIN vuln_nessus_report_stats t5 on t1.report_id = t5.report_id
    // WHERE t1.deleted = '0' ";
    /*$querys="SELECT distinct t1.report_id, t1.scantime,
      t1.username, t1.scantype, t1.report_key, t1.report_type as report_type,
      t3.name as profile, '0' as vSerious, '0' as High, '0' as vMed, '0' as vLow, '0' as vInfo
      FROM vuln_nessus_latest_reports t1
      LEFT JOIN vuln_nessus_settings t3 ON t1.sid=t3.id
      WHERE t1.deleted = '0' ";*/
    $querys = "SELECT distinct t1.report_id, t4.hostname as host_name, t1.scantime,\n     t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t1.sid,\n     t3.name as profile\n     FROM vuln_nessus_latest_reports t1\n     LEFT JOIN vuln_nessus_settings t3 ON t1.sid=t3.id\n     LEFT JOIN host t4 ON t4.ip=inet_ntoa(t1.report_id)\n     LEFT JOIN vuln_nessus_latest_results t5 ON t1.report_id=t5.report_id \n     WHERE t1.deleted = '0' ";
    // set up the SQL query based on the search form input (if any)
    if ($type == "scantime" && $value != "") {
        $selRadio[0] = "CHECKED";
        $q = $value;
        $queryw = " AND t1.scantime LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
        $queryl = " limit {$offset},{$pageSize}";
        $stext = "<b>" . _("Search for Date/Time") . "</b> = '*{$q}*'";
        $url_filter = "&type={$type}&value={$value}";
    } else {
        if ($type == "service" && $value != "") {
            $selRadio[5] = "CHECKED";
            $q = $value;
            $queryw = " AND t5.service LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
            $queryl = " limit {$offset},{$pageSize}";
            $stext = "<b>" . _("Search for Service") . "</b> = '*" . html_entity_decode($q) . "*'";
            $url_filter = "&type={$type}&value={$value}";
        } else {
            if ($type == "freetext" && $value != "") {
                $selRadio[6] = "CHECKED";
                $q = $value;
                $queryw = " AND t5.msg LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
                $queryl = " limit {$offset},{$pageSize}";
                $stext = "<b>" . _("Search for Free Text") . "</b> = '*" . html_entity_decode($q) . "*'";
                $url_filter = "&type={$type}&value={$value}";
            } else {
                if ($type == "hostip" && $value != "") {
                    $selRadio[1] = "CHECKED";
                    $q = strtolower($value);
                    $queryw = " AND (t4.hostname LIKE '%{$q}%' OR inet_ntoa(t1.report_id) LIKE '%{$q}%') {$query_onlyuser} order by {$sortby} {$sortdir}";
                    $queryl = " limit {$offset},{$pageSize}";
                    $stext = "<b>" . _("Search for Host-IP") . "</b> = '*{$q}*'";
                    $url_filter = "&type={$type}&value={$value}";
                } else {
                    if ($type == "fk_name" && $value != "") {
                        $selRadio[2] = "CHECKED";
                        $q = strtolower($value);
                        $queryw = " AND t1.fk_name LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
                        $queryl = " limit {$offset},{$pageSize}";
                        $stext = _("Search for Subnet/CIDR") . " = '*{$q}*'";
                        $url_filter = "&type={$type}&value={$value}";
                    } else {
                        if ($type == "username" && $value != "") {
                            $selRadio[3] = "CHECKED";
                            $q = strtolower($value);
                            $queryw = " AND t1.username LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
                            $queryl = " limit {$offset},{$pageSize}";
                            $stext = "<b>" . _("Search for user") . "</b> = '*{$q}*'";
                            $url_filter = "&type={$type}&value={$value}";
                        } else {
                            if ($type == "hn" && $value != "") {
                                $selRadio[4] = "CHECKED";
                                if (preg_match("/\\//", $value)) {
                                    /*$tokens = explode("/", $value);
                                              $bytes = explode(".",$tokens[0]);
                                    
                                              if($tokens[1]=="24")
                                                    $q = $bytes[0].".".$bytes[1].".".$bytes[2].".";
                                              else if ($tokens[1]=="16")
                                                    $q = $bytes[0].".".$bytes[1].".";
                                              else if ($tokens[1]=="8")
                                                    $q = $bytes[0].".";
                                              else if ((int)$tokens[1]>24)
                                                    $q = $bytes[0].".".$bytes[1].".".$bytes[2].".".$bytes[3];
                                              //
                                              */
                                    $ip_range = array();
                                    $ip_range = CIDR::expand_CIDR($value, "SHORT");
                                    $queryw = " AND (inet_aton(t1.name) >= '" . $ip_range[0] . "' AND inet_aton(t1.name) <='" . $ip_range[1] . "') {$query_onlyuser} order by {$sortby} {$sortdir}";
                                } elseif (preg_match("/\\,/", $value)) {
                                    $q = implode("','", explode(",", $value));
                                    $queryw = " AND t1.name in ('{$q}') {$query_onlyuser} order by {$sortby} {$sortdir}";
                                    $q = "Others";
                                } else {
                                    $q = $value;
                                    $queryw = " AND t1.name LIKE '{$q}' {$query_onlyuser} order by {$sortby} {$sortdir}";
                                }
                                $queryl = " limit {$offset},{$pageSize}";
                                if (!preg_match("/\\//", $value)) {
                                    $stext = "<b>" . _("Search for Host") . "</b> = '" . html_entity_decode($q) . "'";
                                } else {
                                    $stext = "<b>" . _("Search for Subnet/CIDR") . "</b> = '{$value}'";
                                }
                                $url_filter = "&type={$type}&value={$value}";
                            } else {
                                $selRadio[4] = "CHECKED";
                                $viewAll = FALSE;
                                $queryw = "{$query_onlyuser} order by {$sortby} {$sortdir}";
                                $queryl = " limit {$offset},{$pageSize}";
                                $stext = "";
                            }
                        }
                    }
                }
            }
        }
    }
    // put link to add new host
    //   if ($isReportAdmin) {
    //      $url_allres="&allres=";
    //      if ($allres=="" || !is_numeric($allres) || (!$allres)) {
    //         $allres=0;
    //         echo "<a href='results.php?offset=0".$url_allres."1'>Show all results</a><br>";
    //      } else {
    //         $allres=1;
    //         echo "<a href='results.php?offset=0".$url_allres."0'>Display only my Results</a><br>";
    //      }
    //      $url_allres .="$allres";
    //   }
    // echo the search criteria used
    // set up the pager and search fields if viewing all hosts
    $reportCount = 0;
    if (!$filteredView) {
        //$queryc = "SELECT count(report_id) FROM vuln_nessus_latest_reports t1 WHERE 1=1 ";
        $queryc = "SELECT SQL_CALC_FOUND_ROWS distinct t1.report_id, t4.hostname as host_name, t1.scantime,\n                t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t1.sid,\n                t3.name as profile\n                FROM vuln_nessus_latest_reports t1\n                LEFT JOIN vuln_nessus_settings t3 ON t1.sid=t3.id\n                LEFT JOIN host t4 ON t4.ip=inet_ntoa(t1.report_id)" . ($type == "service" || $type == "freetext" ? " LEFT JOIN vuln_nessus_latest_results t5 ON t1.report_id=t5.report_id " : " ") . "WHERE t1.deleted = '0' ";
        $dbconn->Execute($queryc . $queryw);
        $reportCount = $dbconn->GetOne("SELECT FOUND_ROWS() as total");
        $previous = $offset - $pageSize;
        if ($previous < 0) {
            $previous = 0;
        }
        $last = intval($reportCount / $pageSize) * $pageSize;
        if ($last < 0) {
            $last = 0;
        }
        $next = $offset + $pageSize;
        /*if ($next < $last) {
            $last = $next;
          }*/
        $pageEnd = $offset + $pageSize;
        $value = html_entity_decode($value);
        echo "<center><table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"900\"><tr><td class=\"headerpr\" style=\"border:0;\">" . _("Current Vulnerablities") . "</td></tr></table>";
        //echo "<p>There are $reportCount scans defined in the system.";
        // output the search form
        echo "<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"900\">";
        echo "<tr><td style=\"padding-top:5px;\" class=\"nobborder\">";
        echo <<<EOT
<center>
<form name="hostSearch" id="hostSearch" action="index.php" method="GET">
<input type="text" length="25" name="value" class="assets" id="assets" value="{$value}">
EOT;
        echo "\n<!--<input type=\"radio\" name=\"type\" value=\"scantime\" {$selRadio['0']}>" . _("Date") . "/" . _("Time") . "-->\n<!--<input type=\"radio\" name=\"type\" value=\"hostip\" {$selRadio['1']}>" . _("Host - IP") . "-->\n<!--<input type=\"radio\" name=\"type\" value=\"fk_name\" {$selRadio['2']}>Subnet Name-->\n<input type=\"radio\" name=\"type\" value=\"service\" {$selRadio['5']}>" . _("Service") . "\n<input type=\"radio\" name=\"type\" value=\"freetext\" {$selRadio['6']}>" . _("Free text") . "\n<input type=\"radio\" name=\"type\" value=\"hn\" {$selRadio['4']}>" . _("Host/Net") . "\n<!--<input type=\"radio\" name=\"type\" value=\"username\" {$selRadio['3']}>Username-->\n";
        /*     echo <<<EOT
        <input type="hidden" name="sortby" value="$sortby">
        <input type="hidden" name="allres" value="$allres">
        <input type="hidden" name="op" value="search">&nbsp;&nbsp;&nbsp;
        EOT;*/
        echo '<input type="hidden" name="withoutmenu" value="' . GET('withoutmenu') . '">';
        echo "<input type=\"submit\" name=\"submit\" value=\"" . _("Find") . "\" class=\"button\" style=\"margin-left:15px;\">";
        if (Session::am_i_admin() && (GET("submit") != "" || GET("type") != "") && GET("value") != "") {
            echo "<input style=\"margin-left:5px;\" type=\"button\" value=\"" . _("Delete selection") . "\" onclick=\"deleteSelected(this.form)\" class=\"button\">";
        }
        echo <<<EOT
</form>
</center>
</p>
EOT;
        // output the pager
        //echo "<p align=center><a href='index.php?offset=0".$url_allres.$url_filter."' class='pager'>&lt&lt "._("First")."</a> | ";
        //if($offset != 0) {
        //   echo "<a href='index.php?offset=$previous".$url_allres.$url_filter."' class='pager'>&lt "._("Previous")." </a> | ";
        //}
        //if($pageEnd >= $reportCount) { $pageEnd = $reportCount; }
        //echo "[ ".($offset+1)." - $pageEnd of $reportCount ] | ";
        //if($next < $last) {
        //   echo "<a href='index.php?offset=$next".$url_allres.$url_filter."' class='pager'>| "._("Next")." &gt;</a> | ";
        //}
        //echo "<a href='index.php?offset=$last".$url_allres.$url_filter."' class='pager'> "._("Last")." &gt;&gt;</a></p>";
    } else {
        // get the search result count
        $queryc = "SELECT count( report_id ) FROM vuln_nessus_latest_reports WHERE t1.deleted = '0' ";
        $scount = $dbconn->GetOne($queryc . $queryw);
        echo "<p>{$scount} report";
        if ($scount != 1) {
            echo "s";
        } else {
        }
        echo " " . _("found matching search criteria") . " | ";
        echo " <a href='index.php' alt='" . _("View All Reports") . "'>" . _("View All Reports") . "</a></p>";
    }
    echo "<p>";
    echo $stext;
    echo "</p>";
    echo "</td></tr></table>";
    // get the hosts to display
    $result = $dbconn->GetArray($querys . $queryw . $queryl);
    $delete_ids = array();
    foreach ($result as $rpt) {
        $delete_ids[] = $dreport_id = $rpt["report_id"];
    }
    $_SESSION["_dreport_ids"] = implode(",", $delete_ids);
    /*   if ($delete_selected!="") { // delete selected current vulns from latest tables defore display
            foreach ($result as $rpt) {
                $dreport_id = $rpt["report_id"];
    
                $query = "DELETE FROM vuln_nessus_latest_reports WHERE report_id=$dreport_id";
                $result=$dbconn->execute($query);
                
                $query = "DELETE FROM vuln_nessus_latest_results WHERE report_id=$dreport_id";
                $result=$dbconn->execute($query);
            }
        ?>
        <script type="text/javascript">
        //    document.location.href='index.php';
        </script>
        <?php
       }
    */
    //echo "[$querys$queryw$queryl]";
    if ($result === false) {
        $errMsg[] = _("Error getting results") . ": " . $dbconn->ErrorMsg();
        $error++;
        dispSQLError($errMsg, $error);
    } else {
        $data['vInfo'] = 0;
        $data['vLow'] = 0;
        $data['vMed'] = 0;
        $data['vHigh'] = 0;
        $data['vSerious'] = 0;
        $queryt = "SELECT count(*) AS total, risk, hostIP FROM (\n                    SELECT DISTINCT port, protocol, app, scriptid, msg, risk, hostIP\n                    FROM vuln_nessus_latest_results where falsepositive='N'" . (in_array("admin", $arruser) ? "" : " and username in ('" . $user . "')") . ") AS t GROUP BY risk, hostIP";
        //echo "$queryt<br>";
        $resultt = $dbconn->Execute($queryt);
        while (list($riskcount, $risk, $hostIP) = $resultt->fields) {
            if ($risk == 7) {
                $data['vInfo'] += $riskcount;
            } else {
                if ($risk == 6) {
                    $data['vLow'] += $riskcount;
                } else {
                    if ($risk == 3) {
                        $data['vMed'] += $riskcount;
                    } else {
                        if ($risk == 2) {
                            $data['vHigh'] += $riskcount;
                        } else {
                            if ($risk == 1) {
                                $data['vSerious'] += $riskcount;
                            }
                        }
                    }
                }
            }
            $resultt->MoveNext();
        }
        if ($data['vInfo'] == 0 && $data['vLow'] == 0 && $data['vMed'] == 0 && $data['vHigh'] == 0 && $data['vSerious'] == 0) {
            $tdata[] = array("report_id" => "All", "host_name" => "", "scantime" => "", "username" => "", "scantype" => "", "report_key" => "", "report_type" => "", "sid" => "", "profile" => "", "hlink" => "", "plink" => "", "xlink" => "", "vSerious" => $data['vSerious'], "vHigh" => $data['vHigh'], "vMed" => $data['vMed'], "vLow" => $data['vLow'], "vInfo" => $data['vInfo']);
        } else {
            $tdata[] = array("report_id" => "All", "host_name" => "", "scantime" => "", "username" => "", "scantype" => "", "report_key" => "", "report_type" => "", "sid" => "", "profile" => "", "hlink" => "reshtml.php?ipl=all&disp=html&output=full&scantype=M", "plink" => "respdf.php?ipl=all&scantype=M", "xlink" => "rescsv.php?ipl=all&scantype=M", "dlink" => "", "vSerious" => $data['vSerious'], "vHigh" => $data['vHigh'], "vMed" => $data['vMed'], "vLow" => $data['vLow'], "vInfo" => $data['vInfo']);
        }
        foreach ($result as $data) {
            $data['vSerious'] = 0;
            $data['vHigh'] = 0;
            $data['vMed'] = 0;
            $data['vLow'] = 0;
            $data['vInfo'] = 0;
            // query for reports for each IP
            $query_risk = "SELECT distinct risk, port, protocol, app, scriptid, msg, hostIP FROM vuln_nessus_latest_results WHERE report_id = " . $data['report_id'];
            $query_risk .= " AND username = '******'username'] . "' AND sid =" . $data['sid'] . " AND falsepositive='N'";
            //echo "[$query_risk]<br>";
            $result_risk = $dbconn->Execute($query_risk);
            while (!$result_risk->EOF) {
                if ($result_risk->fields["risk"] == 7) {
                    $data['vInfo']++;
                } else {
                    if ($result_risk->fields["risk"] == 6) {
                        $data['vLow']++;
                    } else {
                        if ($result_risk->fields["risk"] == 3) {
                            $data['vMed']++;
                        } else {
                            if ($result_risk->fields["risk"] == 2) {
                                $data['vHigh']++;
                            } else {
                                if ($result_risk->fields["risk"] == 1) {
                                    $data['vSerious']++;
                                }
                            }
                        }
                    }
                }
                $result_risk->MoveNext();
            }
            $more = "&hmenu=Vulnerabilities&smenu=Vulnerabilities";
            $data['clink'] = "respdfc.php?scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . "&key=" . $data['report_key'] . $more;
            $data['plink'] = "respdf.php?treport=latest&scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . "&key=" . $data['report_key'] . $more;
            $data['hlink'] = "reshtml.php?treport=latest&key=" . $data['report_key'] . "&disp=html&output=full&scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . $more;
            $data['rerun'] = "sched.php?disp=rerun&job_id=" . $data['jobid'] . $more;
            $data['xlink'] = "rescsv.php?treport=latest&scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . "&key=" . $data['report_key'] . $more;
            $data['xbase'] = "restextsummary.php?scantime=" . $data['scantime'] . "&scantype=" . $data['scantype'] . $more . "&key=" . $data['report_key'];
            if (Session::am_i_admin()) {
                $data['dlink'] = "index.php?delete=" . $data['report_key'] . "&scantime=" . $data['scantime'];
            }
            /*
                                                $data['vSerious'] = "<a href=\"respdf.php?scantime=".$data['scantime']."&scantype=".$data['scantype']
                                                ."&key=".$data['report_key']."&critical=1\">".$data['vSerious']."</a>";
                                                $data['vHigh'] = "<a href=\"respdf.php?scantime=".$data['scantime']."&scantype=".$data['scantype']
                                                ."&key=".$data['report_key']."&critical=2\">".$data['vHigh']."</a>";
                                                $data['vMed'] = "<a href=\"respdf.php?scantime=".$data['scantime']."&scantype=".$data['scantype']
                                                ."&key=".$data['report_key']."&critical=3\">".$data['vMed']."</a>";
                                                $data['vLow'] = "<a href=\"respdf.php?scantime=".$data['scantime']."&scantype=".$data['scantype']
                                                ."&key=".$data['report_key']."&critical=6\">".$data['vLow']."</a>";	
                                                $data['vInfo'] = "<a href=\"respdf.php?scantime=".$data['scantime']."&scantype=".$data['scantype']
                                                ."&key=".$data['report_key']."&critical=7\">".$data['vInfo']."</a>";*/
            //$data['vSerious'] = $data['vSerious'];
            //$data['vHigh'] = $data['vHigh'];
            //$data['vMed'] = $data['vMed'];
            //$data['vLow'] = $data['vLow'];
            //$data['vInfo'] = $data['vInfo'];
            //$data['scan_submit'] = $data['scan_submit'];
            $list = explode("\n", trim($data['meth_target']));
            if (count($list) == 1) {
                $list[0] = trim($list[0]);
                if ($list[0] != "") {
                    if ($hosts[$list[0]] != "" && $hosts[$list[0]] != $list[0]) {
                        $data['target'] = $hosts[$list[0]] . " (" . $list[0] . ")";
                    } else {
                        $data['target'] = $list[0];
                    }
                } else {
                    $data['target'] = "-";
                }
            } elseif (count($list) == 2) {
                $list[0] = trim($list[0]);
                if ($hosts[$list[0]] != "" && $hosts[$list[0]] != $list[0]) {
                    $list[0] = $hosts[$list[0]] . " (" . $list[0] . ")";
                }
                $list[1] = trim($list[1]);
                if ($hosts[$list[1]] != "" && $hosts[$list[1]] != $list[1]) {
                    $list[1] = $hosts[$list[1]] . " (" . $list[1] . ")";
                }
                $data['target'] = $list[0] . ' ' . $list[1];
            } else {
                $list[0] = trim($list[0]);
                if ($hosts[$list[0]] != "" && $hosts[$list[0]] != $list[0]) {
                    $list[0] = $hosts[$list[0]] . " (" . $list[0] . ")";
                }
                $list[count($list) - 1] = trim($list[count($list) - 1]);
                if ($hosts[$list[count($list) - 1]] != "" && $hosts[$list[count($list) - 1]] != $list[count($list) - 1]) {
                    $list[count($list) - 1] = $hosts[$list[count($list) - 1]] . " (" . $list[count($list) - 1] . ")";
                }
                $data['target'] = $list[0] . " ... " . $list[count($list) - 1];
            }
            $tdata[] = $data;
        }
        if ($sortdir == "ASC") {
            $sortdir = "DESC";
        } else {
            $sortdir = "ASC";
        }
        $url = $_SERVER['SCRIPT_NAME'] . "?offset={$offset}&sortby=%var%&sortdir={$sortdir}" . $url_allres . $url_filter;
        $fieldMapLinks = array();
        $fieldMapLinks = array(gettext("HTML Results") => array('url' => '%param%', 'param' => 'hlink', 'target' => 'main', 'icon' => 'images/html.png'), gettext("PDF Results") => array('url' => '%param%', 'param' => 'plink', 'target' => '_blank', 'icon' => 'images/pdf.png'), gettext("EXCEL Results") => array('url' => '%param%', 'param' => 'xlink', 'target' => '_blank', 'icon' => 'images/page_white_excel.png'));
        if (Session::am_i_admin()) {
            $fieldMapLinks["DELETE Results"] = array('url' => '%param%', 'param' => 'dlink', 'target' => 'main', 'icon' => 'images/delete.gif');
        }
        $fieldMap = array("Host - IP" => array('var' => 'hostip'), "Date/Time" => array('var' => 'scantime'), "Profile" => array('var' => 'profile'), "Serious" => array('var' => 'vSerious'), "High" => array('var' => 'vHigh'), "Medium" => array('var' => 'vMed'), "Low" => array('var' => 'vLow'), "Info" => array('var' => 'vInfo'), "Links" => $fieldMapLinks);
        if (count($tdata) > 1) {
            drawTableLatest($fieldMap, $tdata, "Hosts");
        } else {
            echo "<br><b>" . _("No results found: ") . "<a href='sched.php?smethod=schedule&hosts_alive=1&scan_locally=1'>" . _("Click here to run a Vulnerability Scan now") . "</a><br><br></b>";
        }
    }
    // draw the pager again, if viewing all hosts
    if (!$filteredView && $reportCount > 10) {
        echo "<p align=center>\n<a href=\"index.php?offset=0" . $url_allres . $url_filter . "\" class=\"pager\">&lt&lt " . _("First") . "</a>\n<a href=\"index.php?offset={$previous}" . $url_allres . $url_filter . "\" class=\"pager\">&lt " . _("Previous") . " </a>";
        echo "&nbsp;&nbsp;&nbsp;[ " . ($offset + 1) . " - {$pageEnd} " . _("of") . " {$reportCount} ]&nbsp;&nbsp;&nbsp;";
        if ($reportCount > $pageEnd) {
            echo "<a href=\"index.php?offset={$next}" . $url_allres . $url_filter . "\" class=\"pager\"> " . _("Next") . " &gt;</a>\n    <a href=\"index.php?offset={$last}" . $url_allres . $url_filter . "\" class=\"pager\"> " . _("Last") . " &gt;&gt;</a>";
        }
        echo "</p>";
    }
}

Exemple #9

0

Afficher le fichier

Fichier : check_agent_ip.php Projet : jackpf/ossim-arc

    $error_msg = "<div style='text-align: left;'>" . _('The following errors occurred') . ":</div>\n                  <div style='padding-left:15px; text-align: left;'>" . implode('<br/>', $validation_errors) . "</div>";
    $error = Token::create_error_message();
    Util::response_bad_request($error_msg);
}
$warning_msg = '';
//Validate IP/CIDR
if ($ip_cidr != 'any' && $ip_cidr != '0.0.0.0/0') {
    if (Asset_host_ips::valid_ip($ip_cidr)) {
        //Agent IP/CIDR is an IP address
        $asset_ips = Asset_host_ips::get_ips_to_string($conn, $asset_id);
        if (preg_match('/' . $ip_cidr . '/', $asset_ips) == FALSE) {
            $warning_msg = _('The asset IP and IP/CIDR do not match');
        }
    } else {
        //Agent IP/CIDR is an CIDR
        $ip_range = CIDR::expand_cidr($ip_cidr, 'SHORT', 'LONG');
        $asset_ips_obj = new Asset_host_ips($asset_id);
        $asset_ips_obj->load_from_db($conn);
        $asset_ips = $asset_ips_obj->get_ips();
        $valid_ip_range = FALSE;
        foreach ($asset_ips as $a_data) {
            $ip = Asset_host_ips::ip2ulong($a_data['ip']);
            if ($ip >= $ip_range[0] && $ip <= $ip_range[1]) {
                $valid_ip_range = TRUE;
                break;
            }
        }
        if ($valid_ip_range == FALSE) {
            $warning_msg = _('The selected asset IP is out of the IP/CIDR range');
        }
    }

Exemple #10

0

Afficher le fichier

Fichier : base_qry_common.php Projet : jhbsz/ossimTest

function QueryOssimNetworkGroup($ngname)
{
    global $db;
    require_once "classes/CIDR.inc";
    $ids = "";
    $sql = "SELECT n.ips FROM ossim.net as n,ossim.net_group_reference as gr WHERE gr.net_name=n.name AND gr.net_group_name='{$ngname}'";
    if ($result = $db->baseExecute($sql)) {
        while ($row = $result->baseFetchRow()) {
            $nets = explode(",", $row["ips"]);
            foreach ($nets as $net) {
                $exp = CIDR::expand_CIDR($net, "SHORT", "IP");
                $ids .= "(acid_event.ip_src>=" . baseIP2long($exp[0]) . " AND acid_event.ip_src<=" . baseIP2long($exp[1]) . ")OR";
                $ids .= "(acid_event.ip_dst>=" . baseIP2long($exp[0]) . " AND acid_event.ip_dst<=" . baseIP2long($exp[1]) . ")OR";
            }
        }
    }
    $ids = preg_replace("/(OR|AND)\$/", "", $ids);
    $result->baseFreeRows();
    return trim($ids);
}

Exemple #11

0

Afficher le fichier

Fichier : CIDR.php Projet : 0151n/vichan

 /**
  * Return true if the $ip given is a true CIDR block.
  *
  * A true CIDR block is one where the $ip given is the actual Network
  * address and broadcast matches the prefix appropriately.
  */
 public static function cidr_is_true($ip)
 {
     $ip = new CIDR($ip);
     return $ip->isTrueCidr();
 }

PHP CIDR Exemples