<?php
/*
* Print resize subnet
*********************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database, false);
$Subnets = new Subnets($Database);
$Addresses = new Addresses($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# id must be numeric
if (!is_numeric($_POST['subnetId'])) {
$Result->show("danger", _("Invalid ID"), true);
}
# get subnet details
$subnet_old = $Subnets->fetch_subnet(null, $_POST['subnetId']);
# verify that user has write permissions for subnet
$subnetPerm = $Subnets->check_permission($User->user, $subnet_old->id);
if ($subnetPerm < 3) {
$Result->show("danger", _('You do not have permissions to resize subnet') . '!', true);
}
# verify
$Subnets->subnet_split($subnet_old, $_POST['number'], $_POST['prefix'], $_POST['group'], $_POST['strict']);
# all good
$Result->show("success", _("Subnet splitted ok") . "!", true);
* Print edit subnet
*********************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Sections = new Sections($Database);
$Subnets = new Subnets($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# ID must be numeric
if (!is_numeric($_POST['subnetId'])) {
$Result->show("danger", _("Invalid ID"), true, true);
}
# get all groups
$groups = $Admin->fetch_all_objects("userGroups", "g_id");
# get subnet details
$subnet = $Subnets->fetch_subnet(null, $_POST['subnetId']);
?>
<script type="text/javascript">
$(document).ready(function() {
/* bootstrap switch */
var switch_options = {
onText: "Yes",
offText: "No",
onColor: 'default',
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database, false);
$Subnets = new Subnets($Database);
$Addresses = new Addresses($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->create_csrf_cookie();
# id must be numeric
if (!is_numeric($_POST['subnetId'])) {
$Result->show("danger", _("Invalid ID"), true, true);
}
# get subnet details
$subnet = $Subnets->fetch_subnet(null, $_POST['subnetId']);
# verify that user has write permissions for subnet
$subnetPerm = $Subnets->check_permission($User->user, $subnet->id);
if ($subnetPerm < 3) {
$Result->show("danger", _('You do not have permissions to resize subnet') . '!', true, true);
}
?>
<!-- header -->
<div class="pHeader"><?php
print _('Truncate subnet');
?>
</div>
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "location");
# validate action
$Admin->validate_action($_POST['action'], true);
# get Location object
if ($_POST['action'] != "add") {
$location = $Admin->fetch_object("locations", "id", $_POST['id']);
$location !== false ?: $Result->show("danger", _("Invalid ID"), true, true);
}
# disable edit on delete
$readonly = $_POST['action'] == "delete" ? "readonly" : "";
$link = $readonly ? false : true;
# fetch custom fields
$custom = $Tools->fetch_custom_fields('locations');
?>
<!-- header -->
<div class="pHeader"><?php
print ucwords(_("{$_POST['action']}"));
?>
<?php
print _('Location');
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Sections = new Sections($Database);
$Subnets = new Subnets($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "permissions");
# ID must be numeric
if (!is_numeric($_POST['subnetId'])) {
$Result->show("danger", _("Invalid ID"), true, true);
}
# get all groups
$groups = $Admin->fetch_all_objects("userGroups", "g_name");
# get subnet details
$subnet = $Subnets->fetch_subnet(null, $_POST['subnetId']);
?>
<script type="text/javascript">
$(document).ready(function() {
/* bootstrap switch */
var switch_options = {
onText: "Yes",
offText: "No",
onColor: 'default',
* add, edit and delete firewall zones mappings
**************************************************/
# functions
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize classes
$Database = new Database_PDO();
$User = new User($Database);
$Subnets = new Subnets($Database);
$Tools = new Tools($Database);
$Result = new Result();
$Zones = new FirewallZones($Database);
# validate session parameters
$User->check_user_session();
# validate $_POST['id'] values
if (!preg_match('/^[0-9]+$/i', $_POST['id'])) {
$Result->show("danger", _("Invalid ID. Do not manipulate the POST values!"), true);
}
# validate $_POST['action'] values
if ($_POST['action'] != 'add' && $_POST['action'] != 'edit' && $_POST['action'] != 'delete') {
$Result->show("danger", _("Invalid action. Do not manipulate the POST values!"), true);
}
# disable edit on delete
$readonly = $_POST['action'] == "delete" ? "disabled" : "";
# fetch all firewall zones
$firewallZones = $Zones->get_zones();
# fetch settings
$firewallZoneSettings = json_decode($User->settings->firewallZoneSettings, true);
# fetch all devices
$devices = $Tools->fetch_multiple_objects("devices", "type", $firewallZoneSettings['deviceType']);
# fetch old mapping
if ($_POST['action'] != 'add') {
* add, edit and delete firewall zones
******************************************/
# functions
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize classes
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Subnets = new Subnets($Database);
$Result = new Result();
$Zones = new FirewallZones($Database);
# validate session parameters
$User->check_user_session();
# validate $_POST['id'] values
if (!preg_match('/^[0-9]+$/i', $_POST['id'])) {
$Result->show("danger", _("Invalid ID. Do not manipulate the POST values!"), true);
}
# validate $_POST['action'] values
if ($_POST['action'] != 'add' && $_POST['action'] != 'edit' && $_POST['action'] != 'delete') {
$Result->show("danger", _("Invalid action. Do not manipulate the POST values!"), true);
}
# fetch module settings
$firewallZoneSettings = json_decode($User->settings->firewallZoneSettings, true);
# fetch old zone
if ($_POST['action'] != 'add') {
$firewallZone = $Zones->get_zone($_POST['id']);
}
# disable edit on delete
$readonly = $_POST['action'] == "delete" ? "readonly" : "";
?>
/* functions */
require dirname(__FILE__) . '/../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Install = new Install($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# admin user is required
$User->is_admin(true);
# try to upgrade database
if ($Install->upgrade_database() === true) {
# print success
$Result->show("success", _("Database upgraded successfully! <a class='btn btn-sm btn-default' href='" . create_link('dashboard') . "'>Dashboard</a>"), false);
# migrate settings
$User->migrate_domain_settings();
$User->migrate_ldap_settings();
# check for possible errors
if (sizeof($errors = $Tools->verify_database()) > 0) {
$esize = sizeof($errors['tableError']) + sizeof($errors['fieldError']);
print '<div class="alert alert-danger">' . "\n";
# print table errors
if (isset($errors['tableError'])) {
print '<strong>' . _('Missing table') . 's:</strong>' . "\n";
print '<ul class="fix-table">' . "\n";
foreach ($errors['tableError'] as $table) {
print '<li>' . $table . '</li>' . "\n";
}
print '</ul>' . "\n";
# verify that user is logged in
$User->check_user_session();
//strip AS if provided, to get just the number
if (substr($_POST['as'], 0, 2) == "AS" || substr($_POST['as'], 0, 2) == "as") {
$_POST['as'] = substr($_POST['as'], 2);
}
# fetch subnets form ripe
$subnet = $Admin->ripe_fetch_subnets($_POST['as']);
# fetch all sections
$sections = $Admin->fetch_all_objects("sections", "id");
$vlans = $Admin->fetch_all_objects("vlans", "vlanId");
$vrfs = $Admin->fetch_all_objects("vrf", "vrfId");
//none found
if (sizeof(@$subnet) == 0) {
print "<hr>";
$Result->show("danger alert-absolute", _('No subnets found') . '!', true);
} else {
//form
print '<form name="asImport" id="asImport">';
//table
print '<table class="asImport table table-striped table-condensed table-top table-auto">';
//headers
print '<tr>';
print ' <th colspan="5">' . _('I found the following routes belonging to AS') . ' ' . $_POST['as'] . ':</th>';
print '</tr> ';
print "<tr>";
print "\t<th></th>";
print "\t<th>" . _('Subnet') . "</th>";
print "\t<th>" . _('select section') . "</th>";
print "\t<th>" . _('Description') . "</th>";
print "\t<th>" . _('VLAN') . "</th>";
/**
* remove item from nat
************************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# get NAT object
$nat = $Admin->fetch_object("nat", "id", $_POST['id']);
$nat !== false ?: $Result->show("danger", _("Invalid ID"), true);
# static NAT checks
if ($nat->type == "static") {
// static NAT can only have IP address
if ($_POST['object_type'] != "ipaddresses") {
$Result->show("danger", _("Static NAT can only contain IP address"), true);
}
// decode
$nat_src = json_decode($nat->src, true);
$nat_dst = json_decode($nat->dst, true);
// validate all objects
if (sizeof(@$nat_src['ipaddresses']) > 0) {
foreach ($nat_src['ipaddresses'] as $ik => $iv) {
if ($Tools->fetch_object("ipaddresses", "id", $iv) === false) {
unset($nat_src['ipaddresses'][$ik]);
}
$Database = new Database_PDO();
$User = new User($Database);
$Tools = new Tools($Database);
$Subnets = new Subnets($Database);
$Result = new Result();
}
# user must be authenticated
$User->check_user_session();
# set size parameters
$height = 200;
$slimit = 10;
# if direct request include plot JS
if ($_SERVER['HTTP_X_REQUESTED_WITH'] != "XMLHttpRequest") {
# get widget details
if (!($widget = $Tools->fetch_object("widgets", "wfile", $_REQUEST['section']))) {
$Result->show("danger", _("Invalid widget"), true);
}
# reset size and limit
$height = 350;
$slimit = 20;
# include flot JS
print '<script language="javascript" type="text/javascript" src="js/1.2/flot/jquery.flot.js"></script>';
print '<script language="javascript" type="text/javascript" src="js/1.2/flot/jquery.flot.categories.js"></script>';
print '<!--[if lte IE 8]><script language="javascript" type="text/javascript" src="js/1.2/flot/excanvas.min.js"></script><![endif]-->';
# and print title
print "<div class='container'>";
print "<h4 style='margin-top:40px;'>{$widget->wtitle}</h4><hr>";
print "</div>";
}
$type = "IPv4";
# get subnets statistic
$Result = new Result();
}
# user must be authenticated
$User->check_user_session();
# if direct request that redirect to tools page
if ($_SERVER['HTTP_X_REQUESTED_WITH'] != "XMLHttpRequest") {
header("Location: " . create_link("tools", "changelog"));
}
# changelog to syslog
if ($User->settings->log != "syslog") {
/* get logs */
$clogs = $Log->fetch_all_changelogs(false, "", 50);
}
# syslog
if ($User->settings->log == "syslog") {
$Result->show("warning", _("Changelog files are sent to syslog"), false);
} elseif (sizeof($clogs) == 0) {
print "<blockquote style='margin-top:20px;margin-left:20px;'>";
print "<p>" . _("No changelogs available") . "</p>";
print "<small>" . _("No changelog entries are available") . "</small>";
print "</blockquote>";
} else {
# printout
print "<table class='table changelog table-hover table-top table-condensed'>";
# headers
print "<tr>";
print "\t<th>" . _('User') . "</th>";
print "\t<th>" . _('Type') . "</th>";
print "\t<th>" . _('Object') . "</th>";
print "\t<th>" . _('Date') . "</th>";
print "\t<th class='hidden-xs'>" . _('Change') . "</th>";
/**
* Script to display usermod result
*************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
require dirname(__FILE__) . "/../../../functions/adLDAP/src/adLDAP.php";
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# fetch server
$server = $Admin->fetch_object("usersAuthMethod", "id", $_POST['server']);
$server !== false ?: $Result->show("danger", _("Invalid server ID"), true);
//parse parameters
$params = json_decode($server->params);
//no login parameters
if (strlen(@$params->adminUsername) == 0 || strlen(@$params->adminPassword) == 0) {
$Result->show("danger", _("Missing credentials"), true);
}
//at least 2 chars
if (strlen($_POST['dfilter']) < 2) {
$Result->show("danger", _('Please enter at least 2 characters'), true);
}
//open connection
try {
if ($server->type == "NetIQ") {
$params->account_suffix = "";
}
# for edit check old details
if ($_POST['action'] == "edit" || $_POST['action'] == "delete") {
# old
$agent_old = $Admin->fetch_object("scanAgents", "id", $_POST['id']);
// invalid id
if ($agent_old === false) {
$error[] = "Invalid agent Id";
}
// remove type and code if direct
if (@$agent_old->type == "direct") {
unset($_POST['type'], $_POST['code']);
}
}
# die if direct and delete
if (@$agent_old->type == "direct" && $_POST['action'] == "delete") {
$Result->show("danger", _("Cannot remove localhost scan agent"), true);
}
# checks for edit / add
if ($_POST['action'] != "delete") {
# code must be exactly 32 chars long and alfanumeric if app_security = crypt
if (@$agent_old->type != "direct") {
if (strlen($_POST['code']) != 32 || !ctype_alnum($_POST['code'])) {
$error[] = "Invalid agent code";
}
}
# name must be more than 2 and alphanumberic
if (strlen($_POST['name']) == 0) {
$error[] = "Invalid agent name";
}
}
# die if errors
/**
* Script to replace fields in IP address list
***********************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
//verify post
if (empty($_POST['search'])) {
$Result->show("danger", _('Please enter something in search field') . '!', true);
}
//if device verify that it exists
if ($_POST['field'] == "switch") {
if (!($device1 = $Admin->fetch_object("devices", "hostname", $_POST['search']))) {
$Result->show("danger alert-absolute", _('Switch') . ' "<i>' . $_POST['search'] . '</i>" ' . _('does not exist, first create switch under admin menu') . '!', true);
}
if (!($device2 = $Admin->fetch_object("devices", "hostname", $_POST['replace']))) {
$Result->show("danger alert-absolute", _('Switch') . ' "<i>' . $_POST['search'] . '</i>" ' . _('does not exist, first create switch under admin menu') . '!', true);
}
//replace posts
$_POST['search'] = $device1->id;
$_POST['replace'] = $device2->id;
}
# update
$Admin->replace_fields($_POST['field'], $_POST['search'], $_POST['replace']);
/**
* Move VLAN to new domain
*******************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
// checks
if (!is_numeric($_POST['newDomainId'])) {
$Result->show("danger", _("Invalid ID"), true);
}
if (!is_numeric($_POST['vlanId'])) {
$Result->show("danger", _("Invalid ID"), true);
}
// verify that new exists
$vlan_domain = $Admin->fetch_object("vlanDomains", "id", $_POST['newDomainId']);
if ($vlan_domain === false) {
$Result->show("danger", _("Invalid ID"), true);
}
//fetch vlan
$vlan = $Admin->fetch_object("vlans", "vlanId", $_POST['vlanId']);
if ($vlan === false) {
$Result->show("danger", _("Invalid ID"), true);
}
// check that it is not already set !
*******************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# fake error
print "<div class='alert-danger hidden'></div>";
# scan disabled
if ($User->settings->enableSNMP != "1") {
$Result->show("danger", _("SNMP module disbled"), true);
}
# admin check
if ($User->is_admin() !== true) {
$Result->show("danger", _('Admin privileges required'), true);
}
# set class
$Snmp = new phpipamSNMP();
# get existing vrfs
$existing_vrfs = $Tools->fetch_all_objects("vrf", "vrfId");
if ($existing_vrfs !== false) {
foreach ($existing_vrfs as $v) {
$ex_vrfs[$v->name] = $v->rd;
}
}
// no errors
# include required scripts
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize required objects
$Database = new Database_PDO();
$Result = new Result();
$User = new User($Database);
$Subnets = new Subnets($Database);
$Tools = new Tools($Database);
$Addresses = new Addresses($Database);
$Log = new Logging($Database, $User->settings);
$Zones = new FirewallZones($Database);
$Ping = new Scan($Database);
# verify that user is logged in
$User->check_user_session();
# validate csrf cookie
$User->csrf_cookie("validate", "address", $_POST['csrf_cookie']) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : "";
# validate action
$Tools->validate_action($_POST['action']);
$action = $_POST['action'];
//reset delete action form visual visual
if (isset($_POST['action-visual'])) {
if (@$_POST['action-visual'] == "delete") {
$action = "delete";
}
}
# save $_POST to $address
$address = $_POST;
# required fields
isset($address['action']) ?: $Result->show("danger", _("Missing required fields") . " action", true);
isset($address['subnet']) ?: $Result->show("danger", _("Missing required fields") . " subnet", true);
isset($address['subnetId']) ?: $Result->show("danger", _("Missing required fields") . " subnetId", true);
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# fetch group and set title
if ($_POST['action'] == "add") {
$title = _('Add new group');
} else {
//fetch all group details
$group = (array) $Admin->fetch_object("userGroups", "g_id", $_POST['id']);
//false die
$group !== false ?: $Result->show("danger", _("Invalid ID"), true, true);
$title = ucwords($_POST['action']) . ' ' . _('group') . ' ' . $group['g_name'];
}
?>
<!-- header -->
<div class="pHeader"><?php
print $title;
?>
</div>
<!-- content -->
<div class="pContent">
<form id="groupEdit" name="groupEdit">
<table class="groupEdit table table-noborder table-condensed">
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database, false);
$Subnets = new Subnets($Database);
$Sections = new Sections($Database);
$Addresses = new Addresses($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# ID must be numeric
if ($_POST['action'] == "add") {
if (!is_numeric($_POST['sectionId'])) {
$Result->show("danger", _("Invalid ID"), true);
}
} else {
if (!is_numeric($_POST['subnetId'])) {
$Result->show("danger", _("Invalid ID"), true);
}
if (!is_numeric($_POST['sectionId'])) {
$Result->show("danger", _("Invalid ID"), true);
}
}
# if show name than description must be set
if (@$_POST['showName'] == 1 && strlen($_POST['description']) == 0) {
$Result->show("danger", _("Please enter subnet description to show as name!"), true);
}
# verify that user has permissions to add subnet
if ($_POST['action'] == "add") {
* Script to edit domain
***************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
$PowerDNS = new PowerDNS($Database);
# verify that user is logged in
$User->check_user_session();
# fetch old record
if ($_POST['action'] != "add") {
$record = $PowerDNS->fetch_record($_POST['id']);
$record !== false ?: $Result->show("danger", _("Invalid ID"), true, true);
}
# edit and add - check that smth is in name and content!
if ($_POST['action'] != "delete") {
if (strlen($_POST['name']) < 2) {
$Result->show("danger", _("Invalid name"), true);
}
if (strlen($_POST['content']) < 2) {
$Result->show("danger", _("Invalid content"), true);
}
}
# validate and set values
if ($_POST['action'] == "edit") {
$values = $PowerDNS->formulate_update_record($_POST['name'], $_POST['type'], $_POST['content'], $_POST['ttl'], $_POST['prio'], $_POST['disabled'], $record->change_date);
$values['domain_id'] = $_POST['domain_id'];
} elseif ($_POST['action'] == "add") {
***************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# get modified details
$device = $_POST;
# ID must be numeric
if ($_POST['action'] != "add" && !is_numeric($_POST['switchId'])) {
$Result->show("danger", _("Invalid ID"), true);
}
# available devices set
foreach ($device as $key => $line) {
if (strlen(strstr($key, "section-")) > 0) {
$key2 = str_replace("section-", "", $key);
$temp[] = $key2;
unset($device[$key]);
}
}
# glue sections together
$device['sections'] = sizeof($temp) > 0 ? implode(";", $temp) : null;
# Hostname must be present
if ($device['hostname'] == "") {
$Result->show("danger", _('Hostname is mandatory') . '!', true);
}
$Sections = new Sections($Database);
$Subnets = new Subnets($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "folder");
# strip tags - XSS
$_POST = $User->strip_input_tags($_POST);
# validate action
$Admin->validate_action($_POST['action'], true);
# ID must be numeric
if ($_POST['action'] != "add") {
if (!is_numeric($_POST['subnetId'])) {
$Result->show("danger", _("Invalid ID"), true, true);
}
}
# verify that user has permissions to add subnet
if ($_POST['action'] == "add") {
if ($Sections->check_permission($User->user, $_POST['sectionId']) != 3) {
$Result->show("danger", _('You do not have permissions to add new subnet in this section') . "!", true, true);
}
} else {
if ($Subnets->check_permission($User->user, $_POST['subnetId']) != 3) {
$Result->show("danger", _('You do not have permissions to add edit/delete this subnet') . "!", true, true);
}
}
# we are editing or deleting existing subnet, get old details
if ($_POST['action'] != "add") {
$folder_old_details = (array) $Subnets->fetch_subnet(null, $_POST['subnetId']);
* Edit switch result
***************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# strip input tags
$_POST = $Admin->strip_input_tags($_POST);
# validate csrf cookie
$User->csrf_cookie("validate", "vlan_domain", $_POST['csrf_cookie']) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : "";
# we cannot delete default domain
if (@$_POST['id'] == 1 && $_POST['action'] == "delete") {
$Result->show("danger", _("Default domain cannot be deleted"), true);
}
// ID must be numeric
if ($_POST['action'] != "add" && !is_numeric($_POST['id'])) {
$Result->show("danger", _("Invalid ID"), true);
}
// Hostname must be present
if (@$_POST['name'] == "") {
$Result->show("danger", _('Name is mandatory') . '!', true);
}
// set sections
if (@$_POST['id'] != 1) {
foreach ($_POST as $key => $line) {
/**
* Script to print mail notification form
********************************************/
# include required scripts
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize required objects
$Database = new Database_PDO();
$Result = new Result();
$User = new User($Database);
$Subnets = new Subnets($Database);
$Tools = new Tools($Database);
$Addresses = new Addresses($Database);
# verify that user is logged in
$User->check_user_session();
# id must be numeric
is_numeric($_POST['id']) || strlen($_POST['id']) == 0 ?: $Result->show("danger", _("Invalid ID"), true);
# get IP address id
$id = $_POST['id'];
# fetch address, subnet, vlan and nameservers
$address = (array) $Addresses->fetch_address(null, $id);
$subnet = (array) $Subnets->fetch_subnet(null, $address['subnetId']);
$vlan = (array) $Tools->fetch_object("vlans", "vlanId", $subnet['vlanId']);
$nameservers = (array) $Tools->fetch_object("nameservers", "id", $subnet['nameserverId']);
# get all custom fields
$custom_fields = $Tools->fetch_custom_fields('ipaddresses');
# checks
sizeof($address) > 0 ?: $Result->show("danger", _("Invalid ID"), true);
sizeof($subnet) > 0 ?: $Result->show("danger", _("Invalid subnet"), true);
# set title
$title = _('IP address details') . ' :: ' . $address['ip'];
# address
# fetch all addresses - sorted
if ($slaves) {
$addresses = $Addresses->fetch_subnet_addresses_recursive($subnet['id'], false, $sort['field'], $sort['direction']);
$slave_subnets = (array) $Subnets->fetch_subnet_slaves($subnet['id']);
} else {
$addresses = $Addresses->fetch_subnet_addresses($subnet['id'], $sort['field'], $sort['direction']);
}
# set permissions
$subnet_permission = $Subnets->check_permission($User->user, $subnet['id']);
}
# We need DNS object
$DNS = new DNS($Database, $User->settings);
/* verifications */
# checks
if (sizeof($subnet) == 0) {
$Result->show("danger", _('Subnet does not exist'), true);
}
//subnet doesnt exist
if ($subnet_permission == 0) {
$Result->show("danger", _('You do not have permission to access this network'), true);
}
//not allowed to access
if (!is_numeric($_REQUEST['subnetId'])) {
$Result->show("danger", _('Invalid ID'), true);
}
//subnet id must be numeric
/* selected and hidden fields */
# reset custom fields to ip addresses
$custom_fields = $Tools->fetch_custom_fields('ipaddresses');
# set hidden custom fields
$hidden_cfields = json_decode($User->settings->hiddenCustomFields, true);
* Edit tag
*************************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->create_csrf_cookie();
# ID must be numeric
if ($_POST['action'] != "add" && !is_numeric($_POST['id'])) {
$Result->show("danger", _("Invalid ID"), true, true);
}
# fetch api for edit / add
if ($_POST['action'] != "add") {
# fetch api details
$tag = $Admin->fetch_object("ipTags", "id", $_POST['id']);
# null ?
$tag === false ? $Result->show("danger", _("Invalid ID"), true, true) : null;
}
?>
<script type="text/javascript" src="js/bootstrap-colorpicker.min.js"></script>
<link rel="stylesheet" type="text/css" href="css/bootstrap/bootstrap-colorpicker.min.css">
<script type="text/javascript">
$(function(){
$('.select-bgcolor').colorpicker();
<?php
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# if edit check if protected?
if ($_POST['action'] != "add") {
$auth_method = $Admin->fetch_object("usersAuthMethod", "id", $_POST['id']);
if ($auth_method->protected == "Yes") {
$Result->show("danger", _("Method cannot be change as it is protected"), true, true);
}
}
# route to proper auth method editing
if (!file_exists(dirname(__FILE__) . "/edit-{$_POST['type']}.php")) {
$Result->show("danger", _("Invalid method type"), true, true);
} else {
include "edit-{$_POST['type']}.php";
}
<?php
/**
* Edit tag
*************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# validate csrf cookie
$_POST['csrf_cookie'] == $_SESSION['csrf_cookie'] ?: $Result->show("danger", _("Invalid CSRF cookie"), true);
# fetch old values
if ($_POST['action'] == "delete") {
$old_tag = $Admin->fetch_object("ipTags", "id", $_POST['id']);
} else {
$old_tag = new StdClass();
}
/* checks */
if ($_POST['action'] == "delete" && $old_tag->locked != "No") {
$Result->show("danger", _("Cannot delete locked tag"), true);
}
if ($_POST['action'] != "delete") {
if (strlen($_POST['type']) < 3) {
$Result->show("danger", _("Invalid tag name"), true);
}
if (strlen($_POST['bgcolor']) < 4) {
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "nat");
# get NAT object
if ($_POST['action'] != "add") {
$nat = $Admin->fetch_object("nat", "id", $_POST['id']);
$nat !== false ?: $Result->show("danger", _("Invalid ID"), true, true);
}
# disable edit on delete
$readonly = $_POST['action'] == "delete" ? "readonly" : "";
$link = $readonly ? false : true;
?>
<!-- header -->
<div class="pHeader"><?php
print ucwords(_("{$_POST['action']}"));
?>
<?php
print _('NAT');
?>
</div>
