$allow_deny_op = $_POST['allow_deny_op'];
$enable_forwarding = $_POST['enable_forwarding'];
$scope_range_1 = $_POST['scope_range_1'];
$scope_range_2 = $_POST['scope_range_2'];
$bootp_filename = $_POST['bootp_filename'];
$bootp_server = $_POST['bootp_server'];
$broadcast_address = $_POST['broadcast_address'];
$ntp_servers = $_POST['ntp_servers'];
$netbios_servers = $_POST['netbios_servers'];
$default_lease = $_POST['default_lease'];
$min_lease = $_POST['min_lease'];
$max_lease = $_POST['max_lease'];
// check each post element
if (!empty($pool_name) && !empty($dns_server_1) && !empty($dns_server_2) && !empty($scope_range_1) && !empty($scope_range_2)) {
// begin validation of configuration options
if ($val->ValidateString($pool_name) !== -1 && $val->ValidateDomain($dns_server_1) !== -1 && $val->ValidateDomain($dns_server_2) !== -1 && $val->ValidateIPv4($router) !== -1 && $val->ValidateIPv4($scope_range_1) !== -1 && $val->ValidateIPv4($scope_range_2) !== -1 && $val->ValidateParagraph($bootp_filename) !== -1 && $val->ValidateDomain($bootp_server) !== -1 && $val->ValidateString($allow_deny) !== -1 && $val->ValidateParagraph($allow_deny_op) !== -1 && $val->ValidateString($enable_forwarding) !== -1 && $val->ValidateDomain($broadcast_address) !== -1 && $val->ValidateDomain($ntp_servers) !== -1 && $val->ValidateDomain($netbios_servers) !== -1 && $val->ValidateInteger($default_lease) !== -1 && $val->ValidateInteger($min_lease) !== -1 && $val->ValidateInteger($max_lease) !== -1 && $val->ValidateBroadcast2List($interface_list, $scope_range_1) === 0 && $val->ValidateBroadcast2List($interface_list, $scope_range_2) === 0) {
// define our sql statements (exclude the group field if user is member of admin group)
if ($group !== "admin") {
$insert = "INSERT INTO `conf_pools` ( `pool-name`, `dns-server-1`, `dns-server-2`, `router`, `scope-range-1`, `scope-range-2`, `allow-deny`, `allow-deny-options`, `ip-forwarding`, `broadcast-address`, `ntp-servers`, `netbios-name-servers`, `default-lease-time`, `min-lease-time`, `max-lease-time`, `group` ) VALUES ( \"" . $pool_name . "\", \"" . $dns_server_1 . "\", \"" . $dns_server_2 . "\", \"" . $router . "\", \"" . $scope_range_1 . "\", \"" . $scope_range_2 . "\", \"" . $allow_deny . "\", \"" . $allow_deny_op . "\", \"" . $enable_forwarding . "\", \"" . $broadcast_address . "\", \"" . $ntp_servers . "\", \"" . $netbios_servers . "\", \"" . $default_lease . "\", \"" . $min_lease . "\", \"" . $max_lease . "\", \"" . $group . "\" )";
$update = "UPDATE `conf_pools` SET `pool-name` = \"" . $pool_name . "\", `dns-server-1` = \"" . $dns_server_1 . "\", `dns-server-2` = \"" . $dns_server_2 . "\", `router` = \"" . $router . "\", `scope-range-1` = \"" . $scope_range_1 . "\", `scope-range-2` = \"" . $scope_range_2 . "\", `allow-deny` = \"" . $allow_deny . "\", `allow-deny-options` = \"" . $allow_deny_op . "\", `ip-forwarding` = \"" . $enable_forwarding . "\", `broadcast-address` = \"" . $broadcast_address . "\", `ntp-servers` = \"" . $ntp_servers . "\", `netbios-name-servers` = \"" . $netbios_servers . "\", `default-lease-time` = \"" . $default_lease . "\", `min-lease-time` = \"" . $min_lease . "\", `max-lease-time` = \"" . $max_lease . "\", `group` = \"" . $group . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
} else {
$insert = "INSERT INTO `conf_pools` ( `pool-name`, `dns-server-1`, `dns-server-2`, `router`, `scope-range-1`, `scope-range-2`, `bootp-filename`, `bootp-server`, `allow-deny`, `allow-deny-options`, `ip-forwarding`, `broadcast-address`, `ntp-servers`, `netbios-name-servers`, `default-lease-time`, `min-lease-time`, `max-lease-time` ) VALUES ( \"" . $pool_name . "\", \"" . $dns_server_1 . "\", \"" . $dns_server_2 . "\", \"" . $router . "\", \"" . $scope_range_1 . "\", \"" . $scope_range_2 . "\", \"" . $bootp_filename . "\", \"" . $bootp_server . "\", \"" . $allow_deny . "\", \"" . $allow_deny_op . "\", \"" . $enable_forwarding . "\", \"" . $broadcast_address . "\", \"" . $ntp_servers . "\", \"" . $netbios_servers . "\", \"" . $default_lease . "\", \"" . $min_lease . "\", \"" . $max_lease . "\" )";
$update = "UPDATE `conf_pools` SET `pool-name` = \"" . $pool_name . "\", `dns-server-1` = \"" . $dns_server_1 . "\", `dns-server-2` = \"" . $dns_server_2 . "\", `router` = \"" . $router . "\", `scope-range-1` = \"" . $scope_range_1 . "\", `scope-range-2` = \"" . $scope_range_2 . "\", `bootp-filename` = \"" . $bootp_filename . "\", `bootp-server` = \"" . $bootp_server . "\", `allow-deny` = \"" . $allow_deny . "\", `allow-deny-options` = \"" . $allow_deny_op . "\", `ip-forwarding` = \"" . $enable_forwarding . "\", `broadcast-address` = \"" . $broadcast_address . "\", `ntp-servers` = \"" . $ntp_servers . "\", `netbios-name-servers` = \"" . $netbios_servers . "\", `default-lease-time` = \"" . $default_lease . "\", `min-lease-time` = \"" . $min_lease . "\", `max-lease-time` = \"" . $max_lease . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
}
$delete = "DELETE FROM `conf_pools` WHERE `id` = \"" . $id . "\" LIMIT 1";
// determine which button was clicked
if (!empty($_POST['AddPool'])) {
$query = $insert;
$db_msg_good = $errors['db_insert'];
$db_msg_err = $errors['db_insert_err'];
}
$tmp[$row]['mac_address'] = $data[2];
$tmp[$row]['subnet'] = $data[3];
$tmp[$row]['pxe_group'] = $data[4];
}
}
// check for xml extension
if (eregi(".*\\.[xml]", $upload_path)) {
}
// loop over our array and assign data to our template
for ($x = 1; $x <= count($tmp); $x++) {
// open an ordered list
$list .= "<ol>";
// check each post element
if (!empty($tmp[$x]['hostname']) && !empty($tmp[$x]['mac_address']) && !empty($tmp[$x]['ip_address'])) {
// begin validation of file contents
if ($val->ValidateParagraph($tmp[$x]['hostname']) !== -1 && $val->ValidateMACFormats($tmp[$x]['mac_address']) !== -1 && $val->ValidateIPv4($tmp[$x]['ip_address']) !== -1 && $val->ValidateParagraph($tmp[$x]['subnet']) !== -1 && $val->ValidateParagraph($tmp[$x]['pxe_group']) !== -1) {
// generate our sql command
$insert = "INSERT INTO `conf_hosts` ( `hostname`, `mac-address`, `ip-address`, `subnet-name`, `pxe-group` ) VALUES ( \"" . $tmp[$x]['hostname'] . "\",\"" . $tmp[$x]['mac_address'] . "\", \"" . $tmp[$x]['ip_address'] . "\", \"" . $tmp[$x]['subnet'] . "\", \"" . $tmp[$x]['pxe_group'] . "\" )";
// insert records or prompt for duplicate errors
if (($value = $db->dbQuery($val->ValidateSQL($insert, $dbconn), $dbconn)) === -1) {
// found an existing record?
if (eregi("duplicate", $db->dbCatchError())) {
// assign an error message
$error = $err->GenerateErrorLink("help/help.html", "#import_host", $defined['error'], "Duplicate records found during import, please review and modify the data below accordingly.", NULL, NULL);
// since we have a duplicate and not an invalid record give them the correct template
$error_template = "admin.import.hosts.errors.tpl";
// find the duplicate record so the user can edit it
$find = "SELECT * FROM `conf_hosts` WHERE `hostname` = \"" . $tmp[$x]['hostname'] . "\" OR `mac-address` = \"" . $tmp[$x]['mac_address'] . "\" OR `ip-address` = \"" . $tmp[$x]['mac_address'] . "\" LIMIT 1";
if (($value = $db->dbQuery($val->ValidateSQL($find, $dbconn), $dbconn)) === -1) {
$error = $err->GenerateErrorLink("help/help.html", "#import_host", $defined['error'], "An error occured when attempting to lookup the duplicate record in which '" . $tmp[$x]['hostname'] . "' conflicts with.", NULL, NULL);
} else {
$circut_id = $_POST['circut_id'];
$remote_id = $_POST['remote_id'];
$ddns_text = $_POST['ddns_text'];
$ddns_fwd_name = $_POST['ddns_fwd_name'];
$ddns_client_fqdn = $_POST['ddns_client_fqdn'];
$ddns_rev_name = $_POST['ddns_rev_name'];
$search = $_POST['search'];
$startdate = $_POST['startdate'];
$enddate = $_POST['enddate'];
// perform search if not empty
if (!empty($_POST['SrchLeases'])) {
if (empty($search) && empty($startdate) && empty($enddate)) {
$error = $err->GenerateErrorLink("help/help.html", "#lease_search", $defined['error'], "Empty search fields, please enter an IP or Hostname to search or enter a start and end date for a list of leases between those dates", NULL, NULL);
} else {
// perform validation on search string(s)
if ($val->ValidateIPv4($search) !== -1 || $val->ValidateMACFormats($search) !== -1 || $val->ValidateHostname($search) !== -1 && $val->ValidateDate($startdate) !== -1 && $val->ValidateDate($enddate) !== -1) {
/* define our search query */
if ($group !== "admin") {
$having = " HAVING `group` = \"" . $group . "\"";
}
// search by dates
if (!empty($startdate) || !empty($enddate)) {
$dates = " `start` > \"" . $startdate . "\" AND `end` < \"" . $enddate . "\"";
}
// provide fields search
if (!empty($search)) {
$main = "`hostname` LIKE \"" . $search . "\" OR `hardware` LIKE \"" . $search . "\" OR `ip` LIKE \"" . $search . "\"";
}
// and apply the attributes
$query = "SELECT * FROM `conf_leases` WHERE {$main}{$dates}{$having} ORDER BY `hostname` ASC";
// process our query
$scope_range_1 = $_POST['scope_range_1'];
$scope_range_2 = $_POST['scope_range_2'];
$bootp_filename = $_POST['bootp_filename'];
$bootp_server = $_POST['bootp_server'];
$broadcast_address = $_POST['broadcast_address'];
$ntp_servers = $_POST['ntp_servers'];
$netbios_servers = $_POST['netbios_servers'];
$default_lease = $_POST['default_lease'];
$min_lease = $_POST['min_lease'];
$max_lease = $_POST['max_lease'];
$permissions = $_POST['select_groups'];
$groups = $_POST['groups'];
// check each post element
if (!empty($subnet) && !empty($subnet_mask) && !empty($dns_server_1) && !empty($dns_server_2) && !empty($router) && !empty($subnet_name) && !empty($enable_scope)) {
// begin validation of configuration options
if ($val->ValidateIPv4($subnet) !== -1 && $val->ValidateIPv4($subnet_mask) !== -1 && $val->ValidateDomain($dns_server_1) !== -1 && $val->ValidateDomain($dns_server_2) !== -1 && $val->ValidateIPv4($router) !== -1 && $val->ValidateParagraph($subnet_name) !== -1 && $val->ValidateAlphaChar($pool_name) !== -1 || $pool_name === "---------------" && $val->ValidateString($enable_scope) !== -1 && $val->ValidateIPv4($scope_range_1) !== -1 && $val->ValidateIPv4($scope_range_2) !== -1 && $val->ValidateParagraph($bootp_filename) !== -1 && $val->ValidateDomain($bootp_server) !== -1 && $val->ValidateString($enable_forwarding) !== -1 && $val->ValidateDomain($broadcast_address) !== -1 && $val->ValidateDomain($ntp_servers) !== -1 && $val->ValidateDomain($netbios_servers) !== -1 && $val->ValidateInteger($default_lease) !== -1 && $val->ValidateInteger($min_lease) !== -1 && $val->ValidateInteger($max_lease) !== -1 && $val->ValidateBroadcast2List($interface_list, $subnet) === 0 && $val->ValidateBroadcast2List($interface_list, $broadcast_address) === 0) {
// fix pool var
if ($pool_name === "---------------") {
$pool_name = "";
}
// define our sql statements (exclude the group field if user is member of admin group)
if ($group !== "admin") {
$insert = "INSERT INTO `conf_subnets` ( `subnet`, `subnet-mask`, `dns-server-1`, `dns-server-2`, `router`, `subnet-name`, `pool`, `enable-scope`, `scope-range-1`, `scope-range-2`, `ip-forwarding`, `broadcast-address`, `ntp-servers`, `netbios-name-servers`, `default-lease-time`, `min-lease-time`, `max-lease-time`, `group` ) VALUES ( \"" . $subnet . "\",\"" . $subnet_mask . "\", \"" . $dns_server_1 . "\", \"" . $dns_server_2 . "\", \"" . $router . "\", \"" . $subnet_name . "\", \"" . $pool_name . "\", \"" . $enable_scope . "\", \"" . $scope_range_1 . "\", \"" . $scope_range_2 . "\", \"" . $enable_forwarding . "\", \"" . $broadcast_address . "\", \"" . $ntp_servers . "\", \"" . $netbios_servers . "\", \"" . $default_lease . "\", \"" . $min_lease . "\", \"" . $max_lease . "\", \"" . $group . "\" )";
if (empty($_POST['ex_group'])) {
$update = "UPDATE `conf_subnets` SET `subnet` = \"" . $subnet . "\", `subnet-mask` = \"" . $subnet_mask . "\", `dns-server-1` = \"" . $dns_server_1 . "\", `dns-server-2` = \"" . $dns_server_2 . "\", `router` = \"" . $router . "\", `subnet-name` = \"" . $subnet_name . "\", `pool` = \"" . $pool_name . "\", `enable-scope` = \"" . $enable_scope . "\", `scope-range-1` = \"" . $scope_range_1 . "\", `scope-range-2` = \"" . $scope_range_2 . "\", `ip-forwarding` = \"" . $enable_forwarding . "\", `broadcast-address` = \"" . $broadcast_address . "\", `ntp-servers` = \"" . $ntp_servers . "\", `netbios-name-servers` = \"" . $netbios_servers . "\", `default-lease-time` = \"" . $default_lease . "\", `min-lease-time` = \"" . $min_lease . "\", `max-lease-time` = \"" . $max_lease . "\", `group` = \"" . $group . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
} else {
$update = "UPDATE `conf_subnets` SET `subnet` = \"" . $subnet . "\", `subnet-mask` = \"" . $subnet_mask . "\", `dns-server-1` = \"" . $dns_server_1 . "\", `dns-server-2` = \"" . $dns_server_2 . "\", `router` = \"" . $router . "\", `subnet-name` = \"" . $subnet_name . "\", `pool` = \"" . $pool_name . "\", `enable-scope` = \"" . $enable_scope . "\", `scope-range-1` = \"" . $scope_range_1 . "\", `scope-range-2` = \"" . $scope_range_2 . "\", `bootp-filename` = \"" . $bootp_filename . "\", `bootp-server` = \"" . $bootp_server . "\", `ip-forwarding` = \"" . $enable_forwarding . "\", `broadcast-address` = \"" . $broadcast_address . "\", `ntp-servers` = \"" . $ntp_servers . "\", `netbios-name-servers` = \"" . $netbios_servers . "\", `default-lease-time` = \"" . $default_lease . "\", `min-lease-time` = \"" . $min_lease . "\", `max-lease-time` = \"" . $max_lease . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
}
} else {
$insert = "INSERT INTO `conf_subnets` ( `subnet`, `subnet-mask`, `dns-server-1`, `dns-server-2`, `router`, `subnet-name`, `enable-scope`, `scope-range-1`, `scope-range-2`, `bootp-filename`, `bootp_server`, `ip-forwarding`, `broadcast-address`, `ntp-servers`, `netbios-name-servers`, `default-lease-time`, `min-lease-time`, `max-lease-time` ) VALUES ( \"" . $subnet . "\",\"" . $subnet_mask . "\", \"" . $dns_server_1 . "\", \"" . $dns_server_2 . "\", \"" . $router . "\", \"" . $subnet_name . "\", \"" . $pool_name . "\", \"" . $enable_scope . "\", \"" . $scope_range_1 . "\", \"" . $scope_range_2 . "\", \"" . $bootp_filename . "\", \"" . $bootp_server . "\", \"" . $enable_forwarding . "\", \"" . $broadcast_address . "\", \"" . $ntp_servers . "\", \"" . $netbios_servers . "\", \"" . $default_lease . "\", \"" . $min_lease . "\", \"" . $max_lease . "\" )";
$update = "UPDATE `conf_subnets` SET `subnet` = \"" . $subnet . "\", `subnet-mask` = \"" . $subnet_mask . "\", `dns-server-1` = \"" . $dns_server_1 . "\", `dns-server-2` = \"" . $dns_server_2 . "\", `router` = \"" . $router . "\", `subnet-name` = \"" . $subnet_name . "\", `pool` = \"" . $pool_name . "\", `enable-scope` = \"" . $enable_scope . "\", `scope-range-1` = \"" . $scope_range_1 . "\", `scope-range-2` = \"" . $scope_range_2 . "\", `bootp-filename` = \"" . $bootp_filename . "\", `bootp-server` = \"" . $bootp_server . "\", `ip-forwarding` = \"" . $enable_forwarding . "\", `broadcast-address` = \"" . $broadcast_address . "\", `ntp-servers` = \"" . $ntp_servers . "\", `netbios-name-servers` = \"" . $netbios_servers . "\", `default-lease-time` = \"" . $default_lease . "\", `min-lease-time` = \"" . $min_lease . "\", `max-lease-time` = \"" . $max_lease . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
$mac_address = $_POST['mac_address'];
$ip_address = $_POST['ip_address'];
$subnet_name = $_POST['subnet_name'];
$pxe_group = $_POST['pxe_group'];
$search = $_POST['search'];
$modify = $_POST['modify'];
$permissions = $_POST['select_groups'];
$groups = $_POST['groups'];
// perform search if not empty
if (empty($search) && !empty($_POST['srch'])) {
$search_err = $err->GenerateErrorImg($defined['error'], "help/help.html#host_search", '800', '800');
$list = "<ol><li>Search string is empty. Allowed formats:<br>MAC Address: xx:xx:xx:xx:xx<br>IPv4 Address: xxx.xxx.xxx.xxx<br>Hostname: [0-9a-z]</li></ol>";
$error = $err->GenerateErrorLink("help/help.html", "#host_search", $defined['error'], $errors['val_host'] . $list, NULL, NULL);
} elseif (!empty($search) && !empty($_POST['srch'])) {
// perform validation on search string
if ($val->ValidateIPv4($search) !== -1 || $val->ValidateMACFormats($search) !== -1 || $val->ValidateParagraph($search) !== -1) {
// Gather all records belonging to other groups but where this user is allowed access
$sql = "SELECT * FROM `auth_group_perms` WHERE `resource` = \"hosts\"";
if (($z = $db->dbQuery($val->ValidateSQL($sql, $dbconn), $dbconn)) !== -1) {
}
// define our search query
if ($group === "admin") {
$query = "SELECT * FROM `conf_hosts` WHERE `hostname` LIKE \"" . $search . "\" OR `mac-address` LIKE \"" . $search . "\" OR `ip-address` LIKE \"" . $search . "\" ORDER BY `hostname` ASC";
} else {
$query = "SELECT * FROM `conf_hosts` WHERE `hostname` LIKE \"" . $search . "\" OR `mac-address` LIKE \"" . $search . "\" OR `ip-address` LIKE \"" . $search . "\" HAVING `group` = \"" . $group . "\" ORDER BY `hostname` ASC";
}
// process our query
if (($value = $db->dbQuery($val->ValidateSQL($query, $dbconn), $dbconn)) === -1) {
$error = $err->GenerateErrorLink("help/help.html", "#host_search", $defined['error'], $errors['db_search_err'], NULL, NULL);
} else {
// process results of search
$assigned_subnet = $data[0]['assigned-subnet'];
}
}
}
// begin our validation on submitted data
if (!empty($_POST)) {
// re-assign vars for processing and template assignment
$id = $_POST['id'];
$pxe_group_name = $_POST['pxe_group_name'];
$pxe_server = $_POST['pxe_server'];
$bootp_filename = $_POST['bootp_filename'];
$assigned_subnet = $_POST['assigned_subnet'];
// check each post element
if (!empty($pxe_group_name) && !empty($pxe_server) && !empty($bootp_filename)) {
// begin validation of configuration options
if ($val->ValidateString($pxe_group_name) !== -1 && ($val->ValidateIPv4($pxe_server) !== -1 || $val->ValidateDomain($pxe_server) !== -1) && $val->ValidateParagraph($bootp_filename) !== -1 || $val->ValidateParagraph($assigned_subnet) !== -1) {
// define our sql statements (filter out the group field if user group is admin)
if ($group === "admin") {
$insert = "INSERT INTO `conf_pxe_groups` ( `pxe-group-name`, `pxe-server`, `bootp-filename`, `assigned-subnet` ) VALUES ( \"" . $pxe_group_name . "\",\"" . $pxe_server . "\", \"" . $bootp_filename . "\", \"" . $assigned_subnet . "\" )";
$update = "UPDATE `conf_pxe_groups` SET `pxe-group-name` = \"" . $pxe_group_name . "\", `pxe-server` = \"" . $pxe_server . "\", `bootp-filename` = \"" . $bootp_filename . "\", `assigned-subnet` = \"" . $assigned_subnet . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
} else {
$insert = "INSERT INTO `conf_pxe_groups` ( `pxe-group-name`, `pxe-server`, `bootp-filename`, `assigned-subnet`, `group` ) VALUES ( \"" . $pxe_group_name . "\",\"" . $pxe_server . "\", \"" . $bootp_filename . "\", \"" . $assigned_subnet . "\", \"" . $group . "\" )";
$update = "UPDATE `conf_pxe_groups` SET `pxe-group-name` = \"" . $pxe_group_name . "\", `pxe-server` = \"" . $pxe_server . "\", `bootp-filename` = \"" . $bootp_filename . "\", `assigned-subnet` = \"" . $assigned_subnet . "\", `group` = \"" . $group . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
}
$delete = "DELETE FROM `conf_pxe_groups` WHERE `id` = \"" . $id . "\" LIMIT 1";
$update_hosts = "UPDATE `conf_hosts` SET `pxe-group` = \"\" WHERE `pxe-group` = \"" . $pxe_group_name . "\"";
// determine which button was clicked
if (!empty($_POST['AddPXEGroup'])) {
$query = $insert;
$db_msg_good = $errors['db_insert'];
$db_msg_err = $errors['db_insert_err'];
