$id = $_POST['id'];
$peer_name = $_POST['peer_name'];
$primary = $_POST['primary'];
$address = $_POST['address'];
$port = $_POST['port'];
$peer_address = $_POST['peer_address'];
$peer_port = $_POST['peer_port'];
$max_response_delay = $_POST['max_response_delay'];
$max_unacked_updates = $_POST['max_unacked_updates'];
$mclt = $_POST['mclt'];
$split = $_POST['split'];
$load_balance_max_seconds = $_POST['load_balance_max_seconds'];
// check each post element
if (!empty($peer_name) && !empty($primary) && !empty($address) && !empty($port) && !empty($peer_address) && !empty($peer_port)) {
// begin validation of configuration options
if ($val->ValidateDomain($peer_name) !== -1 && $val->ValidateString($primary) !== -1 && $val->ValidateDomain($address) !== -1 && $val->ValidateInteger($port) !== -1 && $val->ValidateDomain($peer_address) !== -1 && $val->ValidateInteger($peer_port) !== -1 && $val->ValidateInteger($max_response_delay) !== -1 && $val->ValidateInteger($max_unacked_updates) !== -1 && $val->ValidateInteger($mclt) !== -1 && $val->ValidateInteger($split) !== -1 && $val->ValidateInteger($load_balance_max_seconds) !== -1) {
// define our sql statements
$insert = "INSERT INTO `conf_failover` ( `peer name`, `type`, `address`, `port`, `peer address`, `peer port`, `max-response-delay`, `max-unacked-updates`, `mclt`, `split`, `load balance max seconds` ) VALUES ( \"" . $peer_name . "\",\"" . $primary . "\", \"" . $address . "\", \"" . $port . "\", \"" . $peer_address . "\", \"" . $peer_port . "\", \"" . $max_response_delay . "\", \"" . $max_unacked_updates . "\", \"" . $mclt . "\", \"" . $split . "\", \"" . $load_balance_max_seconds . "\" )";
$update = "UPDATE `conf_failover` SET `peer name` = \"" . $peer_name . "\", `type` = \"" . $primary . "\", `address` = \"" . $address . "\", `port` = \"" . $port . "\", `peer address` = \"" . $peer_address . "\", `peer port` = \"" . $peer_port . "\", `max-response-delay` = \"" . $max_response_delay . "\", `max-unacked-updates` = \"" . $max_unacked_updates . "\", `mclt` = \"" . $mclt . "\", `split` = \"" . $split . "\", `load balance max seconds` = \"" . $load_balance_max_seconds . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
$delete = "DELETE FROM `conf_failover` WHERE `id` = \"" . $id . "\" LIMIT 1";
// determine which button was clicked
if (!empty($_POST['AddFailOverOpts'])) {
$query = $insert;
$db_msg_good = $errors['db_insert'];
$db_msg_err = $errors['db_insert_err'];
}
if (!empty($_POST['EditFailOverOpts'])) {
$query = $update;
$db_msg_good = $errors['db_edit'];
$db_msg_err = $errors['db_edit_err'];
}
// get an array of subnets the ISC DHCPD service may listen on
$query = "SELECT `name`, `broadcast` FROM `conf_adapters` ORDER BY `broadcast` ASC";
if (($value = $db->dbQuery($val->ValidateSQL($query, $dbconn), $dbconn)) === -1) {
$error = $err->GenerateErrorLink("help/help.html", "#config_subnets", $defined['error'], $errors['db_select'], NULL, NULL);
} else {
$tmp = $db->dbArrayResultsAssoc($value);
// filter for empty stuff
for ($x = 0; $x < count($tmp); $x++) {
if (!empty($tmp[$x]['broadcast'])) {
$interface_list[$tmp[$x]['name']] = $tmp[$x]['broadcast'];
}
}
}
// Look for a GET id post to edit existing dnssec keys
if (!empty($_GET['id'])) {
if ($val->ValidateInteger($_GET['id']) === -1) {
$error = $err->GenerateErrorLink("help/help.html", "#config_pools", $defined['error'], $errors['val_num'], NULL, NULL);
} else {
// populate the form with database information if already configured
if ($group === "admin") {
$query = "SELECT * FROM `conf_pools` WHERE `id` = \"" . $_GET['id'] . "\" LIMIT 1";
} else {
$query = "SELECT * FROM `conf_pools` WHERE `group` = \"" . $group . "\" AND `id` = \"" . $_GET['id'] . "\" LIMIT 1";
}
if (($value = $db->dbQuery($val->ValidateSQL($query, $dbconn), $dbconn)) === -1) {
$error = $err->GenerateErrorLink("help/help.html", "#config_pools", $defined['error'], $errors['db_select'], NULL, NULL);
} else {
$data = $db->dbArrayResultsAssoc($value);
$id = $data[0]['id'];
$pool_name = $data[0]['pool-name'];
$dns_server_1 = $data[0]['dns-server-1'];
$default_lease_time = $_POST['default_lease_time'];
$max_lease_time = $_POST['max_lease_time'];
$time_offset = $_POST['time_offset'];
$routers = $_POST['routers'];
$lpr_server_list = $_POST['lpr_server_list'];
$broadcast_addr = $_POST['broadcast_addr'];
$subnet_mask_addr = $_POST['subnet_mask_addr'];
$server_ident = $_POST['server_ident'];
$time_serv = $_POST['time_serv'];
$ddns_update_style = $_POST['ddns_update_style'];
$authoritative = $_POST['authoritative'];
$bootp = $_POST['bootp'];
// check each post element
if (!empty($domain_name) && !empty($default_lease_time) && !empty($max_lease_time) && (!empty($ddns_update_style) || $ddns_update_style === "---------") && (!empty($authoritative) || $authoritative === "---------") && (!empty($bootp) || $bootp === "---------")) {
// begin validation of configuration options
if ($val->ValidateDomain($domain_name) !== -1 && $val->ValidateParagraph($dns_server_list) !== -1 && $val->ValidateInteger($default_lease_time) !== -1 && $val->ValidateInteger($max_lease_time) !== -1 && $val->ValidateParagraph($routers) !== -1 && $val->ValidateParagraph($ddns_update_style) !== -1 && $val->ValidateString($authoritative) !== -1 && $val->ValidateString($bootp) !== -1) {
// define our sql statements
$insert = "INSERT INTO `conf_global_opts` ( `option domain-name`, `option subnet-mask`, `default-lease-time`, `max-lease-time`, `option time-offset`, `option routers`, `option domain-name-servers`, `option lpr-servers`, `option-broadcast-addr`, `server-identifier`, `option time-serv`, `ddns-update-style`, `authoritative`, `bootp` ) VALUES ( \"" . $domain_name . "\", \"" . $subnet_mask_addr . "\", \"" . $default_lease_time . "\", \"" . $max_lease_time . "\", \"" . $time_offset . "\", \"" . $routers . "\", \"" . $dns_server_list . "\", \"" . $lpr_server_list . "\", \"" . $broadcast_addr . "\", \"" . $server_ident . "\", \"" . $time_serv . "\", \"" . $ddns_update_style . "\", \"" . $authoritative . "\", \"" . $bootp . "\" )";
$update = "UPDATE `conf_global_opts` SET `option domain-name` = \"" . $domain_name . "\", `option subnet-mask` = \"" . $subnet_mask_addr . "\", `default-lease-time` = \"" . $default_lease_time . "\", `max-lease-time` = \"" . $max_lease_time . "\", `option time-offset` = \"" . $time_offset . "\", `option routers` = \"" . $routers . "\", `option domain-name-servers` = \"" . $dns_server_list . "\", `option lpr-servers` = \"" . $lpr_server_list . "\", `option-broadcast-addr` = \"" . $broadcast_addr . "\", `server-identifier` = \"" . $server_ident . "\", `option time-serv` = \"" . $time_serv . "\", `ddns-update-style` = \"" . $ddns_update_style . "\", `authoritative` = \"" . $authoritative . "\", `bootp` = \"" . $bootp . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
$delete = "DELETE FROM `conf_global_opts` WHERE `id` = \"" . $id . "\" LIMIT 1";
// determine which button was clicked
if (!empty($_POST['AddGlobalConfOpts'])) {
$query = $insert;
$db_msg_good = $errors['db_insert'];
$db_msg_err = $errors['db_insert_err'];
}
if (!empty($_POST['EditGlobalConfOpts'])) {
$query = $update;
$db_msg_good = $errors['db_edit'];
$db_msg_err = $errors['db_edit_err'];
}
$JS = " hidediv('extras'); hidediv('perms');";
$FILE = "manage.leases.tpl";
// initialize a db connection handle
$dbconn = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']);
// provide count of online users
$online = "SELECT * FROM `admin_sessions`";
$ret = $db->dbQuery($val->ValidateSQL($online, $dbconn), $dbconn);
$usersoline = $db->dbNumRows($ret);
// decode our authentication token to get our group membership
$user_details = $encrypt->DecodeAuthToken($_SESSION['token']);
$group = base64_decode($user_details[3]);
// attempt to process leases if file changed
$misc->GetCurrentLeases($defined['leases']);
// Look for a GET id post to edit existing dnssec keys
if (!empty($_GET['id'])) {
if ($val->ValidateInteger($_GET['id']) === -1) {
$error = $err->GenerateErrorLink("help/help.html", "#lease_search", $defined['error'], $errors['val_num'], NULL, NULL);
} else {
// populate the form with database information if already configured
if ($group === "admin") {
$query = "SELECT * FROM `conf_leases` WHERE `id` = \"" . $_GET['id'] . "\" LIMIT 1";
} else {
$query = "SELECT * FROM `conf_leases` WHERE `group` = \"" . $group . "\" AND `id` = \"" . $_GET['id'] . "\" LIMIT 1";
}
if (($value = $db->dbQuery($val->ValidateSQL($query, $dbconn), $dbconn)) === -1) {
$error = $err->GenerateErrorLink("help/help.html", "#lease_search", $defined['error'], $errors['db_select'], NULL, NULL);
} else {
$data = $db->dbArrayResultsAssoc($value);
$id = $data[0]['id'];
$hostname = $data[0]['hostname'];
$hardware = $data[0]['hardware'];
}
}
/* get array of resources available for this users group membership */
if ($group === "admin") {
$sql = "SELECT * FROM `auth_groups_perms` WHERE `type` = \"subnet\" AND `allowed` = \"" . $group . "\"";
} else {
$sql = "SELECT * FROM `auth_groups_perms` WHERE `type` = \"subnet\"";
}
if (($x = $db->dbQuery($val->ValidateSQL($sql, $dbconn), $dbconn)) !== -1) {
if ($db->dbNumRows($x) > 0) {
$resources = $db->dbArrayResultsAssoc($x);
}
}
// Look for a GET id post to edit existing dnssec keys
if (!empty($_GET['id'])) {
if ($val->ValidateInteger($_GET['id']) === -1) {
$error = $err->GenerateErrorLink("help/help.html", "#config_subnets", $defined['error'], $errors['val_num'], NULL, NULL);
} else {
// populate the form with database information if already configured
$query = "SELECT * FROM `conf_subnets` WHERE `id` = \"" . $_GET['id'] . "\" LIMIT 1";
if (($value = $db->dbQuery($val->ValidateSQL($query, $dbconn), $dbconn)) === -1) {
$error = $err->GenerateErrorLink("help/help.html", "#config_subnets", $defined['error'], $errors['db_select'], NULL, NULL);
} else {
$data = $db->dbArrayResultsAssoc($value);
/* check resource permissions */
if ($group !== "admin") {
$resource = "SELECT * FROM `auth_groups_perms` WHERE ( `group` != \"" . $group . "\" OR `allowed` = \"" . $group . "\" ) AND `resource` = \"" . $data[0]['subnet-name'] . "\"";
} else {
$resource = "SELECT * FROM `auth_groups_perms` WHERE `resource` = \"" . $data[0]['subnet-name'] . "\"";
}
if (($value = $db->dbQuery($val->ValidateSQL($resource, $dbconn), $dbconn)) === -1) {
if ($level->ChkLevel($_SESSION['token']) === "admin" || $level->ChkLevel($_SESSION['token']) === "user") {
// define some variables for the template etc.
$JS = " hidediv('perms');";
$FILE = "manage.hosts.tpl";
// initialize a db connection handle
$dbconn = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']);
// provide count of online users
$online = "SELECT * FROM `admin_sessions`";
$ret = $db->dbQuery($val->ValidateSQL($online, $dbconn), $dbconn);
$usersoline = $db->dbNumRows($ret);
// decode our authentication token to get our group membership
$user_details = $encrypt->DecodeAuthToken($_SESSION['token']);
$group = base64_decode($user_details[3]);
// Look for a GET id post to edit existing host records
if (!empty($_GET['id'])) {
if ($val->ValidateInteger($_GET['id']) === -1) {
$error = $err->GenerateErrorLink("help/help.html", "#host_search", $defined['error'], $errors['val_num'], NULL, NULL);
} else {
// populate the form with database information if already configured
if ($group === "admin" || !empty($_GET['allow']) && $val->ValidateInteger($_GET['allow']) === 0) {
$query = "SELECT * FROM `conf_hosts` WHERE `id` = \"" . $_GET['id'] . "\" LIMIT 1";
} else {
$query = "SELECT * FROM `conf_hosts` WHERE `group` = \"" . $group . "\" AND `id` = \"" . $_GET['id'] . "\" LIMIT 1";
}
if (($value = $db->dbQuery($val->ValidateSQL($query, $dbconn), $dbconn)) === -1) {
$error = $err->GenerateErrorLink("help/help.html", "#host_search", $defined['error'], $errors['db_select'], NULL, NULL);
} else {
$data = $db->dbArrayResultsAssoc($value);
/* check resource permissions */
if ($group !== "admin") {
$resource = "SELECT * FROM `auth_groups_perms` WHERE ( `group` = \"" . $group . "\" OR `allowed` = \"" . $group . "\" ) AND `type` = \"host\" AND `resource` = \"" . $data[0]['mac-address'] . "\"";
$emp = "TRUE";
$err1[$i]['substring'] = $e;
$listop_empty .= "<li>The substring start field is empty</li>";
}
if (empty($class_opts[$i]['substring_end'])) {
$emp = "TRUE";
$err1[$i]['substring'] = $e;
$listop_empty .= "<li>The substring end field is empty</li>";
}
if (empty($class_opts[$i]['substr_regex'])) {
$emp = "TRUE";
$err1[$i]['substr_regex'] = $e;
$listop_empty .= "<li>The regex field is empty</li>";
}
// check formating of data to provide errors
if ($val->ValidateInteger($class_opts[$i]['substring_start']) === -1) {
$err1[$i]['substring'] = $e;
$stop = "TRUE";
$listop_val .= "<li>The substring start field is invalid, integers only</li>";
}
if ($val->ValidateInteger($class_opts[$i]['substring_end']) === -1) {
$err1[$i]['substring'] = $e;
$stop = "TRUE";
$listop_val .= "<li>The substring end field is invalid, integers only</li>";
}
if ($val->ValidateAlphaChar($class_opts[$i]['substr_regex']) === -1) {
$err1[$i]['substr_regex'] = $e;
$stop = "TRUE";
$listop_val .= "<li>The regex field is invalid, alpha numeric characters only</li>";
}
}
