$tmp[$row]['mac_address'] = $data[2];
$tmp[$row]['subnet'] = $data[3];
$tmp[$row]['pxe_group'] = $data[4];
}
}
// check for xml extension
if (eregi(".*\\.[xml]", $upload_path)) {
}
// loop over our array and assign data to our template
for ($x = 1; $x <= count($tmp); $x++) {
// open an ordered list
$list .= "<ol>";
// check each post element
if (!empty($tmp[$x]['hostname']) && !empty($tmp[$x]['mac_address']) && !empty($tmp[$x]['ip_address'])) {
// begin validation of file contents
if ($val->ValidateParagraph($tmp[$x]['hostname']) !== -1 && $val->ValidateMACFormats($tmp[$x]['mac_address']) !== -1 && $val->ValidateIPv4($tmp[$x]['ip_address']) !== -1 && $val->ValidateParagraph($tmp[$x]['subnet']) !== -1 && $val->ValidateParagraph($tmp[$x]['pxe_group']) !== -1) {
// generate our sql command
$insert = "INSERT INTO `conf_hosts` ( `hostname`, `mac-address`, `ip-address`, `subnet-name`, `pxe-group` ) VALUES ( \"" . $tmp[$x]['hostname'] . "\",\"" . $tmp[$x]['mac_address'] . "\", \"" . $tmp[$x]['ip_address'] . "\", \"" . $tmp[$x]['subnet'] . "\", \"" . $tmp[$x]['pxe_group'] . "\" )";
// insert records or prompt for duplicate errors
if (($value = $db->dbQuery($val->ValidateSQL($insert, $dbconn), $dbconn)) === -1) {
// found an existing record?
if (eregi("duplicate", $db->dbCatchError())) {
// assign an error message
$error = $err->GenerateErrorLink("help/help.html", "#import_host", $defined['error'], "Duplicate records found during import, please review and modify the data below accordingly.", NULL, NULL);
// since we have a duplicate and not an invalid record give them the correct template
$error_template = "admin.import.hosts.errors.tpl";
// find the duplicate record so the user can edit it
$find = "SELECT * FROM `conf_hosts` WHERE `hostname` = \"" . $tmp[$x]['hostname'] . "\" OR `mac-address` = \"" . $tmp[$x]['mac_address'] . "\" OR `ip-address` = \"" . $tmp[$x]['mac_address'] . "\" LIMIT 1";
if (($value = $db->dbQuery($val->ValidateSQL($find, $dbconn), $dbconn)) === -1) {
$error = $err->GenerateErrorLink("help/help.html", "#import_host", $defined['error'], "An error occured when attempting to lookup the duplicate record in which '" . $tmp[$x]['hostname'] . "' conflicts with.", NULL, NULL);
} else {
$allow_deny_op = $_POST['allow_deny_op'];
$enable_forwarding = $_POST['enable_forwarding'];
$scope_range_1 = $_POST['scope_range_1'];
$scope_range_2 = $_POST['scope_range_2'];
$bootp_filename = $_POST['bootp_filename'];
$bootp_server = $_POST['bootp_server'];
$broadcast_address = $_POST['broadcast_address'];
$ntp_servers = $_POST['ntp_servers'];
$netbios_servers = $_POST['netbios_servers'];
$default_lease = $_POST['default_lease'];
$min_lease = $_POST['min_lease'];
$max_lease = $_POST['max_lease'];
// check each post element
if (!empty($pool_name) && !empty($dns_server_1) && !empty($dns_server_2) && !empty($scope_range_1) && !empty($scope_range_2)) {
// begin validation of configuration options
if ($val->ValidateString($pool_name) !== -1 && $val->ValidateDomain($dns_server_1) !== -1 && $val->ValidateDomain($dns_server_2) !== -1 && $val->ValidateIPv4($router) !== -1 && $val->ValidateIPv4($scope_range_1) !== -1 && $val->ValidateIPv4($scope_range_2) !== -1 && $val->ValidateParagraph($bootp_filename) !== -1 && $val->ValidateDomain($bootp_server) !== -1 && $val->ValidateString($allow_deny) !== -1 && $val->ValidateParagraph($allow_deny_op) !== -1 && $val->ValidateString($enable_forwarding) !== -1 && $val->ValidateDomain($broadcast_address) !== -1 && $val->ValidateDomain($ntp_servers) !== -1 && $val->ValidateDomain($netbios_servers) !== -1 && $val->ValidateInteger($default_lease) !== -1 && $val->ValidateInteger($min_lease) !== -1 && $val->ValidateInteger($max_lease) !== -1 && $val->ValidateBroadcast2List($interface_list, $scope_range_1) === 0 && $val->ValidateBroadcast2List($interface_list, $scope_range_2) === 0) {
// define our sql statements (exclude the group field if user is member of admin group)
if ($group !== "admin") {
$insert = "INSERT INTO `conf_pools` ( `pool-name`, `dns-server-1`, `dns-server-2`, `router`, `scope-range-1`, `scope-range-2`, `allow-deny`, `allow-deny-options`, `ip-forwarding`, `broadcast-address`, `ntp-servers`, `netbios-name-servers`, `default-lease-time`, `min-lease-time`, `max-lease-time`, `group` ) VALUES ( \"" . $pool_name . "\", \"" . $dns_server_1 . "\", \"" . $dns_server_2 . "\", \"" . $router . "\", \"" . $scope_range_1 . "\", \"" . $scope_range_2 . "\", \"" . $allow_deny . "\", \"" . $allow_deny_op . "\", \"" . $enable_forwarding . "\", \"" . $broadcast_address . "\", \"" . $ntp_servers . "\", \"" . $netbios_servers . "\", \"" . $default_lease . "\", \"" . $min_lease . "\", \"" . $max_lease . "\", \"" . $group . "\" )";
$update = "UPDATE `conf_pools` SET `pool-name` = \"" . $pool_name . "\", `dns-server-1` = \"" . $dns_server_1 . "\", `dns-server-2` = \"" . $dns_server_2 . "\", `router` = \"" . $router . "\", `scope-range-1` = \"" . $scope_range_1 . "\", `scope-range-2` = \"" . $scope_range_2 . "\", `allow-deny` = \"" . $allow_deny . "\", `allow-deny-options` = \"" . $allow_deny_op . "\", `ip-forwarding` = \"" . $enable_forwarding . "\", `broadcast-address` = \"" . $broadcast_address . "\", `ntp-servers` = \"" . $ntp_servers . "\", `netbios-name-servers` = \"" . $netbios_servers . "\", `default-lease-time` = \"" . $default_lease . "\", `min-lease-time` = \"" . $min_lease . "\", `max-lease-time` = \"" . $max_lease . "\", `group` = \"" . $group . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
} else {
$insert = "INSERT INTO `conf_pools` ( `pool-name`, `dns-server-1`, `dns-server-2`, `router`, `scope-range-1`, `scope-range-2`, `bootp-filename`, `bootp-server`, `allow-deny`, `allow-deny-options`, `ip-forwarding`, `broadcast-address`, `ntp-servers`, `netbios-name-servers`, `default-lease-time`, `min-lease-time`, `max-lease-time` ) VALUES ( \"" . $pool_name . "\", \"" . $dns_server_1 . "\", \"" . $dns_server_2 . "\", \"" . $router . "\", \"" . $scope_range_1 . "\", \"" . $scope_range_2 . "\", \"" . $bootp_filename . "\", \"" . $bootp_server . "\", \"" . $allow_deny . "\", \"" . $allow_deny_op . "\", \"" . $enable_forwarding . "\", \"" . $broadcast_address . "\", \"" . $ntp_servers . "\", \"" . $netbios_servers . "\", \"" . $default_lease . "\", \"" . $min_lease . "\", \"" . $max_lease . "\" )";
$update = "UPDATE `conf_pools` SET `pool-name` = \"" . $pool_name . "\", `dns-server-1` = \"" . $dns_server_1 . "\", `dns-server-2` = \"" . $dns_server_2 . "\", `router` = \"" . $router . "\", `scope-range-1` = \"" . $scope_range_1 . "\", `scope-range-2` = \"" . $scope_range_2 . "\", `bootp-filename` = \"" . $bootp_filename . "\", `bootp-server` = \"" . $bootp_server . "\", `allow-deny` = \"" . $allow_deny . "\", `allow-deny-options` = \"" . $allow_deny_op . "\", `ip-forwarding` = \"" . $enable_forwarding . "\", `broadcast-address` = \"" . $broadcast_address . "\", `ntp-servers` = \"" . $ntp_servers . "\", `netbios-name-servers` = \"" . $netbios_servers . "\", `default-lease-time` = \"" . $default_lease . "\", `min-lease-time` = \"" . $min_lease . "\", `max-lease-time` = \"" . $max_lease . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
}
$delete = "DELETE FROM `conf_pools` WHERE `id` = \"" . $id . "\" LIMIT 1";
// determine which button was clicked
if (!empty($_POST['AddPool'])) {
$query = $insert;
$db_msg_good = $errors['db_insert'];
$db_msg_err = $errors['db_insert_err'];
}
$default_lease_time = $_POST['default_lease_time'];
$max_lease_time = $_POST['max_lease_time'];
$time_offset = $_POST['time_offset'];
$routers = $_POST['routers'];
$lpr_server_list = $_POST['lpr_server_list'];
$broadcast_addr = $_POST['broadcast_addr'];
$subnet_mask_addr = $_POST['subnet_mask_addr'];
$server_ident = $_POST['server_ident'];
$time_serv = $_POST['time_serv'];
$ddns_update_style = $_POST['ddns_update_style'];
$authoritative = $_POST['authoritative'];
$bootp = $_POST['bootp'];
// check each post element
if (!empty($domain_name) && !empty($default_lease_time) && !empty($max_lease_time) && (!empty($ddns_update_style) || $ddns_update_style === "---------") && (!empty($authoritative) || $authoritative === "---------") && (!empty($bootp) || $bootp === "---------")) {
// begin validation of configuration options
if ($val->ValidateDomain($domain_name) !== -1 && $val->ValidateParagraph($dns_server_list) !== -1 && $val->ValidateInteger($default_lease_time) !== -1 && $val->ValidateInteger($max_lease_time) !== -1 && $val->ValidateParagraph($routers) !== -1 && $val->ValidateParagraph($ddns_update_style) !== -1 && $val->ValidateString($authoritative) !== -1 && $val->ValidateString($bootp) !== -1) {
// define our sql statements
$insert = "INSERT INTO `conf_global_opts` ( `option domain-name`, `option subnet-mask`, `default-lease-time`, `max-lease-time`, `option time-offset`, `option routers`, `option domain-name-servers`, `option lpr-servers`, `option-broadcast-addr`, `server-identifier`, `option time-serv`, `ddns-update-style`, `authoritative`, `bootp` ) VALUES ( \"" . $domain_name . "\", \"" . $subnet_mask_addr . "\", \"" . $default_lease_time . "\", \"" . $max_lease_time . "\", \"" . $time_offset . "\", \"" . $routers . "\", \"" . $dns_server_list . "\", \"" . $lpr_server_list . "\", \"" . $broadcast_addr . "\", \"" . $server_ident . "\", \"" . $time_serv . "\", \"" . $ddns_update_style . "\", \"" . $authoritative . "\", \"" . $bootp . "\" )";
$update = "UPDATE `conf_global_opts` SET `option domain-name` = \"" . $domain_name . "\", `option subnet-mask` = \"" . $subnet_mask_addr . "\", `default-lease-time` = \"" . $default_lease_time . "\", `max-lease-time` = \"" . $max_lease_time . "\", `option time-offset` = \"" . $time_offset . "\", `option routers` = \"" . $routers . "\", `option domain-name-servers` = \"" . $dns_server_list . "\", `option lpr-servers` = \"" . $lpr_server_list . "\", `option-broadcast-addr` = \"" . $broadcast_addr . "\", `server-identifier` = \"" . $server_ident . "\", `option time-serv` = \"" . $time_serv . "\", `ddns-update-style` = \"" . $ddns_update_style . "\", `authoritative` = \"" . $authoritative . "\", `bootp` = \"" . $bootp . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
$delete = "DELETE FROM `conf_global_opts` WHERE `id` = \"" . $id . "\" LIMIT 1";
// determine which button was clicked
if (!empty($_POST['AddGlobalConfOpts'])) {
$query = $insert;
$db_msg_good = $errors['db_insert'];
$db_msg_err = $errors['db_insert_err'];
}
if (!empty($_POST['EditGlobalConfOpts'])) {
$query = $update;
$db_msg_good = $errors['db_edit'];
$db_msg_err = $errors['db_edit_err'];
}
if (!empty($_POST)) {
// re-assign vars for processing and template assignment
$id = $_POST['id'];
$option_space = $_POST['option_space'];
$mtftp_ip = $_POST['mtftp_ip'];
$mtftp_cport = $_POST['mtftp_cport'];
$mtftp_sport = $_POST['mtftp_sport'];
$mtftp_tmout = $_POST['mtftp_tmout'];
$mtftp_delay = $_POST['mtftp_delay'];
$discovery_control = $_POST['discovery_control'];
$discovery_mcast_addr = $_POST['discovery_mcast_addr'];
$pxe_enabled = $_POST['pxe_enabled'];
// check each post element
if (!empty($pxe_enabled) && !empty($option_space) && !empty($mtftp_ip) && !empty($mtftp_cport) && !empty($mtftp_sport) && !empty($mtftp_tmout) && !empty($mtftp_delay) && !empty($discovery_control) && !empty($discovery_mcast_addr)) {
// begin validation of configuration options
if ($val->ValidateString($pxe_enabled) !== -1 && $val->ValidateParagraph($option_space) !== -1 && $val->ValidateParagraph($mtftp_ip) !== -1 && $val->ValidateParagraph($mtftp_cport) !== -1 && $val->ValidateParagraph($mtftp_sport) !== -1 && $val->ValidateParagraph($mtftp_tmout) !== -1 && $val->ValidateParagraph($mtftp_delay) !== -1 && $val->ValidateParagraph($discovery_control) !== -1 && $val->ValidateParagraph($discovery_mcast_addr) !== -1) {
// define our sql statements
$insert = "INSERT INTO `conf_pxe_opts` ( `option-space`, `mtftp-ip`, `mtftp-cport`, `mtftp-sport`, `mtftp-tmout`, `mtftp-delay`, `discovery-control`, `discovery-mcast-addr`, `pxe-enabled` ) VALUES ( \"" . $option_space . "\",\"" . $mtftp_ip . "\", \"" . $mtftp_cport . "\", \"" . $mtftp_sport . "\", \"" . $mtftp_tmout . "\", \"" . $mtftp_delay . "\", \"" . $discovery_control . "\", \"" . $discovery_mcast_addr . "\", \"" . $pxe_enabled . "\" )";
$update = "UPDATE `conf_pxe_opts` SET `option-space` = \"" . $option_space . "\", `mtftp-ip` = \"" . $mtftp_ip . "\", `mtftp-cport` = \"" . $mtftp_cport . "\", `mtftp-sport` = \"" . $mtftp_sport . "\", `mtftp-tmout` = \"" . $mtftp_tmout . "\", `mtftp-delay` = \"" . $mtftp_delay . "\", `discovery-control` = \"" . $discovery_control . "\", `discovery-mcast-addr` = \"" . $discovery_mcast_addr . "\", `pxe-enabled` = \"" . $pxe_enabled . "\" LIMIT 1";
$delete = "DELETE FROM `conf_pxe_opts` WHERE `id` = \"" . $id . "\" LIMIT 1";
// determine which button was clicked
if (!empty($_POST['AddPXEConfOpts'])) {
$query = $insert;
$db_msg_good = $errors['db_insert'];
$db_msg_err = $errors['db_insert_err'];
}
if (!empty($_POST['EditPXEConfOpts'])) {
$query = $update;
$db_msg_good = $errors['db_edit'];
$db_msg_err = $errors['db_edit_err'];
}
$err = new GenerateErrors();
$val = new ValidateStrings();
$misc = new MiscFunctions();
// Assign some defaults since nothing is configured
$TITLE = "phpDHCPAdmin-0.9.5-beta Setup Wizard";
$STYLE = "../templates/black";
$DESCRIPTION = "I am here to help you import the database structure and setup the application defaults";
$DISCLAIMER = "All rights reserved 2009 ® Jason Gerfen";
$TABLES = array('admin_backup_conf', 'admin_config_algorithm', 'admin_logs', 'admin_sessions', 'auth_groups', 'auth_levels', 'auth_users', 'conf_adapters', 'conf_classes', 'conf_classes_options', 'conf_classes_opts', 'conf_dnssec_opts', 'conf_dns_opts', 'conf_failover', 'conf_global_opts', 'conf_hosts', 'conf_leases', 'conf_leases_properties', 'conf_pools', 'conf_pxe_groups', 'conf_pxe_opts', 'conf_shared_networks', 'conf_subnets', 'conf_traffic');
$REGEX = array('/\\$defined[\'hostname\']\\s\\s\\s\\s=\\s\\"\\";/', '/\\$defined[\'dbhost\']\\s\\s\\s\\s\\s\\s=\\s\\"localhost\\";/', '/\\$defined[\'username\']\\s\\s\\s\\s=\\s\\"\\";/', '/\\$defined[\'password\']\\s\\s\\s\\s=\\s\\"\\";/', '/\\$defined[\'mail\']\\s\\s\\s\\s\\s\\s\\s\\s=\\s\\"\\";/', '/\\$defined[\'virpath\']\\s\\s\\s\\s\\s=\\s\\"\\";/');
// lets process the form
if (!empty($_POST)) {
// make sure we have a complete form submission
if (!empty($_POST['mysql_root_user']) && !empty($_POST['mysql_root_passwd']) && !empty($_POST['defined_hostname']) && !empty($_POST['mysql_server_address']) && !empty($_POST['mysql_server_username']) && !empty($_POST['mysql_server_password']) && !empty($_POST['configuration_path']) && !empty($_POST['admin_email'])) {
// ensure nothing screwy is going on in regards to input
if ($val->ValidateString($_POST['mysql_root_user']) !== -1 && $val->ValidateParagraph($_POST['mysql_root_passwd']) !== -1 && $val->ValidateDomain($_POST['defined_hostname']) !== -1 && $val->ValidateDomain($_POST['mysql_server_address']) !== -1 && $val->ValidateParagraph($_POST['mysql_server_username']) !== -1 && $val->ValidateParagraph($_POST['mysql_server_password']) !== -1 && $val->ValidateParagraph($_POST['configuration_path']) !== -1 && $val->ValidateEmail($_POST['admin_email']) !== -1) {
// ensure our root username & password is correct
$dbconn = $db->dbConnectOnly($_POST['mysql_server_address'], $_POST['mysql_root_user'], $_POST['mysql_root_passwd']);
echo $db->dbCatchError();
if ($dbconn === -1) {
$error = $err->GenerateErrorLink("../help/help.html", "#app_setup", '../templates/images/error.jpg', "Error connecting to the database during initial connection. Wrong username/password combination", NULL, NULL);
} else {
// perform our .sql file import (this fails if it exists already)
$cmd = "mysql -u " . $_POST['mysql_root_user'] . " --password="******" < phpDHCPAdmin.sql";
`{$cmd}`;
// create a default user based on the form input
$dbconn = $db->dbConnect($_POST['mysql_server_address'], $_POST['mysql_root_user'], $_POST['mysql_root_passwd'], 'phpDHCPAdmin');
if ($dbconn === -1) {
$error = $err->GenerateErrorLink("../help/help.html", "#app_setup", '../templates/images/error.jpg', "Error connecting to the database. Wrong username/password combination", NULL, NULL);
} else {
$query = "GRANT SELECT,INSERT,UPDATE,DELETE,INDEX,REFERENCES ON phpDHCPAdmin.* TO '" . $_POST['mysql_server_username'] . "'@'" . $_POST['mysql_server_address'] . "' IDENTIFIED BY '" . $_POST['mysql_server_password'] . "'";
}
} else {
$error = $err->GenerateErrorLink("help/help.html", "#lease_search", $defined['error'], $errors['sql_empty'], NULL, NULL);
}
}
} else {
$search_err = $err->GenerateErrorImg($defined['error'], "help/help.html#lease_search", '800', '800');
$list = "<ol><li>Search string is invalid. Allowed formats:<br>MAC Address: xx:xx:xx:xx:xx<br>IPv4 Address: xxx.xxx.xxx.xxx<br>Hostname: [0-9a-z]</li></ol>";
$error = $err->GenerateErrorLink("help/help.html", "#lease_search", $defined['error'], $errors['val_host'] . $list, NULL, NULL);
}
}
} else {
// check each post element
if (!empty($hardware) && !empty($ip) && !empty($start) && !empty($end)) {
// begin validation of configuration options
if ($val->ValidateMACFormats($hardware) !== -1 && $val->ValidateIPv4($ip) !== -1 && ($val->ValidateParagraph($start) !== -1 || $val->ValidateParagraph($end) !== -1)) {
// since no errors for the mac address were recieved assign the *possibly fixed value
$mac_address = $val->ValidateMACFormats($mac_address);
// define our sql statements (if group is admin, discard that field)
if ($group === "admin") {
$insert = "INSERT INTO `conf_leases` ( `ip`, `start`, `end`, `cltt`, `current-state`, `next-state`, `hardware`, `hostname`, `abandoned`, `circut-id`, `remote-id`, `ddns-text`, `ddns-fwd-name`, `ddns-client-fqdn`, `ddns-rev-name` ) VALUES ( \"" . $ip . "\", \"" . $start . "\", \"" . $end . "\", \"" . $cltt . "\", \"" . $state . "\", \"" . $next_state . "\", \"" . $hardware . "\", \"" . $hostname . "\", \"" . $abandoned . "\", \"" . $circut_id . "\", \"" . $remote_id . "\", \"" . $ddns_text . "\", \"" . $ddns_fwd_name . "\", \"" . $ddns_client_fqdn . "\", \"" . $ddns_rev_name . "\" )";
$update = "UPDATE `conf_leases` SET `ip` = \"" . $ip . "\", `start` = \"" . $start . "\", `end` = \"" . $end . "\", `cltt` = \"" . $cltt . "\", `current-state` = \"" . $state . "\", `next-state` = \"" . $next_state . "\", `hardware` = \"" . $hardware . "\", `hostname` = \"" . $hostname . "\", `abandoned` = \"" . $abandoned . "\", `circut-id` = \"" . $circut_id . "\", `remote-id` = \"" . $remote_id . "\", `ddns-text` = \"" . $ddns_text . "\", `ddns-fwd-name` = \"" . $ddns_fwd_name . "\", `ddns-client-fqdn` = \"" . $ddns_client_fqdn . "\", `ddns-rev-name` = \"" . $ddns_rev_name . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
} else {
$insert = "INSERT INTO `conf_leases` ( `ip`, `start`, `end`, `cltt`, `current-state`, `next-state`, `hardware`, `hostname`, `abandoned`, `circut-id`, `remote-id`, `ddns-text`, `ddns-fwd-name`, `ddns-client-fqdn`, `ddns-rev-name`, `group` ) VALUES ( \"" . $ip . "\", \"" . $start . "\", \"" . $end . "\", \"" . $cltt . "\", \"" . $state . "\", \"" . $next_state . "\", \"" . $hardware . "\", \"" . $hostname . "\", \"" . $abandoned . "\", \"" . $circut_id . "\", \"" . $remote_id . "\", \"" . $ddns_text . "\", \"" . $ddns_fwd_name . "\", \"" . $ddns_client_fqdn . "\", \"" . $ddns_rev_name . "\", \"" . $group . "\" )";
$update = "UPDATE `conf_leases` SET `ip` = \"" . $ip . "\", `start` = \"" . $start . "\", `end` = \"" . $end . "\", `cltt` = \"" . $cltt . "\", `current-state` = \"" . $state . "\", `next-state` = \"" . $next_state . "\", `hardware` = \"" . $hardware . "\", `hostname` = \"" . $hostname . "\", `abandoned` = \"" . $abandoned . "\", `circut-id` = \"" . $circut_id . "\", `remote-id` = \"" . $remote_id . "\", `ddns-text` = \"" . $ddns_text . "\", `ddns-fwd-name` = \"" . $ddns_fwd_name . "\", `ddns-client-fqdn` = \"" . $ddns_client_fqdn . "\", `ddns-rev-name` = \"" . $ddns_rev_name . "\", `group` = \"" . $group . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
}
$delete = "DELETE FROM `conf_leases` WHERE `id` = \"" . $id . "\" LIMIT 1";
// determine which button was clicked
if (!empty($_POST['AddLease'])) {
$query = $insert;
$db_msg_good = $errors['db_insert'];
$user_group = $_POST['user_group'];
$user_department = $_POST['user_department'];
$user_contact = $_POST['user_contact'];
$user_address = $_POST['user_address'];
$user_phone = $_POST['user_phone'];
$user_email = $_POST['user_email'];
$user_pw_list = $_POST['user_pw_list'];
$user_pw_1 = $_POST['user_pw_1'];
$user_pw_2 = $_POST['user_pw_2'];
$GenRandomPw = $_POST['GenRandomPw'];
// check for our form type
if (!empty($_POST['AddUser']) || !empty($_POST['EditUser']) || !empty($_POST['DelUser'])) {
// check for empty variables
if (!empty($user_username) && !empty($user_fname) && !empty($user_lname) && !empty($user_access_level) && !empty($user_group) && !empty($user_department) && !empty($user_fname) && !empty($user_lname) && !empty($user_phone) && !empty($user_email)) {
// do some validation checks on submitted data
if ($val->ValidateAlphaChar($user_username) !== -1 && $val->ValidateString($user_fname) !== -1 && $val->ValidateString($user_lname) !== -1 && $val->ValidateString($user_access_level) !== -1 && $val->ValidateString($user_group) !== -1 && $val->ValidateParagraph($user_department) !== -1 && $val->ValidateString($user_contact) !== -1 && $val->ValidatePhone($user_phone) !== -1 && $val->ValidateEmail($user_email) !== -1) {
// leave the owner assignment alone if owner is not admin
if ($group === "admin") {
$group = $user_group;
}
// generate random password if this is a new user
if (!empty($_POST['AddUser'])) {
$user_password = $val->GenerateRandomPassword("12", "normal");
}
// setup our SQL statements for add, edit and deleting records
$insert = "INSERT INTO `auth_users` ( `username`, `password`, `level`, `group`, `dept`, `first`, `last`, `phone`, `email`, `ip`, `host`, `create_date`, `create_time`, `access_date`, `access_time`, `session`, `reset`, `owner` ) VALUES ( \"" . $user_username . "\", \"" . sha1($user_password) . "\", \"" . $user_access_level . "\", \"" . $user_group . "\", \"" . $user_deptartment . "\", \"" . $user_fname . "\", \"" . $user_lname . "\", \"" . $user_phone . "\", \"" . $user_email . "\", \"" . $user_ip . "\", \"" . $user_host . "\", \"" . $user_create_date . "\", \"" . $user_create_time . "\", \"" . $user_access_date . "\", \"" . $user_access_time . "\", \"" . $user_session . "\", \"TRUE\", \"" . $group . "\" )";
$update = "UPDATE `auth_users` SET `username` = \"" . $user_username . "\", `level` = \"" . $user_access_level . "\", `group` = \"" . $user_group . "\", `dept` = \"" . $user_department . "\", `first` = \"" . $user_fname . "\", `last` = \"" . $user_lname . "\", `phone` = \"" . $user_phone . "\", `email` = \"" . $user_email . "\", `ip` = \"" . $user_ip . "\", `host` = \"" . $user_host . "\", `owner` = \"" . $group . "\" WHERE `id` = \"" . $user_id . "\" LIMIT 1";
$delete = "DELETE FROM `auth_users` WHERE `id` = \"" . $user_id . "\" LIMIT 1";
// now perform a check to see which statement to use
if (!empty($_POST['AddUser'])) {
$sql = $insert;
$message = $err->GenerateErrorLink("help/help.html", "#host_search", $defined['good'], "You are currently editing record #" . $group_id, NULL, NULL);
}
}
}
// check for form submission first
if (!empty($_POST)) {
// setup our form variables
$group_name = $_POST['group_name'];
$group_manager = $_POST['group_manager'];
$group_contact = $_POST['group_contact'];
$group_description = $_POST['group_description'];
$group_id = $_POST['group_id'];
// check for empty variables
if (!empty($group_name) && !empty($group_manager) && !empty($group_description) && !empty($group_contact)) {
// do some validation checks on submitted data
if ($val->ValidateParagraph($group_name) !== -1 && $val->ValidatePhone($group_contact) !== -1 && $val->ValidateParagraph($group_description) !== -1 && $val->ValidateParagraph($group_manager) !== -1) {
// setup our SQL statements for add, edit and deleting records
$insert = "INSERT INTO `auth_groups` ( `group`, `manager`, `contact`, `description` ) VALUES ( \"" . $group_name . "\", \"" . $group_manager . "\", \"" . $group_contact . "\", \"" . $group_description . "\" )";
$update = "UPDATE `auth_groups` SET `group` = \"" . $group_name . "\", `contact` = \"" . $group_contact . "\", `description` = \"" . $group_description . "\", `manager` = \"" . $group_manager . "\" WHERE `id` = \"" . $group_id . "\" LIMIT 1";
$delete = "DELETE FROM `auth_groups` WHERE `id` = \"" . $group_id . "\" LIMIT 1";
// now perform a check to see which statement to use
if (!empty($_POST['AddGroup'])) {
$sql = $insert;
}
if (!empty($_POST['EditGroup'])) {
$sql = $update;
}
if (!empty($_POST['DelGroup'])) {
$sql = $delete;
}
// begin processing our SQL object
$dnssec_key = $data[0]['dnssec-key'];
}
}
}
// begin our validation on submitted data
if (!empty($_POST)) {
// re-assign vars for processing and template assignment
$id = $_POST['id'];
$zone = $_POST['zone'];
$primary = $_POST['primary'];
$dnssec_enabled = $_POST['dnssec_enabled'];
$dnssec_key = $_POST['dnssec_key'];
// check each post element
if (!empty($zone) && !empty($primary)) {
// begin validation of configuration options
if ($val->ValidateDomain($zone) !== -1 && $val->ValidateDomain($primary) !== -1 && $val->ValidateString($dnssec_enabled) !== -1 && $val->ValidateParagraph($dnssec_key) !== -1) {
// define our sql statements
$insert = "INSERT INTO `conf_dns_opts` ( `zone`, `type`,`dnssec-enabled`, `dnssec-key`, `group` ) VALUES ( \"" . $zone . "\",\"" . $primary . "\", \"" . $dnssec_enabled . "\", \"" . $dnssec_key . "\", \"" . $group . "\" )";
$update = "UPDATE `conf_dns_opts` SET `zone` = \"" . $zone . "\", `type` = \"" . $primary . "\", `dnssec-enabled` = \"" . $dnssec_enabled . "\", `dnssec-key` = \"" . $dnssec_key . "\", `group` = \"" . $group . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
$delete = "DELETE FROM `conf_dns_opts` WHERE `id` = \"" . $id . "\" LIMIT 1";
// determine which query to use
if (!empty($_POST['AddDNSConfOpts'])) {
$query = $insert;
$db_msg_good = $errors['db_insert'];
$db_msg_err = $errors['db_insert_err'];
}
if (!empty($_POST['EditDNSConfOpts'])) {
$query = $update;
$db_msg_good = $errors['db_edit'];
$db_msg_err = $errors['db_edit_err'];
}
$scope_range_1 = $_POST['scope_range_1'];
$scope_range_2 = $_POST['scope_range_2'];
$bootp_filename = $_POST['bootp_filename'];
$bootp_server = $_POST['bootp_server'];
$broadcast_address = $_POST['broadcast_address'];
$ntp_servers = $_POST['ntp_servers'];
$netbios_servers = $_POST['netbios_servers'];
$default_lease = $_POST['default_lease'];
$min_lease = $_POST['min_lease'];
$max_lease = $_POST['max_lease'];
$permissions = $_POST['select_groups'];
$groups = $_POST['groups'];
// check each post element
if (!empty($subnet) && !empty($subnet_mask) && !empty($dns_server_1) && !empty($dns_server_2) && !empty($router) && !empty($subnet_name) && !empty($enable_scope)) {
// begin validation of configuration options
if ($val->ValidateIPv4($subnet) !== -1 && $val->ValidateIPv4($subnet_mask) !== -1 && $val->ValidateDomain($dns_server_1) !== -1 && $val->ValidateDomain($dns_server_2) !== -1 && $val->ValidateIPv4($router) !== -1 && $val->ValidateParagraph($subnet_name) !== -1 && $val->ValidateAlphaChar($pool_name) !== -1 || $pool_name === "---------------" && $val->ValidateString($enable_scope) !== -1 && $val->ValidateIPv4($scope_range_1) !== -1 && $val->ValidateIPv4($scope_range_2) !== -1 && $val->ValidateParagraph($bootp_filename) !== -1 && $val->ValidateDomain($bootp_server) !== -1 && $val->ValidateString($enable_forwarding) !== -1 && $val->ValidateDomain($broadcast_address) !== -1 && $val->ValidateDomain($ntp_servers) !== -1 && $val->ValidateDomain($netbios_servers) !== -1 && $val->ValidateInteger($default_lease) !== -1 && $val->ValidateInteger($min_lease) !== -1 && $val->ValidateInteger($max_lease) !== -1 && $val->ValidateBroadcast2List($interface_list, $subnet) === 0 && $val->ValidateBroadcast2List($interface_list, $broadcast_address) === 0) {
// fix pool var
if ($pool_name === "---------------") {
$pool_name = "";
}
// define our sql statements (exclude the group field if user is member of admin group)
if ($group !== "admin") {
$insert = "INSERT INTO `conf_subnets` ( `subnet`, `subnet-mask`, `dns-server-1`, `dns-server-2`, `router`, `subnet-name`, `pool`, `enable-scope`, `scope-range-1`, `scope-range-2`, `ip-forwarding`, `broadcast-address`, `ntp-servers`, `netbios-name-servers`, `default-lease-time`, `min-lease-time`, `max-lease-time`, `group` ) VALUES ( \"" . $subnet . "\",\"" . $subnet_mask . "\", \"" . $dns_server_1 . "\", \"" . $dns_server_2 . "\", \"" . $router . "\", \"" . $subnet_name . "\", \"" . $pool_name . "\", \"" . $enable_scope . "\", \"" . $scope_range_1 . "\", \"" . $scope_range_2 . "\", \"" . $enable_forwarding . "\", \"" . $broadcast_address . "\", \"" . $ntp_servers . "\", \"" . $netbios_servers . "\", \"" . $default_lease . "\", \"" . $min_lease . "\", \"" . $max_lease . "\", \"" . $group . "\" )";
if (empty($_POST['ex_group'])) {
$update = "UPDATE `conf_subnets` SET `subnet` = \"" . $subnet . "\", `subnet-mask` = \"" . $subnet_mask . "\", `dns-server-1` = \"" . $dns_server_1 . "\", `dns-server-2` = \"" . $dns_server_2 . "\", `router` = \"" . $router . "\", `subnet-name` = \"" . $subnet_name . "\", `pool` = \"" . $pool_name . "\", `enable-scope` = \"" . $enable_scope . "\", `scope-range-1` = \"" . $scope_range_1 . "\", `scope-range-2` = \"" . $scope_range_2 . "\", `ip-forwarding` = \"" . $enable_forwarding . "\", `broadcast-address` = \"" . $broadcast_address . "\", `ntp-servers` = \"" . $ntp_servers . "\", `netbios-name-servers` = \"" . $netbios_servers . "\", `default-lease-time` = \"" . $default_lease . "\", `min-lease-time` = \"" . $min_lease . "\", `max-lease-time` = \"" . $max_lease . "\", `group` = \"" . $group . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
} else {
$update = "UPDATE `conf_subnets` SET `subnet` = \"" . $subnet . "\", `subnet-mask` = \"" . $subnet_mask . "\", `dns-server-1` = \"" . $dns_server_1 . "\", `dns-server-2` = \"" . $dns_server_2 . "\", `router` = \"" . $router . "\", `subnet-name` = \"" . $subnet_name . "\", `pool` = \"" . $pool_name . "\", `enable-scope` = \"" . $enable_scope . "\", `scope-range-1` = \"" . $scope_range_1 . "\", `scope-range-2` = \"" . $scope_range_2 . "\", `bootp-filename` = \"" . $bootp_filename . "\", `bootp-server` = \"" . $bootp_server . "\", `ip-forwarding` = \"" . $enable_forwarding . "\", `broadcast-address` = \"" . $broadcast_address . "\", `ntp-servers` = \"" . $ntp_servers . "\", `netbios-name-servers` = \"" . $netbios_servers . "\", `default-lease-time` = \"" . $default_lease . "\", `min-lease-time` = \"" . $min_lease . "\", `max-lease-time` = \"" . $max_lease . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
}
} else {
$insert = "INSERT INTO `conf_subnets` ( `subnet`, `subnet-mask`, `dns-server-1`, `dns-server-2`, `router`, `subnet-name`, `enable-scope`, `scope-range-1`, `scope-range-2`, `bootp-filename`, `bootp_server`, `ip-forwarding`, `broadcast-address`, `ntp-servers`, `netbios-name-servers`, `default-lease-time`, `min-lease-time`, `max-lease-time` ) VALUES ( \"" . $subnet . "\",\"" . $subnet_mask . "\", \"" . $dns_server_1 . "\", \"" . $dns_server_2 . "\", \"" . $router . "\", \"" . $subnet_name . "\", \"" . $pool_name . "\", \"" . $enable_scope . "\", \"" . $scope_range_1 . "\", \"" . $scope_range_2 . "\", \"" . $bootp_filename . "\", \"" . $bootp_server . "\", \"" . $enable_forwarding . "\", \"" . $broadcast_address . "\", \"" . $ntp_servers . "\", \"" . $netbios_servers . "\", \"" . $default_lease . "\", \"" . $min_lease . "\", \"" . $max_lease . "\" )";
$update = "UPDATE `conf_subnets` SET `subnet` = \"" . $subnet . "\", `subnet-mask` = \"" . $subnet_mask . "\", `dns-server-1` = \"" . $dns_server_1 . "\", `dns-server-2` = \"" . $dns_server_2 . "\", `router` = \"" . $router . "\", `subnet-name` = \"" . $subnet_name . "\", `pool` = \"" . $pool_name . "\", `enable-scope` = \"" . $enable_scope . "\", `scope-range-1` = \"" . $scope_range_1 . "\", `scope-range-2` = \"" . $scope_range_2 . "\", `bootp-filename` = \"" . $bootp_filename . "\", `bootp-server` = \"" . $bootp_server . "\", `ip-forwarding` = \"" . $enable_forwarding . "\", `broadcast-address` = \"" . $broadcast_address . "\", `ntp-servers` = \"" . $ntp_servers . "\", `netbios-name-servers` = \"" . $netbios_servers . "\", `default-lease-time` = \"" . $default_lease . "\", `min-lease-time` = \"" . $min_lease . "\", `max-lease-time` = \"" . $max_lease . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
$algorithm = $data[0]['algorithm'];
$key = $data[0]['key'];
}
}
}
// begin our validation on submitted data
if (!empty($_POST)) {
// re-assign vars for processing and template assignment
$id = $_POST['id'];
$key_name = $_POST['key_name'];
$algorithm = $_POST['algorithm'];
$key = $_POST['key'];
// check each post element
if (!empty($key_name) && !empty($algorithm) && !empty($key)) {
// begin validation of configuration options
if ($val->ValidateString($key_name) !== -1 && $val->ValidateParagraph($algorithm) !== -1 && $val->ValidateParagraph($key) !== -1) {
// define our sql statements
$insert = "INSERT INTO `conf_dnssec_opts` ( `key-name`, `algorithm`, `key`, `group` ) VALUES ( \"" . $key_name . "\",\"" . $algorithm . "\", \"" . $key . "\", \"" . $group . "\" )";
$update = "UPDATE `conf_dnssec_opts` SET `key-name` = \"" . $key_name . "\", `algorithm` = \"" . $algorithm . "\", `key` = \"" . $key . "\", `group` = \"" . $group . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
$delete = "DELETE FROM `conf_dnssec_opts` WHERE `id` = \"" . $id . "\" LIMIT 1";
// determine which button was clicked
if (!empty($_POST['AddDNSSECConfOpts'])) {
$query = $insert;
$db_msg_good = $errors['db_insert'];
$db_msg_err = $errors['db_insert_err'];
}
if (!empty($_POST['EditDNSSECConfOpts'])) {
$query = $update;
$db_msg_good = $errors['db_edit'];
$db_msg_err = $errors['db_edit_err'];
}
$mac_address = $_POST['mac_address'];
$ip_address = $_POST['ip_address'];
$subnet_name = $_POST['subnet_name'];
$pxe_group = $_POST['pxe_group'];
$search = $_POST['search'];
$modify = $_POST['modify'];
$permissions = $_POST['select_groups'];
$groups = $_POST['groups'];
// perform search if not empty
if (empty($search) && !empty($_POST['srch'])) {
$search_err = $err->GenerateErrorImg($defined['error'], "help/help.html#host_search", '800', '800');
$list = "<ol><li>Search string is empty. Allowed formats:<br>MAC Address: xx:xx:xx:xx:xx<br>IPv4 Address: xxx.xxx.xxx.xxx<br>Hostname: [0-9a-z]</li></ol>";
$error = $err->GenerateErrorLink("help/help.html", "#host_search", $defined['error'], $errors['val_host'] . $list, NULL, NULL);
} elseif (!empty($search) && !empty($_POST['srch'])) {
// perform validation on search string
if ($val->ValidateIPv4($search) !== -1 || $val->ValidateMACFormats($search) !== -1 || $val->ValidateParagraph($search) !== -1) {
// Gather all records belonging to other groups but where this user is allowed access
$sql = "SELECT * FROM `auth_group_perms` WHERE `resource` = \"hosts\"";
if (($z = $db->dbQuery($val->ValidateSQL($sql, $dbconn), $dbconn)) !== -1) {
}
// define our search query
if ($group === "admin") {
$query = "SELECT * FROM `conf_hosts` WHERE `hostname` LIKE \"" . $search . "\" OR `mac-address` LIKE \"" . $search . "\" OR `ip-address` LIKE \"" . $search . "\" ORDER BY `hostname` ASC";
} else {
$query = "SELECT * FROM `conf_hosts` WHERE `hostname` LIKE \"" . $search . "\" OR `mac-address` LIKE \"" . $search . "\" OR `ip-address` LIKE \"" . $search . "\" HAVING `group` = \"" . $group . "\" ORDER BY `hostname` ASC";
}
// process our query
if (($value = $db->dbQuery($val->ValidateSQL($query, $dbconn), $dbconn)) === -1) {
$error = $err->GenerateErrorLink("help/help.html", "#host_search", $defined['error'], $errors['db_search_err'], NULL, NULL);
} else {
// process results of search
$assigned_subnet = $data[0]['assigned-subnet'];
}
}
}
// begin our validation on submitted data
if (!empty($_POST)) {
// re-assign vars for processing and template assignment
$id = $_POST['id'];
$pxe_group_name = $_POST['pxe_group_name'];
$pxe_server = $_POST['pxe_server'];
$bootp_filename = $_POST['bootp_filename'];
$assigned_subnet = $_POST['assigned_subnet'];
// check each post element
if (!empty($pxe_group_name) && !empty($pxe_server) && !empty($bootp_filename)) {
// begin validation of configuration options
if ($val->ValidateString($pxe_group_name) !== -1 && ($val->ValidateIPv4($pxe_server) !== -1 || $val->ValidateDomain($pxe_server) !== -1) && $val->ValidateParagraph($bootp_filename) !== -1 || $val->ValidateParagraph($assigned_subnet) !== -1) {
// define our sql statements (filter out the group field if user group is admin)
if ($group === "admin") {
$insert = "INSERT INTO `conf_pxe_groups` ( `pxe-group-name`, `pxe-server`, `bootp-filename`, `assigned-subnet` ) VALUES ( \"" . $pxe_group_name . "\",\"" . $pxe_server . "\", \"" . $bootp_filename . "\", \"" . $assigned_subnet . "\" )";
$update = "UPDATE `conf_pxe_groups` SET `pxe-group-name` = \"" . $pxe_group_name . "\", `pxe-server` = \"" . $pxe_server . "\", `bootp-filename` = \"" . $bootp_filename . "\", `assigned-subnet` = \"" . $assigned_subnet . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
} else {
$insert = "INSERT INTO `conf_pxe_groups` ( `pxe-group-name`, `pxe-server`, `bootp-filename`, `assigned-subnet`, `group` ) VALUES ( \"" . $pxe_group_name . "\",\"" . $pxe_server . "\", \"" . $bootp_filename . "\", \"" . $assigned_subnet . "\", \"" . $group . "\" )";
$update = "UPDATE `conf_pxe_groups` SET `pxe-group-name` = \"" . $pxe_group_name . "\", `pxe-server` = \"" . $pxe_server . "\", `bootp-filename` = \"" . $bootp_filename . "\", `assigned-subnet` = \"" . $assigned_subnet . "\", `group` = \"" . $group . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
}
$delete = "DELETE FROM `conf_pxe_groups` WHERE `id` = \"" . $id . "\" LIMIT 1";
$update_hosts = "UPDATE `conf_hosts` SET `pxe-group` = \"\" WHERE `pxe-group` = \"" . $pxe_group_name . "\"";
// determine which button was clicked
if (!empty($_POST['AddPXEGroup'])) {
$query = $insert;
$db_msg_good = $errors['db_insert'];
$db_msg_err = $errors['db_insert_err'];
function AuthUser($user, $pass, $token)
{
// our global config opts
global $defined;
// initialize classes
$db = new dbConn();
$val = new ValidateStrings();
$lib = new Authenticate();
$auth = new Encryption();
$sess = new Sessions();
$misc = new MiscFunctions();
$exit = new ExitApp();
// check our authentication requirements
if (empty($user) && empty($pass) && empty($token)) {
return -1;
}
// we have an existing authentication token present
if (!empty($token) && empty($user) && empty($pass)) {
$array = $auth->DecodeAuthToken($token);
$user = base64_decode($array[0]);
$pass = base64_decode($array[1]);
$time = $array[4];
$current = $misc->GenTime();
if ($lib->AuthTimeOut($defined['timeout'], $time, $current) === -1) {
return -2;
}
}
// perform validation on username and password
if ($val->ValidateAlphaChar($user) === -1 || $val->ValidateParagraph($pass) === -1) {
return -3;
}
// see if the user exists for authenticaiton
$data = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']);
$query = "SELECT * FROM `auth_users` WHERE `username` = \"{$user}\" AND `password` = sha1( \"{$pass}\" )";
$query = $val->ValidateSQL($query, $data);
// database problem
if (($value = $db->dbQuery($query, $data)) === -1) {
return -5;
}
// check user match
if ($db->dbNumRows($value) === -1 || $db->dbNumRows($value) === 0) {
return -4;
} else {
$return = 0;
}
// create our authentication session token
if (empty($token)) {
$array = $db->dbArrayResults($value);
$x = $auth->GeneratePrivateKey($defined['enckeygen']);
$access_date = $misc->GenDate();
$access_time = $misc->GenTimeRead();
$query = "UPDATE `auth_users` SET `access_date` = \"" . $access_date . "\", `access_time` = \"" . $access_time . "\", `session` = \"{$x}\" WHERE `id` = \"" . $array[0]['id'] . "\"";
$value = $val->ValidateSQL($query, $data);
if (($value = $db->dbQuery($value, $data)) === -1) {
return -5;
}
$x = $auth->EncodePrivToHex($x);
if (($token = $auth->EncodeAuthToken($array[0]['username'], $pass, $array[0]['level'], $array[0]['group'], $misc->GenTime(), $x)) !== -1) {
$sess->RegisterSession("token", $token);
$return = 0;
}
}
$db->dbFreeData($query);
$db->dbCloseConn($data);
return $return;
}
if (($current = $db->dbQuery($val->ValidateSQL($optsquery, $dbconn), $dbconn)) !== -1) {
$optslist = $db->dbArrayResultsAssoc($current);
}
if (count($optslist) === 0) {
$class_option = "Class Options table missing";
} else {
foreach ($optslist as $key => $value) {
if ($value['Field'] !== "id") {
$encoded[$value['Field']] = $value['Type'];
}
}
$encoded = json_encode($encoded);
}
// Look for a GET id post to edit existing dnssec keys
if (!empty($_GET['id'])) {
if ($val->ValidateParagraph($_GET['id']) === -1) {
$error = $err->GenerateErrorLink("help/help.html", "#config_classes", $defined['error'], $errors['val_num'], NULL, NULL);
} else {
// populate the form with database information if already configured
if ($group === "admin") {
$query = "SELECT * FROM `conf_classes` WHERE `class-name` = \"" . $_GET['id'] . "\" LIMIT 1";
$options = "SELECT * FROM `conf_classes_options` WHERE `class-name` = \"" . $_GET['id'] . "\"";
} else {
$query = "SELECT * FROM `conf_classes` WHERE `group` = \"" . $group . "\" OR `group` = \"\" AND `class-name` = \"" . $_GET['id'] . "\" LIMIT 1";
$options = "SELECT * FROM `conf_classes_options` WHERE ( `group` = \"" . $group . "\" OR `group` = \"\" ) AND `class-name` = \"" . $_GET['id'] . "\"";
}
if (($value = $db->dbQuery($val->ValidateSQL($query, $dbconn), $dbconn)) === -1) {
$error = $err->GenerateErrorLink("help/help.html", "#config_classes", $defined['error'], $errors['db_select'], NULL, NULL);
} else {
$data = $db->dbArrayResultsAssoc($value);
$id = $data[0]['id'];
