//$hosts = host_ip_name($dbconn);
switch ($_SERVER['REQUEST_METHOD']) {
case "GET":
foreach ($getParams as $gp) {
if (isset($_GET[$gp])) {
${$gp} = htmlspecialchars(mysql_real_escape_string(trim($_GET[$gp])), ENT_QUOTES);
} else {
${$gp} = "";
}
}
$range_start = "";
$range_end = "";
break;
}
$version = $conf->get_conf("ossim_server_version");
list($arruser, $user) = Vulnerabilities::get_users_and_entities_filter($dbconn);
$query = "select count(*) as total from vuln_nessus_plugins";
$result = $dbconn->execute($query);
$pluginscount = $result->fields['total'];
if ($pluginscount == 0) {
//include_once('header2.php');
die("<h2>" . _("Please run updateplugins.pl script first before using web interface") . ".</h2>");
}
function delete_sched($schedid)
{
global $viewall, $sortby, $sortdir, $uroles, $username, $dbconn;
$dbconn->SetFetchMode(ADODB_FETCH_BOTH);
$sql_require = "";
if (!$uroles['admin']) {
$sql_require = "AND username='******'";
}
$hosts_alive_data = get_host_alive_attributes($hosts_alive, $targets);
$scan_locally_checked = $scan_locally == 1 ? 'checked="checked"' : '';
$resolve_names_checked = $not_resolve == 1 ? 'checked="checked"' : '';
$email_notification = array();
$email_notification['no'] = $send_email == 0 ? 'checked="checked"' : '';
$email_notification['yes'] = $send_email == 1 ? 'checked="checked"' : '';
// load sensors
$filters = array('where' => 'sensor_properties.has_vuln_scanner = 1');
list($all_sensors, $s_total) = Av_sensor::get_list($conn);
foreach ($all_sensors as $_sensor_id => $sensor_data) {
$all_sensors[$_sensor_id]['selected'] = $_sensor_id == $SVRid ? 'selected="selected"' : '';
}
// load profiles
$args = '';
if (!Session::am_i_admin()) {
list($owners, $sqlowners) = Vulnerabilities::get_users_and_entities_filter($conn);
$owners[] = '0';
$sql_perms .= " OR owner IN('" . implode("', '", $owners) . "')";
$args = "WHERE name='Default' OR name='Deep' OR name='Ultimate' " . $sql_perms;
}
$query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings {$args} ORDER BY name";
$conn->SetFetchMode(ADODB_FETCH_BOTH);
$result = $conn->execute($query);
while (!$result->EOF) {
$p_description = $result->fields['description'] != '' ? ' - ' . $result->fields['description'] : '';
$v_profiles[$result->fields['id']]['name&description'] = $result->fields['name'] . $p_description;
if ($sid == '' && $result->fields['name'] == 'Default' || $result->fields['id'] == $sid) {
$v_profiles[$result->fields['id']]['selected'] = 'selected="selected"';
}
$result->MoveNext();
}
function select_profile()
{
global $sid, $username, $dbconn, $version, $nessus_path;
$args = "";
if (!Session::am_i_admin()) {
list($owners, $sqlowners) = Vulnerabilities::get_users_and_entities_filter($dbconn);
$owners[] = '0';
$sql_perms .= " OR owner IN('" . implode("', '", $owners) . "')";
$args = "WHERE name='Default' OR name='Deep' OR name='Ultimate' " . $sql_perms;
}
$layouts = array();
$query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings {$args} ORDER BY name";
$dbconn->SetFetchMode(ADODB_FETCH_BOTH);
$result = $dbconn->execute($query);
echo "<CENTER>";
echo "<table class=\"transparent\"><tr><td class=\"sec_title\">" . _("Vulnerability Scan Profiles") . "</td></tr></table>";
echo "<p>";
echo _("Please select a profile to edit") . ":";
echo "</p>";
echo "<table class='table_list'>";
echo "<tr>";
echo "<th>" . _("Available for") . "</th>";
echo "<th>" . _("Profile") . "</th>";
echo "<th>" . _("Description") . "</th>";
echo "<th>" . _("Action") . "</th>";
echo "</tr>";
$color = 0;
while (!$result->EOF) {
$sid = $result->fields[0];
$sname = $result->fields[1];
$sdescription = $result->fields[2];
$sowner = $result->fields[3];
$stype = $result->fields[4];
echo "<tr id='profile{$sid}'>";
if ($sowner == "0") {
echo "<td>" . _("All") . "</td>";
} elseif (valid_hex32($sowner)) {
echo "<td style='padding:0px 2px 0px 2px;'>" . Session::get_entity_name($dbconn, $sowner) . "</td>";
} else {
echo "<td>" . Util::htmlentities($sowner) . "</td>";
}
echo "<td width='200'>" . Util::htmlentities($sname) . "</td>";
echo "<td width='450'>" . Util::htmlentities($sdescription) . "</td>";
echo "<td>";
if ($sname == "Default" || $sname == "Deep" || $sname == "Ultimate") {
echo "<img src=\"images/pencil.png\" class=\"tip disabled\" title=\"" . _("{$sname} profile can't be edited, clone it to make changes") . "\" />";
echo "<img src=\"images/delete.gif\" class=\"tip disabled\" title=\"" . _("{$sname} profile can't be deleted") . "\" />";
} else {
if (Vulnerabilities::can_modify_profile($dbconn, $sname, $sowner)) {
echo "<a href='settings.php?disp=edit&sid={$sid}'><img class='hand' id='edit_" . md5($sname . $sowner) . "' src='images/pencil.png' ></a>";
} else {
echo "<img class='disabled' src='images/pencil.png'>";
}
if (Vulnerabilities::can_delete_profile($dbconn, $sname, $sowner)) {
echo "<img class='hand' src='images/delete.gif' id='delete_" . md5($sname . $sowner) . "' onclick='deleteProfile({$sid})'>";
} else {
echo "<img class='disabled' src=\"images/delete.gif\" >";
}
}
echo "</td>";
echo "</tr>";
$result->MoveNext();
$color++;
}
echo "</table>";
echo "<center>";
echo "<form>";
echo "<br/>";
echo "<input type='button' onclick=\"document.location.href='settings.php?disp=new'\" id=\"new_profile\" value=\"" . _("Create New Profile") . "\"/>";
echo "</form>";
echo "</p>";
echo "</center>";
// end else
}
