//$hosts = host_ip_name($dbconn); switch ($_SERVER['REQUEST_METHOD']) { case "GET": foreach ($getParams as $gp) { if (isset($_GET[$gp])) { ${$gp} = htmlspecialchars(mysql_real_escape_string(trim($_GET[$gp])), ENT_QUOTES); } else { ${$gp} = ""; } } $range_start = ""; $range_end = ""; break; } $version = $conf->get_conf("ossim_server_version"); list($arruser, $user) = Vulnerabilities::get_users_and_entities_filter($dbconn); $query = "select count(*) as total from vuln_nessus_plugins"; $result = $dbconn->execute($query); $pluginscount = $result->fields['total']; if ($pluginscount == 0) { //include_once('header2.php'); die("<h2>" . _("Please run updateplugins.pl script first before using web interface") . ".</h2>"); } function delete_sched($schedid) { global $viewall, $sortby, $sortdir, $uroles, $username, $dbconn; $dbconn->SetFetchMode(ADODB_FETCH_BOTH); $sql_require = ""; if (!$uroles['admin']) { $sql_require = "AND username='******'"; }
$hosts_alive_data = get_host_alive_attributes($hosts_alive, $targets); $scan_locally_checked = $scan_locally == 1 ? 'checked="checked"' : ''; $resolve_names_checked = $not_resolve == 1 ? 'checked="checked"' : ''; $email_notification = array(); $email_notification['no'] = $send_email == 0 ? 'checked="checked"' : ''; $email_notification['yes'] = $send_email == 1 ? 'checked="checked"' : ''; // load sensors $filters = array('where' => 'sensor_properties.has_vuln_scanner = 1'); list($all_sensors, $s_total) = Av_sensor::get_list($conn); foreach ($all_sensors as $_sensor_id => $sensor_data) { $all_sensors[$_sensor_id]['selected'] = $_sensor_id == $SVRid ? 'selected="selected"' : ''; } // load profiles $args = ''; if (!Session::am_i_admin()) { list($owners, $sqlowners) = Vulnerabilities::get_users_and_entities_filter($conn); $owners[] = '0'; $sql_perms .= " OR owner IN('" . implode("', '", $owners) . "')"; $args = "WHERE name='Default' OR name='Deep' OR name='Ultimate' " . $sql_perms; } $query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings {$args} ORDER BY name"; $conn->SetFetchMode(ADODB_FETCH_BOTH); $result = $conn->execute($query); while (!$result->EOF) { $p_description = $result->fields['description'] != '' ? ' - ' . $result->fields['description'] : ''; $v_profiles[$result->fields['id']]['name&description'] = $result->fields['name'] . $p_description; if ($sid == '' && $result->fields['name'] == 'Default' || $result->fields['id'] == $sid) { $v_profiles[$result->fields['id']]['selected'] = 'selected="selected"'; } $result->MoveNext(); }
function select_profile() { global $sid, $username, $dbconn, $version, $nessus_path; $args = ""; if (!Session::am_i_admin()) { list($owners, $sqlowners) = Vulnerabilities::get_users_and_entities_filter($dbconn); $owners[] = '0'; $sql_perms .= " OR owner IN('" . implode("', '", $owners) . "')"; $args = "WHERE name='Default' OR name='Deep' OR name='Ultimate' " . $sql_perms; } $layouts = array(); $query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings {$args} ORDER BY name"; $dbconn->SetFetchMode(ADODB_FETCH_BOTH); $result = $dbconn->execute($query); echo "<CENTER>"; echo "<table class=\"transparent\"><tr><td class=\"sec_title\">" . _("Vulnerability Scan Profiles") . "</td></tr></table>"; echo "<p>"; echo _("Please select a profile to edit") . ":"; echo "</p>"; echo "<table class='table_list'>"; echo "<tr>"; echo "<th>" . _("Available for") . "</th>"; echo "<th>" . _("Profile") . "</th>"; echo "<th>" . _("Description") . "</th>"; echo "<th>" . _("Action") . "</th>"; echo "</tr>"; $color = 0; while (!$result->EOF) { $sid = $result->fields[0]; $sname = $result->fields[1]; $sdescription = $result->fields[2]; $sowner = $result->fields[3]; $stype = $result->fields[4]; echo "<tr id='profile{$sid}'>"; if ($sowner == "0") { echo "<td>" . _("All") . "</td>"; } elseif (valid_hex32($sowner)) { echo "<td style='padding:0px 2px 0px 2px;'>" . Session::get_entity_name($dbconn, $sowner) . "</td>"; } else { echo "<td>" . Util::htmlentities($sowner) . "</td>"; } echo "<td width='200'>" . Util::htmlentities($sname) . "</td>"; echo "<td width='450'>" . Util::htmlentities($sdescription) . "</td>"; echo "<td>"; if ($sname == "Default" || $sname == "Deep" || $sname == "Ultimate") { echo "<img src=\"images/pencil.png\" class=\"tip disabled\" title=\"" . _("{$sname} profile can't be edited, clone it to make changes") . "\" />"; echo "<img src=\"images/delete.gif\" class=\"tip disabled\" title=\"" . _("{$sname} profile can't be deleted") . "\" />"; } else { if (Vulnerabilities::can_modify_profile($dbconn, $sname, $sowner)) { echo "<a href='settings.php?disp=edit&sid={$sid}'><img class='hand' id='edit_" . md5($sname . $sowner) . "' src='images/pencil.png' ></a>"; } else { echo "<img class='disabled' src='images/pencil.png'>"; } if (Vulnerabilities::can_delete_profile($dbconn, $sname, $sowner)) { echo "<img class='hand' src='images/delete.gif' id='delete_" . md5($sname . $sowner) . "' onclick='deleteProfile({$sid})'>"; } else { echo "<img class='disabled' src=\"images/delete.gif\" >"; } } echo "</td>"; echo "</tr>"; $result->MoveNext(); $color++; } echo "</table>"; echo "<center>"; echo "<form>"; echo "<br/>"; echo "<input type='button' onclick=\"document.location.href='settings.php?disp=new'\" id=\"new_profile\" value=\"" . _("Create New Profile") . "\"/>"; echo "</form>"; echo "</p>"; echo "</center>"; // end else }