function ChkLevel($token)
 {
     global $defined;
     if (empty($token)) {
         $level->value = -1;
     } else {
         $auth = new Encryption();
         $db = new dbConn();
         $val = new ValidateStrings();
         $array = $auth->DecodeAuthToken($token);
         $data = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']);
         $query = "SELECT `level` FROM `auth_users` WHERE `level` = \"" . base64_decode($array[2]) . "\"";
         $value = $db->dbQuery($val->ValidateSQL($query, $data), $data);
         $array = $db->dbArrayResults($value);
         $level->value = $array[0]['level'];
         $db->dbFreeData($query);
         $db->dbCloseConn($data);
     }
     return $level->value;
 }
 } else {
     $subnetquery = "SELECT * FROM `conf_pools` WHERE `group` = \"" . $group . "\" ORDER BY `pool-name` ASC";
 }
 if (($current = $db->dbQuery($val->ValidateSQL($subnetquery, $dbconn), $dbconn)) !== -1) {
     $subnetlist = $db->dbArrayResultsAssoc($current);
 }
 $pools = $misc->GenJumpMenuBoxPools($subnetlist, 'pools', $_GET['skin']);
 // generate list of allow/deny options
 $pl_ops = array("known-clients", "unknown-clients", "dynamic bootp clients", "authenticated clients", "unauthenticated clients", "all clients");
 if ($group === "admin") {
     $pl = "SELECT `class-name` FROM `conf_classes` ORDER BY `class-name` ASC";
 } else {
     $pl = "SELECT `class-name` FROM `conf_classes` WHERE `group` = \"" . $group . "\" OR `group` = '' ORDER BY `class-name` ASC";
 }
 if (($return = $db->dbQuery($val->ValidateSQL($pl, $dbconn), $dbconn)) !== -1) {
     $pls = $db->dbArrayResults($return);
 }
 // fix the nested array before merging
 for ($x = 0; $x < count($pls); $x++) {
     $newarr[] = $pls[$x]['class-name'];
 }
 if (count($newarr) !== 0) {
     $pls_opt = array_merge($pl_ops, $newarr);
     //echo "<pre>"; print_r( $pls_opt ); echo "</pre>";
 } else {
     $pls_opt = $pl_ops;
 }
 $list = $misc->GenDropMenuWSelectedPoolOpts($pls_opt, $allow_deny_op, 'allow_deny_op');
 /* create checkbox list of available groups */
 $groupsquery = "SELECT * FROM `auth_groups` WHERE `group` != \"admin\" AND `group` != \"" . $group . "\" ORDER BY `group` ASC";
 if (($res = $db->dbQuery($val->ValidateSQL($groupsquery, $dbconn), $dbconn)) !== -1) {
 // Do some cleaning before verifying installation
 $misc->CleanUpVars($_POST, NULL);
 // Free db handle and close connection(s)
 $db->dbFreeData($dbconn);
 $db->dbCloseConn($dbconn);
 // check results of import and application login
 $dbconn = $db->dbConnect($_POST['mysql_server_address'], $_POST['mysql_server_username'], $_POST['mysql_server_password'], 'phpDHCPAdmin');
 if ($dbconn === -1) {
     $error = $err->GenerateErrorLink("../help/help.html", "#app_setup", '../templates/images/error.jpg', "Error connecting to the database with the newly entered username and password combination for the database 'phpDHCPAdmin'", NULL, NULL);
 } else {
     // verify tables exist
     $query = "SHOW TABLES IN `phpDHCPAdmin`";
     if (($value = $db->dbQuery($val->ValidateSQL($query, $dbconn), $dbconn)) === -1) {
         $error = $err->GenerateErrorLink("../help/help.html", "#create_admin_user", '../templates/images/error.jpg', "There was an error when flushing the priveleges table", NULL, NULL);
     } else {
         $array = $db->dbArrayResults($value);
         foreach ($array as $key => $value) {
             $e = $err->GenerateErrorImg('../templates/images/error.jpg', "../help/help.html#app_setup", '800', '800');
             $list .= "<ol>";
             if (!in_array($value['Tables_in_phpDHCPAdmin'], $TABLES)) {
                 $list .= "<li>Missing table information for '" . $value['Tables_in_phpDHCPAdmin'] . "'</li>";
                 $flag = -1;
             }
         }
         $list .= "</ol>";
         if ($flag !== -1) {
             $error = $err->GenerateErrorLink("../help/help.html", "#app_setup", '../templates/images/good.jpg', "Permissions have been set on the database 'phpDHCPAdmin' for the user '" . $_POST['mysql_server_username'] . "' and our table structure is intact.", NULL, NULL);
         } else {
             $error = $err->GenerateErrorLink("../help/help.html", "#app_setup", '../templates/images/error.jpg', "An error occured when verifying database table schema" . $list, NULL, NULL);
         }
     }
 } elseif ($auth->AuthUser($_POST['user'], $_POST['pass'], $_SESSION['token']) === 0) {
     // perform permissions check with access level and group data
     if ($level->ChkLevel($_SESSION['token']) === "root" || $level->ChkLevel($_SESSION['token'] === "user")) {
         // decode our authentication token to get our group membership
         $user_details = $encrypt->DecodeAuthToken($_SESSION['token']);
         $group = base64_decode($user_details[3]);
         // initialize a db connection handle
         $dbconn = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']);
         // Get array of subnets to assign hosts to
         if ($group === "admin") {
             $query = "SELECT * FROM `conf_subnets` ORDER BY `subnet-name` ASC";
         } else {
             $query = "SELECT * FROM `conf_subnets` WHERE `group` = \"" . $group . "\" ORDER BY `subnet-name` ASC";
         }
         if (($value = $db->dbQuery($val->ValidateSQL($query, $dbconn), $dbconn)) !== -1) {
             $subdata = $db->dbArrayResults($value);
         }
         // are there subnets? if so populate sql queries to look up hosts per subnet
         if (count($subdata)) {
             foreach ($subdata as $key => $value) {
                 if ($group === "admin") {
                     $sql[$value['subnet-name']] = "SELECT * FROM `conf_hosts` WHERE `subnet-name` = \"" . $value['subnet-name'] . "\"{$filter}";
                 } else {
                     $sql[$value['subnet-name']] = "SELECT * FROM `conf_hosts` WHERE `subnet-name` = \"" . $value['subnet-name'] . "\" AND `group` = \"" . $group . "\"";
                 }
             }
             // execute as many database queries as we need for our host to subnet assignment
             foreach ($sql as $key => $value) {
                 if (($res = $db->dbQuery($val->ValidateSQL($value, $dbconn), $dbconn)) !== -1) {
                     $hostdata[$key] = $db->dbArrayResults($res);
                 }
 $sql['gpxe'] = "SELECT * FROM `conf_pxe_opts`";
 $sql['dns'] = "SELECT * FROM `conf_dns_opts`";
 $sql['failover'] = "SELECT * FROM `conf_failover`";
 $sql['dnssec'] = "SELECT * FROM `conf_dnssec_opts`";
 $sql['classes'] = "SELECT * FROM `conf_classes`";
 $sql['pools'] = "SELECT * FROM `conf_pools`";
 $sql['shared'] = "SELECT * FROM `conf_shared_networks`";
 $sql['subnets'] = "SELECT * FROM `conf_subnets`";
 $sql['pxe'] = "SELECT * FROM `conf_pxe_groups`";
 // process our sql array and place values in assoc array
 foreach ($sql as $key => $query) {
     if (($value = $db->dbQuery($val->ValidateSQL($query, $dbconn), $dbconn)) === -1) {
         $err_chk = 1;
         $list .= "<li>Could not look up data for  the '" . $key . "' configuration options</li>";
     } else {
         $results[$key] = $db->dbArrayResults($value);
     }
 }
 // determine which hosts belong to pxe groups
 $classes_count = count($results['classes']);
 foreach ($results['classes'] as $key => $class) {
     $sql['class'][$class['class-name']] = "SELECT * FROM `conf_classes_options` WHERE `class-name` = '" . $class['class-name'] . "'";
 }
 // build our static hosts into pxe groups first
 if (count($sql['class']) !== 0) {
     foreach ($sql['class'] as $key => $query) {
         if (($value = $db->dbQuery($val->ValidateSQL($query, $dbconn), $dbconn)) === -1) {
             $err_chk = 1;
             $list .= "<li>Could not look up data for the '" . $key . "' configuration options</li>";
         } else {
             $results['classes']['classes-options'][$key] = $db->dbArrayResults($value);
     // authentication data not found in database
 } elseif ($auth->AuthUser($_POST['user'], $_POST['pass'], $_SESSION['token']) === -4) {
     $ERROR = $err->GenerateErrorLink("help/help.html", "#user", $defined['error'], $errors['auth_n'], NULL, NULL);
     // error in database query
 } elseif ($auth->AuthUser($_POST['user'], $_POST['pass'], $_SESSION['token']) === -5) {
     $ERROR = $err->GenerateErrorLink("help/help.html", "#undef", $defined['error'], $errors['undef_sql'], NULL, NULL);
     // valid user found
 } elseif ($auth->AuthUser($_POST['user'], $_POST['pass'], $_SESSION['token']) === 0) {
     // perform permissions check with access level and group data
     if ($level->ChkLevel($_SESSION['token']) === "root" || $level->ChkLevel($_SESSION['token'] === "user")) {
         // initialize a db connection handle
         $dbconn = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']);
         // generate array of interfaces to assign leases to
         $sql = "SELECT `subnet`,`scope-range-1`,`scope-range-2`,`subnet-name` FROM `conf_subnets`";
         if (($value = $db->dbQuery($val->ValidateSQL($sql, $dbconn), $dbconn)) !== -1) {
             $subnets = $db->dbArrayResults($value);
         }
         // loop over results and create nested array of leases per subnet
         foreach ($subnets as $key => $value) {
             // ensure we are looking at a subnet with a scope defined
             if (!empty($value['scope-range-1']) && !empty($value['scope-range-2'])) {
                 $ip = $value['subnet'];
                 $name = $value['subnet-name'];
                 // aquire the total number of leases available in scope
                 preg_match('/[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.([0-9]{1,3})/', $value['scope-range-1'], $start);
                 preg_match('/[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.([0-9]{1,3})/', $value['scope-range-2'], $end);
                 // begin counting
                 $total = 1;
                 for ($x = $start[1]; $x < $end[1]; $x++) {
                     $total = $total + 1;
                 }
 // process our query
 if (($value = $db->dbQuery($val->ValidateSQL($query, $dbconn), $dbconn)) === -1) {
     $error = $err->GenerateErrorLink("help/help.html", "#host_search", $defined['error'], $db_msg_err, NULL, NULL);
     // does the record exist? a duplicate mac, ip or hostname is not allowed
     if (eregi("duplicate", $db->dbCatchError()) && !empty($id) || !empty($modify) && $modify === "modify") {
         // look at error and grab the existing record
         @preg_match('/.*\'(.*)\'.*/', $db->dbCatchError(), $dup);
         // make sure users can't edit other group records
         if ($group !== "admin") {
             $sql = "SELECT `id` FROM `conf_hosts` WHERE `ip-address` LIKE \"" . $dup[1] . "\" OR `hostname` LIKE \"" . $dup[1] . "\" OR `mac-address` LIKE \"" . $dup[1] . "\" HAVING `group` = \"" . $group . "\"";
         } else {
             $sql = "SELECT `id` FROM `conf_hosts` WHERE `ip-address` LIKE \"" . $dup[1] . "\" OR `hostname` LIKE \"" . $dup[1] . "\" OR `mac-address` LIKE \"" . $dup[1] . "\"";
         }
         // execute the database query for our matching record
         if (($value = $db->dbQuery($val->ValidateSQL($sql, $dbconn), $dbconn)) !== -1) {
             $ids = $db->dbArrayResults($value);
         }
         // create new `update` sql statement with matching id to overwrite record as per requested
         if ($group === "admin") {
             $update = "UPDATE `conf_hosts` SET `hostname` = \"" . $hostname . "\", `mac-address` = \"" . $mac_address . "\", `ip-address` = \"" . $ip_address . "\", `subnet-name` = \"" . $subnet_name . "\", `pxe-group` = \"" . $pxe_group . "\", `group` = \"" . $group . "\" WHERE `id` = \"" . $ids[0]['id'] . "\" LIMIT 1";
         } else {
             $update = "UPDATE `conf_hosts` SET `hostname` = \"" . $hostname . "\", `mac-address` = \"" . $mac_address . "\", `ip-address` = \"" . $ip_address . "\", `subnet-name` = \"" . $subnet_name . "\", `pxe-group` = \"" . $pxe_group . "\" WHERE `id` = \"" . $ids[0]['id'] . "\" LIMIT 1";
         }
         // perform update on record
         if (($value = $db->dbQuery($val->ValidateSQL($update, $dbconn), $dbconn)) === -1) {
             $error = $err->GenerateErrorLink("help/help.html", "#host_search", $defined['error'], $errors['db_edit_err'], NULL, NULL);
         } else {
             // was anything updated?
             if ($db->dbAffectedRows($dbconn) === 0) {
                 $error = $err->GenerateErrorLink("help/help.html", "#host_search", $defined['error'], $errors['db_edit_err'], NULL, NULL);
             } else {
 function ProcessAdapterDetails($array)
 {
     global $defined;
     $db = new dbConn();
     $val = new ValidateStrings();
     $lib = new MiscFunctions();
     $insert = '';
     $update = '';
     $key = '';
     $value = array();
     // initialize a db connection handle
     $dbconn = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']);
     // begin loop
     foreach ($array as $key => $value) {
         // sql statements
         $insert = "INSERT INTO `conf_adapters` ( `name`, `encap`, `hwaddr`, `ipv4`, `broadcast`, `mask`, `ipv6`, `flags`, `rx_packets`, `rx_errors`, `rx_dropped`, `rx_overruns`, `rx_frame`, `tx_packets`, `tx_errors`, `tx_dropped`, `tx_overruns`, `tx_carrier`, `rx_bytes`, `tx_bytes` ) VALUES ( \"" . $key . "\", \"" . $value['encap'] . "\", \"" . $value['hwaddr'] . "\", \"" . $value['ipv4'] . "\", \"" . $value['broadcast'] . "\", \"" . $value['mask'] . "\", \"" . $value['ipv6'] . "\", \"" . $value['flags'] . "\", \"" . $value['RX_packets'] . "\", \"" . $value['RX_errors'] . "\", \"" . $value['RX_dropped'] . "\", \"" . $value['RX_overruns'] . "\", \"" . $value['RX_frame'] . "\", \"" . $value['TX_packets'] . "\", \"" . $value['TX_errors'] . "\", \"" . $value['TX_dropped'] . "\", \"" . $value['TX_overruns'] . "\", \"" . $value['TX_carrier'] . "\", \"" . $value['RX_total'] . "\", \"" . $value['TX_total'] . "\" )";
         $update = "UPDATE `conf_adapters_details` SET `name` = \"" . $key . "\", `encap` = \"" . $value['encap'] . "\", `hwaddr` = \"" . $value['hwaddr'] . "\", `ipv4` = \"" . $value['ipv4'] . "\", `broadcast` = \"" . $value['broadcast'] . "\", `mask` = \"" . $value['mask'] . "\", `ipv6` = \"" . $value['ipv6'] . "\", `flags` = \"" . $value['flags'] . "\", `rx_packets` = \"" . $value['RX_packets'] . "\", `rx_errors` = \"" . $value['RX_errors'] . "\", `rx_dropped` = \"" . $value['RX_dropped'] . "\", `rx_overruns` = \"" . $value['RX_overruns'] . "\", `rx_frame` = \"" . $value['RX_frame'] . "\", `tx_packets` = \"" . $value['TX_packets'] . "\", `tx_errors` = \"" . $value['TX_errors'] . "\", `tx_dropped` = \"" . $value['TX_dropped'] . "\", `tx_overruns` = \"" . $value['TX_overruns'] . "\", `tx_carrier` = \"" . $value['TX_carrier'] . "\", `rx_bytes` = \"" . $value['RX_total'] . "\", `tx_bytes` = \"" . $value['TX_total'] . "\" WHERE `name` = \"" . $key . "\" LIMIT 1";
         // determine if an traffic table update should occur
         if ($value['RX_total'] !== 0) {
             // time machine calcs
             // (only run once an hour)
             $now = $this->GenTime();
             // grab some current traffic data
             $res = $db->dbQuery($val->ValidateSQL("SELECT `time` FROM `conf_traffic` WHERE `time` < \"" . $now . "\" AND `bytes` > 0 AND `interface` = \"" . $key . "\" LIMIT 1", $dbconn), $dbconn);
             $times = $db->dbArrayResults($res);
             // get a value we can compare against an hour
             $test = abs($now - $times[0]['time']);
             // insert some data
             if ($test > 3600 && !empty($value['RX_total'])) {
                 $traffic = "INSERT INTO `conf_traffic` ( `interface`, `bytes`, `time` ) VALUES ( \"" . $key . "\", \"" . $value['RX_total'] . "\", UNIX_TIMESTAMP() )";
                 $db->dbQuery($val->ValidateSQL($traffic, $dbconn), $dbconn);
             }
         }
         // do the db stuff for our adapters
         if ($db->dbQuery($val->ValidateSQL($insert, $dbconn), $dbconn) !== 0) {
             if (eregi("duplicate", $db->dbCatchError())) {
                 $db->dbQuery($val->ValidateSQL($update, $dbconn), $dbconn);
             }
         }
     }
 }
     // error in database query
 } elseif ($auth->AuthUser($_POST['user'], $_POST['pass'], $_SESSION['token']) === -5) {
     $ERROR = $err->GenerateErrorLink("help/help.html", "#undef", $defined['error'], $errors['undef_sql'], NULL, NULL);
     // valid user found
 } elseif ($auth->AuthUser($_POST['user'], $_POST['pass'], $_SESSION['token']) === 0) {
     // perform permissions check with access level and group data
     if ($level->ChkLevel($_SESSION['token']) === "root" || $level->ChkLevel($_SESSION['token'] === "user")) {
         // initialize a db connection handle
         $dbconn = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']);
         $now = $misc->GenTime();
         $hour_old = $now - 3600;
         $six_hour_old = $now - 21000;
         // most recent traffic
         $sql = "SELECT * FROM `conf_traffic` WHERE `time` <= \"" . $now . "\" AND `time` >= \"" . $hour_old . "\"";
         if (($value = $db->dbQuery($val->ValidateSQL($sql, $dbconn), $dbconn)) !== -1) {
             $traffic_recent = $db->dbArrayResults($value);
         }
         // traffic from last 6 hours
         $sql = "SELECT * FROM `conf_traffic` WHERE `time` <= \"" . $hour_old . "\" AND `time` >= \"" . $six_hour_old . "\"";
         if (($value = $db->dbQuery($val->ValidateSQL($sql, $dbconn), $dbconn)) !== -1) {
             $traffic_old = $db->dbArrayResults($value);
         }
         // check to see if we have valid data to use
         if (count($traffic_recent) === 0) {
             $traffic_recent[0] = array("interface" => "EMPTY", "bytes" => 0);
         }
         if (count($traffic_old) === 0 || empty($traffic_old)) {
             $traffic_old[0] = array("interface" => "EMPTY", "bytes" => 0);
         }
         // generate our graphs but check for gd lib extensions first
         if (function_exists('imagedestroy') && count($traffic_recent) !== 0) {
if (file_exists('../scripts/inc.config.php')) {
    require '../scripts/inc.config.php';
    global $defined;
    // open up some handles
    $db = new dbConn();
    $val = new ValidateStrings();
    $misc = new MiscFunctions();
    // attempt to get a list of networks the net adapter(s) are listening on
    $misc->GetAdapters();
    // process lease data
    $misc->GetCurrentLeases($defined['leases']);
    // look to see if we need to recreate the leases file
    $dbconn = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']);
    $query = "SELECT `recreate` FROM `conf_leases_properties` WHERE `id` = \"1\"";
    if (($value = $db->dbQuery($val->ValidateSQL($query, $dbconn), $dbconn)) === 0) {
        $data = $db->dbArrayResults($value);
    }
    // do we recreate?
    if ($data[0]['recreate'] === "TRUE") {
        echo "LEASES: We are going to recreate the current " . $defined['leases'] . "file. Please wait...\n";
    }
    // Check for file that flags a restart
    if (file_exists($defined['virpath'] . "conf/restart")) {
        // make sure we have a configuration file to use
        if (file_exists($defined['virpath'] . "conf/dhcpd.conf")) {
            // use the $defined[dhcpd_cmd] var to restart the service with our config file
            system('/usr/bin/killall dhcpd');
            system("rm " . $defined['virpath'] . "conf/restart");
            system($defined['dhcpd_cmd']);
            echo "RESTART: The ISC DHCPD service has been restarted.\n";
        } else {
 function AuthUser($user, $pass, $token)
 {
     // our global config opts
     global $defined;
     // initialize classes
     $db = new dbConn();
     $val = new ValidateStrings();
     $lib = new Authenticate();
     $auth = new Encryption();
     $sess = new Sessions();
     $misc = new MiscFunctions();
     $exit = new ExitApp();
     // check our authentication requirements
     if (empty($user) && empty($pass) && empty($token)) {
         return -1;
     }
     // we have an existing authentication token present
     if (!empty($token) && empty($user) && empty($pass)) {
         $array = $auth->DecodeAuthToken($token);
         $user = base64_decode($array[0]);
         $pass = base64_decode($array[1]);
         $time = $array[4];
         $current = $misc->GenTime();
         if ($lib->AuthTimeOut($defined['timeout'], $time, $current) === -1) {
             return -2;
         }
     }
     // perform validation on username and password
     if ($val->ValidateAlphaChar($user) === -1 || $val->ValidateParagraph($pass) === -1) {
         return -3;
     }
     // see if the user exists for authenticaiton
     $data = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']);
     $query = "SELECT * FROM `auth_users` WHERE `username` = \"{$user}\" AND `password` = sha1( \"{$pass}\" )";
     $query = $val->ValidateSQL($query, $data);
     // database problem
     if (($value = $db->dbQuery($query, $data)) === -1) {
         return -5;
     }
     // check user match
     if ($db->dbNumRows($value) === -1 || $db->dbNumRows($value) === 0) {
         return -4;
     } else {
         $return = 0;
     }
     // create our authentication session token
     if (empty($token)) {
         $array = $db->dbArrayResults($value);
         $x = $auth->GeneratePrivateKey($defined['enckeygen']);
         $access_date = $misc->GenDate();
         $access_time = $misc->GenTimeRead();
         $query = "UPDATE `auth_users` SET `access_date` = \"" . $access_date . "\", `access_time` = \"" . $access_time . "\", `session` = \"{$x}\" WHERE `id` = \"" . $array[0]['id'] . "\"";
         $value = $val->ValidateSQL($query, $data);
         if (($value = $db->dbQuery($value, $data)) === -1) {
             return -5;
         }
         $x = $auth->EncodePrivToHex($x);
         if (($token = $auth->EncodeAuthToken($array[0]['username'], $pass, $array[0]['level'], $array[0]['group'], $misc->GenTime(), $x)) !== -1) {
             $sess->RegisterSession("token", $token);
             $return = 0;
         }
     }
     $db->dbFreeData($query);
     $db->dbCloseConn($data);
     return $return;
 }