Esempio n. 1
0
 public function checkEmail($email)
 {
     $exists = false;
     try {
         $sql = $this->db->prepare("\n\t\t\t\tSELECT email \n\t\t\t\tFROM users\n\t\t\t\tWHERE email = :email\n\t\t\t");
         $sql->bindParam(":email", $email);
         $sql->execute();
         $result = $sql->fetchAll(PDO::FETCH_OBJ);
         if (count($result) > 0) {
             $exists = true;
         }
     } catch (PDOException $e) {
         errormsg($e->getMessage());
     }
     return $exists;
 }
Esempio n. 2
0
 public function run($rules = '')
 {
     echo 'RBAC';
     exit;
     $this->Module = $rules['Module'];
     $this->Controller = $rules['Controller'];
     $this->Action = $rules['Action'];
     $this->p = [];
     //是否在需要验证的范围内 如果是false 直接跳过
     $this->Actionin = empty($rules['behaviors']['access']['only']) ? true : in_array($this->Action, $rules['behaviors']['access']['only']) ? ture : false;
     //$this->Bmarch($rules['rules']['access'])->Umarch($rules['behaviors']['access']);;         //基础行为匹配
     $pary = $this->Umarch($rules['behaviors']['access']['rules'])->Get();
     //基础行为匹配
     if ($pary['deny']) {
         errormsg('用户权限不足');
     }
     //====================================================
     return true;
 }
Esempio n. 3
0
 public function get($key = '')
 {
     if ($key == 'debug.show') {
         return $this->show();
     }
     if ($key == 'debug.display') {
         return $this->display();
     }
     if (!$key) {
         errormsg('Error::Geter is not permit empty!!');
     }
     $mc = explode('.', $key);
     $c = $mc[0] ?: '';
     $c = ucfirst(strtolower($c));
     //首字母大写
     $a = $mc[1] ?: 'index';
     $p = $mc[2] ?: '';
     //===========================================================
     //范围
     $fw = $this->Config['FW'] ?: [];
     if (!in_array($c, $fw)) {
         errormsg('Error::out of Geter limit!');
     }
     //超出范围
     //===========================================================
     $class = $this->getClass($c);
     //===========================================================
     $methodfw = $class->show();
     array_push($methodfw, 'show', 'ds', 'index');
     //===========================================================
     if (!in_array($a, $methodfw)) {
         errormsg('Error::out of Geter Method limit!');
     }
     //超出范围
     return $class->{$a}($p);
 }
Esempio n. 4
0
<?php

include_once "db_connect.php";
include_once "ldap_connect.php";
include_once "functions.php";
sec_session_start();
if (isset($_POST['username'], $_POST['password'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];
    if (login($username, $password, $adldap, $mysqli) == true) {
        // Login success
        gohome();
    } else {
        // Login failed, incorrect details
        errormsg('login failed');
    }
} elseif (!$_POST) {
    echo "\n\t<div class='panel panel-primary'>\n\t    <div class='panel-heading center'>\n\t\t<h1 class='panel-title'>" . SITE_TITLE . " -- Login</h1>\n\t    </div>\n\t</div>\n        <form class='form-signin' action='" . SITE_URL . "/?do=login' method='post' name='login'>\n                <h2 class='form-signin-heading'>Please sign in</h2>\n                <label for='username' class='sr-only'>Username</label>\n                <input type='text' id='username' name='username'  class='form-control' placeholder='Username'/>\n                <label for='password' class='sr-only'>Password</label>\n                <input type='password' id='password' name='password' class='form-control' placeholder='Password'/>\n                <button class='btn large primary btn-block' type='submit'>Sign in</button>\n        </form>\n\t";
}
Esempio n. 5
0
require_once "reqs/pdo.php";
require_once "reqs/auth.php";
$username = param($_POST, 'username', '');
$password = param($_POST, 'password', '');
if (empty($username)) {
    errormsg("Username required.");
}
if (empty($password)) {
    errormsg("Password required.");
}
$dbh = new PDB();
$db = $dbh->db;
$site = new Site($db);
$hashed = $site->hasher($username, $password);
try {
    $st = $db->prepare("\n\t\tSELECT id, teamID, user_n, first_name, last_name FROM users WHERE user_n = :user AND user_p = :pass\n\t");
    $st->bindParam(":user", $username);
    $st->bindParam(":pass", $hashed["hash"]);
    $st->execute();
} catch (PDOException $e) {
    errormsg($e->getMessage());
}
$st->setFetchMode(PDO::FETCH_OBJ);
$row = $st->fetch();
if ($st->rowCount() == 0) {
    errormsg("Username or password incorrect.");
}
session_start();
session_regenerate_id(true);
$_SESSION['user'] = $row->id;
exitjson(array("user" => $row));
Esempio n. 6
0
                if (add_domain($domain_name, $client_id, $mysqli)) {
                    echo "\n\t\t\t\t\t\t<!-- Begin Content Division -->\n\t\t\t\t\t\t<div id='content'>\t\t\t\t\t\n\t\t\t\t\t\t\t<legend>Create Domain</legend>\n\t\t\t\t\t\t\t" . quickalert("success", "New domain '" . $domain_name . "' has been added to the database for client '" . $client_name . "'.") . "\n\t\t\t\t\t\t<!-- End Content Division -->\n\t\t\t\t\t\t</div>\n\t\t\t\t\t";
                } else {
                    errormsg("Failed to insert new record into the database");
                }
            } else {
                errormsg("This domain is already in the database!");
            }
        } else {
            errormsg("This client_id does not exist");
        }
    } elseif (!$_POST) {
        echo "\n\t\t<!-- Begin Content Division -->\n\t\t<div id='content'>\n\t\t\t<form class='form-horizontal' action='" . SITE_URL . "/?do=create&object=domain' method='post' name='create_domain'>\n\t\t\t\t<fieldset>\n\t\t\t\t\n\t\t\t\t<legend>Create Domain</legend>\n\t\t\t\t" . quickalert("info", "Domain names must contain a valid fully qualified domain name.") . "\n\t\t\t\t\n\t\t\t\t<div class='form-group'>\n\t\t\t\t\t<label class='col-md-4 control-label' for='selectbasic'>Client</label>\n\t\t\t\t\t<div class='col-md-4'>\n\t\t\t\t\t<select id='client_id' name='client_id' class='form-control'>\n\t\t\t\t";
        $query = "SELECT client_id,client_name FROM clients ORDER BY client_name";
        if ($stmt = $mysqli->prepare($query)) {
            $stmt->execute();
            $stmt->store_result();
            if ($stmt->num_rows > 0) {
                $stmt->bind_result($client_id, $client_name);
                while ($row = $stmt->fetch()) {
                    echo "<option value=" . $client_id . ">" . $client_name . "</option>";
                }
            }
        }
        // free result set
        $stmt->close();
        echo "\n\t\t\t\t\t</select>\n\t\t\t\t  </div>\n\t\t\t\t</div>\n\t\t\t\t<div class='form-group'>\n\t\t\t\t  <label class='col-md-4 control-label' for='textinput'>Domain Name</label>\n\t\t\t\t  <div class='col-md-4'>\n\t\t\t\t  <input\n\t\t\t\t  \trequired\n\t\t\t\t  \ttype='text'\n\t\t\t\t  \tname='domain_name'\n\t\t\t\t  \tplaceholder='e.g yourbusiness.com.au'\n\t\t\t\t  \tclass='form-control input-md'\n\t\t\t\t  \tpattern='^[-a-z0-9]{1,63}\\.(ac\\.nz|co\\.nz|geek\\.nz|gen\\.nz|kiwi\\.nz|maori\\.nz|net\\.nz|org\\.nz|school\\.nz|ae|ae\\.org|com\\.af|asia|asn\\.au|auz\\.info|auz\\.net|com\\.au|id\\.au|net\\.au|org\\.au|auz\\.biz|az|com\\.az|int\\.az|net\\.az|org\\.az|pp\\.az|biz\\.fj|com\\.fj|info\\.fj|name\\.fj|net\\.fj|org\\.fj|pro\\.fj|or\\.id|biz\\.id|co\\.id|my\\.id|web\\.id|biz\\.ki|com\\.ki|info\\.ki|ki|mobi\\.ki|net\\.ki|org\\.ki|phone\\.ki|biz\\.pk|com\\.pk|net\\.pk|org\\.pk|pk|web\\.pk|cc|cn|com\\.cn|net\\.cn|org\\.cn|co\\.in|firm\\.in|gen\\.in|in|in\\.net|ind\\.in|net\\.in|org\\.in|co\\.ir|ir|co\\.jp|jp|jp\\.net|ne\\.jp|or\\.jp|co\\.kr|kr|ne\\.kr|or\\.kr|co\\.th|in\\.th|com\\.bd|com\\.hk|hk|idv\\.hk|org\\.hk|com\\.jo|jo|com\\.kz|kz|org\\.kz|com\\.lk|lk|org\\.lk|com\\.my|my|com\\.nf|info\\.nf|net\\.nf|nf|web\\.nf|com\\.ph|ph|com\\.ps|net\\.ps|org\\.ps|ps|com\\.sa|com\\.sb|net\\.sb|org\\.sb|com\\.sg|edu\\.sg|org\\.sg|per\\.sg|sg|com\\.tw|tw|com\\.vn|net\\.vn|org\\.vn|vn|cx|fm|io|la|mn|nu|qa|tk|tl|tm|to|tv|ws|academy|careers|education|training|bike|biz|cat|co|com|info|me|mobi|name|net|org|pro|tel|travel|xxx|blackfriday|clothing|diamonds|shoes|tattoo|voyage|build|builders|construction|contractors|equipment|glass|lighting|plumbing|repair|solutions|buzz|sexy|singles|support|cab|limo|camera|camp|gallery|graphics|guitars|hiphop|photo|photography|photos|pics|center|florist|institute|christmas|coffee|kitchen|menu|recipes|company|enterprises|holdings|management|ventures|computer|systems|technology|directory|guru|tips|wiki|domains|link|estate|international|land|onl|pw|today|ac\\.im|co\\.im|com\\.im|im|ltd\\.co\\.im|net\\.im|org\\.im|plc\\.co\\.im|am|at|co\\.at|or\\.at|ba|be|bg|biz\\.pl|com\\.pl|info\\.pl|net\\.pl|org\\.pl|pl|biz\\.tr|com\\.tr|info\\.tr|tv\\.tr|web\\.tr|by|ch|co\\.ee|ee|co\\.gg|gg|co\\.gl|com\\.gl|co\\.hu|hu|co\\.il|org\\.il|co\\.je|je|co\\.nl|nl|co\\.no|no|co\\.rs|in\\.rs|rs|co\\.uk|org\\.uk|uk\\.net|com\\.de|de|com\\.es|es|nom\\.es|org\\.es|com\\.gr|gr|com\\.hr|com\\.mk|mk|com\\.mt|net\\.mt|org\\.mt|com\\.pt|pt|com\\.ro|ro|com\\.ru|net\\.ru|ru|su|com\\.ua|ua|cz|dk|eu|fi|fr|pm|re|tf|wf|yt|gb\\.net|ie|is|it|li|lt|lu|lv|md|mp|se|se\\.net|si|sk|ac|ag|co\\.ag|com\\.ag|net\\.ag|nom\\.ag|org\\.ag|ai|com\\.ai|com\\.ar|as|biz\\.pr|com\\.pr|net\\.pr|org\\.pr|pr|biz\\.tt|co\\.tt|com\\.tt|tt|bo|com\\.bo|com\\.br|net\\.br|tv\\.br|bs|com\\.bs|bz|co\\.bz|com\\.bz|net\\.bz|org\\.bz|ca|cl|co\\.cr|cr|co\\.dm|dm|co\\.gy|com\\.gy|gy|co\\.lc|com\\.lc|lc|co\\.ms|com\\.ms|ms|org\\.ms|co\\.ni|com\\.ni|co\\.ve|com\\.ve|co\\.vi|com\\.vi|com\\.co|net\\.co|nom\\.co|com\\.cu|cu|com\\.do|do|com\\.ec|ec|info\\.ec|net\\.ec|com\\.gt|gt|com\\.hn|hn|com\\.ht|ht|net\\.ht|org\\.ht|com\\.jm|com\\.kn|kn|com\\.mx|mx|com\\.pa|com\\.pe|pe|com\\.py|com\\.sv|com\\.uy|uy|com\\.vc|net\\.vc|org\\.vc|vc|gd|gs|north\\.am|south\\.am|us|us\\.org|sx|tc|vg|cd|cg|cm|co\\.cm|com\\.cm|net\\.cm|co\\.ke|or\\.ke|co\\.mg|com\\.mg|mg|net\\.mg|org\\.mg|co\\.mw|com\\.mw|coop\\.mw|mw|co\\.na|com\\.na|na|org\\.na|co\\.ug|ug|co\\.za|com\\.ly|ly|com\\.ng|ng|com\\.sc|sc|mu|rw|sh|so|st|club|kiwi|uno|email|ruhr)\$'/>\n\t\t\t\t  <span class='help-block'>Enter the Domain Name here</span>  \n\t\t\t\t  </div>\n\t\t\t\t</div>\n\t\t\t\t\n\t\t\t\t<div class='form-group'>\n\t\t\t\t  <label class='col-md-4 control-label' for='singlebutton'></label>\n\t\t\t\t  <div class='col-md-4'>\n\t\t\t\t\t<button id='singlebutton' name='singlebutton' class='btn success large' type='submit'><span class='glyphicon glyphicon-plus-sign' id='logIcon'></span> Create </button>\n\t\t\t\t  </div>\n\t\t\t\t</div>\n\t\t\t\t\n\t\t\t\t</fieldset>\n\t\t\t</form>\n\t\t<!-- End Content Division -->\n\t\t</div>\n\t\t";
    } else {
        errormsg('no clients exist to create a domain for');
    }
}
Esempio n. 7
0
File: bios.php Progetto: NazarK/sqp
function page_user_signup()
{
    event("on_user_signup");
    form_start("", "post", " name=signup_form ");
    form_input("Email", "email", form_post("email"));
    form_password("Password", "password", "", "", " class='password' ");
    form_password("Retype", "retype");
    form_submit("Sign Up", "Signup", " id=signup_submit ");
    form_end();
    $o = form();
    if (form_post("email")) {
        if (!form_post("password") || !form_post("retype")) {
            $o .= "Please fill all fields.";
        } else {
            if (form_post("password") != form_post("retype")) {
                $o .= "Retype doesn't match password.";
            } else {
                $exists = db_result(db_query("SELECT id FROM users WHERE email='%s'", form_post("email")));
                if ($exists) {
                    $o .= errormsg("Such email (login) already in use.");
                } else {
                    db_query("INSERT INTO users (email,password)\r\n                         VALUES ('%s','%s')", form_post("email"), form_post("password"));
                    $_SESSION['userid'] = db_last_id();
                    redir("");
                    die;
                    $o .= "Successfully signed up";
                }
            }
        }
    }
    return "{$o}";
}
Esempio n. 8
0
File: pdo.php Progetto: dellbby/wspp
 public function getTask($taskID)
 {
     try {
         $st = $this->db->prepare("\n\t\t\t\tSELECT tasks.*, projects.projectName, projects.clientID, clients.clientName, CONCAT(users.first_name, ' ', users.last_name) AS assignedTo   \n\t\t\t\tFROM tasks \n\t\t\t\tLEFT JOIN projects ON projects.id = tasks.projectID \n\t\t\t\tLEFT JOIN clients ON clients.id = projects.clientID \n\t\t\t\tLEFT JOIN users on users.id = tasks.taskeeID \n\t\t\t\tWHERE tasks.id = :taskID \n\t\t\t");
         $st->execute(array(":taskID" => $taskID));
     } catch (PDOException $e) {
         errormsg($e->getMessage());
     }
     $st->setFetchMode(PDO::FETCH_OBJ);
     $row = $st->fetch();
     return $row;
 }
Esempio n. 9
0
            errormsg("address_id not valid");
        }
        // get some more info
    } elseif (isset($_GET['id'])) {
        if (get_domain_name($_GET['id'], $mysqli)) {
            $address_id = $_GET['id'];
            if ($client_id = get_client_id_by_address_id($address_id, $mysqli)) {
                echo "\n\t\t\t\t<!-- Begin Content Division -->\n\t\t\t\t<div id='content'>\n\t\t\t\t\t<form class='form-horizontal' action='" . SITE_URL . "/?do=opt&object=changedomainowner' method='get' name='change_domain_owner'>\n\t\t\t\t\t\t<fieldset>\n\t\t\t\t\t\t\n\t\t\t\t\t\t<legend>Change Domain Owner</legend>\n\n\t\t\t\t\t\t<input type='hidden' name='do' value='opt'>\n\t\t\t\t\t\t<input type='hidden' name='object' value='changedomainowner'>\n\t\t\t\t\t\t<input type='hidden' name='id' value='" . $address_id . "'>\n\n\t\t\t\t\t\t<div class='form-group'>\n\t\t\t\t\t\t\t<label class='col-md-4 control-label' for='selectbasic'>New Owner</label>\n\t\t\t\t\t\t\t<div class='col-md-4'>\n\t\t\t\t\t\t\t<select id='client_id' name='client_id' class='form-control'>\n\t\t\t\t\t\t";
                $query = "SELECT client_id,client_name FROM clients WHERE client_id != ? ORDER BY client_name";
                if ($stmt = $mysqli->prepare($query)) {
                    $stmt->bind_param('i', $client_id);
                    $stmt->execute();
                    $stmt->store_result();
                    if ($stmt->num_rows > 0) {
                        $stmt->bind_result($client_id, $client_name);
                        while ($row = $stmt->fetch()) {
                            echo "<option value=" . $client_id . ">" . $client_name . "</option>";
                        }
                    }
                }
                // free result set
                $stmt->close();
                echo "\n\t\t\t\t\t\t\t</select>\n\t\t\t\t\t\t  </div>\n\t\t\t\t\t\t</div>\n\t\t\t\t\t\t<div class='form-group'>\n\t\t\t\t\t\t  <label class='col-md-4 control-label' for='singlebutton'></label>\n\t\t\t\t\t\t  <div class='col-md-4'>\n\t\t\t\t\t\t\t<button id='singlebutton' name='singlebutton' class='btn success large' type='submit'><span class='glyphicon glyphicon-plus-sign' id='logIcon'></span> Change </button>\n\t\t\t\t\t\t  </div>\n\t\t\t\t\t\t</div>\n\t\t\t\t\t\t\n\t\t\t\t\t\t</fieldset>\n\t\t\t\t\t</form>\n\t\t\t\t<!-- End Content Division -->\n\t\t\t\t</div>\n\t\t\t\t";
            } else {
                errormsg("address_id not valid");
            }
        }
    } else {
        errormsg("invalid GET array");
    }
}
Esempio n. 10
0
			</div>
		</form>
		<?php 
    } else {
        echo '<h3><span class="text-success">已向注册邮箱发送邮件!</span></h3>';
        echo '<p>去邮箱查收邮件并点击重置密码链接</p>';
    }
}
?>

		<?php 
if ($classactive2) {
    ?>
		<form action="" method="post">
			<?php 
    errormsg($errors);
    ?>
			<h3>设置新密码:</h3>
			<p><input type="password" name="pass1" class="form-control input-lg" placeholder="输入新密码" autofocus></p>
			<h5>重复新密码:</h5>
			<p><input type="password" name="pass2" class="form-control input-lg" placeholder="重复新密码"></p>
			<p><input type="submit" value="确认提交" class="btn btn-block btn-primary btn-lg"></p>
		</form>
		<?php 
}
?>

		<?php 
if ($classactive3) {
    ?>
		<form>
Esempio n. 11
0
if (empty($updata["id"])) {
    errormsg("The 'clientID' is required.");
}
$dbh = new PDB();
$db = $dbh->db;
$site = new Site($db);
try {
    $ct = 0;
    $sql = "UPDATE clients SET ";
    foreach ($updata as $key => $value) {
        if ($value != "" && $key != "id") {
            if ($ct != 0) {
                $sql .= ", ";
            }
            $sql .= $key . " = :" . $key;
            $ct++;
        }
    }
    $sql .= " WHERE id = :id";
    $st = $db->prepare($sql);
    foreach ($updata as $key => &$value) {
        if ($value != "") {
            $st->bindParam(":" . $key, $value);
        }
    }
    $st->execute();
    $newclient = $dbh->getClient($user, $updata["id"]);
} catch (PDOException $e) {
    errormsg($e->getMessage());
}
exitjson(array("client" => $newclient));
Esempio n. 12
0
<?php

include_once "config.php";
include_once "functions.php";
// are you logged in?
if (!isset($_SESSION['username'])) {
    gohome();
}
// are you in the correct group?
if ($_SESSION['role_id'] < 1) {
    errormsg('Your role does not have access to this resource');
} else {
    echo "\n\t<!-- Begin Content Division -->\n\t<div id='content'>\n\t\t<div id='ajaxAlerts'>\n\t\t";
    include_once dirname(__FILE__) . "/../../public_html/ajax_alerts.php";
    echo "\n\t\t</div>\n\t\t<div id='ajaxInfo'>\n\t\t</div>\n\t<!-- End Content Division -->\n\t</div>\n\t\n\t";
}
Esempio n. 13
0
<?php

error_reporting(E_ALL);
session_start();
session_regenerate_id(false);
require_once "reqs/common.php";
require_once "reqs/pdo.php";
//require_once("reqs/auth.php");
$dbh = new PDB();
$db = $dbh->db;
if (!isset($_SESSION["user"])) {
    errormsg("Not logged in.");
}
$userID = $_SESSION["user"];
$userdata = $dbh->getUser($userID);
exitjson(array("user" => $userdata));
Esempio n. 14
0
                } else {
                    errormsg($entity, "Could not open document: " . $entity_url);
                }
                break;
                // Use FTP functions
            // Use FTP functions
            case "ftp":
                if ($ftp = @ftp_connect($url["host"])) {
                    if (@ftp_login($ftp, "anonymous", "*****@*****.**")) {
                        $flist = ftp_nlist($ftp, $url["path"]);
                        if (!count($flist)) {
                            errormsg($entity, "unknown path: " . $url["path"] . " for ftp host: " . $url['host']);
                        }
                    } else {
                        errormsg($entity, "could not login as anonymous to FTP host: " . $url["host"]);
                    }
                    ftp_quit($ftp);
                } else {
                    errormsg($entity, "could not connect to " . $url["host"]);
                }
                break;
        }
    }
}
/*********************************************************************/
/* Here starts the functions part                                    */
/*********************************************************************/
function errormsg($entity, $desc)
{
    printf("%30s: %s\n", $entity, $desc);
}
Esempio n. 15
0
                    } else {
                        // file doesnt exist
                        errormsg("object type '" . $_GET['object'] . "' does not exist");
                    }
                } else {
                    // no or wrong paramaters
                    errormsg('missing or incorrect get request');
                }
            } elseif (login_check($adldap, $mysqli) == false && $action_started == "false") {
                //not logged in. send to login
                echo "<script> location.replace('../?do=login'); </script>";
            }
        }
    } else {
        // no or wrong paramaters
        errormsg('missing or incorrect get request');
    }
} elseif (empty($_GET)) {
    if (login_check($adldap, $mysqli) == false && $action_started == "false") {
        // not logged in, send to login
        echo "<script> location.replace('../?do=login'); </script>";
    } elseif (login_check($adldap, $mysqli) == true && $action_started == "false") {
        // check setup is complete
        if (check_setup_status($mysqli)) {
            // logged in, display index
            include_once dirname(__FILE__) . "/../app/includes/menuloader.php";
            include_once dirname(__FILE__) . "/../app/includes/stats.php";
        } else {
            include_once dirname(__FILE__) . "/../app/includes/menuloader.php";
            include_once dirname(__FILE__) . "/../app/includes/setup.php";
        }
Esempio n. 16
0
function checkLoggedIn()
{
    if (!isset($_SESSION["user"])) {
        errormsg("Not logged in.");
    }
}
Esempio n. 17
0
include_once dirname(__FILE__) . "/../db_connect.php";
include_once dirname(__FILE__) . "/../functions.php";
if (session_status() == PHP_SESSION_NONE) {
    sec_session_start();
}
// are you logged in?
if (!isset($_SESSION['username'])) {
    gohome();
}
// are you in the correct group?
if ($_SESSION['role_id'] < 2) {
    errormsg('Your role does not have access to this resource');
} else {
    if ($stmta = $mysqli->prepare("UPDATE ms_config SET value = value + 1 WHERE `host`='confserialnumber' AND `option`='confserialnumber'")) {
        if ($stmta->execute()) {
            if ($stmtb = $mysqli->prepare("UPDATE ms_config SET value='false' WHERE `host`='confserialnumber' AND `option`='ruleset_changed'")) {
                if ($stmtb->execute()) {
                    echo "\n\t\t\t\t\t<!-- Begin Content Division -->\n\t\t\t\t\t<div id='content'>\n\t\t\t\t\t<h2>Update Config Serial Number</h2>\n\t\t\t\t\t<p>Success!</p>\n\t\t\t\t\t<!-- End Content Division -->\n\t\t\t\t\t</div>\n\t\t\t\t\t";
                } else {
                    errormsg("Failed to update the record in the database");
                }
            }
        } else {
            errormsg("Failed to update the record in the database");
        }
    }
}
?>

Esempio n. 18
0
<?php

include_once "db_connect.php";
include_once "config.php";
if (session_status() == PHP_SESSION_NONE) {
    sec_session_start();
}
// are you logged in?
if (!isset($_SESSION['username'])) {
    gohome();
}
// are you in the correct group?
if ($_SESSION['role_id'] < 3) {
    errormsg('Your role does not have access to run the setup');
} else {
    $rulesets = array("Add Watermark" => "watermarkadd", "Treat Invalid Watermarks With No Sender as Spam" => "watermarkinvalidspam", "Use Watermarking" => "watermarkuse", "Check Watermarks With No Sender" => "watermarkcheck", "Allow WebBugs" => "disarmwebugs", "Allow Script Tags" => "disarmscripttags", "Allow Form Tags" => "disarmformtags", "Allow IFrame Tags" => "disarmiframetags", "Disarmed Modify Subject" => "disarmmodifysubject", "Disarmed Subject Text" => "disarmsubjecttext", "Maximum Attachment Size" => "maxattachmentsize", "Maximum Attachments Per Message" => "maxattachmentspermessage", "Maximum Message Size" => "maxmessagesize", "Max Spam Check Size" => "maxspamchecksize", "Notify Senders" => "notifysenders", "Notify Senders Of Blocked Filenames Or Filetypes" => "notifysendersblockedfiles", "Notify Senders Of Blocked Size Attachments" => "notifysendersblockedoversize", "Notify Senders Of Other Blocked Content" => "notifysendersblockedother", "Notify Senders Of Viruses" => "notifysendersblockedvirus", "Allow Password-Protected Archives" => "blockpasswordarchive", "Check Filenames In Password-Protected Archives" => "filenamecheckpasswordarchive", "Block Encrypted Messages" => "blockencrypted", "Block Unencrypted Messages" => "blockunencrypted", "Find Phishing Fraud" => "findfraud", "Phishing Modify Subject" => "modifyfraudsubject", "Phishing Subject Text" => "fraudsubjecttext", "Reject Message" => "rejectmessage", "Scan Messages" => "scanmessages", "Spam Checks" => "spamchecks", "Virus Scanning" => "virusscan", "Sign Clean Messages" => "signcleanmessages", "Sign Messages Already Processed" => "signmessagesalreadyprocessed", "Convert HTML To Text" => "converthtmltxt", "Dangerous Content Scanning" => "dangerouscontentscanning");
    // count the rows
    $tablerows = 0;
    // create table
    $table = "\n\t\t<!-- Begin viewtable Division -->\n\t\t<div id='viewtable'>\n\t\t<table border='0'>\n\t\t<tr>\n\t\t <th>Setup</th>\n\t\t <th>Result</th>\n\t\t</tr>\n\t\t";
    // add confserialnumber
    if (add_ruleset("confserialnumber", "0", "confserialnumber", $mysqli)) {
        // success, update table
        $table .= "\n\t\t<tr>\n\t\t <td>MailScanner: Configuration Number</td>\n\t\t <td><font color='green'>Success</font></td>\n\t\t</tr>\n\t\t";
        $tablerows++;
    } else {
        // failed!
        $table .= "\n\t\t<tr>\n\t\t <td>MailScanner: Configuration Number</td>\n\t\t <td><font color='red'>Fail</font></td>\n\t\t</tr>\n\t\t";
        $tablerows++;
    }
    // add changed_ruleset_value
Esempio n. 19
0
    gohome();
}
// are you in the correct group?
if ($_SESSION['role_id'] < 2) {
    errormsg('Your role does not have access to this resource');
} else {
    if (isset($_POST['host_name']) && isset($_POST['host_alias'])) {
        // Setup POST data as a new variable
        $host_name = $_POST['host_name'];
        $host_alias = $_POST['host_alias'];
        $host_key = md5(uniqid(rand(), true));
        if (!check_host_name_isfree($host_name, $mysqli)) {
            errormsg("host_name is already in use");
        }
        if (!check_host_alias_isfree($host_alias, $mysqli)) {
            errormsg("host_alias is already in use");
        }
        if (!check_host_key_isfree($host_key, $mysqli)) {
            errormsg("host_key is already in use");
        }
        if (add_host($host_name, $host_alias, $host_key, $mysqli)) {
            echo "\n\t\t\t<!-- Begin Content Division -->\n\t\t\t<div id='content'>\t\t\t\t\t\n\t\t\t\t<legend>Create Host</legend>\n\t\t\t\t" . quickalert("success", "New host has been added.") . "\t\t\t\t\n\t\t\t<!-- End Content Division -->\n\t\t\t</div>\n\t\t\t";
        } else {
            errormsg("Failed to insert new record into the database");
        }
    } elseif (!$_POST) {
        echo "\n\t\t<!-- Begin Content Division -->\n\t\t<div id='content'>\n\t\t\t<form class='form-horizontal' action='" . SITE_URL . "/?do=create&object=host' method='post' name='create_host'>\n\t\t\t\t<fieldset>\n\t\t\t\t\n\t\t\t\t<legend>Create Host</legend>\n\t\t\t\t" . quickalert("info", "New host will need to be in the same layer2 network segment.") . "\n\t\t\t\t\n\t\t\t\t<div class='form-group'>\n\t\t\t\t  <label class='col-md-4 control-label' for='textinput'>Host Address</label>\n\t\t\t\t  <div class='col-md-4'>\n\t\t\t\t  <input\n\t\t\t\t  \trequired\n\t\t\t\t  \ttype='text'\n\t\t\t\t  \tname='host_name'\n\t\t\t\t  \tplaceholder='e.g msc-scanner1.yourdomain.tld'\n\t\t\t\t  \tclass='form-control input-md'\n\t\t\t\t  \tsize='50'\n\t\t\t\t  \tpattern='^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])|(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])\$'\n\t\t\t\t  >\n\t\t\t\t  <span class='help-block'>FQDN or IP address of the host</span>  \n\t\t\t\t  </div>\n\t\t\t\t</div>\n\t\t\t\t\n\t\t\t\t<div class='form-group'>\n\t\t\t\t  <label class='col-md-4 control-label' for='textinput'>Host Alias</label>  \n\t\t\t\t  <div class='col-md-4'>\n\t\t\t\t  <input required name='host_alias' name='host_alias' type='text' placeholder='e.g. Scanner1' pattern='^([a-zA-Z0-9]){3,50}\$' class='form-control input-md'>\n\t\t\t\t  <span class='help-block'>Enter an Alias for the host</span>  \n\t\t\t\t  </div>\n\t\t\t\t</div>\n\t\t\t\t\n\t\t\t\t<div class='form-group'>\n\t\t\t\t  <label class='col-md-4 control-label' for='singlebutton'></label>\n\t\t\t\t  <div class='col-md-4'>\n\t\t\t\t\t<button id='singlebutton' name='singlebutton' class='btn success large' type='submit'><span class='glyphicon glyphicon-plus-sign' id='logIcon'></span> Create </button>\n\t\t\t\t  </div>\n\t\t\t\t</div>\n\t\t\t\t\n\t\t\t\t</fieldset>\n\t\t\t</form>\n\t\t<!-- End Content Division -->\n\t\t</div>\n\t\t";
    } else {
        errormsg('post error and create_transmap page');
    }
}
Esempio n. 20
0
include_once dirname(__FILE__) . "/../db_connect.php";
include_once dirname(__FILE__) . "/../functions.php";
if (session_status() == PHP_SESSION_NONE) {
    sec_session_start();
}
// are you logged in?
if (!isset($_SESSION['username'])) {
    gohome();
}
// are you in the correct group?
if ($_SESSION['role_id'] < 2) {
    errormsg('Your role does not have access to this resource');
} else {
    if (isset($_POST['client_name'])) {
        // sanitise variables for security
        $client_name = filter_input(INPUT_POST, 'client_name', FILTER_SANITIZE_STRING);
        if (check_client_name_isfree($client_name, $mysqli)) {
            if (add_client($client_name, $mysqli)) {
                echo "\n\t\t\t\t\t\t<!-- Begin Content Division -->\n\t\t\t\t\t\t<div id='content'>\t\t\t\t\t\n\t\t\t\t\t\t\t<legend>Create Client</legend>\n\t\t\t\t\t\t\t" . quickalert("success", "New client '" . $client_name . "' has been added to the database.\n\t\t\t\t\t\t\t\t\t<a class='alert-link' href='" . SITE_URL . "/?do=create&object=domain'>Add Domain</a>") . "\n\t\t\t\t\t\t<!-- End Content Division -->\n\t\t\t\t\t\t</div>\n\t\t\t\t\t";
            } else {
                errormsg("Failed to insert new record into the database");
            }
        } else {
            errormsg("There is already a client called '" . $client_name . "' in the database!");
        }
    } elseif (!$_POST) {
        echo "\n\t\t<!-- Begin Content Division -->\n\t\t<div id='content'>\n\t\t\t<form class='form-horizontal' action='" . SITE_URL . "/?do=create&object=client' method='post' name='create_client'>\n\t\t\t\t<fieldset>\n\t\t\t\t\n\t\t\t\t<legend>Create Client</legend>\n\t\t\t\t" . quickalert("info", "Client names must be alphanumeric. They can contain spaces, underscores and dashes.") . "\n\t\t\t\t<div class='form-group'>\n\t\t\t\t  <label class='col-md-4 control-label' for='textinput'>Client Name</label>  \n\t\t\t\t  <div class='col-md-4'>\n\t\t\t\t  <input required name='client_name' name='client_name' type='text' placeholder='InternetWigits' pattern='^([a-zA-Z0-9]){3,50}\$' class='form-control input-md'>\n\t\t\t\t  <span class='help-block'>Enter the Clients Name Here.</span>  \n\t\t\t\t  </div>\n\t\t\t\t</div>\n\t\t\t\t\n\t\t\t\t<div class='form-group'>\n\t\t\t\t  <label class='col-md-4 control-label' for='singlebutton'></label>\n\t\t\t\t  <div class='col-md-4'>\n\t\t\t\t    <button id='singlebutton' name='singlebutton' class='btn success large' type='submit'><span class='glyphicon glyphicon-plus-sign' id='logIcon'></span> Create </button>\n\t\t\t\t  </div>\n\t\t\t\t</div>\n\t\t\t\t\n\t\t\t\t</fieldset>\n\t\t\t</form>\n\t\t<!-- End Content Division -->\n\t\t</div>\n\t\t";
    } else {
        errormsg('POST error. Possible missing input.');
    }
}
Esempio n. 21
0
<?php

include_once "db_connect.php";
include_once "ldap_connect.php";
include_once "config.php";
echo "\n<html>\n<head>\n";
if (session_status() == PHP_SESSION_NONE) {
    sec_session_start();
} else {
    session_regenerate_id(true);
}
if (!isset($_SESSION['displayName'])) {
    $title = SITE_TITLE;
} elseif (isset($_SESSION['displayName'])) {
    $title = SITE_TITLE . " - " . $_SESSION['displayName'];
} else {
    errormsg('you shouldnt see this error message!!!');
}
echo "\n<title>" . $title . "</title>\n<link rel='stylesheet' href='https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css'>\n<link rel='stylesheet' type='text/css' href='" . SITE_URL . "/main.css' />\n<link rel='stylesheet' type='text/css' href='" . SITE_URL . "/checkbox.css' />\n<!-- jQuery library -->\n<script src='http://code.jquery.com/jquery-latest.js'></script>\n<!-- Latest compiled JavaScript -->\n<script src='https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js'></script>\n<script>\n\$(document).ready(function () {\n    setInterval(function () {\n        \$('#ajaxAlerts').load('ajax_alerts.php');\n    }, 1500);\n    setInterval(function () {\n        \$('#ajaxStats').load('ajax_stats.php');\n    }, 6000);\n});\n</script>\n";