include "{$BASE_path}/includes/base_include.inc.php";
include_once "{$BASE_path}/includes/base_action.inc.php";
include_once "{$BASE_path}/base_db_common.php";
include_once "{$BASE_path}/base_common.php";
include_once "{$BASE_path}/base_qry_common.php";
include_once "{$BASE_path}/base_ag_common.php";
$debug_time_mode >= 1 ? $et = new EventTiming($debug_time_mode) : '';
$cs = new CriteriaState("base_ag_main.php");
$cs->ReadState();
$qs = new QueryState();
$submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(gettext("Delete Selected"), gettext("Delete ALL on Screen"), _ENTIREQUERY));
$ag_action = ImportHTTPVar("ag_action", VAR_ALPHA | VAR_USCORE);
//$ag_id = ImportHTTPVar("ag_id", VAR_DIGIT);
$ag_id = filterSql(ImportHTTPVar("ag_id", VAR_DIGIT));
$ag_name = filterSql(ImportHTTPVar("ag_name"));
$ag_desc = filterSql(ImportHTTPVar("ag_desc"));
// Check role out and redirect if needed -- Kevin
$roleneeded = 10000;
$BUser = new BaseUser();
if ($BUser->hasRole($roleneeded) == 0 && $Use_Auth_System == 1) {
base_header("Location: " . $BASE_urlpath . "/index.php");
}
$page_title = gettext("Event Group (AG) Maintenance");
PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 1);
/* Connect to the Alert database */
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password);
/* a browsing button was clicked */
if (is_numeric($submit)) {
if ($debug_mode > 0) {
ErrorMessage("Browsing Clicked ({$submit})");
$form = $form . "<tr><td width='25%' align='right'>" . _FRMROLEDESC . "</td>";
$form = $form . "<td align='left'><input type='text' name='desc' value='" . $roleinfo[2] . "'></td></tr>";
$form = $form . "<tr><td colspan='2' align='center'><input type='submit' name='submit' value='" . _UPDATEROLE . "'></td>";
$form = $form . "</tr></table></form>";
$pagebody = $form;
break;
case "updaterole":
// Updates role from above form....
$role = new BaseRole();
$rolearray = array(filterSql($_POST['role_id']), filterSql($_POST['role_name']), filterSql($_POST['desc']));
$role->updateRole($rolearray);
base_header("Location: base_roleadmin.php?action=list");
break;
case "deleterole":
// Deletes role
$roleid = filterSql($_GET['roleid']);
$BRole = new BaseRole();
$BRole->deleteRole($roleid);
base_header("Location: base_roleadmin.php?action=list");
break;
case "list":
// lists the roles
// Build table to list roles and return it as $roletable
$role = new BaseRole();
$roles = $role->returnRoles();
$tmpHTML = "<TABLE CELLSPACING=0 CELLPADDING=2 BORDER=0 WIDTH='100%' BGCOLOR='#000000'><TR><TD>";
$tmpHTML = $tmpHTML . "<table CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH='100%' BGCOLOR='#FFFFFF'>";
$tmpHTML = $tmpHTML . "<tr><td CLASS='plfieldhdr' width=25>" . _EDIT . "</td><td CLASS='plfieldhdr' width=35> " . _DELETE . "</td><td CLASS='plfieldhdr'>" . _ID . "</td><td CLASS='plfieldhdr'>" . _NAME;
$tmpHTML = $tmpHTML . "</td><td CLASS='plfieldhdr'>" . _DESC . "</td></tr>";
foreach ($roles as $row) {
//explode array rows and build table
function SanitizeElement()
{
if (!isset($this->criteria[0]) || !isset($this->criteria[1])) {
$this->criteria = array(0 => '', 1 => '');
}
$this->criteria[0] = CleanVariable(@$this->criteria[0], "", array(" ", "=", "LIKE"));
$this->criteria[1] = filterSql(@$this->criteria[1]);
/* signature name */
$this->criteria[2] = CleanVariable(@$this->criteria[2], "", array("=", "!="));
}
include "{$BASE_path}/includes/base_include.inc.php";
include_once "{$BASE_path}/base_db_common.php";
include_once "{$BASE_path}/base_common.php";
$errorMsg = "";
$displayError = 0;
$noDisplayMenu = 1;
// Redirect to base_main.php if auth system is off
if ($Use_Auth_System == 0) {
base_header("Location: base_main.php");
}
if (isset($_POST['submit'])) {
$debug_mode = 0;
// wont login with debug_mode
$BASEUSER = new BaseUser();
$user = filterSql($_POST['login']);
$pwd = filterSql($_POST['password']);
if ($BASEUSER->Authenticate($user, $pwd) == 0) {
header("Location: base_main.php");
exit;
}
} else {
$displayError = 1;
$errorMsg = gettext("User does not exist or your password was incorrect!<br>Please try again");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- <?php
echo gettext("Forensics Console " . $BASE_installID) . $BASE_VERSION;
?>
-->
<html>
}
if ($_SESSION['usearchive'] == 1) {
if ($_SESSION['arcdbname'] != "") {
echo '<LI>' . $_SESSION['arcdbname'] . '<BR>';
}
}
echo '
</UL>
</TD>
<TD VALIGN=TOP>';
if ($result == 1) {
ErrorMessage(" DONE ");
if ($_SESSION['useuserauth'] == 1) {
$user = filterSql($_SESSION['usrlogin'], 1);
$pwd = md5($_SESSION['usrpasswd']);
$name = filterSql($_SESSION['usrname'], 1);
$sql = "SELECT COUNT(*) FROM base_users WHERE usr_login = '******'";
$rs_del_cnt = $db->baseExecute($sql);
$userdelcnt = $rs_del_cnt->baseFetchRow();
if ($userdelcnt[0] > 0) {
$sql = "DELETE FROM base_users WHERE usr_login = '******'";
$db->baseExecute($sql);
}
$sql = "SELECT MAX(usr_id) FROM base_users;";
$usercount = $db->baseExecute($sql);
$usercnt = $usercount->baseFetchRow();
$userid = $usercnt[0] + 1;
$sql = "INSERT INTO base_users (usr_id, usr_login, usr_pwd, role_id, usr_name, usr_enabled)";
$sql = $sql . " VALUES (" . $userid . ", '" . $user . "','" . $pwd . "', 1,'" . $name . "', 1);";
$db->baseExecute($sql);
if ($db->baseErrorMessage() != "") {
function ListR3($sql, $attr, $link, $conexion = null)
{
$atributosDefault = array('id' => '', 'class' => 'reporteA', 'checked' => '', 'paginador' => '', 'fieldTotal' => '');
$linkDefault = array('campos' => '', 'args' => '', 'panelId' => '', 'url' => '');
$linksUrl = array('head' => '', 'body' => '');
$atributos = defaultArrayValues($atributosDefault, $attr);
$paginador = explode(',', $atributos['paginador']);
$paginaStart = is_int((int) get('pagina-start')) && (int) get('pagina-start') > 0 ? get('pagina-start') : 1;
$start = ($paginaStart - 1) * $paginador[0];
$limit = ' LIMIT ' . $start . ', ' . $paginador[0];
$sql = filterSql($sql) . $limit;
$result = getResult($sql, $conexion);
$count = getResult("SELECT FOUND_ROWS() AS total", $conexion);
$row = mysql_fetch_object($count);
$countTotal = $row->total;
$pagitacionHtml = getPagination($paginaStart, $countTotal, $paginador[0], $paginador[1]);
if (!empty($link)) {
$linkArray = explode('}', $link);
if (isset($linkArray[1])) {
$linksUrl['body'] = defaultArrayValues($linkDefault, $linkArray[1]);
$linksUrl['head'] = defaultArrayValues($linkDefault, $linkArray[0]);
} else {
$linksUrl['body'] = defaultArrayValues($linkDefault, $linkArray[0]);
}
}
$fieldsName = getFieldsName($result);
$fieldsFilter = fieldsFilter($fieldsName, $linksUrl);
$tableHeader = getTableHeader($fieldsFilter, $atributos);
$tableBody = getTableBody($result, $fieldsFilter, $atributos, $countTotal);
$tabla .= "<table id=\"{$atributos['id']}\" class=\"{$atributos['class']}\" style=\"width:100%;clear: both;\">" . "{$tableHeader}{$tableBody}" . "</table>" . "</form>" . "{$pagitacionHtml}";
if ($atributos['checked'] == "checked") {
$tabla = "<form method=\"post\" id=\"frm-{$atributos['id']}\">" . $tabla;
$tabla .= "</form>";
}
return $tabla;
}
include "base_conf.php";
include "{$BASE_path}/includes/base_constants.inc.php";
include "{$BASE_path}/includes/base_include.inc.php";
include_once "{$BASE_path}/base_db_common.php";
include_once "{$BASE_path}/base_common.php";
include_once "{$BASE_path}/base_stat_common.php";
include_once "{$BASE_path}/setup/setup_db.inc.php";
$et = new EventTiming($debug_time_mode);
$cs = new CriteriaState("base_maintenance.php");
$cs->ReadState();
// Check role out and redirect if needed -- Kevin
$roleneeded = 10000;
$BUser = new BaseUser();
if ($Use_Auth_System == 1) {
if ($_POST['standalone'] == "yes") {
$usrrole = $BUser->AuthenticateNoCookie(filterSql($_POST['user']), filterSql($_POST['pwd']));
if ($usrrole == "Failed") {
base_header('HTTP/1.0 401');
}
if ($usrrole > $roleneeded) {
base_header('HTTP/1.0 403');
}
} elseif ($BUser->hasRole($roleneeded) == 0) {
base_header("Location: " . $BASE_urlpath . "/index.php");
}
}
$page_title = gettext("Maintenance");
PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 1);
$submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE);
?>
<br>
$layer4_dport = $myrow2[8];
$ossim_priority = $myrow2[9];
$ossim_reliability = $myrow2[10];
$ossim_asset_src = $myrow2[11];
$ossim_asset_dst = $myrow2[12];
$ossim_risk_c = $myrow2[13];
$ossim_risk_a = $myrow2[14];
if ($plugin_id == "" || $plugin_sid == "") {
echo '<CENTER><B>';
ErrorMessage(gettext("Event DELETED"));
echo '</CENTER></B>';
echo "</body>\r\n</html>";
exit(0);
}
/* Get sensor parameters: */
$sql4 = "SELECT * FROM sensor WHERE sid='" . filterSql($sid, $db) . "'";
$result4 = $db->baseExecute($sql4);
$myrow4 = $result4->baseFetchRow();
$result4->baseFreeRows();
$encoding = $myrow4["encoding"];
$detail = $myrow4["detail"];
$payload = "";
/* Get plugin id & sid */
$sql5 = "SELECT ossim.plugin.name, ossim.plugin_sid.name FROM ossim.plugin LEFT JOIN ossim.plugin_sid ON ossim.plugin_sid.plugin_id = ossim.plugin.id WHERE ossim.plugin_sid.sid = {$plugin_sid} and ossim.plugin.id = {$plugin_id}";
$result5 = $db->baseExecute($sql5);
if ($myrow5 = $result5->baseFetchRow()) {
$plugin_name = $myrow5[0];
$plugin_sid_name = $myrow5[1];
$result5->baseFreeRows();
}
// empty plugin name...search only plugin name
function ListR4($sql, $attr, $link, $SUMMARY_STYLE, $conexion = null)
{
## ARRAYS DEFAULT DC
$atributosDefault = array('id' => '', 'class' => 'reporteA', 'checked' => '', 'paginador' => '', 'fieldTotal' => '');
$linkDefault = array('campos' => '', 'args' => '', 'panelId' => '', 'url' => '');
$linksUrl = array('head' => '', 'body' => '');
$SUMMARY_STYLE_DEFAULT = array('columns_index' => '', 'summary_css' => '');
## CHANGING ARRAYS VALUES
$atributos = defaultArrayValues($atributosDefault, $attr);
$SUMMARY_COLS_CSS = defaultArrayValues($SUMMARY_STYLE_DEFAULT, $SUMMARY_STYLE);
$paginador = explode(',', $atributos['paginador']);
////CONSTRUYE PARTE DE LA URL DEL PAGINADOR
$urlSeg = explode('?', $paginador[1]);
$urlSegA = $urlSeg[1];
$urlSegB = explode('=', $urlSegA);
$urlSegUrl = $urlSegB[0];
$paginaStart = is_int((int) get('' . $urlSegUrl . 'pagina-start')) && (int) get('' . $urlSegUrl . 'pagina-start') > 0 ? get('' . $urlSegUrl . 'pagina-start') : 1;
$start = ($paginaStart - 1) * $paginador[0];
$limit = ' LIMIT ' . $start . ', ' . $paginador[0];
$sql = filterSql($sql);
## EXTRAYENDO EL TOTAL DE FILAS
getResult($sql, $conexion);
$count = getResult("SELECT FOUND_ROWS() AS total", $conexion);
$row = mysql_fetch_object($count);
$countTotal = $row->total;
$sql = $sql . $limit;
$result = getResult($sql, $conexion);
$pagitacionHtml = getPagination($paginaStart, $countTotal, $paginador[0], $paginador[1]);
if (!empty($link)) {
$linkArray = explode('}', $link);
if (isset($linkArray[1])) {
$linksUrl['body'] = defaultArrayValues($linkDefault, $linkArray[1]);
$linksUrl['head'] = defaultArrayValues($linkDefault, $linkArray[0]);
} else {
$linksUrl['body'] = defaultArrayValues($linkDefault, $linkArray[0]);
}
}
$fieldsName = getFieldsName($result);
$fieldsFilter = fieldsFilter($fieldsName, $linksUrl);
//vd($fieldsFilter);vd($atributos);
$tableHeader = getTableHeader($fieldsFilter, $atributos);
$tableBody = getTableBody($result, $fieldsFilter, $atributos, $countTotal, $SUMMARY_COLS_CSS);
$tabla .= "<table id=\"{$atributos['id']}\" class=\"{$atributos['class']}\" style=\"width:100%;clear: both;\">" . "{$tableHeader}{$tableBody}" . "</table>" . "</form>" . "{$pagitacionHtml}";
if ($atributos['checked'] == "checked") {
$tabla = "<form method=\"post\" id=\"frm-{$atributos['id']}\">" . $tabla;
$tabla .= "</form>";
}
return $tabla;
}
// disable user -- Kevin
$userid = filterSql($_GET['userid']);
$BUser = new BaseUser();
$BUser->disableUser($userid);
base_header("Location: base_useradmin.php?action=list");
break;
case "enableuser":
// enable user -- Kevin
$userid = filterSql($_GET['userid']);
$BUser = new BaseUser();
$BUser->enableUser($userid);
base_header("Location: base_useradmin.php?action=list");
break;
case "deleteuser":
// Deletes user
$userid = filterSql($_GET['userid']);
$BUser = new BaseUser();
$BUser->deleteUser($userid);
base_header("Location: base_useradmin.php?action=list");
break;
case "list":
// Build table to list users and return it as $usertable
$user = new BaseUser();
$users = $user->returnUsers();
$tmpHTML = "<TABLE CELLSPACING=0 CELLPADDING=2 BORDER=0 WIDTH='100%' BGCOLOR='#000000'><TR><TD>";
$tmpHTML = $tmpHTML . "<table CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH='100%' BGCOLOR='#FFFFFF'>";
$tmpHTML = $tmpHTML . "<tr><td CLASS='plfieldhdr' width=25>" . _EDIT . "</td><td CLASS='plfieldhdr' width=35> " . _DELETE . "</td><td CLASS='plfieldhdr'>" . _ID . "</td><td CLASS='plfieldhdr'>" . _LOGIN;
$tmpHTML = $tmpHTML . "</td><td CLASS='plfieldhdr'>" . _ROLEID . "</td><td CLASS='plfieldhdr'>" . _NAME;
$tmpHTML = $tmpHTML . "</td><td CLASS='plfieldhdr'>" . _ENABLED . "</td></tr>";
// Verify that we have a user in the db --Kevin
if ($users != "") {
$page_body = "";
$et = new EventTiming($debug_time_mode);
$cs = new CriteriaState("base_user.php");
$cs->ReadState();
$userprefs = new BaseUserPrefs();
$userobj = new BaseUser();
$username = $userobj->returnUser();
$page_title = gettext("BASE User preferences");
PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 1);
if (isset($_GET['action'])) {
//This is where the processing of this page happens.
switch ($_GET['action']) {
case "change":
//call auth.inc
if ($_POST['newpasswd1'] == $_POST['newpasswd2'] && $_POST['newpasswd1'] != "") {
$pwdresponse = $userobj->changePassword($username, filterSql($_POST['oldpasswd']), filterSql($_POST['newpasswd1']));
$page_body = $pwdresponse;
break;
} else {
$page_body = gettext("Your password can not be blank or the two passwords did not match!");
}
case "changepassword":
$form = "<form action='base_user.php?action=change' Method='POST'>";
$form = $form . "<table border=1 class='query'>";
$form = $form . "<tr><td width='25%' align='right'>" . gettext("Old Password:"******"</td>";
$form = $form . "<td align='left'><input type='password' name='oldpasswd'></td></tr>";
$form = $form . "<tr><td width='25%' align='right'>" . gettext("New Password:"******"</td>";
$form = $form . "<td align='left'><input type='password' name='newpasswd1'></td></tr>";
$form = $form . "<tr><td width='25%' align='right'>" . gettext("New Password Again:") . "</td>";
$form = $form . "<td align='left'><input type='password' name='newpasswd2'></td></tr>";
$form = $form . "<tr><td colspan='2' align='center'><input type='submit' name='submit'></td>";
