function submit_block() { #validation here might look messy, but it's essentially in order of parameters listed below by # 1. all checks that don't require db lookups # 2. all other checks global $COLLATE; global $dbo; include 'include/validation_functions.php'; $block_id = isset($_POST['block_id']) ? $_POST['block_id'] : ''; $name = isset($_POST['name']) ? $_POST['name'] : ''; $note = isset($_POST['note']) ? $_POST['note'] : ''; # this input is optional $ip = isset($_POST['ip']) ? $_POST['ip'] : ''; $end_ip = isset($_POST['end_ip']) ? $_POST['end_ip'] : ''; $username = empty($_SESSION['username']) ? 'system' : $_SESSION['username']; $update_block = isset($_POST['update_block']) ? $_POST['update_block'] : false; $submit_op = $update_block == 'true' ? "modify&block_id={$block_id}" : 'add'; $parent_block = isset($_POST['parent_block']) ? $_POST['parent_block'] : ''; $block_type = isset($_POST['block_type']) ? $_POST['block_type'] : ''; if ($block_type == 'container') { #containers don't have IP ranges associated with them $ip = ''; $end_ip = ''; } if (empty($name) || !empty($end_ip) && empty($ip) || empty($block_type)) { $notice = "missingfield-notice"; header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&block_type={$block_type}&parent_block={$parent_block}¬ice={$notice}"); exit; } if (empty($parent_block) || !preg_match("/[0-9]*/", $parent_block) && $parent_block != 'null') { $notice = "invalidrequest"; header("Location: blocks.php?notice={$notice}"); exit; } $return = validate_text($name, 'blockname'); if ($return['0'] === false) { $notice = $return['error']; header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&block_type={$block_type}&parent_block={$parent_block}¬ice={$notice}"); exit; } else { $name = $return['1']; } unset($return); if (!preg_match('/^container$|^ipv4$/', $block_type)) { $notice = 'invalidrequest'; header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&parent_block={$parent_block}¬ice={$notice}"); exit; } if ($update_block === false) { # checking for duplicate block name $sql = "SELECT id from blocks where name='{$name}'"; $result = $dbo->query($sql); if ($result->rowCount() != '0') { header("HTTP/1.1 400 Bad Request"); $notice = 'duplicatename'; header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&block_type={$block_type}&parent_block={$parent_block}¬ice={$notice}"); exit; } } else { # checking that we're updating a block that actually exists $sql = "SELECT name FROM blocks WHERE id='{$block_id}'"; $result = $dbo->query($sql); if ($result->rowCount() != '1') { header("HTTP/1.1 400 Bad Request"); $notice = 'selectblock'; header("Location: blocks.php?notice={$notice}"); exit; } $old_block_name = $result->fetchColumn(); } $return = validate_text($note, 'note'); if ($return['0'] === false) { $notice = $return['error']; header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&block_type={$block_type}&parent_block={$parent_block}¬ice={$notice}"); exit; } else { $note = $return['1']; } unset($return); if (empty($end_ip) && !empty($ip)) { # subnet supplied $return = validate_network($ip, 'block', $block_id); } elseif (!empty($ip)) { # range supplied $return = validate_ip_range($ip, $end_ip, 'block', $block_id); } if (isset($return) && $return['0'] === false) { $notice = $return['error']; header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&block_type={$block_type}&parent_block={$parent_block}¬ice={$notice}"); exit; } elseif (isset($return)) { $long_start_ip = $return['long_start_ip']; $long_end_ip = $return['long_end_ip']; } unset($return); $result = ''; if ($parent_block != 'null') { $sql = "SELECT id FROM blocks WHERE id='{$parent_block}'"; $result = $dbo->query($sql); if ($result->rowCount() != '1') { $notice = "invalidrequest"; header("Location: blocks.php?notice={$notice}"); exit; } $parent_id = "'{$parent_block}'"; } else { $parent_id = 'null'; } if ($update_block === false) { # new block $old_parent_block = $parent_block; #we're going to redirect the user to the block they put this block into } else { $sql = "SELECT parent_id FROM blocks WHERE id='{$block_id}'"; $result = $dbo->query($sql); $old_parent_block = $result->fetchColumn(); } # If we're changing an existing block, we must make sure we don't orphan a child object if ($update_block !== false) { if ($block_type == 'ipv4' && find_child_blocks($block_id) !== false) { $notice = 'wouldorphanblocks'; header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}¬ice={$notice}"); exit; } elseif ($block_type == 'container') { # just check this block for subnets $sql = "SELECT count(*) FROM subnets where block_id='{$block_id}'"; $result = $dbo->query($sql); if ($result->fetchColumn() != '0') { $notice = 'wouldorphansubnets'; header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&parent_block={$parent_block}¬ice={$notice}"); exit; } } } if ($update_block) { $sql = "UPDATE blocks SET name='{$name}', start_ip='{$long_start_ip}', end_ip='{$long_end_ip}', note='{$note}', modified_by='{$username}', modified_at=now(),\r\n parent_id={$parent_id}, type='{$block_type}' WHERE id='{$block_id}'"; } else { $sql = "INSERT INTO blocks (name, start_ip, end_ip, note, modified_by, modified_at, parent_id, type) \r\n\t VALUES('{$name}', '{$long_start_ip}', '{$long_end_ip}', '{$note}', '{$username}', now(), {$parent_id}, '{$block_type}')"; } $accesslevel = "4"; $message = $update_block ? "IP Block updated: {$name}" : "IP Block added: {$name}"; $message .= $name != $old_block_name ? "(previously {$old_block_name})" : ''; AccessControl($accesslevel, $message); // We don't want to generate logs when nothing is really happening, so this goes down here. $dbo->query($sql); $notice = $update_block ? 'blockupdated-notice' : 'blockadded-notice'; if ($old_parent_block == 'null') { header("Location: blocks.php?notice={$notice}"); } else { header("Location: blocks.php?block_id={$old_parent_block}¬ice={$notice}"); } exit; }
function find_child_blocks($block_id) { # Input: integer block id # output: single-dimensional array of child blocks (recursive) # outputs false if the block has no children global $dbo; $sql = "SELECT id FROM blocks WHERE parent_id='{$block_id}'"; $result = $dbo->query($sql); if ($result->rowCount() === 0) { return false; } $return = array(); while ($child_block = $result->fetchColumn()) { $return[] = $child_block; if (find_child_blocks($child_block) !== false) { $return = array_merge($return, find_child_blocks($child_block)); } } return $return; }
function delete_block() { global $COLLATE; global $block_id; $dbo = getdbo(); $block_ids = array(); $block_ids[] = $block_id; $sql = "SELECT name FROM blocks WHERE id='{$block_id}'"; $result = $dbo->query($sql); if ($result->rowCount() != '1') { header("HTTP/1.1 400 Bad Request"); echo $COLLATE['languages']['selected']['selectblock']; exit; } $name = $result->fetchColumn(); collate_log("4", "Block {$name} has been deleted!"); if (find_child_blocks($block_id) !== false) { # this is a recursive function $block_ids = array_merge($block_ids, find_child_blocks($block_id)); } foreach ($block_ids as $block_id) { // First delete all static IPs $sql = "DELETE FROM statics WHERE subnet_id IN (SELECT id FROM subnets WHERE block_id='{$block_id}')"; $dbo->query($sql); // Next, remove the DHCP ACLs $sql = "DELETE FROM acl WHERE subnet_id IN (SELECT id FROM subnets WHERE block_id='{$block_id}')"; $dbo->query($sql); // Next, remove the subnets $sql = "DELETE FROM subnets WHERE block_id='{$block_id}'"; $dbo->query($sql); // Lastly, delete the IP block $sql = "DELETE FROM blocks WHERE id='{$block_id}'"; $dbo->query($sql); } # we don't output to the user on success. The row fades on the page to provide feedback. }