function __SearchIP($params)
{
global $xmlrpcerruser;
// import user errcode value
// $params is an Array of xmlrpcval objects
$errstr = "";
$err = 0;
if (IPPLAN_API_VER != DBF_API_VER) {
return new xmlrpcresp(0, $xmlrpcerruser + 3, "Incorrect API version");
}
// get the first param
$ipobj = $params->getParam(0);
// if it's there and the correct type
if (isset($ipobj) && $ipobj->scalartyp() == "string") {
// extract the value of the state number
$ipaddr = $ipobj->scalarval();
if (testIP($ipaddr)) {
$err = 50;
$errstr = "Invalid IP address!";
} else {
if (!($ds = new IPplanDbf())) {
return new xmlrpcresp(0, $xmlrpcerruser + 1, "Could not connect to database");
}
$result = $ds->GetDuplicateSubnetAll(inet_aton($ipaddr), 1);
// returns the following fields:
// base.baseaddr, base.subnetsize, base.baseindex, base.descrip, customer.custdescrip,
// customer.customer, base.lastmod, base.userid, base.swipmod
while ($row = $result->FetchRow()) {
$myVal[] = new xmlrpcval(array("baseaddr" => new xmlrpcval(inet_ntoa($row["baseaddr"])), "subnetsize" => new xmlrpcval($row["subnetsize"], "int"), "baseindex" => new xmlrpcval($row["baseindex"], "int"), "descrip" => new xmlrpcval($row["descrip"]), "customer" => new xmlrpcval($row["customer"], "int"), "custdescrip" => new xmlrpcval($row["custdescrip"])), "struct");
}
}
} else {
// parameter mismatch, complain
$err = 2;
$errstr = "Incorrect parameters";
}
if ($err) {
// this is an error condition
return new xmlrpcresp(0, $xmlrpcerruser + 1, $errstr);
} else {
// this is a successful value being returned
return new xmlrpcresp(new xmlrpcval($myVal, "array"));
}
}
if (!$n) {
closeClient($i);
} else {
// if a client has sent some data, do one of these:
socket_write($client[$i], "IPplan whoisd v1.0\r\n------------------\r\n\n");
if ($n == "?" or $n == "help") {
$res = help();
socket_write($client[$i], "{$res}\r\n");
closeClient($i);
} else {
if (substr($n, 0, 3) == "AS ") {
$res = searchCustomer(substr($n, 3, 80));
socket_write($client[$i], "{$res}\r\n");
closeClient($i);
} else {
if (testIP($n) == FALSE) {
// print something on the server, then echo the incoming
// data to all of the clients in the $client array.
if (DEBUG) {
print "From {$remote_host[$i]}:{$remote_port[$i]}, client[{$i}]: {$n}\n";
}
//socket_write($client[$i], "From client[$i]: $n\r\n");
$res = searchIP($n);
socket_write($client[$i], "{$res}\r\n");
closeClient($i);
} else {
$res = help();
$res .= "Invalid query\n";
socket_write($client[$i], "{$res}\r\n");
closeClient($i);
}
// Error Checks
if (!$domain) {
myError($w, $p, my_("Domain may not be blank"));
}
if ($action == "add") {
$muldomains = split(";", $domain);
} else {
$muldomains = array($domain);
}
foreach ($muldomains as $value) {
if (!preg_match('/^([a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?\\.)*[a-zA-Z]{2,6}$/', trim($value))) {
myError($w, $p, sprintf(my_("Invalid domain name %s"), $value));
}
}
if (!empty($server)) {
if (testIP($server) == 0) {
// was an IP address
} else {
if (preg_match("/[^ \t@()<>,]+\\.[^ \t()<>,.]+\$/", $server)) {
// was a hostname
} else {
myError($w, $p, sprintf(my_("Invalid hostname %s"), $server) . "\n");
}
}
}
// will get error message if doing zone axfr and no nameservers given
// this is ok as bulk zone axfr could result in some zones failing
// import, thus need something to put in database
$cnt = 0;
for ($i = 1; $i < 11; $i++) {
if ($hname[$i] and !preg_match("/[^ \t@()<>,]+\\.[^ \t()<>,.]+\$/", $hname[$i])) {
function FetchBase($cust, $areaindex, $rangeindex)
{
// use local function variables as they may change
$this->cust = $cust;
$this->rangeindex = $rangeindex;
$this->areaindex = $areaindex;
// set start and end address according to netrange
if ($this->rangeindex) {
// should only return one row here!
$result = $this->GetRange($this->cust, $this->rangeindex);
$row = $result->FetchRow();
$this->start = inet_ntoa($row["rangeaddr"]);
$this->end = inet_ntoa($row["rangeaddr"] + $row["rangesize"] - 1);
$this->site = " (" . $row["descrip"] . ")";
} else {
if ($this->ipaddr) {
if ($this->subnetsize) {
$this->start = $this->ipaddr;
$this->end = inet_ntoa(inet_aton($this->ipaddr) + $this->subnetsize - 1);
} else {
$this->start = completeIP($this->ipaddr, 1);
$this->end = completeIP($this->ipaddr, 2);
}
if (testIP($this->start) or testIP($this->end)) {
$this->err = 50;
// Invalid IP address!
$this->errstr = my_("Invalid IP address!");
return FALSE;
}
} else {
$this->start = DEFAULTROUTE;
$this->end = ALLNETS;
}
}
$startnum = inet_aton($this->start);
$endnum = inet_aton($this->end);
// pager could have made cust = 0
if ($this->cust == 0) {
$this->custdescrip = "All";
} else {
$this->custdescrip = $this->GetCustomerDescrip($this->cust);
}
if (strtolower($this->custdescrip) == "all") {
$this->cust = 0;
}
if ($this->areaindex == -1) {
// all subnets not part of an area
$result = $this->GetBaseNoArea($this->descrip, $this->cust, $this->grps);
} else {
if ($this->areaindex and !$this->rangeindex) {
$result = $this->GetBaseFromArea($this->areaindex, $this->descrip, $this->cust, $this->grps);
} else {
// search in subnet - finds subnets with exact ip address match
// useful for finding from where an attack comes if you have IP
if ($this->searchin == 0) {
$result = $this->GetBase($startnum, $endnum, $this->descrip, $this->cust, $this->grps);
} else {
if ($this->cust == 0) {
$result = $this->GetDuplicateSubnetAll($startnum, 1, $this->grps);
} else {
$result = $this->GetDuplicateSubnet($startnum, 1, $this->cust);
}
}
}
}
return $result;
}
function ProcessRow($ds, $cust, &$w, &$p, $data, $template, $append)
{
global $format;
$num = count($data);
// blank row
if (empty($data[0])) {
insert($w, block("<b>" . my_("Row is blank - ignoring") . "</b>"));
return;
}
// bogus row
if ($num < 7) {
// ok to save what has been imported already
$ds->DbfTransactionEnd();
myError($w, $p, my_("Row not the correct format."));
}
if (testIP(trim($data[0]))) {
insert($w, block("<b>" . my_("Invalid IP address") . "</b>"));
return;
}
$ip = inet_aton(trim($data[0]));
$user = substr($data[1], 0, 80);
$location = substr($data[2], 0, 80);
$descrip = substr($data[3], 0, 80);
$hname = substr($data[4], 0, 100);
$telno = substr($data[5], 0, 15);
$macaddr = substr($data[6], 0, 12);
if ($format == "xml") {
$macaddr = $data[6];
}
$info = "";
if (is_object($template)) {
// all columns over 6 are considered for adding to template fields
$cnt = 7;
$userfld = array();
foreach ($template->userfld as $key => $value) {
// set fields in template only if field in import file exists, else make blank
$userfld[$key] = isset($data[$cnt]) ? $data[$cnt] : "";
$cnt++;
}
$template->Merge($userfld);
$err = $template->Verify($w);
if ($err) {
// ok to save what has been imported already
$ds->DbfTransactionEnd();
myError($w, $p, my_("Row failed template verify."));
}
if ($template->is_blank() == FALSE) {
$info = $template->encode();
}
}
// NOTE: Test ip address
$result = $ds->GetBaseFromIP($ip, $cust);
if (!($row = $result->FetchRow())) {
// ok to save what has been imported already
$ds->DbfTransactionEnd();
myError($w, $p, sprintf(my_("Subnet could not be found for IP address %s"), $data[0]));
}
$baseindex = $row["baseindex"];
$baseaddr = $row["baseaddr"];
$subnetsize = $row["subnetsize"];
if ($append == "on") {
$ip = (array) $ip;
if ($user === "NULL") {
$user = "";
}
if ($location === "NULL") {
$location = "";
}
if ($telno === "NULL") {
$telno = "";
}
if ($macaddr === "NULL") {
$macaddr = "";
}
if ($descrip === "NULL") {
$descrip = "";
}
if ($hname === "NULL") {
$hname = "";
}
}
if ($ds->ModifyIP($ip, $baseindex, $user, $location, $telno, $macaddr, $descrip, $hname, $info) == 0) {
insert($w, text(my_("IP address details modified")));
} else {
insert($w, text(my_("IP address details could not be modified")));
}
}
}
if ($template->is_blank() == FALSE) {
$info = $template->encode();
// myError($w,$p, my_("info: $info"));
}
}
// Changed - End [FE]
if (strlen($descrip) == 0) {
insert($w, text(my_("No description for the subnet")));
break;
} else {
if (!$ipaddr) {
insert($w, text(my_("IP address may not be blank")));
break;
} else {
if (testIP($ipaddr)) {
insert($w, text(sprintf(my_("Invalid IP address [ %s ]"), $ipaddr)));
break;
} else {
if (!$size) {
insert($w, text(my_("Subnet mask is invalid")));
break;
} else {
// handle duplicate subnets
$result = $ds->GetDuplicateSubnet($base, $size, $cust);
if ($row = $result->FetchRow()) {
// check if baseaddr and size match EXACTLY
if ($row["baseaddr"] != $base or $row["subnetsize"] != $size) {
insert($w, text(sprintf(my_("Subnet could not be updated - start address and size do not EXACTLY match existing subnet [ %s ]"), $ipaddr)));
break;
}
}
newhtml($p);
$w = myheading($p, $title, true);
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
if ($_POST) {
// save the last customer used
// must set path else Netscape gets confused!
setcookie("ipplanCustomer", "{$cust}", time() + 10000000, "/");
$descrip = trim($descrip);
if (strlen($descrip) == 0) {
$formerror .= my_("You need to enter a description for the area") . "\n";
}
if (!$ipaddr) {
$formerror .= my_("Area address may not be blank") . "\n";
} else {
if (testIP($ipaddr, TRUE)) {
$formerror .= my_("Invalid area address - it must be the same format as an IP address") . "\n";
}
}
if (!$formerror) {
$base = inet_aton($ipaddr);
// check if user belongs to customer admin group
$result = $ds->GetCustomerGrp($cust);
// can only be one row - does not matter if nothing is
// found as array search will return false
$row = $result->FetchRow();
if (!in_array($row["admingrp"], $grps)) {
myError($w, $p, my_("You may not create/modify an area for this customer as you are not a member of the customers admin group"));
}
$ds->DbfTransactionStart();
if ($action == "modify") {
function parseAddGroupBoundaryForm($w, $ds)
{
list($grp, $ipaddr, $size) = myRegister("S:grp S:ipaddr S:size");
// explicitly cast variables as security measure against SQL injection
$formerror = "";
$size = floor($size);
if ($_POST) {
$base = inet_aton($ipaddr);
// creating readonly group?
if ($base == 0 and $size == 0) {
if ($ds->ds->GetOne("SELECT count(*) AS cnt FROM bounds WHERE grp=" . $ds->ds->qstr($grp))) {
$formerror .= my_("Boundary cannot be created - overlaps with existing boundary") . "\n";
}
} else {
if (!$ipaddr) {
$formerror .= my_("Boundary address may not be blank") . "\n";
} else {
if (testIP($ipaddr)) {
$formerror .= my_("Invalid boundary address") . "\n";
} else {
if (!$size) {
$formerror .= my_("Size may not be zero") . "\n";
} else {
if (TestDuplicateBounds($ds, $base, $size, $grp)) {
$formerror .= my_("Boundary cannot be created - overlaps with existing boundary") . "\n";
}
}
}
}
if ($size > 1) {
if (TestBaseAddr(inet_aton3($ipaddr), $size)) {
$formerror .= my_("Invalid base address") . "\n";
}
}
}
if (!$formerror) {
$ds->DbfTransactionStart();
// the fact that the range is unique prevents the range
// being added to more than one area!
$result =& $ds->ds->Execute("INSERT INTO bounds\n (boundsaddr, boundssize, grp)\n VALUES\n ({$base}, {$size}, " . $ds->ds->qstr($grp) . ")");
if ($result) {
$ds->DbfTransactionEnd();
insert($w, textbr(my_("Boundary created")));
insertEditGroupForm($w, $ds);
} else {
$formerror .= my_("Boundary could not be created") . "\n";
}
}
}
return $formerror;
}
myError($w, $p, my_("You cannot reload or bookmark this page!"));
}
// basic sequence is connect, search, interpret search
// result, close connection
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
// set start and end address according to range
$site = "";
if ($rangeindex) {
// should only return one row here!
$result = $ds->GetRange($cust, $rangeindex);
$row = $result->FetchRow();
$start = inet_ntoa($row["rangeaddr"]);
$end = inet_ntoa($row["rangeaddr"] + $row["rangesize"] - 1);
$site = " (" . $row["descrip"] . ")";
}
if (testIP($start) or testIP($end)) {
myError($w, $p, my_("Invalid IP address! You must select a range or fill in the start and end IP address."));
}
$startnum = inet_aton($start);
$endnum = inet_aton($end);
if ($endnum <= $startnum) {
myError($w, $p, my_("Your end ip address is smaller than your start!"));
}
//if the $size* is empty set it to value
if (empty($size_from)) {
$size_from = 0;
}
if (empty($size_to)) {
$size_to = MAXSIZE;
}
$custdescrip = $ds->GetCustomerDescrip($cust);
require_once "../auth.php";
$auth = new SQLAuthenticator(REALM, REALMERROR);
// And now perform the authentication
$auth->authenticate();
// set language
isset($_COOKIE["ipplanLanguage"]) && myLanguage($_COOKIE['ipplanLanguage']);
//setdefault("window",array("bgcolor"=>"white"));
$title = my_("Ping results");
newhtml($p);
$w = myheading($p, $title, true);
// explicitly cast variables as security measure against SQL injection
list($lookup) = myRegister("S:lookup");
if (!$_GET) {
myError($w, $p, my_("You cannot reload or bookmark this page!"));
}
if (testIP($lookup)) {
myError($w, $p, my_("Invalid IP address"));
}
function callback($buffer)
{
return $buffer;
}
// need to print at this stage as display data is cached via layout template
// buffer the output and do some tricks to place system call output in correct
// place
ob_start("callback");
printhtml($p);
$buf = ob_get_contents();
ob_end_clean();
// now print first half of HTML to browser - split at start of "normalbox"
list($beg, $end) = spliti('CLASS="normalbox">', $buf);
// grab email address from template for later use if this is an
// ip address request
if ($request and isset($template->userfld["email"]["value"]) and preg_match('/^[\\w-\\.]{1,}\\@([\\da-zA-Z-]{1,}\\.){1,}[\\da-zA-Z-]{2,3}$/', $template->userfld["email"]["value"])) {
$email = $template->userfld["email"]["value"];
}
$info = $template->encode();
}
}
// ----- verify template and insert data into tables ----------
// ----- only insert if template verifies ok ------------------
if (!empty($hname)) {
$formerror .= UpdateDNS($ds, $w, $cust, $hname, $ip);
}
// is an address linked to another address - used for NAT?
if (!empty($lnk)) {
if (!testIP($lnk)) {
// substr required to strip space added with each submit if user is empty
// and also to ensure field does not overflow 80 characters
$user = substr(trim("LNK{$lnk} {$user}"), 0, 79);
$formerror .= UpdateLnk($ds, $w, $cust, $baseindex, $lnk, $ip);
} else {
$formerror .= sprintf(my_("Invalid link address: %s"), $lnk) . "\n";
}
}
// check if mac address is valid - all or nothing!
if (!empty($macaddr)) {
$oldmacaddr = $macaddr;
$macaddr = str_replace(array(":", "-", ".", " "), "", $macaddr);
if (strlen($macaddr) == 12 and preg_match("/^[a-f0-9A-F]*\$/", $macaddr)) {
// check for duplicate mac address - only when subnet is marked as DHCP
if ($ds->ds->GetOne("SELECT ipaddr.macaddr \n FROM base, ipaddr\n WHERE base.customer={$cust} AND\n base.baseindex=ipaddr.baseindex AND\n ipaddr.ipaddr!={$ip} AND\n ipaddr.macaddr=" . $ds->ds->qstr($macaddr))) {
function RevZoneAddRR($zoneid, $answer)
{
global $grps;
// open a new database connection
$ds = new Base();
if (!$ds) {
$this->err = 90;
$this->errstr .= my_("Could not connect to database");
}
$ds->SetGrps($grps);
$ds->SetSearchIn(1);
foreach ($answer as $rr) {
if ($rr->type == "PTR") {
$recordtype = $rr->type;
$domain = $rr->ptrdname;
// proper domain name
$host = $rr->name;
// in format 46.61.110.147.in-addr.arpa
} else {
continue;
}
// now split ip address
list($oc1, $oc2, $oc3, $oc4, $tail) = split("\\.", $host, 5);
$ipaddr = "{$oc4}.{$oc3}.{$oc2}.{$oc1}";
if (testIP($ipaddr)) {
$this->errstr .= sprintf(my_("Invalid address %s"), $ipaddr) . "\n";
continue;
}
$ds->SetIPaddr($ipaddr);
$result = $ds->FetchBase($this->cust, 0, 0);
if (!$result) {
$this->err = 70;
$this->errstr .= $ds->errstr;
}
// add records here - got a match for a subnet
if ($row = $result->FetchRow()) {
$baseindex = $row["baseindex"];
$affected = $ds->UpdateIP(inet_aton($ipaddr), $baseindex, "hname", $domain);
if (!$affected) {
$ds->AddIP(inet_aton($ipaddr), $baseindex, "", "", "", "", "Reverse zone import", $domain, "");
}
} else {
$this->errstr .= sprintf(my_("No subnet found for address %s"), $ipaddr) . "\n";
}
}
return TRUE;
}
}
if (!empty($server)) {
if (testIP($server) == 0) {
// was an IP address
} else {
if (preg_match("/[^ \t@()<>,]+\\.[^ \t()<>,.]+\$/", $server)) {
// was a hostname
} else {
myError($w, $p, sprintf(my_("Invalid hostname %s"), $server) . "\n");
}
}
}
if (!$zoneip) {
myError($w, $p, my_("IP address may not be blank"));
} else {
if (testIP($zoneip)) {
myError($w, $p, my_("Invalid IP address"));
} else {
if (!$size) {
myError($w, $p, my_("Size may not be zero"));
} else {
if ($size > 1) {
if (TestBaseAddr(inet_aton3($zoneip), $size)) {
myError($w, $p, my_("Invalid base address!"));
}
}
}
}
}
$zoneip = inet_aton($zoneip);
$cnt = 0;
$formerror .= my_("The CRM index is invalid") . "\n";
}
if ($cntry == "US" and !preg_match("/[0-9]{5}/", $zipcode)) {
$formerror .= my_("Invalid zipcode") . "\n";
}
if ($tcntry == "US" and !preg_match("/[0-9]{5}/", $tzipcode)) {
$formerror .= my_("Invalid contact zipcode") . "\n";
}
if ($mbox and !preg_match("/^[^ \t@|()<>,]+@[^ \t@()<>,]+\\.[^ \t()<>,.]+\$/", $mbox)) {
$formerror .= my_("Invalid E-mail address") . "\n";
}
for ($i = 1; $i < 11; $i++) {
if ($hname[$i] and !preg_match("/[^ \t@()<>,]+\\.[^ \t()<>,.]+\$/", $hname[$i])) {
$formerror .= sprintf(my_("Invalid hostname %u"), $i) . "\n";
}
if ($ipaddr[$i] and testIP($ipaddr[$i])) {
$formerror .= sprintf(my_("Invalid IP address %u"), $i) . "\n";
}
if ($hname[$i] and !$ipaddr[$i] or !$hname[$i] and $ipaddr[$i]) {
$formerror .= sprintf(my_("Invalid hostname/IP address combination %u"), $i) . "\n";
}
}
// use base template (for additional subnet information)
$template = new IPplanIPTemplate("custtemplate", $cust);
$info = "";
if ($template->is_error() == FALSE) {
// PROBLEM HERE: if template create suddenly returns error (template file
// permissions, xml error etc), then each submit thereafter will erase
// previous contents - this is not good
$template->Merge($userfld);
if ($err = $template->Verify($w)) {
if (!preg_match('/^(([\\w][\\w\\-\\.]*)\\.)?([\\w][\\w\\-]+)(\\.([\\w][\\w\\.]*))?\\.?$/', $iphostname)) {
myError($w, $p, my_("Invalid IP/ Hostname"));
}
}
}
}
}
// add . after record - don't understand thinking here? User should determine if
// qualified or not?
/*
if(preg_match("/[a-z]/i",$iphostname) && substr($iphostname,-1) != '.') {
$iphostname .= '.';
}
*/
// iphostname must be IP address
if ($recordtype == "A" and testIP($iphostname)) {
myError($w, $p, my_("For A type, IP / Hostname must be an IP address"));
}
// need to check for valid host
if ($recordtype == "CNAME" or $recordtype == "NS") {
if (!preg_match(FQDNHNAMEREGEX, $iphostname)) {
myError($w, $p, my_("Invalid IP/ Hostname"));
}
}
// everything looks ok, now check that there are no duplicates
// could use database key for this, but would require huge indexes
// cannot check much else as records could be outside of this zone
// bind has no issues with CNAME's or MX records pointing to non-existent
// records, so don't bother checking those either
$result =& $ds->ds->Execute("SELECT customer \n FROM fwdzonerec \n WHERE customer={$cust} AND data_id={$zoneid} AND\n host=" . $ds->ds->qstr($host) . " AND\n recordtype=" . $ds->ds->qstr($recordtype) . " AND \n ip_hostname=" . $ds->ds->qstr($iphostname));
$recs = $result->PO_RecordCount("fwdzonerec", "customer={$cust} AND data_id={$zoneid} AND\n host=" . $ds->ds->qstr($host) . " AND\n recordtype=" . $ds->ds->qstr($recordtype) . " AND \n ip_hostname=" . $ds->ds->qstr($iphostname));
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
//
require_once "../ipplanlib.php";
require_once "../config.php";
require_once "../layout/class.layout";
// set language
isset($_COOKIE["ipplanLanguage"]) && myLanguage($_COOKIE['ipplanLanguage']);
//setdefault("window",array("bgcolor"=>"white"));
$title = my_("DNS results");
newhtml($p);
$w = myheading($p, $title, true);
// explicitly cast variables as security measure against SQL injection
list($ip) = myRegister("S:ip");
if (!$_GET) {
myError($w, $p, my_("You cannot reload or bookmark this page!"));
}
if (testIP($ip)) {
myError($w, $p, my_("Invalid IP address"));
}
$result = gethostbyaddr($ip);
insert($w, text($result));
if ($result == $ip) {
insert($w, textb(my_(" No DNS reverse record found")));
}
printhtml($p);
