function validate_network($subnet, $network_type = "subnet", $table_id = null, $overlapok = false) { $dbo = getdbo(); $function_return = array(); if (!strstr($subnet, '/')) { # invalid mask $function_return['0'] = false; $function_return['error'] = 'invalidmask'; return $function_return; } list($ip, $mask) = explode('/', $subnet); $long_ip = ip2decimal($ip); if ($long_ip === false) { # invalid ip $function_return['0'] = false; $function_return['error'] = 'invalidip'; return $function_return; } if (!strstr($mask, '.') && is_numeric($mask) && $mask > '0' && $mask < '32') { # number of mask bits $bin = str_pad('', $mask, '1'); $bin = str_pad($bin, '32', '0'); $mask = bindec(substr($bin, 0, 8)) . "." . bindec(substr($bin, 8, 8)) . "." . bindec(substr($bin, 16, 8)) . "." . bindec(substr($bin, 24, 8)); $mask = long2ip(ip2decimal($mask)); } $long_mask = ip2decimal($mask); if (!validate_netmask($mask) || $long_mask === false) { #invalid mask $function_return['0'] = false; $function_return['error'] = 'invalidmask'; return $function_return; } $long_start_ip = $long_ip & $long_mask; // This makes sure they entered the network address and not an IP inside the network $start_ip = long2ip($long_start_ip); $long_end_ip = $long_ip | ~$long_mask; $end_ip = long2ip($long_end_ip); if ($network_type == 'block') { # make sure we don't overlap other blocks $overlap_check_sql = "SELECT id FROM blocks WHERE \n ((CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) <= CAST('{$long_start_ip}' & 0xFFFFFFFF AS UNSIGNED) AND \n\t CAST(end_ip & 0xFFFFFFFF AS UNSIGNED) >= CAST('{$long_start_ip}' & 0xFFFFFFFF AS UNSIGNED)) \n\tOR \n (CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) <= CAST('{$long_end_ip}' & 0xFFFFFFFF AS UNSIGNED) AND \n\t CAST(end_ip & 0xFFFFFFFF AS UNSIGNED) >= CAST('{$long_end_ip}' & 0xFFFFFFFF AS UNSIGNED)) \n\tOR\n (CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) >= CAST('{$long_start_ip}' & 0xFFFFFFFF AS UNSIGNED) AND \n\t CAST(end_ip & 0xFFFFFFFF AS UNSIGNED) <= CAST('{$long_end_ip}' & 0xFFFFFFFF AS UNSIGNED)))"; $overlap_check_sql .= $table_id !== NULL ? " AND id!='{$table_id}'" : ''; $result = $dbo->query($overlap_check_sql); if ($result->rowcount() != '0') { $function_return['0'] = false; $function_return['error'] = 'blockoverlap-notice'; return $function_return; } } elseif ($overlapok === false) { # make sure we don't overlap other subnets $sql = "SELECT id FROM subnets WHERE \n\t CAST('{$long_start_ip}' & 0xFFFFFFFF AS UNSIGNED) & CAST(mask & 0xFFFFFFFF AS UNSIGNED) = CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) OR \n\t CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) & CAST('{$long_mask}' & 0xFFFFFFFF AS UNSIGNED) = CAST('{$long_start_ip}' & 0xFFFFFFFF AS UNSIGNED)"; $result = $dbo->query($sql); if ($result->rowcount() != '0') { # subnet overlap $function_return['0'] = false; $function_return['error'] = 'subnetoverlap-notice'; return $function_return; } } # everything is ok if we get here $function_return['0'] = true; $function_return['start_ip'] = $start_ip; $function_return['long_start_ip'] = $long_start_ip; $function_return['end_ip'] = $end_ip; $function_return['long_end_ip'] = $long_end_ip; $function_return['mask'] = $mask; $function_return['long_mask'] = $long_mask; return $function_return; }
function search_subnets() { global $COLLATE; global $dbo; include 'include/validation_functions.php'; $search = empty($_GET['search']) ? '' : clean($_GET['search']); $search_only = isset($_GET['searchonly']) && preg_match("/true/", $_GET['searchonly']) ? true : false; $searchonlyparam = $search_only ? '&searchonly=true' : ''; $input_error = false; if (empty($search)) { exit; } if (!strstr($search, '/')) { echo $COLLATE['languages']['selected']['IPSearchFormat']; $input_error = true; } list($ip, $mask) = explode('/', $search); if (ip2decimal($ip) == FALSE) { echo $COLLATE['languages']['selected']['IPSearchFormat']; $input_error = true; } $ip = long2ip(ip2decimal($ip)); if (!strstr($mask, '.') && ($mask <= '0' || $mask >= '32')) { echo $COLLATE['languages']['selected']['IPSearchFormat']; $input_error = true; } elseif (!strstr($mask, '.')) { $bin = str_pad('', $mask, '1'); $bin = str_pad($bin, '32', '0'); $mask = bindec(substr($bin, 0, 8)) . "." . bindec(substr($bin, 8, 8)) . "." . bindec(substr($bin, 16, 8)) . "." . bindec(substr($bin, 24, 8)); $mask = long2ip(ip2decimal($mask)); } elseif (!validate_netmask($mask)) { echo $COLLATE['languages']['selected']['invalidmask']; $input_error = true; } if (!$input_error) { $long_ip = ip2decimal($ip); $long_mask = ip2decimal($mask); $long_end_ip = $long_ip | ~$long_mask; $ipspace = array(); array_push($ipspace, $long_ip); $sql = "SELECT start_ip, end_ip FROM subnets WHERE CAST((start_ip & 0xFFFFFFFF) AS UNSIGNED) >= CAST(('{$long_ip}' & 0xFFFFFFFF) AS UNSIGNED) AND " . "CAST((end_ip & 0xFFFFFFFF) AS UNSIGNED) <= CAST(('{$long_end_ip}' & 0xFFFFFFFF) AS UNSIGNED) ORDER BY start_ip ASC"; $subnet_rows = $dbo->query($sql); while (list($subnet_long_start_ip, $subnet_long_end_ip) = $subnet_rows->fetch(PDO::FETCH_NUM)) { array_push($ipspace, $subnet_long_start_ip, $subnet_long_end_ip); } array_push($ipspace, $long_end_ip); $ipspace = array_reverse($ipspace); $ipspace_count = count($ipspace); } if (!$search_only) { echo "<p><a href=\"#\" onclick=\"\r\n new Effect.toggle('blockspace', 'blind', { delay: 0.1 }); \r\n \t\t new Effect.toggle('spacesearch', 'blind', { delay: 0.1 })\r\n \t\t \">" . $COLLATE['languages']['selected']['showblockspace'] . "</a></p>\n"; } echo "<h3>" . $COLLATE['languages']['selected']['SearchIPSpace'] . "</h3><br />\n" . "<p><b>" . $COLLATE['languages']['selected']['Subnet'] . ":</b> <input id=\"subnetsearch\" type=\"text\" value=\"{$search}\"><br />" . "<button onclick=\"new Ajax.Updater('spacesearch', '_subnets.php?op=search{$searchonlyparam}&search=' + \$('subnetsearch').value);\")\"> " . $COLLATE['languages']['selected']['Go'] . " </button></p>"; if (!$input_error) { echo "<h4>" . $COLLATE['languages']['selected']['Results'] . ":</h4>"; echo "<table style=\"width: 100%\"><tr><th>" . $COLLATE['languages']['selected']['StartingIP'] . "</th><th>" . $COLLATE['languages']['selected']['EndIP'] . "</th></tr>"; while (!empty($ipspace)) { $long_start = array_pop($ipspace); if (count($ipspace) != $ipspace_count - '1') { // Don't subtract 1 from the very first start IP $start = long2ip($long_start + 1); } else { $start = long2ip($long_start); } $long_end = array_pop($ipspace); if (count($ipspace) > '1') { $end = long2ip($long_end - 1); } else { $end = long2ip($long_end); } if ($long_start + 1 != $long_end && $long_start != $long_end) { echo "<tr><td>{$start}</td><td>{$end}</td></tr>"; } } echo "</table>"; } exit; }
function build_search_sql() { global $COLLATE; global $dbo; include 'include/validation_functions.php'; $first = isset($_GET['first']) ? $_GET['first'] : ''; $second = isset($_GET['second']) ? $_GET['second'] : ''; $search = isset($_GET['search']) ? clean($_GET['search']) : ''; $fromdate = isset($_GET['fromdate']) ? $_GET['fromdate'] : ''; $todate = isset($_GET['todate']) ? $_GET['todate'] : ''; $when = $fromdate == $todate ? 'all' : 'dates'; if ($first === '0') { // block search $pattern = "/^ip\$|^name\$|^note\$/"; $invalidrequest = preg_match($pattern, $second) ? false : true; } elseif ($first === '1') { // subnet search $pattern = "/^ip\$|^name\$|^note\$|^modified_by\$/"; $invalidrequest = preg_match($pattern, $second) ? false : true; } elseif ($first === '2') { // statics search $pattern = "/^ip\$|^name\$|^contact\$|^note\$|^modified_by\$|^failed_scans\$/"; $invalidrequest = preg_match($pattern, $second) ? false : true; } elseif ($first === '3') { // logs search $pattern = "/^username\$|^level\$|^message\$/"; $invalidrequest = preg_match($pattern, $second) ? false : true; } else { // error $invalidrequest = true; } if ($when != 'all') { $starttime = strtotime($fromdate); $endtime = strtotime($todate); if ($starttime === false || $endtime === false || $endtime <= $starttime) { $invalidrequest = true; } } if ($invalidrequest === true) { $notice = "invalidrequest"; header("Location: search.php?notice={$notice}"); exit; } if (strlen($search) < "3" && $second != 'failed_scans') { $notice = "shortsearch"; header("Location: search.php?notice={$notice}"); exit; } elseif ($second == 'failed_scans' && !is_numeric($search)) { $notice = "numericfailedscans"; header("Location: search.php?notice={$notice}"); exit; } // -----------------------------------------------Build our sort variable--------------------------------------------- if ($first == '0' || $first == '1') { // block or subnet search // use what they ask for or default to what they searched by // $sort is what the URI uses, $order and $full_order go into the SQL query - $full_order includes ASC or DESC if (!empty($_GET['sort']) && ($_GET['sort'] == 'network' || $_GET['sort'] == 'name')) { $sort = $_GET['sort']; } else { $sort = $second; } $order = $sort; if ($sort == 'network' || $sort == 'ip') { $order = 'start_ip'; } } else { // IP blocks, statics, or logs (logs are always sorted by ID Desc. because they're logs and i'm lazy) if (!empty($_GET['sort']) && ($_GET['sort'] == 'ip' || $_GET['sort'] == 'name' || $_GET['sort'] == 'contact' || $_GET['sort'] == 'failed_scans')) { $sort = $_GET['sort']; } else { $sort = $second; } $order = $sort; } //----------------------------------------------------------------------------------------------------------------------------- if (($first == '0' || $first == '1' || $first == '2') && $second == "ip") { if (!strstr($search, '/')) { $ip = $search; $mask = '32'; } else { list($ip, $mask) = explode('/', $search); } if (ip2decimal($ip) == FALSE) { $notice = "invalidip"; header("Location: search.php?notice={$notice}"); exit; } $ip = long2ip(ip2decimal($ip)); if (!strstr($mask, '.') && ($mask <= '0' || $mask > '32')) { $notice = "invalidmask"; header("Location: search.php?notice={$notice}"); exit; } elseif (!strstr($mask, '.')) { $bin = str_pad('', $mask, '1'); $bin = str_pad($bin, '32', '0'); $mask = bindec(substr($bin, 0, 8)) . "." . bindec(substr($bin, 8, 8)) . "." . bindec(substr($bin, 16, 8)) . "." . bindec(substr($bin, 24, 8)); $mask = long2ip(ip2decimal($mask)); } elseif (!validate_netmask($mask)) { $notice = "invalidmask"; header("Location: search.php?notice={$notice}"); exit; } } $long_ip = isset($ip) ? ip2decimal($ip) : ''; $long_mask = isset($mask) ? ip2decimal($mask) : ''; if ($when == "dates") { $searchdescription = str_replace("%fromdate%", "{$fromdate}", $COLLATE['languages']['selected']['searchdatedesc']); $searchdescription = str_replace("%todate%", "{$todate}", $searchdescription); } if ($first == "0") { // Blocks search $first = "blocks"; $First = "IP Blocks"; if ($second == 'ip') { if ($mask == '255.255.255.255') { # IP falls within block range $sql = "SELECT id, name, start_ip, end_ip, note, type FROM blocks WHERE type='ipv4' AND\r\n\t CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) <= CAST('{$long_ip}' & 0xFFFFFFFF AS UNSIGNED) AND\r\n\t CAST(end_ip & 0xFFFFFFFF AS UNSIGNED) >= CAST('{$long_ip}' & 0xFFFFFFFF AS UNSIGNED)\r\n\t\t\t\tORDER BY `{$order}` ASC"; } else { # block range falls within supernet given in search $sql = "SELECT id, name, start_ip, end_ip, note, type FROM blocks WHERE type='ipv4' AND (\r\n\t\t CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) & CAST('{$long_mask}' & 0xFFFFFFFF AS UNSIGNED) = CAST('{$long_ip}' & 0xFFFFFFFF AS UNSIGNED) OR\r\n\t\t CAST(end_ip & 0xFFFFFFFF AS UNSIGNED) & CAST('{$long_mask}' & 0xFFFFFFFF AS UNSIGNED) = CAST('{$long_ip}' & 0xFFFFFFFF AS UNSIGNED))\r\n\t\t\t\tORDER BY `{$order}` ASC"; } } else { $sql = "SELECT id, name, start_ip, end_ip, note, type FROM blocks WHERE {$second} like '%{$search}%' ORDER BY `{$order}` ASC"; } } if ($first == "1") { // Subnet search $first = "subnets"; $First = "Subnets"; if ($when == "dates") { if ($second == "ip") { $sql = "SELECT id, name, start_ip, end_ip, mask, note, block_id FROM subnets WHERE \r\n\t\t ((CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) & CAST('{$long_mask}' & 0xFFFFFFFF AS UNSIGNED) = CAST('{$long_ip}' & 0xFFFFFFFF AS UNSIGNED)) OR\r\n\t\t (CAST('{$long_ip}' & 0xFFFFFFFF AS UNSIGNED) & CAST(mask & 0xFFFFFFFF AS UNSIGNED) = CAST(start_ip & 0xFFFFFFFF AS UNSIGNED))) AND\r\n modified_at > '{$fromdate} 00:00:00' AND modified_at < '{$todate} 23:59:59' ORDER BY `{$order}` ASC"; } else { $sql = "SELECT id, name, start_ip, end_ip, mask, note, block_id FROM subnets WHERE {$second} LIKE '%{$search}%' AND\r\n modified_at > '{$fromdate} 00:00:00' AND modified_at < '{$todate} 23:59:59' ORDER BY `{$order}` ASC"; } } else { if ($second == "ip") { $sql = "SELECT id, name, start_ip, end_ip, mask, note, block_id FROM subnets WHERE\r\n (CAST(start_ip & 0xFFFFFFFF AS UNSIGNED) & CAST('{$long_mask}' & 0xFFFFFFFF AS UNSIGNED) = CAST('{$long_ip}' & 0xFFFFFFFF AS UNSIGNED)) OR\r\n (CAST('{$long_ip}' & 0xFFFFFFFF AS UNSIGNED) & CAST(mask & 0xFFFFFFFF AS UNSIGNED) = CAST(start_ip & 0xFFFFFFFF AS UNSIGNED))\r\n ORDER BY `{$order}` ASC"; } else { $sql = "SELECT id, name, start_ip, end_ip, mask, note, block_id FROM subnets WHERE {$second} LIKE '%{$search}%' ORDER BY `{$order}` ASC"; } } } elseif ($first == "2") { // Statics earch $first = "static IPs"; if ($sort == 'failed_scans') { $full_order = "`failed_scans` DESC"; } else { $full_order = "`{$sort}` ASC"; } if ($when == "dates") { if ($second == "ip") { $sql = "SELECT id, ip, name, contact, note, subnet_id, failed_scans FROM statics WHERE CAST(ip AS UNSIGNED) & CAST('{$long_mask}' AS UNSIGNED) = CAST('{$long_ip}' AS UNSIGNED) AND\r\n modified_at > '{$fromdate} 00:00:00' AND modified_at < '{$todate} 23:59:59' ORDER BY {$full_order}"; } elseif ($second == 'failed_scans') { $sql = "SELECT id, ip, name, contact, note, subnet_id, failed_scans FROM statics WHERE \r\n (failed_scans >= '{$search}' OR failed_scans = '-1') AND modified_at > '{$fromdate} 00:00:00' \r\n AND modified_at < '{$todate} 23:59:59' ORDER BY {$full_order}"; } else { $sql = "SELECT id, ip, name, contact, note, subnet_id, failed_scans FROM statics WHERE {$second} LIKE '%{$search}%' AND\r\n modified_at > '{$fromdate} 00:00:00' AND modified_at < '{$todate} 23:59:59' ORDER BY {$full_order}"; } } else { if ($second == "ip") { $sql = "SELECT id, ip, name, contact, note, subnet_id, failed_scans FROM statics WHERE CAST(ip AS UNSIGNED) & CAST('{$long_mask}' AS UNSIGNED) = CAST('{$long_ip}' AS UNSIGNED) \r\n ORDER BY {$full_order}"; } elseif ($second == 'failed_scans') { $sql = "SELECT id, ip, name, contact, note, subnet_id, failed_scans FROM statics WHERE (failed_scans >= '{$search}' \r\n OR failed_scans = '-1') ORDER BY {$full_order}"; } else { $sql = "SELECT id, ip, name, contact, note, subnet_id, failed_scans FROM statics WHERE {$second} LIKE '%{$search}%' \r\n ORDER BY {$full_order}"; } } } elseif ($first == "3") { // They're trying to search logs $first = "logs"; $First = "Logs"; $Second = ucfirst($second); if ($when == "dates") { $sql = "SELECT occuredat, username, ipaddress, level, message FROM logs WHERE {$second} LIKE '%{$search}%' AND " . "occuredat>='{$fromdate} 00:00:00' AND occuredat<='{$todate} 23:59:59' ORDER BY `id` DESC"; } else { $sql = "SELECT occuredat, username, ipaddress, level, message FROM logs WHERE {$second} LIKE '%{$search}%' ORDER BY `id` DESC"; } } if ($second == "username") { $Second = "User"; } $searchdescription = !isset($searchdescription) ? '' : $searchdescription; $First = !isset($First) ? '' : $First; $Second = !isset($Second) ? '' : $Second; $resultarray = array("sql" => $sql, "searchdescription" => $searchdescription, "first" => $first, "First" => $First, "second" => $second, "Second" => $Second, "search" => $search, "when" => $when, "todate" => $todate, "fromdate" => $fromdate, "sort" => $sort); return $resultarray; }