if (strlen($password1) < 5 or strlen($password2) < 5) {
$formerror .= my_("The password entered must be at least five characters") . "\n";
}
if ($password1 != $password2) {
$formerror .= my_("The passwords entered do not match") . "\n";
}
if (!$formerror) {
if ($user and getAuthUsername() == ADMINUSER) {
$userid = $user;
} else {
$userid = getAuthUsername();
}
$password = crypt($password1, 'xq');
$ds->DbfTransactionStart();
$result =& $ds->ds->Execute("UPDATE users\n SET password="******"\n WHERE userid=" . $ds->ds->qstr($userid));
$ds->AuditLog(sprintf(my_("User %s changed password"), $userid));
if ($result) {
$ds->DbfTransactionEnd();
insert($w, text(my_("Password changed")));
} else {
$formerror .= my_("Password could not be changed") . "\n";
}
}
}
if (!$_POST || $formerror) {
myError($w, $p, $formerror, FALSE);
if ($user) {
insert($w, heading(3, sprintf(my_("Change password for user %s"), $user)));
} else {
insert($w, heading(3, sprintf(my_("Change password for user %s"), getAuthUsername())));
}
// save the last customer used
// must set path else Netscape gets confused!
setcookie("ipplanCustomer", "{$cust}", time() + 10000000, "/");
// check if user belongs to customer admin group
$result = $ds->GetCustomerGrp($cust);
// can only be one row - does not matter if nothing is
// found as array search will return false
$row = $result->FetchRow();
if (!in_array($row["admingrp"], $grps)) {
myError($w, $p, my_("You may not delete an area for this customer as you are not a member of the customers admin group"));
}
if ($rangeindex > 0) {
$result = $ds->GetRange($cust, $rangeindex);
$row = $result->FetchRow();
$rangeip = inet_ntoa($row["rangeaddr"]);
$rangesize = $row["rangesize"];
$ds->DbfTransactionStart();
$result =& $ds->ds->Execute("DELETE FROM netrange\n WHERE rangeindex={$rangeindex}") and $ds->AuditLog(array("event" => 162, "action" => "delete range", "baseaddr" => $rangeip, "user" => getAuthUsername(), "size" => $rangesize, "cust" => $cust));
if ($result) {
$ds->DbfTransactionEnd();
Header("Location: " . location_uri("modifyarearange.php?cust={$cust}"));
exit;
//insert($w,text(my_("Range deleted")));
} else {
insert($w, text(my_("Range could not be deleted")));
}
} else {
insert($w, text(my_("Range index is invalid")));
}
}
printhtml($p);
// end while: loop through ips of subnet.
// Loop through the dynamic IPs above, and print the ranges.
$iprange_start = $iprange_dynamicIPs[0];
for ($i = 0; $i < count($iprange_dynamicIPs); $i++) {
if ($iprange_dynamicIPs[$i] + 1 != $iprange_dynamicIPs[$i + 1]) {
fputs($fp, sprintf("\t<iprange type=\"dynamic\" firstip=\"%s\" lastip=\"%s\" />\n", htmlspecialchars(inet_ntoa($iprange_start)), htmlspecialchars(inet_ntoa($iprange_dynamicIPs[$i]))));
$iprange_start = $iprange_dynamicIPs[$i + 1];
}
}
$iprange_start = $iprange_fixedIPs[0];
for ($i = 0; $i < count($iprange_fixedIPs); $i++) {
if ($iprange_fixedIPs[$i] + 1 != $iprange_fixedIPs[$i + 1]) {
fputs($fp, sprintf("\t<iprange type=\"static\" firstip=\"%s\" lastip=\"%s\" />\n", htmlspecialchars(inet_ntoa($iprange_start)), htmlspecialchars(inet_ntoa($iprange_fixedIPs[$i]))));
$iprange_start = $iprange_fixedIPs[$i + 1];
}
}
fputs($fp, sprintf("</network>\n"));
}
// end while
if ($cnt) {
fputs($fp, sprintf("</dhcp>\n"));
fclose($fp);
$ds->AuditLog(array("event" => 913, "action" => "export DHCP subnets", "cust" => $cust, "user" => getAuthUsername(), "tmpfname" => $tmpfname));
insert($w, textbr(sprintf(my_("Sent update to Backend Processor as file %s"), $tmpfname)));
} else {
myError($w, $p, my_("No DHCP subnets could be found."));
}
printhtml($p);
?>
// previous contents - this is not good
$template->Merge($userfld);
if ($err = $template->Verify($w)) {
$formerror .= my_("Additional information error") . "\n";
}
if ($template->is_blank() == FALSE) {
$info = $template->encode();
}
}
$recs = $ds->ds->GetOne("SELECT count(*) AS cnt\n FROM requestip");
if ($recs > MAXREQUESTS) {
$formerror .= my_("Maximum number of outstanding IP requests exceeded") . "\n";
}
if (!$formerror) {
$ds->DbfTransactionStart();
$result =& $ds->ds->Execute("INSERT INTO requestip\n (customer, requestdesc, userinf, location, descrip,\n hname, telno, macaddr, info)\n VALUES\n ({$cust},\n " . $ds->ds->qstr($request) . ",\n " . $ds->ds->qstr($user) . ",\n " . $ds->ds->qstr($location) . ",\n " . $ds->ds->qstr($descrip) . ",\n " . $ds->ds->qstr($hname) . ",\n " . $ds->ds->qstr($telno) . ",\n " . $ds->ds->qstr($newmacaddr) . ",\n " . $ds->ds->qstr($info) . ")") and $ds->AuditLog(array("event" => 200, "action" => "request ip", "descrip" => $descrip, "user" => getAuthUsername(), "userinf" => $user, "location" => $location, "hname" => $hname, "telno" => $telno, "macaddr" => $macaddr));
if ($result) {
$ds->DbfTransactionEnd();
insert($w, textbr(my_("IP address request created")));
$custdescrip = $ds->GetCustomerDescrip($cust);
//Send email notification that IP Request was entered
require "../class.phpmailer.php";
$mail = new PHPMailer();
$mail->IsSMTP();
// telling the class to use SMTP
$mail->SetLanguage("en", "../");
$mail->Host = EMAILSERVER;
// SMTP server
$mail->From = HELPDESKEMAIL;
$mail->IsHTML(false);
$mail->FromName = "IP Plan";
} while ($row = $result->FetchRow());
insert($w, block("<p>"));
printhtml($p);
exit;
}
// check if customer has DNS information (forward zone)
$result =& $ds->ds->SelectLimit("SELECT customer\n FROM fwdzone\n WHERE customer={$cust}", 1);
if ($row = $result->FetchRow()) {
insert($w, text(my_("Cannot delete customer because customer has DNS zones defined")));
insert($w, block("<p>"));
printhtml($p);
exit;
}
// check if customer has DNS information (reverse zone)
$result =& $ds->ds->SelectLimit("SELECT customer\n FROM zones\n WHERE customer={$cust}", 1);
if ($row = $result->FetchRow()) {
insert($w, text(my_("Cannot delete customer because customer has reverse DNS zones defined")));
insert($w, block("<p>"));
printhtml($p);
exit;
}
$ds->DbfTransactionStart();
// these deletes also appear in the admin/maintenance script!
$result =& $ds->ds->Execute("DELETE FROM customer\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM custinfo\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM custadd\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM revdns\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM area\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM netrange\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM fwdzone\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM fwdzoneadd\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM fwdzonerec\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM zones\n WHERE customer={$cust}") and $ds->AuditLog(array("event" => 182, "action" => "delete customer", "user" => getAuthUsername(), "cust" => $cust));
if ($result) {
$ds->DbfTransactionEnd();
insert($w, text(my_("Customer deleted")));
} else {
insert($w, text(my_("Customer could not be deleted")));
}
printhtml($p);
//setdefault("text",array("size"=>"2"));
$title = my_("IPplan Maintenance");
newhtml($p);
$w = myheading($p, $title);
// explicitly cast variables as security measure against SQL injection
list($action, $cust, $block, $requestindex, $requestdesc) = myRegister("S:action I:cust I:block I:requestindex S:requestdesc");
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
if ($action == "deletecustomer") {
if (DBF_TYPE == "mysql" or DBF_TYPE == "maxsql") {
$version = $ds->ds->GetOne("SELECT version() AS version");
if ($version < "4.0.0") {
myError($w, $p, my_("You need MySQL v4.0.0 or higher for this function!"));
}
}
$ds->DbfTransactionStart();
$result =& $ds->ds->Execute("DELETE FROM customer\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM custinfo\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM ipaddr \n WHERE baseindex IN (SELECT baseindex FROM base WHERE customer={$cust})") and $result =& $ds->ds->Execute("DELETE FROM ipaddradd\n WHERE baseindex IN (SELECT baseindex FROM base WHERE customer={$cust})") and $result =& $ds->ds->Execute("DELETE FROM base\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM custadd\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM revdns\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM area\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM netrange\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM fwdzone\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM fwdzoneadd\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM fwdzonerec\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM zones\n WHERE customer={$cust}") and $ds->AuditLog(array("event" => 182, "action" => "delete customer", "user" => getAuthUsername(), "cust" => $cust));
if ($result) {
$ds->DbfTransactionEnd();
insert($w, text(my_("Customer deleted")));
} else {
insert($w, text(my_("Customer could not be deleted")));
}
}
if ($action == "deleterequest") {
$ds->DbfTransactionStart();
$result =& $ds->ds->Execute("DELETE FROM requestip");
$ds->AuditLog(my_("Requested IP addresses cleared"));
if ($result) {
$ds->DbfTransactionEnd();
insert($w, text(my_("Requested IP addresses cleared!")));
} else {
if (!empty($info)) {
// Get the last insert_id
$baseindex = $ds->ds->GetOne("SELECT baseindex \n FROM base\n WHERE baseaddr={$base} AND customer={$cust}");
// First, try to insert.
$result =& $ds->ds->Execute("INSERT INTO baseadd\n (info, baseindex)\n VALUES\n (" . $ds->ds->qstr($info) . ",\n {$baseindex})");
// Second, try to update.
if ($result == FALSE) {
$result =& $ds->ds->Execute("UPDATE baseadd\n SET info=" . $ds->ds->qstr($info) . " \n WHERE baseindex={$baseindex}");
if ($result == FALSE) {
insert($w, block("<b>" . my_("Error inserting/updating info.") . "</b>"));
}
}
}
// End of template support for base
// Changed - End [FE]
$ds->AuditLog(sprintf(my_("User %s modified subnet details %s size %u customer cust %u"), getAuthUsername(), inet_ntoa($base), $size, $cust));
} else {
// if not duplicate, fall through to here
if ($size > 1) {
if (TestBaseAddr(inet_aton3($ipaddr), $size)) {
insert($w, text(my_("Invalid base address!")));
break;
}
}
// use the first group user belongs to create subnet
if ($baseindex = $ds->CreateSubnet($base, $size, $descrip, $cust, 0, $admingrp)) {
$ds->AuditLog(sprintf(my_("User %s created new subnet %s size %u cust %u"), getAuthUsername(), inet_ntoa($base), $size, $cust));
// Changed - Begin [FE]
// Start of template support for base
if (!empty($info)) {
// First, try to insert.
if ($_GET) {
// save the last customer used
// must set path else Netscape gets confused!
setcookie("ipplanCustomer", "{$cust}", time() + 10000000, "/");
// check if user belongs to customer admin group
$result = $ds->GetCustomerGrp($cust);
// can only be one row - does not matter if nothing is
// found as array search will return false
$row = $result->FetchRow();
if (!in_array($row["admingrp"], $grps)) {
myError($w, $p, my_("You may not delete an area for this customer as you are not a member of the customers admin group"));
}
if ($areaindex > 0) {
$result = $ds->GetArea($cust, $areaindex);
$row = $result->FetchRow();
$areaip = inet_ntoa($row["areaaddr"]);
$ds->DbfTransactionStart();
$result =& $ds->ds->Execute("DELETE FROM area\n WHERE areaindex={$areaindex}") and $ds->AuditLog(array("event" => 152, "action" => "delete area", "area" => $areaip, "user" => getAuthUsername(), "cust" => $cust));
if ($result) {
$ds->DbfTransactionEnd();
Header("Location: " . location_uri("modifyarearange.php?cust={$cust}"));
exit;
//insert($w,text(my_("Area deleted")));
} else {
insert($w, text(my_("Area could not be deleted")));
}
} else {
insert($w, text("Area index is invalid"));
}
}
printhtml($p);
$formerror .= my_("Invalid area address - it must be the same format as an IP address") . "\n";
}
}
if (!$formerror) {
$base = inet_aton($ipaddr);
// check if user belongs to customer admin group
$result = $ds->GetCustomerGrp($cust);
// can only be one row - does not matter if nothing is
// found as array search will return false
$row = $result->FetchRow();
if (!in_array($row["admingrp"], $grps)) {
myError($w, $p, my_("You may not create/modify an area for this customer as you are not a member of the customers admin group"));
}
$ds->DbfTransactionStart();
if ($action == "modify") {
$result =& $ds->ds->Execute("UPDATE area SET areaaddr={$base}, \n descrip=" . $ds->ds->qstr($descrip) . " WHERE areaindex={$areaindex}") and $ds->AuditLog(array("event" => 151, "action" => "modify area", "descrip" => $descrip, "user" => getAuthUsername(), "area" => $ipaddr, "cust" => $cust));
} else {
$result =& $ds->ds->Execute("INSERT INTO area\n (areaaddr, descrip, customer)\n VALUES\n ({$base}, " . $ds->ds->qstr($descrip) . ", {$cust})") and $ds->AuditLog(array("event" => 150, "action" => "create area", "descrip" => $descrip, "user" => getAuthUsername(), "area" => $ipaddr, "cust" => $cust));
}
if ($result) {
$ds->DbfTransactionEnd();
if ($action == "modify") {
Header("Location: " . location_uri("modifyarearange.php?cust={$cust}"));
//insert($w,textbr(my_("Area modified")));
//printhtml($p);
exit;
} else {
insert($w, textbr(my_("Area created")));
}
$ipaddr = "";
$descrip = "";
}
// could not find new subnet within any of the defined bounds
// so do not create
if (!$extst) {
myError($w, $p, sprintf(my_("Subnet %s not modified - out of defined authority boundary"), $baseip) . "\n");
}
$restemp = $ds->GetDuplicateSubnet($base, $size, $cust);
if ($restemp->FetchRow()) {
$formerror .= my_("Subnet could not be created - possibly overlaps with an existing subnet on new customers network") . "\n";
} else {
$ds->DbfTransactionStart();
// move the subnet to another customer, template will move with as relation
// between base and baseadd is baseindex column
if ($duplicatesubnet == 0) {
$result =& $ds->ds->Execute("UPDATE base\n SET descrip=" . $ds->ds->qstr($descrip) . ",\n admingrp=" . $ds->ds->qstr($grp) . ",\n customer={$cust},\n lastmod=" . $ds->ds->DBTimeStamp(time()) . ",\n userid=" . $ds->ds->qstr($userid) . "\n WHERE baseindex={$baseindex}");
$ds->AuditLog(array("event" => 174, "action" => "move subnet", "user" => getAuthUsername(), "baseaddr" => inet_ntoa($base), "size" => $size, "newcust" => $cust));
} else {
// use the first group user belongs to create subnet
if ($id = $ds->CreateSubnet($base, $size, $descrip, $cust, 0, $grp)) {
if ($duplicatesubnet == 1) {
// subnet created, now move info to new subnet
// cant use a temp table here as database does not
// have enough rights - don't want to give it anymore
// anyway, so we need to do it the hard way
$result = $ds->GetSubnetDetails($baseindex);
while ($row = $result->FetchRow()) {
$tempipaddr = $row["ipaddr"];
$tempuser = $row["userinf"];
$templocation = $row["location"];
$temptelno = $row["telno"];
$tempdescrip = $row["descrip"];
} while ($row = $result->FetchRow());
setdefault("cell", "");
insert($w, block("<p>"));
}
// check if user belongs to customer admin group
$result = $ds->GetCustomerGrp($cust);
// can only be one row - does not matter if nothing is
// found as array search will return false
$row = $result->FetchRow();
if (!in_array($row["admingrp"], $grps)) {
myError($w, $p, my_("You may not create a subnet for this customer as you are not a member of the customers admin group"));
}
$ds->DbfTransactionStart();
// use the first group user belongs to create subnet
if ($id = $ds->CreateSubnet($base, $size, $descrip, $cust, $dhcp, $admingrp)) {
$ds->AuditLog(array("event" => 170, "action" => "create subnet", "descrip" => $descrip, "user" => getAuthUsername(), "baseaddr" => inet_ntoa($base), "size" => $size, "cust" => $cust));
insert($w, text(sprintf(my_("Subnet %s created"), inet_ntoa($base))));
// fill new subnet with nmap
if (NMAP != "" and $addnmapinfo and $size >= 4 and $size <= 1024) {
if (ProcessNmap($ds, $base, $id, $size)) {
insert($w, textbr());
myError($w, $p, my_("NMAP data not in XML format or XML not available"), FALSE);
}
} else {
if ($addhostinfo and $size > 0) {
// remember to skip broadcast and network addresses!
for ($i_dns = 1; $i_dns < $size - 1; $i_dns++) {
$hname = gethostbyaddr(inet_ntoa($base + $i_dns));
if ($hname != inet_ntoa($base + $i_dns)) {
$ds->AddIP($base + $i_dns, $id, "", "", "", "", "", $hname, "");
}
}
$ds->DbfTransactionStart();
// new record?
if ($cust == 0) {
$result =& $ds->ds->Execute("INSERT INTO customer\n (custdescrip, crm, admingrp)\n VALUES\n (" . $ds->ds->qstr($custdescrip) . ",\n " . $ds->ds->qstr($crm) . ",\n " . $ds->ds->qstr($grp) . ")");
// did not fail due to key error?
if ($result) {
if (DBF_TYPE == "mysql" or DBF_TYPE == "maxsql") {
$cust = $ds->ds->Insert_ID();
} else {
// emulate getting the last insert_id
$result =& $ds->ds->Execute("SELECT customer \n FROM customer\n WHERE custdescrip=" . $ds->ds->qstr($custdescrip));
$temprow = $result->FetchRow();
$cust = $temprow["customer"];
}
$ds->AuditLog(array("event" => 180, "action" => "create customer", "user" => getAuthUsername(), "cust" => $cust, "descrip" => $custdescrip));
$ds->DbfTransactionEnd();
}
} else {
// always need to test - customer could have been deleted
// result used later
$result = $ds->GetCustomerInfo($cust);
// should only be one row here
if (!($row = $result->FetchRow())) {
myError($w, $p, my_("Customer cannot be found!"));
}
$result =& $ds->ds->Execute("UPDATE customer\n SET custdescrip=" . $ds->ds->qstr($custdescrip) . ",\n crm=" . $ds->ds->qstr($crm) . ",\n admingrp=" . $ds->ds->qstr($grp) . "\n WHERE customer={$cust}");
// did not fail due to key error?
if ($result) {
$ds->AuditLog(array("event" => 181, "action" => "modify customer", "user" => getAuthUsername(), "cust" => $cust, "descrip" => $custdescrip));
$ds->DbfTransactionEnd();
// Log the Transaction.
$ds->DbfTransactionStart();
foreach ($dataid as $value) {
// missing records will just get ignored
if ($row = $ds->ds->GetRow("SELECT recidx, error_message, ip_hostname, host\n FROM fwdzonerec \n WHERE customer={$cust} AND recidx=" . $value)) {
// update IP record if deleting auto A record
if ($row["error_message"] == "A") {
// found a subnet? Maybe it has been deleted!
if ($result = $ds->GetBaseFromIp(inet_aton($row["ip_hostname"]), $cust)) {
$row1 = $result->FetchRow();
$baseindex = $row1["baseindex"];
$ds->ds->Execute("UPDATE ipaddr\n SET hname=" . $ds->ds->qstr($row["host"]) . "\n WHERE baseindex={$baseindex} AND ipaddr=" . inet_aton($row["ip_hostname"]));
insert($w, textbr(sprintf(my_("IP record %s updated in subnet '%s' due to deletion of auto created A record"), $row["ip_hostname"], $row1["descrip"])));
}
}
$result =& $ds->ds->Execute("DELETE FROM fwdzonerec \n WHERE customer={$cust} AND recidx={$value}") and $ds->ds->Execute("UPDATE fwdzone \n SET error_message=" . $ds->ds->qstr("E") . ",\n lastmod=" . $ds->ds->DBTimeStamp(time()) . " WHERE customer={$cust} AND data_id=" . $dom_id) and $ds->AuditLog(array("event" => 120, "action" => "delete zone record", "cust" => $cust, "user" => getAuthUsername(), "id" => $value));
}
}
$ds->DbfTransactionEnd();
if ($result) {
$ds->DbfTransactionEnd();
insert($w, textbr(my_("Domain DNS Record Deleted.")));
$zone = "";
} else {
$ds->DbfTransactionRollback();
$formerror .= my_("DNS Record could not be deleted.") . "\n";
}
} else {
if ($action == "renumber") {
// check if user belongs to customer admin group
$result = $ds->GetCustomerGrp($cust);
$ds->DbfTransactionStart();
// check for attached files
if (DBF_TYPE == "mssql" or DBF_TYPE == "ado_mssql" or DBF_TYPE == "odbc_mssql") {
$result =& $ds->ds->Execute("SELECT ipaddr\n FROM ipaddradd\n WHERE baseindex={$baseindextmp} AND datalength(infobin) != 0");
} else {
$result =& $ds->ds->Execute("SELECT ipaddr\n FROM ipaddradd\n WHERE baseindex={$baseindextmp} AND " . $ds->ds->length . "(infobin) != 0");
}
$files = 0;
while ($rowadd = $result->FetchRow()) {
insert($w, textbr(sprintf(my_("IP address %s has files attached"), inet_ntoa($rowadd["ipaddr"]))));
$files++;
}
// only delete if there are no files attached
if ($files == 0) {
if ($ds->DeleteSubnet($baseindextmp)) {
$ds->AuditLog(array("event" => 172, "action" => "delete subnet", "user" => getAuthUsername(), "baseaddr" => $baseip, "size" => $size, "cust" => $cust));
$ds->DbfTransactionEnd();
insert($w, textbr(sprintf(my_("Subnet %s deleted"), $baseip)));
} else {
insert($w, textbr(sprintf(my_("Subnet %s could not be deleted"), $baseip)));
}
} else {
insert($w, textbr(sprintf(my_("Subnet %s could not be deleted - there are files attached"), $baseip)));
}
}
} else {
if ($action == "split" or $action == "join") {
// check if user belongs to customer admin group
$result = $ds->GetCustomerGrp($cust);
// can only be one row - does not matter if nothing is
// found as array search will return false
