function GenMapMenu($table, $field, $order) { global $defined; $db = new dbConn(); $val = new ValidateStrings(); if (empty($table) || empty($field)) { return -1; } $conn = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']); if (empty($order)) { $query = "SELECT {$field} FROM `{$table}`"; } else { $query = "SELECT {$field} FROM `{$table}` ORDER BY `{$order}`"; } $query = $val->ValidateSQL($query, $conn); if (($value = $db->dbQuery($query, $conn)) === -1) { return -1; } if ($db->dbNumRows($value) === -1 || $db->dbNumRows($value) === 0) { return -1; } else { $list = "<form method=\"get\" action=\"{$_SERVER['PHP_SELF']}\"><b>Existing rides:</b> <select name=\"mapper\" onChange=\"jumpMenu('parent',this,0)\"><option value=\"NULL\">Select Map / Route...</option>"; $list .= "<option>------------------------------</option>"; foreach ($db->dbArrayResultsAssoc($value) as $key => $val) { $url = $_SERVER['PHP_SELF'] . "?lat=" . $val['lat'] . "&lon=" . $val['lon'] . "&z=" . $val['zoom'] . "&mType=" . $val['type'] . "&driveFrom=" . $val['from'] . "&driveTo=" . $val['to'] . "&driveVia=" . $val['via'] . "&locale=en"; $list .= "<option name=\"{$url}\" value=\"{$url}\">" . $val['name'] . "</option>"; } $list .= "</select></form>"; $data = $list; } $db->dbFreeData($conn); $db->dbCloseConn($conn); return $data; }
function ChkLevel($token) { global $defined; if (empty($token)) { $level->value = -1; } else { $auth = new Encryption(); $db = new dbConn(); $val = new ValidateStrings(); $array = $auth->DecodeAuthToken($token); $data = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']); $query = "SELECT `level` FROM `auth_users` WHERE `level` = \"" . base64_decode($array[2]) . "\""; $value = $db->dbQuery($val->ValidateSQL($query, $data), $data); $array = $db->dbArrayResults($value); $level->value = $array[0]['level']; $db->dbFreeData($query); $db->dbCloseConn($data); } return $level->value; }
$tpl->assign('broadcast_address_err', $broadcast_address_err, NULL, NULL); $tpl->assign('netbios_servers_err', $netbios_servers_err, NULL, NULL); $tpl->assign('ntp_servers_err', $ntp_servers_err, NULL, NULL); $tpl->assign('default_lease_err', $default_lease_err, NULL, NULL); $tpl->assign('max_lease_err', $max_lease_err, NULL, NULL); $tpl->assign('min_lease_err', $min_lease_err, NULL, NULL); $tpl->assign('pools_err', $pools_err, NULL, NULL); $tpl->assign('list_err', $list_err, NULL, NULL); $tpl->assign('select_groups_err', $select_groups_err, NULL, NULL); // Do some cleaning before leaving $misc->CleanUpVars($_POST, NULL); // Perform analyze, repair and optimize on used tables $db->dbFixTable("conf_pools", $dbconn); $db->dbFixTable("auth_groups_perms", $dbconn); // Free db handle and close connection(s) $db->dbFreeData($dbconn); $db->dbCloseConn($dbconn); } else { // page view restricted by access level $ERROR = $err->GenerateErrorLink("help/help.html", "#undef", $defined['error'], $errors['level'], NULL, NULL); } } else { // general authentication error $ERROR = $err->GenerateErrorLink("help/help.html", "#undef", $defined['error'], $errors['auth_n'], NULL, NULL); } } else { // Possible XSS attack $ERROR = $err->GenerateErrorLink("help/help.html", "#undef", $defined['error'], $errors['xss_config'], NULL, NULL); } } else { // File is missing for configuration params
function GenUserList($user) { global $defined; $db = new dbConn(); $conn = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']); $query = "SELECT * FROM `users` WHERE `username` = \"{$user}\" LIMIT 1"; if (($value = $db->dbQuery($query, $conn)) === -1) { return -1; } if ($db->dbNumRows($value) === -1 || $db->dbNumRows($value) === 0) { return -1; } else { $data = $db->dbArrayResults($value); } $db->dbFreeData($conn); $db->dbCloseConn($conn); return $data; }
function GetAvailableIPAddresses($value, $subnet) { //echo "<pre>"; print_r( $value ); echo "</pre>"; global $defined; $db = new dbConn(); $val = new ValidateStrings(); // initialize a db connection handle $dbconn = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']); // process available scope IP's minus IP's engaged in `conf_leases` table preg_match('/([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})\\.([0-9]{1,3})/', $value['scope-range-1'], $start); preg_match('/([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})\\.([0-9]{1,3})/', $value['scope-range-2'], $end); // populate a range of valid octets to use for ($x = $start[2]; $x < $end[2]; $x++) { $tmp[] = $start[1] . "." . $x; } // mathmatica bitch $x = 1; for ($i = $start[2]; $i < $end[2]; $i++) { $total[$key] = $x; $x++; } // now get list of IP's in use as noted by the `conf_leases` table $sql = "SELECT `ip` FROM `conf_leases` WHERE `ip` LIKE \"" . $start[1] . "%\""; if (($return = $db->dbQuery($val->ValidateSQL($sql, $dbconn), $dbconn)) !== -1) { if ($db->dbNumRows($return) !== 0) { $leases = $db->dbArrayResultsAssoc($return); } } // mathmatics $amnt = $total[$key]; $in_use = count($leases); $unused = $amnt - $in_use; // populate empty list if (count($tmp) !== 0) { $x = 0; foreach ($tmp as $key => $value) { for ($i = 0; $i < count($leases); $i++) { if (!in_array($value, $leases[$i])) { $empty[$x][] = $value; $x++; } } } $empty = $this->EliminiateDuplicates($empty); } // put everything in a simple array, wuka wuka $ip_counts[$subnet]['total'] = $amnt; $ip_counts[$subnet]['total_used'] = $in_use; $ip_counts[$subnet]['total_unused'] = $unused; $ip_counts[$subnet]['detail_used'] = $leases; $ip_counts[$subnet]['detail_unused'] = $empty; // Free db handle and close connection(s) $db->dbFreeData($dbconn); $db->dbCloseConn($dbconn); // give it to them raw, raw return $ip_counts; }
function AuthUser($user, $pass, $token) { // our global config opts global $defined; // initialize classes $db = new dbConn(); $val = new ValidateStrings(); $lib = new Authenticate(); $auth = new Encryption(); $sess = new Sessions(); $misc = new MiscFunctions(); $exit = new ExitApp(); // check our authentication requirements if (empty($user) && empty($pass) && empty($token)) { return -1; } // we have an existing authentication token present if (!empty($token) && empty($user) && empty($pass)) { $array = $auth->DecodeAuthToken($token); $user = base64_decode($array[0]); $pass = base64_decode($array[1]); $time = $array[4]; $current = $misc->GenTime(); if ($lib->AuthTimeOut($defined['timeout'], $time, $current) === -1) { return -2; } } // perform validation on username and password if ($val->ValidateAlphaChar($user) === -1 || $val->ValidateParagraph($pass) === -1) { return -3; } // see if the user exists for authenticaiton $data = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']); $query = "SELECT * FROM `auth_users` WHERE `username` = \"{$user}\" AND `password` = sha1( \"{$pass}\" )"; $query = $val->ValidateSQL($query, $data); // database problem if (($value = $db->dbQuery($query, $data)) === -1) { return -5; } // check user match if ($db->dbNumRows($value) === -1 || $db->dbNumRows($value) === 0) { return -4; } else { $return = 0; } // create our authentication session token if (empty($token)) { $array = $db->dbArrayResults($value); $x = $auth->GeneratePrivateKey($defined['enckeygen']); $access_date = $misc->GenDate(); $access_time = $misc->GenTimeRead(); $query = "UPDATE `auth_users` SET `access_date` = \"" . $access_date . "\", `access_time` = \"" . $access_time . "\", `session` = \"{$x}\" WHERE `id` = \"" . $array[0]['id'] . "\""; $value = $val->ValidateSQL($query, $data); if (($value = $db->dbQuery($value, $data)) === -1) { return -5; } $x = $auth->EncodePrivToHex($x); if (($token = $auth->EncodeAuthToken($array[0]['username'], $pass, $array[0]['level'], $array[0]['group'], $misc->GenTime(), $x)) !== -1) { $sess->RegisterSession("token", $token); $return = 0; } } $db->dbFreeData($query); $db->dbCloseConn($data); return $return; }