function get_report_data($id = NULL)
{
$conf = $GLOBALS['CONF'];
$conf = !$conf ? new Ossim_conf() : $conf;
$y = strftime('%Y', time() - 24 * 60 * 60 * 30);
$m = strftime('%m', time() - 24 * 60 * 60 * 30);
$d = strftime('%d', time() - 24 * 60 * 60 * 30);
$reports['asset_report'] = array('report_name' => _('Asset Details'), 'report_id' => 'asset_report', 'type' => 'external', 'link_id' => 'link_ar_asset', 'link' => '', 'parameters' => array(array('name' => _('Host Name/IP/Network'), 'id' => 'ar_asset', 'type' => 'asset', 'default_value' => '')), 'access' => Session::menu_perms('environment-menu', 'PolicyHosts') || Session::menu_perms('environment-menu', 'PolicyNetworks'), 'send_by_email' => 0);
$status_values = array('All' => array('text' => _('All')), 'Open' => array('text' => _('Open')), 'Assigned' => array('text' => _('Assigned')), 'Studying' => array('text' => _('Studying')), 'Waiting' => array('text' => _('Waiting')), 'Testing' => array('text' => _('Testing')), 'Closed' => array('text' => _('Closed')));
$types_values = array('ALL' => array('text' => _('ALL')), 'Expansion Virus' => array('text' => _('Expansion Virus')), 'Corporative Nets Attack' => array('text' => _('Corporative Nets Attack')), 'Policy Violation' => array('text' => _('Policy Violation')), 'Security Weakness' => array('text' => _('Security Weakness')), 'Net Performance' => array('text' => _('Net Performance')), 'Applications and Systems Failures' => array('text' => _('Applications and Systems Failures')), 'Anomalies' => array('text' => _('Anomalies')), 'Vulnerability' => array('text' => _('Vulnerability')));
$priority_values = array('High' => _('High'), 'Medium' => _('Medium'), 'Low' => _('Low'));
$reports['tickets_report'] = array('report_name' => _('Tickets Report'), 'report_id' => 'tickets_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'alarm' => array('id' => 'alarm', 'name' => _('Alarm'), 'report_file' => 'os_reports/Tickets/Alarm.php'), 'event' => array('id' => 'event', 'name' => _('Event'), 'report_file' => 'os_reports/Tickets/Event.php'), 'anomaly' => array('id' => 'anomaly', 'name' => _('Anomaly'), 'report_file' => 'os_reports/Tickets/Anomaly.php'), 'vulnerability' => array('id' => 'vulnerability', 'name' => _('Vulnerability'), 'report_file' => 'os_reports/Tickets/Vulnerability.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'tr_date_from', 'date_to_id' => 'tr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d'))), array('name' => _('Status'), 'id' => 'tr_status', 'type' => 'select', 'values' => $status_values), array('name' => _('Type'), 'id' => 'tr_type', 'type' => 'select', 'values' => $types_values), array('name' => _('Priority'), 'id' => 'tr_priority', 'type' => 'checkbox', 'values' => $priority_values)), 'access' => Session::menu_perms('analysis-menu', 'IncidentsIncidents'), 'send_by_email' => 1);
$reports['alarm_report'] = array('report_name' => _('Alarms Report'), 'report_id' => 'alarm_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'top_attacker_host' => array('id' => 'top_attacker_host', 'name' => _('Top 10 Attacker Host'), 'report_file' => 'os_reports/Alarms/AttackerHosts.php'), 'top_attacked_host' => array('id' => 'top_attacked_host', 'name' => _('Top 10 Attacked Host'), 'report_file' => 'os_reports/Alarms/AttackedHosts.php'), 'used_port' => array('id' => 'used_port', 'name' => _('Top 10 Used Ports'), 'report_file' => 'os_reports/Alarms/UsedPorts.php'), 'top_events' => array('id' => 'top_events', 'name' => _('Top 15 Alarms'), 'report_file' => 'os_reports/Alarms/TopAlarms.php'), 'events_by_risk' => array('id' => 'events_by_risk', 'name' => _('Top 15 Alarms by Risk'), 'report_file' => 'os_reports/Alarms/TopAlarmsByRisk.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'ar_date_from', 'date_to_id' => 'ar_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'ControlPanelAlarms'), 'send_by_email' => 1);
$reports['bc_pci_report'] = array('report_name' => _('Business & Compliance ISO PCI Report'), 'report_id' => 'bc_pci_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'threat_overview' => array('id' => 'threat_overview', 'name' => _('Threat overview'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ThreatOverview.php'), 'bri_risks' => array('id' => 'bri_risks', 'name' => _('Business real impact risks'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/BusinessPotentialImpactsRisks.php'), 'ciap_impact' => array('id' => 'ciap_impact', 'name' => _('C.I.A Potential impact'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/CIAPotentialImpactsRisks.php'), 'pci_dss' => array('id' => 'pci_dss', 'name' => _('PCI-DSS 2.0'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/PCI-DSS.php'), 'pci_dss3' => array('id' => 'pci_dss3', 'name' => _('PCI-DSS 3.0'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/PCI-DSS3.php'), 'trends' => array('id' => 'trends', 'name' => _('Trends'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/Trends.php'), 'iso27002_p_impact' => array('id' => 'iso27002_p_impact', 'name' => _('ISO27002 Potential impact'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ISO27002PotentialImpact.php'), 'iso27001' => array('id' => 'iso27001', 'name' => _('ISO27001'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ISO27001.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'bc_pci_date_from', 'date_to_id' => 'bc_pci_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('report-menu', 'ReportsReportServer'), 'send_by_email' => 1);
$reports['siem_report'] = array('report_name' => _('SIEM Events'), 'report_id' => 'siem_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'top_attacker_host' => array('id' => 'top_attacker_host', 'name' => _('Top 10 Attacker Host'), 'report_file' => 'os_reports/Siem/AttackerHosts.php'), 'top_attacked_host' => array('id' => 'top_attacked_host', 'name' => _('Top 10 Attacked Host'), 'report_file' => 'os_reports/Siem/AttackedHosts.php'), 'used_port' => array('id' => 'used_port', 'name' => _('Top 10 Used Ports'), 'report_file' => 'os_reports/Siem/UsedPorts.php'), 'top_events' => array('id' => 'top_events', 'name' => _('Top 15 Events'), 'report_file' => 'os_reports/Siem/TopEvents.php'), 'events_by_risk' => array('id' => 'events_by_risk', 'name' => _('Top 15 Events by Risk'), 'report_file' => 'os_reports/Siem/TopEventsByRisk.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'sr_date_from', 'date_to_id' => 'sr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'EventsForensics'), 'send_by_email' => 1);
$reports['vulnerabilities_report'] = array('report_name' => _('Vulnerabilities Report'), 'report_id' => 'vulnerabilities_report', 'type' => 'external', 'target' => '_blank', 'link_id' => 'link_vr', 'link' => Menu::get_menu_url('../vulnmeter/lr_respdf.php?ipl=all&scantype=M', 'environment', 'vulnerabilities', 'overview'), 'access' => Session::menu_perms('analysis-menu', 'EventsVulnerabilities'), 'send_by_email' => 0);
$reports['th_vuln_db'] = array('report_name' => _('Threats & Vulnerabilities Database'), 'report_id' => 'th_vuln_db', 'type' => 'external', 'link_id' => 'link_tvd', 'link' => Menu::get_menu_url('../vulnmeter/threats-db.php', 'environment', 'vulnerabilities', 'threat_database'), 'access' => Session::menu_perms('analysis-menu', 'EventsVulnerabilities'), 'send_by_email' => 0);
$reports['ticket_status'] = array('report_name' => _('Tickets Status'), 'report_id' => 'ticket_status', 'type' => 'external', 'link_id' => 'link_tr', 'link' => Menu::get_menu_url('../report/incidentreport.php', 'analysis', 'tickets', 'tickets'), 'access' => Session::menu_perms('analysis-menu', 'IncidentsIncidents'), 'send_by_email' => 0);
$db = new ossim_db();
$conn = $db->connect();
$user = Session::get_session_user();
$session_list = Session::get_list($conn, 'ORDER BY login');
if (preg_match('/pro|demo/', $conf->get_conf('ossim_server_version')) && !Session::am_i_admin()) {
$myusers = Acl::get_my_users($conn, Session::get_session_user());
if (count($myusers) > 0) {
$is_pro_admin = 1;
}
}
// User Log lists
if (Session::am_i_admin()) {
$user_values[''] = array('text' => _('All'));
if ($session_list) {
foreach ($session_list as $session) {
$login = $session->get_login();
$user_values[$login] = $login == $user ? array('text' => $login, 'selected' => TRUE) : array('text' => $login);
}
}
} elseif ($is_pro_admin) {
foreach ($myusers as $myuser) {
$user_values[$myuser['login']] = array('text' => $myuser['login']);
$user_values[$user] = array('text' => $user, 'selected' => TRUE);
}
} else {
$user_values[$user] = array('text' => $user);
}
$code_list = Log_config::get_list($conn, 'ORDER BY descr');
$action_values[''] = array('text' => _('All'));
if ($code_list) {
foreach ($code_list as $code_log) {
$code_aux = $code_log->get_code();
$action_values[$code_aux] = array('text' => '[' . sprintf("%02d", $code_aux) . '] ' . _(preg_replace('|%.*?%|', " ", $code_log->get_descr())));
}
}
$reports['user_activity'] = array('report_name' => _('User Activity Report'), 'report_id' => 'user_activity', 'type' => 'external', 'link_id' => 'link_ua', 'link' => Menu::get_menu_url('../userlog/user_action_log.php', 'settings', 'settings', 'user_activity'), 'parameters' => array(array('name' => _('User'), 'id' => 'ua_user', 'type' => 'select', 'values' => $user_values), array('name' => _('Action'), 'id' => 'ua_action', 'type' => 'select', 'values' => $action_values)), 'access' => Session::menu_perms('settings-menu', 'ToolsUserLog'), 'send_by_email' => 0);
$reports['geographic_report'] = array('report_name' => _('Geographic Report'), 'report_id' => 'geographic_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'geographic_report' => array('id' => 'geographic_report', 'name' => _('Geographic Report'), 'report_file' => 'os_reports/Various/Geographic.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'gr_date_from', 'date_to_id' => 'gr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'EventsForensics'), 'send_by_email' => 1);
//Sensor list
$sensor_values[''] = array('text' => ' -- ' . _('Sensors no found') . ' -- ');
$filters = array('order_by' => 'name');
$sensor_list = Av_sensor::get_basic_list($conn, $filters);
$filters = array('order_by' => 'priority desc');
list($sensor_list, $sensor_total) = Av_sensor::get_list($conn, $filters);
if ($sensor_total > 0) {
$sensor_values = array();
foreach ($sensor_list as $s) {
$properties = $s['properties'];
if ($properties['has_nagios']) {
$sensor_values[$s['ip']] = array('text' => $s['name']);
}
}
}
/* Nagios link */
$nagios_link = $conf->get_conf('nagios_link');
$scheme = empty($_SERVER['HTTPS']) ? 'http://' : 'https://';
$path = !empty($nagios_link) ? $nagios_link : '/nagios3/';
$port = !empty($_SERVER['SERVER_PORT']) ? ':' . $_SERVER['SERVER_PORT'] : "";
$nagios = $port . $path;
$section_values = array(urlencode($nagios . 'cgi-bin/trends.cgi') => array('text' => _('Trends')), urlencode($nagios . 'cgi-bin/avail.cgi') => array('text' => _('Availability')), urlencode($nagios . 'cgi-bin/histogram.cgi') => array('text' => _('Event Histogram')), urlencode($nagios . 'cgi-bin/history.cgi?host=all') => array('text' => _('Event History')), urlencode($nagios . 'cgi-bin/summary.cgi') => array('text' => _('Event Summary')), urlencode($nagios . 'cgi-bin/notifications.cgi') => array('text' => _('Notifications')), urlencode($nagios . 'cgi-bin/showlog.cgi') => array('text' => _('Performance Info')));
$reports['availability_report'] = array('report_name' => _('Availability Report'), 'report_id' => 'availability_report', 'type' => 'external', 'link_id' => 'link_avr', 'click' => "nagios_link('avr_nagios_link', 'avr_sensor', 'avr_section');", 'parameters' => array(array('name' => _('Sensor'), 'id' => 'avr_sensor', 'type' => 'select', 'values' => $sensor_values), array('name' => 'Nagioslink', 'id' => 'avr_nagios_link', 'type' => 'hidden', 'default_value' => urlencode($scheme)), array('name' => _('Section'), 'id' => 'avr_section', 'type' => 'select', 'values' => $section_values)), 'access' => Session::menu_perms('environment-menu', 'MonitorsAvailability'), 'send_by_email' => 0);
$db->close();
if ($id == NULL) {
ksort($reports);
return $reports;
} else {
return !empty($reports[$id]) ? $reports[$id] : array();
}
}
function select_profile()
{
global $sid, $username, $dbconn, $version, $nessus_path;
$used_sids = array();
if (preg_match("/omp\\s*\$/i", $nessus_path)) {
$omp = new OMP();
$used_sids = $omp->get_used_sids();
}
$entities_nt = array();
$query = "SELECT ae.id as eid, ae.name as ename, aet.name as etype FROM acl_entities AS ae, acl_entities_types AS aet WHERE ae.type = aet.id";
$result_entities = $dbconn->Execute($query);
while (!$result_entities->EOF) {
$entities_nt[$result_entities->fields['eid']] = $result_entities->fields['ename'] . " [" . $result_entities->fields['etype'] . "]";
$result_entities->MoveNext();
}
$query = "";
$normal_user_pro = false;
if ($username == "admin") {
$query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n WHERE deleted != '1' ORDER BY name";
} else {
if (preg_match("/pro|demo/i", $version)) {
if (Acl::am_i_proadmin()) {
$pro_users = array();
$entities_list = array();
//list($entities_admin,$num) = Acl::get_entities_admin($dbconn,Session::get_session_user());
//$entities_list = array_keys($entities_admin);
$entities_list = Acl::get_user_entities($current_user);
$users = Acl::get_my_users($dbconn, Session::get_session_user());
foreach ($users as $us) {
$pro_users[] = $us["login"];
}
$query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n WHERE deleted != '1' and (name='Default' or owner in ('0','" . implode("', '", array_merge($entities_list, $pro_users)) . "')) ORDER BY name";
} else {
$tmp = array();
$entities = Acl::get_user_entities($username);
foreach ($entities as $entity) {
$tmp[] = "'" . $entity . "'";
}
if (count($tmp) > 0) {
$user_where = "owner in ('0','{$username}'," . implode(", ", $tmp) . ")";
} else {
$user_where = "owner in ('0','{$username}')";
}
$query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n WHERE deleted != '1' and (name='Default' or {$user_where}) ORDER BY name";
$normal_user_pro = true;
}
} else {
$query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n WHERE deleted != '1' and (name='Default' or owner in ('0','{$username}')) ORDER BY name";
}
}
//var_dump($query);
$result = $dbconn->execute($query);
//echo $query;
echo "<CENTER>";
echo "<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"800\"><tr><td class=\"headerpr\" style=\"border:0;\">" . _("Vulnerability Scan Profiles") . "</td></tr></table>";
echo "<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"800\"><tr><td class=\"noborder\">";
echo "<p>";
echo _("Please select a profile to edit") . ":";
echo "</p>";
echo "<table align='center'>";
echo "<tr>";
if ($username == "admin" || Session::am_i_admin()) {
echo "<th>" . _("Available for") . "</th>";
}
echo " <th>" . _("Profile") . "</th>";
echo " <th>" . _("Description") . "</th>";
echo " <th>" . _("Action") . "</th>";
echo "</tr>";
while (!$result->EOF) {
//<td>$sowner</td>
//<td>$stype</td>
list($sid, $sname, $sdescription, $sowner, $stype) = $result->fields;
echo "<tr>";
if ($username == "admin" || Session::am_i_admin()) {
if ($sowner == "0") {
echo "<td>" . _("All") . "</td>";
} elseif (is_numeric($sowner)) {
echo "<td style='padding:0px 2px 0px 2px;'>" . $entities_nt[$sowner] . "</td>";
} else {
echo "<td>" . html_entity_decode($sowner) . "</td>";
}
}
echo "<td>" . html_entity_decode($sname) . "</td>";
echo "<td>" . html_entity_decode($sdescription) . "</td>";
echo "<td>";
//var_dump($normal_user_pro);
//var_dump($sowner);
//var_dump($username);
//var_dump($used_sids);
if ($normal_user_pro && $sowner != $username && $sname != "Default") {
echo " ";
} elseif ($username == "admin" || Session::am_i_admin()) {
if (!in_array($sid, $used_sids)) {
echo "<a href=\"settings.php?disp=edit&&sid={$sid}\"><img src=\"images/pencil.png\"></a>";
echo "<a href=\"settings.php?disp=edit&op=delete&sid={$sid}\" onclick=\"return confirmDelete();\"><img src=\"images/delete.gif\"></a>";
} else {
echo "<img src=\"images/pencil.png\" title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\">";
echo "<img src=\"images/delete.gif\" title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\">";
}
} elseif ($sname == "Default") {
echo "[" . _("edit by admin") . "]";
} elseif ($sname != "Default") {
if (!in_array($sid, $used_sids)) {
echo "<a href=\"settings.php?disp=edit&&sid={$sid}\"><img src=\"images/pencil.png\"></a>";
echo "<a href=\"settings.php?disp=edit&op=delete&sid={$sid}\" onclick=\"return confirmDelete();\"><img src=\"images/delete.gif\"></a>";
} else {
echo "<img title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\" src=\"images/pencil.png\">";
echo "<img title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\" src=\"images/delete.gif\">";
}
}
echo "</td>";
echo "</tr>";
$result->MoveNext();
}
echo "</table>";
echo "<center>";
echo "<p>";
echo "<form>";
echo "<input type=button onclick=\"document.location.href='settings.php?disp=new'\" value=\"" . _("Create New Profile") . "\" class=\"button\"> ";
if ($username == "admin" || Session::am_i_admin()) {
echo "<input type=button onclick=\"document.location.href='defaults.php'\" value=\"" . _("Edit default profile") . "\" class=\"button\">";
}
echo "</form>";
echo "</p>";
echo "</center>";
echo "<br><br>";
echo "</td></tr></table></center>";
// end else
}
// Opensource
if ($login == ACL_DEFAULT_OSSIM_ADMIN || $user[0]->get_is_admin()) {
return "../pixmaps/user-gadmin.png";
} else {
return "../pixmaps/user-green.png";
}
}
}
$where = "";
$users = array();
$allowed_users = array();
if (Session::am_i_admin() || $pro && Acl::am_i_proadmin()) {
if (Session::am_i_admin()) {
$users_list = Session::get_list($dbconn, "ORDER BY login");
} else {
$users_list = Acl::get_my_users($dbconn, Session::get_session_user());
}
if (is_array($users_list) && !empty($users_list)) {
foreach ($users_list as $k => $v) {
$users[] = is_object($v) ? $v->get_login() : $v["login"];
}
$where = "WHERE login in ('" . implode("','", $users) . "')";
}
} else {
$where = "WHERE login = '******'";
}
$allowed_users = Session_activity::get_list($dbconn, $where . " ORDER BY activity desc");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
$insert[] = $found[1];
}
}
}
rsort($insert);
$dir->close();
if ($pro) {
// users
$users = array();
if (Session::am_i_admin()) {
$users_list = Session::get_list($conn_ossim);
foreach ($users_list as $user_data) {
$users[] = $user_data->login;
}
} else {
$users_list = Acl::get_my_users($conn_ossim, Session::get_session_user());
foreach ($users_list as $user_data) {
$users[] = $user_data["login"];
}
}
// entities
list($entities_all, $num_entities) = Acl::get_entities($conn_ossim);
list($entities_admin, $num) = Acl::get_entities_admin($conn_ossim, Session::get_session_user());
$entities_list = array_keys($entities_admin);
}
$db->close($conn);
$db->close($conn_ossim);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
function showSubCategoryHTML()
{
// get list reports
$db = new ossim_db();
$dbconn = $db->connect();
$creports = array();
$subreports_ac = array();
$sql_search = "";
if ($search != "") {
$sql_search = "AND name like '%{$search}%'";
}
$result = $dbconn->Execute("SELECT login, name, value FROM user_config where category='custom_report' {$sql_search} ORDER BY name ASC");
$hi = 0;
while (!$result->EOF) {
$available = false;
$unserializedata = unserialize($result->fields["value"]);
$available_for_user = $unserializedata["user"];
$available_for_entity = $unserializedata["entity"];
// check if this report is available for session user
if (Session::am_i_admin()) {
$available = true;
} else {
if ($available_for_user == "0") {
$available = true;
} else {
if ($available_for_user != "" && $available_for_user == $session_user || $result->fields["login"] == $session_user) {
$available = true;
} else {
if (preg_match("/pro|demo/i", $version)) {
if (Acl::am_i_proadmin()) {
$entities_list = Acl::get_entities_admin($dbconn, Session::get_session_user());
$entities = array_keys($entities_list[0]);
$users = Acl::get_my_users($dbconn, Session::get_session_user());
$users_login = array();
foreach ($users as $user) {
$users_login[] = $user["login"];
}
if (in_array($available_for_entity, $entities) || in_array($available_for_user, $users_login) || in_array($result->fields["login"], $users_login)) {
$available = true;
}
} else {
$entities = Acl::get_user_entities(Session::get_session_user());
if (in_array($available_for_entity, $entities)) {
$available = true;
}
}
}
}
}
}
// save report if is available
$maxpag = 20;
$to = $pag * $maxpag;
$from = $to - $maxpag;
if ($available) {
if ($from <= $hi && $hi < $to) {
$creports[] = $result->fields;
}
// autocomplete
$key = base64_encode($result->fields["name"] . "###" . $result->fields["login"]);
$subreports_ac[$key] = trim($result->fields["name"]);
$hi++;
}
$result->MoveNext();
}
$dbconn->disconnect();
//
$html = '<table style="margin:0;padding:0;width:100%;font-size:11px">
<tr>
<td colspan="2">' . _('Properties report') . ':</td>
</tr>
<tr>
<td>' . _('Report Name') . ':</td>
<td>
<select name="run">';
foreach ($subreports_ac as $key => $value) {
$html .= '<option value="' . $key . '"';
$html .= $this->get('run') == $key ? ' selected="selected"' : "";
$html .= '>' . $value . '</option>';
}
$html .= ' </select>
</td>
</tr>
<tr>
<td>' . _('Refresh report') . ':</td>
<td><input name="refresh" value="false" ';
if ($this->get('refresh') == 'false') {
$html .= 'checked="checked" ';
}
$html .= 'type="radio">' . _('No') . '
<input name="refresh" value="true" ';
if ($this->get('refresh') == 'true') {
$html .= 'checked="checked" ';
}
$html .= 'type="radio">' . _('Yes') . '
<input style="width:80px" type="text" name="secondRefresh" value="' . $this->get('secondRefresh') . '" /> ' . _('seconds') . '</td>
</tr>
</table>';
return $html;
}
</tr>
</table>
<input type="hidden" name="action" value="save" />
<input type="hidden" name="name" value="<?php
echo $name;
?>
" />
<input type="hidden" name="url" value="<?php
echo $url;
?>
" />
<?php
} elseif (Acl::am_i_proadmin()) {
// pro admin
//users
$users_admin = Acl::get_my_users($dbconn, Session::get_session_user());
foreach ($users_admin as $u) {
// if($u["login"]!=Session::get_session_user()){
$users_pro_login[] = $u["login"];
// }
}
//if(!in_array(Session::get_session_user(), $users_pro_login) && $incident_in_charge!=Session::get_session_user()) $users_pro_login[] = Session::get_session_user();
//entities
list($entities_all, $num_entities) = Acl::get_entities($dbconn);
list($entities_admin, $num) = Acl::get_entities_admin($dbconn, Session::get_session_user());
$entities_list = array_keys($entities_admin);
$entities_types_aux = Acl::get_entities_types($dbconn);
$entities_types = array();
foreach ($entities_types_aux as $etype) {
$entities_types[$etype['id']] = $etype;
}
function tab_discovery()
{
global $component, $uroles, $editdata, $scheduler, $username, $useremail, $dbconn, $disp, $enScanRequestImmediate, $enScanRequestRecur, $timeout, $smethod, $SVRid, $sid, $ip_list, $ip_exceptions_list, $schedule_type, $ROYEAR, $ROday, $ROMONTH, $time_hour, $time_min, $dayofweek, $dayofmonth, $sname, $user, $entity, $hosts_alive, $scan_locally, $version, $nthweekday, $semail, $not_resolve;
global $pluginOptions, $enComplianceChecks, $profileid;
$conf = $GLOBALS["CONF"];
$pre_scan_locally_status = $conf->get_conf("nessus_pre_scan_locally", FALSE);
$user_selected = $user;
$entity_selected = $entity;
$SVRid_selected = $SVRid;
$sid_selected = $sid != "" ? $sid : $editdata['meth_VSET'];
$timeout_selected = $editdata["meth_TIMEOUT"];
$ip_list_selected = str_replace("\\r\\n", "\n", str_replace(";;", "\n", $ip_list));
if (count($ip_exceptions_list) > 0) {
$ip_list_selected .= "\n" . implode("\n", $ip_exceptions_list);
}
$ROYEAR_selected = $ROYEAR;
$ROday_selected = $ROday;
$ROMONTH_selected = $ROMONTH;
$time_hour_selected = $time_hour;
$time_min_selected = $time_min;
$dayofweek_selected = $dayofweek;
$dayofmonth_selected = $dayofmonth;
$sname_selected = $sname;
//print_r($editdata);
if ($schedule_type != "") {
$editdata['schedule_type'] = $schedule_type;
}
$cquery_like = "";
if ($component != "") {
$cquery_like = " AND component='{$component}'";
}
$today = date("Ymd");
$tyear = substr($today, 0, 4);
$nyear = $tyear + 1;
$tmonth = substr($today, 4, 2);
$tday = substr($today, 6, 2);
#SET VALUES UP IF EDIT SCHEDULER
if (isset($editdata['notify'])) {
$enotify = $editdata['notify'];
} else {
$enotify = "{$useremail}";
}
if (isset($editdata['time'])) {
list($time_hour, $time_min, $time_sec) = split(':', $editdata['time']);
}
$arrTypes = array("N", "O", "D", "W", "M", "NW");
foreach ($arrTypes as $type) {
$sTYPE[$type] = "";
}
$arrJobTypes = array("C", "M", "R", "S");
foreach ($arrJobTypes as $type) {
$sjTYPE[$type] = "";
}
if (isset($editdata['schedule_type'])) {
$sTYPE[$editdata['schedule_type']] = "CHECKED";
if ($editdata['schedule_type'] == 'D') {
$ni = 2;
} elseif ($editdata['schedule_type'] == 'O') {
$ni = 3;
} elseif ($editdata['schedule_type'] == 'W') {
$ni = 4;
} elseif ($editdata['schedule_type'] == 'NW') {
$ni = 6;
} else {
$ni = 5;
}
$show = "<br><script language=javascript>showLayer('idSched', {$ni});</script>";
} else {
if ($enScanRequestImmediate) {
$sTYPE['N'] = "CHECKED";
$show = "<br><script language=javascript>showLayer('idSched', 1);</script>";
} else {
$sTYPE['O'] = "checked";
$show = "<br><script language=javascript>showLayer('idSched', 3);</script>";
}
}
if ($schedule_type != "") {
if ($schedule_type == "N") {
$show .= "<br><script language=javascript>showLayer('idSched', 1);</script>";
}
if ($schedule_type == "O") {
$show .= "<br><script language=javascript>showLayer('idSched', 3);</script>";
}
if ($schedule_type == "D") {
$show .= "<br><script language=javascript>showLayer('idSched', 2);</script>";
}
if ($schedule_type == "W") {
$show .= "<br><script language=javascript>showLayer('idSched', 4);</script>";
}
if ($schedule_type == "M") {
$show .= "<br><script language=javascript>showLayer('idSched', 5);</script>";
}
if ($schedule_type == "NW") {
$show .= "<br><script language=javascript>showLayer('idSched', 6);</script>";
}
}
if (isset($editdata['job_TYPE'])) {
$sjTYPE[$editdata['job_TYPE']] = "SELECTED";
} else {
$sjTYPE['M'] = "SELECTED";
}
if (isset($editdata['day_of_month'])) {
$dayofmonth = $editdata['day_of_month'];
}
if (isset($editdata['day_of_week'])) {
$day[$editdata['day_of_week']] = "SELECTED";
}
if ($dayofweek_selected != "") {
$day[$dayofweek_selected] = "SELECTED";
}
if (!$uroles['nessus']) {
$name = "sr-" . substr($username, 0, 6) . "-" . time();
$name = $editdata['name'] == "" ? $name : $editdata['name'];
$nameout = $name . "<input type=hidden style='width:200px' name='sname' value='{$name}'>";
} else {
$nameout = "<input type=text style='width:200px' name='sname' value='" . ($sname_selected != "" ? "{$sname_selected}" : "{$editdata['name']}") . "'>";
}
$discovery = "<input type=\"hidden\" name=\"cred_type\" value=\"N\">";
$discovery .= "<table width=\"80%\">";
$discovery .= "<tr>";
$discovery .= "<input type=\"hidden\" name=\"smethod\" value=\"{$smethod}\">";
$discovery .= "<td align=\"Right\" width=\"30%\">" . _("Job Name") . ":</td>";
$discovery .= "<td style=\"text-align:left;\">{$nameout}</td>";
$discovery .= "</tr>";
$query = "SELECT id, name, hostname\n FROM vuln_nessus_servers\n WHERE enabled='1' AND status='A'";
$result = $dbconn->execute($query);
$discovery .= "<tr>";
$discovery .= "<td align=\"right\">" . _("Select Server") . ":</td>";
$discovery .= "<td style=\"text-align:left;\"><select name=\"SVRid\">";
//if($SVRid=="" || $SVRid_selected=="Null") {
$discovery .= "<option value=\"Null\">" . _("First Available Server-Distributed") . "</option>";
//}
while (!$result->EOF) {
list($SVRid, $sname, $shostIP) = $result->fields;
if (Session::am_i_admin() || Session::sensorAllowed($shostIP)) {
// $shostIP=="localhost" ||
$discovery .= "<option value=\"{$SVRid}\" ";
if ($editdata['scan_ASSIGNED'] != "" && $editdata['scan_ASSIGNED'] == $SVRid) {
$discovery .= " SELECTED";
}
if ($SVRid_selected == $SVRid) {
$discovery .= " SELECTED";
}
$discovery .= ">" . strtoupper($sname) . " [{$shostIP}] </option>";
}
$result->MoveNext();
}
$discovery .= <<<EOT
</select>
</td>
</tr>
<tr>
EOT;
$discovery .= "<td align='right' width='25%'>" . _("Profile") . ":</td>";
$discovery .= "<td style='text-align:left;'><select name='sid'>";
//$query = "SELECT distinct(t1.id), t1.name, t1.description
// FROM vuln_nessus_settings t1
// LEFT JOIN vuln_nessus_settings_users t2 ON t1.id = t2.sid
// WHERE t1.type = 'G' OR t2.username='******'
// ORDER BY t1.name";
$query = "";
if ($username == "admin" || Session::am_i_admin()) {
$query = "SELECT distinct(t1.id), t1.name, t1.description \n FROM vuln_nessus_settings t1 WHERE deleted='0'\n ORDER BY t1.name";
} else {
if (preg_match("/pro|demo/i", $version)) {
if (Acl::am_i_proadmin()) {
$pro_users = array();
$entities_list = Acl::get_user_entities($current_user);
//list($entities_admin,$num) = Acl::get_entities_admin($dbconn,Session::get_session_user());
//$entities_list = array_keys($entities_admin);
$users = Acl::get_my_users($dbconn, Session::get_session_user());
foreach ($users as $us) {
$pro_users[] = $us["login"];
}
$query = "SELECT distinct(t1.id), t1.name, t1.description FROM vuln_nessus_settings t1\n WHERE deleted = '0' and (name='Default' or owner in ('0','" . implode("','", array_merge($entities_list, $pro_users)) . "')) ORDER BY t1.name";
} else {
$tmp = array();
$entities = Acl::get_user_entities($username);
foreach ($entities as $entity) {
$tmp[] = "'" . $entity . "'";
}
if (count($tmp) > 0) {
$user_where = "owner in ('0','{$username}'," . implode(", ", $tmp) . ")";
} else {
$user_where = "owner in ('0','{$username}')";
}
$query = "SELECT distinct(t1.id), t1.name, t1.description FROM vuln_nessus_settings t1\n WHERE deleted = '0' and (name='Default' or {$user_where}) ORDER BY t1.name";
}
} else {
$query = "SELECT distinct(t1.id), t1.name, t1.description FROM vuln_nessus_settings t1\n WHERE deleted = '0' and (name='Default' or owner in ('0','{$username}')) ORDER BY t1.name";
}
}
//var_dump($query);
$result = $dbconn->execute($query);
$job_profiles = array();
$id_found = false;
$ipr = 0;
while (!$result->EOF) {
list($sid, $sname, $sdescription) = $result->fields;
if ($sid_selected == $sid) {
$id_found = true;
}
$job_profiles[$ipr]["sid"] = $sid;
$job_profiles[$ipr]["sname"] = $sname;
$job_profiles[$ipr]["sdescription"] = $sdescription;
$ipr++;
$result->MoveNext();
}
foreach ($job_profiles as $profile_data) {
$sid = $profile_data["sid"];
$sname = $profile_data["sname"];
$sdescription = $profile_data["sdescription"];
$discovery .= "<option value=\"{$sid}\" ";
if ($sid_selected == $sid) {
if ($sdescription != "") {
$discovery .= "selected>{$sname} - {$sdescription}</option>";
} else {
$discovery .= "selected>{$sname}</option>";
}
} else {
if ($sdescription != "") {
$discovery .= (preg_match("/default/i", $sname) && !$id_found ? 'selected="selected"' : "") . ">{$sname} - {$sdescription}</option>";
} else {
$discovery .= (preg_match("/default/i", $sname) && !$id_found ? 'selected="selected"' : "") . ">{$sname}</option>";
}
}
}
$discovery .= "</select>  [<a href=\"settings.php?hmenu=Vulnerabilities&smenu=ScanProfiles\">" . _("Edit Profiles") . "</a>]</td>";
$discovery .= "</tr>";
$discovery .= "<tr>";
$discovery .= "<td align='right'>" . _("Timeout") . "</td>";
$discovery .= "<td style=\"text-align:left;\" nowrap><input type='text' style='width:80px' name='timeout' value='" . ($timeout_selected == "" ? "{$timeout}" : "{$timeout_selected}") . "'>";
$discovery .= "<font color='black'> " . _("Max scan run time in seconds") . " </font></td>";
$discovery .= "</tr>";
if ($smethod == "inmediately") {
$discovery .= "<tr>";
$discovery .= "<td style=\"text-align:center;\" nowrap>" . _("Schedule Method") . ":</td>";
$discovery .= "<td style=\"text-align:left;\" nowrap>" . _("Inmediately") . "<td>";
$discovery .= "</tr>";
$discovery .= "<tr style='display:none'>";
} else {
$discovery .= "<tr>";
}
$discovery .= "<td style=\"text-align:left;padding-left:35px;\">" . _("Schedule Method") . ":<br>";
if (!$scheduler && $enScanRequestImmediate) {
$discovery .= "<input type=\"radio\" name=\"schedule_type\" value=\"N\" onClick=\"showLayer('idSched', 1)\" {$sTYPE['N']}>" . _("Immediately") . "</input><br>";
}
if (!$scheduler) {
$discovery .= "<input type=\"radio\" name=\"schedule_type\" value=\"O\" onClick=\"showLayer('idSched', 3)\" {$sTYPE['O']}>" . _("Run Once") . "</input><br>";
}
if ($scheduler || $enScanRequestRecur) {
$discovery .= "<input type=\"radio\" name=\"schedule_type\" value=\"D\" onClick=\"showLayer('idSched', 2)\" {$sTYPE['D']}>" . _("Daily") . "</input><br>";
$discovery .= "<input type=\"radio\" name=\"schedule_type\" value=\"W\" onClick=\"showLayer('idSched', 4)\" {$sTYPE['W']}>" . _("Day of the Week") . "</input><br>";
$discovery .= "<input type=\"radio\" name=\"schedule_type\" value=\"M\" onClick=\"showLayer('idSched', 5)\" {$sTYPE['M']}>" . _("Day of the Month") . "</input><br>";
$discovery .= "<input type=\"radio\" name=\"schedule_type\" value=\"NW\" onClick=\"showLayer('idSched', 6)\" {$sTYPE['NW']}>" . _("N<sup>th</sup> weekday of the month") . "</input><br>";
}
$discovery .= <<<EOT
</td>
<td><div>
<div id="idSched1" class="forminput">
</div>
<div id="idSched3" class="forminput">
<table cellspacing="2" cellpadding="0" width="100%">
EOT;
$discovery .= "<tr><td colspan='7' class='noborder'>" . gettext("Year") . " <select name='ROYEAR'>";
$discovery .= "<option value=\"{$tyear}\" " . ($ROYEAR_selected == "" || $ROYEAR_selected == $tyear ? "selected" : "") . ">{$tyear}</option>";
$discovery .= "<option value=\"{$nyear}\" " . ($ROYEAR_selected == $nyear ? "selected" : "") . ">{$nyear}</option>";
$discovery .= "</select> " . gettext("Month") . " <select name='ROMONTH'>";
/* $discovery .= <<<EOT
</td>
<td><div>
<div id="idSched1" class="forminput">
</div>
<div id="idSched3" class="forminput">
<table cellspacing="2" cellpadding="0" width="100%">
<tr><td colspan="7" class="noborder">Year <select name="ROYEAR">
<option value="$tyear" selected>$tyear</option>";
<option value="$nyear">$nyear</option>";
</select> Month <select name="ROMONTH">";
EOT;*/
for ($i = 1; $i <= 12; $i++) {
$discovery .= "<option value=\"{$i}\" ";
if ($i == $tmonth && $ROMONTH_selected == "" || $ROMONTH_selected == $i) {
$discovery .= "selected";
}
$discovery .= ">{$i}</option>";
}
$discovery .= "</select> " . gettext("Day") . " <select name=\"ROday\">";
for ($i = 1; $i <= 31; $i++) {
$discovery .= "<option value=\"{$i}\" ";
if ($i == $tday && $ROday_selected == "" || $ROday_selected == $i) {
$discovery .= "selected";
}
$discovery .= ">{$i}</option>";
}
$discovery .= <<<EOT
</select></td>
</tr>
</table>
</div>
<div id="idSched4" class="forminput" >
<table width="100%">
<tr>
EOT;
$discovery .= "<th align=\"right\">" . _("Weekly") . "</td><td colspan=\"2\" class=\"noborder\">";
$discovery .= "<select name=\"dayofweek\">";
$discovery .= "<option value=\"Su\" SELECTED >" . gettext("Select week day to run") . "</option>";
$discovery .= "<option value=\"Su\" {$day['Su']} >" . gettext("Sunday") . "</option>";
$discovery .= "<option value=\"Mo\" {$day['Mo']} >" . gettext("Monday") . "</option>";
$discovery .= "<option value=\"Tu\" {$day['Tu']} >" . gettext("Tuesday") . "</option>";
$discovery .= "<option value=\"We\" {$day['We']} >" . gettext("Wednesday") . "</option>";
$discovery .= "<option value=\"Th\" {$day['Th']} >" . gettext("Thursday") . "</option>";
$discovery .= "<option value=\"Fr\" {$day['Fr']} >" . gettext("Friday") . "</option>";
$discovery .= "<option value=\"Sa\" {$day['Sa']} >" . gettext("Saturday") . "</option>";
$discovery .= "</select>";
$discovery .= "</td>";
$discovery .= <<<EOT
</tr>
</table>
</div>
<div id="idSched5" class="forminput">
<table width="100%">
<tr>
EOT;
$discovery .= "<th align='right'>" . gettext("Select Day") . "</td>";
$discovery .= <<<EOT
<td colspan="2" class="noborder"><select name="dayofmonth">"
EOT;
for ($i = 1; $i <= 31; $i++) {
$discovery .= "<option value=\"{$i}\"";
if ($dayofmonth == $i && $dayofmonth_selected == "" || $dayofmonth_selected == $i) {
$discovery .= " selected";
}
$discovery .= ">{$i}</option>";
}
$discovery .= <<<EOT
</select></td>
</tr>
</table>
</div>
<div id="idSched6" class="forminput">
<table width="100%">
<tr>
EOT;
$discovery .= "<th align=\"right\">" . gettext("Day of week") . "</th><td colspan=\"2\" class=\"noborder\">";
$discovery .= "<select name=\"nthdayofweek\">";
$discovery .= "<option value=\"Su\" SELECTED >" . gettext("Select week day to run") . "</option>";
$discovery .= "<option value=\"Su\" {$day['Su']} >" . gettext("Sunday") . "</option>";
$discovery .= "<option value=\"Mo\" {$day['Mo']} >" . gettext("Monday") . "</option>";
$discovery .= "<option value=\"Tu\" {$day['Tu']} >" . gettext("Tuesday") . "</option>";
$discovery .= "<option value=\"We\" {$day['We']} >" . gettext("Wednesday") . "</option>";
$discovery .= "<option value=\"Th\" {$day['Th']} >" . gettext("Thursday") . "</option>";
$discovery .= "<option value=\"Fr\" {$day['Fr']} >" . gettext("Friday") . "</option>";
$discovery .= "<option value=\"Sa\" {$day['Sa']} >" . gettext("Saturday") . "</option>";
$discovery .= "</select>";
$discovery .= "</td>";
$discovery .= <<<EOT
</tr>
</table>
<br>
<table width="100%">
<tr>
EOT;
$discovery .= "<th align='right'>" . gettext("N<sup>th</sup> weekday") . "</th><td colspan='2' class='noborder'>";
$discovery .= "<select name='nthweekday'>";
$discovery .= "<option value='1'>" . gettext("Select nth weekday to run") . "</option>";
$discovery .= "<option value='1'" . ($dayofmonth == 1 ? " selected" : "") . ">" . gettext("First") . "</option>";
$discovery .= "<option value='2'" . ($dayofmonth == 2 ? " selected" : "") . ">" . gettext("Second") . "</option>";
$discovery .= "<option value='3'" . ($dayofmonth == 3 ? " selected" : "") . ">" . gettext("Third") . "</option>";
$discovery .= "<option value='4'" . ($dayofmonth == 4 ? " selected" : "") . ">" . gettext("Fourth") . "</option>";
$discovery .= "<option value='5'" . ($dayofmonth == 5 ? " selected" : "") . ">" . gettext("Fifth") . "</option>";
$discovery .= <<<EOT
</select>
</td>
</tr>
</table>
</div>
<div id="idSched2" class="forminput">
<table width="100%">
EOT;
$discovery .= "<tr>";
$discovery .= "<th rowspan='2' align='right' width='30%'>" . gettext("Time") . "</td>";
$discovery .= "<td align='right'>" . gettext("Hour") . "</td><td>" . gettext("Minutes") . "</td>";
$discovery .= "</tr>";
$discovery .= <<<EOT
<tr>
<td align="right" class="noborder"><select name="time_hour">
EOT;
for ($i = 0; $i <= 23; $i++) {
$discovery .= "<option align=\"right\" value=\"{$i}\"";
if ($time_hour == $i && $time_hour_selected == "" || $time_hour_selected == $i) {
$discovery .= " selected";
}
$discovery .= ">{$i}</option>";
}
$discovery .= <<<EOT
</select></td>
<td class="noborder"><select name="time_min">
EOT;
for ($i = 0; $i < 60; $i = $i + 15) {
$discovery .= "<option value=\"{$i}\"";
if ($time_min == $i && $time_min_selected == "" || $time_min_selected == $i) {
$discovery .= " selected";
}
$discovery .= ">{$i}</option>";
}
$discovery .= <<<EOT
</select></td>
</tr>
</table>
</div>
</tr>
EOT;
$conf = $GLOBALS["CONF"];
$version = $conf->get_conf("ossim_server_version", FALSE);
$pro = preg_match("/pro|demo/i", $version) ? true : false;
$users = Session::get_users_to_assign($dbconn);
$entities = Session::get_entities_to_assign($dbconn);
$discovery .= "<tr>\n\t\t\t\t\t\t<td>" . _("Make this scan job visible for:") . "</td>\n\t\t\t\t\t\t<td style='text-align: left'>\n\t\t\t\t\t\t\t<table cellspacing='0' cellpadding='0' class='transparent' style='margin: 5px 0px;'>\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<td class='nobborder'><span style='margin-right:3px'>" . _('User:'******'nobborder'>\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t<select name='user' id='user' onchange=\"switch_user('user');return false;\">";
$num_users = 0;
foreach ($users as $k => $v) {
$login = $v->get_login();
$selected = $editdata["username"] == $login || $user_selected == $login ? "selected='selected'" : "";
$options .= "<option value='" . $login . "' {$selected}>{$login}</option>\n";
$num_users++;
}
if ($num_users == 0) {
$discovery .= "<option value='' style='text-align:center !important;'>- " . _("No users found") . " -</option>";
} else {
$discovery .= "<option value='' style='text-align:center !important;'>- " . _("Select one user") . " -</option>\n";
$discovery .= $options;
}
$discovery .= "\t\t\t\t\t\t</select>\n\t\t\t\t\t\t\t\t\t</td>";
if (!empty($entities)) {
$discovery .= "\t \t\t\t<td style='text-align:center; border:none; !important'><span style='padding:5px;'>" . _("OR") . "<span></td>\n\t\t\t\t\t\t\t\t\t<td class='nobborder'><span style='margin-right:3px'>" . _("Entity:") . "</span></td>\n\t\t\t\t\t\t\t\t\t<td class='nobborder'>\t\n\t\t\t\t\t\t\t\t\t\t<select name='entity' id='entity' onchange=\"switch_user('entity');return false;\">\n\t\t\t\t\t\t\t\t\t\t\t<option value='' style='text-align:center !important;'>-" . _("Select one entity") . "-</option>";
foreach ($entities as $k => $v) {
$selected = $editdata["username"] == $k || $entity_selected == $k ? "selected='selected'" : "";
$discovery .= "<option value='{$k}' {$selected}>{$v}</option>";
}
$discovery .= "\t\t\t\t\t</select>\n\t\t\t\t\t\t\t\t\t</td>";
}
$discovery .= " \t \t</tr>\n\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t</td>\n\t\t\t\t\t</tr>";
$discovery .= "<tr><td>" . _("Send an email notification when finished:");
$discovery .= "</td>";
$discovery .= "<td style=\"text-align:left;\">";
$discovery .= "<input type=\"radio\" name=\"semail\" value=\"0\"" . (count($editdata) <= 1 && intval($semail) == 0 || intval($editdata['meth_Wfile']) == 0 ? " checked" : "") . "/>" . _("No");
$discovery .= "<input type=\"radio\" name=\"semail\" value=\"1\"" . (count($editdata) <= 1 && intval($semail) == 1 || intval($editdata['meth_Wfile']) == 1 ? " checked" : "") . "/>" . _("Yes");
$discovery .= "</td></tr>";
$targets_message = _("Targets") . "<br>" . _("(Hosts/Networks)") . "<br>";
$discovery .= "<tr><td valign=\"top\" style=\"text-align:left;padding-left:50px;\" width=\"20%\" class=\"noborder\"><br>";
$discovery .= "<input type=\"checkbox\" name=\"hosts_alive\" value=\"1\"" . (count($editdata) <= 1 && intval($hosts_alive) == 1 || intval($editdata['meth_CRED']) == 1 ? " checked" : "") . ">" . _("Only scan hosts that are alive") . "<br>(" . _("greatly speeds up the scanning process") . ")<br><br>";
//if (Session::am_i_admin())
$discovery .= "<input type=\"checkbox\" name=\"scan_locally\" value=\"1\"" . ($pre_scan_locally_status == 0 ? " disabled=\"disabled\"" : "") . ($pre_scan_locally_status == 1 && (count($editdata) <= 1 && intval($scan_locally) == 1 || intval($editdata['authorized']) == 1) ? " checked" : "") . ">" . _("Pre-Scan locally") . "<br>(" . _("do not pre-scan from scanning sensor") . ")<br><br>";
$discovery .= "<input type=\"checkbox\" name=\"not_resolve\" value=\"1\" " . ($editdata['resolve_names'] === "0" || $not_resolve == "1" ? "checked=\"checked\"" : "") . "/>" . _("Do not resolve names");
//else
// $discovery .= "<input type=\"hidden\" name=\"scan_locally\" value=\"0\">";
$discovery .= <<<EOT
<select name="tarSel" style="display:none;" onClick="if (this.options[this.selectedIndex].value != 'null') {
showLayer('idTarget', this.options[this.selectedIndex].value ) }">
<option name="schedule" value="1" {$sjTYPE['M']} selected>IP List</option>
<option name="schedule" value="2">IP Range</option>
<option name="schedule" value="3" >Named Target List</option>
<option name="schedule" value="4">CIDR</option>
<option name="schedule" value="5" {$sjTYPE['C']} >Subnet</option>
<option name="schedule" value="6" {$sjTYPE['S']} >Asset List/System</option>
</select><br><br><br><br><br><br><br><br><br></td>
<td class="noborder" style="text-align:left" valign="top">
<div align="left">
<div id="idTarget1">
\t\t\t<table class="noborder"><tr>
<td style="text-align:center;padding-bottom:3px;" class="nobborder">{$targets_message}</td>
</tr>
<tr>
\t\t\t<td valign="top" class="noborder">
<table class="transparent" width="100%">
<tr>
<td class='nobborder'>
EOT;
$discovery .= "<textarea name=\"ip_list\" id=\"ip_list\" cols=\"32\" rows=\"8\">" . ($ip_list_selected == "" ? "{$editdata['meth_TARGET']}" : "{$ip_list_selected}") . "</textarea>";
$discovery .= "</td></tr>";
$discovery .= "<tr><td style='text-align:left;' class='nobborder'>";
$discovery .= "<div id='lassets' style='display:none'>";
$discovery .= "<img width=\"16\" align=\"absmiddle\" src=\"./images/loading.gif\" border=\"0\" alt=\"" . _("Loading assets...") . "\" title=\"" . _("Loading assets...") . "\">";
$discovery .= "<span style='margin-left:4px;'>" . _("Loading assets, please wait few seconds...") . "</span>";
$discovery .= <<<EOT
</div>
<td>
</tr>
</table>
\t\t\t</td>
\t\t\t<td valign="top" style="text-align:left" class="noborder">
\t\t\t\t<div id="htree" style="width:450px"></div>
\t\t\t</td>
\t\t\t</tr></table>
</div>
<div id="idTarget2" class="forminput">
<table width="100%" style="border:0;">
<tr>
<td align="Right" width="30%" >Range Start</td>
<td><input type="text" name="ip_start" value=""></td>
</tr>
<tr>
<td align="Right" width="30%" >Range End</td>
<td><input type="text" name="ip_end" value=""></td>
</tr>
</table>
</div>
<div id="idTarget3" class="forminput">
<textarea name="named_list" cols="32" rows="8"></textarea>
</div>
<div id="idTarget4" class="forminput">
<input type="text" name="cidr" value="">
</div>
<div id="idTarget5" class="forminput">
<table width="100%" style="border:0;">
<tr>
<td align="Right" width="30%" ></td>
<td><select name="subnet">
<option value="" >Select A Subnet to Scan</option>
EOT;
if ($uroles['admin'] || $uroles['auditAll']) {
$discovery .= "<option value='ALL' >Audit All Subnets - (SINGLE JOB)!!!</option>";
$query_filter = "AND t1.tiScanApproval='1'";
} else {
$query_filter = "AND t4.pn_uname = '{$username}'";
}
#$query = "SELECT distinct t1.id, t1.site_code, t1.CIDR
# FROM vuln_subnets t1
# LEFT JOIN vuln_sites t2 ON t1.site_code = t2.site_code
# LEFT JOIN vuln_org_sites t3 ON t2.id = t3.siteID
# LEFT JOIN vuln_org_users t4 ON t3.orgID = t4.orgID
# WHERE t1.status != 'available' $query_filter
# ORDER BY t1.site_code, CIDR";
//$result=$dbconn->execute($query);
//while (!$result->EOF) {
// list($subid, $scode, $sname)=$result->fields;
// if ( $editdata['fk_name'] == $sname ) { $selected= "SELECTED"; } else { $selected=""; }
// $discovery .= "<option value=\"$sname\" $selected >[$scode] $sname</option>";
// $result->MoveNext();
//}
$discovery .= <<<EOT
</select></td>
</tr>
</table>
</div>
<div id="idTarget6" class="forminput">
<table width="100%" style="border:0;">
<tr>
<td align="Right" width="30%" ></td>
<td><select name="system">
<option value="" >Select A System to Scan</option>
EOT;
if ($uroles['admin'] || $uroles['auditAll']) {
} else {
$query_filter = "AND t2.pn_uname = '{$username}'";
}
#$query = "SELECT distinct t1.id, t1.acronym, t1.name
# FROM vuln_systems t1
# LEFT JOIN vuln_system_users t2 ON t2.sysID = t1.id
# WHERE t1.deleted='0' $cquery_like AND t1.status='assigned' $query_filter
# ORDER BY t1.site_code, acronym";
#$result=$dbconn->execute($query);
#while (!$result->EOF) {
# list($subid, $scode, $sname)=$result->fields;
# if ( $editdata['fk_name'] == $scode ) { $selected= "SELECTED"; } else { $selected=""; }
# $discovery .= "<option value=\"$scode\" $selected>[$scode] $sname</option>";
# $result->MoveNext();
#}
$discovery .= <<<EOT
</select></td>
</tr>
</table>
</div>
</div>
</div>
</td>
</tr>
</table>
</tr></td></table>
EOT;
//if(!$scheduler && !$enScanRequestImmediate) {
// $discovery .= "<script language=javascript>showLayer('idSched', 3);</script>";
//}
$discovery .= $show;
return $discovery;
}
function tab_discovery()
{
global $component, $uroles, $editdata, $scheduler, $username, $useremail, $dbconn, $disp, $enScanRequestImmediate, $enScanRequestRecur, $timeout, $smethod, $SVRid, $sid, $ip_list, $ip_exceptions_list, $schedule_type, $ROYEAR, $ROday, $ROMONTH, $time_hour, $time_min, $dayofweek, $dayofmonth, $sname, $user, $entity, $hosts_alive, $scan_locally, $version, $nthweekday, $semail, $not_resolve, $time_interval, $ssh_credential, $smb_credential, $net_id;
global $pluginOptions, $enComplianceChecks, $profileid;
$conf = $GLOBALS["CONF"];
$users = Session::get_users_to_assign($dbconn);
$entities_to_assign = Session::get_entities_to_assign($dbconn);
$pre_scan_locally_status = $conf->get_conf("nessus_pre_scan_locally");
$user_selected = $user;
$entity_selected = $entity;
$SVRid_selected = $SVRid;
$sid_selected = $sid != "" ? $sid : $editdata['meth_VSET'];
$timeout_selected = $editdata["meth_TIMEOUT"];
$ip_list_selected = str_replace("\\r\\n", "\n", str_replace(";;", "\n", $ip_list));
if (count($ip_exceptions_list) > 0) {
$ip_list_selected .= "\n" . implode("\n", $ip_exceptions_list);
}
$ROYEAR_selected = $ROYEAR;
$ROday_selected = $ROday;
$ROMONTH_selected = $ROMONTH;
$time_hour_selected = $time_hour;
$time_min_selected = $time_min;
$dayofweek_selected = $dayofweek;
$dayofmonth_selected = $dayofmonth;
$sname_selected = $sname;
if (preg_match("/^[a-f\\d]{32}\$/i", $net_id)) {
// Autofill new scan job from deployment
if (Asset_net::is_in_db($dbconn, $net_id)) {
$sname_selected = Asset_net::get_name_by_id($dbconn, $net_id);
$schedule_type = "M";
$ip_list = array();
$nips = explode(",", Asset_net::get_ips_by_id($dbconn, $net_id));
foreach ($nips as $nip) {
$ip_list[] = $net_id . "#" . trim($nip);
}
}
}
if ($schedule_type != "") {
$editdata['schedule_type'] = $schedule_type;
}
$cquery_like = "";
if ($component != "") {
$cquery_like = " AND component='{$component}'";
}
$today = date("Ymd");
$tyear = substr($today, 0, 4);
$nyear = $tyear + 1;
$tmonth = substr($today, 4, 2);
$tday = substr($today, 6, 2);
#SET VALUES UP IF EDIT SCHEDULER
if (isset($editdata['notify'])) {
$enotify = $editdata['notify'];
} else {
$enotify = "{$useremail}";
}
if (isset($editdata['time'])) {
list($time_hour, $time_min, $time_sec) = split(':', $editdata['time']);
$tz = Util::get_timezone();
$time_hour = $time_hour + $tz;
}
$arrTypes = array("N", "O", "D", "W", "M", "NW");
foreach ($arrTypes as $type) {
$sTYPE[$type] = "";
}
$arrJobTypes = array("C", "M", "R", "S");
foreach ($arrJobTypes as $type) {
$sjTYPE[$type] = "";
}
if (isset($editdata['schedule_type'])) {
$sTYPE[$editdata['schedule_type']] = "selected='selected'";
if ($editdata['schedule_type'] == 'D') {
$ni = 2;
} elseif ($editdata['schedule_type'] == 'O') {
$ni = 3;
} elseif ($editdata['schedule_type'] == 'W') {
$ni = 4;
} elseif ($editdata['schedule_type'] == 'NW') {
$ni = 6;
} else {
$ni = 5;
}
$show = "<br><script language=javascript>showLayer('idSched', {$ni});</script>";
} else {
if ($enScanRequestImmediate) {
$sTYPE['N'] = "selected='selected'";
$show = "<br><script language=javascript>showLayer('idSched', 1);</script>";
} else {
$sTYPE['O'] = "selected='selected'";
$show = "<br><script language=javascript>showLayer('idSched', 3);</script>";
}
}
if ($schedule_type != "") {
if ($schedule_type == "N") {
$show .= "<br><script language=javascript>showLayer('idSched', 1);</script>";
}
if ($schedule_type == "O") {
$show .= "<br><script language=javascript>showLayer('idSched', 3);</script>";
}
if ($schedule_type == "D") {
$show .= "<br><script language=javascript>showLayer('idSched', 2);</script>";
}
if ($schedule_type == "W") {
$show .= "<br><script language=javascript>showLayer('idSched', 4);</script>";
}
if ($schedule_type == "M") {
$show .= "<br><script language=javascript>showLayer('idSched', 5);</script>";
}
if ($schedule_type == "NW") {
$show .= "<br><script language=javascript>showLayer('idSched', 6);</script>";
}
}
if (isset($editdata['job_TYPE'])) {
$sjTYPE[$editdata['job_TYPE']] = "SELECTED";
} else {
$sjTYPE['M'] = "SELECTED";
}
if (isset($editdata['day_of_month'])) {
$dayofmonth = $editdata['day_of_month'];
}
if (isset($editdata['day_of_week'])) {
$day[$editdata['day_of_week']] = "SELECTED";
}
if ($dayofweek_selected != "") {
$day[$dayofweek_selected] = "SELECTED";
}
if (!$uroles['nessus']) {
$name = "sr-" . substr($username, 0, 6) . "-" . time();
$name = $editdata['name'] == "" ? $name : $editdata['name'];
$nameout = $name . "<input type=hidden style='width:210px' name='sname' value='{$name}'>";
} else {
$nameout = "<input type=text style='width:210px' name='sname' value='" . ($sname_selected != "" ? "{$sname_selected}" : "{$editdata['name']}") . "'>";
}
$discovery = "<input type=\"hidden\" name=\"save_scan\" value=\"1\">";
$discovery .= "<input type=\"hidden\" name=\"cred_type\" value=\"N\">";
$discovery .= "<table width=\"80%\" cellspacing=\"4\">";
$discovery .= "<tr>";
$discovery .= "<input type=\"hidden\" name=\"smethod\" value=\"{$smethod}\">";
$discovery .= "<td width=\"25%\" class='job_option'>" . Util::strong(_("Job Name") . ":") . "</td>";
$discovery .= "<td style=\"text-align:left;\">{$nameout}</td>";
$discovery .= "</tr>";
list($sensor_list, $total) = Av_sensor::get_list($dbconn);
$discovery .= "<tr>";
$discovery .= "<td class='job_option'>" . Util::strong(_("Select Server") . ":") . "</td>";
$discovery .= "<td style='text-align:left;'><select id='SVRid' style='width:212px' name='SVRid'>";
$discovery .= "<option value='Null'>" . _("First Available Server-Distributed") . "</option>";
foreach ($sensor_list as $_sensor_id => $sensor_data) {
if (intval($sensor_data['properties']['has_vuln_scanner']) == 1) {
$discovery .= "<option value=\"{$_sensor_id}\" ";
if ($editdata['email'] == $_sensor_id || $editdata['scan_ASSIGNED'] == $_sensor_id) {
$discovery .= " SELECTED";
}
if ($SVRid_selected == $_sensor_id) {
$discovery .= " SELECTED";
}
$discovery .= ">" . strtoupper($sensor_data['name']) . " [" . $sensor_data['ip'] . "] </option>";
}
}
$discovery .= <<<EOT
</select>
</td>
</tr>
<tr>
EOT;
$discovery .= "<td class='job_option'>" . Util::strong(_("Profile") . ":") . "</td>";
$discovery .= "<td style='text-align:left;'><select name='sid'>";
$query = "";
if ($username == "admin" || Session::am_i_admin()) {
$query = "SELECT distinct(t1.id), t1.name, t1.description \n FROM vuln_nessus_settings t1 WHERE deleted='0'\n ORDER BY t1.name";
} else {
if (Session::is_pro()) {
$users_and_entities = Acl::get_entities_to_assign($dbconn);
if (Acl::am_i_proadmin()) {
$users = Acl::get_my_users($dbconn, Session::get_session_user());
foreach ($users as $us) {
$users_and_entities[$us->get_login()] = $us->get_login();
}
$owner_list['0'] = '0';
$owner_list = array_keys($users_and_entities);
$owner_list = implode("','", $owner_list);
$query = "SELECT distinct(t1.id), t1.name, t1.description FROM vuln_nessus_settings t1\n WHERE deleted = '0' and (name='Default' or owner in ('" . $owner_list . "')) ORDER BY t1.name";
} else {
$owner_list['0'] = '0';
$owner_list[$username] = $username;
$owner_list = array_keys($users_and_entities);
$owner_list[] = Session::get_session_user();
$owner_list = implode("','", $owner_list);
$user_where = "owner in ('" . $owner_list . "')";
$query = "SELECT distinct(t1.id), t1.name, t1.description FROM vuln_nessus_settings t1\n WHERE deleted = '0' and (name='Default' or {$user_where}) ORDER BY t1.name";
}
} else {
$query = "SELECT distinct(t1.id), t1.name, t1.description FROM vuln_nessus_settings t1\n WHERE deleted = '0' and (name='Default' or owner in ('0','{$username}')) ORDER BY t1.name";
}
}
$dbconn->SetFetchMode(ADODB_FETCH_BOTH);
$result = $dbconn->execute($query);
$job_profiles = array();
$id_found = false;
$ipr = 0;
while (!$result->EOF) {
list($sid, $sname, $sdescription) = $result->fields;
if ($sid_selected == $sid) {
$id_found = true;
}
$job_profiles[$ipr]["sid"] = $sid;
$job_profiles[$ipr]["sname"] = $sname;
$job_profiles[$ipr]["sdescription"] = $sdescription;
$ipr++;
$result->MoveNext();
}
foreach ($job_profiles as $profile_data) {
$sid = $profile_data["sid"];
$sname = $profile_data["sname"];
$sdescription = $profile_data["sdescription"];
$discovery .= "<option value=\"{$sid}\" ";
if ($sid_selected == $sid) {
if ($sdescription != "") {
$discovery .= "selected>{$sname} - {$sdescription}</option>";
} else {
$discovery .= "selected>{$sname}</option>";
}
} else {
if ($sdescription != "") {
$discovery .= (preg_match("/default/i", $sname) && !$id_found ? 'selected="selected"' : "") . ">{$sname} - {$sdescription}</option>";
} else {
$discovery .= (preg_match("/default/i", $sname) && !$id_found ? 'selected="selected"' : "") . ">{$sname}</option>";
}
}
}
$discovery .= "</select>  <a href=\"" . Menu::get_menu_url('settings.php', 'environment', 'vulnerabilities', 'scan_jobs') . "\">[" . _("EDIT PROFILES") . "]</a></td>";
$discovery .= "</tr>";
$discovery .= "<tr>";
$discovery .= "<td class='job_option' style='vertical-align: top;'><div>" . Util::strong(_("Schedule Method") . ":") . "</div></td>";
$discovery .= "<td style='text-align:left'><div><select name='schedule_type' id='scheduleM'>";
$discovery .= "<option value='N' {$sTYPE['N']}>" . _("Immediately") . "</option>";
$discovery .= "<option value='O' {$sTYPE['O']}>" . _("Run Once") . "</option>";
$discovery .= "<option value='D' {$sTYPE['D']}>" . _("Daily") . "</option>";
$discovery .= "<option value='W' {$sTYPE['W']}>" . _("Day of the Week") . "</option>";
$discovery .= "<option value='M' {$sTYPE['M']}>" . _("Day of the Month") . "</option>";
$discovery .= "<option value='NW' {$sTYPE['NW']}>" . _("N<sup>th</sup> weekday of the month") . "</option>";
$discovery .= "</select></div></tr>";
$smethods = array("O", "D", "W", "M", "NW");
$smethodtr_display = in_array($editdata['schedule_type'], $smethods) ? "" : "style='display:none'";
$discovery .= "<tr {$smethodtr_display} id='smethodtr'><td> </td>";
$discovery .= <<<EOT
</td>
<td><div>
<div id="idSched1" class="forminput">
</div>
EOT;
// div to select start day
$discovery .= "<div id=\"idSched8\" class=\"forminput\">";
$discovery .= "<table cellspacing=\"2\" cellpadding=\"0\" width=\"100%\">";
$discovery .= "<tr><th width='35%'>" . _("Begin in") . "</th><td class='noborder' nowrap='nowrap'>" . gettext("Year") . " <select name='biyear'>";
$discovery .= "<option value=\"{$tyear}\" selected>{$tyear}</option>";
$discovery .= "<option value=\"{$nyear}\" >{$nyear}</option>";
$discovery .= "</select> " . gettext("Month") . " <select name='bimonth'>";
for ($i = 1; $i <= 12; $i++) {
$discovery .= "<option value=\"{$i}\" ";
if ($i == $tmonth) {
$discovery .= "selected";
}
$discovery .= ">{$i}</option>";
}
$discovery .= "</select> " . gettext("Day") . " <select name=\"biday\">";
for ($i = 1; $i <= 31; $i++) {
$discovery .= "<option value=\"{$i}\" ";
if ($i == $tday) {
$discovery .= "selected";
}
$discovery .= ">{$i}</option>";
}
$discovery .= "</select></td>";
$discovery .= "</tr>";
$discovery .= "</table>";
$discovery .= "</div>";
$discovery .= <<<EOT
<div id="idSched3" class="forminput">
<table cellspacing="2" cellpadding="0" width="100%">
EOT;
$discovery .= "<tr><th width='35%'>" . _("Day") . "</th><td colspan='6' class='noborder' nowrap='nowrap'>" . gettext("Year") . " <select name='ROYEAR'>";
$discovery .= "<option value=\"{$tyear}\" " . ($ROYEAR_selected == "" || $ROYEAR_selected == $tyear ? "selected" : "") . ">{$tyear}</option>";
$discovery .= "<option value=\"{$nyear}\" " . ($ROYEAR_selected == $nyear ? "selected" : "") . ">{$nyear}</option>";
$discovery .= "</select> " . gettext("Month") . " <select name='ROMONTH'>";
for ($i = 1; $i <= 12; $i++) {
$discovery .= "<option value=\"{$i}\" ";
if ($i == $tmonth && $ROMONTH_selected == "" || $ROMONTH_selected == $i) {
$discovery .= "selected";
}
$discovery .= ">{$i}</option>";
}
$discovery .= "</select> " . gettext("Day") . " <select name=\"ROday\">";
for ($i = 1; $i <= 31; $i++) {
$discovery .= "<option value=\"{$i}\" ";
if ($i == $tday && $ROday_selected == "" || $ROday_selected == $i) {
$discovery .= "selected";
}
$discovery .= ">{$i}</option>";
}
$discovery .= <<<EOT
</select></td>
</tr>
</table>
</div>
<div id="idSched4" class="forminput" >
<table width="100%">
<tr>
EOT;
$discovery .= "<th align=\"right\" width=\"35%\">" . _("Weekly") . "</th><td colspan=\"2\" class=\"noborder\">";
$discovery .= "<select name=\"dayofweek\">";
$discovery .= "<option value=\"Su\" SELECTED >" . gettext("Select week day to run") . "</option>";
$discovery .= "<option value=\"Su\" {$day['Su']} >" . gettext("Sunday") . "</option>";
$discovery .= "<option value=\"Mo\" {$day['Mo']} >" . gettext("Monday") . "</option>";
$discovery .= "<option value=\"Tu\" {$day['Tu']} >" . gettext("Tuesday") . "</option>";
$discovery .= "<option value=\"We\" {$day['We']} >" . gettext("Wednesday") . "</option>";
$discovery .= "<option value=\"Th\" {$day['Th']} >" . gettext("Thursday") . "</option>";
$discovery .= "<option value=\"Fr\" {$day['Fr']} >" . gettext("Friday") . "</option>";
$discovery .= "<option value=\"Sa\" {$day['Sa']} >" . gettext("Saturday") . "</option>";
$discovery .= "</select>";
$discovery .= "</td>";
$discovery .= <<<EOT
</tr>
</table>
</div>
<div id="idSched5" class="forminput">
<table width="100%">
<tr>
EOT;
$discovery .= "<th width='35%'>" . gettext("Select Day") . "</td>";
$discovery .= <<<EOT
<td colspan="2" class="noborder"><select name="dayofmonth">"
EOT;
for ($i = 1; $i <= 31; $i++) {
$discovery .= "<option value=\"{$i}\"";
if ($dayofmonth == $i && $dayofmonth_selected == "" || $dayofmonth_selected == $i) {
$discovery .= " selected";
}
$discovery .= ">{$i}</option>";
}
$discovery .= <<<EOT
</select></td>
</tr>
</table>
</div>
<div id="idSched6" class="forminput">
<table width="100%">
<tr>
EOT;
$discovery .= "<th width=\"35%\">" . gettext("Day of week") . "</th><td colspan=\"2\" class=\"noborder\">";
$discovery .= "<select name=\"nthdayofweek\">";
$discovery .= "<option value=\"Su\" SELECTED >" . gettext("Select week day to run") . "</option>";
$discovery .= "<option value=\"Su\" {$day['Su']} >" . gettext("Sunday") . "</option>";
$discovery .= "<option value=\"Mo\" {$day['Mo']} >" . gettext("Monday") . "</option>";
$discovery .= "<option value=\"Tu\" {$day['Tu']} >" . gettext("Tuesday") . "</option>";
$discovery .= "<option value=\"We\" {$day['We']} >" . gettext("Wednesday") . "</option>";
$discovery .= "<option value=\"Th\" {$day['Th']} >" . gettext("Thursday") . "</option>";
$discovery .= "<option value=\"Fr\" {$day['Fr']} >" . gettext("Friday") . "</option>";
$discovery .= "<option value=\"Sa\" {$day['Sa']} >" . gettext("Saturday") . "</option>";
$discovery .= "</select>";
$discovery .= "</td>";
$discovery .= <<<EOT
</tr>
</table>
<br>
<table width="100%">
<tr>
EOT;
$discovery .= "<th align='right'>" . gettext("N<sup>th</sup> weekday") . "</th><td colspan='2' class='noborder'>";
$discovery .= "<select name='nthweekday'>";
$discovery .= "<option value='1'>" . gettext("Select nth weekday to run") . "</option>";
$discovery .= "<option value='1'" . ($dayofmonth == 1 ? " selected" : "") . ">" . gettext("First") . "</option>";
$discovery .= "<option value='2'" . ($dayofmonth == 2 ? " selected" : "") . ">" . gettext("Second") . "</option>";
$discovery .= "<option value='3'" . ($dayofmonth == 3 ? " selected" : "") . ">" . gettext("Third") . "</option>";
$discovery .= "<option value='4'" . ($dayofmonth == 4 ? " selected" : "") . ">" . gettext("Fourth") . "</option>";
$discovery .= "<option value='5'" . ($dayofmonth == 5 ? " selected" : "") . ">" . gettext("Fifth") . "</option>";
$discovery .= "<option value='6'" . ($dayofmonth == 6 ? " selected" : "") . ">" . gettext("Sixth") . "</option>";
$discovery .= "<option value='7'" . ($dayofmonth == 7 ? " selected" : "") . ">" . gettext("Seventh") . "</option>";
$discovery .= "<option value='8'" . ($dayofmonth == 8 ? " selected" : "") . ">" . gettext("Eighth") . "</option>";
$discovery .= "<option value='9'" . ($dayofmonth == 9 ? " selected" : "") . ">" . gettext("Ninth") . "</option>";
$discovery .= "<option value='10'" . ($dayofmonth == 10 ? " selected" : "") . ">" . gettext("Tenth") . "</option>";
$discovery .= <<<EOT
</select>
</td>
</tr>
</table>
</div>
EOT;
$discovery .= "<div id='idSched7' class='forminput' style=margin-bottom:3px;>";
$discovery .= "<table width='100%'>";
$discovery .= "<tr>";
$discovery .= "<th width='35%'>" . _("Frequency") . "</th>";
$discovery .= "<td width='100%' style='text-align:center;' class='nobborder'>";
$discovery .= "<span style='margin-right:5px;'>" . _("Every") . "</span>";
$discovery .= "<select name='time_interval'>";
for ($itime = 1; $itime <= 30; $itime++) {
$discovery .= "<option value='" . $itime . "'" . ($editdata['time_interval'] == $itime ? " selected" : "") . ">" . $itime . "</option>";
}
$discovery .= "</select>";
$discovery .= "<span id='days' style='margin-left:5px'>" . _("day(s)") . "</span><span id='weeks' style='margin-left:5px'>" . _("week(s)") . "</span>";
$discovery .= "</td>";
$discovery .= "</tr>";
$discovery .= "</table>";
$discovery .= "</div>";
$discovery .= <<<EOT
<div id="idSched2" class="forminput">
<table width="100%">
EOT;
$discovery .= "<tr>";
$discovery .= "<th rowspan='2' align='right' width='35%'>" . gettext("Time") . "</td>";
$discovery .= "<td align='right'>" . gettext("Hour") . "</td>";
$discovery .= <<<EOT
<td align="left" class="noborder"><select name="time_hour">
EOT;
for ($i = 0; $i <= 23; $i++) {
$discovery .= "<option value=\"{$i}\"";
if ($time_hour == $i && $time_hour_selected == "" || $time_hour_selected == $i) {
$discovery .= " selected";
}
$discovery .= ">{$i}</option>";
}
$discovery .= "</select></td><td align='right'>" . gettext("Minutes") . "</td>\n <td class='noborder' align='left'><select name='time_min'>";
for ($i = 0; $i < 60; $i = $i + 15) {
$discovery .= "<option value=\"{$i}\"";
if ($time_min == $i && $time_min_selected == "" || $time_min_selected == $i) {
$discovery .= " selected";
}
$discovery .= ">{$i}</option>";
}
$discovery .= <<<EOT
</select></td>
</tr>
</table>
</div>
</tr>
EOT;
$discovery .= "<tr>";
$discovery .= "\t\t<td class='madvanced'><a class='section'><img id='advanced_arrow' border='0' align='absmiddle' src='../pixmaps/arrow_green.gif'>" . _("ADVANCED") . "</a></td>";
$discovery .= "\t\t<td> </td>";
$discovery .= "</tr>";
if ($_SESSION["scanner"] == "omp") {
$credentials = Vulnerabilities::get_credentials($dbconn, 'ssh');
preg_match("/(.*)\\|(.*)/", $editdata["credentials"], $found);
$discovery .= "<tr class='advanced'>";
$discovery .= "<td class='job_option'>" . Util::strong(_("SSH Credential:")) . "</td>";
$discovery .= "<td style='text-align:left'><select id='ssh_credential' name='ssh_credential'>";
$discovery .= "<option value=''>--</option>";
foreach ($credentials as $cred) {
$login_text = $cred["login"];
if ($cred["login"] == '0') {
$login_text = _("All");
} elseif (valid_hex32($cred["login"])) {
$login_text = Session::get_entity_name($dbconn, $cred["login"]);
}
$selected = $found[1] == $cred["name"] . "#" . $cred["login"] || $cred["name"] . "#" . $cred["login"] == $ssh_credential ? " selected='selected'" : "";
$discovery .= "<option value='" . $cred["name"] . "#" . $cred["login"] . "' {$selected}>" . $cred["name"] . " (" . $login_text . ")</option>";
}
$discovery .= "</select></td>";
$discovery .= "</tr>";
$credentials = Vulnerabilities::get_credentials($dbconn, 'smb');
$discovery .= "<tr class='advanced'>";
$discovery .= "<td class='job_option'>" . Util::strong(_("SMB Credential:")) . "</td>";
$discovery .= "<td style='text-align:left'><select id='smb_credential' name='smb_credential'>";
$discovery .= "<option value=''>--</option>";
foreach ($credentials as $cred) {
$login_text = $cred["login"];
if ($cred["login"] == '0') {
$login_text = _("All");
} elseif (valid_hex32($cred["login"])) {
$login_text = Session::get_entity_name($dbconn, $cred["login"]);
}
$selected = $found[2] == $cred["name"] . "#" . $cred["login"] || $cred["name"] . "#" . $cred["login"] == $smb_credential ? " selected='selected'" : "";
$discovery .= "<option value='" . $cred["name"] . "#" . $cred["login"] . "' {$selected}>" . $cred["name"] . " (" . $login_text . ")</option>";
}
$discovery .= "</select></td>";
$discovery .= "</tr>";
}
$discovery .= "<tr class='job_option advanced'>";
$discovery .= "<td class='job_option'>" . Util::strong(_("Timeout:")) . "</td>";
$discovery .= "<td style=\"text-align:left;\" nowrap><input type='text' style='width:80px' name='timeout' value='" . ($timeout_selected == "" ? "{$timeout}" : "{$timeout_selected}") . "'>";
$discovery .= "<font color='black'> " . _("Max scan run time in seconds") . " </font></td>";
$discovery .= "</tr>";
$discovery .= "<tr class='advanced'><td class='job_option'>" . Util::strong(_("Send an email notification:"));
$discovery .= "</td>";
$discovery .= "<td style=\"text-align:left;\">";
$discovery .= "<input type=\"radio\" name=\"semail\" value=\"0\"" . (count($editdata) <= 1 && intval($semail) == 0 || intval($editdata['meth_Wfile']) == 0 ? " checked" : "") . "/>" . _("No");
$discovery .= "<input type=\"radio\" name=\"semail\" value=\"1\"" . (count($editdata) <= 1 && intval($semail) == 1 || intval($editdata['meth_Wfile']) == 1 ? " checked" : "") . "/>" . _("Yes");
$discovery .= "</td></tr>";
$discovery .= "<tr class='advanced'>\n\t\t\t\t\t\t<td class='job_option'>" . Util::strong(_("Scan job visible for:")) . "</td>\n\t\t\t\t\t\t<td style='text-align: left'>\n\t\t\t\t\t\t\t<table cellspacing='0' cellpadding='0' class='transparent' style='margin: 5px 0px;'>\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<td class='nobborder'><span style='margin-right:3px'>" . _('User:'******'nobborder'>\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t<select name='user' id='user' onchange=\"switch_user('user');return false;\">";
$num_users = 0;
foreach ($users as $k => $v) {
$login = $v->get_login();
$selected = $editdata["username"] == $login || $user_selected == $login ? "selected='selected'" : "";
$options .= "<option value='" . $login . "' {$selected}>{$login}</option>\n";
$num_users++;
}
if ($num_users == 0) {
$discovery .= "<option value='' style='text-align:center !important;'>- " . _("No users found") . " -</option>";
} else {
$discovery .= "<option value='' style='text-align:center !important;'>- " . _("Select one user") . " -</option>\n";
$discovery .= $options;
}
$discovery .= "\t\t\t\t\t\t</select>\n\t\t\t\t\t\t\t\t\t</td>";
if (!empty($entities_to_assign)) {
$discovery .= "\t \t\t\t<td style='text-align:center; border:none; !important'><span style='padding:5px;'>" . _("OR") . "<span></td>\n\t\t\t\t\t\t\t\t\t<td class='nobborder'><span style='margin-right:3px'>" . _("Entity:") . "</span></td>\n\t\t\t\t\t\t\t\t\t<td class='nobborder'>\t\n\t\t\t\t\t\t\t\t\t\t<select name='entity' id='entity' onchange=\"switch_user('entity');return false;\">\n\t\t\t\t\t\t\t\t\t\t\t<option value='' style='text-align:center !important;'>-" . _("Select one entity") . "-</option>";
foreach ($entities_to_assign as $k => $v) {
$selected = $editdata["username"] == $k || $entity_selected == $k ? "selected='selected'" : "";
$discovery .= "<option value='{$k}' {$selected}>{$v}</option>";
}
$discovery .= "\t\t\t\t\t</select>\n\t\t\t\t\t\t\t\t\t</td>";
}
$discovery .= " \t \t</tr>\n\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t</td>\n\t\t\t\t\t</tr>";
$discovery .= "<tr><td valign=\"top\" width=\"15%\" class=\"job_option noborder\"><br>";
// conditions to exclude IPs
$condition1 = count($editdata) <= 1 && intval($hosts_alive) == 1 ? TRUE : FALSE;
$condition2 = preg_match('/' . EXCLUDING_IP2 . '/', trim($editdata["meth_TARGET"]));
$condition3 = intval($editdata['meth_CRED']) == 1 ? TRUE : FALSE;
$condition4 = count($ip_exceptions_list) > 0 ? TRUE : FALSE;
$host_alive_check = $condition1 || $condition2 || $condition3 || $condition4 ? ' checked' : '';
$host_alive_status = $condition2 || $condition4 ? ' disabled=\\"disabled\\"' : '';
$discovery .= "<input onclick=\"toggle_scan_locally()\" type=\"checkbox\" id=\"hosts_alive\" name=\"hosts_alive\" value=\"1\"" . $host_alive_check . $host_alive_status . ">" . Util::strong(_("Only scan hosts that are alive")) . "<br>(" . Util::strong(_("greatly speeds up the scanning process")) . ")<br><br>";
$discovery .= "<input type=\"checkbox\" id=\"scan_locally\" name=\"scan_locally\" value=\"1\"" . ($pre_scan_locally_status == 0 ? " disabled=\"disabled\"" : "") . ($pre_scan_locally_status == 1 && (intval($editdata['authorized']) == 1 || intval($scan_locally) == 1) ? " checked" : "") . ">" . Util::strong(_("Pre-Scan locally")) . "<br>(" . Util::strong(_("do not pre-scan from scanning sensor")) . ")<br><br>";
$discovery .= "<input type=\"checkbox\" id=\"not_resolve\" name=\"not_resolve\" value=\"1\" " . ($editdata['resolve_names'] === "0" || $not_resolve == "1" ? "checked=\"checked\"" : "") . "/>" . Util::strong(_("Do not resolve names"));
$discovery .= <<<EOT
</td>
EOT;
$discovery .= ' <td class="noborder" valign="top">';
$discovery .= ' <table width="100%" class="transparent" cellspacing="0" cellpadding="0">';
$discovery .= ' <tr>';
$discovery .= ' <td class="nobborder" style="vertical-align: top;text-align:left;padding:10px 0px 0px 0px;">';
$discovery .= ' <table class="transparent" cellspacing="4">';
$discovery .= ' <tr>';
$discovery .= ' <td class="nobborder" style="text-align:left;"><input class="greyfont" type="text" id="searchBox" value="' . _("Type here to search assets (Hosts/Networks)") . '" /></td>';
$discovery .= ' </tr>';
$discovery .= ' <tr>';
$discovery .= ' <td class="nobborder"><select id="targets" name="targets[]" multiple="multiple">';
if (!empty($editdata["meth_TARGET"])) {
$ip_list = explode("\n", trim($editdata["meth_TARGET"]));
}
if (!empty($ip_list)) {
foreach ($ip_list as $asset) {
if (preg_match("/([a-f\\d]+)#(.*)/i", $asset, $found)) {
if (Asset_host::is_in_db($dbconn, $found[1])) {
$_asset_name = Asset_host::get_name_by_id($dbconn, $found[1]) . " (" . $found[2] . ")";
} else {
$_asset_name = Asset_net::get_name_by_id($dbconn, $found[1]) . " (" . $found[2] . ")";
}
$discovery .= '<option value="' . $asset . '">' . $_asset_name . '</option>';
} else {
$discovery .= '<option value="' . $asset . '">' . $asset . '</option>';
}
}
foreach ($ip_exceptions_list as $asset) {
$discovery .= '<option value="' . $asset . '">' . $asset . '</option>';
}
}
$discovery .= ' </select></td>';
$discovery .= ' </tr>';
$discovery .= ' <tr>';
$discovery .= ' <td class="nobborder" style="text-align:right"><input type="button" value=" [X] " id="delete_target" class="av_b_secondary small"/>';
$discovery .= ' <input type="button" style="margin-right:0px;"value="Delete all" id="delete_all" class="av_b_secondary small"/></td>';
$discovery .= ' </tr>';
$discovery .= ' </table>';
$discovery .= ' </td>';
$discovery .= ' <td class="nobborder" width="450px;" style="vertical-align: top;padding:0px 0px 0px 5px;">';
$discovery .= ' <div id="vtree" style="text-align:left;width:100%;"></div>';
$discovery .= ' </td>';
$discovery .= ' </tr>';
$discovery .= ' </table>';
$discovery .= ' </td>';
$discovery .= '</tr>';
$discovery .= '</table>';
$discovery .= '</tr></td></table>';
$discovery .= $show;
return $discovery;
}
} else {
$hosts .= '{ txt:"' . $_ip . '", id: "' . $_ip . '" },';
}
}
// Plugin
require_once 'classes/Plugin.inc';
$_plugin = Plugin::get_id_and_name($conn);
$plugins = '';
foreach ($_plugin as $id => $name) {
$plugins .= '{ txt:"' . $name . '", id: "' . $id . '" },';
}
// User Log lists
$session_list = Session::get_list($conn, "ORDER BY login");
if (preg_match("/pro|demo/", $conf->get_conf("ossim_server_version", FALSE)) && !Session::am_i_admin()) {
require_once 'classes/Acl.inc';
$myusers = Acl::get_my_users($conn, Session::get_session_user());
if (count($myusers) > 0) {
$is_pro_admin = 1;
}
}
$code_list = Log_config::get_list($conn, "ORDER BY descr");
// Sensor list for availability
require_once 'classes/Sensor.inc';
$sensor_list = Sensor::get_all($conn, "ORDER BY name");
require_once 'ossim_conf.inc';
$nagios_default = parse_url($conf->get_conf("nagios_link"));
/* nagios link */
$scheme = isset($nagios_default["scheme"]) ? $nagios_default["scheme"] : "http";
$path = isset($nagios_default["path"]) ? $nagios_default["path"] : "/nagios/";
$path = str_replace("//", "/", $path);
if ($path[0] != "/") {
