require_once "../adodb/adodb.inc.php";
require_once "../class.dbflib.php";
require_once "../layout/class.layout";
require_once "../auth.php";
$auth = new BasicAuthenticator(ADMINREALM, REALMERROR);
$auth->addUser(ADMINUSER, ADMINPASSWD);
// And now perform the authentication
$auth->authenticate();
// set language
isset($_COOKIE["ipplanLanguage"]) && myLanguage($_COOKIE['ipplanLanguage']);
//setdefault("window",array("bgcolor"=>"white"));
$title = my_("Delete authority boundary results");
newhtml($p);
$w = myheading($p, $title);
// explicitly cast variables as security measure against SQL injection
list($boundsaddr, $grp) = myRegister("B:boundsaddr S:grp");
if (!$_GET) {
myError($w, $p, my_("You cannot reload or bookmark this page!"));
}
// basic sequence is connect, search, interpret search
// result, close connection
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
$ds->DbfTransactionStart();
$result =& $ds->ds->Execute("DELETE FROM bounds\n WHERE grp=" . $ds->ds->qstr($grp) . " AND boundsaddr={$boundsaddr}");
if ($result) {
$ds->DbfTransactionEnd();
insert($w, text(my_("Boundary deleted")));
} else {
insert($w, text(my_("Boundary could not be deleted")));
}
printhtml($p);
isset($_COOKIE["ipplanLanguage"]) && myLanguage($_COOKIE['ipplanLanguage']);
//setdefault("window",array("bgcolor"=>"white"));
//setdefault("table",array("cellpadding"=>"0"));
//setdefault("text",array("size"=>"2"));
$title = my_("Modify IP address details (range)");
newhtml($p);
$w = myheading($p, $title, true);
// explicitly cast variables as security measure against SQL injection
list($baseindex, $block, $ip, $search, $expr, $ipplanParanoid) = myRegister("I:baseindex I:block A:ip S:search S:expr I:ipplanParanoid");
//$ip=array($ip); // type array
if (!$_POST) {
myError($w, $p, my_("You cannot reload or bookmark this page!"));
}
// basic sequence is connect, search, interpret search
// result, close connection
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
// save md5str for check in displaysubnet.php to see if info has
// been modified since start of edit
$md5str = $ds->GetMD5($ip, $baseindex);
insert($w, block("<h3>"));
insert($w, text(my_("IP Addresses to modify: ")));
foreach ($ip as $value) {
insert($w, text(inet_ntoa($value) . " "));
}
insert($w, block("<small>"));
if (isset($_SERVER['HTTP_REFERER']) and stristr($_SERVER['HTTP_REFERER'], "displaysubnet.php")) {
insert($w, anchor($_SERVER['HTTP_REFERER'], my_("Back to subnet")));
}
insert($w, block("</small>"));
insert($w, block("</h3>"));
// start form
require_once "../auth.php";
$auth = new SQLAuthenticator(REALM, REALMERROR);
// And now perform the authentication
$auth->authenticate();
// set language
isset($_COOKIE["ipplanLanguage"]) && myLanguage($_COOKIE['ipplanLanguage']);
//setdefault("window",array("bgcolor"=>"white"));
//setdefault("table",array("cellpadding"=>"0"));
//setdefault("text",array("size"=>"2"));
$title = my_("Change user password");
newhtml($p);
$w = myheading($p, $title);
// explicitly cast variables as security measure against SQL injection
list($user, $password1, $password2) = myRegister("S:user S:password1 S:password2");
$formerror = "";
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
if ($_POST) {
$password1 = trim($password1);
$password2 = trim($password2);
if (strlen($password1) < 5 or strlen($password2) < 5) {
$formerror .= my_("The password entered must be at least five characters") . "\n";
}
if ($password1 != $password2) {
$formerror .= my_("The passwords entered do not match") . "\n";
}
if (!$formerror) {
if ($user and getAuthUsername() == ADMINUSER) {
$userid = $user;
} else {
$userid = getAuthUsername();
}
// And now perform the authentication
$grps = $auth->authenticate();
// set language
isset($_COOKIE["ipplanLanguage"]) && myLanguage($_COOKIE['ipplanLanguage']);
//setdefault("window",array("bgcolor"=>"white"));
$title = my_("Delete customer/autonomous system results");
newhtml($p);
$w = myheading($p, $title, true);
// explicitly cast variables as security measure against SQL injection
list($cust) = myRegister("I:cust");
if (!$_GET) {
myError($w, $p, my_("You cannot reload or bookmark this page!"));
}
// basic sequence is connect, search, interpret search
// result, close connection
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
if (!$ds->TestCustomerCreate(getAuthUsername())) {
myError($w, $p, my_("You may not delete customers as you are not a member a group that can delete customers"));
}
// check if customer has subnets assigned
$result =& $ds->ds->SelectLimit("SELECT baseaddr, descrip\n FROM base\n WHERE customer={$cust}\n ORDER BY baseaddr", 100);
if ($row = $result->FetchRow()) {
insert($w, text(my_("Cannot delete customer because the following subnets are assigned to the customer (limited to first 100):")));
insert($w, block("<p>"));
// create a table
insert($w, $t = table(array("cols" => "2", "class" => "outputtable")));
// draw heading
setdefault("cell", array("class" => "heading"));
insert($t, $c = cell());
insert($c, text(my_("Base address")));
insert($t, $c = cell());
$tmp = get_cfg_var("file_uploads");
if (empty($tmp)) {
insert($w, block("<b>" . my_("File uploads may have been disabled in the php.ini configuration file") . "</b><p>"));
}
} else {
if ($_FILES['userfile']['size'] == 0) {
myError($w, $p, my_("Possible file size exceeded php.ini or webserver limit of 2meg - break file into smaller parts"));
}
if (!is_uploaded_file($_FILES['userfile']['tmp_name'])) {
myError($w, $p, my_("Possible file upload attack"));
}
}
$filename = $_FILES['userfile']['tmp_name'];
// basic sequence is connect, search, interpret search
// result, close connection
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
$rowcnt = 0;
$ds->DbfTransactionStart();
if ($format == "xml") {
// read entire file
$input = implode("", file($filename));
$xml_parser = new xmlnmap("HOST");
if (!$xml_parser->parser) {
myError($w, $p, my_("XML not available"));
}
$output = $xml_parser->parse($input);
if (!$output) {
myError($w, $p, my_("Data not in XML format"));
}
foreach ($output as $value) {
$rowcnt++;
$tmp = get_cfg_var("file_uploads");
if (empty($tmp)) {
insert($w, block("<b>" . my_("File uploads may have been disabled in the php.ini configuration file") . "</b><p>"));
}
} else {
if ($_FILES['userfile']['size'] == 0) {
myError($w, $p, my_("Possible file size exceeded php.ini or webserver limit of 2meg - break file into smaller parts"));
}
if (!is_uploaded_file($_FILES['userfile']['tmp_name'])) {
myError($w, $p, my_("Possible file upload attack"));
}
}
$filename = $_FILES['userfile']['tmp_name'];
// basic sequence is connect, search, interpret search
// result, close connection
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
// open uploaded file for read
$fp = @fopen($filename, "r");
if (!$fp) {
myError($w, $p, my_("File could not be opened."));
}
// Changed - Begin [FE]
// Start of template support for base.
// can we read the template?
$template = new IPplanIPTemplate("basetemplate", $cust);
if ($template->is_error() == TRUE) {
myError($w, $p, my_("Template could not be opened."), FALSE);
}
// Changed - End [FE]
$cnt = 0;
$ds->DbfTransactionStart();
$title = my_("Edit DNS Zones");
}
newhtml($p);
insert($p, $h = wheader("IPPlan - {$title}"));
insert($h, script("", array("type" => "text/javascript", "src" => "../cookies.js")));
insert($h, script("", array("type" => "text/javascript", "src" => "../phpserializer.js")));
insert($h, script("", array("type" => "text/javascript", "src" => "../ipplanlib.js")));
$w = myheading($p, $title, true);
// explicitly cast variables as security measure against SQL injection
list($cust, $dataid, $action, $domain, $responsiblemail, $serialdate, $serialnum, $ttl, $retry, $refresh, $expire, $minimum, $slaveonly, $zonepath, $seczonepath) = myRegister("I:cust I:dataid S:action S:domain S:responsiblemail I:serialdate I:serialnum I:ttl I:retry I:refresh I:expire I:minimum S:slaveonly S:zonepath S:seczonepath");
if (!$_GET) {
myError($w, $p, my_("You cannot reload or bookmark this page!"));
}
// basic sequence is connect, search, interpret search
// result, close connection
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
insert($w, $f = form(array("name" => "ENTRY", "method" => "post", "action" => "modifydns.php")));
// Use the same form for adding or editing. Setup page & variables based on action.
if ($action == 'add') {
$now = getdate();
$serialdate = $now["year"] . str_pad($now["mon"], 2, '0', STR_PAD_LEFT) . str_pad($now["mday"], 2, '0', STR_PAD_LEFT);
$serialnum = 0;
$zone = "";
$ttl = DNSTTL;
$refresh = DNSREFRESH;
$retry = DNSRETRY;
$expire = DNSEXPIRE;
$minimum = DNSMINTTL;
$slaveonly = DNSSLAVEONLY;
$responsiblemail = REGADMINEMAIL;
$zonepath = "/var/named/test.zone";
$auth = new SQLAuthenticator(REALM, REALMERROR);
// And now perform the authentication
$grps = $auth->authenticate();
// set language
isset($_COOKIE["ipplanLanguage"]) && myLanguage($_COOKIE['ipplanLanguage']);
//setdefault("window",array("bgcolor"=>"white"));
//setdefault("table",array("cellpadding"=>"0"));
//setdefault("text",array("size"=>"2"));
$title = my_("Display customer/autonomous system information");
newhtml($p);
$w = myheading($p, $title, true);
// explicitly cast variables as security measure against SQL injection
list($search, $expr, $block, $ipplanParanoid) = myRegister("S:search S:expr I:block I:ipplanParanoid");
// basic sequence is connect, search, interpret search
// result, close connection
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
// what is the additional search SQL?
$sql = $ds->mySearchSql("custdescrip", $expr, $search, FALSE);
$result = $ds->GetCustomer($sql);
insert($w, heading(3, my_("All customer/autonomous system info")));
// draw the search box
$srch = new mySearch($w, array(), $search, "search");
$srch->legend = my_("Refine Search on Description");
$srch->expr = $expr;
$srch->expr_disp = TRUE;
$srch->Search();
// draw the sucker!
$totcnt = 0;
$vars = "";
// fastforward till first record if not first block of data
while ($block and $totcnt < $block * MAXTABLESIZE and $row = $result->FetchRow()) {
//setdefault("text",array("size"=>"2"));
$title = my_("Modify/Copy/Move subnet details");
newhtml($p);
insert($p, $h = wheader("IPPlan - {$title}"));
insert($h, script("", array("type" => "text/javascript", "src" => "../cookies.js")));
insert($h, script("", array("type" => "text/javascript", "src" => "../phpserializer.js")));
insert($h, script("", array("type" => "text/javascript", "src" => "../ipplanlib.js")));
$w = myheading($p, $title, true);
// explicitly cast variables as security measure against SQL injection
list($baseindex, $cust, $descrip, $grp, $origcust, $dhcp) = myRegister("I:baseindex I:cust S:descrip S:grp S:origcust I:dhcp");
// additional vars for Location: header
list($areaindex, $rangeindex, $search, $ipaddr) = myRegister("I:areaindex I:rangeindex S:search S:ipaddr");
list($userfld) = myRegister("A:userfld");
// for template fields
$formerror = "";
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
// remember original customer
if (!$origcust) {
$origcust = $cust;
}
if ($_POST) {
// check if user belongs to customer admin group
$result = $ds->GetCustomerGrp($cust);
// can only be one row - does not matter if nothing is
// found as array search will return false
$row = $result->FetchRow();
if (!in_array($row["admingrp"], $grps)) {
myError($w, $p, my_("You may not modify this subnet for this customer as you are not a member of the new customers admin group"));
}
$descrip = trim($descrip);
if (strlen($descrip) == 0) {
// explicitly cast variables as security measure against SQL injection
list($cust, $admingrp, $ipaddr, $num, $descrip, $size, $addhostinfo, $addnmapinfo, $dhcp, $findfree) = myRegister("I:cust S:admingrp S:ipaddr I:num S:descrip I:size I:addhostinfo I:addnmapinfo I:dhcp S:findfree");
list($userfld) = myRegister("A:userfld");
// for template fields
$descrip = trim($descrip);
// must only check once - might need to create multiple nets
$nodescrip = 0;
if (strlen($descrip) == 0) {
$nodescrip = 1;
}
if ($num < 1 or $num > 255) {
myError($w, $p, my_("Number of subnets to create is out of bounds."));
}
// basic sequence is connect, search, interpret search
// result, close connection
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
// error checks
if (!$ipaddr) {
myError($w, $p, my_("IP address may not be blank"));
} else {
if (testIP($ipaddr)) {
myError($w, $p, my_("Invalid IP address"));
} else {
if (!$size) {
myError($w, $p, my_("Size may not be zero"));
} elseif ($size > 1) {
if (TestBaseAddr(inet_aton3($ipaddr), $size)) {
myError($w, $p, my_("Invalid base address!"));
}
}
}
// set language
isset($_COOKIE["ipplanLanguage"]) && myLanguage($_COOKIE['ipplanLanguage']);
//setdefault("window",array("bgcolor"=>"white"));
//setdefault("table",array("cellpadding"=>"0"));
//setdefault("text",array("size"=>"2"));
$title = my_("Display overlapping address space between customers/autonomous systems");
newhtml($p);
$w = myheading($p, $title, true);
// explicitly cast variables as security measure against SQL injection
list($cust) = myRegister("I:cust");
// display opening text
insert($w, textbr());
insert($w, text("{$title}."));
insert($w, block("<p>"));
insert($w, span(my_("This function consumes large amounts of memory on the server. If you get server errors, blank pages or nothing happens when you submit, you may need to reduce the range of your search or you may need to increase the amount of memory allocated to PHP on the server."), array("class" => "textError")));
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
// start form
insert($w, $f = form(array("method" => "get", "action" => "displayoverlap.php")));
insert($f, textbrbr(my_("Customer/autonomous system 1 - select multiple")));
$result = $ds->GetCustomerGrp(0);
$lst = array();
while ($row = $result->FetchRow()) {
if (strtolower($row["custdescrip"]) == "all") {
continue;
}
// strip out customers user may not see due to not being member
// of customers admin group. $grps array could be empty if anonymous
// access is allowed!
if (!empty($grps)) {
if (!in_array($row["admingrp"], $grps)) {
continue;
//setdefault("text",array("size"=>"2"));
$title = my_("Add / Edit DNS Host");
newhtml($p);
insert($p, $h = wheader("IPPlan - {$title}"));
insert($h, script("", array("type" => "text/javascript", "src" => "../cookies.js")));
insert($h, script("", array("type" => "text/javascript", "src" => "../phpserializer.js")));
insert($h, script("", array("type" => "text/javascript", "src" => "../ipplanlib.js")));
$w = myheading($p, $title, true);
// explicitly cast variables as security measure against SQL injection
list($cust, $dataid, $zoneid, $action, $domain, $sortorder, $host, $recordtype, $iphostname) = myRegister("I:cust I:dataid I:zoneid S:action S:domain I:sortorder S:host S:recordtype S:iphostname");
if (!$_GET) {
myError($w, $p, my_("You cannot reload or bookmark this page!"));
}
// basic sequence is connect, search, interpret search
// result, close connection
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
insert($w, heading(3, my_("Host Record for domain: ") . $domain));
insert($w, $f = form(array("name" => "ENTRY", "method" => "post", "action" => "modifydnsrecord.php")));
insert($f, $con = container("fieldset", array("class" => "fieldset")));
insert($con, $legend = container("legend", array("class" => "legend")));
insert($legend, text(my_("DNS record")));
// Use the same form for adding or editing. Setup page & variables based on action.
if ($action == 'add') {
$host = "";
$RecordType = "A";
$iphostname = "";
insert($con, hidden(array("name" => "action", "value" => "add")));
insert($con, hidden(array("name" => "zoneid", "value" => "{$zoneid}")));
$myTitle = "Add";
} else {
insert($con, hidden(array("name" => "action", "value" => "edit")));
list($cust, $custdescrip, $grp, $crm, $org, $street, $city, $state, $zipcode, $cntry, $hname, $ipaddr, $nichandl, $lname, $fname, $mname, $torg, $tstreet, $tcity, $tstate, $tzipcode, $tcntry, $phne, $mbox) = myRegister("I:cust S:custdescrip S:grp S:crm S:org S:street S:city S:state S:zipcode S:cntry A:hname A:ipaddr S:nichandl S:lname S:fname S:mname S:torg S:tstreet S:tcity S:tstate S:tzipcode S:tcntry S:phne S:mbox");
list($userfld) = myRegister("A:userfld");
// for template
$formerror = "";
if ($cust == 0) {
$title = my_("Create a new customer/autonomous system");
} else {
$title = my_("Modify a customer/autonomous system details");
}
newhtml($p);
insert($p, $h = wheader("IPPlan - {$title}"));
insert($h, script("", array("type" => "text/javascript", "src" => "../cookies.js")));
insert($h, script("", array("type" => "text/javascript", "src" => "../phpserializer.js")));
insert($h, script("", array("type" => "text/javascript", "src" => "../ipplanlib.js")));
$w = myheading($p, $title, true);
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
if ($_POST) {
$custdescrip = trim($custdescrip);
if (strlen($custdescrip) < 2) {
$formerror .= my_("The customer description must be longer") . "\n";
}
if (strlen(CRM_REGEX) > 0 and !preg_match("/" . CRM_REGEX . "/", $crm)) {
$formerror .= my_("The CRM index is invalid") . "\n";
}
if ($cntry == "US" and !preg_match("/[0-9]{5}/", $zipcode)) {
$formerror .= my_("Invalid zipcode") . "\n";
}
if ($tcntry == "US" and !preg_match("/[0-9]{5}/", $tzipcode)) {
$formerror .= my_("Invalid contact zipcode") . "\n";
}
if ($mbox and !preg_match("/^[^ \t@|()<>,]+@[^ \t@()<>,]+\\.[^ \t()<>,.]+\$/", $mbox)) {
foreach ($dataid as $key => $value) {
$dataid[$key] = floor($value);
}
} else {
$dataid = array(0 => $dataid);
}
// user hit submit without selecting anything!
if (empty($dataid[0])) {
$action = "";
}
} else {
$dataid = isset($dataid) ? floor($dataid) : 0;
}
// basic sequence is connect, search, interpret search
// result, close connection
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
// CHECK Actions First
// ##################### Start OF DELETE ##############################
if ($action == "delete") {
if (!($dom_id = $ds->ds->GetOne("SELECT data_id\n FROM fwdzone\n WHERE customer={$cust} AND domain=" . $ds->ds->qstr($domain)))) {
myError($w, $p, my_("Could not find the zone - possibly deleted by another user"));
}
// check if user belongs to customer admin group
$result = $ds->GetCustomerGrp($cust);
// can only be one row - does not matter if nothing is
// found as array search will return false
$row = $result->FetchRow();
if (!in_array($row["admingrp"], $grps)) {
myError($w, $p, my_("You may not delete dns records as you are not a member of the customers admin group"));
}
// Log the Transaction.
// set language
isset($_COOKIE["ipplanLanguage"]) && myLanguage($_COOKIE['ipplanLanguage']);
//setdefault("window",array("bgcolor"=>"white"));
//setdefault("table",array("cellpadding"=>"0"));
//setdefault("text",array("size"=>"2"));
// explicitly cast variables as security measure against SQL injection
list($cust, $areaindex, $ipaddr, $action, $descrip) = myRegister("I:cust I:areaindex S:ipaddr S:action S:descrip");
$formerror = "";
if ($action == "modify") {
$title = my_("Modify a network area");
} else {
$title = my_("Create a new network area");
}
newhtml($p);
$w = myheading($p, $title, true);
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
if ($_POST) {
// save the last customer used
// must set path else Netscape gets confused!
setcookie("ipplanCustomer", "{$cust}", time() + 10000000, "/");
$descrip = trim($descrip);
if (strlen($descrip) == 0) {
$formerror .= my_("You need to enter a description for the area") . "\n";
}
if (!$ipaddr) {
$formerror .= my_("Area address may not be blank") . "\n";
} else {
if (testIP($ipaddr, TRUE)) {
$formerror .= my_("Invalid area address - it must be the same format as an IP address") . "\n";
}
}
$formerror = "";
// $ip can be array or string or undefined!
if (!isset($ip)) {
$ip = 0;
}
if (is_array($ip)) {
foreach ($ip as $key => $value) {
$ip[$key] = floor($value);
}
} else {
$ip = floor($ip);
}
if (!$_GET and !$_POST) {
myError($w, $p, my_("You cannot reload or bookmark this page!"));
}
$ds = new IPplanDbf() or myError($w, $p, "Could not connect to database");
// get info from base table - do this first as safety check and because
// we need this info later
$result = $ds->GetBaseFromIndex($baseindex);
if (!($row = $result->FetchRow())) {
myError($w, $p, my_("Subnet cannot be found!"));
}
$maxcnt = $row["subnetsize"];
$baseaddr = $row["baseaddr"];
$netdescrip = $row["descrip"];
$cust = $row["customer"];
// script gets called back from modifyipform script so that user does
// not need to press back button
if ($_POST) {
if ($grp = $ds->GetBaseGrp($baseindex)) {
if (in_array($grp, $grps) or $ds->TestCustomerGrp($baseindex, getAuthUsername())) {
require_once "../class.xptlib.php";
$auth = new BasicAuthenticator(ADMINREALM, REALMERROR);
$auth->addUser(ADMINUSER, ADMINPASSWD);
// And now perform the authentication
$grps = $auth->authenticate();
// set language
isset($_COOKIE["ipplanLanguage"]) && myLanguage($_COOKIE['ipplanLanguage']);
//setdefault("window",array("bgcolor"=>"white"));
//setdefault("table",array("cellpadding"=>"0"));
//setdefault("text",array("size"=>"2"));
$title = my_("IPplan Maintenance");
newhtml($p);
$w = myheading($p, $title);
// explicitly cast variables as security measure against SQL injection
list($action, $cust, $block, $requestindex, $requestdesc) = myRegister("S:action I:cust I:block I:requestindex S:requestdesc");
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
if ($action == "deletecustomer") {
if (DBF_TYPE == "mysql" or DBF_TYPE == "maxsql") {
$version = $ds->ds->GetOne("SELECT version() AS version");
if ($version < "4.0.0") {
myError($w, $p, my_("You need MySQL v4.0.0 or higher for this function!"));
}
}
$ds->DbfTransactionStart();
$result =& $ds->ds->Execute("DELETE FROM customer\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM custinfo\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM ipaddr \n WHERE baseindex IN (SELECT baseindex FROM base WHERE customer={$cust})") and $result =& $ds->ds->Execute("DELETE FROM ipaddradd\n WHERE baseindex IN (SELECT baseindex FROM base WHERE customer={$cust})") and $result =& $ds->ds->Execute("DELETE FROM base\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM custadd\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM revdns\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM area\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM netrange\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM fwdzone\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM fwdzoneadd\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM fwdzonerec\n WHERE customer={$cust}") and $result =& $ds->ds->Execute("DELETE FROM zones\n WHERE customer={$cust}") and $ds->AuditLog(array("event" => 182, "action" => "delete customer", "user" => getAuthUsername(), "cust" => $cust));
if ($result) {
$ds->DbfTransactionEnd();
insert($w, text(my_("Customer deleted")));
} else {
insert($w, text(my_("Customer could not be deleted")));
}
//setdefault("window",array("bgcolor"=>"white"));
//setdefault("table",array("cellpadding"=>"0"));
//setdefault("text",array("size"=>"2"));
$title = my_("Results of your search");
newhtml($p);
$w = myheading($p, $title, true);
// explicitly cast variables as security measure against SQL injection
list($cust, $areaindex, $rangeindex, $ipaddr, $descrip, $filename, $ntnameopt) = myRegister("I:cust I:areaindex I:rangeindex S:ipaddr S:descrip S:filename I:ntnameopt");
// extra protection on filename passed!
$filename = basename($filename);
if (!$_GET) {
myError($w, $p, my_("You cannot reload or bookmark this page!"));
}
// basic sequence is connect, search, interpret search
// result, close connection
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
// check if user belongs to customer admin group
$result = $ds->GetCustomerGrp($cust);
// can only be one row - does not matter if nothing is
// found as array search will return false
$row = $result->FetchRow();
if (!in_array($row["admingrp"], $grps)) {
myError($w, $p, my_("You may not send a registrar update for this customer as you are not a member of the customers admin group"));
}
// set start and end address according to range
$site = "";
if ($rangeindex) {
// should only return one row here!
$result = $ds->GetRange($cust, $rangeindex);
$row = $result->FetchRow();
$start = inet_ntoa($row["rangeaddr"]);
define("MENU", FALSE);
if (!REQUESTENABLED) {
die("IP address request system has been disabled by the administrator.");
}
// set language
isset($_COOKIE["ipplanLanguage"]) && myLanguage($_COOKIE['ipplanLanguage']);
//setdefault("window",array("bgcolor"=>"white"));
//setdefault("table",array("cellpadding"=>"0"));
//setdefault("text",array("size"=>"2"));
// explicitly cast variables as security measure against SQL injection
list($cust, $request, $user, $location, $descrip, $hname, $telno, $macaddr, $ipplanCustomer) = myRegister("I:cust S:request S:user S:location S:descrip S:hname S:telno S:macaddr I:ipplanCustomer");
$formerror = "";
$title = my_("Request an IP address");
newhtml($p);
$w = myheading($p, $title, MENU);
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
if ($_POST) {
$request = trim($request);
$descrip = trim($descrip);
if (strlen($request) == 0) {
$formerror .= my_("You need to enter request details for the ip address request") . "\n";
}
if (strlen($user) == 0) {
$formerror .= my_("You need to enter user details for the request") . "\n";
}
if (strlen($location) == 0) {
$formerror .= my_("You need to enter location details for the request") . "\n";
}
if (strlen($descrip) == 0) {
$formerror .= my_("You need to enter description details for the request") . "\n";
}
// set language
isset($_COOKIE["ipplanLanguage"]) && myLanguage($_COOKIE['ipplanLanguage']);
//setdefault("window",array("bgcolor"=>"white"));
//setdefault("table",array("cellpadding"=>"0"));
//setdefault("text",array("size"=>"2"));
$title = my_("Results of your search for areas");
newhtml($p);
$w = myheading($p, $title, true);
// explicitly cast variables as security measure against SQL injection
list($cust, $ipplanParanoid) = myRegister("I:cust I:ipplanParanoid");
if (!$_GET) {
myError($w, $p, my_("You cannot reload or bookmark this page!"));
}
// basic sequence is connect, search, interpret search
// result, close connection
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
$custdescrip = $ds->GetCustomerDescrip($cust);
insert($w, heading(3, sprintf(my_("Search for areas and ranges for customer '%s'"), $custdescrip)));
$result =& $ds->ds->Execute("SELECT area.areaaddr, area.descrip AS adescrip, \n netrange.rangeaddr,\n netrange.rangesize, netrange.descrip AS rdescrip,\n netrange.rangeindex, area.areaindex\n FROM netrange\n LEFT JOIN area\n ON netrange.areaindex=area.areaindex\n WHERE netrange.customer={$cust}\n ORDER BY area.areaaddr, netrange.rangeaddr, netrange.rangesize");
// create a table
insert($w, $t = table(array("cols" => "8", "class" => "outputtable")));
// draw heading
setdefault("cell", array("class" => "heading"));
insert($t, $c = cell());
insert($c, text(my_("Area address")));
insert($t, $c = cell());
insert($c, text(my_("Description")));
insert($t, $c = cell());
insert($c, text(my_("Action")));
insert($t, $c = cell());
insert($c, text(my_("Range address")));
isset($_COOKIE["ipplanLanguage"]) && myLanguage($_COOKIE['ipplanLanguage']);
$title = my_("Display subnet information");
newhtml($p);
$myWwwPath = '../menus/';
$w = myheading($p, $title);
insert($w, generic("link", array("rel" => "stylesheet", "href" => "{$myWwwPath}" . "layerstreemenu.css")));
insert($w, generic("link", array("rel" => "stylesheet", "href" => "{$myWwwPath}" . "layerstreemenu-hidden.css")));
insert($w, script("", array("language" => "JavaScript", "type" => "text/javascript", "src" => $myWwwPath . 'libjs/layerstreemenu-cookies.js')));
// display opening text
insert($w, heading(3, my_("Display subnets.")));
insert($w, text(my_("Click on customer/AS to display all associated subnets, click on the area to display all subnets in area and contained ranges, click on a range to display only subnets associated with that range. Subnets not within an area or range can be viewed by selecting the customer/AS.")));
insert($w, block("<p><hr>"));
insert($w, $t = table(array("cols" => "1", "width" => "100%", "border" => "1", "cellspacing" => "2", "frame" => "void", "rules" => "ALL", "cellpadding" => "5")));
insert($t, $leftmenu = cell(array("align" => "left", "width" => "100%", "valign" => "top")));
//read the database and create the strings containing the menus
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
@set_time_limit(90);
// default is collapsed, change to "1" for expanded tree
// value is stored in a cookie so clear cookies to see effect
$expanded = "";
$displayall = FALSE;
$menustring = "";
if ($custresult = $ds->GetCustomerGrp(0)) {
$adminuser = $ds->TestGrpsAdmin($grps);
//customer
while ($custrow = $custresult->Fetchrow()) {
// remove all from list if global searching is not available
if (!$displayall and strtolower($custrow["custdescrip"]) == "all") {
continue;
}
// strip out customers user may not see due to not being member
// set language
isset($_COOKIE["ipplanLanguage"]) && myLanguage($_COOKIE['ipplanLanguage']);
//setdefault("window",array("bgcolor"=>"white"));
//setdefault("table",array("cellpadding"=>"0"));
//setdefault("text",array("size"=>"2"));
// explicitly cast variables as security measure against SQL injection
list($cust, $areaindex, $rangeindex, $action, $size, $ipaddr, $descrip) = myRegister("I:cust I:areaindex I:rangeindex S:action I:size S:ipaddr S:descrip");
$formerror = "";
if ($action == "modify") {
$title = my_("Modify a range or supernet/summary");
} else {
$title = my_("Create a new range or supernet/summary");
}
newhtml($p);
$w = myheading($p, $title, true);
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
if ($_POST) {
// save the last customer used
// must set path else Netscape gets confused!
setcookie("ipplanCustomer", "{$cust}", time() + 10000000, "/");
if ($action == "modify") {
$result = $ds->GetRange($cust, $rangeindex);
if (!($row = $result->FetchRow())) {
myError($w, $p, my_("Range cannot be found!"));
}
}
$descrip = trim($descrip);
if (strlen($descrip) == 0) {
$formerror .= my_("You need to enter a description for the range") . "\n";
}
$base = inet_aton($ipaddr);
require_once "../class.xptlib.php";
$auth = new BasicAuthenticator(ADMINREALM, REALMERROR);
$auth->addUser(ADMINUSER, ADMINPASSWD);
// And now perform the authentication
$auth->authenticate();
// set language
isset($_COOKIE["ipplanLanguage"]) && myLanguage($_COOKIE['ipplanLanguage']);
//setdefault("window",array("bgcolor"=>"white"));
//setdefault("table",array("cellpadding"=>"0"));
//setdefault("text",array("size"=>"2"));
$title = my_("Display Audit Log");
newhtml($p);
$w = myheading($p, $title);
// explicitly cast variables as security measure against SQL injection
list($descrip, $block, $expr) = myRegister("S:descrip I:block S:expr");
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
// display opening text
insert($w, heading(3, "{$title}."));
$srch = new mySearch($w, $_GET, $descrip, "descrip");
//$srch->legend=my_("Refine Search on Domain");
$srch->expr = $expr;
$srch->expr_disp = TRUE;
$srch->Search();
// draw the sucker!
// what is the additional search SQL?
$where = $ds->mySearchSql("action", $expr, $descrip, FALSE);
if ($where) {
$where = "WHERE " . $where;
}
$sqllastmod = $ds->ds->SQLDate("M d Y H:i:s", 'dt');
$result =& $ds->ds->Execute("SELECT action, dt, {$sqllastmod} AS newdt\n FROM auditlog\n {$where}\n ORDER BY dt DESC");
// set language
isset($_COOKIE["ipplanLanguage"]) && myLanguage($_COOKIE['ipplanLanguage']);
//setdefault("window",array("bgcolor"=>"white"));
//setdefault("table",array("cellpadding"=>"0"));
//setdefault("text",array("size"=>"2"));
$title = my_("Results of your search");
newhtml($p);
$w = myheading($p, $title, true);
// explicitly cast variables as security measure against SQL injection
list($cust, $areaindex, $rangeindex, $start, $end, $showused, $size_from, $size_to) = myRegister("I:cust I:areaindex I:rangeindex S:start S:end I:showused I:size_from I:size_to");
if (!$_GET) {
myError($w, $p, my_("You cannot reload or bookmark this page!"));
}
// basic sequence is connect, search, interpret search
// result, close connection
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
// set start and end address according to range
$site = "";
if ($rangeindex) {
// should only return one row here!
$result = $ds->GetRange($cust, $rangeindex);
$row = $result->FetchRow();
$start = inet_ntoa($row["rangeaddr"]);
$end = inet_ntoa($row["rangeaddr"] + $row["rangesize"] - 1);
$site = " (" . $row["descrip"] . ")";
}
if (testIP($start) or testIP($end)) {
myError($w, $p, my_("Invalid IP address! You must select a range or fill in the start and end IP address."));
}
$startnum = inet_aton($start);
$endnum = inet_aton($end);
require_once "../layout/class.layout";
require_once "../auth.php";
$auth = new SQLAuthenticator(REALM, REALMERROR);
// And now perform the authentication
$grps = $auth->authenticate();
// set language
isset($_COOKIE["ipplanLanguage"]) && myLanguage($_COOKIE['ipplanLanguage']);
//setdefault("window",array("bgcolor"=>"white"));
//setdefault("table",array("cellpadding"=>"0"));
//setdefault("text",array("size"=>"2"));
$title = my_("Delete a range or supernet/summary");
newhtml($p);
$w = myheading($p, $title, true);
// explicitly cast variables as security measure against SQL injection
list($cust, $rangeindex) = myRegister("I:cust I:rangeindex");
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
if ($_GET) {
// save the last customer used
// must set path else Netscape gets confused!
setcookie("ipplanCustomer", "{$cust}", time() + 10000000, "/");
// check if user belongs to customer admin group
$result = $ds->GetCustomerGrp($cust);
// can only be one row - does not matter if nothing is
// found as array search will return false
$row = $result->FetchRow();
if (!in_array($row["admingrp"], $grps)) {
myError($w, $p, my_("You may not delete an area for this customer as you are not a member of the customers admin group"));
}
if ($rangeindex > 0) {
$result = $ds->GetRange($cust, $rangeindex);
$row = $result->FetchRow();
require_once "../layout/class.layout";
require_once "../auth.php";
$auth = new SQLAuthenticator(REALM, REALMERROR);
// And now perform the authentication
$grps = $auth->authenticate();
// set language
isset($_COOKIE["ipplanLanguage"]) && myLanguage($_COOKIE['ipplanLanguage']);
//setdefault("window",array("bgcolor"=>"white"));
//setdefault("table",array("cellpadding"=>"0"));
//setdefault("text",array("size"=>"2"));
$title = my_("Delete a network area");
newhtml($p);
$w = myheading($p, $title, true);
// explicitly cast variables as security measure against SQL injection
list($cust, $areaindex) = myRegister("I:cust I:areaindex");
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
if ($_GET) {
// save the last customer used
// must set path else Netscape gets confused!
setcookie("ipplanCustomer", "{$cust}", time() + 10000000, "/");
// check if user belongs to customer admin group
$result = $ds->GetCustomerGrp($cust);
// can only be one row - does not matter if nothing is
// found as array search will return false
$row = $result->FetchRow();
if (!in_array($row["admingrp"], $grps)) {
myError($w, $p, my_("You may not delete an area for this customer as you are not a member of the customers admin group"));
}
if ($areaindex > 0) {
$result = $ds->GetArea($cust, $areaindex);
$row = $result->FetchRow();
// set language
isset($_COOKIE["ipplanLanguage"]) && myLanguage($_COOKIE['ipplanLanguage']);
//setdefault("window",array("bgcolor"=>"white"));
//setdefault("table",array("cellpadding"=>"0"));
//setdefault("text",array("size"=>"2"));
$title = my_("Export DHCP subnet details");
newhtml($p);
$w = myheading($p, $title, true);
// save the last customer used
// must set path else Netscape gets confused!
setcookie("ipplanCustomer", "{$cust}", time() + 10000000, "/");
// basic sequence is connect, search, interpret search
// result, close connection
// explicitly cast variables as security measure against SQL injection
list($cust) = myRegister("I:cust");
$ds = new IPplanDbf() or die(my_("Could not connect to database"));
// check if user belongs to customer admin group
$result = $ds->GetCustomerGrp($cust);
// can only be one row - does not matter if nothing is
// found as array search will return false
$row = $result->FetchRow();
if (!in_array($row["admingrp"], $grps)) {
myError($w, $p, my_("You may not export DHCP subnets as you are not a member of the customers admin group"));
}
$startnum = inet_aton(DEFAULTROUTE);
$endnum = inet_aton(ALLNETS);
// if a specific network template exists, use that, else use generic template
$template = new IPplanIPTemplate("basetemplate-dhcp", $cust);
$err = $template->is_error();
// error with template here is fatal
if ($err) {
$title = my_("Registrar information sent");
newhtml($p);
$w = myheading($p, $title, true);
// explicitly cast variables as security measure against SQL injection
list($baseindex, $ntnameopt, $cust, $filename) = myRegister("A:baseindex I:ntnameopt I:cust S:filename");
// extra protection on filename passed!
$filename = basename($filename);
if (!$_POST) {
myError($w, $p, my_("You cannot reload or bookmark this page!"));
}
if (empty($baseindex)) {
myError($w, $p, my_("No registrar updates selected to send"));
}
// basic sequence is connect, search, interpret search
// result, close connection
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
// check if user belongs to customer admin group
$result = $ds->GetCustomerGrp($cust);
// can only be one row - does not matter if nothing is
// found as array search will return false
$row = $result->FetchRow();
if (!in_array($row["admingrp"], $grps)) {
myError($w, $p, my_("You may not send a registrar update for this customer as you are not a member of the customers admin group"));
}
$formerror = "";
$cnt = 0;
foreach ($baseindex as $key => $value) {
$value = floor($value);
// dont trust values posted
$result = $ds->GetBaseFromIndex($value);
$row = $result->FetchRow();
require_once "../adodb/adodb.inc.php";
require_once "../class.dbflib.php";
require_once "../auth.php";
require_once "../class.templib.php";
$auth = new BasicAuthenticator(ADMINREALM, REALMERROR);
$auth->addUser(ADMINUSER, ADMINPASSWD);
// And now perform the authentication
$auth->authenticate();
// save the last customer used
// must set path else Netscape gets confused!
setcookie("ipplanCustomer", "{$cust}", time() + 10000000, "/");
// basic sequence is connect, search, interpret search
// result, close connection
// explicitly cast variables as security measure against SQL injection
list($cust) = myRegister("I:cust");
$ds = new IPplanDbf() or die(my_("Could not connect to database"));
// force file download due to bad mime type
header("Content-Type: bad/type");
header("Content-Disposition: attachment; filename=base.txt");
header("Pragma: no-cache");
header("Expires: 0");
$startnum = inet_aton(DEFAULTROUTE);
$endnum = inet_aton(ALLNETS);
// if a specific network template exists, use that, else use generic template
$template = new IPplanIPTemplate("basetemplate", $cust);
$err = $template->is_error();
$result = $ds->GetBase($startnum, $endnum, '', $cust);
while ($row = $result->FetchRow()) {
echo inet_ntoa($row["baseaddr"]) . FIELDS_TERMINATED_BY . $row["descrip"] . FIELDS_TERMINATED_BY . inet_ntoa(inet_aton(ALLNETS) + 1 - $row["subnetsize"]) . FIELDS_TERMINATED_BY;
if (!$err) {
$result_template =& $ds->ds->Execute("SELECT info, infobin\n FROM baseadd\n WHERE baseindex=" . $row["baseindex"]);
//setdefault("text",array("size"=>"2"));
$title = my_("Create DNS Reverse Zones");
newhtml($p);
insert($p, $h = wheader("IPPlan - {$title}"));
insert($h, script("", array("type" => "text/javascript", "src" => "../cookies.js")));
insert($h, script("", array("type" => "text/javascript", "src" => "../phpserializer.js")));
insert($h, script("", array("type" => "text/javascript", "src" => "../ipplanlib.js")));
$w = myheading($p, $title, true);
// explicitly cast variables as security measure against SQL injection
list($cust, $zoneid, $action, $zone, $responsiblemail, $size, $serialdate, $serialnum, $ttl, $retry, $refresh, $expire, $minimum, $slaveonly, $zonepath, $seczonepath, $zoneip) = myRegister("I:cust I:zoneid S:action S:zone S:responsiblemail I:size I:serialdate I:serialnum I:ttl I:retry I:refresh I:expire I:minimum S:slaveonly S:zonepath S:seczonepath B:zoneip");
if (!$_GET) {
myError($w, $p, my_("You cannot reload or bookmark this page!"));
}
// basic sequence is connect, search, interpret search
// result, close connection
$ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database"));
insert($w, $f = form(array("name" => "ENTRY", "method" => "post", "action" => "modifyzone.php")));
// Use the same form for adding or editing. Setup page & variables based on action.
if ($action == 'add') {
$now = getdate();
$serialdate = $now["year"] . str_pad($now["mon"], 2, '0', STR_PAD_LEFT) . str_pad($now["mday"], 2, '0', STR_PAD_LEFT);
$serialnum = 0;
$zone = "";
$size = 256;
$ttl = DNSTTL;
$refresh = DNSREFRESH;
$retry = DNSRETRY;
$expire = DNSEXPIRE;
$minimum = DNSMINTTL;
$slaveonly = DNSSLAVEONLY;
$responsiblemail = REGADMINEMAIL;
