function delete_nfsen_source($data) { if (!Session::am_i_admin()) { $return['error'] = TRUE; $return['msg'] = _('Action not authorized'); return $return; } require_once '../sensor/nfsen_functions.php'; $sensor = $data['sensor']; ossim_valid($sensor, OSS_ALPHA, 'illegal:' . _('Nfsen Source')); if (ossim_error()) { $info_error = _('Error') . ': ' . ossim_get_error(); ossim_clean_error(); $return['error'] = TRUE; $return['msg'] = $info_error; return $return; } $res = delete_nfsen($sensor); if ($res['status'] == 'success') { $return['error'] = FALSE; $return['msg'] = _('Source deleted successfully'); //To forcer load variables in session again unset($_SESSION['tab']); } else { $return['error'] = TRUE; $return['msg'] = $res['data']; } return $return; }
function check_deploy_perms() { if (!Session::am_i_admin()) { $config_nt = array('content' => _("You do not have permission to see this section"), 'options' => array('type' => 'nf_error', 'cancel_button' => false), 'style' => 'width: 60%; margin: 30px auto; text-align:center;'); $nt = new Notification('nt_1', $config_nt); $nt->show(); die; } return true; }
function draw_user_header($conn, $user) { $entities = ""; foreach ($user->ctx as $entity) { $entities .= Acl::get_entity_name($conn, $entity) . "<br>"; } if (empty($entities) && Session::am_i_admin()) { $entities = _("Global Admin"); } $header = "\n\t <div class='column_header'>\n\t <div class='db_perm_header_title'>\n\t " . $user->name . "\n\t </div>\n\t <div class='db_perm_header_opts' onclick='toggle_default_tabs(this,\"" . $user->login . "\");'>\n\t " . _("Show Default Tabs") . "\n\t </div>\n\t <div title='{$entities}' class='db_perm_header_icon ui-icon ui-icon-help tooltip'></div>\n\t </div>"; return $header; }
function mapAllowed($perms_arr, $version) { if (Session::am_i_admin()) { return true; } $ret = false; foreach ($perms_arr as $perm => $val) { // ENTITY if (preg_match("/^\\d+\$/", $perm)) { if (preg_match("/pro|demo/i", $version) && $_SESSION['_user_vision']['entity'][$perm]) { $ret = true; } // USER } elseif (Session::get_session_user() == $perm) { $ret = true; } } return $ret; }
function showSubCategoryHTML() { $html = ''; $check_ossim = $check_snort = ''; if ($this->get('cloud_db') == 'snort') { $check_snort = 'checked'; } else { $check_ossim = 'checked'; } $resolv_yes = $resolv_no = ''; if ($this->get('cloud_resolv_ip') == '1') { $resolv_yes = 'checked'; } else { $resolv_no = 'checked'; } $html .= _("Database") . ':<br/> <input type="radio" name="cloud_db" value="ossim" ' . $check_ossim . '>Ossim<br/> <input type="radio" name="cloud_db" value="snort" ' . $check_snort . '>Snort <br/> <hr noshade> '; $html .= _("SQL code") . ':<br/>'; $hidden = !Session::am_i_admin() ? ' style="display:none"' : ''; $html .= '<textarea name="cloud_sql" rows="6" cols="55" wrap="soft"' . $hidden . '>'; $html .= $this->get('cloud_sql'); $html .= '</textarea>'; if (!Session::am_i_admin()) { $html .= '<b>' . _("Only global admins can change this query!") . "</b><br/>"; } $html .= '<br/>'; $html .= _("Cloud link. Use _TAG_ for placeholder"); $html .= ': <input type ="text" name="cloud_link" size="30" value ="' . $this->get('cloud_link') . '"><br/>'; $html .= _("Cloud tag max length, 0 means unlimited"); $html .= ': <input type ="text" name="cloud_tag_max_len" value ="' . $this->get('cloud_tag_max_len') . '"><br/>'; $html .= "<hr noshade>"; $html .= _("Resolve hostname on column?") . ':<br/> <input type="radio" name="cloud_resolv_ip" value="1" ' . $resolv_yes . '>' . _("Yes") . '<br/> <input type="radio" name="cloud_resolv_ip" value="0" ' . $resolv_no . '>' . _("No") . ' <br/> '; return $html; }
function get_wizard_perms($dbconn) { define("NO_PERMS", 0); define("VISION_PERMS", 1); define("EDITING_PERMS", 2); $perms = array("entity_perms" => array(), "user_perms" => array()); $user_vision = !isset($_SESSION['_user_vision']) ? Acl::get_user_vision($dbconn) : $_SESSION['_user_vision']; //User permission $perms['user_perms'] = $user_vision['user']; //Entity permissions if (Session::am_i_admin()) { $perms['entity_perms'] = $user_vision['entity']; } else { foreach ($user_vision['entity'] as $entity_id => $perm) { $perms['entity_perms'][$entity_id] = NO_PERMS; //Initial permissions } $my_entities = Acl::get_my_entities($dbconn, '', FALSE); $my_entities_admin = $user_vision['entity_admin']; foreach ($my_entities as $entity_id => $entity) { if (!empty($my_entities_admin[$entity_id])) { $perms['entity_perms'][$entity_id] = EDITING_PERMS; } else { if ($perms['entity_perms'][$entity_id] < EDITING_PERMS) { $perms['entity_perms'][$entity_id] = VISION_PERMS; } } foreach ($entity['children'] as $entity_child_id) { if (!empty($my_entities_admin[$entity_id]) || !empty($my_entities_admin[$entity_child_id])) { $perms['entity_perms'][$entity_child_id] = EDITING_PERMS; } else { if ($perms['entity_perms'][$entity_child_id] < EDITING_PERMS) { $perms['entity_perms'][$entity_child_id] = VISION_PERMS; } } } } } return $perms; }
function showSubCategoryHTML() { $html = ''; $check_ossim = $check_snort = ''; if ($this->get('graph_db') == 'snort') { $check_snort = 'checked'; } else { $check_ossim = 'checked'; } $html .= 'Database: <input type="radio" name="graph_db" value="ossim" ' . $check_ossim . '>Ossim <input type="radio" name="graph_db" value="snort" ' . $check_snort . '>Snort <br/> '; $html .= _("SQL code") . ':<br/>'; $hidden = !Session::am_i_admin() ? ' style="display:none"' : ''; $html .= '<textarea name="graph_sql" rows="17" cols="55" wrap="soft"' . $hidden . '>'; $html .= $this->get('graph_sql'); $html .= '</textarea>'; if (!Session::am_i_admin()) { $html .= '<b>' . _("Only global admins can change this query!") . "</b><br/>"; } return $html; }
function SendHeader($established) { global $self, $m_opt, $sm_opt, $h_opt; global $TabList; header("Content-type: text/html; charset=ISO-8859-1"); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta http-equiv="Cache-Control" content="no-cache"/> <meta http-equiv="Pragma" content="no-cache"/> <link rel="stylesheet" type="text/css" href="../style/av_common.css?t=<?php echo Util::get_css_id(); ?> "> <link rel="stylesheet" type="text/css" href="../style/nfsen/nfsen.css"> <script type="text/javascript" src="/ossim/js/jquery.min.js"></script> <script type='text/javascript' src="/ossim/js/notification.js"></script> <script type='text/javascript' src='/ossim/js/utils.js'></script> <?php include '../host_report_menu.php'; if (!$established) { return; } $_tab = array_key_exists('tab', $_SESSION) ? $_SESSION['tab'] : 0; if (array_key_exists('tleft', $_SESSION)) { $str = $TabList[$_tab] == 'Details' ? strftime("%b %d %Y - %H:%M", $_SESSION['tleft']) : 'Overview'; } else { $str = ''; } ?> <title> <?php if ($_REQUEST["login"]) { $name = strip_tags($_POST["name"]); $_SESSION["_nfsen_title"] = $name . " - Network Traffic"; } elseif (empty($_SESSION["_nfsen_title"])) { $_SESSION["_nfsen_title"] = _("NFSEN"); } echo Util::htmlentities($_SESSION["_nfsen_title"]) . _(' - Profile'); ?> <?php echo Util::htmlentities($_SESSION['profile']) . " {$str}"; ?> </title> <?php $refresh = $_SESSION['refresh']; if ($TabList[$_tab] != 'Details' && $refresh > 0) { print "<meta HTTP-EQUIV='Refresh' CONTENT='" . Util::htmlentities($refresh) . "; URL=" . Util::htmlentities($self) . "?bookmark=" . Util::htmlentities($_SESSION['bookmark']) . "&bypassexpirationupdate=1'>\n"; } if ($TabList[$_tab] == 'Details') { ?> <link rel="stylesheet" type="text/css" href="../style/nfsen/detail.css"> <?php } if ($TabList[$_tab] == 'Stats') { ?> <link rel="stylesheet" type="text/css" href="../style/nfsen/profileadmin.css"> <?php } if ($TabList[$_tab] == 'Alerts') { ?> <link rel="stylesheet" type="text/css" href="../style/nfsen/alerting.css"> <?php } ?> <script type="text/javascript" src="js/global.js"></script> <script type="text/javascript" src="js/menu.js"></script> <script type="text/javascript" src="../js/jquery.simpletip.js"></script> <!-- JQuery TipTip: --> <link rel="stylesheet" type="text/css" href="/ossim/style/tipTip.css"/> <script type="text/javascript" src="/ossim/js/jquery.tipTip-ajax.js"></script> <script type="text/javascript"> function postload() { // menu.php postload $('#interface').change(function() { send($(this).val(), $('#interface option:selected').text()); }); <?php if (isset($_POST['ip'])) { ?> send('<?php echo Util::htmlentities($_POST['ip']); ?> ', $('#interface option:selected').text()); <?php } ?> // ************ $('.scriptinfo').tipTip({ defaultPosition: "down", content: function (e) { var ip_data = $(this).attr('data-title'); ip_data = ip_data.split('-'); $.ajax({ url: '../alarm/alarm_netlookup.php?ip=' + ip_data[0], success: function (response) { e.content.html(response); // the var e is the callback function data (see above) } }); return '<?php echo _("Searching") . "..."; ?> '; // We temporary show a Please wait text until the ajax success callback is called. } }); $(".repinfo").tipTip({ defaultPosition: 'left', content: function (e) { return $(this).attr('txt'); } }); $('#filter').on('keyup', function(e){ $(this).val(function(i, val) { return val.replace(/[\t\r\b]/g, ''); }); }); <?php if (GET('ip') != "") { ?> $("#process_button").click(); <?php } ?> } function lastsessions() { $('#modeselect0').click(); $("#listN option[value='3']").attr('selected', 'selected'); $("#process_button").click(); } function launch(val,order) { $('#modeselect1').click(); $("#TopN option[value='0']").attr('selected', 'selected'); $("#StatTypeSelector option[value='"+val+"']").attr('selected', 'selected'); $("#statorder option[value='"+order+"']").attr('selected', 'selected'); $("#process_button").click(); } function remote_interface(ip) { $("#FlowProcessingForm").attr("action", "menu.php"); $("#FlowProcessingForm").attr("target", "menu_nfsen"); $("#FlowProcessingForm").append("<input type='hidden' name='process' value='Process' />"); $("#FlowProcessingForm").append("<input type='hidden' name='ip' value='"+ip+"' />"); $("#FlowProcessingForm").submit(); } function clean_remote_data() { $("#FlowProcessingForm").removeAttr("target"); $("#FlowProcessingForm").attr("action", $("#FlowProcessingForm").attr("laction")); // set the local action } </script> </head> <body> <?php $db_aux = new ossim_db(); $conn_aux = $db_aux->connect(); $aux_ri_interfaces = Remote_interface::get_list($conn_aux, "WHERE status = 1"); $ri_list = $aux_ri_interfaces[0]; $ri_total = $aux_ri_interfaces[1]; $db_aux->close(); if (Session::am_i_admin() && count($ri_total) > 0) { include 'menu.php'; } }
<div id="db_tab_blob"></div> </div> <div class='dashboard_options_tab'> <?php if ($can_edit) { ?> <img id='op_edition' class='db_img_opt' src='pixmaps/edit.png' title="<?php echo $show_edit ? _('Switch to View Mode') : _('Switch to Edit Mode'); ?> "/> <?php } if (Session::am_i_admin() || $pro && Acl::am_i_proadmin()) { ?> <img id='op_permissions' class='db_img_opt'src='pixmaps/permissions.png' title="<?php echo _('Permissions'); ?> "/> <?php } ?> <img id='op_fullscreen' class='db_img_opt' src='pixmaps/full-screen.png' title="<?php echo _('Full Screen'); ?> "/> </div>
function list_results($type, $value, $ctx_filter, $sortby, $sortdir) { global $allres, $offset, $pageSize, $dbconn; global $user, $arruser; $dbconn->SetFetchMode(ADODB_FETCH_BOTH); $filteredView = FALSE; $selRadio = array("", "", "", ""); $query_onlyuser = ""; $url_filter = ""; // Deprecated filter //if(!empty($arruser)) {$query_onlyuser = "******";} $sortby = "t1.results_sent DESC, t1.hostIP DESC"; $sortdir = ""; $queryw = ""; $queryl = ""; $querys = "SELECT distinct t1.hostIP, HEX(t1.ctx) as ctx, t1.scantime, t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t1.sid, t3.name as profile\n FROM vuln_nessus_latest_reports AS t1 LEFT JOIN vuln_nessus_settings AS t3 ON t1.sid = t3.id, vuln_nessus_latest_results AS t5\n WHERE\n t1.hostIP = t5.hostIP\n AND t1.ctx = t5.ctx\n AND t1.deleted = '0' "; // set up the SQL query based on the search form input (if any) if ($type == "scantime" && $value != "") { $selRadio[0] = "CHECKED"; $q = $value; $queryw = " AND t1.scantime LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}"; $queryl = " limit {$offset},{$pageSize}"; $stext = "<b>" . _("Search for Date/Time") . "</b> = '*{$q}*'"; $url_filter = "&type={$type}&value={$value}"; } else { if ($type == "service" && $value != "") { $selRadio[5] = "CHECKED"; $q = $value; $queryw = " AND t5.service LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}"; $queryl = " limit {$offset},{$pageSize}"; $stext = "<b>" . _("Search for Service") . "</b> = '*" . html_entity_decode($q) . "*'"; $url_filter = "&type={$type}&value={$value}"; } else { if ($type == "freetext" && $value != "") { $selRadio[6] = "CHECKED"; $q = $value; $queryw = " AND t5.msg LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}"; $queryl = " limit {$offset},{$pageSize}"; $stext = "<b>" . _("Search for Free Text") . "</b> = '*" . html_entity_decode($q) . "*'"; $url_filter = "&type={$type}&value={$value}"; } else { if ($type == "hostip" && $value != "") { $selRadio[1] = "CHECKED"; $q = strtolower($value); $queryw = " t1.hostIP LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}"; $queryl = " limit {$offset},{$pageSize}"; $stext = "<b>" . _("Search for Host-IP") . "</b> = '*{$q}*'"; $url_filter = "&type={$type}&value={$value}"; } else { if ($type == "fk_name" && $value != "") { $selRadio[2] = "CHECKED"; $q = strtolower($value); $queryw = " AND t1.fk_name LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}"; $queryl = " limit {$offset},{$pageSize}"; $stext = _("Search for Subnet/CIDR") . " = '*{$q}*'"; $url_filter = "&type={$type}&value={$value}"; } else { if ($type == "username" && $value != "") { $selRadio[3] = "CHECKED"; $q = strtolower($value); $queryw = " AND t1.username LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}"; $queryl = " limit {$offset},{$pageSize}"; $stext = "<b>" . _("Search for user") . "</b> = '*{$q}*'"; $url_filter = "&type={$type}&value={$value}"; } else { if ($type == "hn" && $value != "") { if (!empty($ctx_filter)) { $queryw = " AND t1.ctx=UNHEX('{$ctx_filter}')"; } $selRadio[4] = "CHECKED"; if (preg_match("/\\//", $value)) { $ip_range = array(); $ip_range = Cidr::expand_CIDR($value, "SHORT"); $queryw .= " AND (inet_aton(t1.hostIP) >= '" . $ip_range[0] . "' AND inet_aton(t1.hostIP) <='" . $ip_range[1] . "') {$query_onlyuser} order by {$sortby} {$sortdir}"; } elseif (preg_match("/\\,/", $value)) { $q = implode("','", explode(",", $value)); $queryw .= " AND t1.hostIP in ('{$q}') {$query_onlyuser} order by {$sortby} {$sortdir}"; $q = "Others"; } else { $q = $value; $queryw .= " AND t1.hostIP LIKE '{$q}' {$query_onlyuser} order by {$sortby} {$sortdir}"; } $queryl = " limit {$offset},{$pageSize}"; if (!preg_match("/\\//", $value)) { $stext = "<b>" . _("Search for Host") . "</b> = '" . html_entity_decode($q) . "'"; } else { $stext = "<b>" . _("Search for Subnet/CIDR") . "</b> = '{$value}'"; } $url_filter = "&type={$type}&value={$value}"; } else { $selRadio[4] = "CHECKED"; $viewAll = FALSE; $queryw = "{$query_onlyuser} order by {$sortby} {$sortdir}"; $queryl = " limit {$offset},{$pageSize}"; $stext = ""; } } } } } } } // set up the pager and search fields if viewing all hosts $reportCount = 0; if (!$filteredView) { $dbconn->Execute(str_replace("SELECT distinct", "SELECT SQL_CALC_FOUND_ROWS distinct", $querys) . $queryw); $reportCount = $dbconn->GetOne("SELECT FOUND_ROWS() as total"); $previous = $offset - $pageSize; if ($previous < 0) { $previous = 0; } $last = intval($reportCount / $pageSize) * $pageSize; if ($last < 0) { $last = 0; } $next = $offset + $pageSize; $pageEnd = $offset + $pageSize; $value = html_entity_decode($value); //echo "<center><table cellspacing='0' cellpadding='0' border='0' width='100%'><tr><td class='headerpr' style='border:0;'>"._("Current Vulnerablities")."</td></tr></table>"; // output the search form echo "<table class='w100 transparent'>"; echo "<tr><td class='sec_title'>" . _("Asset Vulnerability Details") . "</td></tr>"; echo "<tr><td style='padding:12px 0px 0px 0px;' class='transparent'>"; ?> <div id='cvleftdiv'> <a id="new_scan_button" class="button" href="<?php echo Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?action=create_scan&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs'); ?> " style="text-decoration:none;"> <?php echo _("New Scan Job"); ?> </a> </div> <div id='cvrightdiv'> <?php echo '<form name="hostSearch" id="hostSearch" action="index.php" method="GET"> <input type="text" length="25" name="value" id="assets" class="assets" style="margin:0px !important;" value="' . Util::htmlentities($value) . '">'; // cvfiltertype -> current vulnerabilities filter type echo "\n<input type=\"radio\" name=\"type\" value=\"service\" {$selRadio['5']}>" . _("Service") . "\n<input type=\"radio\" name=\"type\" value=\"freetext\" {$selRadio['6']}>" . _("Free text") . "\n<input type=\"radio\" name=\"type\" value=\"hn\" {$selRadio['4']}>" . _("Host/Net") . "\n"; echo "<input type=\"submit\" name=\"submit\" value=\"" . _("Find") . "\" id=\"current_vulns_find_button\" class=\"av_b_secondary small\" style=\"margin-left:15px;\">"; echo <<<EOT </form> </p> EOT; } else { // get the search result count $queryc = "SELECT count( report_id ) FROM vuln_nessus_latest_reports WHERE t1.deleted = '0' "; $scount = $dbconn->GetOne($queryc . $queryw); echo "<p>{$scount} report"; if ($scount != 1) { echo "s"; } else { } echo " " . _("found matching search criteria") . " | "; echo " <a href='index.php' alt='" . _("View All Reports") . "'>" . _("View All Reports") . "</a></p>"; } echo "<p>"; echo $stext; echo "</p>"; echo "</div></td></tr></table>"; $result = array(); // get the hosts to display $result = $dbconn->GetArray($querys . $queryw . $queryl); // main query //echo $querys.$queryw.$queryl; $delete_ids = array(); if (count($result) > 0) { foreach ($result as $rpt) { $delete_ids[] = $dreport_id = $rpt["report_id"]; } } $_SESSION["_dreport_ids"] = implode(",", $delete_ids); //echo "$querys$queryw$queryl"; if ($result === false) { $errMsg[] = _("Error getting results") . ": " . $dbconn->ErrorMsg(); $error++; dispSQLError($errMsg, $error); } else { $data['vInfo'] = 0; $data['vLow'] = 0; $data['vMed'] = 0; $data['vHigh'] = 0; $data['vSerious'] = 0; $perms_where = Asset_host::get_perms_where('host.', TRUE); if (!empty($perms_where)) { $queryt = "SELECT count(lr.result_id) AS total, lr.risk, lr.hostIP, HEX(lr.ctx) AS ctx\n FROM vuln_nessus_latest_results lr, host, host_ip hi\n WHERE host.id=hi.host_id AND inet6_ntoa(hi.ip)=lr.hostIP {$perms_where} AND falsepositive='N'\n GROUP BY risk, hostIP, ctx"; } else { $queryt = "SELECT count(lr.result_id) AS total, risk, lr.hostIP, HEX(lr.ctx) AS ctx\n FROM vuln_nessus_latest_results lr\n WHERE falsepositive='N'\n GROUP BY risk, hostIP, ctx"; } //echo "$queryt<br>"; $resultt = $dbconn->Execute($queryt); while (!$resultt->EOF) { $riskcount = $resultt->fields['total']; $risk = $resultt->fields['risk']; if ($risk == 7) { $data['vInfo'] += $riskcount; } else { if ($risk == 6) { $data['vLow'] += $riskcount; } else { if ($risk == 3) { $data['vMed'] += $riskcount; } else { if ($risk == 2) { $data['vHigh'] += $riskcount; } else { if ($risk == 1) { $data['vSerious'] += $riskcount; } } } } } $resultt->MoveNext(); } if ($data['vInfo'] == 0 && $data['vLow'] == 0 && $data['vMed'] == 0 && $data['vHigh'] == 0 && $data['vSerious'] == 0) { $tdata[] = array("report_id" => "All", "host_name" => "", "scantime" => "", "username" => "", "scantype" => "", "report_key" => "", "report_type" => "", "sid" => "", "profile" => "", "hlink" => "", "plink" => "", "xlink" => "", "vSerious" => $data['vSerious'], "vHigh" => $data['vHigh'], "vMed" => $data['vMed'], "vLow" => $data['vLow'], "vInfo" => $data['vInfo']); } else { $tdata[] = array("report_id" => "All", "host_name" => "", "scantime" => "", "username" => "", "scantype" => "", "report_key" => "", "report_type" => "", "sid" => "", "profile" => "", "hlink" => "lr_reshtml.php?ipl=all&disp=html&output=full&scantype=M", "plink" => "lr_respdf.php?ipl=all&scantype=M", "xlink" => "lr_rescsv.php?ipl=all&scantype=M", "dlink" => "", "vSerious" => $data['vSerious'], "vHigh" => $data['vHigh'], "vMed" => $data['vMed'], "vLow" => $data['vLow'], "vInfo" => $data['vInfo']); } foreach ($result as $data) { if (!Session::hostAllowed_by_ip_ctx($dbconn, $data["hostIP"], $data["ctx"])) { continue; } $host_id = key(Asset_host::get_id_by_ips($dbconn, $data["hostIP"], $data["ctx"])); if (valid_hex32($host_id)) { $data['host_name'] = Asset_host::get_name_by_id($dbconn, $host_id); } $data['vSerious'] = 0; $data['vHigh'] = 0; $data['vMed'] = 0; $data['vLow'] = 0; $data['vInfo'] = 0; // query for reports for each IP $query_risk = "SELECT distinct risk, port, protocol, app, scriptid, msg, hostIP FROM vuln_nessus_latest_results WHERE hostIP = '" . $data['hostIP']; $query_risk .= "' AND username = '******'username'] . "' AND sid =" . $data['sid'] . " AND ctx = UNHEX('" . $data['ctx'] . "') AND falsepositive='N'"; $result_risk = $dbconn->Execute($query_risk); while (!$result_risk->EOF) { if ($result_risk->fields["risk"] == 7) { $data['vInfo']++; } else { if ($result_risk->fields["risk"] == 6) { $data['vLow']++; } else { if ($result_risk->fields["risk"] == 3) { $data['vMed']++; } else { if ($result_risk->fields["risk"] == 2) { $data['vHigh']++; } else { if ($result_risk->fields["risk"] == 1) { $data['vSerious']++; } } } } } $result_risk->MoveNext(); } $data['plink'] = "lr_respdf.php?treport=latest&ipl=" . urlencode($data['hostIP']) . "&ctx=" . $data['ctx'] . "&scantype=" . $data['scantype']; $data['hlink'] = "lr_reshtml.php?treport=latest&ipl=" . urlencode($data['hostIP']) . "&ctx=" . $data['ctx'] . "&scantype=" . $data['scantype']; $data['xlink'] = "lr_rescsv.php?treport=latest&ipl=" . urlencode($data['hostIP']) . "&ctx=" . $data['ctx'] . "&scantype=" . $data['scantype']; if (Session::am_i_admin()) { $data['dlink'] = "index.php?delete=" . $data['report_key'] . "&scantime=" . $data['scantime']; } $list = explode("\n", trim($data['meth_target'])); if (count($list) == 1) { $list[0] = trim($list[0]); $data['target'] = resolve_asset($dbconn, $list[0]); } elseif (count($list) == 2) { $list[0] = trim($list[0]); $list[0] = resolve_asset($dbconn, $list[0]); $list[1] = trim($list[1]); $list[1] = resolve_asset($dbconn, $list[1]); $data['target'] = $list[0] . ' ' . $list[1]; } else { $list[0] = trim($list[0]); $list[0] = resolve_asset($dbconn, $list[0]); $list[count($list) - 1] = trim($list[count($list) - 1]); $list[count($list) - 1] = resolve_asset($dbconn, $list[count($list) - 1]); $data['target'] = $list[0] . " ... " . $list[count($list) - 1]; } $tdata[] = $data; } if ($sortdir == "ASC") { $sortdir = "DESC"; } else { $sortdir = "ASC"; } $url = $_SERVER['SCRIPT_NAME'] . "?offset={$offset}&sortby=%var%&sortdir={$sortdir}" . $url_filter; $fieldMapLinks = array(); $fieldMapLinks = array(gettext("HTML Results") => array('url' => '%param%', 'param' => 'hlink', 'target' => 'main', 'icon' => 'images/html.png'), gettext("PDF Results") => array('url' => '%param%', 'param' => 'plink', 'target' => '_blank', 'icon' => 'images/pdf.png'), gettext("EXCEL Results") => array('url' => '%param%', 'param' => 'xlink', 'target' => '_blank', 'icon' => 'images/page_white_excel.png')); if (Session::am_i_admin()) { $fieldMapLinks["DELETE Results"] = array('url' => '%param%', 'param' => 'dlink', 'target' => 'main', 'icon' => 'images/delete.gif'); } $fieldMap = array("Host - IP" => array('var' => 'hostip'), "Date/Time" => array('var' => 'scantime'), "Profile" => array('var' => 'profile'), "Serious" => array('var' => 'vSerious'), "High" => array('var' => 'vHigh'), "Medium" => array('var' => 'vMed'), "Low" => array('var' => 'vLow'), "Info" => array('var' => 'vInfo'), "Links" => $fieldMapLinks); // echo "<pre>"; // var_dump($tdata); // echo "</pre>"; if (count($tdata) > 1) { drawTableLatest($fieldMap, $tdata, "Hosts"); } elseif (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) { echo "<br><span class='gray'>" . _("No results found: ") . "</span><a href='" . Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?action=create_scan&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs') . "'>" . _("Click here to run a Vulnerability Scan now") . "</a><br><br>"; } } // draw the pager again, if viewing all hosts if (!$filteredView && $reportCount > 10) { ?> <div class="fright tmargin"> <?php if ($next > $pageSize) { ?> <a href="index.php?<?php echo "offset={$previous}{$url_filter}"; ?> " class="pager">< <?php echo _("PREVIOUS"); ?> </a> <?php } else { ?> <a class='link_paginate_disabled' href="" onclick='return false'>< <?php echo _("PREVIOUS"); ?> </a> <?php } if ($next <= $last) { ?> <a class='lmargin' href="index.php?<?php echo "offset={$next}{$url_filter}"; ?> "> <?php echo _("NEXT"); ?> ></a> <?php } else { ?> <a class='link_paginate_disabled lmargin' href="" onclick='return false'><?php echo _("NEXT"); ?> ></a> <?php } ?> </div> <?php } else { echo "<p> </p>"; } }
?> </option> <?php } ?> </select> </td></tr> <tr><td class="nobborder"> <select name="entity"> <option value="">- <?php echo _("All Entities"); ?> -</option> <?php foreach ($entities_all as $entity) { if (Session::am_i_admin() || Acl::am_i_proadmin() && in_array($entity["id"], $entities_list)) { ?> <option value="<?php echo $entity["id"]; ?> "><?php echo $entity["name"]; ?> </option> <?php } } ?> </select> </td></tr> <?php
$scan_name = GET("scan_name"); $sensor_name = GET("sensor_name"); ossim_valid($scan_name, OSS_SCORE, OSS_NULLABLE, OSS_ALPHA, OSS_DOT, 'illegal:' . _("Scan name")); ossim_valid($sensor_name, OSS_NULLABLE, OSS_ALPHA, OSS_SPACE, OSS_PUNC, 'illegal:' . _("Sensor name")); if (ossim_error()) { die(ossim_error()); } $db = new ossim_db(); $dbconn = $db->connect(); $scan_info = explode("_", $scan_name); $users = Session::get_users_to_assign($dbconn); $my_users = array(); foreach ($users as $k => $v) { $my_users[$v->get_login()] = 1; } if ($my_users[$scan_info[1]] != 1 && !Session::am_i_admin()) { return; } $scan = new TrafficScan(); $file = $scan->get_pcap_file($scan_name, $sesor_name); if (file_exists($file)) { header('Cache-Control: cache, must-revalidate'); header('Pragma: no-cache'); // no-cache, public header('Expires: Sat, 26 Jul 1997 05:00:00 GMT'); // Date in the past header('Content-Description: File Transfer'); header('Content-Type: application/binary'); header('Content-Length: ' . filesize($file)); header('Content-Disposition: inline; filename=' . $scan_name); readfile($file);
$conf = $GLOBALS['CONF']; $pass_length_min = $conf->get_conf('pass_length_min') ? $conf->get_conf('pass_length_min') : 7; $pass_length_max = $conf->get_conf('pass_length_max') ? $conf->get_conf('pass_length_max') : 255; $pass_length_max = $pass_length_max < $pass_length_min || $pass_length_max < 1 ? 255 : $pass_length_max; $pass_expire_min = $conf->get_conf('pass_expire_min') ? $conf->get_conf('pass_expire_min') : 0; if (0 != strcmp($pass1, $pass2)) { $validation_errors['pass'] = _('Authentication failure') . '. ' . _('Passwords mismatch'); } elseif (strlen($pass1) < $pass_length_min) { $validation_errors['pass'] = _('Password is not long enough') . ' [' . _('Minimum password size is') . ' ' . $pass_length_min . ']'; } elseif (strlen($pass1) > $pass_length_max) { $validation_errors['pass'] = _('Password is long enough') . ' [' . _('Maximum password size is') . ' ' . $pass_length_max . ']'; } elseif (!Session::pass_check_complexity($pass1)) { $validation_errors['pass'] = _('Password is not strong enough. Check the password policy configuration for more details'); } elseif ($mode == 'update') { $recent_pass = Log_action::get_last_pass($conn, $login); if ($pass_expire_min > 0 && dateDiff_min($last_pass_change, date('Y-m-d H:i:s')) < $pass_expire_min && !Session::am_i_admin()) { $validation_errors['pass'] = _('Password lifetime is too short to allow change. Wait a few minutes...'); } elseif (count($recent_pass) > 0 && (in_array(md5($pass1), $recent_pass) || in_array(hash('sha256', $pass1), $recent_pass))) { $validation_errors['pass'] = _('This password is recently used. Try another'); } } } } } //Checking entities field requirements if (empty($validation_errors['entities[]'])) { //Check allowed entities if ($pro && !$is_my_profile) { foreach ($entities as $ent_id) { if (!Acl::entityAllowed($ent_id)) { $validation_errors['entities[]'] = _("You don't have permission to create users at this level");
<td class='right'> <input type="button" class="av_b_secondary small" value="<?php echo _('Add New'); ?> " onclick="javascript:add_frw_server();return false;"/> </td> </tr> </table> </td> </tr> <?php } ?> <?php if ($mssp && !empty($id) && !$opensource && (Session::am_i_admin() || Acl::am_i_proadmin())) { $tooltip = "<ul class='tip'>\n \t\t\t\t\t\t\t<li>" . _('Right-click on engine nodes to change its name') . "</li>\n \t\t\t\t\t\t\t<li>" . _('Drag and drop contexts between engines') . "</li>\n \t\t\t\t\t\t</ul>"; ?> <tr id='engine_notification'> <td colspan=2 class="noborder"> <div></div> </td> </tr> <tr id='engines_server' > <th style="text-decoration:underline"> <label for='eng_name'><?php echo _('Correlation Options'); ?> </label> <a href='javascript:;' class='tiptip' title="<?php echo $tooltip;
$d_c_from = $filters[1]->get_from(); $d_c_to = $filters[1]->get_to(); //Vulnerabilities $flag_vulns = $filters[5]->is_active(); $vulns_from = $flag_vulns ? $filters[5]->get_to() : 7; $vulns_to = $flag_vulns ? $filters[5]->get_from() : 1; //Asset Value $flag_av = $filters[6]->is_active(); $av_from = $flag_av ? $filters[6]->get_from() : 0; $av_to = $flag_av ? $filters[6]->get_to() : 5; // Getting Filter Legends $f_legend = Filter_list::get_filter_legends(); // Getting Permissions: $perm_add = Session::can_i_create_assets(); // Getting Permissions: $perms = array('admin' => Session::am_i_admin(), 'create' => $perm_add, 'delete' => $perm_add, 'vulnerabilities' => Session::logcheck_bool('environment-menu', 'EventsVulnerabilitiesScan'), 'alarms' => Session::logcheck_bool('analysis-menu', 'ControlPanelAlarms'), 'events' => Session::logcheck_bool('analysis-menu', 'EventsForensics'), 'availability' => Session::logcheck_bool('environment-menu', 'MonitorsAvailability'), 'deploy_agents' => Session::logcheck_bool('environment-menu', 'EventsHidsConfig'), 'nmap' => Session::logcheck_bool('environment-menu', 'ToolsScan')); switch ($notif) { case 'delete': $msg = _('Network has been permanently deleted.'); show_notif($msg, 'nf_success'); break; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title><?php echo _('AlienVault ' . (Session::is_pro() ? 'USM' : 'OSSIM')); ?> </title> <meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1"/>
function checkall() { if (checks) { $("#fuser").unCheckCheckboxes(".i_perms", true); checks = 0; } else { $("#fuser").checkCheckboxes(".i_perms", true); checks = 1; } } <?php if (Session::am_i_admin() && Session::is_pro()) { ?> function save_inputs() { var data = new Array(); data[0] = $('#login').val(); data[1] = $('#user_name').val(); data[2] = $('#email').val(); data[3] = $('#language').val(); data[4] = $('#tzone').val(); if ($('#fl_yes').length >= 1) { data[5] = ($('#fl_yes:checked').length == 1) ? 'fl_yes' : 'fl_no';
* * You should have received a copy of the GNU General Public License * along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck("dashboard-menu", "IPReputation"); $perms = array('admin' => Session::am_i_admin()); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title><?php echo _('Open Threat Exchange Configuration'); ?> </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <meta http-equiv="Pragma" content="no-cache"/> <?php //CSS Files $_files = array(array('src' => 'jquery-ui.css', 'def_path' => TRUE), array('src' => 'jquery.dataTables.css', 'def_path' => TRUE), array('src' => 'av_common.css', 'def_path' => TRUE), array('src' => 'jquery.switch.css', 'def_path' => TRUE), array('src' => 'tipTip.css', 'def_path' => TRUE), array('src' => 'jquery.dropdown.css', 'def_path' => TRUE), array('src' => 'av_table.css', 'def_path' => TRUE), array('src' => 'otx/av_pulse.css', 'def_path' => TRUE));
?> ', 600, '90%');"><div><span class="add" style="padding-left:20px;font-size:12px"><b><?php echo _("New Directive"); ?> </b></span></div></div> <div class="btnseparator"></div> <div class="fbutton" onclick="GB_show('Test Directives', '/ossim/directives/test.php?engine_id=<?php echo $engine_id; ?> ', 200, 500);"><div><span class="test" style="padding-left:20px;font-size:12px"><b><?php echo _("Test Directives"); ?> </b></span></div></div> <div class="btnseparator"></div> <?php if (Session::am_i_admin() && 1 == 2) { // Temporary hidden ?> <div class="fbutton" onclick="GB_show('User Contributed Directives', '/ossim/directives/editxml.php?engine_id=<?php echo $engine_id; ?> ', 600, '90%');"><div><span class="xml" style="padding-left:20px;font-size:12px"><b><?php echo _("Edit XML"); ?> </b></span></div></div> <div class="btnseparator"></div> <?php } ?> <div class="fbutton" onclick="restart_directives();"><div><span class="apply <?php echo Web_indicator::is_on("Reload_directives") ? "reload_red" : "";
function PrintPredefinedViews() { global $opensource; $current_str = $_SESSION['current_cview'] != "default" && $_SESSION['current_cview'] != "" ? Util::htmlentities($_SESSION['current_cview']) : _("Default"); // Get default view require_once "ossim_conf.inc"; $conf = $GLOBALS["CONF"]; $idm_enabled = $conf->get_conf("enable_idm") == 1 && Session::is_pro() ? true : false; $login = Session::get_session_user(); $db_aux = new ossim_db(true); $conn_aux = $db_aux->connect(); $config = new User_config($conn_aux); $default_view = $config->get($login, 'custom_view_default', 'php', "siem") != "" ? $config->get($login, 'custom_view_default', 'php', "siem") : ($idm_enabled ? 'IDM' : 'default'); $db_aux->close($conn_aux); ?> <button id="views_link" class="button av_b_secondary"> <?php echo _('Change View'); ?> ▾ </button> <div id="custom_views" class="dropdown dropdown-secondary dropdown-close dropdown-tip dropdown-anchor-right dropdown-scrolling" style='display:none'> <ul id="custom_views_ul" class="dropdown-menu"> <?php if (Session::am_i_admin()) { ?> <li><a href="#" onclick="GB_show('<?php echo _("Edit Current View"); ?> ','/forensics/custom_view_edit.php?edit=1',480,700);$('#custom_views').hide();return false"><?php echo _("Edit Current View"); ?> </a></li> <li><a href="#" onclick="GB_show('<?php echo _("Create new custom view"); ?> ','/forensics/custom_view_edit.php',480,700);$('#custom_views').hide();return false"><?php echo _("Create New View"); ?> </a></li> <?php } foreach ($_SESSION['views'] as $name => $attr) { $dname = $name == "default" ? "Default" : $name; $selected = $_SESSION['current_cview'] == $name ? "► " : ""; ?> <li><a href="#" onclick="change_view('<?php echo Util::htmlentities($name); ?> ');$('#custom_views').hide()"><?php echo $selected . Util::htmlentities($dname); ?> </a></li> <?php } ?> </ul> </div> <?php }
$content = _('The sensor is busy'); $type = 'nf_warning'; } } } // Delete scan if ($op == 'delete' && $scan_name != '' && $sensor_ip != '') { $content = _('Deleting capture... wait a few seconds'); $type = 'nf_success'; $scan_info = explode('_', $scan_name); $users = Session::get_users_to_assign($dbconn); $my_users = array(); foreach ($users as $k => $v) { $my_users[$v->get_login()] = 1; } if ($my_users[$scan_info[1]] == 1 || Session::am_i_admin()) { $scan->delete_scan($scan_name, $sensor_ip); } } // Stop capture if ($op == 'stop' && $sensor_ip != '') { if (Session::sensorAllowed($sensor_ip)) { $scan->stop_capture($sensor_ip); } $db->close(); exit; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head>
function get_notifications($conn) { $notifications = array(); if (Session::menu_perms('configuration-menu', 'PolicySensors')) { $new_sensors = Av_sensor::get_unregistered($conn); if (count($new_sensors) > 0) { $notif['msg'] = count($new_sensors) > 1 ? _('New Sensors Detected') : _('New Sensor Detected'); $notif['class'] = 'nl_sensors'; $notifications[$notif['class']] = $notif; } } if (Session::am_i_admin()) { $trial_days = calc_days_to_expire(); if ($trial_days !== FALSE) { $notif['msg'] = $trial_days == 0 ? _('Trial Version expired') : $trial_days . ' ' . _('Days Left of Free Trial'); $notif['class'] = 'nl_trial'; $notifications[$notif['class']] = $notif; } $new_updates = get_only_updates(); if ($new_updates == TRUE) { $notif['msg'] = _('New Updates Available'); $notif['class'] = 'nl_updates'; $notifications[$notif['class']] = $notif; } $unread = get_status_messages(); if ($unread) { $notif['msg'] = _('New Warnings & Errors'); $notif['class'] = 'nl_messages'; $notifications[$notif['class']] = $notif; } $otx = calc_otx_notif(); if ($otx === TRUE) { $notif['msg'] = _('Contribute to AlienVault OTX'); $notif['class'] = 'nl_otx'; $notifications[$notif['class']] = $notif; } $devices = calc_devices_total($conn); $max_dev = intval($_SESSION["_max_devices"]); //This val is loaded when the users log in. (session.inc) if ($max_dev > 0 && $devices > $max_dev) { $over = $devices - $max_dev; $notif['msg'] = _("License Violation - {$over} Assets Over"); $notif['class'] = 'nl_device_exceed'; $notifications[$notif['class']] = $notif; } } $return['error'] = FALSE; $return['output'] = $notifications; return $return; }
function echochildrens($entities, $parent_id, $withusers, $entities_admin) { $length_name = 50; echo ",children:["; /* Connect to db */ $db = new ossim_db(); $conn = $db->connect(); $users_by_entity = Acl::get_users_by_entity($conn, $parent_id); $me = Session::get_session_user(); $entities_types = Acl::get_entities_types($conn); $is_editable = $parent_id != "" && (!empty($users_by_entity[$me]) || Session::am_i_admin() || !empty($entities_admin[$me])); if ($is_editable) { echo "{title:'<font style=\"font-weight:normal\">" . _("All Assets") . "</font>', key:'ae_" . $parent_id . "', icon:'../../pixmaps/menu/assets.gif', isFolder:true, isLazy:true}"; if ($withusers) { echo ",{title:'<font style=\"font-weight:normal\">" . _("Assets by user") . "</font>', key:'ue_" . $parent_id . "', icon:'../../pixmaps/menu/assets.gif', isFolder:true, isLazy:true}"; } } $children = Acl::get_entity_childs($conn, $parent_id); if (!empty($children)) { $flag = false; foreach ($children as $index => $child_id) { $icon = "../../pixmaps/theme/any.png"; $child = $entities[0][$child_id]; $entity_allowed = Acl::entityAllowed($child_id); if ($entity_allowed == 2) { $child_link = "noLink: false"; $child_url = "../acl/entities_edit.php?id=" . $child_id; } else { $child_link = "noLink: true"; $child_url = ""; } $child_key = "e_" . $child_id; $child_sn = strlen($child['name']) > $length_name ? substr($child['name'], 0, $length_name) . "..." : $child['name']; $child_name = Util::htmlentities($child['name']); $chil_ent_admin = $entities_admin; $chil_ent_admin[$child['admin_user']] = $child_id; if ($child['parent_id'] == $parent_id) { $title = "<font style=\"font-weight:bold;\">" . Util::htmlentities($child_sn) . "</font> <font style=\"color:gray\">[" . $entities_types[$child['type']]['name'] . "]</font>"; $tooltip = Util::htmlentities($child['name']) . " [" . $entities_types[$child['type']]['name'] . "]"; if ($flag || $is_editable) { echo ","; } $flag = true; $h = "400"; echo "{title:'" . $title . "', h:'{$h}', " . $child_link . ", url:'" . $child_url . "', tooltip:'{$tooltip}', key:'" . $child_key . "', icon:'{$icon}', expand:true, name:'{$child_name}'"; echochildrens($entities, $child_id, $withusers, $entities_admin); echo "}"; } } } echo "]"; }
function get_report_data($id = NULL) { $conf = $GLOBALS['CONF']; $conf = !$conf ? new Ossim_conf() : $conf; $y = strftime('%Y', time() - 24 * 60 * 60 * 30); $m = strftime('%m', time() - 24 * 60 * 60 * 30); $d = strftime('%d', time() - 24 * 60 * 60 * 30); $reports['asset_report'] = array('report_name' => _('Asset Details'), 'report_id' => 'asset_report', 'type' => 'external', 'link_id' => 'link_ar_asset', 'link' => '', 'parameters' => array(array('name' => _('Host Name/IP/Network'), 'id' => 'ar_asset', 'type' => 'asset', 'default_value' => '')), 'access' => Session::menu_perms('environment-menu', 'PolicyHosts') || Session::menu_perms('environment-menu', 'PolicyNetworks'), 'send_by_email' => 0); $status_values = array('All' => array('text' => _('All')), 'Open' => array('text' => _('Open')), 'Assigned' => array('text' => _('Assigned')), 'Studying' => array('text' => _('Studying')), 'Waiting' => array('text' => _('Waiting')), 'Testing' => array('text' => _('Testing')), 'Closed' => array('text' => _('Closed'))); $types_values = array('ALL' => array('text' => _('ALL')), 'Expansion Virus' => array('text' => _('Expansion Virus')), 'Corporative Nets Attack' => array('text' => _('Corporative Nets Attack')), 'Policy Violation' => array('text' => _('Policy Violation')), 'Security Weakness' => array('text' => _('Security Weakness')), 'Net Performance' => array('text' => _('Net Performance')), 'Applications and Systems Failures' => array('text' => _('Applications and Systems Failures')), 'Anomalies' => array('text' => _('Anomalies')), 'Vulnerability' => array('text' => _('Vulnerability'))); $priority_values = array('High' => _('High'), 'Medium' => _('Medium'), 'Low' => _('Low')); $reports['tickets_report'] = array('report_name' => _('Tickets Report'), 'report_id' => 'tickets_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'alarm' => array('id' => 'alarm', 'name' => _('Alarm'), 'report_file' => 'os_reports/Tickets/Alarm.php'), 'event' => array('id' => 'event', 'name' => _('Event'), 'report_file' => 'os_reports/Tickets/Event.php'), 'anomaly' => array('id' => 'anomaly', 'name' => _('Anomaly'), 'report_file' => 'os_reports/Tickets/Anomaly.php'), 'vulnerability' => array('id' => 'vulnerability', 'name' => _('Vulnerability'), 'report_file' => 'os_reports/Tickets/Vulnerability.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'tr_date_from', 'date_to_id' => 'tr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d'))), array('name' => _('Status'), 'id' => 'tr_status', 'type' => 'select', 'values' => $status_values), array('name' => _('Type'), 'id' => 'tr_type', 'type' => 'select', 'values' => $types_values), array('name' => _('Priority'), 'id' => 'tr_priority', 'type' => 'checkbox', 'values' => $priority_values)), 'access' => Session::menu_perms('analysis-menu', 'IncidentsIncidents'), 'send_by_email' => 1); $reports['alarm_report'] = array('report_name' => _('Alarms Report'), 'report_id' => 'alarm_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'top_attacker_host' => array('id' => 'top_attacker_host', 'name' => _('Top 10 Attacker Host'), 'report_file' => 'os_reports/Alarms/AttackerHosts.php'), 'top_attacked_host' => array('id' => 'top_attacked_host', 'name' => _('Top 10 Attacked Host'), 'report_file' => 'os_reports/Alarms/AttackedHosts.php'), 'used_port' => array('id' => 'used_port', 'name' => _('Top 10 Used Ports'), 'report_file' => 'os_reports/Alarms/UsedPorts.php'), 'top_events' => array('id' => 'top_events', 'name' => _('Top 15 Alarms'), 'report_file' => 'os_reports/Alarms/TopAlarms.php'), 'events_by_risk' => array('id' => 'events_by_risk', 'name' => _('Top 15 Alarms by Risk'), 'report_file' => 'os_reports/Alarms/TopAlarmsByRisk.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'ar_date_from', 'date_to_id' => 'ar_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'ControlPanelAlarms'), 'send_by_email' => 1); $reports['bc_pci_report'] = array('report_name' => _('Business & Compliance ISO PCI Report'), 'report_id' => 'bc_pci_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'threat_overview' => array('id' => 'threat_overview', 'name' => _('Threat overview'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ThreatOverview.php'), 'bri_risks' => array('id' => 'bri_risks', 'name' => _('Business real impact risks'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/BusinessPotentialImpactsRisks.php'), 'ciap_impact' => array('id' => 'ciap_impact', 'name' => _('C.I.A Potential impact'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/CIAPotentialImpactsRisks.php'), 'pci_dss' => array('id' => 'pci_dss', 'name' => _('PCI-DSS 2.0'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/PCI-DSS.php'), 'pci_dss3' => array('id' => 'pci_dss3', 'name' => _('PCI-DSS 3.0'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/PCI-DSS3.php'), 'trends' => array('id' => 'trends', 'name' => _('Trends'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/Trends.php'), 'iso27002_p_impact' => array('id' => 'iso27002_p_impact', 'name' => _('ISO27002 Potential impact'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ISO27002PotentialImpact.php'), 'iso27001' => array('id' => 'iso27001', 'name' => _('ISO27001'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ISO27001.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'bc_pci_date_from', 'date_to_id' => 'bc_pci_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('report-menu', 'ReportsReportServer'), 'send_by_email' => 1); $reports['siem_report'] = array('report_name' => _('SIEM Events'), 'report_id' => 'siem_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'top_attacker_host' => array('id' => 'top_attacker_host', 'name' => _('Top 10 Attacker Host'), 'report_file' => 'os_reports/Siem/AttackerHosts.php'), 'top_attacked_host' => array('id' => 'top_attacked_host', 'name' => _('Top 10 Attacked Host'), 'report_file' => 'os_reports/Siem/AttackedHosts.php'), 'used_port' => array('id' => 'used_port', 'name' => _('Top 10 Used Ports'), 'report_file' => 'os_reports/Siem/UsedPorts.php'), 'top_events' => array('id' => 'top_events', 'name' => _('Top 15 Events'), 'report_file' => 'os_reports/Siem/TopEvents.php'), 'events_by_risk' => array('id' => 'events_by_risk', 'name' => _('Top 15 Events by Risk'), 'report_file' => 'os_reports/Siem/TopEventsByRisk.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'sr_date_from', 'date_to_id' => 'sr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'EventsForensics'), 'send_by_email' => 1); $reports['vulnerabilities_report'] = array('report_name' => _('Vulnerabilities Report'), 'report_id' => 'vulnerabilities_report', 'type' => 'external', 'target' => '_blank', 'link_id' => 'link_vr', 'link' => Menu::get_menu_url('../vulnmeter/lr_respdf.php?ipl=all&scantype=M', 'environment', 'vulnerabilities', 'overview'), 'access' => Session::menu_perms('analysis-menu', 'EventsVulnerabilities'), 'send_by_email' => 0); $reports['th_vuln_db'] = array('report_name' => _('Threats & Vulnerabilities Database'), 'report_id' => 'th_vuln_db', 'type' => 'external', 'link_id' => 'link_tvd', 'link' => Menu::get_menu_url('../vulnmeter/threats-db.php', 'environment', 'vulnerabilities', 'threat_database'), 'access' => Session::menu_perms('analysis-menu', 'EventsVulnerabilities'), 'send_by_email' => 0); $reports['ticket_status'] = array('report_name' => _('Tickets Status'), 'report_id' => 'ticket_status', 'type' => 'external', 'link_id' => 'link_tr', 'link' => Menu::get_menu_url('../report/incidentreport.php', 'analysis', 'tickets', 'tickets'), 'access' => Session::menu_perms('analysis-menu', 'IncidentsIncidents'), 'send_by_email' => 0); $db = new ossim_db(); $conn = $db->connect(); $user = Session::get_session_user(); $session_list = Session::get_list($conn, 'ORDER BY login'); if (preg_match('/pro|demo/', $conf->get_conf('ossim_server_version')) && !Session::am_i_admin()) { $myusers = Acl::get_my_users($conn, Session::get_session_user()); if (count($myusers) > 0) { $is_pro_admin = 1; } } // User Log lists if (Session::am_i_admin()) { $user_values[''] = array('text' => _('All')); if ($session_list) { foreach ($session_list as $session) { $login = $session->get_login(); $user_values[$login] = $login == $user ? array('text' => $login, 'selected' => TRUE) : array('text' => $login); } } } elseif ($is_pro_admin) { foreach ($myusers as $myuser) { $user_values[$myuser['login']] = array('text' => $myuser['login']); $user_values[$user] = array('text' => $user, 'selected' => TRUE); } } else { $user_values[$user] = array('text' => $user); } $code_list = Log_config::get_list($conn, 'ORDER BY descr'); $action_values[''] = array('text' => _('All')); if ($code_list) { foreach ($code_list as $code_log) { $code_aux = $code_log->get_code(); $action_values[$code_aux] = array('text' => '[' . sprintf("%02d", $code_aux) . '] ' . _(preg_replace('|%.*?%|', " ", $code_log->get_descr()))); } } $reports['user_activity'] = array('report_name' => _('User Activity Report'), 'report_id' => 'user_activity', 'type' => 'external', 'link_id' => 'link_ua', 'link' => Menu::get_menu_url('../userlog/user_action_log.php', 'settings', 'settings', 'user_activity'), 'parameters' => array(array('name' => _('User'), 'id' => 'ua_user', 'type' => 'select', 'values' => $user_values), array('name' => _('Action'), 'id' => 'ua_action', 'type' => 'select', 'values' => $action_values)), 'access' => Session::menu_perms('settings-menu', 'ToolsUserLog'), 'send_by_email' => 0); $reports['geographic_report'] = array('report_name' => _('Geographic Report'), 'report_id' => 'geographic_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'geographic_report' => array('id' => 'geographic_report', 'name' => _('Geographic Report'), 'report_file' => 'os_reports/Various/Geographic.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'gr_date_from', 'date_to_id' => 'gr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'EventsForensics'), 'send_by_email' => 1); //Sensor list $sensor_values[''] = array('text' => ' -- ' . _('Sensors no found') . ' -- '); $filters = array('order_by' => 'name'); $sensor_list = Av_sensor::get_basic_list($conn, $filters); $filters = array('order_by' => 'priority desc'); list($sensor_list, $sensor_total) = Av_sensor::get_list($conn, $filters); if ($sensor_total > 0) { $sensor_values = array(); foreach ($sensor_list as $s) { $properties = $s['properties']; if ($properties['has_nagios']) { $sensor_values[$s['ip']] = array('text' => $s['name']); } } } /* Nagios link */ $nagios_link = $conf->get_conf('nagios_link'); $scheme = empty($_SERVER['HTTPS']) ? 'http://' : 'https://'; $path = !empty($nagios_link) ? $nagios_link : '/nagios3/'; $port = !empty($_SERVER['SERVER_PORT']) ? ':' . $_SERVER['SERVER_PORT'] : ""; $nagios = $port . $path; $section_values = array(urlencode($nagios . 'cgi-bin/trends.cgi') => array('text' => _('Trends')), urlencode($nagios . 'cgi-bin/avail.cgi') => array('text' => _('Availability')), urlencode($nagios . 'cgi-bin/histogram.cgi') => array('text' => _('Event Histogram')), urlencode($nagios . 'cgi-bin/history.cgi?host=all') => array('text' => _('Event History')), urlencode($nagios . 'cgi-bin/summary.cgi') => array('text' => _('Event Summary')), urlencode($nagios . 'cgi-bin/notifications.cgi') => array('text' => _('Notifications')), urlencode($nagios . 'cgi-bin/showlog.cgi') => array('text' => _('Performance Info'))); $reports['availability_report'] = array('report_name' => _('Availability Report'), 'report_id' => 'availability_report', 'type' => 'external', 'link_id' => 'link_avr', 'click' => "nagios_link('avr_nagios_link', 'avr_sensor', 'avr_section');", 'parameters' => array(array('name' => _('Sensor'), 'id' => 'avr_sensor', 'type' => 'select', 'values' => $sensor_values), array('name' => 'Nagioslink', 'id' => 'avr_nagios_link', 'type' => 'hidden', 'default_value' => urlencode($scheme)), array('name' => _('Section'), 'id' => 'avr_section', 'type' => 'select', 'values' => $section_values)), 'access' => Session::menu_perms('environment-menu', 'MonitorsAvailability'), 'send_by_email' => 0); $db->close(); if ($id == NULL) { ksort($reports); return $reports; } else { return !empty($reports[$id]) ? $reports[$id] : array(); } }
if ($edit && $_SESSION['current_cview'] != 'default') { ?> <input type="button" class="small av_b_secondary" onclick="document.fcols.save.value='insert';document.fcols.selected_cols.value=getselectedcombovalue('cols');document.fcols.submit()" value="<?php echo _("Save As"); ?> " id="saveasbutton" disabled='disabled'> <input type="button" class="small av_b_secondary" onclick="if(confirm('<?php echo Util::js_entities(_("Are you sure?")); ?> ')) { document.fcols.save.value='delete';document.fcols.submit() }" value="<?php echo _("Delete"); ?> "> <?php } if (Session::am_i_admin() && $edit && !$opensource) { ?> <input type="button" class="small av_b_secondary" onclick="document.fcols.save.value='report';document.fcols.selected_cols.value=getselectedcombovalue('cols');document.fcols.submit()" value="<?php echo _("Save as Report Module"); ?> "> <?php } ?> <input type="button" class="small av_b_secondary" onclick="parent.GB_hide()" value="<?php echo _("Cancel"); ?> "> <input type="button" class="small" onclick="document.fcols.selected_cols.value=getselectedcombovalue('cols');document.fcols.submit()" value="<?php echo $edit ? _("Save") : _("Create"); ?>
function select_profile() { global $sid, $username, $dbconn, $version, $nessus_path; $args = ""; if (!Session::am_i_admin()) { list($owners, $sqlowners) = Vulnerabilities::get_users_and_entities_filter($dbconn); $owners[] = '0'; $sql_perms .= " OR owner IN('" . implode("', '", $owners) . "')"; $args = "WHERE name='Default' OR name='Deep' OR name='Ultimate' " . $sql_perms; } $layouts = array(); $query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings {$args} ORDER BY name"; $dbconn->SetFetchMode(ADODB_FETCH_BOTH); $result = $dbconn->execute($query); echo "<CENTER>"; echo "<table class=\"transparent\"><tr><td class=\"sec_title\">" . _("Vulnerability Scan Profiles") . "</td></tr></table>"; echo "<p>"; echo _("Please select a profile to edit") . ":"; echo "</p>"; echo "<table class='table_list'>"; echo "<tr>"; echo "<th>" . _("Available for") . "</th>"; echo "<th>" . _("Profile") . "</th>"; echo "<th>" . _("Description") . "</th>"; echo "<th>" . _("Action") . "</th>"; echo "</tr>"; $color = 0; while (!$result->EOF) { $sid = $result->fields[0]; $sname = $result->fields[1]; $sdescription = $result->fields[2]; $sowner = $result->fields[3]; $stype = $result->fields[4]; echo "<tr id='profile{$sid}'>"; if ($sowner == "0") { echo "<td>" . _("All") . "</td>"; } elseif (valid_hex32($sowner)) { echo "<td style='padding:0px 2px 0px 2px;'>" . Session::get_entity_name($dbconn, $sowner) . "</td>"; } else { echo "<td>" . Util::htmlentities($sowner) . "</td>"; } echo "<td width='200'>" . Util::htmlentities($sname) . "</td>"; echo "<td width='450'>" . Util::htmlentities($sdescription) . "</td>"; echo "<td>"; if ($sname == "Default" || $sname == "Deep" || $sname == "Ultimate") { echo "<img src=\"images/pencil.png\" class=\"tip disabled\" title=\"" . _("{$sname} profile can't be edited, clone it to make changes") . "\" />"; echo "<img src=\"images/delete.gif\" class=\"tip disabled\" title=\"" . _("{$sname} profile can't be deleted") . "\" />"; } else { if (Vulnerabilities::can_modify_profile($dbconn, $sname, $sowner)) { echo "<a href='settings.php?disp=edit&sid={$sid}'><img class='hand' id='edit_" . md5($sname . $sowner) . "' src='images/pencil.png' ></a>"; } else { echo "<img class='disabled' src='images/pencil.png'>"; } if (Vulnerabilities::can_delete_profile($dbconn, $sname, $sowner)) { echo "<img class='hand' src='images/delete.gif' id='delete_" . md5($sname . $sowner) . "' onclick='deleteProfile({$sid})'>"; } else { echo "<img class='disabled' src=\"images/delete.gif\" >"; } } echo "</td>"; echo "</tr>"; $result->MoveNext(); $color++; } echo "</table>"; echo "<center>"; echo "<form>"; echo "<br/>"; echo "<input type='button' onclick=\"document.location.href='settings.php?disp=new'\" id=\"new_profile\" value=\"" . _("Create New Profile") . "\"/>"; echo "</form>"; echo "</p>"; echo "</center>"; // end else }
* * You should have received a copy of the GNU General Public License * along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; Session::logcheck("analysis-menu", "IncidentsTypes"); if (!Session::am_i_admin() && !Session::menu_perms("analysis-menu", "IncidentsTypes")) { die(ossim_error(_("Sorry, you are not allowed to perform this action"))); } $inctype_id = POST('inctype_id'); ossim_valid($inctype_id, OSS_ALPHA, OSS_SPACE, OSS_PUNC, 'illegal:' . _("Incident ID")); if (ossim_error()) { $data['status'] = 'error'; $data['data'] = ossim_get_error(); echo json_encode($data); exit; } $db = new ossim_db(); $conn = $db->connect(); Incident_type::delete($conn, $inctype_id); $db->close($conn); $data['status'] = 'OK';
function select_profile() { global $sid, $username, $dbconn, $version, $nessus_path; $used_sids = array(); if (preg_match("/omp\\s*\$/i", $nessus_path)) { $omp = new OMP(); $used_sids = $omp->get_used_sids(); } $entities_nt = array(); $query = "SELECT ae.id as eid, ae.name as ename, aet.name as etype FROM acl_entities AS ae, acl_entities_types AS aet WHERE ae.type = aet.id"; $result_entities = $dbconn->Execute($query); while (!$result_entities->EOF) { $entities_nt[$result_entities->fields['eid']] = $result_entities->fields['ename'] . " [" . $result_entities->fields['etype'] . "]"; $result_entities->MoveNext(); } $query = ""; $normal_user_pro = false; if ($username == "admin") { $query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n WHERE deleted != '1' ORDER BY name"; } else { if (preg_match("/pro|demo/i", $version)) { if (Acl::am_i_proadmin()) { $pro_users = array(); $entities_list = array(); //list($entities_admin,$num) = Acl::get_entities_admin($dbconn,Session::get_session_user()); //$entities_list = array_keys($entities_admin); $entities_list = Acl::get_user_entities($current_user); $users = Acl::get_my_users($dbconn, Session::get_session_user()); foreach ($users as $us) { $pro_users[] = $us["login"]; } $query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n WHERE deleted != '1' and (name='Default' or owner in ('0','" . implode("', '", array_merge($entities_list, $pro_users)) . "')) ORDER BY name"; } else { $tmp = array(); $entities = Acl::get_user_entities($username); foreach ($entities as $entity) { $tmp[] = "'" . $entity . "'"; } if (count($tmp) > 0) { $user_where = "owner in ('0','{$username}'," . implode(", ", $tmp) . ")"; } else { $user_where = "owner in ('0','{$username}')"; } $query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n WHERE deleted != '1' and (name='Default' or {$user_where}) ORDER BY name"; $normal_user_pro = true; } } else { $query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n WHERE deleted != '1' and (name='Default' or owner in ('0','{$username}')) ORDER BY name"; } } //var_dump($query); $result = $dbconn->execute($query); //echo $query; echo "<CENTER>"; echo "<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"800\"><tr><td class=\"headerpr\" style=\"border:0;\">" . _("Vulnerability Scan Profiles") . "</td></tr></table>"; echo "<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"800\"><tr><td class=\"noborder\">"; echo "<p>"; echo _("Please select a profile to edit") . ":"; echo "</p>"; echo "<table align='center'>"; echo "<tr>"; if ($username == "admin" || Session::am_i_admin()) { echo "<th>" . _("Available for") . "</th>"; } echo " <th>" . _("Profile") . "</th>"; echo " <th>" . _("Description") . "</th>"; echo " <th>" . _("Action") . "</th>"; echo "</tr>"; while (!$result->EOF) { //<td>$sowner</td> //<td>$stype</td> list($sid, $sname, $sdescription, $sowner, $stype) = $result->fields; echo "<tr>"; if ($username == "admin" || Session::am_i_admin()) { if ($sowner == "0") { echo "<td>" . _("All") . "</td>"; } elseif (is_numeric($sowner)) { echo "<td style='padding:0px 2px 0px 2px;'>" . $entities_nt[$sowner] . "</td>"; } else { echo "<td>" . html_entity_decode($sowner) . "</td>"; } } echo "<td>" . html_entity_decode($sname) . "</td>"; echo "<td>" . html_entity_decode($sdescription) . "</td>"; echo "<td>"; //var_dump($normal_user_pro); //var_dump($sowner); //var_dump($username); //var_dump($used_sids); if ($normal_user_pro && $sowner != $username && $sname != "Default") { echo " "; } elseif ($username == "admin" || Session::am_i_admin()) { if (!in_array($sid, $used_sids)) { echo "<a href=\"settings.php?disp=edit&&sid={$sid}\"><img src=\"images/pencil.png\"></a>"; echo "<a href=\"settings.php?disp=edit&op=delete&sid={$sid}\" onclick=\"return confirmDelete();\"><img src=\"images/delete.gif\"></a>"; } else { echo "<img src=\"images/pencil.png\" title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\">"; echo "<img src=\"images/delete.gif\" title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\">"; } } elseif ($sname == "Default") { echo "[" . _("edit by admin") . "]"; } elseif ($sname != "Default") { if (!in_array($sid, $used_sids)) { echo "<a href=\"settings.php?disp=edit&&sid={$sid}\"><img src=\"images/pencil.png\"></a>"; echo "<a href=\"settings.php?disp=edit&op=delete&sid={$sid}\" onclick=\"return confirmDelete();\"><img src=\"images/delete.gif\"></a>"; } else { echo "<img title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\" src=\"images/pencil.png\">"; echo "<img title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\" src=\"images/delete.gif\">"; } } echo "</td>"; echo "</tr>"; $result->MoveNext(); } echo "</table>"; echo "<center>"; echo "<p>"; echo "<form>"; echo "<input type=button onclick=\"document.location.href='settings.php?disp=new'\" value=\"" . _("Create New Profile") . "\" class=\"button\"> "; if ($username == "admin" || Session::am_i_admin()) { echo "<input type=button onclick=\"document.location.href='defaults.php'\" value=\"" . _("Edit default profile") . "\" class=\"button\">"; } echo "</form>"; echo "</p>"; echo "</center>"; echo "<br><br>"; echo "</td></tr></table></center>"; // end else }
$error->display("FORM_MISSING_FIELDS"); } /* check for old password if not actual user or admin */ if ($_SESSION["_user"] != $user && !Session::am_i_admin() && !is_array($user_list = Session::get_list($conn, "WHERE login = '******' and pass = '******'"))) { require_once "ossim_error.inc"; $error = new OssimError(); $error->display("BAD_OLD_PASSWORD"); } /* check passwords */ if (0 != strcmp($pass1, $pass2)) { require_once "ossim_error.inc"; $error = new OssimError(); $error->display("PASSWORDS_MISMATCH"); } /* only the user himself or the admin can change passwords */ if (POST('user') != $_SESSION["_user"] && !Session::am_i_admin()) { die(ossim_error(_("To change the password for other user is not allowed"))); } /* check OK, insert into DB */ if (POST('update')) { Session::changepass($conn, $user, $pass1); ?> <p> <?php echo gettext("User succesfully updated"); ?> </p> <?php $location = "users.php"; sleep(2); echo "<script>\n///history.go(-1);\nwindow.location='{$location}';\n</script>\n"; ?>
* along with this package; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, * MA 02110-1301 USA * * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; //First we check we have session active Session::useractive(); //Then we check the permissions if (!Session::am_i_admin()) { $response['error'] = TRUE; $response['msg'] = _('You do not have permissions to see this section'); echo json_encode($response); exit - 1; } /* * * <------------------------ BEGINNING OF THE FUNCTIONS ------------------------> * */ function check_wizard_object($wizard) { if ($wizard === FALSE) { throw new Exception(_("There was an error, the Welcome_wizard object doesn't exist. Try again later")); }
function echochildrens($entities, $parent_id, $entities_admin) { /* Connect to db */ $db = new ossim_db(); $conn = $db->connect(); $users_by_entity = Acl::get_users_by_entity($conn, $parent_id); $me = Session::get_session_user(); $entities_types = Acl::get_entities_types($conn); $length_name = !empty($_GET['length_name']) ? GET('length_name') : 30; echo ",children:["; $is_editable = $parent_id != "" && (!empty($users_by_entity[$me]) || Session::am_i_admin() || !empty($entities_admin[$me])); if ($is_editable) { echo "{title:'<font style=\"font-weight:normal\">" . _("All Assets") . "</font>', url:'AllAssets', key:'e_" . $parent_id . "_allassets', icon:'../../pixmaps/menu/assets.gif', isFolder:false, expand:true,"; echo "children:[ "; echo "{ key:'e_" . $parent_id . "_net', isFolder:true, isLazy:true, icon:'../../pixmaps/theme/net.png', title:'" . _("Networks") . "'},"; echo "{ key:'e_" . $parent_id . "_sensor', isFolder:true, isLazy:true, icon:'../../pixmaps/theme/server.png', title:'" . _("Sensors") . "'}"; echo "]}"; } $children = Acl::get_entity_childs($conn, $parent_id); if (!empty($children)) { $flag = false; foreach ($children as $index => $child_id) { $icon = "../../pixmaps/theme/any.png"; $child = $entities[0][$child_id]; $entity_allowed = Acl::entityAllowed($child_id); $child_key = "e_" . $child_id; $child_sn = strlen($child['name']) > $length_name ? substr($child['name'], 0, $length_name) . "..." : $child['name']; $child_name = Util::htmlentities($child['name']); $chil_ent_admin = $entities_admin; $chil_ent_admin[$child['admin_user']] = $child_id; if ($child['parent_id'] == $parent_id) { $title = "<font style=\"font-weight:bold;\">" . Util::htmlentities($child_sn) . "</font> <font style=\"color:gray\">[" . $entities_types[$child['type']]['name'] . "]</font>"; $tooltip = Util::htmlentities($child['name']) . " [" . $entities_types[$child['type']]['name'] . "]"; if ($flag || $is_editable) { echo ","; } $flag = true; echo "{title:'" . $title . "', tooltip:'{$tooltip}', noLink: true, url:'" . $child_url . "', key:'" . $child_key . "', icon:'{$icon}', expand:true, name:'{$child_name}'"; echochildrens($entities, $child_id, $withusers, $entities_admin, $length_name); echo "}"; } } } echo "]"; }