$allow_deny_op = $_POST['allow_deny_op']; $enable_forwarding = $_POST['enable_forwarding']; $scope_range_1 = $_POST['scope_range_1']; $scope_range_2 = $_POST['scope_range_2']; $bootp_filename = $_POST['bootp_filename']; $bootp_server = $_POST['bootp_server']; $broadcast_address = $_POST['broadcast_address']; $ntp_servers = $_POST['ntp_servers']; $netbios_servers = $_POST['netbios_servers']; $default_lease = $_POST['default_lease']; $min_lease = $_POST['min_lease']; $max_lease = $_POST['max_lease']; // check each post element if (!empty($pool_name) && !empty($dns_server_1) && !empty($dns_server_2) && !empty($scope_range_1) && !empty($scope_range_2)) { // begin validation of configuration options if ($val->ValidateString($pool_name) !== -1 && $val->ValidateDomain($dns_server_1) !== -1 && $val->ValidateDomain($dns_server_2) !== -1 && $val->ValidateIPv4($router) !== -1 && $val->ValidateIPv4($scope_range_1) !== -1 && $val->ValidateIPv4($scope_range_2) !== -1 && $val->ValidateParagraph($bootp_filename) !== -1 && $val->ValidateDomain($bootp_server) !== -1 && $val->ValidateString($allow_deny) !== -1 && $val->ValidateParagraph($allow_deny_op) !== -1 && $val->ValidateString($enable_forwarding) !== -1 && $val->ValidateDomain($broadcast_address) !== -1 && $val->ValidateDomain($ntp_servers) !== -1 && $val->ValidateDomain($netbios_servers) !== -1 && $val->ValidateInteger($default_lease) !== -1 && $val->ValidateInteger($min_lease) !== -1 && $val->ValidateInteger($max_lease) !== -1 && $val->ValidateBroadcast2List($interface_list, $scope_range_1) === 0 && $val->ValidateBroadcast2List($interface_list, $scope_range_2) === 0) { // define our sql statements (exclude the group field if user is member of admin group) if ($group !== "admin") { $insert = "INSERT INTO `conf_pools` ( `pool-name`, `dns-server-1`, `dns-server-2`, `router`, `scope-range-1`, `scope-range-2`, `allow-deny`, `allow-deny-options`, `ip-forwarding`, `broadcast-address`, `ntp-servers`, `netbios-name-servers`, `default-lease-time`, `min-lease-time`, `max-lease-time`, `group` ) VALUES ( \"" . $pool_name . "\", \"" . $dns_server_1 . "\", \"" . $dns_server_2 . "\", \"" . $router . "\", \"" . $scope_range_1 . "\", \"" . $scope_range_2 . "\", \"" . $allow_deny . "\", \"" . $allow_deny_op . "\", \"" . $enable_forwarding . "\", \"" . $broadcast_address . "\", \"" . $ntp_servers . "\", \"" . $netbios_servers . "\", \"" . $default_lease . "\", \"" . $min_lease . "\", \"" . $max_lease . "\", \"" . $group . "\" )"; $update = "UPDATE `conf_pools` SET `pool-name` = \"" . $pool_name . "\", `dns-server-1` = \"" . $dns_server_1 . "\", `dns-server-2` = \"" . $dns_server_2 . "\", `router` = \"" . $router . "\", `scope-range-1` = \"" . $scope_range_1 . "\", `scope-range-2` = \"" . $scope_range_2 . "\", `allow-deny` = \"" . $allow_deny . "\", `allow-deny-options` = \"" . $allow_deny_op . "\", `ip-forwarding` = \"" . $enable_forwarding . "\", `broadcast-address` = \"" . $broadcast_address . "\", `ntp-servers` = \"" . $ntp_servers . "\", `netbios-name-servers` = \"" . $netbios_servers . "\", `default-lease-time` = \"" . $default_lease . "\", `min-lease-time` = \"" . $min_lease . "\", `max-lease-time` = \"" . $max_lease . "\", `group` = \"" . $group . "\" WHERE `id` = \"" . $id . "\" LIMIT 1"; } else { $insert = "INSERT INTO `conf_pools` ( `pool-name`, `dns-server-1`, `dns-server-2`, `router`, `scope-range-1`, `scope-range-2`, `bootp-filename`, `bootp-server`, `allow-deny`, `allow-deny-options`, `ip-forwarding`, `broadcast-address`, `ntp-servers`, `netbios-name-servers`, `default-lease-time`, `min-lease-time`, `max-lease-time` ) VALUES ( \"" . $pool_name . "\", \"" . $dns_server_1 . "\", \"" . $dns_server_2 . "\", \"" . $router . "\", \"" . $scope_range_1 . "\", \"" . $scope_range_2 . "\", \"" . $bootp_filename . "\", \"" . $bootp_server . "\", \"" . $allow_deny . "\", \"" . $allow_deny_op . "\", \"" . $enable_forwarding . "\", \"" . $broadcast_address . "\", \"" . $ntp_servers . "\", \"" . $netbios_servers . "\", \"" . $default_lease . "\", \"" . $min_lease . "\", \"" . $max_lease . "\" )"; $update = "UPDATE `conf_pools` SET `pool-name` = \"" . $pool_name . "\", `dns-server-1` = \"" . $dns_server_1 . "\", `dns-server-2` = \"" . $dns_server_2 . "\", `router` = \"" . $router . "\", `scope-range-1` = \"" . $scope_range_1 . "\", `scope-range-2` = \"" . $scope_range_2 . "\", `bootp-filename` = \"" . $bootp_filename . "\", `bootp-server` = \"" . $bootp_server . "\", `allow-deny` = \"" . $allow_deny . "\", `allow-deny-options` = \"" . $allow_deny_op . "\", `ip-forwarding` = \"" . $enable_forwarding . "\", `broadcast-address` = \"" . $broadcast_address . "\", `ntp-servers` = \"" . $ntp_servers . "\", `netbios-name-servers` = \"" . $netbios_servers . "\", `default-lease-time` = \"" . $default_lease . "\", `min-lease-time` = \"" . $min_lease . "\", `max-lease-time` = \"" . $max_lease . "\" WHERE `id` = \"" . $id . "\" LIMIT 1"; } $delete = "DELETE FROM `conf_pools` WHERE `id` = \"" . $id . "\" LIMIT 1"; // determine which button was clicked if (!empty($_POST['AddPool'])) { $query = $insert; $db_msg_good = $errors['db_insert']; $db_msg_err = $errors['db_insert_err']; }
$tmp[$row]['mac_address'] = $data[2]; $tmp[$row]['subnet'] = $data[3]; $tmp[$row]['pxe_group'] = $data[4]; } } // check for xml extension if (eregi(".*\\.[xml]", $upload_path)) { } // loop over our array and assign data to our template for ($x = 1; $x <= count($tmp); $x++) { // open an ordered list $list .= "<ol>"; // check each post element if (!empty($tmp[$x]['hostname']) && !empty($tmp[$x]['mac_address']) && !empty($tmp[$x]['ip_address'])) { // begin validation of file contents if ($val->ValidateParagraph($tmp[$x]['hostname']) !== -1 && $val->ValidateMACFormats($tmp[$x]['mac_address']) !== -1 && $val->ValidateIPv4($tmp[$x]['ip_address']) !== -1 && $val->ValidateParagraph($tmp[$x]['subnet']) !== -1 && $val->ValidateParagraph($tmp[$x]['pxe_group']) !== -1) { // generate our sql command $insert = "INSERT INTO `conf_hosts` ( `hostname`, `mac-address`, `ip-address`, `subnet-name`, `pxe-group` ) VALUES ( \"" . $tmp[$x]['hostname'] . "\",\"" . $tmp[$x]['mac_address'] . "\", \"" . $tmp[$x]['ip_address'] . "\", \"" . $tmp[$x]['subnet'] . "\", \"" . $tmp[$x]['pxe_group'] . "\" )"; // insert records or prompt for duplicate errors if (($value = $db->dbQuery($val->ValidateSQL($insert, $dbconn), $dbconn)) === -1) { // found an existing record? if (eregi("duplicate", $db->dbCatchError())) { // assign an error message $error = $err->GenerateErrorLink("help/help.html", "#import_host", $defined['error'], "Duplicate records found during import, please review and modify the data below accordingly.", NULL, NULL); // since we have a duplicate and not an invalid record give them the correct template $error_template = "admin.import.hosts.errors.tpl"; // find the duplicate record so the user can edit it $find = "SELECT * FROM `conf_hosts` WHERE `hostname` = \"" . $tmp[$x]['hostname'] . "\" OR `mac-address` = \"" . $tmp[$x]['mac_address'] . "\" OR `ip-address` = \"" . $tmp[$x]['mac_address'] . "\" LIMIT 1"; if (($value = $db->dbQuery($val->ValidateSQL($find, $dbconn), $dbconn)) === -1) { $error = $err->GenerateErrorLink("help/help.html", "#import_host", $defined['error'], "An error occured when attempting to lookup the duplicate record in which '" . $tmp[$x]['hostname'] . "' conflicts with.", NULL, NULL); } else {
$circut_id = $_POST['circut_id']; $remote_id = $_POST['remote_id']; $ddns_text = $_POST['ddns_text']; $ddns_fwd_name = $_POST['ddns_fwd_name']; $ddns_client_fqdn = $_POST['ddns_client_fqdn']; $ddns_rev_name = $_POST['ddns_rev_name']; $search = $_POST['search']; $startdate = $_POST['startdate']; $enddate = $_POST['enddate']; // perform search if not empty if (!empty($_POST['SrchLeases'])) { if (empty($search) && empty($startdate) && empty($enddate)) { $error = $err->GenerateErrorLink("help/help.html", "#lease_search", $defined['error'], "Empty search fields, please enter an IP or Hostname to search or enter a start and end date for a list of leases between those dates", NULL, NULL); } else { // perform validation on search string(s) if ($val->ValidateIPv4($search) !== -1 || $val->ValidateMACFormats($search) !== -1 || $val->ValidateHostname($search) !== -1 && $val->ValidateDate($startdate) !== -1 && $val->ValidateDate($enddate) !== -1) { /* define our search query */ if ($group !== "admin") { $having = " HAVING `group` = \"" . $group . "\""; } // search by dates if (!empty($startdate) || !empty($enddate)) { $dates = " `start` > \"" . $startdate . "\" AND `end` < \"" . $enddate . "\""; } // provide fields search if (!empty($search)) { $main = "`hostname` LIKE \"" . $search . "\" OR `hardware` LIKE \"" . $search . "\" OR `ip` LIKE \"" . $search . "\""; } // and apply the attributes $query = "SELECT * FROM `conf_leases` WHERE {$main}{$dates}{$having} ORDER BY `hostname` ASC"; // process our query
$scope_range_1 = $_POST['scope_range_1']; $scope_range_2 = $_POST['scope_range_2']; $bootp_filename = $_POST['bootp_filename']; $bootp_server = $_POST['bootp_server']; $broadcast_address = $_POST['broadcast_address']; $ntp_servers = $_POST['ntp_servers']; $netbios_servers = $_POST['netbios_servers']; $default_lease = $_POST['default_lease']; $min_lease = $_POST['min_lease']; $max_lease = $_POST['max_lease']; $permissions = $_POST['select_groups']; $groups = $_POST['groups']; // check each post element if (!empty($subnet) && !empty($subnet_mask) && !empty($dns_server_1) && !empty($dns_server_2) && !empty($router) && !empty($subnet_name) && !empty($enable_scope)) { // begin validation of configuration options if ($val->ValidateIPv4($subnet) !== -1 && $val->ValidateIPv4($subnet_mask) !== -1 && $val->ValidateDomain($dns_server_1) !== -1 && $val->ValidateDomain($dns_server_2) !== -1 && $val->ValidateIPv4($router) !== -1 && $val->ValidateParagraph($subnet_name) !== -1 && $val->ValidateAlphaChar($pool_name) !== -1 || $pool_name === "---------------" && $val->ValidateString($enable_scope) !== -1 && $val->ValidateIPv4($scope_range_1) !== -1 && $val->ValidateIPv4($scope_range_2) !== -1 && $val->ValidateParagraph($bootp_filename) !== -1 && $val->ValidateDomain($bootp_server) !== -1 && $val->ValidateString($enable_forwarding) !== -1 && $val->ValidateDomain($broadcast_address) !== -1 && $val->ValidateDomain($ntp_servers) !== -1 && $val->ValidateDomain($netbios_servers) !== -1 && $val->ValidateInteger($default_lease) !== -1 && $val->ValidateInteger($min_lease) !== -1 && $val->ValidateInteger($max_lease) !== -1 && $val->ValidateBroadcast2List($interface_list, $subnet) === 0 && $val->ValidateBroadcast2List($interface_list, $broadcast_address) === 0) { // fix pool var if ($pool_name === "---------------") { $pool_name = ""; } // define our sql statements (exclude the group field if user is member of admin group) if ($group !== "admin") { $insert = "INSERT INTO `conf_subnets` ( `subnet`, `subnet-mask`, `dns-server-1`, `dns-server-2`, `router`, `subnet-name`, `pool`, `enable-scope`, `scope-range-1`, `scope-range-2`, `ip-forwarding`, `broadcast-address`, `ntp-servers`, `netbios-name-servers`, `default-lease-time`, `min-lease-time`, `max-lease-time`, `group` ) VALUES ( \"" . $subnet . "\",\"" . $subnet_mask . "\", \"" . $dns_server_1 . "\", \"" . $dns_server_2 . "\", \"" . $router . "\", \"" . $subnet_name . "\", \"" . $pool_name . "\", \"" . $enable_scope . "\", \"" . $scope_range_1 . "\", \"" . $scope_range_2 . "\", \"" . $enable_forwarding . "\", \"" . $broadcast_address . "\", \"" . $ntp_servers . "\", \"" . $netbios_servers . "\", \"" . $default_lease . "\", \"" . $min_lease . "\", \"" . $max_lease . "\", \"" . $group . "\" )"; if (empty($_POST['ex_group'])) { $update = "UPDATE `conf_subnets` SET `subnet` = \"" . $subnet . "\", `subnet-mask` = \"" . $subnet_mask . "\", `dns-server-1` = \"" . $dns_server_1 . "\", `dns-server-2` = \"" . $dns_server_2 . "\", `router` = \"" . $router . "\", `subnet-name` = \"" . $subnet_name . "\", `pool` = \"" . $pool_name . "\", `enable-scope` = \"" . $enable_scope . "\", `scope-range-1` = \"" . $scope_range_1 . "\", `scope-range-2` = \"" . $scope_range_2 . "\", `ip-forwarding` = \"" . $enable_forwarding . "\", `broadcast-address` = \"" . $broadcast_address . "\", `ntp-servers` = \"" . $ntp_servers . "\", `netbios-name-servers` = \"" . $netbios_servers . "\", `default-lease-time` = \"" . $default_lease . "\", `min-lease-time` = \"" . $min_lease . "\", `max-lease-time` = \"" . $max_lease . "\", `group` = \"" . $group . "\" WHERE `id` = \"" . $id . "\" LIMIT 1"; } else { $update = "UPDATE `conf_subnets` SET `subnet` = \"" . $subnet . "\", `subnet-mask` = \"" . $subnet_mask . "\", `dns-server-1` = \"" . $dns_server_1 . "\", `dns-server-2` = \"" . $dns_server_2 . "\", `router` = \"" . $router . "\", `subnet-name` = \"" . $subnet_name . "\", `pool` = \"" . $pool_name . "\", `enable-scope` = \"" . $enable_scope . "\", `scope-range-1` = \"" . $scope_range_1 . "\", `scope-range-2` = \"" . $scope_range_2 . "\", `bootp-filename` = \"" . $bootp_filename . "\", `bootp-server` = \"" . $bootp_server . "\", `ip-forwarding` = \"" . $enable_forwarding . "\", `broadcast-address` = \"" . $broadcast_address . "\", `ntp-servers` = \"" . $ntp_servers . "\", `netbios-name-servers` = \"" . $netbios_servers . "\", `default-lease-time` = \"" . $default_lease . "\", `min-lease-time` = \"" . $min_lease . "\", `max-lease-time` = \"" . $max_lease . "\" WHERE `id` = \"" . $id . "\" LIMIT 1"; } } else { $insert = "INSERT INTO `conf_subnets` ( `subnet`, `subnet-mask`, `dns-server-1`, `dns-server-2`, `router`, `subnet-name`, `enable-scope`, `scope-range-1`, `scope-range-2`, `bootp-filename`, `bootp_server`, `ip-forwarding`, `broadcast-address`, `ntp-servers`, `netbios-name-servers`, `default-lease-time`, `min-lease-time`, `max-lease-time` ) VALUES ( \"" . $subnet . "\",\"" . $subnet_mask . "\", \"" . $dns_server_1 . "\", \"" . $dns_server_2 . "\", \"" . $router . "\", \"" . $subnet_name . "\", \"" . $pool_name . "\", \"" . $enable_scope . "\", \"" . $scope_range_1 . "\", \"" . $scope_range_2 . "\", \"" . $bootp_filename . "\", \"" . $bootp_server . "\", \"" . $enable_forwarding . "\", \"" . $broadcast_address . "\", \"" . $ntp_servers . "\", \"" . $netbios_servers . "\", \"" . $default_lease . "\", \"" . $min_lease . "\", \"" . $max_lease . "\" )"; $update = "UPDATE `conf_subnets` SET `subnet` = \"" . $subnet . "\", `subnet-mask` = \"" . $subnet_mask . "\", `dns-server-1` = \"" . $dns_server_1 . "\", `dns-server-2` = \"" . $dns_server_2 . "\", `router` = \"" . $router . "\", `subnet-name` = \"" . $subnet_name . "\", `pool` = \"" . $pool_name . "\", `enable-scope` = \"" . $enable_scope . "\", `scope-range-1` = \"" . $scope_range_1 . "\", `scope-range-2` = \"" . $scope_range_2 . "\", `bootp-filename` = \"" . $bootp_filename . "\", `bootp-server` = \"" . $bootp_server . "\", `ip-forwarding` = \"" . $enable_forwarding . "\", `broadcast-address` = \"" . $broadcast_address . "\", `ntp-servers` = \"" . $ntp_servers . "\", `netbios-name-servers` = \"" . $netbios_servers . "\", `default-lease-time` = \"" . $default_lease . "\", `min-lease-time` = \"" . $min_lease . "\", `max-lease-time` = \"" . $max_lease . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
$mac_address = $_POST['mac_address']; $ip_address = $_POST['ip_address']; $subnet_name = $_POST['subnet_name']; $pxe_group = $_POST['pxe_group']; $search = $_POST['search']; $modify = $_POST['modify']; $permissions = $_POST['select_groups']; $groups = $_POST['groups']; // perform search if not empty if (empty($search) && !empty($_POST['srch'])) { $search_err = $err->GenerateErrorImg($defined['error'], "help/help.html#host_search", '800', '800'); $list = "<ol><li>Search string is empty. Allowed formats:<br>MAC Address: xx:xx:xx:xx:xx<br>IPv4 Address: xxx.xxx.xxx.xxx<br>Hostname: [0-9a-z]</li></ol>"; $error = $err->GenerateErrorLink("help/help.html", "#host_search", $defined['error'], $errors['val_host'] . $list, NULL, NULL); } elseif (!empty($search) && !empty($_POST['srch'])) { // perform validation on search string if ($val->ValidateIPv4($search) !== -1 || $val->ValidateMACFormats($search) !== -1 || $val->ValidateParagraph($search) !== -1) { // Gather all records belonging to other groups but where this user is allowed access $sql = "SELECT * FROM `auth_group_perms` WHERE `resource` = \"hosts\""; if (($z = $db->dbQuery($val->ValidateSQL($sql, $dbconn), $dbconn)) !== -1) { } // define our search query if ($group === "admin") { $query = "SELECT * FROM `conf_hosts` WHERE `hostname` LIKE \"" . $search . "\" OR `mac-address` LIKE \"" . $search . "\" OR `ip-address` LIKE \"" . $search . "\" ORDER BY `hostname` ASC"; } else { $query = "SELECT * FROM `conf_hosts` WHERE `hostname` LIKE \"" . $search . "\" OR `mac-address` LIKE \"" . $search . "\" OR `ip-address` LIKE \"" . $search . "\" HAVING `group` = \"" . $group . "\" ORDER BY `hostname` ASC"; } // process our query if (($value = $db->dbQuery($val->ValidateSQL($query, $dbconn), $dbconn)) === -1) { $error = $err->GenerateErrorLink("help/help.html", "#host_search", $defined['error'], $errors['db_search_err'], NULL, NULL); } else { // process results of search
$assigned_subnet = $data[0]['assigned-subnet']; } } } // begin our validation on submitted data if (!empty($_POST)) { // re-assign vars for processing and template assignment $id = $_POST['id']; $pxe_group_name = $_POST['pxe_group_name']; $pxe_server = $_POST['pxe_server']; $bootp_filename = $_POST['bootp_filename']; $assigned_subnet = $_POST['assigned_subnet']; // check each post element if (!empty($pxe_group_name) && !empty($pxe_server) && !empty($bootp_filename)) { // begin validation of configuration options if ($val->ValidateString($pxe_group_name) !== -1 && ($val->ValidateIPv4($pxe_server) !== -1 || $val->ValidateDomain($pxe_server) !== -1) && $val->ValidateParagraph($bootp_filename) !== -1 || $val->ValidateParagraph($assigned_subnet) !== -1) { // define our sql statements (filter out the group field if user group is admin) if ($group === "admin") { $insert = "INSERT INTO `conf_pxe_groups` ( `pxe-group-name`, `pxe-server`, `bootp-filename`, `assigned-subnet` ) VALUES ( \"" . $pxe_group_name . "\",\"" . $pxe_server . "\", \"" . $bootp_filename . "\", \"" . $assigned_subnet . "\" )"; $update = "UPDATE `conf_pxe_groups` SET `pxe-group-name` = \"" . $pxe_group_name . "\", `pxe-server` = \"" . $pxe_server . "\", `bootp-filename` = \"" . $bootp_filename . "\", `assigned-subnet` = \"" . $assigned_subnet . "\" WHERE `id` = \"" . $id . "\" LIMIT 1"; } else { $insert = "INSERT INTO `conf_pxe_groups` ( `pxe-group-name`, `pxe-server`, `bootp-filename`, `assigned-subnet`, `group` ) VALUES ( \"" . $pxe_group_name . "\",\"" . $pxe_server . "\", \"" . $bootp_filename . "\", \"" . $assigned_subnet . "\", \"" . $group . "\" )"; $update = "UPDATE `conf_pxe_groups` SET `pxe-group-name` = \"" . $pxe_group_name . "\", `pxe-server` = \"" . $pxe_server . "\", `bootp-filename` = \"" . $bootp_filename . "\", `assigned-subnet` = \"" . $assigned_subnet . "\", `group` = \"" . $group . "\" WHERE `id` = \"" . $id . "\" LIMIT 1"; } $delete = "DELETE FROM `conf_pxe_groups` WHERE `id` = \"" . $id . "\" LIMIT 1"; $update_hosts = "UPDATE `conf_hosts` SET `pxe-group` = \"\" WHERE `pxe-group` = \"" . $pxe_group_name . "\""; // determine which button was clicked if (!empty($_POST['AddPXEGroup'])) { $query = $insert; $db_msg_good = $errors['db_insert']; $db_msg_err = $errors['db_insert_err'];