function saveprefs($sid) { global $username, $uroles, $dbconn, $nessus_path; // get the profile prefs for use later $sql = "SELECT t.nessusgroup, t.nessus_id, t.field, \n t.type, t.value, n.value, t.category\n FROM vuln_nessus_preferences_defaults t\n LEFT JOIN vuln_nessus_settings_preferences n\n ON t.nessus_id = n.nessus_id\n and n.sid = {$sid}\n order by category desc, nessusgroup, nessus_id"; $result = $dbconn->execute($sql); if ($result === false) { // SQL error echo "Error: There was an error with the DB lookup: " . $dbconn->ErrorMsg() . "<br>"; } $counter = 0; // user requested Save, update the DB with the values // Check to see if this is the owner doing the change $foo = $dbconn->execute("select owner from vuln_nessus_settings where id = {$sid}"); list($myowner) = $foo->fields; // if ($myowner <> $username && !$uroles[admin]) { ////logAccess( "$username : "******" : Access deined to profile" ); // echo "Access denied: You do not own this profile and are not an admin - (owner = $myowner)."; // //require_once('footer.php'); // die(); // } $uuid = Util::get_system_uuid(); while (!$result->EOF) { $counter++; $vname = "form" . $counter; if (isset($_POST[$vname])) { ${$vname} = Util::htmlentities(mysql_real_escape_string(trim($_POST[$vname])), ENT_QUOTES); } elseif (isset($_GET[$vname])) { $logh->log("{$username} : " . $_SERVER['SCRIPT_NAME'] . " : GET instead of POST method used - failed to save", PEAR_LOG_NOTICE); echo "Please use the settings.php form to submit your changes."; require_once 'footer.php'; die; } else { ${$vname} = ""; } list($nessusgroup, $nessus_id, $field, $type, $default, $value, $category) = $result->fields; /* if (strstr($nessus_id, "[password]")) { // password field if ($$vname!="" && !strstr($$vname,'ENC{')) { // not encrypted $enc = new Crypt_CBC($dbk, $cipher); $encrypted_val = $enc->encrypt($$vname); $$vname = "ENC{" . base64_encode($encrypted_val) . "}"; } } */ updatedb($nessus_id, ${$vname}, $dbconn, $type, $category, $sid, $uuid); $result->MoveNext(); } // end while loop /* * find all records in the vuln_nessus_settings_preferences table that * have no matching value in vuln_nessus_preferences_defaults * and delete them from vuln_nessus_preferences */ $sql = "select n.nessus_id \n\t\t from vuln_nessus_settings_preferences n\n\t\t left join vuln_nessus_preferences_defaults t\n on n.nessus_id = t.nessus_id\n where t.nessus_id is null"; $result = $dbconn->execute($sql); while (!$result->EOF) { list($pleasedeleteme) = $result->fields; $sql2 = "delete from vuln_nessus_settings_preferences\n where nessus_id = \"{$pleasedeleteme}\""; $result2 = $dbconn->execute($sql2); $result->MoveNext(); } // echo <<<EOT //Nessus settings saved<BR> //EOT; // logAccess( "Edited Prefs for Profile $sid" ); if (preg_match("/omp\\s*\$/i", $nessus_path)) { $omp = new OMP(); $omp->set_preferences($sid); } edit_serverprefs($sid); //edit_profile($sid); }
# Assume it is a text box $sufix = preg_match("/\\[file\\]/", $nessus_id) ? " [" . _("full file path") . "]" : ""; $retstr = "<tr><td style='text-align:left;width:65%'>{$field} {$sufix}</td><td><INPUT type=\"text\" name=\"{$vname}\" value=\"{$value}\"></td></tr>"; } $retstr .= "\n"; return $retstr; } switch ($disp) { case "edit": edit_autoenable($sid); break; case "editplugins": edit_plugins($dbconn, $sid); break; case "editprefs": edit_serverprefs($dbconn, $sid); break; case "new": new_profile(); break; case "viewconfig": view_config($sid); break; default: select_profile(); break; } echo " </td></tr>"; echo " </table>"; echo "</td></tr>"; echo "</table>";