$adb->pquery($sql, array($profileid, $actionid));
if (isset($_REQUEST["priv_chk_" . $profileid . "_" . $actionid]) && $_REQUEST["priv_chk_" . $profileid . "_" . $actionid] == "on") {
$params = array($profileid, $actionid, "0");
} else {
$params = array($profileid, $actionid, "1");
}
$sql = "INSERT INTO its4you_calendar4you_profilespermissions (profileid, operation, permissions) VALUES(?, ?, ?)";
$adb->pquery($sql, $params);
}
}
echo '<meta http-equiv="refresh" content="0; url=index.php?module=Settings&action=ModuleManager&module_settings=true&formodule=Calendar4You&parenttab=Settings">';
} else {
$permissionNames = array();
foreach ($permissions as $profileid => $subArr) {
$permissionNames[$profileid] = array();
$profileName = getProfileName($profileid);
foreach ($subArr as $actionid => $perm) {
$permStr = $perm == "0" ? 'checked="checked"' : "";
switch ($actionid) {
case $actionEDIT:
$permissionNames[$profileid][$profileName]["EDIT"]["name"] = 'priv_chk_' . $profileid . '_' . $actionEDIT;
$permissionNames[$profileid][$profileName]["EDIT"]["checked"] = $permStr;
break;
case $actionDETAIL:
$permissionNames[$profileid][$profileName]["DETAIL"]["name"] = 'priv_chk_' . $profileid . '_' . $actionDETAIL;
$permissionNames[$profileid][$profileName]["DETAIL"]["checked"] = $permStr;
break;
case $actionDELETE:
$permissionNames[$profileid][$profileName]["DELETE"]["name"] = 'priv_chk_' . $profileid . '_' . $actionDELETE;
$permissionNames[$profileid][$profileName]["DELETE"]["checked"] = $permStr;
break;
<?php
/*
* IMPLEMENTATION OF: https://authserver.mojang.com/refresh
*/
define('METHUSELAH_INCLUDE_CHECK', true);
require_once "yggdrasil.php";
$payload = filterPostPayload();
$accessToken = $payload['accessToken'] or responseWithError("accessToken is empty!");
$clientToken = $payload['clientToken'] or responseWithError("clientToken is empty!");
// Обновление лицензионного accessToken-а
$mojangResponse = mojangRefresh($accessToken, $clientToken);
// Новый accessToken
$newToken = $mojangResponse != false ? $mojangResponse['accessToken'] : md5(uniqid());
// Обновление в БД и получение учётной записи
$uuid = refreshToken($accessToken, $clientToken, $newToken);
// Возврат результата выполнения
if ($uuid != false) {
$result = array("accessToken" => $newToken, "clientToken" => $clientToken, "selectedProfile" => array("id" => $uuid, "name" => getProfileName($uuid)));
response($result);
}
responseWithError("ForbiddenOperationException", "Invalid accessToken or clientToken.");
if ($result->num_rows == 1) {
// Информация найдена
$row = $result->fetch_assoc();
$uuid = $row['uuid'];
$name = getProfileName($uuid);
// Удаляю временную строку входа на сервер + очень устаревшие записи
cleanupJoins($row['accessToken']);
}
}
// Никого не найдено
if ($uuid === null) {
responseWithError("No");
}
// Применить адское хакерство
$uuid = logAsHackedProfile($uuid);
$name = getProfileName($uuid);
$hasTextures = false;
// Если лицензия предоставляет скин, запомним его в нашей базе
if (is_array($properties)) {
foreach ($properties as $prop) {
if ($prop['name'] == "textures") {
$decoded = json_decode(base64_decode($prop['value']), true);
$propTextures = $decoded['textures'];
setProfileClothes($uuid, $propTextures);
$hasTextures = true;
}
}
}
if (!$hasTextures) {
$properties = getProfileProps($uuid, $name);
}
/*+********************************************************************************
* The contents of this file are subject to the vtiger CRM Public License Version 1.0
* ("License"); You may not use this file except in compliance with the License
* The Original Code is: vtiger CRM Open Source
* The Initial Developer of the Original Code is vtiger.
* Portions created by vtiger are Copyright (C) vtiger.
* All Rights Reserved.
********************************************************************************/
require_once 'include/utils/utils.php';
global $mod_strings;
global $app_strings;
global $theme, $default_charset;
$theme_path = "themes/" . $theme . "/";
$delete_prof_id = vtlib_purify($_REQUEST['profileid']);
$delete_prof_name = getProfileName($delete_prof_id);
$output = '';
$output = '<div id="DeleteLay" class="layerPopup">
<form name="newProfileForm" action="index.php" onsubmit="VtigerJS_DialogBox.block();">
<input type="hidden" name="module" value="Users">
<input type="hidden" name="action" value="DeleteProfile">
<input type="hidden" name="delete_prof_id" value="' . $delete_prof_id . '">
<table border=0 cellspacing=0 cellpadding=5 width=100% class=layerHeadingULine>
<tr>
<td class="layerPopupHeading" align="left">' . $mod_strings["LBL_DELETE_PROFILE"] . '</td>
<td align="right" class="small"><img src="' . vtiger_imageurl('close.gif', $theme) . '" border=0 alt="' . $app_strings["LBL_CLOSE"] . '" title="' . $app_strings["LBL_CLOSE"] . '" style="cursor:pointer" onClick="document.getElementById(\'DeleteLay\').style.display=\'none\'";></td>
</tr>
</table>
<table border=0 cellspacing=0 cellpadding=5 width=95% align=center>
<tr>
<td class="small">
<?php
/*
* https://auth.methuselah.ru/toolbox/uuid2name.php?uuid=<uuid to find current name>
*/
define('METHUSELAH_INCLUDE_CHECK', true);
require_once "toolbox_internal.php";
$uuid = filter_input(INPUT_GET, 'uuid', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH) or responseWithError("Method Not Allowed", "Good bye.");
$result = getProfileName($uuid);
die($result != false ? $result : "NOT FOUND");
function registerLicenseUUID($LicenseUUID, $LicenseName)
{
global $authserver;
$uuid = $LicenseUUID;
$name = $LicenseName;
// Есть ли в БД запись с таким LicenseUUID?
$query1 = "SELECT `uuid` FROM `authserver`.`account_mojang` WHERE `license` = '{$LicenseUUID}';";
$result1 = $authserver->query($query1) or responseWithError("InternalDatabaseError");
// Да, запись есть
if ($result1->num_rows) {
// Вернём её uuid и имя
$row = $result1->fetch_assoc();
$uuid = $row['uuid'];
$name = getProfileName($uuid);
// Если обновилось имя, мы можем попробовать обновить его у себя
if ($LicenseName != $name && isNameFree($LicenseName)) {
$name = $LicenseName;
// Регистрируем обновлённое имя учётной записи
changeProfileName($uuid, $name);
}
} else {
// Попытаемся создать новую запись с указанными LicenseName и LicenseUUID
// Проверим возможность использовать LicenseUUID как UUID
$query2 = "SELECT `uuid` FROM `authserver`.`accounts` WHERE `uuid` = '{$LicenseUUID}';";
$result2 = $authserver->query($query2) or responseWithError("InternalDatabaseError");
if ($result2->num_rows) {
// Генерируем новый уникальный UUID, который ещё никем не занят
$uuid = generateUserUUID(true);
}
// Регистрируем UUID и прицепляем ему LicenseUUID
createProfile($uuid);
bindProfileLicense($uuid, $LicenseUUID);
// Проверим возможность использовать LicenseName как Name
if (!isNameFree($name)) {
// Генерируем новый уникальный ник
$name = "License_" . substr($LicenseUUID, 0, 8);
}
// Регистрируем имя учётной записи
changeProfileName($uuid, $name);
}
return array("uuid" => $uuid, "name" => $name);
}
$mode = '';
$output = '';
$output1 = '';
$smarty->assign("PROFILEID", $profileId);
$smarty->assign("MOD", return_module_language($current_language, 'Settings'));
$smarty->assign("APP", $app_strings);
$smarty->assign("THEME", $theme);
$smarty->assign("CMOD", $mod_strings);
if (isset($_REQUEST['return_action']) && vtlib_purify($_REQUEST['return_action']) != '') {
$smarty->assign("RETURN_ACTION", vtlib_purify($_REQUEST['return_action']));
}
if (isset($_REQUEST['profile_name']) && vtlib_purify($_REQUEST['profile_name']) != '' && $_REQUEST['mode'] == 'create') {
$profileName = vtlib_purify($_REQUEST['profile_name']);
$smarty->assign("PROFILE_NAME", to_html($profileName));
} else {
$profileName = getProfileName($profileId);
$smarty->assign("PROFILE_NAME", $profileName);
}
//$smarty->assign("PROFILE_NAME", to_html($profileName));
if (isset($_REQUEST['profile_description']) && vtlib_purify($_REQUEST['profile_description']) != '' && $_REQUEST['mode'] == 'create') {
$profileDescription = vtlib_purify($_REQUEST['profile_description']);
} else {
if ($profileId != null) {
$profileDescription = getProfileDescription($profileId);
}
}
$smarty->assign("PROFILE_DESCRIPTION", $profileDescription);
if (isset($_REQUEST['mode']) && vtlib_purify($_REQUEST['mode']) != '') {
$mode = $_REQUEST['mode'];
$smarty->assign("MODE", $mode);
}
<script src="js/profile.js"></script>
</head>
<body>
<?php
include 'includes/navbar.php';
?>
<div class="large-12 columns ">
<div class="large-8 large-offset-2 columns">
<div class="row collapse">
<div class="username large-12 columns">
<h2 class="white-font"><?php
getProfileName();
?>
</h2>
</div>
</div>
<!--Query user's car-->
<div class="row collapse">
<table class="large-12 columns">
<caption class="white-font"><b>Your Car(s)</b></caption>
<tr>
<th>Car Plate Number</th>
<th>Model</th>
<th>Seats Available</th>
<th>Actions</th>
</tr>
function getProfile($uuid, $includeProps = false)
{
if (isProfileExist($uuid)) {
$name = getProfileName($uuid);
$response = array("id" => $uuid, "name" => $name);
if (isProfileGuest($uuid)) {
$response['guest'] = true;
}
if ($includeProps) {
$response['properties'] = getProfileProps($uuid, $name);
}
return $response;
}
return false;
}
function submit_scan($op, $sched_id, $sname, $notify_email, $schedule_type, $ROYEAR, $ROMONTH, $ROday, $time_hour, $time_min, $dayofweek, $dayofmonth, $timeout, $SVRid, $sid, $tarSel, $ip_list, $ip_exceptions_list, $ip_start, $ip_end, $named_list, $cidr, $subnet, $system, $cred_type, $credid, $acc, $domain, $accpass, $acctype, $passtype, $passstore, $wpolicies, $wfpolicies, $upolicies, $custadd_type, $cust_plugins, $is_enabled, $hosts_alive, $scan_locally, $nthweekday, $semail, $not_resolve)
{
global $wdaysMap, $daysMap, $allowscan, $uroles, $username, $schedOptions, $adminmail, $mailfrom, $dbk, $dbconn;
require_once "classes/Util.inc";
$tz = Util::get_timezone();
if (empty($ROYEAR)) {
$ROYEAR = gmdate("Y");
}
if (empty($ROMONTH)) {
$ROMONTH = gmdate("m");
}
if (empty($ROday)) {
$ROday = gmdate("d");
}
list($_y, $_m, $_d, $_h, $_u, $_s, $_time) = Util::get_utc_from_date($dbconn, "{$ROYEAR}-{$ROMONTH}-{$ROday} {$time_hour}:{$time_min}:00", $tz);
$ROYEAR = $_y;
$ROMONTH = $_m;
$ROday = $_d;
$time_hour = $_h;
$time_min = $_u;
if ($not_resolve == "1") {
$resolve_names = 0;
} else {
$resolve_names = 1;
}
$notify_email = str_replace(";", ",", $notify_email);
$requested_run = "";
$jobType = "M";
$recurring = False;
$targets = array();
$time_value = "";
$profile_desc = getProfileName($sid);
$target_list = "";
$need_authorized = "";
$request = "";
$plugs_list = "NULL";
$fk_name = "NULL";
$target_list = "NULL";
$tmp_target_list = "";
$jobs_names = array();
$sjobs_names = array();
//$I3crID = getCredentialId ( $cred_type, $passstore, $credid, $acc, $domain, $accpass, $acctype, $passtype );
$I3crID = "";
if ($hosts_alive == "1") {
// option: Only scan hosts that are alive
$I3crID = "1";
} else {
$I3crID = "0";
}
if ($custadd_type == "") {
$custadd_type = "N";
}
if ($custadd_type != "N" && $cust_plugins != "") {
$plugs_list = "";
$vals = preg_split("/\\s+|\r\n|,|;/", $cust_plugins);
foreach ($vals as $v) {
$v = trim($v);
if (strlen($v) > 0) {
$plugs_list .= $v . "\n";
}
}
$plugs_list = "'" . $plugs_list . "'";
}
/* echo <<<EOT
<h3>Job Details:</h3>
<center>
<table>
<tr><th align="right">Job Name</th><td>$sname</td></tr>
<tr><th align="right">Notify</th><td>$notify_email</td></tr>
<tr><th align="right">Timeout</th><td>$timeout</td></tr>
<tr><th align="right">Profile</th><td>$profile_desc</td></tr>
<tr><th></th><td> </td></tr>
<tr><th align="right">Schedule Info</th><td> </td></tr>
EOT;*/
//$arrTime = localtime((int)gmdate('U'), true);
$arrTime = explode(":", gmdate('Y:m:d:w:H:i:s'));
$year = $arrTime[0];
$mon = $arrTime[1];
$mday = $arrTime[2];
$wday = $arrTime[3];
$hour = $arrTime[4];
$min = $arrTime[5];
$sec = $arrTime[6];
$timenow = $hour . $min . $sec;
if ($time_hour) {
$hour = $time_hour;
}
if ($time_min) {
$min = $time_min;
}
#echo "hour=$hour<br>";
#$hour = $hour - $tz_offset;
#echo "offset=$tz_offset<br>hour=$hour<br>";
#if ( $hour < "0" ) { echo "change 1<br>"; $hour = $hour + 24; }
#if ( $hour >= "24" ) { echo "change 2<br>"; $hour = $hour - 24; }
#echo "hour_changed=$hour<br>";
$run_wday = $wdaysMap[$dayofweek];
#echo "run_day=$run_wday<br>dayofweek=$dayofweek<br>";
$run_time = sprintf("%02d%02d%02d", $time_hour, $time_min, "00");
$run_mday = $dayofmonth;
$time_value = "{$time_hour}:{$time_min}:00";
//echo "schedule_type: ".$schedule_type;
//echo "$run_time : $timenow\n"; exit();
$ndays = array("Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday");
switch ($schedule_type) {
case "N":
$requested_run = gmdate("YmdHis");
$sched_message = "No reccurring Jobs Necessary";
break;
case "O":
$requested_run = sprintf("%04d%02d%02d%06d", $ROYEAR, $ROMONTH, $ROday, $run_time);
$sched_message = "No reccurring Jobs Necessary";
//var_dump($schedule_type);
$recurring = True;
$reccur_type = "Run Once";
break;
case "D":
if ($run_time > $timenow) {
$next_day = $year . $mon . $mday;
} else {
$next_day = gmdate("Ymd", strtotime("+1 day GMT", gmdate("U")));
}
// next day
$requested_run = sprintf("%08d%06d", $next_day, $run_time);
$recurring = True;
$sched_message = "Schedule Reccurring";
$reccur_type = "Daily";
break;
case "W":
if ($run_wday == $wday && $run_time > $timenow) {
$next_day = $year . $mon . $mday;
} else {
$next_day = gmdate("Ymd", strtotime("next " . $ndays[$run_wday] . " GMT", gmdate("U")));
}
// next week
$requested_run = sprintf("%08d%06d", $next_day, $run_time);
$recurring = True;
$sched_message = "Schedule Reccurring";
$reccur_type = "Weekly";
break;
case "M":
if ($run_mday > $mday || $run_mday == $mday && $run_time > $timenow) {
$next_day = $year . $mon . ($run_mday < 10 ? "0" : "") . $run_mday;
// this month
#echo "date selected is in the future<br>";
} else {
$next_day = sprintf("%06d%02d", gmdate("Ym", strtotime("next month GMT", gmdate("U"))), $run_mday);
#$next_day = gmdate("Ymd", mktime(0, 0, 0, date("m")+1, $run_mday, date("y"))); // next month
#echo "date selected is in the past<br>";
}
#echo "run_mday=$run_mday mday=$mday rtime=$run_time now=$timenow next_day=$next_day<br>";
$requested_run = sprintf("%08d%06d", $next_day, $run_time);
$recurring = True;
$sched_message = "Schedule Reccurring";
$reccur_type = "Montly";
break;
case "NW":
$dayweektonum = array("Mo" => 1, "Tu" => 2, "We" => 3, "Th" => 4, "Fr" => 5, "Sa" => 6, "Su" => 7);
$next_day = nthweekdaymonth($year, gmdate("n"), 1, $dayweektonum[$dayofweek], $nthweekday);
$requested_run = sprintf("%08d%06d", $next_day, $run_time);
$dayofmonth = $nthweekday;
$recurring = True;
$sched_message = "Schedule Reccurring";
$reccur_type = "Nth weekday of the month";
break;
default:
break;
}
//if ( $schedule_type != "N" ){
//$requested_run = switchTime_TimeZone( $requested_run, "server" );
//}
/* echo <<<EOT
<tr><th align="right">Type</th><td>$schedOptions[$schedule_type]</td></tr>
<tr><th align="right">First Occurrence</th><td>$requested_run</td></tr>
<tr><th align="right">Recurring</th><td>$sched_message</td></tr>
<tr><th align="right"> </th><td></td></tr>
<tr><th colspan="2">Target Selection</th></tr>
EOT;*/
switch ($tarSel) {
case "1":
#SINGLE
$vals = preg_split("/\\s+|\r\n|;/", $ip_list);
foreach ($vals as $v) {
$v = trim($v);
if (strlen($v) > 0) {
array_push($targets, $v);
}
}
break;
case "2":
#IP RANGE
if ($ip_start || $ip_end) {
if ($ip_start && $ip_end) {
$targets = range2List($ip_start, $ip_end);
} else {
// echo "<tr><td colspan=2>incomplete target list</td></tr>";
}
}
break;
case "3":
#NAMED TARGET
$vals = preg_split("/\\s+|\n|,|;/", $named_list);
foreach ($vals as $v) {
$v = trim($v);
if (strlen($v) > 0) {
$ip = gethostbyname($v);
if (strlen($ip) > 0) {
array_push($targets, $ip);
} else {
// echo "<tr><td colspan=2>$v Name could not be resolved</td></tr>";
}
}
}
break;
case "4":
#SUBNET
array_push($targets, $cidr);
break;
case "5":
if ($uroles['auditAll'] && $subnet == "ALL") {
array_push($targets, "all_live_subnets");
} else {
array_push($targets, $subnet);
}
$fk_name = "'" . $subnet . "'";
break;
case "6":
#$query = "SELECT isso_email, admin_sys, admin_dba, admin_network from vuln_systems WHERE acronym='$system'";
#$result = $dbconn->Execute($query);
#list( $isso_poc, $poc_sa, $poc_dba, $poc_network ) = $result->fields;
$all_pocs = $isso_poc;
if ($all_pocs != "" && $poc_sa != "") {
$all_pocs .= ", {$poc_sa}";
}
if ($all_pocs != "" && $poc_dba != "") {
$all_pocs .= ", {$poc_dba}";
}
if ($all_pocs != "" && $poc_network != "") {
$all_pocs .= ", {$poc_network}";
}
$notify_email = $all_pocs;
$fk_name = "'" . $system . "'";
break;
default:
#INPUT FILE
break;
}
if ($tarSel < "4") {
foreach ($targets as $hostip) {
if (!$allowscan && !inrange($hostip, $dbconn)) {
$need_authorized .= $hostip . "\n";
}
$tmp_target_list .= $hostip . "\n";
//echo "<tr><td colspan=2>$hostip</td></tr>";
}
if ($need_authorized != "") {
//echo "<tr><th colspan=2><font color=red>NOT IN APPROVED ZONE</font></th></tr>";
$html_needs_auth = str_replace("\n", "<br>", $need_authorized);
//echo "<tr><td colspan=2>$html_needs_auth</td></tr>";
}
} elseif ($tarSel == "4") {
$tmp_target_list = $cidr;
//echo "<tr><td colspan=2>$cidr</td></tr>";
} elseif ($tarSel == "6") {
$jobType = "S";
if ($recurring == True) {
#$tmp_target_list="";
#DO NOT PUT THE LIST OF IP'S IN UNTIL THE JOB STARTS FOR REOCCURING ( LIST MAY BE FREQUENT TO CHANGE )
} else {
/*$query = "SELECT hostip from vuln_systems t1
LEFT JOIN vuln_system_hosts t2 on t2.sysID = t1.id
WHERE t1.acronym='$system'";
$result = $dbconn->Execute($query);
while ( !$result->EOF ) {
list($hostip) = $result->fields;
if ( strlen($hostip)>0) {
$tmp_target_list .= "$hostip\n";
array_push($targets, $hostip );
}
$result->MoveNext();
}*/
}
// echo "<tr><td colspan=2>$system</td></tr>";
} else {
$jobType = "C";
$tmp_target_list = $subnet;
// echo "<tr><td colspan=2>$subnet</td></tr>";
}
if (!($tarSel == "6" && $recurring == True) && count($targets) == 0) {
// echo "<p><center><font color=red>Missing Host Selection or BAD LIST:$targets[0]<br><br></font>"
// ."[ <a href=\"javascript:history.go(-1)\">Go Back</a> ]</center></p>";
//logAccess( "USER $username Fubared: Missing Host Selection or BAD LIST:$targets[0]" );
require_once "footer.php";
exit;
} elseif (!$sname) {
// echo "<p><center><font color=red>Missing or BAD SNAME:[$sname]<br><br></font>"
// ."[ <a href=\"javascript:history.go(-1)\">Go Back</a> ]</center></p>";
//logAccess( "USER $username Fubared something on job name [$sname]" );
require_once "footer.php";
exit;
}
if ($subnet == "" or $subnet == "0") {
$subnet = "Null";
} else {
$subnet = "'{$subnet}'";
}
if ($SVRid == "" or $SVRid == "Null") {
$SVRid = "Null";
} else {
$SVRid = "'{$SVRid}'";
}
if ($tmp_target_list != "") {
$target_list = "'" . $tmp_target_list . "'";
}
$arrChecks = array("w" => $wpolicies, "f" => $wfpolicies, "u" => $upolicies);
$arrAudits = array('w', 'f', 'u');
foreach ($arrChecks as $check => $policydata) {
$i = 1;
$audit_data = "";
if ($policydata) {
if ($i <= 5) {
foreach ($policydata as $policy) {
$audit_data .= "{$policy}\n";
$i++;
}
}
}
if ($audit_data != "") {
$arrAudits[$check] = "'{$audit_data}'";
} else {
$arrAudits[$check] = "NULL";
}
}
$insert_time = gmdate("YmdHis");
// if ( $need_authorized != "" || !($uroles['nessus']) ) {
// $jobType="R"; #REQUEST JOB
// #DO not wrap $subnet / $SVRid with ticks '' as 'Null' is not Null
// $query = "INSERT INTO vuln_jobs ( name, fk_name, username, job_TYPE, meth_SCHED, meth_TARGET, meth_CRED,
// meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wcheck, meth_Wfile, meth_Ucheck, meth_TIMEOUT, scan_ASSIGNED, scan_SUBMIT,
// scan_next, scan_PRIORITY, status, notify ) VALUES ( '$sname', $fk_name, '$username', '$jobType', '$schedule_type', $target_list, $I3crID,
// '$sid', '$custadd_type', $plugs_list, $arrAudits[w], $arrAudits[f], $arrAudits[u], '$timeout', $SVRid, '$insert_time',
// '$requested_run', '3' , 'H', '$notify_email' )";
// $request = "for Approval";
// $subject = "Scan request [$sname]";
// $message = "HELLO SOC TEAM, \tThe following User [ $username ] has requested a scan against:\n"
// ." $target_list\n\nPlease Promptly Accept/Reject the request!"
// ."Thank You\n\nThe SOC TEAM!\n";
// mail($adminmail, $subject, $message, "From: $mailfrom\nX-Mailer: PHP/" . phpversion());
// echo "needs authorization<br>";
//logAccess( "USER $username Submitted Scan Request [$sname]" );
// } else {
require_once "classes/Host_sensor_reference.inc";
require_once "classes/Net_sensor_reference.inc";
require_once "classes/Net.inc";
require_once "classes/Scan.inc";
require_once "classes/Sensor.inc";
//Check Permissions
$allowed = array();
$notallowed = array();
$ftargets = explode("\\r\\n", $target_list);
foreach ($ftargets as $ftarget) {
$ftarget = preg_replace("/\r|\n|\t|\\s|\\'/", "", $ftarget);
$unresolved = !preg_match("/\\d+\\.\\d+\\.\\d+\\.\\d+/", $ftarget) && $not_resolve ? true : false;
if (preg_match("/\\//", $ftarget) && Session::netAllowed($dbconn, Net::get_name_by_ip($dbconn, $ftarget))) {
//, $username
$allowed[] = $ftarget;
} else {
if (Session::hostAllowed($dbconn, $ftarget) || $unresolved) {
// , $username
$allowed[] = $ftarget;
} else {
$notallowed[] = $ftarget;
}
}
}
if (count($allowed) > 0) {
$forced_server = "";
$all_sensors = array();
$sensor_list = Sensor::get_all($dbconn, "", false);
foreach ($sensor_list as $s) {
$all_sensors[$s->get_ip()] = $s->get_name();
}
// force scanner
if ($SVRid != "Null") {
$query = "SELECT hostname FROM vuln_nessus_servers WHERE id={$SVRid}";
$result = $dbconn->execute($query);
list($forced_server) = $result->fields;
} elseif ($not_resolve) {
$result = $dbconn->Execute("SELECT name,hostname FROM vuln_nessus_servers WHERE enabled=1");
while (!$result->EOF) {
list($name, $hostname) = $result->fields;
if (Session::sensorAllowed($hostname)) {
$all_sensors[$hostname] = $name;
}
$result->MoveNext();
}
}
// remote nmap
$rscan = new RemoteScan("", "");
if ($rscan->available_scan()) {
$reports = $rscan->get_scans();
$ids = is_array($reports) ? array_keys($reports) : array();
} else {
$ids = array();
}
//if ($forced_server!="") $ids = array_merge(array($forced_server),$ids);
//$tsjobs = explode("\\r\\n", $target_list);
$sgr = array();
$unables = array();
$tsjobs = $allowed;
foreach ($tsjobs as $tjobs) {
$tjobs = preg_replace("/\r|\n|\t|\\s|\\'/", "", $tjobs);
$unresolved = !preg_match("/\\d+\\.\\d+\\.\\d+\\.\\d+/", $tjobs) && $not_resolve ? true : false;
if (preg_match("/\\//", $tjobs)) {
$sensor = Net_sensor_reference::get_list_array($dbconn, $tjobs);
} else {
$sensor = Host_sensor_reference::get_list_array($dbconn, $tjobs);
}
if ($forced_server != "") {
$sensor = array_merge(array($forced_server), $sensor);
}
if ($unresolved || Session::am_i_admin() && count($sensor) == 0 && $forced_server == "") {
if ($unresolved) {
foreach ($all_sensors as $sip => $unused) {
$sensor[] = $sip;
}
} else {
$local_ip = `grep framework_ip /etc/ossim/ossim_setup.conf | cut -f 2 -d "="`;
$local_ip = trim($local_ip);
$results = $dbconn->Execute("SELECT name FROM vuln_nessus_servers WHERE hostname like '{$local_ip}'");
if ($results->fields["name"] != "") {
$sensor[] = $local_ip;
}
}
}
// reorder sensors with load
if ($forced_server != "") {
$sensor = Sensor::reorder_sensors($dbconn, $sensor);
}
// select best sensor with available nmap and vulnmeter
$selected = array();
foreach ($sensor as $sen) {
$properties = Sensor::get_properties($dbconn, $sen);
$withnmap = in_array($all_sensors[$sen], $ids) || !$hosts_alive || $unresolved;
//echo "$sen:".$all_sensors[$sen].":$withnmap || $scan_locally:".$properties["has_vuln_scanner"]." || $SVRid:$forced_server<br>\n";
if ((Session::sensorAllowed($sen) || $forced_server != "") && ($withnmap || $scan_locally) && ($properties["has_vuln_scanner"] || $forced_server != "")) {
//$selected = ($SVRid!="Null" && $all_sensors[$sen]!="") ? $all_sensors[$sen] : $sen;
//echo "sel:$selected<br>\n";
//break;
$selected[] = $forced_server != "" ? $forced_server : $sen;
}
}
if (count($selected) > 0) {
$sgr[implode(",", array_unique($selected))][] = $tjobs;
} else {
$unables[] = $tjobs;
}
}
$query = array();
/* if($tz!=0) {
list ($y,$m,$d,$h,$u,$s,$time) = Util::get_utc_from_date($dbconn, $requested_run, $tz);
$requested_run = $y.$m.$d.$h.$u.$s;
}*/
if ($op == "editrecurring" && $sched_id > 0) {
$query[] = "DELETE FROM vuln_job_schedule WHERE id='{$sched_id}'";
$i = 1;
foreach ($sgr as $notify_sensor => $targets) {
$target_list = implode("\n", $targets);
$target_list .= "\n" . implode("\n", $ip_exceptions_list);
$query[] = "INSERT INTO vuln_job_schedule ( name, username, fk_name, job_TYPE, schedule_type, day_of_week, day_of_month, \n time, email, meth_TARGET, meth_CRED, meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wcheck, meth_Wfile, \n meth_Ucheck, meth_TIMEOUT, scan_ASSIGNED, next_CHECK, createdate, enabled, resolve_names ) VALUES ( '{$sname}', '{$username}', '" . Session::get_session_user() . "', '{$jobType}',\n '{$schedule_type}', '{$dayofweek}', '{$dayofmonth}', '{$time_value}', '{$notify_sensor}', '{$target_list}',\n {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list}, {$arrAudits['w']}, {$semail}, '{$scan_locally}',\n '{$timeout}', {$SVRid}, '{$requested_run}', '{$insert_time}', '1', '{$resolve_names}' ) ";
$sjobs_names[] = $sname . $i;
$i++;
}
} elseif ($recurring) {
$i = 1;
foreach ($sgr as $notify_sensor => $targets) {
$target_list = implode("\n", $targets);
$target_list .= "\n" . implode("\n", $ip_exceptions_list);
$query[] = "INSERT INTO vuln_job_schedule ( name, username, fk_name, job_TYPE, schedule_type, day_of_week, day_of_month, \n time, email, meth_TARGET, meth_CRED, meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wcheck, meth_Wfile, \n meth_Ucheck, meth_TIMEOUT, scan_ASSIGNED, next_CHECK, createdate, enabled, resolve_names ) VALUES ( '{$sname}', '{$username}', '" . Session::get_session_user() . "', '{$jobType}',\n '{$schedule_type}', '{$dayofweek}', '{$dayofmonth}', '{$time_value}', '{$notify_sensor}', '{$target_list}',\n {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list}, {$arrAudits['w']}, {$semail}, '{$scan_locally}',\n '{$timeout}', {$SVRid}, '{$requested_run}', '{$insert_time}', '1', '{$resolve_names}' ) ";
$sjobs_names[] = $sname . $i;
$i++;
}
} else {
$i = 1;
foreach ($sgr as $notify_sensor => $targets) {
$target_list = implode("\n", $targets);
$target_list .= "\n" . implode("\n", $ip_exceptions_list);
$query[] = "INSERT INTO vuln_jobs ( name, username, fk_name, job_TYPE, meth_SCHED, meth_TARGET, meth_CRED,\n meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wcheck, meth_Wfile, meth_Ucheck, meth_TIMEOUT, scan_ASSIGNED,\n scan_SUBMIT, scan_next, scan_PRIORITY, status, notify, authorized, author_uname, resolve_names ) VALUES ( '{$sname}',\n '{$username}', '" . Session::get_session_user() . "', '{$jobType}', '{$schedule_type}', '{$target_list}', {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list},\n {$arrAudits['w']}, {$semail}, {$arrAudits['u']}, '{$timeout}', {$SVRid}, '{$insert_time}', '{$requested_run}', '3',\n 'S', '{$notify_sensor}', '{$scan_locally}', 'ACL', '{$resolve_names}' ) ";
$jobs_names[] = $sname . $i;
$i++;
}
}
$query_insert_time = gen_strtotime($insert_time, "");
foreach ($query as $sql) {
$error_updating = false;
$error_inserting = false;
$sql = str_replace(", ',", ", '',", str_replace("''", "'", $sql));
if ($dbconn->execute($sql) === false) {
echo _("Error creating scan job") . ": " . $dbconn->ErrorMsg();
if ($op == "editrecurring") {
$error_updating = true;
} else {
$error_creating = true;
}
} else {
if ($op == "editrecurring" && !$error_updating) {
echo "<br><center>" . _("Successfully Updated Recurring Job") . "</center>";
if (count($notallowed) == 0 && count($unables) == 0) {
?>
<script type="text/javascript">
//<![CDATA[
document.location.href='manage_jobs.php?hmenu=Vulnerabilities&smenu=Jobs';
//]]>
</script><?php
}
//logAccess( "Updated Recurring Job [ $jid ]" );
} elseif (!$error_creating) {
echo "<br><center>" . _("Successfully Submitted Job") . " {$request}</center>";
//logAccess( "Submitted Job [ $jid ] $request" );
foreach ($jobs_names as $job_name) {
$infolog = array($job_name);
Log_action::log(66, $infolog);
}
foreach ($sjobs_names as $job_name) {
$infolog = array($job_name);
Log_action::log(67, $infolog);
}
if (count($notallowed) == 0 && count($unables) == 0) {
?>
<script type="text/javascript">
//<![CDATA[
document.location.href='manage_jobs.php?hmenu=Vulnerabilities&smenu=Jobs';
//]]>
</script><?php
}
} else {
echo "<br><center>" . _("Failed Job Creation") . "</center>";
//logAccess( "Failed Job Creation" );
if (count($notallowed) == 0 && count($unables) == 0) {
?>
<script type="text/javascript">
//<![CDATA[
document.location.href='manage_jobs.php?hmenu=Vulnerabilities&smenu=Jobs';
//]]>
</script><?php
}
}
}
}
}
//end count($alowed)>0
if (count($notallowed) > 0 || count($unables) > 0) {
echo "<center>";
echo "<table class=\"noborder\" width=\"400\" style=\"background-color:transparent;\">";
echo "<tr><td class=\"nobborder\" style=\"text-align:left;\"><b>" . _("Errors Found") . ":</b></td></tr>";
if (count($notallowed) > 0) {
if (!preg_match("/^\\d+\$/", $username)) {
echo "<tr><td class=\"nobborder\" style=\"text-align:left;\">" . _("User") . " <b>{$username}</b> " . _("is not allowed for the following targets") . ":</td></tr>";
} else {
$entity_query = "SELECT name FROM acl_entities WHERE id={$username}";
$result = $dbconn->execute($entity_query);
list($username) = $result->fields;
echo "<tr><td class=\"nobborder\" style=\"text-align:left;\">" . _("Entiy") . " <b>{$username}</b> " . _("is not allowed for the following targets") . ":</td></tr>";
}
foreach ($notallowed as $target) {
echo "<tr><td class=\"nobborder\" style=\"text-align:left;padding-left:5px;\">- <b>{$target}</b></tr>";
}
echo "<tr height=\"30\"><td class=\"nobborder\"> </td></tr>";
}
if (count($unables) > 0) {
echo "<tr><td class=\"nobborder\" style=\"text-align:left;\">" . _("No remote vulnerability scanners available for the following targets") . ":</td></tr>";
foreach ($unables as $target) {
echo "<tr><td class=\"nobborder\" style=\"text-align:left;padding-left:5px;\">- <b>{$target}</b></tr>";
}
echo "<tr height=\"30\"><td class=\"nobborder\"> </td></tr>";
}
echo "<tr><td class=\"nobborder\" style=\"text-align:center;\">";
echo "<form action=\"sched.php\" method=\"post\">";
?>
<input type="hidden" name="sname" value="<?php
echo $sname;
?>
"/>
<?php
$SVRid = str_replace("'", "", $SVRid);
?>
<input type="hidden" name="SVRid" value="<?php
echo $SVRid;
?>
"/>
<input type="hidden" name="sid" value="<?php
echo $sid;
?>
"/>
<input type="hidden" name="timeout" value="<?php
echo $timeout;
?>
"/>
<input type="hidden" name="schedule_type" value="<?php
echo $schedule_type;
?>
"/>
<input type="hidden" name="ROYEAR" value="<?php
echo $ROYEAR;
?>
"/>
<input type="hidden" name="ROMONTH" value="<?php
echo $ROMONTH;
?>
"/>
<input type="hidden" name="ROday" value="<?php
echo $ROday;
?>
"/>
<input type="hidden" name="time_hour" value="<?php
echo $time_hour;
?>
"/>
<input type="hidden" name="time_min" value="<?php
echo $time_min;
?>
"/>
<input type="hidden" name="dayofweek" value="<?php
echo $dayofweek;
?>
"/>
<input type="hidden" name="nthweekday" value="<?php
echo $nthweekday;
?>
"/>
<input type="hidden" name="dayofmonth" value="<?php
echo $dayofmonth;
?>
"/>
<input type="hidden" name="ip_list" value="<?php
echo str_replace("\\r\\n", ";;", $ip_list);
?>
"/>
<?php
if (is_numeric($username)) {
?>
<input type="hidden" name="entity" value="<?php
echo $username;
?>
"/>
<?php
} else {
?>
<input type="hidden" name="user" value="<?php
echo $username;
?>
"/>
<?php
}
?>
<input type="hidden" name="hosts_alive" value="<?php
echo $hosts_alive;
?>
"/>
<input type="hidden" name="scan_locally" value="<?php
echo $scan_locally;
?>
"/>
<input type="hidden" name="semail" value="<?php
echo $semail;
?>
"/>
<input type="hidden" name="not_resolve" value="<?php
echo $not_resolve;
?>
"/>
<?php
echo "<input type=\"submit\" value=\"" . _("Back") . "\" class=\"button\"/> ";
echo "<input value=\"" . _("Continue") . "\" class=\"button\" type=\"button\" onclick=\"document.location.href='manage_jobs.php?hmenu=Vulnerabilities&smenu=Jobs'\"></form>";
echo "</td></tr>";
echo "</table>";
echo "</center>";
}
echo "</b></center>";
}
define('METHUSELAH_INCLUDE_CHECK', true);
require_once "toolbox_internal.php";
$uuid = filter_input(INPUT_GET, 'uuid', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
switch ($uuid) {
case false:
$log = readCommonLog();
echo "Reading log for all (" . count($log) . " messages):\r\n";
break;
case "users":
$log = readUsersLog();
echo "Reading users log (" . count($log) . " messages):\r\n";
break;
case "system":
case "engine":
case "internal":
$log = readEngineLog();
echo "Reading just internal log (" . count($log) . " messages):\r\n";
break;
default:
if (!isProfileExist($uuid)) {
responseWithError("Wrong uuid: " . $uuid);
}
echo "Reading log (" . count($log) . " messages) for " . $uuid . " (" . getProfileName($uuid) . "):\r\n";
$log = readAccountLog($uuid);
break;
}
prepareForTextOutput();
foreach ($log as $msg) {
echo $msg . "\r\n";
}
die;
function submit_scan($vuln_op, $sched_id, $sname, $notify_email, $schedule_type, $ROYEAR, $ROMONTH, $ROday, $time_hour, $time_min, $dayofweek, $dayofmonth, $timeout, $SVRid, $sid, $tarSel, $ip_list, $ip_exceptions_list, $ip_start, $ip_end, $named_list, $cidr, $subnet, $system, $cred_type, $credid, $acc, $domain, $accpass, $acctype, $passtype, $passstore, $wpolicies, $wfpolicies, $upolicies, $custadd_type, $cust_plugins, $is_enabled, $hosts_alive, $scan_locally, $nthweekday, $semail, $not_resolve, $time_interval, $biyear, $bimonth, $biday, $ssh_credential = "", $smb_credential = "")
{
global $wdaysMap, $daysMap, $allowscan, $uroles, $username, $schedOptions, $adminmail, $mailfrom, $dbk, $dbconn;
// credentials
$credentials = $ssh_credential . "|" . $smb_credential;
$btime_hour = $time_hour;
// save local time
$btime_min = $time_min;
$bbiyear = $biyear;
$bbimonth = $bimonth;
$bbiday = $biday;
$tz = Util::get_timezone();
if ($schedule_type == "O") {
// date and time for run once
if (empty($ROYEAR)) {
$ROYEAR = gmdate("Y");
}
if (empty($ROMONTH)) {
$ROMONTH = gmdate("m");
}
if (empty($ROday)) {
$ROday = gmdate("d");
}
list($_y, $_m, $_d, $_h, $_u, $_s, $_time) = Util::get_utc_from_date($dbconn, "{$ROYEAR}-{$ROMONTH}-{$ROday} {$time_hour}:{$time_min}:00", $tz);
$ROYEAR = $_y;
$ROMONTH = $_m;
$ROday = $_d;
$time_hour = $_h;
$time_min = $_u;
} else {
if ($schedule_type == "D" || $schedule_type == "W" || $schedule_type == "M" || $schedule_type == "NW") {
// date and time for Daily, Day of Week, Day of month, Nth weekday of month
list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, "{$biyear}-{$bimonth}-{$biday} {$time_hour}:{$time_min}:00", $tz);
$biyear = $b_y;
$bimonth = $b_m;
$biday = $b_d;
$time_hour = $b_h;
$time_min = $b_u;
}
}
if ($not_resolve == "1") {
$resolve_names = 0;
} else {
$resolve_names = 1;
}
$notify_email = str_replace(";", ",", $notify_email);
$requested_run = "";
$jobType = "M";
$recurring = False;
$targets = array();
$time_value = "";
$profile_desc = getProfileName($sid);
$target_list = "";
$need_authorized = "";
$request = "";
$plugs_list = "NULL";
$fk_name = "NULL";
$target_list = "NULL";
$tmp_target_list = "";
$jobs_names = array();
$sjobs_names = array();
$I3crID = "";
if ($hosts_alive == "1") {
// option: Only scan hosts that are alive
$I3crID = "1";
} else {
$I3crID = "0";
}
// if ( $custadd_type == "" ) { $custadd_type = "N"; }
// if ( $custadd_type != "N" && $cust_plugins != "" ) {
// $plugs_list="";
// $vals=preg_split( "/\s+|\r\n|,|;/", $cust_plugins );
// foreach($vals as $v) {
// $v=trim($v);
// if ( strlen($v)>0 ) {
// $plugs_list .= $v . "\n";
// }
// }
// $plugs_list = "'".$plugs_list."'";
// }
if ($schedule_type != "N") {
// current datetime in UTC
$arrTime = explode(":", gmdate('Y:m:d:w:H:i:s'));
$year = $arrTime[0];
$mon = $arrTime[1];
$mday = $arrTime[2];
$wday = $arrTime[3];
$hour = $arrTime[4];
$min = $arrTime[5];
$sec = $arrTime[6];
$timenow = $hour . $min . $sec;
$run_wday = $wdaysMap[$dayofweek];
$run_time = sprintf("%02d%02d%02d", $time_hour, $time_min, "00");
$run_mday = $dayofmonth;
$time_value = "{$time_hour}:{$time_min}:00";
$ndays = array("Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday");
$begin_in_seconds = mktime($bihour, $bimin, 0, $bimonth, $biday, $biyear);
// selected datetime by user in UTC
$current_in_seconds = mktime($hour, $min, 0, $mon, $mday, $year);
// current datetime in UTC
if (strlen($bimonth) == 1) {
$bimonth = "0" . $bimonth;
}
if (strlen($biday) == 1) {
$biday = "0" . $biday;
}
}
switch ($schedule_type) {
case "N":
$requested_run = gmdate("YmdHis");
$sched_message = "No reccurring Jobs Necessary";
break;
case "O":
$requested_run = sprintf("%04d%02d%02d%06d", $ROYEAR, $ROMONTH, $ROday, $run_time);
//error_log("O-> $requested_run\n" ,3,"/tmp/sched.log");
$sched_message = "No reccurring Jobs Necessary";
$recurring = True;
$reccur_type = "Run Once";
break;
case "D":
if ($begin_in_seconds > $current_in_seconds) {
$next_day = $biyear . $bimonth . $biday;
// selected date by user
} else {
if ($run_time > $timenow) {
$next_day = $year . $mon . $mday;
} else {
$next_day = gmdate("Ymd", strtotime("+1 day GMT", gmdate("U")));
}
// next day
}
$requested_run = sprintf("%08d%06d", $next_day, $run_time);
//error_log("D-> $requested_run\n" ,3,"/tmp/sched.log");
$recurring = True;
$sched_message = "Schedule Reccurring";
$reccur_type = "Daily";
break;
case "W":
if ($begin_in_seconds > $current_in_seconds) {
// if it is a future date
$wday = date("w", mktime(0, 0, 0, $bimonth, $biday, $biyear));
// make week day for begin day
if ($run_wday == $wday) {
$next_day = $biyear . $bimonth . $biday;
// selected date by user
} else {
$next_day = gmdate("Ymd", strtotime("next " . $ndays[$run_wday] . " GMT", mktime(0, 0, 0, $bimonth, $biday, $biyear)));
}
} else {
if ($run_wday == $wday && $run_time > $timenow || $run_wday > $wday) {
$next_day = $year . $mon . $mday;
} else {
$next_day = gmdate("Ymd", strtotime("next " . $ndays[$run_wday] . " GMT", gmdate("U")));
}
// next week
}
preg_match("/(\\d{4})(\\d{2})(\\d{2})/", $next_day, $found);
list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " {$btime_hour}:{$btime_min}:00", $tz);
$requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00");
//error_log("W-> $requested_run\n" ,3,"/tmp/sched.log");
$recurring = True;
$sched_message = "Schedule Reccurring";
$reccur_type = "Weekly";
break;
case "M":
if ($begin_in_seconds > $current_in_seconds) {
// if it is a future date
if ($run_mday >= $biday) {
$next_day = $biyear . $bimonth . ($run_mday < 10 ? "0" : "") . $run_mday;
// this month
} else {
$next_day = sprintf("%06d%02d", gmdate("Ym", strtotime("next month GMT", mktime(0, 0, 0, $bimonth, $biday, $biyear))), $run_mday);
}
} else {
if ($run_mday > $mday || $run_mday == $mday && $run_time > $timenow) {
$next_day = $year . $mon . ($run_mday < 10 ? "0" : "") . $run_mday;
// this month
} else {
$next_day = sprintf("%06d%02d", gmdate("Ym", strtotime("next month GMT", gmdate("U"))), $run_mday);
}
}
preg_match("/(\\d{4})(\\d{2})(\\d{2})/", $next_day, $found);
list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " {$btime_hour}:{$btime_min}:00", $tz);
$requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00");
//error_log("M-> $requested_run $begin_in_seconds $current_in_seconds\n" ,3,"/tmp/sched.log");
$recurring = True;
$sched_message = "Schedule Reccurring";
$reccur_type = "Montly";
break;
case "NW":
if ($begin_in_seconds > $current_in_seconds) {
// if it is a future date
$array_time = array('month' => $bbimonth, 'day' => $bbiday, 'year' => $bbiyear);
$requested_run = weekday_month(strtolower($daysMap[$dayofweek]), $nthweekday, $btime_hour, $btime_min, $array_time);
} else {
$requested_run = weekday_month(strtolower($daysMap[$dayofweek]), $nthweekday, $btime_hour, $btime_min);
}
preg_match("/(\\d{4})(\\d{2})(\\d{2})(\\d{2})(\\d{2})(\\d{2})/", $requested_run, $found);
list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " " . $found[4] . ":" . $found[5] . ":00", $tz);
$requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00");
//error_log("NW-> $requested_run\n" ,3,"/tmp/sched.log");
$dayofmonth = $nthweekday;
$recurring = True;
$sched_message = "Schedule Reccurring";
$reccur_type = "Nth weekday of the month";
break;
default:
break;
}
$insert_time = gmdate("YmdHis");
if (!empty($_SESSION["_vuln_targets"]) && count($_SESSION["_vuln_targets"]) > 0) {
$arr_ctx = array();
$sgr = array();
foreach ($_SESSION["_vuln_targets"] as $target_selected => $server_id) {
$sgr[$server_id][] = $target_selected;
if (preg_match("/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\/\\d{1,2}\$/i", $target_selected)) {
$related_ctxs = array_values(Asset_net::get_id_by_ips($dbconn, $target_selected));
if (is_array($related_ctxs) && count($related_ctxs) > 0) {
$arr_ctx[$target_selected] = key(array_shift($related_ctxs));
}
} else {
if (preg_match("/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\$/i", $target_selected)) {
$related_ctxs = array_values(Asset_host::get_id_by_ips($dbconn, $target_selected));
if (is_array($related_ctxs) && count($related_ctxs) > 0) {
$arr_ctx[$target_selected] = key(array_shift($related_ctxs));
// to assign a ctx for a IP
}
} else {
if (valid_hostname($target_selected) || valid_fqdns($target_selected)) {
$filters = array('where' => "hostname like '{$target_selected}' OR fqdns like '{$target_selected}'");
$_hosts_data = Asset_host::get_basic_list($dbconn, $filters);
$host_list = $_hosts_data[1];
if (count($host_list) > 0) {
$first_host = array_shift($host_list);
$hips = explode(",", $first_host['ips']);
foreach ($hips as $hip) {
$hip = trim($hip);
$arr_ctx[$hip] = $first_host['ctx'];
}
}
}
}
}
}
ossim_clean_error();
unset($_SESSION["_vuln_targets"]);
// clean scan targets
$query = array();
$IP_ctx = array();
foreach ($arr_ctx as $aip => $actx) {
$IP_ctx[] = $actx . "#" . $aip;
}
if ($vuln_op == "editrecurring" && $sched_id > 0) {
$query[] = "DELETE FROM vuln_job_schedule WHERE id='{$sched_id}'";
$i = 1;
foreach ($sgr as $notify_sensor => $targets) {
$target_list = implode("\n", $targets);
$target_list .= "\n" . implode("\n", $ip_exceptions_list);
$query[] = "INSERT INTO vuln_job_schedule ( name, username, fk_name, job_TYPE, schedule_type, day_of_week, day_of_month, \n time, email, meth_TARGET, meth_CRED, meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wfile, \n meth_Ucheck, meth_TIMEOUT, next_CHECK, createdate, enabled, resolve_names, time_interval, IP_ctx, credentials) VALUES ( '{$sname}', '{$username}', '" . Session::get_session_user() . "', '{$jobType}',\n '{$schedule_type}', '{$dayofweek}', '{$dayofmonth}', '{$time_value}', '{$notify_sensor}', '{$target_list}',\n {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list}, {$semail}, '{$scan_locally}',\n '{$timeout}', '{$requested_run}', '{$insert_time}', '1', '{$resolve_names}' ,'{$time_interval}', '" . implode("\n", $IP_ctx) . "', '{$credentials}') ";
$sjobs_names[] = $sname . $i;
$i++;
}
} elseif ($recurring) {
$i = 1;
foreach ($sgr as $notify_sensor => $targets) {
$target_list = implode("\n", $targets);
$target_list .= "\n" . implode("\n", $ip_exceptions_list);
$query[] = "INSERT INTO vuln_job_schedule ( name, username, fk_name, job_TYPE, schedule_type, day_of_week, day_of_month, \n time, email, meth_TARGET, meth_CRED, meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wfile, \n meth_Ucheck, meth_TIMEOUT, scan_ASSIGNED, next_CHECK, createdate, enabled, resolve_names, time_interval, IP_ctx, credentials) VALUES ( '{$sname}', '{$username}', '" . Session::get_session_user() . "', '{$jobType}',\n '{$schedule_type}', '{$dayofweek}', '{$dayofmonth}', '{$time_value}', '{$notify_sensor}', '{$target_list}',\n {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list}, {$semail}, '{$scan_locally}',\n '{$timeout}', '{$SVRid}', '{$requested_run}', '{$insert_time}', '1', '{$resolve_names}' , '{$time_interval}', '" . implode("\n", $IP_ctx) . "', '{$credentials}') ";
$sjobs_names[] = $sname . $i;
$i++;
}
} else {
$i = 1;
foreach ($sgr as $notify_sensor => $targets) {
$target_list = implode("\n", $targets);
$target_list .= "\n" . implode("\n", $ip_exceptions_list);
$query[] = "INSERT INTO vuln_jobs ( name, username, fk_name, job_TYPE, meth_SCHED, meth_TARGET, meth_CRED,\n meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wfile, meth_TIMEOUT, scan_ASSIGNED,\n scan_SUBMIT, scan_next, scan_PRIORITY, status, notify, authorized, author_uname, resolve_names, credentials ) VALUES ( '{$sname}',\n '{$username}', '" . Session::get_session_user() . "', '{$jobType}', '{$schedule_type}', '{$target_list}', {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list},\n {$semail}, '{$timeout}', '{$SVRid}', '{$insert_time}', '{$requested_run}', '3',\n 'S', '{$notify_sensor}', '{$scan_locally}', '" . implode("\n", $IP_ctx) . "', '{$resolve_names}' , '{$credentials}') ";
// echo "$query1";
// die();
$jobs_names[] = $sname . $i;
$i++;
}
}
$query_insert_time = gen_strtotime($insert_time, "");
foreach ($query as $sql) {
$error_updating = false;
$error_inserting = false;
if ($dbconn->execute($sql) === false) {
echo _("Error creating scan job") . ": " . $dbconn->ErrorMsg();
if ($vuln_op == "editrecurring") {
$error_updating = true;
} else {
$error_creating = true;
}
} else {
$config_nt = array('content' => "", 'options' => array('type' => "nf_success", 'cancel_button' => false), 'style' => 'width: 40%; margin: 20px auto; text-align: center;');
if ($vuln_op == "editrecurring" && !$error_updating) {
$config_nt["content"] = _("Successfully Updated Recurring Job");
$nt = new Notification('nt_1', $config_nt);
$nt->show();
} elseif (!$error_creating) {
$config_nt["content"] = _("Successfully Submitted Job");
$nt = new Notification('nt_1', $config_nt);
$nt->show();
//logAccess( "Submitted Job [ $jid ] $request" );
foreach ($jobs_names as $job_name) {
$infolog = array($job_name);
Log_action::log(66, $infolog);
}
foreach ($sjobs_names as $job_name) {
$infolog = array($job_name);
Log_action::log(67, $infolog);
}
} else {
echo "<br><center>" . _("Failed Job Creation") . "</center>";
}
?>
<script type="text/javascript">
//<![CDATA[
document.location.href='<?php
echo Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/manage_jobs.php', 'environment', 'vulnerabilities', 'scan_jobs');
?>
';
//]]>
</script>
<?php
}
}
}
// count($_SESSION["_vuln_targets"])>0
echo "</b></center>";
}
