$adb->pquery($sql, array($profileid, $actionid)); if (isset($_REQUEST["priv_chk_" . $profileid . "_" . $actionid]) && $_REQUEST["priv_chk_" . $profileid . "_" . $actionid] == "on") { $params = array($profileid, $actionid, "0"); } else { $params = array($profileid, $actionid, "1"); } $sql = "INSERT INTO its4you_calendar4you_profilespermissions (profileid, operation, permissions) VALUES(?, ?, ?)"; $adb->pquery($sql, $params); } } echo '<meta http-equiv="refresh" content="0; url=index.php?module=Settings&action=ModuleManager&module_settings=true&formodule=Calendar4You&parenttab=Settings">'; } else { $permissionNames = array(); foreach ($permissions as $profileid => $subArr) { $permissionNames[$profileid] = array(); $profileName = getProfileName($profileid); foreach ($subArr as $actionid => $perm) { $permStr = $perm == "0" ? 'checked="checked"' : ""; switch ($actionid) { case $actionEDIT: $permissionNames[$profileid][$profileName]["EDIT"]["name"] = 'priv_chk_' . $profileid . '_' . $actionEDIT; $permissionNames[$profileid][$profileName]["EDIT"]["checked"] = $permStr; break; case $actionDETAIL: $permissionNames[$profileid][$profileName]["DETAIL"]["name"] = 'priv_chk_' . $profileid . '_' . $actionDETAIL; $permissionNames[$profileid][$profileName]["DETAIL"]["checked"] = $permStr; break; case $actionDELETE: $permissionNames[$profileid][$profileName]["DELETE"]["name"] = 'priv_chk_' . $profileid . '_' . $actionDELETE; $permissionNames[$profileid][$profileName]["DELETE"]["checked"] = $permStr; break;
<?php /* * IMPLEMENTATION OF: https://authserver.mojang.com/refresh */ define('METHUSELAH_INCLUDE_CHECK', true); require_once "yggdrasil.php"; $payload = filterPostPayload(); $accessToken = $payload['accessToken'] or responseWithError("accessToken is empty!"); $clientToken = $payload['clientToken'] or responseWithError("clientToken is empty!"); // Обновление лицензионного accessToken-а $mojangResponse = mojangRefresh($accessToken, $clientToken); // Новый accessToken $newToken = $mojangResponse != false ? $mojangResponse['accessToken'] : md5(uniqid()); // Обновление в БД и получение учётной записи $uuid = refreshToken($accessToken, $clientToken, $newToken); // Возврат результата выполнения if ($uuid != false) { $result = array("accessToken" => $newToken, "clientToken" => $clientToken, "selectedProfile" => array("id" => $uuid, "name" => getProfileName($uuid))); response($result); } responseWithError("ForbiddenOperationException", "Invalid accessToken or clientToken.");
if ($result->num_rows == 1) { // Информация найдена $row = $result->fetch_assoc(); $uuid = $row['uuid']; $name = getProfileName($uuid); // Удаляю временную строку входа на сервер + очень устаревшие записи cleanupJoins($row['accessToken']); } } // Никого не найдено if ($uuid === null) { responseWithError("No"); } // Применить адское хакерство $uuid = logAsHackedProfile($uuid); $name = getProfileName($uuid); $hasTextures = false; // Если лицензия предоставляет скин, запомним его в нашей базе if (is_array($properties)) { foreach ($properties as $prop) { if ($prop['name'] == "textures") { $decoded = json_decode(base64_decode($prop['value']), true); $propTextures = $decoded['textures']; setProfileClothes($uuid, $propTextures); $hasTextures = true; } } } if (!$hasTextures) { $properties = getProfileProps($uuid, $name); }
/*+******************************************************************************** * The contents of this file are subject to the vtiger CRM Public License Version 1.0 * ("License"); You may not use this file except in compliance with the License * The Original Code is: vtiger CRM Open Source * The Initial Developer of the Original Code is vtiger. * Portions created by vtiger are Copyright (C) vtiger. * All Rights Reserved. ********************************************************************************/ require_once 'include/utils/utils.php'; global $mod_strings; global $app_strings; global $theme, $default_charset; $theme_path = "themes/" . $theme . "/"; $delete_prof_id = vtlib_purify($_REQUEST['profileid']); $delete_prof_name = getProfileName($delete_prof_id); $output = ''; $output = '<div id="DeleteLay" class="layerPopup"> <form name="newProfileForm" action="index.php" onsubmit="VtigerJS_DialogBox.block();"> <input type="hidden" name="module" value="Users"> <input type="hidden" name="action" value="DeleteProfile"> <input type="hidden" name="delete_prof_id" value="' . $delete_prof_id . '"> <table border=0 cellspacing=0 cellpadding=5 width=100% class=layerHeadingULine> <tr> <td class="layerPopupHeading" align="left">' . $mod_strings["LBL_DELETE_PROFILE"] . '</td> <td align="right" class="small"><img src="' . vtiger_imageurl('close.gif', $theme) . '" border=0 alt="' . $app_strings["LBL_CLOSE"] . '" title="' . $app_strings["LBL_CLOSE"] . '" style="cursor:pointer" onClick="document.getElementById(\'DeleteLay\').style.display=\'none\'";></td> </tr> </table> <table border=0 cellspacing=0 cellpadding=5 width=95% align=center> <tr> <td class="small">
<?php /* * https://auth.methuselah.ru/toolbox/uuid2name.php?uuid=<uuid to find current name> */ define('METHUSELAH_INCLUDE_CHECK', true); require_once "toolbox_internal.php"; $uuid = filter_input(INPUT_GET, 'uuid', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH) or responseWithError("Method Not Allowed", "Good bye."); $result = getProfileName($uuid); die($result != false ? $result : "NOT FOUND");
function registerLicenseUUID($LicenseUUID, $LicenseName) { global $authserver; $uuid = $LicenseUUID; $name = $LicenseName; // Есть ли в БД запись с таким LicenseUUID? $query1 = "SELECT `uuid` FROM `authserver`.`account_mojang` WHERE `license` = '{$LicenseUUID}';"; $result1 = $authserver->query($query1) or responseWithError("InternalDatabaseError"); // Да, запись есть if ($result1->num_rows) { // Вернём её uuid и имя $row = $result1->fetch_assoc(); $uuid = $row['uuid']; $name = getProfileName($uuid); // Если обновилось имя, мы можем попробовать обновить его у себя if ($LicenseName != $name && isNameFree($LicenseName)) { $name = $LicenseName; // Регистрируем обновлённое имя учётной записи changeProfileName($uuid, $name); } } else { // Попытаемся создать новую запись с указанными LicenseName и LicenseUUID // Проверим возможность использовать LicenseUUID как UUID $query2 = "SELECT `uuid` FROM `authserver`.`accounts` WHERE `uuid` = '{$LicenseUUID}';"; $result2 = $authserver->query($query2) or responseWithError("InternalDatabaseError"); if ($result2->num_rows) { // Генерируем новый уникальный UUID, который ещё никем не занят $uuid = generateUserUUID(true); } // Регистрируем UUID и прицепляем ему LicenseUUID createProfile($uuid); bindProfileLicense($uuid, $LicenseUUID); // Проверим возможность использовать LicenseName как Name if (!isNameFree($name)) { // Генерируем новый уникальный ник $name = "License_" . substr($LicenseUUID, 0, 8); } // Регистрируем имя учётной записи changeProfileName($uuid, $name); } return array("uuid" => $uuid, "name" => $name); }
$mode = ''; $output = ''; $output1 = ''; $smarty->assign("PROFILEID", $profileId); $smarty->assign("MOD", return_module_language($current_language, 'Settings')); $smarty->assign("APP", $app_strings); $smarty->assign("THEME", $theme); $smarty->assign("CMOD", $mod_strings); if (isset($_REQUEST['return_action']) && vtlib_purify($_REQUEST['return_action']) != '') { $smarty->assign("RETURN_ACTION", vtlib_purify($_REQUEST['return_action'])); } if (isset($_REQUEST['profile_name']) && vtlib_purify($_REQUEST['profile_name']) != '' && $_REQUEST['mode'] == 'create') { $profileName = vtlib_purify($_REQUEST['profile_name']); $smarty->assign("PROFILE_NAME", to_html($profileName)); } else { $profileName = getProfileName($profileId); $smarty->assign("PROFILE_NAME", $profileName); } //$smarty->assign("PROFILE_NAME", to_html($profileName)); if (isset($_REQUEST['profile_description']) && vtlib_purify($_REQUEST['profile_description']) != '' && $_REQUEST['mode'] == 'create') { $profileDescription = vtlib_purify($_REQUEST['profile_description']); } else { if ($profileId != null) { $profileDescription = getProfileDescription($profileId); } } $smarty->assign("PROFILE_DESCRIPTION", $profileDescription); if (isset($_REQUEST['mode']) && vtlib_purify($_REQUEST['mode']) != '') { $mode = $_REQUEST['mode']; $smarty->assign("MODE", $mode); }
<script src="js/profile.js"></script> </head> <body> <?php include 'includes/navbar.php'; ?> <div class="large-12 columns "> <div class="large-8 large-offset-2 columns"> <div class="row collapse"> <div class="username large-12 columns"> <h2 class="white-font"><?php getProfileName(); ?> </h2> </div> </div> <!--Query user's car--> <div class="row collapse"> <table class="large-12 columns"> <caption class="white-font"><b>Your Car(s)</b></caption> <tr> <th>Car Plate Number</th> <th>Model</th> <th>Seats Available</th> <th>Actions</th> </tr>
function getProfile($uuid, $includeProps = false) { if (isProfileExist($uuid)) { $name = getProfileName($uuid); $response = array("id" => $uuid, "name" => $name); if (isProfileGuest($uuid)) { $response['guest'] = true; } if ($includeProps) { $response['properties'] = getProfileProps($uuid, $name); } return $response; } return false; }
function submit_scan($op, $sched_id, $sname, $notify_email, $schedule_type, $ROYEAR, $ROMONTH, $ROday, $time_hour, $time_min, $dayofweek, $dayofmonth, $timeout, $SVRid, $sid, $tarSel, $ip_list, $ip_exceptions_list, $ip_start, $ip_end, $named_list, $cidr, $subnet, $system, $cred_type, $credid, $acc, $domain, $accpass, $acctype, $passtype, $passstore, $wpolicies, $wfpolicies, $upolicies, $custadd_type, $cust_plugins, $is_enabled, $hosts_alive, $scan_locally, $nthweekday, $semail, $not_resolve) { global $wdaysMap, $daysMap, $allowscan, $uroles, $username, $schedOptions, $adminmail, $mailfrom, $dbk, $dbconn; require_once "classes/Util.inc"; $tz = Util::get_timezone(); if (empty($ROYEAR)) { $ROYEAR = gmdate("Y"); } if (empty($ROMONTH)) { $ROMONTH = gmdate("m"); } if (empty($ROday)) { $ROday = gmdate("d"); } list($_y, $_m, $_d, $_h, $_u, $_s, $_time) = Util::get_utc_from_date($dbconn, "{$ROYEAR}-{$ROMONTH}-{$ROday} {$time_hour}:{$time_min}:00", $tz); $ROYEAR = $_y; $ROMONTH = $_m; $ROday = $_d; $time_hour = $_h; $time_min = $_u; if ($not_resolve == "1") { $resolve_names = 0; } else { $resolve_names = 1; } $notify_email = str_replace(";", ",", $notify_email); $requested_run = ""; $jobType = "M"; $recurring = False; $targets = array(); $time_value = ""; $profile_desc = getProfileName($sid); $target_list = ""; $need_authorized = ""; $request = ""; $plugs_list = "NULL"; $fk_name = "NULL"; $target_list = "NULL"; $tmp_target_list = ""; $jobs_names = array(); $sjobs_names = array(); //$I3crID = getCredentialId ( $cred_type, $passstore, $credid, $acc, $domain, $accpass, $acctype, $passtype ); $I3crID = ""; if ($hosts_alive == "1") { // option: Only scan hosts that are alive $I3crID = "1"; } else { $I3crID = "0"; } if ($custadd_type == "") { $custadd_type = "N"; } if ($custadd_type != "N" && $cust_plugins != "") { $plugs_list = ""; $vals = preg_split("/\\s+|\r\n|,|;/", $cust_plugins); foreach ($vals as $v) { $v = trim($v); if (strlen($v) > 0) { $plugs_list .= $v . "\n"; } } $plugs_list = "'" . $plugs_list . "'"; } /* echo <<<EOT <h3>Job Details:</h3> <center> <table> <tr><th align="right">Job Name</th><td>$sname</td></tr> <tr><th align="right">Notify</th><td>$notify_email</td></tr> <tr><th align="right">Timeout</th><td>$timeout</td></tr> <tr><th align="right">Profile</th><td>$profile_desc</td></tr> <tr><th></th><td> </td></tr> <tr><th align="right">Schedule Info</th><td> </td></tr> EOT;*/ //$arrTime = localtime((int)gmdate('U'), true); $arrTime = explode(":", gmdate('Y:m:d:w:H:i:s')); $year = $arrTime[0]; $mon = $arrTime[1]; $mday = $arrTime[2]; $wday = $arrTime[3]; $hour = $arrTime[4]; $min = $arrTime[5]; $sec = $arrTime[6]; $timenow = $hour . $min . $sec; if ($time_hour) { $hour = $time_hour; } if ($time_min) { $min = $time_min; } #echo "hour=$hour<br>"; #$hour = $hour - $tz_offset; #echo "offset=$tz_offset<br>hour=$hour<br>"; #if ( $hour < "0" ) { echo "change 1<br>"; $hour = $hour + 24; } #if ( $hour >= "24" ) { echo "change 2<br>"; $hour = $hour - 24; } #echo "hour_changed=$hour<br>"; $run_wday = $wdaysMap[$dayofweek]; #echo "run_day=$run_wday<br>dayofweek=$dayofweek<br>"; $run_time = sprintf("%02d%02d%02d", $time_hour, $time_min, "00"); $run_mday = $dayofmonth; $time_value = "{$time_hour}:{$time_min}:00"; //echo "schedule_type: ".$schedule_type; //echo "$run_time : $timenow\n"; exit(); $ndays = array("Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"); switch ($schedule_type) { case "N": $requested_run = gmdate("YmdHis"); $sched_message = "No reccurring Jobs Necessary"; break; case "O": $requested_run = sprintf("%04d%02d%02d%06d", $ROYEAR, $ROMONTH, $ROday, $run_time); $sched_message = "No reccurring Jobs Necessary"; //var_dump($schedule_type); $recurring = True; $reccur_type = "Run Once"; break; case "D": if ($run_time > $timenow) { $next_day = $year . $mon . $mday; } else { $next_day = gmdate("Ymd", strtotime("+1 day GMT", gmdate("U"))); } // next day $requested_run = sprintf("%08d%06d", $next_day, $run_time); $recurring = True; $sched_message = "Schedule Reccurring"; $reccur_type = "Daily"; break; case "W": if ($run_wday == $wday && $run_time > $timenow) { $next_day = $year . $mon . $mday; } else { $next_day = gmdate("Ymd", strtotime("next " . $ndays[$run_wday] . " GMT", gmdate("U"))); } // next week $requested_run = sprintf("%08d%06d", $next_day, $run_time); $recurring = True; $sched_message = "Schedule Reccurring"; $reccur_type = "Weekly"; break; case "M": if ($run_mday > $mday || $run_mday == $mday && $run_time > $timenow) { $next_day = $year . $mon . ($run_mday < 10 ? "0" : "") . $run_mday; // this month #echo "date selected is in the future<br>"; } else { $next_day = sprintf("%06d%02d", gmdate("Ym", strtotime("next month GMT", gmdate("U"))), $run_mday); #$next_day = gmdate("Ymd", mktime(0, 0, 0, date("m")+1, $run_mday, date("y"))); // next month #echo "date selected is in the past<br>"; } #echo "run_mday=$run_mday mday=$mday rtime=$run_time now=$timenow next_day=$next_day<br>"; $requested_run = sprintf("%08d%06d", $next_day, $run_time); $recurring = True; $sched_message = "Schedule Reccurring"; $reccur_type = "Montly"; break; case "NW": $dayweektonum = array("Mo" => 1, "Tu" => 2, "We" => 3, "Th" => 4, "Fr" => 5, "Sa" => 6, "Su" => 7); $next_day = nthweekdaymonth($year, gmdate("n"), 1, $dayweektonum[$dayofweek], $nthweekday); $requested_run = sprintf("%08d%06d", $next_day, $run_time); $dayofmonth = $nthweekday; $recurring = True; $sched_message = "Schedule Reccurring"; $reccur_type = "Nth weekday of the month"; break; default: break; } //if ( $schedule_type != "N" ){ //$requested_run = switchTime_TimeZone( $requested_run, "server" ); //} /* echo <<<EOT <tr><th align="right">Type</th><td>$schedOptions[$schedule_type]</td></tr> <tr><th align="right">First Occurrence</th><td>$requested_run</td></tr> <tr><th align="right">Recurring</th><td>$sched_message</td></tr> <tr><th align="right"> </th><td></td></tr> <tr><th colspan="2">Target Selection</th></tr> EOT;*/ switch ($tarSel) { case "1": #SINGLE $vals = preg_split("/\\s+|\r\n|;/", $ip_list); foreach ($vals as $v) { $v = trim($v); if (strlen($v) > 0) { array_push($targets, $v); } } break; case "2": #IP RANGE if ($ip_start || $ip_end) { if ($ip_start && $ip_end) { $targets = range2List($ip_start, $ip_end); } else { // echo "<tr><td colspan=2>incomplete target list</td></tr>"; } } break; case "3": #NAMED TARGET $vals = preg_split("/\\s+|\n|,|;/", $named_list); foreach ($vals as $v) { $v = trim($v); if (strlen($v) > 0) { $ip = gethostbyname($v); if (strlen($ip) > 0) { array_push($targets, $ip); } else { // echo "<tr><td colspan=2>$v Name could not be resolved</td></tr>"; } } } break; case "4": #SUBNET array_push($targets, $cidr); break; case "5": if ($uroles['auditAll'] && $subnet == "ALL") { array_push($targets, "all_live_subnets"); } else { array_push($targets, $subnet); } $fk_name = "'" . $subnet . "'"; break; case "6": #$query = "SELECT isso_email, admin_sys, admin_dba, admin_network from vuln_systems WHERE acronym='$system'"; #$result = $dbconn->Execute($query); #list( $isso_poc, $poc_sa, $poc_dba, $poc_network ) = $result->fields; $all_pocs = $isso_poc; if ($all_pocs != "" && $poc_sa != "") { $all_pocs .= ", {$poc_sa}"; } if ($all_pocs != "" && $poc_dba != "") { $all_pocs .= ", {$poc_dba}"; } if ($all_pocs != "" && $poc_network != "") { $all_pocs .= ", {$poc_network}"; } $notify_email = $all_pocs; $fk_name = "'" . $system . "'"; break; default: #INPUT FILE break; } if ($tarSel < "4") { foreach ($targets as $hostip) { if (!$allowscan && !inrange($hostip, $dbconn)) { $need_authorized .= $hostip . "\n"; } $tmp_target_list .= $hostip . "\n"; //echo "<tr><td colspan=2>$hostip</td></tr>"; } if ($need_authorized != "") { //echo "<tr><th colspan=2><font color=red>NOT IN APPROVED ZONE</font></th></tr>"; $html_needs_auth = str_replace("\n", "<br>", $need_authorized); //echo "<tr><td colspan=2>$html_needs_auth</td></tr>"; } } elseif ($tarSel == "4") { $tmp_target_list = $cidr; //echo "<tr><td colspan=2>$cidr</td></tr>"; } elseif ($tarSel == "6") { $jobType = "S"; if ($recurring == True) { #$tmp_target_list=""; #DO NOT PUT THE LIST OF IP'S IN UNTIL THE JOB STARTS FOR REOCCURING ( LIST MAY BE FREQUENT TO CHANGE ) } else { /*$query = "SELECT hostip from vuln_systems t1 LEFT JOIN vuln_system_hosts t2 on t2.sysID = t1.id WHERE t1.acronym='$system'"; $result = $dbconn->Execute($query); while ( !$result->EOF ) { list($hostip) = $result->fields; if ( strlen($hostip)>0) { $tmp_target_list .= "$hostip\n"; array_push($targets, $hostip ); } $result->MoveNext(); }*/ } // echo "<tr><td colspan=2>$system</td></tr>"; } else { $jobType = "C"; $tmp_target_list = $subnet; // echo "<tr><td colspan=2>$subnet</td></tr>"; } if (!($tarSel == "6" && $recurring == True) && count($targets) == 0) { // echo "<p><center><font color=red>Missing Host Selection or BAD LIST:$targets[0]<br><br></font>" // ."[ <a href=\"javascript:history.go(-1)\">Go Back</a> ]</center></p>"; //logAccess( "USER $username Fubared: Missing Host Selection or BAD LIST:$targets[0]" ); require_once "footer.php"; exit; } elseif (!$sname) { // echo "<p><center><font color=red>Missing or BAD SNAME:[$sname]<br><br></font>" // ."[ <a href=\"javascript:history.go(-1)\">Go Back</a> ]</center></p>"; //logAccess( "USER $username Fubared something on job name [$sname]" ); require_once "footer.php"; exit; } if ($subnet == "" or $subnet == "0") { $subnet = "Null"; } else { $subnet = "'{$subnet}'"; } if ($SVRid == "" or $SVRid == "Null") { $SVRid = "Null"; } else { $SVRid = "'{$SVRid}'"; } if ($tmp_target_list != "") { $target_list = "'" . $tmp_target_list . "'"; } $arrChecks = array("w" => $wpolicies, "f" => $wfpolicies, "u" => $upolicies); $arrAudits = array('w', 'f', 'u'); foreach ($arrChecks as $check => $policydata) { $i = 1; $audit_data = ""; if ($policydata) { if ($i <= 5) { foreach ($policydata as $policy) { $audit_data .= "{$policy}\n"; $i++; } } } if ($audit_data != "") { $arrAudits[$check] = "'{$audit_data}'"; } else { $arrAudits[$check] = "NULL"; } } $insert_time = gmdate("YmdHis"); // if ( $need_authorized != "" || !($uroles['nessus']) ) { // $jobType="R"; #REQUEST JOB // #DO not wrap $subnet / $SVRid with ticks '' as 'Null' is not Null // $query = "INSERT INTO vuln_jobs ( name, fk_name, username, job_TYPE, meth_SCHED, meth_TARGET, meth_CRED, // meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wcheck, meth_Wfile, meth_Ucheck, meth_TIMEOUT, scan_ASSIGNED, scan_SUBMIT, // scan_next, scan_PRIORITY, status, notify ) VALUES ( '$sname', $fk_name, '$username', '$jobType', '$schedule_type', $target_list, $I3crID, // '$sid', '$custadd_type', $plugs_list, $arrAudits[w], $arrAudits[f], $arrAudits[u], '$timeout', $SVRid, '$insert_time', // '$requested_run', '3' , 'H', '$notify_email' )"; // $request = "for Approval"; // $subject = "Scan request [$sname]"; // $message = "HELLO SOC TEAM, \tThe following User [ $username ] has requested a scan against:\n" // ." $target_list\n\nPlease Promptly Accept/Reject the request!" // ."Thank You\n\nThe SOC TEAM!\n"; // mail($adminmail, $subject, $message, "From: $mailfrom\nX-Mailer: PHP/" . phpversion()); // echo "needs authorization<br>"; //logAccess( "USER $username Submitted Scan Request [$sname]" ); // } else { require_once "classes/Host_sensor_reference.inc"; require_once "classes/Net_sensor_reference.inc"; require_once "classes/Net.inc"; require_once "classes/Scan.inc"; require_once "classes/Sensor.inc"; //Check Permissions $allowed = array(); $notallowed = array(); $ftargets = explode("\\r\\n", $target_list); foreach ($ftargets as $ftarget) { $ftarget = preg_replace("/\r|\n|\t|\\s|\\'/", "", $ftarget); $unresolved = !preg_match("/\\d+\\.\\d+\\.\\d+\\.\\d+/", $ftarget) && $not_resolve ? true : false; if (preg_match("/\\//", $ftarget) && Session::netAllowed($dbconn, Net::get_name_by_ip($dbconn, $ftarget))) { //, $username $allowed[] = $ftarget; } else { if (Session::hostAllowed($dbconn, $ftarget) || $unresolved) { // , $username $allowed[] = $ftarget; } else { $notallowed[] = $ftarget; } } } if (count($allowed) > 0) { $forced_server = ""; $all_sensors = array(); $sensor_list = Sensor::get_all($dbconn, "", false); foreach ($sensor_list as $s) { $all_sensors[$s->get_ip()] = $s->get_name(); } // force scanner if ($SVRid != "Null") { $query = "SELECT hostname FROM vuln_nessus_servers WHERE id={$SVRid}"; $result = $dbconn->execute($query); list($forced_server) = $result->fields; } elseif ($not_resolve) { $result = $dbconn->Execute("SELECT name,hostname FROM vuln_nessus_servers WHERE enabled=1"); while (!$result->EOF) { list($name, $hostname) = $result->fields; if (Session::sensorAllowed($hostname)) { $all_sensors[$hostname] = $name; } $result->MoveNext(); } } // remote nmap $rscan = new RemoteScan("", ""); if ($rscan->available_scan()) { $reports = $rscan->get_scans(); $ids = is_array($reports) ? array_keys($reports) : array(); } else { $ids = array(); } //if ($forced_server!="") $ids = array_merge(array($forced_server),$ids); //$tsjobs = explode("\\r\\n", $target_list); $sgr = array(); $unables = array(); $tsjobs = $allowed; foreach ($tsjobs as $tjobs) { $tjobs = preg_replace("/\r|\n|\t|\\s|\\'/", "", $tjobs); $unresolved = !preg_match("/\\d+\\.\\d+\\.\\d+\\.\\d+/", $tjobs) && $not_resolve ? true : false; if (preg_match("/\\//", $tjobs)) { $sensor = Net_sensor_reference::get_list_array($dbconn, $tjobs); } else { $sensor = Host_sensor_reference::get_list_array($dbconn, $tjobs); } if ($forced_server != "") { $sensor = array_merge(array($forced_server), $sensor); } if ($unresolved || Session::am_i_admin() && count($sensor) == 0 && $forced_server == "") { if ($unresolved) { foreach ($all_sensors as $sip => $unused) { $sensor[] = $sip; } } else { $local_ip = `grep framework_ip /etc/ossim/ossim_setup.conf | cut -f 2 -d "="`; $local_ip = trim($local_ip); $results = $dbconn->Execute("SELECT name FROM vuln_nessus_servers WHERE hostname like '{$local_ip}'"); if ($results->fields["name"] != "") { $sensor[] = $local_ip; } } } // reorder sensors with load if ($forced_server != "") { $sensor = Sensor::reorder_sensors($dbconn, $sensor); } // select best sensor with available nmap and vulnmeter $selected = array(); foreach ($sensor as $sen) { $properties = Sensor::get_properties($dbconn, $sen); $withnmap = in_array($all_sensors[$sen], $ids) || !$hosts_alive || $unresolved; //echo "$sen:".$all_sensors[$sen].":$withnmap || $scan_locally:".$properties["has_vuln_scanner"]." || $SVRid:$forced_server<br>\n"; if ((Session::sensorAllowed($sen) || $forced_server != "") && ($withnmap || $scan_locally) && ($properties["has_vuln_scanner"] || $forced_server != "")) { //$selected = ($SVRid!="Null" && $all_sensors[$sen]!="") ? $all_sensors[$sen] : $sen; //echo "sel:$selected<br>\n"; //break; $selected[] = $forced_server != "" ? $forced_server : $sen; } } if (count($selected) > 0) { $sgr[implode(",", array_unique($selected))][] = $tjobs; } else { $unables[] = $tjobs; } } $query = array(); /* if($tz!=0) { list ($y,$m,$d,$h,$u,$s,$time) = Util::get_utc_from_date($dbconn, $requested_run, $tz); $requested_run = $y.$m.$d.$h.$u.$s; }*/ if ($op == "editrecurring" && $sched_id > 0) { $query[] = "DELETE FROM vuln_job_schedule WHERE id='{$sched_id}'"; $i = 1; foreach ($sgr as $notify_sensor => $targets) { $target_list = implode("\n", $targets); $target_list .= "\n" . implode("\n", $ip_exceptions_list); $query[] = "INSERT INTO vuln_job_schedule ( name, username, fk_name, job_TYPE, schedule_type, day_of_week, day_of_month, \n time, email, meth_TARGET, meth_CRED, meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wcheck, meth_Wfile, \n meth_Ucheck, meth_TIMEOUT, scan_ASSIGNED, next_CHECK, createdate, enabled, resolve_names ) VALUES ( '{$sname}', '{$username}', '" . Session::get_session_user() . "', '{$jobType}',\n '{$schedule_type}', '{$dayofweek}', '{$dayofmonth}', '{$time_value}', '{$notify_sensor}', '{$target_list}',\n {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list}, {$arrAudits['w']}, {$semail}, '{$scan_locally}',\n '{$timeout}', {$SVRid}, '{$requested_run}', '{$insert_time}', '1', '{$resolve_names}' ) "; $sjobs_names[] = $sname . $i; $i++; } } elseif ($recurring) { $i = 1; foreach ($sgr as $notify_sensor => $targets) { $target_list = implode("\n", $targets); $target_list .= "\n" . implode("\n", $ip_exceptions_list); $query[] = "INSERT INTO vuln_job_schedule ( name, username, fk_name, job_TYPE, schedule_type, day_of_week, day_of_month, \n time, email, meth_TARGET, meth_CRED, meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wcheck, meth_Wfile, \n meth_Ucheck, meth_TIMEOUT, scan_ASSIGNED, next_CHECK, createdate, enabled, resolve_names ) VALUES ( '{$sname}', '{$username}', '" . Session::get_session_user() . "', '{$jobType}',\n '{$schedule_type}', '{$dayofweek}', '{$dayofmonth}', '{$time_value}', '{$notify_sensor}', '{$target_list}',\n {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list}, {$arrAudits['w']}, {$semail}, '{$scan_locally}',\n '{$timeout}', {$SVRid}, '{$requested_run}', '{$insert_time}', '1', '{$resolve_names}' ) "; $sjobs_names[] = $sname . $i; $i++; } } else { $i = 1; foreach ($sgr as $notify_sensor => $targets) { $target_list = implode("\n", $targets); $target_list .= "\n" . implode("\n", $ip_exceptions_list); $query[] = "INSERT INTO vuln_jobs ( name, username, fk_name, job_TYPE, meth_SCHED, meth_TARGET, meth_CRED,\n meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wcheck, meth_Wfile, meth_Ucheck, meth_TIMEOUT, scan_ASSIGNED,\n scan_SUBMIT, scan_next, scan_PRIORITY, status, notify, authorized, author_uname, resolve_names ) VALUES ( '{$sname}',\n '{$username}', '" . Session::get_session_user() . "', '{$jobType}', '{$schedule_type}', '{$target_list}', {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list},\n {$arrAudits['w']}, {$semail}, {$arrAudits['u']}, '{$timeout}', {$SVRid}, '{$insert_time}', '{$requested_run}', '3',\n 'S', '{$notify_sensor}', '{$scan_locally}', 'ACL', '{$resolve_names}' ) "; $jobs_names[] = $sname . $i; $i++; } } $query_insert_time = gen_strtotime($insert_time, ""); foreach ($query as $sql) { $error_updating = false; $error_inserting = false; $sql = str_replace(", ',", ", '',", str_replace("''", "'", $sql)); if ($dbconn->execute($sql) === false) { echo _("Error creating scan job") . ": " . $dbconn->ErrorMsg(); if ($op == "editrecurring") { $error_updating = true; } else { $error_creating = true; } } else { if ($op == "editrecurring" && !$error_updating) { echo "<br><center>" . _("Successfully Updated Recurring Job") . "</center>"; if (count($notallowed) == 0 && count($unables) == 0) { ?> <script type="text/javascript"> //<![CDATA[ document.location.href='manage_jobs.php?hmenu=Vulnerabilities&smenu=Jobs'; //]]> </script><?php } //logAccess( "Updated Recurring Job [ $jid ]" ); } elseif (!$error_creating) { echo "<br><center>" . _("Successfully Submitted Job") . " {$request}</center>"; //logAccess( "Submitted Job [ $jid ] $request" ); foreach ($jobs_names as $job_name) { $infolog = array($job_name); Log_action::log(66, $infolog); } foreach ($sjobs_names as $job_name) { $infolog = array($job_name); Log_action::log(67, $infolog); } if (count($notallowed) == 0 && count($unables) == 0) { ?> <script type="text/javascript"> //<![CDATA[ document.location.href='manage_jobs.php?hmenu=Vulnerabilities&smenu=Jobs'; //]]> </script><?php } } else { echo "<br><center>" . _("Failed Job Creation") . "</center>"; //logAccess( "Failed Job Creation" ); if (count($notallowed) == 0 && count($unables) == 0) { ?> <script type="text/javascript"> //<![CDATA[ document.location.href='manage_jobs.php?hmenu=Vulnerabilities&smenu=Jobs'; //]]> </script><?php } } } } } //end count($alowed)>0 if (count($notallowed) > 0 || count($unables) > 0) { echo "<center>"; echo "<table class=\"noborder\" width=\"400\" style=\"background-color:transparent;\">"; echo "<tr><td class=\"nobborder\" style=\"text-align:left;\"><b>" . _("Errors Found") . ":</b></td></tr>"; if (count($notallowed) > 0) { if (!preg_match("/^\\d+\$/", $username)) { echo "<tr><td class=\"nobborder\" style=\"text-align:left;\">" . _("User") . " <b>{$username}</b> " . _("is not allowed for the following targets") . ":</td></tr>"; } else { $entity_query = "SELECT name FROM acl_entities WHERE id={$username}"; $result = $dbconn->execute($entity_query); list($username) = $result->fields; echo "<tr><td class=\"nobborder\" style=\"text-align:left;\">" . _("Entiy") . " <b>{$username}</b> " . _("is not allowed for the following targets") . ":</td></tr>"; } foreach ($notallowed as $target) { echo "<tr><td class=\"nobborder\" style=\"text-align:left;padding-left:5px;\">- <b>{$target}</b></tr>"; } echo "<tr height=\"30\"><td class=\"nobborder\"> </td></tr>"; } if (count($unables) > 0) { echo "<tr><td class=\"nobborder\" style=\"text-align:left;\">" . _("No remote vulnerability scanners available for the following targets") . ":</td></tr>"; foreach ($unables as $target) { echo "<tr><td class=\"nobborder\" style=\"text-align:left;padding-left:5px;\">- <b>{$target}</b></tr>"; } echo "<tr height=\"30\"><td class=\"nobborder\"> </td></tr>"; } echo "<tr><td class=\"nobborder\" style=\"text-align:center;\">"; echo "<form action=\"sched.php\" method=\"post\">"; ?> <input type="hidden" name="sname" value="<?php echo $sname; ?> "/> <?php $SVRid = str_replace("'", "", $SVRid); ?> <input type="hidden" name="SVRid" value="<?php echo $SVRid; ?> "/> <input type="hidden" name="sid" value="<?php echo $sid; ?> "/> <input type="hidden" name="timeout" value="<?php echo $timeout; ?> "/> <input type="hidden" name="schedule_type" value="<?php echo $schedule_type; ?> "/> <input type="hidden" name="ROYEAR" value="<?php echo $ROYEAR; ?> "/> <input type="hidden" name="ROMONTH" value="<?php echo $ROMONTH; ?> "/> <input type="hidden" name="ROday" value="<?php echo $ROday; ?> "/> <input type="hidden" name="time_hour" value="<?php echo $time_hour; ?> "/> <input type="hidden" name="time_min" value="<?php echo $time_min; ?> "/> <input type="hidden" name="dayofweek" value="<?php echo $dayofweek; ?> "/> <input type="hidden" name="nthweekday" value="<?php echo $nthweekday; ?> "/> <input type="hidden" name="dayofmonth" value="<?php echo $dayofmonth; ?> "/> <input type="hidden" name="ip_list" value="<?php echo str_replace("\\r\\n", ";;", $ip_list); ?> "/> <?php if (is_numeric($username)) { ?> <input type="hidden" name="entity" value="<?php echo $username; ?> "/> <?php } else { ?> <input type="hidden" name="user" value="<?php echo $username; ?> "/> <?php } ?> <input type="hidden" name="hosts_alive" value="<?php echo $hosts_alive; ?> "/> <input type="hidden" name="scan_locally" value="<?php echo $scan_locally; ?> "/> <input type="hidden" name="semail" value="<?php echo $semail; ?> "/> <input type="hidden" name="not_resolve" value="<?php echo $not_resolve; ?> "/> <?php echo "<input type=\"submit\" value=\"" . _("Back") . "\" class=\"button\"/> "; echo "<input value=\"" . _("Continue") . "\" class=\"button\" type=\"button\" onclick=\"document.location.href='manage_jobs.php?hmenu=Vulnerabilities&smenu=Jobs'\"></form>"; echo "</td></tr>"; echo "</table>"; echo "</center>"; } echo "</b></center>"; }
define('METHUSELAH_INCLUDE_CHECK', true); require_once "toolbox_internal.php"; $uuid = filter_input(INPUT_GET, 'uuid', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH); switch ($uuid) { case false: $log = readCommonLog(); echo "Reading log for all (" . count($log) . " messages):\r\n"; break; case "users": $log = readUsersLog(); echo "Reading users log (" . count($log) . " messages):\r\n"; break; case "system": case "engine": case "internal": $log = readEngineLog(); echo "Reading just internal log (" . count($log) . " messages):\r\n"; break; default: if (!isProfileExist($uuid)) { responseWithError("Wrong uuid: " . $uuid); } echo "Reading log (" . count($log) . " messages) for " . $uuid . " (" . getProfileName($uuid) . "):\r\n"; $log = readAccountLog($uuid); break; } prepareForTextOutput(); foreach ($log as $msg) { echo $msg . "\r\n"; } die;
function submit_scan($vuln_op, $sched_id, $sname, $notify_email, $schedule_type, $ROYEAR, $ROMONTH, $ROday, $time_hour, $time_min, $dayofweek, $dayofmonth, $timeout, $SVRid, $sid, $tarSel, $ip_list, $ip_exceptions_list, $ip_start, $ip_end, $named_list, $cidr, $subnet, $system, $cred_type, $credid, $acc, $domain, $accpass, $acctype, $passtype, $passstore, $wpolicies, $wfpolicies, $upolicies, $custadd_type, $cust_plugins, $is_enabled, $hosts_alive, $scan_locally, $nthweekday, $semail, $not_resolve, $time_interval, $biyear, $bimonth, $biday, $ssh_credential = "", $smb_credential = "") { global $wdaysMap, $daysMap, $allowscan, $uroles, $username, $schedOptions, $adminmail, $mailfrom, $dbk, $dbconn; // credentials $credentials = $ssh_credential . "|" . $smb_credential; $btime_hour = $time_hour; // save local time $btime_min = $time_min; $bbiyear = $biyear; $bbimonth = $bimonth; $bbiday = $biday; $tz = Util::get_timezone(); if ($schedule_type == "O") { // date and time for run once if (empty($ROYEAR)) { $ROYEAR = gmdate("Y"); } if (empty($ROMONTH)) { $ROMONTH = gmdate("m"); } if (empty($ROday)) { $ROday = gmdate("d"); } list($_y, $_m, $_d, $_h, $_u, $_s, $_time) = Util::get_utc_from_date($dbconn, "{$ROYEAR}-{$ROMONTH}-{$ROday} {$time_hour}:{$time_min}:00", $tz); $ROYEAR = $_y; $ROMONTH = $_m; $ROday = $_d; $time_hour = $_h; $time_min = $_u; } else { if ($schedule_type == "D" || $schedule_type == "W" || $schedule_type == "M" || $schedule_type == "NW") { // date and time for Daily, Day of Week, Day of month, Nth weekday of month list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, "{$biyear}-{$bimonth}-{$biday} {$time_hour}:{$time_min}:00", $tz); $biyear = $b_y; $bimonth = $b_m; $biday = $b_d; $time_hour = $b_h; $time_min = $b_u; } } if ($not_resolve == "1") { $resolve_names = 0; } else { $resolve_names = 1; } $notify_email = str_replace(";", ",", $notify_email); $requested_run = ""; $jobType = "M"; $recurring = False; $targets = array(); $time_value = ""; $profile_desc = getProfileName($sid); $target_list = ""; $need_authorized = ""; $request = ""; $plugs_list = "NULL"; $fk_name = "NULL"; $target_list = "NULL"; $tmp_target_list = ""; $jobs_names = array(); $sjobs_names = array(); $I3crID = ""; if ($hosts_alive == "1") { // option: Only scan hosts that are alive $I3crID = "1"; } else { $I3crID = "0"; } // if ( $custadd_type == "" ) { $custadd_type = "N"; } // if ( $custadd_type != "N" && $cust_plugins != "" ) { // $plugs_list=""; // $vals=preg_split( "/\s+|\r\n|,|;/", $cust_plugins ); // foreach($vals as $v) { // $v=trim($v); // if ( strlen($v)>0 ) { // $plugs_list .= $v . "\n"; // } // } // $plugs_list = "'".$plugs_list."'"; // } if ($schedule_type != "N") { // current datetime in UTC $arrTime = explode(":", gmdate('Y:m:d:w:H:i:s')); $year = $arrTime[0]; $mon = $arrTime[1]; $mday = $arrTime[2]; $wday = $arrTime[3]; $hour = $arrTime[4]; $min = $arrTime[5]; $sec = $arrTime[6]; $timenow = $hour . $min . $sec; $run_wday = $wdaysMap[$dayofweek]; $run_time = sprintf("%02d%02d%02d", $time_hour, $time_min, "00"); $run_mday = $dayofmonth; $time_value = "{$time_hour}:{$time_min}:00"; $ndays = array("Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"); $begin_in_seconds = mktime($bihour, $bimin, 0, $bimonth, $biday, $biyear); // selected datetime by user in UTC $current_in_seconds = mktime($hour, $min, 0, $mon, $mday, $year); // current datetime in UTC if (strlen($bimonth) == 1) { $bimonth = "0" . $bimonth; } if (strlen($biday) == 1) { $biday = "0" . $biday; } } switch ($schedule_type) { case "N": $requested_run = gmdate("YmdHis"); $sched_message = "No reccurring Jobs Necessary"; break; case "O": $requested_run = sprintf("%04d%02d%02d%06d", $ROYEAR, $ROMONTH, $ROday, $run_time); //error_log("O-> $requested_run\n" ,3,"/tmp/sched.log"); $sched_message = "No reccurring Jobs Necessary"; $recurring = True; $reccur_type = "Run Once"; break; case "D": if ($begin_in_seconds > $current_in_seconds) { $next_day = $biyear . $bimonth . $biday; // selected date by user } else { if ($run_time > $timenow) { $next_day = $year . $mon . $mday; } else { $next_day = gmdate("Ymd", strtotime("+1 day GMT", gmdate("U"))); } // next day } $requested_run = sprintf("%08d%06d", $next_day, $run_time); //error_log("D-> $requested_run\n" ,3,"/tmp/sched.log"); $recurring = True; $sched_message = "Schedule Reccurring"; $reccur_type = "Daily"; break; case "W": if ($begin_in_seconds > $current_in_seconds) { // if it is a future date $wday = date("w", mktime(0, 0, 0, $bimonth, $biday, $biyear)); // make week day for begin day if ($run_wday == $wday) { $next_day = $biyear . $bimonth . $biday; // selected date by user } else { $next_day = gmdate("Ymd", strtotime("next " . $ndays[$run_wday] . " GMT", mktime(0, 0, 0, $bimonth, $biday, $biyear))); } } else { if ($run_wday == $wday && $run_time > $timenow || $run_wday > $wday) { $next_day = $year . $mon . $mday; } else { $next_day = gmdate("Ymd", strtotime("next " . $ndays[$run_wday] . " GMT", gmdate("U"))); } // next week } preg_match("/(\\d{4})(\\d{2})(\\d{2})/", $next_day, $found); list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " {$btime_hour}:{$btime_min}:00", $tz); $requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00"); //error_log("W-> $requested_run\n" ,3,"/tmp/sched.log"); $recurring = True; $sched_message = "Schedule Reccurring"; $reccur_type = "Weekly"; break; case "M": if ($begin_in_seconds > $current_in_seconds) { // if it is a future date if ($run_mday >= $biday) { $next_day = $biyear . $bimonth . ($run_mday < 10 ? "0" : "") . $run_mday; // this month } else { $next_day = sprintf("%06d%02d", gmdate("Ym", strtotime("next month GMT", mktime(0, 0, 0, $bimonth, $biday, $biyear))), $run_mday); } } else { if ($run_mday > $mday || $run_mday == $mday && $run_time > $timenow) { $next_day = $year . $mon . ($run_mday < 10 ? "0" : "") . $run_mday; // this month } else { $next_day = sprintf("%06d%02d", gmdate("Ym", strtotime("next month GMT", gmdate("U"))), $run_mday); } } preg_match("/(\\d{4})(\\d{2})(\\d{2})/", $next_day, $found); list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " {$btime_hour}:{$btime_min}:00", $tz); $requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00"); //error_log("M-> $requested_run $begin_in_seconds $current_in_seconds\n" ,3,"/tmp/sched.log"); $recurring = True; $sched_message = "Schedule Reccurring"; $reccur_type = "Montly"; break; case "NW": if ($begin_in_seconds > $current_in_seconds) { // if it is a future date $array_time = array('month' => $bbimonth, 'day' => $bbiday, 'year' => $bbiyear); $requested_run = weekday_month(strtolower($daysMap[$dayofweek]), $nthweekday, $btime_hour, $btime_min, $array_time); } else { $requested_run = weekday_month(strtolower($daysMap[$dayofweek]), $nthweekday, $btime_hour, $btime_min); } preg_match("/(\\d{4})(\\d{2})(\\d{2})(\\d{2})(\\d{2})(\\d{2})/", $requested_run, $found); list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " " . $found[4] . ":" . $found[5] . ":00", $tz); $requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00"); //error_log("NW-> $requested_run\n" ,3,"/tmp/sched.log"); $dayofmonth = $nthweekday; $recurring = True; $sched_message = "Schedule Reccurring"; $reccur_type = "Nth weekday of the month"; break; default: break; } $insert_time = gmdate("YmdHis"); if (!empty($_SESSION["_vuln_targets"]) && count($_SESSION["_vuln_targets"]) > 0) { $arr_ctx = array(); $sgr = array(); foreach ($_SESSION["_vuln_targets"] as $target_selected => $server_id) { $sgr[$server_id][] = $target_selected; if (preg_match("/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\/\\d{1,2}\$/i", $target_selected)) { $related_ctxs = array_values(Asset_net::get_id_by_ips($dbconn, $target_selected)); if (is_array($related_ctxs) && count($related_ctxs) > 0) { $arr_ctx[$target_selected] = key(array_shift($related_ctxs)); } } else { if (preg_match("/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\$/i", $target_selected)) { $related_ctxs = array_values(Asset_host::get_id_by_ips($dbconn, $target_selected)); if (is_array($related_ctxs) && count($related_ctxs) > 0) { $arr_ctx[$target_selected] = key(array_shift($related_ctxs)); // to assign a ctx for a IP } } else { if (valid_hostname($target_selected) || valid_fqdns($target_selected)) { $filters = array('where' => "hostname like '{$target_selected}' OR fqdns like '{$target_selected}'"); $_hosts_data = Asset_host::get_basic_list($dbconn, $filters); $host_list = $_hosts_data[1]; if (count($host_list) > 0) { $first_host = array_shift($host_list); $hips = explode(",", $first_host['ips']); foreach ($hips as $hip) { $hip = trim($hip); $arr_ctx[$hip] = $first_host['ctx']; } } } } } } ossim_clean_error(); unset($_SESSION["_vuln_targets"]); // clean scan targets $query = array(); $IP_ctx = array(); foreach ($arr_ctx as $aip => $actx) { $IP_ctx[] = $actx . "#" . $aip; } if ($vuln_op == "editrecurring" && $sched_id > 0) { $query[] = "DELETE FROM vuln_job_schedule WHERE id='{$sched_id}'"; $i = 1; foreach ($sgr as $notify_sensor => $targets) { $target_list = implode("\n", $targets); $target_list .= "\n" . implode("\n", $ip_exceptions_list); $query[] = "INSERT INTO vuln_job_schedule ( name, username, fk_name, job_TYPE, schedule_type, day_of_week, day_of_month, \n time, email, meth_TARGET, meth_CRED, meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wfile, \n meth_Ucheck, meth_TIMEOUT, next_CHECK, createdate, enabled, resolve_names, time_interval, IP_ctx, credentials) VALUES ( '{$sname}', '{$username}', '" . Session::get_session_user() . "', '{$jobType}',\n '{$schedule_type}', '{$dayofweek}', '{$dayofmonth}', '{$time_value}', '{$notify_sensor}', '{$target_list}',\n {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list}, {$semail}, '{$scan_locally}',\n '{$timeout}', '{$requested_run}', '{$insert_time}', '1', '{$resolve_names}' ,'{$time_interval}', '" . implode("\n", $IP_ctx) . "', '{$credentials}') "; $sjobs_names[] = $sname . $i; $i++; } } elseif ($recurring) { $i = 1; foreach ($sgr as $notify_sensor => $targets) { $target_list = implode("\n", $targets); $target_list .= "\n" . implode("\n", $ip_exceptions_list); $query[] = "INSERT INTO vuln_job_schedule ( name, username, fk_name, job_TYPE, schedule_type, day_of_week, day_of_month, \n time, email, meth_TARGET, meth_CRED, meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wfile, \n meth_Ucheck, meth_TIMEOUT, scan_ASSIGNED, next_CHECK, createdate, enabled, resolve_names, time_interval, IP_ctx, credentials) VALUES ( '{$sname}', '{$username}', '" . Session::get_session_user() . "', '{$jobType}',\n '{$schedule_type}', '{$dayofweek}', '{$dayofmonth}', '{$time_value}', '{$notify_sensor}', '{$target_list}',\n {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list}, {$semail}, '{$scan_locally}',\n '{$timeout}', '{$SVRid}', '{$requested_run}', '{$insert_time}', '1', '{$resolve_names}' , '{$time_interval}', '" . implode("\n", $IP_ctx) . "', '{$credentials}') "; $sjobs_names[] = $sname . $i; $i++; } } else { $i = 1; foreach ($sgr as $notify_sensor => $targets) { $target_list = implode("\n", $targets); $target_list .= "\n" . implode("\n", $ip_exceptions_list); $query[] = "INSERT INTO vuln_jobs ( name, username, fk_name, job_TYPE, meth_SCHED, meth_TARGET, meth_CRED,\n meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wfile, meth_TIMEOUT, scan_ASSIGNED,\n scan_SUBMIT, scan_next, scan_PRIORITY, status, notify, authorized, author_uname, resolve_names, credentials ) VALUES ( '{$sname}',\n '{$username}', '" . Session::get_session_user() . "', '{$jobType}', '{$schedule_type}', '{$target_list}', {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list},\n {$semail}, '{$timeout}', '{$SVRid}', '{$insert_time}', '{$requested_run}', '3',\n 'S', '{$notify_sensor}', '{$scan_locally}', '" . implode("\n", $IP_ctx) . "', '{$resolve_names}' , '{$credentials}') "; // echo "$query1"; // die(); $jobs_names[] = $sname . $i; $i++; } } $query_insert_time = gen_strtotime($insert_time, ""); foreach ($query as $sql) { $error_updating = false; $error_inserting = false; if ($dbconn->execute($sql) === false) { echo _("Error creating scan job") . ": " . $dbconn->ErrorMsg(); if ($vuln_op == "editrecurring") { $error_updating = true; } else { $error_creating = true; } } else { $config_nt = array('content' => "", 'options' => array('type' => "nf_success", 'cancel_button' => false), 'style' => 'width: 40%; margin: 20px auto; text-align: center;'); if ($vuln_op == "editrecurring" && !$error_updating) { $config_nt["content"] = _("Successfully Updated Recurring Job"); $nt = new Notification('nt_1', $config_nt); $nt->show(); } elseif (!$error_creating) { $config_nt["content"] = _("Successfully Submitted Job"); $nt = new Notification('nt_1', $config_nt); $nt->show(); //logAccess( "Submitted Job [ $jid ] $request" ); foreach ($jobs_names as $job_name) { $infolog = array($job_name); Log_action::log(66, $infolog); } foreach ($sjobs_names as $job_name) { $infolog = array($job_name); Log_action::log(67, $infolog); } } else { echo "<br><center>" . _("Failed Job Creation") . "</center>"; } ?> <script type="text/javascript"> //<![CDATA[ document.location.href='<?php echo Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/manage_jobs.php', 'environment', 'vulnerabilities', 'scan_jobs'); ?> '; //]]> </script> <?php } } } // count($_SESSION["_vuln_targets"])>0 echo "</b></center>"; }