function GetRoutingTable($host, $community, $rtrtype) { global $w, $p; $OID = array("generic" => ".1.3.6.1.2.1.4.21.1.11", "riverstone" => ".1.3.6.1.2.1.4.24.4", "juniper" => ".1.3.6.1.2.1.4.24.4.1"); if (!extension_loaded("snmp")) { myError($w, $p, "no snmp!!! - compile php with --with-snmp --enable-ucd-snmp-hack"); exit; } if (strpos(strtoupper(PHP_OS), 'WIN') !== false) { // Windows snmp different } else { // Unix snmp different - need to set quickprint to be compatible // with Windows format. Windows does not have long print format // must test for os version as undefined function generates error // even with @ snmp_set_quick_print(1); } // protect against bad users! if (!array_key_exists($rtrtype, $OID)) { $rtrtype = "generic"; } $routes = @snmpwalkoid($host, $community, $OID[$rtrtype]); if (!$routes) { return 0; } for (reset($routes); $network = key($routes); next($routes)) { //here is the way to do it with RFC 2096 using ipCidrRouteMask //this is what we get back from the riverstone //meaning: subnet IP, subnet mask, destination = ip destination ip if ($rtrtype == "riverstone") { //kill the destination list($oc1, $oc2, $oc3, $oc4, $oc5, $rest) = explode(".", strrev($network), 6); //take the subnetmask list($oc1, $oc2, $oc3, $oc4, $rest) = explode(".", $rest, 5); $mask = strrev(sprintf("%s.%s.%s.%s", $oc1, $oc2, $oc3, $oc4)); //take the subnet addr list($oc1, $oc2, $oc3, $oc4, $rest) = explode(".", $rest, 5); $netaddr = strrev(sprintf("%s.%s.%s.%s", $oc1, $oc2, $oc3, $oc4)); } else { // The Old way to do it with RFC 1213 MIBv2 (which is deprecated) // do some magic to obtain a unique, sortable array index to force the results // into ip address order. index will be x0000000000 where the digits are the // integer representation of the ip address padded with zeros. $mask = $routes[$network]; // strip out last 4 octets from mib value - lots of .'s // complicate matters list($oc1, $oc2, $oc3, $oc4, $rest) = explode(".", strrev($network), 5); $netaddr = strrev(sprintf("%s.%s.%s.%s", $oc1, $oc2, $oc3, $oc4)); } // $ind='x'.str_pad(inet_aton(substr($netaddr, strpos($netaddr, '.')+1)), 10, "0", STR_PAD_LEFT); $ind = 'x' . str_pad(inet_aton($netaddr), 10, "0", STR_PAD_LEFT); $result["{$ind}"] = array("rtrbase" => $netaddr, "rtrmask" => $mask); } //"rtrmask"=>substr($mask, strpos($mask, ' ')+1)); return $result; }
function __SearchIP($params) { global $xmlrpcerruser; // import user errcode value // $params is an Array of xmlrpcval objects $errstr = ""; $err = 0; if (IPPLAN_API_VER != DBF_API_VER) { return new xmlrpcresp(0, $xmlrpcerruser + 3, "Incorrect API version"); } // get the first param $ipobj = $params->getParam(0); // if it's there and the correct type if (isset($ipobj) && $ipobj->scalartyp() == "string") { // extract the value of the state number $ipaddr = $ipobj->scalarval(); if (testIP($ipaddr)) { $err = 50; $errstr = "Invalid IP address!"; } else { if (!($ds = new IPplanDbf())) { return new xmlrpcresp(0, $xmlrpcerruser + 1, "Could not connect to database"); } $result = $ds->GetDuplicateSubnetAll(inet_aton($ipaddr), 1); // returns the following fields: // base.baseaddr, base.subnetsize, base.baseindex, base.descrip, customer.custdescrip, // customer.customer, base.lastmod, base.userid, base.swipmod while ($row = $result->FetchRow()) { $myVal[] = new xmlrpcval(array("baseaddr" => new xmlrpcval(inet_ntoa($row["baseaddr"])), "subnetsize" => new xmlrpcval($row["subnetsize"], "int"), "baseindex" => new xmlrpcval($row["baseindex"], "int"), "descrip" => new xmlrpcval($row["descrip"]), "customer" => new xmlrpcval($row["customer"], "int"), "custdescrip" => new xmlrpcval($row["custdescrip"])), "struct"); } } } else { // parameter mismatch, complain $err = 2; $errstr = "Incorrect parameters"; } if ($err) { // this is an error condition return new xmlrpcresp(0, $xmlrpcerruser + 1, $errstr); } else { // this is a successful value being returned return new xmlrpcresp(new xmlrpcval($myVal, "array")); } }
function get_ip($as_integer = false) { $ip = $_SERVER['REMOTE_ADDR']; if (CONFIG_TRUST_HTTP_X_FORWARDED_FOR_IP && isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { // in almost all cases, there will only be one IP in this header if (is_valid_ip($_SERVER['HTTP_X_FORWARDED_FOR'], true)) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $forwarded_for_list = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); foreach ($forwarded_for_list as $forwarded_for) { $forwarded_for = trim($forwarded_for); if (is_valid_ip($forwarded_for, true)) { $ip = $forwarded_for; break; } } } } if ($as_integer) { return inet_aton($ip); } else { return $ip; } }
// save the last customer used // must set path else Netscape gets confused! setcookie("ipplanCustomer", "{$cust}", time() + 10000000, "/"); $descrip = trim($descrip); if (strlen($descrip) == 0) { $formerror .= my_("You need to enter a description for the area") . "\n"; } if (!$ipaddr) { $formerror .= my_("Area address may not be blank") . "\n"; } else { if (testIP($ipaddr, TRUE)) { $formerror .= my_("Invalid area address - it must be the same format as an IP address") . "\n"; } } if (!$formerror) { $base = inet_aton($ipaddr); // check if user belongs to customer admin group $result = $ds->GetCustomerGrp($cust); // can only be one row - does not matter if nothing is // found as array search will return false $row = $result->FetchRow(); if (!in_array($row["admingrp"], $grps)) { myError($w, $p, my_("You may not create/modify an area for this customer as you are not a member of the customers admin group")); } $ds->DbfTransactionStart(); if ($action == "modify") { $result =& $ds->ds->Execute("UPDATE area SET areaaddr={$base}, \n descrip=" . $ds->ds->qstr($descrip) . " WHERE areaindex={$areaindex}") and $ds->AuditLog(array("event" => 151, "action" => "modify area", "descrip" => $descrip, "user" => getAuthUsername(), "area" => $ipaddr, "cust" => $cust)); } else { $result =& $ds->ds->Execute("INSERT INTO area\n (areaaddr, descrip, customer)\n VALUES\n ({$base}, " . $ds->ds->qstr($descrip) . ", {$cust})") and $ds->AuditLog(array("event" => 150, "action" => "create area", "descrip" => $descrip, "user" => getAuthUsername(), "area" => $ipaddr, "cust" => $cust)); } if ($result) {
if ($err) { myError($w, $p, my_("Error reading template!")); } insert($w, textb(sprintf(my_("Exporting all subnets marked as DHCP and all IP addresses with a user marked as '%s'"), DHCPRESERVED))); insert($w, textbr()); insert($w, textbr()); $cnt = 0; // search only for subnets marked dhcp $ds->dhcp = 1; $result = $ds->GetBase($startnum, $endnum, '', $cust); // loop through each subnet looking for a template while ($row = $result->FetchRow()) { $baseaddr = inet_ntoa($row["baseaddr"]); $baseindex = $row["baseindex"]; $descrip = $row["descrip"]; $size = inet_ntoa(inet_aton(ALLNETS) + 1 - $row["subnetsize"]); $broadcast = inet_ntoa($row["baseaddr"] + $row["subnetsize"] - 1); $result_template =& $ds->ds->Execute("SELECT info, infobin\n FROM baseadd\n WHERE baseindex={$baseindex}"); // no template defined on subnet, skip subnet if ($rowadd = $result_template->FetchRow()) { $template->Clear(); $template->Merge($template->decode($rowadd["info"])); insert($w, textbr(sprintf(my_("Exporting DHCP for %s"), $baseaddr))); //NOTE: need to check that correct template vars are available here!!! // else throw message and skip subnet!!! } else { // skip rest as no template on subnet continue; } // end template // first one found, open file for writing
function ProcessRow($ds, $cust, &$w, &$p, $data, $template, $append) { global $format; $num = count($data); // blank row if (empty($data[0])) { insert($w, block("<b>" . my_("Row is blank - ignoring") . "</b>")); return; } // bogus row if ($num < 7) { // ok to save what has been imported already $ds->DbfTransactionEnd(); myError($w, $p, my_("Row not the correct format.")); } if (testIP(trim($data[0]))) { insert($w, block("<b>" . my_("Invalid IP address") . "</b>")); return; } $ip = inet_aton(trim($data[0])); $user = substr($data[1], 0, 80); $location = substr($data[2], 0, 80); $descrip = substr($data[3], 0, 80); $hname = substr($data[4], 0, 100); $telno = substr($data[5], 0, 15); $macaddr = substr($data[6], 0, 12); if ($format == "xml") { $macaddr = $data[6]; } $info = ""; if (is_object($template)) { // all columns over 6 are considered for adding to template fields $cnt = 7; $userfld = array(); foreach ($template->userfld as $key => $value) { // set fields in template only if field in import file exists, else make blank $userfld[$key] = isset($data[$cnt]) ? $data[$cnt] : ""; $cnt++; } $template->Merge($userfld); $err = $template->Verify($w); if ($err) { // ok to save what has been imported already $ds->DbfTransactionEnd(); myError($w, $p, my_("Row failed template verify.")); } if ($template->is_blank() == FALSE) { $info = $template->encode(); } } // NOTE: Test ip address $result = $ds->GetBaseFromIP($ip, $cust); if (!($row = $result->FetchRow())) { // ok to save what has been imported already $ds->DbfTransactionEnd(); myError($w, $p, sprintf(my_("Subnet could not be found for IP address %s"), $data[0])); } $baseindex = $row["baseindex"]; $baseaddr = $row["baseaddr"]; $subnetsize = $row["subnetsize"]; if ($append == "on") { $ip = (array) $ip; if ($user === "NULL") { $user = ""; } if ($location === "NULL") { $location = ""; } if ($telno === "NULL") { $telno = ""; } if ($macaddr === "NULL") { $macaddr = ""; } if ($descrip === "NULL") { $descrip = ""; } if ($hname === "NULL") { $hname = ""; } } if ($ds->ModifyIP($ip, $baseindex, $user, $location, $telno, $macaddr, $descrip, $hname, $info) == 0) { insert($w, text(my_("IP address details modified"))); } else { insert($w, text(my_("IP address details could not be modified"))); } }
function searchOverlap($ds, &$w, $cust1, $cust2) { global $block; // dont trust variables $cust1 = floor($cust1); $cust2 = floor($cust2); $custdescrip1 = $ds->GetCustomerDescrip($cust1); $custdescrip2 = $ds->GetCustomerDescrip($cust2); // this query is not quick as indexes cannot be used!!! // must have first baseaddr called baseaddr else block pager // will not work - may break databases other than mysql $result =& $ds->ds->Execute("SELECT t1.baseaddr AS baseaddr,\n t1.baseindex AS baseindex1,\n t1.subnetsize AS subnetsize1,\n t1.descrip AS descrip1,\n t2.baseaddr AS baseaddr2,\n t2.baseindex AS baseindex2,\n t2.subnetsize AS subnetsize2,\n t2.descrip AS descrip2\n FROM base t1, base t2\n WHERE ((t1.baseaddr BETWEEN t2.baseaddr AND\n t2.baseaddr+t2.subnetsize-1) OR\n (t1.baseaddr+t1.subnetsize-1\n BETWEEN t2.baseaddr AND\n t2.baseaddr+t2.subnetsize-1) OR\n (t1.baseaddr < t2.baseaddr AND\n t1.baseaddr+t1.subnetsize >\n t2.baseaddr+t2.subnetsize)) AND\n t1.customer={$cust1} AND\n t2.customer={$cust2}\n ORDER BY t1.baseaddr"); $totcnt = 0; $vars = ""; // fastforward till first record if not first block of data while ($block and $totcnt < $block * MAXTABLESIZE and $row = $result->FetchRow()) { $vars = DisplayBlock($w, $row, $totcnt, "&cust1[]=" . $cust1 . "&cust2[]=" . $cust2); $totcnt++; } insert($w, block("<p>")); $cnt = 0; while ($row = $result->FetchRow()) { // draw heading only if there are records to display if ($cnt == 0) { // create a table insert($w, $t = table(array("cols" => "8", "class" => "outputtable"))); // draw heading setdefault("cell", array("class" => "heading")); insert($t, $c = cell(array("colspan" => "4"))); insert($c, block("<center>")); insert($c, text($custdescrip1)); insert($c, block("</center>")); insert($t, $c = cell(array("colspan" => "4"))); insert($c, block("<center>")); insert($c, text($custdescrip2)); insert($c, block("</center>")); insert($t, $c = cell()); if (!empty($vars)) { insert($c, anchor($vars, "<<")); } insert($c, text(my_("Base address"))); insert($t, $c = cell()); insert($c, text(my_("Subnet size"))); insert($t, $c = cell()); insert($c, text(my_("Subnet mask"))); insert($t, $c = cell()); insert($c, text(my_("Description"))); insert($t, $c = cell()); insert($c, text(my_("Base address"))); insert($t, $c = cell()); insert($c, text(my_("Subnet size"))); insert($t, $c = cell()); insert($c, text(my_("Subnet mask"))); insert($t, $ck = cell()); insert($ck, text(my_("Description"))); setdefault("cell", array("class" => color_flip_flop())); } // customer 1 if ($row["subnetsize1"] == 1) { insert($t, $c = cell()); insert($c, text(inet_ntoa($row["baseaddr"]))); } else { insert($t, $c = cell()); insert($c, anchor("displaysubnet.php?baseindex=" . $row["baseindex1"], inet_ntoa($row["baseaddr"]))); } if ($row["subnetsize1"] == 1) { insert($t, $c = cell()); insert($c, text("Host")); } else { insert($t, $c = cell()); insert($c, text($row["subnetsize1"])); } insert($t, $c = cell()); insert($c, text(inet_ntoa(inet_aton(ALLNETS) + 1 - $row["subnetsize1"]) . "/" . inet_bits($row["subnetsize1"]))); insert($t, $c = cell()); insert($c, text($row["descrip1"])); // customer 2 if ($row["subnetsize2"] == 1) { insert($t, $c = cell()); insert($c, text(inet_ntoa($row["baseaddr2"]))); } else { insert($t, $c = cell()); insert($c, anchor("displaysubnet.php?baseindex=" . $row["baseindex2"], inet_ntoa($row["baseaddr2"]))); } if ($row["subnetsize2"] == 1) { insert($t, $c = cell()); insert($c, text(my_("Host"))); } else { insert($t, $c = cell()); insert($c, text($row["subnetsize2"])); } insert($t, $c = cell()); insert($c, text(inet_ntoa(inet_aton(ALLNETS) + 1 - $row["subnetsize2"]) . "/" . inet_bits($row["subnetsize2"]))); insert($t, $c = cell()); insert($c, text($row["descrip2"])); if ($totcnt % MAXTABLESIZE == MAXTABLESIZE - 1) { break; } $cnt++; $totcnt++; } insert($w, block("<p>")); if ($cnt) { $vars = ""; $printed = 0; while ($row = $result->FetchRow()) { $totcnt++; $vars = DisplayBlock($w, $row, $totcnt, "&cust1[]=" . $cust1 . "&cust2[]=" . $cust2); if (!empty($vars) and !$printed) { insert($ck, anchor($vars, ">>")); $printed = 1; } } } }
$cnt++; insert($w, textbr()); insert($w, text(my_("Importing row:") . " {$cnt} ")); $num = count($data); // blank row if (empty($data[0])) { insert($w, block("<b>" . my_("Row is blank - ignoring") . "</b>")); continue; } // bogus row if ($num < 3) { insert($w, text(sprintf(my_("Row %u of imported file is not the correct format [ %s ]"), $cnt, $data[0]))); break; } $ipaddr = trim($data[0]); $base = inet_aton(trim($data[0])); $descrip = $data[1]; $size = getSizeFromMask($data[2]); $descrip = substr(trim($descrip), 0, 80); // Changed - Begin [FE] // Start of template support for base $info = ""; if ($template->is_error() == FALSE) { // all columns over 3 are considered for adding to template fields $position = 4; $userfld = array(); foreach ($template->userfld as $key => $value) { // set fields in template only if field in import file exists, else make blank $userfld[$key] = isset($data[$position]) ? $data[$position] : ""; $position++; }
function RevZoneAddRR($zoneid, $answer) { global $grps; // open a new database connection $ds = new Base(); if (!$ds) { $this->err = 90; $this->errstr .= my_("Could not connect to database"); } $ds->SetGrps($grps); $ds->SetSearchIn(1); foreach ($answer as $rr) { if ($rr->type == "PTR") { $recordtype = $rr->type; $domain = $rr->ptrdname; // proper domain name $host = $rr->name; // in format 46.61.110.147.in-addr.arpa } else { continue; } // now split ip address list($oc1, $oc2, $oc3, $oc4, $tail) = split("\\.", $host, 5); $ipaddr = "{$oc4}.{$oc3}.{$oc2}.{$oc1}"; if (testIP($ipaddr)) { $this->errstr .= sprintf(my_("Invalid address %s"), $ipaddr) . "\n"; continue; } $ds->SetIPaddr($ipaddr); $result = $ds->FetchBase($this->cust, 0, 0); if (!$result) { $this->err = 70; $this->errstr .= $ds->errstr; } // add records here - got a match for a subnet if ($row = $result->FetchRow()) { $baseindex = $row["baseindex"]; $affected = $ds->UpdateIP(inet_aton($ipaddr), $baseindex, "hname", $domain); if (!$affected) { $ds->AddIP(inet_aton($ipaddr), $baseindex, "", "", "", "", "Reverse zone import", $domain, ""); } } else { $this->errstr .= sprintf(my_("No subnet found for address %s"), $ipaddr) . "\n"; } } return TRUE; }
function ProcessNmap($ds, $base, $id, $size) { global $addhostinfo; $resarr = array(); if ($addhostinfo) { $command = NMAP . " -sP " . escapeshellarg(inet_ntoa($base) . "/" . inet_bits($size)) . " -oX -"; } else { $command = NMAP . " -n -sP " . escapeshellarg(inet_ntoa($base) . "/" . inet_bits($size)) . " -oX -"; } exec($command, $resarr, $retval); // did NMAP fail due to safe mode or other error? if ($retval) { return 1; } else { // no error require_once "../xmllib.php"; $input = implode("", $resarr); // nmap parser always returns arrays for tags of form // [tagname][0...x][element] // array index will mostly be zero if one as most results // return 1 tag $xml_parser = new xmlnmap("HOST"); if (!$xml_parser->parser) { return 1; // XML parser failure - probably not compiled in } $output = $xml_parser->parse($input); if (!$output) { return 1; // not XML format } foreach ($output as $value) { if ($value["STATUS"][0]["STATE"] == "up") { // need to loop through ADDR array here! Check that // ["ADDRESS"][0]["ADDRTYPE"]=="ipv4" or // ["ADDRESS"][0]["ADDRTYPE"]=="mac" $newbase = inet_aton($value["ADDRESS"][0]["ADDR"]); $newmac = ""; if ($value["ADDRESS"][1]["ADDRTYPE"] == "mac") { $newmac = str_replace(array(":", "-", " "), "", $value["ADDRESS"][1]["ADDR"]); } if (empty($value["OSMATCH"][0]["NAME"])) { $newuser = ""; } else { $newuser = $value["OSMATCH"][0]["NAME"]; } $newdescrip = "active"; if (!empty($value["HOSTNAME"][0]["NAME"])) { $newhname = $value["HOSTNAME"][0]["NAME"]; } else { $newhname = ""; } // check within range of subnet before adding to ignore // broadcast and network addresses if ($newbase > $base and $newbase < $base + $size - 1) { $ds->AddIP($newbase, $id, $newuser, "", "", $newmac, $newdescrip, $newhname, ""); // address was polled? So add polled status $ds->UpdateIPPoll($id, $newbase); } } } return 0; } }
} else { if (testIP($zoneip)) { myError($w, $p, my_("Invalid IP address")); } else { if (!$size) { myError($w, $p, my_("Size may not be zero")); } else { if ($size > 1) { if (TestBaseAddr(inet_aton3($zoneip), $size)) { myError($w, $p, my_("Invalid base address!")); } } } } } $zoneip = inet_aton($zoneip); $cnt = 0; for ($i = 1; $i < 11; $i++) { if ($hname[$i] and !preg_match("/[^ \t@()<>,]+\\.[^ \t()<>,.]+\$/", $hname[$i])) { myError($w, $p, sprintf(my_("Invalid hostname %u"), $i) . "\n"); } if ($hname[$i]) { $cnt++; } } if ($cnt < 2) { myError($w, $p, my_("Invalid zone - you need at least two nameservers")); } if (!is_numeric($ttl) or !is_numeric($refresh) or !is_numeric($retry) or !is_numeric($expire) or !is_numeric($minimum) or $ttl < 1 or $refresh < 1 or $retry < 1 or $expire < 1 or $minimum < 1) { myError($w, $p, my_("Invalid domain timeout values")); }
// ##################### Start OF Edit ############################## if ($action == "edit") { if (!$ds->ds->GetOne("SELECT recidx FROM fwdzonerec WHERE customer={$cust} AND recidx=" . $dataid)) { myError($w, $p, my_("Could not find the record - possibly deleted by another user")); } $dom_id = $ds->ds->GetOne("SELECT data_id\n FROM fwdzone\n WHERE customer={$cust} AND domain=" . $ds->ds->qstr($domain)); // Updated DB here. // Log the Transaction. $ds->DbfTransactionStart(); // do update of ip record with hostname as part of transaction if ($updateiprec) { $fqdn = substr($host, -1, 1) == "." ? substr($host, 0, -1) : "{$host}.{$domain}"; $result = $ds->GetBaseFromIP(inet_aton($iphostname), $cust); if ($row = $result->FetchRow()) { $baseindex = $row["baseindex"]; $ds->ModifyIP(array(inet_aton($iphostname)), $baseindex, "", "", "", "", "", $fqdn, ""); // not really an error, but a warning? $formerror .= my_("Subnet IP record updated with hostname: ") . "{$fqdn}\n"; } } $result =& $ds->ds->Execute("UPDATE fwdzonerec SET sortorder=" . $sortorder . ", host=" . $ds->ds->qstr($host) . ", lastmod=" . $ds->ds->DBTimeStamp(time()) . ", recordtype=" . $ds->ds->qstr($recordtype) . ", userid=" . $ds->ds->qstr(getAuthUsername()) . ", ip_hostname=" . $ds->ds->qstr($iphostname) . " WHERE customer={$cust} AND recidx=" . $dataid) and $ds->ds->Execute("UPDATE fwdzone \n SET error_message=" . $ds->ds->qstr("E") . ",\n lastmod=" . $ds->ds->DBTimeStamp(time()) . " WHERE customer={$cust} AND data_id=" . $dom_id) and $ds->AuditLog(array("event" => 122, "action" => "modified zone record", "cust" => $cust, "user" => getAuthUsername(), "domain" => $domain, "host" => $host, "recordtype" => $recordtype, "iphostname" => $iphostname)); if ($result) { $ds->DbfTransactionEnd(); insert($w, textbr(my_("Host Record Modified"))); $zone = ""; } else { $ds->DbfTransactionRollback(); $formerror .= my_("Host record could not be modifed. Try again.") . "\n"; } } // ##################### END OF Edit ##############################
insert($t, $ck = cell()); insert($ck, text(my_("Action"))); $cnt = 0; while ($row = $result->FetchRow()) { setdefault("cell", array("class" => color_flip_flop())); insert($t, $c = cell()); insert($c, anchor("displaysubnet.php?baseindex=" . $row["baseindex"] . "&cust=" . $cust, inet_ntoa($row["baseaddr"]))); if ($row["subnetsize"] == 1) { insert($t, $c = cell()); insert($c, text(my_("Host"))); } else { insert($t, $c = cell()); insert($c, text($row["subnetsize"])); } insert($t, $c = cell()); insert($c, text(inet_ntoa(inet_aton(ALLNETS) + 1 - $row["subnetsize"]) . "/" . inet_bits($row["subnetsize"]))); insert($t, $c = cell()); insert($c, text($row["descrip"])); insert($t, $c = cell()); insert($c, block("<small>")); insert($c, anchor("../admin/usermanager.php?action=groupeditform&grp=" . urlencode($row["admingrp"]), $row["admingrp"])); insert($c, block("</small>")); insert($t, $c = cell()); insert($c, block("<small>")); insert($c, checkbox(array("name" => "baseindex[]", "value" => $row["baseindex"]), "")); insert($c, anchor($_SERVER["PHP_SELF"] . "?baseindex=" . $row["baseindex"] . "&cust=" . $cust . "&areaindex=" . $areaindex . "&rangeindex=" . $rangeindex . "&descrip=" . urlencode($descrip) . "&block=" . $block . "&ipaddr=" . $ipaddr . "&action=delete", my_("Delete Subnet"), $ipplanParanoid ? array("onclick" => "return confirm('" . my_("Are you sure?") . "')") : FALSE)); insert($c, block(" | ")); insert($c, anchor("modifysubnet.php?baseindex=" . $row["baseindex"] . "&areaindex=" . $areaindex . "&rangeindex=" . $rangeindex . "&cust=" . $cust . "&descrip=" . urlencode($row["descrip"]) . "&ipaddr=" . urlencode($ipaddr) . "&search=" . urlencode($descrip) . "&grp=" . urlencode($row["admingrp"]), my_("Modify/Copy/Move subnet details"))); insert($c, block(" | ")); insert($c, anchor($_SERVER["PHP_SELF"] . "?baseindex=" . $row["baseindex"] . "&cust=" . $cust . "&areaindex=" . $areaindex . "&rangeindex=" . $rangeindex . "&descrip=" . urlencode($descrip) . "&block=" . $block . "&ipaddr=" . $ipaddr . "&action=join", my_("Join Subnet"), $ipplanParanoid ? array("onclick" => "return confirm('" . my_("Are you sure?") . "')") : FALSE)); if ($row["subnetsize"] > 1) {
function save_uploaded_file_peta($data) { $data["upload_time"] = time(); $stamp = date("Ymdhis"); $ip = get_client_ip(); //from conf php $id_file = basename($data["file_temp"], ".tmp") . "-" . "{$stamp}-" . inet_aton($ip); $data["id_file_str"] = $id_file; //$this->conn->debug=true; $this->conn->StartTrans(); $data["ip_client"] = get_ip_address(); $this->conn->AutoExecute("wa_spasial_file_upload", $data, "INSERT"); $ID = $this->conn->GetOne("select max(idx) from wa_spasial_file_upload"); $ok = $this->conn->CompleteTrans(); if ($ok) { return $ID; } else { return FALSE; } }
function myRangeDropDown($ds, $f2, $cust, $areaindex) { $cust = floor($cust); // dont trust $cust as it could // come from form post $areaindex = floor($areaindex); // display range drop down list if ($areaindex) { $result = $ds->GetRangeInArea($cust, $areaindex); } else { $result = $ds->GetRange($cust, 0); } // don't bother if there are no records, will always display "No range" insert($f2, textbrbr(my_("Range (optional)"))); $lst = array(); $lst["0"] = my_("No range selected"); while ($row = $result->FetchRow()) { $col = $row["rangeindex"]; $lst["{$col}"] = inet_ntoa($row["rangeaddr"]) . "/" . inet_ntoa(inet_aton(ALLNETS) - $row["rangesize"] + 1) . "/" . inet_bits($row["rangesize"]) . " - " . $row["descrip"]; } insert($f2, selectbox($lst, array("name" => "rangeindex"))); }
$formerror .= my_("Subnet could not be modified") . "\n"; } } } if (!$_POST || $formerror) { myError($w, $p, $formerror, FALSE); $result = $ds->GetBaseFromIndex($baseindex); if (!($row = $result->FetchRow())) { myError($w, $p, my_("Subnet cannot be found!")); } $size = $row["subnetsize"]; $baseaddr = $row["baseaddr"]; $baseip = inet_ntoa($row["baseaddr"]); $dhcp = $row["baseopt"] & 1; insert($w, block("<h3>")); insert($w, text(my_("Subnet:") . " " . inet_ntoa($baseaddr) . " " . my_("Mask:") . " " . inet_ntoa(inet_aton(ALLNETS) + 1 - $size) . "/" . inet_bits($size))); insert($w, textbr()); insert($w, text(my_("Description:") . " " . $row["descrip"])); insert($w, block("</h3>")); // start form insert($w, $f1 = form(array("name" => "THISFORM", "method" => "get", "action" => $_SERVER["PHP_SELF"]))); $cust = myCustomerDropDown($ds, $f1, $cust, $grps) or myError($w, $p, my_("No customers")); insert($f1, hidden(array("name" => "descrip", "value" => "{$descrip}"))); insert($f1, hidden(array("name" => "search", "value" => "{$search}"))); insert($f1, hidden(array("name" => "ipaddr", "value" => "{$ipaddr}"))); insert($f1, hidden(array("name" => "areaindex", "value" => "{$areaindex}"))); insert($f1, hidden(array("name" => "rangeindex", "value" => "{$rangeindex}"))); insert($f1, hidden(array("name" => "baseindex", "value" => "{$baseindex}"))); insert($f1, hidden(array("name" => "grp", "value" => "{$grp}"))); insert($f1, hidden(array("name" => "origcust", "value" => "{$origcust}"))); $result = $ds->GetGrps();
function ip2country($ip, $usedb = false) { global $database; if (JOOMLAWATCH_JOOMLA_15) { $this->database =& JFactory::getDBO(); } else { $this->database = $database; } // TODO: Add regex to verify ip is valid if ($ip) { $this->_IPn = inet_aton($ip); $this->IP = $ip; } $this->CVSFile = dirname(__FILE__) . "\\ip-to-country.csv"; $this->UseDB = $usedb; // Défault value $this->db_host = "localhost"; $this->db_tablename = "ip2c"; $this->db_ip_from_colname = "start"; $this->db_ip_to_colname = "end"; $this->db_prefix1_colname = "cc"; $this->db_prefix2_colname = "a3"; $this->db_country_colname = "country"; }
function UpdateLnk($ds, $w, $cust, $baseindex, $lnk, $ip) { /* // got link address, see if there is a subnet for this link // if no subnet found, do nothing $result=$ds->GetBaseFromIndex($baseindex); $row = $result->FetchRow(); $cust=$row["customer"]; */ $result = $ds->GetBaseFromIP(inet_aton($lnk), $cust); // yep found one, now see if a record exists if ($row = $result->FetchRow()) { $lnkidx = $row["baseindex"]; if (!$ds->TestCustomerGrp($lnkidx, getAuthUsername())) { return sprintf(my_("Destination linked address %s IP record not created as you are not a member of the customers admin group"), $lnk) . "\n"; } if (!($result = $ds->GetIPDetails($lnkidx, inet_aton($lnk)))) { // no row in subnet, then add one // NEED TO CHECK DESTINATION OWNERSHIP BEFORE ADDING RECORD $ds->ModifyIP(inet_aton($lnk), $lnkidx, "", "", "", "", "Linked address from " . inet_ntoa($ip), "", ""); insert($w, textbr(sprintf(my_("Destination linked address %s IP record created"), $lnk))); } } }
function _save_uploaded_file($data) { $data["upload_time"] = time(); $data["creator"] = $this->data["users"]['user']['username']; $stamp = date("Ymdhis"); $ip = get_client_ip(); //from conf php $id_file = basename($data["file_temp"], ".tmp") . "-" . "{$stamp}-" . inet_aton($ip); $data["id_file_str"] = $id_file; $data["ip_client"] = $this->_prepare_ip($this->input->ip_address()); //$this->conn->debug=true; $this->conn->StartTrans(); $this->conn->AutoExecute("m_wa_document_file_upload", $data, "INSERT"); $ok = $this->conn->CompleteTrans(); $ID = FALSE; if ($ok) { $ID = $this->conn->GetOne("select max(idx) from m_wa_document_file_upload"); } return $ID; }
function get_page($id) { global $language; global $remote_addr; global $title; $page = db_read(array('table' => 'page', 'col' => 'content', 'where' => '`id` = ' . $id)); // ---------------- {remove} {/remove} ---------------- // while (($posb = strpos($page, '{remove}')) !== FALSE) { $pose = $posb + 8; if (($endb = strpos($page, '{/remove}', $pose)) !== FALSE) { $ende = $endb + 9; $page = substr($page, 0, $posb) . '' . substr($page, $ende); } else { $page = substr($page, 0, $posb) . '{not closed remove}' . substr($page, $pose); } } // ---------------- {language:en} {/language} ---------------- // while (($posb = strpos($page, '{language:')) !== FALSE) { $posc = $posb + 10; if (($pose = strpos($page, '}', $posc)) !== FALSE) { $lang = filter_ln(substr($page, $posc, $pose - $posc)); $pose++; if (($endb = strpos($page, '{/language}', $pose)) !== FALSE) { $ende = $endb + 11; if ($language == $lang) { $page = substr($page, 0, $endb) . '' . substr($page, $ende); $page = substr($page, 0, $posb) . '' . substr($page, $pose); } else { $page = substr($page, 0, $posb) . '' . substr($page, $ende); } } else { $page = substr($page, 0, $posb) . '{not closed language}' . substr($page, $pose); } } else { $page = substr($page, 0, $posb) . '{broken language}' . substr($page, $posc); } } // ---------------- {ip:192.168.0.1} {/ip} ---------------- // while (($posb = strpos($page, '{ip:')) !== FALSE) { $posc = $posb + 4; if (($pose = strpos($page, '}', $posc)) !== FALSE) { $ip = substr($page, $posc, $pose - $posc); $ip = filter($ip, array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '.', ':', '-', ',')); $pose++; if (($endb = strpos($page, '{/ip}', $pose)) !== FALSE) { $ende = $endb + 5; $ip = explode(',', $ip); $match = FALSE; $remote_addrn = inet_aton($remote_addr); foreach ($ip as $v) { $range = explode('-', $v); if (!isset($range[1])) { $range[1] = $range[0]; } if (inet_aton($range[0]) <= $remote_addrn && $remote_addrn <= inet_aton($range[1])) { $match = TRUE; break; } } if ($match) { $page = substr($page, 0, $endb) . '' . substr($page, $ende); $page = substr($page, 0, $posb) . '' . substr($page, $pose); } else { $page = substr($page, 0, $posb) . '' . substr($page, $ende); } } else { $page = substr($page, 0, $posb) . '{not closed ip}' . substr($page, $pose); } } else { $page = substr($page, 0, $posb) . '{broken ip}' . substr($page, $posc); } } // ---------------- {eip:192.168.0.1} {/ip} ---------------- // while (($posb = strpos($page, '{eip:')) !== FALSE) { $posc = $posb + 5; if (($pose = strpos($page, '}', $posc)) !== FALSE) { $ip = substr($page, $posc, $pose - $posc); $ip = filter($ip, array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '.', ':', '-', ',')); $pose++; if (($endb = strpos($page, '{/eip}', $pose)) !== FALSE) { $ende = $endb + 6; $ip = explode(',', $ip); $match = FALSE; $remote_addrn = inet_aton($remote_addr); foreach ($ip as $v) { $range = explode('-', $v); if (!isset($range[1])) { $range[1] = $range[0]; } if (inet_aton($range[0]) <= $remote_addrn && $remote_addrn <= inet_aton($range[1])) { $match = TRUE; break; } } if ($match) { $page = substr($page, 0, $posb) . '' . substr($page, $ende); } else { $page = substr($page, 0, $endb) . '' . substr($page, $ende); $page = substr($page, 0, $posb) . '' . substr($page, $pose); } } else { $page = substr($page, 0, $posb) . '{not closed eip}' . substr($page, $pose); } } else { $page = substr($page, 0, $posb) . '{broken eip}' . substr($page, $posc); } } // ---------------- {title} {/title} ---------------- // while (($posb = strpos($page, '{title}')) !== FALSE) { $pose = $posb + 7; if (($endb = strpos($page, '{/title}', $pose)) !== FALSE) { $ende = $endb + 8; $title = substr($page, $pose, $endb - $pose); $page = substr($page, 0, $posb) . '' . substr($page, $ende); } else { $page = substr($page, 0, $posb) . '{not closed title}' . substr($page, $pose); } } // ---------------- {include:0} ---------------- // while (($posb = strpos($page, '{include:')) !== FALSE) { $posc = $posb + 9; if (($pose = strpos($page, '}', $posc)) !== FALSE) { $n = filter_n(substr($page, $posc, $pose - $posc)); $include = get_page($n); if (!$include) { $include = '{wrong include}'; } $pose++; } else { $include = '{broken include}'; $pose = $posc; } $page = substr($page, 0, $posb) . $include . substr($page, $pose); } // ---------------- {template:0} {content} ---------------- // while (($posb = strpos($page, '{template:')) !== FALSE) { $posc = $posb + 10; if (($pose = strpos($page, '}', $posc)) !== FALSE) { $n = filter_n(substr($page, $posc, $pose - $posc)); $template = get_page($n); if (!$template) { $template = '{wrong template}'; } $pose++; } else { $template = '{broken template}'; $pose = $posc; } $page = substr($page, 0, $posb) . '' . substr($page, $pose); if (($conb = strpos($template, '{content}')) !== FALSE) { $cone = $conb + 9; } else { $conb = $cone = strlen($template); } $page = substr($template, 0, $conb) . $page . substr($template, $cone); break; } // ---------------- {i:0} ---------------- // while (($posb = strpos($page, '{i:')) !== FALSE) { $posc = $posb + 3; if (($pose = strpos($page, '}', $posc)) !== FALSE) { $n = filter_n(substr($page, $posc, $pose - $posc)); $file = db_read(array('table' => 'file', 'col' => array('desc', 'width', 'height'), 'where' => '`id` = ' . $n)); if ($file && $file['width']) { $image = '<img src="/i/' . $n . '" style="width: ' . $file['width'] . 'px; height: ' . $file['height'] . 'px;"' . ($file['desc'] ? ' alt="' . $file['desc'] . '"' : '') . '>'; } else { $image = '{wrong image}'; } $pose++; } else { $image = '{broken image}'; $pose = $posc; } $page = substr($page, 0, $posb) . $image . substr($page, $pose); } // ---------------- {f:0} ---------------- // while (($posb = strpos($page, '{f:')) !== FALSE) { $posc = $posb + 3; if (($pose = strpos($page, '}', $posc)) !== FALSE) { $n = filter_n(substr($page, $posc, $pose - $posc)); $file = db_read(array('table' => 'file', 'col' => array('name', 'desc'), 'where' => '`id` = ' . $n)); if ($file) { $image = '<a href="/f/' . $n . '">' . $file['name'] . '</a>'; // maybe implement `desc` as abbr } else { $image = '{wrong file}'; } $pose++; } else { $image = '{broken file}'; $pose = $posc; } $page = substr($page, 0, $posb) . $image . substr($page, $pose); } return $page; }
} insert($t, $c = cell()); insert($c, anchor("displaysubnet.php?baseindex=" . $row["baseindex"], inet_ntoa($row["baseaddr"]))); $export->addCell(inet_ntoa($row["baseaddr"])); if ($row["subnetsize"] == 1) { insert($t, $c = cell()); insert($c, text(my_("Host"))); $export->addCell(my_("Host")); } else { insert($t, $c = cell()); insert($c, text($row["subnetsize"])); $export->addCell($row["subnetsize"]); } insert($t, $c = cell()); insert($c, text(inet_ntoa(inet_aton(ALLNETS) + 1 - $row["subnetsize"]) . "/" . inet_bits($row["subnetsize"]))); $export->addCell(inet_ntoa(inet_aton(ALLNETS) + 1 - $row["subnetsize"]) . "/" . inet_bits($row["subnetsize"])); insert($t, $c = cell()); insert($c, text($row["descrip"])); $export->addCell($row["descrip"]); insert($t, $c = cell()); insert($c, block("<small>")); insert($c, block($result->UserTimeStamp($row["lastmod"], "M d Y H:i:s"))); insert($c, block("</small>")); $export->addCell($row["lastmod"]); insert($t, $c = cell()); insert($c, text($row["userid"])); $export->addCell($row["userid"]); if (REGENABLED) { insert($t, $c = cell()); insert($c, block("<small>")); insert($c, block($result->UserTimeStamp($row["swipmod"], "M d Y H:i:s")));
$end = inet_ntoa($row["rangeaddr"] + $row["rangesize"] - 1); $site = " (" . $row["descrip"] . ")"; } else { if ($ipaddr) { $start = completeIP($ipaddr, 1); $end = completeIP($ipaddr, 2); if (testIP($start) or testIP($end)) { myError($w, $p, my_("Invalid IP address!")); } } else { $start = DEFAULTROUTE; $end = ALLNETS; } } $startnum = inet_aton($start); $endnum = inet_aton($end); $custdescrip = $ds->GetCustomerDescrip($cust); if ($areaindex and !$rangeindex) { insert($w, heading(3, sprintf(my_("Search for IP subnets between multiple ranges for customer '%s'"), $custdescrip))); $result = $ds->GetBaseFromArea($areaindex, $descrip, $cust); } else { insert($w, heading(3, sprintf(my_("Search for IP subnets between %s and %s %s for customer '%s'"), $start, $end, $site, $custdescrip))); $result = $ds->GetBase($startnum, $endnum, $descrip, $cust); } if ($ipaddr) { insert($w, textb(my_("IP address filter: "))); insert($w, textbr($ipaddr)); } if ($descrip) { insert($w, textb(my_("Description filter: "))); insert($w, textbr($descrip));
function do_poll($filename, $cust) { // If the -time parameter exists, get the start time global $timestamp, $starttime, $hostnames, $audit; if ($timestamp == TRUE) { $starttime = date("F j, Y, g:i:s a"); } $ds = open_dbf(); $handle = fopen($filename, "r"); while (!feof($handle)) { $buffer = chop(fgets($handle, 256)); // skip empty lines if (empty($buffer)) { continue; } // We break up the $both variable passed back which ends up with the $ret value // in $hosts1 and the $myhosts value in $names $hosts = NmapScan($buffer); // got an error? if (empty($hosts)) { continue; } // each nmap run is a transaction - problem with scan an entire transaction // is dumped if (DBF_TRANSACTIONS) { $ds->BeginTrans(); } // now loop through each address polled foreach ($hosts as $key => $hname) { $ipaddr = inet_aton($key); // find the subnet the address belongs to $result = $ds->Execute("SELECT baseindex\n FROM base\n WHERE {$ipaddr} BETWEEN baseaddr AND\n baseaddr+subnetsize-1 AND\n customer={$cust}"); // got a subnet, now try to update. if update fails, insert a new empty record if ($row = $result->FetchRow()) { $baseindex = $row["baseindex"]; if ($hostnames) { $result = $ds->Execute("UPDATE ipaddr\n SET lastpol=" . $ds->DBTimeStamp(time()) . ", hname=" . $ds->qstr($hname) . "\n WHERE baseindex={$baseindex} AND\n ipaddr={$ipaddr}"); } else { $result = $ds->Execute("UPDATE ipaddr\n SET lastpol=" . $ds->DBTimeStamp(time()) . "\n WHERE baseindex={$baseindex} AND\n ipaddr={$ipaddr}"); } if ($ds->Affected_Rows() == 0) { $ds->Execute("INSERT INTO ipaddr\n (userinf, location, telno, descrip, hname,\n baseindex, ipaddr, lastmod, lastpol, userid)\n VALUES\n (" . $ds->qstr("") . ",\n " . $ds->qstr("") . ",\n " . $ds->qstr("") . ",\n " . $ds->qstr("Unknown - added by IPplan command line poller") . ",\n " . $ds->qstr($hname) . ",\n {$baseindex}, \n {$ipaddr},\n " . $ds->DBTimeStamp(time()) . ",\n " . $ds->DBTimeStamp(time()) . ",\n " . $ds->qstr("POLLER") . ")"); if ($audit) { $ds->Execute("INSERT INTO auditlog\n (action, userid, dt)\n VALUES\n (" . $ds->qstr(sprintf("User POLLER added ip record %s customer %u index %u", $key, $cust, $baseindex)) . ",\n " . $ds->qstr("POLLER") . ",\n " . $ds->DBTimeStamp(time()) . ")"); } } } else { echo "No IPplan subnet found for address {$key}\n"; } } // end foreach if (DBF_TRANSACTIONS) { $ds->CommitTrans(); } } // end of while loop for each file line fclose($handle); close_dbf($ds); // If the -time parameter exists, timestamp it when done if ($timestamp == TRUE) { echo "Started: {$starttime}"; echo "\n"; $today = date("F j, Y, g:i:s a"); echo "Finished: {$today}"; echo "\n"; } }
} } if ($arr[$i]["subnetsize"] == 1) { insert($t, $c = cell()); insert($c, text(my_("Host"))); } else { insert($t, $c = cell()); insert($c, text($arr[$i]["subnetsize"])); } insert($t, $c = cell()); insert($c, text(inet_ntoa(inet_aton(ALLNETS) + 1 - $arr[$i]["subnetsize"]) . "/" . inet_bits($arr[$i]["subnetsize"]))); insert($t, $c = cell()); $export->addRow(NULL); $export->addCell(inet_ntoa($arr[$i]['baseaddr'])); $export->addCell($arr[$i]['subnetsize']); $export->addCell(inet_ntoa(inet_aton(ALLNETS) + 1 - $arr[$i]['subnetsize']) . "/" . inet_bits($arr[$i]['subnetsize'])); // hack to make it more intuitive for ISP's if ($free) { insert($c, text(my_("Free/Unassigned space"))); } else { if ($arr[$i]["descrip"] == DUPWARN) { insert($c, span(my_("SPACE IS ASSIGNED OVER MULTIPLE CUSTOMERS/AS's"), array("class" => "textError"))); $export->addCell(my_("SPACE IS ASSIGNED OVER MULTIPLE CUSTOMERS/AS's")); } else { if ($arr[$i]["descrip"] == DUPWARNFREE) { insert($c, span(my_("SPACE IS ASSIGNED OVER MULTIPLE CUSTOMERS/AS's AND CONTAINS SPACE MARKED FREE"), array("class" => "textError"))); $export->addCell(my_("SPACE IS ASSIGNED OVER MULTIPLE CUSTOMERS/AS's AND CONTAINS SPACE MARKED FREE")); } else { insert($c, text($arr[$i]["descrip"])); $export->addCell($arr[$i]["descrip"]); }
function FetchBase($cust, $areaindex, $rangeindex) { // use local function variables as they may change $this->cust = $cust; $this->rangeindex = $rangeindex; $this->areaindex = $areaindex; // set start and end address according to netrange if ($this->rangeindex) { // should only return one row here! $result = $this->GetRange($this->cust, $this->rangeindex); $row = $result->FetchRow(); $this->start = inet_ntoa($row["rangeaddr"]); $this->end = inet_ntoa($row["rangeaddr"] + $row["rangesize"] - 1); $this->site = " (" . $row["descrip"] . ")"; } else { if ($this->ipaddr) { if ($this->subnetsize) { $this->start = $this->ipaddr; $this->end = inet_ntoa(inet_aton($this->ipaddr) + $this->subnetsize - 1); } else { $this->start = completeIP($this->ipaddr, 1); $this->end = completeIP($this->ipaddr, 2); } if (testIP($this->start) or testIP($this->end)) { $this->err = 50; // Invalid IP address! $this->errstr = my_("Invalid IP address!"); return FALSE; } } else { $this->start = DEFAULTROUTE; $this->end = ALLNETS; } } $startnum = inet_aton($this->start); $endnum = inet_aton($this->end); // pager could have made cust = 0 if ($this->cust == 0) { $this->custdescrip = "All"; } else { $this->custdescrip = $this->GetCustomerDescrip($this->cust); } if (strtolower($this->custdescrip) == "all") { $this->cust = 0; } if ($this->areaindex == -1) { // all subnets not part of an area $result = $this->GetBaseNoArea($this->descrip, $this->cust, $this->grps); } else { if ($this->areaindex and !$this->rangeindex) { $result = $this->GetBaseFromArea($this->areaindex, $this->descrip, $this->cust, $this->grps); } else { // search in subnet - finds subnets with exact ip address match // useful for finding from where an attack comes if you have IP if ($this->searchin == 0) { $result = $this->GetBase($startnum, $endnum, $this->descrip, $this->cust, $this->grps); } else { if ($this->cust == 0) { $result = $this->GetDuplicateSubnetAll($startnum, 1, $this->grps); } else { $result = $this->GetDuplicateSubnet($startnum, 1, $this->cust); } } } } return $result; }
function parseAddGroupBoundaryForm($w, $ds) { list($grp, $ipaddr, $size) = myRegister("S:grp S:ipaddr S:size"); // explicitly cast variables as security measure against SQL injection $formerror = ""; $size = floor($size); if ($_POST) { $base = inet_aton($ipaddr); // creating readonly group? if ($base == 0 and $size == 0) { if ($ds->ds->GetOne("SELECT count(*) AS cnt FROM bounds WHERE grp=" . $ds->ds->qstr($grp))) { $formerror .= my_("Boundary cannot be created - overlaps with existing boundary") . "\n"; } } else { if (!$ipaddr) { $formerror .= my_("Boundary address may not be blank") . "\n"; } else { if (testIP($ipaddr)) { $formerror .= my_("Invalid boundary address") . "\n"; } else { if (!$size) { $formerror .= my_("Size may not be zero") . "\n"; } else { if (TestDuplicateBounds($ds, $base, $size, $grp)) { $formerror .= my_("Boundary cannot be created - overlaps with existing boundary") . "\n"; } } } } if ($size > 1) { if (TestBaseAddr(inet_aton3($ipaddr), $size)) { $formerror .= my_("Invalid base address") . "\n"; } } } if (!$formerror) { $ds->DbfTransactionStart(); // the fact that the range is unique prevents the range // being added to more than one area! $result =& $ds->ds->Execute("INSERT INTO bounds\n (boundsaddr, boundssize, grp)\n VALUES\n ({$base}, {$size}, " . $ds->ds->qstr($grp) . ")"); if ($result) { $ds->DbfTransactionEnd(); insert($w, textbr(my_("Boundary created"))); insertEditGroupForm($w, $ds); } else { $formerror .= my_("Boundary could not be created") . "\n"; } } } return $formerror; }
// explicitly cast variables as security measure against SQL injection list($cust) = myRegister("I:cust"); $ds = new IPplanDbf() or die(my_("Could not connect to database")); // force file download due to bad mime type header("Content-Type: bad/type"); header("Content-Disposition: attachment; filename=base.txt"); header("Pragma: no-cache"); header("Expires: 0"); $startnum = inet_aton(DEFAULTROUTE); $endnum = inet_aton(ALLNETS); // if a specific network template exists, use that, else use generic template $template = new IPplanIPTemplate("basetemplate", $cust); $err = $template->is_error(); $result = $ds->GetBase($startnum, $endnum, '', $cust); while ($row = $result->FetchRow()) { echo inet_ntoa($row["baseaddr"]) . FIELDS_TERMINATED_BY . $row["descrip"] . FIELDS_TERMINATED_BY . inet_ntoa(inet_aton(ALLNETS) + 1 - $row["subnetsize"]) . FIELDS_TERMINATED_BY; if (!$err) { $result_template =& $ds->ds->Execute("SELECT info, infobin\n FROM baseadd\n WHERE baseindex=" . $row["baseindex"]); if ($rowadd = $result_template->FetchRow()) { $template->Merge($template->decode($rowadd["info"])); foreach ($template->userfld as $arr) { $tmpfield = csv_escape($arr["value"]); echo FIELDS_TERMINATED_BY . $arr["value"]; } } } echo "\n"; } // wrap any multiline string with quotes // this function only works with php 5 and above function csv_escape($str)
insert($fdel, hidden(array("name" => "baseindex", "value" => "{$baseindex}"))); insert($fdel, hidden(array("name" => "ip", "value" => "{$ip}"))); insert($fdel, hidden(array("name" => "subnetsize", "value" => "{$subnetsize}"))); insert($fdel, hidden(array("name" => "action", "value" => "delete"))); insert($fdel, hidden(array("name" => "block", "value" => "{$block}"))); insert($fdel, hidden(array("name" => "search", "value" => "{$search}"))); insert($fdel, hidden(array("name" => "expr", "value" => "{$expr}"))); insert($fdel, hidden(array("name" => "md5str", "value" => "{$md5str}"))); insert($fdel, hidden(array("name" => "close", "value" => "{$close}"))); insert($fdel, submit(array("value" => my_("Delete record")))); insert($fdel, text(my_("WARNING: Deleting an entry does not preserve the last modified information as the record is completely removed from the database to conserve space. "))); if (is_array($files)) { myError($fdel, $p, my_("Deleting this record will delete all associated uploaded files!") . "\n", FALSE); } // end of delete form // dummy form for "follow" function $settings = array("name" => "DUMMY", "method" => "get", "action" => "displaybase.php"); insert($w, $f = form($settings)); insert($f, hidden(array("name" => "ipaddr", "value" => $lnk))); insert($f, hidden(array("name" => "cust", "value" => $cust))); insert($f, hidden(array("name" => "searchin", "value" => "1"))); insert($f, hidden(array("name" => "jump", "value" => "1"))); // create the export view form $export = new exportForm(); $export->addRow(array("user", "location", "description", "hostname", "telephone", "mac_addr", "linked_addr")); $export->saveRow(); $export->addRow(array($userinf, $location, $descrip, $hname, $telno, $macaddr, $lnk)); $export->saveRow(); $export->setInfo(array(array("subnet_ID", "subnet_addr", "subnet_mask", "subnet_description", "ip_address"), array($baseindex, inet_ntoa($baseaddr), inet_ntoa(inet_aton(ALLNETS) + 1 - $subnetsize) . "/" . inet_bits($subnetsize), $netdescrip, $ip))); $export->createExportForm($w, $template); printhtml($p);