function validate_post_params($conn, $name, $descr, $sids, $imported_sids)
{
$vals = array('name' => array(OSS_INPUT, 'illegal:' . _("Name")), 'descr' => array(OSS_TEXT, OSS_NULLABLE, 'illegal:' . _("Description")));
ossim_valid($name, $vals['name']);
ossim_valid($descr, $vals['descr']);
$plugins = array();
$sids = is_array($sids) ? $sids : array();
if (intval(POST('pluginid')) > 0) {
$sids[POST('pluginid')] = "0";
}
foreach ($sids as $plugin => $sids_str) {
if ($sids_str !== '') {
list($valid, $data) = Plugin_sid::validate_sids_str($sids_str);
if (!$valid) {
ossim_set_error(_("Error for data source ") . $plugin . ': ' . $data);
break;
}
if ($sids_str == "ANY") {
$sids_str = "0";
} else {
$aux = count(explode(',', $sids_str));
$total = Plugin_sid::get_sidscount_by_id($conn, $plugin);
$sids_str = $aux == $total ? "0" : $sids_str;
}
$plugins[$plugin] = $sids_str;
}
}
if (!count($plugins) && !count($imported_sids)) {
ossim_set_error(_("No Data Sources or Event Types selected"));
}
if (ossim_error()) {
die(ossim_error());
}
return array($name, $descr, $plugins);
}
function delete_nfsen_source($data)
{
if (!Session::am_i_admin()) {
$return['error'] = TRUE;
$return['msg'] = _('Action not authorized');
return $return;
}
require_once '../sensor/nfsen_functions.php';
$sensor = $data['sensor'];
ossim_valid($sensor, OSS_ALPHA, 'illegal:' . _('Nfsen Source'));
if (ossim_error()) {
$info_error = _('Error') . ': ' . ossim_get_error();
ossim_clean_error();
$return['error'] = TRUE;
$return['msg'] = $info_error;
return $return;
}
$res = delete_nfsen($sensor);
if ($res['status'] == 'success') {
$return['error'] = FALSE;
$return['msg'] = _('Source deleted successfully');
//To forcer load variables in session again
unset($_SESSION['tab']);
} else {
$return['error'] = TRUE;
$return['msg'] = $res['data'];
}
return $return;
}
function server_get_servers($conn)
{
$name = GET('name');
ossim_valid($name, OSS_ALPHA, OSS_PUNC, OSS_SPACE, 'illegal:' . _("Server name"));
require_once 'ossim_conf.inc';
$ossim_conf = $GLOBALS["CONF"];
/* get the port and IP address of the server */
$address = $ossim_conf->get_conf("server_address");
$port = $ossim_conf->get_conf("server_port");
/* create socket */
$socket = socket_create(AF_INET, SOCK_STREAM, 0);
if ($socket < 0) {
echo _("socket_create() failed: reason: ") . socket_strerror($socket) . "\n";
}
$list = array();
$err = "";
/* connect */
$result = @socket_connect($socket, $address, $port);
if (!$result) {
$err = "<p><b>" . _("socket error") . "</b>: " . gettext("Is OSSIM server running at") . " {$address}:{$port}?</p>";
return array($list, $err);
}
/* first send a connect message to server */
$in = 'connect id="1" type="web"' . "\n";
$out = '';
socket_write($socket, $in, strlen($in));
$out = @socket_read($socket, 2048, PHP_NORMAL_READ);
if (strncmp($out, "ok id=", 4)) {
$err = "<p><b>" . gettext("Bad response from server") . "</b></p>";
$err .= "<p><b>" . _("socket error") . "</b>: " . gettext("Is OSSIM server running at") . " {$address}:{$port}?</p>";
return array($list, $err);
}
/* get servers from server */
if ($name != NULL) {
$in = 'server-get-servers id="2" servername="' . $name . '"' . "\n";
} else {
$in = 'server-get-servers id="2"' . "\n";
}
$out = '';
socket_write($socket, $in, strlen($in));
$pattern = '/server host="([^"]*)" servername="([^"]*)"/ ';
while ($out = socket_read($socket, 2048, PHP_NORMAL_READ)) {
if (preg_match($pattern, $out, $regs)) {
if (Session::hostAllowed($conn, $regs[1])) {
$s["host"] = $regs[1];
$s["servername"] = $regs[2];
//# This should be checked in the server TODO FIXME
if (!in_array($s, $list)) {
$list[] = $s;
}
}
} elseif (!strncmp($out, "ok id=", 4)) {
break;
}
}
socket_close($socket);
return array($list, $err);
}
function activate_account()
{
$data = POST('data');
$token = $data['token'];
ossim_valid($token, OSS_ALPHA, 'illegal:' . _("OTX auth-token"));
check_ossim_error();
$otx = new Otx();
$otx->register_token($token);
return array('msg' => _("Your OTX account has been connected. The OTX pulses that you have subscribed to will begin downloading shortly. This process may take a few minutes."), 'token' => $token, 'username' => $otx->get_username(), 'user_id' => $otx->get_user_id(), 'contributing' => TRUE, 'key_version' => $otx->get_key_version(), 'latest_update' => $otx->get_latest_update());
}
function retrieve_groups($num)
{
$g_list = array();
for ($i = 1; $i <= $num; $i++) {
$aux = explode("_", GET('group' . $i));
if (ossim_valid($aux[0], OSS_HEX, 'illegal:' . _("Group ID"))) {
$g_list[] = "'" . $aux[0] . "'";
}
}
return implode(',', $g_list);
}
function get_pulse_detail()
{
$data = POST('data');
ossim_valid($data['pulse_id'], OSS_HEX, 'illegal: Pulse ID');
if (ossim_error()) {
return array();
}
$otx = new Otx();
$pulse = $otx->get_pulse_detail($data['pulse_id']);
//Converting indicator hash to array to use it in the datatables.
$pulse['indicators'] = array_values($pulse['indicators']);
return $pulse;
}
function get_pulse_detail_from_id($conn)
{
$type = POST('type');
$pulse = POST('pulse');
$id = POST('id');
ossim_valid($type, 'alarm|event|alarm_event', 'illegal:' . _('Type'));
ossim_valid($pulse, OSS_HEX, 'illegal:' . _('Pulse'));
ossim_valid($id, OSS_HEX, 'illegal:' . _('ID'));
if (ossim_error()) {
Av_exception::throw_error(Av_exception::USER_ERROR, ossim_get_error_clean());
}
if ($type == 'alarm') {
$pulse = Alarm::get_pulse_data_from_alarm($conn, $id, $pulse, TRUE);
} elseif ($type == 'event') {
$pulse = Siem::get_pulse_data_from_event($conn, $id, $pulse, FALSE, TRUE);
} elseif ($type == 'alarm_event') {
$pulse = Siem::get_pulse_data_from_event($conn, $id, $pulse, TRUE, TRUE);
}
return array('name' => $pulse['name'], 'descr' => $pulse['descr'], 'iocs' => array_values($pulse['iocs']));
}
function modify_plugingroup_plugin($conn, $data)
{
$plugin_group = $data['plugin_group'];
$plugin_id = $data['plugin_id'];
$sids_str = $data['plugin_sids'];
ossim_valid($plugin_id, OSS_DIGIT, 'illegal:' . _("Plugin ID"));
ossim_valid($plugin_group, OSS_HEX, 'illegal:' . _("Plugin GroupID"));
if (ossim_error()) {
$info_error = "Error: " . ossim_get_error();
ossim_clean_error();
$return['error'] = true;
$return['msg'] = $info_error;
return $return;
}
$total_sel = 1;
if (is_array($sids_str)) {
$total_sel = count($sids_str);
$sids_str = implode(',', $sids_str);
}
if ($sids_str !== '') {
list($valid, $data) = Plugin_sid::validate_sids_str($sids_str);
if (!$valid) {
$return['error'] = true;
$return['msg'] = _("Error for data source ") . $plugin_id . ': ' . $data;
return $return;
}
if ($sids_str == "ANY") {
$sids_str = "0";
} else {
$total = Plugin_sid::get_sidscount_by_id($conn, $plugin_id);
$sids_str = $total_sel == $total ? "0" : $sids_str;
}
Plugin_group::edit_plugin($conn, $plugin_group, $plugin_id, $sids_str);
}
$return['error'] = false;
$return['output'] = '';
return $return;
}
function validate_post_params($conn, $name, $descr, $sids, $imported_sids, $group_id = NULL)
{
$vals = array('name' => array(OSS_INPUT, 'illegal:' . _("Name")), 'descr' => array(OSS_ALL, OSS_NULLABLE, 'illegal:' . _("Description")), 'group_id' => array(OSS_HEX, OSS_NULLABLE, 'illegal:' . _("Group ID")));
ossim_valid($group_id, $vals['group_id']);
ossim_valid($name, $vals['name']);
if (ossim_error() == FALSE && Plugin_group::is_valid_group_name($conn, $name, $group_id) == FALSE) {
$name = Util::htmlentities($name);
ossim_set_error(sprintf(_("DS group name '<strong>%s</strong>' already exists"), $name));
}
ossim_valid($descr, $vals['descr']);
$plugins = array();
$sids = is_array($sids) ? $sids : array();
$pluginid = intval(POST('pluginid'));
if ($pluginid > 0) {
$sids[$pluginid] = "0";
}
foreach ($sids as $plugin => $sids_str) {
if ($sids_str !== '') {
list($valid, $data) = Plugin_sid::validate_sids_str($sids_str);
if (!$valid) {
ossim_set_error(_("Error for data source ") . $plugin . ': ' . $data);
break;
}
if ($sids_str == "ANY") {
$sids_str = "0";
} else {
$aux = count(explode(',', $sids_str));
$total = Plugin_sid::get_sidscount_by_id($conn, $plugin);
$sids_str = $aux == $total ? "0" : $sids_str;
}
$plugins[$plugin] = $sids_str;
}
}
if (!count($plugins) && !count($imported_sids)) {
ossim_set_error(_("No Data Sources or Event Types selected"));
}
return array($group_id, $name, $descr, $plugins, ossim_error());
}
function modify_deploy_hosts($wizard, $data)
{
$os = $data['os'];
$hosts = $data['hosts'];
$username = $data['username'];
$password = $data['password'];
$domain = $data['domain'];
ossim_valid($os, "windows|linux", 'illegal:' . _('Deploy Option'));
ossim_valid($hosts, OSS_HEX, 'illegal:' . _('Host'));
ossim_valid($username, OSS_USER_2, 'illegal:' . _('Username'));
ossim_valid($password, OSS_PASSWORD, 'illegal:' . _('Password'));
ossim_valid($domain, OSS_NOECHARS, OSS_ALPHA, OSS_PUNC_EXT, OSS_NULLABLE, 'illegal:' . _('Domain'));
if (ossim_error()) {
$response['error'] = TRUE;
$response['msg'] = ossim_get_error();
ossim_clean_error();
return $response;
}
$domain = $os == 'windows' ? $domain : '';
//Encrypting password to save it in the object
$pass_c = Util::encrypt($password, Util::get_system_uuid());
//First we clean the deploy info stored in the object
$wizard->clean_step_data();
//Saving the info to achieve the deploy
$wizard->set_step_data('deploy_os', $os);
$wizard->set_step_data('deploy_username', $username);
$wizard->set_step_data('deploy_password', $pass_c);
$wizard->set_step_data('deploy_domain', $domain);
$wizard->set_step_data('deploy_hosts', $hosts);
//Setting the deploy step to 1 (Inicialized)
$wizard->set_step_data('deploy_step', 1);
//Saving wizard status
$wizard->save_status();
$response['error'] = FALSE;
return $response;
}
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
Session::logcheck("configuration-menu", "CorrelationDirectives");
$directive_id = GET('directive_id');
$file = GET('file');
$engine_id = GET('engine_id');
$rule = GET('rule');
$mode = GET('mode');
ossim_valid($directive_id, OSS_DIGIT, 'illegal:' . _("Directive ID"));
ossim_valid($file, OSS_ALPHA, OSS_DOT, OSS_SCORE, 'illegal:' . _("XML File"));
ossim_valid($engine_id, OSS_HEX, OSS_SCORE, 'illegal:' . _("Engine ID"));
ossim_valid($rule, OSS_DIGIT, '\\-', OSS_NULLABLE, 'illegal:' . _("Rule ID"));
ossim_valid($mode, OSS_ALPHA, OSS_NULLABLE, 'illegal:' . _("Mode"));
if (ossim_error()) {
die(ossim_error());
}
$directive_editor = new Directive_editor($engine_id);
$filepath = file_exists($directive_editor->engine_path . "/" . $file) ? $directive_editor->engine_path . "/" . $file : $directive_editor->main_path . "/" . $file;
if (preg_match("/^\\d+-\\d+-\\d+\$/", $rule)) {
if (GET('mode') == "delete") {
$dom = $directive_editor->get_xml($filepath, "DOMXML");
$direct = $directive_editor->getDirectiveFromXML($dom, $directive_id);
$tab_rules = $direct->rules;
$directive_editor->delrule($rule, &$tab_rules);
if (!$directive_editor->save_xml($filepath, $dom, "DOMXML")) {
echo "<!-- ERRORDELETE -->";
}
} elseif (GET('mode') == "copy") {
* MA 02110-1301 USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
****************************************************************************/
/**
* Class and Function List:
* Function list:
* Classes list:
*/
include "classes/Security.inc";
$param = GET('param');
ossim_valid($plugin_id, OSS_ALPHA, OSS_NULLABLE);
if (ossim_error()) {
die(ossim_error());
}
?>
<div style="
background-color:#17457c;
width:100%;
position:fixed;
height:2px;
left:0px;"></div>
<center>
<button style="width: 80px; margin-top:8px; cursor:pointer;"
id="cancel"
onclick="cancel()"
*
*/
require_once 'av_init.php';
Session::logcheck('configuration-menu', 'PolicyServers');
$db = new ossim_db();
$conn = $db->connect();
$id = GET('id');
$ip = GET('ip');
$sname = GET('name');
$update = intval(GET('update'));
$opensource = Session::is_pro() ? FALSE : TRUE;
$mssp = intval($conf->get_conf("alienvault_mssp"));
$local_id = $conf->get_conf("server_id");
ossim_valid($ip, OSS_IP_ADDR, OSS_NULLABLE, 'illegal:' . _('Server IP'));
ossim_valid($sname, OSS_ALPHA, OSS_PUNC, OSS_NULLABLE, 'illegal:' . _('Server Name'));
ossim_valid($id, OSS_HEX, OSS_NULLABLE, 'illegal:' . _('Server ID'));
if (ossim_error()) {
die(ossim_error());
}
$action = 'newserver.php';
$all_rservers = Server::get_server_hierarchy($conn, $id);
$error_forward = FALSE;
$can_i_modify_elem = TRUE;
if (!empty($id)) {
$server = Server::get_object($conn, $id);
$role_list = Role::get_list($conn, $id);
if (!empty($server) && !empty($role_list)) {
$role = $role_list[0];
$sname = $server->get_name();
$ip = $server->get_ip();
$port = $server->get_port();
$AllPlugins = "";
$NonDOS = "";
$DisableAll = "";
$saveplugins = "";
break;
case "POST":
foreach ($postParams as $pp) {
if (isset($_POST[$pp])) {
${$pp} = Util::htmlentities(mysql_real_escape_string(trim($_POST[$pp])), ENT_QUOTES);
} else {
${$pp} = "";
}
}
break;
}
ossim_valid($sid, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Sid"));
if (ossim_error()) {
die(_("Invalid Parameter Sid"));
}
if (isset($_POST['authorized_users'])) {
foreach ($_POST['authorized_users'] as $user) {
$users[] = Util::htmlentities(mysql_real_escape_string(trim($user)), ENT_QUOTES);
}
}
//if (!($uroles['profile'] || $uroles['admin'])) {
// echo "Access Denied!!!<br>";
// logAccess( $username . " : " . $_SERVER['SCRIPT_NAME'] . " : Unauthorized Access" );
// //require_once('footer.php');
// die();
//}
$db = new ossim_db();
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA 02110-1301 USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
Session::logcheck('environment-menu', 'PolicyHosts');
//CPE Types
$_cpe_types = array('os' => 'o', 'hardware' => 'h', 'software' => 'a');
$_cpe = GET('q');
$_cpe_type = GET('cpe_type');
ossim_valid($_cpe, OSS_NULLABLE, OSS_ALPHA, OSS_PUNC_EXT, 'illegal:' . _('CPE'));
ossim_valid($_cpe_type, 'os | software | hardware', 'illegal:' . _('CPE Type'));
if (ossim_error() || !array_key_exists($_cpe_type, $_cpe_types)) {
exit;
}
$db = new Ossim_db();
$conn = $db->connect();
$_cpe = escape_sql($_cpe, $conn);
$filters = array('where' => "`cpe` LIKE 'cpe:/" . $_cpe_types[$_cpe_type] . "%' AND `line` LIKE '%{$_cpe}%'", 'limit' => 20);
$software = new Software($conn, $filters);
$db->close();
foreach ($software->get_software() as $cpe_info) {
echo $cpe_info['cpe'] . '###' . $cpe_info['line'] . "\n";
}
/* End of file search_cpe.php */
Session::logcheck('configuration-menu', 'CorrelationCrossCorrelation');
$action = 'insert';
$url_form = 'newpluginref.php';
$button_text = Util::js_entities(_("Create rule"));
$plugin_id1 = REQUEST('plugin_id1');
$plugin_id2 = REQUEST('plugin_id2');
$plugin_sid1 = REQUEST('plugin_sid1');
$plugin_sid2 = REQUEST('plugin_sid2');
if ($plugin_id1 != '' || $plugin_id2 != '' || $plugin_sid1 != '' || $plugin_sid2 != '') {
$action = 'modify';
$url_form = 'modifypluginref.php';
$button_text = Util::js_entities(_('Save rule'));
ossim_valid($plugin_id1, OSS_DIGIT, 'illegal:' . _('Plugin ID1'));
ossim_valid($plugin_id2, OSS_DIGIT, 'illegal:' . _('Plugin ID2'));
ossim_valid($plugin_sid1, OSS_DIGIT, 'illegal:' . _('Plugin SID1'));
ossim_valid($plugin_sid2, OSS_DIGIT, 'illegal:' . _('Plugin SID2'));
if (ossim_error()) {
echo ossim_error();
exit;
}
}
$db = new ossim_db();
$conn = $db->connect();
$plugin_list = Plugin::get_list($conn, 'ORDER BY name', 0);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title><?php
echo _("Cross-Correlation");
?>
if (isset($_SESSION['_actions'])) {
$action_id = $_SESSION['_actions']['action_id'];
$action_type = $_SESSION['_actions']['action_type'];
$descr = $_SESSION['_actions']['descr'];
$name = $_SESSION['_actions']['name'];
$cond = $_SESSION['_actions']['cond'];
$on_risk = $_SESSION['_actions']['on_risk'];
$email_from = $_SESSION['_actions']['email_from'];
$email_to = $_SESSION['_actions']['email_to'];
$email_subject = $_SESSION['_actions']['email_subject'];
$email_message = $_SESSION['_actions']['email_message'];
$exec_command = $_SESSION['_actions']['exec_command'];
unset($_SESSION['_actions']);
} else {
$action_id = REQUEST('id');
ossim_valid($action_id, OSS_HEX, OSS_NULLABLE, 'illegal:' . _('Action ID'));
if (ossim_error()) {
die(ossim_error());
}
list($db, $conn) = Ossim_db::get_conn_db();
$action_list = Action::get_list($conn, " AND id = UNHEX('{$action_id}')");
if (is_array($action_list)) {
$action = $action_list[0];
}
if (!is_null($action)) {
$action_type = $action->get_action_type();
$ctx = $action->get_ctx();
$cond = Util::htmlentities($action->get_cond());
$on_risk = $action->is_on_risk();
$name = $action->get_name();
if (REQUEST('descr')) {
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; version 2 dated June, 1991.
* You may not use, modify or distribute this program under any other version
* of the GNU General Public License.
*
* This package is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this package; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA 02110-1301 USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
Session::logcheck("analysis-menu", "EventsForensics");
$rname = GET('name');
ossim_valid($rname, OSS_ALPHA, OSS_SPACE, 'illegal:' . _("Report Name"));
if (ossim_error()) {
die(ossim_error());
}
$pdfReport = new Pdf_report($rname, "P");
$pdfReport->getPdf();
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA 02110-1301 USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
//Config File
require_once dirname(__FILE__) . '/../../../config.inc';
session_write_close();
$system_id = POST('system_id');
$confirm = intval(POST('confirm'));
ossim_valid($system_id, OSS_UUID, 'illegal:' . _('System ID'));
if (ossim_error()) {
$data['status'] = 'error';
$data['data'] = ossim_get_error();
} else {
//Getting system status
$local_id = strtolower(Util::get_system_uuid());
try {
$db = new ossim_db();
$conn = $db->connect();
$ha_enabled = Av_center::is_ha_enabled($conn, $system_id);
$db->close();
} catch (Exception $e) {
$db->close();
$data['status'] = 'error';
$data['data'] = $e->getMessage();
$order = Policy::get_next_order($conn, $ctx, $group);
}
$newid = Policy::insert($conn, $ctx, $priority, $active, $group, $order, $tzone, $b_month, $b_month_day, $b_week_day, $b_hour, $b_minute, $e_month, $e_month_day, $e_week_day, $e_hour, $e_minute, $descr, $source_ips, $source_host_groups, $dest_ips, $dest_host_groups, $source_nets, $source_net_groups, $dest_nets, $dest_net_groups, $portsrc, $portdst, $plug_groups, $sensors, $target, $taxonomy, $reputation, $event_conds, $idm, $correlate, $cross_correlate, $store, $rep, $qualify, $resend_alarms, $resend_events, $frw_conds, $sign, $sem, $sim);
// Actions
if (!empty($newid) && count($policy_action) > 0) {
foreach ($policy_action as $action_id) {
Policy_action::insert($conn, $action_id, $newid);
}
}
break;
case 'edit':
$id = POST('policy_id');
if (!Policy::is_visible($conn, $id)) {
die(ossim_error(_("You do not have permission to edit this policy")));
}
ossim_valid($id, OSS_HEX, 'illegal:' . _("Policy ID"));
if (ossim_error()) {
die(ossim_error());
}
Policy::update($conn, $id, $ctx, $priority, $active, $group, $order, $tzone, $b_month, $b_month_day, $b_week_day, $b_hour, $b_minute, $e_month, $e_month_day, $e_week_day, $e_hour, $e_minute, $descr, $source_ips, $source_host_groups, $dest_ips, $dest_host_groups, $source_nets, $source_net_groups, $dest_nets, $dest_net_groups, $portsrc, $portdst, $plug_groups, $sensors, $target, $taxonomy, $reputation, $event_conds, $idm, $correlate, $cross_correlate, $store, $rep, $qualify, $resend_alarms, $resend_events, $frw_conds, $sign, $sem, $sim);
// Actions
if (count($policy_action) > 0) {
Policy_action::delete($conn, $id);
foreach ($policy_action as $action_id) {
Policy_action::insert($conn, $action_id, $id);
}
}
break;
case 'clone':
$order = Policy::get_next_order($conn, $ctx, $group);
$newid = Policy::insert($conn, $ctx, $priority, $active, $group, $order, $tzone, $b_month, $b_month_day, $b_week_day, $b_hour, $b_minute, $e_month, $e_month_day, $e_week_day, $e_hour, $e_minute, $descr, $source_ips, $source_host_groups, $dest_ips, $dest_host_groups, $source_nets, $source_net_groups, $dest_nets, $dest_net_groups, $portsrc, $portdst, $plug_groups, $sensors, $target, $taxonomy, $reputation, $event_conds, $idm, $correlate, $cross_correlate, $store, $rep, $qualify, $resend_alarms, $resend_events, $frw_conds, $sign, $sem, $sim);
* MA 02110-1301 USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
Session::logcheck("environment-menu", "ReportsWireless");
require_once 'Wireless.inc';
$sensor = GET('sensor');
$file = str_replace("../", "", GET('file'));
ossim_valid($sensor, OSS_IP_ADDR, 'illegal: sensor');
ossim_valid($file, OSS_TEXT, 'illegal: file');
if (ossim_error()) {
die(ossim_error());
}
# sensor list with perms
require_once 'ossim_db.inc';
$db = new ossim_db();
$conn = $db->connect();
if (!validate_sensor_perms($conn, $sensor, ", sensor_properties WHERE sensor.id=sensor_properties.sensor_id AND sensor_properties.has_kismet=1")) {
echo ossim_error($_SESSION["_user"] . " have not privileges for {$sensor}");
$db->close();
exit;
}
$db->close();
#
$path = "/var/ossim/kismet/parsed/{$sensor}/{$file}";
}
/*
if ($order == 'ip')
{
$order = "host_ip.ip";
}
*/
$torder = !strcasecmp($torder, 'asc') ? 'asc' : 'desc';
ossim_valid($group_id, OSS_HEX, 'illegal: ' . _('Net or Group ID'));
ossim_valid($asset_type, OSS_ALPHA, 'illegal: ' . _('Asset Type'));
ossim_valid($maxrows, OSS_DIGIT, 'illegal: ' . _('Maxrows Param'));
ossim_valid($search_str, OSS_INPUT, OSS_NULLABLE, 'illegal: ' . _('Search String'));
ossim_valid($from, OSS_DIGIT, 'illegal: ' . _('From Param'));
ossim_valid($order, OSS_ALPHA, OSS_DOT, OSS_SCORE, 'illegal: ' . _('Order Param'));
ossim_valid($torder, OSS_ALPHA, 'illegal: ' . _('tOrder Param'));
ossim_valid($sec, OSS_DIGIT, 'illegal: ' . _('sec Param'));
if (ossim_error()) {
$response['sEcho'] = intval($sec);
$response['iTotalRecords'] = 0;
$response['iTotalDisplayRecords'] = 0;
$response['aaData'] = array();
echo json_encode($response);
exit;
}
$db = new ossim_db();
$conn = $db->connect();
$filters = array('limit' => "{$from}, {$maxrows}", 'order_by' => "{$order} {$torder}");
if ($search_str != '') {
$filters['where'] = 'hostname LIKE "%' . $search_str . '%"';
}
// Get object from session
$tip_target[] = $target;
}
} else {
if (preg_match("/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}(\\/\\d{1,2})?\$/", $target)) {
$tip_target[] = $target;
} else {
list($asset_id, $ip_target) = explode("#", $target);
ossim_set_error(FALSE);
ossim_valid($asset_id, OSS_HEX, OSS_NULLABLE, 'illegal: Asset id');
// asset id
if (ossim_error()) {
$target_error = FALSE;
$validation_errors[] = _('Invalid asset id') . ': ' . $asset_id;
}
ossim_set_error(FALSE);
ossim_valid($ip_target, OSS_NULLABLE, OSS_DIGIT, OSS_SPACE, OSS_SCORE, OSS_ALPHA, OSS_PUNC, '\\.\\,\\/\\!', 'illegal:' . _("Target"));
if (ossim_error()) {
$target_error = FALSE;
$validation_errors[] = _('Invalid target') . ': ' . $ip_target;
}
if (!$target_error) {
$tip_target[] = str_replace('!', '', $target);
}
}
}
}
$ip_list = $tip_target;
// validated targets
if (count($tip_target) == 0) {
$validation_errors[] = _('Invalid Targets');
}
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA 02110-1301 USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
Session::logcheck("analysis-menu", "IncidentsIncidents");
$id = GET('id');
$incident_id = GET('incident_id');
ossim_valid($id, OSS_DIGIT, 'illegal:' . _("Id"));
ossim_valid($incident_id, OSS_DIGIT, 'illegal:' . _("Incident Id"));
if (ossim_error()) {
die(ossim_error());
}
/* database connect */
$db = new ossim_db();
$conn = $db->connect();
list($output_name, $content) = Incident::get_custom_content($conn, $id, $incident_id);
$conn->disconnect();
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private", false);
header("Content-Type: application/octet-stream");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . strlen($content));
function import_assets_from_csv($filename, $iic, $ctx, $import_type)
{
//Process status
$summary = array('general' => array('status' => '', 'data' => '', 'statistics' => array('total' => 0, 'warnings' => 0, 'errors' => 0, 'saved' => 0)), 'by_nets' => array());
$db = new ossim_db();
$conn = $db->connect();
$str_data = file_get_contents($filename);
if ($str_data === FALSE) {
$summary['general']['status'] = 'error';
$summary['general']['data']['errors'] = _('Failed to read data from CSV file');
$summary['general']['statistics']['errors'] = 1;
return $summary;
}
$array_data = preg_split('/\\n|\\r/', $str_data);
foreach ($array_data as $k => $v) {
if (trim($v) != '') {
$data[] = explode('";"', trim($v));
}
}
set_time_limit(360);
/*********************************************************************************************************************
* From net section:
* - Version 4.x.x: "Netname"*;"CIDRs(CIDR1,CIDR2,...)"*;"Description";"Asset value"*;"Net ID"
* - Version 3.x.x: "Netname"*;"CIDRs(CIDR1,CIDR2,...)"*;"Description";"Asset value";"Sensors(Sensor1,Sensor2,...)"*
*
* From welcome wizard:
* - Version 4.x.x: "Netname"*;"CIDRs(CIDR1,CIDR2,...)"*;"Description"
*
*********************************************************************************************************************/
//Check file size
if (count($data) <= 0 || count($data) == 1 && preg_match('/Netname/', $data[0][0])) {
$summary['general']['status'] = 'error';
$summary['general']['data'] = _('CSV file is empty');
$summary['general']['statistics']['errors'] = 1;
return $summary;
}
//Check importation type and headers
$csv_headers = array();
if ($import_type == 'networks') {
if (preg_match('/Net ID/', $data[0][4]) || preg_match('/Sensors/', $data[0][4])) {
$csv_headers = array_shift($data);
} else {
$summary['general']['status'] = 'error';
$summary['general']['data'] = _('Headers not found');
$summary['general']['statistics']['errors'] = 1;
return $summary;
}
}
//Setting total nets to import
$summary['general']['statistics']['total'] = count($data);
//Allowed sensors
$filters = array('where' => "acl_sensors.entity_id = UNHEX('{$ctx}')");
$a_sensors = Av_sensor::get_basic_list($conn, $filters);
$sensor_ids = array_keys($a_sensors);
if (count($sensor_ids) == 0) {
$summary['general']['status'] = 'error';
$s_error_msg = Session::is_pro() ? _('There is no sensor for this context') : _('There is no sensor for this net');
$summary['general']['data'] = $s_error_msg;
$summary['general']['statistics']['errors'] = 1;
return $summary;
}
Util::disable_perm_triggers($conn, TRUE);
foreach ($data as $k => $v) {
//Clean previous errors
ossim_clean_error();
$num_line = $k + 1;
//Set default status
$summary['by_nets'][$num_line]['status'] = 'error';
//Check file format
$cnd_1 = $import_type == 'networks' && count($v) < 5;
$cnd_2 = $import_type == 'welcome_wizard_nets' && count($v) < 3;
if ($cnd_1 || $cnd_2) {
$summary['by_nets'][$num_line]['errors']['Format'] = _('Number of fields is incorrect');
$summary['general']['statistics']['errors']++;
continue;
}
//Clean values
$param = array();
foreach ($v as $field) {
$parameter = trim($field);
$pattern = '/^\\"|\\"$|^\'|\'$/';
$param[] = preg_replace($pattern, '', $parameter);
}
//Values
$is_in_db = FALSE;
$net_id = '';
$name = $param[0];
$cidrs = preg_replace("/[\n\r\t]+/", '', $param[1]);
$descr = $param[2];
$asset_value = $param[3] == '' ? 2 : intval($param[3]);
$sensors = $sensor_ids;
//Permissions
$can_i_create_assets = Session::can_i_create_assets();
$can_i_modify_ips = TRUE;
//CIDRs
if (!ossim_valid($cidrs, OSS_IP_CIDR, 'illegal:' . _('CIDR'))) {
$summary['by_nets'][$num_line]['errors']['CIDRs'] = ossim_get_error_clean();
$summary['general']['statistics']['errors']++;
continue;
}
//Check Net ID �Is there a net registered in the System?
$net_ids = Asset_net::get_id_by_ips($conn, $cidrs, $ctx);
$net_id = key($net_ids);
if (!empty($net_id)) {
$is_in_db = TRUE;
} else {
$net_id = Util::uuid();
}
// Special case: Forced Net ID [Version 4.x.x]
if ($import_type == 'networks' && preg_match('/Net ID/', $csv_headers[4])) {
$csv_net_id = strtoupper($param[4]);
if ($is_in_db == TRUE && $csv_net_id != $net_id) {
$id_error_msg = _('Net is already registered in the System with another Net ID');
$summary['by_nets'][$num_line]['errors']['Net'] = $id_error_msg;
$summary['general']['statistics']['errors']++;
continue;
}
}
//Netname
if (!empty($iic)) {
$name = clean_iic($name);
}
if (!ossim_valid($name, OSS_NOECHARS, OSS_NET_NAME, 'illegal:' . _('Netname'))) {
ossim_clean_error();
$name = clean_iic($name);
$name = clean_echars($name);
$warning_msg = _('Netname has invalid characters') . '<br/>' . _('Netname will be replaced by') . ": <strong>{$name}</strong>";
$summary['by_nets'][$num_line]['warnings']['Netname'] = $warning_msg;
$summary['by_nets'][$num_line]['status'] = 'warning';
$summary['general']['statistics']['warnings']++;
if (!ossim_valid($name, OSS_NOECHARS, OSS_NET_NAME, 'illegal:' . _('Netname'))) {
unset($summary['by_nets'][$num_line]['warnings']);
$summary['general']['statistics']['warnings']--;
$summary['by_nets'][$num_line]['status'] = 'error';
$summary['by_nets'][$num_line]['errors']['Netname'] = ossim_get_error_clean();
$summary['general']['statistics']['errors']++;
continue;
}
}
//Description
if (!ossim_valid($descr, OSS_NULLABLE, OSS_AT, OSS_TEXT, '\\t', 'illegal:' . _('Description'))) {
$summary['by_nets'][$num_line]['errors']['Description'] = ossim_get_error_clean();
$summary['general']['statistics']['errors']++;
continue;
} else {
if (mb_detect_encoding($descr . ' ', 'UTF-8,ISO-8859-1') == 'UTF-8') {
$descr = mb_convert_encoding($descr, 'HTML-ENTITIES', 'UTF-8');
}
}
//Sensor
if ($is_in_db == FALSE) {
//Only update net sensors with unregistered nets
if ($import_type == 'networks' && preg_match('/Sensors/', $csv_headers[4])) {
//Special case: Sensors in CSV file //[Version 3.x.x]
$sensors = array();
$_sensors = explode(',', $param[4]);
if (is_array($_sensors) && !empty($_sensors)) {
$_sensors = array_flip($_sensors);
if (is_array($a_sensors) && !empty($a_sensors)) {
foreach ($a_sensors as $s_id => $s_data) {
if (array_key_exists($s_data['ip'], $_sensors)) {
$sensors[] = $s_id;
}
}
}
}
if (!is_array($sensors) || empty($sensors)) {
$s_error_msg = Session::is_pro() ? _('There is no sensors for this context') : _('There is no sensors for this IP');
$summary['by_nets'][$num_line]['errors']['Sensors'] = $s_error_msg;
$summary['general']['statistics']['errors']++;
continue;
}
}
}
/***********************************************************
********** Only for importation from net section **********
***********************************************************/
if ($import_type == 'networks') {
//Asset
if (!ossim_valid($asset_value, OSS_DIGIT, 'illegal:' . _('Asset value'))) {
$summary['by_nets'][$num_line]['errors']['Asset value'] = ossim_get_error_clean();
$summary['general']['statistics']['errors']++;
continue;
}
}
//Insert/Update net in database
if (count($summary['by_nets'][$num_line]['errors']) == 0) {
try {
$net = new Asset_net($net_id);
if ($is_in_db == TRUE) {
$net->load_from_db($conn, $net_id);
$can_i_modify_ips = Asset_net::can_i_modify_ips($conn, $net_id);
} else {
if ($can_i_create_assets == FALSE) {
$n_error_msg = _('Net') . ' ' . $name . ' ' . _("not allowed. You don't have permissions to import this net");
$summary['by_nets'][$num_line]['errors']['Net'] = $n_error_msg;
$summary['general']['statistics']['errors']++;
continue;
}
}
//Check CIDRs
if ($can_i_modify_ips == TRUE) {
$aux_cidr = explode(',', $cidrs);
foreach ($aux_cidr as $cidr) {
$net_ids = Asset_net::get_id_by_ips($conn, $cidr, $ctx);
unset($net_ids[$net_id]);
if (!empty($net_ids)) {
$c_error_msg = _('CIDR') . ' ' . $cidrs . ' ' . _("not allowed. CIDR {$cidr} already exists for this entity");
$summary['by_nets'][$num_line]['errors']['CIDRs'] = $c_error_msg;
$summary['general']['statistics']['errors']++;
break;
} else {
if (Session::get_net_where() != '') {
if (!Asset_net::is_cidr_in_my_nets($conn, $cidr, $ctx)) {
$c_error_msg = _('CIDR') . ' ' . $cidrs . ' ' . _("not allowed. CIDR {$cidr} out of range. Check your asset filter");
$summary['by_nets'][$num_line]['errors']['CIDRs'] = $c_error_msg;
$summary['general']['statistics']['errors']++;
break;
}
}
}
}
} else {
$c_error_msg = _('Net') . ' ' . $name . ': ' . _("CIDRs not allowed. CIDRs wasn't be modified");
$summary['by_nets'][$num_line]['status'] = 'warning';
$summary['general']['warnings']['errors']++;
$summary['by_nets'][$num_line]['warnings']['CIDRs'] = $c_error_msg;
}
//Setting new values
if (count($summary['by_nets'][$num_line]['errors']) == 0) {
$net->set_ctx($ctx);
$net->set_name($name);
$net->set_descr($descr);
if ($is_in_db == FALSE) {
if ($can_i_modify_ips == TRUE) {
$net->set_ips($cidrs);
}
$net->set_sensors($sensors);
}
$net->set_asset_value($asset_value);
$net->save_in_db($conn, FALSE);
$summary['general']['statistics']['saved']++;
$summary['by_nets'][$num_line]['data'] = $is_in_db == TRUE ? _('Net updated') : _('New new inserted');
//Keep warnings
if ($summary['by_nets'][$num_line]['status'] != 'warning') {
$summary['by_nets'][$num_line]['status'] = 'success';
}
}
} catch (Exception $e) {
$summary['by_nets'][$num_line]['errors']['Database error'] = $e->getMessage();
$summary['general']['statistics']['errors']++;
}
}
}
if ($summary['general']['statistics']['saved'] > 0) {
if ($summary['general']['statistics']['errors'] == 0) {
$summary['general']['status'] = 'success';
$summary['general']['data'] = _('All nets have been imported successfully');
} else {
$summary['general']['status'] = 'warning';
$summary['general']['data'] = _('Some nets could not be imported successfully');
}
Util::disable_perm_triggers($conn, FALSE);
try {
Asset_net::report_changes($conn, 'nets');
} catch (Exception $e) {
error_log($e->getMessage(), 0);
}
} else {
$summary['general']['statistics']['errors'] = count($data);
//CSV file is not empty, but all lines are wrong
if (empty($summary['general']['status'])) {
$summary['general']['status'] = 'error';
$summary['general']['data'] = _('Nets could not be imported');
}
}
$db->close();
return $summary;
}
//Type of widget: chart, tag_cloud, etc.
$winfo['asset'] = GET("asset");
//Assets implicated in the widget
$chart_info = unserialize(GET("value"));
//Params of the widget representation, this is: type of chart, legend params, etc.
} else {
//Getting the widget's info from DB
$winfo = get_widget_data($conn, $id);
//Check it out in widget_common.php
$chart_info = $winfo['params'];
//Params of the widget representation, this is: type of chart, legend params, etc.
}
//Validation
ossim_valid($winfo['wtype'], OSS_TEXT, 'illegal:' . _("Type"));
ossim_valid($winfo['height'], OSS_DIGIT, 'illegal:' . _("Widget ID"));
ossim_valid($winfo['asset'], OSS_HEX, OSS_SCORE, OSS_ALPHA, OSS_USER, 'illegal:' . _("Asset/User/Entity"));
if (is_array($chart_info) && !empty($chart_info)) {
$validation = get_array_validation();
foreach ($chart_info as $key => $val) {
if ($validation[$key] == '') {
continue;
}
eval("ossim_valid(\"\$val\", " . $validation[$key] . ", 'illegal:" . _($key) . "');");
}
}
if (ossim_error()) {
die(ossim_error());
}
//End of validation.
$assets_filters = array();
$assets_filters = get_asset_filters($conn, $winfo['asset']);
$conn = $db->connect();
$conf = $GLOBALS['CONF'];
$rrdtool_bin = $conf->get_conf('rrdtool_path') . '/rrdtool';
set_error_handler('mydie');
$id = GET('id');
$what = GET('what');
$type = GET('type');
$start = GET('start');
$end = GET('end');
$zoom = GET('zoom') ? GET('zoom') : 1;
ossim_valid($id, OSS_LETTER, OSS_DIGIT, OSS_DOT, OSS_SCORE, 'illegal:' . _('ID'));
ossim_valid($start, OSS_LETTER, OSS_DIGIT, OSS_SCORE, 'illegal:' . _('Start param'));
ossim_valid($end, OSS_LETTER, OSS_DIGIT, OSS_SCORE, 'illegal:' . _('End param'));
ossim_valid($zoom, OSS_DIGIT, OSS_DOT, 'illegal:' . _('Zoom parameter'));
ossim_valid($what, OSS_ALPHA, OSS_SCORE, 'illegal:' . _('What'));
ossim_valid($type, OSS_ALPHA, 'illegal:' . _('Type'));
if (ossim_error()) {
mydie(strip_tags(ossim_get_error_clean()));
}
//
// params validations
//
if ($what != 'eps') {
mydie(sprintf(_("Invalid param '%s' with value '%s'"), 'what', $what));
}
if ($type != 'eps') {
mydie(sprintf(_("Invalid param '%s' with value '%s'"), 'type', $type));
}
// Where to find the RRD file
$rrdpath = "/var/lib/ossim/rrd/event_stats/";
//
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
require_once 'os_report_common.php';
Session::logcheck('report-menu', 'ReportsReportServer');
$action = POST('action');
$data = POST('data');
if ($action == 'check_file') {
$data = explode('###', base64_decode($data));
$report_name = trim($data[0]);
$filename = trim($data[1]);
ossim_valid($report_name, OSS_SCORE, OSS_NULLABLE, OSS_ALPHA, OSS_PUNC, 'illegal:' . _('Report name'));
if (ossim_error()) {
echo 'error###' . ossim_get_error_clean();
exit;
}
// Init PDF Report
$pdfReport = new Pdf_report($report_name, 'P', 'A4', NULL, FALSE);
if (isset($filename) && !empty($filename)) {
ossim_valid($filename, OSS_FILENAME, 'illegal:' . _('Filename'));
//Get complete path
$path = $pdfReport->getpath() . $filename;
$res = !ossim_error() && file_exists($path) ? 1 : _('Unable to access to PDF Report');
echo $res;
}
} elseif ($action == 'check_email') {
ossim_valid($data, OSS_MAIL_ADDR, 'illegal:' . _('Email address'));
$res = !ossim_error() ? 1 : ossim_get_error_clean();
echo $res;
}
}
/*
*
* <------------------------ END OF THE FUNCTIONS ------------------------>
*
*/
/*
*
* <------------------------- BODY OF THE SCRIPT ------------------------->
*
*/
$action = POST("action");
//Action to perform.
$data = POST("data");
//Data related to the action.
ossim_valid($action, OSS_INPUT, 'illegal:' . _("Action"));
if (ossim_error()) {
$response['error'] = TRUE;
$response['msg'] = ossim_get_error();
ossim_clean_error();
echo json_encode($response);
die;
}
//Default values for the response.
$response['error'] = TRUE;
$response['msg'] = _('Error when processing the request');
//checking if it is an ajax request
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
//Checking token
if (!Token::verify('tk_welcome_wizard', GET('token'))) {
$response['error'] = TRUE;
$icon = str_replace("url_slash", "/", $icon);
$icon = str_replace("url_quest", "?", $icon);
$icon = str_replace("url_equal", "=", $icon);
$url = str_replace("url_slash", "/", $url);
$url = str_replace("url_quest", "?", $url);
$url = str_replace("url_equal", "=", $url);
ossim_valid($map, OSS_HEX, 'illegal:' . _('Map'));
ossim_valid($ri_id, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _('ID'));
ossim_valid($risk_positions, OSS_SCORE, OSS_NULLABLE, OSS_ALPHA, ";,.", 'illegal:' . _('Risk Indicator Positions'));
ossim_valid($url, OSS_NULLABLE, OSS_SCORE, OSS_ALPHA, OSS_SPACE, ";,.:\\/\\?=&()%&", 'illegal:' . _('URL'));
ossim_valid($name, OSS_NULLABLE, OSS_SCORE, OSS_ALPHA, OSS_SPACE, ";,.:\\/\\?=&()%&#", 'illegal:' . _('Name'));
ossim_valid($icon, OSS_NULLABLE, OSS_SCORE, OSS_ALPHA, OSS_SPACE, ";,.:\\/\\?=&()%&", 'illegal:' . _('Icon'));
ossim_valid($type, OSS_NULLABLE, OSS_SCORE, OSS_ALPHA, OSS_SPACE, ";,.:\\/\\?=&()%&", 'illegal:' . _('Asset Type'));
ossim_valid($type_name, OSS_NULLABLE, OSS_HEX, 'illegal:' . _('Asset ID'));
ossim_valid($iconbg, OSS_ALPHA, OSS_NULLABLE, 'illegal:' . _('Layout Background Color'));
ossim_valid($iconsize, OSS_DIGIT, "-", 'illegal:' . _('Icon Size'));
$path = explode("pixmaps", $icon);
if (count($path) > 1) {
$icon = "pixmaps" . $path[1];
}
if (ossim_error()) {
$data = array('status' => 'error', 'data' => ossim_get_error_clean());
echo json_encode($data);
exit;
}
//Clean bp_asset_member
$query = "DELETE FROM bp_asset_member WHERE member is NULL OR member = 0x0 OR type is NULL OR type =''";
$conn->Execute($query);
$indicators = array();
$delete_list = array();
$i_enable = array();
