* Script to confirm / reject IP address request ***********************************************/ /* functions */ require dirname(__FILE__) . '/../../../functions/functions.php'; # initialize user object $Database = new Database_PDO(); $User = new User($Database); $Admin = new Admin($Database, false); $Addresses = new Addresses($Database); $Subnets = new Subnets($Database); $Tools = new Tools($Database); $Result = new Result(); # verify that user is logged in $User->check_user_session(); # fetch request $request = $Admin->fetch_object("requests", "id", $_POST['requestId']); //fail if ($request === false) { $Result->show("danger", _("Request does not exist"), true, true); } else { $request = (array) $request; } # verify permissions if ($Subnets->check_permission($User->user, $request['subnetId']) != 3) { $Result->show("danger", _('You do not have permissions to process this request') . "!", true, true); } # set IP address # if provided (requested from logged in user) check if already in use, if it is warn and set next free # else get next free if (strlen($request['ip_addr']) > 0) { // check if it exists
*************************************************/ /* functions */ require dirname(__FILE__) . '/../../../functions/functions.php'; # initialize user object $Database = new Database_PDO(); $User = new User($Database); $Admin = new Admin($Database); $Result = new Result(); # verify that user is logged in $User->check_user_session(); # fetch group and set title if ($_POST['action'] == "add") { $title = _('Add new group'); } else { //fetch all group details $group = (array) $Admin->fetch_object("userGroups", "g_id", $_POST['id']); //false die $group !== false ?: $Result->show("danger", _("Invalid ID"), true, true); $title = ucwords($_POST['action']) . ' ' . _('group') . ' ' . $group['g_name']; } ?> <!-- header --> <div class="pHeader"><?php print $title; ?> </div> <!-- content --> <div class="pContent">
/** * Gets id of active user * * @access private * @return void */ private function get_active_user_id() { # cache if ($this->user_id === null) { # null $user_id = null; if (!isset($_SESSION['ipamusername'])) { // when API calls subnet_create we get: // Error: SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'cuser' cannot be null // so let's get a user_id if (array_key_exists("HTTP_PHPIPAM_TOKEN", $_SERVER)) { $admin = new Admin($this->Database, False); $token = $admin->fetch_object("users", "token", $_SERVER['HTTP_PHPIPAM_TOKEN']); if ($token === False) { $this->user_id = null; } else { $user_id = $token; } } else { $this->user_id = null; } } else { try { $user_id = $this->Database->getObjectQuery("select * from `users` where `username` = ? limit 1", array($_SESSION['ipamusername'])); } catch (Exception $e) { $this->Result->show("danger", _("Database error: ") . $e->getMessage()); } } # save id $this->user_id = $user_id->id; # save user $this->user = $user_id; } }
$Database = new Database_PDO(); $User = new User($Database); $Admin = new Admin($Database); $Tools = new Tools($Database); $Result = new Result(); # verify that user is logged in $User->check_user_session(); // checks if (!is_numeric($_POST['newDomainId'])) { $Result->show("danger", _("Invalid ID"), true); } if (!is_numeric($_POST['vlanId'])) { $Result->show("danger", _("Invalid ID"), true); } // verify that new exists $vlan_domain = $Admin->fetch_object("vlanDomains", "id", $_POST['newDomainId']); if ($vlan_domain === false) { $Result->show("danger", _("Invalid ID"), true); } //fetch vlan $vlan = $Admin->fetch_object("vlans", "vlanId", $_POST['vlanId']); if ($vlan === false) { $Result->show("danger", _("Invalid ID"), true); } // check that it is not already set ! if ($User->settings->vlanDuplicate == 0) { $check_vlan = $Admin->fetch_multiple_objects("vlans", "domainId", $vlan_domain->id, "vlanId"); if ($check_vlan !== false) { foreach ($check_vlan as $v) { if ($v->number == $vlan->number) { $Result->show("danger", _("VLAN already exists"), true);
<?php /* functions */ require dirname(__FILE__) . '/../../../functions/functions.php'; # initialize user object $Database = new Database_PDO(); $User = new User($Database); $Admin = new Admin($Database); $Result = new Result(); # verify that user is logged in $User->check_user_session(); # if edit check if protected? if ($_POST['action'] != "add") { $auth_method = $Admin->fetch_object("usersAuthMethod", "id", $_POST['id']); if ($auth_method->protected == "Yes") { $Result->show("danger", _("Method cannot be change as it is protected"), true, true); } } # route to proper auth method editing if (!file_exists(dirname(__FILE__) . "/edit-{$_POST['type']}.php")) { $Result->show("danger", _("Invalid method type"), true, true); } else { include "edit-{$_POST['type']}.php"; }
*************************************/ /* functions */ require dirname(__FILE__) . '/../../../functions/functions.php'; # initialize user object $Database = new Database_PDO(); $User = new User($Database); $Admin = new Admin($Database); $Result = new Result(); # verify that user is logged in $User->check_user_session(); /* checks */ $error = array(); # for edit check old details if ($_POST['action'] == "edit" || $_POST['action'] == "delete") { # old $agent_old = $Admin->fetch_object("scanAgents", "id", $_POST['id']); // invalid id if ($agent_old === false) { $error[] = "Invalid agent Id"; } // remove type and code if direct if (@$agent_old->type == "direct") { unset($_POST['type'], $_POST['code']); } } # die if direct and delete if (@$agent_old->type == "direct" && $_POST['action'] == "delete") { $Result->show("danger", _("Cannot remove localhost scan agent"), true); } # checks for edit / add if ($_POST['action'] != "delete") {
/** * remove item from nat ************************************************/ /* functions */ require dirname(__FILE__) . '/../../../functions/functions.php'; # initialize user object $Database = new Database_PDO(); $User = new User($Database); $Admin = new Admin($Database); $Tools = new Tools($Database); $Result = new Result(); # verify that user is logged in $User->check_user_session(); # get NAT object $nat = $Admin->fetch_object("nat", "id", $_POST['id']); $nat !== false ?: $Result->show("danger", _("Invalid ID"), true); # static NAT checks if ($nat->type == "static") { // static NAT can only have IP address if ($_POST['object_type'] != "ipaddresses") { $Result->show("danger", _("Static NAT can only contain IP address"), true); } // decode $nat_src = json_decode($nat->src, true); $nat_dst = json_decode($nat->dst, true); // validate all objects if (sizeof(@$nat_src['ipaddresses']) > 0) { foreach ($nat_src['ipaddresses'] as $ik => $iv) { if ($Tools->fetch_object("ipaddresses", "id", $iv) === false) { unset($nat_src['ipaddresses'][$ik]);
/** * Mail settings **************************/ /* functions */ require dirname(__FILE__) . '/../../../functions/functions.php'; require dirname(__FILE__) . '/../../../functions/classes/class.Mail.php'; # initialize user object $Database = new Database_PDO(); $User = new User($Database); $Admin = new Admin($Database); $Result = new Result(); # verify that user is logged in $User->check_user_session(); # fetch mailer settings $mail_settings = $Admin->fetch_object("settingsMail", "id", 1); # initialize mailer $phpipam_mail = new phpipam_mail($User->settings, $mail_settings); //override settings $phpipam_mail->override_settings($_POST); //create object $phpipam_mail->initialize_mailer(); # set content $content = $phpipam_mail->generate_message("phpIPAM test HTML message"); $content_plain = "phpIPAM test text message"; # try to send try { $phpipam_mail->Php_mailer->setFrom($_POST['mAdminMail'], $_POST['mAdminName']); $phpipam_mail->Php_mailer->addAddress($User->settings->siteAdminMail, $User->settings->siteAdminName); $phpipam_mail->Php_mailer->Subject = 'phpIPAM localhost mail test'; $phpipam_mail->Php_mailer->msgHTML($content);
# verify that user is logged in $User->check_user_session(); # validate csrf cookie $_POST['csrf_cookie'] == $_SESSION['csrf_cookie'] ?: $Result->show("danger", _("Invalid CSRF cookie"), true); # remove users from this group if delete and remove group from sections if ($_POST['action'] == "delete") { $Admin->remove_group_from_users($_POST['g_id']); $Admin->remove_group_from_sections($_POST['g_id']); } else { if (strlen($_POST['g_name']) < 2) { $Result->show("danger", _('Name must be at least 2 characters long') . "!", true); } } # unique name if ($_POST['action'] == "add") { if ($Admin->fetch_object("userGroups", "g_name", $_POST['g_name']) !== false) { $Result->show("danger", _('Group already exists') . "!", true); } } # create array of values for modification $values = array("g_id" => @$_POST['g_id'], "g_name" => $_POST['g_name'], "g_desc" => @$_POST['g_desc']); /* try to execute */ if (!$Admin->object_modify("userGroups", $_POST['action'], "g_id", $values)) { $Result->show("danger", _("Group {$_POST['action']} error") . "!", false); } else { $Result->show("success", _("Group {$_POST['action']} success") . "!", false); } # from list of usernames provided from AD result if some user matches add him to group if (strlen($_POST['gmembers']) > 0) { // save id $gid = $Admin->lastId;
/* functions */ require dirname(__FILE__) . '/../../../functions/functions.php'; # initialize user object $Database = new Database_PDO(); $User = new User($Database); $Admin = new Admin($Database); $Tools = new Tools($Database); $Sections = new Sections($Database); $Result = new Result(); # verify that user is logged in $User->check_user_session(); # create csrf token $csrf = $User->csrf_cookie("create", "vrf"); # get VRF if ($_POST['action'] != "add") { $vrf = $Admin->fetch_object("vrf", "vrfId", $_POST['vrfId']); $vrf !== false ?: $Result->show("danger", _("Invalid ID"), true, true); $vrf = (array) $vrf; } # disable edit on delete $readonly = $_POST['action'] == "delete" ? "readonly" : ""; # fetch custom fields $custom = $Tools->fetch_custom_fields('vrf'); ?> <!-- header --> <div class="pHeader"><?php print ucwords(_("{$_POST['action']}")); ?> <?php
if ($_POST['validity'] < date("Y-m-d H:i:s")) { $Result->show("danger", _("Invalid date"), true); } if ($_POST['validity'] > date("Y-m-d H:i:s", strtotime("+ 7 days"))) { $Result->show("danger", _("1 week is max validity time"), true); } # verify each recipient if (strlen($_POST['email']) > 0) { foreach (explode(",", $_POST['email']) as $rec) { if (!filter_var(trim($rec), FILTER_VALIDATE_EMAIL)) { $Result->show("danger", _("Invalid email address") . " - " . $rec, true); } } } # fetch object $object = $Admin->fetch_object($_POST['type'], "id", $_POST['id']); if ($_POST['type'] == "subnets") { $tmp[] = "Share type: subnet"; $tmp[] = "\t" . $Subnets->transform_to_dotted($object->subnet) . "/{$object->mask}"; $tmp[] = "\t" . $object->description; } else { $tmp[] = "Share type: IP address"; $tmp[] = "\t" . $Subnets->transform_to_dotted($object->ip_addr); $tmp[] = "\t" . $object->description; } # set new access $new_access[$_POST['code']] = array("id" => $_POST['id'], "type" => $_POST['type'], "code" => $_POST['code'], "validity" => strtotime($_POST['validity']), "userId" => $User->user->id); # create array of values for modification $old_access = json_decode($User->settings->tempAccess, true); if (!is_array($old_access)) { $old_access = array();
$Database = new Database_PDO(); $User = new User($Database); $Admin = new Admin($Database); $Tools = new Tools($Database); $Result = new Result(); # verify that user is logged in $User->check_user_session(); # create csrf token $csrf = $User->csrf_cookie("create", "widget"); # strip tags - XSS $_POST = $User->strip_input_tags($_POST); # validate action $Admin->validate_action($_POST['action'], true); # fetch widget if ($_POST['action'] != "add") { $w = $Admin->fetch_object("widgets", "wid", $_POST['wid']); $w !== false ?: $Result->show("danger", _("Invalid ID"), true, true); $w = (array) $w; } ?> <!-- header --> <div class="pHeader"><?php print ucwords($_POST['action']) . " widget"; ?> </div> <!-- content --> <div class="pContent"> <form id="widgetEdit" name="widgetEdit">
require dirname(__FILE__) . '/../../../functions/functions.php'; # initialize user object $Database = new Database_PDO(); $User = new User($Database); $Admin = new Admin($Database); $Tools = new Tools($Database); $Result = new Result(); # verify that user is logged in $User->check_user_session(); # strip input tags $_POST = $Admin->strip_input_tags($_POST); # validate csrf cookie $User->csrf_cookie("validate", "location", $_POST['csrf_cookie']) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : ""; # validations if ($_POST['action'] == "delete" || $_POST['action'] == "edit") { if ($Admin->fetch_object('locations', "id", $_POST['id']) === false) { $Result->show("danger", _("Invalid Location object identifier"), false); } } if ($_POST['action'] == "add" || $_POST['action'] == "edit") { // name if (strlen($_POST['name']) < 3) { $Result->show("danger", _("Name must have at least 3 characters"), true); } // lat, long if ($_POST['action'] !== "delete") { // lat if (strlen($_POST['lat']) > 0) { if (!preg_match('/^(\\-?\\d+(\\.\\d+)?).\\s*(\\-?\\d+(\\.\\d+)?)$/', $_POST['lat'])) { $Result->show("danger", _("Invalid Latitude"), true); }
# id must be numeric if (!is_numeric($_POST['gid'])) { $Result->show("danger", _("Invalid ID"), true); } # parse result foreach ($_POST as $k => $p) { if (substr($k, 0, 4) == "user") { $users[substr($k, 4)] = substr($k, 4); } } # remove each user from group if (sizeof($users) > 0) { foreach ($users as $key => $u) { if (!$Admin->remove_group_from_user($_POST['gid'], $u)) { # get user details $user = $Admin->fetch_object("users", "id", $u); $errors[] = $user->real_name; } } } else { $errors[] = _("Please select user(s) to remove from group!"); } # print result if (isset($errors)) { print "<div class='alert alert alert-danger'>"; print _("Failed to remove users") . ":<hr>"; print "<ul>"; foreach ($errors as $e) { print "<li>{$e}</li>"; } print "</ul>";
* Print all available nameserver sets and configurations ************************************************/ /* functions */ require dirname(__FILE__) . '/../../../functions/functions.php'; # initialize user object $Database = new Database_PDO(); $User = new User($Database); $Admin = new Admin($Database); $Tools = new Tools($Database); $Sections = new Sections($Database); $Result = new Result(); # verify that user is logged in $User->check_user_session(); # get Nameserver sets if ($_POST['action'] != "add") { $nameservers = $Admin->fetch_object("nameservers", "id", $_POST['nameserverId']); $nameservers !== false ?: $Result->show("danger", _("Invalid ID"), true, true); $nameservers = (array) $nameservers; } # disable edit on delete $readonly = $_POST['action'] == "delete" ? "readonly" : ""; ?> <!-- header --> <div class="pHeader"><?php print ucwords(_("{$_POST['action']}")); ?> <?php print _('Nameserver set'); ?>
require dirname(__FILE__) . '/../../../functions/functions.php'; # initialize user object $Database = new Database_PDO(); $User = new User($Database); $Admin = new Admin($Database); $Tools = new Tools($Database); $Result = new Result(); # verify that user is logged in $User->check_user_session(); # strip input tags $_POST = $Admin->strip_input_tags($_POST); # validations if ($_POST['object_type'] !== "subnets" && $_POST['object_type'] !== "ipaddresses") { $Result->show("danger", _("Invalid type"), true, true); } $nat = $Admin->fetch_object("nat", "id", $_POST['id']); if ($nat === false) { $Result->show("danger", _("Invalid Id"), true, true); } $object = $Admin->fetch_object($_POST['object_type'], "id", $_POST['object_id']); if ($object === false) { $Result->show("danger", _("Invalid object Id"), true, true); } $n = $nat; // translate json to array, links etc $sources = $Tools->translate_nat_objects_for_display($n->src, NULL, NULL, "subnets", $subnet['id']); $destinations = $Tools->translate_nat_objects_for_display($n->dst, NULL, NULL, "subnets", $subnet['id']); // no src/dst if ($sources === false) { $sources = array("<span class='badge badge1 badge5 alert-danger'>" . _("None") . "</span>"); }
$csrf = $User->csrf_cookie("create", "user"); # strip tags - XSS $_POST = $User->strip_input_tags($_POST); # validate action $Admin->validate_action($_POST['action'], true); # fetch custom fields $custom = $Tools->fetch_custom_fields('users'); # fetch all languages $langs = $Admin->fetch_all_objects("lang", "l_id"); # fetch all auth types $auth_types = $Admin->fetch_all_objects("usersAuthMethod", "id"); # fetch all groups $groups = $Admin->fetch_all_objects("userGroups", "g_id"); # set header parameters and fetch user if ($_POST['action'] != "add") { $user = $Admin->fetch_object("users", "id", $_POST['id']); //false if ($user === false) { $Result->show("danger", _("Invalid ID"), true, true); } else { $user = (array) $user; } } else { $user = array(); //set default lang $user['lang'] = $User->settings->defaultLang; } ?> <script type="text/javascript"> $(document).ready(function(){
$worksheet_sections->write($lineCount, $rowCount, _('Parent'), $format_header); $rowCount++; $lineCount++; $rowCount = 0; foreach ($sections_sorted as $section) { //cast $section = (array) $section; if (isset($_GET['exportSection__' . str_replace(" ", "_", $section['name'])]) && $_GET['exportSection__' . str_replace(" ", "_", $section['name'])] == "on") { $worksheet_sections->write($lineCount, $rowCount, $section['name'], $format_text); $rowCount++; $worksheet_sections->write($lineCount, $rowCount, $section['description'], $format_text); $rowCount++; //master Section if ($section['masterSection'] != 0) { # get section details $ssec = $Admin->fetch_object("sections", "id", $section['masterSection']); $worksheet_sections->write($lineCount, $rowCount, $ssec->name, $format_text); $rowCount++; } else { $worksheet_sections->write($lineCount, $rowCount, "/", $format_text); $rowCount++; } } $lineCount++; $rowCount = 0; } } // sending HTTP headers $workbook->send($filename); // Let's send the file $workbook->close();
/** * Script to display usermod result *************************************/ /* functions */ require dirname(__FILE__) . '/../../../functions/functions.php'; require dirname(__FILE__) . "/../../../functions/adLDAP/src/adLDAP.php"; # initialize user object $Database = new Database_PDO(); $User = new User($Database); $Admin = new Admin($Database); $Result = new Result(); # verify that user is logged in $User->check_user_session(); # fetch server $server = $Admin->fetch_object("usersAuthMethod", "id", $_POST['server']); $server !== false ?: $Result->show("danger", _("Invalid server ID"), true); //parse parameters $params = json_decode($server->params); //no login parameters if (strlen(@$params->adminUsername) == 0 || strlen(@$params->adminPassword) == 0) { $Result->show("danger", _("Missing credentials"), true); } //at least 2 chars if (strlen($_POST['dfilter']) < 2) { $Result->show("danger", _('Please enter at least 2 characters'), true); } //open connection try { if ($server->type == "NetIQ") { $params->account_suffix = "";
$User->csrf_cookie("validate", "requests", $_POST['csrf_cookie']) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : ""; # verify permissions if ($Subnets->check_permission($User->user, $_POST['subnetId']) != 3) { $Result->show("danger", _('You do not have permissions to process this request') . "!", true); } # fetch custom fields $custom = $Tools->fetch_custom_fields('ipaddresses'); if (sizeof($custom) > 0) { foreach ($custom as $myField) { if (isset($_POST[$myField['name']])) { $_POST[$myField['name']] = $_POST[$myField['name']]; } } } # fetch subnet $subnet = (array) $Admin->fetch_object("subnets", "id", $_POST['subnetId']); /* if action is reject set processed and accepted to 1 and 0 */ if ($_POST['action'] == "reject") { //set reject values $values = array("id" => $_POST['requestId'], "processed" => 1, "accepted" => 0, "adminComment" => @$_POST['adminComment']); if (!$Admin->object_modify("requests", "edit", "id", $values)) { $Result->show("danger", _("Failed to reject IP request"), true); } else { $Result->show("success", _("Request has beed rejected"), false); } # send mail $Tools->ip_request_send_mail("reject", $_POST); } else { // fetch subnet $subnet_temp = $Addresses->transform_to_dotted($subnet['subnet']) . "/" . $subnet['mask']; //verify IP and subnet
/** * Script to print add / edit / delete group *************************************************/ /* functions */ require dirname(__FILE__) . '/../../../functions/functions.php'; # initialize user object $Database = new Database_PDO(); $User = new User($Database); $Admin = new Admin($Database); $Result = new Result(); # verify that user is logged in $User->check_user_session(); # get lang details if ($_POST['action'] == "edit" || $_POST['action'] == "delete") { $lang = (array) $Admin->fetch_object("lang", "l_id", $_POST['langid']); } # set title if ($_POST['action'] == "edit") { $title = 'Edit language'; } elseif ($_POST['action'] == "delete") { $title = 'Delete language'; } else { $title = 'Add new language'; } ?> <!-- header --> <div class="pHeader"><?php print _($title); ?>
<?php /** * Post-installation submit */ # functions require dirname(__FILE__) . '/../../functions/functions.php'; # objects $Database = new Database_PDO(); $Admin = new Admin($Database, false); $Install = new Install($Database); $User = new User($Database); $Result = new Result(); # only permit if Admin user has default pass !!! $admin = $Admin->fetch_object("users", "username", "Admin"); if ($admin->password != '$6$rounds=3000$JQEE6dL9NpvjeFs4$RK5X3oa28.Uzt/h5VAfdrsvlVe.7HgQUYKMXTJUsud8dmWfPzZQPbRbk8xJn1Kyyt4.dWm4nJIYhAV2mbOZ3g.') { $Result->show("danger", "Not allowed!", true); } else { # check lenghts if (strlen($_POST['password1']) < 8) { $Result->show("danger", _("Password must be at least 8 characters long!"), true); } if (strlen($_POST['password2']) < 8) { $Result->show("danger", _("Password must be at least 8 characters long!"), true); } # check password match if ($_POST['password1'] != $_POST['password2']) { $Result->show("danger", _("Passwords do not match"), true); } # Crypt password $_POST['password1'] = $User->crypt_user_pass($_POST['password1']);
# update scan time $Scan->ping_update_scanagent_checktime(1, $nowdate); # send mail if ($discovered > 0 && $send_mail) { # check for recipients foreach ($Admin->fetch_multiple_objects("users", "role", "Administrator") as $admin) { if ($admin->mailNotify == "Yes") { $recepients[] = array("name" => $admin->real_name, "email" => $admin->email); } } # none? if (!isset($recepients)) { die; } # fetch mailer settings $mail_settings = $Admin->fetch_object("settingsMail", "id", 1); # fake user object, needed for create_link $User = new StdClass(); @($User->settings->prettyLinks = $Scan->settings->prettyLinks); # initialize mailer $phpipam_mail = new phpipam_mail($Scan->settings, $mail_settings); $phpipam_mail->initialize_mailer(); // set subject $subject = "phpIPAM new addresses detected " . date("Y-m-d H:i:s"); //html $content[] = "<h3>phpIPAM found {$discovered} new hosts</h3>"; $content[] = "<table style='margin-left:10px;margin-top:5px;width:auto;padding:0px;border-collapse:collapse;border:1px solid gray;'>"; $content[] = "<tr>"; $content[] = "\t<th style='padding:3px 8px;border:1px solid silver;border-bottom:2px solid gray;'>IP</th>"; $content[] = "\t<th style='padding:3px 8px;border:1px solid silver;border-bottom:2px solid gray;'>Subnet</th>"; $content[] = "\t<th style='padding:3px 8px;border:1px solid silver;border-bottom:2px solid gray;'>Section</th>";
$User = new User($Database); $Admin = new Admin($Database); $Result = new Result(); # verify that user is logged in $User->check_user_session(); # create csrf token $csrf = $User->create_csrf_cookie(); # ID must be numeric if ($_POST['action'] != "add" && !is_numeric($_POST['tid'])) { $Result->show("danger", _("Invalid ID"), true, true); } # set delete flag $readonly = $_POST['action'] == "delete" ? "readonly" : ""; # fetch device type details if ($_POST['action'] == "edit" || $_POST['action'] == "delete") { $device = $Admin->fetch_object("deviceTypes", "tid", $_POST['tid']); # fail if false $device === false ? $Result->show("danger", _("Invalid ID"), true) : null; } ?> <!-- header --> <div class="pHeader"><?php print ucwords(_("{$_POST['action']}")); ?> <?php print _('device type'); ?> </div>
/** * Script to replace fields in IP address list ***********************************************/ /* functions */ require dirname(__FILE__) . '/../../../functions/functions.php'; # initialize user object $Database = new Database_PDO(); $User = new User($Database); $Admin = new Admin($Database); $Result = new Result(); # verify that user is logged in $User->check_user_session(); //verify post if (empty($_POST['search'])) { $Result->show("danger", _('Please enter something in search field') . '!', true); } //if device verify that it exists if ($_POST['field'] == "switch") { if (!($device1 = $Admin->fetch_object("devices", "hostname", $_POST['search']))) { $Result->show("danger alert-absolute", _('Switch') . ' "<i>' . $_POST['search'] . '</i>" ' . _('does not exist, first create switch under admin menu') . '!', true); } if (!($device2 = $Admin->fetch_object("devices", "hostname", $_POST['replace']))) { $Result->show("danger alert-absolute", _('Switch') . ' "<i>' . $_POST['search'] . '</i>" ' . _('does not exist, first create switch under admin menu') . '!', true); } //replace posts $_POST['search'] = $device1->id; $_POST['replace'] = $device2->id; } # update $Admin->replace_fields($_POST['field'], $_POST['search'], $_POST['replace']);
$Tools = new Tools($Database); $Racks = new phpipam_rack($Database); $Result = new Result(); # verify that user is logged in $User->check_user_session(); # create csrf token $csrf = $User->csrf_cookie("create", "rack"); # fetch custom fields $custom = $Tools->fetch_custom_fields('racks'); # ID must be numeric if ($_POST['action'] != "add" && !is_numeric($_POST['rackid'])) { $Result->show("danger", _("Invalid ID"), true, true); } # fetch device details if ($_POST['action'] == "edit" || $_POST['action'] == "delete") { $rack = $Admin->fetch_object("racks", "id", $_POST['rackid']); } else { $rack = new StdClass(); $rack->size = 42; } # all locations if ($User->settings->enableLocations == "1") { $locations = $Tools->fetch_all_objects("locations"); } # set readonly flag $readonly = $_POST['action'] == "delete" ? "readonly" : ""; ?> <script type="text/javascript"> $(document).ready(function(){ if ($("[rel=tooltip]").length) { $("[rel=tooltip]").tooltip(); }
require dirname(__FILE__) . '/../../../functions/functions.php'; # initialize user object $Database = new Database_PDO(); $User = new User($Database); $Admin = new Admin($Database); $Tools = new Tools($Database); $Result = new Result(); # verify that user is logged in $User->check_user_session(); # create csrf token $csrf = $User->csrf_cookie("create", "location"); # validate action $Admin->validate_action($_POST['action'], true); # get Location object if ($_POST['action'] != "add") { $location = $Admin->fetch_object("locations", "id", $_POST['id']); $location !== false ?: $Result->show("danger", _("Invalid ID"), true, true); } # disable edit on delete $readonly = $_POST['action'] == "delete" ? "readonly" : ""; $link = $readonly ? false : true; # fetch custom fields $custom = $Tools->fetch_custom_fields('locations'); ?> <!-- header --> <div class="pHeader"><?php print ucwords(_("{$_POST['action']}")); ?> <?php
$Database = new Database_PDO(); $User = new User($Database); $Admin = new Admin($Database); $Tools = new Tools($Database); $Result = new Result(); # verify that user is logged in $User->check_user_session(); # fetch custom fields $custom = $Tools->fetch_custom_fields('devices'); # ID must be numeric if ($_POST['action'] != "add" && !is_numeric($_POST['switchId'])) { $Result->show("danger", _("Invalid ID"), true, true); } # fetch device details if ($_POST['action'] == "edit" || $_POST['action'] == "delete") { $device = (array) $Admin->fetch_object("devices", "id", $_POST['switchId']); } # set readonly flag $readonly = $_POST['action'] == "delete" ? "readonly" : ""; ?> <script type="text/javascript"> $(document).ready(function(){ if ($("[rel=tooltip]").length) { $("[rel=tooltip]").tooltip(); } }); </script> <!-- header --> <div class="pHeader"><?php print ucwords(_("{$_POST['action']}"));
* Edit tag *************************************/ /* functions */ require dirname(__FILE__) . '/../../../functions/functions.php'; # initialize user object $Database = new Database_PDO(); $User = new User($Database); $Admin = new Admin($Database); $Result = new Result(); # verify that user is logged in $User->check_user_session(); # validate csrf cookie $_POST['csrf_cookie'] == $_SESSION['csrf_cookie'] ?: $Result->show("danger", _("Invalid CSRF cookie"), true); # fetch old values if ($_POST['action'] == "delete") { $old_tag = $Admin->fetch_object("ipTags", "id", $_POST['id']); } else { $old_tag = new StdClass(); } /* checks */ if ($_POST['action'] == "delete" && $old_tag->locked != "No") { $Result->show("danger", _("Cannot delete locked tag"), true); } if ($_POST['action'] != "delete") { if (strlen($_POST['type']) < 3) { $Result->show("danger", _("Invalid tag name"), true); } if (strlen($_POST['bgcolor']) < 4) { $Result->show("danger", _("Invalid bg color"), true); } if (strlen($_POST['fgcolor']) < 4) {
$Admin = new Admin($Database); $Result = new Result(); # verify that user is logged in $User->check_user_session(); # create csrf token $csrf = $User->csrf_cookie("create", "apiedit"); # validate action $Admin->validate_action($_POST['action'], true); # ID must be numeric if ($_POST['action'] != "add" && !is_numeric($_POST['appid'])) { $Result->show("danger", _("Invalid ID"), true, true); } # fetch api for edit / add if ($_POST['action'] != "add") { # fetch api details $api = $Admin->fetch_object("api", "id", $_POST['appid']); # null ? $api === false ? $Result->show("danger", _("Invalid ID"), true) : null; # title $title = ucwords($_POST['action']) . ' ' . _('api') . ' ' . $api->app_id; } else { # generate new code $api = new StdClass(); $api->app_code = str_shuffle(md5(microtime())); # title $title = _('Add new api key'); } ?> <!-- header -->