function add_note($conn, $type)
{
$validate = array('asset_id' => array('validation' => 'OSS_HEX', 'e_message' => 'illegal:' . _('Asset ID')), 'txt' => array('validation' => 'OSS_TEXT, OSS_PUNC_EXT', 'e_message' => 'illegal:' . _('Note text')));
$validation_errors = validate_form_fields('POST', $validate);
if (is_array($validation_errors) && !empty($validation_errors)) {
Av_exception::throw_error(Av_exception::USER_ERROR, _('Error! Note could not be added'));
}
$asset_id = POST('asset_id');
$txt = POST('txt');
// Check Asset Type
$asset_types = array('asset' => 'asset_host', 'network' => 'asset_net', 'group' => 'asset_group', 'net_group' => 'net_group');
// Note type
$type_tr = array('group' => 'host_group', 'network' => 'net', 'asset' => 'host', 'net_group' => 'net_group');
$class_name = $asset_types[$type];
$asset_type = $type_tr[$type];
// Check Asset Permission
if (method_exists($class_name, 'is_allowed') && !$class_name::is_allowed($conn, $asset_id)) {
$error = sprintf(_('Error! %s is not allowed'), ucwords($type));
Av_exception::throw_error(Av_exception::USER_ERROR, $error);
}
$note_id = Notes::insert($conn, $asset_type, gmdate('Y-m-d H:i:s'), $asset_id, $txt);
if (intval($note_id) > 0) {
$tz = Util::get_timezone();
$data['msg'] = _('Note added successfully');
$data['id'] = $note_id;
$data['note'] = $txt;
$data['date'] = gmdate('Y-m-d H:i:s', Util::get_utc_unixtime(gmdate('Y-m-d H:i:s')) + 3600 * $tz);
$data['user'] = Session::get_session_user();
$data['editable'] = 1;
} else {
Av_exception::throw_error(Av_exception::USER_ERROR, _('Error! Note could not be added'));
}
return $data;
}
/**
*
* License:
*
* Copyright (c) 2003-2006 ossim.net
* Copyright (c) 2007-2013 AlienVault
* All rights reserved.
*
* This package is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; version 2 dated June, 1991.
* You may not use, modify or distribute this program under any other version
* of the GNU General Public License.
*
* This package is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this package; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA 02110-1301 USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
function normalize_date($from_date, $to_date)
{
// Format correction
$from_date = preg_replace("/(\\d\\d)\\/(\\d\\d)\\/(\\d\\d\\d\\d)/", "\\3-\\2-\\1", $from_date);
$to_date = preg_replace("/(\\d\\d)\\/(\\d\\d)\\/(\\d\\d\\d\\d)/", "\\3-\\2-\\1", $to_date);
// Timezone correction
$tz = Util::get_timezone();
if ($tz != 0) {
$from_date = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime("{$from_date} 00:00:00") + -3600 * $tz);
$to_date = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime("{$to_date} 23:59:59") + -3600 * $tz);
}
if (!preg_match("/\\d+\\:\\d+:\\d+/", $from_date)) {
$from_date .= " 00:00:00";
}
if (!preg_match("/\\d+\\:\\d+:\\d+/", $to_date)) {
$to_date .= " 23:59:59";
}
return array($from_date, $to_date);
}
$query = ossim_query("SELECT report_id, scantime, report_key FROM vuln_nessus_reports t1 WHERE t1.report_id={$report_id} LIMIT 1");
if (!($rs =& $dbconn->Execute($query))) {
print $dbconn->ErrorMsg();
} else {
if (!$rs->EOF) {
$report_id = $rs->fields['report_id'];
$scantime = $rs->fields['scantime'];
$key = $rs->fields['report_key'];
}
}
//Seperates the parts of the date so it doesn't just display it as one big number
$tz = Util::get_timezone();
if ($tz == 0) {
$localtime = $scantime;
} else {
$localtime = gmdate("YmdHis", Util::get_utc_unixtime($scantime) + 3600 * $tz);
}
$scanyear = substr($localtime, 0, 4);
$scanmonth = substr($localtime, 4, 2);
$scanday = substr($localtime, 6, 2);
$scanhour = substr($localtime, 8, 2);
$scanmin = substr($localtime, 10, 2);
$scansec = substr($localtime, 12);
}
if (empty($report_id)) {
echo _("Report not found");
exit(0);
}
$query = "select count(scantime) from vuln_nessus_results t1\n where report_id in ({$report_id}) and falsepositive='N'";
$result = $dbconn->execute($query);
list($numofresults) = $result->fields;
function get_timestamp($dbconn, $login, $datetime)
{
$user_timezone = $dbconn->GetOne("SELECT timezone FROM users WHERE login='******'");
$tz = Session::get_timezone($user_timezone);
return gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($datetime) + 3600 * $tz);
}
$s_sid_name = $s_plugin_sid_list[0]->get_name();
$s_sid_priority = $s_plugin_sid_list[0]->get_priority();
} else {
$s_sid_name = "Unknown (id={$s_id} sid={$s_sid})";
$s_sid_priority = "N/A";
}
$s_last = Util::timestamp2date($s_alarm->get_last());
$timestamp_utc = Util::get_utc_unixtime($s_last);
$s_last = gmdate("Y-m-d H:i:s", $timestamp_utc + 3600 * $tz);
$s_event_count = Alarm::get_total_events($conn, $s_backlog_id);
$aux_date = Util::timestamp2date($s_alarm->get_timestamp());
$timestamp_utc = Util::get_utc_unixtime($s_alarm->get_timestamp());
$s_date = gmdate("Y-m-d H:i:s", $timestamp_utc + 3600 * $tz);
if ($s_backlog_id && $s_id == 1505 && $s_event_count > 0) {
$aux_date = Util::timestamp2date($s_alarm->get_since());
$timestamp_utc = Util::get_utc_unixtime($aux_date);
$s_since = gmdate("Y-m-d H:i:s", $timestamp_utc + 3600 * $tz);
} else {
$s_since = $s_date;
}
$s_risk = $s_alarm->get_risk();
$s_alarm_link = "alarm_detail.php?backlog=" . $s_backlog_id;
/* Alarm name */
$s_alarm_name = ereg_replace("directive_event: ", "", $s_sid_name);
$s_alarm_name = Util::translate_alarm($conn, $s_alarm_name, $s_alarm);
$event_ocurrences = Alarm::get_total_events($conn, $s_backlog_id);
if ($event_ocurrences != 1) {
$ocurrences_text = strtolower(gettext("Events"));
} else {
$ocurrences_text = strtolower(gettext("Event"));
}
if (!empty($allowed_users) && is_array($allowed_users)) {
foreach ($allowed_users as $user) {
if ($user->get_id() == $my_session) {
$me = "style='font-weight: bold;'";
$action = "<img class='info_logout dis_logout' src='../pixmaps/menu/logout.gif' alt='" . $user->get_login() . "' title='" . $user->get_login() . "'/>";
} else {
$action = "<a onclick=\"logout('" . $user->get_id() . "');\">\n\t\t\t\t\t\t\t <img class='info_logout' src='../pixmaps/menu/logout.gif' alt='" . _('Logout') . " " . $user->get_login() . "' title='" . _('Logout') . " " . $user->get_login() . "'/>\n\t\t\t\t\t\t\t </a>";
$me = NULL;
}
$_country_aux = $geoloc->get_country_by_host($conn, $user->get_ip());
$s_country = strtolower($_country_aux[0]);
$s_country_name = $_country_aux[1];
$geo_code = get_country($s_country);
$flag = !empty($geo_code) ? "<img src='" . $geo_code . "' border='0' align='top'/>" : '';
$logon_date = gmdate('Y-m-d H:i:s', Util::get_utc_unixtime($user->get_logon_date()) + 3600 * Util::get_timezone());
$activity_date = Util::get_utc_unixtime($user->get_activity());
$background = Session_activity::is_expired($activity_date) ? 'background:#FFD8D6;' : '';
$expired = Session_activity::is_expired($activity_date) ? "<span style='color:red'>(" . _('Expired') . ")</span>" : "";
$agent = explode('###', $user->get_agent());
if ($agent[1] == 'av report scheduler') {
$agent = array('AV Report Scheduler', 'wget');
}
$host = @array_shift(Asset_host::get_name_by_ip($conn, $user->get_ip()));
$host = $host == '' ? $user->get_ip() : $host;
echo " <tr id='" . $user->get_id() . "'>\n\t\t\t\t\t\t\t\t\t<td class='ops_user' {$me}><img class='user_icon' src='" . get_user_icon($user->get_login(), $pro) . "' alt='" . _('User icon') . "' title='" . _('User icon') . "' align='absmiddle'/> " . $user->get_login() . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_ip'>" . $user->get_ip() . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_host'>" . $host . $flag . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_agent'><a title='" . htmlentities($agent[1]) . "' class='info_agent'>" . htmlentities($agent[0]) . "</a></td>\n\t\t\t\t\t\t\t\t\t<td class='ops_id'>" . $user->get_id() . " {$expired}</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_logon'>" . $logon_date . "</td>\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<td class='ops_activity'>" . _(TimeAgo($activity_date, gmdate('U'))) . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_actions'>{$action}</td>\t\n\t\t\t\t\t\t\t\t</tr>";
}
}
?>
</tbody>
</table>
</div>
?>
</td>
<td style='text-align: center; background-color:#9DD131;font-weight:bold' width='7%'><?php
echo gettext("Status");
?>
</td>
<td width='7%' style='text-decoration: none; background-color:#9DD131;font-weight:bold'><?php
echo gettext("Action");
?>
</td>
</tr>
<?php
// Timezone correction
$tz = Util::get_timezone();
foreach ($alarm_group as $group) {
$group['date'] = $group['date'] != "" ? gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($conn, $group['date']) + 3600 * $tz) : "";
$group_id = $group['group_id'];
$_SESSION[$group_id] = $group['name'];
$ocurrences = $group['group_count'];
//if($group_type=="similar" && $ocurrences>1) { $ocurrences = $ocurrences-1; }
$max_risk = $group['max_risk'];
$id_tag = $group['id_tag'];
if ($group['date'] != $lastday) {
$lastday = $group['date'];
list($year, $month, $day) = split("-", $group['date']);
$date = Util::htmlentities(strftime("%A %d-%b-%Y", mktime(0, 0, 0, $month, $day, $year)));
$show_day = $group_type == "name" || $group_type == "similar" ? 0 : 1;
} else {
$show_day = 0;
}
$descr = $db_groups[$group_id]['descr'];
function get_timestamps($dbconn, $login, $scan_START, $scan_SUBMIT, $body)
{
$user_timezone = $dbconn->GetOne("SELECT timezone FROM users WHERE login='******'");
$tz = get_timezone($user_timezone);
if ($tz != 0) {
$scan_START = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($scan_START) + 3600 * $tz);
$scan_SUBMIT = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($scan_SUBMIT) + 3600 * $tz);
}
$body_part_with_timestamp = str_replace("SCAN_SUBMIT", $scan_SUBMIT, $body);
$body_part_with_timestamp = str_replace("SCAN_START", $scan_START, $body_part_with_timestamp);
return $body_part_with_timestamp;
}
// select report ids
if (!empty($arruser)) {
$query_onlyuser = "******";
}
if ($freport != '' && $sreport != '') {
$query = "SELECT report_id, name, scantime FROM vuln_nessus_reports where 1=1 {$query_onlyuser} ORDER BY scantime DESC";
} else {
$query = "SELECT report_id, name, scantime FROM vuln_nessus_reports where report_id!={$freport} {$query_onlyuser} ORDER BY scantime DESC";
}
$result = $dbconn->Execute($query);
$tz = Util::get_timezone();
while (!$result->EOF) {
if ($tz == 0) {
$date = preg_replace('/(\\d\\d\\d\\d)(\\d+\\d+)(\\d+\\d+)(\\d+\\d+)(\\d+\\d+)(\\d+\\d+)/i', '$1-$2-$3 $4:$5:$6', $result->fields["scantime"]);
} else {
$date = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($result->fields['scantime']) + 3600 * $tz);
}
$result->fields['name'] = preg_replace('/\\d+\\s-\\s/', '', $result->fields['name']);
$reports[$result->fields['report_id']] = $date . " - " . $result->fields['name'];
$result->MoveNext();
}
if (count($reports) == 0 && GET("submit") != '') {
?>
<script type="text/javascript">
parent.GB_close();
</script>
<?php
} else {
if ($freport != '' && $sreport != '' && array_key_exists($freport, $reports) && array_key_exists($sreport, $reports)) {
?>
<script type="text/javascript">
function reportsummary()
{
//GENERATE REPORT SUMMARY
global $user, $border, $report_id, $scantime, $scantype, $fp, $nfp, $output, $filterip, $query_risk, $dbconn, $pluginid;
global $treport, $sid, $ipl;
$tz = Util::get_timezone();
$htmlsummary = '';
$user_filter = $user != '' ? "AND t1.username in ({$user})" : "";
$query = "SELECT t2.id, t1.username, t1.name as job_name, t2.name as profile_name, t2.description \n FROM vuln_jobs t1\n LEFT JOIN vuln_nessus_settings t2 on t1.meth_VSET=t2.id\n WHERE t1.report_id in ({$report_id}) {$user_filter}\n order by t1.SCAN_END DESC";
$result = $dbconn->execute($query);
$id_profile = $result->fields['id'];
$query_uid = $result->fields['username'];
$job_name = $result->fields['jobname'];
$profile_name = $result->fields['profile_name'];
$profile_desc = $result->fields['description'];
if ($job_name == '') {
// imported report
$query_imported_report = "SELECT name FROM vuln_nessus_reports WHERE scantime='{$scantime}'";
$result_imported_report = $dbconn->execute($query_imported_report);
$job_name = $result_imported_report->fields["name"];
}
if ($tz == 0) {
$localtime = gen_strtotime($scantime, "");
} else {
$localtime = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($scantime) + 3600 * $tz);
}
$htmlsummary .= "<table border=\"5\" width=\"900\" style=\"margin: 9px 0px 0px 0px;\"><tr><th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n \n <b>" . _("Scan time") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:9px;\">" . $localtime . " </td>";
//Generated date
$gendate = gmdate("Y-m-d H:i:s", gmdate("U") + 3600 * $tz);
$htmlsummary .= "<th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . _("Generated") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">{$gendate}</td></tr>";
$htmlsummary .= "<tr><th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . _("Profile") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">";
$htmlsummary .= "{$profile_name} - {$profile_desc} </td>\n <th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . _("Job Name") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">{$job_name}</td></tr>";
$htmlsummary .= "</table>";
return "<center>" . $htmlsummary . "</center>";
}
require_once 'av_init.php';
require_once '../alarm_common.php';
Session::logcheck("analysis-menu", "ControlPanelAlarms");
$backlog = GET('backlog');
ossim_valid($backlog, OSS_HEX, OSS_NULLABLE, 'illegal:' . _("Backlog"));
// Maybe nullable from Logger resolves
if (ossim_error()) {
die(ossim_error());
}
$geoloc = new Geolocation("/usr/share/geoip/GeoLiteCity.dat");
$db = new ossim_db(TRUE);
$conn = $db->connect();
$tz = Util::get_timezone();
list($alarm, $event) = Alarm::get_alarm_detail($conn, $backlog);
$stats = $alarm->get_stats();
$timestamp_utc = Util::get_utc_unixtime(Util::timestamp2date($alarm->get_timestamp()));
$last = gmdate("Y-m-d H:i:s", $timestamp_utc + 3600 * $tz);
$alarm_time = get_alarm_life($alarm->get_since(), $alarm->get_last());
preg_match_all("/(\\d+)\\s(\\w+)/", strip_tags(trim($alarm_time)), $found);
$alarm_time_number = $found[1][0];
$alarm_time_unit = $found[2][0];
$alarm_life = get_alarm_life($alarm->get_since(), gmdate("Y-m-d H:i:s"));
preg_match_all("/(\\d+)\\s(\\w+)/", strip_tags(trim($alarm_life)), $found);
$alarm_life_number = $found[1][0];
$alarm_life_unit = $found[2][0];
$show_total = false;
$removable = $alarm->get_removable();
$backlog_id = $alarm->get_backlog_id();
$event_id = $alarm->get_event_id();
/* Buttons */
$alarm_detail_url = empty($stats) ? "load_alarm_detail('{$event_id}', 'event')" : "load_alarm_detail('{$backlog_id}', 'alarm')";
<?php
} else {
$href = "";
echo " {$name}";
}
?>
</td>
<!-- end id & name event -->
<!-- risk -->
<?php
$orig_date = $alarm->get_timestamp();
$date = Util::timestamp2date($orig_date);
$orig_date = $date;
$event_date = $date;
$event_date_uut = Util::get_utc_unixtime($conn, $event_date);
$date = gmdate("Y-m-d H:i:s", $event_date_uut + 3600 * $tz);
$event_date = gmdate("Y-m-d H:i:s", $event_date_uut + 3600 * $alarm->get_tzone());
$src_ip = $alarm->get_src_ip();
$dst_ip = $alarm->get_dst_ip();
$src_port = $alarm->get_src_port();
$dst_port = $alarm->get_dst_port();
if ($have_scanmap) {
fwrite($backlog_file, "{$orig_date},{$src_ip},{$src_port},{$dst_ip},{$dst_port}\n");
}
$src_port = Port::port2service($conn, $src_port);
$dst_port = Port::port2service($conn, $dst_port);
if ($risk > 7) {
echo "<td bgcolor=\"red\"><b>";
if ($href) {
echo "<a href=\"{$href}\">";
$db = new ossim_db();
$conn = $db->connect();
$info = Alarm::get_similar_info($conn, $similar);
if (count($info) != 0) {
$tz = Util::get_timezone();
?>
<table class="transparent">
<tr><td class="nobborder" width="55"><strong><?php
echo _("Min date: ");
?>
</strong></td>
<td class="nobborder"><?php
echo gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($conn, $info["min_date"]) + 3600 * $tz);
?>
</td>
</tr>
<tr><td class="nobborder" width="55"><strong><?php
echo _("Max date: ");
?>
</strong></td>
<td class="nobborder"><?php
echo gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($conn, $info["max_date"]) + 3600 * $tz);
?>
</td>
</tr>
</table>
<?php
} else {
echo "<strong>{$similar}</strong> not found in alarms";
}
$db->close($conn);
function reportsummary()
{
//GENERATE REPORT SUMMARY
global $user, $border, $report_id, $scantime, $scantype, $fp, $nfp, $output, $filterip, $query_risk, $dbconn, $pluginid;
global $treport, $sid, $ipl;
$tz = Util::get_timezone();
$htmlsummary = "";
if ($treport == "latest" || $ipl != "") {
$query = "SELECT t2.id, t1.username, t1.name, t2.name, t2.description, t4.hostname as host_name \n FROM vuln_nessus_latest_reports t1\n LEFT JOIN vuln_nessus_settings t2 on t1.sid=t2.id\n LEFT JOIN host t4 ON t4.ip=inet_ntoa(t1.report_id)\n WHERE " . ($ipl != "all" ? "t1.report_id in ({$report_id}) and " : "") . "t1.sid in ({$sid}) AND t1.username in ('{$user}')\n order by t1.scantime DESC";
} else {
$query = "SELECT t2.id, t1.username, t1.name, t2.name, t2.description \n FROM vuln_jobs t1\n LEFT JOIN vuln_nessus_settings t2 on t1.meth_VSET=t2.id\n WHERE t1.report_id in ({$report_id}) AND t1.username in('{$user}')\n order by t1.SCAN_END DESC";
}
$result = $dbconn->execute($query);
//print_r($query);
if ($treport == "latest" || $ipl != "") {
//list( $id_profile, $query_uid, $job_name, $profile_name, $profile_desc, $host_name ) =$result->fields;
$lprofiles = array();
$tmp_profiles = array();
while (list($id_profile, $query_uid, $job_name, $profile_name, $profile_desc, $host_name) = $result->fields) {
if ($host_name != "" && $host_name != long2ip($report_id)) {
$phost_name = "{$host_name} (" . long2ip($report_id) . ")";
} else {
$phost_name = long2ip($report_id);
}
$lprofiles[] = "{$profile_name} - {$profile_desc}";
$tmp_profiles[] = $id_profile;
$result->MoveNext();
}
$profiles = implode("<br>", $lprofiles);
$id_profile = implode(", ", $tmp_profiles);
} else {
list($id_profile, $query_uid, $job_name, $profile_name, $profile_desc) = $result->fields;
if ($job_name == "") {
// imported report
$query_imported_report = "SELECT name FROM vuln_nessus_reports WHERE scantime='{$scantime}'";
$result_imported_report = $dbconn->execute($query_imported_report);
$job_name = $result_imported_report->fields["name"];
}
}
if ($tz == 0) {
$localtime = gen_strtotime($scantime, "");
} else {
$localtime = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($dbconn, $scantime) + 3600 * $tz);
}
$htmlsummary .= "<table border=\"5\" width=\"900\"><tr><th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n \n <b>" . _("Scan time") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">" . $localtime . " </td>";
//Generated date
$gendate = date("Y-m-d H:i:s");
$htmlsummary .= "<th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . _("Generated") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">{$gendate}</td></tr>";
if ($ipl != "all") {
if ($treport == "latest" || $ipl != "") {
$htmlsummary .= "<tr><th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . (count($lprofiles) > 1 ? _("Profiles") : _("Profile")) . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">";
$htmlsummary .= "{$profiles} </td>\n <th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . ($treport == "latest" || $ipl != "" ? _("Host - IP") : _("Job Name")) . ":</b></th><td class=\"noborder\" valign=\"top\" style=\"text-align:left;padding-left:10px;\">" . ($treport == "latest" || $ipl != "" ? "{$phost_name}" : "{$job_name}") . "</td></tr>";
} else {
$htmlsummary .= "<tr><th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . _("Profile") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">";
$htmlsummary .= "{$profile_name} - {$profile_desc} </td>\n <th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n <b>" . _("Job Name") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">{$job_name}</td></tr>";
}
}
$htmlsummary .= "</table>";
/*
if($pluginid!="") {
if($fp!=""){
$dbconn->execute("UPDATE vuln_nessus_settings_plugins SET enabled='N' WHERE sid in ($id_profile) and id='$pluginid'");
}
else {
$dbconn->execute("UPDATE vuln_nessus_settings_plugins SET enabled='Y' WHERE sid in ($id_profile) and id='$pluginid'");
}
}
*/
return "<center>" . $htmlsummary . "</center>";
}
?>
</td>
</tr>
</table>
</td>
<td class="nobborder" width="2%">
</td>
<td class="noborder" width="49%">
<table style="margin:auto;border: 0pt none;" width="100%" cellspacing="0" cellpadding="0">
<tr>
<?php
if ($tz == 0) {
$slocaltime = $sreport_scantime;
} else {
$slocaltime = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($sreport_scantime) + 3600 * $tz);
}
?>
<td class="headerpr_no_bborder"><?php
echo $sreport_name;
?>
<span style="font-size : 9px;"><?php
echo " (" . $slocaltime . ")";
?>
</span></td>
</tr>
</table>
<table style="margin:auto;background: transparent;" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td class="noborder" style="padding-bottom:10px;"><?php
echo vulnbreakdown($dbconn, $sreport, $perms_where);
function main_page($viewall, $sortby, $sortdir)
{
global $uroles, $username, $dbconn, $hosts;
global $arruser, $user;
$dbconn->SetFetchMode(ADODB_FETCH_BOTH);
$tz = Util::get_timezone();
if ($sortby == "") {
$sortby = "id";
}
if ($sortdir == "") {
$sortdir = "DESC";
}
$sql_order = "order by {$sortby} {$sortdir}";
if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
?>
<div style="width:50%; position: relative; height: 5px; float:left">
<div style="width:100%; position: absolute; top: -41px;left:0px;">
<div style="float:left; height:28px; margin:5px 5px 0px 0px;">
<a class="button" href="<?php
echo Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?smethod=schedule&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs');
?>
">
<?php
echo _("New Scan Job");
?>
</a>
</div>
<div style="float:left;height:28px;margin:5px 5px 0px -2px;">
<a class="greybox button av_b_secondary" href="import_nbe.php" title="<?php
echo _("Import nbe file");
?>
">
<?php
echo _("Import nbe file");
?>
</a>
</div>
</div>
</div>
<?php
}
if (intval($_GET['page']) != 0) {
$page = intval($_GET['page']);
} else {
$page = 1;
}
$pagesize = 10;
if ($username == "admin") {
$query = "SELECT count(id) as num FROM vuln_jobs";
} else {
$query = "SELECT count(id) as num FROM vuln_jobs where username='******'";
}
$result = $dbconn->Execute($query);
$jobCount = $result->fields["num"];
$num_pages = ceil($jobCount / $pagesize);
//echo "num_pages:[".$num_pages."]";
//echo "jobCount:[".$jobCount."]";
//echo "page:[".$page."]";
if (Vulnerabilities::scanner_type() == "omp") {
// We can display scan status with OMP protocol
echo Vulnerabilities::get_omp_running_scans($dbconn);
} else {
// Nessus
all_jobs(0, 10, "R");
}
?>
<?php
$schedulejobs = _("Scheduled Jobs");
echo <<<EOT
<table style='margin-top:20px;' class='w100 transparent'><tr><td class='sec_title'>{$schedulejobs}</td></tr></table>
<table summary="Job Schedules" class='w100 table_list'>
EOT;
if ($sortdir == "ASC") {
$sortdir = "DESC";
} else {
$sortdir = "ASC";
}
$arr = array("name" => "Name", "schedule_type" => "Schedule Type", "time" => "Time", "next_CHECK" => "Next Scan", "enabled" => "Status");
// modified by hsh to return all scan schedules
if (empty($arruser)) {
$query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id ";
} else {
$query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id WHERE username in ({$user}) ";
}
$query .= $sql_order;
$result = $dbconn->execute($query);
if ($result->EOF) {
echo "<tr><td class='empty_results' height='20' style='text-align:center;'>" . _("No Scheduled Jobs") . "</td></tr>";
}
if (!$result->EOF) {
echo "<tr>";
foreach ($arr as $order_by => $value) {
echo "<th><a href=\"manage_jobs.php?sortby={$order_by}&sortdir={$sortdir}\">" . _($value) . "</a></th>";
}
if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
echo "<th>" . _("Action") . "</th></tr>";
}
}
$colors = array("#FFFFFF", "#EEEEEE");
$color = 0;
while (!$result->EOF) {
list($profile, $targets, $schedid, $schedname, $schedtype, $sid, $timeout, $user, $schedstatus, $nextscan, $servers) = $result->fields;
$name = Av_sensor::get_name_by_id($dbconn, $servers);
$servers = $name != '' ? $name : "unknown";
$targets_to_resolve = explode("\n", $targets);
$ttargets = array();
foreach ($targets_to_resolve as $id_ip) {
if (preg_match("/^([a-f\\d]{32})#\\d+\\.\\d+\\.\\d+\\.\\d+\\/\\d{1,2}/i", $id_ip, $found) && Asset_net::is_in_db($dbconn, $found[1])) {
$ttargets[] = preg_replace("/^([a-f\\d]{32})#/i", "", $id_ip) . " (" . Asset_net::get_name_by_id($dbconn, $found[1]) . ")";
} else {
if (preg_match("/^([a-f\\d]{32})#\\d+\\.\\d+\\.\\d+\\.\\d+/i", $id_ip, $found) && Asset_host::is_in_db($dbconn, $found[1])) {
$ttargets[] = preg_replace("/^([a-f\\d]{32})#/i", "", $id_ip) . " (" . Asset_host::get_name_by_id($dbconn, $found[1]) . ")";
} else {
$ttargets[] = preg_replace("/[a-f\\d]{32}/i", "", $id_ip);
}
}
}
$targets = implode("<BR/>", $ttargets);
$tz = intval($tz);
$nextscan = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($nextscan) + 3600 * $tz);
preg_match("/\\d+\\-\\d+\\-\\d+\\s(\\d+:\\d+:\\d+)/", $nextscan, $found);
$time = $found[1];
switch ($schedtype) {
case "N":
$stt = _("Once (Now)");
break;
case "O":
$stt = _("Once");
break;
case "D":
$stt = _("Daily");
break;
case "W":
$stt = _("Weekly");
break;
case "M":
$stt = _("Monthly");
break;
case "Q":
$stt = _("Quarterly");
break;
case "H":
$stt = _("On Hold");
break;
case "NW":
$stt = _("N<sup>th</sup> weekday of the month");
break;
default:
$stt = " ";
break;
}
switch ($schedstatus) {
case "1":
$itext = _("Disable Scheduled Job");
$isrc = "images/stop_task.png";
$ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=0";
break;
default:
$itext = _("Enable Scheduled Job");
$isrc = "images/play_task.png";
$ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=1";
break;
}
if (!Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
$ilink = "javascript:return false;";
}
if ($schedstatus) {
$txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"green\">" . _("Enabled") . "</font></a></td>";
} else {
$txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"red\">" . _("Disabled") . "</font></a></td>";
}
require_once 'classes/Security.inc';
if (valid_hex32($user)) {
$user = Session::get_entity_name($dbconn, $user);
}
echo "<tr bgcolor=\"" . $colors[$color % 2] . "\">";
if ($profile == "") {
$profile = _("Default");
}
echo "<td><span class=\"tip\" title=\"<b>" . _("Owner") . ":</b> {$user}<br><b>" . _("Server") . ":</b> {$servers}<br /><b>" . _("Scheduled Job ID") . ":</b> {$schedid}<br><b>" . _("Profile") . ":</b> {$profile}<br><b>" . _("Targets") . ":</b><br>" . $targets . "\">{$schedname}</span></td>";
?>
<td><?php
echo $stt;
?>
</td>
<td><?php
echo $time;
?>
</td>
<td><?php
echo $nextscan;
?>
</td>
<?php
echo <<<EOT
{$txt_enabled}
<td style="padding-top:2px;"><a href="{$ilink}"><img alt="{$itext}" src="{$isrc}" border=0 title="{$itext}"></a>
EOT;
if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
echo "<a href='" . Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?disp=edit_sched&sched_id=' . $schedid, 'environment', 'vulnerabilities', 'scan_jobs') . "'><img src='images/pencil.png' title='" . _("Edit Scheduled") . "'></a> ";
echo "<a href='manage_jobs.php?disp=delete&schedid={$schedid}' onclick='return confirmDelete();'><img src='images/delete.gif' title='" . gettext("Delete Scheduled") . "'></a>";
}
echo "</td>";
echo <<<EOT
</tr>
EOT;
$result->MoveNext();
$color++;
}
echo <<<EOT
</table>
EOT;
?>
<br />
<?php
$out = all_jobs(($page - 1) * $pagesize, $pagesize);
?>
<table width="100%" align="center" class="transparent" cellspacing="0" cellpadding="0">
<tr>
<td class="nobborder" valign="top" style="padding-top:5px;">
<div class="fright">
<?php
if ($out != 0 && $num_pages != 1) {
$page_url = "manage_jobs.php";
if ($page == 1 && $page == $num_pages) {
echo '<a href="" class="link_paginate_disabled" onclick="return false">< ' . _("PREVIOUS") . '</a>';
echo '<a class="lmargin link_paginate_disabled" href="" onclick="return false">' . _("NEXT") . ' ></a>';
} elseif ($page == 1) {
echo '<a href="" class="link_paginate_disabled" onclick="return false">< ' . _("PREVIOUS") . '</a>';
echo '<a class="lmargin" href="' . $page_url . '?page=' . ($page + 1) . '">' . _("NEXT") . ' ></a> ';
} elseif ($page == $num_pages) {
echo '<a href="' . $page_url . '?page=' . ($page - 1) . '">< ' . _("PREVIOUS") . '</a>';
echo '<a class="lmargin link_paginate_disabled" href="" onclick="return false">' . _("NEXT") . ' ></a>';
} else {
echo '<a href="' . $page_url . '?page=' . ($page - 1) . '">< ' . _("PREVIOUS") . '</a><a class="lmargin" href="' . $page_url . '?page=' . ($page + 1) . '">' . _("NEXT") . ' ></a>';
}
}
?>
</div>
</td>
</tr>
</table>
<?php
}
if ($backlog_id) {
$event_count = !empty($_stats) ? $_stats["events"] : Alarm::get_total_events($conn, $backlog_id, true);
$event_count_label = $event_count . " " . _("events");
}
$timestamp_utc = Util::get_utc_unixtime(Util::timestamp2date($alarm->get_timestamp()));
// $alarm->get_last()
$last = gmdate("Y-m-d", $timestamp_utc + 3600 * $tz);
$hour = gmdate("H:i:s", $timestamp_utc + 3600 * $tz);
$today = gmdate("Y-m-d");
$date = Util::timestamp2date($alarm->get_timestamp());
$timestamp_utc = Util::get_utc_unixtime($date);
$beep_on = $beep && $refresh_time_secs > 0 && gmdate("U") - $timestamp_utc <= $refresh_time_secs ? true : false;
$date = gmdate("Y-m-d H:i:s", $timestamp_utc + 3600 * $tz);
if ($backlog_id && $id == 1505 && $event_count > 0) {
$since = Util::timestamp2date($alarm->get_since());
$since = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($since) + 3600 * $tz);
} else {
$since = $date;
}
/* show alarms by days */
$date_slices = split(" ", $date);
list($year, $month, $day) = split("-", $date_slices[0]);
$date_unformated = $year . $month . $day;
$date_formatted = Util::htmlentities(strftime("%A %d-%b-%Y", mktime(0, 0, 0, $month, $day, $year)));
// INPUT
$chk = '';
if ($alarm->get_removable() && $_SESSION['_SELECTED_ALARMS'][$backlog_id]) {
$chk = ' checked="checked" ';
}
$input = '<input style="border:none" type="checkbox" ' . $chk . ' name="check_' . $backlog_id . '_' . $event_id . '" id="check_' . $backlog_id . '" class="alarm_check stop" datecheck="' . $date_unformated . '" value="1" ' . ($alarm->get_removable() ? "" : " disabled='disabled'") . ' data="' . (empty($_stats) ? 'event' : 'alarm') . '"/>';
if (!$sound && $beep_on) {
function main_page($viewall, $sortby, $sortdir)
{
global $uroles, $username, $dbconn, $hosts;
global $arruser, $user;
$tz = Util::get_timezone();
if ($sortby == "") {
$sortby = "id";
}
if ($sortdir == "") {
$sortdir = "DESC";
}
/* if ( $uroles['admin'] ) {
if($viewall == 1) {
echo " <a href='manage_jobs.php'>View My Schedules</a> | ";
} else {
echo " <a href='manage_jobs.php?viewall=1'>View All Schedules</a> | ";
}
} else {
$viewall = "1";
}*/
//echo "<a href='sched.php?op=reoccuring'>New Schedule</a> |<br><br>";
$sql_order = "order by {$sortby} {$sortdir}";
// if($viewall == 1) {
// $url_sortby="<a href=\"manage_jobs.php?viewall=1&sortby=";
// } else {
// $url_sortby="<a href=\"manage_jobs.php?sortby=";
// }
echo "<center>";
status($arruser, $user);
echo "<br>";
echo "<form>";
echo "<input type=\"button\" onclick=\"document.location.href='sched.php?smethod=schedule&hosts_alive=1&scan_locally=1'\" value=\"" . _("New Scan Job") . "\" class=\"button\">";
echo " ";
echo "<input type=\"button\" onclick=\"document.location.href='sched.php?smethod=inmediately&hosts_alive=1&scan_locally=1'\" value=\"" . _("Run Scan Now") . "\" class=\"button\">";
echo "</form>";
echo "</center>";
echo "<br>";
$schedulejobs = _("Scheduled Jobs");
echo <<<EOT
<center>
<table cellspacing="0" cellpadding="0" border="0" width="90%"><tr><td class="headerpr" style="border:0;">{$schedulejobs}</td></tr></table>
<table cellspacing="2" width="90%" summary="Job Schedules"
border=0 cellspacing="0" cellpadding="0">
EOT;
if ($sortdir == "ASC") {
$sortdir = "DESC";
} else {
$sortdir = "ASC";
}
$arr = array(_("Name"), _("Schedule Type"), _("Time"), _("Next Scan"), _("Status"));
// modified by hsh to return all scan schedules
if (in_array("admin", $arruser)) {
$query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id ";
} else {
$query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id WHERE username in ('{$user}') ";
}
// if($viewall == 1) { // list all schedules
// } else { // view only logged in users schedules
// $query .= "where username='******' ";
// }
$query .= $sql_order;
$result = $dbconn->execute($query);
if ($result->EOF) {
echo "<tr><td height='20' class='nobborder' style='text-align:center;'>" . _("No Scheduled Jobs") . "</td></tr>";
}
if (!$result->EOF) {
echo "<tr>";
foreach ($arr as $value) {
echo "<th><a href=\"manage_jobs.php?sortby={$value}&sortdir={$sortdir}\">{$value}</a></th>";
}
echo "<th>" . _("Action") . "</th></tr>";
}
while (!$result->EOF) {
list($profile, $targets, $schedid, $schedname, $schedtype, $sid, $timeout, $user, $schedstatus, $nextscan, $servers) = $result->fields;
$tz = intval($tz);
$nextscan = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($dbconn, $nextscan) + 3600 * $tz);
preg_match("/\\d+\\-\\d+\\-\\d+\\s(\\d+:\\d+:\\d+)/", $nextscan, $found);
$time = $found[1];
switch ($schedtype) {
case "N":
$stt = _("Once (Now)");
break;
case "O":
$stt = _("Once");
break;
case "D":
$stt = _("Daily");
break;
case "W":
$stt = _("Weekly");
break;
case "M":
$stt = _("Monthly");
break;
case "Q":
$stt = _("Quarterly");
break;
case "H":
$stt = _("On Hold");
break;
case "NW":
$stt = _("N<sup>th</sup> weekday of the month");
break;
default:
$stt = " ";
break;
}
switch ($schedstatus) {
case "1":
$itext = _("Disable Scheduled Job");
$isrc = "images/stop2.png";
$ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=0";
break;
default:
$itext = _("Enable Scheduled Job");
$isrc = "images/play.png";
$ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=1";
break;
}
if ($schedstatus) {
$txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"green\">" . _("Enabled") . "</font></a></td>";
} else {
$txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"red\">" . _("Disabled") . "</font></a></td>";
}
if (preg_match('/^\\d+$/', $user)) {
list($entities_all, $num_entities) = Acl::get_entities($dbconn, $user);
$user = $entities_all[$user]['name'];
}
echo <<<EOT
<tr>
EOT;
if ($profile == "") {
$profile = _("Default");
}
echo "<td><a style=\"text-decoration:none;\" href=\"javascript:;\" txt=\"<b>" . _("Owner") . ":</b> {$user}<br><b>" . _("Server") . ":</b> {$servers}<br /><b>" . _("Scheduled Job ID") . ":</b> {$schedid}<br><b>" . _("Profile") . ":</b> {$profile}<br><b>" . _("Targets") . ":</b><br>" . tooltip_hosts($targets, $hosts) . "\" class=\"scriptinfo\">{$schedname}</a></td>";
?>
<td><?php
echo $stt;
?>
</td>
<td><?php
echo $time;
?>
</td>
<td><?php
echo $nextscan;
?>
</td>
<?php
echo <<<EOT
{$txt_enabled}
<td style="padding-top:2px;"><a href="{$ilink}"><img alt="{$itext}" src="{$isrc}" border=0 title="{$itext}"></a>
EOT;
echo "<a href='sched.php?disp=edit_sched&sched_id={$schedid}&hmenu=Vulnerabilities&smenu=Jobs'><img src='images/pencil.png' title='" . gettext("Edit Scheduled") . "'></a> ";
echo "<a href='manage_jobs.php?disp=delete&schedid={$schedid}' onclick='return confirmDelete();'><img src='images/delete.gif' title='" . gettext("Delete Scheduled") . "'></a></td>";
echo <<<EOT
</tr>
EOT;
$result->MoveNext();
}
echo <<<EOT
</table></center>
EOT;
echo "<br>";
if ($_GET['page'] != "") {
$page = $_GET['page'];
} else {
$page = 1;
}
$pagesize = 10;
if ($username == "admin") {
$query = "SELECT count(id) as num FROM vuln_jobs";
} else {
$query = "SELECT count(id) as num FROM vuln_jobs where username='******'";
}
$result = $dbconn->Execute($query);
$jobCount = $result->fields["num"];
$num_pages = ceil($jobCount / $pagesize);
//echo "num_pages:[".$num_pages."]";
//echo "jobCount:[".$jobCount."]";
//echo "page:[".$page."]";
all_jobs(0, 10, "R");
// only running jobs
?>
<br />
<?php
$out = all_jobs(($page - 1) * $pagesize, $pagesize);
?>
<table width="90%" align="center" class="transparent">
<tr><td style="text-align:center;padding-top:5px;" class="nobborder">
<a href="javascript:;" onclick="$('#legend').toggle();$('#message_show').toggle();$('#message_hide').toggle();" colspan="2"><img src="../pixmaps/arrow_green.gif" align="absmiddle" border="0">
<span id="message_show"><?php
echo _("Show legend");
?>
</span>
<span id="message_hide" style="display:none"><?php
echo _("Hide legend");
?>
</span>
</a>
</td>
<td class="nobborder" valign="top" style="padding-top:5px;">
<?php
if ($out != 0 && $num_pages != 1) {
if ($page == 1 && $page == $num_pages) {
echo '<center><< ' . _("First") . ' <' . _(" Previous") . ' [' . $page . ' ' . _("of") . ' ' . $num_pages . '] ' . _("Next") . ' > ' . _("Last") . ' >></center>';
} elseif ($page == 1) {
echo '<center><< ' . _("First") . ' < ' . _("Previous") . ' [' . $page . ' ' . _("of") . ' ' . $num_pages . '] <a href="manage_jobs.php?page=' . ($page + 1) . '">' . _("Next") . ' ></a> <a href="manage_jobs.php?page=' . $num_pages . '">' . _("Last") . ' >></a></center>';
} elseif ($page == $num_pages) {
echo '<center><a href="manage_jobs.php?page=1"><< ' . _("First") . '</a> <a href="manage_jobs.php?page=' . ($page - 1) . '">< ' . _("Previous") . '</a> [' . $page . ' ' . _("of") . ' ' . $num_pages . '] ' . _("Next") . '> ' . _("Last") . ' >></center>';
} else {
echo '<center><a href="manage_jobs.php?page=1"><< ' . _("First") . '</a> <a href="manage_jobs.php?page=' . ($page - 1) . '">< ' . _("Previous") . '</a> [' . $page . ' ' . _("of") . ' ' . $num_pages . '] <a href="manage_jobs.php?page=' . ($page + 1) . '">' . _("Next") . ' ></a> <a href="manage_jobs.php?page=' . $num_pages . '">' . _("Last") . ' >></a></center>';
}
//echo "<br>";
}
?>
</td>
</tr>
<tr>
<td width="110" class="nobborder">
<table width="100%" cellpadding="3" cellspacing="3" id="legend" style="display:none;">
<tr>
<th colspan="2" style="padding-right: 3px;">
<div style="float: left; width: 60%; text-align: right;padding-top:3px;"><b><?php
echo _("Legend");
?>
</b></div>
<div style="float: right; width: 18%; padding-top: 2px; padding-bottom: 2px; text-align: right;"><a style="cursor: pointer; text-align: right;" onclick="$('#legend').toggle();$('#message_show').toggle();$('#message_hide').toggle();"><img src="../pixmaps/cross-circle-frame.png" alt="Close" title="Close" align="absmiddle" border="0"></a></div>
</th>
</tr>
<tr>
<td bgcolor="#EFFFF7" style="border:1px solid #999999" width="25%"></td><td class="nobborder" width="75%" style="text-align:left;padding-left:7px;"><?php
echo _("Completed");
?>
</td>
</tr>
<tr>
<td bgcolor="#EFE1E0" style="border:1px solid #999999" width="25%"></td><td class="nobborder" width="75%" style="text-align:left;padding-left:7px;"><?php
echo _("Failed");
?>
</td>
</tr>
<tr>
<td bgcolor="#D1E7EF" style="border:1px solid #999999" width="25%"></td><td class="nobborder" width="75%" style="text-align:left;padding-left:7px;"><?php
echo _("Running");
?>
</td>
</tr>
<tr>
<td bgcolor="#DFF7FF" style="border:1px solid #999999" width="25%"></td><td class="nobborder" width="75%" style="text-align:left;padding-left:7px;"><?php
echo _("Scheduled");
?>
</td>
</tr>
<tr>
<td bgcolor="#FFFFDF" style="border:1px solid #999999" width="25%"></td><td class="nobborder" width="75%" style="text-align:left;padding-left:7px;"><?php
echo _("Timeout");
?>
</td>
</tr>
</table>
</td>
<td class="nobborder">
</td>
</tr>
</table>
<?php
}
function submit_scan($SVRid, $job_name, $ssh_credential, $smb_credential, $schedule_type, $not_resolve, $user, $entity, $targets, $scheduled_status, $hosts_alive, $sid, $send_email, $timeout, $scan_locally, $dayofweek, $dayofmonth, $ROYEAR, $ROMONTH, $ROday, $time_hour, $time_min, $time_interval, $sched_id, $biyear, $bimonth, $biday, $nthweekday, $tz, $daysMap)
{
$db = new ossim_db();
$dbconn = $db->connect();
$credentials = $ssh_credential . '|' . $smb_credential;
$username = valid_hex32($entity) ? $entity : $user;
if (empty($username)) {
$username = Session::get_session_user();
}
$btime_hour = $time_hour;
// save local time
$btime_min = $time_min;
$bbiyear = $biyear;
$bbimonth = $bimonth;
$bbiday = $biday;
if ($schedule_type == 'O') {
// date and time for run once
if (empty($ROYEAR)) {
$ROYEAR = gmdate('Y');
}
if (empty($ROMONTH)) {
$ROMONTH = gmdate('m');
}
if (empty($ROday)) {
$ROday = gmdate('d');
}
list($_y, $_m, $_d, $_h, $_u, $_s, $_time) = Util::get_utc_from_date($dbconn, "{$ROYEAR}-{$ROMONTH}-{$ROday} {$time_hour}:{$time_min}:00", $tz);
$ROYEAR = $_y;
$ROMONTH = $_m;
$ROday = $_d;
$time_hour = $_h;
$time_min = $_u;
} else {
if (in_array($schedule_type, array('D', 'W', 'M', 'NW'))) {
// date and time for Daily, Day of Week, Day of month, Nth weekday of month
list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, "{$biyear}-{$bimonth}-{$biday} {$time_hour}:{$time_min}:00", $tz);
$biyear = $b_y;
$bimonth = $b_m;
$biday = $b_d;
$time_hour = $b_h;
$time_min = $b_u;
}
}
$resolve_names = $not_resolve == '1' ? 0 : 1;
if ($schedule_type != 'N') {
// current datetime in UTC
$arrTime = explode(":", gmdate('Y:m:d:w:H:i:s'));
$year = $arrTime[0];
$mon = $arrTime[1];
$mday = $arrTime[2];
$wday = $arrTime[3];
$hour = $arrTime[4];
$min = $arrTime[5];
$sec = $arrTime[6];
$timenow = $hour . $min . $sec;
$run_wday = $daysMap[$dayofweek]['number'];
$run_time = sprintf('%02d%02d%02d', $time_hour, $time_min, '00');
$run_mday = $dayofmonth;
$time_value = "{$time_hour}:{$time_min}:00";
$ndays = array('Sunday', 'Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday', 'Saturday');
$begin_in_seconds = Util::get_utc_unixtime("{$biyear}-{$bimonth}-{$biday} {$time_hour}:{$time_min}:00") - 3600 * $tz;
$current_in_seconds = gmdate('U');
// current datetime in UTC
if (strlen($bimonth) == 1) {
$bimonth = '0' . $bimonth;
}
if (strlen($biday) == 1) {
$biday = '0' . $biday;
}
}
switch ($schedule_type) {
case 'N':
$requested_run = gmdate('YmdHis');
break;
case 'O':
$requested_run = sprintf('%04d%02d%02d%06d', $ROYEAR, $ROMONTH, $ROday, $run_time);
break;
case 'D':
if ($begin_in_seconds > $current_in_seconds) {
$next_day = $biyear . $bimonth . $biday;
// selected date by user
} else {
if ($run_time > $timenow) {
$next_day = $year . $mon . $mday;
// today
} else {
$next_day = gmdate("Ymd", strtotime("+1 day GMT", gmdate("U")));
// next day
}
}
$requested_run = sprintf("%08d%06d", $next_day, $run_time);
break;
case 'W':
if ($begin_in_seconds > $current_in_seconds) {
// if it is a future date
$wday = date("w", mktime(0, 0, 0, $bimonth, $biday, $biyear));
// make week day for begin day
if ($run_wday == $wday) {
$next_day = $biyear . $bimonth . $biday;
// selected date by user
} else {
$next_day = gmdate("Ymd", strtotime("next " . $ndays[$run_wday] . " GMT", mktime(0, 0, 0, $bimonth, $biday, $biyear)));
}
} else {
if ($run_wday == $wday && $run_time > $timenow) {
$next_day = $year . $mon . $mday;
// today
} else {
$next_day = gmdate("Ymd", strtotime("next " . $ndays[$run_wday] . " GMT", gmdate("U")));
// next week
}
}
preg_match("/(\\d{4})(\\d{2})(\\d{2})/", $next_day, $found);
list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " {$btime_hour}:{$btime_min}:00", $tz);
$requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00");
break;
case 'M':
if ($begin_in_seconds > $current_in_seconds) {
// if it is a future date
if ($run_mday >= $biday) {
$next_day = $biyear . $bimonth . ($run_mday < 10 ? "0" : "") . $run_mday;
// this month
} else {
$next_day = sprintf("%06d%02d", gmdate("Ym", strtotime("next month GMT", mktime(0, 0, 0, $bimonth, $biday, $biyear))), $run_mday);
}
} else {
if ($run_mday > $mday || $run_mday == $mday && $run_time > $timenow) {
$next_day = $year . $mon . ($run_mday < 10 ? "0" : "") . $run_mday;
// this month
} else {
$next_day = sprintf("%06d%02d", gmdate("Ym", strtotime("next month GMT", gmdate("U"))), $run_mday);
}
}
preg_match("/(\\d{4})(\\d{2})(\\d{2})/", $next_day, $found);
list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " {$btime_hour}:{$btime_min}:00", $tz);
$requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00");
break;
case 'NW':
if ($begin_in_seconds > $current_in_seconds) {
// if it is a future date
$array_time = array('month' => $bbimonth, 'day' => $bbiday, 'year' => $bbiyear);
$requested_run = weekday_month(strtolower($daysMap[$dayofweek]['text']), $nthweekday, $btime_hour, $btime_min, $array_time);
} else {
$requested_run = weekday_month(strtolower($daysMap[$dayofweek]['text']), $nthweekday, $btime_hour, $btime_min);
}
preg_match("/(\\d{4})(\\d{2})(\\d{2})(\\d{2})(\\d{2})(\\d{2})/", $requested_run, $found);
list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " " . $found[4] . ":" . $found[5] . ":00", $tz);
$requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00");
$dayofmonth = $nthweekday;
break;
default:
break;
}
$insert_time = gmdate('YmdHis');
if (!empty($_SESSION['_vuln_targets']) && count($_SESSION['_vuln_targets']) > 0) {
$sgr = array();
foreach ($_SESSION['_vuln_targets'] as $target_selected => $server_id) {
$sgr[$server_id][] = $target_selected;
}
ossim_clean_error();
unset($_SESSION['_vuln_targets']);
// clean scan targets
$resolve_names = $not_resolve == '1' ? 0 : 1;
$queries = array();
$bbimonth = strlen($bbimonth) == 1 ? '0' . $bbimonth : $bbimonth;
$bbiday = strlen($bbiday) == 1 ? '0' . $bbiday : $bbiday;
$qc = 0;
if ($schedule_type == 'N') {
foreach ($sgr as $notify_sensor => $target_list) {
$target_list = implode("\n", $target_list);
$params = array($job_name, $username, Session::get_session_user(), $schedule_type, $target_list, $hosts_alive, $sid, $send_email, $timeout, $SVRid, $insert_time, $requested_run, '3', 'S', $notify_sensor, $scan_locally, '', $resolve_names, $credentials);
$queries[$qc]['query'] = 'INSERT INTO vuln_jobs ( name, username, fk_name, meth_SCHED, meth_TARGET, meth_CRED,
meth_VSET, meth_Wfile, meth_TIMEOUT, scan_ASSIGNED,
scan_SUBMIT, scan_next, scan_PRIORITY, status, notify, authorized, author_uname, resolve_names, credentials )
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)';
$queries[$qc]['params'] = $params;
$qc++;
}
} else {
$params = array($bbiyear . $bbimonth . $bbiday, $job_name, $username, Session::get_session_user(), $schedule_type, $dayofweek, $dayofmonth, $time_value, implode("\n", $targets), $hosts_alive, $sid, $send_email, $scan_locally, $timeout, $requested_run, $insert_time, strval($scheduled_status), $resolve_names, $time_interval, '', $credentials, $SVRid);
$queries[$qc]['query'] = 'INSERT INTO vuln_job_schedule ( begin, name, username, fk_name, schedule_type, day_of_week, day_of_month, time, meth_TARGET, meth_CRED, meth_VSET, meth_Wfile, meth_Ucheck, meth_TIMEOUT, next_CHECK, createdate, enabled, resolve_names, time_interval, IP_ctx, credentials, email)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ';
$queries[$qc]['params'] = $params;
$qc++;
}
$execute_errors = array();
foreach ($queries as $id => $sql_data) {
$rs = $dbconn->execute($sql_data['query'], $sql_data['params']);
if ($rs === FALSE) {
$execute_errors[] = $dbconn->ErrorMsg();
}
}
if (empty($execute_errors) && $schedule_type != 'N') {
// We have to update the vuln_job_assets
if (intval($sched_id) == 0) {
$query = ossim_query('SELECT LAST_INSERT_ID() as sched_id');
$rs = $dbconn->Execute($query);
if (!$rs) {
Av_exception::throw_error(Av_exception::DB_ERROR, $dbconn->ErrorMsg());
} else {
$sched_id = $rs->fields['sched_id'];
}
}
Vulnerabilities::update_vuln_job_assets($dbconn, 'insert', $sched_id, 0);
}
$config_nt = array('content' => '', 'options' => array('type' => 'nf_success', 'cancel_button' => FALSE), 'style' => 'width: 40%; margin: 20px auto; text-align: center;');
$config_nt['content'] = empty($execute_errors) ? _('Successfully Submitted Job') : _('Error creating scan job:') . implode('<br>', $execute_errors);
$nt = new Notification('nt_1', $config_nt);
$nt->show();
$dbconn->close();
}
}
