/** * Update a profiles' settings in the database * * Updates all the settings in the database that have * changed from their default values since the settings * object was created. */ public function update() { $db = nessquikDB::getInstance(); $sql = "UPDATE profile_settings SET :1=':2' WHERE profile_id='" . $this->profile_id . "' AND setting_type='user'"; $stmt = $db->prepare($sql); // Update all the fields in the database $stmt->execute('setting_name', $this->scan_name); }
private function api_key_ok($api_key) { $db = nessquikDB::getInstance(); $sql = "SELECT api_id FROM api_keys WHERE api_key=':1' LIMIT 1"; $stmt = $db->prepare($sql); $stmt->execute($client_key); if ($stmt->num_rows() < 1) { $this->error = new IXR_Error(403, 'Bad API key.'); return false; } return true; }
#!/usr/bin/php -q <?php set_time_limit(0); if (!@$argc) { die("<p>This script can only be run from command line"); } define('_ABSPATH', dirname(dirname(__FILE__))); require_once _ABSPATH . '/confs/config-inc.php'; require_once _ABSPATH . '/db/nessquikDB.php'; $db = nessquikDB::getInstance(); $nasl = array(); $sql = array('insert' => "\tINSERT INTO nasl_names (`pluginid`,\n\t\t\t\t`script_name`) \n\t\t\tVALUES (':1',':2') \n\t\t\tON DUPLICATE KEY UPDATE script_name=':3'"); $stmt = $db->prepare($sql['insert']); // If the path sent is a directory... if (is_dir(_NESSUS_PLUG_DIR)) { // ...check to see if we can open it. If yes, store its resource in a variable if ($handle = opendir(_NESSUS_PLUG_DIR)) { // If we're capable of opening the directory, reading files in one at a time until no more while (false !== ($file = readdir($handle))) { // Check to see if the filename is either the current dir, or the parent dir. // and skip it if it is. if ($file != "." && $file != "..") { $nasl[] = $file; } } } } // Close the directory we were working with closedir($handle); /**
public static function getInstance() { if (empty(self::$instance)) { switch (_RELEASE) { case "fermi": self::$instance = parent::db_factory(_SAVED_DBUSER, _SAVED_DBPASS, _SAVED_DBUSE, _SAVED_DBSERVER, _SAVED_DBPORT); break; case "general": default: self::$instance = nessquikDB::getInstance(); break; } } return self::$instance; }
/** * Updates a help topic * * This method will save back to the database, the * information that is associated with a topic. * * @param integer $help_id ID of the help topic that * is being saved * @param integer $category_id ID of the category that * the particular topic will/does now reside in * @param string $question Question that is posed by * the topic * @param string $answer Answer to the help topic question * @return boolean True on successful update, false on failure */ public function edit_help_topic($help_id, $category_id, $question, $answer) { $db = nessquikDB::getInstance(); $sql = array('update' => "UPDATE help SET category_id=':1', question=':2', answer=':3' WHERE help_id=':4'"); $stmt = $db->prepare($sql['update']); $stmt->execute($category_id, $question, $answer, $help_id); if ($stmt->affected() < 0) { return false; } else { return true; } }
private function delete_recurrence($profile_id) { $db = nessquikDB::getInstance(); $sql = "DELETE FROM recurrence WHERE profile_id=':1'"; $stmt = $db->prepare($sql); $stmt->execute($profile_id); }
/** * Get a list of all plugins * * This function will query the plugins database and return * an array that is indexed by plugin ID. The value of each * entry in the array will be 'no'. The array that is returned * can be looped through right away to create the plugin list * for a nessusrc file. * * @return array Array of plugin IDs with the value of each entry set to 'no' */ public function getAllPlugins() { $db = nessquikDB::getInstance(); $set = array(); $sql = array('select' => "SELECT pluginid FROM plugins ORDER BY pluginid ASC;"); $stmt = $db->prepare($sql['select']); $stmt->execute(); while ($row = $stmt->fetch_assoc()) { $set[$row['pluginid']] = 'no'; } return $set; }
/** * Removes dead metrics * * A dead metric is basically a metric that has been removed by the user * by having its folder deleted from the metrics folder. This method takes * care of clearing the database of these dead metrics. */ private function remove_dead_metrics() { $db = nessquikDB::getInstance(); /** * For this walk, we only care about the installed metrics. */ $diff = array_diff($this->installed_metrics, $this->metric_list); $sql = array('delete' => "DELETE FROM metrics WHERE `name`=':1' AND type=':2'"); $stmt = $db->prepare($sql['delete']); foreach ($diff as $key => $metric_class) { require_once $this->metric_path . '/' . $metric_class . '.php'; $this->new_metrics = true; $metric_class = new ReflectionClass($metric_class); $metric = $metric_class->newInstance(); $metric->_remove(); $stmt->execute($metric_class, $this->type); } }
/** * Re-schedule a scan * * This method will handle rescheduling the scan and updating * it's date_scheduled field so that the scan maker can check * the new field against the current time when it comes around * * @param string $profile_id ID of the profile to reschedule * @param datetime $date_scheduled The new date and time to * reschedule the scan. The format should be that of * the MySQL DATETIME field format * @return boolean True if successfully rescheduled. False otherwise */ private function reschedule_scan($profile_id, $date_scheduled) { $db = nessquikDB::getInstance(); $sql = array('update' => "\tUPDATE profile_list \n\t\t\t\t\tSET date_scheduled=':2' \n\t\t\t\t\tWHERE profile_id=':1'"); $stmt = $db->prepare($sql['update']); $stmt->execute($profile_id, $date_scheduled); if ($stmt->affected() > 0) { return true; } else { return false; } }
public function get_division_id($division) { $db = nessquikDB::getInstance(); $sql = array('select' => "SELECT group_id FROM division_group_list WHERE group_name=':1';"); $stmt1 = $db->prepare($sql['select']); $stmt1->execute($division); if ($stmt1->num_rows() > 0) { return $stmt1->result(0); } else { return false; } }
/** * Remove all the plugins from a profile * * This method will remove the plugins from the profile * table for the given profile. It's the equivalent of * assigning an empty plugin set to the scan profile * * @param string $profile_id ID of the profile to remove * all the plugins from * @return True on successful removal, false otherwise */ public function delete_all_plugins($profile_id = '') { if ($profile_id == '') { $profile_id = $this->profile_id; } $db = nessquikDB::getInstance(); $sql = "DELETE FROM profile_plugin_list WHERE profile_id=':1';"; $stmt = $db->prepare($sql); $stmt->execute($profile_id); if ($stmt->affected() < 0) { return false; } else { return true; } }
/** * Check if the version of nessquik is up-to-date * * Since a lot is likely to change between nessquik * versions, I'm including this method here so that * the system can be checked for a particular configuration * that is specific to an install of nessquik and if * that configuration does not exist, an error message * will be displayed notifying the user that they * are using a new version of nessquik with an old version * of the database */ public function check_version() { $success = false; $db = nessquikDB::getInstance(); $tpl = SmartyTemplate::getInstance(); $sql = array('tables' => "SHOW TABLES FROM " . _DBUSE); $stmt1 = $db->prepare($sql['tables']); $stmt1->execute(); if ($stmt1->num_rows() == 0) { $tpl->assign("SUCCESS", "noper"); $tpl->assign("MESSAGE", "It seems you haven't created your database yet. Use the setup file to do this.<p>"); $tpl->assign("RETURN_LINK", ""); $tpl->display("actions_done.tpl"); exit; } while ($row = $stmt1->fetch_row()) { $table = $row[0]; if ($table == "division_group_list") { $success = true; break; } } if (!$success) { $tpl->assign("SUCCESS", "noper"); $tpl->assign("MESSAGE", "You're trying to use the nessquik 2.5 code base with a nessquik 2.0 database.<p>" . "This isn't going to work. Please run the upgrade scripts before continuing."); $tpl->assign("RETURN_LINK", ""); $tpl->display("actions_done.tpl"); exit; } }
/** * Set a scan's finish date * * After a scan has finished running, you may want * to set the date and time it finished running in * the database. This method will set that value in * the database. The date should be formatted according * to the MySQL datetime format. This can be accomplished * using the following strftime format. * * strftime("%Y-%m-%d %T", time()); * * @param array $params Array of parameters sent to the function * 0 - Client key of the scanner * 1 - Profile ID to set the finished date of * 2 - Date, in MySQL datetime format, of when * the scan finished running * @return True on successful progress update. IXR_Error * on failure */ public function jobs_setFinishedDate($params) { $db = nessquikDB::getInstance(); $client_key = $params[0]; $profile_id = $params[1]; $date = $params[2]; $sql = "UPDATE profile_list SET date_finished=':1' WHERE profile_id=':2';"; $stmt = $db->prepare($sql); if (!$this->client_key_ok($client_key)) { return $this->error; } if (!$this->client_key_can_scan_profile($client_key, $profile_id)) { return $this->error; } $stmt->execute($date, $profile_id); return true; }